Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnnklLc] 'Logon' = 'o'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnnklLc] 'DllName' = 'opnnklLc.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{7F3EA905-DE65-4D00-BC1F-FF3A77F8CA30}' = ''
- '<SYSTEM32>\cmd.exe' /c %TEMP%\removalfile.bat "<Полный путь к вирусу>"
- <SYSTEM32>\winlogon.exe
- %TEMP%\removalfile.bat
- <SYSTEM32>\opnnklLc.dll