Техническая информация
- %WINDIR%\win.ini
- [<HKLM>\System\CurrentControlSet\Services\winupdate] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\winupdate] 'ImagePath' = '%WINDIR%\winupdate.exe'
- 'winupdate' %WINDIR%\winupdate.exe
- ClassName: 'AVP.AlertDialog', WindowName: 'Ö÷¶¯·ÀÓù ÐÅÏ¢'
- ClassName: 'AVP.AlertDialog', WindowName: 'Ö÷¶¯·ÀÓù ¾¯±¨'
- %TEMP%\winpop.ini
- %WINDIR%\syswow64\37211.dll
- %WINDIR%\winupdate.exe
- %WINDIR%\syswow64\sncool.scr
- C:\win_pop_flag_1__1.bat
- %WINDIR%\syswow64\37211.dll
- %WINDIR%\winupdate.exe
- ClassName: 'MS_WINHELP' WindowName: ''
- '%WINDIR%\winupdate.exe'
- '%WINDIR%\syswow64\cmd.exe' /c c:\win_pop_flag_1__1.bat' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c c:\win_pop_flag_1__1.bat