Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'File' = '%TEMP%\171020111002.cpl'
- %TEMP%\171020111002.cpl
- <SYSTEM32>\sc.exe STOP "avast! Web Scanner"
- <SYSTEM32>\sc.exe DELETE AVGWD
- <SYSTEM32>\sc.exe STOP "avast! Mail Scanner"
- <SYSTEM32>\cmd.exe /c %TEMP%\<Имя вируса>.bat
- <SYSTEM32>\sc.exe STOP "aswUpdSv
- <SYSTEM32>\sc.exe stop avg9wd
- <SYSTEM32>\sc.exe stop AVGIDSAgent
- <SYSTEM32>\sc.exe stop AVGWD
- <SYSTEM32>\sc.exe DELETE avg9wd
- <SYSTEM32>\sc.exe DELETE AVGIDSAgent
- %TEMP%\_thunbs2.db
- %TEMP%\<Имя вируса>.bat
- %TEMP%\171020111002.cpl
- ClassName: 'Indicator' WindowName: ''