Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%WINDIR%\Kvmon.exe -ini'
- 'C:\RECYCLE\NTDETECT.EXE.exe' -f 1532
- '%TEMP%\SETUP.EXE'
- '%TEMP%\РЎО°ЧоРВКУЖµґ°їЪ·ЕґуЖч1.4.exe'
- '%TEMP%\Update.exe'
- '<SYSTEM32>\net1.exe' stop System Restore Service
- '<SYSTEM32>\sc.exe' config NOD32krn start= disabled
- '<SYSTEM32>\net1.exe' stop "Windows Firewall/Internet Connection Sharing (ICS)"
- '<SYSTEM32>\taskkill.exe' /im nod32krn.exe /f
- '<SYSTEM32>\cmd.exe' /c c:\RECYCLE\sos.bat
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\taskkill.exe' /im nod32kui.exe /f
- '<SYSTEM32>\net.exe' stop System Restore Service
- '<SYSTEM32>\net.exe' stop "Windows Firewall/Internet Connection Sharing (ICS)"
- '<SYSTEM32>\net.exe' stop "Security Center"
- '<SYSTEM32>\sc.exe' config ekrn start= disabled
- '<SYSTEM32>\taskkill.exe' /im egui.exe /f
- '<SYSTEM32>\net1.exe' stop "Security Center"
- '<SYSTEM32>\taskkill.exe' /im ekrn.exe /f
- %TEMP%\SETUP.EXE
- <Служебный элемент>
- %WINDIR%\Kvmon.dll
- %WINDIR%\Kvmon.exe
- C:\RECYCLE\sos.bat
- %TEMP%\Update.exe
- %TEMP%\РЎО°ЧоРВКУЖµґ°їЪ·ЕґуЖч1.4.exe
- C:\RECYCLE\key01.tmp
- C:\RECYCLE\NTDETECT.EXE.exe
- <Служебный элемент>
- <SYSTEM32>\PerfStringBackup.TMP
- %TEMP%\SETUP.EXE
- C:\RECYCLE\key01.tmp
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- C:\RECYCLE\NTDETECT.EXE.exe
- %TEMP%\Update.exe в C:\NTDUBECT.EXE
- DNS ASK www.53##40.com
- ClassName: '(null)' WindowName: '(null)'