Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'runsoft' = '%WINDIR%\2.vbs'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'sysoft' = '%WINDIR%\3.vbs'
- [<HKLM>\SOFTWARE\Classes\InstallRite File\Shell\Open\Command] '' = '<Полный путь к вирусу> %1'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'mirosoft' = '%WINDIR%\1.vbs'
- %WINDIR%\Prefetch\XCOPY.EXE-21FC761A.pf
- %WINDIR%\Processus.exe
- %WINDIR%\ekrn.bat
- %WINDIR%\Prefetch\PROCESSUS.EXE-1981B5DD.pf
- %WINDIR%\system3.bat
- %TEMP%\41\iwt_registry.reg
- %WINDIR%\system1.bat
- %WINDIR%\system2.bat
- %TEMP%\41\Filelist.lst
- %TEMP%\41\delfile.lst
- %TEMP%\41\kit.opt
- %TEMP%\41\ver.txt
- %WINDIR%\3.vbs
- %WINDIR%\copy.bat
- %WINDIR%\1.vbs
- %WINDIR%\2.vbs
- %TEMP%\41\delfile.lst
- %WINDIR%\Prefetch\CMD.EXE-087B4001.pf
- %TEMP%\41\iwt_registry.reg
- %TEMP%\41\kit.opt
- %TEMP%\41\ver.txt
- %TEMP%\41\Filelist.lst