Техническая информация
- %TEMP%\1.tmp\nircmdc.rkexe win close stitle "Enterprise Suite" win close stitle "Security Central" win close stitle "Antivirus Soft" win close stitle "Security Tool"
- %TEMP%\1.tmp\pev.rkexe -k "%HOMEPATH%\*" -k "%ALLUSERSPROFILE%\*" -k * -preg#[0-9]+\.exe$# -k antispyshield.exe f -k winlogon32.exe plist -k restore.exe -k smss32.exe
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\rkill.bat""
- fsav32.exe
- miranda32.exe
- msn6.exe
- AVGCC32.EXE
- AVP32.EXE
- drweb386.exe
- %TEMP%\1.tmp\nircmd.chm
- %TEMP%\1.tmp\sed.rkexe
- %TEMP%\rkill.log
- %TEMP%\rks1.log
- C:\rkill.log
- %TEMP%\1.tmp\rkill.reg
- %TEMP%\1.tmp\nircmd.rkexe
- %TEMP%\1.tmp\rkill.bat
- %TEMP%\1.tmp\nircmdc.rkexe
- %TEMP%\1.tmp\proc.dat
- %TEMP%\1.tmp\pev.rkexe