Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{621A56D8B0-ARE2IL-A0YE1-NTDJ4-RQRF23I4J980}] 'StubPath' = 'sysver.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe syschost.exe s'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{631355B4E1-KAC2IL-O4KGD-S16T4-TQEC72D1O702}] 'StubPath' = 'sysver.exe'
- %WINDIR%\sysver.exe t
- <SYSTEM32>\syschost.exe t
- %TEMP%\TMP9000.TMP
- %TEMP%\TMP1010.tmp <Полный путь к вирусу>
- %TEMP%\TMP9001.TMP
- <SYSTEM32>\syschost.exe
- %WINDIR%\sysver.exe
- %TEMP%\TMP1010.tmp
- %TEMP%\TMP9000.TMP
- %TEMP%\TMP9001.TMP
- %WINDIR%\sysver.exe
- <SYSTEM32>\syschost.exe
- %TEMP%\TMP1010.tmp
- ClassName: 'Shell_TrayWnd' WindowName: ''