Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Adove-Settings' = '%TEMP%\Adove-Settings\Office-Update.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'HKLM' = '%APPDATA%\InstallDir\Dr1verUpdate00.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HKCU' = '%APPDATA%\InstallDir\Dr1verUpdate00.exe'
- %WINDIR%\syswow64\svchost.exe
- office-update.exe
- %TEMP%\adove-settings\office-update.exe
- %APPDATA%\microsoft\windows\bclpzets\bclpzets.nfo
- %APPDATA%\installdir\dr1verupdate00.exe
- %APPDATA%\microsoft\windows\bclpzets\bclpzets.dat
- %APPDATA%\microsoft\windows\bclpzets\bclpzets.svr
- %APPDATA%\microsoft\windows\bclpzets\bclpzets.nfo
- %APPDATA%\microsoft\windows\bclpzets\bclpzets.dat
- %APPDATA%\microsoft\windows\bclpzets\bclpzets.svr
- %APPDATA%\microsoft\windows\bclpzets\bclpzets.svr
- 'ja#######ngsetts.ignorelist.com':999
- DNS ASK is######et.cable-modem.org
- DNS ASK ja######.serveexchange.com
- DNS ASK ad#####date1.pointto.us
- DNS ASK se######ity.ciscofreak.com
- DNS ASK ja#######ngsetts.ignorelist.com
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\adove-settings\office-update.exe'
- '%WINDIR%\syswow64\svchost.exe'