Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'iAD_' = '<SYSTEM32>\svchost.exe'
- '%WINDIR%\Temp\ad16393.exe'
- '%WINDIR%\Temp\58bho.exe'
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\regsvr32.exe' /s "%CommonProgramFiles%\PushWare\cpush.dll"
- <SYSTEM32>\svchost.exe
- <Полный путь к вирусу>
- %WINDIR%\iADGame.log
- <SYSTEM32>\iADConfig.ini
- %CommonProgramFiles%\PushWare\cpush.dll
- <SYSTEM32>\Update.dat
- %WINDIR%\iADGameUrl.xml
- %WINDIR%\iAD.ini
- %CommonProgramFiles%\PushWare\Uninst.exe
- %WINDIR%\Temp\58bho.ini
- %WINDIR%\Temp\58bho.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ad[1].txt
- %TEMP%\nsa2.tmp
- %WINDIR%\Temp\ad16393.exe
- <SYSTEM32>\Update.dat
- %WINDIR%\Temp\58bho.ini
- %WINDIR%\Temp\58bho.exe
- 'do####l.jiajiaee.cn':80
- 'www.qs##r.com':80
- do####l.jiajiaee.cn/iepop/update/Update.dat
- do####l.jiajiaee.cn/iepop/list/NewGameUrl.xml
- www.qs##r.com/ad.txt
- DNS ASK do####l.jiajiaee.cn
- DNS ASK www.qs##r.com
- ClassName: 'TForm1' WindowName: 'Form1'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'