Техническая информация
- [<HKLM>\SOFTWARE\Classes\AllTypes\shell\open\command] '' = '"%WINDIR%\20111111\58CN8q82g2vk88GG\script\script.exe" "%1"'
- %WINDIR%\20111111\58CN8q82g2vk88GG\script\script.exe
- <Текущая директория>\Ervxm2SOqw88Bq5.exe
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\20111111\58CN8q82g2vk88GG\script\script.exe.bat" "
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\20111111\Myhl8288G552p5q8\smss.exe.bat" "
- <SYSTEM32>\cmd.exe /c ""<Текущая директория>\Ervxm2SOqw88Bq5.exe.bat" "
- <SYSTEM32>\cmd.exe /c ""<Полный путь к вирусу>.bat" "
- %WINDIR%\tao.ico
- %WINDIR%\20111111\58CN8q82g2vk88GG\script\XlKankan.dll
- %WINDIR%\20111111\58CN8q82g2vk88GG\script\regBHO.reg
- %WINDIR%\20111111\Myhl8288G552p5q8\smss.exe
- %WINDIR%\20111111\58CN8q82g2vk88GG\script\Script.vbs.bat
- %WINDIR%\20111111\Myhl8288G552p5q8\smss.exe.bat
- %WINDIR%\20111111\58CN8q82g2vk88GG\script\script.exe.bat
- <Полный путь к вирусу>.bat
- <Текущая директория>\Ervxm2SOqw88Bq5.exe.bat
- <Текущая директория>\Ervxm2SOqw88Bq5.exe
- %WINDIR%\userid.txt
- %WINDIR%\20111111\58CN8q82g2vk88GG\script\reg.bat
- %WINDIR%\20111111\58CN8q82g2vk88GG\script\script.vbs
- %WINDIR%\20111111\58CN8q82g2vk88GG\script\script.exe