Техническая информация
- %WINDIR%\Tasks\MsUpdateTask.job
- [<HKLM>\SYSTEM\ControlSet001\Services\prtrege] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\Schedule] 'Start' = '00000002'
- <SYSTEM32>\rundll32.exe "%TEMP%\nsv3.tmp\BackOperHelper.dll",CloseExistedDllByRundll32 %WINDIR%\winsn4.dll
- %WINDIR%\winsn4.dll
- <DRIVERS>\prtrege.sys
- %WINDIR%\prtrege.sys
- %TEMP%\nsq2.tmp
- %TEMP%\nsv3.tmp\BackOperHelper.dll