Техническая информация
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\ruango.lnk
- [<HKLM>\SYSTEM\ControlSet001\Services\xxstkp02] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\fkwld] 'Start' = '00000001'
- %WINDIR%\5.tmp /S
- <SYSTEM32>\MSRundll.exe %CommonProgramFiles%\Ruango\player.dll,Always
- %WINDIR%\Temp\base.exe
- %WINDIR%\Temp\host.exe
- <SYSTEM32>\rundll32.exe "<SYSTEM32>\\xxstkp02.dll",DllCanUnloadNow
- %WINDIR%\Explorer.EXE
- %TEMP%\RGInstall.dll
- %TEMP%\fkwld.sys
- %TEMP%\nsq7.tmp
- %TEMP%\player.dll
- %TEMP%\nsx8.tmp\System.dll
- <DRIVERS>\fkwld.sys
- <SYSTEM32>\83-105-7163
- %CommonProgramFiles%\Ruango\Player.dll
- <SYSTEM32>\MSRundll.exe
- %WINDIR%\Temp\host.exe
- %TEMP%\tmp3.CAB
- %TEMP%\nsc2.tmp
- %WINDIR%\Temp\base.exe
- %TEMP%\tmp4.CAB
- <SYSTEM32>\67-105-7163
- %WINDIR%\5.tmp
- <SYSTEM32>\xxstkp02.dll
- <DRIVERS>\xxstkp02.sys
- %TEMP%\nsx8.tmp\System.dll
- %WINDIR%\5.tmp
- %WINDIR%\Temp\host.exe
- %TEMP%\RGInstall.dll
- %TEMP%\tmp3.CAB
- %TEMP%\tmp4.CAB
- %TEMP%\player.dll
- 'do#.#ggzs.com':80
- DNS ASK do#.#ggzs.com
- DNS ASK ya###.com.cn