Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'KAV' = '<SYSTEM32>\sysads.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '<SYSTEM32>\sysads.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c8888}] 'StubPath' = '<SYSTEM32>\sysads.exe'
- <SYSTEM32>\sysads.exe
- <SYSTEM32>\attrib.exe -a -r -s -h "<Полный путь к вирусу>"
- <SYSTEM32>\cmd.exe /c auto.bat
- %WINDIR%\Explorer.EXE
- %WINDIR%\auto.bat
- <SYSTEM32>\sysads.exe
- <SYSTEM32>\sysads.dll