Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'roma' = '\joda\Tjak.exe'
- '<SYSTEM32>\wscript.exe' "%ProgramFiles%\%PROGRAMDATA%\joda\wantm.vbs"
- '<SYSTEM32>\netsh.exe' advfirewall firewall delete rule name==netsec
- '<SYSTEM32>\netsh.exe' advfirewall firewall delete rule name=jordfx
- '<SYSTEM32>\netsh.exe' advfirewall firewall delete rule name=sqll
- '<SYSTEM32>\cmd.exe' /c ban.bat
- '<SYSTEM32>\reg.exe' add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v roma /t REG_SZ /d \joda\Tjak.exe /f
- %ProgramFiles%\%PROGRAMDATA%\joda\Tjak.exe
- %ProgramFiles%\%PROGRAMDATA%\joda\ban.bat
- %ProgramFiles%\%PROGRAMDATA%\joda\wantm.vbs
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''