Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'adsmini' = '%WINDIR%\adsminirun.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'adsacquy' = '%WINDIR%\clickads.exe'
- '%WINDIR%\adsminirun.exe'
- '%WINDIR%\miniads1.exe'
- '%WINDIR%\clickads.exe'
- '%WINDIR%\ads2.exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\test[1].php
- %WINDIR%\click.exe
- %WINDIR%\ads2.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\test[2].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\test2[1].php
- C:\ipcheck.txt
- %WINDIR%\miniads.exe
- %WINDIR%\clickads.exe
- %WINDIR%\adsminirun.exe
- %WINDIR%\miniads2.exe
- %WINDIR%\miniads1.exe
- %TEMP%\~DFA7AF.tmp
- 'ha##ib.net':80
- ha##ib.net/test2.php
- ha##ib.net/test.php
- DNS ASK ha##ib.net
- ClassName: '(null)' WindowName: 'CrossFire'
- ClassName: 'Indicator' WindowName: '(null)'