Hacking and more...
HaCkinG CulT
|
Lista Forumurilor Pe Tematici
|
Hacking and more... | Reguli | Inregistrare | Login
POZE HACKING AND MORE...
Nu sunteti logat.
|
Nou pe simpatie:
adee
 | Femeie
24 ani
Mures
cauta Barbat
24 - 59 ani |
|
|
Y2K`
Elite Member
Din: 666
Inregistrat: acum 18 ani
Postari: 970
|
|
Metoda de raspandire:
• Peer to Peer
Alias:
• Kaspersky: Email-Worm.Win32.VB.ca
• Bitdefender: Win32.Worm.P2P.VB.L
Sistem de operare:
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
Efecte secundare:
• Inchide aplicatiile de securitate
• Modificari in registri
Fisiere Se copiaza in urmatoarele locatii (fisierele au atasate la sfarsit caractere aleatorii si se diferentiaza astfel de original):
• %SYSDIR%SVCH0ST.EXE
• %SYSDIR%wincirl.com
• %ALLUSERSPROFILE%Start MenuProgramsStartupEmpty.com
• %home%Start MenuProgramsStartupEmpty.com
• %home%Application DataMicrosoftInternet ExplorerQuick Launch%numele computerului%.exe
• %TEMPDIR%%numele computerului%.EXE
• %unitate disc%:%numele computerului%.EXE
• %directorul de activare malware%%numele computerului%.exe
Registrii sistemului Urmatoarea cheie este adaugata in registri pentru a rula procesul la repornirea sistemului:
– HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun
• "Microsoft Agent"="%SYSDIR%SVCH0ST.exe"
Urmatoarele chei din registri sunt modificate:
– HKCUSoftwareMicrosoftWindows NTCurrentVersionWindows
Vechea valoare:
• "load"=""
Noua valoare:
• "load"="%WINDIR%/system/wincirl.com"
– HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon
Vechea valoare:
• "Shell"="Explorer.exe"
Noua valoare:
• "Shell"="Explorer.exe %WINDIR%/system32/SVCH0ST.EXE"
P2P Pentru a infecta alte sisteme din retele Peer-to-Peer, efectueaza urmatarele operatii:
– Cauta urmatorul director:
• %directorul de activare malware%%toate subdirectoarele%
Daca reuseste, este creat urmatorul fisier:
• %numele directorului curent%.exe
Aceste fişiere sunt copii ale malware-ului.
Terminarea proceselor Processes containing the following window title (ro)
• task manager; registry; system restore; folder options; configuration;
cmd.exe; virus; yahoo; system32; utility; format
Detaliile fisierului Limbaj de programare:
Limbaj de programare folosit: Visual Basic.
Compresia fisierului:
Pentru a ingreuna detectia si a reduce marimea fisierului, este folosit urmatorul program de arhivare:
• PECompact 2
[sursa
|
|
| pus acum 18 ani |
|
|
Y2K`
Elite Member
Din: 666
Inregistrat: acum 18 ani
Postari: 970
|
|
=-=-=-=-=-=-=-=-= Worm/NetSky.P - Worm -=-=-=-=-=-=-=-=-=-=-=
General Metoda de raspandire:
• Email
Alias:
• Symantec: W32.Netsky.P@mm
• Mcafee: W32/Netsky.p@MM
• Kaspersky: Email-Worm.Win32.NetSky.q
• TrendMicro: WORM_NETSKY.P
• F-Secure: Email-Worm.Win32.NetSky.q
• Sophos: W32/Netsky-P
• Panda: W32/Netsky.P.worm
• Grisoft: I-Worm/Netsky.Q
• VirusBuster: I-Worm.Netsky.Q1
• Eset: Win32/Netsky.Q worm
• Bitdefender: Win32.Netsky.P@mm
Sistem de operare:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
Efecte secundare:
• Creeaza un fisier malware
• Utilizeaza propriul motor de email
• Modificari in registri
Fisiere Se copiaza in urmatoarea locatie:
• %WINDIR%fvprotect.exe
Sunt create fisierele:
– Creeaza o arhiva ce contine o copie malware:
• %WINDIR%zipped.tmp
– Copii codificate MIME:
• %WINDIR%zip1.tmp
• %WINDIR%zip2.tmp
• %WINDIR%zip3.tmp
• %WINDIR%base64.tmp
– %WINDIR%userconfig9x.dll Analiza ulterioara a relevat ca si acest fisier este malware.
Registrii sistemului – HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun
• "Norton Antivirus AV"="%WINDIR%FVProtect.exe"
Valorile urmatoarei chei sunt sterse din registrii sistemului:
– HKLMSOFTWAREMICROSOFTWindowsCurrentVersionRun
• "norton antivirus av"
• "explorer"
• "system."
• "msgsvr32"
• "au.exe"
• "winupd.exe"
• "direct.exe"
• "jijbl"
• "Video"
• "Service"
• "DELETE ME"
• "d3dupdate.exe"
• "OLE"
• "sentry"
• "gouday.exe"
• "rate.exe"
• "taskmon"
• "Windows Services Host"
• "sysmon.exe"
• "ssrate.exe"
• "winupd.exe"
Email Are un motor SMTP integrat. Va fi facuta o conexiune directa cu serverul destinatar. Iata caracteristicile lui:
De la:
Adresa este falsificata.
Catre:
– Adrese de email gasite pe sistem.
Subiect:
Unul din urmatoarele:
• Re:approved; approved bil; Re:Approved document; Re:Bad request;
Re:Bill; data; Re elivery Server; Do you?; Does it matter?;
Re:Encrypted Mail; Re:Error; Re:Error in document; Re:Failure;
Re:file; Re:Free porn; Re:hello; Re:here; Re:Hi; Hi; I cannot forget
you!; important data; Internet Provider Abuse; Is that your password?;
Re:Its me; Re:List; Re:Message Error; Re:my bill; Re:my data;
Re:Order; Postcard; Re:Proof of concept; Re:Protected Mail Delivery;
Protected Mail System; Re:Protected Mail system; Re:Question;
Re:Request; Re:Sample; Re:Secure SMTP Message; Shocking document;
Fw:Warning again; Re:Status; Your day; Re:Your document; Re:your
document_all
Uneori subiectul poate lipsi.
Corpul email-ului:
Corpul email-ului este unul din textele:
• I noticed that you have visited illegal websites.
See the name in the list!
• Important message, do not show this anyone!
your big love, ;-)
• Thanks!
Protected message is attached.
• Congratulations!,
your best friend.
• Best wishes,
your friend.
• Your document is attached.
• See the file.
• Please see the attached file for details.
• Your document is attached to this mail.
• SMTP: Please confirm the attached message.
• You have written a very good text, excellent, good work!
• Your photo, uahhh.... , you are naked!
• You have received an extended message. Please read the instructions.
• Partial message is available.
• Waiting for authentification.
• I hope the patch works.
• Here is the website. ;-)
• Your file is attached.
• Do not visit this illegal websites!
• Delivered message is attached.
• I cannot believe that.
• I am shocked about your document!
• Please authenticate the secure message
• I have corrected your document.
• Here is my icq list.
• You got a new message.
• I hope you accept the result!
• Important message, do not show this anyone!
• Please read the document.
Atasament:
Numele fisierului atasat este alcatuit dupa cum urmeaza:
– Incepe cu unul din urmatoarele:
• important
• details
• information
• corrected
• bill
• after_you
• message
• readme.txt
• data
• text
• details
• document
• software
• game
• archive
• postcard
• msg
• bill
• text
• application
•
• text01
• letter
• private
• excel document
Urmata uneori de una din urmatoarele:
• _
Urmata uneori de caractere aleatoare sau de una din urmatoarele:
• %cateva numere aleatoare de la 0 la 9%
Urmat uneori de una din urmatoarele extensii false:
• pif
• zip
• doc
• scr
• txt
Extensia fisierului este una din urmatoarele:
• .exe
• .zip
Cateva exemple de nume al fisierului atasat:
• application.txt .exe
• msg.scr
Atasamentul este o copie malware.
P2P Pentru a infecta alte sisteme din retele Peer-to-Peer, efectueaza urmatarele operatii:
– Cauta directoarele care au in numele lor unul din urmatoarele texte:
• share
• upload
• download
• ftp
Daca reuseste, sunt create urmatoarele fisiere:
• Kazaa Lite 4.0 new.exe; Britney Spears Sexy archive.doc.exe; Kazaa
new.exe; Britney Spears porn.jpg.exe; Harry Potter all e.book.doc.exe;
Britney sex xxx.jpg.exe; Harry Potter 1-6 book.txt.exe; Britney Spears
blowjob.jpg.exe; Harry Potter e book.doc.exe; Britney Spears
cumshot.jpg.exe; Harry Potter.doc.exe; Harry Potter game.exe; Britney
Spears cenzurat.jpg.exe; Britney Spears.jpg.exe; Harry Potter 5.mpg.exe;
Britney Spears and Eminem porn.jpg.exe; Matrix.mpg.exe; Britney Spears
Song text archive.doc.exe; Britney Spears full album.mp3.exe;
Eminem.mp3.exe; Britney Spears.mp3.exe; Eminem Song text
archive.doc.exe; Eminem Sexy archive.doc.exe; Eminem full
album.mp3.exe; Eminem Spears porn.jpg.exe; Ringtones.mp3.exe; Eminem
sex xxx.jpg.exe; Ringtones.doc.exe; Eminem blowjob.jpg.exe; Altkins
Diet.doc.exe; Eminem Poster.jpg.exe; American Idol.doc.exe;
Cloning.doc.exe; Saddam Hussein.jpg.exe; Arnold
Schwarzenegger.jpg.exe; Windows 2003 crack.exe; Windows XP crack.exe;
Adobe Photoshop 10 crack.exe; Microsoft WinXP Crack full.exe; Teen
Porn 15.jpg.pif; Adobe Premiere 10.exe; Adobe Photoshop 10 full.exe;
Best Matrix Screensaver new.scr; Porno Screensaver britney.scr; Dark
Angels new.pif; XXX hardcore pics.jpg.exe; Microsoft Office 2003 Crack
best.exe; Serials edition.txt.exe; Screensaver2.scr; Full album
all.mp3.pif; Ahead Nero 8.exe; netsky source code.scr; E-Book
Archive2.rtf.exe; Doom 3 release 2.exe; How to hack new.doc.exe; Learn
Programming 2004.doc.exe; WinXP eBook newest.doc.exe; The Sims 4
beta.exe; Win Longhorn re.exe; Dictionary English 2004 -
France.doc.exe; RFC compilation.doc.exe; 1001 Sex and more.rtf.exe; 3D
Studio Max 6 3dsmax.exe; Keygen 4 all new.exe; Windows 2000
Sourcecode.doc.exe; Norton Antivirus 2005 beta.exe; Gimp 1.8 Full with
Key.exe; Partitionsmagic 10 beta.exe; Star Office 9.exe; Magix Video
Deluxe 5 beta.exe; Clone DVD 6.exe; MS Service Pack 6.exe; ACDSee
10.exe; Visual Studio Net Crack all.exe; Cracks & Warez Archiv.exe;
WinAmp 13 full.exe; DivX 8.0 final.exe; Opera 11.exe; Internet
Explorer 9 setup.exe; Smashing the stack full.rtf.exe; Ulead Keygen
2004.exe; Lightwave 9 Update.exe
Aceste fişiere sunt copii ale malware-ului.
Alte informatii Mutex:
Creeaza urmatorii mutecsi:
• 'D'r'o'p'p'e'd'S'k'y'N'e't'
• _-oO]xX|-S-k-y-N-e-t-|Xx[Oo-_
[sursa ]
|
|
| pus acum 18 ani |
|
|
Y2K`
Elite Member
Din: 666
Inregistrat: acum 18 ani
Postari: 970
|
|
[+]-[+]-[+]-[+] Worm/Stration.C [+]-[+]-[+]-[+]
Metoda de raspandire:
• Email
Alias:
• Kaspersky: Email-Worm.Win32.Warezov.at
• Sophos: W32/Stratio-AN
Sistem de operare:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
Efecte secundare:
• Descarca fisiere
• Creeaza fisiere malware
• Utilizeaza propriul motor de email
• Modificari in registri
• Sustrage informatii
• Posibilitatea accesului neautorizat la computer
Fisiere Se copiaza in urmatoarea locatie:
• %WINDIR%t2serv.exe
Sunt create fisierele:
– Fisiere inofensive:
• %directorul de activare malware%10.tmp
• %WINDIR%tserv.s
– Un fisier care contine adrese de e-mail:
• %WINDIR%t2serv.wax
– %SYSDIR%cscdgcde.dll Analiza ulterioara a relevat ca si acest fisier este malware.
– %SYSDIR%esenmqtr.dll Analiza ulterioara a relevat ca si acest fisier este malware.
– %SYSDIR%esenprfl.dll Analiza ulterioara a relevat ca si acest fisier este malware.
– %SYSDIR%e1.dll Analiza ulterioara a relevat ca si acest fisier este malware.
– %WINDIR%t2serv.dll Analiza ulterioara a relevat ca si acest fisier este malware.
Incearca sa descarce cateva fisiere:
– Adresa este urmatoarea:
•
Fisierul este stocat pe hard disc la: %TEMPDIR%~%numar%.tmp In plus, acest fisier este executat dupa ce este descarcat de pe Internet. Analiza ulterioara a relevat ca si acest fisier este malware.
– Adresa este urmatoarea:
•
Fisierul este stocat pe hard disc la: %TEMPDIR%~%numar%.tmp In plus, acest fisier este executat dupa ce este descarcat de pe Internet. La momentul realizarii descrierii, acest fisier nu era disponibil pentru o analiza ulterioara.
Registrii sistemului Urmatoarea cheie este adaugata in registri pentru a rula procesul la repornirea sistemului:
– [HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun]
• t2serv = %WINDIR%t2serv.exe
Urmatoarea cheie din registri este modificata:
– [HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows]
Vechea valoare:
• AppInit_DLLs =
Noua valoare:
• AppInit_DLLs = cscdgcde.dll e1.sll
Email Are un motor SMTP integrat. Va fi facuta o conexiune directa cu serverul destinatar. Iata caracteristicile lui:
De la:
Adrese generate. Va rugam nu presupuneti ca a fost intentia expeditorului sa va trimita acest email. Este posibil ca el sa nu stie ca este infectat sau chiar sa nu aiba sistemul infectat. In plus, este posibil sa primiti email-uri returnate care sa va indice ca sunteti infectat, lucru care poate fi de asemenea fals.
Catre:
– Adrese de email gasite pe sistem.
– Adrese de email obtinute din WAB (Windows Address Book)
Formatul email-ului:
De la: sec@%domeniul destinatarului%
Subiect: Mail server report.
Corp mesaj:
• Mail server report.
Our firewall determined the e-mails containing worm copies are being sent from your computer.
Nowadays it happens from many computers, because this is a new virus type (Network Worms).
Using the new bug in the Windows, these viruses infect the computer unnoticeably.
After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail addresses
Please install updates for worm elimination and your computer restoring.
Best regards,
Customers support service
Atasament:
• Update-KB%numar%-x86.exe
De la: secur@%domeniul destinatarului%
Subiect: Mail server report.
Corp mesaj:
• Mail server report.
Our firewall determined the e-mails containing worm copies are being sent from your computer.
Nowadays it happens from many computers, because this is a new virus type (Network Worms).
Using the new bug in the Windows, these viruses infect the computer unnoticeably.
After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail addresses
Please install updates for worm elimination and your computer restoring.
Best regards,
Customers support service
Atasament:
• Update-KB%numar%-x86.exe
De la: serv@%domeniul destinatarului%
Subiect: Mail server report.
Corp mesaj:
• Mail server report.
Our firewall determined the e-mails containing worm copies are being sent from your computer.
Nowadays it happens from many computers, because this is a new virus type (Network Worms).
Using the new bug in the Windows, these viruses infect the computer unnoticeably.
After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail addresses
Please install updates for worm elimination and your computer restoring.
Best regards,
Customers support service
Atasament:
• Update-KB%numar%-x86.exe
Subiect:
Unul din urmatoarele:
• Error
• Good day
• hello
• Mail Delivery System
• Mail Transaction Failed
• picture
• Server Report
• Status
• test
Corpul email-ului:
Corpul email-ului este unul din textele:
• Mail transaction failed. Partial message is available.
• The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment
• The message contains Unicode characters and has been sent as a binary attachment
Atasament:
Numele fisierului atasat este alcatuit dupa cum urmeaza:
– Incepe cu unul din urmatoarele:
• body
• data
• doc
• docs
• document
• file
• message
• readme
• test
• tex
Urmat uneori de una din urmatoarele extensii false:
• dat
• elm
• log
• msg
• txt
Extensia fisierului este una din urmatoarele:
• bat
• cmd
• exe
• pif
• scr
Email Cautare adrese:
Cauta adrese de email in urmatorul fisier:
• %fiecare fisier *.htm%
Backdoor Servere contactate:
Urmatoarele:
•
•
Astfel se pot transmite informatii si se poate obtine control la distanta. In plus, conexiunea e reluata periodic. Se foloseste metoda HTTP GET si POST printr-un script PHP.
Detaliile fisierului Compresia fisierului:
Pentru a ingreuna detectia si a reduce marimea fisierului, este folosit un program de compresie runtime
|
|
| pus acum 18 ani |
|
|
Y2K`
Elite Member
Din: 666
Inregistrat: acum 18 ani
Postari: 970
|
|
}{}{}{}{}{}{}{}{}{}{TR/Spy.BZub.DG.1}{}{}{}{}{}{}{}{}{}{
Metoda de raspandire:
• Nu are rutina proprie de raspandire
Alias:
• Mcafee: Spy-Agent.ak
• Kaspersky: Trojan-Spy.Win32.BZub.dg
• TrendMicro: TSPY_BZUB.DG
• F-Secure: Trojan-Spy.Win32.BZub.dg
• Eset: Win32/Spy.BZub.DG
Sistem de operare:
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
Efecte secundare:
• Creeaza un fisier malware
• Reduce setarile de securitate
• Inregistreaza intrarile de la tastatura
• Modificari in registri
• Sustrage informatii
Fisiere Sunt create fisierele:
– %SYSDIR%form.txt Acesta este un fisier text care nu prezinta pericol si are urmatorul continut:
• %informatiile sustrase%
– %SYSDIR%ipv6mons.dll Analiza ulterioara a relevat ca si acest fisier este malware. Detectat ca: TR/Spy.BZub.DG.2
Registrii sistemului Valorile urmatoarei chei sunt sterse din registrii sistemului:
– [HKLMSOFTWAREMicrosoftWindowsCurrentVersionControl Panelload]
• "h"
• "wspopp"
• "forwas"
• "nw"
Inregistreaza cateva browser helper objects (BHOs) prin adaugarea urmatoarelor chei in registri:
– [HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer
Browser Helper Objects{73364D99-1240-4dff-B11A-67E448373048}]
– [HKCRCLSID{73364D99-1240-4dff-B11A-67E448373048}]
– [HKCRCLSID{73364D99-1240-4dff-B11A-67E448373048}InprocServer32]
• @="%SYSDIR%ipv6mons.dll"
• "ThreadingModel"="apartment"
• "Enable Browser Extensions"="yes"
Creeaza urmatoarea valoare, pentru a trece de Windows XP firewall:
– [HKLMSYSTEMCurrentControlSetServicesSharedAccessParameters
FirewallPolicyStandardProfileAuthorizedApplicationsList]
• "%PROGRAM FILES%Internet ExplorerIEXPLORE.EXE"="%PROGRAM
FILES%Internet ExplorerIEXPLORE.EXE:*:Enabled:Internet Explorer"
Se adauga in registrii sistemului:
– [HKLMSOFTWAREMicrosoftWindowsCurrentVersionControl Panelload]
• "net_insll"=%sir de 8 caractere aleatoare%
• "worg"=%valori hex%
• "cmpid"=%valori hex%
Backdoor Servere contactate:
Urmatorul:
•
Astfel se pot transmite informatii.
Trimte informatii despre:
• Numele sistemului
• Adresa IP
• Informatiile colectate, descrise in sectiunea
• Ora sistemului
• Informatii despre sistemul de operare
Furt de informatii Incearca sa obtina urmatoarele informatii:
– Windows Product ID
– Parole tastate in campuri de logare
– Informatii despre contul de email, obtinute din cheia de registru: HKCUSoftwareMicrosoftInternet Account ManagerAccounts
– O rutina de logare este pornita dupa ce un site este vizitat:
• %orice site care contine un formular de autentificare%
– Face captura la:
• Informatii de logare
Detaliile fisierului Limbaj de programare:
Limbaj de programare folosit: C (compilat cu Microsoft Visual C++).
