Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'xarvkrqt' = 'C:\aymlfgeo.bat'
- [<HKLM>\SYSTEM\ControlSet001\Services\xjrhdwcw] 'Start' = '00000000'
- 'C:\avenger.exe' /nogui/q/qq/s c:\avenger.txt
- '%WINDIR%\regedit.exe' /e C:\Avenger\1.reg "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\esqulserv.sys"
- '%WINDIR%\regedit.exe' /e C:\Avenger\2.reg "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uacd.sys"
- '<SYSTEM32>\cmd.exe' /c ""c:\a.cmd" "
- '<SYSTEM32>\cmd.exe' /c ""C:\avexport.bat" "
- <DRIVERS>\rnvnigxe.sys
- C:\avexport.bat
- C:\aymlfgeo.bat
- C:\zip.exe
- C:\a.cmd
- C:\Avenger.txt
- C:\Documents and Settings\qtcebase.txt
- C:\avenger.exe
- C:\Avenger.txt
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'