Descrizione completa

Nome del virus:	Worm/Brontok.Q.153
Scoperto:	14/08/2009
Tipo:	Worm
In circolazione (ITW):	Si
Numero delle infezioni segnalate:	Medio-Basso
Potenziale di propagazione:	Medio-Basso
Potenziale di danni:	Medio-Basso
File statico:	Si
Dimensione del file:	43.476 Byte
Somma di controllo MD5:	a042ec98487ca36544b4281c80a1a4a2
Versione IVDF:	7.01.05.117 - venerdì 14 agosto 2009

Generale Alias:
   • Mcafee: W32/Rontokbro.gen
   • Sophos: W32/Brontok-Gen
   • Panda: W32/Brontok.L.worm
   • Eset: Win32/Brontok.DJ
   • Bitdefender: Trojan.Generic.1934606

Piattaforme / Sistemi operativi:
   • Windows 2000
   • Windows XP
   • Windows 2003

Effetti secondari:
   • Scarica file “maligni”
   • Duplica file “maligni”
   • Abbassa le impostazioni di sicurezza
   • Modifica del registro

File Si copia alle seguenti posizioni:
   • %SYSDIR%\Administrator's Setting.scr
   • %HOME%\Local Settings\Application Data\smss.exe
   • %HOME%\Start Menu\Programs\Startup\Empty.pif
   • %HOME%\Templates\Brengkolang.com
   • %WINDIR%\KesenjanganSosial.exe
   • %WINDIR%\ShellNew\RakyatKelaparan.exe
   • %HOME%\Local Settings\Application Data\lsass.exe
   • %SYSDIR%\cmd-brontok.exe
   • %HOME%\Local Settings\Application Data\csrss.exe
   • %HOME%\Local Settings\Application Data\inetinfo.exe
   • %HOME%\Local Settings\Application Data\winlogon.exe
   • %HOME%\Local Settings\Application Data\services.exe
   • %SYSDIR%\drivers\etc\hosts-Denied By-Administrator.com

Sovrascrive i seguenti file.
– %SYSDIR%\drivers\etc\hosts
– C:\autoexec.bat

Cancella la copia di se stesso eseguita inizialmente.

Cancella i seguenti file:
   • %HOME%\Local Settings\Application Data\BronFoldNetDomList.txt
   • %HOME%\Local Settings\Application Data\Update.15.Bron.Tok.bin
   • %HOME%\Local Settings\Application Data\BronNetDomList.bat
   • %HOME%\Local Settings\Application Data\BronNPath0.txt

Vengono creati i seguenti file:

– %HOME%\Local Settings\Application Data\BronNPath0.txt
– %HOME%\Local Settings\Application Data\Kosong.Bron.Tok.txt
– %HOME%\Local Settings\Application Data\ListHost15.txt
– %HOME%\Local Settings\Application Data\BronFoldNetDomList.txt
– %HOME%\Local Settings\Application Data\Update.15.Bron.Tok.bin
– %HOME%\Local Settings\Application Data\Bron.tok.A15.em.bin
– %HOME%\Local Settings\Application Data\BronNetDomList.bat Viene eseguito ulteriormente dopo che è stato completamente creato. Questo file automatico è utilizzato per cancellare un file.

Prova a scaricare dei file:

– La posizione è la seguente:
   • http://www.geocities.com/sbllma5/**********

– La posizione è la seguente:
   • http://www.geocities.com/sbllma5/**********

– La posizione è la seguente:
   • http://www.geocities.com/sbllma5/**********

Prova ad eseguire i seguenti file:

– Nome del file:
   • explorer.exe

– Nome del file:
   • "%HOME%\Local Settings\Application Data\smss.exe"

– Nome del file:
   • "%HOME%\Local Settings\Application Data\winlogon.exe"

– Nome del file:
   • at /delete /y

– Nome del file:
   • at 17:08 /every:M,T,W,Th,F,S,Su "%HOME%\Templates\Brengkolang.com"

– Nome del file:
   • "%HOME%\Local Settings\Application Data\services.exe"

– Nome del file:
   • "%HOME%\Local Settings\Application Data\lsass.exe"

– Nome del file:
   • "%HOME%\Local Settings\Application Data\inetinfo.exe"

– Nome del file:
   • cmd /c "%HOME%\Local Settings\Application Data\BronNetDomList.bat"

– Nome del file:
   • ping kaskus.com -n 250 -l 747

Registro Le seguenti chiavi di registro vengono aggiunte per eseguire i processi dopo il riavvio:

Vengono aggiunte le seguenti chiavi di registro:

– [HKLM\SOFTWARE\Classes\Interface\
   {27636B00-410F-11CF-B1FF-02608C9E7553}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {32FB6780-1ED0-11CF-A988-00AA006BC149}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {32FB6780-1ED0-11CF-A988-00AA006BC149}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
   • "NoFolderOptions"=dword:0x00000001

