Trojan.DownLoader11.7518

Техническая информация

Для обеспечения автозапуска и распространения:

Модифицирует следующие ключи реестра:

[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'vvt' = '%WINDIR%\temp\svchost.exe'

Вредоносные функции:

Создает и запускает на исполнение:

'%WINDIR%\Temp\browser\firefox.exe' -URL file:///%WINDIR%\temp\browser\res\virtual_visit_system_10-11-25.htm
'%WINDIR%\Temp\browser\firefox.exe' "-URL" "file:///%WINDIR%\temp\browser\res\virtual_visit_system_10-11-25.htm"
'%TEMP%\is-J60QI.tmp\is-ER3VE.tmp' /SL4 $30104 "%WINDIR%\temp\1.exe" 5640465 72704
'%WINDIR%\Temp\svchost.exe'
'%WINDIR%\Temp\1.exe'

Запускает на исполнение:

'%WINDIR%\regedit.exe' /s vvt.reg
'<SYSTEM32>\cmd.exe' /c ""%WINDIR%\temp\vvt.bat" "
'<SYSTEM32>\wscript.exe' "%WINDIR%\temp\vvt.vbs"

Изменения в файловой системе:

Создает следующие файлы:

%WINDIR%\Temp\browser\defaults\profile\bookmarks.html
%WINDIR%\Temp\browser\defaults\profile\chrome\userChrome-example.css
%WINDIR%\Temp\browser\defaults\pref\reporter.js
%WINDIR%\Temp\browser\defaults\pref\firefox-l10n.js
%WINDIR%\Temp\browser\defaults\pref\firefox.js
%WINDIR%\Temp\browser\defaults\profile\chrome\userContent-example.css
%WINDIR%\Temp\browser\firefox.exe
%WINDIR%\Temp\browser\freebl3.chk
%WINDIR%\Temp\browser\defaults\profile\prefs.js
%WINDIR%\Temp\browser\defaults\profile\localstore.rdf
%WINDIR%\Temp\browser\defaults\profile\mimeTypes.rdf
%WINDIR%\Temp\browser\defaults\pref\firefox-branding.js
%WINDIR%\Temp\browser\components\xpinstall.xpt
%WINDIR%\Temp\browser\components\xulapp.xpt
%WINDIR%\Temp\browser\components\xpconnect.xpt
%WINDIR%\Temp\browser\components\xpcom_thread.xpt
%WINDIR%\Temp\browser\components\xpcom_xpti.xpt
%WINDIR%\Temp\browser\components\xuldoc.xpt
%WINDIR%\Temp\browser\defaults\autoconfig\prefcalls.js
%WINDIR%\Temp\browser\defaults\pref\channel-prefs.js
%WINDIR%\Temp\browser\defaults\autoconfig\platform.js
%WINDIR%\Temp\browser\components\xultmpl.xpt
%WINDIR%\Temp\browser\components\zipwriter.xpt
%WINDIR%\Temp\browser\modules\XPCOMUtils.jsm
%WINDIR%\Temp\browser\msvcm90.dll
%WINDIR%\Temp\browser\modules\utils.js
%WINDIR%\Temp\browser\modules\Microformats.js
%WINDIR%\Temp\browser\modules\PluralForm.jsm
%WINDIR%\Temp\browser\msvcp90.dll
%WINDIR%\Temp\browser\nssckbi.dll
%WINDIR%\Temp\browser\nssdbm3.dll
%WINDIR%\Temp\browser\nss3.dll
%WINDIR%\Temp\browser\msvcr90.dll
%WINDIR%\Temp\browser\nspr4.dll
%WINDIR%\Temp\browser\modules\JSON.jsm
%WINDIR%\Temp\browser\greprefs\xpinstall.js
%WINDIR%\Temp\browser\IA2Marshal.dll
%WINDIR%\Temp\browser\greprefs\security-prefs.js
%WINDIR%\Temp\browser\freebl3.dll
%WINDIR%\Temp\browser\greprefs\all.js
%WINDIR%\Temp\browser\js3250.dll
%WINDIR%\Temp\browser\modules\DownloadUtils.jsm
%WINDIR%\Temp\browser\modules\ISO8601DateUtils.jsm
%WINDIR%\Temp\browser\modules\distribution.js
%WINDIR%\Temp\browser\Microsoft.VC90.CRT.manifest
%WINDIR%\Temp\browser\modules\debug.js
%WINDIR%\Temp\browser\components\xpcom_system.xpt
%WINDIR%\Temp\browser\components\proxyObject.xpt
%WINDIR%\Temp\browser\components\rdf.xpt
