Description complète

Nom:	HTML/Drop.Feebs.2
La date de la découverte:	21/03/2006
Type:	Ver
En circulation:	Non
Infections signalées	Faible
Potentiel de distribution:	Moyen à élevé
Potentiel de destruction:	Moyen
Fichier statique:	Oui
Taille du fichier:	58.084 Octets
Somme de contrôle MD5:	70da69f2b921fe958c28c7ef8c76c4e0
Version VDF:	6.34.00.76 - mardi 21 mars 2006
Version IVDF:	6.34.00.76 - mardi 21 mars 2006

Général Méthodes de propagation:
   • Email
   • Peer to Peer

Les alias:
   • VirusBuster: Worm.Feebs.BN
   • Eset: Win32/Mocalo.BU

Plateformes / Systèmes d'exploitation:
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003

Effets secondaires:
   • Il crée des fichiers malveillants
   • Il emploie son propre moteur de courrier électronique
   • Il modifie des registres
   • Il vole de l'information
   • Il facilite l'accès non autorisé à l'ordinateur

Fichiers Il s'autocopie dans l'emplacement suivant:
   • %sysdir%\ms%chaîne de caractères aléatoire de deux digits%.exe

Il supprime sa propre copie, exécutée initialement

Les fichiers suivants sont créés:

– c:\b Les investigations ultérieures ont prouvé que ce ficher est également un Malware. Détecté comme: Worm/Feebs.AS

– %sysdir%\ms%chaîne de caractères aléatoire de deux digits%32.dll Ensuite, il est exécuté après avoir été completment crée. Les investigations ultérieures ont prouvé que ce ficher est également un Malware. Détecté comme: Worm/Feebs.AS

Il essaie de télécharger des fichiers:

– Les emplacements sont les suivants:
   • http://mary2384300.by.ru/**********
   • http://mary2384300.by.ru/**********
   • http://mary2384300.by.ru/**********
   • http://hdk.by.ru/**********
Au moment de l'écriture, ce fichier n'était pas en ligne pour plus d'investigations.

Registre Les valeurs des clés de registre suivantes sont supprimées:

