Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'wbservc' = '%PROGRAM_FILES%\wbsvc\wholegrade.exe'
- <SYSTEM32>\cmd.exe /c \DelUS.bat
- %PROGRAM_FILES%\wbsvc\wholegrade.exe
- %PROGRAM_FILES%\wbsvc\webholeuninst.exe
- %PROGRAM_FILES%\wbsvc\wbsvcAX.ocx
- C:\DelUS.bat
- %PROGRAM_FILES%\wbsvc\uninstall.exe
- <SYSTEM32>\wbsvcAX.ocx
- %PROGRAM_FILES%\wbsvc\wbsvc.dll
- %PROGRAM_FILES%\wbsvc\Idleploer.exe
- %PROGRAM_FILES%\wbsvc\IUtil.ini
- %TEMP%\nsz2.tmp
- %PROGRAM_FILES%\wbsvc\replaer.dll
- %PROGRAM_FILES%\wbsvc\except.ini
- %PROGRAM_FILES%\wbsvc\chkstr.ini
- 'www.we###le.co.kr':80
- www.we###le.co.kr/count/update.php?pi################
- DNS ASK www.we###le.co.kr
- ClassName: 'IEFrame' WindowName: ''