Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- '%TEMP%\JDownloaderSetup.exe'
- '%TEMP%\IXP000.TMP\WEBINS~1.EXE'
- '%TEMP%\IXP000.TMP\INTEL-~1.EXE'
- '%TEMP%\JDownloaderSetup.exe' (загружен из сети Интернет)
- %TEMP%\nsn2.tmp\System.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\download[1].php
- %TEMP%\JDownloaderSetup.exe
- %TEMP%\nsn2.tmp\inetc.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\inst[1].php
- %TEMP%\IXP000.TMP\.a.log
- %TEMP%\nsn2.tmp\System.dll
- %TEMP%\IXP000.TMP\WEBINS~1.EXE
- %TEMP%\IXP000.TMP\INTEL-~1.EXE
- %TEMP%\IXP000.TMP\.a.log
- %TEMP%\JDownloaderSetup.exe
- %TEMP%\nsn2.tmp\inetc.dll
- 'jd###loader.org':80
- jd###loader.org/download.php?f=#################
- jd###loader.org/scripts/inst.php?do#############################
- DNS ASK do######3.jdownloader.org
- DNS ASK jd###loader.org
- ClassName: '#32770' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'