Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Goodbye' = '<SYSTEM32>\Goodbye!.bat'
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\system\CurrentControlSet\Servic es\Mouclass"
- '%WINDIR%\regedit.exe' "<SYSTEM32>\nokeyboard.reg"
- '<SYSTEM32>\cmd.exe' /c ""<SYSTEM32>\Goodbye!.bat" "
- <SYSTEM32>\Goodbye!.bat
- <SYSTEM32>\nokeyboard.reg
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\temp_0.tmp
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'