Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'yingcang1' = '%WINDIR%\rootkit.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'smvs1' = '<SYSTEM32>\smvs.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\sr] 'ImagePath' = '<DRIVERS>\sr.sys'
- Компонент восстановления системы (SR)
- '<SYSTEM32>\wscript.exe' "%WINDIR%\tzdz.vbs"
- '<SYSTEM32>\wscript.exe' "%WINDIR%\zjqd.vbs"
- '<SYSTEM32>\wscript.exe' "%WINDIR%\jc.vbs"
- '<SYSTEM32>\wscript.exe' "%WINDIR%\hy.vbs"
- %WINDIR%\tzdz.vbs
- %WINDIR%\zjqd.vbs
- %WINDIR%\jc.vbs
- %WINDIR%\hy.vbs