Worm/Feebs.AU - Worm

Vea también

Resumen

Descripción completa

Estadísticas

Nombre:	Worm/Feebs.AU
Descubierto:	23/03/2006
Tipo:	Gusano
En circulación (ITW):	No
Número de infecciones comunicadas:	Bajo
Potencial de propagación:	Medio-alto
Potencial dañino:	Medio
Fichero estático:	Sí
Tamaño:	61.736 Bytes
Suma de control MD5:	f33d5b2d4f29eba19fedcfa496121368
Versión del VDF:	6.34.00.87
Versión del IVDF:	6.34.00.87

General Métodos de propagación:
   • Correo electrónico
   • Peer to Peer

Alias:
   • Symantec: W32.Feebs
   • TrendMicro: WORM_FEEBS.HO
   • Sophos: W32/Feebs-N
   • VirusBuster: Worm.Feebs.BI
   • Eset: Win32/Mocalo.BO

Plataformas / Sistemas operativos:
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003

Efectos secundarios:
   • Suelta ficheros dañinos
   • Contiene su propio motor para generar mensajes de correo
   • Modificaciones en el registro
   • Roba informaciones
   • Posibilita el acceso no autorizado al ordenador

Ficheros Se copia a sí mismo en la siguiente ubicación:
   • %SYSDIR%\ms%serie de caracteres aleatorios de dos dígitos%.exe

Elimina la copia inicial del virus.

Crea los siguientes ficheros:

– c:\b Los análisis adicionales indicaron que este fichero es también viral. Detectado como: WORM/Feebs.AS

– %SYSDIR%\ms%serie de caracteres aleatorios de dos dígitos%32.dll Además, el fichero es ejecutado después de haber sido creado. Los análisis adicionales indicaron que este fichero es también viral. Detectado como: WORM/Feebs.AS

Intenta descargar algunos ficheros:

– Las direcciones son las siguientes:
   • http://fred5659033.by.ru/**********
   • http://fred5659033.by.ru/**********
   • http://fred5659033.by.ru/**********
   • http://hdk.by.ru/**********
Al realizar esta descripción, dicho fichero no estaba disponible para análisis adicionales.

Registro Elimina del registro de Windows los valores de las siguientes claves:

