Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe,C:\Documents and Settings\xunlei.exe'
- %TEMP%\RarSFX0\Youbak_MSN_PARTNER2098.exe /VERYSILENT /SP- /NORESTART
- %TEMP%\is-BH89N.tmp\Youbak_MSN_PARTNER2098.tmp /SL5="$20132,465342,53248,%TEMP%\RarSFX0\Youbak_MSN_PARTNER2098.exe" /VERYSILENT /SP- /NORESTART
- %TEMP%\nsu2.tmp\PARTNER2098.exe
- %TEMP%\nsu2.tmp\160yes03.exe
- <SYSTEM32>\regsvr32.exe /s "<SYSTEM32>\360.dll"
- %TEMP%\is-Q5UMD.tmp\_isetup\_shfoldr.dll
- %HOMEPATH%\Desktop\Internet Explorer.lnk
- C:\Documents and Settings\xunlei.txt
- %TEMP%\is-Q5UMD.tmp\_isetup\_RegDLL.tmp
- <SYSTEM32>\360.dll
- %TEMP%\RarSFX0\Youbak_MSN_PARTNER2098.exe
- %TEMP%\is-BH89N.tmp\Youbak_MSN_PARTNER2098.tmp
- %TEMP%\is-BH89N.tmp\Youbak_MSN_PARTNER2098.tmp
- %TEMP%\RarSFX0\Youbak_MSN_PARTNER2098.exe
- %TEMP%\is-Q5UMD.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-Q5UMD.tmp\_isetup\_shfoldr.dll
- C:\Documents and Settings\xunlei.txt в C:\Documents and Settings\xunlei.exe
- ClassName: 'Progman' WindowName: 'Program Manager'
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''