Technical Information
- hidden files
- file extensions
- C:\MGtools\zip.exe "C:\MGlogs.zip" GetUnKey.txt
- C:\MGtools\swreg.exe import C:\MGTools\config.reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 query "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v load query "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v System query "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell query "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v run add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v SuperHidden /t REG_DWORD /d 1 add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v Hidden /t REG_DWORD /d 1 import fixCF.reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v ShowSuperHidden /t REG_DWORD /d 1 add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v HideFileExt /t REG_DWORD /d 0
- %WINDIR%\regedit.exe /E C:\MGTools\temp\xrkey05b.txt "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-"
- %WINDIR%\regedit.exe /E C:\MGTools\temp\xrkey06.txt "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\RunOnce"
- %WINDIR%\regedit.exe /E C:\MGTools\temp\xrkey07.txt "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\RunOnceEx"
- %WINDIR%\regedit.exe /E C:\MGTools\temp\xrkey03.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnceEx"
- %WINDIR%\regedit.exe /E C:\MGTools\temp\xrkey04.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices"
- %WINDIR%\regedit.exe /E C:\MGTools\temp\xrkey05.txt "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run"
- %WINDIR%\regedit.exe /E C:\MGTools\temp\xrkey08.txt "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\RunServices"
- %WINDIR%\regedit.exe /E C:\MGTools\temp\aedebug.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug"
- %WINDIR%\regedit.exe /E C:\MGTools\temp\xlmcpl.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load"
- %WINDIR%\regedit.exe /E C:\MGTools\temp\cvdrv1.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32"
- %WINDIR%\regedit.exe /E C:\MGTools\temp\xrkey09.txt "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\RunServicesOnce"
- %WINDIR%\regedit.exe /E C:\MGTools\temp\xrkey10.txt "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run"
- %WINDIR%\regedit.exe /E C:\MGTools\temp\xrkey11.txt "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce"
- <SYSTEM32>\find.exe "Windows Millennium"
- %WINDIR%\regedit.exe /E C:\MGtools\tmpUnKey.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
- <SYSTEM32>\find.exe "Windows 2000"
- <SYSTEM32>\cmd.exe /c ""C:\MGtools\GetLogs.bat" "
- <SYSTEM32>\find.exe "Windows 95"
- <SYSTEM32>\find.exe "Windows 98"
- <SYSTEM32>\find.exe "version 5"
- %WINDIR%\regedit.exe /E C:\MGTools\temp\xrkey01.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run"
- %WINDIR%\regedit.exe /E C:\MGTools\temp\xrkey01b.txt "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-"
- %WINDIR%\regedit.exe /E C:\MGTools\temp\xrkey02.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce"
- <SYSTEM32>\find.exe "Windows XP"
- <SYSTEM32>\ntvdm.exe -f
- <SYSTEM32>\find.exe "bytes free"
- C:\MGtools\UnKeys.bat
- C:\MGtools\MiscInfo.bat
- C:\MGtools\NwkTst.bat
- C:\MGtools\FixPerm.bat
- C:\MGtools\mbrfix.bat
- C:\MGtools\BamFix.bat
- C:\MGtools\FixACLS.bat
- C:\MGtools\FindRN.bat
- C:\MGtools\FixSBM.bat
- C:\MGtools\fixSBM.reg
- C:\MGtools\SysBU.bat
- C:\MGtools\temp\XPSP3\eventlog.dllmg
- C:\MGtools\temp\XPSP3\netlogon.dllmg
- C:\MGtools\temp\XPSP3\beep.sysmg
- C:\MGtools\temp\XPSP2\netlogon.dllmg
- C:\MGtools\temp\XPSP2\scecli.dllmg
- C:\MGtools\temp\VSP1\netlogon.dllmg
- C:\MGtools\temp\VSP1\scecli.dllmg
- C:\MGtools\temp\VSP1\cngaudit.dllmg
- C:\MGtools\temp\XPSP3\scecli.dllmg
- C:\MGtools\temp\VSP1\beep.sysmg
- C:\MGtools\FixbamRC.bat
- C:\MGtools\temp\xrkey01.txt
- C:\MGtools\temp\xrkey05.txt
- %WINDIR%\Temp\scs2.tmp
- C:\MGtools\temp\junk.txt
- %WINDIR%\Temp\scs1.tmp
- C:\MGtools\temp\aedebug.txt
- C:\MGtools\temp\xrquery.txt
- C:\MGtools\temp\xrkey10.txt
- C:\MGtools\temp\xrkey06.txt
- C:\MGtools\temp\xrkey07.txt
- C:\MGtools\temp\header0.txt
- C:\MGtools\FixAttr.bat
- C:\MGtools\scantime.txt
- C:\MGtools\GetMBR.bat
- C:\MGtools\bamRCfix.txt
- C:\MGtools\download.exe
- C:\MGtools\tmpUnKey.txt
- C:\MGtools\zia02932
- C:\MGtools\GetUnKey.txt
- C:\MGtools\temp\GRKflag.log
- C:\MGtools\filelog.txt
- C:\MGtools\DisableUAC.reg
- C:\MGtools\hide.reg
- C:\MGtools\EnableUAC.reg
- C:\MGtools\fixChode.reg
- C:\MGtools\Regfix.bat
- C:\MGtools\GetDetails.exe
- C:\MGtools\ProcessDll.exe
- C:\MGtools\analyse.exe
- C:\MGtools\unhide.reg
- C:\MGtools\IEFIX.reg
- C:\MGtools\chodefix.bat
- C:\MGtools\grep.exe
- C:\MGtools\locate.com
- C:\MGtools\GetRunKey.bat
- C:\MGtools\zip.exe
- C:\MGtools\GetLogs.Bat
- C:\MGtools\config.reg
- C:\MGtools\GetUnKeys.bat
- C:\MGtools\swreg.exe
- C:\MGtools\ltime.exe
- C:\MGtools\ShowNew.bat
- C:\MGtools\history.txt
- C:\MGtools\HTAfind.bat
- C:\MGtools\FindOVL.bat
- C:\MGtools\SN64.bat
- C:\MGtools\FixFA.bat
- C:\MGtools\GRK64.bat
- C:\MGtools\temp\XPSP2\beep.sysmg
- C:\MGtools\temp\XPSP2\eventlog.dllmg
- C:\MGtools\RemMWS.bat
- C:\MGtools\RunMB.bat
- C:\MGtools\MGclean.bat
- C:\MGtools\fixFA.reg
- C:\MGtools\FixBagle.bat
- C:\MGtools\fixBagle.reg
- C:\MGtools\VunFind.bat
- C:\MGtools\swwhoami.exe
- C:\MGtools\vfind.exe
- C:\MGtools\fixCF.reg
- C:\MGtools\FixCF.bat
- C:\MGtools\sed.exe
- C:\MGtools\Process.exe
- C:\MGtools\UserInfo.bat
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\Temp\scs2.tmp
- C:\MGtools\GetUnKey.txt
- C:\MGtools\tmpUnKey.txt
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-cd4.cd8.3a0001'
- ClassName: 'RegEdit_RegEdit' WindowName: ''