Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'xSafe' = '%CommonProgramFiles%\xSafe.exe'
- '%CommonProgramFiles%\xSafe.exe' xSafe
- '<SYSTEM32>\cmd.exe' /c %TEMP%\~SiNiu.bat
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\rundll32.exe' "%PROGRAM_FILES%\sNiu.dll",MyDLLEntry
- <SYSTEM32>\svchost.exe
- AVP.EXE
- AVP.COM
- 360tray.exe
- %CommonProgramFiles%\xSafe.exe
- %TEMP%\~SiNiu.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\Count[1].htm
- %PROGRAM_FILES%\sNiu.dll
- %WINDIR%\Fonts\ptmki.fon
- %TEMP%\~SiNiu.bat
- %CommonProgramFiles%\xSafe.exe
- %PROGRAM_FILES%\sNiu.dll
- %WINDIR%\Fonts\ptmki.fon
- 'localhost':80
- 12#.0.0.1/Count/Count.asp
- ClassName: 'AfxMDIFrame42s' WindowName: '(null)'