Техническая информация
- '<SYSTEM32>\wscript.exe' %WINDIR%\yxwj.vbs
- '%PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE' http://58.##8.199.35/tj/amdown.asp?ac######################################### XP&lianmeng=005
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\amdown[1].asp
- %WINDIR%\yxwj.vbs
- %WINDIR%\system\test.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\005[1].txt
- %TEMP%\~DF53FE.tmp
- %WINDIR%\system\test.txt
- 'localhost':1039
- '58.##8.199.35':80
- 'localhost':1036
- 'www.vi##ay.cn':80
- 58.##8.199.35/tj/amdown.asp?ac###########################################################
- www.vi##ay.cn/dz/005.txt
- DNS ASK www.vi##ay.cn
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: '' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'