%WINDIR%\Temp\browser\components\profile.xpt
%WINDIR%\Temp\browser\components\pref.xpt
%WINDIR%\Temp\browser\components\prefetch.xpt
%WINDIR%\Temp\browser\components\satchel.xpt
%WINDIR%\Temp\browser\components\shistory.xpt
%WINDIR%\Temp\browser\components\spellchecker.xpt
%WINDIR%\Temp\browser\components\shellservice.xpt
%WINDIR%\Temp\browser\components\saxparser.xpt
%WINDIR%\Temp\browser\components\sessionstore.xpt
%WINDIR%\Temp\browser\components\pluginGlue.js
%WINDIR%\Temp\browser\components\nsURLFormatter.js
%WINDIR%\Temp\browser\components\nsWebHandlerApp.js
%WINDIR%\Temp\browser\components\nsUrlClassifierListManager.js
%WINDIR%\Temp\browser\components\nsUpdateService.js
%WINDIR%\Temp\browser\components\nsUrlClassifierLib.js
%WINDIR%\Temp\browser\components\oji.xpt
%WINDIR%\Temp\browser\components\pippki.xpt
%WINDIR%\Temp\browser\components\places.xpt
%WINDIR%\Temp\browser\components\pipnss.xpt
%WINDIR%\Temp\browser\components\parentalcontrols.xpt
%WINDIR%\Temp\browser\components\pipboot.xpt
%WINDIR%\Temp\browser\components\webshell_idls.xpt
%WINDIR%\Temp\browser\components\widget.xpt
%WINDIR%\Temp\browser\components\WebContentConverter.js
%WINDIR%\Temp\browser\components\webbrowserpersist.xpt
%WINDIR%\Temp\browser\components\webBrowser_core.xpt
%WINDIR%\Temp\browser\components\windowds.xpt
%WINDIR%\Temp\browser\components\xpcom_ds.xpt
%WINDIR%\Temp\browser\components\xpcom_io.xpt
%WINDIR%\Temp\browser\components\xpcom_components.xpt
%WINDIR%\Temp\browser\components\windowwatcher.xpt
%WINDIR%\Temp\browser\components\xpcom_base.xpt
%WINDIR%\Temp\browser\components\urlformatter.xpt
%WINDIR%\Temp\browser\components\txEXSLTRegExFunctions.js
%WINDIR%\Temp\browser\components\txmgr.xpt
%WINDIR%\Temp\browser\components\toolkitprofile.xpt
%WINDIR%\Temp\browser\components\storage-Legacy.js
%WINDIR%\Temp\browser\components\storage.xpt
%WINDIR%\Temp\browser\components\txtsvc.xpt
%WINDIR%\Temp\browser\components\uriloader.xpt
%WINDIR%\Temp\browser\components\url-classifier.xpt
%WINDIR%\Temp\browser\components\update.xpt
%WINDIR%\Temp\browser\components\uconv.xpt
%WINDIR%\Temp\browser\components\unicharutil.xpt
%WINDIR%\Temp\browser\nssutil3.dll
%WINDIR%\Temp\browser\res\ua.css
%WINDIR%\Temp\browser\res\viewsource.css
%WINDIR%\Temp\browser\res\tbc_vvt_temp_8.txt
%WINDIR%\Temp\browser\res\tbc_vvt_temp_4.txt
%WINDIR%\Temp\browser\res\tbc_vvt_temp_6.txt
%WINDIR%\Temp\browser\res\virtual_visit_system_10-11-25.htm
%WINDIR%\Temp\browser\softokn3.chk
%WINDIR%\Temp\browser\softokn3.dll
%WINDIR%\Temp\browser\smime3.dll
%WINDIR%\Temp\browser\res\wincharset.properties
%WINDIR%\Temp\browser\royale.urf
%WINDIR%\Temp\browser\res\table-remove-row.gif
%WINDIR%\Temp\browser\res\table-add-row-before-active.gif
%WINDIR%\Temp\browser\res\table-add-row-before-hover.gif
%WINDIR%\Temp\browser\res\table-add-row-after.gif
%WINDIR%\Temp\browser\res\table-add-row-after-active.gif
%WINDIR%\Temp\browser\res\table-add-row-after-hover.gif
%WINDIR%\Temp\browser\res\table-add-row-before.gif
%WINDIR%\Temp\browser\res\table-remove-row-active.gif
%WINDIR%\Temp\browser\res\table-remove-row-hover.gif
