Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Opera' = '%CommonProgramFiles%\System\Ole DB\System.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '%CommonProgramFiles%\System\Ole DB\System.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Opera' = '%TEMP%\RarSFX1\file.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '%TEMP%\RarSFX1\file.exe'
- %CommonProgramFiles%\System\Ole DB\System.exe
- %TEMP%\RarSFX1\file.exe
- %TEMP%\RarSFX0\sf.exe -prdtjhriit8hr798h6u596856e948h5gd9uhthgritludgh56908ed7745htiug4ihr47g58475gh4584754gt45tgh485tg
- %WINDIR%\explorer.exe
- <SYSTEM32>\reg.exe ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v System /t REG_SZ /d "%CommonProgramFiles%\System\Ole DB\System.exe" -y
- <SYSTEM32>\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t reg_dword /d 1 -y
- <SYSTEM32>\wscript.exe "%TEMP%\RarSFX0\stub.vbs"
- <SYSTEM32>\cmd.exe /c "%CommonProgramFiles%\System\Ole DB\..bat"
- <SYSTEM32>\ping.exe 127.0.0.1
- %WINDIR%\Explorer.EXE
- %CommonProgramFiles%\System\Ole DB\System.exe
- %CommonProgramFiles%\System\Ole DB\..bat
- %TEMP%\RarSFX1\file.exe
- %TEMP%\RarSFX0\stub.vbs
- %TEMP%\RarSFX0\sf.exe
- %TEMP%\RarSFX0\sf.exe
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: 'mrbelyashno'
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''