Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\YiBo] 'Start' = '00000002'
- %PROGRAM_FILES%\YiBo\YBNTSrv.exe
- %PROGRAM_FILES%\YiBo\YBProces.exe
- %PROGRAM_FILES%\YiBo\YBNTSrv.exe 1000
- %PROGRAM_FILES%\YiBo\YBStartSvr.exe
- <SYSTEM32>\sc.exe config YiBo start= auto
- <SYSTEM32>\cmd.exe /c YBNTSrv.bat
- %WINDIR%\explorer.exe
- %PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE http://tt#.#234.net:78/yb/updatetongji.htm
- %WINDIR%\explorer.exe
- %TEMP%\nss2.tmp\SelfDel.dll
- %PROGRAM_FILES%\YiBo\YBNTSrv.bat
- %PROGRAM_FILES%\YiBo\YBProces.exe
- %TEMP%\nss2.tmp\KillProcDLL.dll
- %PROGRAM_FILES%\YiBo\YBStartSvr.exe
- %PROGRAM_FILES%\YiBo\YBNTSrv.exe
- %TEMP%\~DF6406.tmp
- %TEMP%\~DFD41A.tmp
- %TEMP%\nss2.tmp\KillProcDLL.dll
- %TEMP%\nss2.tmp\SelfDel.dll
- 'tt#.#234.net':78
- 'localhost':1036
- DNS ASK tt#.#234.net
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''