Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Kingsoft Antivirus WebShield Service] 'Start' = '00000002'
- %ALLUSERSPROFILE%\Application Data\smes\smes.exe -start -install
- %WINDIR%\sleep.exe 500
- %ALLUSERSPROFILE%\Application Data\kingsoft\kws\spitesp.dat
- %ALLUSERSPROFILE%\Application Data\kingsoft\kws\kws.ini
- %ALLUSERSPROFILE%\Application Data\smes\a
- %ALLUSERSPROFILE%\Application Data\kingsoft\kws\spot.ini
- %ALLUSERSPROFILE%\Application Data\smes\KWSSVC.log
- %TEMP%\temg_tmp.bat
- %TEMP%\nsm2.tmp\AccessControl.dll
- %ALLUSERSPROFILE%\Application Data\smes\kswebshield.dll
- %ALLUSERSPROFILE%\Application Data\smes\kswbc.dll
- %TEMP%\nsm2.tmp\FindProcDLL.dll
- %ALLUSERSPROFILE%\Application Data\smes\kwssp.dll
- %ALLUSERSPROFILE%\Application Data\smes\u.bat
- %ALLUSERSPROFILE%\Application Data\smes\smes.exe
- %ALLUSERSPROFILE%\Application Data\smes\kwsui.dll
- %TEMP%\nsm2.tmp\FindProcDLL.dll
- %TEMP%\nsm2.tmp\AccessControl.dll
- ClassName: 'kws::OSUCWindowClass' WindowName: ''