Техническая информация
- '<SYSTEM32>\reg.exe' Delete HKCR\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace /f
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\wd.bat" "
- '<SYSTEM32>\reg.exe' Delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace /f
- '<SYSTEM32>\reg.exe' Add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\ /ve /f
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\wscript.exe' "%WINDIR%\Temp\ialxoktb.vbe"
- '<SYSTEM32>\wscript.exe' "%WINDIR%\Temp\ialxokta.vbe"
- '<SYSTEM32>\wscript.exe' "%WINDIR%\Temp\ialxoktc.vbe"
- '<SYSTEM32>\wscript.exe' "%WINDIR%\Temp\pag4.vbe"
- '<SYSTEM32>\wscript.exe' "%WINDIR%\Temp\pag5.vbe"
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoInternetIcon' = '00000001'
- %WINDIR%\Temp\pag4.vbe
- %TEMP%\wd.bat
- %TEMP%\ЎѕBTЦЦЧУґу¶УЎї.torrent
- %WINDIR%\Temp\pag5.vbe
- %WINDIR%\Temp\ialxokta.vbe
- %WINDIR%\Temp\ialxoktb.vbe
- %WINDIR%\Temp\ialxoktc.vbe
- %WINDIR%\Temp\pag4.vbe
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- <SYSTEM32>\PerfStringBackup.TMP
- %WINDIR%\Temp\pag5.vbe
- %WINDIR%\Temp\ialxokta.vbe
- %WINDIR%\Temp\ialxoktb.vbe
- %WINDIR%\Temp\ialxoktc.vbe
- ClassName: 'Shell_TrayWnd' WindowName: ''