Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'PoJonSe' = '%WINDIR%\1.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '000000000001' = '<SYSTEM32>\jonsen.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Pccom' = '%WINDIR%\2.exe'
- '<SYSTEM32>\jonsen.exe'
- '%WINDIR%\2.exe'
- '%WINDIR%\1.exe'
- <SYSTEM32>\jonsen.exe
- %WINDIR%\2.exe
- %WINDIR%\1.exe
- %WINDIR%\1.exe
- 'r.###gyou.com':80
- 'ad#.#dgod.co.kr':80
- 'co####.#nimarketing.co.kr':80
- http://r.###gyou.com/fcg-bin/cgi_get_portrait.fcg?ui#############
- http://ad#.#dgod.co.kr/app/config.php?ap#####
- http://co####.#nimarketing.co.kr/?ap###
- DNS ASK r.###gyou.com
- DNS ASK ad#.#dgod.co.kr
- DNS ASK co####.#nimarketing.co.kr
- ClassName: 'Shell_TrayWnd' WindowName: ''