The subject inserted the flash drive containing the program. The program is masked as IB Physics Past Paper May 2015.doc. The subject deliberately ran the program. When the program ran, the antivirus rejected the program to work but then the antivirus was disabled manually and then the program ran. The program made a copy of itself and injected the registry so that it ran during boot. When the program initially ran, it acted as a full screen warning prompt so the program cannot be ignored, for the subject could not go back to the desktop if it was ignored. When the subject clicked OK, the program hid and it ran in the background, and killed the task manager, registry editor, command prompt. The OK button also started the 15 seconds timer. When the timer ended, the initial warning screen reappeared, the CD tray opened and then when the program detects Safari, Chrome or Firefox, the computer reboots and it prompts the subject to use Internet Explorer, and then the task manager, registry editor, command prompt are killed also. When it didn’t reboot, the program restarted the timer. After rebooting, the program restarted. Then this went on until a hotkey, which I inputed (ALT+D), deleted the registry and fully disabled the program. The correct password which was “epilepsi” must be inputed, so that the program disabled itself to run during reboots otherwise the program only closes but reran during reboot.

Tags: , ,