Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- '%TEMP%\IXP000.TMP\visa.sfx.part1.exe'
- '%TEMP%\IXP000.TMP\visa.exe'
- '<SYSTEM32>\scanregw.exe'
- '%TEMP%\IXP000.TMP\paypal.EXE'
- '%TEMP%\IXP000.TMP\visa.sfx.part1.sfx.part1.exe'
- '%TEMP%\IXP000.TMP\PAYPAL~1.EXE'
- %APPDATA%\rbap550.dll
- %TEMP%\IXP000.TMP\visa.sfx.part1.exe
- %TEMP%\IXP000.TMP\visa.sfx.part4.rar
- <SYSTEM32>\dxinput.dll
- <SYSTEM32>\scanregw.exe
- %TEMP%\IXP000.TMP\visa.exe
- %TEMP%\IXP000.TMP\visa.sfx.part1.sfx.part2.rar
- %TEMP%\IXP000.TMP\visa.sfx.part1.sfx.part1.exe
- %TEMP%\IXP000.TMP\paypal.EXE
- %TEMP%\IXP000.TMP\visa.sfx.part3.rar
- %TEMP%\IXP000.TMP\visa.sfx.part2.rar
- %TEMP%\IXP000.TMP\visa.sfx.part1.sfx.part3.rar
- ClassName: 'Windows 32-bit VxD Message Server' WindowName: ''
- ClassName: 'Progman' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''