Техническая информация
- [<HKLM>\SOFTWARE\Classes\.bat] '' = 'batfile'
- [<HKLM>\SOFTWARE\Classes\.scr] '' = 'scrfile'
- [<HKLM>\SOFTWARE\Classes\.cmd] '' = 'cmdfile'
- [<HKLM>\SOFTWARE\Classes\.exe] '' = 'exefile'
- [<HKLM>\SOFTWARE\Classes\.com] '' = 'comfile'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\tool[1].htm
- %TEMP%\ravwormzotob.exe
- 'do#####d.rising.com.cn':80
- 'localhost':1037
- do#####d.rising.com.cn/msgbox/tool.htm
- DNS ASK do#####d.rising.com.cn
- DNS ASK www.ri###g.com.cn
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''