Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3B8FB116-D358-48A3-A5C7-DB84F15CBB04}] 'Exec' = 'http://www.expresstoolie.com/redirect.php'
- %PROGRAM_FILES%\WebMediaViewer\hpmom.exe
- %PROGRAM_FILES%\WebMediaViewer\hpmon.exe
- <SYSTEM32>\cmd.exe /c ""%TEMP%\zuhrn0.cmd" "
- %PROGRAM_FILES%\WebMediaViewer\hpmun.dll
- %PROGRAM_FILES%\WebMediaViewer\hpmom.exe
- %TEMP%\zuhrn0.cmd
- %PROGRAM_FILES%\WebMediaViewer\hpmon.exe
- %PROGRAM_FILES%\WebMediaViewer\hpmun.exe
- %TEMP%\zuhrn0.cmd