Chip 2004 April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2004 April / CMCD0404.ISO / Software / Demo / Panda / platinumisshuk.exe / QRV.KRN < prev next >

Wrap

INI File | 2003-10-13 | 83.0 KB | 1,797 lines

[Version] MinVersion=2.6.3.0 MaxVersion=2.8.0.0 Version=01.14.4.0 [VirusInformation] W32/GIBE.C=W32/GIBE.C W32/SOBIG.F=W32/SOBIG.F W32/NACHI.A=W32/NACHI.A W32/BLASTER=W32/BLASTER W32/Sobig.B=W32/Sobig.B W32/Parite.B=W32/Parite.B W32/Fizzer=W32/Fizzer W32/Lovgate.F=W32/Lovgate.F W32/NiceHello=W32/NiceHello W32/Lovgate.C=W32/Lovgate.C VBS/Redlof=VBS/Redlof W32/Lirva=W32/Lirva W32/Datom=W32/Datom W32/Bride=W32/Bride W32/Opaserv=W32/Opaserv W32/Bugbear=W32/Bugbear W32/Frethem=W32/Frethem W32/Dadinu=W32/Dadinu,W32/Duni.worm W32/Lentin.E=W32/Lentin.E,W32/Yaha.E W32/Lentin=W32/Lentin,W32/Yaha W32/Stator=W32/Stator W32/Klez=W32/Klez W32/Reeezak.A=W32/Reeezak.A@mm,Keyluc,W32/Zacker.C,W32/Maldal.C@mm W32/Updater=W32/Updater W32/Goner.A=W32/Goner.A I-Worm/Happy=I-Worm/Happy W32/Qaz=W32/Qaz W32/MSInit.A=W32/MSInit.A W32/Badtrans=W32/Badtrans.B,W32/Badtrans@MM W32/Vote=Vote W32/Nimda=Nimda W32/SirCam=W32/SirCam@mm VBS/Help=VBS/HappyTime.A VBS/VBSWG.J=VBS/VBSWG.J,I-Worm/Lee.O W32/PrettyPark=I-Worm.PrettyPark I-Worm/MTX=I-Worm/MTX JS/Kak.Worm=VBS.KakWorm, Kagou-Anti-Frosoft, Wsript.Kak.A JS/Kak.Worm.B=VBS.KakWorm.B, Wsript.Kak.B, Days VBS/ShellScrap.Worm=VBS/ShellScrap.Worm I-Worm/Verona.B=BleBla.B, I-Worm-Blebla.B, Troj/Blebla.B, W32/BleBla@mm W32/Navidad=W32/Navidad W32/Navidad.B=W32/Navidad.B VBS/CoolNotepad.Worm=VBS/CoolNotepad.Worm VBS/LoveLetter=VBS/LoveLetter VBS/LoveLetter.AS=VBS/LoveLetter.AS VBS/LoveLetter.B=VBS/LoveLetter.B VBS/LoveLetter.C=VBS/LoveLetter.C VBS/LoveLetter.D=VBS/LoveLetter.D VBS/LoveLetter.E=VBS/LoveLetter.E VBS/LoveLetter.F=VBS/LoveLetter.F VBS/LoveLetter.G=VBS/LoveLetter.G VBS/LoveLetter.H=VBS/LoveLetter.H VBS/LoveLetter.I=VBS/LoveLetter.I VBS/LoveLetter.J=VBS/LoveLetter.J VBS/LoveLetter.K=VBS/LoveLetter.K VBS/LoveLetter.L=VBS/LoveLetter.L VBS/LoveLetter.M=VBS/LoveLetter.M VBS/LoveLetter.N=VBS/LoveLetter.N VBS/LoveLetter.O=VBS/LoveLetter.O VBS/LoveLetter.P=VBS/LoveLetter.P VBS/LoveLetter.Q=VBS/LoveLetter.Q VBS/LoveLetter.R=VBS/LoveLetter.R VBS/LoveLetter.S=VBS/LoveLetter.S VBS/LoveLetter.T=VBS/LoveLetter.T VBS/LoveLetter.U=VBS/LoveLetter.U VBS/LoveLetter.V=VBS/LoveLetter.V VBS/LoveLetter.W=VBS/LoveLetter.W VBS/LoveLetter.X=VBS/LoveLetter.X VBS/LoveLetter.Y=VBS/LoveLetter.Y VBS/LoveLetter.Z=VBS/LoveLetter.Z W32/FunLove=Win32_FLC, Win32.FLC, FLCSS [VirusFamilies] F41=W32/GIBE.C F40=W32/SOBIG.F F39=W32/NACHI.A F38=BLASTER F37=Sobig.B F36=PARITE F35=FIZZER F34=NICEHELLO F33=LOVGATE F32=REDLOF F31=LIRVA F30=DATOM F29=BRIDE F28=BUGBEAR F27=OPASERV F26=FRETHEM F25=DADINU F24=LENTIN F23=STATOR F21=REEEZAK F20=UPDATER F19=GONER F18=HAPPY F17=QAZ F16=MSINIT F15=BADTRANS F14=KLEZ F13=VOTE F12=NIMDA F11=SIRCAM F07=FUNLOVE F09=ANNA KOURNIKOVA F03=COOL NOTEPAD F10=HELP F00=I LOVE YOU F01=KAK WORM F04=MATRIX F06=NAVIDAD F08=PRETTY PARK F02=SHELL SCRAP F05=VERONA [F41.Family] Name=W32/GIVE.C [F40.Family] Name=W32/SOBIG.F [F39.Family] Name=W32/NACHI.A [F38.Family] Name=Blaster [F37.Family] Name=Sobig.B [F36.Family] Name=Parite [F35.Family] Name=Fizzer [F34.Family] Name=NiceHello Filename= [F33.Family] Name=LOVGATE Filename= [F32.Family] Name=REDLOF Filename= [F31.Family] Name=LIRVA FileName= [F30.Family] Name=DATOM FileName= [F29.Family] Name=BRIDE FileName= [F28.Family] Name=BUGBEAR FileName= [F27.Family] Name=OPASERV FileName= [F26.Family] Name=FRETHEM FileName= [F25.Family] Name=DADINU FileName= [F24.Family] Name=LENTIN FileName= [F23.Family] Name=STATOR FileName= [F22.Family] Name=BADTRANS@MM FileName= [F21.Family] Name=REEEZAK FileName= [F20.Family] Name=UPDATER FileName= [F19.Family] Name=GONER FileName= [F18.Family] Name=HAPPY FileName= [F17.Family] Name=QAZ FileName= [F16.Family] Name=MSINIT FileName= [F15.Family] Name=BADTRANS FileName= [F14.Family] Name=KLEZ FileName= [F13.Family] Name=VOTE FileName= [F12.Family] Name=NIMDA FileName= [F11.Family] Name=SIRCAM FileName= [F10.Family] Name=HELP FileName= [F09.Family] Name=ANNA KOURNIKOVA FileName= [F08.Family] Name=PRETTY PARK FileName= [F00.Family] Name=I LOVE YOU FileName= [F01.Family] Name=KAK WORM FileName=KAK [F02.Family] Name=SHELL SCRAP FileName=SHELL [F03.Family] Name=COOL NOTEPAD FileName= [F04.Family] Name=MTX FileName= [F05.Family] Name=VERONA FileName= [F06.Family] Name=NAVIDAD FileName= [F07.Family] Name=FUNLOVE FileName= [W32/GIBE.C.Info] Family=F41 Detect=W32/GIBE.C Clear=W32/GIBE.C Aliases=W32/GIBE.C Ids=49563 [W32/SOBIG.F.Info] Family=F40 Detect=W32/SOBIG.F Clear=W32/SOBIG.F Aliases=W32/SOBIG.F Ids=48968,55286 LaunchPAV=1,/clv /aut /loc /nos /del /ext:exe;vir;scr;pif LaunchPAV32=1,/clv /aut /loc /nos /del /ext:exe;vir;scr;pif [W32/NACHI.A.Info] Family=F39 Detect=W32/NACHI.A Clear=W32/NACHI.A Aliases=W32/NACHI.A Ids=48971,48959 LaunchPAV=1,/clv /aut /loc /nos /del /ext:exe;vir LaunchPAV32=1,/clv /aut /loc /nos /del /ext:exe;vir [W32/BLASTER.Info] Family=F38 Detect=W32/BLASTER Clear=W32/BLASTER Aliases=W32/BLASTER Ids=55284 [W32/Sobig.B.Info] Family=F37 Detect=W32/Sobig.B Clear=W32/Sobig.B Aliases=W32/Sobig.B Ids=44683 LaunchPAV=1,/clv /aut /all /nos /del /ext:vir;exe;pif;tmp LaunchPAV32=1,/clv /aut /all /nos /del /ext:vir;exe;pif;tmp [W32/Parite.B.Info] Family=F36 Detect=W32/Parite.B Clear=W32/Parite.B Aliases=W32/Parite.B Ids=20144,42730,55354 LaunchPAV=1,/clv /aut /all /nos /del /ext:vir;exe;scr;tmp LaunchPAV32=1,/clv /aut /all /nos /del /ext:vir;exe;scr;tmp [W32/Fizzer.Info] Family=F35 Detect=W32/Fizzer Clear=W32/Fizzer Aliases=W32/Fizzer Ids=44614,44615,44620 LaunchPAV=1,/clv /aut /all /nos /del /ext:dll;vir;exe;pif;com;scr LaunchPAV32=1,/clv /aut /all /nos /del /ext:dll;vir;exe;pif;com;scr [W32/Lovgate.F.Info] Family=F33 Detect=W32/Lovgate.F Clear=W32/Lovgate.F Aliases=W32/Lovgate.F Ids=43908,44083,44469,55165,55166 LaunchPAV=1,/clv /aut /all /nos /del /ext:dll;vir;exe;pif LaunchPAV32=1,/clv /aut /all /nos /del /ext:dll;vir;exe;pif LaunchAtRunOnce=1,/selfdel /auto:clear [W32/NiceHello.Info] Family=F34 Detect=W32/NiceHello Clear=W32/NiceHello Aliases=W32/NiceHello Ids=43490 [W32/Lovgate.C.Info] Family=F33 Detect=W32/Lovgate.C Clear=W32/Lovgate.C Aliases=W32/Lovgate.C Ids=42822,50948,55168 LaunchPAV=1,/clv /aut /all /nos /del /ext:dll;vir;exe LaunchPAV32=1,/clv /aut /all /nos /del /ext:dll;vir;exe [VBS/Redlof.Info] Family=F32 Detect=VBS/Redlof Clear=VBS/Redlof Aliases=VBS/Redlof Ids=55362,60658,44602,55122,55125,55123 LaunchPAV=1,/clv /aut /loc /nos /del /ext:dll;vir;vbs;html;htm;asp;php;jsp;htt;gif LaunchPAV32=1,/clv /aut /loc /nos /del /ext:dll;vir;vbs;html;htm;asp;php;jsp;htt;gif [W32/Lirva.Info] Family=F31 Detect=W32/Lirva Clear=W32/Lirva Aliases=W32/Lirva Ids=34171,34204,34201,34205 LaunchPAV=1,/clv /aut /loc /nos /del /ext:exe;ini;vir LaunchPAV32=1,/clv /aut /loc /nos /del /ext:exe;ini;vir [W32/Datom.Info] Family=F30 Detect=W32/Datom Clear=W32/Datom Aliases=W32/Datom Ids=60813,60814,60815 [W32/Bride.Info] Family=F29 Detect=W32/Bride Clear=W32/Bride Aliases=W32/Bride Ids=61831 LaunchPAV=1,/clv /aut /cmp /loc /nos /del /ext:exe;eml;vir LaunchPAV32=1,/clv /aut /cmp /loc /nos /del /ext:exe;eml;vir [W32/Bugbear.Info] Family=F28 