Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\RpcUsnsvc] 'Start' = '00000002'
- '%WINDIR%\usnsvc.exe' /service
- '%WINDIR%\usnsvc.exe'
- '%TEMP%\setup.exe'
- '%WINDIR%\service.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\_uninsep.bat" "
- '<SYSTEM32>\net1.exe' start RpcUsnsvc
- '<SYSTEM32>\regsvr32.exe' "%WINDIR%\nmsvc.dll" /s
- %TEMP%\adorder.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\adorder[1].htm
- %TEMP%\_uninsep.bat
- %WINDIR%\Temp\nmtemp.ini
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\update[1].htm
- %TEMP%\nmsvc.ini
- %TEMP%\TElem32.dll
- %TEMP%\service.exe
- %TEMP%\usnsvc.exe
- %TEMP%\setup.exe
- %TEMP%\setup.exe
- %TEMP%\service.exe в %WINDIR%\service.exe
- %TEMP%\usnsvc.exe в %WINDIR%\usnsvc.exe
- %TEMP%\nmsvc.ini в %WINDIR%\nmsvc.ini
- %TEMP%\TElem32.dll в %WINDIR%\TElem32.dll
- 'www.5i##o.com':80
- www.5i##o.com/software/pv/ver3/update.htm
- www.5i##o.com/software/pv/ver3/adorder.htm
- DNS ASK www.5i##o.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'