   • HKLM\SYSTEM\CurrentControlSet\Services\.NET CLR Data\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\.NET CLR Data\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\.NET CLR Data\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\.NET CLR Networking\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\.NET CLR Networking\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\.NETFramework\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\.NETFramework\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\.NETFramework\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Abiosdsk\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Abiosdsk\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Abiosdsk\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\abp480n5\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\abp480n5\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\abp480n5\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ACPI\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ACPI\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ACPI\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ACPIEC\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ACPIEC\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ACPIEC\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\adpu160m\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\adpu160m\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\adpu160m\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\AFD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\AFD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\AFD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\agp440\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\agp440\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\agp440\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Aha154x\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Aha154x\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Aha154x\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\aic78u2\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\aic78u2\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\aic78u2\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\aic78xx\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\aic78xx\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\aic78xx\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Alerter\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Alerter\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Alerter\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ALG\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ALG\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ALG\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\AliIde\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\AliIde\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\AliIde\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\amsint\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\amsint\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\amsint\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\AppMgmt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\AppMgmt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\AppMgmt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\asc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\asc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\asc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\asc3350p\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\asc3350p\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\asc3350p\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\asc3550\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\asc3550\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\asc3550\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\AsyncMac\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\AsyncMac\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\AsyncMac\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\atapi\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\atapi\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\atapi\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Atdisk\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Atdisk\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Atdisk\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Atmarpc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Atmarpc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Atmarpc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ATS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ATS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ATS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\AudioSrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\AudioSrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\AudioSrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\audstub\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\audstub\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\audstub\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\BattC\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\BattC\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\BattC\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Beep\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Beep\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Beep\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\BITS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\BITS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\BITS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Browser\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Browser\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Browser\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\cbidf2k\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\cbidf2k\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\cbidf2k\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\cd20xrnt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\cd20xrnt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\cd20xrnt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Cdaudio\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Cdaudio\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Cdaudio\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Cdfs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Cdfs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Cdfs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Cdrom\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Cdrom\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Cdrom\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Changer\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Changer\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Changer\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\cisvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\cisvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\cisvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ClipSrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ClipSrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ClipSrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\CmdIde\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\CmdIde\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\CmdIde\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\COMSysApp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\COMSysApp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ContentFilter\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ContentFilter\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ContentFilter\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ContentIndex\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ContentIndex\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ContentIndex\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Cpqarray\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Cpqarray\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Cpqarray\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\CryptSvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\CryptSvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\CryptSvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dac2w2k\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dac2w2k\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dac2w2k\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dac960nt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dac960nt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dac960nt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Dhcp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Dhcp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Disk\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Disk\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Disk\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dmadmin\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dmadmin\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dmadmin\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dmboot\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dmboot\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dmboot\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dmio\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dmio\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dmio\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dmload\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dmload\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dmload\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dmserver\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dmserver\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dmserver\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Dnscache\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Dnscache\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dpti2o\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dpti2o\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dpti2o\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ERSvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ERSvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ERSvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Eventlog\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Eventlog\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\EventSystem\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\EventSystem\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\EventSystem\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Fastfat\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Fastfat\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Fastfat\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\FastUserSwitchingCompatibility\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\FastUserSwitchingCompatibility\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Fdc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Fdc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Fdc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Fips\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Fips\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Fips\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Flpydisk\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Flpydisk\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Flpydisk\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Fs_Rec\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Fs_Rec\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Fs_Rec\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Ftdisk\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Ftdisk\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Ftdisk\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Fundelete\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Fundelete\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Fundelete\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Gpc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Gpc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Gpc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\helpsvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\helpsvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\helpsvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\hgfs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\hgfs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\hgfs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\HidServ\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\HidServ\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\HidServ\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\hpn\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\hpn\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\hpn\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\hpt3xx\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\hpt3xx\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\hpt3xx\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\i2omgmt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\i2omgmt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\i2omgmt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\i2omp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\i2omp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\i2omp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\i8042prt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\i8042prt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\i8042prt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Imapi\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Imapi\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Imapi\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ImapiService\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ImapiService\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ImapiService\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\inetaccs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\inetaccs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\inetaccs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ini910u\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ini910u\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ini910u\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Inport\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Inport\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Inport\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\IntelIde\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\IntelIde\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\IntelIde\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\IpFilterDriver\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\IpFilterDriver\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\IpFilterDriver\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\IpInIp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\IpInIp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\IpInIp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\IpNat\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\IpNat\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\IpNat\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\IPSec\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\IPSec\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\IPSec\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\IRENUM\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\IRENUM\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\IRENUM\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ISAPISearch\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ISAPISearch\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ISAPISearch\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\isapnp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\isapnp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\isapnp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Kbdclass\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Kbdclass\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Kbdclass\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\KSecDD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\KSecDD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\KSecDD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\lanmanserver\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\lanmanserver\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\lanmanworkstation\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\lanmanworkstation\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\lanmanworkstation\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\lbrtfdc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\lbrtfdc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\lbrtfdc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ldap\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ldap\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ldap\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\LicenseService\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\LicenseService\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\LicenseService\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\LmHosts\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\LmHosts\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\LmHosts\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Messenger\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Messenger\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Messenger\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\mnmdd\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\mnmdd\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\mnmdd\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\mnmsrvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\mnmsrvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\mnmsrvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Modem\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Modem\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Modem\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Mouclass\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Mouclass\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Mouclass\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\MountMgr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\MountMgr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\MountMgr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\mraid35x\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\mraid35x\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\mraid35x\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\MRxDAV\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\MRxDAV\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\MRxDAV\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\MRxSmb\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\MRxSmb\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\MRxSmb\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\MSDTC\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\MSDTC\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\MSDTC\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Msfs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Msfs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Msfs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\MSIServer\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\MSIServer\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\MSIServer\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\msServerForm\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\msServerForm\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\msServerForm\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Mup\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Mup\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Mup\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NDIS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NDIS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NDIS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NdisTapi\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NdisTapi\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NdisTapi\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Ndisuio\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Ndisuio\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Ndisuio\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NdisWan\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NdisWan\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NdisWan\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NDProxy\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NDProxy\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NDProxy\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NetBIOS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NetBIOS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NetBIOS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NetBT\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NetBT\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NetBT\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NetDDE\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NetDDE\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NetDDE\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NetDDEdsdm\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NetDDEdsdm\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NetDDEdsdm\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Netlogon\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Netlogon\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Netman\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Netman\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Netman\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Nla\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Nla\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Nla\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\nm\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\nm\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\nm\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NPF\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