Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\wind0ws] 'Start' = '00000002'
- <SYSTEM32>\reg.exe ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wind0ws /v InstallModule /t REG_SZ /d "<Полный путь к вирусу>"
- <SYSTEM32>\svchost.exe -k netsvcs
- <SYSTEM32>\reg.exe ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wind0ws\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "%PROGRAM_FILES%\WindowsUpdate\wupdmgr32.dll"
- <SYSTEM32>\taskkill.exe /f /t /im KSafeTray.exe
- <SYSTEM32>\reg.exe ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wind0ws /v Description /t REG_SZ /d "Microsoft(R) Windows Update."
- %PROGRAM_FILES%\WindowsUpdate\wupdmgr32.dll
- %WINDIR%\ThankU.txt
- %PROGRAM_FILES%\WindowsUpdate\wupdmgr32.dll
- %WINDIR%\ThankU.txt
- 'xc##.3322.org':81
- DNS ASK xc##.3322.org
- ClassName: '' WindowName: ''