Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'vllhu' = '%HOMEPATH%\vllhu\14748.vbs'
- %HOMEPATH%\Start Menu\Programs\Startup\start.lnk
- скрытых файлов
- Диспетчера задач (Taskmgr)
- '%APPDATA%\svchost.exe'
- '%HOMEPATH%\vllhu\PHu.exe' oGH.BOX
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\vllhu\.vbs"
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFolderOptions' = '00000001'
- %HOMEPATH%\vllhu\60979.cmd
- %HOMEPATH%\vllhu\DiQM.EWD
- %APPDATA%\svchost.exe
- %HOMEPATH%\vllhu\14748.vbs
- %HOMEPATH%\vllhu\PHu.exe
- %HOMEPATH%\vllhu\yHgHlb.KUX
- %HOMEPATH%\vllhu\oGH.BOX
- %HOMEPATH%\vllhu\.vbs
- %HOMEPATH%\vllhu\14748.vbs
- %HOMEPATH%\vllhu\DiQM.EWD
- %HOMEPATH%\Start Menu\Programs\Startup\start.lnk
- %HOMEPATH%\vllhu\60979.cmd
- %HOMEPATH%\vllhu\PHu.exe
- %HOMEPATH%\vllhu\yHgHlb.KUX
- %HOMEPATH%\vllhu\oGH.BOX
- %HOMEPATH%\vllhu\.vbs
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'