Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'rundll32.exe' = 'rundll32.exe ldr.dll,Prkt'
- <SYSTEM32>\logonui.exe /status /shutdown
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\sdel.bat" "<Полный путь к вирусу>""
- %WINDIR%\ldr.dll
- %WINDIR%\sdel.bat
- %WINDIR%\fkgyr.sys
- <DRIVERS>\etc\host5
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'StatusWindowClass' WindowName: ''