Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'popguide' = '%PROGRAM_FILES%\popguide\popguide_update.exe'
- %PROGRAM_FILES%\popguide\popguide_update.exe
- <SYSTEM32>\cmd.exe /c \DelUS.bat
- %TEMP%\nsw3.tmp\DLLWebCount.dll
- %PROGRAM_FILES%\popguide\uninstall.exe
- %PROGRAM_FILES%\popguide\popguide_update.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\pid[1].chk
- C:\DelUS.bat
- %TEMP%\nsw3.tmp\SelfDelete.dll
- %PROGRAM_FILES%\popguide\popguideDlg.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\popcheck[1].chk
- %TEMP%\nsw3.tmp\ExistFiles.dll
- %TEMP%\nsb2.tmp
- %PROGRAM_FILES%\popguide\popguide.dll
- %PROGRAM_FILES%\popguide\MouseHook.dll
- %TEMP%\nsw3.tmp\KillProcDLL.dll
- %TEMP%\nsw3.tmp\KillProcDLL.dll
- %TEMP%\nsw3.tmp\SelfDelete.dll
- %TEMP%\nsw3.tmp\DLLWebCount.dll
- %TEMP%\nsw3.tmp\ExistFiles.dll
- 'ie###w.co.kr':80
- 'en##ew.com':80
- en##ew.com/nzell_app/pid.chk
- ie###w.co.kr/partner/counter/install.php?pi###############
- en##ew.com/nzell_app/popcheck.chk
- DNS ASK ie###w.co.kr
- DNS ASK en##ew.com
- ClassName: 'Indicator' WindowName: ''