Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\winmgmt] 'Start' = '00000002'
- %CommonProgramFiles%\System\RealLiveUpdate.exe
- <SYSTEM32>\cacls.exe <SYSTEM32>\ieextend.dll /c /e /d everyone
- <SYSTEM32>\regsvr32.exe /u /s <SYSTEM32>\bbns.dll
- <SYSTEM32>\regsvr32.exe /u /s <SYSTEM32>\ieextend.dll
- <SYSTEM32>\sc.exe config winmgmt start= disabled
- <SYSTEM32>\sc.exe stop winmgmt
- <SYSTEM32>\cacls.exe <SYSTEM32>\bbns.dll /c /e /d everyone
- <SYSTEM32>\cmd.exe /c <Текущая директория>\dellme.bat
- <SYSTEM32>\cmd.exe /c "%CommonProgramFiles%\System\killwx.bat"
- <SYSTEM32>\attrib.exe +H +S "%CommonProgramFiles%\System\RealLiveUpdate.exe"
- <SYSTEM32>\sc.exe start winmgmt
- %WINDIR%\sleep.exe 100
- <SYSTEM32>\sc.exe config winmgmt start= auto
- %CommonProgramFiles%\System\killwx.bat
- <Текущая директория>\dellme.bat
- %CommonProgramFiles%\System\RealLiveUpdate.exe
- %CommonProgramFiles%\System\RealLiveUpdate.exe
- %TEMP%\~DF2313.tmp
- ClassName: '' WindowName: 'ieLock'
- ClassName: '' WindowName: '6/27/2012 12:44:44 PM'