Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef] 'DllName' = '%PROGRAM_FILES%\GbPlugin\gbiehCef.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef] 'Startup' = 'GbPluginEventStartup'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'iGB<Имя вируса>.exe' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{E37CB5F0-51F5-4395-A808-5FA49E399003}' = 'GbPlugin ShlObj'
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\GbPlugin\gbiehCef.dll"
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\GbPlugin\gbpdist.dll"
- '<SYSTEM32>\cmd.exe' /c ""<Текущая директория>\regs.bat" "
- '<SYSTEM32>\cmd.exe' /c ""<Текущая директория>\boot.bat" "
- <SYSTEM32>:ACA3E6D8_Cef.gbp
- <DRIVERS>:GbpKmAp.lst
- %ALLUSERSPROFILE%\Application Data\GbPlugin\Cef\Cef.gdt
- %ALLUSERSPROFILE%\Application Data\GbPlugin\Cef\00000B04.tmp
- %PROGRAM_FILES%\GbPlugin\Cef.gpc
- %PROGRAM_FILES%\GbPlugin\gbpdist.dll
- %PROGRAM_FILES%\GbPlugin\gbiehCef.dll
- <Текущая директория>\boot.bat
- <Текущая директория>\regs.bat
- %ALLUSERSPROFILE%\Application Data\GbPlugin\Cef\00000B04.tmp