Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup1' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP001.TMP\"'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- [<HKLM>\SYSTEM\ControlSet001\Services\MZDSetup] 'Start' = '00000002'
- '%TEMP%\IXP000.TMP\x_.exe'
- '%TEMP%\IXP001.TMP\sedt.exe'
- '%TEMP%\IXP000.TMP\MZD200~1.EXE'
- '%TEMP%\IXP000.TMP\MZD200~1.EXE' server
- '<SYSTEM32>\cmd.exe' /c ""<SYSTEM32>\setdt.bat" "
- '<SYSTEM32>\wscript.exe' "<SYSTEM32>\setdt.vbs"
- <SYSTEM32>\xkill.bat
- <SYSTEM32>\xkill.exe
- %TEMP%\IXP001.TMP\sedt.exe
- <SYSTEM32>\setdt.vbs
- <SYSTEM32>\setdt.bat
- C:\time.txt
- <SYSTEM32>\command.exe
- <SYSTEM32>\hide.vbs
- C:\MOUSEHOOK.DLL
- C:\Mytemp.ini
- C:\installlist.ini
- %TEMP%\IXP000.TMP\MZD200~1.EXE
- %TEMP%\IXP000.TMP\x_.exe
- C:\MZDPNP.SYS
- C:\MZDCLIENT.EXE
- C:\MZDSCSI.SYS
- C:\MZDNDIS.SYS
- C:\MOUSEHOOK.DLL
- C:\MZDCLIENT.EXE
- %TEMP%\IXP001.TMP\sedt.exe
- %TEMP%\IXP000.TMP\MZD200~1.EXE
- %TEMP%\IXP000.TMP\x_.exe
- C:\installlist.ini
- C:\Mytemp.ini
- C:\MZDSCSI.SYS
- C:\MZDPNP.SYS
- C:\MZDNDIS.SYS
- '25#.#55.255.255':10703
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'MS_WINHELP' WindowName: '(null)'