Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Msparser] 'ImagePath' = '<DRIVERS>\Msparser.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\Msparser] 'Start' = '00000002'
- '<SYSTEM32>\cmd.exe' /c del %WINDIR%\temp\win7_OEM.exe > nul
- '%WINDIR%\Temp\win7_OEM.exe'
- '%WINDIR%\Temp\win7一键激活.exe'
- <DRIVERS>\Msparser.sys
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\sxm[1].asp
- %WINDIR%\Temp\win7_OEM.exe
- %WINDIR%\Temp\win7一键激活.exe
- %WINDIR%\Temp\win7一键激活.exe
- 'co###.fxfnu.com':80
- 'localhost':1039
- http://co###.fxfnu.com/pg/sxm.asp?id######################################################################
- DNS ASK co###.fxfnu.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''