Техническая информация
- <SYSTEM32>\reg.exe delete HKEY_CLASSES_ROOT\lnkfile /v isshortcut /f
- %PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE http://ab##.e89.com/tongji/count/count.asp?id##########################
- <SYSTEM32>\reg.exe delete HKEY_CLASSES_ROOT\piffile /v isshortcut /f
- <SYSTEM32>\wscript.exe del.tmp.vbs
- <SYSTEM32>\reg.exe delete HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} /f
- <SYSTEM32>\cmd.exe /c qingli.bat
- <SYSTEM32>\attrib.exe +r InternetббExplorer.lnk
- <SYSTEM32>\cmd.exe /c baohu.bat
- <SYSTEM32>\cacls.exe InternetббExplorer.lnk /e /c /p everyone:r
- <SYSTEM32>\cacls.exe InternetббExplorer.lnk /e /c /r %USERNAME%
- <SYSTEM32>\cacls.exe InternetббExplorer.lnk /e /c /r %USERNAME%s
- C:\ans.txt
- <Текущая директория>\del.tmp.vbs
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\count[1].asp
- <SYSTEM32>\qingli.bat
- %PROGRAM_FILES%\Internet Explorer\iexp1ore.exe
- <SYSTEM32>\baohu.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\count[1].asp
- <Текущая директория>\del.tmp.vbs
- %TEMP%\~DF2304.tmp
- 'ab##.e89.com':80
- 'localhost':1036
- ab##.e89.com/tongji/count/count.asp?id##########################
- DNS ASK ab##.e89.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Progman' WindowName: 'Program Manager'