|
|
| pus acum 18 ani |
|
|
Y2K`
Elite Member
Din: 666
Inregistrat: acum 18 ani
Postari: 970
|
|
Worm/Womble.D
Metode de raspandire:
• Email
• Reteaua locala
Alias:
• Symantec: W32.Womble.A@mm
• Mcafee: W32/Womble@MM
• Kaspersky: Email-Worm.Win32.Womble.d
• F-Secure: Email-Worm.Win32.Womble.d
Sistem de operare:
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
Efecte secundare:
• Descarca fisiere malware
• Utilizeaza propriul motor de email
• Modificari in registri
Fisiere Se copiaza in urmatoarea locatie:
• %SYSDIR%%cuvinte aleatoare%.exe
Creeaza urmatoarele directoare:
• %home%Local SettingsApplication DataMicrosoftWinToolsdvd_info
• %home%Local SettingsApplication DataMicrosoftWinToolsfree
• %home%Local SettingsApplication DataMicrosoftWinToolsh_core
• %home%Local SettingsApplication DataMicrosoftWinToolsl_this
• %home%Local SettingsApplication DataMicrosoftWinToolslunch
• %home%Local SettingsApplication DataMicrosoftWinToolsmy_staff
• %home%Local SettingsApplication DataMicrosoftWinToolsnew_mp3
• %home%Local SettingsApplication DataMicrosoftWinToolsnew_video
• %home%Local SettingsApplication DataMicrosoftWinToolsphoto
• %home%Local SettingsApplication DataMicrosoftWinToolssh_docs
• %home%Local SettingsApplication DataMicrosoftWinToolstake_it
• %home%Local SettingsApplication DataMicrosoftWinToolsvideo
• %home%Local SettingsApplication DataMicrosoftWinToolsxxx
Scrie pe disc copii ale lui alegand numele fisierului din listele:
– Catre: %home%Local SettingsApplication DataMicrosoftWinToolsdvd_info Folosind unul din urmatoarele nume:
• bush
• Me
• My passwords
• MyWife
• Seduction secrets
• MySexMovie
• MySexPicture
• WallPaper
• anna
• Windows serial number
• GoogleHack
• OurNewCar
• OurNewHouse
• .doc
• .jpg
• .txt
• .exe
• .pif
– Catre: %home%Local SettingsApplication DataMicrosoftWinToolsfree Folosind unul din urmatoarele nume:
• bush
• Me
• My passwords
• MyWife
• Seduction secrets
• MySexMovie
• MySexPicture
• WallPaper
• anna
• Windows serial number
• GoogleHack
• OurNewCar
• OurNewHouse
• .doc
• .jpg
• .txt
• .exe
• .pif
– Catre: %home%Local SettingsApplication DataMicrosoftWinToolsh_core Folosind unul din urmatoarele nume:
• bush
• Me
• My passwords
• MyWife
• Seduction secrets
• MySexMovie
• MySexPicture
• WallPaper
• anna
• Windows serial number
• GoogleHack
• OurNewCar
• OurNewHouse
• .doc
• .jpg
• .txt
• .exe
• .pif
– Catre: %home%Local SettingsApplication DataMicrosoftWinToolsl_this Folosind unul din urmatoarele nume:
• bush
• Me
• My passwords
• MyWife
• Seduction secrets
• MySexMovie
• MySexPicture
• WallPaper
• anna
• Windows serial number
• GoogleHack
• OurNewCar
• OurNewHouse
• .doc
• .jpg
• .txt
• .exe
• .pif
– Catre: %home%Local SettingsApplication DataMicrosoftWinToolslunch Folosind unul din urmatoarele nume:
• bush
• Me
• My passwords
• MyWife
• Seduction secrets
• MySexMovie
• MySexPicture
• WallPaper
• anna
• Windows serial number
• GoogleHack
• OurNewCar
• OurNewHouse
• .doc
• .jpg
• .txt
• .exe
• .pif
– Catre: %home%Local SettingsApplication DataMicrosoftWinToolsmy_staff Folosind unul din urmatoarele nume:
• bush
• Me
• My passwords
• MyWife
• Seduction secrets
• MySexMovie
• MySexPicture
• WallPaper
• anna
• Windows serial number
• GoogleHack
• OurNewCar
• OurNewHouse
• .doc
• .jpg
• .txt
• .exe
• .pif
– Catre: %home%Local SettingsApplication DataMicrosoftWinToolsnew_mp3 Folosind unul din urmatoarele nume:
• bush
• Me
• My passwords
• MyWife
• Seduction secrets
• MySexMovie
• MySexPicture
• WallPaper
• anna
• Windows serial number
• GoogleHack
• OurNewCar
• OurNewHouse
• .doc
• .jpg
• .txt
• .exe
• .pif
– Catre: %home%Local SettingsApplication DataMicrosoftWinToolsnew_video Folosind unul din urmatoarele nume:
• bush
• Me
• My passwords
• MyWife
• Seduction secrets
• MySexMovie
• MySexPicture
• WallPaper
• anna
• Windows serial number
• GoogleHack
• OurNewCar
• OurNewHouse
• .doc
• .jpg
• .txt
• .exe
• .pif
– Catre: %home%Local SettingsApplication DataMicrosoftWinToolsphoto Folosind unul din urmatoarele nume:
• bush
• Me
• My passwords
• MyWife
• Seduction secrets
• MySexMovie
• MySexPicture
• WallPaper
• anna
• Windows serial number
• GoogleHack
• OurNewCar
• OurNewHouse
• .doc
• .jpg
• .txt
• .exe
• .pif
– Catre: %home%Local SettingsApplication DataMicrosoftWinToolssh_docs Folosind unul din urmatoarele nume:
• bush
• Me
• My passwords
• MyWife
• Seduction secrets
• MySexMovie
• MySexPicture
• WallPaper
• anna
• Windows serial number
• GoogleHack
• OurNewCar
• OurNewHouse
• .doc
• .jpg
• .txt
• .exe
• .pif
– Catre: %home%Local SettingsApplication DataMicrosoftWinToolstake_it Folosind unul din urmatoarele nume:
• bush
• Me
• My passwords
• MyWife
• Seduction secrets
• MySexMovie
• MySexPicture
• WallPaper
• anna
• Windows serial number
• GoogleHack
• OurNewCar
• OurNewHouse
• .doc
• .jpg
• .txt
• .exe
• .pif
– Catre: %home%Local SettingsApplication DataMicrosoftWinToolsvideo Folosind unul din urmatoarele nume:
• bush
• Me
• My passwords
• MyWife
• Seduction secrets
• MySexMovie
• MySexPicture
• WallPaper
• anna
• Windows serial number
• GoogleHack
• OurNewCar
• OurNewHouse
• .doc
• .jpg
• .txt
• .exe
• .pif
– Catre: %home%Local SettingsApplication DataMicrosoftWinToolsxxx Folosind unul din urmatoarele nume:
• bush
• Me
• My passwords
• MyWife
• Seduction secrets
• MySexMovie
• MySexPicture
• WallPaper
• anna
• Windows serial number
• GoogleHack
• OurNewCar
• OurNewHouse
• .doc
• .jpg
• .txt
• .exe
• .pif
– Catre: c:system32 Folosind unul din urmatoarele nume:
• winupdate.exe
• netupdate.exe
• winlog.exe
• winlogin.exe
– Catre: %directoare partajate din retea% Folosind unul din urmatoarele nume:
• bush
• Me
• My passwords
• MyWife
• Seduction secrets
• MySexMovie
• MySexPicture
• WallPaper
• anna
• Windows serial number
• GoogleHack
• OurNewCar
• OurNewHouse
• .doc
• .jpg
• .txt
• .exe
• .pif
Incearca sa descarce cateva fisiere:
– Adresa este urmatoarea:
• support.365soft.info/current/**********
Acest fisier poate contine si alte locatii de descarcare si poate servi ca sursa de noi amenintari.
– Adresa este urmatoarea:
• support.365soft.info/current/**********
Acest fisier poate contine si alte locatii de descarcare si poate servi ca sursa de noi amenintari.
– Adresa este urmatoarea:
• support.365soft.info/current/**********
Acest fisier poate contine si alte locatii de descarcare si poate servi ca sursa de noi amenintari.
Registrii sistemului Urmatoarea cheie este adaugata in registri pentru a rula procesul la repornirea sistemului:
– [HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun]
• windows_startup=%SYSDIR%%cuvinte aleatoare%.exe
Urmatoarele chei sunt adaugate in registrii sistemului:
– [HKLMSOFTWAREWinUpdate]
• "Version"=dword:00000004
– [HKLMSOFTWAREWinUpload]
• "bot1.exe"=dword:00000002
• "bot2.exe"=dword:00000002
• "l.exe"=dword:00000002
• "t169.exe"=dword:00000002
– [HKCUSoftwareMicrosoftWABWAB4]
• "FirstRun"=dword:00000001
– [HKCUSoftwareMicrosoftWindowsCurrentVersion]
• "wmf.1.1"=dword:01c6db12
• "wmf.1.2"=dword:e8fc9740
Urmatoarele chei din registri sunt modificate:
– [HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]
Vechea valoare:
• "Shell"="Explorer.exe"
• "Userinit"="%SYSDIR%userinit.exe"
Noua valoare:
• "Shell"="Explorer.exe%spatii libere% %SYSDIR%%cuvinte aleatoare%.exe"
• "Userinit"="%SYSDIR%userinit.exe%spatii libere% ,%SYSDIR%%cuvinte aleatoare%.exe"
Email Are un motor SMTP integrat. Va fi facuta o conexiune directa cu serverul destinatar. Iata caracteristicile lui:
De la:
De la: Adresa expeditorului este chiar contul Outlook al utilizatorului
Catre:
– Adrese de email gasite pe sistem.
– Adrese de email obtinute din WAB (Windows Address Book)
Subiect:
Unul din urmatoarele:
• !!; Action Bush; FIFA; Helo; Hi; important; Incredible!!; info; Kiss;
Laura; Laura and John; Lola; Look at this!!!; Miss Khan; Nataly; Ola;
Olympus; Paula; pic; pics; private; private pics; Re:; Re: hi;
Re:info; RE: pic; read this; Robert; Sex
Corpul email-ului:
Corpul email-ului este:
• Hi !!!
%combinatie de caractere aleatoare%
%combinatie de caractere aleatoare%
--
Best Regards
Atasament:
Numele fisierelor atasate este alcatuit dupa cum urmeaza:
– Incepe cu unul din urmatoarele:
• bush
• Me
• My passwords
• MyWife
• Seduction secrets
• MySexMovie
• MySexPicture
• WallPaper
• anna
• Windows serial number
• GoogleHack
• OurNewCar
• OurNewHouse
continuand cu una din urmatoarele:
• .jpg
• .doc
• .txt
Urmata uneori de una din urmatoarele:
• .pif
• .exe
• .zip
• .pif.zip
• .exe.zip
Atasamentul este o copie malware.
Pentru a-si asigura raspandirea, programul malware incearca sa contacteze alte sisteme, asa cum este descris in continuare:
Exploit:
Foloseste urmatoarele vulnerabilitati:
– MS04-011 (LSASS Vulnerability)
– MS05-039 (Vulnerability in Plug and Play)
Backdoor Servere contactate:
Urmatoarele:
• support.365soft.info/current/**********
• support.365soft.info/current/**********
• support.software602.com/current/**********
• support.software602.com/current/**********
• anyproxy.net/current/**********
• anyproxy.net/current/**********
• support.enviroweb.org/current/**********
• support.enviroweb.org/current/**********
• support.nikontech.com/current/**********
• support.nikontech.com/current/**********
• mymail.100hotmail.com/current/**********
• mymail.100hotmail.com/current/**********
• server1.mymail.ph/current/**********
• server1.mymail.ph/current/**********
• mymail.bokee.com/current/**********
• mymail.bokee.com/current/**********
• mail.96520.org/current/**********
• mail.96520.org/current/**********
• 211.184.55.7/current/**********
• 211.184.55.7/current/**********
• update.snowsoft.co.kr/current/**********
• update.snowsoft.co.kr/current/**********
• update.wwwmail.org/current/**********
• update.wwwmail.org/current/**********
• update.mediaroz.com/current/**********
• update.mediaroz.com/current/**********
• update.co.tv/current/**********
• update.co.tv/current/**********
•
•
• baishui.info/current/**********
• baishui.info/current/**********
• jiji.2tw.info/current/**********
• jiji.2tw.info/current/**********
Astfel se pot transmite informatii. Aceasta se face printr-o interogare HTTP GET intr-un script PHP.
Trimte informatii despre:
• Statusul actual al malware-ului
Furt de informatii Incearca sa obtina urmatoarele informatii:
– Informatii despre contul de email, obtinute din cheia de registru: HKCUSoftwareMicrosoftInternet Account ManagerAccounts
Alte informatii Conexiune internet:
Pentru a verifica legatura la internet se conecteaza la urmatoarele servere DNS:
• *.GTLD-SERVERS.net
• *.lan.tjhsst.edu
Cauta o conexiune Internet, contactand urmatorul website:
•
Mutex:
Creeaza urmatorul mutex:
• wmf.mtx.4
Detaliile fisierului Limbaj de programare:
Limbaj de programare folosit: C (compilat cu Microsoft Visual C++).
Compresia fisierului:
Pentru a ingreuna detectia si a reduce marimea fisierului, este folosit un program de compresie runtime
|
|
| pus acum 18 ani |
|
|
Y2K`
Elite Member
Din: 666
Inregistrat: acum 18 ani
Postari: 970
|
|
Worm/Mytob.NT
General Metode de raspandire:
• Email
• Reteaua locala
Alias:
• Symantec: W32.Mytob.AG@mm
• Kaspersky: Net-Worm.Win32.Mytob.u
• Sophos: W32/MyDoom-AJ
• Grisoft: I-Worm/Mytob.AA
• Bitdefender: Win32.Worm.Mytob.AC
Sistem de operare:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
Efecte secundare:
• Blocheaza accesul la anumite website-uri
• Blocheaza accesul la website-uri ale firmelor de securitate
• Utilizeaza propriul motor de email
• Modificari in registri
• Profita de vulnerabilitatile softului
• Posibilitatea accesului neautorizat la computer
Fisiere Se copiaza in urmatoarele locatii:
• %SYSDIR%rnathchk.exe
• c:pic.scr
• c:see_this!.pif
• c:my_picture.scr
Se copiaza intr-o arhiva in urmatoarea locatie:
• %TEMPDIR%tmp%numar hexazecimal%.tmp
Sunt create fisierele:
– Un fisier temporar care poate fi sters dupa aceea:
• %TEMPDIR%tmp%numar hexazecimal%.tmp
Registrii sistemului Urmatoarele chei sunt adaugate in registri, in mod repetat, pentru a asigura pornirea procesului dupa reboot.
– [HKLMSOFTWAREMicrosoftWindowsCurrentVersionRunServices]
• "RealPlayer Ath Check"="rnathchk.exe"
– [HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun]
• "RealPlayer Ath Check"="rnathchk.exe"
– [HKCUSoftwareMicrosoftWindowsCurrentVersionRun]
• "RealPlayer Ath Check"="rnathchk.exe"
Urmatoarele chei sunt adaugate in registrii sistemului:
– [HKCUSoftwareMicrosoftOLE]
• "RealPlayer Ath Check"="rnathchk.exe"
– [HKCUSYSTEMCurrentControlSetControlLsa]
• "RealPlayer Ath Check"="rnathchk.exe"
– [HKLMSOFTWAREMicrosoftOle]
• "RealPlayer Ath Check"="rnathchk.exe"
– [HKLMSYSTEMCurrentControlSetControlLsa]
• "RealPlayer Ath Check"="rnathchk.exe"
Email Are un motor SMTP integrat. Va fi facuta o conexiune directa cu serverul destinatar. Iata caracteristicile lui:
De la:
Adresa este falsificata.
Catre:
– Adrese de email gasite pe sistem.
– Adrese de email obtinute din WAB (Windows Address Book)
– Adrese generate
Subiect:
Unul din urmatoarele:
• Error
• Good day
• Hello
• Mail Delivery System
• Mail Transaction Failed
• Server Report
• Status
Uneori subiectul poate lipsi.
In plus, subiectul email-ului ar putea contine litere aleatoare.
Corpul email-ului:
– Uneori poate contine caractere aleatoare.
Corpul email-ului este unul din textele:
• The message contains Unicode characters and has been sent as a binary attachment.
• Mail transaction failed. Partial message is available.
• Here are your banks documents.
• The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
• The original message was included as an attachment.
Atasament:
Numele fisierului atasat este unul din urmatoarele:
• body.zip
• message.zip
• test.zip
• data.zip
• file.zip
• text.zip
• doc.zip
• readme.zip
• document.zip
• %combinatie de caractere aleatoare%.zip
Atasamentul este o arhiva ce contine chiar o copie malware.
Email Cautare adrese:
Cauta adrese de email in urmatoarele fisiere:
• wab
• adb
• tbb
• dbx
• asp
• php
• sht
• htm
• txt
• tmp
Genereaza adrese pentru campul destinatarului:
Pentru a genera adrese foloseste urmatoarele texte:
• sandra; lolita; britney; bush; linda; julie; jimmy; jerry; helen;
debby; claudia; brenda; anna; madmax; brent; adam; ted; fred; jack;
bill; stan; smith; steve; matt; dave; dan; joe; jane; bob; robert;
peter; tom; ray; mary; serg; brian; jim; maria; leo; jose; andrew;
sam; george; david; kevin; mike; james; michael; alex; john
Combina acest rezultat cu domeniile gasite in fisierele in care a cautat anterior adrese.
Adrese evitate:
Nu trimite email-uri la adrese care contin unul din urmatoarele siruri de caractere:
• accoun; certific; listserv; ntivi; support; icrosoft; admin; page;
the.bat; gold-certs; feste; submit; not; help; service; privacy;
somebody; soft; contact; site; rating; bugs; you; your; someone;
anyone; nothing; nobody; noone; webmaster; postmaster; samples; info;
root; mozilla; utgers.ed; tanford.e; pgp; acketst; secur; isc.o;
isi.e; ripe.; arin.; sendmail; rfc-ed; ietf; iana; usenet; fido;
linux; kernel; google; ibm.com; fsf.; gnu; mit.e; bsd; math; unix;
berkeley; foo.; .mil; gov.; .gov; ruslis; nodomai; mydomai; example;
inpris; borlan; sopho; panda; icrosof; syma; avp; .edu; -._!; -._!@;
abuse; www; be_loyal:
Prefixeaza domeniile adreselor de email:
Pentru a afla IP-ul serverului de mail, poate adauga inaintea domeniului urmatoarele siruri de caractere:
• gate.
• ns.
• relay.
• mail1.
• mxs.
• mx1.
• smtp.
• mail.
• mx.
Reţea Pentru a-si asigura raspandirea, programul malware incearca sa contacteze alte sisteme, asa cum este descris in continuare:
Exploit:
Foloseste urmatoarea vulnerabilitate:
– MS04-011 (LSASS Vulnerability)
Generarea adreselor IP:
Creeaza adrese IP aleatoare, pastrand doar primii doi octeti din propria adresa. Apoi incearca sa contacteze adresele create.
Procesul de infectare:
Se creeaza un script FTP in sistemul afectat, pentru a descarcaun malware pe alt computer controlat la distanta.
Fisierul descarcat este salvat pe masina infectata, cu numele: %SYSDIR%wtfhe.exe
IRC Pentru a trimite informatii si pentru a fi controlat se conecteaza la serverul IRC:
Server: spm.slo-par**********
Port: 48275
Parola serverului: 57248
Canal: #hb2
Nick: [i]%combinatie de caractere aleatoare%
Parola: sp4m
– Acest malware poate obtine si trimite urmatoarele informatii:
• Timpul de cand malware-ul a fost lansat in executie
– In plus, poate efectua urmatoarele operatii:
• descarcare fisier
• executarea unui fisier
• Se actualizeaza singur
Fisiere host Fisierul
– In acest caz inregistrarile existente raman nemodificate.
– Accesul la urmatoarele domenii este blocat:
•; securityresponse.symantec.com; symantec.com;
; sophos.com;; mcafee.com;
liveupdate.symantecliveupdate.com;; viruslist.com;
viruslist.com; f-secure.com;; kaspersky.com;
;; avp.com;;
networkassociates.com;; ca.com; mast.mcafee.com;
my-etrust.com;; download.mcafee.com;
dispatch.mcafee.com; secure.nai.com; nai.com;;
update.symantec.com; updates.symantec.com; us.mcafee.com;
liveupdate.symantec.com; customer.symantec.com; rads.mcafee.com;
trendmicro.com;;;
metalhead2005.info; irc.blackcarder.net; d66.myleftnut.info
Email Cautare adrese:
Cauta adrese de email in urmatoarele fisiere:
• wab
• adb
• tbb
• dbx
• asp
• php
• sht
• htm
• txt
• tmp
Genereaza adrese pentru campul destinatarului:
Pentru a genera adrese foloseste urmatoarele texte:
• sandra; lolita; britney; bush; linda; julie; jimmy; jerry; helen;
debby; claudia; brenda; anna; madmax; brent; adam; ted; fred; jack;
bill; stan; smith; steve; matt; dave; dan; joe; jane; bob; robert;
peter; tom; ray; mary; serg; brian; jim; maria; leo; jose; andrew;
sam; george; david; kevin; mike; james; michael; alex; john
Combina acest rezultat cu domeniile gasite in fisierele in care a cautat anterior adrese.
Adrese evitate:
Nu trimite email-uri la adrese care contin unul din urmatoarele siruri de caractere:
• accoun; certific; listserv; ntivi; support; icrosoft; admin; page;
the.bat; gold-certs; feste; submit; not; help; service; privacy;
somebody; soft; contact; site; rating; bugs; you; your; someone;
anyone; nothing; nobody; noone; webmaster; postmaster; samples; info;
root; mozilla; utgers.ed; tanford.e; pgp; acketst; secur; isc.o;
isi.e; ripe.; arin.; sendmail; rfc-ed; ietf; iana; usenet; fido;
linux; kernel; google; ibm.com; fsf.; gnu; mit.e; bsd; math; unix;
berkeley; foo.; .mil; gov.; .gov; ruslis; nodomai; mydomai; example;
inpris; borlan; sopho; panda; icrosof; syma; avp; .edu; -._!; -._!@;
abuse; www; be_loyal:
Prefixeaza domeniile adreselor de email:
Pentru a afla IP-ul serverului de mail, poate adauga inaintea domeniului urmatoarele siruri de caractere:
• gate.
• ns.
• relay.
• mail1.
• mxs.
• mx1.
• smtp.
• mail.
• mx.
Reţea Pentru a-si asigura raspandirea, programul malware incearca sa contacteze alte sisteme, asa cum este descris in continuare:
Exploit:
Foloseste urmatoarea vulnerabilitate:
– MS04-011 (LSASS Vulnerability)
Generarea adreselor IP:
Creeaza adrese IP aleatoare, pastrand doar primii doi octeti din propria adresa. Apoi incearca sa contacteze adresele create.
Procesul de infectare:
Se creeaza un script FTP in sistemul afectat, pentru a descarcaun malware pe alt computer controlat la distanta.
Fisierul descarcat este salvat pe masina infectata, cu numele: %SYSDIR%wtfhe.exe
IRC Pentru a trimite informatii si pentru a fi controlat se conecteaza la serverul IRC:
Server: spm.slo-par**********
Port: 48275
Parola serverului: 57248
Canal: #hb2
Nick: [i]%combinatie de caractere aleatoare%
Parola: sp4m
– Acest malware poate obtine si trimite urmatoarele informatii:
• Timpul de cand malware-ul a fost lansat in executie
– In plus, poate efectua urmatoarele operatii:
• descarcare fisier
• executarea unui fisier
• Se actualizeaza singur
Fisiere host Fisierul
– In acest caz inregistrarile existente raman nemodificate.
– Accesul la urmatoarele domenii este blocat:
•; securityresponse.symantec.com; symantec.com;
; sophos.com;; mcafee.com;
liveupdate.symantecliveupdate.com;; viruslist.com;
viruslist.com; f-secure.com;; kaspersky.com;
;; avp.com;;
networkassociates.com;; ca.com; mast.mcafee.com;
my-etrust.com;; download.mcafee.com;
dispatch.mcafee.com; secure.nai.com; nai.com;;
update.symantec.com; updates.symantec.com; us.mcafee.com;
liveupdate.symantec.com; customer.symantec.com; rads.mcafee.com;
trendmicro.com;;;
metalhead2005.info; irc.blackcarder.net; d66.myleftnut.info
Email Cautare adrese:
Cauta adrese de email in urmatoarele fisiere:
• wab
• adb
• tbb
• dbx
• asp
• php
• sht
• htm
• txt
• tmp
Genereaza adrese pentru campul destinatarului:
Pentru a genera adrese foloseste urmatoarele texte:
• sandra; lolita; britney; bush; linda; julie; jimmy; jerry; helen;
debby; claudia; brenda; anna; madmax; brent; adam; ted; fred; jack;
bill; stan; smith; steve; matt; dave; dan; joe; jane; bob; robert;
peter; tom; ray; mary; serg; brian; jim; maria; leo; jose; andrew;
sam; george; david; kevin; mike; james; michael; alex; john
Combina acest rezultat cu domeniile gasite in fisierele in care a cautat anterior adrese.
Adrese evitate:
Nu trimite email-uri la adrese care contin unul din urmatoarele siruri de caractere:
• accoun; certific; listserv; ntivi; support; icrosoft; admin; page;
the.bat; gold-certs; feste; submit; not; help; service; privacy;
somebody; soft; contact; site; rating; bugs; you; your; someone;
anyone; nothing; nobody; noone; webmaster; postmaster; samples; info;
root; mozilla; utgers.ed; tanford.e; pgp; acketst; secur; isc.o;
isi.e; ripe.; arin.; sendmail; rfc-ed; ietf; iana; usenet; fido;
linux; kernel; google; ibm.com; fsf.; gnu; mit.e; bsd; math; unix;
berkeley; foo.; .mil; gov.; .gov; ruslis; nodomai; mydomai; example;
inpris; borlan; sopho; panda; icrosof; syma; avp; .edu; -._!; -._!@;
abuse; www; be_loyal:
Prefixeaza domeniile adreselor de email:
Pentru a afla IP-ul serverului de mail, poate adauga inaintea domeniului urmatoarele siruri de caractere:
• gate.
• ns.
• relay.
• mail1.
• mxs.
• mx1.
• smtp.
• mail.
• mx.
Reţea Pentru a-si asigura raspandirea, programul malware incearca sa contacteze alte sisteme, asa cum este descris in continuare:
Exploit:
Foloseste urmatoarea vulnerabilitate:
– MS04-011 (LSASS Vulnerability)
Generarea adreselor IP:
Creeaza adrese IP aleatoare, pastrand doar primii doi octeti din propria adresa. Apoi incearca sa contacteze adresele create.
Procesul de infectare:
Se creeaza un script FTP in sistemul afectat, pentru a descarcaun malware pe alt computer controlat la distanta.
