Техническая информация
- [<HKLM>\SOFTWARE\Classes\wab_auto_file\shell\open\command] '' = ''
- <SYSTEM32>\reg.exe delete "HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components\{42043D46-B82E-01DB-6A18-A5CA5B146F70}" /f
- <SYSTEM32>\rundll32.exe advpack.dll,LaunchINFSection %ALLUSERSPROFILE%\Application Data\InstallShield\qss201107\qss201107.inf,DefaultInstall
- <SYSTEM32>\cmd.exe /c "%ALLUSERSPROFILE%\Application Data\InstallShield\qss201107\qss201107.bat"
- <SYSTEM32>\rundll32.exe %ALLUSERSPROFILE%\Application Data\InstallShield\qss201107\wab32res.dll,MainWork <Полный путь к вирусу>
- <SYSTEM32>\rundll32.exe %ALLUSERSPROFILE%\Application Data\InstallShield\qss201107\wab32res.dll,ProtectIt 2820
- %ALLUSERSPROFILE%\Application Data\InstallShield\qss201107\qss201107.int
- %ALLUSERSPROFILE%\Application Data\InstallShield\qss201107\qss201107.lnk
- %ALLUSERSPROFILE%\Application Data\InstallShield\qss201107\wab32res.dll
- %ALLUSERSPROFILE%\Application Data\InstallShield\qss201107\qss201107.exe
- %ALLUSERSPROFILE%\Application Data\InstallShield\qss201107\qss201107.wab
- ClassName: 'Shell_TrayWnd' WindowName: ''