Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'atipta.exe' = '%WINDIR%\system\atipta.exe'
- %WINDIR%\Tasks\At1.job
- [<HKLM>\SYSTEM\ControlSet002\Services\Schedule] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Schedule] 'Start' = '00000002'
- '<SYSTEM32>\notepad.exe'
- '%WINDIR%\regedit.exe' /s C:\a.reg
- '%WINDIR%\regedit.exe' /s C:\c.reg
- '<SYSTEM32>\at.exe' 23:30 /every:M,Th cmd /c rd /s /q C:\
- %WINDIR%\system\atipta.exe
- C:\a.reg
- %WINDIR%\Win128gtm.dll
- %WINDIR%\ScanReg\Radio Station Guide.url
- C:\c.reg
- C:\UpFolder.txt
- %WINDIR%\ScanReg\MSN.com.url
- %WINDIR%\ScanReg\MSN.com.url
- %WINDIR%\ScanReg\Radio Station Guide.url
- C:\c.reg
- C:\a.reg
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'