Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'ko' = 'c:\ko.vbs'
- '<SYSTEM32>\attrib.exe' -s -h -r c:\ok.vbs
- '<SYSTEM32>\reg.exe' delete "hkcu\software\microsoft\internet explorer\main" /v "Secondary Start Pages" /f
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /v ko /t reg_sz /d c:\ko.vbs /f
- '<SYSTEM32>\attrib.exe' +s +h +r c:\ko.vbs
- '<SYSTEM32>\cmd.exe' /c ""c:\ok.bat" "
- '<SYSTEM32>\wscript.exe' "c:\ok.vbs"
- '<SYSTEM32>\reg.exe' add "hkcu\software\microsoft\internet explorer\main" /v "default_page_url" /t reg_sz /d http://www.23##.com/?kw#### /f
- '<SYSTEM32>\reg.exe' add "hkcu\software\microsoft\internet explorer\main" /v "start page" /t reg_sz /d http://www.23##.com/?kw#### /f
- C:\bakup_xz\VERSION.XML
- C:\bakup_xz\OSIMAGEDLL.DLL
- C:\bakup_xz\WIMGAPI.DLL
- C:\ok.vbs
- C:\ok.bat
- C:\bakup_xz\MSVCP80.DLL
- C:\bakup_xz\MICROSOFT.VC80.CRT.MANIFEST
- C:\bakup_xz\MSVCR80.DLL
- C:\bakup_xz\OSIMAGE.INI
- C:\bakup_xz\OSIMAGE.EXE
- C:\ko.vbs
- C:\ok.vbs
- C:\ok.bat
- C:\ok.vbs в C:\ko.vbs
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'