Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,<DRIVERS>\taskhost.exe'
- <DRIVERS>\taskhost.exe /cleanafterinstall=<Полный путь к вирусу>
- %APPDATA%\HP\UPD5.0\Low\Data\My\Roaming\Temp\30-9-2011--%USERNAME%.xcd
- %APPDATA%\HP\UPD5.0\Low\Data\My\Roaming\Temp\install.log
- <DRIVERS>\taskhost.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''