Техническая информация
- '%TEMP%\~nsu.tmp\Au_.exe' _?=%TEMP%\
- '%TEMP%\uninst.exe'
- '%TEMP%\nsw3.tmp\ns4.tmp' cmd.exe /c %TEMP%\vbs.vbs
- '%PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE' http://tj.#####r.cpadown.com:8080/alltj.html?vb#
- %TEMP%\uninst.exe
- %TEMP%\temp.ini
- %TEMP%\nsa6.tmp
- %TEMP%\nsj8.tmp
- %TEMP%\~nsu.tmp\Au_.exe
- %TEMP%\nsw3.tmp\System.dll
- %PROGRAM_FILES%\Internet Explorer\ie.amico
- %TEMP%\nsh2.tmp
- %TEMP%\nsw3.tmp\InetLoad.dll
- %TEMP%\nsw3.tmp\ns4.tmp
- %TEMP%\nsw3.tmp\nsExec.dll
- %TEMP%\nsw3.tmp\System.dll
- %TEMP%\uninst.exe
- %TEMP%\temp.ini
- %TEMP%\nsw3.tmp\ns4.tmp
- %TEMP%\nsw3.tmp\InetLoad.dll
- %TEMP%\nsw3.tmp\nsExec.dll
- 'tj.####er.cpadown.com':8080
- 'localhost':1040
- 'do##.##tup.cpadown.com':8080
- DNS ASK tj.####er.cpadown.com
- DNS ASK do##.##tup.cpadown.com
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '' WindowName: '(null)'