Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Iygugc' = '%APPDATA%\Roaming\Microsoft\Windows\Iygugc.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Explorer Manager' = '%APPDATA%\Roaming\Update\Explorer.exe'
- '<SYSTEM32>\schtasks.exe' /query /tn "Windows Debugger"
- '<SYSTEM32>\schtasks.exe' /delete /tn "Windows Update Check - 0x6E0A0825" /f
- '<SYSTEM32>\mspaint.exe'
- '<SYSTEM32>\schtasks.exe' /CREATE /SC ONLOGON /TN "Windows Debugger" /TR "%APPDATA%\Roaming\update\Explorer.exe" /RL HIGHEST
- '<SYSTEM32>\schtasks.exe' /delete /tn "Windows Update Check - 0x5C000766" /f
- '<SYSTEM32>\calc.exe'
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\schtasks.exe' /delete /tn "Windows Update Check - 0x0E7302EC" /f
- '<SYSTEM32>\schtasks.exe' /delete /tn "Windows Update Check - 0x05860166" /f
- <SYSTEM32>\conhost.exe
- <SYSTEM32>\mspaint.exe
- %APPDATA%\Roaming\Microsoft\Windows\Iygugc.exe
- %TEMP%\c731200
- <SYSTEM32>\Tasks\Windows Debugger
- %APPDATA%\Roaming\Update\Explorer.exe
- %APPDATA%\Roaming\c731200
- DNS ASK dn#.##ftncsi.com
- DNS ASK n.##tys.ru
- DNS ASK ap#.##pmania.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''