Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Media_NoHacker.cn] 'Start' = '00000002'
- '%TEMP%\HelloNet.exe'
- '%WINDIR%\NoHacker.cn.exe'
- '%TEMP%\Server_Setup.exe'
- '%TEMP%\123.exe'
- '%TEMP%\TheWorld.exe'
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\UNINSTAL.BAT
- %TEMP%\TheWorld.ini
- %WINDIR%\UNINSTAL.BAT
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\welcome_cn[1].htm
- %TEMP%\twcache.ini
- %WINDIR%\NoHacker.cn.exe
- %TEMP%\TheWorld.exe
- %TEMP%\123.exe
- %TEMP%\HelloNet.exe
- %TEMP%\Server_Setup.exe
- %TEMP%\twcache.ini
- %WINDIR%\NoHacker.cn.exe
- %TEMP%\Server_Setup.exe
- 'je##.#o2.icpcn.com':80
- 'www.io##e.com':80
- 'localhost':1036
- www.io##e.com/favicon.ico
- je##.#o2.icpcn.com/ip.txt
- www.io##e.com/web/welcome_cn.htm?ve#########
- DNS ASK je##.#o2.icpcn.com
- DNS ASK www.io##e.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'SysListView32' WindowName: ''
- ClassName: 'Internet Explorer_Server' WindowName: ''
- ClassName: 'XFrame_Wnd' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Shell DocObject View' WindowName: ''
- ClassName: 'Shell Embedding' WindowName: ''