Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'My Baby' = '<Полный путь к вирусу>'
- скрытых файлов
- расширений файлов
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFolderOptions' = '00000001'
- %WINDIR%\Installer\My Baby.exe
- %WINDIR%\Installer\$PatchCache$\My Baby.exe
- %WINDIR%\pchealth\My Baby.exe
- %WINDIR%\addins\My Baby.exe
- C:\Win32x\my baby.exe
- C:\autorun.inf
- %WINDIR%\Installer\$PatchCache$\Managed\My Baby.exe
- <SYSTEM32>\Restore\My Baby.exe
- <SYSTEM32>\My Baby.exe
- <DRIVERS>\My Baby.exe
- C:\My Baby.exe
- %WINDIR%\My Baby.exe
- %WINDIR%\system\My Baby.exe
- %WINDIR%\security\My Baby.exe
- <DRIVERS>\etc\My Baby.exe
- <SYSTEM32>\Microsoft\My Baby.exe
- %WINDIR%\Installer\My Baby.exe
- %WINDIR%\addins\My Baby.exe
- %WINDIR%\pchealth\My Baby.exe
- %WINDIR%\Installer\$PatchCache$\My Baby.exe
- C:\Win32x\my baby.exe
- <SYSTEM32>\Restore\My Baby.exe
- %WINDIR%\Installer\$PatchCache$\Managed\My Baby.exe
- %WINDIR%\security\My Baby.exe
- <SYSTEM32>\My Baby.exe
- %WINDIR%\My Baby.exe
- C:\My Baby.exe
- <DRIVERS>\My Baby.exe
- %WINDIR%\system\My Baby.exe
- <SYSTEM32>\Microsoft\My Baby.exe
- <DRIVERS>\etc\My Baby.exe