Worm/Feebs.AU - Worm

Ver também

Sumário

Descrição completa

Estatísticas

Vírus	Worm/Feebs.AU
Data em que surgiu:	23/03/2006
Tipo:	Worm
Incluído na lista "In The Wild"	Não
Nível de danos:	Baixo
Nível de distribuição:	De médio a elevado
Nível de risco:	Médio
Ficheiro estático:	Sim
Tamanho:	61.736 Bytes
MD5 checksum:	f33d5b2d4f29eba19fedcfa496121368
Versão VDF:	6.34.00.87
Versão IVDF:	6.34.00.87

Vulgarmente Meios de transmissão:
   • E-mail
   • Peer to Peer

Alias:
   • Symantec: W32.Feebs
   • TrendMicro: WORM_FEEBS.HO
   • Sophos: W32/Feebs-N
   • VirusBuster: Worm.Feebs.BI
   • Eset: Win32/Mocalo.BO

Sistemas Operativos:
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003

Efeitos secundários:
   • Descarrega ficheiros maliciosos
   • Utiliza o seu próprio motor de E-mail
   • Altera o registo do Windows
   • Informação de roubos
   • Possibilita acesso não autorizado ao computador

Ficheiros Autocopia-se para a seguinte localização:
   • %SYSDIR%\ms%dois caracteres aleatórios%.exe

Apaga a cópia executada inicialmente.

São criados os seguintes ficheiros:

– c:\b Outras investigações apontam para que este ficheiro, também, seja malware. Detectado como: WORM/Feebs.AS

– %SYSDIR%\ms%dois caracteres aleatórios%32.dll Além disso executa-se depois de gerado. Outras investigações apontam para que este ficheiro, também, seja malware. Detectado como: WORM/Feebs.AS

Tenta efectuar o download de alguns ficheiros:

– A partir das seguintes localizações:
   • http://fred5659033.by.ru/**********
   • http://fred5659033.by.ru/**********
   • http://fred5659033.by.ru/**********
   • http://hdk.by.ru/**********
Ainda em fase de pesquisa.

Registry (Registo do Windows) Os valores das seguintes chaves registo do windows são eliminados:

   • HKLM\SYSTEM\CurrentControlSet\Services\.NET CLR Data\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\.NET CLR Data\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\.NET CLR Data\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\.NET CLR Networking\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\.NET CLR Networking\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\.NETFramework\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\.NETFramework\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\.NETFramework\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Abiosdsk\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Abiosdsk\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Abiosdsk\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\abp480n5\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\abp480n5\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\abp480n5\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ACPI\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ACPI\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ACPI\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ACPIEC\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ACPIEC\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ACPIEC\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\adpu160m\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\adpu160m\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\adpu160m\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\AFD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\AFD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\AFD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\agp440\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\agp440\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\agp440\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Aha154x\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Aha154x\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Aha154x\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\aic78u2\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\aic78u2\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\aic78u2\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\aic78xx\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\aic78xx\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\aic78xx\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Alerter\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Alerter\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Alerter\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ALG\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ALG\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ALG\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\AliIde\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\AliIde\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\AliIde\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\amsint\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\amsint\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\amsint\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\AppMgmt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\AppMgmt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\AppMgmt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\asc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\asc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\asc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\asc3350p\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\asc3350p\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\asc3350p\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\asc3550\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\asc3550\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\asc3550\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\AsyncMac\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\AsyncMac\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\AsyncMac\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\atapi\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\atapi\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\atapi\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Atdisk\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Atdisk\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Atdisk\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Atmarpc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Atmarpc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Atmarpc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ATS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ATS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ATS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\AudioSrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\AudioSrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\AudioSrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\audstub\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\audstub\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\audstub\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\BattC\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\BattC\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\BattC\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Beep\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Beep\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Beep\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\BITS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\BITS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\BITS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Browser\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Browser\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Browser\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\cbidf2k\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\cbidf2k\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\cbidf2k\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\cd20xrnt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\cd20xrnt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\cd20xrnt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Cdaudio\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Cdaudio\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Cdaudio\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Cdfs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Cdfs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Cdfs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Cdrom\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Cdrom\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Cdrom\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Changer\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Changer\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Changer\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\cisvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\cisvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\cisvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ClipSrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ClipSrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ClipSrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\CmdIde\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\CmdIde\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\CmdIde\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\COMSysApp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\COMSysApp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ContentFilter\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ContentFilter\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ContentFilter\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ContentIndex\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ContentIndex\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ContentIndex\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Cpqarray\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Cpqarray\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Cpqarray\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\CryptSvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\CryptSvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\CryptSvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dac2w2k\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dac2w2k\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dac2w2k\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dac960nt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dac960nt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dac960nt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Dhcp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Dhcp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Disk\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Disk\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Disk\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dmadmin\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dmadmin\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dmadmin\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dmboot\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dmboot\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dmboot\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dmio\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dmio\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dmio\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dmload\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dmload\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dmload\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dmserver\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dmserver\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dmserver\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Dnscache\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Dnscache\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dpti2o\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dpti2o\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dpti2o\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ERSvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ERSvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ERSvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Eventlog\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Eventlog\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\EventSystem\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\EventSystem\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\EventSystem\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Fastfat\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Fastfat\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Fastfat\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\FastUserSwitchingCompatibility\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\FastUserSwitchingCompatibility\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Fdc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Fdc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Fdc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Fips\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Fips\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Fips\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Flpydisk\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Flpydisk\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Flpydisk\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Fs_Rec\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Fs_Rec\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Fs_Rec\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Ftdisk\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Ftdisk\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Ftdisk\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Fundelete\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Fundelete\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Fundelete\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Gpc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Gpc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Gpc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\helpsvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\helpsvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\helpsvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\hgfs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\hgfs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\hgfs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\HidServ\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\HidServ\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\HidServ\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\hpn\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\hpn\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\hpn\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\hpt3xx\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\hpt3xx\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\hpt3xx\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\i2omgmt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\i2omgmt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\i2omgmt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\i2omp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\i2omp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\i2omp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\i8042prt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\i8042prt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\i8042prt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Imapi\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Imapi\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Imapi\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ImapiService\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ImapiService\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ImapiService\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\inetaccs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\inetaccs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\inetaccs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ini910u\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ini910u\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ini910u\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Inport\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Inport\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Inport\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\IntelIde\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\IntelIde\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\IntelIde\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\IpFilterDriver\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\IpFilterDriver\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\IpFilterDriver\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\IpInIp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\IpInIp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\IpInIp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\IpNat\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\IpNat\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\IpNat\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\IPSec\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\IPSec\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\IPSec\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\IRENUM\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\IRENUM\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\IRENUM\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ISAPISearch\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ISAPISearch\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ISAPISearch\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\isapnp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\isapnp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\isapnp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Kbdclass\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Kbdclass\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Kbdclass\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\KSecDD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\KSecDD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\KSecDD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\lanmanserver\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\lanmanserver\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\lanmanworkstation\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\lanmanworkstation\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\lanmanworkstation\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\lbrtfdc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\lbrtfdc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\lbrtfdc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ldap\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ldap\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ldap\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\LicenseService\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\LicenseService\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\LicenseService\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\LmHosts\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\LmHosts\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\LmHosts\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Messenger\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Messenger\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Messenger\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\mnmdd\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\mnmdd\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\mnmdd\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\mnmsrvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\mnmsrvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\mnmsrvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Modem\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Modem\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Modem\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Mouclass\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Mouclass\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Mouclass\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\MountMgr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\MountMgr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\MountMgr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\mraid35x\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\mraid35x\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\mraid35x\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\MRxDAV\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\MRxDAV\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\MRxDAV\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\MRxSmb\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\MRxSmb\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\MRxSmb\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\MSDTC\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\MSDTC\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\MSDTC\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Msfs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Msfs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Msfs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\MSIServer\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\MSIServer\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\MSIServer\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\msServerForm\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\msServerForm\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\msServerForm\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Mup\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Mup\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Mup\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NDIS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NDIS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NDIS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NdisTapi\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NdisTapi\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NdisTapi\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Ndisuio\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Ndisuio\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Ndisuio\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NdisWan\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NdisWan\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NdisWan\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NDProxy\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NDProxy\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NDProxy\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NetBIOS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NetBIOS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NetBIOS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NetBT\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NetBT\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NetBT\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NetDDE\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NetDDE\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NetDDE\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NetDDEdsdm\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NetDDEdsdm\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NetDDEdsdm\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Netlogon\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Netlogon\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Netman\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Netman\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Netman\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Nla\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Nla\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Nla\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\nm\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\nm\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\nm\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NPF\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