Техническая информация
- [<HKLM>\SOFTWARE\Classes\MSProgramGroup\Shell\Open\Command] '' = '<SYSTEM32>\grpconv.exe %1'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'GrpConv' = 'grpconv -o'
- [<HKLM>\SYSTEM\ControlSet001\Services\CtfmonSrver] 'Start' = '00000002'
- %WINDIR%\repair\svchost.exe
- <SYSTEM32>\grpconv.exe -o
- <SYSTEM32>\runonce.exe -r
- <SYSTEM32>\rundll32.exe setupapi,InstallHinfSection DefaultInstall 128 %WINDIR%\tmp_23_39_25.inf
- <SYSTEM32>\office\ctfmon.exe
- %WINDIR%\tmp_23_39_25.inf
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\CAYNANQ1.asp
- %WINDIR%\Temp\webplayer_dll.exe
- %WINDIR%\repair\svchost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\webplayer_dll[1].exe
- %TEMP%\~DF1F45.tmp
- %WINDIR%\tmp_23_39_25.inf
- %WINDIR%\Temp\webplayer_dll.exe
- 'up###e.bskyb.cn':80
- 'localhost':1036
- up###e.bskyb.cn/update/download/webplayer_dll.exe
- DNS ASK up###e.bskyb.cn