Detect=W32/Bugbear Clear=W32/Bugbear Aliases=W32/Bugbear Ids=53751,58234,58507,61581,61590,61635,44994,44997,55197,45069,55233 LaunchPAV=1,/clv /aut /loc /nos /del /ext:exe;vir LaunchPAV32=1,/clv /aut /loc /nos /del /ext:exe;vir [W32/Opaserv.Info] Family=F27 Detect=W32/Opaserv Clear=W32/Opaserv Aliases=W32/Opaserv Ids=55103,61613,61752,43998,55104,61614,61757,34752,34753,34780,55109,61574,55110,61363,41074,47159,55108,61580,55106,61586,61754,41195,41211,41212,41213,41214,41215,41216,41217,41218,41219,41220,41221,41697,41698,41699,42561,44070,44071,44072,44073,44074,44075,44076,44077,44078,44079,44332,44333,44334,49021,55107,61587,62265,34871,61775,61792,61794,61832,61842,61844,43639,61819,61830,61868,61876,44452,62230,39963,42673,42729,42993,43630,62635,43604,62773,34309,34310,34859,40953,43906,44832,48889,34376,34377 [W32/Frethem.Info] Family=F26 Detect=W32/Frethem Clear=W32/Frethem Aliases=W32/Frethem Ids=60840,60853,60859 LaunchPAV=1,/clv /aut /loc /nos /del /ext:exe;vir LaunchPAV32=1,/clv /aut /loc /nos /del /ext:exe;vir [W32/Dadinu.Info] Family=F25 Detect=W32/Dadinu Clear=W32/Dadinu Aliases=W32/Dadinu,W32/Duni.worm Ids=60710,60711,60877 LaunchPAV=1,/clv /aut /loc /nos /del /ext:exe;cpl;vir LaunchPAV32=1,/clv /aut /loc /nos /del /ext:exe;cpl;vir [W32/Lentin.E.Info] Family=F24 Detect=W32/Lentin.E Clear=W32/Lentin.E Aliases=W32/Lentin.E,W32/Yaha.E Ids=60568 LaunchPAV=1,/clv /aut /loc /nos /del /ext:exe;vir;dll;scr LaunchPAV32=1,/clv /aut /loc /nos /del /ext:exe;vir;dll;scr LaunchAtRunOnce=1,/selfdel /auto:clear /nopav [W32/Lentin.Info] Family=F24 Detect=W32/Lentin Clear=W32/Lentin Aliases=W32/Lentin,W32/Yaha Ids=51720,60336,34681,60379,60383,60544,61289,60655,60657,62395,62670,63551,34166 LaunchPAV=1,/clv /aut /loc /nos /del /ext:exe;vir;dll;scr LaunchPAV32=1,/clv /aut /loc /nos /del /ext:exe;vir;dll;scr [W32/Stator.Info] Family=F23 Detect=Stator Clear=Stator Aliases=Stator Ids=55250,56530,59493,59627,60344,61025,61120,57653 LaunchPAV=1,/clv /aut /loc /nos /del /ext:exe;com;sys;vir LaunchPAV32=1,/clv /aut /loc /nos /del /ext:exe;com;sys;vir [W32/Reeezak.A.Info] Family=F21 Detect=W32/Reeezak.A Clear=W32/Reeezak.A Aliases=Keyluc,W32/Zacker.C,W32/Maldal.C@mm Ids=59897 LaunchPAV=1,/clv /aut /nbr /loc /nos /del /ext:exe;vir LaunchPAV32=1,/clv /aut /nbr /loc /nos /del /ext:exe;vir [W32/Updater.Info] Family=F20 Detect=W32/Updater Clear=W32/Updater Aliases=W32/Updater Ids=59877,59878,60086 LaunchPAV=1,/clv /aut /nbr /loc /del /nos /ext:exe;vbs;vir LaunchPAV32=1,/clv /aut /nbr /loc /del /nos /ext:exe;vbs;vir [W32/Goner.A.Info] Family=F19 Detect=W32/Goner.A Clear=W32/Goner.A Aliases=W32/Goner.A@mm Ids=44453,51850,59868,59872,59965 LaunchPAV=1,/clv /aut /nbr /del /loc /nos /ext:scr;vir LaunchPAV32=1,/clv /aut /nbr /del /loc /nos /ext:scr;vir [I-Worm/Happy.Info] Family=F18 Detect=I-Worm/Happy Clear=I-Worm/Happy Aliases=W32/Ska Ids=24129,53243 LaunchPAV=1,/clv /aut /nbr /loc /nos /del /ext:exe;ska;dll;vir LaunchPAV32=1,/clv /aut /nbr /loc /nos /del /ext:exe;ska;dll;vir [W32/Qaz.Info] Family=F17 Detect=W32/Qaz Clear=W32/Qaz Aliases=Trojan/Notepad Ids=55307,61257 LaunchPAV=1,/clv /aut /nbr /del /loc /nos /ext:exe;vir LaunchPAV32=1,/clv /aut /nbr /del /loc /nos /ext:exe;vir [W32/MSInit.A.Info] Family=F16 Detect=W32/MSInit.A Clear=W32/MSInit.A Aliases=Worm/Dnet_Winit Ids=55306,59290,59881,59927,59982,60422,60607,55309,59719,60606 LaunchPAV=1,/clv /aut /nbr /loc /nos /del /ext:exe;vir LaunchPAV32=1,/clv /aut /nbr /loc /nos /del /ext:exe;vir [W32/Badtrans.Info] Family=F15 Detect=W32/Badtrans Clear=W32/Badtrans Aliases=W32/Badtrans.B,W32/Badtrans@MM Ids=57861,57862,59162,59412,60664,59420,59851,59886,59892,59852 LaunchPAV=1,/clv /aut /nbr /loc /nos /del /ext:exe;pif;scr;dll;vir LaunchPAV32=1,/clv /aut /nbr /loc /nos /del /ext:exe;pif;scr;dll;vir [W32/Klez.Info] Family=F14 Detect=W32/Klez Clear=W32/Klez Aliases=W32/Klez Ids=55243,61364,58936,58945,60202,60212,60284,57631,61532,55252,62355,43062 LaunchPAV=1,/clv /aut /loc /nos /aex /nbr /del /delp LaunchPAV32=1,/clv /aut /loc /nos /aex /nbr /del /delp LaunchAtRunOnce=1,/auto:clear /nopav /selfdel [W32/Vote.Info] Family=F13 Detect=W32/Vote Clear=W32/Vote Aliases=W32/Vote,VOTE Ids=59595,59596,59597 LaunchPAV=1,/clv /aut /nbr /loc /nos /del /ext:vbs;exe;vir LaunchPAV32=1,/clv /aut /nbr /loc /nos /del /ext:vbs;exe;vir [W32/Nimda.Info] Family=F12 Detect=W32/Nimda Clear=W32/Nimda Aliases=W32/Nimda.A@mm,Nimda,W32/Nimda.D,W32/Nimda.E Ids=55341,62241,58707,58941,42277,42278,42279 LaunchPAV=1,/loc /nbr /clv /del /nos /aut /cmp /delp /ext:dll;exe;tmp;doc;dot;eml;nws;asp;htm;html;vir LaunchPAV32=1,/loc /nbr /clv /del /nos /aut /cmp /delp /ext:dll;exe;tmp;doc;dot;eml;nws;asp;htm;html;vir [VBS/VBSWG.J.Info] Family=F09 Detect=VBS/VBSWG.J Clear=VBS/VBSWG.J Aliases=VBS/VBSWG.J,I-Worm/Lee.O Ids=15400,34976,59961 LaunchPAV=1,/clv /aut /nbr /loc /nos /del /ext:vbs;ini;vir LaunchPAV32=1,/clv /aut /nbr /loc /nos /del /ext:vbs;ini;vir [W32/PrettyPark.Info] Family=F08 Detect=W32/PrettyPark Clear=W32/PrettyPark Aliases=I-Worm.PrettyPark Ids=28008,55018,59472 LaunchPAV=1,/clv /aut /nbr /loc /nos /del /ext:exe;vxd;vir LaunchPAV32=1,/clv /aut /nbr /loc /nos /del /ext:exe;vxd;vir [I-Worm/MTX.Info] Family=F04 Detect=I-Worm/MTX Clear=I-Worm/MTX Aliases=I-Worm/MTX Ids=28889,55212,54751,62448 LaunchPAV=1,/mtx /clv /aut /aex /nbr /loc /nos /del LaunchPAV32=1,/mtx /clv /aut /aex /nbr /loc /nos /del [VBS/CoolNotepad.Worm.Info] Family=F03 Detect=VBS/CoolNotepad.Worm Clear=VBS/CoolNotepad.Worm Aliases=VBS/CoolNotepad.Worm Ids=51328 LaunchPAV=1,/clv /aut /nbr /loc /nos /del /ext:vbs;ini;vir LaunchPAV32=1,/clv /aut /nbr /loc /nos /del /ext:vbs;ini;vir [VBS/LoveLetter.AS.Info] Family=F00 Detect=VBS/LoveLetter.AS Clear=VBS/LoveLetter.AS Aliases=VBS/LoveLetter.AS Ids=55101,57686,61350 [JS/Kak.Worm.Info] Family=F01 Detect=JS/Kak.Worm Clear=JS/Kak.Worm Aliases=VBS.KakWorm, Kagou-Anti-Frosoft, Wsript.Kak.A Ids=31932,32378 LaunchPAV=1,/clv /aut /nbr /loc /nos /del /ext:htm;html;hta;reg;bat;kak;vir LaunchPAV32=1,/clv /aut /nbr /loc /nos /del /ext:htm;html;hta;reg;bat;kak;vir [JS/Kak.Worm.B.Info] Family=F01 Detect=JS/Kak.Worm.B Clear=JS/Kak.Worm.B Aliases=VBS.KakWorm.B, Wsript.Kak.B, Days Ids=24215,28858,51623 LaunchPAV=1,/clv /aut /nbr /loc /nos /del /ext:htm;html;hta;reg;bat;kak;vir LaunchPAV32=1,/clv /aut /nbr /loc /nos /del /ext:htm;html;hta;reg;bat;kak;vir [VBS/ShellScrap.Worm.Info] Family=F02 Detect=VBS/ShellScrap.Worm Clear=VBS/ShellScrap.Worm Aliases=VBS/ShellScrap.Worm, VBS/Live_Stages, VBS.Stages.Worm Ids=24746,51343,51344,51542,24747,24748 LaunchPAV=1,/clv /aut /nbr /loc /nos /del /ext:shs;ini;exe;vbs;vir LaunchPAV32=1,/clv /aut /nbr /loc /nos /del /ext:shs;ini;exe;vbs;vir [VBS/LoveLetter.Info] Family=F00 Detect=VBS/LoveLetter Clear=VBS/LoveLetter Aliases=I LOVE YOU, Worm/LoveLetter, Barok Ids=42206,48186,48945,51220,51221,51224,51225,51241,54995,61021,61356 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos /del LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos /del [VBS/LoveLetter.B.Info] Family=F00 Detect=VBS/LoveLetter Clear=VBS/LoveLetter Aliases=VBS/LoveLetter.B Ids=51238,51242 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos /del LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos /del [VBS/LoveLetter.C.Info] Family=F00 Detect=VBS/LoveLetter.C Clear=VBS/LoveLetter.C Aliases=Very Funny Ids=51239,60315 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos /del LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos /del [VBS/LoveLetter.D.Info] Family=F00 Detect=VBS/LoveLetter.D Clear=VBS/LoveLetter.D Aliases=VBS/Mothersday, WORM/LoveLetter.D Ids=51240 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos /del LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos /del [VBS/LoveLetter.E.Info] Family=F00 Detect=VBS/LoveLetter.E Clear=VBS/LoveLetter.E Aliases=WORM/LoveLetter.E Ids=51236,51243 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos /del LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos /del [VBS/LoveLetter.F.Info] Family=F00 Detect=VBS/LoveLetter.F Clear=VBS/LoveLetter.F Aliases=WORM/LoveLetter.F Ids=51244,51248 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos /del LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos /del [VBS/LoveLetter.G.Info] Family=F00 Detect=VBS/LoveLetter.G Clear=VBS/LoveLetter.G Aliases=WORM/LoveLetter.G Ids=51245,51246 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos /del LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos /del [VBS/LoveLetter.H.Info] Family=F00 Detect=VBS/LoveLetter Clear=VBS/LoveLetter Aliases=WORM/LoveLetter.H Ids=51253 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos /del LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos /del [VBS/LoveLetter.I.Info] Family=F00 Detect=VBS/LoveLetter.I Clear=VBS/LoveLetter.I Aliases=WORM/LoveLetter.I Ids=51254,51256 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos /del LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos /del [VBS/LoveLetter.J.Info] Family=F00 Detect=VBS/LoveLetter.J Clear=VBS/LoveLetter.J Aliases=WORM/LoveLetter.J Ids=51260 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos /del LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos /del [VBS/LoveLetter.K.Info] Family=F00 Detect=VBS/LoveLetter.K Clear=VBS/LoveLetter.K Aliases=WORM/LoveLetter.K Ids=51262 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos /del LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos /del [VBS/LoveLetter.L.Info] Family=F00 Detect=VBS/LoveLetter.L Clear=VBS/LoveLetter.L Aliases=WORM/LoveLetter.L Ids=51257 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos /del LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos /del [VBS/LoveLetter.M.Info] Family=F00 Detect=VBS/LoveLetter Clear=VBS/LoveLetter Aliases=WORM/LoveLetter.M Ids=51220 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos /del LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos /del [VBS/LoveLetter.N.Info] Family=F00 Detect=VBS/LoveLetter.N Clear=VBS/LoveLetter.N Aliases=WORM/LoveLetter.N Ids=51267 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos /del LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos /del [VBS/LoveLetter.O.Info] Family=F00 Detect=VBS/LoveLetter Clear=VBS/LoveLetter Aliases=WORM/LoveLetter.O Ids=51269,51270 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos /del LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos /del [VBS/LoveLetter.P.Info] Family=F00 Detect=VBS/LoveLetter.P Clear=VBS/LoveLetter.P Aliases=WORM/LoveLetter.P Ids=51272 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos /del LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos /del [VBS/LoveLetter.Q.Info] Family=F00 Detect=VBS/LoveLetter.Q Clear=VBS/LoveLetter.Q Aliases=WORM/LoveLetter.Q Ids=51273 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos /del LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos /del [VBS/LoveLetter.R.Info] Family=F00 Detect=VBS/LoveLetter.G Clear=VBS/LoveLetter.G Aliases=WORM/LoveLetter.R Ids=51275 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos /del LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos /del [VBS/LoveLetter.S.Info] Family=F00 Detect=VBS/LoveLetter.S Clear=VBS/LoveLetter.S Aliases=WORM/LoveLetter.S Ids=51276,56848 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos /del LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos /del [VBS/LoveLetter.T.Info] Family=F00 Detect=VBS/LoveLetter.T Clear=VBS/LoveLetter.T Aliases=WORM/LoveLetter.T Ids=51278 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos /del LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos /del [VBS/LoveLetter.U.Info] Family=F00 Detect=VBS/LoveLetter.U Clear=VBS/LoveLetter.U Aliases=WORM/LoveLetter.U Ids=51279 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos /del LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos /del [VBS/LoveLetter.V.Info] Family=F00 Detect=VBS/LoveLetter.V Clear=VBS/LoveLetter.V Aliases=WORM/LoveLetter.V Ids=51281 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos /del LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos /del [VBS/LoveLetter.W.Info] Family=F00 Detect=VBS/LoveLetter.W Clear=VBS/LoveLetter.W Aliases=WORM/LoveLetter.W Ids=51284,51290 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos /del LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos /del [VBS/LoveLetter.X.Info] Family=F00 Detect=VBS/LoveLetter Clear=VBS/LoveLetter Aliases=WORM/LoveLetter.X Ids=51291,56849 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos /del LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos /del [VBS/LoveLetter.Y.Info] Family=F00 Detect=VBS/LoveLetter Clear=VBS/LoveLetter Aliases=WORM/LoveLetter.Y Ids=51292 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos /del LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos /del [VBS/LoveLetter.Z.Info] Family=F00 Detect=VBS/LoveLetter Clear=VBS/LoveLetter Aliases=WORM/LoveLetter.Z Ids=51303 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos /del LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos /del [I-Worm/Verona.B.Info] Family=F05 Detect=I-Worm/Verona.B Clear=I-Worm/Verona.B Aliases=I-Worm/Verona.B Ids=15352,15353,43804,53486,54857,57237,57256,58034,60977,61075,24845,24846,53361,54763 LaunchPAV=1,/clv /aut /nbr /loc /nos /del /ext:exe;chm;vir LaunchPAV32=1,/clv /aut /nbr /loc /nos /del /ext:exe;chm;vir [W32/Navidad.Info] Family=F06 Detect=W32/Navidad Clear=W32/Navidad Aliases=W32/Navidad Ids=55221,61266 LaunchPAV=1,/clv /aut /nbr /loc /nos /del /ext:exe;vir LaunchPAV32=1,/clv /aut /nbr /loc /nos /del /ext:exe;vir [W32/Navidad.B.Info] Family=F06 Detect=W32/Navidad.B Clear=W32/Navidad.B Aliases=W32/Navidad.B Ids=54974,57545,58445,60566 LaunchPAV=1,/clv /aut /nbr /loc /nos /del /ext:exe;vir LaunchPAV32=1,/clv /aut /nbr /loc /nos /del /ext:exe;vir [W32/FunLove.Info] Family=F07 Detect=W32/FunLove Clear=W32/FunLove Aliases=W32/FunLove Ids=30807,55051,52029,61837,61930 LaunchPAV=1,/clv /aut /nbr /loc /nos /aex /del LaunchPAV32=1,/clv /aut /nbr /loc /nos /aex /del [W32/SirCam.Info] Family=F11 Detect=W32/SirCam Clear=W32/SirCam Aliases=W32/SirCam@mm Ids=56752,58846,59406,59423,59459 LaunchPAV=1,/clv /aut /nbr /loc /nos /del /ext:bat;com;lnk;pif;exe;vir LaunchPAV32=1,/clv /aut /nbr /loc /nos /del /ext:bat;com;lnk;pif;exe;vir [VBS/Help.Info] Family=F10 Detect=VBS/Help Clear=VBS/Help Aliases=VBS/HappyTime.A Ids=24266,55094,55405,62240,62384,24273,55406 LaunchPAV=1,/clv /aut /nbr /loc /nos /del /ext:htm;html;vbs;asp;htt;hta;vir LaunchPAV32=1,/clv /aut /nbr /loc /nos /del /ext:htm;html;vbs;asp;htt;hta;vir [W32/GIBE.C.Clear] REGISTRY_DELETE_KEY_VALUE0=HKEY_CURRENT_USER,Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools REGISTRY_SET_KEY_VALUE0=HKEY_CLASSES_ROOT,exefile\shell\open\command,"",""%1" %*" REGISTRY_SET_KEY_VALUE1=HKEY_CLASSES_ROOT,comfile\shell\open\command,"",""%1" %*" REGISTRY_SET_KEY_VALUE2=HKEY_CLASSES_ROOT,piffile\shell\open\command,"",""%1" %*" REGISTRY_SET_KEY_VALUE3=HKEY_CLASSES_ROOT,scrfile\shell\open\command,"",""%1" %*" REGISTRY_SET_KEY_VALUE4=HKEY_CLASSES_ROOT,batfile\shell\open\command,"",""%1" %*" REGISTRY_SET_KEY_VALUE5=HKEY_CLASSES_ROOT,regfile\shell\open\command,"","regedit.exe "%1"" [W32/SOBIG.F.Clear] PROC_TERMINATE_BY_NAME0=WINPPR32.EXE FILE_DELETE_BY_PATH0=%WindowsRoot%\WINPPR32.EXE FILE_DELETE_BY_PATH1=%WindowsRoot%\WINFSTF32.DLL REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,TrayX REGISTRY_DELETE_KEY_VALUE1=HKEY_CURRENT_USER,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,TrayX [W32/NACHI.A.Clear] PROC_TERMINATE_BY_NAME0=DLLHOST.EXE FILE_DELETE_BY_PATH0=%SystemRoot%\Wins\DLLHOST.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\Wins\SVCHOST.EXE REGISTRY_DELETE_KEY0=HKEY_LOCAL_MACHINE,SYSTEM\CurrentControlSet\Services\RPCPatch REGISTRY_DELETE_KEY1=HKEY_LOCAL_MACHINE,SYSTEM\CurrentControlSet\Services\RPCTftpd [W32/BLASTER.Clear] PROC_TERMINATE_BY_NAME0=MSBLAST.EXE PROC_TERMINATE_BY_NAME1=PENIS32.EXE PROC_TERMINATE_BY_NAME2=TEEKIDS.EXE PROC_TERMINATE_BY_NAME3=MSLAUGH.EXE FILE_DELETE_BY_PATH0=%SystemRoot%\MSBLAST.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\PENIS32.EXE FILE_DELETE_BY_PATH2=%SystemRoot%\TEEKIDS.EXE FILE_DELETE_BY_PATH3=%SystemRoot%\MSLAUGH.EXE REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,windows auto update REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,Microsoft Inet Xp.. REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,Windows Automation PATH_MAKE_BY_PATH0=%SystemRoot%\MSBLAST.EXE,1,HSR PATH_MAKE_BY_PATH1=%SystemRoot%\PENIS32.EXE,1,HSR PATH_MAKE_BY_PATH2=%SystemRoot%\TEEKIDS.EXE,1,HSR PATH_MAKE_BY_PATH3=%SystemRoot%\MSLAUGH.EXE,1,HSR [W32/Sobig.B.Clear] PROC_TERMINATE_BY_NAME0=msccn32.exe FILE_DELETE_BY_PATH0=%WindowsRoot%\msccn32.exe FILE_DELETE_BY_PATH1=%WindowsRoot%\All Users\Start Menu\Programs\StartUp\msccn32.exe FILE_DELETE_BY_PATH2=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\msccn32.exe FILE_DELETE_BY_PATH3=%WindowsRoot%\hnks.ini FILE_DELETE_BY_PATH4=%WindowsRoot%\mdbrr.ini REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,System Tray REGISTRY_DELETE_KEY_VALUE1=HKEY_CURRENT_USER,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,System Tray [W32/Parite.B.Clear] REGISTRY_DELETE_KEY_VALUE0=HKEY_CURRENT_USER,Software\Microsoft\Windows\CurrentVersion\Explorer,PINF [W32/Fizzer.Clear] PROC_TERMINATE_BY_NAME0=iservc.exe PROC_TERMINATE_BY_NAME1=progop.exe FILE_DELETE_BY_PATH0=%WindowsRoot%\initbak.dat FILE_DELETE_BY_PATH1=%WindowsRoot%\iservc.exe FILE_DELETE_BY_PATH2=%WindowsRoot%\progop.exe FILE_DELETE_BY_PATH3=%WindowsRoot%\iservc.dll FILE_DELETE_BY_PATH4=%WindowsRoot%\iservc.klg SERVICE_DELETE_BY_NAME0=S1TRACE REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,SystemInit REGISTRY_SET_KEY_VALUE0=HKEY_CLASSES_ROOT,txtfile\shell\open\command,"","NOTEPAD.EXE %1" REGISTRY_DELETE_KEY0=HKEY_CLASSES_ROOT,Applications\ProgOp.exe [W32/Lovgate.F.Clear] PROC_TERMINATE_BY_NAME0=WinGate.EXE PROC_TERMINATE_BY_NAME1=winrpc.EXE PROC_TERMINATE_BY_NAME2=WinDriver.exe PROC_TERMINATE_BY_NAME3=RAVMOND.exe PROC_TERMINATE_BY_NAME4=IEXPLORE.EXE PROC_TERMINATE_BY_NAME5=WinHelp.exe PROC_TERMINATE_BY_NAME6=stg.exe PROC_TERMINATE_BY_NAME7=NetServices.exe SERVICE_DELETE_BY_NAME0=ll_reg SERVICE_DELETE_BY_NAME1=NetMeeting Remote Desktop (RPC) Sharing SERVICE_DELETE_BY_NAME2=Windows Management Instrumentation Driver Extension SERVICE_DELETE_BY_NAME3=Microsoft NetWork FireWall Services FILE_DELETE_BY_PATH0=%SystemRoot%\WINGATE.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\WINRPC.EXE FILE_DELETE_BY_PATH2=%SystemRoot%\WinDriver.exe FILE_DELETE_BY_PATH3=%SystemRoot%\RAVMOND.exe FILE_DELETE_BY_PATH4=%SystemRoot%\IEXPLORE.EXE FILE_DELETE_BY_PATH5=%SystemRoot%\WinHelp.exe FILE_DELETE_BY_PATH6=%SystemRoot%\stg.exe FILE_DELETE_BY_PATH7=%SystemRoot%\kernel66.dll FILE_DELETE_BY_PATH8=%SystemRoot%\111.dll FILE_DELETE_BY_PATH9=%SystemRoot%\ily668.dll FILE_DELETE_BY_PATH10=%SystemRoot%\reg678.dll FILE_DELETE_BY_PATH11=%SystemRoot%\Task688.dll FILE_DELETE_BY_PATH12=%SystemRoot%\NetServices.exe REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,Remote Procedure Call Locator REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,WinHelp REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,WinGate initialize REGISTRY_DELETE_KEY_VALUE3=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,Program In Windows REGISTRY_SET_KEY_VALUE0=HKEY_CLASSES_ROOT,txtfile\shell\open\command,"","NOTEPAD.EXE %1" REGISTRY_DELETE_KEY0=HKEY_LOCAL_MACHINE,SYSTEM\CurrentControlSet\Services\ll_reg REGISTRY_DELETE_KEY1=HKEY_LOCAL_MACHINE,SYSTEM\CurrentControlSet\Services\NetMeeting Remote Desktop (RPC) Sharing REGISTRY_DELETE_KEY2=HKEY_LOCAL_MACHINE,SYSTEM\CurrentControlSet\Services\Windows Management Instrumentation Driver Extension REGISTRY_DELETE_KEY3=HKEY_LOCAL_MACHINE,SYSTEM\CurrentControlSet\Services\Microsoft NetWork FireWall Services INI_SET_KEY_VALUE0=%WindowsRoot%\WIN.INI,windows,run,"" [W32/NiceHello.Clear] PROC_TERMINATE_BY_NAME0=Sys64dvr.exe REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,System 64 Driver for Games FILE_DELETE_BY_PATH0=%SystemRoot%\Sys64dvr.exe FILE_DELETE_BY_PATH1=%WindowsRoot%\system32sys64dvr.exe FILE_DELETE_BY_PATH2=%WindowsRoot%\systemsys64dvr.exe [W32/Lovgate.C.Clear] REGISTRY_DELETE_KEY0=HKEY_LOCAL_MACHINE,SOFTWARE\KittyXP.sql REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,Module Call initialize REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,syshelp REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,Wingate initialize REGISTRY_DELETE_KEY_VALUE3=HKEY_CURRENT_USER,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows,Run REGISTRY_SET_KEY_VALUE0=HKEY_CLASSES_ROOT,txtfile\shell\open\command,"","NOTEPAD.EXE %1" PROC_TERMINATE_BY_NAME0=SYSHELP.EXE PROC_TERMINATE_BY_NAME1=WINGATE.EXE PROC_TERMINATE_BY_NAME2=RPCSRV.EXE PROC_TERMINATE_BY_NAME3=SSRV.EXE SERVICE_DELETE_BY_NAME0=Window Remote Service SERVICE_DELETE_BY_NAME1=Windows Management Extension SERVICE_DELETE_BY_NAME2=dll_reg INI_SET_KEY_VALUE0=%WindowsRoot%\WIN.INI,windows,run,"" FILE_DELETE_BY_PATH0=%SystemRoot%\ILY.DLL FILE_DELETE_BY_PATH1=%SystemRoot%\TASK.DLL FILE_DELETE_BY_PATH2=%SystemRoot%\REG.DLL FILE_DELETE_BY_PATH3=%SystemRoot%\1.dll [VBS/Redlof.Clear] REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,Kernel32 REGISTRY_DELETE_KEY0=HKEY_CLASSES_ROOT,dllfile\shell\Open\Command REGISTRY_DELETE_KEY1=HKEY_CLASSES_ROOT,dllfile\ScriptEngine REGISTRY_DELETE_KEY2=HKEY_CLASSES_ROOT,dllfile\ScriptHostEncode REGISTRY_DELETE_KEY3=HKEY_CLASSES_ROOT,dllfile\ShellEx\PropertySheetHandlers [W32/Lirva.Clear] REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,Avril Lavigne - Muse [W32/Datom.Clear] PROC_TERMINATE_BY_NAME0=msvxd.exe FILE_DELETE_BY_PATH0=%WindowsRoot%\MSVXD.EXE FILE_DELETE_BY_PATH1=%WindowsRoot%\MSVXD16.DLL FILE_DELETE_BY_PATH2=%WindowsRoot%\MSVXD32.DLL REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSVXD INI_SET_KEY_VALUE0=%WindowsRoot%\WIN.INI,windows,run,"" PATH_MAKE_BY_PATH0=%WindowsRoot%\MSVXD.EXE,1,HSR PATH_MAKE_BY_PATH1=%WindowsRoot%\MSVXD16.DLL,1,HSR PATH_MAKE_BY_PATH2=%WindowsRoot%\MSVXD32.DLL,1,HSR [W32/Bride.Clear] PROC_TERMINATE_BY_NAME0=REGEDIT.EXE PROC_TERMINATE_BY_NAME1=BRIDE.EXE FILE_DELETE_BY_PATH0=%SystemRoot%\REGEDIT.