Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WindowsUpdate' = '%WINDIR%\system\svchost.exe'
- %WINDIR%\system\winlogon.exe
- <SYSTEM32>\cmd.exe /c ""%TEMP%\4.tmp\huhihi.bat" "
- <SYSTEM32>\cmd.exe /c ""%TEMP%\2.tmp\huhihi.bat" "
- <SYSTEM32>\msg.exe * В┤В▄ВЯВЧВЧВЧВЧВЧВЧВЧ
- <SYSTEM32>\cmd.exe /c ""%TEMP%\6.tmp\huhihi.bat" "
- <SYSTEM32>\cmd.exe /c ""%TEMP%\5.tmp\huhihi.bat" "
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\huhihi.bat" "
- <SYSTEM32>\cmd.exe /c ""%TEMP%\main.bat" "
- <SYSTEM32>\wscript.exe "%TEMP%\hiderun.vbs"
- <SYSTEM32>\reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdate /d %WINDIR%\system\svchost.exe /f
- <SYSTEM32>\dfrgntfs.exe -Embedding
- <SYSTEM32>\defrag.exe c: /f
- %TEMP%\2.tmp\huhihi.bat
- %TEMP%\4.tmp\huhihi.bat
- %TEMP%\5.tmp\huhihi.bat
- <DRIVERS>\etc\pop.exe
- %WINDIR%\Resources\Themes\msvcr71.dll
- %TEMP%\1.tmp\huhihi.bat
- %TEMP%\9.tmp\huhihi.bat
- %TEMP%\A.tmp\huhihi.bat
- %TEMP%\B.tmp\huhihi.bat
- %TEMP%\6.tmp\huhihi.bat
- %TEMP%\7.tmp\huhihi.bat
- %TEMP%\8.tmp\huhihi.bat
- %WINDIR%\system\winlogon.exe
- %TEMP%\pop.exe
- %TEMP%\red.wav
- %TEMP%\sadako_pop.exe
- %TEMP%\hiderun.vbs
- %TEMP%\main.bat
- %TEMP%\msvcr71.dll
- %WINDIR%\Resources\Themes\red.wav
- %WINDIR%\system\svchost.exe
- %WINDIR%\Resources\Themes\taskkill.exe
- %TEMP%\svchost.exe
- %TEMP%\taskkill.exe
- %TEMP%\winlogon.exe
- %TEMP%\sadako_pop.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''