Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'NameClean' = '%PROGRAM_FILES%\NameClean\PrivChkUpdate.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\NameCleanSvc] 'Start' = '00000002'
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\NameClean\PrivChk.dll"
- %PROGRAM_FILES%\NameClean\PrivChkUninst.exe
- %PROGRAM_FILES%\NameClean\nc.dat
- %PROGRAM_FILES%\NameClean\PrivChkUpdate.exe
- %PROGRAM_FILES%\NameClean\PrivChk.dll
- %PROGRAM_FILES%\NameClean\PrivChkSvc.exe
- 'na###lean.co.kr':80
- na###lean.co.kr/_app/app_action.php?pi###############################################
- DNS ASK na###lean.co.kr