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\BRIDE.EXE PATH_MAKE_BY_PATH0=%SystemRoot%\BRIDE.EXE,1,HSR REGISTRY_DELETE_KEY_VALUE0=HKEY_CURRENT_USER,Software\Microsoft\Windows\CurrentVersion\Run,Regedit REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,Regedit [W32/Bugbear.Clear] FILE_DELETE_BY_PATH0=%TempRoot%\~PHQGHUM.TMP [W32/Opaserv.Clear] PROC_TERMINATE_BY_NAME0=SCRSVR.EXE PROC_TERMINATE_BY_NAME1=BRASIL.EXE PROC_TERMINATE_BY_NAME2=BRASIL.PIF PROC_TERMINATE_BY_NAME3=ALEVIR.EXE PROC_TERMINATE_BY_NAME4=PUTA!!.EXE PROC_TERMINATE_BY_NAME5=HACKE!.EXE PROC_TERMINATE_BY_NAME6=MARCO!.SCR PROC_TERMINATE_BY_NAME7=SRV32.EXE PROC_TERMINATE_BY_NAME8=INSTIT.BAT PROC_TERMINATE_BY_NAME9=MQBKUP.EXE PROC_TERMINATE_BY_NAME10=MSTASK.EXE FILE_DELETE_BY_PATH0=%WindowsRoot%\SCRSVR.EXE FILE_DELETE_BY_PATH1=C:\SCRSIN.DAT FILE_DELETE_BY_PATH2=C:\SCRSOUT.DAT FILE_DELETE_BY_PATH3=C:\TMP.INI FILE_DELETE_BY_PATH4=%WindowsRoot%\SCRLOG FILE_DELETE_BY_PATH5=%WindowsRoot%\SCRLOG2 FILE_DELETE_BY_PATH6=%WindowsRoot%\BRASIL.EXE FILE_DELETE_BY_PATH7=%WindowsRoot%\BRASIL.PIF FILE_DELETE_BY_PATH8=C:\PUT.INI FILE_DELETE_BY_PATH9=%WindowsRoot%\ALEVIR.EXE FILE_DELETE_BY_PATH10=%WindowsRoot%\PUTA!!.EXE FILE_DELETE_BY_PATH11=%WindowsRoot%\HACKE!.EXE FILE_DELETE_BY_PATH12=%WindowsRoot%\MARCO!.SCR FILE_DELETE_BY_PATH13=%WindowsRoot%\SRV32.EXE FILE_DELETE_BY_PATH14=C:\TEMP.INI FILE_DELETE_BY_PATH15=C:\SRVTSK FILE_DELETE_BY_PATH16=C:\SRVRES FILE_DELETE_BY_PATH17=%WindowsRoot%\INSTIT.BAT FILE_DELETE_BY_PATH18=C:\INSTITU FILE_DELETE_BY_PATH19=C:\GUSTAV.SAV FILE_DELETE_BY_PATH20=C:\INSTITU.VAT FILE_DELETE_BY_PATH21=%WindowsRoot%\MQBKUP.EXE FILE_DELETE_BY_PATH22=%WindowsRoot%\MSTASK.EXE FILE_DELETE_BY_PATH23=%WindowsRoot%\MSBIND.DLL FILE_DELETE_BY_PATH24=%WindowsRoot%\MSCAT32.DLL PATH_MAKE_BY_PATH0=%WindowsRoot%\SCRSVR.EXE,1,HSR PATH_MAKE_BY_PATH1=%WindowsRoot%\BRASIL.PIF,1,HSR PATH_MAKE_BY_PATH2=%WindowsRoot%\BRASIL.EXE,1,HSR PATH_MAKE_BY_PATH3=%WindowsRoot%\ALEVIR.EXE,1,HSR PATH_MAKE_BY_PATH4=%WindowsRoot%\PUTA!!.EXE,1,HSR PATH_MAKE_BY_PATH5=%WindowsRoot%\HACKE!.EXE,1,HSR PATH_MAKE_BY_PATH6=%WindowsRoot%\MARCO!.SCR,1,HSR PATH_MAKE_BY_PATH7=%WindowsRoot%\SRV32.EXE,1,HSR PATH_MAKE_BY_PATH8=%WindowsRoot%\INSTIT.BAT,1,HSR PATH_MAKE_BY_PATH9=%WindowsRoot%\MSTASK.EXE,1,HSR PATH_MAKE_BY_PATH10=%WindowsRoot%\MQBKUP.EXE,1,HSR REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,ScrSvr REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,Brasil REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,Alevir REGISTRY_DELETE_KEY_VALUE3=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,Puta!! REGISTRY_DELETE_KEY_VALUE4=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,Hacke! REGISTRY_DELETE_KEY_VALUE5=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,Cronos REGISTRY_DELETE_KEY_VALUE6=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,Srv32 REGISTRY_DELETE_KEY_VALUE7=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,Instit REGISTRY_DELETE_KEY_VALUE8=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,Mstask REGISTRY_DELETE_KEY_VALUE9=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,Mqbkup INI_SET_KEY_VALUE0=%WindowsRoot%\WIN.INI,windows,run,"" [W32/Frethem.Clear] PROC_TERMINATE_BY_NAME0=taskbar.exe PROC_TERMINATE_BY_NAME1=decrypt-password.exe FILE_DELETE_BY_PATH0=%WindowsRoot%\taskbar.exe REGISTRY_DELETE_KEY_VALUE0=HKEY_CURRENT_USER,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,Task Bar [W32/Dadinu.Clear] PROC_TERMINATE_BY_NAME3=RUNDLL32.EXE REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,PAV.EXE [W32/Lentin.E.Clear] FILE_DELETE_BY_PATH4=%TempRoot%\KITKAT REGISTRY_SET_KEY_VALUE0=HKEY_CLASSES_ROOT,exefile\shell\open\command,"",""%1" %*" [W32/Lentin.Clear] PROC_TERMINATE_BY_NAME0=NAV32_LOADER.EXE FILE_DELETE_BY_PATH0=%Systemroot%\NAV32_LOADER.EXE PATH_MAKE_BY_PATH0=%SystemRoot%\NAV32_LOADER.EXE,1,HSR PROC_TERMINATE_BY_NAME1=TCPSVS32.EXE FILE_DELETE_BY_PATH1=%Systemroot%\TCPSVS32.EXE PATH_MAKE_BY_PATH1=%Systemroot%\TCPSVS32.EXE,1,HSR PROC_TERMINATE_BY_NAME2=WINSERVICES.EXE FILE_DELETE_BY_PATH2=%Systemroot%\WINSERVICES.EXE PATH_MAKE_BY_PATH2=%Systemroot%\WINSERVICES.EXE,1,HSR FILE_DELETE_BY_PATH3=%Systemroot%\WINLOADER32.DLL PATH_MAKE_BY_PATH3=%Systemroot%\WINLOADER32.DLL,1,HSR REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WinServices REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,WinServices REGISTRY_SET_KEY_VALUE0=HKEY_CLASSES_ROOT,exefile\shell\open\command,"",""%1" %*" REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.hrvg.tk,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.hirosh.tk,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.hackers.com\html\neohaven.html,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.unixhideout.com,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL4=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.neworder.box.sk,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL5=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.blacksun.box.sk,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL6=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://geocities.com/snak33y3s,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL7=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.hackersclub.up.to,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL8=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.ankitfadia.com,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL9=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.coderz.net,http://www.pandasoftware.com [Stator.Clear] REGISTRY_SET_KEY_VALUE0=HKEY_CLASSES_ROOT,exefile\shell\open\command,"",""%1" %*" REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,ScanRegistry FILE_DELETE_BY_PATH0=%SystemRoot%\LOADPE.COM FILE_DELETE_BY_PATH1=%SystemRoot%\SCANREGW.EXE DLL_EXEC_FUNCTION_VOID0=QRVKRN.DLL,QRVAUX_ClearW32Stator [W32/Reeezak.A.Clear] PROC_TERMINATE_BY_NAME0=Christmas.exe FILE_DELETE_BY_PATH0=%WindowsRoot%\Christmas.exe REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ZaCker REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start page,http://geocities.com/jobreee/ZaCker.htm,http://www.pandasoftware.com [W32/Updater.Clear] FILE_DELETE_BY_PATH0=%WindowsRoot%\Update.exe FILE_DELETE_BY_PATH1=%StartUpRoot%\Update.vbs REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,Update [W32/Goner.A.Clear] FILE_DELETE_BY_PATH0=%SystemRoot%\Gone.scr REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,%SystemRoot%\gone.scr [I-Worm/Happy.Clear] FILE_DELETE_BY_PATH0=%SystemRoot%\Ska.exe FILE_DELETE_BY_PATH1=%SystemRoot%\Ska.dll FILE_DELETE_BY_PATH2=%SystemRoot%\Liste.ska REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunOnce,SKA.EXE FILE_MOVE_BY_PATH_TO_PATH0=%SystemRoot%\WSOCK32.SKA,%SystemRoot%\Wsock32.dll [W32/Qaz.Clear] REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,startIE FILE_MOVE_BY_PATH_TO_PATH0=%WindowsRoot%\Note.com,%WindowsRoot%\Notepad.exe [W32/MSInit.A.Clear] FILE_DELETE_BY_PATH0=%SystemRoot%\WININIT.EXE REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,bymer.scanner REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,distributed.net.client REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,msinit INI_SET_KEY_VALUE0=%WindowsRoot%\WIN.INI,windows,load,"" [W32/Badtrans.Clear] PROC_TERMINATE_BY_NAME0=Kernel32.EXE PROC_TERMINATE_BY_NAME1=Kern.EXE FILE_DELETE_BY_PATH0=%SystemRoot%\Kernel32.exe FILE_DELETE_BY_PATH1=%SystemRoot%\Kdll.dll FILE_DELETE_BY_PATH2=%SystemRoot%\KERN32.EXE FILE_DELETE_BY_PATH3=%WindowsRoot%\INETD.EXE FILE_REPLACE_TEXT1=%WindowsRoot%\WIN.INI,"%WindowsRoot%\INETD.EXE","",FALSE REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,Kernel32 REGISTRY_NULL_KEY_VALUE0=HKEY_CURRENT_USER,Software\Microsoft\Windows NT\CurrentVersion\Windows,Run [VBS/VBSWG.J.Clear] REGISTRY_DELETE_KEY0=HKEY_CURRENT_USER,Software\OnTheFly PROC_TERMINATE_BY_NAME0=WSCRIPT.EXE FILE_DELETE_BY_PATH0=%WindowsRoot%\AnnaKournikova.jpg.vbs [I-Worm/MTX.Clear] PROC_TERMINATE_BY_NAME0=MTX_.EXE FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,SystemBackup REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,SystemBackup REGISTRY_DELETE_KEY0=HKEY_LOCAL_MACHINE,Software\[MATRIX] FILE_DELETE_BY_PATH0=%WindowsRoot%\WIN32.DLL FILE_DELETE_BY_PATH1=%WindowsRoot%\IE_PACK.EXE FILE_DELETE_BY_PATH2=%WindowsRoot%\MTX_.EXE FILE_DELETE_BY_PATH3=%SystemRoot%\WSOCK32.MTX FILE_COPY_BY_PATH_TO_PATH0=%SystemRoot%\WSOCK32.DLL,%SystemRoot%\WSOCK32.MTX [JS/Kak.Worm.Clear] OUTLOOKEXPRESS_DELETE_SIGNATURES_IF_CONTAIN_TEXT_BY_VAR0=KAK_A FILE_DELETE_BY_PATH0=%StartUpRoot%\KAK.HTA FILE_DELETE_BY_PATH1=%WindowsRoot%\KAK.HTM FILE_DELETE_BY_PATH2=%WindowsRoot%\KAK.REG FILE_MOVE_BY_PATH_TO_PATH0=%Root%\AE.KAK,%Root%\AUTOEXEC.BAT FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,cAg0u REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,cAg0u [JS/Kak.Worm.B.Clear] OUTLOOKEXPRESS_DELETE_SIGNATURES_IF_CONTAIN_TEXT_BY_VAR0=KAK_B FILE_DELETE_BY_PATH0=%StartUpRoot%\DAY.HTA FILE_DELETE_BY_PATH1=%WindowsRoot%\COMMAND\DEFAULT.HTM FILE_DELETE_BY_PATH2=%WindowsRoot%\DAY.REG FILE_DELETE_BY_PATH3=%WindowsRoot%\Help\DAYS.HTA FILE_MOVE_BY_PATH_TO_PATH0=%Root%\DAYS.DAY,%Root%\AUTOEXEC.BAT FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,cDays REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,cDays [VBS/ShellScrap.Worm.Clear] FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_USERS,.DEFAULT\SOFTWARE\Mirabilis\ICQ\Agent\Apps\ICQ,Parameters REGISTRY_SET_KEY_VALUE_WITH_FORMAT_STRING_PATH_PARAMETER0=HKEY_LOCAL_MACHINE,Software\CLASSES\regfile\DefaultIcon,"","%s,1",%WindowsRoot%\REGEDIT.EXE REGISTRY_SET_KEY_VALUE_WITH_FORMAT_STRING_PATH_PARAMETER1=HKEY_LOCAL_MACHINE,Software\CLASSES\regfile\shell\open\command,"","%s "%1"",%WindowsRoot%\REGEDIT.EXE REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices,ScanReg REGISTRY_DELETE_KEY_VALUE1=HKEY_USERS,.DEFAULT\SOFTWARE\Mirabilis\ICQ\Agent\Apps\ICQ,Parameters REGISTRY_DELETE_KEY_VALUE2=HKEY_CLASSES_ROOT,ShellScrap,AlwaysShowExt REGISTRY_SET_KEY_VALUE0=HKEY_CLASSES_ROOT,ShellScrap,NeverShowExt, FILE_MOVE_BY_PATH_TO_PATH0=%RecycledRoot%\RECYCLED.VXD,%WindowsRoot%\REGEDIT.EXE FILE_DELETE_BY_PATH0=%SystemRoot%\MSINFO16.TLB FILE_DELETE_BY_PATH1=%WindowsRoot%\MSINFO16.TLB FILE_DELETE_BY_PATH2=%SystemRoot%\SCANREG.VBS FILE_DELETE_BY_PATH3=%SystemRoot%\VBASET.OLB FILE_DELETE_BY_PATH4=%RecycledRoot%\DBINDEX.VBS FILE_DELETE_BY_PATH5=%RecycledRoot%\MSRCYCLD.DAT FILE_DELETE_BY_PATH6=%RecycledRoot%\RCYCLDBN.DAT FILE_DELETE_BY_PATH7=%WindowsRoot%\LIFE_STAGES.TXT.SHS FILE_DELETE_BY_PATH8=%StartUpRoot%\LIFE_STAGES.TXT.SHS FILE_DELETE_BY_PATH9=%MyDocumentsRoot%\IMPORTANT*.SHS FILE_DELETE_BY_PATH10=%MyDocumentsRoot%\SECRET*.SHS FILE_DELETE_BY_PATH11=%MyDocumentsRoot%\UNKNOWN*.SHS FILE_DELETE_BY_PATH12=%MyDocumentsRoot%\REPORT*.SHS FILE_DELETE_BY_PATH18=%MyDocumentsRoot%\INFO*.SHS FILE_DELETE_BY_PATH13=%Root%\IMPORTANT*.SHS FILE_DELETE_BY_PATH14=%Root%\SECRET*.SHS FILE_DELETE_BY_PATH15=%Root%\UNKNOWN*.SHS FILE_DELETE_BY_PATH16=%Root%\REPORT*.SHS FILE_DELETE_BY_PATH17=%Root%\INFO*.SHS FILE_DELETE_BY_PATH19=%ProgramsRoot%\IMPORTANT*.SHS FILE_DELETE_BY_PATH20=%ProgramsRoot%\SECRET*.SHS FILE_DELETE_BY_PATH21=%ProgramsRoot%\UNKNOWN*.SHS FILE_DELETE_BY_PATH22=%ProgramsRoot%\REPORT*.SHS FILE_DELETE_BY_PATH23=%ProgramsRoot%\INFO*.SHS FILE_DELETE_BY_PATH24=%StartUpRoot%\LIFE_STAGES.TXT.SHS [VBS/CoolNotepad.Worm.Clear] FILE_DELETE_BY_REGISTRY_KEY_VALUE00=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,COOL_NOTEPAD_DEMO REGISTRY_DELETE_KEY_VALUE00=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,COOL_NOTEPAD_DEMO REGISTRY_SET_KEY_VALUE_WITH_TYPE00=DWORD,HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoDesktop,0,0 FILE_DELETE_BY_PATH0=%SystemRoot%\COOL_NOTEPAD_DEMO.TXT.VBS [VBS/LoveLetter.AS.Clear] FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,LINUX32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,reload REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,LINUX32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,reload REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://members.fortunecity.com/plancolombia/macromedia32.zip,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://members.fortunecity.com/plancolombia/linux321.zip,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://members.fortunecity.com/plancolombia/linux322.zip,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\US-PRESIDENT-AND-FBI-SECRETS.HTM [VBS/LoveLetter.Clear] PROC_TERMINATE_BY_NAME0=WINFAT32.EXE FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\LOVE-LETTER-FOR-YOU.HTM FILE_DELETE_BY_PATH2=%SystemRoot%\LOVE-LETTER-FOR-YOU.TXT.VBS [VBS/LoveLetter.C.Clear] PROC_TERMINATE_BY_NAME0=WINFAT32.EXE FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\VERY FUNNY.VBS FILE_DELETE_BY_PATH2=%SystemRoot%\VERY FUNNY.HTM [VBS/LoveLetter.D.Clear] PROC_TERMINATE_BY_NAME0=WINFAT32.EXE FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\MOTHERSDAY.VBS FILE_DELETE_BY_PATH2=%SystemRoot%\MOTHERSDAY.HTM [VBS/LoveLetter.E.Clear] PROC_TERMINATE_BY_NAME0=WINFAT32.EXE FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WinFAT32 REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WinFAT32 REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.hackers.com,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.2600.com,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\MOTHERSDAY.VBS FILE_DELETE_BY_PATH2=%SystemRoot%\MOTHERSDAY.HTM [VBS/LoveLetter.F.Clear] FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skycable.tucows.com/files2/setup24.exe,http://www.pandasoftware.com FILE_DELETE_BY_PATH2=%SystemRoot%\URGENT_VIRUS_WARNING.HTM [VBS/LoveLetter.G.Clear] FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://3doc.dailypussy.com/gallery/bunny.html,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Search Page,http://astalavista.box.sk,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Defaul_Page_URL,http://www.persiankitty.com,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Default_Search_URL,http://www.thecrack.net,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL4=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Local Page,system\protect.htm,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL5=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Window Title,Mocro$oft Internet Exploder by Ommen⌐,Microsoft Internet Explorer FILE_DELETE_BY_PATH0=%SystemRoot%\SETUP24.