%WINDIR%\Temp\browser\res\table-remove-column.gif
%WINDIR%\Temp\browser\res\table-remove-column-active.gif
%WINDIR%\Temp\browser\res\table-remove-column-hover.gif
%WINDIR%\Temp\browser\appdata\prefs-1.js
%WINDIR%\Temp\browser\appdata\formhistory.sqlite-journal
%WINDIR%\Temp\browser\appdata\extensions-1.rdf
%WINDIR%\Temp\browser\appdata\extensions-1.cache
%WINDIR%\Temp\browser\appdata\extensions-1.ini
%WINDIR%\Temp\browser\appdata\cookies.sqlite-journal
%WINDIR%\Temp\browser\appdata\Cache\_CACHE_MAP_
%WINDIR%\Temp\browser\appdata\urlclassifier3.sqlite-journal
%WINDIR%\Temp\browser\appdata\Cache\_CACHE_003_
%WINDIR%\Temp\browser\appdata\Cache\_CACHE_001_
%WINDIR%\Temp\browser\appdata\Cache\_CACHE_002_
%TEMP%\is-JLRIV.tmp\Splash.bmp
%WINDIR%\Temp\browser\xpcom.dll
%WINDIR%\Temp\browser\xul.dll
%WINDIR%\Temp\browser\vvt_state.ini
%WINDIR%\Temp\browser\sqlite3.dll
%WINDIR%\Temp\browser\ssl3.dll
%WINDIR%\Temp\appface.dll
%TEMP%\is-JLRIV.tmp\callnsis.dll
%TEMP%\is-JLRIV.tmp\AdvSplash.dll
%TEMP%\is-JLRIV.tmp\_isetup\_shfoldr.dll
%TEMP%\is-J60QI.tmp\is-ER3VE.tmp
%APPDATA%\gMozilla\gFirefox\profiles.ini
%WINDIR%\Temp\browser\res\table-add-column-before.gif
%WINDIR%\Temp\browser\res\dtd\mathml.dtd
%WINDIR%\Temp\browser\res\dtd\xhtml11.dtd
%WINDIR%\Temp\browser\res\designmode.css
%WINDIR%\Temp\browser\res\charsetData.properties
%WINDIR%\Temp\browser\res\contenteditable.css
%WINDIR%\Temp\browser\res\EditorOverride.css
%WINDIR%\Temp\browser\res\entityTables\htmlEntityVersions.properties
%WINDIR%\Temp\browser\res\entityTables\mathml20.properties
%WINDIR%\Temp\browser\res\entityTables\html40Symbols.properties
%WINDIR%\Temp\browser\res\entityTables\html40Latin1.properties
%WINDIR%\Temp\browser\res\entityTables\html40Special.properties
%WINDIR%\Temp\browser\res\charsetalias.properties
%WINDIR%\Temp\browser\pxy\config.txt
%WINDIR%\Temp\browser\pxy\default.action
%WINDIR%\Temp\browser\plds4.dll
%WINDIR%\Temp\browser\platform.ini
%WINDIR%\Temp\browser\plc4.dll
%WINDIR%\Temp\browser\pxy\default.filter
%WINDIR%\Temp\browser\res\arrowd.gif
%WINDIR%\Temp\browser\res\broken-image.gif
%WINDIR%\Temp\browser\res\arrow.gif
%WINDIR%\Temp\browser\pxy\mgwz.dll
%WINDIR%\Temp\browser\pxy\privoxy.dll
%WINDIR%\Temp\browser\res\mathml.css
%WINDIR%\Temp\browser\res\quirk.css
%WINDIR%\Temp\browser\res\loading-image.gif
%WINDIR%\Temp\browser\res\langGroups.properties
%WINDIR%\Temp\browser\res\language.properties
%WINDIR%\Temp\browser\res\svg.css
%WINDIR%\Temp\browser\res\table-add-column-before-active.gif
%WINDIR%\Temp\browser\res\table-add-column-before-hover.gif
%WINDIR%\Temp\browser\res\table-add-column-after.gif
%WINDIR%\Temp\browser\res\table-add-column-after-active.gif
%WINDIR%\Temp\browser\res\table-add-column-after-hover.gif
%WINDIR%\Temp\browser\res\html.css
%WINDIR%\Temp\browser\res\fonts\mathfontSTIXNonUnicode.properties
%WINDIR%\Temp\browser\res\fonts\mathfontSTIXSize1.properties
%WINDIR%\Temp\browser\res\fonts\mathfontStandardSymbolsL.properties
%WINDIR%\Temp\browser\res\entityTables\transliterate.properties
%WINDIR%\Temp\browser\res\fonts\mathfont.properties
