Техническая информация
- [<HKLM>\SOFTWARE\Classes\lnkfile\shell\open\command] '' = '"%PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE" '
- <SYSTEM32>\abrun.exe <Полный путь к вирусу>===
- %WINDIR%\regedit.exe /s ""%TEMP%\TempIE.reg""
- <SYSTEM32>\rundll32.exe advpack.dll,DelNodeRunDLL32 %HOMEPATH%\Start Menu\Programs\Internet Explorer.lnk
- %HOMEPATH%\Start Menu\Internat Explorer.url
- %HOMEPATH%\Start Menu\Programs\Internat Explorer.url
- <SYSTEM32>\10.ico
- C:\RegTemp.txt
- C:\Internat Explorer.url
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Internat Explorer.dll
- %TEMP%\TempIE.reg
- %PROGRAM_FILES%\Internat Explorer.url
- %HOMEPATH%\Desktop\Internat Explorer.dll
- <SYSTEM32>\9.ico
- <SYSTEM32>\2.ico
- <SYSTEM32>\3.ico
- <SYSTEM32>\a123.ico
- <SYSTEM32>\b456.ico
- <SYSTEM32>\4.ico
- <SYSTEM32>\7.ico
- <SYSTEM32>\8.ico
- <SYSTEM32>\5.ico
- <SYSTEM32>\6.ico
- %TEMP%\TempIE.reg
- C:\RegTemp.txt
- ClassName: 'SHELLDLL_DefView' WindowName: ''
- ClassName: 'SysListView32' WindowName: ''
- ClassName: 'Progman' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''