Техническая информация
- [<HKCU>\Software\Microsoft\Command Processor] 'AutoRun' = '"%APPDATA%\{EAD8C9EB-CE7E-1A35-C2EE-F26F5E13EB94}\logonui.exe"'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '"%APPDATA%\{EAD8C9EB-CE7E-1A35-C2EE-F26F5E13EB94}\logonui.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'logonui' = '"%APPDATA%\{EAD8C9EB-CE7E-1A35-C2EE-F26F5E13EB94}\logonui.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'logonui' = '"%APPDATA%\{EAD8C9EB-CE7E-1A35-C2EE-F26F5E13EB94}\logonui.exe"'
- %HOMEPATH%\Start Menu\Programs\Startup\logonui.lnk
- '%APPDATA%\{EAD8C9EB-CE7E-1A35-C2EE-F26F5E13EB94}\logonui.exe'
- '<SYSTEM32>\taskkill.exe' /t /f /im "<Имя вируса>.exe"
- '<SYSTEM32>\cmd.exe' /c taskkill /t /f /im "<Имя вируса>.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "<Полный путь к вирусу>" > NUL
- <SYSTEM32>\cmd.exe
- %TEMP%\Colombo
- %TEMP%\function.parens.xml
- %TEMP%\GBpc-EUC-V
- %TEMP%\Edge.mi
- %TEMP%\blue.svg
- %TEMP%\NsResize.dll
- %APPDATA%\{EAD8C9EB-CE7E-1A35-C2EE-F26F5E13EB94}\logonui.exe
- %TEMP%\Undercrest.e
- %TEMP%\nsa2.tmp\System.dll
- %TEMP%\adjmat.mpl
- %TEMP%\404-3.htm
- %TEMP%\KraitStole.rG6
- %TEMP%\env.bat
- %TEMP%\eventViewer.png
- %TEMP%\app_updater_table_bg.png
- %TEMP%\16ps.png
- %TEMP%\forums_icon.png
- %TEMP%\computer_server_tower.png
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''