Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'lsassv' = '%WINDIR%\lsassv.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'msrpc' = '%WINDIR%\msrpc.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] 'winsys' = '%WINDIR%\winsys.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winsys' = '%WINDIR%\winsys.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'winsys' = '%WINDIR%\winsys.exe'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\AdobeGammaLoader.scr
- [<HKLM>\SYSTEM\ControlSet001\Services\winsys] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\winsys] 'ImagePath' = '%WINDIR%\winsys.exe'
- %WINDIR%\regedit.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<Полный путь к вирусу>' = '<Полный путь к вирусу>:*:Enabled:System Update'
- ClassName: '' WindowName: 'Windows File Protection'
- %WINDIR%\msrpc.exe
- %WINDIR%\calc.exe
- %WINDIR%\regedit2.exe
- %WINDIR%\winsys.exe
- %WINDIR%\mui\rctfd.sys
- %WINDIR%\lsassv.exe
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: '?????? ?????? Windows'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Button' WindowName: ''