– [HKLM\SOFTWARE\Classes\Interface\
   {398B7DA0-4AAB-11CF-AE2C-00AA006EBFB9}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {3E37E320-17E2-11CF-ABC4-02608C9E7553}]
   • "@"="IADsUser"

– [HKLM\SOFTWARE\Classes\Interface\
   {72B945E0-253B-11CF-A988-00AA006BC149}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {46F14FDA-232B-11D1-A808-00C04FD8D5A8}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {32FB6780-1ED0-11CF-A988-00AA006BC149}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {370DF02E-F934-11D2-BA96-00C04FB6D0D1}]
   • "@"="IADsDNWithString"

– [HKLM\SOFTWARE\Classes\Interface\
   {27636B00-410F-11CF-B1FF-02608C9E7553}]
   • "@"="IADsGroup"

– [HKLM\SOFTWARE\Classes\Interface\
   {5BB11929-AFD1-11D2-9CB9-0000F87A369E}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {28B96BA0-B330-11CF-A9AD-00AA006BC149}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {001677D0-FD16-11CE-ABC4-02608C9E7553}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {34A05B20-4AAB-11CF-AE2C-00AA006EBFB9}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {27636B00-410F-11CF-B1FF-02608C9E7553}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {124BE5C0-156E-11CF-A986-00AA006BC149}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {05792C8E-941F-11D0-8529-00C04FD8D503}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {46F14FDA-232B-11D1-A808-00C04FD8D5A8}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {46F14FDA-232B-11D1-A808-00C04FD8D5A8}]
   • "@"="IADsObjectOptions"

– [HKLM\SOFTWARE\Classes\Interface\
   {451A0030-72EC-11CF-B03B-00AA006E0975}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {5D7B33F0-31CA-11CF-A98A-00AA006BC149}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {72B945E0-253B-11CF-A988-00AA006BC149}]
   • "@"="IADsCollection"

– [HKLM\SOFTWARE\Classes\Interface\
   {34A05B20-4AAB-11CF-AE2C-00AA006EBFB9}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {451A0030-72EC-11CF-B03B-00AA006E0975}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {00E4C220-FD16-11CE-ABC4-02608C9E7553}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {68AF66E0-31CA-11CF-A98A-00AA006BC149}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {34A05B20-4AAB-11CF-AE2C-00AA006EBFB9}]
   • "@"="IADsResource"

– [HKLM\SOFTWARE\Classes\Interface\
   {306E831C-5BC7-11D1-A3B8-00C04FB950DC}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {05792C8E-941F-11D0-8529-00C04FD8D503}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {5BB11929-AFD1-11D2-9CB9-0000F87A369E}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {05792C8E-941F-11D0-8529-00C04FD8D503}]
   • "@"="IADsPropertyEntry"

– [HKLM\SOFTWARE\Classes\Interface\
   {306E831C-5BC7-11D1-A3B8-00C04FB950DC}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {00E4C220-FD16-11CE-ABC4-02608C9E7553}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {28B96BA0-B330-11CF-A9AD-00AA006BC149}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {124BE5C0-156E-11CF-A986-00AA006BC149}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {3E37E320-17E2-11CF-ABC4-02608C9E7553}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {5D7B33F0-31CA-11CF-A98A-00AA006BC149}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {370DF02E-F934-11D2-BA96-00C04FB6D0D1}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {6C6D65DC-AFD1-11D2-9CB9-0000F87A369E}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {28B96BA0-B330-11CF-A9AD-00AA006BC149}]
   • "@"="IADsNamespaces"

– [HKLM\SOFTWARE\Classes\Interface\
   {6C6D65DC-AFD1-11D2-9CB9-0000F87A369E}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {05792C8E-941F-11D0-8529-00C04FD8D503}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {5D7B33F0-31CA-11CF-A98A-00AA006BC149}]
   • "@"="IADsServiceOperations"

– [HKLM\SOFTWARE\Classes\Interface\
   {6C6D65DC-AFD1-11D2-9CB9-0000F87A369E}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {27636B00-410F-11CF-B1FF-02608C9E7553}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {3E37E320-17E2-11CF-ABC4-02608C9E7553}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {32FB6780-1ED0-11CF-A988-00AA006BC149}]
   • "@"="IADsPrintJob"

– [HKLM\SOFTWARE\Classes\Interface\
   {68AF66E0-31CA-11CF-A98A-00AA006BC149}]
   • "@"="IADsService"

– [HKLM\SOFTWARE\Classes\Interface\
   {5BB11929-AFD1-11D2-9CB9-0000F87A369E}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {68AF66E0-31CA-11CF-A98A-00AA006BC149}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {398B7DA0-4AAB-11CF-AE2C-00AA006EBFB9}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {451A0030-72EC-11CF-B03B-00AA006E0975}]
   • "@"="IADsMembers"

