Техническая информация
- '%HOMEPATH%\temp\5454Rereoorr))((__\chm.exe'
- '<SYSTEM32>\regsvr32.exe' /s "%HOMEPATH%\temp\5454Rereoorr))((__\iPush.Dll"
- %WINDIR%\Explorer.EXE
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\rturl[1].xml
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\rnd[1].asp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\updateok[1].xml
- %HOMEPATH%\temp\5454Rereoorr))((__\iPushConfig.ini
- %HOMEPATH%\temp\5454Rereoorr))((__\chm.exe
- %HOMEPATH%\temp\5454Rereoorr))((__\iPush.Dll
- 'i.##oo.com':80
- 'ip###.icoou.com':80
- 'localhost':1038
- ip###.icoou.com/updateok.xml?nu#####################
- i.##oo.com/rnd.asp?nu####################
- ip###.icoou.com/rturl.xml?nu#####################
- DNS ASK i.##oo.com
- DNS ASK ip###.icoou.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'