Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\wind0ws] 'Start' = '00000002'
- '<SYSTEM32>\reg.exe' ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wind0ws /v InstallModule /t REG_SZ /d "<Полный путь к вирусу>"
- '<SYSTEM32>\svchost.exe' -k netsvcs
- '<SYSTEM32>\reg.exe' ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wind0ws\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "%PROGRAM_FILES%\WindowsUpdate\wupdmgr32.dll"
- '<SYSTEM32>\taskkill.exe' /f /t /im KSafeTray.exe
- '<SYSTEM32>\reg.exe' ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wind0ws /v Description /t REG_SZ /d "Microsoft(R) Windows Update."
- %PROGRAM_FILES%\WindowsUpdate\wupdmgr32.dll
- %WINDIR%\ThankU.txt
- %PROGRAM_FILES%\WindowsUpdate\wupdmgr32.dll
- %WINDIR%\ThankU.txt
- 'xc##.3322.org':81
- DNS ASK xc##.3322.org
- ClassName: '' WindowName: ''