Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe] 'Debugger' = 'Disabled'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Userinit.exe] 'Debugger' = 'Disabled'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'Run' = 'Winlock.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininit.exe] 'Debugger' = 'Disabled'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe] 'Debugger' = 'Disabled'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe] 'Debugger' = 'Disabled'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winlogon.exe] 'Debugger' = 'Disabled'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe] 'Debugger' = 'Disabled'
- '<SYSTEM32>\vssadmin.exe' delete shadows /For=C: /Quiet
- '<SYSTEM32>\cmd.exe' /c ""<Текущая директория>\Del2.bat" "
- <Текущая директория>\Drive.bin
- <Текущая директория>\Del2.bat
- из <Полный путь к вирусу> в <Текущая директория>\Winlock.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''