Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe,C:\Documents and Settings\molidao.exe'
- %TEMP%\SrDownloader.exe 1002
- %TEMP%\nsj2.tmp\160yes14.exe
- %TEMP%\nsj2.tmp\SrDownloader-1002.exe
- <SYSTEM32>\regsvr32.exe /s "<SYSTEM32>\soft360.dll"
- %APPDATA%\SrDownLoader\up.ini
- %TEMP%\SrDownloader.exe
- C:\Documents and Settings\molidao.txt
- %HOMEPATH%\Desktop\Internet Explorer.lnk
- %TEMP%\nsj2.tmp\SrDownloader-1002.exe
- %TEMP%\nsj2.tmp\160yes14.exe
- %TEMP%\nsv4.tmp
- <SYSTEM32>\soft360.dll
- C:\Documents and Settings\molidao.txt в C:\Documents and Settings\molidao.exe
- 'up####.pctutu.com':80
- up####.pctutu.com/srgui9/update/oemid.ini
- DNS ASK up####.pctutu.com
- ClassName: 'Progman' WindowName: 'Program Manager'
- ClassName: 'Shell_TrayWnd' WindowName: ''