Fisierul descarcat este salvat pe masina infectata, cu numele: %SYSDIR%wtfhe.exe
IRC Pentru a trimite informatii si pentru a fi controlat se conecteaza la serverul IRC:
Server: spm.slo-par**********
Port: 48275
Parola serverului: 57248
Canal: #hb2
Nick: [i]%combinatie de caractere aleatoare%
Parola: sp4m
– Acest malware poate obtine si trimite urmatoarele informatii:
• Timpul de cand malware-ul a fost lansat in executie
– In plus, poate efectua urmatoarele operatii:
• descarcare fisier
• executarea unui fisier
• Se actualizeaza singur
Fisiere host Fisierul
– In acest caz inregistrarile existente raman nemodificate.
– Accesul la urmatoarele domenii este blocat:
•; securityresponse.symantec.com; symantec.com;
; sophos.com;; mcafee.com;
liveupdate.symantecliveupdate.com;; viruslist.com;
viruslist.com; f-secure.com;; kaspersky.com;
;; avp.com;;
networkassociates.com;; ca.com; mast.mcafee.com;
my-etrust.com;; download.mcafee.com;
dispatch.mcafee.com; secure.nai.com; nai.com;;
update.symantec.com; updates.symantec.com; us.mcafee.com;
liveupdate.symantec.com; customer.symantec.com; rads.mcafee.com;
trendmicro.com;;;
metalhead2005.info; irc.blackcarder.net; d66.myleftnut.info
Email Cautare adrese:
Cauta adrese de email in urmatoarele fisiere:
• wab
• adb
• tbb
• dbx
• asp
• php
• sht
• htm
• txt
• tmp
Genereaza adrese pentru campul destinatarului:
Pentru a genera adrese foloseste urmatoarele texte:
• sandra; lolita; britney; bush; linda; julie; jimmy; jerry; helen;
debby; claudia; brenda; anna; madmax; brent; adam; ted; fred; jack;
bill; stan; smith; steve; matt; dave; dan; joe; jane; bob; robert;
peter; tom; ray; mary; serg; brian; jim; maria; leo; jose; andrew;
sam; george; david; kevin; mike; james; michael; alex; john
Combina acest rezultat cu domeniile gasite in fisierele in care a cautat anterior adrese.
Adrese evitate:
Nu trimite email-uri la adrese care contin unul din urmatoarele siruri de caractere:
• accoun; certific; listserv; ntivi; support; icrosoft; admin; page;
the.bat; gold-certs; feste; submit; not; help; service; privacy;
somebody; soft; contact; site; rating; bugs; you; your; someone;
anyone; nothing; nobody; noone; webmaster; postmaster; samples; info;
root; mozilla; utgers.ed; tanford.e; pgp; acketst; secur; isc.o;
isi.e; ripe.; arin.; sendmail; rfc-ed; ietf; iana; usenet; fido;
linux; kernel; google; ibm.com; fsf.; gnu; mit.e; bsd; math; unix;
berkeley; foo.; .mil; gov.; .gov; ruslis; nodomai; mydomai; example;
inpris; borlan; sopho; panda; icrosof; syma; avp; .edu; -._!; -._!@;
abuse; www; be_loyal:
Prefixeaza domeniile adreselor de email:
Pentru a afla IP-ul serverului de mail, poate adauga inaintea domeniului urmatoarele siruri de caractere:
• gate.
• ns.
• relay.
• mail1.
• mxs.
• mx1.
• smtp.
• mail.
• mx.
Reţea Pentru a-si asigura raspandirea, programul malware incearca sa contacteze alte sisteme, asa cum este descris in continuare:
Exploit:
Foloseste urmatoarea vulnerabilitate:
– MS04-011 (LSASS Vulnerability)
Generarea adreselor IP:
Creeaza adrese IP aleatoare, pastrand doar primii doi octeti din propria adresa. Apoi incearca sa contacteze adresele create.
Procesul de infectare:
Se creeaza un script FTP in sistemul afectat, pentru a descarcaun malware pe alt computer controlat la distanta.
Fisierul descarcat este salvat pe masina infectata, cu numele: %SYSDIR%wtfhe.exe
IRC Pentru a trimite informatii si pentru a fi controlat se conecteaza la serverul IRC:
Server: spm.slo-par**********
Port: 48275
Parola serverului: 57248
Canal: #hb2
Nick: [i]%combinatie de caractere aleatoare%
Parola: sp4m
– Acest malware poate obtine si trimite urmatoarele informatii:
• Timpul de cand malware-ul a fost lansat in executie
– In plus, poate efectua urmatoarele operatii:
• descarcare fisier
• executarea unui fisier
• Se actualizeaza singur
Fisiere host Fisierul
– In acest caz inregistrarile existente raman nemodificate.
– Accesul la urmatoarele domenii este blocat:
•; securityresponse.symantec.com; symantec.com;
; sophos.com;; mcafee.com;
liveupdate.symantecliveupdate.com;; viruslist.com;
viruslist.com; f-secure.com;; kaspersky.com;
;; avp.com;;
networkassociates.com;; ca.com; mast.mcafee.com;
my-etrust.com;; download.mcafee.com;
dispatch.mcafee.com; secure.nai.com; nai.com;;
update.symantec.com; updates.symantec.com; us.mcafee.com;
liveupdate.symantec.com; customer.symantec.com; rads.mcafee.com;
trendmicro.com;;;
metalhead2005.info; irc.blackcarder.net; d66.myleftnut.info
Backdoor Deschide portul
– rnathchk.exe pe portul TCP 36276 pentru a functiona ca server FTP.
Alte informatii Mutex:
Creeaza urmatorul mutex:
• I_FUCK_DEAD_PPL
Detaliile fisierului Limbaj de programare:
Limbaj de programare folosit: C (compilat cu Microsoft Visual C++).
Compresia fisierului:
Pentru a ingreuna detectia si a reduce marimea fisierului, este folosit un program de compresie runtime.
|
|
| pus acum 18 ani |
|
gaby_dylyu
Old School Member
 Inregistrat: acum 18 ani
Postari: 422
|
|
 preety cool Y2k
_______________________________________
Always Expect The Unexpected!!!
|
|
| pus acum 18 ani |
|
|
Y2K`
Elite Member
Din: 666
Inregistrat: acum 18 ani
Postari: 970
|
|
thax  o sa mai caut pe goole si o sa mai bag
|
|
| pus acum 18 ani |
|
|
Y2K`
Elite Member
Din: 666
Inregistrat: acum 18 ani
Postari: 970
|
|
Worm/Sdbot.51974
Worm/Sdbot.51974
Nume: Worm/Sdbot.51974
Descoperit pe data de: 07/09/2006
Tip: Vierme
ITW: Nu
Numar infectii raportate: Scazut
Potential de raspandire: Mediu
Potential de distrugere: Mediu
Fisier static: Da
Marime: 51.974 Bytes
MD5: a11bf9ceff0c7cef69a730afb3390cd9
Versiune VDF: 6.35.01.195
Versiune IVDF: 6.35.01.199
General Metoda de raspandire:
• Reteaua locala
Alias:
• TrendMicro: WORM_SDBOT.XY
• Grisoft: IRC/BackDoor.SdBot2.HRV
Sistem de operare:
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
Efecte secundare:
• Creeaza un fisier malware
• Reduce setarile de securitate
• Modificari in registri
• Posibilitatea accesului neautorizat la computer
Fisiere Se copiaza in urmatoarea locatie:
• %SYSDIR%axux.exe
Este creat fisierul:
– C:sirh0t_changes_ur_hostfile.bat Fisierul este executat dupa ce a fost creat. Analiza ulterioara a relevat ca si acest fisier este malware. Detectat ca: 2293
Registrii sistemului Urmatoarele chei sunt adaugate in registri pentru a rula procesul la repornirea sistemului:
– [HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun]
• "null"="axux.exe"
– [HKLMSOFTWAREMicrosoftWindowsCurrentVersionRunServices]
• "null"="axux.exe"
– [HKCUSoftwareMicrosoftWindowsCurrentVersionRun]
• "null"="axux.exe"
Creeaza urmatoarea valoare, pentru a trece de Windows XP firewall:
– [HKLMSYSTEMCurrentControlSetServicesSharedAccessParameters
FirewallPolicyStandardProfileAuthorizedApplicationsList]
• "%windir%system32axux.exe"="%windir%system32axux.exe:*:Enabled:@xpsp2res.dll,-22019"
Reţea Pentru a-si asigura raspandirea, programul malware incearca sa contacteze alte sisteme, asa cum este descris in continuare:
Creeaza copii malware in urmatoarele share-uri de retea:
• IPC$
• C$
• D$
• E$
• print$
• Admin$
Foloseste urmatoarele date de logare, pentru a controla sistemul la distanta:
– Lista de utilizatori si parole:
• zxcv; zxc; zulu; zombie; zmodem; zimmerman; zimmerma; ziggy; zeitgeis;
zebra; zap; yxcv; youwontguessme; young; yosemite; yolanda;
yellowstone; yellowst; yellow; yankee; yang; yaco; xyzzy; xyz;
xxxxxxxxx; xxxxxxxx; xxxxxxx; xxxxxx; xxxxx; xxxx; xxx; xray; xmodem;
xmen; xman; xfer; xena; wyoming; wwwadmin; www; wwii; WRITE; wormwood;
worm; work; worf; wordperf; word; woodwind; wood; women; wombat;
woman; wolverin; wolf; wizard; within; wiseass; wisconsin; wisconsi;
wired; winxp; winston; winpass; winnt; wing; wine; windozexp;
windozeME; windoze98; windoze95; windoze2k; windoze; windowz;
WindowsXP; windowsME; windows98; windows95; windows2k; windows;
windose; win98; win2k; win2000; win; wilma; willie; williamsburg;
williams; william; will; wileecoyote; whore; wholesale; wholesal;
whitney; whiting; white; whisky; whatnot; whatever; wh0re; wh0r3;
western; west; werewolf; wendy; wendi; well; weenie; weed; wednesda;
webpage; web; wave; water; watchwor; wasp; warren; warp; wargames;
warfare; warez; ward; waco; w00t; vodka; visualba; visual; visitor;
virus; virginia; virgin; village; videogam; video; victor; vicky;
vertigo; veronica; venus; vasant; vampire; valerie; vagina;
uwontguessme; uucp; utility; util; usmc; userpassword; username;
usermane; user1; User; USER; user; usenet; ursula; urchin; uranus;
upload; unlock; Unknown; unknown; unix; universi; universe; universa;
uniform; unicorn; unhappy; undo; uncle; umesh; ugly; tuttle; turnip;
turn; tuesday; tubas; tty; truth; true; tron; trombone; trojan;
trivial; trisha; trek; tree; trapdoor; trap; transfer; trails; tracy;
tracie; traci; toyota; toxic; tortoise; topography; topograp; tomato;
tokenrin; token; toggle; toad; tits; tina; time; tiger; tiffany;
thursday; thin; theresa; thailand; text; tetris; testing; testin;
tester; test123; Test; test; TEST; tess; terminat; terminal; tera;
tennis; temptation; temptati; temp123; temp; TEMP; telnet; telephone;
telephon; teenage; teen; technical; tech; tears; teapot; team;
teacher; taylor; tarragon; target; tara; tape; tango; tangerine;
tangerin; tammy; tamie; tami; tamara; tall; talk; tabasco; SYSTEM;
system; sysop; sysadmin; sys; symmetry; sybil; sybase; sword; switch;
sweat; swearer; suzie; suzanne; susie; susanne; susan; surfing;
surfer; supported; supporte; support; supervis; superuser; superuse;
superstage; supersta; superson; superman; super; sunday; sun; summer;
sue; cenzurat; suckmydi; cenzurat; success; subway; subscrib; stuttgart;
stuttgar; student1; student; strip; string; streetfi; stratford;
stratfor; strangle; strange; stones; stoned; stoneage; steve; stereo;
stephanie; stephani; steph; steel; steal; steak; starwars; startup;
startrek; start; starship; star; Standard; staff; stacy; stacie;
staci; stacey; sr71; squires; sqlpass; sqlagent; sql; spunk; springer;
spring; spred; spit; spiderma; spider; spice; spencer; spell; spear;
sparrows; spaceshi; spaceman; south; source; sossina; sonya; sonic;
sonia; sondra; somebody; software; soft; sodomy; socrates; social;
soap; snoopy; snatch; snake; snafu; snach; smut; smtp; smother;
smooch; smiles; smile; smart; small; slut; slow; sliders; slick;
slave; skull; site; single; singer; simulati; simpsons; simple; simon;
simcity; silver; signature; signatur; sierra; siemens; sick; shuttle;
short; shivers; shiva; shitpot; shit; shirley; shift; sherri; shell;
sheldon; sheffield; sheffiel; sharon; sharks; shark; SHARE; sharc;
shannon; sexy; sex; sesame; service; SERVER; serial; serenity; sentry;
sentinel; sensor; sega; seed; security; secret; search; scriptkiddie;
script; scout; scotty; scott; scorpion; scifi; schoolsucks; school;
scheme; scamper; saxon; saturn; saturday; satanik; satanic; satan;
sarah; sara; sandy; sandra; sample; samantha; sam; salt; sale; salami;
sal; sage; safe; ruth; rush; running; rules; rude; ruby; ruben;
rubber; RPC; rough; Ross; roses; rosemary; rosebud; rose;
RoscoPColtrane; RoscoP; Rosco; rooted; ROOT; root; ronald; ron;
romulan; romeo; romano; rolex; rodent; rockyhor; rocky; rock;
rochester; rocheste; rochelle; robyn; robotics; robot; robin; robert;
roach; rje; risc; ripple; riot; ring; rightwin; right; riffraff; rick;
rich; rhino; reveal; resistan; republic; report; rent; reno; renee;
remote; release; regional; referenc; redhead; reddawn; record; rebel;
rebecca; rebal; reaper; ream; really; reality; reagan; READ; razor;
rascal; rape; random; raleigh; raindrop; rainbow; rain; raid; RAGE;
rachmaninoff; rachmani; rachelle; rachel; rabbit; r00t; qwerty; qwert;
qwer; qwe; quebec; qaz; pwd; pw123; pussy; puppet; punk; punisher;
puneet; pumpkin; puke; puck; public; pub; psychopa; psycho; protozoa;
protect; prompt; program; profile; professor; professo; processo;
proceed; privs; private; priv; printer; princeton; princeto; prince;
presto; prelude; precious; praise; power; poster; post; porsche;
porno; porn; pork; poor; poop; pondering; ponderin; polynomial;
polynomi; polly; police; poetry; plymouth; pluto; plover; playboy;
plane; pizza; piss; pinname; pink; pimp; pierre; pick; phuck; phreak;
phrase; phrack; photon; phone; phoenix; philip; phil; peter; pete;
pervert; persona; persimmon; persimmo; permit; perfect; percolate;
percolat; pepsi; pepper; peoria; pentium; penthous; pentagra;
pentagon; penname; penis; Penis; penguin; penelope; pencil; pecker;
peanuts; paula; patty; patriot; patrick; patricia; pat; paste;
password123; password1; Password; PASSWORD; password; passwd;
passphra; pass1234; pass123; pass; pascal; papers; paper; papa;
pamela; pam; pakistan; paint; painless; pad; packer; packard; pacific;
oxford; Owner; OWNER; owner; owned; own; owa; outside; output;
outlook; outlaw; outdoors; osiris; oscar; orwell; orient; orca;
orange; oracle; operator; opensesa; openlock; opening; omega; olivia;
olivetti; oldage; okay; office; oemuser; oeminstall; OEM; oem; ocelot;
oceanography; oceanogr; obscurit; nyquist; nuts; nutrition; nutritio;
number; null; nukem; nuke; nude; nuclear; noxious; november; novel;
nova; noth; notes; noreen; noob; none; nokia; node; nobody; noble;
nnaacp; nita; nintendo; Nilez; nightmar; night; nicotine; nicole;
nice; next; newyork; newton; newsgrou; news; newborn; new; network;
netscape; netfuck; netdevil; netbios; net-devil; net; ness; neptune;
nepenthe; neil; navy; nasa; napoleon; nancy; name; nagel; mypc123;
mypc; mypass123; mypass; mutant; muppets; msdos; mpeg; mozart; movies;
movie; move; mouse; mountain; mosaic; mortgage; mortalco; mortal;
morris; morley; more; moose; moor; moom; monica; monday; moguls;
mogul; modem; mkii; mit; mission; misfit; minsky; minimum; mine; mike;
midieval; microsof; micropro; microchi; micro; mickey; michelle;
michele; michelan; michel; michael; mice; mgr; mets; metalica;
metalhea; metal; merlin; mercury; menu; menace; memory; member;
melrose; mellon; melissa; megan; megadeth; megabyte; meagan; maurice;
Matthew; Matt; math; Mat; master; mass; mason; mary; marvin; marty;
mars; marriage; marni; markus; mark; marines; marijuan; marietta;
mariens; maria; marcy; marci; mara; manager; mana; malcom; malcolm;
maint; main; mail; magnet; magic; maggot; macro; mack; macintosh;
macintos; machine; lynne; lynn; lust; luke; lude; lucy; lucus; luck;
lover; lovebug; love; louis; loser; lorraine; lorin; lori; lore;
loose; lolopc; lol; lois; logout; loginwor; loginpass; Login; login;
logic; lockword; lockout; lock; LOCAL; load; liz; live; literatu;
lisp; lisa; lips; lion; linux; link; linda; limited; limbaugh; lima;
lightsab; light; life; licker; lick; library; liberal; lexluthe;
lewis; letmein; leslie; lesbian; leroy; leland; legal; leftwing; left;
leet; lee; lebesgue; leah; lazer; lazarus; lava; laura; laser; larry;
larkin; lara; laptop; lana; lan; lamination; laminati; lambda; lakers;
ladle; ladies; l33t; l337; kristy; kristine; kristin; kristie; kristi;
kristen; krista; known; knightma; knight; knife; klingon; kitten;
kissmyas; kiss; kirkland; kirk; king; kimberly; kim; kilo; killthem;
killer; kill; kids; kiddie; keyword; keyin; keybord; key; kewl; kevin;
kerry; kerrie; kerri; kernel; kermit; keri; kelly; katrina; katina;
katie; kathy; kathrine; kathleen; kate; katana; karina; karie; karen;
kaka; jupiter; june; juliet; julie; julia; juicy; juggle; judy;
judith; joyce; joy; journal; joshua; joseph; johnny; johndoe; john;
joe; jody; joanne; joan; jixian; jill; jewelry; jester; jessica;
jerusale; jerry; jenny; jennifer; jenni; jen; jeff; jeanne; jean;
jazz; java; jasmin; japan; janie; janice; janet; jane; jail; jackie;
isis; irule; irishman; irene; Inviter; invent; intranet; internet;
Internet; integer; inside; input; innocuous; innocuou; inna; ingrid;
ingress; ingres; indians; indiana; indian; india; include; imperial;
immortal; imbroglio; imbrogli; image; illumina; ihavenopass; icecream;
ibm; ian; hypertxt; hyper; hydrogen; hutchins; hunter; hunt; http;
hotel; hotdog; host; horus; horse; horror; horrible; horny; hooters;
hooker; honey; homework; homeuser; homer; homepage; home; hollywoo;
holly; hole; hits; hitler; highland; high; hidden; hibernia; hiawatha;
hexadeci; hewlett; heroin; hero; herbert; herb; help; hello; hell;
heinlein; heidi; hebrides; heaven; heather; heathen; heat; headoffice;
headbang; head; haxing; hax0r; hax; hawaii; haven; hate; harvey;
harold; harmony; harddriv; hardcore; hard; happening; happenin;
handjob; handily; handel; hamster; hamlet; hallowee; hal; hair; hagar;
hacker; hacked; hack; h4x1ng; h4x0ring; h4x0r1ng; guntis; gumption;
guitar; Guest; GUEST; guest; guessme; guess; gucci; guardian; gryphon;
group; green; great; grant; grand; grahm; graham; grades; govermen;
gouge; gosling; gorges; gorgeous; good; golfer; golf; golden; gold;
godblessyou; god; gobo; gnu; glen; glacier; girl; ginger; gina;
gigabyte; gibson; ghost; gertrude; germ; george; gauss; gatt;
gatherin; gateway; Gast; garfield; gardner; games; gabriel; fungible;
function; fun; FULL; fudge; fuckyou; fuckme; fucking; fucker; fucked;
cenzurat; fubar; fryguy; frog; frighten; friends; friend; friday; french;
freedom; free; freddy; fred; freak; frank; france; foxtrot; fourier;
forsythe; fornicat; format; form; forever; foresight; foresigh; ford;
force; football; foolproof; foolproo; fool; food; foobar; flowers;
flower; florida; float; flakes; fishers; fish; firewall; fire; finite;
FILES; file; fight; field; fidelity; ferrari; fermat; fender; felicia;
feds; fear; fast; fart; faraday; farad; family; false; falcon; faith;
fairway; extension; extensio; explosiv; explorer; explore; explode;
expert; exchnge; exchange; evelyn; euclid; eternity; estate;
establish; establis; ersatz; erotic; erin; erika; erica; eric;
erenity; enzyme; enterprise; enterpri; enter; english; england;
engineer; engine; enemy; enable; emmanuel; emily; emerald; email;
ellen; elizabeth; elizabet; elephant; electron; elanor; elaine;
einstein; einsiein; eileen; eiderdown; eiderdow; egghead; edwina;
edwin; education; educatio; edu; edition; edit; edinburgh; edinburg;
edges; eddie; echo; eatme; easy; easier; earth; eagle; eager; dyke;
dungeon; duncan; dulce; duke; duelist; dudette; dude; dud3; duck;
drought; drive; drdoom; dragon; dos; dope; doors; door; doonesbu;
doomsday; doomii; doom2; doom; dong; donaldduck; domainpassword;
domainpass; domain; dollar; dog; doctor; display; disney; diskette;
disk; discovery; discover; disclose; discipli; disc; dirty; director;
direct; dipshit; dinosaur; digital; dieter; diet; diehard; dick; dice;
diane; diana; diamond; dial; devil; device; develop; desperate;
desperat; desktop; desk; desiree; dennis; denise; democrat; demo;
DEMO; deluge; delta; Dell; dell; defoe; Default; DEFAULT; default;
deck; december; debug; deborah; debbie; deb; deathsta; death; dead;
dbpassword; dbpass; db1234; db1; dawn; dave; databasepassword;
databasepass; database; data; darkaven; dark; dapper; danny; danielle;
daniel; dancer; dana; daisy; daemon; d00d; cynthia; cyberspa;
cyberpun; cyber; customer; cunt; ctx; cshrc; crystal; cristina;
criminal; crime; cretin; creosote; credit; creature; creation; create;
cream; crash; crackpot; crack; cowboy; couscous; country; counters;
correct; cornelius; corneliu; copy; cops; copper; cooper; cool;
cookie; cookbook; cook; control; continue; console; conserva; connie;
connect; condom; condo; comrades; comrade; computin; computer; compaq;
company; commrades; commrade; commit; comics; combat; color; collins;
cold; cola; coke; coin; coffee; codeword; codename; code; cock;
cocainco; cocacola; coast; clusters; cluster; clinton; cleavage;
claymore; claudia; classic; classes; class; cisco; cindy; cigarett;
cigar; CHT; christy; christine; christina; christin; chris; chip;
chester; chess; chemistry; chemistr; chem; CHECK; chat; charon;
charming; charlie; charles; charity; Changeme; changeme; change;
cerulean; celtics; celtic; celt; cecily; cayuga; cave; cathy;
catholic; catherine; catherin; cat; castle; cash; cascades; carson;
carrie; caroline; carolina; carole; carol; carmen; carla; caren;
cardinal; card; capture; captain; capitol; cantor; candy; candi;
camping; campanile; campanil; camille; californ; cad; butthead; butt;
butch; burn; burgess; bung; bumbling; bullshit; bulls; bsd; brutefor;
brute; brunette; bruce; brothel; broadway; bridget; brian; brenda;
breast; break; bravo; brandy; brandi; bradley; boyscout; BOTH; born;
book; boobs; boob; boner; bomb; bob; board; blues; blue; blowjob;
blow; bloodaxe; blood; blondie; blonde; blank; black; bla; bitnet;
bitmap; bitch; bishop; bird; bios; binary; billy; bill; bigfoot;
bicameral; bicamera; bible; beverly; betty; betsie; beth; beta; beryl;
berliner; berlin; berkeley; beowulf; benz; beloved; bell; behead;
begin; beethoven; beethove; becky; beaver; beauty; beater; beast;
bear; beammeup; beach; batman; batch; bassoon; bass; basic; baseball;
bartman; bart; baritone; barf; bare; barber; barbara; banks; bank;
bandit; bananas; banana; ball; bailey; badass; backup; BACKUP;
backdoor; bacchus; baby; babe; azure; aztecs; authoriz; attack; atom;
atmosphere; atmosphe; athena; asshole; asm; asian; asdfgh; asdf; asd;
artist; arthur; arrow; army; arlene; ariadne; aria; april; apollo13;
anything; anvils; anthropogenic; anthropo; anthrax; answer; anonymou;
anon; annette; anne; anna; ann; anita; animals; animal; angie;
angerine; angela; anfo; andy; andromache; andromac; android; andrea;
anchor; anarchy; anarchis; analog; anal; amy; amorphous; amorphou;
america; amber; amanda; amadeus; ama; alphabet; alpha; allow; allison;
alison; alisa; alicia; alice; aliases; algebra; alf; Alexander;
alexande; Alex; alex; alert; albert; albatross; albatros; albany;
alaska; Al3x; airplane; aids; afro; aerobics; adult; adrianna; adrian;
Administrator; ADMINISTRATOR; administrator; Administrateur;
Administrador; EdmInistreiter; L'amministratore; oikeusministeri;
forsterkning; administrada; administrat; admin123; Admin; ADMIN;
admin; adm; adam; ada; accounts; accounting; account; access; ACCESS;
accept; academic; academia; abcd; abc123; abc; aaa; 88888888; 654321;
54321; 2600; 2003; 2002; 123qwe; 123asd; 123abc; 1234qwer; 123467890;
12346789; 1234678; 123467; 12346; 123456789; 12345678; 1234567;
123456; 12345; 1234; 123123; 123; 121212; 121; 11111111; 111111; 111;
110; 0wned; 0wn3d; 007; 00000000; 000000; 00000; 0000; 000; !@; $%^&*;
!@; $%^&; !@; $%^; !@; $%; !@; $
Exploit:
– NetDevil backdoor (port 903)
Activare de la distanta:
–Incearca sa activeze de la distanta malware-ul pe sistemul recent infectat. Pentru aceasta, apeleaza functia NetScheduleJobAdd.
