Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rundll32.exe' = 'rundll32.exe fin.dll,Prkt'
- <SYSTEM32>\logonui.exe /status /shutdown
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\ninik.bat" "<Полный путь к вирусу>""
- %WINDIR%\fin.dll
- %WINDIR%\ninik.bat
- %WINDIR%\nubyt.sys
- <DRIVERS>\etc\host7
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'StatusWindowClass' WindowName: ''