NPF\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NPF\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Npfs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Npfs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Npfs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Ntfs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Ntfs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Ntfs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NtLmSsp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NtLmSsp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NtLmSsp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NtmsSvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NtmsSvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NtmsSvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Null\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Null\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Null\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NwlnkFlt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NwlnkFlt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NwlnkFlt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NwlnkFwd\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NwlnkFwd\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NwlnkFwd\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Parport\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Parport\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Parport\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PartMgr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PartMgr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PartMgr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ParVdm\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ParVdm\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ParVdm\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PCI\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PCI\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PCI\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PCIDump\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PCIDump\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PCIDump\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PCIIde\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PCIIde\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PCIIde\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Pcmcia\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Pcmcia\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Pcmcia\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PCnet\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PCnet\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PCnet\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PDCOMP\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PDCOMP\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PDCOMP\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PDFRAME\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PDFRAME\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PDFRAME\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PDRELI\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PDRELI\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PDRELI\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PDRFRAME\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PDRFRAME\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PDRFRAME\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\perc2\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\perc2\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\perc2\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\perc2hib\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\perc2hib\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\perc2hib\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PerfDisk\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PerfDisk\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PerfDisk\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PerfNet\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PerfNet\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PerfNet\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PerfOS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PerfOS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PerfOS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PerfProc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PerfProc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PerfProc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PlugPlay\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PlugPlay\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PolicyAgent\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PolicyAgent\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PptpMiniport\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PptpMiniport\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PptpMiniport\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Processor\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Processor\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Processor\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ProtectedStorage\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ProtectedStorage\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ProtectedStorage\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PSSdk21\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PSSdk21\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Ptilink\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Ptilink\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Ptilink\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ql1080\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ql1080\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ql1080\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Ql10wnt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Ql10wnt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Ql10wnt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ql12160\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ql12160\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ql12160\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ql1240\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ql1240\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ql1240\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ql1280\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ql1280\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ql1280\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RasAcd\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RasAcd\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RasAcd\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RasAuto\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RasAuto\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RasAuto\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Rasl2tp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Rasl2tp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Rasl2tp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RasMan\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RasMan\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RasMan\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RasPppoe\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RasPppoe\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RasPppoe\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Raspti\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Raspti\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Raspti\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Rdbss\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Rdbss\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Rdbss\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RDPCDD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RDPCDD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RDPCDD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RDPDD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RDPDD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RDPDD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\rdpdr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\rdpdr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\rdpdr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RDPNP\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RDPNP\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RDPNP\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RDPWD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RDPWD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RDPWD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RDSessMgr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RDSessMgr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RDSessMgr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\redbook\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\redbook\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\redbook\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RemoteAccess\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RemoteAccess\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RemoteRegistry\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\rpcapd\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\rpcapd\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\rpcapd\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RpcLocator\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RpcLocator\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RpcLocator\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RpcSs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RpcSs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RpcSs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RSVP\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RSVP\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RSVP\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SamSs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SamSs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SamSs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SCardDrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SCardDrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SCardDrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SCardSvr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SCardSvr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SCardSvr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Schedule\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Schedule\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Schedule\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Secdrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Secdrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Secdrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\seclogon\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\seclogon\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\seclogon\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SENS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SENS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SENS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\serenum\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\serenum\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\serenum\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Serial\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Serial\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Serial\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Sfloppy\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Sfloppy\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Sfloppy\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SharedAccess\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SharedAccess\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ShellHWDetection\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ShellHWDetection\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ShellHWDetection\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Simbad\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Simbad\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Simbad\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Sparrow\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Sparrow\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Sparrow\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Spooler\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Spooler\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Spooler\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\sr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\sr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\sr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\srservice\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\srservice\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\srservice\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Srv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Srv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Srv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SSDPSRV\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SSDPSRV\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SSDPSRV\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\stisvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\stisvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\stisvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\swenum\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\swenum\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\swenum\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SwPrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SwPrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SwPrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\symc810\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\symc810\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\symc810\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\symc8xx\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\symc8xx\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\symc8xx\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\sym_hi\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\sym_hi\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\sym_hi\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\sym_u3\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\sym_u3\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\sym_u3\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SysmonLog\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SysmonLog\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TapiSrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TapiSrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TapiSrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Tcpip\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Tcpip\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TDPIPE\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TDPIPE\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TDPIPE\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TDTCP\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TDTCP\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TDTCP\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TermDD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TermDD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TermDD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TermService\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TermService\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TermService\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Themes\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Themes\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Themes\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TlntSvr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TlntSvr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TosIde\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TosIde\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TosIde\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TrkWks\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TrkWks\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TrkWks\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TSDDD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TSDDD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TSDDD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Udfs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Udfs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Udfs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ultra\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ultra\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ultra\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Update\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Update\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Update\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\uploadmgr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\uploadmgr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\uploadmgr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\upnphost\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\upnphost\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\upnphost\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\UPS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\UPS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\UPS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\usbhub\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\usbhub\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\usbhub\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\usbuhci\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\usbuhci\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\usbuhci\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\VgaSave\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\VgaSave\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\VgaSave\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ViaIde\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ViaIde\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ViaIde\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\vmmouse\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\vmmouse\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\vmmouse\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\vmscsi\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\vmscsi\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\vmscsi\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\VMTools\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\VMTools\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\VMTools\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\vmxnet\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\vmxnet\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\vmxnet\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\vmx_svga\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\vmx_svga\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\vmx_svga\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\VolSnap\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\VolSnap\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\VolSnap\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\VSS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\VSS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\VSS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\W32Time\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\W32Time\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\W32Time\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\W3SVC\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\W3SVC\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Wanarp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Wanarp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Wanarp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WDICA\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WDICA\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WDICA\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WebClient\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WebClient\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WebClient\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\winmgmt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\winmgmt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\winmgmt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Winsock\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Winsock\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Winsock\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WinSock2\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WinSock2\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WinTrust\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WinTrust\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WinTrust\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WmdmPmSp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WmdmPmSp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WmdmPmSp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Wmi\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Wmi\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Wmi\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WmiApRpl\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WmiApSrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WmiApSrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WmiApSrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\wuauserv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\wuauserv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WZCSVC\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WZCSVC\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WZCSVC\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\{05BB3C9D-06ED-4297-9D99-6161259BCE4E}\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\{05BB3C9D-06ED-4297-9D99-6161259BCE4E}\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\{05BB3C9D-06ED-4297-9D99-6161259BCE4E}\FailureActions

