Техническая информация
- [<HKLM>\SOFTWARE\Classes\wcyfile\Shell\Open\Command] '' = '%SystemRoot%\System32\WScript.exe "%1" %*'
- [<HKLM>\SOFTWARE\Classes\cysfile\shell\open\command] '' = 'WScript.exe "%WINDIR%\uusee32Cache.amy" "%1"'
- '%TEMP%\UUSeeD.exe' "http://do####ad.uusee.com/pop2/century/UUSee_century_Setup_1.exe"
- '%TEMP%\UUSee_century_Setup_1.exe'
- '%PROGRAM_FILES%\F04AA3F2\coopen_setup_100180.exe'
- '%PROGRAM_FILES%\F04AA3F2\UUSee_century.exe'
- '%TEMP%\UUSee_century_Setup_1.exe' (загружен из сети Интернет)
- %PROGRAM_FILES%\F04AA3F2\UUSee_century.exe
- <SYSTEM32>\taobao.ico
- %TEMP%\UUSeeD.exe
- %TEMP%\UUSee_century_Setup_1.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\UUSee_century_Setup_1[1].exe
- %PROGRAM_FILES%\Internet Explorer\SIGNUP\iexplore.exe
- %PROGRAM_FILES%\F04AA3F2\coopen_setup_100180.exe
- C:\A78F2B2F.log
- %WINDIR%\uusee32Cache.amy
- %PROGRAM_FILES%\Internet Explorer\MUI\iexplore.exe
- %WINDIR%\newicon.ico
- %WINDIR%\uusee32Cache.amy
- 'do####ad.uusee.com':80
- 'localhost':1035
- do####ad.uusee.com/pop2/century/UUSee_century_Setup_1.exe
- DNS ASK do####ad.uusee.com
- ClassName: 'progman' WindowName: 'Program Manager'