IRC Pentru a trimite informatii si pentru a fi controlat se conecteaza la serverul IRC:
Server: federa.mine.**********
Port: 3300
Parola serverului: 146751dhzx
Canal: #100+
Nick: %combinatie de caractere aleatoare%
Parola: hzx
– Acest malware poate obtine si trimite infomatii cum ar fi:
• Viteza procesorului
• Utilizatorul curent
• Informatii despre drivere
• Spatiu liber pe disc
• Memorie nealocata
• Timpul de cand malware-ul a fost lansat in executie
• Cantitatea de memorie
• Utilizator
• Informatii despre sistemul de operare
– In plus, poate efectua urmatoarele operatii:
• Lanseaza atacuri DDoS SYN
• descarcare fisier
• terminare proces
• Porneste keylog
• Se actualizeaza singur
Alte informatii Mutex:
Creeaza urmatorul mutex:
• nobb
Detaliile fisierului Limbaj de programare:
Limbaj de programare folosit: C (compilat cu Microsoft Visual C++).
Compresia fisierului:
Pentru a ingreuna detectia si a reduce marimea fisierului, este folosit urmatorul program de arhivare:
• MEW
|
|
| pus acum 18 ani |
|
|
Y2K`
Elite Member
Din: 666
Inregistrat: acum 18 ani
Postari: 970
|
|
Worm/Feebs.AE
Nume: Worm/Feebs.AE
Descoperit pe data de: 20/02/2006
Tip: Vierme
ITW: Nu
Numar infectii raportate: Scazut
Potential de raspandire: Mediu spre ridicat
Potential de distrugere: Mediu
Fisier static: Da
Marime: 56.214 Bytes
MD5: e993933860b0cf594fc3459ec17fa77a
Versiune VDF: 6.33.01.06
Versiune IVDF: 6.33.01.06
General Metode de raspandire:
• Email
• Peer to Peer
Alias:
• Symantec: W32.Feebs
• TrendMicro: WORM_FEEBS.HO
• Sophos: W32/Feebs-N
• VirusBuster: Worm.Feebs.BI
• Eset: Win32/Mocalo.BO
Sistem de operare:
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
Efecte secundare:
• Creeaza fisiere malware
• Utilizeaza propriul motor de email
• Modificari in registri
• Sustrage informatii
• Posibilitatea accesului neautorizat la computer
Fisiere Se copiaza in urmatoarea locatie:
• %SYSDIR%ms%combinatie de doua caractere aleatoare%.exe
Sterge copia initiala a virusului.
Sunt create fisierele:
– c:b Analiza ulterioara a relevat ca si acest fisier este malware. Detectat ca: WORM/Febs.DLL1
– %SYSDIR%ms%combinatie de doua caractere aleatoare%32.dll Fisierul este executat dupa ce a fost creat. Analiza ulterioara a relevat ca si acest fisier este malware. Detectat ca: WORM/Febs.DLL1
Incearca sa descarce cateva fisiere:
– Adresa este urmatoarea:
•
La momentul realizarii descrierii, acest fisier nu era disponibil pentru o analiza ulterioara.
Registrii sistemului Valorile urmatoarelor chei sunt sterse din registrii sistemului:
• HKLMSYSTEMCurrentControlSetServices.NET CLR DataFailureActions
• HKLMSYSTEMControlSet001Services.NET CLR DataFailureActions
• HKLMSYSTEMControlSet002Services.NET CLR DataFailureActions
• HKLMSYSTEMCurrentControlSetServices.NET CLR NetworkingFailureActions
• HKLMSYSTEMControlSet001Services.NET CLR NetworkingFailureActions
• HKLMSYSTEMControlSet002Services.NET CLR NetworkingFailureActions
• HKLMSYSTEMCurrentControlSetServices.NETFrameworkFailureActions
• HKLMSYSTEMControlSet001Services.NETFrameworkFailureActions
• HKLMSYSTEMControlSet002Services.NETFrameworkFailureActions
• HKLMSYSTEMCurrentControlSetServicesAbiosdskFailureActions
• HKLMSYSTEMControlSet001ServicesAbiosdskFailureActions
• HKLMSYSTEMControlSet002ServicesAbiosdskFailureActions
• HKLMSYSTEMCurrentControlSetServicesabp480n5FailureActions
• HKLMSYSTEMControlSet001Servicesabp480n5FailureActions
• HKLMSYSTEMControlSet002Servicesabp480n5FailureActions
• HKLMSYSTEMCurrentControlSetServicesACPIFailureActions
• HKLMSYSTEMControlSet001ServicesACPIFailureActions
• HKLMSYSTEMControlSet002ServicesACPIFailureActions
• HKLMSYSTEMCurrentControlSetServicesACPIECFailureActions
• HKLMSYSTEMControlSet001ServicesACPIECFailureActions
• HKLMSYSTEMControlSet002ServicesACPIECFailureActions
• HKLMSYSTEMCurrentControlSetServicesadpu160mFailureActions
• HKLMSYSTEMControlSet001Servicesadpu160mFailureActions
• HKLMSYSTEMControlSet002Servicesadpu160mFailureActions
• HKLMSYSTEMCurrentControlSetServicesAFDFailureActions
• HKLMSYSTEMControlSet001ServicesAFDFailureActions
• HKLMSYSTEMControlSet002ServicesAFDFailureActions
• HKLMSYSTEMCurrentControlSetServicesagp440FailureActions
• HKLMSYSTEMControlSet001Servicesagp440FailureActions
• HKLMSYSTEMControlSet002Servicesagp440FailureActions
• HKLMSYSTEMCurrentControlSetServicesAha154xFailureActions
• HKLMSYSTEMControlSet001ServicesAha154xFailureActions
• HKLMSYSTEMControlSet002ServicesAha154xFailureActions
• HKLMSYSTEMCurrentControlSetServicesaic78u2FailureActions
• HKLMSYSTEMControlSet001Servicesaic78u2FailureActions
• HKLMSYSTEMControlSet002Servicesaic78u2FailureActions
• HKLMSYSTEMCurrentControlSetServicesaic78xxFailureActions
• HKLMSYSTEMControlSet001Servicesaic78xxFailureActions
• HKLMSYSTEMControlSet002Servicesaic78xxFailureActions
• HKLMSYSTEMCurrentControlSetServicesAlerterFailureActions
• HKLMSYSTEMControlSet001ServicesAlerterFailureActions
• HKLMSYSTEMControlSet002ServicesAlerterFailureActions
• HKLMSYSTEMCurrentControlSetServicesALGFailureActions
• HKLMSYSTEMControlSet001ServicesALGFailureActions
• HKLMSYSTEMControlSet002ServicesALGFailureActions
• HKLMSYSTEMCurrentControlSetServicesAliIdeFailureActions
• HKLMSYSTEMControlSet001ServicesAliIdeFailureActions
• HKLMSYSTEMControlSet002ServicesAliIdeFailureActions
• HKLMSYSTEMCurrentControlSetServicesamsintFailureActions
• HKLMSYSTEMControlSet001ServicesamsintFailureActions
• HKLMSYSTEMControlSet002ServicesamsintFailureActions
• HKLMSYSTEMCurrentControlSetServicesAppMgmtFailureActions
• HKLMSYSTEMControlSet001ServicesAppMgmtFailureActions
• HKLMSYSTEMControlSet002ServicesAppMgmtFailureActions
• HKLMSYSTEMCurrentControlSetServicesascFailureActions
• HKLMSYSTEMControlSet001ServicesascFailureActions
• HKLMSYSTEMControlSet002ServicesascFailureActions
• HKLMSYSTEMCurrentControlSetServicesasc3350pFailureActions
• HKLMSYSTEMControlSet001Servicesasc3350pFailureActions
• HKLMSYSTEMControlSet002Servicesasc3350pFailureActions
• HKLMSYSTEMCurrentControlSetServicesasc3550FailureActions
• HKLMSYSTEMControlSet001Servicesasc3550FailureActions
• HKLMSYSTEMControlSet002Servicesasc3550FailureActions
• HKLMSYSTEMCurrentControlSetServicesAsyncMacFailureActions
• HKLMSYSTEMControlSet001ServicesAsyncMacFailureActions
• HKLMSYSTEMControlSet002ServicesAsyncMacFailureActions
• HKLMSYSTEMCurrentControlSetServicesatapiFailureActions
• HKLMSYSTEMControlSet001ServicesatapiFailureActions
• HKLMSYSTEMControlSet002ServicesatapiFailureActions
• HKLMSYSTEMCurrentControlSetServicesAtdiskFailureActions
• HKLMSYSTEMControlSet001ServicesAtdiskFailureActions
• HKLMSYSTEMControlSet002ServicesAtdiskFailureActions
• HKLMSYSTEMCurrentControlSetServicesAtmarpcFailureActions
• HKLMSYSTEMControlSet001ServicesAtmarpcFailureActions
• HKLMSYSTEMControlSet002ServicesAtmarpcFailureActions
• HKLMSYSTEMCurrentControlSetServicesATSFailureActions
• HKLMSYSTEMControlSet001ServicesATSFailureActions
• HKLMSYSTEMControlSet002ServicesATSFailureActions
• HKLMSYSTEMCurrentControlSetServicesAudioSrvFailureActions
• HKLMSYSTEMControlSet001ServicesAudioSrvFailureActions
• HKLMSYSTEMControlSet002ServicesAudioSrvFailureActions
• HKLMSYSTEMCurrentControlSetServicesaudstubFailureActions
• HKLMSYSTEMControlSet001ServicesaudstubFailureActions
• HKLMSYSTEMControlSet002ServicesaudstubFailureActions
• HKLMSYSTEMCurrentControlSetServicesBattCFailureActions
• HKLMSYSTEMControlSet001ServicesBattCFailureActions
• HKLMSYSTEMControlSet002ServicesBattCFailureActions
• HKLMSYSTEMCurrentControlSetServicesBeepFailureActions
• HKLMSYSTEMControlSet001ServicesBeepFailureActions
• HKLMSYSTEMControlSet002ServicesBeepFailureActions
• HKLMSYSTEMCurrentControlSetServicesBITSFailureActions
• HKLMSYSTEMControlSet001ServicesBITSFailureActions
• HKLMSYSTEMControlSet002ServicesBITSFailureActions
• HKLMSYSTEMCurrentControlSetServicesBrowserFailureActions
• HKLMSYSTEMControlSet001ServicesBrowserFailureActions
• HKLMSYSTEMControlSet002ServicesBrowserFailureActions
• HKLMSYSTEMCurrentControlSetServicescbidf2kFailureActions
• HKLMSYSTEMControlSet001Servicescbidf2kFailureActions
• HKLMSYSTEMControlSet002Servicescbidf2kFailureActions
• HKLMSYSTEMCurrentControlSetServicescd20xrntFailureActions
• HKLMSYSTEMControlSet001Servicescd20xrntFailureActions
• HKLMSYSTEMControlSet002Servicescd20xrntFailureActions
• HKLMSYSTEMCurrentControlSetServicesCdaudioFailureActions
• HKLMSYSTEMControlSet001ServicesCdaudioFailureActions
• HKLMSYSTEMControlSet002ServicesCdaudioFailureActions
• HKLMSYSTEMCurrentControlSetServicesCdfsFailureActions
• HKLMSYSTEMControlSet001ServicesCdfsFailureActions
• HKLMSYSTEMControlSet002ServicesCdfsFailureActions
• HKLMSYSTEMCurrentControlSetServicesCdromFailureActions
• HKLMSYSTEMControlSet001ServicesCdromFailureActions
• HKLMSYSTEMControlSet002ServicesCdromFailureActions
• HKLMSYSTEMCurrentControlSetServicesChangerFailureActions
• HKLMSYSTEMControlSet001ServicesChangerFailureActions
• HKLMSYSTEMControlSet002ServicesChangerFailureActions
• HKLMSYSTEMCurrentControlSetServicescisvcFailureActions
• HKLMSYSTEMControlSet001ServicescisvcFailureActions
• HKLMSYSTEMControlSet002ServicescisvcFailureActions
• HKLMSYSTEMCurrentControlSetServicesClipSrvFailureActions
• HKLMSYSTEMControlSet001ServicesClipSrvFailureActions
• HKLMSYSTEMControlSet002ServicesClipSrvFailureActions
• HKLMSYSTEMCurrentControlSetServicesCmdIdeFailureActions
• HKLMSYSTEMControlSet001ServicesCmdIdeFailureActions
• HKLMSYSTEMControlSet002ServicesCmdIdeFailureActions
• HKLMSYSTEMCurrentControlSetServicesCOMSysAppFailureActions
• HKLMSYSTEMControlSet001ServicesCOMSysAppFailureActions
• HKLMSYSTEMControlSet002ServicesCOMSysAppFailureActions
• HKLMSYSTEMCurrentControlSetServicesContentFilterFailureActions
• HKLMSYSTEMControlSet001ServicesContentFilterFailureActions
• HKLMSYSTEMControlSet002ServicesContentFilterFailureActions
• HKLMSYSTEMCurrentControlSetServicesContentIndexFailureActions
• HKLMSYSTEMControlSet001ServicesContentIndexFailureActions
• HKLMSYSTEMControlSet002ServicesContentIndexFailureActions
• HKLMSYSTEMCurrentControlSetServicesCpqarrayFailureActions
• HKLMSYSTEMControlSet001ServicesCpqarrayFailureActions
• HKLMSYSTEMControlSet002ServicesCpqarrayFailureActions
• HKLMSYSTEMCurrentControlSetServicesCryptSvcFailureActions
• HKLMSYSTEMControlSet001ServicesCryptSvcFailureActions
• HKLMSYSTEMControlSet002ServicesCryptSvcFailureActions
• HKLMSYSTEMCurrentControlSetServicesdac2w2kFailureActions
• HKLMSYSTEMControlSet001Servicesdac2w2kFailureActions
• HKLMSYSTEMControlSet002Servicesdac2w2kFailureActions
• HKLMSYSTEMCurrentControlSetServicesdac960ntFailureActions
• HKLMSYSTEMControlSet001Servicesdac960ntFailureActions
• HKLMSYSTEMControlSet002Servicesdac960ntFailureActions
• HKLMSYSTEMCurrentControlSetServicesDhcpFailureActions
• HKLMSYSTEMControlSet001ServicesDhcpFailureActions
• HKLMSYSTEMControlSet002ServicesDhcpFailureActions
• HKLMSYSTEMCurrentControlSetServicesDiskFailureActions
• HKLMSYSTEMControlSet001ServicesDiskFailureActions
• HKLMSYSTEMControlSet002ServicesDiskFailureActions
• HKLMSYSTEMCurrentControlSetServicesdmadminFailureActions
• HKLMSYSTEMControlSet001ServicesdmadminFailureActions
• HKLMSYSTEMControlSet002ServicesdmadminFailureActions
• HKLMSYSTEMCurrentControlSetServicesdmbootFailureActions
• HKLMSYSTEMControlSet001ServicesdmbootFailureActions
• HKLMSYSTEMControlSet002ServicesdmbootFailureActions
• HKLMSYSTEMCurrentControlSetServicesdmioFailureActions
• HKLMSYSTEMControlSet001ServicesdmioFailureActions
• HKLMSYSTEMControlSet002ServicesdmioFailureActions
• HKLMSYSTEMCurrentControlSetServicesdmloadFailureActions
• HKLMSYSTEMControlSet001ServicesdmloadFailureActions
• HKLMSYSTEMControlSet002ServicesdmloadFailureActions
• HKLMSYSTEMCurrentControlSetServicesdmserverFailureActions
• HKLMSYSTEMControlSet001ServicesdmserverFailureActions
• HKLMSYSTEMControlSet002ServicesdmserverFailureActions
• HKLMSYSTEMCurrentControlSetServicesDnscacheFailureActions
• HKLMSYSTEMControlSet001ServicesDnscacheFailureActions
• HKLMSYSTEMControlSet002ServicesDnscacheFailureActions
• HKLMSYSTEMCurrentControlSetServicesdpti2oFailureActions
• HKLMSYSTEMControlSet001Servicesdpti2oFailureActions
• HKLMSYSTEMControlSet002Servicesdpti2oFailureActions
• HKLMSYSTEMCurrentControlSetServicesERSvcFailureActions
• HKLMSYSTEMControlSet001ServicesERSvcFailureActions
• HKLMSYSTEMControlSet002ServicesERSvcFailureActions
• HKLMSYSTEMCurrentControlSetServicesEventlogFailureActions
• HKLMSYSTEMControlSet001ServicesEventlogFailureActions
• HKLMSYSTEMControlSet002ServicesEventlogFailureActions
• HKLMSYSTEMCurrentControlSetServicesEventSystemFailureActions
• HKLMSYSTEMControlSet001ServicesEventSystemFailureActions
• HKLMSYSTEMControlSet002ServicesEventSystemFailureActions
• HKLMSYSTEMCurrentControlSetServicesFastfatFailureActions
• HKLMSYSTEMControlSet001ServicesFastfatFailureActions
• HKLMSYSTEMControlSet002ServicesFastfatFailureActions
• HKLMSYSTEMCurrentControlSetServicesFastUserSwitchingCompatibilityFailureActions
• HKLMSYSTEMControlSet001ServicesFastUserSwitchingCompatibilityFailureActions
• HKLMSYSTEMControlSet002ServicesFastUserSwitchingCompatibilityFailureActions
• HKLMSYSTEMCurrentControlSetServicesFdcFailureActions
• HKLMSYSTEMControlSet001ServicesFdcFailureActions
• HKLMSYSTEMControlSet002ServicesFdcFailureActions
• HKLMSYSTEMCurrentControlSetServicesFipsFailureActions
• HKLMSYSTEMControlSet001ServicesFipsFailureActions
• HKLMSYSTEMControlSet002ServicesFipsFailureActions
• HKLMSYSTEMCurrentControlSetServicesFlpydiskFailureActions
• HKLMSYSTEMControlSet001ServicesFlpydiskFailureActions
• HKLMSYSTEMControlSet002ServicesFlpydiskFailureActions
• HKLMSYSTEMCurrentControlSetServicesFs_RecFailureActions
• HKLMSYSTEMControlSet001ServicesFs_RecFailureActions
• HKLMSYSTEMControlSet002ServicesFs_RecFailureActions
• HKLMSYSTEMCurrentControlSetServicesFtdiskFailureActions
• HKLMSYSTEMControlSet001ServicesFtdiskFailureActions
• HKLMSYSTEMControlSet002ServicesFtdiskFailureActions
• HKLMSYSTEMCurrentControlSetServicesFundeleteFailureActions
• HKLMSYSTEMControlSet001ServicesFundeleteFailureActions
• HKLMSYSTEMControlSet002ServicesFundeleteFailureActions
• HKLMSYSTEMCurrentControlSetServicesGpcFailureActions
• HKLMSYSTEMControlSet001ServicesGpcFailureActions
• HKLMSYSTEMControlSet002ServicesGpcFailureActions
• HKLMSYSTEMCurrentControlSetServiceshelpsvcFailureActions
• HKLMSYSTEMControlSet001ServiceshelpsvcFailureActions
• HKLMSYSTEMControlSet002ServiceshelpsvcFailureActions
• HKLMSYSTEMCurrentControlSetServiceshgfsFailureActions
• HKLMSYSTEMControlSet001ServiceshgfsFailureActions
• HKLMSYSTEMControlSet002ServiceshgfsFailureActions
• HKLMSYSTEMCurrentControlSetServicesHidServFailureActions
• HKLMSYSTEMControlSet001ServicesHidServFailureActions
• HKLMSYSTEMControlSet002ServicesHidServFailureActions
• HKLMSYSTEMCurrentControlSetServiceshpnFailureActions
• HKLMSYSTEMControlSet001ServiceshpnFailureActions
• HKLMSYSTEMControlSet002ServiceshpnFailureActions
• HKLMSYSTEMCurrentControlSetServiceshpt3xxFailureActions
• HKLMSYSTEMControlSet001Serviceshpt3xxFailureActions
• HKLMSYSTEMControlSet002Serviceshpt3xxFailureActions
• HKLMSYSTEMCurrentControlSetServicesi2omgmtFailureActions
• HKLMSYSTEMControlSet001Servicesi2omgmtFailureActions
• HKLMSYSTEMControlSet002Servicesi2omgmtFailureActions
• HKLMSYSTEMCurrentControlSetServicesi2ompFailureActions
• HKLMSYSTEMControlSet001Servicesi2ompFailureActions
• HKLMSYSTEMControlSet002Servicesi2ompFailureActions
• HKLMSYSTEMCurrentControlSetServicesi8042prtFailureActions
• HKLMSYSTEMControlSet001Servicesi8042prtFailureActions
• HKLMSYSTEMControlSet002Servicesi8042prtFailureActions
• HKLMSYSTEMCurrentControlSetServicesImapiFailureActions
• HKLMSYSTEMControlSet001ServicesImapiFailureActions
• HKLMSYSTEMControlSet002ServicesImapiFailureActions
• HKLMSYSTEMCurrentControlSetServicesImapiServiceFailureActions
• HKLMSYSTEMControlSet001ServicesImapiServiceFailureActions
• HKLMSYSTEMControlSet002ServicesImapiServiceFailureActions
• HKLMSYSTEMCurrentControlSetServicesinetaccsFailureActions
• HKLMSYSTEMControlSet001ServicesinetaccsFailureActions
• HKLMSYSTEMControlSet002ServicesinetaccsFailureActions
• HKLMSYSTEMCurrentControlSetServicesini910uFailureActions
• HKLMSYSTEMControlSet001Servicesini910uFailureActions
• HKLMSYSTEMControlSet002Servicesini910uFailureActions
• HKLMSYSTEMCurrentControlSetServicesInportFailureActions
• HKLMSYSTEMControlSet001ServicesInportFailureActions
• HKLMSYSTEMControlSet002ServicesInportFailureActions
• HKLMSYSTEMCurrentControlSetServicesIntelIdeFailureActions
• HKLMSYSTEMControlSet001ServicesIntelIdeFailureActions
• HKLMSYSTEMControlSet002ServicesIntelIdeFailureActions
• HKLMSYSTEMCurrentControlSetServicesIpFilterDriverFailureActions
• HKLMSYSTEMControlSet001ServicesIpFilterDriverFailureActions
• HKLMSYSTEMControlSet002ServicesIpFilterDriverFailureActions
• HKLMSYSTEMCurrentControlSetServicesIpInIpFailureActions
• HKLMSYSTEMControlSet001ServicesIpInIpFailureActions
• HKLMSYSTEMControlSet002ServicesIpInIpFailureActions
• HKLMSYSTEMCurrentControlSetServicesIpNatFailureActions
• HKLMSYSTEMControlSet001ServicesIpNatFailureActions
• HKLMSYSTEMControlSet002ServicesIpNatFailureActions
• HKLMSYSTEMCurrentControlSetServicesIPSecFailureActions
• HKLMSYSTEMControlSet001ServicesIPSecFailureActions
• HKLMSYSTEMControlSet002ServicesIPSecFailureActions
• HKLMSYSTEMCurrentControlSetServicesIRENUMFailureActions