São adicionadas as seguintes chaves ao registo:

– [HKLM\Software\Microsoft\MSAS]
   • "ver" = e
   • "drx" = %valores hex%
   • "fst" = %valores hex%
   • "cls" = {%valores hex%}
   • "clo" = ms%dois caracteres aleatórios%
   • "buf" = ms%dois caracteres aleatórios%.db
   • "dll" = ms%dois caracteres aleatórios%32.dll
   • "exe" = ms%dois caracteres aleatórios%.exe
   • "dir" = drivers\ms%dois caracteres aleatórios%\
   • "sca" = %valores hex%
   • "cd" = %valores hex%
   • "pid" = %valores hex%
   • "mti" = %valores hex%
   • "duc" = %valores hex%
   • "huk" = %valores hex%
   • "uzc" = %valores hex%
   • "usc" = %valores hex%
   • "use" = %valores hex%
   • "inv" = %valores hex%
   • "port" = %valores hex%
   • "ton" = %valores hex%
   • "con" = %valores hex%
   • "upd" = %valores hex%
   • "bps" = %valores hex%

– [HKLM\Software\Microsoft\MSAS\
   %uma série de caracteres aleatórios%dat]
   • %endereço de e-mail recolhidos%

– [HKCU\Software\Microsoft\Internet Explorer]
   • "web" = "http://popcapfree.t35.com/"

– [HKCR\CLSID\%CLSID gerado%\InprocServer32]
   • "ThreadingModel" = "Both"
   • "@" = "%sysdir%\ms%dois caracteres aleatórios%32.dll"

– [HKLM\Software\Microsoft\Windows\CurrentVersion\
   ShellServiceObjectDelayLoad]
   • "ms%dois caracteres aleatórios%32.dll" = "%CLSID gerado%"

– [HKLM\SOFTWARE\Microsoft\MSAS\sdat]
   • %caminhos e ficheiros de cópias de malware%

– [HKLM\SOFTWARE\Microsoft\MSAS\kdat]
   • %caminho para cópias de malware%

E-mail Tem um motor SMTP integrado para enviar emails.É criada uma ligação directa com o servidor de destino. Tem as seguintes características:

De:
O endereço do remetente é falsificado.
Endereços gerados. Não assuma que é intenção do remetente enviar este email para si. Ele pode não saber que tem o sistema infectado, pode mesmo não estar infectado. Além disso é provável que receba emails que digam que está infectado. Pode não ser o caso.
O remetente do e-mail é o seguinte:
   • user%cinco caracteres aleatórios%@%domínio do rementente%

Para:
– Endereços de email encontrados em determinados ficheiros no sistema.
– Endereços de e-mail recolhidos do WAB (Windows Address Book).

