Техническая информация
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\WanSo.lnk
- [<HKLM>\SYSTEM\ControlSet001\Services\fkwld] 'Start' = '00000001'
- <SYSTEM32>\rundll32.exe %CommonProgramFiles%\WANSO\player.dll,Always
- <SYSTEM32>\regsvr32.exe /s "%CommonProgramFiles%\WANSO\SoBar.dll"
- %CommonProgramFiles%\WANSO\Player.dll
- %TEMP%\nse3.tmp\System.dll
- %CommonProgramFiles%\WANSO\SoBar.dll
- <SYSTEM32>\83-105-7163
- <DRIVERS>\fkwld.sys
- %TEMP%\SoBar.dll
- %TEMP%\nsj2.tmp
- %TEMP%\player.dll
- %TEMP%\fkwld.sys
- %TEMP%\RGInstall.dll
- %TEMP%\RGInstall.dll
- %TEMP%\SoBar.dll
- %TEMP%\player.dll
- 'do#.#ggzs.com':80
- DNS ASK so##.com
- DNS ASK 00#.#ggzs.com
- DNS ASK 16#.com
- DNS ASK ya###.com.cn
- DNS ASK do#.#ggzs.com
- ClassName: 'Shell_TrayWnd' WindowName: ''