PCの修理が必要ですか?
専門家に頼む
ウイルスWorm/Feebs.AH.2
発見日:23/02/2006
タイプワーム
感染報告有りいいえ
感染報告
感染の可能性中~高
ダメージ・ポテンシャル
スタティック・ファイルはい
ファイル・サイズ58.006 バイト
MD5 チェックサム9b40c973384e689f3ec34669a8ff62bc
VDFファージョン:6.33.01.20 - 2006年2月23日木曜日
IVDFファージョン:6.33.01.20 - 2006年2月23日木曜日

 一般情報 感染方法
   • Eメール
   • P2P(ピアツーピア)


別名
   •  Eset Win32/Mocalo.BU


プラットフォーム/OS:
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


副作用
   • 悪意ファイルを作成します。
   • それ自身のメール・エンジンを利用します。
   • レジストリの改変。
   • 情報を盗みます。
   • サード・パーティ・コントロール

 ファイル それ自体を以下の場所にコピーします。
   • %SYSDIR%\ms%2桁のランダムな文字列%.exe



最初に実行したコピーの方を削除します。



以下のファイルが作成されます:

– c:\b 詳しい調査の結果、このファイルもマルウェアであることが判明しました。 以下のように検出されました: Worm/Feebs.AS

%SYSDIR%\ms%2桁のランダムな文字列%32.dll 作成が完了した後、起動されます。 詳しい調査の結果、このファイルもマルウェアであることが判明しました。 以下のように検出されました: Worm/Feebs.AS




ファイルをダウンロードしようとします:

– 場所は以下の通りです:
   • http://mary2384300.by.ru/**********
   • http://mary2384300.by.ru/**********
   • http://mary2384300.by.ru/**********
   • http://hdk.by.ru/**********
これを書き込んだ時点で、インターネット上でこのファイルにアクセスできなかったため、詳しい調査ができませんでした。

 レジストリ 以下のレジストリ・キーの値が消えています:

   • HKLM\SYSTEM\CurrentControlSet\Services\.NET CLR Data\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\.NET CLR Data\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\.NET CLR Data\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\.NET CLR Networking\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\.NET CLR Networking\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\.NETFramework\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\.NETFramework\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\.NETFramework\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Abiosdsk\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Abiosdsk\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Abiosdsk\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\abp480n5\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\abp480n5\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\abp480n5\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ACPI\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ACPI\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ACPI\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ACPIEC\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ACPIEC\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ACPIEC\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\adpu160m\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\adpu160m\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\adpu160m\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\AFD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\AFD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\AFD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\agp440\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\agp440\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\agp440\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Aha154x\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Aha154x\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Aha154x\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\aic78u2\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\aic78u2\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\aic78u2\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\aic78xx\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\aic78xx\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\aic78xx\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Alerter\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Alerter\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Alerter\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ALG\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ALG\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ALG\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\AliIde\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\AliIde\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\AliIde\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\amsint\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\amsint\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\amsint\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\AppMgmt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\AppMgmt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\AppMgmt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\asc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\asc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\asc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\asc3350p\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\asc3350p\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\asc3350p\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\asc3550\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\asc3550\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\asc3550\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\AsyncMac\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\AsyncMac\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\AsyncMac\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\atapi\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\atapi\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\atapi\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Atdisk\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Atdisk\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Atdisk\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Atmarpc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Atmarpc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Atmarpc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ATS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ATS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ATS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\AudioSrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\AudioSrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\AudioSrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\audstub\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\audstub\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\audstub\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\BattC\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\BattC\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\BattC\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Beep\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Beep\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Beep\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\BITS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\BITS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\BITS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Browser\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Browser\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Browser\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\cbidf2k\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\cbidf2k\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\cbidf2k\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\cd20xrnt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\cd20xrnt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\cd20xrnt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Cdaudio\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Cdaudio\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Cdaudio\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Cdfs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Cdfs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Cdfs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Cdrom\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Cdrom\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Cdrom\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Changer\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Changer\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Changer\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\cisvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\cisvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\cisvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ClipSrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ClipSrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ClipSrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\CmdIde\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\CmdIde\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\CmdIde\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\COMSysApp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\COMSysApp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ContentFilter\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ContentFilter\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ContentFilter\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ContentIndex\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ContentIndex\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ContentIndex\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Cpqarray\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Cpqarray\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Cpqarray\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\CryptSvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\CryptSvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\CryptSvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dac2w2k\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dac2w2k\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dac2w2k\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dac960nt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dac960nt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dac960nt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Dhcp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Dhcp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Disk\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Disk\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Disk\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dmadmin\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dmadmin\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dmadmin\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dmboot\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dmboot\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dmboot\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dmio\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dmio\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dmio\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dmload\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dmload\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dmload\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dmserver\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dmserver\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dmserver\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Dnscache\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Dnscache\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dpti2o\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dpti2o\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dpti2o\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ERSvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ERSvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ERSvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Eventlog\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Eventlog\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\EventSystem\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\EventSystem\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\EventSystem\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Fastfat\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Fastfat\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Fastfat\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\FastUserSwitchingCompatibility\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\FastUserSwitchingCompatibility\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Fdc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Fdc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Fdc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Fips\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Fips\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Fips\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Flpydisk\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Flpydisk\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Flpydisk\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Fs_Rec\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Fs_Rec\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Fs_Rec\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Ftdisk\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Ftdisk\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Ftdisk\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Fundelete\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Fundelete\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Fundelete\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Gpc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Gpc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Gpc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\helpsvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\helpsvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\helpsvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\hgfs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\hgfs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\hgfs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\HidServ\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\HidServ\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\HidServ\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\hpn\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\hpn\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\hpn\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\hpt3xx\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\hpt3xx\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\hpt3xx\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\i2omgmt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\i2omgmt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\i2omgmt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\i2omp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\i2omp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\i2omp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\i8042prt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\i8042prt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\i8042prt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Imapi\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Imapi\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Imapi\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ImapiService\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ImapiService\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ImapiService\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\inetaccs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\inetaccs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\inetaccs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ini910u\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ini910u\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ini910u\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Inport\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Inport\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Inport\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\IntelIde\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\IntelIde\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\IntelIde\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\IpFilterDriver\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\IpFilterDriver\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\IpFilterDriver\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\IpInIp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\IpInIp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\IpInIp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\IpNat\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\IpNat\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\IpNat\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\IPSec\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\IPSec\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\IPSec\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\IRENUM\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\IRENUM\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\IRENUM\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ISAPISearch\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ISAPISearch\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ISAPISearch\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\isapnp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\isapnp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\isapnp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Kbdclass\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Kbdclass\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Kbdclass\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\KSecDD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\KSecDD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\KSecDD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\lanmanserver\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\lanmanserver\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\lanmanworkstation\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\lanmanworkstation\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\lanmanworkstation\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\lbrtfdc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\lbrtfdc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\lbrtfdc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ldap\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ldap\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ldap\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\LicenseService\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\LicenseService\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\LicenseService\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\LmHosts\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\LmHosts\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\LmHosts\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Messenger\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Messenger\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Messenger\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\mnmdd\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\mnmdd\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\mnmdd\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\mnmsrvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\mnmsrvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\mnmsrvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Modem\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Modem\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Modem\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Mouclass\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Mouclass\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Mouclass\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\MountMgr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\MountMgr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\MountMgr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\mraid35x\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\mraid35x\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\mraid35x\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\MRxDAV\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\MRxDAV\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\MRxDAV\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\MRxSmb\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\MRxSmb\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\MRxSmb\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\MSDTC\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\MSDTC\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\MSDTC\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Msfs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Msfs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Msfs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\MSIServer\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\MSIServer\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\MSIServer\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\msServerForm\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\msServerForm\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\msServerForm\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Mup\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Mup\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Mup\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NDIS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NDIS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NDIS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NdisTapi\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NdisTapi\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NdisTapi\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Ndisuio\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Ndisuio\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Ndisuio\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NdisWan\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NdisWan\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NdisWan\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NDProxy\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NDProxy\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NDProxy\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NetBIOS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NetBIOS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NetBIOS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NetBT\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NetBT\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NetBT\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NetDDE\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NetDDE\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NetDDE\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NetDDEdsdm\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NetDDEdsdm\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NetDDEdsdm\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Netlogon\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Netlogon\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Netman\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Netman\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Netman\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Nla\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Nla\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Nla\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\nm\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\nm\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\nm\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NPF\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