Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rpga' = '%APPDATA%\SpeedDownload\rpgchk.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SpeedDownload' = '%APPDATA%\SpeedDownload\FBDManager.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\FBDSvcman] 'Start' = '00000002'
- '%APPDATA%\SpeedDownload\SpeedGet.exe' /r
- '<SYSTEM32>\regsvr32.exe' /s "%APPDATA%\SpeedDownload\FBDMgr.dll"
- %APPDATA%\SpeedDownload\FBDSvcMan.exe
- %APPDATA%\SpeedDownload\FBDUnist.exe
- %APPDATA%\SpeedDownload\fbdchk.exe
- %APPDATA%\SpeedDownload\FBDManager.exe
- %APPDATA%\SpeedDownload\SpeedGet.exe
- %APPDATA%\SpeedDownload\SpeedGet.tlb
- %APPDATA%\SpeedDownload\FBDMgr.dll
- 'sp####ownload.co.kr':80
- sp####ownload.co.kr/update_xml2.php?gu#####################################
- sp####ownload.co.kr/check_counter.php?pi#################################################
- DNS ASK www.sp####ownload.co.kr
- DNS ASK sp####ownload.co.kr
- ClassName: '(null)' WindowName: '???????'