Техническая информация
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 3
- '<SYSTEM32>\cmd.exe' /c ping 127.0.0.1 -n 3&del/q/s "<Полный путь к вирусу>"
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE' http://www.21#7.cn/?ne####
- %ALLUSERSPROFILE%\Start Menu\Programs\世界之窗浏览器.txt
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\世界之窗浏览器.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\2127[1]
- %ALLUSERSPROFILE%\Start Menu\世界之窗浏览器.txt
- %TEMP%\aut1.tmp
- C:\世界之窗浏览器.lnk
- %ALLUSERSPROFILE%\Desktop\世界之窗浏览器.txt
- %TEMP%\aut1.tmp
- %ALLUSERSPROFILE%\Start Menu\Programs\世界之窗浏览器.txt в %ALLUSERSPROFILE%\Start Menu\Programs\世界之窗浏览器.lnk
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\世界之窗浏览器.txt в %APPDATA%\Microsoft\Internet Explorer\Quick Launch\世界之窗浏览器.lnk
- %ALLUSERSPROFILE%\Desktop\世界之窗浏览器.txt в %ALLUSERSPROFILE%\Desktop\绿色浏览器.lnk
- %ALLUSERSPROFILE%\Start Menu\世界之窗浏览器.txt в %ALLUSERSPROFILE%\Start Menu\世界之窗浏览器.lnk
- 'www.21#7.cn':80
- 'localhost':1039
- 'localhost':1038
- http://www.21#7.cn/?ne####
- DNS ASK th#.#0440.cn
- DNS ASK www.21#7.cn
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''