Worm.Win32_Elitper-E
Description
Détails
Désinfection
Cette section destinée aux experts, expose les détails techniques de ce virus.
Taille: 10449 Octet(s)
Détails techniques:
Lorsqu'il est exécuté, Elitper-E se copie aux emplacements suivants :
\Documents and Settings\All Users\Start Menu\Programs\Startup\XPStartUp.exe
\Documents and Settings\\Start Menu\Programs\Startup\XPStartUp.exe
{Program Files}\Internet Explorer\IExplore .exe
{Program Files}\Internet Explorer\Norton Internet Security.exe
{Program Files}\SP2 UPDATE.exe
{Program Files}\Windows Media Player\ LSASS .exe
{Windows folder}\TASKMGR .exe
Le ver se copie également dans les dossiers partagés des applications de réseaux peer-to-peer en utilisant le nom de fichier "All Nokia Phones Hacking + HotKeys To Acess To Networks.exe"
Afin d'être exécuté à chaque démarrage d'une session utilisateur, le ver ajoute les entrées suivantes à la base de registre :
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Firewall
"{Program Files}\SP2 UPDATE.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Protection
"{Program Files}\Internet Explorer\Norton Internet Security.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SysRes
"{Program Files}\Internet Explorer\IExplore .exe"
Le courriel envoyé par Elitper-E possède les caractéristiques suivantes :
Objet:
Microsoft SP2 Update
Corps du message:
Microsoft SP2 Update Urgent Download It
Pièce jointe:
Une copie du ver avec l'extension .exe
Elitper-E tente de modifier le fichier HOSTS (localisé généralement dans le répertoire %System%\drivers\etc) afin d'empêcher l'accès à certains sites dont voici la liste :
127.0.0.1 www.google.com
127.0.0.1 Symantec.TrendMicro.Sophos
127.0.0.1 www.download.com
127.0.0.1 www.hdpvidz.com
127.0.0.1 www.urbanchaosvideos.com
127.0.0.1 www.alltheweb.com
127.0.0.1 www.yahoo.com
127.0.0.1 www.hotmail.com
127.0.0.1 www.wwe.com
127.0.0.1 www.altavista.com
127.0.0.1 www.themetsource.com
127.0.0.1 www.mysongbook.com
127.0.0.1 www.guitar-pro.com
127.0.0.1 www.about.com
127.0.0.1 www.symantec.com
127.0.0.1 www.mcafee.com
127.0.0.1 www.trendmicro.com
127.0.0.1 www.rohitab.com
127.0.0.1 www.microsoft.com
127.0.0.1 messenger.hotmail.com
127.0.0.1 http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=hotmail
127.0.0.1 www.msn.com
127.0.0.1 http://services.msn.com/svcs/hotmail/httpmail.asp
127.0.0.1 www.kazaa.com
127.0.0.1 http://oe.msn.msnmail.hotmail.com/cgi-bin/hmdata
127.0.0.1 www.vbcode.com
127.0.0.1 www.roxio.com
127.0.0.1 www.nero.com
127.0.0.1 www.net2phone.com
127.0.0.1 www.geocities.com
127.0.0.1 www.emp3finder.com
127.0.0.1 www.regedit.com
Elitper-E modifie également la base de registre :
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoRun
"1"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoCloseKey
"1"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoFind
dword:00000001
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
DisallowRun
"1"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
1
"notepad.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
2
"wordpad.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
3
"regedit.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
4
"msnmsgr.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
5
"msmsgs.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
6
"gp4.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
7
"help.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
8
"wmplayer.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
10
"excel.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
11
"winword.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
12
"winhelp.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
13
"wmplayer.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
14
"winrar.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
15
"winzip.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
16
"CLEAN_NOTEPAD.EXE"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
17
"ACDSee6.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
18
"acrord32.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
19
"ntbackup.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
20
"moviemk.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
21
"defrag.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
23
"netstat.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
25
"lupdate"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
26
"shutdown.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
27
"sndvol32.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
28
"sndrec32.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
30
"write.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
32
"dxdiag.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
33
"ntbackup.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
38
"dialer.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
39
"findstr.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
40
"dllhost.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
44
"print.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
45
"trendmicro.com"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
46
"UPX-iT.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
47
"NAVW32.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
48
"NAVWNT.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
49
"NAVSTUB.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
50
"navui.nsi"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
51
"CCIMSCN.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
52
"MSDEV.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
54
"chktrust.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
55
"apssm.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
56
"SNDSrvc.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
57
"NMain.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
58
"Ra2.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
59
"vfp6.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
60
"setup.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
61
"install.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
