Техническая информация
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\ktv.lnk
- %WINDIR%\Tasks\ms.job
- %WINDIR%\Tasks\SA.DAT
- [<HKLM>\SYSTEM\ControlSet001\Services\OSTD] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Schedule] 'Start' = '00000002'
- <SYSTEM32>\dc2d.exe -s -i
- <SYSTEM32>\regsvr32.exe /s "<SYSTEM32>/cd2o.dll"
- <SYSTEM32>\rundll32.exe <SYSTEM32>/dc2e.dll,Always
- <SYSTEM32>\rundll32.exe <SYSTEM32>/dc2e.dll, Always
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>/cd2o.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>/82le.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>/0ccc.dll"
- <SYSTEM32>\regsvr32.exe /u /s "<SYSTEM32>/2bdr.dll"
- %TEMP%\h8nil4o8\4.dll
- %TEMP%\pmrqma7i\2.tmp
- %TEMP%\h8nil4o8\2.dll
- %TEMP%\h8nil4o8\3.dll
- %TEMP%\pmrqma7i\tmp.exe.tmp
- <SYSTEM32>\3c47
- <SYSTEM32>\8977-16
- %TEMP%\pmrqma7i\tmp.exe
- %TEMP%\pmrqma7i\_uninstall
- %TEMP%\h8nil4o8\_uninstall
- %TEMP%\h8nil4o8\b.dll.zgx
- %TEMP%\h8nil4o8\mtv.exe.tmp
- %TEMP%\h8nil4o8\z.lz
- %TEMP%\h8nil4o8\b.dll.zgx.tmp
- %TEMP%\h8nil4o8\mtv.exe
- %TEMP%\h8nil4o8\s.exe.tmp
- %TEMP%\h8nil4o8\s.exe
- %TEMP%\h8nil4o8\p.dll.zgx.tmp
- %TEMP%\h8nil4o8\p.dll.zgx
- %TEMP%\pmrqma7i\_uninstall
- %TEMP%\pmrqma7i\2.tmp
- %TEMP%\h8nil4o8\mtv.exe
- %TEMP%\h8nil4o8\_uninstall
- %TEMP%\h8nil4o8\z.lz
- %TEMP%\h8nil4o8\mtv.exe.tmp
- %TEMP%\h8nil4o8\b.dll.zgx.tmp
- %TEMP%\h8nil4o8\p.dll.zgx.tmp
- %TEMP%\pmrqma7i\tmp.exe.tmp
- %TEMP%\h8nil4o8\s.exe.tmp
- DNS ASK ya###.com.cn