Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Kingsoft Antivirus WebShield Service] 'Start' = '00000002'
- %ALLUSERSPROFILE%\Application Data\wd\KSWebShield.exe -start
- %ALLUSERSPROFILE%\Application Data\wd\KSWebShield.exe
- %ALLUSERSPROFILE%\Application Data\wd\KSWebShield.exe -install
- %TEMP%\nsv3.tmp\ns4.tmp cmd /c "tskill KSWebShield"
- %TEMP%\nsv3.tmp\ns5.tmp cmd /c "%ALLUSERSPROFILE%\Application Data\wd\u.bat"
- <SYSTEM32>\cmd.exe /c "%ALLUSERSPROFILE%\Application Data\wd\u.bat"
- <SYSTEM32>\tskill.exe KSWebShield
- %ALLUSERSPROFILE%\Application Data\wd\kwsui.dll
- %ALLUSERSPROFILE%\Application Data\wd\u.bat
- %ALLUSERSPROFILE%\Application Data\wd\kswebshield.dll
- %ALLUSERSPROFILE%\Application Data\wd\kwssp.dll
- %TEMP%\nsv3.tmp\ns5.tmp
- %ALLUSERSPROFILE%\Application Data\wd\KWSSVC.log
- %TEMP%\nsv3.tmp\nsExec.dll
- %TEMP%\nsv3.tmp\ns4.tmp
- %TEMP%\temp.ini
- %TEMP%\udfile.exe
- %TEMP%\nsa2.tmp
- %TEMP%\nsv3.tmp\System.dll
- %ALLUSERSPROFILE%\Application Data\wd\KSWebShield.exe
- %ALLUSERSPROFILE%\Application Data\wd\kswbc.dll
- %ALLUSERSPROFILE%\Application Data\kingsoft\kws\kws.ini
- %ALLUSERSPROFILE%\Application Data\kingsoft\kws\spitesp.dat
- %TEMP%\nsv3.tmp\ns5.tmp
- %TEMP%\nsv3.tmp\ns4.tmp
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'kws::OSUCWindowClass' WindowName: ''