Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\srvmopop] 'Start' = '00000002'
- '%APPDATA%\MOpop\srvmopop.exe' i
- '%APPDATA%\MOpop\mopopws.exe'
- '%APPDATA%\MOpop\mopopset.exe'
- '%APPDATA%\MOpop\mopop.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- %APPDATA%\MOpop\mopopws.exe
- %APPDATA%\MOpop\srvmopop.exe
- %TEMP%\nsv2.tmp\System.dll
- %APPDATA%\MOpop\mopop.bat
- %APPDATA%\MOpop\uninst.exe
- %APPDATA%\MOpop\mopopset.exe
- %APPDATA%\MOpop\mopop.exe
- %APPDATA%\MOpop\mopopunset.exe
- %APPDATA%\MOpop\mopopm.exe
- %APPDATA%\MOpop\mopopup.exe
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- %TEMP%\nsv2.tmp\System.dll
- 'www.mi####penpop.com':80
- www.mi####penpop.com/xml/mupope.txt
- www.mi####penpop.com/xml/mopop.html
- www.mi####penpop.com/com/tact.php?ma########################
- www.mi####penpop.com/com/tinst.php?ma###############################
- www.mi####penpop.com/app/mopop.bat
- DNS ASK www.mi####penpop.com
- ClassName: 'Shell_TrayWnd' WindowName: ''