Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%WINDIR%\AppPatch\wscntfy.exe,%WINDIR%\help\svchost.exe'
- '%WINDIR%\mouse.exe'
- '%WINDIR%\AppPatch\wscntfy.exe'
- '%WINDIR%\my_facebook_photo.exe'
- '%WINDIR%\unlock.exe' x lock.rar -o+ -p112233
- '<SYSTEM32>\ping.exe' -n 5 127.1
- %WINDIR%\run.bat
- %WINDIR%\mouse.exe
- %WINDIR%\AppPatch\wscntfy.exe
- %WINDIR%\my_facebook_photo.exe
- %WINDIR%\unlock.exe
- %WINDIR%\lock.rar
- ClassName: 'M0zilla/5.0' WindowName: '%WINDIR%\mouse.exe'
- ClassName: 'M0zilla/5.0' WindowName: '%WINDIR%\AppPatch\wscntfy.exe'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'