Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '<SYSTEM32>\msdanim.exe'
- <SYSTEM32>\msdanim.exe
- %PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE http://www.ty##in.cn/plus1/recv.php?AB#################################################
- %PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE http://www.ty##in.cn/plus1/xml.html
- <SYSTEM32>\System32Sovt.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\recv[1].php
- %TEMP%\7231.dat
- <SYSTEM32>\msdanim.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\xml[1].html
- %TEMP%\7231.dat
- 'localhost':1038
- 'www.ty##in.cn':80
- 'localhost':1035
- www.ty##in.cn/plus1/recv.php?AB#################################################
- www.ty##in.cn/plus1/xml.html
- DNS ASK www.ty##in.cn
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''