Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'tempdel' = '%WINDIR%\tempdel.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'monitor' = '%WINDIR%\monitor_power.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'sndhold' = '%WINDIR%\sndhold.exe.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'dxweb' = '%WINDIR%\auto.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'regres' = '%WINDIR%\regres.exe'
- <SYSTEM32>\logonui.exe /status /shutdown
- %WINDIR%\regedit.exe /s <Текущая директория>\TWEAK.REG
- <SYSTEM32>\winlogon.exe в <SYSTEM32>\winlogon.bak
- <SYSTEM32>\dllcache\winlogon.exe в <SYSTEM32>\dllcache\winlogon.bak
- ClassName: 'StatusWindowClass' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''