Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ATI Technologi' = 'C:\ATI\Drivers\ETC\svhost.exe -LM'
- 'C:\ATI\Drivers\ETC\guarg.exe'
- '<SYSTEM32>\xcopy.exe' guarg.exe C:\ATI\Drivers\ETC\ /y /h
- '%WINDIR%\regedit.exe' /S autorun.reg
- '<SYSTEM32>\ping.exe' 1.1.1.1 -n 1 -w 5000
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\go.cmd" "
- '<SYSTEM32>\xcopy.exe' svhost.exe C:\ATI\Drivers\ETC\ /y /h
- '<SYSTEM32>\xcopy.exe' stearn.exe C:\ATI\Drivers\ETC\ /y /h
- C:\ATI\Drivers\ETC\svhost.exe
- %TEMP%\1.tmp\autorun.reg
- C:\ATI\Drivers\ETC\guarg.exe
- C:\ATI\Drivers\ETC\stearn.exe
- %TEMP%\1.tmp\guarg.exe
- %TEMP%\1.tmp\go.cmd
- %TEMP%\1.tmp\svhost.exe
- %TEMP%\1.tmp\stearn.exe
- %TEMP%\1.tmp\go.cmd
- ClassName: '(null)' WindowName: '???? ? Steam'
- ClassName: '(null)' WindowName: 'Steam'
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'