Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'GroupManager' = '%ProgramFiles%\Geniune Service\groupmanager.exe'
- %ProgramFiles%\Geniune Service\groupmanager.exe
- %ProgramFiles%\Geniune Service\Uninstall\uninstall.xml
- %WINDIR%\Geniune Service\uninstall.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Geniune Service\Uninstall Geniune Service.lnk
- %ProgramFiles%\Geniune Service\Uninstall\IRIMG2.JPG
- %ProgramFiles%\Geniune Service\Uninstall\IRIMG1.JPG
- %TEMP%\_ir_sf_temp_0\IRIMG1.JPG
- %TEMP%\_ir_sf_temp_0\irsetup.dat
- %TEMP%\_ir_sf_temp_0\irsetup.exe
- %ProgramFiles%\Geniune Service\Uninstall\uninstall.dat
- %ProgramFiles%\Geniune Service\Uninstall\uni3.tmp
- %TEMP%\_ir_sf_temp_0\IRIMG2.JPG
- %TEMP%\_ir_sf_temp_0\IRIMG2.JPG
- %TEMP%\_ir_sf_temp_0\irsetup.exe
- %TEMP%\_ir_sf_temp_0\IRIMG1.JPG
- %TEMP%\_ir_sf_temp_0\irsetup.dat
- %ProgramFiles%\Geniune Service\Uninstall\uni3.tmp
- 'ge##ow.info':80
- http://ge##ow.info/cpa/inc/get_offer.php?co###########
- http://ge##ow.info/cpa/getMailMysql.php?se#########
- http://ge##ow.info/cpa/inc/input.php
- DNS ASK ge##ow.info
- ClassName: 'MS_WINHELP' WindowName: ''
- '%ProgramFiles%\Geniune Service\groupmanager.exe'
- '%TEMP%\_ir_sf_temp_0\irsetup.exe' __IRAOFF:654882 "__IRAFN:<Полный путь к файлу>" "__IRCT:1" "__IRTSS:0" "__IRSID:S-1-5-21-2052111302-484763869-725345543-1003"