Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'kernel132' = 'c:\winnt\system32\kernel132.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'shell32' = '<SYSTEM32>\PoweMngt.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'system32' = '%WINDIR%\system\syst32.exe'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\chk32.exe
- <SYSTEM32>\PowerMgt.exe
- %WINDIR%\system\syst32.exe
- <SYSTEM32>\vbspy.ocx
- %WINDIR%\system\vbspy.ocx