Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Norton antivirus scan' = '%WINDIR%\mss01.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'start bat file' = 'c:\autoexec.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MSMSGS' = '"%PROGRAM_FILES%\Messenger\msmsgs.exe" /background'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'office decryptfiles' = '<SYSTEM32>\msgr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'msmsgr' = '<Полный путь к вирусу>'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'bootlogfile' = '<SYSTEM32>\log boot.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'msmsg' = '%WINDIR%\wrgf.exe'
- [<HKCU>\Software\Microsoft\MessengerService]
- <SYSTEM32>\diskf.dll
- <SYSTEM32>\reginf.ret
- C:\io.dll
- %WINDIR%\sprocks.bmp
- C:\autoexec.exe
- %WINDIR%\wrgf.exe
- %WINDIR%\mss01.exe
- <SYSTEM32>\msgr.exe
- <SYSTEM32>\log boot.exe
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''