%WINDIR%\Temp\browser\res\fonts\mathfontSymbol.properties
%WINDIR%\Temp\browser\res\hiddenWindow.html
%WINDIR%\Temp\browser\res\html\folder.png
%WINDIR%\Temp\browser\res\grabber.gif
%WINDIR%\Temp\browser\res\fonts\mathfontUnicode.properties
%WINDIR%\Temp\browser\res\forms.css
%WINDIR%\Temp\browser\components\accessibility.xpt
%WINDIR%\Temp\browser\components\alerts.xpt
%WINDIR%\Temp\browser\components\accessibility-msaa.xpt
%WINDIR%\Temp\browser\components\aboutRights.js
%WINDIR%\Temp\browser\components\aboutRobots.js
%WINDIR%\Temp\browser\components\appshell.xpt
%WINDIR%\Temp\browser\components\browser-feeds.xpt
%WINDIR%\Temp\browser\components\browsercompsbase.xpt
%WINDIR%\Temp\browser\components\autoconfig.xpt
%WINDIR%\Temp\browser\components\appstartup.xpt
%WINDIR%\Temp\browser\components\autocomplete.xpt
%WINDIR%\Temp\browser\chrome\zh-CN.manifest
%WINDIR%\Temp\browser\chrome\pippki.jar
%WINDIR%\Temp\browser\chrome\pippki.manifest
%WINDIR%\Temp\browser\chrome\default.jar
%WINDIR%\Temp\browser\chrome\comm.jar
%WINDIR%\Temp\browser\chrome\comm.manifest
%WINDIR%\Temp\browser\chrome\reporter.jar
%WINDIR%\Temp\browser\chrome\troot.conf
%WINDIR%\Temp\browser\chrome\zh-CN.jar
%WINDIR%\Temp\browser\chrome\toolkit.manifest
%WINDIR%\Temp\browser\chrome\reporter.manifest
%WINDIR%\Temp\browser\chrome\toolkit.jar
%WINDIR%\Temp\browser\components\content_xslt.xpt
%WINDIR%\Temp\browser\components\content_xtf.xpt
%WINDIR%\Temp\browser\components\content_xmldoc.xpt
%WINDIR%\Temp\browser\components\content_html.xpt
%WINDIR%\Temp\browser\components\content_htmldoc.xpt
%WINDIR%\Temp\browser\components\cookie.xpt
%WINDIR%\Temp\browser\components\dom_base.xpt
%WINDIR%\Temp\browser\components\dom_canvas.xpt
%WINDIR%\Temp\browser\components\dom.xpt
%WINDIR%\Temp\browser\components\directory.xpt
%WINDIR%\Temp\browser\components\docshell_base.xpt
%WINDIR%\Temp\browser\components\content_base.xpt
%WINDIR%\Temp\browser\components\brwsrcmp.dll
%WINDIR%\Temp\browser\components\caps.xpt
%WINDIR%\Temp\browser\components\browsersearch.xpt
%WINDIR%\Temp\browser\components\browserdirprovider.dll
%WINDIR%\Temp\browser\components\browserplaces.xpt
%WINDIR%\Temp\browser\components\chardet.xpt
%WINDIR%\Temp\browser\components\composer.xpt
%WINDIR%\Temp\browser\components\contentprefs.xpt
%WINDIR%\Temp\browser\components\commandlines.xpt
%WINDIR%\Temp\browser\components\chrome.xpt
%WINDIR%\Temp\browser\components\commandhandler.xpt
%WINDIR%\Temp\browser\chrome\classic.manifest
%WINDIR%\Temp\browser\appdata\extensions\vvisit@www.virtualvisit.cn\content\function.js
%WINDIR%\Temp\browser\appdata\extensions\vvisit@www.virtualvisit.cn\content\overlay.xul
%WINDIR%\Temp\browser\appdata\extensions\vvisit@www.virtualvisit.cn\chrome.manifest
%WINDIR%\Temp\browser\appdata\cookies.sqlite
%WINDIR%\Temp\browser\appdata\downloads.sqlite
%WINDIR%\Temp\browser\appdata\extensions\vvisit@www.virtualvisit.cn\content\vvisit.js
%WINDIR%\Temp\browser\appdata\extensions.rdf
%WINDIR%\Temp\browser\appdata\formhistory.sqlite
%WINDIR%\Temp\browser\appdata\extensions.ini