NPF\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NPF\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Npfs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Npfs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Npfs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Ntfs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Ntfs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Ntfs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NtLmSsp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NtLmSsp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NtLmSsp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NtmsSvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NtmsSvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NtmsSvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Null\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Null\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Null\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NwlnkFlt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NwlnkFlt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NwlnkFlt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NwlnkFwd\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NwlnkFwd\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NwlnkFwd\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Parport\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Parport\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Parport\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PartMgr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PartMgr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PartMgr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ParVdm\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ParVdm\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ParVdm\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PCI\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PCI\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PCI\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PCIDump\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PCIDump\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PCIDump\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PCIIde\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PCIIde\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PCIIde\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Pcmcia\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Pcmcia\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Pcmcia\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PCnet\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PCnet\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PCnet\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PDCOMP\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PDCOMP\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PDCOMP\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PDFRAME\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PDFRAME\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PDFRAME\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PDRELI\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PDRELI\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PDRELI\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PDRFRAME\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PDRFRAME\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PDRFRAME\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\perc2\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\perc2\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\perc2\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\perc2hib\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\perc2hib\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\perc2hib\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PerfDisk\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PerfDisk\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PerfDisk\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PerfNet\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PerfNet\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PerfNet\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PerfOS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PerfOS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PerfOS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PerfProc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PerfProc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PerfProc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PlugPlay\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PlugPlay\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PolicyAgent\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PolicyAgent\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PptpMiniport\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PptpMiniport\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PptpMiniport\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Processor\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Processor\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Processor\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ProtectedStorage\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ProtectedStorage\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ProtectedStorage\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PSSdk21\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PSSdk21\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Ptilink\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Ptilink\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Ptilink\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ql1080\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ql1080\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ql1080\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Ql10wnt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Ql10wnt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Ql10wnt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ql12160\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ql12160\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ql12160\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ql1240\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ql1240\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ql1240\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ql1280\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ql1280\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ql1280\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RasAcd\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RasAcd\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RasAcd\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RasAuto\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RasAuto\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RasAuto\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Rasl2tp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Rasl2tp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Rasl2tp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RasMan\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RasMan\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RasMan\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RasPppoe\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RasPppoe\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RasPppoe\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Raspti\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Raspti\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Raspti\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Rdbss\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Rdbss\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Rdbss\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RDPCDD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RDPCDD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RDPCDD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RDPDD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RDPDD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RDPDD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\rdpdr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\rdpdr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\rdpdr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RDPNP\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RDPNP\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RDPNP\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RDPWD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RDPWD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RDPWD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RDSessMgr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RDSessMgr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RDSessMgr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\redbook\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\redbook\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\redbook\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RemoteAccess\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RemoteAccess\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RemoteRegistry\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\rpcapd\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\rpcapd\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\rpcapd\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RpcLocator\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RpcLocator\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RpcLocator\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RpcSs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RpcSs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RpcSs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RSVP\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RSVP\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RSVP\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SamSs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SamSs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SamSs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SCardDrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SCardDrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SCardDrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SCardSvr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SCardSvr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SCardSvr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Schedule\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Schedule\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Schedule\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Secdrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Secdrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Secdrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\seclogon\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\seclogon\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\seclogon\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SENS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SENS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SENS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\serenum\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\serenum\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\serenum\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Serial\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Serial\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Serial\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Sfloppy\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Sfloppy\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Sfloppy\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SharedAccess\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SharedAccess\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ShellHWDetection\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ShellHWDetection\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ShellHWDetection\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Simbad\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Simbad\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Simbad\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Sparrow\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Sparrow\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Sparrow\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Spooler\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Spooler\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Spooler\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\sr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\sr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\sr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\srservice\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\srservice\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\srservice\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Srv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Srv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Srv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SSDPSRV\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SSDPSRV\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SSDPSRV\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\stisvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\stisvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\stisvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\swenum\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\swenum\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\swenum\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SwPrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SwPrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SwPrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\symc810\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\symc810\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\symc810\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\symc8xx\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\symc8xx\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\symc8xx\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\sym_hi\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\sym_hi\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\sym_hi\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\sym_u3\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\sym_u3\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\sym_u3\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SysmonLog\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SysmonLog\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TapiSrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TapiSrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TapiSrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Tcpip\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Tcpip\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TDPIPE\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TDPIPE\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TDPIPE\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TDTCP\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TDTCP\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TDTCP\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TermDD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TermDD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TermDD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TermService\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TermService\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TermService\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Themes\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Themes\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Themes\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TlntSvr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TlntSvr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TosIde\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TosIde\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TosIde\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TrkWks\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TrkWks\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TrkWks\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TSDDD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TSDDD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TSDDD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Udfs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Udfs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Udfs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ultra\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ultra\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ultra\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Update\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Update\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Update\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\uploadmgr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\uploadmgr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\uploadmgr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\upnphost\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\upnphost\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\upnphost\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\UPS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\UPS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\UPS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\usbhub\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\usbhub\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\usbhub\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\usbuhci\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\usbuhci\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\usbuhci\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\VgaSave\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\VgaSave\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\VgaSave\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ViaIde\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ViaIde\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ViaIde\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\vmmouse\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\vmmouse\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\vmmouse\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\vmscsi\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\vmscsi\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\vmscsi\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\VMTools\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\VMTools\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\VMTools\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\vmxnet\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\vmxnet\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\vmxnet\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\vmx_svga\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\vmx_svga\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\vmx_svga\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\VolSnap\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\VolSnap\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\VolSnap\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\VSS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\VSS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\VSS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\W32Time\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\W32Time\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\W32Time\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\W3SVC\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\W3SVC\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Wanarp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Wanarp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Wanarp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WDICA\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WDICA\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WDICA\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WebClient\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WebClient\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WebClient\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\winmgmt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\winmgmt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\winmgmt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Winsock\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Winsock\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Winsock\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WinSock2\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WinSock2\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WinTrust\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WinTrust\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WinTrust\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WmdmPmSp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WmdmPmSp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WmdmPmSp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Wmi\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Wmi\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Wmi\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WmiApRpl\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WmiApSrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WmiApSrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WmiApSrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\wuauserv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\wuauserv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WZCSVC\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WZCSVC\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WZCSVC\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\{05BB3C9D-06ED-4297-9D99-6161259BCE4E}\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\{05BB3C9D-06ED-4297-9D99-6161259BCE4E}\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\{05BB3C9D-06ED-4297-9D99-6161259BCE4E}\FailureActions



