Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '360antiarp' = '\windows\system32\smssss.exe'
- <SYSTEM32>\smsss.exe
- <SYSTEM32>\smssss.exe
- <SYSTEM32>\reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v 360antiarp /t REG_SZ /d "\windows\system32\smssss.exe" /f
- <SYSTEM32>\reg.exe ADD "HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command" /ve /t REG_EXPAND_SZ /d "%PROGRAM_FILES%\Internet Explorer\iexplore.exe http://ta####gs.517800.com/baidu.htm" /f
- <SYSTEM32>\cmd.exe /c <SYSTEM32>\zhuye.bat
- <SYSTEM32>\smssss.exe
- <SYSTEM32>\zhuye.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\cr[1].htm
- <SYSTEM32>\smsss.exe
- %TEMP%\E_N4\krnln.fnr
- %TEMP%\E_N4\HtmlView.fne
- %TEMP%\E_N4\EThread.fne
- 'ta####gs.517800.com':80
- 'localhost':1037
- ta####gs.517800.com/cr/cr/cr.htm
- DNS ASK ta####gs.517800.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''