Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe %WINDIR%\Config\csrss.exe'
- '%WINDIR%\Config\csrss.exe'
- '<SYSTEM32>\attrib.exe' +S +H %WINDIR%\Config\MSWINSCK.OCX
- '<SYSTEM32>\attrib.exe' +S +H %WINDIR%\Config\csrss.exe
- '<SYSTEM32>\attrib.exe' +S +H %WINDIR%\Config\yacscom.dll
- '<SYSTEM32>\regsvr32.exe' /s %WINDIR%\config\MSWINSCK.OCX
- '<SYSTEM32>\regsvr32.exe' /s %WINDIR%\config\yacscom.dll
- [<HKCU>\SOFTWARE\Yahoo\pager]
- %WINDIR%\yacs.log
- %WINDIR%\Config\csrss.exe
- %WINDIR%\Config\MSWINSCK.OCX
- %WINDIR%\Config\yacscom.dll
- %WINDIR%\Config\csrss.exe
- %WINDIR%\Config\MSWINSCK.OCX
- %WINDIR%\Config\yacscom.dll
- %TEMP%\~DF5534.tmp
- 'vc#.###.ogk.yahoo.co.jp':5001
- 'www.ip###cken.com':80
- www.ip###cken.com/
- DNS ASK vc#.###.ogk.yahoo.co.jp
- DNS ASK www.ip###cken.com
- ClassName: 'Shell_TrayWnd' WindowName: ''