Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\LDMASERVICE] 'Start' = '00000002'
- <SYSTEM32>\twadg.exe /service
- <SYSTEM32>\twadg.exe
- %TEMP%\Messenger\setup.exe m2_ss
- <SYSTEM32>\gdzwt.exe
- <SYSTEM32>\net1.exe start LDMASERVICE
- <SYSTEM32>\regsvr32.exe "%TEMP%\Messenger\ThunderSafe.dll" /s
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\gt[1].asp
- <SYSTEM32>\adorder.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\gt[1].asp
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\update[1].htm
- %WINDIR%\Temp\Messenger\kbietmp2.ini
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LBMMC3H3\index[1].htm
- %WINDIR%\Temp\Messenger\svzcf.ini
- <SYSTEM32>\mssrcid.ini
- %TEMP%\Messenger\ccfapi321.dll
- %TEMP%\Messenger\ccfapi32.dll
- %TEMP%\Messenger\ThunderSafe.dll
- %TEMP%\Messenger\nvsys.ini
- %TEMP%\Messenger\sysvc.dat
- %TEMP%\Messenger\sysmain.dat
- %TEMP%\Messenger\setup.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\gt[1].asp
- 'www.de##a.cn':80
- www.de##a.cn/up/update.htm
- www.de##a.cn/myconfig/index.htm
- www.de##a.cn/page/gt.asp?ve##############################################################################################
- www.de##a.cn/page/gt.asp?ve#################################
- DNS ASK www.de##a.cn
- ClassName: 'Shell_TrayWnd' WindowName: ''