Полное описание

Имя:	Worm/Feebs.BL
Обнаружен:	28/03/2006
Вид:	Червь
В реальных условиях:	Нет
Отмеченные факты заражения:	Низкий
Потенциал распространения:	От среднего до высокого
Потенциал повреждений:	Средний
Файл статистики:	Да
Размер файла:	58.916 байт.
Контрольная сумма MD5:	fcd4d930c1cbeca79ba6f7ca175a4358
Версия VDF:	6.34.00.104
Версия IVDF:	6.34.00.105 - вторник, 28 марта 2006 г.

Общее Методы распространения:
   • Email
   • Одноранговая сеть

Псевдонимы (аliases):
   • TrendMicro: WORM_FEEBS.BU
   • Sophos: W32/Feebs-Q
   • VirusBuster: Worm.Feebs.BV
   • Eset: Win32/Mocalo.CB

Операционные системы:
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003

Последствия:
   • Создает вредоносные файлы
   • Использует собственный почтовый движок
   • Изменение реестра
   • Похищает информацию
   • Позволяет несанкционированно подключиться к компьютеру

Файлы Создается собственная копия:
   • %SYSDIR%\ms%случайная комбинация из двух букв%.exe

Выполненная копия программы удаляется.

Создаются следующие файлы:

– c:\b Дальнейшие исследования выявили, что данный файл является вредоносной программой. Определен как: Worm/Feebs.BL

– %SYSDIR%\ms%случайная комбинация из двух букв%32.dll После полного завершения процесса создания он запускается на выполнение. Дальнейшие исследования выявили, что данный файл является вредоносной программой. Определен как: Worm/Feebs.BL

Попытка загрузки следующих файлов:

– Следующие URL:
   • http://ted9484.wol.bz/**********
   • http://ted9484.wol.bz/**********
   • http://ted9484.wol.bz/**********
   • http://myfunpic.wol.bz/**********
На момент проверки данный файл не был доступен.

Реестр Удаляются значения следующих ключей реестра:

