Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifcCsSk] 'Logon' = 'o'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifcCsSk] 'DllName' = 'iifcCsSk.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{663656DF-6BAE-460C-A612-8133DF519346}' = ''
- <SYSTEM32>\cmd.exe /c "%TEMP%\removalfile.bat" "<Полный путь к вирусу>"
- <SYSTEM32>\winlogon.exe
- %TEMP%\removalfile.bat
- <SYSTEM32>\iifcCsSk.dll