Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,c:\recycle\svohost.exe hrun "%1"'
- [<HKLM>\SOFTWARE\Classes\fodlock\shell\open\command] '' = '"<Полный путь к вирусу>" unlockdir "%1"'
- [<HKLM>\SOFTWARE\Classes\sunlock\shell\open\command] '' = '"<Полный путь к вирусу>" unlockfile "%1"'
- C:\recycle\svohost.exe hrun "%1"
- C:\recycle\svohost.exe
- C:\recycle\desktop.ini
- %TEMP%\m5.ini
- %TEMP%\m5.ini
- ClassName: 'AfxMDIFrame42s' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'tediamainfrm' WindowName: 'ediatest'