Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'run32' = '<SYSTEM32>\rundl32.exe'
- %WINDIR%\Tasks\rcxsrv.job
- '%WINDIR%\setup.exe'
- '<SYSTEM32>\schtasks.exe' /create /ru system /sc minute /mo 3 /tn rcxsrv /tr %WINDIR%\system\winlogon.exe
- '<SYSTEM32>\reg.exe' add HKLM\software\microsoft\windows\currentversion\run /v run32 /d "<SYSTEM32>\rundl32.exe" /f
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\xcopy.exe' "%WINDIR%\system\*.asd" "%WINDIR%\system\*.exe"
- '<SYSTEM32>\xcopy.exe' "<SYSTEM32>\*.asd" "<SYSTEM32>\*.exe"
- '<SYSTEM32>\schtasks.exe' /create /ru system /sc co_minutк /mo 3 /tn rcxsrv /tr %WINDIR%\system\winlogon.exe
- <SYSTEM32>\rundl32.asd
- <SYSTEM32>\rundl32.exe
- <SYSTEM32>\rundl32.p1
- <SYSTEM32>\rundl32.p2
- <SYSTEM32>\system32.dll
- %PROGRAM_FILES%\Outlook Express\wsock32.dll
- %WINDIR%\setup.exe
- %PROGRAM_FILES%\Internet Explorer\wsock32.dll
- %PROGRAM_FILES%\Messenger\wsock32.dll
- %WINDIR%\rcx.p1
- %WINDIR%\rcx.p2
- %WINDIR%\cpp7.ini
- <SYSTEM32>\libeax.dll
- %WINDIR%\system\winlogon.p1
- %WINDIR%\system\winlogon.asd
- %WINDIR%\system\winlogon.exe
- %WINDIR%\system\winlogon.p2
- %WINDIR%\rcx7
- ClassName: 'Shell_TrayWnd' WindowName: ''