%WINDIR%\Temp\browser\appdata\extensions\vvisit@www.virtualvisit.cn\install.rdf
%WINDIR%\Temp\browser\appdata\extensions.cache
%WINDIR%\Temp\browser\appdata\content-prefs.sqlite
%WINDIR%\Temp\vvt.reg
%WINDIR%\Temp\vvt.vbs
%WINDIR%\Temp\vvt.bat
%WINDIR%\Temp\config.ini
%WINDIR%\Temp\svchost.exe
%WINDIR%\Temp\1.exe
%WINDIR%\Temp\browser\appdata\compatibility.ini
%WINDIR%\Temp\browser\appdata\compreg.dat
%WINDIR%\Temp\browser\appdata\cert8.db
%WINDIR%\Temp\browser\AccessibleMarshal.dll
%WINDIR%\Temp\browser\appdata\blocklist.xml
%WINDIR%\Temp\browser\appdata\XPC.mfl
%WINDIR%\Temp\browser\appdata\xpti.dat
%WINDIR%\Temp\browser\appdata\webappsstore.sqlite
%WINDIR%\Temp\browser\appdata\urlclassifier3.sqlite
%WINDIR%\Temp\browser\appdata\user.js
%WINDIR%\Temp\browser\appdata\XUL.mfl
%WINDIR%\Temp\browser\chrome\browser.manifest
%WINDIR%\Temp\browser\chrome\classic.jar
%WINDIR%\Temp\browser\chrome\browser.jar
%WINDIR%\Temp\browser\application.ini
%WINDIR%\Temp\browser\blocklist.xml
%WINDIR%\Temp\browser\appdata\signons3.txt
%WINDIR%\Temp\browser\appdata\OfflineCache\index.sqlite
%WINDIR%\Temp\browser\appdata\permissions.sqlite
%WINDIR%\Temp\browser\appdata\mimeTypes.rdf
%WINDIR%\Temp\browser\appdata\key3.db
%WINDIR%\Temp\browser\appdata\localstore.rdf
%WINDIR%\Temp\browser\appdata\places.sqlite
%WINDIR%\Temp\browser\appdata\secmod.db
%WINDIR%\Temp\browser\appdata\sessionstore.js
%WINDIR%\Temp\browser\appdata\search.sqlite
%WINDIR%\Temp\browser\appdata\places.sqlite-journal
%WINDIR%\Temp\browser\appdata\prefs.js
%WINDIR%\Temp\browser\components\dom_core.xpt
%WINDIR%\Temp\browser\components\nsAddonRepository.js
%WINDIR%\Temp\browser\components\nsBadCertHandler.js
%WINDIR%\Temp\browser\components\necko_viewsource.xpt
%WINDIR%\Temp\browser\components\necko_socket.xpt
%WINDIR%\Temp\browser\components\necko_strconv.xpt
%WINDIR%\Temp\browser\components\nsBlocklistService.js
%WINDIR%\Temp\browser\components\nsContentPrefService.js
%WINDIR%\Temp\browser\components\nsDefaultCLH.js
%WINDIR%\Temp\browser\components\nsContentDispatchChooser.js
%WINDIR%\Temp\browser\components\nsBrowserContentHandler.js
%WINDIR%\Temp\browser\components\nsBrowserGlue.js
%WINDIR%\Temp\browser\components\necko_res.xpt
%WINDIR%\Temp\browser\components\necko.xpt
%WINDIR%\Temp\browser\components\necko_about.xpt
%WINDIR%\Temp\browser\components\mozfind.xpt
%WINDIR%\Temp\browser\components\mimetype.xpt
%WINDIR%\Temp\browser\components\mozbrwsr.xpt
%WINDIR%\Temp\browser\components\necko_cache.xpt
%WINDIR%\Temp\browser\components\necko_ftp.xpt
%WINDIR%\Temp\browser\components\necko_http.xpt
%WINDIR%\Temp\browser\components\necko_file.xpt
%WINDIR%\Temp\browser\components\necko_cookie.xpt
%WINDIR%\Temp\browser\components\necko_dns.xpt
%WINDIR%\Temp\browser\components\nsSearchService.js
%WINDIR%\Temp\browser\components\nsSearchSuggestions.js
%WINDIR%\Temp\browser\components\nsSafebrowsingApplication.js
%WINDIR%\Temp\browser\components\nsProxyAutoConfig.js
%WINDIR%\Temp\browser\components\nsResetPref.js
%WINDIR%\Temp\browser\components\nsSessionStartup.js
%WINDIR%\Temp\browser\components\nsTaggingService.js
