Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'initinfo' = '<SYSTEM32>\initinfo.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ctlmon' = '<SYSTEM32>\ctlmon.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'explore' = '<SYSTEM32>\explore.exe'
- <Имя диска съемного носителя>:\Cinta.doc.exe
- [<HKCU>\Software\Microsoft\Internet Explorer\Main] 'Window Title' = 'Infected by GoKiLL ... ^^v ...'
- <SYSTEM32>\initinfo.exe
- <SYSTEM32>\ctlmon.exe
- <SYSTEM32>\explore.exe
- ClassName: '' WindowName: 'GoKiLL was Load'