Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe,<SYSTEM32>\Iehelps.exe'
- <SYSTEM32>\Iehelps.exe
- <SYSTEM32>\whats.exe
- %TEMP%\_ir_sf7_temp_0\irsetup.exe "__IRAFN:C:\niubo_setup_1027.exe"
- C:\servers.exe
- C:\niubo_setup_1027.exe
- <SYSTEM32>\cmd.exe /c ""<Текущая директория>\a.bat""
- %PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE http://www.12#.la/tong/count/count.asp?id##########################
- <SYSTEM32>\regsvr32.exe /s <SYSTEM32>\win33.dll
- <SYSTEM32>\win33.dll
- %TEMP%\_ir_sf7_temp_0\IRIMG2.JPG
- %TEMP%\_ir_sf7_temp_0\IRIMG1.JPG
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\count[1].asp
- <Текущая директория>\a.bat
- <SYSTEM32>\whats.exe
- C:\niubo_setup_1027.exe
- C:\servers.exe
- %TEMP%\_ir_sf7_temp_0\irsetup.dat
- <SYSTEM32>\Iehelps.exe
- %TEMP%\_ir_sf7_temp_0\irsetup.exe
- %TEMP%\~DF6F61.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\count[1].asp
- %TEMP%\_ir_sf7_temp_0\irsetup.dat
- %TEMP%\~DF9703.tmp
- 'www.12#.la':80
- 'localhost':1036
- www.12#.la/tong/count/count.asp?id##########################
- DNS ASK www.12#.la
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''