Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'csrcs' = '%WINDIR%\smit.dll.vbs'
- <SYSTEM32>\reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "csrcs" /t REG_SZ /d "%WINDIR%\smit.dll.vbs" /f
- <SYSTEM32>\attrib.exe +a +s +h +r %WINDIR%\System\XIL.bat
- <SYSTEM32>\attrib.exe +a +s +h +r C:\RECYCLER\J-1-2-34-000000AAAA-11111111111-5555555555-111
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\$trans$.bat" "
- <SYSTEM32>\attrib.exe +a +s +h +r Desktop.vbs
- %WINDIR%\system\XIL.bat
- %WINDIR%\smit.dll.vbs
- %WINDIR%\system\XIL.dll
- %TEMP%\1.tmp\$trans$.bat
- C:\RECYCLER\J-1-2-34-000000AAAA-11111111111-5555555555-111\desktop.ini
- %WINDIR%\system\XIL.bat
- %TEMP%\1.tmp\$trans$.bat