Техническая информация
- Редактора реестра (RegEdit)
- Компонент восстановления системы (SR)
- <SYSTEM32>\reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRun /t REG_DWORD /d 1 /f
- <SYSTEM32>\reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v DisableSR /t REG_DWORD /d 1 /f
- <SYSTEM32>\msg.exe * Memory Failure Please Try again
- <SYSTEM32>\reg.exe add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableRegistryTools /t REG_DWORD /d 1 /f
- <SYSTEM32>\attrib.exe +h "%HOMEPATH%\Start Menu\Programs\Startup\ardamax.exe"
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\ardamax.bat""
- <SYSTEM32>\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v DisableTaskMgr /t REG_DWORD /d 1 /f
- <SYSTEM32>\shutdown.exe -r -t 30 -c "Your Memory is corrupted need to be changed"
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRun' = '00000001'
- %TEMP%\1.tmp\ardamax.bat
- %WINDIR%\pchealth\helpctr\binaries\msconfig.exe