Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\ksapi] 'ImagePath' = 'C:\ksm\ksapi.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\Kingsoft Rescue Service] 'ImagePath' = 'C:\KSM\ksmsvc.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Kingsoft Rescue Service] 'Start' = '00000002'
- 'C:\KSM\UnRAR.exe' e ksm.dll -p88888888 -o+
- 'C:\KSM\ksm.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\sc.exe' create "Kingsoft Rescue Service" type= own start= auto binpath= "C:\ksm\ksmsvc.exe" displayname= "Kingsoft Rescue Service" Group= "SchedulerGroup"
- '%WINDIR%\regedit.exe' /s ksm.reg
- '<SYSTEM32>\regsvr32.exe' /s C:\ksm\kxecore\kxecore.dll
- C:\KSM\ksysrept.dll
- C:\KSM\UpdateData\uniupdate\index.html
- C:\KSM\ksafeexam.dll
- C:\KSM\kaccelerator.dll
- C:\KSM\update\keng\filelist.ini
- C:\KSM\update\keng\indexall.dat
- C:\KSM\update\keng\indexall.txt
- C:\KSM\update\keng\index.dat
- C:\KSM\update\keng\index.txt
- C:\KSM\index.html
- C:\KSM\kseexf.dat
- C:\KSM\ksm.dll
- C:\KSM\data3.fsg
- C:\KSM\ksepnf.dat
- C:\KSM\bench.dll
- C:\KSM\json.dll
- C:\KSM\softinfo.xml
- C:\KSM\SystemReport.ini
- C:\KSM\ksbwdet.dll.log
- C:\KSM\KSMCore.log
- C:\KSM\KRSvc.log
- C:\KSM\sysrepcfg.ini
- C:\KSM\kbwactive
- C:\KSM\kxestat.dll
- C:\KSM\ksbwdet.dll
- C:\KSM\RepairKXE.exe
- C:\KSM\kswfsign.fsg
- C:\KSM\update\keng\signs.ini
- C:\KSM\update\keng\vinfo.ini
- C:\KSM\update\keng\indexksg.dat
- C:\KSM\update\keng\indexksg.txt
- C:\KSM\softinfo.dat
- C:\KSM\UniUpdate.log
- C:\KSM\EntityData\User
- C:\KSM\runopt2.dat
- C:\KSM\softinfo2.dat
- C:\KSM\ksignup.dll
- C:\KSM\ksmbrfix.dll
- C:\KSM\ksecorex.dll
- C:\KSM\ksgmerge.dll
- C:\KSM\ksmsvc.exe
- C:\KSM\kxebase.dll
- C:\KSM\kxerqst1.dll
- C:\KSM\ksmtray.exe
- C:\KSM\kwspop.dll
- C:\KSM\kcldrep.dll
- C:\KSM\<Auxiliary name>.dll
- C:\KSM\kavifr.dll
- C:\KSM\kavquara.dll
- C:\KSM\khandler.dll
- C:\KSM\<Auxiliary name>rep.exe
- C:\KSM\kinstool.exe
- C:\KSM\kplugeng.dll
- C:\KSM\<Auxiliary name>fix.exe
- C:\KSM\ksrengcfg.ini
- C:\KSM\ksskrpr.sys
- C:\KSM\ksbwscan.ini
- C:\KSM\ksecfg.ini
- C:\KSM\unknown.fsg
- C:\KSM\ksm.exe
- C:\KSM\UnRAR.exe
- C:\KSM\binder.exe
- C:\KSM\productidinfo.ini
- C:\KSM\sqlite.dll
- C:\KSM\uniucore.dll
- C:\KSM\scom.dll
- C:\KSM\scomregsvr.exe
- C:\KSM\uniuwiz.exe
- C:\KSM\ksapi.sys
- C:\KSM\ksbwdt.ini
- C:\KSM\zlib1.dll
- C:\KSM\BC.sys
- C:\KSM\s2.nlb
- C:\KSM\ksg\ztvd8010.vsg
- C:\KSM\ksg\ztvd9017.vsg
- C:\KSM\87D6D8A99AB9AD89B7B3674903F39DF7
- C:\KSM\ksg\ztfd8003.fsg
- C:\KSM\ksg\ztfd9008.fsg
- C:\KSM\ksg\ztvda015.vsg
- C:\KSM\ksg\ztfda005.fsg
- C:\KSM\ksg\zepd000f.ksg
- C:\KSM\ksg\zipd000e.ksg
- C:\KSM\ksg\btfb7001.fsg
- C:\KSM\ksg\bofd4001.fsg
- C:\KSM\ksg\ztfc002a.fsg
- C:\KSM\ksg\ztfb0005.fsg
- C:\KSM\ksg\bepd3001.ksg
- C:\KSM\ksg\ztvd7009.vsg
- C:\KSM\ksg\ztfd7002.fsg
- C:\KSM\7E248B6730BEF6A01D63D085B0C5F4D1
