Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\RKSvc] 'Start' = '00000002'
- %PROGRAM_FILES%\RealKeyword\CheckInstall.exe "realkeyword" "i"
- <SYSTEM32>\RKService.exe
- <SYSTEM32>\regsvr32.exe /s "%PROGRAM_FILES%\RealKeyword\RealClick.dll"
- %PROGRAM_FILES%\RealKeyword\RealClick.dll
- %PROGRAM_FILES%\RealKeyword\RKPing.exe
- %PROGRAM_FILES%\RealKeyword\RealKeyword.exe
- %PROGRAM_FILES%\RealKeyword\RKSvcLog.txt
- %PROGRAM_FILES%\RealKeyword\uninst.exe
- %PROGRAM_FILES%\RealKeyword\CheckInstall.exe
- %TEMP%\nsk3.tmp\Processes.dll
- %TEMP%\nsa2.tmp
- <SYSTEM32>\RKService.exe
- <SYSTEM32>\rkupdate.ini
- <SYSTEM32>\rksvc.dll
- %TEMP%\nsk3.tmp\Processes.dll
- 'up####.real-keyword.com':80
- up####.real-keyword.com/installed.php?ma#########################################
- DNS ASK up####.real-keyword.com