Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,C:\PROGRA~1\WinRAR\Unlnstall.exe,'
- <SYSTEM32>\net1.exe stop sharedaccess
- <SYSTEM32>\net.exe stop sharedaccess
- %PROGRAM_FILES%\WinRAR\Rareaaalu.ini
- %PROGRAM_FILES%\WinRAR\WinRARExt64.ini
- %PROGRAM_FILES%\WinRAR\Rareaaalu.ini
- %PROGRAM_FILES%\WinRAR\WinRARExt64.ini
- из <Полный путь к вирусу> в %PROGRAM_FILES%\WinRAR\Unlnstall.exe
- '22#.#86.15.18':89