Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Explorer' = '%WINDIR%\Explorer.exe'
- <SYSTEM32>\shutdown.exe -s -t 5 -f -c Owned by RaidX Simple Virus/Worm
- <SYSTEM32>\tskill.exe winlogon
- <SYSTEM32>\tskill.exe Explorer
- %WINDIR%\Explorer.EXE
- C:\Boot.ini
- <SYSTEM32>\msiexec.exe
- <SYSTEM32>\sndrec32.exe
- <SYSTEM32>\cleanmgr.exe
- <SYSTEM32>\cmd.exe
- <SYSTEM32>\taskmgr.exe
- %WINDIR%\regedit.exe
- %WINDIR%\explorer.exe
- <SYSTEM32>\winlogon.exe
- <SYSTEM32>\wupdmgr.exe
- ClassName: 'Proxy Desktop' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''