• HKLMSYSTEMControlSet001ServicesIRENUMFailureActions
• HKLMSYSTEMControlSet002ServicesIRENUMFailureActions
• HKLMSYSTEMCurrentControlSetServicesISAPISearchFailureActions
• HKLMSYSTEMControlSet001ServicesISAPISearchFailureActions
• HKLMSYSTEMControlSet002ServicesISAPISearchFailureActions
• HKLMSYSTEMCurrentControlSetServicesisapnpFailureActions
• HKLMSYSTEMControlSet001ServicesisapnpFailureActions
• HKLMSYSTEMControlSet002ServicesisapnpFailureActions
• HKLMSYSTEMCurrentControlSetServicesKbdclassFailureActions
• HKLMSYSTEMControlSet001ServicesKbdclassFailureActions
• HKLMSYSTEMControlSet002ServicesKbdclassFailureActions
• HKLMSYSTEMCurrentControlSetServicesKSecDDFailureActions
• HKLMSYSTEMControlSet001ServicesKSecDDFailureActions
• HKLMSYSTEMControlSet002ServicesKSecDDFailureActions
• HKLMSYSTEMCurrentControlSetServiceslanmanserverFailureActions
• HKLMSYSTEMControlSet001ServiceslanmanserverFailureActions
• HKLMSYSTEMControlSet002ServiceslanmanserverFailureActions
• HKLMSYSTEMCurrentControlSetServiceslanmanworkstationFailureActions
• HKLMSYSTEMControlSet001ServiceslanmanworkstationFailureActions
• HKLMSYSTEMControlSet002ServiceslanmanworkstationFailureActions
• HKLMSYSTEMCurrentControlSetServiceslbrtfdcFailureActions
• HKLMSYSTEMControlSet001ServiceslbrtfdcFailureActions
• HKLMSYSTEMControlSet002ServiceslbrtfdcFailureActions
• HKLMSYSTEMCurrentControlSetServicesldapFailureActions
• HKLMSYSTEMControlSet001ServicesldapFailureActions
• HKLMSYSTEMControlSet002ServicesldapFailureActions
• HKLMSYSTEMCurrentControlSetServicesLicenseServiceFailureActions
• HKLMSYSTEMControlSet001ServicesLicenseServiceFailureActions
• HKLMSYSTEMControlSet002ServicesLicenseServiceFailureActions
• HKLMSYSTEMCurrentControlSetServicesLmHostsFailureActions
• HKLMSYSTEMControlSet001ServicesLmHostsFailureActions
• HKLMSYSTEMControlSet002ServicesLmHostsFailureActions
• HKLMSYSTEMCurrentControlSetServicesMessengerFailureActions
• HKLMSYSTEMControlSet001ServicesMessengerFailureActions
• HKLMSYSTEMControlSet002ServicesMessengerFailureActions
• HKLMSYSTEMCurrentControlSetServicesmnmddFailureActions
• HKLMSYSTEMControlSet001ServicesmnmddFailureActions
• HKLMSYSTEMControlSet002ServicesmnmddFailureActions
• HKLMSYSTEMCurrentControlSetServicesmnmsrvcFailureActions
• HKLMSYSTEMControlSet001ServicesmnmsrvcFailureActions
• HKLMSYSTEMControlSet002ServicesmnmsrvcFailureActions
• HKLMSYSTEMCurrentControlSetServicesModemFailureActions
• HKLMSYSTEMControlSet001ServicesModemFailureActions
• HKLMSYSTEMControlSet002ServicesModemFailureActions
• HKLMSYSTEMCurrentControlSetServicesMouclassFailureActions
• HKLMSYSTEMControlSet001ServicesMouclassFailureActions
• HKLMSYSTEMControlSet002ServicesMouclassFailureActions
• HKLMSYSTEMCurrentControlSetServicesMountMgrFailureActions
• HKLMSYSTEMControlSet001ServicesMountMgrFailureActions
• HKLMSYSTEMControlSet002ServicesMountMgrFailureActions
• HKLMSYSTEMCurrentControlSetServicesmraid35xFailureActions
• HKLMSYSTEMControlSet001Servicesmraid35xFailureActions
• HKLMSYSTEMControlSet002Servicesmraid35xFailureActions
• HKLMSYSTEMCurrentControlSetServicesMRxDAVFailureActions
• HKLMSYSTEMControlSet001ServicesMRxDAVFailureActions
• HKLMSYSTEMControlSet002ServicesMRxDAVFailureActions
• HKLMSYSTEMCurrentControlSetServicesMRxSmbFailureActions
• HKLMSYSTEMControlSet001ServicesMRxSmbFailureActions
• HKLMSYSTEMControlSet002ServicesMRxSmbFailureActions
• HKLMSYSTEMCurrentControlSetServicesMSDTCFailureActions
• HKLMSYSTEMControlSet001ServicesMSDTCFailureActions
• HKLMSYSTEMControlSet002ServicesMSDTCFailureActions
• HKLMSYSTEMCurrentControlSetServicesMsfsFailureActions
• HKLMSYSTEMControlSet001ServicesMsfsFailureActions
• HKLMSYSTEMControlSet002ServicesMsfsFailureActions
• HKLMSYSTEMCurrentControlSetServicesMSIServerFailureActions
• HKLMSYSTEMControlSet001ServicesMSIServerFailureActions
• HKLMSYSTEMControlSet002ServicesMSIServerFailureActions
• HKLMSYSTEMCurrentControlSetServicesmsServerFormFailureActions
• HKLMSYSTEMControlSet001ServicesmsServerFormFailureActions
• HKLMSYSTEMControlSet002ServicesmsServerFormFailureActions
• HKLMSYSTEMCurrentControlSetServicesMupFailureActions
• HKLMSYSTEMControlSet001ServicesMupFailureActions
• HKLMSYSTEMControlSet002ServicesMupFailureActions
• HKLMSYSTEMCurrentControlSetServicesNDISFailureActions
• HKLMSYSTEMControlSet001ServicesNDISFailureActions
• HKLMSYSTEMControlSet002ServicesNDISFailureActions
• HKLMSYSTEMCurrentControlSetServicesNdisTapiFailureActions
• HKLMSYSTEMControlSet001ServicesNdisTapiFailureActions
• HKLMSYSTEMControlSet002ServicesNdisTapiFailureActions
• HKLMSYSTEMCurrentControlSetServicesNdisuioFailureActions
• HKLMSYSTEMControlSet001ServicesNdisuioFailureActions
• HKLMSYSTEMControlSet002ServicesNdisuioFailureActions
• HKLMSYSTEMCurrentControlSetServicesNdisWanFailureActions
• HKLMSYSTEMControlSet001ServicesNdisWanFailureActions
• HKLMSYSTEMControlSet002ServicesNdisWanFailureActions
• HKLMSYSTEMCurrentControlSetServicesNDProxyFailureActions
• HKLMSYSTEMControlSet001ServicesNDProxyFailureActions
• HKLMSYSTEMControlSet002ServicesNDProxyFailureActions
• HKLMSYSTEMCurrentControlSetServicesNetBIOSFailureActions
• HKLMSYSTEMControlSet001ServicesNetBIOSFailureActions
• HKLMSYSTEMControlSet002ServicesNetBIOSFailureActions
• HKLMSYSTEMCurrentControlSetServicesNetBTFailureActions
• HKLMSYSTEMControlSet001ServicesNetBTFailureActions
• HKLMSYSTEMControlSet002ServicesNetBTFailureActions
• HKLMSYSTEMCurrentControlSetServicesNetDDEFailureActions
• HKLMSYSTEMControlSet001ServicesNetDDEFailureActions
• HKLMSYSTEMControlSet002ServicesNetDDEFailureActions
• HKLMSYSTEMCurrentControlSetServicesNetDDEdsdmFailureActions
• HKLMSYSTEMControlSet001ServicesNetDDEdsdmFailureActions
• HKLMSYSTEMControlSet002ServicesNetDDEdsdmFailureActions
• HKLMSYSTEMCurrentControlSetServicesNetlogonFailureActions
• HKLMSYSTEMControlSet001ServicesNetlogonFailureActions
• HKLMSYSTEMControlSet002ServicesNetlogonFailureActions
• HKLMSYSTEMCurrentControlSetServicesNetmanFailureActions
• HKLMSYSTEMControlSet001ServicesNetmanFailureActions
• HKLMSYSTEMControlSet002ServicesNetmanFailureActions
• HKLMSYSTEMCurrentControlSetServicesNlaFailureActions
• HKLMSYSTEMControlSet001ServicesNlaFailureActions
• HKLMSYSTEMControlSet002ServicesNlaFailureActions
• HKLMSYSTEMCurrentControlSetServicesnmFailureActions
• HKLMSYSTEMControlSet001ServicesnmFailureActions
• HKLMSYSTEMControlSet002ServicesnmFailureActions
• HKLMSYSTEMCurrentControlSetServicesNPFFailureActions
• HKLMSYSTEMControlSet001ServicesNPFFailureActions
• HKLMSYSTEMControlSet002ServicesNPFFailureActions
• HKLMSYSTEMCurrentControlSetServicesNpfsFailureActions
• HKLMSYSTEMControlSet001ServicesNpfsFailureActions
• HKLMSYSTEMControlSet002ServicesNpfsFailureActions
• HKLMSYSTEMCurrentControlSetServicesNtfsFailureActions
• HKLMSYSTEMControlSet001ServicesNtfsFailureActions
• HKLMSYSTEMControlSet002ServicesNtfsFailureActions
• HKLMSYSTEMCurrentControlSetServicesNtLmSspFailureActions
• HKLMSYSTEMControlSet001ServicesNtLmSspFailureActions
• HKLMSYSTEMControlSet002ServicesNtLmSspFailureActions
• HKLMSYSTEMCurrentControlSetServicesNtmsSvcFailureActions
• HKLMSYSTEMControlSet001ServicesNtmsSvcFailureActions
• HKLMSYSTEMControlSet002ServicesNtmsSvcFailureActions
• HKLMSYSTEMCurrentControlSetServicesNullFailureActions
• HKLMSYSTEMControlSet001ServicesNullFailureActions
• HKLMSYSTEMControlSet002ServicesNullFailureActions
• HKLMSYSTEMCurrentControlSetServicesNwlnkFltFailureActions
• HKLMSYSTEMControlSet001ServicesNwlnkFltFailureActions
• HKLMSYSTEMControlSet002ServicesNwlnkFltFailureActions
• HKLMSYSTEMCurrentControlSetServicesNwlnkFwdFailureActions
• HKLMSYSTEMControlSet001ServicesNwlnkFwdFailureActions
• HKLMSYSTEMControlSet002ServicesNwlnkFwdFailureActions
• HKLMSYSTEMCurrentControlSetServicesParportFailureActions
• HKLMSYSTEMControlSet001ServicesParportFailureActions
• HKLMSYSTEMControlSet002ServicesParportFailureActions
• HKLMSYSTEMCurrentControlSetServicesPartMgrFailureActions
• HKLMSYSTEMControlSet001ServicesPartMgrFailureActions
• HKLMSYSTEMControlSet002ServicesPartMgrFailureActions
• HKLMSYSTEMCurrentControlSetServicesParVdmFailureActions
• HKLMSYSTEMControlSet001ServicesParVdmFailureActions
• HKLMSYSTEMControlSet002ServicesParVdmFailureActions
• HKLMSYSTEMCurrentControlSetServicesPCIFailureActions
• HKLMSYSTEMControlSet001ServicesPCIFailureActions
• HKLMSYSTEMControlSet002ServicesPCIFailureActions
• HKLMSYSTEMCurrentControlSetServicesPCIDumpFailureActions
• HKLMSYSTEMControlSet001ServicesPCIDumpFailureActions
• HKLMSYSTEMControlSet002ServicesPCIDumpFailureActions
• HKLMSYSTEMCurrentControlSetServicesPCIIdeFailureActions
• HKLMSYSTEMControlSet001ServicesPCIIdeFailureActions
• HKLMSYSTEMControlSet002ServicesPCIIdeFailureActions
• HKLMSYSTEMCurrentControlSetServicesPcmciaFailureActions
• HKLMSYSTEMControlSet001ServicesPcmciaFailureActions
• HKLMSYSTEMControlSet002ServicesPcmciaFailureActions
• HKLMSYSTEMCurrentControlSetServicesPCnetFailureActions
• HKLMSYSTEMControlSet001ServicesPCnetFailureActions
• HKLMSYSTEMControlSet002ServicesPCnetFailureActions
• HKLMSYSTEMCurrentControlSetServicesPDCOMPFailureActions
• HKLMSYSTEMControlSet001ServicesPDCOMPFailureActions
• HKLMSYSTEMControlSet002ServicesPDCOMPFailureActions
• HKLMSYSTEMCurrentControlSetServicesPDFRAMEFailureActions
• HKLMSYSTEMControlSet001ServicesPDFRAMEFailureActions
• HKLMSYSTEMControlSet002ServicesPDFRAMEFailureActions
• HKLMSYSTEMCurrentControlSetServicesPDRELIFailureActions
• HKLMSYSTEMControlSet001ServicesPDRELIFailureActions
• HKLMSYSTEMControlSet002ServicesPDRELIFailureActions
• HKLMSYSTEMCurrentControlSetServicesPDRFRAMEFailureActions
• HKLMSYSTEMControlSet001ServicesPDRFRAMEFailureActions
• HKLMSYSTEMControlSet002ServicesPDRFRAMEFailureActions
• HKLMSYSTEMCurrentControlSetServicesperc2FailureActions
• HKLMSYSTEMControlSet001Servicesperc2FailureActions
• HKLMSYSTEMControlSet002Servicesperc2FailureActions
• HKLMSYSTEMCurrentControlSetServicesperc2hibFailureActions
• HKLMSYSTEMControlSet001Servicesperc2hibFailureActions
• HKLMSYSTEMControlSet002Servicesperc2hibFailureActions
• HKLMSYSTEMCurrentControlSetServicesPerfDiskFailureActions
• HKLMSYSTEMControlSet001ServicesPerfDiskFailureActions
• HKLMSYSTEMControlSet002ServicesPerfDiskFailureActions
• HKLMSYSTEMCurrentControlSetServicesPerfNetFailureActions
• HKLMSYSTEMControlSet001ServicesPerfNetFailureActions
• HKLMSYSTEMControlSet002ServicesPerfNetFailureActions
• HKLMSYSTEMCurrentControlSetServicesPerfOSFailureActions
• HKLMSYSTEMControlSet001ServicesPerfOSFailureActions
• HKLMSYSTEMControlSet002ServicesPerfOSFailureActions
• HKLMSYSTEMCurrentControlSetServicesPerfProcFailureActions
• HKLMSYSTEMControlSet001ServicesPerfProcFailureActions
• HKLMSYSTEMControlSet002ServicesPerfProcFailureActions
• HKLMSYSTEMCurrentControlSetServicesPlugPlayFailureActions
• HKLMSYSTEMControlSet001ServicesPlugPlayFailureActions
• HKLMSYSTEMControlSet002ServicesPlugPlayFailureActions
• HKLMSYSTEMCurrentControlSetServicesPolicyAgentFailureActions
• HKLMSYSTEMControlSet001ServicesPolicyAgentFailureActions
• HKLMSYSTEMControlSet002ServicesPolicyAgentFailureActions
• HKLMSYSTEMCurrentControlSetServicesPptpMiniportFailureActions
• HKLMSYSTEMControlSet001ServicesPptpMiniportFailureActions
• HKLMSYSTEMControlSet002ServicesPptpMiniportFailureActions
• HKLMSYSTEMCurrentControlSetServicesProcessorFailureActions
• HKLMSYSTEMControlSet001ServicesProcessorFailureActions
• HKLMSYSTEMControlSet002ServicesProcessorFailureActions
• HKLMSYSTEMCurrentControlSetServicesProtectedStorageFailureActions
• HKLMSYSTEMControlSet001ServicesProtectedStorageFailureActions
• HKLMSYSTEMControlSet002ServicesProtectedStorageFailureActions
• HKLMSYSTEMCurrentControlSetServicesPSSdk21FailureActions
• HKLMSYSTEMControlSet001ServicesPSSdk21FailureActions
• HKLMSYSTEMCurrentControlSetServicesPtilinkFailureActions
• HKLMSYSTEMControlSet001ServicesPtilinkFailureActions
• HKLMSYSTEMControlSet002ServicesPtilinkFailureActions
• HKLMSYSTEMCurrentControlSetServicesql1080FailureActions
• HKLMSYSTEMControlSet001Servicesql1080FailureActions
• HKLMSYSTEMControlSet002Servicesql1080FailureActions
• HKLMSYSTEMCurrentControlSetServicesQl10wntFailureActions
• HKLMSYSTEMControlSet001ServicesQl10wntFailureActions
• HKLMSYSTEMControlSet002ServicesQl10wntFailureActions
• HKLMSYSTEMCurrentControlSetServicesql12160FailureActions
• HKLMSYSTEMControlSet001Servicesql12160FailureActions
• HKLMSYSTEMControlSet002Servicesql12160FailureActions
• HKLMSYSTEMCurrentControlSetServicesql1240FailureActions
• HKLMSYSTEMControlSet001Servicesql1240FailureActions
• HKLMSYSTEMControlSet002Servicesql1240FailureActions
• HKLMSYSTEMCurrentControlSetServicesql1280FailureActions
• HKLMSYSTEMControlSet001Servicesql1280FailureActions
• HKLMSYSTEMControlSet002Servicesql1280FailureActions
• HKLMSYSTEMCurrentControlSetServicesRasAcdFailureActions
• HKLMSYSTEMControlSet001ServicesRasAcdFailureActions
• HKLMSYSTEMControlSet002ServicesRasAcdFailureActions
• HKLMSYSTEMCurrentControlSetServicesRasAutoFailureActions
• HKLMSYSTEMControlSet001ServicesRasAutoFailureActions
• HKLMSYSTEMControlSet002ServicesRasAutoFailureActions
• HKLMSYSTEMCurrentControlSetServicesRasl2tpFailureActions
• HKLMSYSTEMControlSet001ServicesRasl2tpFailureActions
• HKLMSYSTEMControlSet002ServicesRasl2tpFailureActions
• HKLMSYSTEMCurrentControlSetServicesRasManFailureActions
• HKLMSYSTEMControlSet001ServicesRasManFailureActions
• HKLMSYSTEMControlSet002ServicesRasManFailureActions
• HKLMSYSTEMCurrentControlSetServicesRasPppoeFailureActions
• HKLMSYSTEMControlSet001ServicesRasPppoeFailureActions
• HKLMSYSTEMControlSet002ServicesRasPppoeFailureActions
• HKLMSYSTEMCurrentControlSetServicesRasptiFailureActions
• HKLMSYSTEMControlSet001ServicesRasptiFailureActions
• HKLMSYSTEMControlSet002ServicesRasptiFailureActions
• HKLMSYSTEMCurrentControlSetServicesRdbssFailureActions
• HKLMSYSTEMControlSet001ServicesRdbssFailureActions
• HKLMSYSTEMControlSet002ServicesRdbssFailureActions
• HKLMSYSTEMCurrentControlSetServicesRDPCDDFailureActions
• HKLMSYSTEMControlSet001ServicesRDPCDDFailureActions
• HKLMSYSTEMControlSet002ServicesRDPCDDFailureActions
• HKLMSYSTEMCurrentControlSetServicesRDPDDFailureActions
• HKLMSYSTEMControlSet001ServicesRDPDDFailureActions
• HKLMSYSTEMControlSet002ServicesRDPDDFailureActions
• HKLMSYSTEMCurrentControlSetServicesrdpdrFailureActions
• HKLMSYSTEMControlSet001ServicesrdpdrFailureActions
• HKLMSYSTEMControlSet002ServicesrdpdrFailureActions
• HKLMSYSTEMCurrentControlSetServicesRDPNPFailureActions
• HKLMSYSTEMControlSet001ServicesRDPNPFailureActions
• HKLMSYSTEMControlSet002ServicesRDPNPFailureActions
• HKLMSYSTEMCurrentControlSetServicesRDPWDFailureActions
• HKLMSYSTEMControlSet001ServicesRDPWDFailureActions
• HKLMSYSTEMControlSet002ServicesRDPWDFailureActions
• HKLMSYSTEMCurrentControlSetServicesRDSessMgrFailureActions
• HKLMSYSTEMControlSet001ServicesRDSessMgrFailureActions
• HKLMSYSTEMControlSet002ServicesRDSessMgrFailureActions
• HKLMSYSTEMCurrentControlSetServicesredbookFailureActions
• HKLMSYSTEMControlSet001ServicesredbookFailureActions
• HKLMSYSTEMControlSet002ServicesredbookFailureActions
• HKLMSYSTEMCurrentControlSetServicesRemoteAccessFailureActions
• HKLMSYSTEMControlSet001ServicesRemoteAccessFailureActions
• HKLMSYSTEMControlSet002ServicesRemoteAccessFailureActions
• HKLMSYSTEMCurrentControlSetServicesRemoteRegistryFailureActions
• HKLMSYSTEMControlSet001ServicesRemoteRegistryFailureActions
• HKLMSYSTEMControlSet002ServicesRemoteRegistryFailureActions
• HKLMSYSTEMCurrentControlSetServicesrpcapdFailureActions
• HKLMSYSTEMControlSet001ServicesrpcapdFailureActions
• HKLMSYSTEMControlSet002ServicesrpcapdFailureActions
• HKLMSYSTEMCurrentControlSetServicesRpcLocatorFailureActions
• HKLMSYSTEMControlSet001ServicesRpcLocatorFailureActions
• HKLMSYSTEMControlSet002ServicesRpcLocatorFailureActions
• HKLMSYSTEMCurrentControlSetServicesRpcSsFailureActions
• HKLMSYSTEMControlSet001ServicesRpcSsFailureActions
• HKLMSYSTEMControlSet002ServicesRpcSsFailureActions
• HKLMSYSTEMCurrentControlSetServicesRSVPFailureActions
• HKLMSYSTEMControlSet001ServicesRSVPFailureActions
• HKLMSYSTEMControlSet002ServicesRSVPFailureActions
• HKLMSYSTEMCurrentControlSetServicesSamSsFailureActions
• HKLMSYSTEMControlSet001ServicesSamSsFailureActions
• HKLMSYSTEMControlSet002ServicesSamSsFailureActions
• HKLMSYSTEMCurrentControlSetServicesSCardDrvFailureActions
• HKLMSYSTEMControlSet001ServicesSCardDrvFailureActions
• HKLMSYSTEMControlSet002ServicesSCardDrvFailureActions
• HKLMSYSTEMCurrentControlSetServicesSCardSvrFailureActions
• HKLMSYSTEMControlSet001ServicesSCardSvrFailureActions
• HKLMSYSTEMControlSet002ServicesSCardSvrFailureActions
• HKLMSYSTEMCurrentControlSetServicesScheduleFailureActions
• HKLMSYSTEMControlSet001ServicesScheduleFailureActions
• HKLMSYSTEMControlSet002ServicesScheduleFailureActions
• HKLMSYSTEMCurrentControlSetServicesSecdrvFailureActions
• HKLMSYSTEMControlSet001ServicesSecdrvFailureActions
• HKLMSYSTEMControlSet002ServicesSecdrvFailureActions
• HKLMSYSTEMCurrentControlSetServicesseclogonFailureActions
• HKLMSYSTEMControlSet001ServicesseclogonFailureActions
• HKLMSYSTEMControlSet002ServicesseclogonFailureActions
• HKLMSYSTEMCurrentControlSetServicesSENSFailureActions
• HKLMSYSTEMControlSet001ServicesSENSFailureActions
• HKLMSYSTEMControlSet002ServicesSENSFailureActions
• HKLMSYSTEMCurrentControlSetServicesserenumFailureActions
