Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svchhost' = '%WINDIR%\svchhost.exe'
- Диспетчера задач (Taskmgr)
- <SYSTEM32>\attrib.exe +s +h +r %WINDIR%\svchhost.exe
- <SYSTEM32>\attrib.exe +s +h +r %WINDIR%\cmds.exe
- <SYSTEM32>\reg.exe add HKlm\Software\Microsoft\Windows\CurrentVersion\Policies\system /v disabletaskmgr /t REG_DWORD /d 1 /f
- <SYSTEM32>\reg.exe add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v svchhost /d %WINDIR%\svchhost.exe
- <SYSTEM32>\reg.exe add HKcU\Software\Microsoft\Windows\CurrentVersion\Policies\system /v disabletaskmgr /t REG_DWORD /d 1 /f
- %WINDIR%\cmds.exe
- %WINDIR%\svchhost.exe
- %WINDIR%\cmds.exe
- %WINDIR%\svchhost.exe