Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- 'C:\ProgramData\TC\Trial.exe'
- 'C:\ProgramData\TC\TC.exe'
- '%TEMP%\IXP000.TMP\rundll32.exe'
- '<SYSTEM32>\ping.exe' -n 0 127.0.0.1
- '<SYSTEM32>\cmd.exe' /c %TEMP%\scratch.bat
- %HOMEPATH%\Templates\excel.xls .tc
- %HOMEPATH%\Templates\winword2.doc .tc
- %HOMEPATH%\Templates\winword.doc .tc
- %HOMEPATH%\Templates\powerpnt.ppt .tc
- %APPDATA%\Microsoft\Internet Explorer\brndlog.txt .tc
- %HOMEPATH%\Templates\excel4.xls .tc
- C:\ProgramData\TC\Locked.tc
- C:\ProgramData\TC\TC.exe
- %TEMP%\aut1.tmp
- %TEMP%\IXP000.TMP\rundll32.exe
- %TEMP%\scratch.bat
- C:\ProgramData\TC\Trial.exe
- %TEMP%\aut2.tmp
- %TEMP%\IXP000.TMP\rundll32.exe
- C:\ProgramData\TC\TC.exe
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'