Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'Explorer.exe <SYSTEM32>\whboy.exe'
- скрытых файлов
- <SYSTEM32>\whboy.exe
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\whboy.txt
- %WINDIR%\bak.exe
- <SYSTEM32>\whboy.exe
- <SYSTEM32>\whboy.txt
- %WINDIR%\bak.exe
- <SYSTEM32>\whboy.exe
- ClassName: 'TfrmMain' WindowName: ''
- ClassName: 'W*H*B*O*Y' WindowName: 'Xleo'
- ClassName: 'TKillqqv' WindowName: ''
- ClassName: 'TKfrm' WindowName: ''
- ClassName: '????????' WindowName: '????????'
- ClassName: 'TFrmMain' WindowName: '??????????'
- ClassName: 'W* H* B* O* Y' WindowName: 'Xleo'
- ClassName: 'whboy' WindowName: 'Xleo'
- ClassName: '#32770' WindowName: ''
- ClassName: '' WindowName: '???????????? KV2004??????????'
- ClassName: 'RavMonClass' WindowName: 'RavMon.exe'
- ClassName: '' WindowName: '.winscok IME'
- ClassName: '' WindowName: 'Symantec AntiVirus ??????'
- ClassName: 'Tapplication' WindowName: '????????????????'
- ClassName: 'TForm1' WindowName: ''
- ClassName: 'TfLockDownMain' WindowName: ''
- ClassName: 'ZAFrameWnd' WindowName: 'ZoneAlarm'