Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'safe360' = '%CommonProgramFiles%\sgcscvy\coiome.exe'
- %CommonProgramFiles%\sgcscvy\coiome.exe
- <SYSTEM32>\sc.exe delete IE_WinserverName
- <SYSTEM32>\sc.exe stop IE_WinserverName
- <SYSTEM32>\sc.exe delete LYTC
- <SYSTEM32>\sc.exe stop HidServ
- <SYSTEM32>\cacls.exe "%CommonProgramFiles%\Microsoft Shared\MSInfo" /e /p everyone:n
- <SYSTEM32>\cacls.exe "%ALLUSERSPROFILE%\Application Data\Storm\update" /e /p everyone:n
- <SYSTEM32>\sc.exe delete HidServ
- <SYSTEM32>\sc.exe delete Messenger
- <SYSTEM32>\sc.exe delete JavaServe
- <SYSTEM32>\taskkill.exe /im coiome.exe /f
- <SYSTEM32>\mshta.exe "%PROGRAM_FILES%\HCL.hta"
- <SYSTEM32>\taskkill.exe /im iejore.exe /f
- <SYSTEM32>\sc.exe stop Messenger
- <SYSTEM32>\sc.exe stop LYTC
- <SYSTEM32>\taskkill.exe /im conime.exe /f
- %CommonProgramFiles%\sgcscvy\coiome.exe
- %PROGRAM_FILES%\HCL.hta
- %PROGRAM_FILES%\HCL.hta
- 'b3#.##uisumuli.com':53
- DNS ASK b3#.##uisumuli.com
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''