NPF\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NPF\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Npfs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Npfs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Npfs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Ntfs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Ntfs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Ntfs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NtLmSsp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NtLmSsp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NtLmSsp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NtmsSvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NtmsSvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NtmsSvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Null\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Null\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Null\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NwlnkFlt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NwlnkFlt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NwlnkFlt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NwlnkFwd\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NwlnkFwd\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NwlnkFwd\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Parport\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Parport\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Parport\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PartMgr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PartMgr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PartMgr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ParVdm\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ParVdm\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ParVdm\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PCI\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PCI\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PCI\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PCIDump\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PCIDump\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PCIDump\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PCIIde\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PCIIde\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PCIIde\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Pcmcia\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Pcmcia\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Pcmcia\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PCnet\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PCnet\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PCnet\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PDCOMP\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PDCOMP\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PDCOMP\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PDFRAME\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PDFRAME\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PDFRAME\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PDRELI\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PDRELI\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PDRELI\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PDRFRAME\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PDRFRAME\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PDRFRAME\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\perc2\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\perc2\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\perc2\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\perc2hib\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\perc2hib\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\perc2hib\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PerfDisk\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PerfDisk\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PerfDisk\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PerfNet\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PerfNet\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PerfNet\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PerfOS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PerfOS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PerfOS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PerfProc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PerfProc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PerfProc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PlugPlay\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PlugPlay\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PolicyAgent\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PolicyAgent\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PptpMiniport\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PptpMiniport\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PptpMiniport\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Processor\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Processor\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Processor\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ProtectedStorage\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ProtectedStorage\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ProtectedStorage\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PSSdk21\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PSSdk21\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Ptilink\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Ptilink\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Ptilink\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ql1080\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ql1080\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ql1080\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Ql10wnt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Ql10wnt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Ql10wnt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ql12160\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ql12160\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ql12160\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ql1240\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ql1240\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ql1240\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ql1280\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ql1280\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ql1280\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RasAcd\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RasAcd\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RasAcd\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RasAuto\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RasAuto\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RasAuto\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Rasl2tp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Rasl2tp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Rasl2tp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RasMan\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RasMan\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RasMan\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RasPppoe\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RasPppoe\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RasPppoe\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Raspti\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Raspti\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Raspti\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Rdbss\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Rdbss\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Rdbss\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RDPCDD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RDPCDD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RDPCDD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RDPDD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RDPDD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RDPDD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\rdpdr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\rdpdr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\rdpdr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RDPNP\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RDPNP\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RDPNP\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RDPWD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RDPWD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RDPWD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RDSessMgr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RDSessMgr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RDSessMgr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\redbook\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\redbook\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\redbook\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RemoteAccess\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RemoteAccess\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RemoteRegistry\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\rpcapd\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\rpcapd\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\rpcapd\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RpcLocator\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RpcLocator\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RpcLocator\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RpcSs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RpcSs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RpcSs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RSVP\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RSVP\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RSVP\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SamSs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SamSs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SamSs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SCardDrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SCardDrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SCardDrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SCardSvr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SCardSvr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SCardSvr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Schedule\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Schedule\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Schedule\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Secdrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Secdrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Secdrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\seclogon\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\seclogon\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\seclogon\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SENS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SENS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SENS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\serenum\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\serenum\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\serenum\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Serial\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Serial\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Serial\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Sfloppy\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Sfloppy\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Sfloppy\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SharedAccess\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SharedAccess\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ShellHWDetection\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ShellHWDetection\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ShellHWDetection\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Simbad\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Simbad\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Simbad\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Sparrow\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Sparrow\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Sparrow\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Spooler\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Spooler\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Spooler\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\sr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\sr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\sr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\srservice\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\srservice\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\srservice\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Srv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Srv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Srv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SSDPSRV\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SSDPSRV\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SSDPSRV\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\stisvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\stisvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\stisvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\swenum\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\swenum\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\swenum\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SwPrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SwPrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SwPrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\symc810\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\symc810\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\symc810\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\symc8xx\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\symc8xx\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\symc8xx\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\sym_hi\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\sym_hi\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\sym_hi\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\sym_u3\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\sym_u3\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\sym_u3\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SysmonLog\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SysmonLog\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TapiSrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TapiSrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TapiSrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Tcpip\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Tcpip\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TDPIPE\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TDPIPE\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TDPIPE\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TDTCP\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TDTCP\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TDTCP\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TermDD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TermDD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TermDD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TermService\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TermService\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TermService\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Themes\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Themes\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Themes\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TlntSvr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TlntSvr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TosIde\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TosIde\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TosIde\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TrkWks\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TrkWks\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TrkWks\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TSDDD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TSDDD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TSDDD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Udfs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Udfs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Udfs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ultra\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ultra\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ultra\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Update\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Update\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Update\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\uploadmgr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\uploadmgr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\uploadmgr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\upnphost\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\upnphost\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\upnphost\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\UPS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\UPS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\UPS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\usbhub\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\usbhub\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\usbhub\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\usbuhci\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\usbuhci\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\usbuhci\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\VgaSave\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\VgaSave\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\VgaSave\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ViaIde\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ViaIde\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ViaIde\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\vmmouse\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\vmmouse\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\vmmouse\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\vmscsi\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\vmscsi\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\vmscsi\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\VMTools\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\VMTools\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\VMTools\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\vmxnet\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\vmxnet\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\vmxnet\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\vmx_svga\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\vmx_svga\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\vmx_svga\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\VolSnap\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\VolSnap\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\VolSnap\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\VSS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\VSS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\VSS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\W32Time\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\W32Time\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\W32Time\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\W3SVC\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\W3SVC\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Wanarp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Wanarp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Wanarp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WDICA\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WDICA\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WDICA\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WebClient\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WebClient\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WebClient\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\winmgmt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\winmgmt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\winmgmt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Winsock\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Winsock\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Winsock\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WinSock2\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WinSock2\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WinTrust\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WinTrust\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WinTrust\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WmdmPmSp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WmdmPmSp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WmdmPmSp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Wmi\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Wmi\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Wmi\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WmiApRpl\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WmiApSrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WmiApSrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WmiApSrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\wuauserv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\wuauserv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WZCSVC\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WZCSVC\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WZCSVC\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\{05BB3C9D-06ED-4297-9D99-6161259BCE4E}\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\{05BB3C9D-06ED-4297-9D99-6161259BCE4E}\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\{05BB3C9D-06ED-4297-9D99-6161259BCE4E}\FailureActions

