Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows32' = '<Полный путь к вирусу>'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'L0G0N' = 'C:\logon.exe'
- Редактора реестра (RegEdit)
- <SYSTEM32>\reg.exe add hkcu\software\microsoft\windows\currentversion\policies\system /v disableregistrytools /t reg_dword /d "1" /f
- [<HKCU>\Software\Microsoft\MessengerService]
- C:\logon.exe
- ClassName: '' WindowName: 'anti'
- ClassName: '' WindowName: 'Admin'
- ClassName: '' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''