Assunto:
O assunto do e-mail é feito a partir do seguinte:

    Começa por um dos seguintes:
   • Encrypted
   • Protected
   • Secure

    Continuado por um dos seguintes:
   • E-mail
   • Mail
   • Message

    Por vezes continuado por um dos seguintes:
   • from %domínio do rementente% user
   • Service
   • Service (%domínio do rementente%)
   • System
   • System (%domínio do rementente%)

Corpo:
O corpo do email é um dos seguintes:

   • Message is attached.

Continua com o seguinte:

   • ID: %cinco caracteres aleatórios%
     Pass: %uma série de caracteres aleatórios%

Continua com o seguinte:

   • Thank you,
     %email subject%,
     %domínio do rementente%

   • Sincerely,
     %email subject%,
     %domínio do rementente%

   • Best Regards,
     %email subject%,
     %domínio do rementente%

Atalho:
O ficheiro de atalho tem um dos seguintes nomes:
   • data.zip
   • mail.zip
   • message.zip
   • msg.zip

O anexo é uma cópia do malware descrito aqui: HTML/Feebs.Gen

O email pode ser parecido com o seguinte:

Mailing Endereços gerados para o campo DE:
Usa a mesma lista de domínios como mencionado anteriormente.

Tem um dos seguintes domínios:
   • aol.com
   • gmail.com
   • hotmail.com
   • msn.com
   • yahoo.com

P2P De modo a infectar sistemas na comunidade P2P executa a seguinte acção:

–   Procura directórios com os seguintes textos:
   • share
   • download
   • incoming

   Em caso de ser bem sucedido, são criados os seguintes ficheiros:
   • 3dsmax_9_(3D_Studio_Max)_new!_full+crack.zip
   • ACDSee_9_new!_full+crack.zip
   • Adobe_Photoshop_10_(CS3)_new!_full+crack.zip
   • Adobe_Premiere_9_(2.0_pro)_new!_full+crack.zip
   • Ahead_Nero_8_new!_full+crack.zip
   • DivX_7.0_new!_full+crack.zip
   • ICQ_2006_new!_full+crack.zip
   • Internet_Explorer_7_new!_full+crack.zip
   • Kazaa_4_new!_full+crack.zip
   • Longhorn_new!_full+crack.zip
   • Microsoft_Office_2006_new!_full+crack.zip
   • winamp_5.2_new!_full+crack.zip

Backdoor São abertas as seguintes portas:

– svchost.exe numa porta TCP 80 Por forma a fornecer um servidor HTTP.
– svchost.exe numa porta TCP aleatória Por forma a fornecer capacidades backdoor.

Contacta o servidor:
Seguinte:
• http://ivj.t**********

Introdução de código viral noutros processos – Introduz o seguinte ficheiro num processo: ms%dois caracteres aleatórios%32.dll

Nome do processo:
• explorer.exe

Informações diversas Ligação à internet:
Para conferir a sua ligação à internet são contatados os seguintes servidores de DNS :
   • AOL.com
   • login.icq.com
   • yahoo.com
   • msn.com
   • gmail.com

Tecnologia de Rootkit É uma tecnologia malware-específica. O malware esconde-se de utilitários de sistema, aplicações de segurança e, do utilizador.

Oculta o seguinte:
– Os seus próprios ficheiros
– As suas próprias chaves de registo

Forma utilizada
• Esconde-se na API do Windows

Detalhes do ficheiro Empacotador de Runtime:
De forma a agravar a detecção e reduzir o tamanho do ficheiro é lançado com um empacotador de runtime.

Veja aqui uma breve descrição.

Descrição adicionada por Irina Boldea em Mon, 02 Oct 2006 12:02 (GMT+1)
Descrição adicionada por Robert Harja Iliescu em Fri, 06 Oct 2006 11:30 (GMT+1)

» About Malware
» About Phishing
» Viruses In the Wild

« back