Техническая информация
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\ruango.lnk
- [<HKLM>\SYSTEM\ControlSet001\Services\fkwld] 'Start' = '00000001'
- '<SYSTEM32>\MSRundll.exe' %CommonProgramFiles%\Ruango\player.dll,Always
- '%WINDIR%\1.tmp' /S
- %CommonProgramFiles%\Ruango\Player.dll
- %TEMP%\nsc4.tmp\System.dll
- <SYSTEM32>\MSRundll.exe
- <SYSTEM32>\83-105-7163
- <DRIVERS>\fkwld.sys
- %TEMP%\fkwld.sys
- %WINDIR%\1.tmp
- <SYSTEM32>\67-105-7163
- %TEMP%\nsg3.tmp
- %TEMP%\RGInstall.dll
- %TEMP%\player.dll
- %TEMP%\nsc4.tmp\System.dll
- %WINDIR%\1.tmp
- %TEMP%\player.dll
- %TEMP%\RGInstall.dll
- DNS ASK so##.com
- DNS ASK 00#.#ggzs.com
- DNS ASK 16#.com
- DNS ASK ya###.com.cn
- DNS ASK do#.#ggzs.com