Техническая информация
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\ruango.lnk
- [<HKLM>\SYSTEM\ControlSet001\Services\fkwld] 'Start' = '00000001'
- <SYSTEM32>\MSRundll.exe %CommonProgramFiles%\Ruango\player.dll,Always
- %WINDIR%\3.tmp /S
- %WINDIR%\Temp\host.exe
- %CommonProgramFiles%\Ruango\Player.dll
- %TEMP%\nsv6.tmp\System.dll
- %TEMP%\fkwld.sys
- <SYSTEM32>\83-105-7163
- <DRIVERS>\fkwld.sys
- <SYSTEM32>\MSRundll.exe
- %TEMP%\RGInstall.dll
- <SYSTEM32>\67-105-7163
- %WINDIR%\Temp\host.exe
- %TEMP%\nss2.tmp
- %TEMP%\player.dll
- %TEMP%\nse5.tmp
- %WINDIR%\3.tmp
- %WINDIR%\3.tmp
- %WINDIR%\Temp\host.exe
- %TEMP%\nsv6.tmp\System.dll
- %TEMP%\player.dll
- %TEMP%\RGInstall.dll
- 'do#.#ggzs.com':80
- DNS ASK do#.#ggzs.com
- DNS ASK ya###.com.cn