Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\ntptdb] 'Start' = '00000002'
- %TEMP%\scm.exe start %ALLUSERSPROFILE%\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
- %TEMP%\scm.exe install %ALLUSERSPROFILE%\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
- %TEMP%\scm.exe stop %ALLUSERSPROFILE%\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
- %ALLUSERSPROFILE%\Application Data\Microsoft\Office\SYSTEM\scm13.exe
- %TEMP%\nsn3.tmp\System.dll
- %TEMP%\nsh2.tmp
- %TEMP%\nsn3.tmp\System.dll
- %TEMP%\scm.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\Office\SYSTEM\scm13.exe в %TEMP%\scm.exe