Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'IgfxTray' = '%TEMP%\readme.exe'
- %WINDIR%\Tasks\erdnt.job
- '<SYSTEM32>\attrib.exe' +h z:\autorun.inf
- '<SYSTEM32>\attrib.exe' +h c:\autorun.inf
- '%WINDIR%\regedit.exe' /s %TEMP%\jeifdmse.reg
- '<SYSTEM32>\mode.com' con codepage select=866
- '<SYSTEM32>\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v IgfxTray /t REG_SZ /d "%TEMP%\readme.exe" /f
- '<SYSTEM32>\schtasks.exe' /create /sc hourly /mo 1 /tn "erdnt" /tr "%TEMP%\readme.exe" /ru System
- '<SYSTEM32>\net1.exe' user
- '<SYSTEM32>\mode.com' con codepage select=1251
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\readme.bat" "
- '<SYSTEM32>\net1.exe' localgroup Администраторы avp /add
- '<SYSTEM32>\net1.exe' user "avp" 1234567890 /add
- '<SYSTEM32>\find.exe' "avp"
- %TEMP%\jeifdmse.reg
- C:\autorun.inf
- %TEMP%\1.tmp\readme.bat
- %TEMP%\Windrv32.EJR
- C:\autorun.inf
- %TEMP%\1.tmp\readme.bat
- %TEMP%\jeifdmse.reg
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'