Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'IEProtector' = '%PROGRAM_FILES%\IEProtector\ieprotector.exe hide,start'
- [<HKLM>\SYSTEM\ControlSet001\Services\IEProtector] 'Start' = '00000002'
- '%PROGRAM_FILES%\IEProtector\IEProtector.exe' hide,init
- '%TEMP%\null\<Имя вируса>.exe' /S
- %HOMEPATH%\Desktop\МФ±¦ПЮК±ГлЙ±.lnk
- %HOMEPATH%\Start Menu\Programs\IEProtector\Р¶ФШIEКШ»¤ХЯ.lnk
- %PROGRAM_FILES%\IEProtector\uninstall.dat
- %HOMEPATH%\Start Menu\IEКШ»¤ХЯ.lnk
- %TEMP%\nsd4.tmp\SimpleSC.dll
- %HOMEPATH%\Start Menu\Programs\IEProtector\IEКШ»¤ХЯ.lnk
- %TEMP%\nsd4.tmp\System.dll
- %PROGRAM_FILES%\IEProtector\App.ini
- %PROGRAM_FILES%\IEProtector\IEProtector.exe
- %TEMP%\null\Setup_10000.exe
- %TEMP%\nso2.tmp\System.dll
- %PROGRAM_FILES%\IEProtector\ieprotector.ini
- %PROGRAM_FILES%\IEProtector\uninst.exe
- %PROGRAM_FILES%\IEProtector\IEService.exe
- %PROGRAM_FILES%\IEProtector\TaoBao.exe
- %TEMP%\null\<Имя вируса>.exe
- %TEMP%\nso2.tmp\System.dll
- %TEMP%\nsd4.tmp\SimpleSC.dll
- %TEMP%\nsd4.tmp\System.dll
- %TEMP%\null\Setup_10000.exe в %TEMP%\null\<Имя вируса>.exe
- 'tj.###uanjia.com':85
- DNS ASK tj.###uanjia.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'