Техническая информация
- [<HKCU>\Software\Microsoft\Internet Explorer\Extensions\{F1F7763D-712D-4E24-A2EC-869982331C1C}] 'Exec' = '%PROGRAM_FILES%\shopbegin\view.exe'
- [<HKCU>\Software\Microsoft\Internet Explorer\Extensions\{F1F7763D-712D-4E24-A2EC-869982331C1C}] 'ClsidExtension' = '{81982099-F729-40ED-92AB-0A93D5377C3C}'
- '%PROGRAM_FILES%\shopbegin\fupdate.exe'
- '%PROGRAM_FILES%\shopbegin\fupdate.exe' (загружен из сети Интернет)
- %PROGRAM_FILES%\shopbegin\tool.ico
- %PROGRAM_FILES%\shopbegin\fupdate.exe
- %PROGRAM_FILES%\shopbegin\view.exe
- %PROGRAM_FILES%\shopbegin\fhost.exe
- %HOMEPATH%\fhostRemover.exe
- %PROGRAM_FILES%\shopbegin\fhostRemover.exe
- 'do##.#egin.co.kr':80
- 'to####r.begin.co.kr':80
- do##.#egin.co.kr/pgm/tool.ico
- do##.#egin.co.kr/pgm/fupdate.exe
- do##.#egin.co.kr/pgm/view.exe
- do##.#egin.co.kr/pgm/fhostRemover.exe
- to####r.begin.co.kr/ctrl/setid.php
- to####r.begin.co.kr/bptr/ptrinst.php?ma#################################
- do##.#egin.co.kr/pgm/fhost.exe
- DNS ASK do##.#egin.co.kr
- DNS ASK to####r.begin.co.kr
- ClassName: 'MS_WINHELP' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'