   • HKLM\SYSTEM\CurrentControlSet\Services\.NET CLR Data\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\.NET CLR Data\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\.NET CLR Data\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\.NET CLR Networking\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\.NET CLR Networking\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\.NETFramework\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\.NETFramework\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\.NETFramework\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Abiosdsk\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Abiosdsk\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Abiosdsk\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\abp480n5\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\abp480n5\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\abp480n5\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ACPI\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ACPI\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ACPI\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ACPIEC\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ACPIEC\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ACPIEC\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\adpu160m\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\adpu160m\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\adpu160m\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\AFD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\AFD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\AFD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\agp440\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\agp440\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\agp440\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Aha154x\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Aha154x\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Aha154x\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\aic78u2\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\aic78u2\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\aic78u2\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\aic78xx\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\aic78xx\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\aic78xx\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Alerter\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Alerter\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Alerter\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ALG\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ALG\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ALG\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\AliIde\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\AliIde\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\AliIde\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\amsint\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\amsint\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\amsint\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\AppMgmt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\AppMgmt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\AppMgmt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\asc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\asc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\asc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\asc3350p\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\asc3350p\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\asc3350p\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\asc3550\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\asc3550\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\asc3550\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\AsyncMac\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\AsyncMac\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\AsyncMac\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\atapi\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\atapi\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\atapi\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Atdisk\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Atdisk\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Atdisk\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Atmarpc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Atmarpc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Atmarpc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ATS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ATS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ATS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\AudioSrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\AudioSrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\AudioSrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\audstub\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\audstub\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\audstub\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\BattC\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\BattC\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\BattC\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Beep\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Beep\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Beep\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\BITS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\BITS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\BITS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Browser\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Browser\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Browser\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\cbidf2k\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\cbidf2k\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\cbidf2k\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\cd20xrnt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\cd20xrnt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\cd20xrnt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Cdaudio\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Cdaudio\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Cdaudio\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Cdfs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Cdfs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Cdfs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Cdrom\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Cdrom\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Cdrom\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Changer\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Changer\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Changer\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\cisvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\cisvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\cisvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ClipSrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ClipSrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ClipSrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\CmdIde\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\CmdIde\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\CmdIde\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\COMSysApp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\COMSysApp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ContentFilter\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ContentFilter\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ContentFilter\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ContentIndex\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ContentIndex\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ContentIndex\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Cpqarray\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Cpqarray\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Cpqarray\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\CryptSvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\CryptSvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\CryptSvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dac2w2k\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dac2w2k\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dac2w2k\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dac960nt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dac960nt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dac960nt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Dhcp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Dhcp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Disk\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Disk\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Disk\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dmadmin\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dmadmin\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dmadmin\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dmboot\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dmboot\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dmboot\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dmio\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dmio\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dmio\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dmload\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dmload\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dmload\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dmserver\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dmserver\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dmserver\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Dnscache\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Dnscache\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\dpti2o\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\dpti2o\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\dpti2o\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ERSvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ERSvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ERSvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Eventlog\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Eventlog\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\EventSystem\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\EventSystem\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\EventSystem\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Fastfat\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Fastfat\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Fastfat\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\FastUserSwitchingCompatibility\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\FastUserSwitchingCompatibility\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Fdc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Fdc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Fdc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Fips\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Fips\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Fips\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Flpydisk\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Flpydisk\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Flpydisk\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Fs_Rec\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Fs_Rec\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Fs_Rec\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Ftdisk\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Ftdisk\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Ftdisk\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Fundelete\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Fundelete\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Fundelete\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Gpc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Gpc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Gpc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\helpsvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\helpsvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\helpsvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\hgfs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\hgfs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\hgfs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\HidServ\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\HidServ\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\HidServ\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\hpn\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\hpn\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\hpn\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\hpt3xx\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\hpt3xx\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\hpt3xx\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\i2omgmt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\i2omgmt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\i2omgmt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\i2omp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\i2omp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\i2omp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\i8042prt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\i8042prt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\i8042prt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Imapi\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Imapi\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Imapi\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ImapiService\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ImapiService\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ImapiService\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\inetaccs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\inetaccs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\inetaccs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ini910u\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ini910u\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ini910u\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Inport\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Inport\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Inport\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\IntelIde\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\IntelIde\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\IntelIde\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\IpFilterDriver\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\IpFilterDriver\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\IpFilterDriver\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\IpInIp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\IpInIp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\IpInIp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\IpNat\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\IpNat\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\IpNat\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\IPSec\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\IPSec\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\IPSec\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\IRENUM\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\IRENUM\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\IRENUM\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ISAPISearch\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ISAPISearch\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ISAPISearch\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\isapnp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\isapnp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\isapnp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Kbdclass\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Kbdclass\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Kbdclass\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\KSecDD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\KSecDD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\KSecDD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\lanmanserver\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\lanmanserver\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\lanmanworkstation\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\lanmanworkstation\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\lanmanworkstation\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\lbrtfdc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\lbrtfdc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\lbrtfdc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ldap\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ldap\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ldap\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\LicenseService\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\LicenseService\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\LicenseService\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\LmHosts\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\LmHosts\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\LmHosts\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Messenger\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Messenger\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Messenger\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\mnmdd\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\mnmdd\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\mnmdd\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\mnmsrvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\mnmsrvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\mnmsrvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Modem\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Modem\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Modem\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Mouclass\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Mouclass\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Mouclass\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\MountMgr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\MountMgr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\MountMgr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\mraid35x\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\mraid35x\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\mraid35x\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\MRxDAV\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\MRxDAV\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\MRxDAV\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\MRxSmb\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\MRxSmb\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\MRxSmb\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\MSDTC\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\MSDTC\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\MSDTC\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Msfs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Msfs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Msfs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\MSIServer\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\MSIServer\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\MSIServer\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\msServerForm\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\msServerForm\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\msServerForm\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Mup\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Mup\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Mup\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NDIS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NDIS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NDIS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NdisTapi\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NdisTapi\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NdisTapi\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Ndisuio\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Ndisuio\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Ndisuio\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NdisWan\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NdisWan\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NdisWan\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NDProxy\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NDProxy\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NDProxy\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NetBIOS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NetBIOS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NetBIOS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NetBT\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NetBT\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NetBT\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NetDDE\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NetDDE\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NetDDE\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NetDDEdsdm\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NetDDEdsdm\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NetDDEdsdm\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Netlogon\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Netlogon\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Netman\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Netman\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Netman\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Nla\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Nla\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Nla\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\nm\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\nm\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\nm\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NPF\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NPF\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