Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MoveSearch' = '%PROGRAM_FILES%\wsearch\Search.exe'
- %TEMP%\GLJ2.tmp <SYSTEM32>\hap.dll
- %TEMP%\GLJ2.tmp <SYSTEM32>\atl.dll
- %PROGRAM_FILES%\wsearch\Search.exe us
- %TEMP%\GLJ2.tmp <SYSTEM32>\winhtp.dll
- %TEMP%\HB.EXE
- %TEMP%\pp.exe hide
- %TEMP%\jsb.exe
- <SYSTEM32>\regsvr32.exe /s <SYSTEM32>\winhtp.dll
- <SYSTEM32>\regsvr32.exe /s <SYSTEM32>\hap.dll
- <SYSTEM32>\regsvr32.exe "%PROGRAM_FILES%\wsearch\searchm.dll" -s
- <SYSTEM32>\rundll32.exe webad.dll,SetUp
- ClassName: 'RegMonClass' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
- <SYSTEM32>\~GLH0008.TMP
- <SYSTEM32>\mewin.dll
- %PROGRAM_FILES%\wsearch\sysadInfo.ini
- <SYSTEM32>\temp.000
- <SYSTEM32>\hda.ini
- %WINDIR%\hbsetup.log
- <SYSTEM32>\~GLH0009.TMP
- <SYSTEM32>\~GLH0007.TMP
- <SYSTEM32>\~GLH0002.TMP
- %TEMP%\IXP000.TMP\W95INF16.DLL
- %TEMP%\IXP000.TMP\W95INF32.DLL
- <SYSTEM32>\~GLH0003.TMP
- <SYSTEM32>\~GLH0006.TMP
- <SYSTEM32>\~GLH0005.TMP
- <SYSTEM32>\~GLH0004.TMP
- <DRIVERS>\Madbp.sys
- %ALLUSERSPROFILE%\Start Menu\Programs\°Щ¶Иі¬ј¶ЛС°Ф\ЖБ±ОБР±н.url
- %ALLUSERSPROFILE%\Start Menu\Programs\°Щ¶Иі¬ј¶ЛС°Ф\А¬»шЗеАн.url
- %ALLUSERSPROFILE%\Start Menu\Programs\°Щ¶Иі¬ј¶ЛС°Ф\№гёжА№ЅШ.url
- %ALLUSERSPROFILE%\Start Menu\Programs\°Щ¶Иі¬ј¶ЛС°Ф\ПµНіјУЛЩ.url
- <SYSTEM32>\updateinfo.ini
- %ALLUSERSPROFILE%\Start Menu\Programs\°Щ¶Иі¬ј¶ЛС°Ф\ТюЛЅ±Ј»¤.url
- %ALLUSERSPROFILE%\Start Menu\Programs\°Щ¶Иі¬ј¶ЛС°Ф\РЮёґ№¦ДЬ.url
- %ALLUSERSPROFILE%\Start Menu\Programs\°Щ¶Иі¬ј¶ЛС°Ф\°пЦъЦёДП.url
- <DRIVERS>\Pupw.sys
- <DRIVERS>\Ustqilnr.sys
- <DRIVERS>\Khdap.sys
- <SYSTEM32>\win.htm
- %ALLUSERSPROFILE%\Start Menu\Programs\°Щ¶Иі¬ј¶ЛС°Ф\°йВВµјєЅ.url
- <SYSTEM32>\history.ini
- %PROGRAM_FILES%\Baidu\bar\SET9.tmp
- %TEMP%\IXP000.TMP\ADVPACK.DLL
- %PROGRAM_FILES%\wsearch\allverx.dat
- %PROGRAM_FILES%\wsearch\allverx.dat.tmp
- %TEMP%\GLJ2.tmp
- %PROGRAM_FILES%\wsearch\Mouse1.dll.tmp
- %PROGRAM_FILES%\wsearch\mUninstall.exe
- %PROGRAM_FILES%\wsearch\mUninstall.exe.tmp
- %PROGRAM_FILES%\wsearch\Mouse1.dll
- %PROGRAM_FILES%\wsearch\setup.tmp
- <SYSTEM32>\distributer.txt
- <Current directory>\FirstUse.Txt
- <Current directory>\xmsflag.dat
- <Current directory>\LastUseDate.Txt
- %TEMP%\GLC1.tmp
- %TEMP%\pp.exe
- %TEMP%\HB.EXE
- %TEMP%\jsb.exe
- %TEMP%\IXP000.TMP\BaiduBar.dll
- %TEMP%\GLK3.tmp
- %PROGRAM_FILES%\wsearch\_uninstall
- %TEMP%\GLG5.tmp
- %WINDIR%\~GLH0001.TMP
- %TEMP%\IXP000.TMP\install.inf
- %TEMP%\~GLH0000.TMP
- %PROGRAM_FILES%\wsearch\sysupdate.ini
- %PROGRAM_FILES%\wsearch\Search.exe.tmp
- %PROGRAM_FILES%\wsearch\mupdate.exe
- %PROGRAM_FILES%\wsearch\mupdate.exe.tmp
- %PROGRAM_FILES%\wsearch\Search.exe
- %PROGRAM_FILES%\wsearch\sysupdate.ini.tmp
- %PROGRAM_FILES%\wsearch\SearchM.dll
- %PROGRAM_FILES%\wsearch\SearchM.dll.tmp
- %TEMP%\GLC1.tmp
- %TEMP%\IXP000.TMP\W95INF16.DLL
- %TEMP%\GLF6.tmp
- %TEMP%\GLK3.tmp
- %TEMP%\GLJ2.tmp
- %TEMP%\IXP000.TMP\BaiduBar.dll
- <SYSTEM32>\updateinfo.ini
- %TEMP%\IXP000.TMP\install.inf
- %TEMP%\IXP000.TMP\W95INF32.DLL
- %TEMP%\IXP000.TMP\ADVPACK.DLL
- %TEMP%\GLG5.tmp
- %PROGRAM_FILES%\wsearch\mupdate.exe.tmp
- %PROGRAM_FILES%\wsearch\Search.exe.tmp
- %PROGRAM_FILES%\wsearch\mUninstall.exe.tmp
- %PROGRAM_FILES%\wsearch\allverx.dat.tmp
- %PROGRAM_FILES%\wsearch\Mouse1.dll.tmp
- <SYSTEM32>\temp.000
- <SYSTEM32>\~GLH0008.TMP
- %PROGRAM_FILES%\wsearch\setup.tmp
- %PROGRAM_FILES%\wsearch\SearchM.dll.tmp
- %PROGRAM_FILES%\wsearch\sysupdate.ini.tmp
- 'pi#.##ongsou.com':80
- 'do#####d.henbang.net':80
- 'www.so##gx.com':80
- 'localhost':1037
- www.so##gx.com/ad/ad.htm
- do#####d.henbang.net/download/updatelist/updateinfo.ini
- www.so##gx.com/softct2/count.asp?si#################
- pi#.##ongsou.com/pig3/dealip.asp?aa###########################################
- DNS ASK pi#.##ongsou.com
- DNS ASK do#####d.henbang.net
- DNS ASK www.si##.com.cn
- DNS ASK www.so##gx.com
- ClassName: '' WindowName: 'Henbang AD UpdateVersion - Microsoft Internet Explorer'
- ClassName: '' WindowName: 'HenbangUpdate'
- ClassName: 'Progman' WindowName: 'Program Manager'
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''