Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'qu' = '%PROGRAM_FILES%\qamp\qu.exe'
- %PROGRAM_FILES%\MZђ
- %PROGRAM_FILES%\MZђ (загружен из сети Интернет)
- <SYSTEM32>\cmd.exe /c C:\$$$$$.bat
- %HOMEPATH%\Desktop\A???CA.lnk
- %WINDIR%\qu.exe
- C:\$$$$$.bat
- %PROGRAM_FILES%\MZђ
- %PROGRAM_FILES%\qamp\qsrv.exe
- %PROGRAM_FILES%\qamp\qremover.exe
- 'qa##.co.kr':80
- qa##.co.kr/pgm/qsrv.exe
- qa##.co.kr/ctrl/exdown_count.php?fi##########
- qa##.co.kr/pgm/qu.exe
- qa##.co.kr/pgm/qremover.exe
- qa##.co.kr/pgm/version
- qa##.co.kr/ctrl/inst_cnt.php?ma###################
- qa##.co.kr/ctrl/MZ?
- qa##.co.kr/ctrl/exdown.php
- DNS ASK dw.##mp.co.kr
- DNS ASK qa##.co.kr
- ClassName: 'MS_WINHELP' WindowName: ''