Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AdRoarUpdate' = '%WINDIR%\ARUpdate.exe'
- '%TEMP%\GLJ2.tmp' %WINDIR%\AdRoar.dll
- %WINDIR%\~GLH0001.TMP
- %WINDIR%\~GLH0000.TMP
- %TEMP%\~GLH0003.TMP
- %WINDIR%\~GLH0002.TMP
- %TEMP%\GLJ2.tmp
- %TEMP%\GLC1.tmp
- %TEMP%\GLM4.tmp
- %TEMP%\GLK3.tmp
- %TEMP%\GLM4.tmp
- %TEMP%\GLC1.tmp
- %TEMP%\GLJ2.tmp
- %TEMP%\1
- %TEMP%\GLK3.tmp
- %WINDIR%\~GLH0002.TMP в %WINDIR%\cpruninst.exe
- %TEMP%\~GLH0003.TMP в %TEMP%\1
- %WINDIR%\~GLH0000.TMP в %WINDIR%\AdRoar.dll
- %WINDIR%\~GLH0001.TMP в %WINDIR%\ARUpdate.exe
- 'www.av####resources.com':80
- www.av####resources.com/count/count.php?&m#########
- DNS ASK www.av####resources.com
- ClassName: 'Shell_TrayWnd' WindowName: ''