– [HKLM\SOFTWARE\Classes\Interface\
   {370DF02E-F934-11D2-BA96-00C04FB6D0D1}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {72B945E0-253B-11CF-A988-00AA006BC149}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {124BE5C0-156E-11CF-A986-00AA006BC149}]
   • "@"="IADsPrintQueueOperations"

– [HKLM\SOFTWARE\Classes\Interface\
   {306E831C-5BC7-11D1-A3B8-00C04FB950DC}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {6C6D65DC-AFD1-11D2-9CB9-0000F87A369E}]
   • "@"="IADsWinNTSystemInfo"

– [HKLM\SOFTWARE\Classes\Interface\
   {124BE5C0-156E-11CF-A986-00AA006BC149}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKCU\software\microsoft\windows\currentversion\Policies\System]
   • "DisableCMD"=dword:0x00000000
   • "DisableRegistryTools"=dword:0x00000000

– [HKLM\SOFTWARE\Classes\Interface\
   {001677D0-FD16-11CE-ABC4-02608C9E7553}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {306E831C-5BC7-11D1-A3B8-00C04FB950DC}]
   • "@"="IADsPropertyValue2"

– [HKLM\SOFTWARE\Classes\Interface\
   {398B7DA0-4AAB-11CF-AE2C-00AA006EBFB9}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {00E4C220-FD16-11CE-ABC4-02608C9E7553}]
   • "@"="IADsDomain"

– [HKLM\SOFTWARE\Classes\Interface\
   {001677D0-FD16-11CE-ABC4-02608C9E7553}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {5BB11929-AFD1-11D2-9CB9-0000F87A369E}]
   • "@"="IADsADSystemInfo"

– [HKLM\SOFTWARE\Classes\Interface\
   {46F14FDA-232B-11D1-A808-00C04FD8D5A8}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {72B945E0-253B-11CF-A988-00AA006BC149}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {5D7B33F0-31CA-11CF-A98A-00AA006BC149}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {451A0030-72EC-11CF-B03B-00AA006E0975}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {3E37E320-17E2-11CF-ABC4-02608C9E7553}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {00E4C220-FD16-11CE-ABC4-02608C9E7553}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {398B7DA0-4AAB-11CF-AE2C-00AA006EBFB9}]
   • "@"="IADsSession"

– [HKLM\SOFTWARE\Classes\Interface\
   {001677D0-FD16-11CE-ABC4-02608C9E7553}]
   • "@"="IADsContainer"

– [HKLM\SOFTWARE\Classes\Interface\
   {28B96BA0-B330-11CF-A9AD-00AA006BC149}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {370DF02E-F934-11D2-BA96-00C04FB6D0D1}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {68AF66E0-31CA-11CF-A98A-00AA006BC149}\TypeLib]
   • "@"="{97D25DB0-0363-11CF-ABC4-02608C9E7553}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {34A05B20-4AAB-11CF-AE2C-00AA006EBFB9}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

Vengono cambiate le seguenti chiavi di registro:

– [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot]
   Nuovo valore:
   • "AlternateShell"="cmd-brontok.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   Nuovo valore:
   • "Shell"="Explorer.exe "%WINDIR%\KesenjanganSosial.exe""

– [HKCU\Software\Microsoft\Internet Explorer\Toolbar\Explorer]
   Nuovo valore:
   • "ITBarLayout"=hex:11,00,00,00,4C,00,00,00,00,00,00,00,34,00,00,00,1B,00,00,00,4E,00,00,00,01,00,00,00,20,07,00,00,A0,0F,00,00,05,00,00,00,62,05,00,00,26,00,00,00,02,00,00,00,21,07,00,00,A0,0F,00,00,04,00,00,00,21,01,00,00,A0,0F,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
   Nuovo valore:
   • "Hidden"=dword:0x00000000
   • "HideFileExt"=dword:0x00000001
   • "ShowSuperHidden"=dword:0x00000000

– [HKCU\Software\Microsoft\Internet Explorer\Toolbar]
   Nuovo valore:
   • "Locked"=dword:0x00000001

Host L'host del file viene modificato come spiegato:

– In questo caso i dati immessi già esistenti vengono cancellati.

Dettagli del file Software di compressione:
Per complicarne l'individuazione e ridurre la dimensione del file, viene compresso con un software di compressione.

Descrizione inserita da Petre Galan su mercoledì 23 giugno 2010
Descrizione aggiornata da Petre Galan su mercoledì 23 giugno 2010

Indietro . . . .

La migliore protezione per PC

Prodotti gratuiti

I prodotti piu conosciuti

Tutti i prodotti

Soluzioni unificate

Postazioni lavoro

Server

Soluzioni unificate

Mail Gateways

Web Gateways

Piattaforme di collaborazione

Per utenti privati

Per aziende

Virus Lab

Ulteriore supporto

Diventa un Partner di Avira

Per utenti privati

Per aziende

Desideri provare un prodotto?

Manuali e Strumenti