   • HKLM\SYSTEM\CurrentControlSet\Services\.NET CLR Data\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\.NET CLR Data\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\.NET CLR Data\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\.NET CLR Networking\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\.NET CLR Networking\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\.NETFramework\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\.NETFramework\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\.NETFramework\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Abiosdsk\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Abiosdsk\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Abiosdsk\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\abp480n5\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\abp480n5\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\abp480n5\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ACPI\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ACPI\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ACPI\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ACPIEC\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ACPIEC\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ACPIEC\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\adpu160m\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\adpu160m\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\adpu160m\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\AFD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\AFD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\AFD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\agp440\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\agp440\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\agp440\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Aha154x\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Aha154x\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Aha154x\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\aic78u2\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\aic78u2\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\aic78u2\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\aic78xx\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\aic78xx\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\aic78xx\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Alerter\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Alerter\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Alerter\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ALG\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ALG\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ALG\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\AliIde\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\AliIde\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\AliIde\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\amsint\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\amsint\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\amsint\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\AppMgmt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\AppMgmt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\AppMgmt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\asc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\asc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\asc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\asc3350p\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\asc3350p\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\asc3350p\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\asc3550\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\asc3550\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\asc3550\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\AsyncMac\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\AsyncMac\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\AsyncMac\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\atapi\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\atapi\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\atapi\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Atdisk\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Atdisk\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Atdisk\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Atmarpc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Atmarpc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Atmarpc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ATS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ATS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ATS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\AudioSrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\AudioSrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\AudioSrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\audstub\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\audstub\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\audstub\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\BattC\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\BattC\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\BattC\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Beep\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Beep\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Beep\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\BITS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\BITS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\BITS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Browser\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Browser\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Browser\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\cbidf2k\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\cbidf2k\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\cbidf2k\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\cd20xrnt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\cd20xrnt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\cd20xrnt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Cdaudio\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Cdaudio\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Cdaudio\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Cdfs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Cdfs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Cdfs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Cdrom\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Cdrom\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Cdrom\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Changer\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Changer\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Changer\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\cisvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\cisvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\cisvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ClipSrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ClipSrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ClipSrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\CmdIde\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\CmdIde\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\CmdIde\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\COMSysApp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\COMSysApp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ContentFilter\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ContentFilter\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ContentFilter\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ContentIndex\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ContentIndex\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ContentIndex\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Cpqarray\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Cpqarray\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Cpqarray\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\CryptSvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\CryptSvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\CryptSvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dac2w2k\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dac2w2k\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dac2w2k\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dac960nt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dac960nt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dac960nt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Dhcp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Dhcp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Disk\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Disk\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Disk\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dmadmin\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dmadmin\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dmadmin\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dmboot\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dmboot\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dmboot\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dmio\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dmio\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dmio\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dmload\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dmload\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dmload\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dmserver\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dmserver\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dmserver\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Dnscache\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Dnscache\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dpti2o\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dpti2o\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dpti2o\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ERSvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ERSvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ERSvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Eventlog\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Eventlog\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\EventSystem\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\EventSystem\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\EventSystem\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Fastfat\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Fastfat\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Fastfat\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\FastUserSwitchingCompatibility\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\FastUserSwitchingCompatibility\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Fdc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Fdc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Fdc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Fips\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Fips\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Fips\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Flpydisk\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Flpydisk\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Flpydisk\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Fs_Rec\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Fs_Rec\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Fs_Rec\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Ftdisk\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Ftdisk\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Ftdisk\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Fundelete\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Fundelete\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Fundelete\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Gpc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Gpc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Gpc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\helpsvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\helpsvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\helpsvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\hgfs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\hgfs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\hgfs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\HidServ\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\HidServ\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\HidServ\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\hpn\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\hpn\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\hpn\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\hpt3xx\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\hpt3xx\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\hpt3xx\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\i2omgmt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\i2omgmt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\i2omgmt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\i2omp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\i2omp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\i2omp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\i8042prt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\i8042prt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\i8042prt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Imapi\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Imapi\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Imapi\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ImapiService\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ImapiService\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ImapiService\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\inetaccs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\inetaccs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\inetaccs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ini910u\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ini910u\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ini910u\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Inport\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Inport\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Inport\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\IntelIde\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\IntelIde\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\IntelIde\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\IpFilterDriver\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\IpFilterDriver\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\IpFilterDriver\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\IpInIp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\IpInIp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\IpInIp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\IpNat\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\IpNat\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\IpNat\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\IPSec\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\IPSec\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\IPSec\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\IRENUM\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\IRENUM\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\IRENUM\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ISAPISearch\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ISAPISearch\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ISAPISearch\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\isapnp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\isapnp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\isapnp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Kbdclass\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Kbdclass\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Kbdclass\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\KSecDD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\KSecDD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\KSecDD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\lanmanserver\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\lanmanserver\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\lanmanworkstation\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\lanmanworkstation\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\lanmanworkstation\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\lbrtfdc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\lbrtfdc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\lbrtfdc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ldap\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ldap\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ldap\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\LicenseService\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\LicenseService\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\LicenseService\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\LmHosts\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\LmHosts\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\LmHosts\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Messenger\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Messenger\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Messenger\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\mnmdd\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\mnmdd\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\mnmdd\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\mnmsrvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\mnmsrvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\mnmsrvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Modem\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Modem\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Modem\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Mouclass\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Mouclass\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Mouclass\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\MountMgr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\MountMgr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\MountMgr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\mraid35x\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\mraid35x\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\mraid35x\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\MRxDAV\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\MRxDAV\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\MRxDAV\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\MRxSmb\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\MRxSmb\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\MRxSmb\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\MSDTC\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\MSDTC\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\MSDTC\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Msfs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Msfs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Msfs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\MSIServer\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\MSIServer\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\MSIServer\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\msServerForm\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\msServerForm\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\msServerForm\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Mup\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Mup\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Mup\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NDIS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NDIS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NDIS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NdisTapi\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NdisTapi\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NdisTapi\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Ndisuio\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Ndisuio\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Ndisuio\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NdisWan\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NdisWan\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NdisWan\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NDProxy\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NDProxy\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NDProxy\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NetBIOS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NetBIOS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NetBIOS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NetBT\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NetBT\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NetBT\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NetDDE\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NetDDE\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NetDDE\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NetDDEdsdm\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NetDDEdsdm\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NetDDEdsdm\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Netlogon\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Netlogon\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Netman\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Netman\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Netman\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Nla\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Nla\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Nla\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\nm\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\nm\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\nm\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NPF\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