Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '' = '%WINDIR%\SYSTEM\KERNEL32.EXE'
- [<HKLM>\SYSTEM\ControlSet001\Services\DisplaySub] 'Start' = '00000002'
- %WINDIR%\system\KERNEL32.EXE NULL
- %WINDIR%\DisplaySub.exe -i
- <SYSTEM32>\notepad.exe c:\<Имя вируса>.Txt
- %WINDIR%\system\KERNEL32.EXE
- %WINDIR%\system\kernel12.dll
- %WINDIR%\DisplaySub.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''