Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe C:\RECYCLER\winlogon.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe C:\RECYCLER\winlogon.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\AutomaticUpdate.exe
- '<SYSTEM32>\reg.exe' add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v Shell /t REG_SZ /d "Explorer.exe C:\RECYCLER\winlogon.exe"
- '<SYSTEM32>\reg.exe' add "HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v Shell /t REG_SZ /d "Explorer.exe C:\RECYCLER\winlogon.exe"
- 'C:\RECYCLER\winlogon.exe'
- '<SYSTEM32>\cmd.exe' /c reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v Shell /t REG_SZ /d "Explorer.exe C:\RECYCLER\winlogon.exe"
- '<SYSTEM32>\cmd.exe' /c reg add "HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v Shell /t REG_SZ /d "Explorer.exe C:\RECYCLER\winlogon.exe"
- C:\RECYCLER\winlogon.exe
- %HOMEPATH%\Start Menu\Programs\Startup\AutomaticUpdate.exe
- C:\RECYCLER\winlogon.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''