Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'systemx' = 'C:\systemx.exe /WinStart'
- 'C:\systemx.exe'
- '<SYSTEM32>\xcopy.exe' c:\autorun.inf k:\ /o /x /e /h /k
- '<SYSTEM32>\xcopy.exe' c:\autorun.inf h:\ /o /x /e /h /k
- '<SYSTEM32>\xcopy.exe' c:\autorun.inf i:\ /o /x /e /h /k
- '<SYSTEM32>\ping.exe' localhost -n 120
- '<SYSTEM32>\xcopy.exe' c:\autorun.inf g:\ /o /x /e /h /k
- '<SYSTEM32>\xcopy.exe' c:\rcp.exe h:\ /o /x /e /h /k
- '<SYSTEM32>\cmd.exe' /c C:\system.bat
- '<SYSTEM32>\xcopy.exe' c:\rcp.exe k:\ /o /x /e /h /k
- '<SYSTEM32>\xcopy.exe' c:\rcp.exe g:\ /o /x /e /h /k
- '<SYSTEM32>\xcopy.exe' c:\rcp.exe i:\ /o /x /e /h /k
- C:\systemx.exe
- C:\autorun.inf
- C:\runddl.exe
- C:\system.bat
- C:\system.bat
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'