Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'Load' = '%WINDIR%\inf\svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'InSvchost' = '%WINDIR%\IME\svchost.exe'
- скрытых файлов
- '<SYSTEM32>\taskkill.exe' /F /T /IM ofcservice.exe
- '<SYSTEM32>\taskkill.exe' /F /T /IM OfcCMAgent.exe
- '<SYSTEM32>\taskkill.exe' /F /T /IM osceintegrationservice.exe
- '<SYSTEM32>\reg.exe' delete "HKLM\SYSTEM\CurrentControlSet\Services\ntrtscan" /f
- '<SYSTEM32>\reg.exe' delete "HKLM\SYSTEM\CurrentControlSet\Services\OSCEIntegrationService" /f
- '<SYSTEM32>\reg.exe' delete "HKLM\SYSTEM\CurrentControlSet\Services\OfficeScanCMAgent" /f
- '<SYSTEM32>\reg.exe' delete "HKLM\SYSTEM\CurrentControlSet\Services\ofcservice" /f
- '<SYSTEM32>\taskkill.exe' /F /T /IM Ntrtscan.exe
- '<SYSTEM32>\taskkill.exe' /F /T /IM PccNTMon.exe
- '%WINDIR%\dat.exe'
- '<SYSTEM32>\taskkill.exe' /F /T /IM TmListen.exe
- '<SYSTEM32>\taskkill.exe' /F /T /IM PccNTUpd.exe
- '<SYSTEM32>\taskkill.exe' /F /T /IM TmProxy.exe
- '<SYSTEM32>\taskkill.exe' /F /T /IM TmPfw.exe
- %WINDIR%\dat.exe
- %WINDIR%\smses.exe
- %WINDIR%\ime\svchost.exe
- %WINDIR%\inf\svchost.exe
- %WINDIR%\dat.exe
- %WINDIR%\smses.exe
- %WINDIR%\ime\svchost.exe
- %WINDIR%\inf\svchost.exe
- ClassName: '' WindowName: ''