Техническая информация
- '<SYSTEM32>\taskkill.exe' /f /im PVRules.exe
- %TEMP%\1.tmp\2.bat
- %TEMP%\1.tmp\PVRules6.6.exe
- %TEMP%\1.tmp\hosts.ics
- <DRIVERS>\etc\hosts.ics
- %TEMP%\1.tmp\PVRules.exe
- %TEMP%\1.tmp\china.dll
- %TEMP%\1.tmp\FM20.DLL
- %TEMP%\1.tmp\FM20ENU.DLL
- %TEMP%\1.tmp\vinagame.dll
- %TEMP%\1.tmp\FM20.oca
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\sever[1].php
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\6.5[1].php
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\2VAZY7AN\sever2[1].php
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\YPORKZYZ\time[1].php
- %TEMP%\1.tmp\PVRules6.6.exe
- %TEMP%\1.tmp\hosts.ics
- %TEMP%\1.tmp\2.bat
- 'localhost':1037
- '45.##9.212.42':80
- 'fa##.##tolienminh.com':80
- 'localhost':1041
- 'ha##rule.tk':80
- http://45.##9.212.42/RoS/sever.php
- http://45.##9.212.42/RoS/6.5.php
- http://fa##.##tolienminh.com/RoS/sever2.php
- http://45.##9.212.42/RoS/time.php
- http://www.ha##rule.tk/p/blog-page_18.html via ha##rule.tk
- DNS ASK fa##.##tolienminh.com
- DNS ASK www.ha##rule.tk
- ClassName: 'EDIT' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- '%TEMP%\1.tmp\PVRules6.6.exe'
- '%TEMP%\1.tmp\PVRules.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\2.bat" <Полный путь к файлу>"
- '<SYSTEM32>\rundll32.exe' InetCpl.cpl,ClearMyTracksByProcess 8
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE' -nohome