Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{40AA9D3D-BFB8-4B9F-A0E6-8913EDAC6779}' = ''
- %CommonProgramFiles%\System\RiSing.exe
- %CommonProgramFiles%\System\svchost.exe
- <SYSTEM32>\regsvr32.exe /s "%CommonProgramFiles%\System\bho.dll"
- %WINDIR%\sleep.exe 100
- <SYSTEM32>\regsvr32.exe /u /s <SYSTEM32>\bbns.dll
- <SYSTEM32>\cmd.exe /c "%CommonProgramFiles%\System\killwx.bat"
- <SYSTEM32>\regsvr32.exe /u /s <SYSTEM32>\ieextend.dll
- <SYSTEM32>\cmd.exe /c <Текущая директория>\dellme.bat
- %CommonProgramFiles%\System\RiSing.exe
- %CommonProgramFiles%\System\bho.dll
- <Текущая директория>\dellme.bat
- %CommonProgramFiles%\System\realevent.exe
- %CommonProgramFiles%\System\killwx.bat
- %CommonProgramFiles%\System\svchost.exe
- %TEMP%\~DFCD50.tmp
- %TEMP%\~DFA694.tmp
- ClassName: '360se_Frame' WindowName: ''
- ClassName: 'XFrame_Wnd' WindowName: ''
- ClassName: 'SE_SogouExplorerFrame' WindowName: ''
- ClassName: '' WindowName: '11/11/2011 1:21:22 PM'
- ClassName: '' WindowName: 'ieLock'
- ClassName: 'IEFrame' WindowName: ''