Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Mslmedia] 'ImagePath' = 'system32\DRIVERS\Mslmedia.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\Mslmedia] 'Start' = '00000002'
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 2
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\_lm_delself_.bat" "
- 'C:\LMIns.exe'
- %WINDIR%\inf\oem3.inf
- %TEMP%\~tmp_hl\mslmedia.sys
- %WINDIR%\inf\oem3.PNF
- <DRIVERS>\msjclock.sys
- <DRIVERS>\SET3.tmp
- %TEMP%\~tmp_hl\mslmedia.inf
- C:\LMIns.exe
- <SYSTEM32>\aa_engine.dll
- %WINDIR%\_ntdll.bak
- %WINDIR%\Setupsti.log
- %WINDIR%\hllog.txt
- C:\LMIns.exe
- %TEMP%\~tmp_hl\mslmedia.sys
- %TEMP%\~tmp_hl\mslmedia.inf
- <DRIVERS>\SET3.tmp в <DRIVERS>\Mslmedia.sys
- 'zh#####shuai.lofter.com':80
- '12#.#25.114.144':80
- http://zh#####shuai.lofter.com/post/1d2dca16_9ff1aa2
- http://www.ba##u.com/ via 12#.#25.114.144
- DNS ASK zh#####shuai.lofter.com
- DNS ASK www.ba##u.com
- ClassName: 'Shell_TrayWnd' WindowName: ''