Техническая информация
- <SYSTEM32>\cmd.exe /c ""%TEMP%\temp_tmp.bat" "
- %WINDIR%\sleep.exe 500
- <SYSTEM32>\attrib.exe "%ALLUSERSPROFILE%\Desktop\Internat Explorer" +s
- <SYSTEM32>\cmd.exe /c ""%ALLUSERSPROFILE%\Application Data\wd\s.bat" "
- %PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE http://www.49##.com.cn/s.html
- %ALLUSERSPROFILE%\Desktop\Internat Explorer\target.lnk
- %ALLUSERSPROFILE%\Desktop\Internat Explorer\Desktop.ini
- %TEMP%\nsb2.tmp\AccessControl.dll
- %WINDIR%\taobao.ico
- %TEMP%\temp_tmp.bat
- %HOMEPATH%\Favorites\МФ±¦№єОп.lnk
- %ALLUSERSPROFILE%\Desktop\МФ ±¦ №є Оп.lnk
- %ALLUSERSPROFILE%\Application Data\WD\kwssp.dll
- %ALLUSERSPROFILE%\Application Data\WD\kswebshield.dll
- %ALLUSERSPROFILE%\Application Data\WD\kswbc.dll
- %ALLUSERSPROFILE%\Application Data\WD\kwsui.dll
- %ALLUSERSPROFILE%\Application Data\kingsoft\kws\spitesp.dat
- %ALLUSERSPROFILE%\Application Data\kingsoft\kws\kws.ini
- %ALLUSERSPROFILE%\Application Data\WD\s.bat
- %TEMP%\nsb2.tmp\AccessControl.dll
- 'www.49##.com.cn':80
- 'localhost':1036
- www.49##.com.cn/s.html
- DNS ASK www.49##.com.cn
- '<IP-адрес в локальной сети>':1037
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''