• HKLMSYSTEMControlSet001ServicesserenumFailureActions
• HKLMSYSTEMControlSet002ServicesserenumFailureActions
• HKLMSYSTEMCurrentControlSetServicesSerialFailureActions
• HKLMSYSTEMControlSet001ServicesSerialFailureActions
• HKLMSYSTEMControlSet002ServicesSerialFailureActions
• HKLMSYSTEMCurrentControlSetServicesSfloppyFailureActions
• HKLMSYSTEMControlSet001ServicesSfloppyFailureActions
• HKLMSYSTEMControlSet002ServicesSfloppyFailureActions
• HKLMSYSTEMCurrentControlSetServicesSharedAccessFailureActions
• HKLMSYSTEMControlSet001ServicesSharedAccessFailureActions
• HKLMSYSTEMControlSet002ServicesSharedAccessFailureActions
• HKLMSYSTEMCurrentControlSetServicesShellHWDetectionFailureActions
• HKLMSYSTEMControlSet001ServicesShellHWDetectionFailureActions
• HKLMSYSTEMControlSet002ServicesShellHWDetectionFailureActions
• HKLMSYSTEMCurrentControlSetServicesSimbadFailureActions
• HKLMSYSTEMControlSet001ServicesSimbadFailureActions
• HKLMSYSTEMControlSet002ServicesSimbadFailureActions
• HKLMSYSTEMCurrentControlSetServicesSparrowFailureActions
• HKLMSYSTEMControlSet001ServicesSparrowFailureActions
• HKLMSYSTEMControlSet002ServicesSparrowFailureActions
• HKLMSYSTEMCurrentControlSetServicesSpoolerFailureActions
• HKLMSYSTEMControlSet001ServicesSpoolerFailureActions
• HKLMSYSTEMControlSet002ServicesSpoolerFailureActions
• HKLMSYSTEMCurrentControlSetServicessrFailureActions
• HKLMSYSTEMControlSet001ServicessrFailureActions
• HKLMSYSTEMControlSet002ServicessrFailureActions
• HKLMSYSTEMCurrentControlSetServicessrserviceFailureActions
• HKLMSYSTEMControlSet001ServicessrserviceFailureActions
• HKLMSYSTEMControlSet002ServicessrserviceFailureActions
• HKLMSYSTEMCurrentControlSetServicesSrvFailureActions
• HKLMSYSTEMControlSet001ServicesSrvFailureActions
• HKLMSYSTEMControlSet002ServicesSrvFailureActions
• HKLMSYSTEMCurrentControlSetServicesSSDPSRVFailureActions
• HKLMSYSTEMControlSet001ServicesSSDPSRVFailureActions
• HKLMSYSTEMControlSet002ServicesSSDPSRVFailureActions
• HKLMSYSTEMCurrentControlSetServicesstisvcFailureActions
• HKLMSYSTEMControlSet001ServicesstisvcFailureActions
• HKLMSYSTEMControlSet002ServicesstisvcFailureActions
• HKLMSYSTEMCurrentControlSetServicesswenumFailureActions
• HKLMSYSTEMControlSet001ServicesswenumFailureActions
• HKLMSYSTEMControlSet002ServicesswenumFailureActions
• HKLMSYSTEMCurrentControlSetServicesSwPrvFailureActions
• HKLMSYSTEMControlSet001ServicesSwPrvFailureActions
• HKLMSYSTEMControlSet002ServicesSwPrvFailureActions
• HKLMSYSTEMCurrentControlSetServicessymc810FailureActions
• HKLMSYSTEMControlSet001Servicessymc810FailureActions
• HKLMSYSTEMControlSet002Servicessymc810FailureActions
• HKLMSYSTEMCurrentControlSetServicessymc8xxFailureActions
• HKLMSYSTEMControlSet001Servicessymc8xxFailureActions
• HKLMSYSTEMControlSet002Servicessymc8xxFailureActions
• HKLMSYSTEMCurrentControlSetServicessym_hiFailureActions
• HKLMSYSTEMControlSet001Servicessym_hiFailureActions
• HKLMSYSTEMControlSet002Servicessym_hiFailureActions
• HKLMSYSTEMCurrentControlSetServicessym_u3FailureActions
• HKLMSYSTEMControlSet001Servicessym_u3FailureActions
• HKLMSYSTEMControlSet002Servicessym_u3FailureActions
• HKLMSYSTEMCurrentControlSetServicesSysmonLogFailureActions
• HKLMSYSTEMControlSet001ServicesSysmonLogFailureActions
• HKLMSYSTEMControlSet002ServicesSysmonLogFailureActions
• HKLMSYSTEMCurrentControlSetServicesTapiSrvFailureActions
• HKLMSYSTEMControlSet001ServicesTapiSrvFailureActions
• HKLMSYSTEMControlSet002ServicesTapiSrvFailureActions
• HKLMSYSTEMCurrentControlSetServicesTcpipFailureActions
• HKLMSYSTEMControlSet001ServicesTcpipFailureActions
• HKLMSYSTEMControlSet002ServicesTcpipFailureActions
• HKLMSYSTEMCurrentControlSetServicesTDPIPEFailureActions
• HKLMSYSTEMControlSet001ServicesTDPIPEFailureActions
• HKLMSYSTEMControlSet002ServicesTDPIPEFailureActions
• HKLMSYSTEMCurrentControlSetServicesTDTCPFailureActions
• HKLMSYSTEMControlSet001ServicesTDTCPFailureActions
• HKLMSYSTEMControlSet002ServicesTDTCPFailureActions
• HKLMSYSTEMCurrentControlSetServicesTermDDFailureActions
• HKLMSYSTEMControlSet001ServicesTermDDFailureActions
• HKLMSYSTEMControlSet002ServicesTermDDFailureActions
• HKLMSYSTEMCurrentControlSetServicesTermServiceFailureActions
• HKLMSYSTEMControlSet001ServicesTermServiceFailureActions
• HKLMSYSTEMControlSet002ServicesTermServiceFailureActions
• HKLMSYSTEMCurrentControlSetServicesThemesFailureActions
• HKLMSYSTEMControlSet001ServicesThemesFailureActions
• HKLMSYSTEMControlSet002ServicesThemesFailureActions
• HKLMSYSTEMCurrentControlSetServicesTlntSvrFailureActions
• HKLMSYSTEMControlSet001ServicesTlntSvrFailureActions
• HKLMSYSTEMControlSet002ServicesTlntSvrFailureActions
• HKLMSYSTEMCurrentControlSetServicesTosIdeFailureActions
• HKLMSYSTEMControlSet001ServicesTosIdeFailureActions
• HKLMSYSTEMControlSet002ServicesTosIdeFailureActions
• HKLMSYSTEMCurrentControlSetServicesTrkWksFailureActions
• HKLMSYSTEMControlSet001ServicesTrkWksFailureActions
• HKLMSYSTEMControlSet002ServicesTrkWksFailureActions
• HKLMSYSTEMCurrentControlSetServicesTSDDDFailureActions
• HKLMSYSTEMControlSet001ServicesTSDDDFailureActions
• HKLMSYSTEMControlSet002ServicesTSDDDFailureActions
• HKLMSYSTEMCurrentControlSetServicesUdfsFailureActions
• HKLMSYSTEMControlSet001ServicesUdfsFailureActions
• HKLMSYSTEMControlSet002ServicesUdfsFailureActions
• HKLMSYSTEMCurrentControlSetServicesultraFailureActions
• HKLMSYSTEMControlSet001ServicesultraFailureActions
• HKLMSYSTEMControlSet002ServicesultraFailureActions
• HKLMSYSTEMCurrentControlSetServicesUpdateFailureActions
• HKLMSYSTEMControlSet001ServicesUpdateFailureActions
• HKLMSYSTEMControlSet002ServicesUpdateFailureActions
• HKLMSYSTEMCurrentControlSetServicesuploadmgrFailureActions
• HKLMSYSTEMControlSet001ServicesuploadmgrFailureActions
• HKLMSYSTEMControlSet002ServicesuploadmgrFailureActions
• HKLMSYSTEMCurrentControlSetServicesupnphostFailureActions
• HKLMSYSTEMControlSet001ServicesupnphostFailureActions
• HKLMSYSTEMControlSet002ServicesupnphostFailureActions
• HKLMSYSTEMCurrentControlSetServicesUPSFailureActions
• HKLMSYSTEMControlSet001ServicesUPSFailureActions
• HKLMSYSTEMControlSet002ServicesUPSFailureActions
• HKLMSYSTEMCurrentControlSetServicesusbhubFailureActions
• HKLMSYSTEMControlSet001ServicesusbhubFailureActions
• HKLMSYSTEMControlSet002ServicesusbhubFailureActions
• HKLMSYSTEMCurrentControlSetServicesusbuhciFailureActions
• HKLMSYSTEMControlSet001ServicesusbuhciFailureActions
• HKLMSYSTEMControlSet002ServicesusbuhciFailureActions
• HKLMSYSTEMCurrentControlSetServicesVgaSaveFailureActions
• HKLMSYSTEMControlSet001ServicesVgaSaveFailureActions
• HKLMSYSTEMControlSet002ServicesVgaSaveFailureActions
• HKLMSYSTEMCurrentControlSetServicesViaIdeFailureActions
• HKLMSYSTEMControlSet001ServicesViaIdeFailureActions
• HKLMSYSTEMControlSet002ServicesViaIdeFailureActions
• HKLMSYSTEMCurrentControlSetServicesvmmouseFailureActions
• HKLMSYSTEMControlSet001ServicesvmmouseFailureActions
• HKLMSYSTEMControlSet002ServicesvmmouseFailureActions
• HKLMSYSTEMCurrentControlSetServicesvmscsiFailureActions
• HKLMSYSTEMControlSet001ServicesvmscsiFailureActions
• HKLMSYSTEMControlSet002ServicesvmscsiFailureActions
• HKLMSYSTEMCurrentControlSetServicesVMToolsFailureActions
• HKLMSYSTEMControlSet001ServicesVMToolsFailureActions
• HKLMSYSTEMControlSet002ServicesVMToolsFailureActions
• HKLMSYSTEMCurrentControlSetServicesvmxnetFailureActions
• HKLMSYSTEMControlSet001ServicesvmxnetFailureActions
• HKLMSYSTEMControlSet002ServicesvmxnetFailureActions
• HKLMSYSTEMCurrentControlSetServicesvmx_svgaFailureActions
• HKLMSYSTEMControlSet001Servicesvmx_svgaFailureActions
• HKLMSYSTEMControlSet002Servicesvmx_svgaFailureActions
• HKLMSYSTEMCurrentControlSetServicesVolSnapFailureActions
• HKLMSYSTEMControlSet001ServicesVolSnapFailureActions
• HKLMSYSTEMControlSet002ServicesVolSnapFailureActions
• HKLMSYSTEMCurrentControlSetServicesVSSFailureActions
• HKLMSYSTEMControlSet001ServicesVSSFailureActions
• HKLMSYSTEMControlSet002ServicesVSSFailureActions
• HKLMSYSTEMCurrentControlSetServicesW32TimeFailureActions
• HKLMSYSTEMControlSet001ServicesW32TimeFailureActions
• HKLMSYSTEMControlSet002ServicesW32TimeFailureActions
• HKLMSYSTEMCurrentControlSetServicesW3SVCFailureActions
• HKLMSYSTEMControlSet001ServicesW3SVCFailureActions
• HKLMSYSTEMControlSet002ServicesW3SVCFailureActions
• HKLMSYSTEMCurrentControlSetServicesWanarpFailureActions
• HKLMSYSTEMControlSet001ServicesWanarpFailureActions
• HKLMSYSTEMControlSet002ServicesWanarpFailureActions
• HKLMSYSTEMCurrentControlSetServicesWDICAFailureActions
• HKLMSYSTEMControlSet001ServicesWDICAFailureActions
• HKLMSYSTEMControlSet002ServicesWDICAFailureActions
• HKLMSYSTEMCurrentControlSetServicesWebClientFailureActions
• HKLMSYSTEMControlSet001ServicesWebClientFailureActions
• HKLMSYSTEMControlSet002ServicesWebClientFailureActions
• HKLMSYSTEMCurrentControlSetServiceswinmgmtFailureA
[sursa aviara.com]
|
|
| pus acum 18 ani |
|
|
Y2K`
Elite Member
Din: 666
Inregistrat: acum 18 ani
Postari: 970
|
|
Worm/Feebs.1.Gen.5
Nume: Worm/Feebs.1.Gen.5
Descoperit pe data de: 03/04/2006
Tip: Vierme
ITW: Nu
Numar infectii raportate: Scazut
Potential de raspandire: Mediu spre ridicat
Potential de distrugere: Mediu
Fisier static: Da
Marime: 59.516 Bytes
MD5: 704af131c0b9c7b9aff9d3a34249bdbb
Versiune VDF: 6.34.00.132
Versiune IVDF: 6.34.00.134
General Metode de raspandire:
• Email
• Peer to Peer
Alias:
• TrendMicro: WORM_FEEBS.LS
• Sophos: W32/Feebs-AZ
• VirusBuster: Worm.Feebs.BX
• Eset: Win32/Mocalo.CC
Sistem de operare:
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
Efecte secundare:
• Creeaza fisiere malware
• Utilizeaza propriul motor de email
• Modificari in registri
• Sustrage informatii
• Posibilitatea accesului neautorizat la computer
Fisiere Se copiaza in urmatoarea locatie:
• %SYSDIR%ms%combinatie de doua caractere aleatoare%.exe
Sterge copia initiala a virusului.
Sunt create fisierele:
– c:b Analiza ulterioara a relevat ca si acest fisier este malware. Detectat ca: WORM/Feebs.BS.2
– %SYSDIR%ms%combinatie de doua caractere aleatoare%32.dll Fisierul este executat dupa ce a fost creat. Analiza ulterioara a relevat ca si acest fisier este malware. Detectat ca: WORM/Feebs.BS.2
Incearca sa descarce cateva fisiere:
– Adresele sunt urmatoarele:
•
•
•
•
La momentul realizarii descrierii, acest fisier nu era disponibil pentru o analiza ulterioara.
Registrii sistemului Valorile urmatoarelor chei sunt sterse din registrii sistemului:
• HKLMSYSTEMCurrentControlSetServices.NET CLR DataFailureActions
• HKLMSYSTEMControlSet001Services.NET CLR DataFailureActions
• HKLMSYSTEMControlSet002Services.NET CLR DataFailureActions
• HKLMSYSTEMCurrentControlSetServices.NET CLR NetworkingFailureActions
• HKLMSYSTEMControlSet001Services.NET CLR NetworkingFailureActions
• HKLMSYSTEMControlSet002Services.NET CLR NetworkingFailureActions
• HKLMSYSTEMCurrentControlSetServices.NETFrameworkFailureActions
• HKLMSYSTEMControlSet001Services.NETFrameworkFailureActions
• HKLMSYSTEMControlSet002Services.NETFrameworkFailureActions
• HKLMSYSTEMCurrentControlSetServicesAbiosdskFailureActions
• HKLMSYSTEMControlSet001ServicesAbiosdskFailureActions
• HKLMSYSTEMControlSet002ServicesAbiosdskFailureActions
• HKLMSYSTEMCurrentControlSetServicesabp480n5FailureActions
• HKLMSYSTEMControlSet001Servicesabp480n5FailureActions
• HKLMSYSTEMControlSet002Servicesabp480n5FailureActions
• HKLMSYSTEMCurrentControlSetServicesACPIFailureActions
• HKLMSYSTEMControlSet001ServicesACPIFailureActions
• HKLMSYSTEMControlSet002ServicesACPIFailureActions
• HKLMSYSTEMCurrentControlSetServicesACPIECFailureActions
• HKLMSYSTEMControlSet001ServicesACPIECFailureActions
• HKLMSYSTEMControlSet002ServicesACPIECFailureActions
• HKLMSYSTEMCurrentControlSetServicesadpu160mFailureActions
• HKLMSYSTEMControlSet001Servicesadpu160mFailureActions
• HKLMSYSTEMControlSet002Servicesadpu160mFailureActions
• HKLMSYSTEMCurrentControlSetServicesAFDFailureActions
• HKLMSYSTEMControlSet001ServicesAFDFailureActions
• HKLMSYSTEMControlSet002ServicesAFDFailureActions
• HKLMSYSTEMCurrentControlSetServicesagp440FailureActions
• HKLMSYSTEMControlSet001Servicesagp440FailureActions
• HKLMSYSTEMControlSet002Servicesagp440FailureActions
• HKLMSYSTEMCurrentControlSetServicesAha154xFailureActions
• HKLMSYSTEMControlSet001ServicesAha154xFailureActions
• HKLMSYSTEMControlSet002ServicesAha154xFailureActions
• HKLMSYSTEMCurrentControlSetServicesaic78u2FailureActions
• HKLMSYSTEMControlSet001Servicesaic78u2FailureActions
• HKLMSYSTEMControlSet002Servicesaic78u2FailureActions
• HKLMSYSTEMCurrentControlSetServicesaic78xxFailureActions
• HKLMSYSTEMControlSet001Servicesaic78xxFailureActions
• HKLMSYSTEMControlSet002Servicesaic78xxFailureActions
• HKLMSYSTEMCurrentControlSetServicesAlerterFailureActions
• HKLMSYSTEMControlSet001ServicesAlerterFailureActions
• HKLMSYSTEMControlSet002ServicesAlerterFailureActions
• HKLMSYSTEMCurrentControlSetServicesALGFailureActions
• HKLMSYSTEMControlSet001ServicesALGFailureActions
• HKLMSYSTEMControlSet002ServicesALGFailureActions
• HKLMSYSTEMCurrentControlSetServicesAliIdeFailureActions
• HKLMSYSTEMControlSet001ServicesAliIdeFailureActions
• HKLMSYSTEMControlSet002ServicesAliIdeFailureActions
• HKLMSYSTEMCurrentControlSetServicesamsintFailureActions
• HKLMSYSTEMControlSet001ServicesamsintFailureActions
• HKLMSYSTEMControlSet002ServicesamsintFailureActions
• HKLMSYSTEMCurrentControlSetServicesAppMgmtFailureActions
• HKLMSYSTEMControlSet001ServicesAppMgmtFailureActions
• HKLMSYSTEMControlSet002ServicesAppMgmtFailureActions
• HKLMSYSTEMCurrentControlSetServicesascFailureActions
• HKLMSYSTEMControlSet001ServicesascFailureActions
• HKLMSYSTEMControlSet002ServicesascFailureActions
• HKLMSYSTEMCurrentControlSetServicesasc3350pFailureActions
• HKLMSYSTEMControlSet001Servicesasc3350pFailureActions
• HKLMSYSTEMControlSet002Servicesasc3350pFailureActions
• HKLMSYSTEMCurrentControlSetServicesasc3550FailureActions
• HKLMSYSTEMControlSet001Servicesasc3550FailureActions
• HKLMSYSTEMControlSet002Servicesasc3550FailureActions
• HKLMSYSTEMCurrentControlSetServicesAsyncMacFailureActions
• HKLMSYSTEMControlSet001ServicesAsyncMacFailureActions
• HKLMSYSTEMControlSet002ServicesAsyncMacFailureActions
• HKLMSYSTEMCurrentControlSetServicesatapiFailureActions
• HKLMSYSTEMControlSet001ServicesatapiFailureActions
• HKLMSYSTEMControlSet002ServicesatapiFailureActions
• HKLMSYSTEMCurrentControlSetServicesAtdiskFailureActions
• HKLMSYSTEMControlSet001ServicesAtdiskFailureActions
• HKLMSYSTEMControlSet002ServicesAtdiskFailureActions
• HKLMSYSTEMCurrentControlSetServicesAtmarpcFailureActions
• HKLMSYSTEMControlSet001ServicesAtmarpcFailureActions
• HKLMSYSTEMControlSet002ServicesAtmarpcFailureActions
• HKLMSYSTEMCurrentControlSetServicesATSFailureActions
• HKLMSYSTEMControlSet001ServicesATSFailureActions
• HKLMSYSTEMControlSet002ServicesATSFailureActions
• HKLMSYSTEMCurrentControlSetServicesAudioSrvFailureActions
• HKLMSYSTEMControlSet001ServicesAudioSrvFailureActions
• HKLMSYSTEMControlSet002ServicesAudioSrvFailureActions
• HKLMSYSTEMCurrentControlSetServicesaudstubFailureActions
• HKLMSYSTEMControlSet001ServicesaudstubFailureActions
• HKLMSYSTEMControlSet002ServicesaudstubFailureActions
• HKLMSYSTEMCurrentControlSetServicesBattCFailureActions
• HKLMSYSTEMControlSet001ServicesBattCFailureActions
• HKLMSYSTEMControlSet002ServicesBattCFailureActions
• HKLMSYSTEMCurrentControlSetServicesBeepFailureActions
• HKLMSYSTEMControlSet001ServicesBeepFailureActions
• HKLMSYSTEMControlSet002ServicesBeepFailureActions
• HKLMSYSTEMCurrentControlSetServicesBITSFailureActions
• HKLMSYSTEMControlSet001ServicesBITSFailureActions
• HKLMSYSTEMControlSet002ServicesBITSFailureActions
• HKLMSYSTEMCurrentControlSetServicesBrowserFailureActions
• HKLMSYSTEMControlSet001ServicesBrowserFailureActions
• HKLMSYSTEMControlSet002ServicesBrowserFailureActions
• HKLMSYSTEMCurrentControlSetServicescbidf2kFailureActions
• HKLMSYSTEMControlSet001Servicescbidf2kFailureActions
• HKLMSYSTEMControlSet002Servicescbidf2kFailureActions
• HKLMSYSTEMCurrentControlSetServicescd20xrntFailureActions
• HKLMSYSTEMControlSet001Servicescd20xrntFailureActions
• HKLMSYSTEMControlSet002Servicescd20xrntFailureActions
• HKLMSYSTEMCurrentControlSetServicesCdaudioFailureActions
• HKLMSYSTEMControlSet001ServicesCdaudioFailureActions
• HKLMSYSTEMControlSet002ServicesCdaudioFailureActions
• HKLMSYSTEMCurrentControlSetServicesCdfsFailureActions
• HKLMSYSTEMControlSet001ServicesCdfsFailureActions
• HKLMSYSTEMControlSet002ServicesCdfsFailureActions
• HKLMSYSTEMCurrentControlSetServicesCdromFailureActions
• HKLMSYSTEMControlSet001ServicesCdromFailureActions
• HKLMSYSTEMControlSet002ServicesCdromFailureActions
• HKLMSYSTEMCurrentControlSetServicesChangerFailureActions
• HKLMSYSTEMControlSet001ServicesChangerFailureActions
• HKLMSYSTEMControlSet002ServicesChangerFailureActions
• HKLMSYSTEMCurrentControlSetServicescisvcFailureActions
• HKLMSYSTEMControlSet001ServicescisvcFailureActions
• HKLMSYSTEMControlSet002ServicescisvcFailureActions
• HKLMSYSTEMCurrentControlSetServicesClipSrvFailureActions
• HKLMSYSTEMControlSet001ServicesClipSrvFailureActions
• HKLMSYSTEMControlSet002ServicesClipSrvFailureActions
• HKLMSYSTEMCurrentControlSetServicesCmdIdeFailureActions
• HKLMSYSTEMControlSet001ServicesCmdIdeFailureActions