以下のレジストリ・キーが追加されます:

– [HKLM\Software\Microsoft\MSAS]
   • "ver" = e
   • "drx" = %hex値%
   • "fst" = %hex値%
   • "cls" = {%hex値%}
   • "clo" = ms%2桁のランダムな文字列%
   • "buf" = ms%2桁のランダムな文字列%.db
   • "dll" = ms%2桁のランダムな文字列%32.dll
   • "exe" = ms%2桁のランダムな文字列%.exe
   • "dir" = drivers\ms%2桁のランダムな文字列%\
   • "sca" = %hex値%
   • "cd" = %hex値%
   • "pid" = %hex値%
   • "mti" = %hex値%
   • "duc" = %hex値%
   • "huk" = %hex値%
   • "uzc" = %hex値%
   • "usc" = %hex値%
   • "use" = %hex値%
   • "inv" = %hex値%
   • "port" = %hex値%
   • "ton" = %hex値%
   • "con" = %hex値%
   • "upd" = %hex値%
   • "bps" = %hex値%

– [HKLM\Software\Microsoft\MSAS\%ランダムな文字列%dat]
   • %収集されたメールアドレス%

– [HKCU\Software\Microsoft\Internet Explorer]
   • "web" = "http://popcapfree.t35.com/"

– [HKCR\CLSID\%作成された CLSID%\InprocServer32]
   • "ThreadingModel" = "Both"
   • "@" = "%sysdir%\ms%2桁のランダムな文字列%32.dll"

– [HKLM\Software\Microsoft\Windows\CurrentVersion\
   ShellServiceObjectDelayLoad]
   • "ms%2桁のランダムな文字列%32.dll" = "%作成された CLSID%"

– [HKLM\SOFTWARE\Microsoft\MSAS\sdat]
   • %マルウェアのコピーのパス及びファイルの名前%

– [HKLM\SOFTWARE\Microsoft\MSAS\kdat]
   • %マルウェアのコピーへのパス%

 Eメール それはメールを送るためSMTPエンジンが搭載されています。送り先のサーバとの直接接続が構築されます。特徴は以下の通りです:


送信者
送信者のアドレスは改変されています(spoof)。
作成されたアドレスです。送信者は送る意図があって送ったわけではありません。送信者は、感染されたことに気づいていないかもしれませんし、まったく感染していないかもしれません。さらに、あなたが感染されたと告げる多数のメールを受け取る可能性があります。これも真実ではないことがあります。
メールの送信者は以下の通りです:
   • user%5桁のランダムな文字列%@%送信者のドメイン%