Les clés de registre suivantes sont ajoutée:

– [HKLM\Software\Microsoft\MSAS]
   • "ver" = e
   • "drx" = %valeurs hexa%
   • "fst" = %valeurs hexa%
   • "cls" = {%valeurs hexa%}
   • "clo" = ms%chaîne de caractères aléatoire de deux digits%
   • "buf" = ms%chaîne de caractères aléatoire de deux digits%.db
   • "dll" = ms%chaîne de caractères aléatoire de deux digits%32.dll
   • "exe" = ms%chaîne de caractères aléatoire de deux digits%.exe
   • "dir" = drivers\ms%chaîne de caractères aléatoire de deux digits%\
   • "sca" = %valeurs hexa%
   • "cd" = %valeurs hexa%
   • "pid" = %valeurs hexa%
   • "mti" = %valeurs hexa%
   • "duc" = %valeurs hexa%
   • "huk" = %valeurs hexa%
   • "uzc" = %valeurs hexa%
   • "usc" = %valeurs hexa%
   • "use" = %valeurs hexa%
   • "inv" = %valeurs hexa%
   • "port" = %valeurs hexa%
   • "ton" = %valeurs hexa%
   • "con" = %valeurs hexa%
   • "upd" = %valeurs hexa%
   • "bps" = %valeurs hexa%

– [HKLM\Software\Microsoft\MSAS\
   %chaîne de caractères aléatoire%dat]
   • %adresses email récoltées%

– [HKCU\Software\Microsoft\Internet Explorer]
   • "web" = "http://popcapfree.t35.com/"

– [HKCR\CLSID\%le CLSID généré%\InprocServer32]
   • "ThreadingModel" = "Both"
   • "@" = "%sysdir%\ms%chaîne de caractères aléatoire de deux digits%32.dll"

– [HKLM\Software\Microsoft\Windows\CurrentVersion\
   ShellServiceObjectDelayLoad]
   • "ms%chaîne de caractères aléatoire de deux digits%32.dll" = "%le CLSID généré%"

– [HKLM\SOFTWARE\Microsoft\MSAS\sdat]
   • %chemins et noms de fichier des copies de logiciel malveillant%

– [HKLM\SOFTWARE\Microsoft\MSAS\kdat]
   • %chemins vers les copies de logiciel malveillant%

Email Il contient un moteur SMTP intégré pour envoyer des emails. Une connexion directe avec le serveur destination sera établie. Les caractéristiques sont décrites ci-dessous:

De:
L'adresse de l'expéditeur est falsifiée.
Adresses générées. Ne pas supposer pas que c'était l'intention de l'expéditeur de vous envoyer cet email. Il est possible qu'il ne sache pas qu'il est infecté ou il est possible qu'il ne soit pas du tout infecté. En outre, il est possible que vous receviez des emails en retour vous signifiant que vous êtes infecté. Ceci pourrait également ne pas être le cas.
L'expéditeur de cet e-mail est ce qui suit:
   • user%chaîne de caractères aléatoire de cinq digits%@%le domaine de l'expéditeur%

A:
– Les adresses email trouvés dans des fichiers spécifiques du système.
– les adresses d'email recueillies du WAB (Windows Address Book)

Sujet:
Le sujet de l'email est construit de ce que suit:

    Il commence avec un des suivants:
   • Encrypted
   • Protected
   • Secure

    Continué par un des suivants:
   • E-mail
   • Mail
   • Message

    Parfois continue par un des suivants:
   • from %le domaine de l'expéditeur% user
   • Service
   • Service (%le domaine de l'expéditeur%)
   • System
   • System (%le domaine de l'expéditeur%)

Corps:
Le corps de l'email est un des suivants:

   • Message is attached.

