Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MB_virus' = 'c:\MB_virus.bat'
- [<HKCU>\Software\Microsoft\Command Processor] 'AutoRun' = 'c:\MB_virus.bat'
- '<SYSTEM32>\find.exe' /i "far.exe"
- '<SYSTEM32>\find.exe' /i "avz.exe"
- '<SYSTEM32>\reg.exe' IMPORT c:\MB_virus.pIu
- '<SYSTEM32>\find.exe' /i "totalcmd.exe"
- '<SYSTEM32>\attrib.exe' +h c:\MB_virus.bat
- '<SYSTEM32>\find.exe' "MB_virus"
- '<SYSTEM32>\tasklist.exe'
- '<SYSTEM32>\reg.exe' add "HKCU\SOFTWARE\Microsoft\Command Processor" /v AutoRun /t REG_SZ /d "c:\MB_virus.bat" /f
- C:\MB_virus.MYh
- C:\MB_virus.pIu
- %TEMP%\~1.bat
- C:\MB_virus.bat
- C:\MB_virus.bat
- %TEMP%\~1.bat
- %TEMP%\~1.bat
- C:\MB_virus.pIu
- C:\MB_virus.MYh
- ClassName: 'Indicator' WindowName: '(null)'