NPF\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Npfs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Npfs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Npfs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Ntfs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Ntfs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Ntfs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NtLmSsp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NtLmSsp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NtLmSsp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NtmsSvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NtmsSvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NtmsSvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Null\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Null\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Null\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NwlnkFlt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NwlnkFlt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NwlnkFlt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\NwlnkFwd\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\NwlnkFwd\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\NwlnkFwd\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Parport\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Parport\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Parport\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PartMgr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PartMgr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PartMgr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ParVdm\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ParVdm\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ParVdm\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PCI\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PCI\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PCI\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PCIDump\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PCIDump\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PCIDump\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PCIIde\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PCIIde\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PCIIde\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Pcmcia\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Pcmcia\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Pcmcia\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PCnet\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PCnet\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PCnet\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PDCOMP\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PDCOMP\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PDCOMP\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PDFRAME\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PDFRAME\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PDFRAME\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PDRELI\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PDRELI\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PDRELI\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PDRFRAME\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PDRFRAME\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PDRFRAME\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\perc2\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\perc2\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\perc2\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\perc2hib\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\perc2hib\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\perc2hib\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PerfDisk\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PerfDisk\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PerfDisk\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PerfNet\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PerfNet\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PerfNet\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PerfOS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PerfOS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PerfOS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PerfProc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PerfProc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PerfProc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PlugPlay\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PlugPlay\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PolicyAgent\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PolicyAgent\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PptpMiniport\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PptpMiniport\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\PptpMiniport\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Processor\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Processor\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Processor\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ProtectedStorage\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ProtectedStorage\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ProtectedStorage\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\PSSdk21\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\PSSdk21\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Ptilink\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Ptilink\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Ptilink\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ql1080\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ql1080\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ql1080\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Ql10wnt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Ql10wnt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Ql10wnt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ql12160\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ql12160\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ql12160\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ql1240\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ql1240\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ql1240\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ql1280\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ql1280\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ql1280\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RasAcd\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RasAcd\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RasAcd\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RasAuto\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RasAuto\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RasAuto\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Rasl2tp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Rasl2tp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Rasl2tp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RasMan\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RasMan\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RasMan\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RasPppoe\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RasPppoe\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RasPppoe\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Raspti\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Raspti\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Raspti\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Rdbss\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Rdbss\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Rdbss\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RDPCDD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RDPCDD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RDPCDD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RDPDD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RDPDD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RDPDD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\rdpdr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\rdpdr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\rdpdr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RDPNP\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RDPNP\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RDPNP\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RDPWD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RDPWD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RDPWD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RDSessMgr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RDSessMgr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RDSessMgr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\redbook\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\redbook\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\redbook\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RemoteAccess\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RemoteAccess\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RemoteRegistry\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\rpcapd\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\rpcapd\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\rpcapd\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RpcLocator\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RpcLocator\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RpcLocator\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RpcSs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RpcSs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RpcSs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\RSVP\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\RSVP\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\RSVP\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SamSs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SamSs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SamSs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SCardDrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SCardDrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SCardDrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SCardSvr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SCardSvr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SCardSvr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Schedule\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Schedule\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Schedule\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Secdrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Secdrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Secdrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\seclogon\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\seclogon\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\seclogon\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SENS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SENS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SENS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\serenum\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\serenum\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\serenum\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Serial\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Serial\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Serial\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Sfloppy\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Sfloppy\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Sfloppy\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SharedAccess\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SharedAccess\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ShellHWDetection\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ShellHWDetection\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ShellHWDetection\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Simbad\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Simbad\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Simbad\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Sparrow\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Sparrow\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Sparrow\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Spooler\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Spooler\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Spooler\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\sr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\sr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\sr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\srservice\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\srservice\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\srservice\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Srv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Srv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Srv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SSDPSRV\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SSDPSRV\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SSDPSRV\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\stisvc\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\stisvc\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\stisvc\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\swenum\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\swenum\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\swenum\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SwPrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SwPrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SwPrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\symc810\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\symc810\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\symc810\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\symc8xx\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\symc8xx\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\symc8xx\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\sym_hi\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\sym_hi\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\sym_hi\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\sym_u3\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\sym_u3\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\sym_u3\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\SysmonLog\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\SysmonLog\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TapiSrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TapiSrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TapiSrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Tcpip\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Tcpip\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TDPIPE\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TDPIPE\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TDPIPE\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TDTCP\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TDTCP\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TDTCP\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TermDD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TermDD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TermDD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TermService\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TermService\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TermService\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Themes\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Themes\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Themes\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TlntSvr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TlntSvr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TosIde\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TosIde\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TosIde\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TrkWks\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TrkWks\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TrkWks\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\TSDDD\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\TSDDD\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\TSDDD\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Udfs\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Udfs\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Udfs\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ultra\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ultra\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ultra\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Update\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Update\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Update\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\uploadmgr\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\uploadmgr\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\uploadmgr\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\upnphost\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\upnphost\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\upnphost\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\UPS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\UPS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\UPS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\usbhub\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\usbhub\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\usbhub\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\usbuhci\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\usbuhci\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\usbuhci\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\VgaSave\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\VgaSave\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\VgaSave\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\ViaIde\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\ViaIde\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\ViaIde\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\vmmouse\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\vmmouse\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\vmmouse\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\vmscsi\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\vmscsi\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\vmscsi\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\VMTools\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\VMTools\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\VMTools\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\vmxnet\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\vmxnet\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\vmxnet\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\vmx_svga\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\vmx_svga\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\vmx_svga\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\VolSnap\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\VolSnap\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\VolSnap\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\VSS\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\VSS\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\VSS\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\W32Time\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\W32Time\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\W32Time\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\W3SVC\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\W3SVC\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Wanarp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Wanarp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Wanarp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WDICA\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WDICA\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WDICA\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WebClient\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WebClient\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WebClient\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\winmgmt\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\winmgmt\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\winmgmt\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Winsock\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Winsock\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Winsock\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WinSock2\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WinSock2\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WinTrust\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WinTrust\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WinTrust\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WmdmPmSp\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WmdmPmSp\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WmdmPmSp\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\Wmi\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\Wmi\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\Wmi\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WmiApRpl\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WmiApRpl\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WmiApSrv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WmiApSrv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WmiApSrv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\wuauserv\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\wuauserv\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\WZCSVC\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\WZCSVC\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\WZCSVC\FailureActions
   • HKLM\SYSTEM\CurrentControlSet\Services\{05BB3C9D-06ED-4297-9D99-6161259BCE4E}\FailureActions
   • HKLM\SYSTEM\ControlSet001\Services\{05BB3C9D-06ED-4297-9D99-6161259BCE4E}\FailureActions
   • HKLM\SYSTEM\ControlSet002\Services\{05BB3C9D-06ED-4297-9D99-6161259BCE4E}\FailureActions