NPF\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NPF\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Npfs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Npfs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Npfs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Ntfs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Ntfs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Ntfs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NtLmSsp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NtLmSsp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NtLmSsp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NtmsSvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NtmsSvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NtmsSvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Null\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Null\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Null\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NwlnkFlt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NwlnkFlt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NwlnkFlt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NwlnkFwd\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NwlnkFwd\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NwlnkFwd\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Parport\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Parport\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Parport\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PartMgr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PartMgr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PartMgr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ParVdm\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ParVdm\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ParVdm\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PCI\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PCI\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PCI\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PCIDump\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PCIDump\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PCIDump\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PCIIde\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PCIIde\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PCIIde\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Pcmcia\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Pcmcia\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Pcmcia\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PCnet\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PCnet\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PCnet\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PDCOMP\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PDCOMP\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PDCOMP\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PDFRAME\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PDFRAME\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PDFRAME\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PDRELI\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PDRELI\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PDRELI\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PDRFRAME\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PDRFRAME\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PDRFRAME\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\perc2\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\perc2\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\perc2\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\perc2hib\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\perc2hib\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\perc2hib\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PerfDisk\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PerfDisk\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PerfDisk\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PerfNet\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PerfNet\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PerfNet\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PerfOS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PerfOS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PerfOS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PerfProc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PerfProc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PerfProc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PlugPlay\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PlugPlay\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PolicyAgent\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PolicyAgent\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PptpMiniport\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PptpMiniport\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PptpMiniport\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Processor\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Processor\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Processor\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ProtectedStorage\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ProtectedStorage\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ProtectedStorage\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PSSdk21\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PSSdk21\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Ptilink\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Ptilink\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Ptilink\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ql1080\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ql1080\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ql1080\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Ql10wnt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Ql10wnt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Ql10wnt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ql12160\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ql12160\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ql12160\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ql1240\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ql1240\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ql1240\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ql1280\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ql1280\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ql1280\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RasAcd\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RasAcd\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RasAcd\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RasAuto\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RasAuto\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RasAuto\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Rasl2tp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Rasl2tp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Rasl2tp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RasMan\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RasMan\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RasMan\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RasPppoe\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RasPppoe\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RasPppoe\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Raspti\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Raspti\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Raspti\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Rdbss\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Rdbss\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Rdbss\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RDPCDD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RDPCDD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RDPCDD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RDPDD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RDPDD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RDPDD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\rdpdr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\rdpdr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\rdpdr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RDPNP\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RDPNP\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RDPNP\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RDPWD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RDPWD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RDPWD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RDSessMgr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RDSessMgr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RDSessMgr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\redbook\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\redbook\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\redbook\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RemoteAccess\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RemoteAccess\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RemoteRegistry\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\rpcapd\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\rpcapd\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\rpcapd\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RpcLocator\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RpcLocator\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RpcLocator\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RpcSs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RpcSs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RpcSs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RSVP\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RSVP\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RSVP\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SamSs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SamSs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SamSs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SCardDrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SCardDrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SCardDrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SCardSvr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SCardSvr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SCardSvr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Schedule\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Schedule\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Schedule\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Secdrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Secdrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Secdrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\seclogon\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\seclogon\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\seclogon\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SENS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SENS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SENS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\serenum\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\serenum\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\serenum\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Serial\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Serial\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Serial\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Sfloppy\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Sfloppy\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Sfloppy\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SharedAccess\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SharedAccess\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ShellHWDetection\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ShellHWDetection\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ShellHWDetection\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Simbad\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Simbad\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Simbad\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Sparrow\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Sparrow\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Sparrow\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Spooler\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Spooler\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Spooler\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\sr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\sr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\sr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\srservice\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\srservice\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\srservice\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Srv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Srv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Srv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SSDPSRV\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SSDPSRV\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SSDPSRV\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\stisvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\stisvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\stisvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\swenum\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\swenum\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\swenum\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SwPrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SwPrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SwPrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\symc810\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\symc810\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\symc810\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\symc8xx\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\symc8xx\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\symc8xx\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\sym_hi\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\sym_hi\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\sym_hi\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\sym_u3\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\sym_u3\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\sym_u3\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SysmonLog\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SysmonLog\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TapiSrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TapiSrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TapiSrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Tcpip\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Tcpip\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TDPIPE\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TDPIPE\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TDPIPE\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TDTCP\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TDTCP\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TDTCP\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TermDD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TermDD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TermDD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TermService\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TermService\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TermService\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Themes\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Themes\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Themes\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TlntSvr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TlntSvr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TosIde\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TosIde\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TosIde\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TrkWks\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TrkWks\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TrkWks\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TSDDD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TSDDD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TSDDD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Udfs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Udfs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Udfs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ultra\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ultra\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ultra\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Update\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Update\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Update\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\uploadmgr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\uploadmgr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\uploadmgr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\upnphost\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\upnphost\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\upnphost\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\UPS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\UPS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\UPS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\usbhub\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\usbhub\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\usbhub\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\usbuhci\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\usbuhci\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\usbuhci\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\VgaSave\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\VgaSave\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\VgaSave\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ViaIde\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ViaIde\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ViaIde\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\vmmouse\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\vmmouse\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\vmmouse\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\vmscsi\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\vmscsi\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\vmscsi\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\VMTools\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\VMTools\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\VMTools\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\vmxnet\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\vmxnet\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\vmxnet\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\vmx_svga\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\vmx_svga\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\vmx_svga\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\VolSnap\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\VolSnap\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\VolSnap\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\VSS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\VSS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\VSS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\W32Time\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\W32Time\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\W32Time\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\W3SVC\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\W3SVC\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Wanarp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Wanarp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Wanarp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WDICA\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WDICA\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WDICA\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WebClient\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WebClient\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WebClient\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\winmgmt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\winmgmt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\winmgmt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Winsock\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Winsock\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Winsock\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WinSock2\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WinSock2\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WinTrust\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WinTrust\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WinTrust\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WmdmPmSp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WmdmPmSp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WmdmPmSp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Wmi\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Wmi\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Wmi\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WmiApRpl\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WmiApSrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WmiApSrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WmiApSrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\wuauserv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\wuauserv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WZCSVC\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WZCSVC\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WZCSVC\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\{05BB3C9D-06ED-4297-9D99-6161259BCE4E}\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\{05BB3C9D-06ED-4297-9D99-6161259BCE4E}\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\{05BB3C9D-06ED-4297-9D99-6161259BCE4E}\FailureActions

