Техническая информация
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\invis.vbs
- %WINDIR%\Tasks\Google Update.job
- <SYSTEM32>\chcp.com 1250
- <SYSTEM32>\schtasks.exe /create /tn "Google Update" /ru system /tr "cmd /c \"<SYSTEM32>\update.bat\"" /sc onlogon
- <SYSTEM32>\find.exe "XP"
- <SYSTEM32>\attrib.exe +h invis.vbs
- <SYSTEM32>\findstr.exe "REG_EXPAND_SZ"
- <SYSTEM32>\reg.exe query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /v "Common Startup"
- %WINDIR%\regedit.exe /s C:\searchIE.reg
- <SYSTEM32>\reg.exe delete "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes" /f
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\paragoogleexe.bat" "
- <SYSTEM32>\schtasks.exe /delete /tn "Google Update" /f
- %WINDIR%\regedit.exe /s C:\startpagechrome.reg
- <SYSTEM32>\find.exe /I "Path"
- C:\startpagechrome.reg
- <SYSTEM32>\searchIE.reg
- %TEMP%\1.tmp\paragoogleexe.bat
- C:\searchIE.reg
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\invis.vbs
- C:\startpagechrome.reg
- C:\searchIE.reg
- ClassName: 'RegEdit_RegEdit' WindowName: ''