Техническая информация
- '%WINDIR%\Temp\nircmd.exe' Killprocess ohorongf.exe
- '%WINDIR%\Temp\nircmd.exe' Killprocess xwusuhzh.exe
- '%WINDIR%\Temp\nircmd.exe' Killprocess Uoyzsydz.exe
- '%WINDIR%\Temp\nircmd.exe' Killprocess sbwltbxa.exe
- '%WINDIR%\Temp\nircmd.exe' Killprocess vbpdtvdp.exe
- '%WINDIR%\Temp\nircmd.exe' Killprocess rxjddnvj.exe
- '%WINDIR%\Temp\nircmd.exe' Killprocess mgmrwmrv.exe
- '%WINDIR%\regedit.exe' /s %WINDIR%\temp\AdminFix.reg
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\Temp\PreFix.bat" "
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoThemesTab' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoSaveSettings' = '00000000'
- %WINDIR%\Temp\Script.vbs
- %WINDIR%\Temp\PreFix.bat
- %WINDIR%\Temp\AdminFix.REG
- %WINDIR%\Temp\nircmd.exe
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'