• HKLMSYSTEMControlSet002ServicesCmdIdeFailureActions
• HKLMSYSTEMCurrentControlSetServicesCOMSysAppFailureActions
• HKLMSYSTEMControlSet001ServicesCOMSysAppFailureActions
• HKLMSYSTEMControlSet002ServicesCOMSysAppFailureActions
• HKLMSYSTEMCurrentControlSetServicesContentFilterFailureActions
• HKLMSYSTEMControlSet001ServicesContentFilterFailureActions
• HKLMSYSTEMControlSet002ServicesContentFilterFailureActions
• HKLMSYSTEMCurrentControlSetServicesContentIndexFailureActions
• HKLMSYSTEMControlSet001ServicesContentIndexFailureActions
• HKLMSYSTEMControlSet002ServicesContentIndexFailureActions
• HKLMSYSTEMCurrentControlSetServicesCpqarrayFailureActions
• HKLMSYSTEMControlSet001ServicesCpqarrayFailureActions
• HKLMSYSTEMControlSet002ServicesCpqarrayFailureActions
• HKLMSYSTEMCurrentControlSetServicesCryptSvcFailureActions
• HKLMSYSTEMControlSet001ServicesCryptSvcFailureActions
• HKLMSYSTEMControlSet002ServicesCryptSvcFailureActions
• HKLMSYSTEMCurrentControlSetServicesdac2w2kFailureActions
• HKLMSYSTEMControlSet001Servicesdac2w2kFailureActions
• HKLMSYSTEMControlSet002Servicesdac2w2kFailureActions
• HKLMSYSTEMCurrentControlSetServicesdac960ntFailureActions
• HKLMSYSTEMControlSet001Servicesdac960ntFailureActions
• HKLMSYSTEMControlSet002Servicesdac960ntFailureActions
• HKLMSYSTEMCurrentControlSetServicesDhcpFailureActions
• HKLMSYSTEMControlSet001ServicesDhcpFailureActions
• HKLMSYSTEMControlSet002ServicesDhcpFailureActions
• HKLMSYSTEMCurrentControlSetServicesDiskFailureActions
• HKLMSYSTEMControlSet001ServicesDiskFailureActions
• HKLMSYSTEMControlSet002ServicesDiskFailureActions
• HKLMSYSTEMCurrentControlSetServicesdmadminFailureActions
• HKLMSYSTEMControlSet001ServicesdmadminFailureActions
• HKLMSYSTEMControlSet002ServicesdmadminFailureActions
• HKLMSYSTEMCurrentControlSetServicesdmbootFailureActions
• HKLMSYSTEMControlSet001ServicesdmbootFailureActions
• HKLMSYSTEMControlSet002ServicesdmbootFailureActions
• HKLMSYSTEMCurrentControlSetServicesdmioFailureActions
• HKLMSYSTEMControlSet001ServicesdmioFailureActions
• HKLMSYSTEMControlSet002ServicesdmioFailureActions
• HKLMSYSTEMCurrentControlSetServicesdmloadFailureActions
• HKLMSYSTEMControlSet001ServicesdmloadFailureActions
• HKLMSYSTEMControlSet002ServicesdmloadFailureActions
• HKLMSYSTEMCurrentControlSetServicesdmserverFailureActions
• HKLMSYSTEMControlSet001ServicesdmserverFailureActions
• HKLMSYSTEMControlSet002ServicesdmserverFailureActions
• HKLMSYSTEMCurrentControlSetServicesDnscacheFailureActions
• HKLMSYSTEMControlSet001ServicesDnscacheFailureActions
• HKLMSYSTEMControlSet002ServicesDnscacheFailureActions
• HKLMSYSTEMCurrentControlSetServicesdpti2oFailureActions
• HKLMSYSTEMControlSet001Servicesdpti2oFailureActions
• HKLMSYSTEMControlSet002Servicesdpti2oFailureActions
• HKLMSYSTEMCurrentControlSetServicesERSvcFailureActions
• HKLMSYSTEMControlSet001ServicesERSvcFailureActions
• HKLMSYSTEMControlSet002ServicesERSvcFailureActions
• HKLMSYSTEMCurrentControlSetServicesEventlogFailureActions
• HKLMSYSTEMControlSet001ServicesEventlogFailureActions
• HKLMSYSTEMControlSet002ServicesEventlogFailureActions
• HKLMSYSTEMCurrentControlSetServicesEventSystemFailureActions
• HKLMSYSTEMControlSet001ServicesEventSystemFailureActions
• HKLMSYSTEMControlSet002ServicesEventSystemFailureActions
• HKLMSYSTEMCurrentControlSetServicesFastfatFailureActions
• HKLMSYSTEMControlSet001ServicesFastfatFailureActions
• HKLMSYSTEMControlSet002ServicesFastfatFailureActions
• HKLMSYSTEMCurrentControlSetServicesFastUserSwitchingCompatibilityFailureActions
• HKLMSYSTEMControlSet001ServicesFastUserSwitchingCompatibilityFailureActions
• HKLMSYSTEMControlSet002ServicesFastUserSwitchingCompatibilityFailureActions
• HKLMSYSTEMCurrentControlSetServicesFdcFailureActions
• HKLMSYSTEMControlSet001ServicesFdcFailureActions
• HKLMSYSTEMControlSet002ServicesFdcFailureActions
• HKLMSYSTEMCurrentControlSetServicesFipsFailureActions
• HKLMSYSTEMControlSet001ServicesFipsFailureActions
• HKLMSYSTEMControlSet002ServicesFipsFailureActions
• HKLMSYSTEMCurrentControlSetServicesFlpydiskFailureActions
• HKLMSYSTEMControlSet001ServicesFlpydiskFailureActions
• HKLMSYSTEMControlSet002ServicesFlpydiskFailureActions
• HKLMSYSTEMCurrentControlSetServicesFs_RecFailureActions
• HKLMSYSTEMControlSet001ServicesFs_RecFailureActions
• HKLMSYSTEMControlSet002ServicesFs_RecFailureActions
• HKLMSYSTEMCurrentControlSetServicesFtdiskFailureActions
• HKLMSYSTEMControlSet001ServicesFtdiskFailureActions
• HKLMSYSTEMControlSet002ServicesFtdiskFailureActions
• HKLMSYSTEMCurrentControlSetServicesFundeleteFailureActions
• HKLMSYSTEMControlSet001ServicesFundeleteFailureActions
• HKLMSYSTEMControlSet002ServicesFundeleteFailureActions
• HKLMSYSTEMCurrentControlSetServicesGpcFailureActions
• HKLMSYSTEMControlSet001ServicesGpcFailureActions
• HKLMSYSTEMControlSet002ServicesGpcFailureActions
• HKLMSYSTEMCurrentControlSetServiceshelpsvcFailureActions
• HKLMSYSTEMControlSet001ServiceshelpsvcFailureActions
• HKLMSYSTEMControlSet002ServiceshelpsvcFailureActions
• HKLMSYSTEMCurrentControlSetServiceshgfsFailureActions
• HKLMSYSTEMControlSet001ServiceshgfsFailureActions
• HKLMSYSTEMControlSet002ServiceshgfsFailureActions
• HKLMSYSTEMCurrentControlSetServicesHidServFailureActions
• HKLMSYSTEMControlSet001ServicesHidServFailureActions
• HKLMSYSTEMControlSet002ServicesHidServFailureActions
• HKLMSYSTEMCurrentControlSetServiceshpnFailureActions
• HKLMSYSTEMControlSet001ServiceshpnFailureActions
• HKLMSYSTEMControlSet002ServiceshpnFailureActions
• HKLMSYSTEMCurrentControlSetServiceshpt3xxFailureActions
• HKLMSYSTEMControlSet001Serviceshpt3xxFailureActions
• HKLMSYSTEMControlSet002Serviceshpt3xxFailureActions
• HKLMSYSTEMCurrentControlSetServicesi2omgmtFailureActions
• HKLMSYSTEMControlSet001Servicesi2omgmtFailureActions
• HKLMSYSTEMControlSet002Servicesi2omgmtFailureActions
• HKLMSYSTEMCurrentControlSetServicesi2ompFailureActions
• HKLMSYSTEMControlSet001Servicesi2ompFailureActions
• HKLMSYSTEMControlSet002Servicesi2ompFailureActions
• HKLMSYSTEMCurrentControlSetServicesi8042prtFailureActions
• HKLMSYSTEMControlSet001Servicesi8042prtFailureActions
• HKLMSYSTEMControlSet002Servicesi8042prtFailureActions
• HKLMSYSTEMCurrentControlSetServicesImapiFailureActions
• HKLMSYSTEMControlSet001ServicesImapiFailureActions
• HKLMSYSTEMControlSet002ServicesImapiFailureActions
• HKLMSYSTEMCurrentControlSetServicesImapiServiceFailureActions
• HKLMSYSTEMControlSet001ServicesImapiServiceFailureActions
• HKLMSYSTEMControlSet002ServicesImapiServiceFailureActions
• HKLMSYSTEMCurrentControlSetServicesinetaccsFailureActions
• HKLMSYSTEMControlSet001ServicesinetaccsFailureActions
• HKLMSYSTEMControlSet002ServicesinetaccsFailureActions
• HKLMSYSTEMCurrentControlSetServicesini910uFailureActions
• HKLMSYSTEMControlSet001Servicesini910uFailureActions
• HKLMSYSTEMControlSet002Servicesini910uFailureActions
• HKLMSYSTEMCurrentControlSetServicesInportFailureActions
• HKLMSYSTEMControlSet001ServicesInportFailureActions
• HKLMSYSTEMControlSet002ServicesInportFailureActions
• HKLMSYSTEMCurrentControlSetServicesIntelIdeFailureActions
• HKLMSYSTEMControlSet001ServicesIntelIdeFailureActions
• HKLMSYSTEMControlSet002ServicesIntelIdeFailureActions
• HKLMSYSTEMCurrentControlSetServicesIpFilterDriverFailureActions
• HKLMSYSTEMControlSet001ServicesIpFilterDriverFailureActions
• HKLMSYSTEMControlSet002ServicesIpFilterDriverFailureActions
• HKLMSYSTEMCurrentControlSetServicesIpInIpFailureActions
• HKLMSYSTEMControlSet001ServicesIpInIpFailureActions
• HKLMSYSTEMControlSet002ServicesIpInIpFailureActions
• HKLMSYSTEMCurrentControlSetServicesIpNatFailureActions
• HKLMSYSTEMControlSet001ServicesIpNatFailureActions
• HKLMSYSTEMControlSet002ServicesIpNatFailureActions
• HKLMSYSTEMCurrentControlSetServicesIPSecFailureActions
• HKLMSYSTEMControlSet001ServicesIPSecFailureActions
• HKLMSYSTEMControlSet002ServicesIPSecFailureActions
• HKLMSYSTEMCurrentControlSetServicesIRENUMFailureActions
• HKLMSYSTEMControlSet001ServicesIRENUMFailureActions
• HKLMSYSTEMControlSet002ServicesIRENUMFailureActions
• HKLMSYSTEMCurrentControlSetServicesISAPISearchFailureActions
• HKLMSYSTEMControlSet001ServicesISAPISearchFailureActions
• HKLMSYSTEMControlSet002ServicesISAPISearchFailureActions
• HKLMSYSTEMCurrentControlSetServicesisapnpFailureActions
• HKLMSYSTEMControlSet001ServicesisapnpFailureActions
• HKLMSYSTEMControlSet002ServicesisapnpFailureActions
• HKLMSYSTEMCurrentControlSetServicesKbdclassFailureActions
• HKLMSYSTEMControlSet001ServicesKbdclassFailureActions
• HKLMSYSTEMControlSet002ServicesKbdclassFailureActions
• HKLMSYSTEMCurrentControlSetServicesKSecDDFailureActions
• HKLMSYSTEMControlSet001ServicesKSecDDFailureActions
• HKLMSYSTEMControlSet002ServicesKSecDDFailureActions
• HKLMSYSTEMCurrentControlSetServiceslanmanserverFailureActions
• HKLMSYSTEMControlSet001ServiceslanmanserverFailureActions
• HKLMSYSTEMControlSet002ServiceslanmanserverFailureActions
• HKLMSYSTEMCurrentControlSetServiceslanmanworkstationFailureActions
• HKLMSYSTEMControlSet001ServiceslanmanworkstationFailureActions
• HKLMSYSTEMControlSet002ServiceslanmanworkstationFailureActions
• HKLMSYSTEMCurrentControlSetServiceslbrtfdcFailureActions
• HKLMSYSTEMControlSet001ServiceslbrtfdcFailureActions
• HKLMSYSTEMControlSet002ServiceslbrtfdcFailureActions
• HKLMSYSTEMCurrentControlSetServicesldapFailureActions
• HKLMSYSTEMControlSet001ServicesldapFailureActions
• HKLMSYSTEMControlSet002ServicesldapFailureActions
• HKLMSYSTEMCurrentControlSetServicesLicenseServiceFailureActions
• HKLMSYSTEMControlSet001ServicesLicenseServiceFailureActions
• HKLMSYSTEMControlSet002ServicesLicenseServiceFailureActions
• HKLMSYSTEMCurrentControlSetServicesLmHostsFailureActions
• HKLMSYSTEMControlSet001ServicesLmHostsFailureActions
• HKLMSYSTEMControlSet002ServicesLmHostsFailureActions
• HKLMSYSTEMCurrentControlSetServicesMessengerFailureActions
• HKLMSYSTEMControlSet001ServicesMessengerFailureActions
• HKLMSYSTEMControlSet002ServicesMessengerFailureActions
• HKLMSYSTEMCurrentControlSetServicesmnmddFailureActions
• HKLMSYSTEMControlSet001ServicesmnmddFailureActions
• HKLMSYSTEMControlSet002ServicesmnmddFailureActions
• HKLMSYSTEMCurrentControlSetServicesmnmsrvcFailureActions
• HKLMSYSTEMControlSet001ServicesmnmsrvcFailureActions
• HKLMSYSTEMControlSet002ServicesmnmsrvcFailureActions
• HKLMSYSTEMCurrentControlSetServicesModemFailureActions
• HKLMSYSTEMControlSet001ServicesModemFailureActions
• HKLMSYSTEMControlSet002ServicesModemFailureActions
• HKLMSYSTEMCurrentControlSetServicesMouclassFailureActions
• HKLMSYSTEMControlSet001ServicesMouclassFailureActions
• HKLMSYSTEMControlSet002ServicesMouclassFailureActions
• HKLMSYSTEMCurrentControlSetServicesMountMgrFailureActions
• HKLMSYSTEMControlSet001ServicesMountMgrFailureActions
• HKLMSYSTEMControlSet002ServicesMountMgrFailureActions
• HKLMSYSTEMCurrentControlSetServicesmraid35xFailureActions
• HKLMSYSTEMControlSet001Servicesmraid35xFailureActions
• HKLMSYSTEMControlSet002Servicesmraid35xFailureActions
• HKLMSYSTEMCurrentControlSetServicesMRxDAVFailureActions
• HKLMSYSTEMControlSet001ServicesMRxDAVFailureActions
• HKLMSYSTEMControlSet002ServicesMRxDAVFailureActions
• HKLMSYSTEMCurrentControlSetServicesMRxSmbFailureActions
• HKLMSYSTEMControlSet001ServicesMRxSmbFailureActions
• HKLMSYSTEMControlSet002ServicesMRxSmbFailureActions
• HKLMSYSTEMCurrentControlSetServicesMSDTCFailureActions
• HKLMSYSTEMControlSet001ServicesMSDTCFailureActions
• HKLMSYSTEMControlSet002ServicesMSDTCFailureActions
• HKLMSYSTEMCurrentControlSetServicesMsfsFailureActions
• HKLMSYSTEMControlSet001ServicesMsfsFailureActions
• HKLMSYSTEMControlSet002ServicesMsfsFailureActions
• HKLMSYSTEMCurrentControlSetServicesMSIServerFailureActions
• HKLMSYSTEMControlSet001ServicesMSIServerFailureActions
• HKLMSYSTEMControlSet002ServicesMSIServerFailureActions
• HKLMSYSTEMCurrentControlSetServicesmsServerFormFailureActions
• HKLMSYSTEMControlSet001ServicesmsServerFormFailureActions
• HKLMSYSTEMControlSet002ServicesmsServerFormFailureActions
• HKLMSYSTEMCurrentControlSetServicesMupFailureActions
• HKLMSYSTEMControlSet001ServicesMupFailureActions
• HKLMSYSTEMControlSet002ServicesMupFailureActions
• HKLMSYSTEMCurrentControlSetServicesNDISFailureActions
• HKLMSYSTEMControlSet001ServicesNDISFailureActions
• HKLMSYSTEMControlSet002ServicesNDISFailureActions
• HKLMSYSTEMCurrentControlSetServicesNdisTapiFailureActions
• HKLMSYSTEMControlSet001ServicesNdisTapiFailureActions
• HKLMSYSTEMControlSet002ServicesNdisTapiFailureActions
• HKLMSYSTEMCurrentControlSetServicesNdisuioFailureActions
• HKLMSYSTEMControlSet001ServicesNdisuioFailureActions
• HKLMSYSTEMControlSet002ServicesNdisuioFailureActions
• HKLMSYSTEMCurrentControlSetServicesNdisWanFailureActions
• HKLMSYSTEMControlSet001ServicesNdisWanFailureActions
• HKLMSYSTEMControlSet002ServicesNdisWanFailureActions
• HKLMSYSTEMCurrentControlSetServicesNDProxyFailureActions
• HKLMSYSTEMControlSet001ServicesNDProxyFailureActions
• HKLMSYSTEMControlSet002ServicesNDProxyFailureActions
• HKLMSYSTEMCurrentControlSetServicesNetBIOSFailureActions
• HKLMSYSTEMControlSet001ServicesNetBIOSFailureActions
• HKLMSYSTEMControlSet002ServicesNetBIOSFailureActions
• HKLMSYSTEMCurrentControlSetServicesNetBTFailureActions
• HKLMSYSTEMControlSet001ServicesNetBTFailureActions
• HKLMSYSTEMControlSet002ServicesNetBTFailureActions
• HKLMSYSTEMCurrentControlSetServicesNetDDEFailureActions
• HKLMSYSTEMControlSet001ServicesNetDDEFailureActions
• HKLMSYSTEMControlSet002ServicesNetDDEFailureActions
• HKLMSYSTEMCurrentControlSetServicesNetDDEdsdmFailureActions
• HKLMSYSTEMControlSet001ServicesNetDDEdsdmFailureActions
• HKLMSYSTEMControlSet002ServicesNetDDEdsdmFailureActions
• HKLMSYSTEMCurrentControlSetServicesNetlogonFailureActions
• HKLMSYSTEMControlSet001ServicesNetlogonFailureActions
• HKLMSYSTEMControlSet002ServicesNetlogonFailureActions
• HKLMSYSTEMCurrentControlSetServicesNetmanFailureActions
• HKLMSYSTEMControlSet001ServicesNetmanFailureActions
• HKLMSYSTEMControlSet002ServicesNetmanFailureActions
• HKLMSYSTEMCurrentControlSetServicesNlaFailureActions
• HKLMSYSTEMControlSet001ServicesNlaFailureActions
• HKLMSYSTEMControlSet002ServicesNlaFailureActions
• HKLMSYSTEMCurrentControlSetServicesnmFailureActions
• HKLMSYSTEMControlSet001ServicesnmFailureActions
• HKLMSYSTEMControlSet002ServicesnmFailureActions
• HKLMSYSTEMCurrentControlSetServicesNPFFailureActions
• HKLMSYSTEMControlSet001ServicesNPFFailureActions
• HKLMSYSTEMControlSet002ServicesNPFFailureActions
• HKLMSYSTEMCurrentControlSetServicesNpfsFailureActions
• HKLMSYSTEMControlSet001ServicesNpfsFailureActions
• HKLMSYSTEMControlSet002ServicesNpfsFailureActions
• HKLMSYSTEMCurrentControlSetServicesNtfsFailureActions
• HKLMSYSTEMControlSet001ServicesNtfsFailureActions
• HKLMSYSTEMControlSet002ServicesNtfsFailureActions
• HKLMSYSTEMCurrentControlSetServicesNtLmSspFailureActions
• HKLMSYSTEMControlSet001ServicesNtLmSspFailureActions
• HKLMSYSTEMControlSet002ServicesNtLmSspFailureActions
• HKLMSYSTEMCurrentControlSetServicesNtmsSvcFailureActions
• HKLMSYSTEMControlSet001ServicesNtmsSvcFailureActions
• HKLMSYSTEMControlSet002ServicesNtmsSvcFailureActions
• HKLMSYSTEMCurrentControlSetServicesNullFailureActions
• HKLMSYSTEMControlSet001ServicesNullFailureActions
• HKLMSYSTEMControlSet002ServicesNullFailureActions
• HKLMSYSTEMCurrentControlSetServicesNwlnkFltFailureActions
• HKLMSYSTEMControlSet001ServicesNwlnkFltFailureActions
• HKLMSYSTEMControlSet002ServicesNwlnkFltFailureActions
• HKLMSYSTEMCurrentControlSetServicesNwlnkFwdFailureActions
• HKLMSYSTEMControlSet001ServicesNwlnkFwdFailureActions
• HKLMSYSTEMControlSet002ServicesNwlnkFwdFailureActions
• HKLMSYSTEMCurrentControlSetServicesParportFailureActions
• HKLMSYSTEMControlSet001ServicesParportFailureActions
• HKLMSYSTEMControlSet002ServicesParportFailureActions
• HKLMSYSTEMCurrentControlSetServicesPartMgrFailureActions
• HKLMSYSTEMControlSet001ServicesPartMgrFailureActions
• HKLMSYSTEMControlSet002ServicesPartMgrFailureActions
• HKLMSYSTEMCurrentControlSetServicesParVdmFailureActions
• HKLMSYSTEMControlSet001ServicesParVdmFailureActions
• HKLMSYSTEMControlSet002ServicesParVdmFailureActions
• HKLMSYSTEMCurrentControlSetServicesPCIFailureActions
• HKLMSYSTEMControlSet001ServicesPCIFailureActions
• HKLMSYSTEMControlSet002ServicesPCIFailureActions
• HKLMSYSTEMCurrentControlSetServicesPCIDumpFailureActions
• HKLMSYSTEMControlSet001ServicesPCIDumpFailureActions
• HKLMSYSTEMControlSet002ServicesPCIDumpFailureActions
• HKLMSYSTEMCurrentControlSetServicesPCIIdeFailureActions
• HKLMSYSTEMControlSet001ServicesPCIIdeFailureActions
• HKLMSYSTEMControlSet002ServicesPCIIdeFailureActions
• HKLMSYSTEMCurrentControlSetServicesPcmciaFailureActions
• HKLMSYSTEMControlSet001ServicesPcmciaFailureActions
• HKLMSYSTEMControlSet002ServicesPcmciaFailureActions
• HKLMSYSTEMCurrentControlSetServicesPCnetFailureActions
• HKLMSYSTEMControlSet001ServicesPCnetFailureActions
• HKLMSYSTEMControlSet002ServicesPCnetFailureActions
• HKLMSYSTEMCurrentControlSetServicesPDCOMPFailureActions
• HKLMSYSTEMControlSet001ServicesPDCOMPFailureActions
• HKLMSYSTEMControlSet002ServicesPDCOMPFailureActions
• HKLMSYSTEMCurrentControlSetServicesPDFRAMEFailureActions
• HKLMSYSTEMControlSet001ServicesPDFRAMEFailureActions
• HKLMSYSTEMControlSet002ServicesPDFRAMEFailureActions
