Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{E90C597D-6ACB-4292-ACEC-9071DF91010F}' = ''
- %TEMP%\SETUP.EXE
- <SYSTEM32>\sc.exe config NOD32krn start= disabled
- <SYSTEM32>\net1.exe STOP "Windows Firewall/Internet Connection Sharing (ICs)"
- <SYSTEM32>\taskkill.exe /im egui.exe /f
- <SYSTEM32>\taskkill.exe /im nod32kui.exe /f
- <SYSTEM32>\taskkill.exe /im NOD32krn.exe /f
- <SYSTEM32>\net1.exe STOP sYSTEM Restore Service
- <SYSTEM32>\net.exe STOP sYSTEM Restore Service
- <SYSTEM32>\net.exe STOP "Windows Firewall/Internet Connection Sharing (ICs)"
- <SYSTEM32>\net.exe stop "Security Center"
- <SYSTEM32>\net1.exe stop "Security Center"
- <SYSTEM32>\taskkill.exe /im ekrn.exe /f
- <SYSTEM32>\sc.exe config ekrn start= disabled
- Библиотека-обработчик для всех процессов: %WINDIR%\live32.dll
- ekrn.exe
- 360tray.exe
- %WINDIR%\live32.dll
- <SYSTEM32>\winlive.exe
- %TEMP%\SETUP.EXE
- из <Полный путь к вирусу> в C:\NTDUBECT.EXE
- ClassName: '' WindowName: ''