Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'poinbag' = '%PROGRAM_FILES%\poinbag\poinbagup.exe'
- %PROGRAM_FILES%\poinbag\poinbagup.exe
- <SYSTEM32>\cmd.exe /c \DelUS.bat
- %PROGRAM_FILES%\poinbag\uninstall.exe
- %APPDATA%\poinbag\domainrefer.dat
- %TEMP%\nsi3.tmp\DLLWebCount.dll
- C:\DelUS.bat
- %TEMP%\nsi3.tmp\SelfDelete.dll
- %APPDATA%\poinbag\keycode.dat
- %TEMP%\nsi3.tmp\IEKill.dll
- %TEMP%\nss2.tmp
- %TEMP%\nsi3.tmp\KillProcDLL.dll
- %PROGRAM_FILES%\poinbag\poinbag.dll
- %PROGRAM_FILES%\poinbag\poinbagup.exe
- %TEMP%\nsi3.tmp\KillProcDLL.dll
- %TEMP%\nsi3.tmp\SelfDelete.dll
- %TEMP%\nsi3.tmp\DLLWebCount.dll
- %TEMP%\nsi3.tmp\IEKill.dll
- 'po##tbag.kr':80
- po##tbag.kr/update/pointbag.php
- po##tbag.kr/check_counter.php?pi###################
- DNS ASK po##tbag.kr
- '<IP-адрес в локальной сети>':1035
- ClassName: 'IEFrame' WindowName: ''