Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svchostx.exe' = '%WINDIR%\svchostx.exe'
- %WINDIR%\Tasks\At1.job
- '<SYSTEM32>\at.exe' 9:00pm /every:M,T,W,Th,F,S,Su %WINDIR%\system\sysdata.exe
- '<SYSTEM32>\at.exe' /delete /y
- '<SYSTEM32>\reg.exe' add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v svchostx.exe /t reg_sz /d %WINDIR%\svchostx.exe
- %WINDIR%\system\sysdata.exe
- %WINDIR%\svchostx.exe
- %WINDIR%\Tasks\At1.job