Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run] 'WindowsUpdate' = '%WINDIR%\igfxext.exe'
- %WINDIR%\Tasks\At2.job
- %WINDIR%\Tasks\At1.job
- '<SYSTEM32>\at.exe' /delete /y
- '<SYSTEM32>\at.exe' 19:1 %WINDIR%\check.bat
- '<SYSTEM32>\at.exe' 19:2 %WINDIR%\igfxext.exe
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\update.bat" "
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\winupdate.bat" "
- '<SYSTEM32>\tskill.exe' ravmon
- '<SYSTEM32>\attrib.exe' +h %WINDIR%\ver.ini
- %WINDIR%\check.bat
- %WINDIR%\ver.ini
- %WINDIR%\systmp.txt
- %WINDIR%\update.bat
- %WINDIR%\winupdate.bat
- %WINDIR%\igfxext.exe
- C:\VMPFull_Tencent.COM
- %WINDIR%\ver.ini
- %TEMP%\~DF1139.tmp
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'