Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'system' = '%CommonProgramFiles%\system\lsass.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = '<SYSTEM32>\init.dll'
- <SYSTEM32>\userinit.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%CommonProgramFiles%\system\lsass.exe' = '%CommonProgramFiles%\system\lsass.exe:*:Enabled:LSASS'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\userinit.exe' = '<SYSTEM32>\userinit.exe:*:Enabled:Userinit'
- Cредство проверки системных файлов (SFC)
- '%CommonProgramFiles%\System\lsass.exe' <Полный путь к вирусу>
- '<SYSTEM32>\reg.exe' import c:\bkup.reg
- C:\log.txt
- %CommonProgramFiles%\System\lsass.exe
- %WINDIR%\system\userinit.exe
- 'localhost':1039
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: ''