Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'CDkey' = '{CC656AE9-FAE4-4FA4-B883-4F898AEE3B16}'
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" /v "CDkey" /t REG_SZ /d "{CC656AE9-FAE4-4FA4-B883-4F898AEE3B16}" /f
- '<SYSTEM32>\reg.exe' add "HKEY_CLASSES_ROOT\CLSID\{CC656AE9-FAE4-4FA4-B883-4F898AEE3B16}\InProcServer32" /v "" /t REG_SZ /d "%WINDIR%\Xboxdat.DLL" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\CLSID\{CC656AE9-FAE4-4FA4-B883-4F898AEE3B16}\InProcServer32" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" /v "CDkey" /f
- %WINDIR%\Explorer.EXE
- %WINDIR%\htrn_jis.tmp
- %WINDIR%\htrn_jis.dll
- %WINDIR%\Xboxdat.DLL
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\sms[1].jpg
- %WINDIR%\Xboxdat.DLL
- %WINDIR%\htrn_jis.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\sms[1].jpg
- 'mm##.com':80
- 'mm##.com':8080
- mm##.com/sms/sms.jpg
- DNS ASK mm##.com
- ClassName: 'Shell_TrayWnd' WindowName: ''