Technical Information
- '%WINDIR%\syswow64\taskkill.exe' /IM winsvcn.exe /F
- '%WINDIR%\syswow64\taskkill.exe' /IM winvsn.exe /F
- %TEMP%\img trojaner cleaner.bat
- nul
- ClassName: '' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\IMG Trojaner Cleaner.bat""' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\IMG Trojaner Cleaner.bat""
- '%WINDIR%\syswow64\attrib.exe' -s -r -h "%APPDATA%\winsvcn.exe"
- '%WINDIR%\syswow64\attrib.exe' -s -r -h "%APPDATA%\winvsn.exe"
- '%WINDIR%\syswow64\attrib.exe' -s -r -h "C:\Users\Public\winsvcn.exe"
- '%WINDIR%\syswow64\attrib.exe' -s -r -h "C:\Users\Public\winvsn.exe"
- '%WINDIR%\syswow64\attrib.exe' -s -r -h "%WINDIR%\winsvncs.txt"
- '%WINDIR%\syswow64\reg.exe' delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows update manager" /f