Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'openbatm' = '%WINDIR%\Config01\rm27.bat'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'openwinm' = '%WINDIR%\lsass.exe'
- Интерпретатора командной строки (CMD)
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFind' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRun' = '00000001'
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Policies\Microsoft\Windows\System" /v DisableCMD /t reg_dword /d 2 /f
- '<SYSTEM32>\reg.exe' add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v openwinm /d %WINDIR%\lsass.exe /f
- '<SYSTEM32>\reg.exe' add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v openbatm /d %WINDIR%\Config01\rm27.bat /f
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoFind /t reg_dword /d 1 /f
- '<SYSTEM32>\cmd.exe' /c %TEMP%\bt8252.bat <Полный путь к вирусу>
- '%WINDIR%\explorer.exe' %HOMEPATH%\mydocu~1
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRun /t reg_dword /d 1 /f
- %TEMP%\bt8252.bat
- %HOMEPATH%\Desktop\23september.txt
- <LS_APPDATA>\drivebersamabintang.wav
- <LS_APPDATA>\winconfigls.db
- <LS_APPDATA>\html.23
- %TEMP%\bt8252.bat
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''