Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Kingsoft Antivirus WebShield Service] 'Start' = '00000002'
- %ALLUSERSPROFILE%\Application Data\wangdun\KSWebShield.exe -start -install
- %WINDIR%\explorer.exe
- <SYSTEM32>\cmd.exe /c ""%ALLUSERSPROFILE%\Application Data\wangdun\MJ0011.bat" "
- %ALLUSERSPROFILE%\Application Data\wangdun\kwssp.dll
- %ALLUSERSPROFILE%\Application Data\wangdun\kswebshield.dll
- %ALLUSERSPROFILE%\Application Data\wangdun\kwsui.dll
- %ALLUSERSPROFILE%\Application Data\wangdun\KWSSVC.log
- %TEMP%\nsy2.tmp\SelfDel.dll
- %ALLUSERSPROFILE%\Application Data\wangdun\kswbc.dll
- %ALLUSERSPROFILE%\Application Data\kingsoft\kws\kws.ini
- %ALLUSERSPROFILE%\Application Data\IE.nsi
- %ALLUSERSPROFILE%\Application Data\kingsoft\kws\spitesp.dat
- %ALLUSERSPROFILE%\Application Data\wangdun\MJ0011.bat
- %ALLUSERSPROFILE%\Application Data\wangdun\KSWebShield.exe
- %TEMP%\nsy2.tmp\SelfDel.dll
- ClassName: 'kws::OSUCWindowClass' WindowName: ''