Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\RegService] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\CliSvc] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\W32Log0n] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SessionSrv] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SystemUpdate] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\EvntService] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\metSvcServ] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\NetLog] 'Start' = '00000002'
- 'C:\RECYCLER\notepad.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shell32.dll,OpenAs_RunDLL <Текущая директория>exe.com).xls
- <Текущая директория>exe.com).xls
- C:\ProgramData\Microsoft\Windows\netwrc113.dll
- C:\RECYCLER\notepad.exe
- из <Полный путь к вирусу> в %CommonProgramFiles%\System\netwrc163.xls
- ClassName: 'Shell_TrayWnd' WindowName: ''