Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'vqqdsdes' = '<SYSTEM32>\sfwyzdmh.exe'
- <SYSTEM32>\FunshionInstall_C60765.exe (загружен из сети Интернет)
- <SYSTEM32>\sfwyzdmh.exe
- <SYSTEM32>\FunshionInstall_C60765.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\download[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\Config[1].asp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\showpages[1]
- <SYSTEM32>\WebConfig.ini
- <SYSTEM32>\MoonNight.ini
- <SYSTEM32>\dy.ico
- <SYSTEM32>\sfwyzdmh.exe
- <SYSTEM32>\rj.ico
- <SYSTEM32>\rj.ico.tmp
- <SYSTEM32>\dy.ico.tmp
- <SYSTEM32>\rj.ico.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\Config[1].asp
- <SYSTEM32>\rj.ico
- <SYSTEM32>\dy.ico
- <SYSTEM32>\dy.ico.tmp
- 'www.99##y.cn':80
- 'sh#####es.localdomain':80
- 'ne#####.funshion.com':80
- 'localhost':1037
- 'localhost':1038
- sh#####es.localdomain/
- www.99##y.cn/MoonNight/Config.asp?id##
- ne#####.funshion.com/software/download.php?id########################################
- DNS ASK sh#####es.localdomain
- DNS ASK www.99##y.cn
- DNS ASK ne#####.funshion.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: '???? 2.1.0.20 Beta ????????'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''