Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6096E38F-5AC1-4391-8EC4-75DFA92FB32F}] 'Exec' = 'http://www.hao123.cn/?ie'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,<SYSTEM32>\WinApi.exe'
- <SYSTEM32>\oemlinkicon.ico
- <SYSTEM32>\qq.ico
- %TEMP%\~DF58AF.tmp
- %TEMP%\~DF58AF.tmp