Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccleaner.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GG.exe] 'Debugger' = 'ntsd -d'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe] 'Debugger' = 'ntsd -d'
- '%WINDIR%\regedit.exe' /s %WINDIR%\Kolombo.reg
- '%WINDIR%\regedit.exe' /s %WINDIR%\Klwfbs!.reg
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\Klwfbs!.bat" "
- %WINDIR%\kolombo.reg
- %WINDIR%\tapetka.bmp
- %WINDIR%\Klwfbs!.bat
- %WINDIR%\Klwfbs!.reg
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'