- C:\KSM\E1B8B38F6264F7AB0AE16EFC88B8EC73
- C:\KSM\ksg\ztfe3006.fsg
- C:\KSM\ksg\ztve300c.vsg
- C:\KSM\ksg\zipe0001.ksg
- C:\KSM\ksg\zepe0001.ksg
- C:\KSM\ksg\zofe0020.fsg
- C:\KSM\ksm.reg
- C:\KSM\unksm.reg
- C:\KSM\ksg\ztve3001.vsg
- %TEMP%\28885MBI.bat
- C:\KSM\ksg\ztfdc007.fsg
- C:\KSM\ksg\zofd007b.fsg
- C:\KSM\ksg\ztvdb00b.vsg
- C:\KSM\ksg\ztfdb004.fsg
- C:\KSM\ksg\ztvdc00f.vsg
- C:\KSM\ksg\ztve2009.vsg
- C:\KSM\ksg\ztfe2002.fsg
- C:\KSM\ksg\ztfe100a.fsg
- C:\KSM\ksg\ztve1013.vsg
- C:\KSM\ksg\unknown.ksg
- C:\KSM\ksg\falset.psg
- C:\KSM\ksg\ztfd6002.fsg
- C:\KSM\ksg\ztvd6011.vsg
- C:\KSM\ksg\falset.fsg
- C:\KSM\ksg\ztvd5010.vsg
- C:\KSM\ksg\ztvd0040.vsg
- C:\KSM\ksg\false.psg
- C:\KSM\ksg\false.ksg
- C:\KSM\p.nlb
- C:\KSM\ksreng.dll
- C:\KSM\p2.nlb
- C:\KSM\s.nlb
- C:\KSM\KSMCore.dll
- C:\KSM\kscl.dat
- C:\KSM\kscl.dll
- C:\KSM\bootsafe.sys
- C:\KSM\ksmgui.dat
- C:\KSM\ksg\btvb7001.vsg
- C:\KSM\ksg\ztmc0006.psg
- C:\KSM\ksg\btvb7999.vsg
- C:\KSM\ksg\btvb7002.vsg
- C:\KSM\ksg\ztmb0014.psg
- C:\KSM\ksg\zema0007.psg
- C:\KSM\ksg\befc2009.psg
- C:\KSM\ksg\ztma002d.psg
- C:\KSM\ksg\btfc2009.psg
- C:\KSM\ksg\ztvc006c.vsg
- C:\KSM\ksg\ztvbb00d.vsg
- C:\KSM\ksg\ztfd5002.fsg
- C:\KSM\ksg\ztfd0012.fsg
- C:\KSM\ksg\ztvba012.vsg
- C:\KSM\ksg\ztvb7001.vsg
- C:\KSM\ksg\ztvb0005.vsg
- C:\KSM\ksg\ztvb9008.vsg
- C:\KSM\ksg\ztvb8008.vsg
- C:\KSM\kae\kaecore.dat
- C:\KSM\kae\kaecore.ini
- C:\KSM\kae\kaearcha.dat
- C:\KSM\kae\kaearchb.dat
- C:\KSM\kae\kaecorea.dat
- C:\KSM\kae\kaecoreh.dat
- C:\KSM\kae\kaecoreo.dat
- C:\KSM\kae\kaecoreb.dat
- C:\KSM\kae\kaecoref.dat
- C:\KSM\images\v4_close_over.bmp
- C:\KSM\images\v4_main_icon.bmp
- C:\KSM\images\v4_close_down.bmp
- C:\KSM\images\v4_close_normal.bmp
- C:\KSM\images\v4_mini_down.bmp
- C:\KSM\images\warn_icon.bmp
- C:\KSM\images\white_gou.bmp
- C:\KSM\images\v4_mini_normal.bmp
- C:\KSM\images\v4_mini_over.bmp
- C:\KSM\kxecore\kxestat.dll
- C:\KSM\log\ksmsvc.exe\klog.log
- C:\KSM\kxecore\kxecore.dll
- C:\KSM\kxecore\kxelog.dll
- C:\KSM\log\ksmsvc.exe.log
- C:\KSM\operation\cas\kinfoc.dll
- C:\KSM\webui\popo\css\main.css
- C:\KSM\operation\cas\kctrl.dat
- C:\KSM\operation\cas\kfmt.dat
- C:\KSM\kae\kaeunpak.dat
- C:\KSM\kae\kaevname.dat
- C:\KSM\kae\kaeolea.dat
- C:\KSM\kae\kaeunpack.dat
- C:\KSM\kae\kaext2.dat
- C:\KSM\kse_wfsdata\d571cd01_wfsexa0.dat
- C:\KSM\kse_wfsdata\d571cd01_wfsexa1.dat
- C:\KSM\kae\kaextend.dat
- C:\KSM\kae\karchive.dat
- C:\KSM\images\blue_gou.bmp
- C:\KSM\images\browser_defend_down.bmp
- C:\KSM\images\arrowjg.bmp
- C:\KSM\images\ask_icon.bmp
- C:\KSM\images\browser_defend_normal.bmp
- C:\KSM\images\feed_back_normal.bmp
- C:\KSM\images\feed_back_over.bmp
- C:\KSM\images\browser_defend_over.bmp
- C:\KSM\images\feed_back_down.bmp
- C:\KSM\config\ksecore.addon.xml
- C:\KSM\config\ksecore.netdetcfg.xml
- C:\KSM\config\kse.stat_fac_cfg.xml
