Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'On Clean' = '"%PROGRAM_FILES%\On Clean\launcher.exe" "%PROGRAM_FILES%\On Clean\OnCleanUp.exe" /disk'
- %PROGRAM_FILES%\On Clean\OnClean.exe /disk /newupdater
- %PROGRAM_FILES%\On Clean\OnCleanUp.exe /disk
- %PROGRAM_FILES%\On Clean\OnClean.exe /install
- %HOMEPATH%\Desktop\їВЕ¬ё°.lnk
- %HOMEPATH%\Start Menu\Programs\On Clean\їВЕ¬ё°.lnk
- %PROGRAM_FILES%\On Clean\launcher.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\update[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\install[1].php
- %PROGRAM_FILES%\On Clean\uninstall.exe
- %PROGRAM_FILES%\On Clean\OnCleanFunc.dll
- %PROGRAM_FILES%\On Clean\OnClean.exe
- %TEMP%\nso3.tmp\System.dll
- %TEMP%\nsj2.tmp
- %PROGRAM_FILES%\On Clean\OnCleanRes.dll
- %PROGRAM_FILES%\On Clean\OnCleanBlk.dll
- %PROGRAM_FILES%\On Clean\OnCleanUp.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\update[1].htm
- %TEMP%\nso3.tmp\System.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\install[1].php
- 'www.on##ean.net':80
- '21#.#3.123.40':80
- www.on##ean.net/app/update.htm
- 21#.#3.123.40/OnClean/boot.php?ma##################################
- 21#.#3.123.40/onclean/install.php?ma######################################
- DNS ASK www.on##ean.net
- ClassName: 'Indicator' WindowName: ''