Техническая информация
- [<HKLM>\SOFTWARE\Classes\xhg\Shell\Open\Command] '' = '"Rundll32.exe" "%WINDIR%\try32e\nwinms.inn" sysread'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\vis32
- %WINDIR%\explorer.exe /n,/select,C:\udowndir\FunshionInstall.exe
- <SYSTEM32>\rundll32.exe "%WINDIR%\try32e\swchar.cha" Restd
- <SYSTEM32>\rundll32.exe "%WINDIR%\try32e\wr345.pcm" Mainbox
- %WINDIR%\try32e\swchar.cha
- %WINDIR%\try32e\taobao.ico
- %WINDIR%\try32e\rd.txt
- %WINDIR%\try32e\infofile.tmp
- %WINDIR%\try32e\nwinms.inn
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\FunshionInstall[1].exe
- C:\youxia\FunshionInstall.exe
- %WINDIR%\vis32.lnk
- %WINDIR%\try32e\vis32.xhg
- %WINDIR%\try32e\wr345.pcm
- %TEMP%\is-NOCJP.tmp\InstallDll.dll
- %PROGRAM_FILES%\softguid\is-NAGBQ.tmp
- %TEMP%\is-NOCJP.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-T8UKV.tmp\<Имя вируса>.tmp
- %TEMP%\is-NOCJP.tmp\_isetup\_RegDLL.tmp
- %WINDIR%\try32e\Install.tmp
- %WINDIR%\try32e\Config.ini
- %PROGRAM_FILES%\softguid\unins000.dat
- %PROGRAM_FILES%\softguid\is-2GCG8.tmp
- %PROGRAM_FILES%\softguid\is-MQG3K.tmp
- %TEMP%\is-NOCJP.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-T8UKV.tmp\<Имя вируса>.tmp
- %TEMP%\is-NOCJP.tmp\InstallDll.dll
- %TEMP%\is-NOCJP.tmp\_isetup\_RegDLL.tmp
- 'ha##n.com':80
- 'localhost':1036
- 'www.ha##n.com':8080
- ha##n.com/ppsr/Download/FunshionInstall.exe
- DNS ASK ha##n.com
- DNS ASK www.ha##n.com
- ClassName: '' WindowName: 'udowndir'
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''