Техническая информация
- <SYSTEM32>\reg.exe Delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs" /F
- %PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE http://www.36##h.org/tj/xx06.htm
- %PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE http://12#.#4.151.14/tj/amdown.asp?ac######################################### XP&lianmeng=xx06
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\xx06[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\amdown[1].asp
- %TEMP%\~DFB5C8.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\amdown[1].asp
- 'localhost':1038
- 'www.36##h.org':80
- 'localhost':1036
- '12#.#4.151.14':80
- www.36##h.org/tj/xx06.htm
- 12#.#4.151.14/tj/amdown.asp?ac############################################################
- DNS ASK www.36##h.org
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''