Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C4DE98AA-727C-4ba5-8E7D-BF4104FD1384}] 'Exec' = 'http://click.interich.com?a_id=ethem&a_num=1&m_id=11stcokr&m_num=172363'
- [<HKLM>\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5C239114-3979-4085-B91A-9AA9729E67ED}] 'Exec' = 'http://click.interich.com?a_id=ethem&a_num=1&m_id=gmarket_a&m_num=182611'
- <SYSTEM32>\cmd.exe /c \DelUS.bat
- <SYSTEM32>\cmd.exe /c \fivi.bat
- <SYSTEM32>\11market.ico
- <SYSTEM32>\auction.ico
- %WINDIR%\auction.ico
- %WINDIR%\gmarket.ico
- %TEMP%\nsz2.tmp\SelfDelete.dll
- C:\DelUS.bat
- <SYSTEM32>\gmarket.ico
- %TEMP%\nsz2.tmp\System.dll
- %WINDIR%\11market.ico
- %TEMP%\joyshopping.exe
- %HOMEPATH%\Favorites\»х·Оїо јј»уА» ї©ґВ №®, Gё¶ДП.url
- %TEMP%\nsz2.tmp\DLLWebCount.dll
- %TEMP%\domain.txt
- %HOMEPATH%\Favorites\јоЗО ЅєЖ®ё®Ж®, 11№ш°Ў.url
- C:\fivi.bat
- %HOMEPATH%\Favorites\µрѕШјҐ, ЅГБр 2.url
- %HOMEPATH%\Favorites\ґзЅЕАМ ГЈґВ ёрµз ЅєЕёАП, їБјЗ.url
- %TEMP%\nsz2.tmp\SelfDelete.dll
- %TEMP%\nsz2.tmp\System.dll
- %TEMP%\nsz2.tmp\DLLWebCount.dll
- %TEMP%\domain.txt
- %TEMP%\joyshopping.exe
- 'www.jo####pping.co.kr':80
- www.jo####pping.co.kr/count/counter_insert.php?pi#################
- DNS ASK www.jo####pping.co.kr