Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe,<SYSTEM32>\W1NL0g0.exe'
- <SYSTEM32>\Sveran.exe
- <SYSTEM32>\regsvr32.exe /s <SYSTEM32>\QingYL.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\s[1].cn+
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\520dianying[1]
- %WINDIR%\Help\dian.txt
- <SYSTEM32>\W1NL0g0.exe
- <SYSTEM32>\Sveran.exe
- <SYSTEM32>\QingYL.dll
- 'ad.##ajianlm.cn':27
- 'www.52###anying.org':80
- 'localhost':1036
- 'www.ba##u.com':80
- www.52###anying.org/?id##########
- www.ba##u.com/s?bs###################################################################
- DNS ASK www.52###anying.org
- DNS ASK ad.##ajianlm.cn
- DNS ASK www.ba##u.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''