Техническая информация
- [<HKLM>\SOFTWARE\Classes\DDGuo\Shell\Open\Command] '' = '"<Полный путь к вирусу>" "%1"'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\right[1].xml
- %HOMEPATH%\AppData\LocalLow\DDGuo\ADright.xml
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\index[1].htm
- %HOMEPATH%\AppData\LocalLow\DDGuo\ADleft.xml
- %ALLUSERSPROFILE%\Application Data\DDGuo\popset.ini
- %HOMEPATH%\AppData\LocalLow\DDGuo\Fav.dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\left[1].xml
- %HOMEPATH%\AppData\LocalLow\DDGuo\ADright.xml в %HOMEPATH%\AppData\LocalLow\DDGuo\right.xml
- %HOMEPATH%\AppData\LocalLow\DDGuo\ADleft.xml в %HOMEPATH%\AppData\LocalLow\DDGuo\left.xml
- 'ca###.doudouguo.com':80
- '12#.#25.114.144':80
- 'localhost':1037
- 'di#####.doudouguo.com':80
- ca###.doudouguo.com/index.htm
- di#####.doudouguo.com/right.xml
- di#####.doudouguo.com/left.xml
- DNS ASK ca###.doudouguo.com
- DNS ASK www.ba##u.com
- DNS ASK GU#####O.DOUDOUGUO.COM
- DNS ASK di#####.doudouguo.com
- 'gu#####o.doudouguo.com':6570
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'