Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe] 'debugger' = 'C:\\windows\\wpoinst.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe] 'debugger' = 'C:\\windows\\wpoinst.exe'
- Редактора реестра (RegEdit)
- <SYSTEM32>\reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableRegistryTools /t reg_dword /d 00000001 /f
- <SYSTEM32>\taskkill.exe /f /im ░▓╫░░№01.exe
- <SYSTEM32>\attrib.exe -s -h -r -a "%WINDIR%\░▓╫░░№01.exe"
- <SYSTEM32>\mode.com con: cols=40 lines=18
- <SYSTEM32>\reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe" /v "debugger" /t REG_SZ /d "C:\\windows\\wpoinst.exe" /f
- <SYSTEM32>\reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe" /v "debugger" /t REG_SZ /d "C:\\windows\\wpoinst.exe" /f
- %TEMP%\bt3685.bat
- %TEMP%\bt3685.bat
- ClassName: '' WindowName: ''