Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{CFADA5F4-B32F-4CE2-9D10-95E8AB1B8D83}' = ''
- <SYSTEM32>\cmd.exe /c %WINDIR%\Deleteme.bat
- Библиотека-обработчик для всех процессов: %WINDIR%\Help\CA7A4858FC44.DLl
- %WINDIR%\Deleteme.bat
- %WINDIR%\Help\CA7A4858FC44.eXe
- %WINDIR%\Help\CA7A4858FC44.DLl
- %WINDIR%\Help\CA7A4858FC44.DLl
- %WINDIR%\Help\CA7A4858FC44.eXe