Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'newUserProfile' = ''
- [<HKLM>\SOFTWARE\Classes\CryptAPP\shell\Open\Command] '' = '%PROGRAM_FILES%\Internet Explorer\index.bat'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lass' = ''
- %HOMEPATH%\Start Menu\Programs\Startup\Shortcut to startup_local.lnk.coderksu@gmail_com_id392
- '<SYSTEM32>\cmd.exe' /c "%PROGRAM_FILES%\Internet Explorer\index.bat"
- '<SYSTEM32>\reg.exe' delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v lass /f
- '<SYSTEM32>\reg.exe' ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v newUserProfile /t REG_EXPAND_SZ /d "%PROGRAM_FILES%\Internet Explorer\index.bat" /f
- '<SYSTEM32>\cmd.exe' /c <Текущая директория>\\kill.bat
- '<SYSTEM32>\cmd.exe' /c ..bat
- '<SYSTEM32>\ping.exe' 127.0.0.1
- '<SYSTEM32>\reg.exe' ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v lass /t REG_EXPAND_SZ /d "<Полный путь к вирусу>" /f
- <Текущая директория>\kill.bat
- %PROGRAM_FILES%\Internet Explorer\index.bat
- <Текущая директория>\..bat
- %PROGRAM_FILES%\Internet Explorer\finish.lass.html
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''