- C:\KSM\config\kse.sysbinfile.dat
- C:\KSM\config\ksecore.sln.xml
- C:\KSM\config\kspfeng.pwlcfg.xml
- C:\KSM\data\pluginlib.dat
- C:\KSM\config\kspfeng.filemonfilter.xml
- C:\KSM\config\kspfeng.polman.xml
- C:\KSM\images\set_btn_down.bmp
- C:\KSM\images\set_btn_normal.bmp
- C:\KSM\images\safe_site_normal.bmp
- C:\KSM\images\safe_site_over.bmp
- C:\KSM\images\set_btn_over.bmp
- C:\KSM\images\v4_about_normal.bmp
- C:\KSM\images\v4_about_over.bmp
- C:\KSM\images\Thumbs.db
- C:\KSM\images\v4_about_down.bmp
- C:\KSM\images\logo_normal.bmp
- C:\KSM\images\log_desc.bmp
- C:\KSM\images\lock_icon.bmp
- C:\KSM\images\logo_hover.bmp
- C:\KSM\images\main_icon.bmp
- C:\KSM\images\radio_blue_over.bmp
- C:\KSM\images\safe_site_down.bmp
- C:\KSM\images\radio_blue_down.bmp
- C:\KSM\images\radio_blue_normal.bmp
- C:\KSM\webui\popo\css\popo.css
- C:\KSM\vf1.dat
- C:\KSM\ifrcfg.xml
- C:\KSM\ksinst.dll
- C:\KSM\ksapi.dll
- C:\KSM\lpolicy.dat
- C:\KSM\khistory.dll
- C:\KSM\ksbwsspx.dll
- C:\KSM\signs.ini
- C:\KSM\vinfo.ini
- C:\KSM\ksmgui.exe
- C:\KSM\ksbwdet2.dll
- C:\KSM\kspecialscan.dll
- C:\KSM\kqsccfg.dat
- C:\KSM\kseutil.dll
- C:\KSM\kconfig.xml
- C:\KSM\ksreng3.dll
- C:\KSM\ksesscan.dll
- C:\KSM\kseescan.dll
- C:\KSM\kssgui3.dat
- C:\KSM\kssgui4.dat
- C:\KSM\detect.dat
- C:\KSM\install.dat
- C:\KSM\kxecomm.dat
- C:\KSM\jsonv6.dll
- C:\KSM\kasearch.dll
- C:\KSM\reupdate.dat
- C:\KSM\WhiteList.dat
- C:\KSM\ksedset.ini
- C:\KSM\ksoftdet.dat
- C:\KSM\ksextfix.dll
- C:\KSM\wfs.dll
- C:\KSM\ktirpcfg.xml
- C:\KSM\antivirus.dat
- C:\KSM\comres.dll
- C:\KSM\ktirscfg.xml
- C:\KSM\ksoftdet.dll
- C:\KSM\webui\popo\popo1.htm
- C:\KSM\webui\popo\popo2.htm
- C:\KSM\webui\popo\js\main\kwebapp.js
- C:\KSM\webui\popo\popo0.htm
- C:\KSM\webui\public\css\common.css
- C:\KSM\webui\public\js\kajax.js
- C:\KSM\webui\public\js\util.js
- C:\KSM\webui\public\css\public.css
- C:\KSM\webui\public\js\common.js
- C:\KSM\webui\popo\images\green\close_hover.jpg
- C:\KSM\webui\popo\images\green\close_normal.jpg
- C:\KSM\webui\popo\images\green\bg.jpg
- C:\KSM\webui\popo\images\green\close_down.jpg
- C:\KSM\webui\popo\images\green\submit_down.jpg
- C:\KSM\webui\popo\index.htm
- C:\KSM\webui\popo\js\main\js_loader.js
- C:\KSM\webui\popo\images\green\submit_hover.jpg
- C:\KSM\webui\popo\images\green\submit_normal.jpg
- C:\KSM\ksscfgx.ini
- C:\KSM\sg.db
- C:\KSM\config3a.dat
- C:\KSM\kscanner.dll
- C:\KSM\kaeunpack.dll
- C:\KSM\kfcdetect.dll
- C:\KSM\pe.db
- C:\KSM\kheur.dll
- C:\KSM\data.fsg
- C:\KSM\kseset.dat
- C:\KSM\unins000.dat
- C:\KSM\webui\public\lib\jquery.js
- C:\KSM\khandler.dat
- C:\KSM\unins000.msg
- C:\KSM\sp3a.nlb
- C:\KSM\ksmcorex.dll
- C:\KSM\unins000.exe
- C:\KSM\ksversion.ini
- %TEMP%\28885MBI.bat
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- C:\KSM\ksm.reg
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''