Техническая информация
- <SYSTEM32>\sc.exe stop UI0Detect
- <SYSTEM32>\sc.exe config UI0Detect start= disabled
- <SYSTEM32>\taskkill.exe "<Полный путь к вирусу>" /f /im
- <SYSTEM32>\cmd.exe /c %TEMP%\_tmp90.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\favicon[1].ico
- %HOMEPATH%\AppData\LocalLow\KfeExplorer\Cache\Icon\www.baidu.com.ico
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\favicon[1].ico
- %HOMEPATH%\AppData\LocalLow\KfeExplorer\Cache\TypedURLs.dat
- %HOMEPATH%\AppData\LocalLow\KfeExplorer\Cache\SearchUrls.dat
- %ALLUSERSPROFILE%\Application Data\chengziie\popset.ini
- %TEMP%\_tmp90.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\favicon[1].ico
- 'ch#####.chengziie.com':8900
- 'localhost':1037
- 'www.ba##u.com':80
- www.ba##u.com/favicon.ico
- DNS ASK ad.###ngziie.com
- DNS ASK to####.chengziie.com
- DNS ASK www.ba##u.com
- DNS ASK ch#####.chengziie.com
- 'to####.chengziie.com':8731
- 'ch#####.chengziie.com':8899
- 'ad.###ngziie.com':6591
- ClassName: 'Tfrmache' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''