Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'privacyboan' = '%PROGRAM_FILES%\privacyboan\privacyboan.exe'
- <SYSTEM32>\cmd.exe /c C:\$$wefddw57722098.bat
- %PROGRAM_FILES%\privacyboan\pvbnwcher.exe
- %PROGRAM_FILES%\privacyboan\privacyboan.exe
- C:\$$wefddw57722098.bat
- %PROGRAM_FILES%\privacyboan\pvbnpopd.dll
- %PROGRAM_FILES%\privacyboan\pvbnhk.dll
- %PROGRAM_FILES%\privacyboan\pvbnupdater.exe
- %CommonProgramFiles%\privacyboan\pvbnuninst.exe
- 'pr###cyboan.com':80
- 'do##.##ivacyboan.com':80
- do##.##ivacyboan.com/pvbnwcher.exe
- do##.##ivacyboan.com/pvbnpopd.dll
- pr###cyboan.com/app_linkage/app_install.php?ad##############################
- do##.##ivacyboan.com/privacyboan.exe
- do##.##ivacyboan.com/pvbnhk.dll
- do##.##ivacyboan.com/update.php
- do##.##ivacyboan.com/pvbnuninst.exe
- do##.##ivacyboan.com/pvbnupdater.exe
- DNS ASK pr###cyboan.com
- DNS ASK do##.##ivacyboan.com
- ClassName: 'MS_WINHELP' WindowName: ''