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\PROTECT.HTM FILE_DELETE_BY_PATH2=%SystemRoot%\PROTECT.VBS [VBS/LoveLetter.I.Clear] PROC_TERMINATE_BY_NAME0=WINFAT32.EXE FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,ESKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,ES32DLL ILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,ESKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,ES32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\IMPORTANT.HTM FILE_DELETE_BY_PATH2=%SystemRoot%\IMPORTANT.TXT.VBS [VBS/LoveLetter.J.Clear] PROC_TERMINATE_BY_NAME0=WINFAT32.EXE FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\VIRUS-PROTECTION-INSTRUCTIONS.HTM FILE_DELETE_BY_PATH2=%SystemRoot%\VIRUS-PROTECTION-INSTRUCTIONS.VBS [VBS/LoveLetter.K.Clear] PROC_TERMINATE_BY_NAME0=WINFAT32.EXE FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\NO-HATE-FOR-YOU.HTM [VBS/LoveLetter.L.Clear] PROC_TERMINATE_BY_NAME0=WINFAT32.EXE FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\BEWERBUNG.HTM FILE_DELETE_BY_PATH2=%SystemRoot%\BEWERBUNG.TXT.VBS [VBS/LoveLetter.N.Clear] PROC_TERMINATE_BY_NAME0=WINFAT32.EXE FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,SNDVOL32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,IEAKDLL FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,SNDVOL32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,IEAKDLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.astalavista.box.sk,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\IMPORTANT.HTM FILE_DELETE_BY_PATH2=%SystemRoot%\IMPORTANT.TXT.VBS [VBS/LoveLetter.P.Clear] FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.yahoo.com/Vir-Killer.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.msn.com/Vir-Killer.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.Hotmail.com/Vir-Killer.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.Aol.com/Vir-Killer.exe,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\SETUP24.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\VIR-KILLER.HTM FILE_DELETE_BY_PATH2=%SystemRoot%\VIR-KILLER.VBS [VBS/LoveLetter.Q.Clear] PROC_TERMINATE_BY_NAME0=WINFAT32.EXE FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MUSERS32.VBS FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,USER32DLL FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MUSERS32.VBS REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,USER32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\LOOK.HTM FILE_DELETE_BY_PATH2=%SystemRoot%\LOOK.VBS [VBS/LoveLetter.S.Clear] PROC_TERMINATE_BY_NAME0=WINFAT32.EXE FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\KILLER.HTM FILE_DELETE_BY_PATH2=%SystemRoot%\KILLEMALL.TXT.VBS [VBS/LoveLetter.T.Clear] PROC_TERMINATE_BY_NAME0=WINFAT32.EXE FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.2600.com,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\BAND-AID.DOC.VBS [VBS/LoveLetter.U.Clear] PROC_TERMINATE_BY_NAME0=WINFAT32.EXE FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\MAJOR BUG & VIRUS FIX.HTM [VBS/LoveLetter.V.Clear] PROC_TERMINATE_BY_NAME0=WINFAT32.EXE FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.uol.com.br/,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\UOL.HTM FILE_DELETE_BY_PATH2=%SystemRoot%\UOL.TXT.VBS [VBS/LoveLetter.W.Clear] FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.2600.com,http://www.pandasoftware.com FILE_DELETE_BY_PATH1=%SystemRoot%\BUG AND VIRUS FIX.HTM FILE_DELETE_BY_PATH2=%SystemRoot%\BUG AND VIRUS FIX.TXT.VBS [I-Worm/Verona.B.Clear] FILE_DELETE_BY_PATH0=%WindowsRoot%\Sysrnj.exe REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CLASSES_ROOT,.arj,,rnjfile,WinRAR REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CLASSES_ROOT,.avi,,rnjfile,avifile REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CLASSES_ROOT,.bmp,,rnjfile,Paint.Picture REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CLASSES_ROOT,.doc,,rnjfile,Word.Document.8 REGISTRY_SET_KEY_VALUE_IF_EQUAL4=HKEY_CLASSES_ROOT,.exe,,rnjfile,exefile REGISTRY_SET_KEY_VALUE_IF_EQUAL5=HKEY_CLASSES_ROOT,.gif,,rnjfile,giffile REGISTRY_SET_KEY_VALUE_IF_EQUAL6=HKEY_CLASSES_ROOT,.jpe,,rnjfile,jpegfile REGISTRY_SET_KEY_VALUE_IF_EQUAL7=HKEY_CLASSES_ROOT,.jpeg,,rnjfile,jpegfile REGISTRY_SET_KEY_VALUE_IF_EQUAL8=HKEY_CLASSES_ROOT,.jpg,,rnjfile,jpegfile REGISTRY_SET_KEY_VALUE_IF_EQUAL9=HKEY_CLASSES_ROOT,.lha,,rnjfile,WinRAR REGISTRY_SET_KEY_VALUE_IF_EQUAL10=HKEY_CLASSES_ROOT,.mp2,,rnjfile,mpegfile REGISTRY_SET_KEY_VALUE_IF_EQUAL11=HKEY_CLASSES_ROOT,.mp3,,rnjfile,mp3file REGISTRY_SET_KEY_VALUE_IF_EQUAL12=HKEY_CLASSES_ROOT,.mpeg,,rnjfile,mpegfile REGISTRY_SET_KEY_VALUE_IF_EQUAL13=HKEY_CLASSES_ROOT,.mpg,,rnjfile,mpegfile REGISTRY_SET_KEY_VALUE_IF_EQUAL14=HKEY_CLASSES_ROOT,.rar,,rnjfile,WinRAR REGISTRY_SET_KEY_VALUE_IF_EQUAL15=HKEY_CLASSES_ROOT,.reg,,rnjfile,regfile REGISTRY_SET_KEY_VALUE_IF_EQUAL16=HKEY_CLASSES_ROOT,.vqf,,rnjfile, REGISTRY_SET_KEY_VALUE_IF_EQUAL17=HKEY_CLASSES_ROOT,.wma,,rnjfile,WMAfile REGISTRY_SET_KEY_VALUE_IF_EQUAL18=HKEY_CLASSES_ROOT,.wmf,,rnjfile,WMF_auto_file REGISTRY_SET_KEY_VALUE_IF_EQUAL19=HKEY_CLASSES_ROOT,.wmv,,rnjfile,WMVFile REGISTRY_SET_KEY_VALUE_IF_EQUAL20=HKEY_CLASSES_ROOT,.xls,,rnjfile,Excel.Sheet.8 REGISTRY_SET_KEY_VALUE_IF_EQUAL21=HKEY_CLASSES_ROOT,.zip,,rnjfile,WinZip REGISTRY_DELETE_KEY0=HKEY_CLASSES_ROOT,rnjfile\DefaultIcon REGISTRY_DELETE_KEY1=HKEY_CLASSES_ROOT,rnjfile\shell\open\command REGISTRY_DELETE_KEY2=HKEY_CLASSES_ROOT,rnjfile\shell\open REGISTRY_DELETE_KEY3=HKEY_CLASSES_ROOT,rnjfile\shell\ REGISTRY_DELETE_KEY4=HKEY_CLASSES_ROOT,rnjfile [W32/Navidad.Clear] REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,Win32BaseServiceMOD REGISTRY_SET_KEY_VALUE0=HKEY_CLASSES_ROOT,exefile\shell\open\command,"",""%1" %*" FILE_DELETE_BY_PATH1=%SystemRoot%\WINSVRC.VXD PROC_TERMINATE_BY_NAME0=NAVIDAD.EXE [W32/Navidad.B.Clear] REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,Win32BaseServiceMOD REGISTRY_SET_KEY_VALUE0=HKEY_CLASSES_ROOT,exefile\shell\open\command,"",""%1" %*" PROC_TERMINATE_BY_NAME0=WINTASK.EXE PROC_TERMINATE_BY_NAME1=EMANUEL.EXE FILE_DELETE_BY_PATH0=%SystemRoot%\wintask.exe [W32/FunLove.Clear] PROC_TERMINATE_BY_NAME0=FLCSS.EXE PROC_TERMINATE_BY_NAME1=BRIDE.EXE FILE_DELETE_BY_PATH0=%SystemRoot%\FLCSS.