62
"savscan.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
67
"ad-aware.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
68
"remove.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
69
"uninstall.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
70
"NeroStartSmart.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
71
"uninst.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
72
"isuninst.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
75
"aawsepersonal.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
76
"avast.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
78
"keygen.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
80
"cmd.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
81
"project1.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
82
"1.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
83
"program.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
84
"application.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
85
"file.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
86
"browser.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
87
"UNWISE.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
88
"play.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
89
"directcd.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
90
"bind.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskMgr
"1"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools
dword:00000001
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
NoFileOpen
dword:00000001
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
NoPrinting
dword:00000001
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
NoBrowserSaveAs
dword:00000001
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
NoBrowserClose
dword:00000001
HKCU\Software\Shareaza\Shareaza\Uploads
SharePreviews
"1"
HKCU\Software\Shareaza\Shareaza\Uploads
SharePartials
"1"
HKCU\Software\Shareaza\Shareaza\Uploads
ShareMetadata
"1"
HKLM\Software\Microsoft\Security Center
AntiVirusDisableNotify
dword:00000001
HKLM\Software\Microsoft\Security Center
FirewallDisableNotify
dword:00000001
HKLM\Software\Microsoft\Security Center
FirewallOverride
dword:00000001
HKLM\Software\Microsoft\Security Center
AntiVirusOverride
dword:00000001
HKLM\Software\Microsoft\Security Center
UpdatesDisableNotify
dword:00000001
HKLM\Software\Policies\Microsoft\WindowsFirewall
DomainProfile
dword:00000000
HKLM\Software\Policies\Microsoft\WindowsFirewall\StandardProfile
EnableFirewall
dword:00000000
HKLM\System\CurrentControlSet\Services
wscsvc
dword:00000004
HKCU\Software\Kazaa\LocalContent
DisableSharing
"0"
HKLM\Software\Microsoft\Windows NT\CurrentVersion
RegisteredOwner
"surconfluge"
HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName
ComputerName
"surconfluge"
HKLM\System\CurrentControlSet\Services\Eventlog
ComputerName
"surconfluge"
Taille: 10449 Octet(s)
Détails techniques:
Lorsqu'il est exécuté, Elitper-E se copie aux emplacements suivants :
\Documents and Settings\All Users\Start Menu\Programs\Startup\XPStartUp.exe
\Documents and Settings\\Start Menu\Programs\Startup\XPStartUp.exe
{Program Files}\Internet Explorer\IExplore .exe
{Program Files}\Internet Explorer\Norton Internet Security.exe
{Program Files}\SP2 UPDATE.exe
{Program Files}\Windows Media Player\ LSASS .exe
{Windows folder}\TASKMGR .exe
Le ver se copie également dans les dossiers partagés des applications de réseaux peer-to-peer en utilisant le nom de fichier "All Nokia Phones Hacking + HotKeys To Acess To Networks.exe"
Afin d'être exécuté à chaque démarrage d'une session utilisateur, le ver ajoute les entrées suivantes à la base de registre :
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Firewall
"{Program Files}\SP2 UPDATE.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Protection
"{Program Files}\Internet Explorer\Norton Internet Security.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SysRes
"{Program Files}\Internet Explorer\IExplore .exe"
Le courriel envoyé par Elitper-E possède les caractéristiques suivantes :
Objet:
Microsoft SP2 Update
Corps du message:
Microsoft SP2 Update Urgent Download It
Pièce jointe:
Une copie du ver avec l'extension .exe
Elitper-E tente de modifier le fichier HOSTS (localisé généralement dans le répertoire %System%\drivers\etc) afin d'empêcher l'accès à certains sites dont voici la liste :
127.0.0.1 www.google.com
127.0.0.1 Symantec.TrendMicro.Sophos
127.0.0.1 www.download.com
127.0.0.1 www.hdpvidz.com
127.0.0.1 www.urbanchaosvideos.com
127.0.0.1 www.alltheweb.com
127.0.0.1 www.yahoo.com
127.0.0.1 www.hotmail.com
127.0.0.1 www.wwe.com
127.0.0.1 www.altavista.com
127.0.0.1 www.themetsource.com
127.0.0.1 www.mysongbook.com
127.0.0.1 www.guitar-pro.com
127.0.0.1 www.about.com
127.0.0.1 www.symantec.com
127.0.0.1 www.mcafee.com
127.0.0.1 www.trendmicro.com
127.0.0.1 www.rohitab.com
127.0.0.1 www.microsoft.com
127.0.0.1 messenger.hotmail.com
127.0.0.1 http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=hotmail
127.0.0.1 www.msn.com
127.0.0.1 http://services.msn.com/svcs/hotmail/httpmail.asp
127.0.0.1 www.kazaa.com
127.0.0.1 http://oe.msn.msnmail.hotmail.com/cgi-bin/hmdata
127.0.0.1 www.vbcode.com
127.0.0.1 www.roxio.com
127.0.0.1 www.nero.com
127.0.0.1 www.net2phone.com
127.0.0.1 www.geocities.com
127.0.0.1 www.emp3finder.com
127.0.0.1 www.regedit.com
Elitper-E modifie également la base de registre :
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoRun
"1"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoCloseKey
"1"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoFind
dword:00000001
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
DisallowRun
"1"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
1
"notepad.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
2
"wordpad.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
3
"regedit.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
4
"msnmsgr.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
5
"msmsgs.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
6
"gp4.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
7