Añade las siguientes claves al registro:

– [HKLM\Software\Microsoft\MSAS]
   • "ver" = e
   • "drx" = %valores hex%
   • "fst" = %valores hex%
   • "cls" = {%valores hex%}
   • "clo" = ms%serie de caracteres aleatorios de dos dígitos%
   • "buf" = ms%serie de caracteres aleatorios de dos dígitos%.db
   • "dll" = ms%serie de caracteres aleatorios de dos dígitos%32.dll
   • "exe" = ms%serie de caracteres aleatorios de dos dígitos%.exe
   • "dir" = drivers\ms%serie de caracteres aleatorios de dos dígitos%\
   • "sca" = %valores hex%
   • "cd" = %valores hex%
   • "pid" = %valores hex%
   • "mti" = %valores hex%
   • "duc" = %valores hex%
   • "huk" = %valores hex%
   • "uzc" = %valores hex%
   • "usc" = %valores hex%
   • "use" = %valores hex%
   • "inv" = %valores hex%
   • "port" = %valores hex%
   • "ton" = %valores hex%
   • "con" = %valores hex%
   • "upd" = %valores hex%
   • "bps" = %valores hex%

– [HKLM\Software\Microsoft\MSAS\
   %serie de caracteres aleatorios%dat]
   • %direcciones de email coleccionadas%

– [HKCU\Software\Microsoft\Internet Explorer]
   • "web" = "http://popcapfree.t35.com/"

– [HKCR\CLSID\%CLSID generados%\InprocServer32]
   • "ThreadingModel" = "Both"
   • "@" = "%sysdir%\ms%serie de caracteres aleatorios de dos dígitos%32.dll"

– [HKLM\Software\Microsoft\Windows\CurrentVersion\
   ShellServiceObjectDelayLoad]
   • "ms%serie de caracteres aleatorios de dos dígitos%32.dll" = "%CLSID generados%"

– [HKLM\SOFTWARE\Microsoft\MSAS\sdat]
   • %rutas y nombres de archivos de copias de malware%

– [HKLM\SOFTWARE\Microsoft\MSAS\kdat]
   • %rutas para copias de malware%

Correo electrónico Incluye un motor SMTP integrado para enviar mensajes. Establecerá una conexión con el servidor de destinación. Las características se describen a continuación:

