Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Run_Around_C' = '%WINDIR%\Setup.exe'
- %WINDIR%\Tasks\Run_Around_C.job
- <SYSTEM32>\schtasks.exe /create /sc minute /mo 1 /tn Run_Around_C /ru System /tr "\"C:\Documents and Settings\Default User\Templates\RA [186CF09].exe\" \"<Полный путь к вирусу>\""
- <SYSTEM32>\schtasks.exe /delete /f /tn Run_Around_C
- %WINDIR%\Setup.exe
- C:\Documents and Settings\Default User\Templates\RA [186CF09].exe
- %WINDIR%\Setup.exe
- <Полный путь к вирусу>