"help.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
8
"wmplayer.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
10
"excel.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
11
"winword.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
12
"winhelp.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
13
"wmplayer.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
14
"winrar.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
15
"winzip.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
16
"CLEAN_NOTEPAD.EXE"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
17
"ACDSee6.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
18
"acrord32.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
19
"ntbackup.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
20
"moviemk.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
21
"defrag.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
23
"netstat.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
25
"lupdate"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
26
"shutdown.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
27
"sndvol32.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
28
"sndrec32.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
30
"write.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
32
"dxdiag.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
33
"ntbackup.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
38
"dialer.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
39
"findstr.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
40
"dllhost.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
44
"print.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
45
"trendmicro.com"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
46
"UPX-iT.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
47
"NAVW32.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
48
"NAVWNT.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
49
"NAVSTUB.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
50
"navui.nsi"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
51
"CCIMSCN.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
52
"MSDEV.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
54
"chktrust.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
55
"apssm.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
56
"SNDSrvc.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
57
"NMain.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
58
"Ra2.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
59
"vfp6.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
60
"setup.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
61
"install.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
62
"savscan.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
67
"ad-aware.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
68
"remove.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
69
"uninstall.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
70
"NeroStartSmart.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
71
"uninst.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
72
"isuninst.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
75
"aawsepersonal.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
76
"avast.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
78
"keygen.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
80
"cmd.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
81
"project1.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
82
"1.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
83
"program.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
84
"application.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
85
"file.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
86
"browser.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
87
"UNWISE.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
88
"play.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
89
"directcd.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
DisallowRun
90
"bind.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskMgr
"1"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools
dword:00000001
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
NoFileOpen
dword:00000001
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
NoPrinting
dword:00000001
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
NoBrowserSaveAs
dword:00000001
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
NoBrowserClose
dword:00000001
HKCU\Software\Shareaza\Shareaza\Uploads
SharePreviews
"1"
HKCU\Software\Shareaza\Shareaza\Uploads
SharePartials
"1"
HKCU\Software\Shareaza\Shareaza\Uploads
ShareMetadata
"1"
HKLM\Software\Microsoft\Security Center
AntiVirusDisableNotify
dword:00000001
HKLM\Software\Microsoft\Security Center
FirewallDisableNotify
dword:00000001
HKLM\Software\Microsoft\Security Center
FirewallOverride
dword:00000001
HKLM\Software\Microsoft\Security Center
AntiVirusOverride
dword:00000001
HKLM\Software\Microsoft\Security Center
UpdatesDisableNotify
dword:00000001
HKLM\Software\Policies\Microsoft\WindowsFirewall
DomainProfile
dword:00000000
HKLM\Software\Policies\Microsoft\WindowsFirewall\StandardProfile
EnableFirewall
dword:00000000
HKLM\System\CurrentControlSet\Services
wscsvc
dword:00000004
HKCU\Software\Kazaa\LocalContent
DisableSharing
"0"
HKLM\Software\Microsoft\Windows NT\CurrentVersion
RegisteredOwner
"surconfluge"
HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName
ComputerName
"surconfluge"
HKLM\System\CurrentControlSet\Services\Eventlog
ComputerName
"surconfluge"
Les Forums VirusTraQ
Un problème avec un virus, un ver, un cheval de Troie ou encore un spyware ?
Venez nous poser vos questions sur les forums VirusTraQ
Les listes VirusTraQ
Lettre d'information
Chaque vendredi, recevez un résumé de l'actualité de la semaine (articles, communiqués, interviews, derniers virus etc...)
Cliquez ici pour vous abonner !
Liste de diffusion Virus
Recevez en "temps réel" les toutes dernières descriptions de virus découverts en liberté.
Cliquez ici pour vous abonner !