Добавляются следующие ключи реестра:

– [HKLM\Software\Microsoft\MSAS]
   • "ver" = e
   • "drx" = %шестнадцатиричное значение%
   • "fst" = %шестнадцатиричное значение%
   • "cls" = {%шестнадцатиричное значение%}
   • "clo" = ms%случайная комбинация из двух букв%
   • "buf" = ms%случайная комбинация из двух букв%.db
   • "dll" = ms%случайная комбинация из двух букв%32.dll
   • "exe" = ms%случайная комбинация из двух букв%.exe
   • "dir" = drivers\ms%случайная комбинация из двух букв%\
   • "sca" = %шестнадцатиричное значение%
   • "cd" = %шестнадцатиричное значение%
   • "pid" = %шестнадцатиричное значение%
   • "mti" = %шестнадцатиричное значение%
   • "duc" = %шестнадцатиричное значение%
   • "huk" = %шестнадцатиричное значение%
   • "uzc" = %шестнадцатиричное значение%
   • "usc" = %шестнадцатиричное значение%
   • "use" = %шестнадцатиричное значение%
   • "inv" = %шестнадцатиричное значение%
   • "port" = %шестнадцатиричное значение%
   • "ton" = %шестнадцатиричное значение%
   • "con" = %шестнадцатиричное значение%
   • "upd" = %шестнадцатиричное значение%
   • "bps" = %шестнадцатиричное значение%

– [HKLM\Software\Microsoft\MSAS\
   %случайная буквенная комбинация%dat]
   • %собранные электронные адреса%

– [HKCU\Software\Microsoft\Internet Explorer]
   • "web" = "http://popcapfree.t35.com/"

– [HKCR\CLSID\%созданный CLSID%\InprocServer32]
   • "ThreadingModel" = "Both"
   • "@" = "%sysdir%\ms%случайная комбинация из двух букв%32.dll"

– [HKLM\Software\Microsoft\Windows\CurrentVersion\
   ShellServiceObjectDelayLoad]
   • "ms%случайная комбинация из двух букв%32.dll" = "%созданный CLSID%"

– [HKLM\SOFTWARE\Microsoft\MSAS\sdat]
   • %Пути с именами файлов к копиям вредоносного ПО%

– [HKLM\SOFTWARE\Microsoft\MSAS\kdat]
   • %Пути к копиям вредоносного ПО%

Email Программа располагает собственным SMTP ядром для рассылки электронных писем. Устанавливается прямое соединение с удаленным сервером. Подробности приводятся здесь:

От:
Адрес отправителя был фальсифицирован.
Генерированные адреса. Отправитель мог не иметь намерения отправлять это письмо. Он может ничего не знать об инфицировании свой системы. Вы можете получать письма с утверждением об инфицировании Вашей системы.
Отправитель письма:
   • user%случайная комбинация из пяти букв%@%Домен отправителя%

Кому:
– В определенных файлах системы были обнаружены электронные адреса.
– Полученные из WAB (адресная книга Windows) адреса электронной почты

Тема:
Тема письма составляется следующим образом:

    Начинается одним из следующих:
   • Encrypted
   • Protected
   • Secure

    Завершается одним из следующих:
   • E-mail
   • Mail
   • Message

    Иногда содержит в конце одну из следующих строк:
   • from %Домен отправителя% user
   • Service
   • Service (%Домен отправителя%)
   • System
   • System (%Домен отправителя%)

Тело:
Тело письма имеет один из следующих видов:

   • Message is attached.

Продолжается одним из следующих:

   • ID: %случайная комбинация из пяти букв%
     Pass: %случайная буквенная комбинация%

Продолжается одним из следующих:

   • Thank you,
     %email subject%,
     %Домен отправителя%

   • Sincerely,
     %email subject%,
     %Домен отправителя%

   • Best Regards,
     %email subject%,
     %Домен отправителя%

Прикрепленный файл:
Одно из следующих имен прикрепленного файла:
   • data.zip
   • mail.zip
   • message.zip
   • msg.zip

Прикрепленный файл является копией вредоносного файла. Описание приводится здесь: HTML/Feebs.Gen

Письмо выглядит следующим образом:

Отправка Создание адресов отправителя:
Применяется аналогичный ранее упоминавшемуся списку перечень доменных имен.

Одно из следующих доменных имен:
   • aol.com
   • gmail.com
   • hotmail.com
   • msn.com
   • yahoo.com

P2P Предпринимаемые для инфицирования других систем в одноранговой сети действия:   Производится поиск содержащих одну из следующих последовательностей знаков папок
   • share
   • download
   • incoming

   При успешном завершении поиска создаются следующие файлы:
   • 3dsmax_9_(3D_Studio_Max)_new!_full+crack.zip
   • ACDSee_9_new!_full+crack.zip
   • Adobe_Photoshop_10_(CS3)_new!_full+crack.zip
   • Adobe_Premiere_9_(2.0_pro)_new!_full+crack.zip
   • Ahead_Nero_8_new!_full+crack.zip
   • DivX_7.0_new!_full+crack.zip
   • ICQ_2006_new!_full+crack.zip
   • Internet_Explorer_7_new!_full+crack.zip
   • Kazaa_4_new!_full+crack.zip
   • Longhorn_new!_full+crack.zip
   • Microsoft_Office_2006_new!_full+crack.zip
   • winamp_5.2_new!_full+crack.zip

Backdoor Открываются следующие порты:

– svchost.exe по TCP порту 80 для обеспечения HTTP сервера.
– svchost.exe к произвольному TCP порту для обеспечения backdoor функции.

Устанавливает соединение с сервером
Следующий:
• http://ivj.t**********

Инфицирование – Следующий файл вставляется в процесс: ms%случайная комбинация из двух букв%32.dll

Имя процесса:
• explorer.exe

Разное Интернет соединение:
Для проверки доступного Интернет соединения устанавливаются контакты со следующими DNS серверами:
   • AOL.com
   • login.icq.com
   • yahoo.com
   • msn.com
   • gmail.com

Технология Rootkit Эта технология описывает определенный вид потенциально опасных программ. ПО скрывает свое присутствие от системных программ, программ обеспечения безопасности и от самого пользователя.

Скрывает следующее:
– Собственные файлы
– Собственные ключи реестра

Используемый метод:
• Невидимый из Windows API

Данные файла Паковщик:
Для осложнения определения и сокращения размера файла он был запакован следующим паковщиком:

Описание добавил Irina Boldea в(о) понедельник, 2 октября 2006 г.
Описание обновил Irina Boldea в(о) среда, 4 октября 2006 г.

Назад . . . .

Популярная защита для домашних ПК

Бесплатные продукты

Наиболее популярные продукты

Все продукты

Пакетные решения

Рабочие станции

Server

Пакетные решения

Почтовые шлюзы

Сетевые шлюзы

Коллективные платформы

Для дома

Для бизнеса

Вирусная лаборатория

Дополнительная поддержка

Стать партнером Avira

Для дома

Для бизнеса

Хотите просто оценить продукт?

Руководства и инструменты