Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'c5hm' = '<SYSTEM32>\ShellExt\5hcc\c5hm.exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\bmcatchspyware[1].php
- <SYSTEM32>\ShellExt\5hcc\c5hm.exe
- 'co##.##wtoolbar.co.kr':80
- co##.##wtoolbar.co.kr/backman/bmcatchspyware.php?ld############
- DNS ASK co##.##wtoolbar.co.kr