Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'JSsetup' = '%WINDIR%\system\jssetup\JSsetup.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Messenger' = '%WINDIR%\messenger\messenger.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\Shortcut to startup_local.lnk
- '%TEMP%\syseter.exe'
- '%TEMP%\explor.exe'
- '%TEMP%\llly9.exe'
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\Internet Explorer\IETimbar\IETimbar.dll"
- %PROGRAM_FILES%\Internet Explorer\IETimbar\vercfg.dat
- %PROGRAM_FILES%\Internet Explorer\IETimbar\httpf.dat
- %TEMP%\Messenger\sysvc.dat
- %PROGRAM_FILES%\Internet Explorer\IETimbar\cfg.dat
- C:\startup_localo.exe
- %WINDIR%\messenger\messenger.exe
- %PROGRAM_FILES%\Internet Explorer\IETimbar\Uninstall.exe
- C:\svchost.exe
- %TEMP%\Messenger\sysmain.dat
- %TEMP%\explor.exe
- %TEMP%\syseter.exe
- %TEMP%\nsh2.tmp
- %TEMP%\llly9.exe
- %TEMP%\Messenger\nvmctray.dll
- %TEMP%\Messenger\nvsys.ini
- %TEMP%\Color.exe
- %TEMP%\Messenger\ccfapi32.dll
- %PROGRAM_FILES%\Internet Explorer\IETimbar\Uninstall.exe
- 'www.66##.8800.org':80
- www.66##.8800.orghttp://www.6666.8800.org/Start.htm?Ar#############################################################################################################################################
- DNS ASK www.66##.8800.org
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'