Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe,<SYSTEM32>\Iehelp.exe'
- '<SYSTEM32>\cacls.exe' InternetббExplorer.lnk /e /c /r %USERNAME%s
- '<SYSTEM32>\reg.exe' delete HKEY_CLASSES_ROOT\piffile /v isshortcut /f
- '<SYSTEM32>\cacls.exe' InternetббExplorer.lnk /e /c /r %USERNAME%
- '<SYSTEM32>\reg.exe' delete HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} /f
- '<SYSTEM32>\cacls.exe' InternetббExplorer.lnk /e /c /p everyone:r
- '<SYSTEM32>\attrib.exe' +r InternetббExplorer.lnk
- '<SYSTEM32>\cmd.exe' /c baohu.bat
- '<SYSTEM32>\reg.exe' delete HKEY_CLASSES_ROOT\lnkfile /v isshortcut /f
- '<SYSTEM32>\cmd.exe' /c qingli.bat
- <SYSTEM32>\qingli.bat
- C:\ans.txt
- <SYSTEM32>\baohu.bat
- %PROGRAM_FILES%\Internet Explorer\iexp1ore.exe
- %TEMP%\~DF187F.tmp
- ClassName: 'Progman' WindowName: 'Program Manager'