Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'LoadAPPInit_DLLs' = '00000001'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = 'Ex4Protector.dll'
- '<SYSTEM32>\Ex4Protector.exe'
- '<SYSTEM32>\SetGshi.exe'
- <SYSTEM32>\Ex4Protector.dll
- <SYSTEM32>\Ex4Protector.exe
- <SYSTEM32>\Terminal.exe.exe
- <SYSTEM32>\SetGshi.exe
- <SYSTEM32>\YourDll\Ex4Protector.dll
- <SYSTEM32>\YourDll\Ex4Protector.exe
- <SYSTEM32>\YourDll\Terminal.exe.exe
- <SYSTEM32>\YourDll\Terminal.exe.exe
- <SYSTEM32>\YourDll\Ex4Protector.exe
- <SYSTEM32>\YourDll\Ex4Protector.dll
- ClassName: '' WindowName: 'Jmi8.com for Ex45Jmi8.exe'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''