%WINDIR%\Temp\browser\components\nsTryToClose.js
%WINDIR%\Temp\browser\components\nsSidebar.js
%WINDIR%\Temp\browser\components\nsSessionStore.js
%WINDIR%\Temp\browser\components\nsSetDefaultBrowser.js
%WINDIR%\Temp\browser\components\nsProgressDialog.js
%WINDIR%\Temp\browser\components\nsHelperAppDlg.js
%WINDIR%\Temp\browser\components\nsLivemarkService.js
%WINDIR%\Temp\browser\components\nsHandlerService.js
%WINDIR%\Temp\browser\components\nsDownloadManagerUI.js
%WINDIR%\Temp\browser\components\nsExtensionManager.js
%WINDIR%\Temp\browser\components\nsLoginInfo.js
%WINDIR%\Temp\browser\components\nsPlacesTransactionsService.js
%WINDIR%\Temp\browser\components\nsPostUpdateWin.js
%WINDIR%\Temp\browser\components\nsMicrosummaryService.js
%WINDIR%\Temp\browser\components\nsLoginManager.js
%WINDIR%\Temp\browser\components\nsLoginManagerPrompter.js
%WINDIR%\Temp\browser\components\migration.xpt
%WINDIR%\Temp\browser\components\dom_xul.xpt
%WINDIR%\Temp\browser\components\downloads.xpt
%WINDIR%\Temp\browser\components\dom_xpath.xpt
%WINDIR%\Temp\browser\components\dom_views.xpt
%WINDIR%\Temp\browser\components\dom_xbl.xpt
%WINDIR%\Temp\browser\components\editor.xpt
%WINDIR%\Temp\browser\components\exthelper.xpt
%WINDIR%\Temp\browser\components\fastfind.xpt
%WINDIR%\Temp\browser\components\exthandler.xpt
%WINDIR%\Temp\browser\components\embed_base.xpt
%WINDIR%\Temp\browser\components\extensions.xpt
%WINDIR%\Temp\browser\components\dom_traversal.xpt
%WINDIR%\Temp\browser\components\dom_json.xpt
%WINDIR%\Temp\browser\components\dom_loadsave.xpt
%WINDIR%\Temp\browser\components\dom_html.xpt
%WINDIR%\Temp\browser\components\dom_css.xpt
%WINDIR%\Temp\browser\components\dom_events.xpt
%WINDIR%\Temp\browser\components\dom_offline.xpt
%WINDIR%\Temp\browser\components\dom_stylesheets.xpt
%WINDIR%\Temp\browser\components\dom_svg.xpt
%WINDIR%\Temp\browser\components\dom_storage.xpt
%WINDIR%\Temp\browser\components\dom_range.xpt
%WINDIR%\Temp\browser\components\dom_sidebar.xpt
%WINDIR%\Temp\browser\components\jsdservice.xpt
%WINDIR%\Temp\browser\components\layout_base.xpt
%WINDIR%\Temp\browser\components\jsconsole-clhandler.js
%WINDIR%\Temp\browser\components\intl.xpt
%WINDIR%\Temp\browser\components\jar.xpt
%WINDIR%\Temp\browser\components\layout_xul.xpt
%WINDIR%\Temp\browser\components\lwbrk.xpt
%WINDIR%\Temp\browser\components\microsummaries.xpt
%WINDIR%\Temp\browser\components\loginmgr.xpt
%WINDIR%\Temp\browser\components\layout_xul_tree.xpt
%WINDIR%\Temp\browser\components\locale.xpt
%WINDIR%\Temp\browser\components\inspector.xpt
%WINDIR%\Temp\browser\components\FeedWriter.js
%WINDIR%\Temp\browser\components\find.xpt
%WINDIR%\Temp\browser\components\feeds.xpt
%WINDIR%\Temp\browser\components\FeedConverter.js
%WINDIR%\Temp\browser\components\FeedProcessor.js
%WINDIR%\Temp\browser\components\fuel.xpt
%WINDIR%\Temp\browser\components\imgicon.xpt
%WINDIR%\Temp\browser\components\imglib2.xpt
%WINDIR%\Temp\browser\components\htmlparser.xpt
%WINDIR%\Temp\browser\components\fuelApplication.js
%WINDIR%\Temp\browser\components\gfx.xpt

