Техническая информация
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\RABVTFQ.lnk
- [<HKLM>\SYSTEM\ControlSet001\Services\I6OG86] 'Start' = '00000002'
- %PROGRAM_FILES%\BRZK1GB.EXE wb
- <SYSTEM32>\reg.exe delete HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318} /F
- <SYSTEM32>\reg.exe delete HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318} /F
- <SYSTEM32>\reg.exe delete HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318} /F
- <SYSTEM32>\reg.exe delete HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318} /F
- <SYSTEM32>\sc.exe create I6OG86 BinPath= "%PROGRAM_FILES%\ComPlus Applications\I6OG86.EXE YG704S8U1" type= own type= interact start= auto DisplayName= OFSBYLY0AE
- <SYSTEM32>\cmd.exe /c "%PROGRAM_FILES%\7ENMKV.BAT"
- <SYSTEM32>\reg.exe delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /F
- <SYSTEM32>\sc.exe description I6OG86 ┤є╜л╖ё╬к╢╧╕°╣т▓·╔·╡─│д╕ч╗·╟ы┴╓╕╓╜б╜н╗·─у╟Є╨╨╩г╥╢╦о
- %PROGRAM_FILES%\BRZK1GB.EXE
- %PROGRAM_FILES%\7ENMKV.BAT
- %PROGRAM_FILES%\ComPlus Applications\I6OG86.EXE
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\RABVTFQ.lnk
- <Полный путь к вирусу>
- %PROGRAM_FILES%\BRZK1GB.EXE
- '58.#9.58.20':443
- ClassName: 'Shell_TrayWnd' WindowName: ''