Техническая информация
- [<HKLM>\SOFTWARE\Classes\bootmgr\shell\open\command] '' = '%PROGRAM_FILES%\Internet Explorer\SIGNUP\bootmgr.com "%1"'
- <SYSTEM32>\dumprep.exe 2872 -dm 7 7 %TEMP%\WEReab9.dir00\svchost.exe.hdmp 16325836412027140
- <SYSTEM32>\rundll32.exe <SYSTEM32>\sysdm.cpl,NoExecuteProcessException <SYSTEM32>\svchost.exe
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\dumprep.exe 2872 -dm 7 7 %TEMP%\WEReab9.dir00\svchost.exe.mdmp 16325836412027120
- <SYSTEM32>\svchost.exe
- %TEMP%\WEReab9.dir00\appcompat.txt
- %TEMP%\WEReab9.dir00\manifest.txt
- %TEMP%\WEReab9.dir00\svchost.exe.hdmp
- %WINDIR%\$NtUninstallKB5878878958745$\desktop.lnl
- %TEMP%\WEReab9.dir00\svchost.exe.mdmp
- из <Полный путь к вирусу> в %PROGRAM_FILES%\Internet Explorer\SIGNUP\bootmgr.com
- ClassName: 'Shell_TrayWnd' WindowName: ''