Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'PINF' = '%WINDIR%\svcs.exe'
- '<SYSTEM32>\attrib.exe' +r +s +h %WINDIR%\Installer\Jump
- '<SYSTEM32>\reg.exe' add "HKLM\Software\Microsoft\Windows NT\Winlogon" /v "Shell" /d "explorer.exe "%APPDATA%\Jump\fd.exe"" /t "REG_SZ"
- '<SYSTEM32>\reg.exe' add "HKLM\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /d "http://ji##min.com/forum.php" /t "REG_SZ"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\dfbv.bat""
- '<SYSTEM32>\reg.exe' add "HKLM\Software\Microsoft\Windows\Currentversion\Run" /v "PINF" /d "%WINDIR%\svcs.exe" /t "REG_SZ"
- '<SYSTEM32>\attrib.exe' +r +s +h %APPDATA%\Jump
- %WINDIR%\Installer\Jump\fd.exe
- %WINDIR%\svcs.exe
- %TEMP%\1.tmp\dfbv.bat