Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'IMEKR' = '%WINDIR%\IME\IMEKR.exe'
- %WINDIR%\Temp\~MSTemp\Pon3.tmp
- %WINDIR%\Temp\~MSTemp\Pon2.tmp
- %WINDIR%\Temp\~MSTemp\Pon1.tmp
- %WINDIR%\ime\IMEKR.exe
- %WINDIR%\Temp\~MSTemp\Pon3.tmp в %WINDIR%\KiRg.dll
- %WINDIR%\KiRg.dll в %WINDIR%\nURtdGJjf.dll
- %WINDIR%\Temp\~MSTemp\Pon1.tmp в <SYSTEM32>\imeNM.dll
- %WINDIR%\Temp\~MSTemp\Pon2.tmp в %WINDIR%\ime\IMEKR.exe
- '11#.#07.112.169':80
- http://11#.#07.112.169/IMEKR/KiRg.dll
- http://11#.#07.112.169/IMEKR/IMEKR.exe
- http://11#.#07.112.169/IMEKR/imeNM.dll
- ClassName: 'MS_WINHELP' WindowName: ''