• HKLMSYSTEMCurrentControlSetServicesPDRELIFailureActions
• HKLMSYSTEMControlSet001ServicesPDRELIFailureActions
• HKLMSYSTEMControlSet002ServicesPDRELIFailureActions
• HKLMSYSTEMCurrentControlSetServicesPDRFRAMEFailureActions
• HKLMSYSTEMControlSet001ServicesPDRFRAMEFailureActions
• HKLMSYSTEMControlSet002ServicesPDRFRAMEFailureActions
• HKLMSYSTEMCurrentControlSetServicesperc2FailureActions
• HKLMSYSTEMControlSet001Servicesperc2FailureActions
• HKLMSYSTEMControlSet002Servicesperc2FailureActions
• HKLMSYSTEMCurrentControlSetServicesperc2hibFailureActions
• HKLMSYSTEMControlSet001Servicesperc2hibFailureActions
• HKLMSYSTEMControlSet002Servicesperc2hibFailureActions
• HKLMSYSTEMCurrentControlSetServicesPerfDiskFailureActions
• HKLMSYSTEMControlSet001ServicesPerfDiskFailureActions
• HKLMSYSTEMControlSet002ServicesPerfDiskFailureActions
• HKLMSYSTEMCurrentControlSetServicesPerfNetFailureActions
• HKLMSYSTEMControlSet001ServicesPerfNetFailureActions
• HKLMSYSTEMControlSet002ServicesPerfNetFailureActions
• HKLMSYSTEMCurrentControlSetServicesPerfOSFailureActions
• HKLMSYSTEMControlSet001ServicesPerfOSFailureActions
• HKLMSYSTEMControlSet002ServicesPerfOSFailureActions
• HKLMSYSTEMCurrentControlSetServicesPerfProcFailureActions
• HKLMSYSTEMControlSet001ServicesPerfProcFailureActions
• HKLMSYSTEMControlSet002ServicesPerfProcFailureActions
• HKLMSYSTEMCurrentControlSetServicesPlugPlayFailureActions
• HKLMSYSTEMControlSet001ServicesPlugPlayFailureActions
• HKLMSYSTEMControlSet002ServicesPlugPlayFailureActions
• HKLMSYSTEMCurrentControlSetServicesPolicyAgentFailureActions
• HKLMSYSTEMControlSet001ServicesPolicyAgentFailureActions
• HKLMSYSTEMControlSet002ServicesPolicyAgentFailureActions
• HKLMSYSTEMCurrentControlSetServicesPptpMiniportFailureActions
• HKLMSYSTEMControlSet001ServicesPptpMiniportFailureActions
• HKLMSYSTEMControlSet002ServicesPptpMiniportFailureActions
• HKLMSYSTEMCurrentControlSetServicesProcessorFailureActions
• HKLMSYSTEMControlSet001ServicesProcessorFailureActions
• HKLMSYSTEMControlSet002ServicesProcessorFailureActions
• HKLMSYSTEMCurrentControlSetServicesProtectedStorageFailureActions
• HKLMSYSTEMControlSet001ServicesProtectedStorageFailureActions
• HKLMSYSTEMControlSet002ServicesProtectedStorageFailureActions
• HKLMSYSTEMCurrentControlSetServicesPSSdk21FailureActions
• HKLMSYSTEMControlSet001ServicesPSSdk21FailureActions
• HKLMSYSTEMCurrentControlSetServicesPtilinkFailureActions
• HKLMSYSTEMControlSet001ServicesPtilinkFailureActions
• HKLMSYSTEMControlSet002ServicesPtilinkFailureActions
• HKLMSYSTEMCurrentControlSetServicesql1080FailureActions
• HKLMSYSTEMControlSet001Servicesql1080FailureActions
• HKLMSYSTEMControlSet002Servicesql1080FailureActions
• HKLMSYSTEMCurrentControlSetServicesQl10wntFailureActions
• HKLMSYSTEMControlSet001ServicesQl10wntFailureActions
• HKLMSYSTEMControlSet002ServicesQl10wntFailureActions
• HKLMSYSTEMCurrentControlSetServicesql12160FailureActions
• HKLMSYSTEMControlSet001Servicesql12160FailureActions
• HKLMSYSTEMControlSet002Servicesql12160FailureActions
• HKLMSYSTEMCurrentControlSetServicesql1240FailureActions
• HKLMSYSTEMControlSet001Servicesql1240FailureActions
• HKLMSYSTEMControlSet002Servicesql1240FailureActions
• HKLMSYSTEMCurrentControlSetServicesql1280FailureActions
• HKLMSYSTEMControlSet001Servicesql1280FailureActions
• HKLMSYSTEMControlSet002Servicesql1280FailureActions
• HKLMSYSTEMCurrentControlSetServicesRasAcdFailureActions
• HKLMSYSTEMControlSet001ServicesRasAcdFailureActions
• HKLMSYSTEMControlSet002ServicesRasAcdFailureActions
• HKLMSYSTEMCurrentControlSetServicesRasAutoFailureActions
• HKLMSYSTEMControlSet001ServicesRasAutoFailureActions
• HKLMSYSTEMControlSet002ServicesRasAutoFailureActions
• HKLMSYSTEMCurrentControlSetServicesRasl2tpFailureActions
• HKLMSYSTEMControlSet001ServicesRasl2tpFailureActions
• HKLMSYSTEMControlSet002ServicesRasl2tpFailureActions
• HKLMSYSTEMCurrentControlSetServicesRasManFailureActions
• HKLMSYSTEMControlSet001ServicesRasManFailureActions
• HKLMSYSTEMControlSet002ServicesRasManFailureActions
• HKLMSYSTEMCurrentControlSetServicesRasPppoeFailureActions
• HKLMSYSTEMControlSet001ServicesRasPppoeFailureActions
• HKLMSYSTEMControlSet002ServicesRasPppoeFailureActions
• HKLMSYSTEMCurrentControlSetServicesRasptiFailureActions
• HKLMSYSTEMControlSet001ServicesRasptiFailureActions
• HKLMSYSTEMControlSet002ServicesRasptiFailureActions
• HKLMSYSTEMCurrentControlSetServicesRdbssFailureActions
• HKLMSYSTEMControlSet001ServicesRdbssFailureActions
• HKLMSYSTEMControlSet002ServicesRdbssFailureActions
• HKLMSYSTEMCurrentControlSetServicesRDPCDDFailureActions
• HKLMSYSTEMControlSet001ServicesRDPCDDFailureActions
• HKLMSYSTEMControlSet002ServicesRDPCDDFailureActions
• HKLMSYSTEMCurrentControlSetServicesRDPDDFailureActions
• HKLMSYSTEMControlSet001ServicesRDPDDFailureActions
• HKLMSYSTEMControlSet002ServicesRDPDDFailureActions
• HKLMSYSTEMCurrentControlSetServicesrdpdrFailureActions
• HKLMSYSTEMControlSet001ServicesrdpdrFailureActions
• HKLMSYSTEMControlSet002ServicesrdpdrFailureActions
• HKLMSYSTEMCurrentControlSetServicesRDPNPFailureActions
• HKLMSYSTEMControlSet001ServicesRDPNPFailureActions
• HKLMSYSTEMControlSet002ServicesRDPNPFailureActions
• HKLMSYSTEMCurrentControlSetServicesRDPWDFailureActions
• HKLMSYSTEMControlSet001ServicesRDPWDFailureActions
• HKLMSYSTEMControlSet002ServicesRDPWDFailureActions
• HKLMSYSTEMCurrentControlSetServicesRDSessMgrFailureActions
• HKLMSYSTEMControlSet001ServicesRDSessMgrFailureActions
• HKLMSYSTEMControlSet002ServicesRDSessMgrFailureActions
• HKLMSYSTEMCurrentControlSetServicesredbookFailureActions
• HKLMSYSTEMControlSet001ServicesredbookFailureActions
• HKLMSYSTEMControlSet002ServicesredbookFailureActions
• HKLMSYSTEMCurrentControlSetServicesRemoteAccessFailureActions
• HKLMSYSTEMControlSet001ServicesRemoteAccessFailureActions
• HKLMSYSTEMControlSet002ServicesRemoteAccessFailureActions
• HKLMSYSTEMCurrentControlSetServicesRemoteRegistryFailureActions
• HKLMSYSTEMControlSet001ServicesRemoteRegistryFailureActions
• HKLMSYSTEMControlSet002ServicesRemoteRegistryFailureActions
• HKLMSYSTEMCurrentControlSetServicesrpcapdFailureActions
• HKLMSYSTEMControlSet001ServicesrpcapdFailureActions
• HKLMSYSTEMControlSet002ServicesrpcapdFailureActions
• HKLMSYSTEMCurrentControlSetServicesRpcLocatorFailureActions
• HKLMSYSTEMControlSet001ServicesRpcLocatorFailureActions
• HKLMSYSTEMControlSet002ServicesRpcLocatorFailureActions
• HKLMSYSTEMCurrentControlSetServicesRpcSsFailureActions
• HKLMSYSTEMControlSet001ServicesRpcSsFailureActions
• HKLMSYSTEMControlSet002ServicesRpcSsFailureActions
• HKLMSYSTEMCurrentControlSetServicesRSVPFailureActions
• HKLMSYSTEMControlSet001ServicesRSVPFailureActions
• HKLMSYSTEMControlSet002ServicesRSVPFailureActions
• HKLMSYSTEMCurrentControlSetServicesSamSsFailureActions
• HKLMSYSTEMControlSet001ServicesSamSsFailureActions
• HKLMSYSTEMControlSet002ServicesSamSsFailureActions
• HKLMSYSTEMCurrentControlSetServicesSCardDrvFailureActions
• HKLMSYSTEMControlSet001ServicesSCardDrvFailureActions
• HKLMSYSTEMControlSet002ServicesSCardDrvFailureActions
• HKLMSYSTEMCurrentControlSetServicesSCardSvrFailureActions
• HKLMSYSTEMControlSet001ServicesSCardSvrFailureActions
• HKLMSYSTEMControlSet002ServicesSCardSvrFailureActions
• HKLMSYSTEMCurrentControlSetServicesScheduleFailureActions
• HKLMSYSTEMControlSet001ServicesScheduleFailureActions
• HKLMSYSTEMControlSet002ServicesScheduleFailureActions
• HKLMSYSTEMCurrentControlSetServicesSecdrvFailureActions
• HKLMSYSTEMControlSet001ServicesSecdrvFailureActions
• HKLMSYSTEMControlSet002ServicesSecdrvFailureActions
• HKLMSYSTEMCurrentControlSetServicesseclogonFailureActions
• HKLMSYSTEMControlSet001ServicesseclogonFailureActions
• HKLMSYSTEMControlSet002ServicesseclogonFailureActions
• HKLMSYSTEMCurrentControlSetServicesSENSFailureActions
• HKLMSYSTEMControlSet001ServicesSENSFailureActions
• HKLMSYSTEMControlSet002ServicesSENSFailureActions
• HKLMSYSTEMCurrentControlSetServicesserenumFailureActions
• HKLMSYSTEMControlSet001ServicesserenumFailureActions
• HKLMSYSTEMControlSet002ServicesserenumFailureActions
• HKLMSYSTEMCurrentControlSetServicesSerialFailureActions
• HKLMSYSTEMControlSet001ServicesSerialFailureActions
• HKLMSYSTEMControlSet002ServicesSerialFailureActions
• HKLMSYSTEMCurrentControlSetServicesSfloppyFailureActions
• HKLMSYSTEMControlSet001ServicesSfloppyFailureActions
• HKLMSYSTEMControlSet002ServicesSfloppyFailureActions
• HKLMSYSTEMCurrentControlSetServicesSharedAccessFailureActions
• HKLMSYSTEMControlSet001ServicesSharedAccessFailureActions
• HKLMSYSTEMControlSet002ServicesSharedAccessFailureActions
• HKLMSYSTEMCurrentControlSetServicesShellHWDetectionFailureActions
• HKLMSYSTEMControlSet001ServicesShellHWDetectionFailureActions
• HKLMSYSTEMControlSet002ServicesShellHWDetectionFailureActions
• HKLMSYSTEMCurrentControlSetServicesSimbadFailureActions
• HKLMSYSTEMControlSet001ServicesSimbadFailureActions
• HKLMSYSTEMControlSet002ServicesSimbadFailureActions
• HKLMSYSTEMCurrentControlSetServicesSparrowFailureActions
• HKLMSYSTEMControlSet001ServicesSparrowFailureActions
• HKLMSYSTEMControlSet002ServicesSparrowFailureActions
• HKLMSYSTEMCurrentControlSetServicesSpoolerFailureActions
• HKLMSYSTEMControlSet001ServicesSpoolerFailureActions
• HKLMSYSTEMControlSet002ServicesSpoolerFailureActions
• HKLMSYSTEMCurrentControlSetServicessrFailureActions
• HKLMSYSTEMControlSet001ServicessrFailureActions
• HKLMSYSTEMControlSet002ServicessrFailureActions
• HKLMSYSTEMCurrentControlSetServicessrserviceFailureActions
• HKLMSYSTEMControlSet001ServicessrserviceFailureActions
• HKLMSYSTEMControlSet002ServicessrserviceFailureActions
• HKLMSYSTEMCurrentControlSetServicesSrvFailureActions
• HKLMSYSTEMControlSet001ServicesSrvFailureActions
• HKLMSYSTEMControlSet002ServicesSrvFailureActions
• HKLMSYSTEMCurrentControlSetServicesSSDPSRVFailureActions
• HKLMSYSTEMControlSet001ServicesSSDPSRVFailureActions
• HKLMSYSTEMControlSet002ServicesSSDPSRVFailureActions
• HKLMSYSTEMCurrentControlSetServicesstisvcFailureActions
• HKLMSYSTEMControlSet001ServicesstisvcFailureActions
• HKLMSYSTEMControlSet002ServicesstisvcFailureActions
• HKLMSYSTEMCurrentControlSetServicesswenumFailureActions
• HKLMSYSTEMControlSet001ServicesswenumFailureActions
• HKLMSYSTEMControlSet002ServicesswenumFailureActions
• HKLMSYSTEMCurrentControlSetServicesSwPrvFailureActions
• HKLMSYSTEMControlSet001ServicesSwPrvFailureActions
• HKLMSYSTEMControlSet002ServicesSwPrvFailureActions
• HKLMSYSTEMCurrentControlSetServicessymc810FailureActions
• HKLMSYSTEMControlSet001Servicessymc810FailureActions
• HKLMSYSTEMControlSet002Servicessymc810FailureActions
• HKLMSYSTEMCurrentControlSetServicessymc8xxFailureActions
• HKLMSYSTEMControlSet001Servicessymc8xxFailureActions
• HKLMSYSTEMControlSet002Servicessymc8xxFailureActions
• HKLMSYSTEMCurrentControlSetServicessym_hiFailureActions
• HKLMSYSTEMControlSet001Servicessym_hiFailureActions
• HKLMSYSTEMControlSet002Servicessym_hiFailureActions
• HKLMSYSTEMCurrentControlSetServicessym_u3FailureActions
• HKLMSYSTEMControlSet001Servicessym_u3FailureActions
• HKLMSYSTEMControlSet002Servicessym_u3FailureActions
• HKLMSYSTEMCurrentControlSetServicesSysmonLogFailureActions
• HKLMSYSTEMControlSet001ServicesSysmonLogFailureActions
• HKLMSYSTEMControlSet002ServicesSysmonLogFailureActions
• HKLMSYSTEMCurrentControlSetServicesTapiSrvFailureActions
• HKLMSYSTEMControlSet001ServicesTapiSrvFailureActions
• HKLMSYSTEMControlSet002ServicesTapiSrvFailureActions
• HKLMSYSTEMCurrentControlSetServicesTcpipFailureActions
• HKLMSYSTEMControlSet001ServicesTcpipFailureActions
• HKLMSYSTEMControlSet002ServicesTcpipFailureActions
• HKLMSYSTEMCurrentControlSetServicesTDPIPEFailureActions
• HKLMSYSTEMControlSet001ServicesTDPIPEFailureActions
• HKLMSYSTEMControlSet002ServicesTDPIPEFailureActions
• HKLMSYSTEMCurrentControlSetServicesTDTCPFailureActions
• HKLMSYSTEMControlSet001ServicesTDTCPFailureActions
• HKLMSYSTEMControlSet002ServicesTDTCPFailureActions
• HKLMSYSTEMCurrentControlSetServicesTermDDFailureActions
• HKLMSYSTEMControlSet001ServicesTermDDFailureActions
• HKLMSYSTEMControlSet002ServicesTermDDFailureActions
• HKLMSYSTEMCurrentControlSetServicesTermServiceFailureActions
• HKLMSYSTEMControlSet001ServicesTermServiceFailureActions
• HKLMSYSTEMControlSet002ServicesTermServiceFailureActions
• HKLMSYSTEMCurrentControlSetServicesThemesFailureActions
• HKLMSYSTEMControlSet001ServicesThemesFailureActions
• HKLMSYSTEMControlSet002ServicesThemesFailureActions
• HKLMSYSTEMCurrentControlSetServicesTlntSvrFailureActions
• HKLMSYSTEMControlSet001ServicesTlntSvrFailureActions
• HKLMSYSTEMControlSet002ServicesTlntSvrFailureActions
• HKLMSYSTEMCurrentControlSetServicesTosIdeFailureActions
• HKLMSYSTEMControlSet001ServicesTosIdeFailureActions
• HKLMSYSTEMControlSet002ServicesTosIdeFailureActions
• HKLMSYSTEMCurrentControlSetServicesTrkWksFailureActions
• HKLMSYSTEMControlSet001ServicesTrkWksFailureActions
• HKLMSYSTEMControlSet002ServicesTrkWksFailureActions
• HKLMSYSTEMCurrentControlSetServicesTSDDDFailureActions
• HKLMSYSTEMControlSet001ServicesTSDDDFailureActions
• HKLMSYSTEMControlSet002ServicesTSDDDFailureActions
• HKLMSYSTEMCurrentControlSetServicesUdfsFailureActions
• HKLMSYSTEMControlSet001ServicesUdfsFailureActions
• HKLMSYSTEMControlSet002ServicesUdfsFailureActions
• HKLMSYSTEMCurrentControlSetServicesultraFailureActions
• HKLMSYSTEMControlSet001ServicesultraFailureActions
• HKLMSYSTEMControlSet002ServicesultraFailureActions
• HKLMSYSTEMCurrentControlSetServicesUpdateFailureActions
• HKLMSYSTEMControlSet001ServicesUpdateFailureActions
• HKLMSYSTEMControlSet002ServicesUpdateFailureActions
• HKLMSYSTEMCurrentControlSetServicesuploadmgrFailureActions
• HKLMSYSTEMControlSet001ServicesuploadmgrFailureActions
• HKLMSYSTEMControlSet002ServicesuploadmgrFailureActions
• HKLMSYSTEMCurrentControlSetServicesupnphostFailureActions
• HKLMSYSTEMControlSet001ServicesupnphostFailureActions
• HKLMSYSTEMControlSet002ServicesupnphostFailureActions
• HKLMSYSTEMCurrentControlSetServicesUPSFailureActions
• HKLMSYSTEMControlSet001ServicesUPSFailureActions
• HKLMSYSTEMControlSet002ServicesUPSFailureActions
• HKLMSYSTEMCurrentControlSetServicesusbhubFailureActions
• HKLMSYSTEMControlSet001ServicesusbhubFailureActions
• HKLMSYSTEMControlSet002ServicesusbhubFailureActions
• HKLMSYSTEMCurrentControlSetServicesusbuhciFailureActions
• HKLMSYSTEMControlSet001ServicesusbuhciFailureActions
• HKLMSYSTEMControlSet002ServicesusbuhciFailureActions
• HKLMSYSTEMCurrentControlSetServicesVgaSaveFailureActions
• HKLMSYSTEMControlSet001ServicesVgaSaveFailureActions
• HKLMSYSTEMControlSet002ServicesVgaSaveFailureActions
• HKLMSYSTEMCurrentControlSetServicesViaIdeFailureActions
• HKLMSYSTEMControlSet001ServicesViaIdeFailureActions
• HKLMSYSTEMControlSet002ServicesViaIdeFailureActions
• HKLMSYSTEMCurrentControlSetServicesvmmouseFailureActions
• HKLMSYSTEMControlSet001ServicesvmmouseFailureActions
• HKLMSYSTEMControlSet002ServicesvmmouseFailureActions
• HKLMSYSTEMCurrentControlSetServicesvmscsiFailureActions
• HKLMSYSTEMControlSet001ServicesvmscsiFailureActions
• HKLMSYSTEMControlSet002ServicesvmscsiFailureActions
• HKLMSYSTEMCurrentControlSetServicesVMToolsFailureActions
• HKLMSYSTEMControlSet001ServicesVMToolsFailureActions
• HKLMSYSTEMControlSet002ServicesVMToolsFailureActions
• HKLMSYSTEMCurrentControlSetServicesvmxnetFailureActions
• HKLMSYSTEMControlSet001ServicesvmxnetFailureActions
• HKLMSYSTEMControlSet002ServicesvmxnetFailureActions
• HKLMSYSTEMCurrentControlSetServicesvmx_svgaFailureActions
• HKLMSYSTEMControlSet001Servicesvmx_svgaFailureActions
• HKLMSYSTEMControlSet002Servicesvmx_svgaFailureActions
• HKLMSYSTEMCurrentControlSetServicesVolSnapFailureActions
• HKLMSYSTEMControlSet001ServicesVolSnapFailureActions
• HKLMSYSTEMControlSet002ServicesVolSnapFailureActions
• HKLMSYSTEMCurrentControlSetServicesVSSFailureActions
• HKLMSYSTEMControlSet001ServicesVSSFailureActions
• HKLMSYSTEMControlSet002ServicesVSSFailureActions
• HKLMSYSTEMCurrentControlSetServicesW32TimeFailureActions
• HKLMSYSTEMControlSet001ServicesW32TimeFailureActions
• HKLMSYSTEMControlSet002ServicesW32TimeFailureActions
• HKLMSYSTEMCurrentControlSetServicesW3SVCFailureActions
• HKLMSYSTEMControlSet001ServicesW3SVCFailureActions
• HKLMSYSTEMControlSet002ServicesW3SVCFailureActions
• HKLMSYSTEMCurrentControlSetServicesWanarpFailureActions
• HKLMSYSTEMControlSet001ServicesWanarpFailureActions
• HKLMSYSTEMControlSet002ServicesWanarpFailureActions
• HKLMSYSTEMCurrentControlSetServicesWDICAFailureActions
• HKLMSYSTEMControlSet001ServicesWDICAFailureActions
• HKLMSYSTEMControlSet002ServicesWDICAFailureActions
• HKLMSYSTEMCurrentControlSetServicesWebClientFailureActions
• HKLMSYSTEMControlSet001ServicesWebClientFailureAVIRA
|
|
| pus acum 18 ani |
|
TE4L
Super Buruian
 Inregistrat: acum 18 ani
Postari: 356
|
|
Y2K,te plictiseai prea tare si te-ai gandit sa iti cresi numarul de posturi? Crezi ca sta cineva sa citeasca tot ce ai scris? Din moment ce sunt detectabile,e clar ca nu trebuie sa mai stai sa controlezi cheie cu cheie in registrii,fisier cu fisier in computer ca sa il dai afara...
_______________________________________
Beware of the buruian( he is ... super )
|
|
| pus acum 18 ani |
|
Shocker
Super Moderator
 Din: localhost
Inregistrat: acum 18 ani
Postari: 2084
|
|
|
| pus acum 18 ani |
|
