Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'System' = 'mswin.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'nod32kui' = '4ever'
- [<HKLM>\SYSTEM\ControlSet002\Services\NOD32krn] 'ImagePath' = '4ever'
- [<HKLM>\SYSTEM\ControlSet001\Services\NOD32krn] 'ImagePath' = '4ever'
- расширений файлов
- <SYSTEM32>\mswin.exe
- <SYSTEM32>\net1.exe stop "Windows Firewall/Internet Connection Sharing (ICS)"
- <SYSTEM32>\net1.exe stop "mcshield"
- <SYSTEM32>\net1.exe stop "TrueVector Internet Monitor"
- <SYSTEM32>\wbem\wmiadap.exe /R /T
- <SYSTEM32>\taskkill.exe -f -t -im nod32krn.exe
- <SYSTEM32>\taskkill.exe -f -t -im nod32kui.exe
- <SYSTEM32>\net.exe stop "mcshield"
- <SYSTEM32>\net.exe stop "Norton Antivirus Auto Protect Service"
- <SYSTEM32>\net.exe stop "Windows Firewall/Internet Connection Sharing (ICS)"
- <SYSTEM32>\net1.exe stop "Norton Antivirus Auto Protect Service"
- <SYSTEM32>\net.exe stop "TrueVector Internet Monitor"
- <SYSTEM32>\mswin.exe
- <SYSTEM32>\mswin.exe
- %TEMP%\~DFBD42.tmp
- ClassName: '' WindowName: 'System Configuration Utility'
- ClassName: '' WindowName: 'microsoft windows xp 3'
- ClassName: '' WindowName: ''