Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WinSp3Drv' = '<SYSTEM32>\WinSp3Drv.exe'
- '%PROGRAM_FILES%\SearchSpy\SSups.exe' INSTALL
- '%PROGRAM_FILES%\SearchSpy\SSups.exe' (загружен из сети Интернет)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\HideWinRun[1].exe
- <SYSTEM32>\WinSp3Drv.exe
- %WINDIR%\prta0.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\SearchSpyUpdater2[1].exe
- %PROGRAM_FILES%\SearchSpy\SSups.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\GetSpyMedicVersion[1].html
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\GetSpyMedicVersion[1].html
- 'ax.###rchspy.co.kr':80
- 'fi##.##archspy.co.kr':80
- fi##.##archspy.co.kr/archive/HideWinRun.exe
- ax.###rchspy.co.kr/data/GetSpyMedicVersion.html
- fi##.##archspy.co.kr/archive/SearchSpyUpdater2.exe
- DNS ASK ax.###rchspy.co.kr
- DNS ASK fi##.##archspy.co.kr