Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\StreamLink] 'Start' = '00000002'
- %PROGRAM_FILES%\SpecialArchive.exe
- C:\LayerGoogle.exe rb <Полный путь к вирусу>
- <SYSTEM32>\reg.exe delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /F
- <SYSTEM32>\reg.exe delete HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318} /F
- <SYSTEM32>\cmd.exe /c "%PROGRAM_FILES%\XpathSpecial.bat"
- <SYSTEM32>\reg.exe delete HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318} /F
- %WINDIR%\LayerGoogle.exe
- %PROGRAM_FILES%\SpecialArchive.exe
- %PROGRAM_FILES%\XpathSpecial.bat
- C:\LayerGoogle.exe
- %PROGRAM_FILES%\StormII\stormSrv.exe
- ClassName: 'WGWWGWDBP' WindowName: 'iuuwsxplz'