宛先:
– システム内のあるファイルにあるメールアドレス
– ウインドウズ・アドレス帳(WAB)を使って集められたメールアドレス


件名
メールの件名は以下の中から構成されます:

    以下のうちのどれかで始まります:
   • Encrypted
   • Protected
   • Secure

    以下のうちのどれかが続きます:
   • E-mail
   • Mail
   • Message

    その後に以下のうちのどれかが続くことがあります:
   • from %送信者のドメイン% user
   • Service
   • Service (%送信者のドメイン%)
   • System
   • System (%送信者のドメイン%)


本文
メールの本文は以下のうちのどれかです:

   • Message is attached.


以下のものが続きます:

   • ID: %5桁のランダムな文字列%
     Pass: %ランダムな文字列%


以下のものが続きます:

   • Thank you,
     %email subject%,
     %送信者のドメイン%

   • Sincerely,
     %email subject%,
     %送信者のドメイン%

   • Best Regards,
     %email subject%,
     %送信者のドメイン%


添付ファイル
添付ファイルの名前は:
   • data.zip
   • mail.zip
   • message.zip
   • msg.zip

この添付ファイルは、ここで説明されているマルウェアのコピーです: HTML/Feebs.Gen



メールは以下のようなものです:


 送信  FROM欄のためのアドレス作成
上記のドメイン表と同じものを利用します。

ドメインは以下の通りです:
   • aol.com
   • gmail.com
   • hotmail.com
   • msn.com
   • yahoo.com

 P2P P2P(ピアツーピア)ネットワーク内の他のシステムに感染するため、以下のアクションを実行します:


   以下のサブストリング(substring)を含むディレクトリを検索します:
   • share
   • download
   • incoming

   成功すると、以下のファイルが作成されます:
   • 3dsmax_9_(3D_Studio_Max)_new!_full+crack.zip
   • ACDSee_9_new!_full+crack.zip
   • Adobe_Photoshop_10_(CS3)_new!_full+crack.zip
   • Adobe_Premiere_9_(2.0_pro)_new!_full+crack.zip
   • Ahead_Nero_8_new!_full+crack.zip
   • DivX_7.0_new!_full+crack.zip
   • ICQ_2006_new!_full+crack.zip
   • Internet_Explorer_7_new!_full+crack.zip
   • Kazaa_4_new!_full+crack.zip
   • Longhorn_new!_full+crack.zip
   • Microsoft_Office_2006_new!_full+crack.zip
   • winamp_5.2_new!_full+crack.zip


 バックドア 以下のポートが開かれます:

– svchost.exe TCPポートに 80 HTTPサーバを供給するため
– svchost.exe 無作為に選ばれたTCPポート上に バックドアを開くため


サーバに接続します。
以下のうちのどれか1つ:
   • ivj.t**********
   • baby4122740.nm**********
   • jim2306524.nm**********
   • smith7633695.nm**********
   • users.cjb.net/jim2306524**********
   • users.cjb.net/baby4122740**********
   • users.cjb.net/smith7633695**********


 挿入(Injection) –  以下のファイルをプロセスに挿入させます: ms%2桁のランダムな文字列%32.dll

    プロセス名:|以下のうちの1つ:
   • explorer.exe


 その他 インターネット接続
インターネット接続をチェックするため、以下のDNSサーバにつなぎます:
   • AOL.com
   • login.icq.com
   • yahoo.com
   • msn.com
   • gmail.com

 ルートキット・テクノロジー(Rootkit Technology) それはマルウェア特有のテクノロジーです。マルウェアはその存在を、システム・ユーティリティー、セキュリティー・アプリケーション、そしてユーザ自身からも隠します。


以下のものを隠します:
– それ自身のファイル
– それ自身のレジストリ・キー


使用されているメソッド:
    • ウインドウズAPIから隠されています:

 ファイルの詳細 ランタイム・パッカー
検出されにくくするため、またファイルのサイズを縮小するため、ランタイム・パッカーで圧縮してあります。

説明の挿入者 Irina Boldea の 2006年9月13日水曜日
説明の更新者 Irina Boldea の 2006年10月4日水曜日

戻る . . . .
https:// このウィンドウは暗号化されています。