Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft® Maintenance Scheduler' = '<SYSTEM32>\uni.exe'
- <SYSTEM32>\reg.exe delete "HKEY_CURRENT_USER\Software\TektonIT" /f
- <SYSTEM32>\reg.exe import remove.reg
- <SYSTEM32>\attrib.exe +h +s "C:\\Windows\System32\uni.exe"
- <SYSTEM32>\reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\Remote Manipulator System" /f
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\uninstaller.bat" "
- <SYSTEM32>\taskkill.exe /f /im rfusclient.exe
- <SYSTEM32>\taskkill.exe /f /im rutserv.exe
- %TEMP%\1.tmp\uni.exe
- <SYSTEM32>\uni.exe
- %TEMP%\1.tmp\uninstaller.bat
- %TEMP%\1.tmp\remove.reg
- <SYSTEM32>\uni.exe
- %TEMP%\1.tmp\uninstaller.bat
- %TEMP%\1.tmp\uni.exe
- %TEMP%\1.tmp\remove.reg
- ClassName: '' WindowName: ''