Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'BuynaviAuction' = '%PROGRAM_FILES%\BuynaviAuction\BuynaviControl.exe'
- %PROGRAM_FILES%\BuynaviAuction\BuynaviControl.exe
- %PROGRAM_FILES%\BuynaviAuction\uninstall.exe
- %PROGRAM_FILES%\BuynaviAuction\msvcr80.dll
- %TEMP%\nsg3.tmp\DLLWebCount.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\insert[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\update[1].php
- %PROGRAM_FILES%\BuynaviAuction\Microsoft.VC80.CRT.manifest
- %TEMP%\nsg3.tmp\System.dll
- %TEMP%\nsb2.tmp
- %TEMP%\nsg3.tmp\KillProcDLL.dll
- %PROGRAM_FILES%\BuynaviAuction\BuynaviControl.exe
- %PROGRAM_FILES%\BuynaviAuction\BuynaviAuction.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\insert[1].php
- 'bu###vi.co.kr':80
- 'www.bu###vi.co.kr':80
- bu###vi.co.kr/auction/ismedia/update.php
- www.bu###vi.co.kr/count/insert.php?pi################
- DNS ASK bu###vi.co.kr
- DNS ASK www.bu###vi.co.kr