1. Generate file
%windows%\
2. Add registry startup key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Win32Sr"ImagePath" = "%windows%\"
3. Others
Download the virus %systemRoot%\DOCUME~1\ADMINI~1\LOCALS~1\Temporary Internet Files folder, and copy it to c:\ and execute.
4. After executing c:\, generate the following virus file:
%windows%\system32\drivers\
%windows%\system32\
%windows%\system32\wbem\
Added registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetPT"ImagePath" = "%system%\drivers\"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfFont"ImagePath" = "%system%\"
HKEY_CLASSES_ROOT\CLSID\{4DE225BF-CF59-4CFC-85F7-68B90F185355}
%windows%\
2. Add registry startup key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Win32Sr"ImagePath" = "%windows%\"
3. Others
Download the virus %systemRoot%\DOCUME~1\ADMINI~1\LOCALS~1\Temporary Internet Files folder, and copy it to c:\ and execute.
4. After executing c:\, generate the following virus file:
%windows%\system32\drivers\
%windows%\system32\
%windows%\system32\wbem\
Added registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetPT"ImagePath" = "%system%\drivers\"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfFont"ImagePath" = "%system%\"
HKEY_CLASSES_ROOT\CLSID\{4DE225BF-CF59-4CFC-85F7-68B90F185355}