Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\Windows Live Messenger.lnk
- скрытых файлов
- <SYSTEM32>\notepad.exe
- <SYSTEM32>\reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /f /v /t REG_DWORD /d 1
- <SYSTEM32>\reg.exe add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /f /v Hidden /t reg_dword /d 0
- <SYSTEM32>\reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden" /f /v type /t reg_sz /d "-"
- <SYSTEM32>\reg.exe add "HKCU\Software\Microsoft\Internet Explorer\Main" /f /v "Search Page" /t reg_sz /d www.go###e.com.tr
- <SYSTEM32>\reg.exe add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments" /f /v SaveZoneInformation /t reg_dword /d 1
- <SYSTEM32>\reg.exe add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" /f /v LowRiskFileTypes /t reg_sz /d ".exe;"
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Associations] 'LowRiskFileTypes' = '.exe;'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments] 'SaveZoneInformation' = '00000001'
- ClassName: 'Notepad' WindowName: 'DisableRegistryTools'
- ClassName: 'Notepad' WindowName: 'Ads?z - Not Defteri'