Техническая информация
- [<HKCU>\Software\Microsoft\Command Processor] 'AutoRun' = '"%APPDATA%\{EAD8C9EB-CE7E-1A35-C2EE-F26F5E13EB94}\ntvdm.exe"'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '"%APPDATA%\{EAD8C9EB-CE7E-1A35-C2EE-F26F5E13EB94}\ntvdm.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ntvdm' = '"%APPDATA%\{EAD8C9EB-CE7E-1A35-C2EE-F26F5E13EB94}\ntvdm.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'ntvdm' = '"%APPDATA%\{EAD8C9EB-CE7E-1A35-C2EE-F26F5E13EB94}\ntvdm.exe"'
- %HOMEPATH%\Start Menu\Programs\Startup\ntvdm.lnk
- '%APPDATA%\{EAD8C9EB-CE7E-1A35-C2EE-F26F5E13EB94}\ntvdm.exe'
- '<SYSTEM32>\taskkill.exe' /t /f /im "<Имя вируса>.exe"
- '<SYSTEM32>\cmd.exe' /c taskkill /t /f /im "<Имя вируса>.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "<Полный путь к вирусу>" > NUL
- %APPDATA%\Bl 437 burgundy 127 gold.ADO
- %APPDATA%\alignment.xml
- %APPDATA%\404-13.htm
- %APPDATA%\fop.extensions.xml
- %APPDATA%\column.gap.lot.xml
- %APPDATA%\{EAD8C9EB-CE7E-1A35-C2EE-F26F5E13EB94}\ntvdm.exe
- %TEMP%\nsy4.tmp\System.dll
- %APPDATA%\Registry.dll
- %APPDATA%\GIF Restrictive.irs
- %APPDATA%\Excreta.8nr
- %APPDATA%\Entropy.mm
- %APPDATA%\403-5.htm
- %APPDATA%\Dawson_Creek
- %APPDATA%\fastForward-1.png
- %TEMP%\nsn2.tmp\System.dll
- %APPDATA%\WallabaProcreator.Lkw
- %APPDATA%\f37.png
- %APPDATA%\10-autohint.conf
- %APPDATA%\f22.png
- %APPDATA%\defaultProfilerFilter_smartdata.xml
- %APPDATA%\Add-RKSJ-V
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''