Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'bdnFileMonitor' = '%ProgramFiles%\BuyDownloadNow\bdnFileMonitor.exe'
- [<HKLM>\SOFTWARE\Classes\buydownloadnow\shell\open\command] '' = '%ProgramFiles%\BuyDownloadNow\bd.exe "%l" '
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Adobe Acrobat Assistant 9.0' = '%APPDATA%\Adobe\alg.exe'
- '%APPDATA%\Adobe\alg.exe' --install
- '%ProgramFiles%\BuyDownloadNow\mini.exe'
- %ProgramFiles%\BuyDownloadNow\vovchikfileclass.dll
- %APPDATA%\Adobe\Winsock Orcas.dll
- %ProgramFiles%\BuyDownloadNow\bd.exe
- %APPDATA%\Adobe\ident.db
- %ProgramFiles%\BuyDownloadNow\log.txt
- %ProgramFiles%\BuyDownloadNow\mini.exe
- %APPDATA%\Adobe\miniLibrary.dll
- %APPDATA%\Adobe\alg.exe
- %APPDATA%\Adobe\Winsock Orcas.dll
- %APPDATA%\Adobe\ident.db
- %APPDATA%\Adobe\alg.exe
- %APPDATA%\Adobe\miniLibrary.dll
- %ProgramFiles%\BuyDownloadNow\mini.exe
- %ProgramFiles%\BuyDownloadNow\log.txt
- 'www.bu####nloadnow.com':80
- 'wp#d':80
- 'pr#####.dyndns-pics.com':6556
- http://www.bu####nloadnow.com/BuyDownloadNow.exe
- http://11#.#11.111.2/wpad.dat via wp#d
- DNS ASK www.bu####nloadnow.com
- DNS ASK wp#d
- DNS ASK pr#####.dyndns-pics.com