Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svchostx.exe' = '%WINDIR%\svchostx.exe'
- %WINDIR%\Tasks\At2.job
- %WINDIR%\Tasks\At1.job
- <SYSTEM32>\at.exe 9:00am /every:M,T,W,Th,F,S,Su %WINDIR%\system\sysdata.exe
- <SYSTEM32>\reg.exe delete HKEY_CURRENT_USER\Software\Paltalk /f
- <SYSTEM32>\at.exe 9:00pm /every:M,T,W,Th,F,S,Su %WINDIR%\system\sysdata.exe
- <SYSTEM32>\reg.exe add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v svchostx.exe /t reg_sz /d %WINDIR%\svchostx.exe
- <SYSTEM32>\at.exe /delete /y
- [<HKCU>\Software\Paltalk]
- %WINDIR%\system\sysdata.exe
- %WINDIR%\svchostx.exe