Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '360safeman' = '%CommonProgramFiles%\services.exe'
- %CommonProgramFiles%\services.exe
- %PROGRAM_FILES%\services.exe
- C:\ms.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\yt[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\response[1].asp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\response[1].asp
- %CommonProgramFiles%\services.exe
- %PROGRAM_FILES%\services
- %WINDIR%\lpk
- %WINDIR%\nel32.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\response[1].asp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\response[1].asp
- C:\ms.txt
- 'au##.#earch.msn.com':80
- 'localhost':1043
- 'localhost':1045
- 'localhost':1041
- 'localhost':1037
- 'ys.#198.org':80
- 'tj.#466.org':80
- au##.#earch.msn.com/response.asp?MT###########################
- au##.#earch.msn.com/response.asp?MT#############################################
- ys.#198.org/yt.txt
- tj.#466.org/ko/get.asp?ma##############
- DNS ASK tj.#466.org
- DNS ASK au##.#earch.msn.com
- DNS ASK ys.#198.org
- '<IP-адрес в локальной сети>':1038
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''