Техническая информация
- <SYSTEM32>\attrib.exe -r -s -h <SYSTEM32>\pub_store.dat
- <SYSTEM32>\attrib.exe -r -s -h <SYSTEM32>\cid_store.dat
- <SYSTEM32>\attrib.exe "%ALLUSERSPROFILE%\╫└├ц\╤╕└╫7.lnk" -s -h -a -r
- <SYSTEM32>\attrib.exe "%ALLUSERSPROFILE%\б╕┐к╩╝б╣▓╦╡е\│╠╨Є\╤╕└╫7" -s -h -a -r
- <SYSTEM32>\reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\MenuExt\╩╣╙├╤╕└╫╧┬╘╪╚л▓┐┴┤╜╙" /f
- <SYSTEM32>\reg.exe delete "HKCR\SOFTWARE\thunder" /f
- <SYSTEM32>\taskkill.exe /F /IM Thunder*
- <SYSTEM32>\reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\MenuExt\╩╣╙├╤╕└╫╧┬╘╪" /f
- <SYSTEM32>\reg.exe delete "HKLM\SOFTWARE\Thunder Network" /f
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\123.taobao[1]
- %TEMP%\~1.bat
- %TEMP%\~1.bat
- %TEMP%\~1.bat
- '12#.#aobao.com':80
- 'localhost':1035
- 12#.#aobao.com/?15##
- DNS ASK 12#.#aobao.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''