Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WinSys32' = '%WINDIR%\WinSys32.exe'
- %WINDIR%\WinSys32.exe "<Полный путь к вирусу>"
- AVP.EXE
- NAVAPW32.EXE
- ZONEALARM.EXE
- AVP32.EXE
- AVPCC.EXE
- AVPM.EXE
- [<HKLM>\SOFTWARE\Miranda]
- [<HKCU>\software\microsoft\MessengerService]
- C:\win.ini
- C:\system.ini
- %WINDIR%\WinSys32.exe
- %WINDIR%\WinSys32.exe
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: '' WindowName: 'orospu'