De:
La dirección del remitente es falsa.
Direcciones generadas. Por favor no piense que ha sido la intención del remitente enviarle este mensaje de correo. Es posible que dicho remitente no esté al tanto de la infección o no esté infectado. Además, es posible que usted reciba mensajes devueltos, indicándole que está infectado. Esto también podría ser falso.
El remitente del mensaje de correo es el siguiente:
   • user%serie de caracteres aleatorios de cinco dígitos%@%dominio del remitente%

Para:
– Direcciones de correo encontradas en ficheros específicos del sistema.
– Direcciones de correo recolectadas de WAB (La libreta de direcciones de Windows - Windows Address Book)

Asunto:
The subject of the email is constructed out of the (es)

    Empieza por uno de los siguientes:
   • Encrypted
   • Protected
   • Secure

    Y luego una de las siguientes:
   • E-mail
   • Mail
   • Message

    A veces seguida por una de las siguientes:
   • from %dominio del remitente% user
   • Service
   • Service (%dominio del remitente%)
   • System
   • System (%dominio del remitente%)

El cuerpo del mensaje:
El cuerpo del mensaje es uno de los siguientes:

   • Message is attached.

Y a continuación:

   • ID: %serie de caracteres aleatorios de cinco dígitos%
     Pass: %serie de caracteres aleatorios%

Y a continuación:

   • Thank you,
     %email subject%,
     %dominio del remitente%

   • Sincerely,
     %email subject%,
     %dominio del remitente%

   • Best Regards,
     %email subject%,
     %dominio del remitente%

Archivo adjunto:
El nombre del fichero adjunto es uno de los siguientes:
   • data.zip
   • mail.zip
   • message.zip
   • msg.zip

The attachment is a copy of the malware described (es) HTML/Feebs.Gen

El mensaje de correo se ve así:

Envio de mensajes Creación de direcciones para el campo DE (remitente):
Emplea el mismo listado de dominios mencionado anteriormente.

El dominio es uno de los siguientes:
   • aol.com
   • gmail.com
   • hotmail.com
   • msn.com
   • yahoo.com

P2P Para infectar otros sistemas de las redes Peer-to-Peer, realiza las siguientes operaciones:

–   Busca directorios que contengan una de las siguientes subseries de caracteres:
   • share
   • download
   • incoming

   Al tener éxito, crea los siguientes ficheros:
   • 3dsmax_9_(3D_Studio_Max)_new!_full+crack.zip
   • ACDSee_9_new!_full+crack.zip
   • Adobe_Photoshop_10_(CS3)_new!_full+crack.zip
   • Adobe_Premiere_9_(2.0_pro)_new!_full+crack.zip
   • Ahead_Nero_8_new!_full+crack.zip
   • DivX_7.0_new!_full+crack.zip
   • ICQ_2006_new!_full+crack.zip
   • Internet_Explorer_7_new!_full+crack.zip
   • Kazaa_4_new!_full+crack.zip
   • Longhorn_new!_full+crack.zip
   • Microsoft_Office_2006_new!_full+crack.zip
   • winamp_5.2_new!_full+crack.zip

Backdoor (Puerta trasera) Abre los siguientes puertos:

– svchost.exe en el puerto TCP 80 para funcionar como servidor HTTP.
– svchost.exe en un puerto TCP aleatorio para proporcionar capabilidades de backdoor.

Servidor contactado:
La siguiente:
• http://ivj.t**********

Inyectar el código viral en otros procesos – Inyecta el siguiente fichero en un proceso: ms%serie de caracteres aleatorios de dos dígitos%32.dll

Nombre del proceso:
• explorer.exe

Informaciones diversas Conexión a Internet:
Para verificar la conexión a Internet, se conecta a los siguientes servidores DNS:
   • AOL.com
   • login.icq.com
   • yahoo.com
   • msn.com
   • gmail.com

Tecnología Rootkit Es una tecnología específica para los virus. El programa malicioso oculta su presencia ante las herramientas del sistema, ante las aplicaciones de seguridad y, finalmente, ante el usuario.

Oculta las siguientes:
– Sus propios ficheros
– Sus propias claves del registro

Método empleado:
• Oculto en Windows API

Datos del fichero Programa de compresión de ejecutables:
Para agravar la detección y reducir el tamaño del fichero, emplea un programa de compresión de ejecutables.

Para una breve descripción vea el resumen aquí.

Descripción insertada por Irina Boldea el Mon, 02 Oct 2006 12:02 (GMT+1)
Descripción actualizada por Robert Harja Iliescu el Fri, 06 Oct 2006 11:30 (GMT+1)

» About Malware
» About Phishing
» Viruses In the Wild

« volver