Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Prokill' = '%WINDIR%\time\kill.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'ISMM' = '%WINDIR%\time\kill.exe'
- Диспетчера задач (Taskmgr)
- Редактора реестра (RegEdit)
- '<SYSTEM32>\reg.exe' add hkcu\software\microsoft\windows\currentversion\policies\system /v "disableregistrytools" /t reg_dword /d "1" /f
- '<SYSTEM32>\reg.exe' import reg.reg
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\selfdel0.bat" "
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\batfile.bat" "
- '<SYSTEM32>\reg.exe' add HKLM\Software\Microsoft\Windows\CurrentVersion\Runonce /v "ISMM" /t REG_SZ /d "%WINDIR%\time\kill.exe" /f
- '<SYSTEM32>\reg.exe' add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "Prokill" /t REG_SZ /d "%WINDIR%\time\kill.exe" /f
- %TEMP%\selfdel0.bat
- %TEMP%\1.tmp\reg.reg
- %TEMP%\1.tmp\batfile.bat
- %TEMP%\1.tmp\batfile.bat