Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'remotecontrol' = '<SYSTEM32>\<Имя вируса>.exe'
- '<SYSTEM32>\saomiao1.exe'
- '<SYSTEM32>\net.exe' stop McShield
- '<SYSTEM32>\net1.exe' stop KWatchsvc
- '<SYSTEM32>\net.exe' stop KWatchsvc
- '<SYSTEM32>\net1.exe' stop McShield
- '<SYSTEM32>\net1.exe' stop "Norton AntiVirus Server"
- '<SYSTEM32>\net.exe' stop "Norton AntiVirus Server"
- '<SYSTEM32>\ping.exe' 127.1 -n 5
- '<SYSTEM32>\net1.exe' stop KPfwSvc
- '<SYSTEM32>\net.exe' stop sharedaccess
- '<SYSTEM32>\net1.exe' stop wscsvc
- '<SYSTEM32>\net.exe' stop wscsvc
- '<SYSTEM32>\net1.exe' stop sharedaccess
- '<SYSTEM32>\net.exe' stop KPfwSvc
- '<SYSTEM32>\sc.exe' config wscsvc start= disabled
- '<SYSTEM32>\sc.exe' config sharedaccess start= disabled
- <SYSTEM32>\<Имя вируса>.exe
- C:\sys.bat
- <SYSTEM32>\saomiao1.exe
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''