Техническая информация
- '%WINDIR%\syswow64\taskkill.exe' /f /im QQ*
- '%WINDIR%\syswow64\taskkill.exe' /f /im TXP*
- %TEMP%\3060th1j.bat
- nul
- %TEMP%\3060th1j.bat
- ClassName: '' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\3060TH1J.bat" "<Полный путь к файлу>" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\3060TH1J.bat" "<Полный путь к файлу>" "
- '%WINDIR%\syswow64\mode.com' con: cols=42 lines=22
- '%WINDIR%\syswow64\regsvr32.exe' /s /u Bin\TXSSO\Bin\SSOCommon.dll
- '%WINDIR%\syswow64\regsvr32.exe' /s /u Bin\TXSSO\Bin\npSSOAxCtrlForPTLogin.dll
- '%WINDIR%\syswow64\reg.exe' delete HKCU\Software\Tencent\Plugin /F
- '%WINDIR%\syswow64\reg.exe' delete HKCU\Software\Tencent\QQ2009 /F
- '%WINDIR%\syswow64\reg.exe' delete HKLM\Software\Tencent\QQ2009 /F
- '%WINDIR%\syswow64\reg.exe' delete HKCU\Software\Classes\Tencent /F
- '%WINDIR%\syswow64\reg.exe' delete HKLM\Software\Classes\Tencent /F
- '%WINDIR%\syswow64\reg.exe' delete HKCU\Software\Classes\EMOTION.File /F
- '%WINDIR%\syswow64\reg.exe' delete HKCU\Software\Classes\EMOTION.Package /F
- '%WINDIR%\syswow64\reg.exe' delete HKLM\Software\Wow6432Node\Tencent\QQ2009 /F
- '%WINDIR%\syswow64\reg.exe' delete HKLM\Software\Wow6432Node\Classes\Tencent /F
- '%WINDIR%\syswow64\regsvr32.exe' /s /u Plugin\Com.Tencent.NetDisk\Bin\QQDisk\Bin\TXFTNActiveX.dll