Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Famday' = '%PROGRAM_FILES%\MarketFun\Famday.exe'
- %PROGRAM_FILES%\MarketFun\Famday.exe
- <SYSTEM32>\cmd.exe /c \DelUS.bat
- %PROGRAM_FILES%\MarketFun\uninstall.exe
- %PROGRAM_FILES%\MarketFun\keyward.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\update3[1].php
- C:\DelUS.bat
- %PROGRAM_FILES%\MarketFun\domainrefer.ini
- %PROGRAM_FILES%\MarketFun\Code.ini
- %TEMP%\nsn2.tmp
- %PROGRAM_FILES%\MarketFun\MarketFun.dll
- %PROGRAM_FILES%\MarketFun\Famday.exe
- 'www.fu###rket.net':80
- 'vi###tsoft.net':80
- www.fu###rket.net/reward/marketfun/update3.php
- vi###tsoft.net/counter/insert.php?db#######################################################################
- DNS ASK www.vi###tsoft.net
- DNS ASK www.fu###rket.net
- DNS ASK vi###tsoft.net