Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svchost64' = 'c:\system64.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SVCHOST32' = 'c:\system64.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'System64' = 'c:\system64.exe'
- 'C:\system64.exe'
- '<SYSTEM32>\logonui.exe' /status
- '<SYSTEM32>\logoff.exe'
- '<SYSTEM32>\shutdown.exe' -s -t 10 -c "MOBARMEG + Mr.Dark Shark!!"
- <Текущая директория>\<Имя вируса>.reg
- %HOMEPATH%\ntuser.tmp
- C:\system64.reg
- C:\system64.exe
- %HOMEPATH%\ntuser.tmp
- %HOMEPATH%\ntuser.tmp
- C:\system64.exe
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'CSCHiddenWindow' WindowName: '(null)'
- ClassName: 'SysListView32' WindowName: '(null)'
- ClassName: 'StatusWindowClass' WindowName: '(null)'
- ClassName: 'Shell_traywnd' WindowName: ''
- ClassName: 'Button' WindowName: '(null)'