Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\systment] 'DLLName' = '%WINDIR%\system\Lcomres.dat'
- '<SYSTEM32>\neorst.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen <SYSTEM32>\exerfor.jpg
- C:\del42b33.bat
- %WINDIR%\system\sysnames.sys
- %WINDIR%\system\Lin.log
- %WINDIR%\system\ExeWen.exe
- %HOMEPATH%\Recent\system32.lnk
- %HOMEPATH%\Recent\exerfor.lnk
- %WINDIR%\system\Lcomres.dat
- <SYSTEM32>\exerfor.jpg
- <SYSTEM32>\neorst.exe
- C:\5.ini
- %WINDIR%\system\Sting.log
- %WINDIR%\system\Baidog.dat
- %WINDIR%\system\Lin.log
- %WINDIR%\system\ExeWen.exe
- C:\5.ini
- %WINDIR%\system\Lcomres.dat
- %WINDIR%\system\Sting.log
- %WINDIR%\system\sysnames.sys
- <SYSTEM32>\neorst.exe
- C:\5.ini
- ClassName: '(null)' WindowName: '????????????????'
- ClassName: '(null)' WindowName: '????????????'
- ClassName: '(null)' WindowName: '360????????'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: '(null)'