Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Hiboy' = 'c:\hal.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'HiGirl' = '%WINDIR%\De'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Ka-Boom~' = 'c:\ntldr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'DamnWang' = 'c:\temp\temp\'
- '<SYSTEM32>\conhost.exe' /c md %WINDIR%\Debug\aBug\aBigBug\aVeryBigBug\aSeriousBigBug\Trojan\Worm\Virus\Hide\Forbidden\invaild\drivepath\haha\joke\
- %TEMP%\~DF4EF85AA3D46336D0.TMP
- %TEMP%\~DF4EF85AA3D46336D0.TMP