Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Kingsoft Antivirus WebShield Service] 'Start' = '00000002'
- '%ALLUSERSPROFILE%\Application Data\WD\KSWebShield.exe'
- '%ALLUSERSPROFILE%\Application Data\WD\KSWebShield.exe' -start
- '%ALLUSERSPROFILE%\Application Data\WD\KSWebShield.exe' -install
- '%WINDIR%\sleep.exe' 500
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\temg_tmp.bat" "
- '<SYSTEM32>\cmd.exe' /c ""%ALLUSERSPROFILE%\Application Data\wd\u.bat" "
- %ALLUSERSPROFILE%\Application Data\kingsoft\kws\spitesp.dat
- %ALLUSERSPROFILE%\Application Data\kingsoft\kws\kws.ini
- %ALLUSERSPROFILE%\Application Data\WD\u.bat
- %ALLUSERSPROFILE%\Application Data\WD\KWSSVC.log
- %TEMP%\temg_tmp.bat
- %TEMP%\nss3.tmp\AccessControl.dll
- %ALLUSERSPROFILE%\Application Data\WD\kwsui.dll
- %ALLUSERSPROFILE%\Application Data\WD\KSWebShield.exe
- %TEMP%\nss3.tmp\FindProcDLL.dll
- %TEMP%\nsd2.tmp
- %ALLUSERSPROFILE%\Application Data\WD\kwssp.dll
- %ALLUSERSPROFILE%\Application Data\WD\kswebshield.dll
- %ALLUSERSPROFILE%\Application Data\WD\kswbc.dll
- %TEMP%\nss3.tmp\FindProcDLL.dll
- %TEMP%\nss3.tmp\AccessControl.dll
- ClassName: 'kws::OSUCWindowClass' WindowName: ''