Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rundll32_9205_toolbar' = '%TEMP%\1.tmp\gone.bat'
- %HOMEPATH%\Start Menu\Programs\Startup\gone.bat
- <SYSTEM32>\net.exe stop sharedaccess
- <SYSTEM32>\net1.exe stop "security center"
- <SYSTEM32>\net.exe stop "security center"
- <SYSTEM32>\net1.exe stop sharedaccess
- <SYSTEM32>\net1.exe stop УSecurity CenterФ
- <SYSTEM32>\net.exe stop УSecurity CenterФ
- <SYSTEM32>\netsh.exe firewall set opmode mode-disable
- <SYSTEM32>\net.exe stop "WinDefend"
- <SYSTEM32>\reg.exe add "hklm\Software\Microsoft\Windows\CurrentVersion\Run" /v "rundll32_9205_toolbar" /t "REG_SZ" /d "%TEMP%\1.tmp\gone.bat" /f
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\gone.bat""
- <SYSTEM32>\net1.exe stop "WinDefend"
- <SYSTEM32>\net1.exe stop "wuauserv"
- <SYSTEM32>\net.exe stop "wuauserv"
- <SYSTEM32>\taskkill.exe /f /t /im "MSASCui.exe"
- %TEMP%\1.tmp\gone.bat
- ClassName: '' WindowName: ''