Техническая информация
- [<HKLM>\SOFTWARE\Classes\exefiles\shell\open\command] '' = '"<SYSTEM32>\taskmar.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\.exe] '' = 'exefiles'
- %TEMP%\taskmar.exe
- %TEMP%\EXE2.exe
- <SYSTEM32>\taskkill.exe /f /im QQ.exe /t
- <SYSTEM32>\cmd.exe /c %TEMP%\0.bat
- <SYSTEM32>\taskkill.exe /f /im taskmar.exe /t
- <SYSTEM32>\taskkill.exe /f /im EXE2.exe /t
- <SYSTEM32>\taskkill.exe /f /im ZhuDongFangYu.exe /t
- <SYSTEM32>\ntvdm.exe -f -i1
- <SYSTEM32>\cmd.exe /c %TEMP%\unins000.bat
- %WINDIR%\Temp\scs2.tmp
- %TEMP%\unins000.bat
- %TEMP%\0.bat
- <SYSTEM32>\taskmar.exe
- %WINDIR%\Temp\scs1.tmp
- %TEMP%\<Имя вируса>.exe
- %TEMP%\EXE1.exe
- %TEMP%\taskmar.exe
- %TEMP%\EXE2.exe
- <SYSTEM32>\taskmar.exe
- %TEMP%\EXE2.exe
- %TEMP%\taskmar.exe
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\Temp\scs2.tmp
- ClassName: '' WindowName: ''
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-978.97c.3b0002'