Technical Information
- %TEMP%\setup.exe
- %TEMP%\AntiSpam.exe
- <SYSTEM32>\attrib.exe -s -h -r "%WINDIR%\SysWOW64\cam_server.exe"
- <SYSTEM32>\attrib.exe -s -h -r "<SYSTEM32>\cam_server.exe"
- <SYSTEM32>\attrib.exe -s -h "%WINDIR%\SysWOW64\rserver30"
- <SYSTEM32>\attrib.exe -s -h "<SYSTEM32>\rserver30"
- <SYSTEM32>\taskkill.exe /f /im cam_server.exe
- <SYSTEM32>\net1.exe stop rserver3
- <SYSTEM32>\net.exe stop rserver3
- <SYSTEM32>\taskkill.exe /f /im r_server.exe
- <SYSTEM32>\taskkill.exe /f /im rserver3.exe
- <SYSTEM32>\net1.exe stop "Service Host Controller"
- <SYSTEM32>\net.exe stop "Service Host Controller"
- <SYSTEM32>\schtasks.exe /delete /tn security /f
- <SYSTEM32>\net1.exe user HelpAssistant /delete
- <SYSTEM32>\sc.exe config tlntsvr start= disabled
- <SYSTEM32>\attrib.exe -s -h -r "%WINDIR%\SysWOW64\r_server.exe"
- <SYSTEM32>\attrib.exe -s -h -r "<SYSTEM32>\r_server.exe"
- <SYSTEM32>\net1.exe stop Telnet
- <SYSTEM32>\net.exe stop Telnet
- <SYSTEM32>\attrib.exe +s +h "<SYSTEM32>\catroot3"
- <SYSTEM32>\reg.exe delete "HKLM\SYSTEM\Remote Manipulator System" /f
- <SYSTEM32>\attrib.exe +s +h +r ""%TEMP%\blat.lib""
- <SYSTEM32>\attrib.exe +s +h +r ""%TEMP%\blat.dll""
- <SYSTEM32>\taskkill.exe /f /im rutserv.exe
- <SYSTEM32>\cmd.exe /c """%TEMP%\install.bat"" "
- <SYSTEM32>\wscript.exe ""%TEMP%\stop.js""
- <SYSTEM32>\cmd.exe /c """%TEMP%\7ZSfx000.cmd"" "
- <SYSTEM32>\taskkill.exe /f /im RManServer.exe
- <SYSTEM32>\attrib.exe +s +h +r ""%TEMP%\stop.js""
- <SYSTEM32>\attrib.exe +s +h +r ""%TEMP%\mpr.ini""
- <SYSTEM32>\attrib.exe +s +h +r "<SYSTEM32>\de.exe"
- <SYSTEM32>\attrib.exe +s +h +r ""%TEMP%\install.bat""
- <SYSTEM32>\attrib.exe +s +h +r ""%TEMP%\realip.exe""
- <SYSTEM32>\attrib.exe +s +h +r ""%TEMP%\HookLib.dll""
- <SYSTEM32>\attrib.exe +s +h +r ""%TEMP%\block_reader.sys""
- <SYSTEM32>\attrib.exe +s +h +r ""%TEMP%\mpr.exe""
- <SYSTEM32>\attrib.exe +s +h +r ""%TEMP%\blat.exe""
- <SYSTEM32>\catroot3\dsfOggMux.dll
- <SYSTEM32>\de.exe
- <SYSTEM32>\catroot3\dsfTheoraEncoder.dll
- <SYSTEM32>\catroot3\HookDrv.dll
- <SYSTEM32>\catroot3\dsfVorbisEncoder.dll
- %TEMP%\rversionlib.dll
- %TEMP%\RIPCServer.dll
- %TEMP%\RWLN.dll
- %TEMP%\7ZSfx000.cmd
- %TEMP%\block_reader.sys
- <SYSTEM32>\catroot3\rutserv.exe
- <SYSTEM32>\catroot3\RIPCServer.dll
- <SYSTEM32>\catroot3\rversionlib.dll
- <SYSTEM32>\catroot3\set.reg
- <SYSTEM32>\catroot3\RWLN.dll
- <SYSTEM32>\catroot3\msvcp80.dll
- <SYSTEM32>\catroot3\Microsoft.VC80.CRT.manifest
- <SYSTEM32>\catroot3\msvcr80.dll
- <SYSTEM32>\catroot3\PushSource.ax
- <SYSTEM32>\catroot3\rfusclient.exe
- %TEMP%\msvcr80.dll
- %TEMP%\blat.lib
- %TEMP%\mpr.ini
- %TEMP%\PushSource.ax
- %TEMP%\blat.exe
- %TEMP%\install.bat
- %TEMP%\setup.exe
- %TEMP%\AntiSpam.exe
- %TEMP%\stop.js
- %TEMP%\set.reg
- %TEMP%\Microsoft.VC80.CRT.manifest
- %TEMP%\dsfVorbisEncoder.dll
- %TEMP%\dsfTheoraEncoder.dll
- %TEMP%\HookDrv.dll
- %TEMP%\msvcp80.dll
- %TEMP%\HookLib.dll
- %TEMP%\rfusclient.exe
- %TEMP%\de.exe
- %TEMP%\rutserv.exe
- %TEMP%\dsfOggMux.dll
- %TEMP%\blat.dll
- %TEMP%\mpr.ini
- %TEMP%\blat.exe
- <SYSTEM32>\de.exe
- %TEMP%\install.bat
- %TEMP%\blat.lib
- %TEMP%\blat.dll
- %TEMP%\HookLib.dll
- %TEMP%\block_reader.sys
- %TEMP%\rfusclient.exe
- %TEMP%\PushSource.ax
- %TEMP%\msvcp80.dll
- %TEMP%\msvcr80.dll
- %TEMP%\RIPCServer.dll
- %TEMP%\RWLN.dll
- %TEMP%\set.reg
- %TEMP%\rutserv.exe
- %TEMP%\rversionlib.dll
- %TEMP%\7ZSfx000.cmd
- %TEMP%\de.exe
- %TEMP%\stop.js
- %TEMP%\setup.exe
- %TEMP%\dsfOggMux.dll
- %TEMP%\HookDrv.dll
- %TEMP%\Microsoft.VC80.CRT.manifest
- %TEMP%\dsfTheoraEncoder.dll
- %TEMP%\dsfVorbisEncoder.dll
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''