Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{A47BE134-9ACE-2457-ABD0-3AE14579BDE1}' = ''
- '<SYSTEM32>\cmd.exe' /c _deleteme.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ver[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\exe[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\response[1].asp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\htm[1].txt
- <SYSTEM32>\SysDown.vxd
- <Текущая директория>\_deleteme.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\exe[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\response[1].asp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\htm[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ver[1].txt
- 'au##.#earch.msn.com':80
- 'localhost':1038
- 'www.48#y.cn':80
- www.48#y.cn/geren/cajian/exe.txt
- au##.#earch.msn.com/response.asp?MT###########################
- www.48#y.cn/geren/cajian/ver.txt
- www.48#y.cn/geren/cajian/htm.txt
- DNS ASK au##.#earch.msn.com
- DNS ASK www.48#y.cn
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'ListBox' WindowName: 'dll_wfgQQ'
- ClassName: 'ListBox' WindowName: 'ZXY_wfgQQ'
- ClassName: '' WindowName: '(null)'