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\BRIDE.EXE PATH_MAKE_BY_PATH0=%SystemRoot%\FLCSS.EXE,1,HSR SERVICE_DELETE_BY_NAME0=FLC REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,FLC [W32/PrettyPark.Clear] REGISTRY_SET_KEY_VALUE0=HKEY_CLASSES_ROOT,exefile\shell\open\command,"",""%1" %*" PROC_TERMINATE_BY_NAME0=FILES32.VXD FILE_DELETE_BY_PATH0=%SystemRoot%\FILES32.VXD [VBS/Help.Clear] FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_CURRENT_USER,SOFTWARE\Help,wallPaper FILE_DELETE_BY_PATH0=%WindowsRoot%\UNTITLED.HTM REGISTRY_DELETE_KEY0=HKEY_CURRENT_USER,SOFTWARE\Help REGISTRY_SET_KEY_VALUE0=HKEY_CURRENT_USER,Control Panel\Desktop,Wallpaper,"" [W32/SirCam.Clear.NT] PROC_TERMINATE_BY_NAME0=SIRC32.EXE PROC_TERMINATE_BY_NAME1=SCAM32.EXE PROC_TERMINATE_BY_NAME2=RUN32.EXE PROC_TERMINATE_BY_NAME3=RUNDLL32.EXE REGISTRY_SET_KEY_VALUE0=HKEY_CLASSES_ROOT,exefile\shell\open\command,"",""%1" %*" FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices,Driver32 REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices,Driver32 REGISTRY_DELETE_KEY0=HKEY_LOCAL_MACHINE,SOFTWARE\SirCam FILE_DELETE_BY_PATH00=%RecycledRoot%\SIRC32.EXE FILE_DELETE_BY_PATH01=%SystemRoot%\SCD.DLL FILE_DELETE_BY_PATH02=%SystemRoot%\SCW1.DLL FILE_DELETE_BY_PATH03=%SystemRoot%\SCI1.DLL FILE_DELETE_BY_PATH04=%SystemRoot%\SCY1.DLL FILE_DELETE_BY_PATH05=%SystemRoot%\SCH1.DLL FILE_DELETE_BY_PATH06=%SystemRoot%\SCT1.DLL FILE_DELETE_BY_PATH07=%WindowsRoot%\ScMx32.exe FILE_DELETE_BY_PATH08=%StartUpRoot%\Microsoft Internet Office.exe FILE_DELETE_BY_PATH09=%RecycledRoot%\SIRCAM.SYS FILE_DELETE_BY_PATH10=%Root%\SIRC32.EXE FILE_REPLACE_TEXT0=%Root%\AUTOEXEC.BAT,"@win \recycled\sirc32.exe","",FALSE FILE_REPLACE_TEXT1=%WindowsRoot%\WIN.INI,"SirC32.exe="C:\SirC32.exe"","",FALSE REGISTRY_REPLACE_TEXT_IN_VALUE0=HKEY_CLASSES_ROOT,"inffile\shell\Install\command","","RUN32.EXE","RUNDLL32.EXE",FALSE REGISTRY_REPLACE_TEXT_IN_VALUE1=HKEY_CLASSES_ROOT,"Unknown\shell\openas\command","","RUN32.EXE","RUNDLL32.EXE",FALSE FILE_MOVE_BY_PATH_TO_PATH0=%SystemRoot%\RUN32.EXE,%SystemRoot%\RUNDLL32.EXE [W32/SirCam.Clear.9X] PROC_TERMINATE_BY_NAME0=SIRC32.EXE PROC_TERMINATE_BY_NAME1=SCAM32.EXE PROC_TERMINATE_BY_NAME2=RUN32.EXE PROC_TERMINATE_BY_NAME3=RUNDLL32.EXE REGISTRY_SET_KEY_VALUE0=HKEY_CLASSES_ROOT,exefile\shell\open\command,"",""%1" %*" FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices,Driver32 REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices,Driver32 REGISTRY_DELETE_KEY0=HKEY_LOCAL_MACHINE,SOFTWARE\SirCam FILE_DELETE_BY_PATH00=%RecycledRoot%\SIRC32.EXE FILE_DELETE_BY_PATH01=%SystemRoot%\SCD.DLL FILE_DELETE_BY_PATH02=%SystemRoot%\SCW1.DLL FILE_DELETE_BY_PATH03=%SystemRoot%\SCI1.DLL FILE_DELETE_BY_PATH04=%SystemRoot%\SCY1.DLL FILE_DELETE_BY_PATH05=%SystemRoot%\SCH1.DLL FILE_DELETE_BY_PATH06=%SystemRoot%\SCT1.DLL FILE_DELETE_BY_PATH07=%WindowsRoot%\ScMx32.exe FILE_DELETE_BY_PATH08=%StartUpRoot%\Microsoft Internet Office.exe FILE_DELETE_BY_PATH09=%RecycledRoot%\SIRCAM.SYS FILE_DELETE_BY_PATH10=%Root%\SIRC32.EXE FILE_REPLACE_TEXT0=%Root%\AUTOEXEC.BAT,"@win \recycled\sirc32.exe","",FALSE FILE_REPLACE_TEXT1=%WindowsRoot%\WIN.INI,"SirC32.exe="C:\SirC32.exe"","",FALSE REGISTRY_REPLACE_TEXT_IN_VALUE0=HKEY_CLASSES_ROOT,"inffile\shell\Install\command","","RUN32.EXE","RUNDLL.EXE",FALSE REGISTRY_REPLACE_TEXT_IN_VALUE1=HKEY_CLASSES_ROOT,"Unknown\shell\openas\command","","RUN32.EXE","RUNDLL32.EXE",FALSE FILE_MOVE_BY_PATH_TO_PATH0=%WindowsRoot%\RUN32.EXE,%WindowsRoot%\RUNDLL32.EXE [W32/Nimda.Clear] PROC_TERMINATE_BY_NAME0=LOAD.EXE FILE_DELETE_BY_PATH00=%WindowsRoot%\MMC.EXE FILE_DELETE_BY_PATH01=%WindowsRoot%\CSRSS.EXE FILE_DELETE_BY_PATH02=%TempRoot%\MEP*.EXE FILE_DELETE_BY_PATH03=%WindowsRoot%\WININIT.INI FILE_REPLACE_TEXT1=%WindowsRoot%\SYSTEM.INI," load.exe -dontrunold","",FALSE FILE_DELETE_BY_PATH04=%TempRoot%\MEP*.* FILE_DELETE_BY_PATH05=%WindowsRoot%\MEP*.* FILE_DELETE_BY_PATH06=%SystemRoot%\LOAD.EXE USER_DISABLE_BY_NAME0=guest FILE_DELETE_BY_PATH07=C:\ADMIN.DLL FILE_DELETE_BY_PATH08=D:\ADMIN.DLL FILE_DELETE_BY_PATH09=E:\ADMIN.DLL FILE_DELETE_BY_PATH10=C:\HTTPODBC.DLL FILE_DELETE_BY_PATH11=D:\HTTPODBC.DLL FILE_DELETE_BY_PATH12=E:\HTTPODBC.DLL FILE_DELETE_BY_PATH13=C:\INETPUB\WWWROOT\TFTP* FILE_DELETE_BY_PATH14=C:\INETPUB\SCRIPTS\TFTP* FILE_DELETE_BY_PATH15=D:\INETPUB\WWWROOT\TFTP* FILE_DELETE_BY_PATH16=D:\INETPUB\SCRIPTS\TFTP* FILE_DELETE_BY_PATH17=E:\INETPUB\WWWROOT\TFTP* FILE_DELETE_BY_PATH18=E:\INETPUB\SCRIPTS\TFTP* FILE_DELETE_BY_PATH19=F:\INETPUB\WWWROOT\TFTP* FILE_DELETE_BY_PATH20=F:\INETPUB\SCRIPTS\TFTP* FILE_DELETE_BY_PATH21=G:\INETPUB\WWWROOT\TFTP* FILE_DELETE_BY_PATH22=G:\INETPUB\SCRIPTS\TFTP* [W32/Klez.Clear] PROC_TERMINATE_BY_NAME0=Wink*.exe PROC_TERMINATE_BY_NAME1=Wqk.exe PROC_TERMINATE_BY_NAME2=Winsvc.exe PROC_TERMINATE_BY_NAME3=Krn132.exe PROC_TERMINATE_BY_LINKED_DLL0=Wqk.dll FILE_DELETE_BY_PATH0=%SystemRoot%\Wink*.exe FILE_DELETE_BY_PATH1=%SystemRoot%\Wqk.exe FILE_DELETE_BY_PATH2=%TempRoot%\k*.exe FILE_DELETE_BY_PATH3=%SystemRoot%\Winsvc.exe FILE_DELETE_BY_PATH4=%SystemRoot%\Krn132.exe FILE_DELETE_ON_NATIVE_REBOOT0=%SystemRoot%\Wqk.dll SERVICE_DELETE_BY_NAME0=Winsvc PATH_MAKE_BY_PATH0=%SystemRoot%\WQK.EXE,1,HSR PATH_MAKE_BY_PATH1=%SystemRoot%\WQK.DLL,1,HSR PATH_MAKE_BY_PATH2=%SystemRoot%\Winsvc.exe,1,HSR REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,WQK REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,Wink* REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,Winsvc REGISTRY_DELETE_KEY_VALUE3=HKEY_LOCAL_MACHINE,SYSTEM\CurrentControlSet\Services,WQK REGISTRY_DELETE_KEY_VALUE4=HKEY_LOCAL_MACHINE,SYSTEM\CurrentControlSet\Services,Wink* REGISTRY_DELETE_KEY_VALUE5=HKEY_LOCAL_MACHINE,SYSTEM\CurrentControlSet\Services,Winsvc REGISTRY_DELETE_KEY_VALUE6=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,Krn132 REGISTRY_REPLACE_TEXT_IN_VALUE0=HKEY_LOCAL_MACHINE,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows","AppInit_DLLs","Wqk.dll","",FALSE [W32/Vote.Clear] FILE_DELETE_BY_PATH00=%SystemRoot%\Zacker.vbs FILE_DELETE_BY_PATH01=%WindowsRoot%\MixDaLaL.vbs FILE_DELETE_BY_PATH02=%WindowsRoot%\WTC.exe REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,Norton.Thar REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://us.f1.yahoofs.com/users/da36d538/bc/TimeUpdate.exe?bcaVq97ATaW0yAxk,http://www.pandasoftware.com FILE_REPLACE_TEXT0=%Root%\AUTOEXEC.BAT,"echo y | format C:","",FALSE [ByteStrings] KAK_A=4B414B2E48544D KAK_B=44454641554C542E48544D [GenericRegistryClean] REG_SCAN_KEY_DATA_VALUES=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run REG_SCAN_KEY_DATA_VALUES=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunOnce REG_SCAN_KEY_DATA_VALUES=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices REG_SCAN_KEY_DATA_VALUES=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServicesOnce REG_SCAN_KEY_DATA_VALUES=HKEY_CURRENT_USER,Software\Microsoft\Windows\CurrentVersion\Run REG_SCAN_KEY_DATA_VALUES=HKEY_CURRENT_USER,Software\Microsoft\Windows\CurrentVersion\RunOnce REG_SCAN_EXTENSION_COMMAND=exefile,open,""%1" %*" REG_SCAN_EXTENSION_COMMAND=comfile,open,""%1" %*" REG_SCAN_EXTENSION_COMMAND=piffile,open,""%1" %*" REG_SCAN_EXTENSION_COMMAND=scrfile,open,""%1" /S" REG_SCAN_EXTENSION_COMMAND=scrfile,config,"%1" REG_SCAN_EXTENSION_COMMAND=batfile,open,""%1" /S" REG_SCAN_EXTENSION_COMMAND=regfile,open,"regedit.exe "%1"" INI_SCAN_DATA_VALUE=win.ini,windows,run INI_SCAN_DATA_VALUE=win.ini,windows,load STARTUP_FOLDER_SCAN= [GenericRegistryClean.NT] REG_SCAN_EXTENSION_COMMAND=txtfile,open,"%windowsroot%\system32\notepad.exe "%1"" [GenericRegistryClean.9x] REG_SCAN_EXTENSION_COMMAND=txtfile,open,"%windowsroot%\notepad.exe "%1""