Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'security' = '%WINDIR%\security\Database\winlogon.exe'
- %WINDIR%\Help\1.exe
- <SYSTEM32>\xcopy.exe /Q /C winlogon.exe %WINDIR%\security\Database\
- <SYSTEM32>\xcopy.exe /Q /C svrchost.exe <SYSTEM32>\
- <SYSTEM32>\xcopy.exe /Q /C system.exe <SYSTEM32>\
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\Help\rename.bat" "
- <SYSTEM32>\cmd.exe /c ""%ALLUSERSPROFILE%\Menu Iniciar\Programas\Inicializar\config.bat" "
- <SYSTEM32>\reg.exe add hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Run /v security /t REG_SZ /d "%WINDIR%\security\Database\winlogon.exe"
- %ALLUSERSPROFILE%\Menu Iniciar\Programas\Inicializar\svrchost.bat
- %ALLUSERSPROFILE%\Menu Iniciar\Programas\Inicializar\config.bat
- <SYSTEM32>\system.exe
- %ALLUSERSPROFILE%\Menu Iniciar\Programas\Inicializar\winlogon.bat
- %WINDIR%\Help\rename.bat
- %WINDIR%\Help\trojan_recs.jpg
- %ALLUSERSPROFILE%\Menu Iniciar\Programas\Inicializar\system.exe
- %WINDIR%\Help\1
- %ALLUSERSPROFILE%\Menu Iniciar\Programas\Inicializar\system.exe
- %WINDIR%\Help\1 в %WINDIR%\Help\1.exe
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''