Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 'Flags' = '00000043'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\checkok[1].asp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\safemodeip[1].ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\disminiie[1].ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\getsfurl[1].asp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\checkok[1].asp
- <SYSTEM32>\mshosts.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\getad[1].asp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\checkok[1].asp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\getad[1].asp
- <DRIVERS>\etc\hosts
- 'zz###o.i8cs.com':80
- 'ip##.yqxqc.com':8088
- 'localhost':1037
- 'dh.#8cs.com':80
- zz###o.i8cs.com/zzgjzi/safemodeip.ini
- zz###o.i8cs.com/zzgjzi/disminiie.ini
- zz###o.i8cs.com/zzgjzi/getsfurl.asp
- dh.#8cs.com/checkok.asp
- zz###o.i8cs.com/zzgjzi/getad.asp
- DNS ASK ip##.yqxqc.com
- DNS ASK zz###o.i8cs.com
- DNS ASK dh.#8cs.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'www.baidu.com'
- ClassName: 'MS_AutodialMonitor' WindowName: ''