Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- '%TEMP%\GLB1.tmp' 4736 %TEMP%\IXP000.TMP\YMSGR1~1.EXE
- '%TEMP%\IXP000.TMP\YMSGR1~1.EXE'
- [<HKCU>\Software\Yahoo\Pager]
- [<HKLM>\software\yahoo\pager]
- %TEMP%\GLM4.tmp
- %TEMP%\GLG6.tmp
- %TEMP%\~GLH0000.TMP
- %TEMP%\GLJ3.tmp
- %TEMP%\IXP000.TMP\Server.exe
- %TEMP%\GLB1.tmp
- %TEMP%\GLC2.tmp
- %TEMP%\~GLH0000.TMP в %TEMP%\GLF7.tmp
- '67.##5.160.76':80
- 67.##5.160.76/ycontent/stats.php?ve########################################################################################
- DNS ASK in#####.msg.yahoo.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'