Техническая информация
- [<HKCU>\Software\Microsoft\Internet Explorer\Extensions\{F2C63239-A5DB-487B-B283-4132351E7AB6}] 'Exec' = 'http://www.baidu.com/index.php?tn=mm667_pg'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- '%TEMP%\IXP000.TMP\QQєГУС~1.EXE'
- '%WINDIR%\regedit.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoInternetIcon' = '00000001'
- <SYSTEM32>\baidu.htm
- %WINDIR%\baidu.ico
- %HOMEPATH%\Favorites\Ўѕ °Щ¶ИКЧТі Ўї.lnk
- %HOMEPATH%\My Documents\QQєГУСЙн·ЭХмІмЖч.exe
- %ALLUSERSPROFILE%\Desktop\Internet Explorer.lnk
- %TEMP%\zhichiku\HtmlView.fne
- %TEMP%\zhichiku\krnln.fnr
- %TEMP%\zhichiku\shell.fne
- %TEMP%\zhichiku\ERawSock.fne
- %TEMP%\zhichiku\eAPI.fne
- 'wp#.qq.com':80
- 'localhost':1037
- wp#.qq.com/pa?p=############
- DNS ASK wp#.qq.com
- ClassName: '' WindowName: 'regedit.exe'
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''