Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Ravey' = '"%WINDIR%\system\drivers\smssvc.exe" /start'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'expleor' = '%WINDIR%\system\drivers\mssearch.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'xo' = '%WINDIR%\system\drivers\Client.exe'
- %WINDIR%\regedit.exe /S "%HOMEPATH%\Local Settings\Temp.\DefOpen.reg"
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\temp\960493.bat" 程序运行参数"
- %TEMP%\DefOpen.reg
- %WINDIR%\Temp\960493.bat
- %TEMP%\aut1.tmp
- %WINDIR%\Temp\960493.bat
- %WINDIR%\Temp\Perflib_Perfdata_7e8.dat
- %TEMP%\aut1.tmp
- %TEMP%\DefOpen.reg
- ClassName: 'RegEdit_RegEdit' WindowName: ''