Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3B8FB116-D358-48A3-A5C7-DB84F15CBB04}] 'Exec' = 'http://www.expresstoolie.com/redirect.php'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run] 'VMware hptray' = '%PROGRAM_FILES%\WebMediaViewer\hpmon.exe'
- '%PROGRAM_FILES%\WebMediaViewer\hpmom.exe'
- '%PROGRAM_FILES%\WebMediaViewer\hpmon.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\zuhrn0.cmd" "
- %PROGRAM_FILES%\WebMediaViewer\hpmun.dll
- %PROGRAM_FILES%\WebMediaViewer\hpmom.exe
- %TEMP%\zuhrn0.cmd
- %PROGRAM_FILES%\WebMediaViewer\hpmon.exe
- %PROGRAM_FILES%\WebMediaViewer\hpmun.exe
- %TEMP%\zuhrn0.cmd