Удаляет следующие файлы:

%WINDIR%\Temp\browser\appdata\formhistory.sqlite-journal
%WINDIR%\Temp\browser\appdata\places.sqlite-journal
%WINDIR%\Temp\browser\appdata\urlclassifier3.sqlite-journal
%WINDIR%\Temp\browser\appdata\cookies.sqlite-journal
%WINDIR%\Temp\browser\appdata\XPC.mfl
%WINDIR%\Temp\browser\appdata\xpti.dat
%WINDIR%\Temp\browser\appdata\compreg.dat
%WINDIR%\Temp\browser\appdata\XUL.mfl
%WINDIR%\Temp\browser\appdata\extensions.ini

Перемещает следующие файлы:

%WINDIR%\Temp\browser\appdata\extensions-1.ini в %WINDIR%\Temp\browser\appdata\extensions.ini
%WINDIR%\Temp\browser\appdata\extensions-1.rdf в %WINDIR%\Temp\browser\appdata\extensions.rdf
%WINDIR%\Temp\browser\appdata\prefs-1.js в %WINDIR%\Temp\browser\appdata\prefs.js
%WINDIR%\Temp\browser\appdata\xpti.dat.tmp в %WINDIR%\Temp\browser\appdata\xpti.dat
%WINDIR%\Temp\browser\appdata\compreg.dat.tmp в %WINDIR%\Temp\browser\appdata\compreg.dat
%WINDIR%\Temp\browser\appdata\extensions-1.cache в %WINDIR%\Temp\browser\appdata\extensions.cache

Сетевая активность:

Подключается к:

'localhost':58588
'localhost':1043
'u.####ualvisit.cn':80
'localhost':1036
'localhost':1039

TCP:

Запросы HTTP GET:

u.####ualvisit.cn/u/t5.php?qu###############################################################################################################################################################################

UDP:

DNS ASK u.####ualvisit.cn

Другое:

Ищет следующие окна:

ClassName: 'gFirefoxMessageWindow' WindowName: '(null)'
ClassName: 'MozillaUIWindowClass' WindowName: 'virtual_visit_system_10-11-25 - Mozilla Firefox'
ClassName: '#32770' WindowName: 'firefox.exe - ????????????'
ClassName: 'MozillaDialogClass' WindowName: '(null)'
ClassName: 'MozillaUIWindowClass' WindowName: 'Add-ons'
ClassName: 'Shell_TrayWnd' WindowName: '(null)'
ClassName: 'EDIT' WindowName: '(null)'
ClassName: 'MozillaDialogClass' WindowName: 'Firefox - ????????????'
ClassName: 'RegEdit_RegEdit' WindowName: '(null)'

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней