Technical Information
- [<HKLM>\SOFTWARE\Classes\MSProgramGroup\Shell\Open\Command] '' = '<SYSTEM32>\grpconv.exe %1'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'GrpConv' = 'grpconv -o'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MoveSearch' = '%PROGRAM_FILES%\HuaCi\huaci\zsearch.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\»®ґКЛСЛч.lnk
- [<HKLM>\SYSTEM\ControlSet001\Services\abhcop] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\hcalway] 'Start' = '00000001'
- '%PROGRAM_FILES%\HuaCi\huaci\zsup.exe' check
- '%PROGRAM_FILES%\HuaCi\huaci\zsearch.exe' aa
- '%TEMP%\RarSFX0\msetup.exe'
- '<SYSTEM32>\runonce.exe' -r
- '<SYSTEM32>\grpconv.exe' -o
- '<SYSTEM32>\regsvr32.exe' "%PROGRAM_FILES%\HuaCi\huaci\searchm.dll" -s
- '<SYSTEM32>\rundll32.exe' setupapi,InstallHinfSection DefaultInstall 132 .\hcalway.inf
- NtSetValueKey, handler: abhcop.sys
- NtDeleteValueKey, handler: abhcop.sys
- NtDeleteKey, handler: abhcop.sys
- %PROGRAM_FILES%\HuaCi\huaci\mUin.exe
- %PROGRAM_FILES%\HuaCi\huaci\mUin.exe.tmp
- %PROGRAM_FILES%\HuaCi\huaci\SearchM.dll.zgx
- %PROGRAM_FILES%\HuaCi\huaci\SearchM.dll.zgx.tmp
- %PROGRAM_FILES%\HuaCi\huaci\Mouse1.dll.zgx
- %PROGRAM_FILES%\HuaCi\huaci\hcalway.sys.tmp
- %PROGRAM_FILES%\HuaCi\huaci\hcalway.inf
- %PROGRAM_FILES%\HuaCi\huaci\Mouse1.dll.zgx.tmp
- %PROGRAM_FILES%\HuaCi\huaci\hcalway.sys
- %PROGRAM_FILES%\HuaCi\huaci\_uninstall
- %PROGRAM_FILES%\HuaCi\huaci\zsup.exe
- %PROGRAM_FILES%\HuaCi\update\sysadInfo.ini
- %HOMEPATH%\Start Menu\Programs\»®ґКЛСЛч.lnk
- %PROGRAM_FILES%\HuaCi\huaci\zsup.exe.tmp
- %PROGRAM_FILES%\HuaCi\huaci\sysupdate.ini
- %PROGRAM_FILES%\HuaCi\huaci\sysupdate.ini.tmp
- %PROGRAM_FILES%\HuaCi\huaci\zsearch.exe
- %PROGRAM_FILES%\HuaCi\huaci\zsearch.exe.tmp
- %TEMP%\RarSFX0\_SETUP.DLL
- %TEMP%\RarSFX0\_SETUP.1
- %TEMP%\RarSFX0\DISK1.ID
- %TEMP%\RarSFX0\_SETUP.LIB
- %TEMP%\RarSFX0\_ISDEL.EXE
- %TEMP%\RarSFX0\agent.ini
- %TEMP%\RarSFX0\SETUP.PKG
- %TEMP%\RarSFX0\_INST32I.EX_
- %TEMP%\RarSFX0\msetup.exe
- %PROGRAM_FILES%\HuaCi\huaci\allverx.dat.tmp
- %PROGRAM_FILES%\HuaCi\huaci\abhcop.sys
- %PROGRAM_FILES%\HuaCi\huaci\hcalway.inf.tmp
- %PROGRAM_FILES%\HuaCi\huaci\allverx.dat
- %PROGRAM_FILES%\HuaCi\huaci\abhcop.sys.tmp
- %TEMP%\RarSFX0\SETUP.INI
- %TEMP%\RarSFX0\SETUP.EXE
- %PROGRAM_FILES%\HuaCi\huaci\setup.tmp
- %TEMP%\RarSFX0\SETUP.INS
- %PROGRAM_FILES%\HuaCi\huaci\zsearch.exe.tmp
- %PROGRAM_FILES%\HuaCi\huaci\sysupdate.ini.tmp
- %PROGRAM_FILES%\HuaCi\huaci\SearchM.dll.zgx.tmp
- %PROGRAM_FILES%\HuaCi\huaci\hcalway.inf
- %PROGRAM_FILES%\HuaCi\huaci\setup.tmp
- %PROGRAM_FILES%\HuaCi\huaci\zsup.exe.tmp
- %PROGRAM_FILES%\HuaCi\huaci\hcalway.inf.tmp
- %PROGRAM_FILES%\HuaCi\huaci\allverx.dat.tmp
- %PROGRAM_FILES%\HuaCi\huaci\abhcop.sys.tmp
- %PROGRAM_FILES%\HuaCi\huaci\mUin.exe.tmp
- %PROGRAM_FILES%\HuaCi\huaci\Mouse1.dll.zgx.tmp
- %PROGRAM_FILES%\HuaCi\huaci\hcalway.sys.tmp
- from %PROGRAM_FILES%\HuaCi\huaci\hcalway.sys to <DRIVERS>\hcalway.sys
- from %PROGRAM_FILES%\HuaCi\huaci\abhcop.sys to <DRIVERS>\abhcop.sys
- from %PROGRAM_FILES%\HuaCi\huaci\Mouse1.dll.zgx to %PROGRAM_FILES%\HuaCi\huaci\Mouse1.dll
- from %PROGRAM_FILES%\HuaCi\huaci\SearchM.dll.zgx to %PROGRAM_FILES%\HuaCi\huaci\SearchM.dll
- 'do#####d.zhongsou.com':80
- 'localhost':1036
- 'localhost':1035
- do#####d.zhongsou.com/cdsearch/update.asp?ty##############
- do#####d.zhongsou.com/msstat/dealip.asp?aa##################################################################################################################
- DNS ASK do#####d.zhongsou.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'