Continué par ce qui suit:

   • ID: %chaîne de caractères aléatoire de cinq digits%
     Pass: %chaîne de caractères aléatoire%

Continué par ce qui suit:

   • Thank you,
     %email subject%,
     %le domaine de l'expéditeur%

   • Sincerely,
     %email subject%,
     %le domaine de l'expéditeur%

   • Best Regards,
     %email subject%,
     %le domaine de l'expéditeur%

Pièce jointe:
Le nom de fichier de l'attachement est un des suivants:
   • data.zip
   • mail.zip
   • message.zip
   • msg.zip

L'attachement est une copie du malware décrit ci-dessous: HTML/Feebs.Gen

L'email ressemble à celui-ci:

Envoie de messages La création des adresses pour champ DE:
Il utilise la même liste de domaine que mentionné ci-dessus.

Le domaine est un de ceux qui suivent:
   • aol.com
   • gmail.com
   • hotmail.com
   • msn.com
   • yahoo.com

P2P Afin d'infecter d'autres systèmes d'exploitation dans la communauté en réseau peer-to-peer, l'action suivante est entreprise:

–   Il cherche les répertoires qui contient une des sous chaîne de caractères suivantes:
   • share
   • download
   • incoming

   En cas de succès, les fichiers suivants sont créés:
   • 3dsmax_9_(3D_Studio_Max)_new!_full+crack.zip
   • ACDSee_9_new!_full+crack.zip
   • Adobe_Photoshop_10_(CS3)_new!_full+crack.zip
   • Adobe_Premiere_9_(2.0_pro)_new!_full+crack.zip
   • Ahead_Nero_8_new!_full+crack.zip
   • DivX_7.0_new!_full+crack.zip
   • ICQ_2006_new!_full+crack.zip
   • Internet_Explorer_7_new!_full+crack.zip
   • Kazaa_4_new!_full+crack.zip
   • Longhorn_new!_full+crack.zip
   • Microsoft_Office_2006_new!_full+crack.zip
   • winamp_5.2_new!_full+crack.zip

Porte dérobée Les ports suivants sont ouverts:

– svchost.exe sur le port TCP 80 afin de fournir un serveur HTTP
– svchost.exe sur un port TCP aléatoire afin de fournir de capacités de porte dérobée

Serveur de contact:
Un des suivants::
   • ivj.t**********
   • baby4122740.nm**********
   • jim2306524.nm**********
   • smith7633695.nm**********
   • users.cjb.net/jim2306524**********
   • users.cjb.net/baby4122740**********
   • users.cjb.net/smith7633695**********

L'injection du code viral dans d'autres processus – Il injecte le fichier suivant dans un processus: ms%chaîne de caractères aléatoire de deux digits%32.dll

Nom du processus:
• explorer.exe

Informations divers Connexion Internet:
Afin de vérifier sa connexion Internet, les serveurs DNS suivants sont contactés
   • AOL.com
   • login.icq.com
   • yahoo.com
   • msn.com
   • gmail.com

La technologie Rootkit C'est une technologie spécifique au malware. Le malware cache sa présence aux utilitaires de système, applications de sécurité et à la fin, à l'utilisateur.

Il cache les suivants:
– Ses propres fichiers
– Ses propres clés de registre

La méthode utilisée:
• Caché de Windows API

Détails de fichier Logiciel de compression des fichiers exécutables:
Afin d'entraver la détection et de réduire la taille du fichier il est compressé avec un logiciel de compression des exécutables.

Description insérée par Irina Boldea le mardi 20 juin 2006
Description mise à jour par Irina Boldea le mercredi 13 septembre 2006

Retour . . . .

Réparer votre PC ?

Produits phares

Plus de produits

Les plus populaires

Tous les produits

Particuliers

Entreprises

Virus Lab

Support avancé

Programme Avira Partner

Particuliers

Entreprises

Une simple évaluation vous suffit ?

Manuels et outils

Produits phares

Plus de produits

Les plus populaires

Tous les produits

Particuliers

Entreprises

Virus Lab

Support avancé

Programme Avira Partner

Particuliers

Entreprises

Une simple évaluation vous suffit ?

Manuels et outils