home *** CD-ROM | disk | FTP | other *** search
/ Joystick Magazine 2002 January / JOY133_CD2.iso / data / sharewares / pharmacie / titanin.exe / QRV.KRN < prev    next >
Windows Setup INFormation  |  2001-10-22  |  62KB  |  1,160 lines
  1. [Version]
  2. MinVersion=2.6.2.18
  3. MaxVersion=2.6.2.99
  4. Version=01.04.00.00
  5.  
  6. [VirusInformation]
  7. W32/Vote=Vote
  8. W32/Nimda.A@mm=Nimda
  9. W32/SirCam=W32/SirCam@mm
  10. VBS/Help=VBS/HappyTime.A
  11. VBS/SST.A=VBS/SST.A,I-Worm/Lee.O
  12. W32/PrettyPark=W32/ExploreZip.Worm.Pack,Wrom.ExploreZip
  13. I-Worm/MTX=I-Worm/MTX
  14. JS/Kak.Worm=VBS.KakWorm, Kagou-Anti-Frosoft, Wsript.Kak.A
  15. JS/Kak.Worm.B=VBS.KakWorm.B, Wsript.Kak.B, Days
  16. VBS/ShellScrap.Worm=VBS/ShellScrap.Worm
  17. I-Worm/Verona.B=BleBla.B, I-Worm-Blebla.B, Troj/Blebla.B, W32/BleBla@mm
  18. W32/Navidad=W32/Navidad
  19. W32/Navidad.B=W32/Navidad.B
  20. VBS/CoolNotepad.Worm=VBS/CoolNotepad.Worm
  21. VBS/LoveLetter=VBS/LoveLetter
  22. VBS/LoveLetter.AS=VBS/LoveLetter.AS
  23. VBS/LoveLetter.C=VBS/LoveLetter.C
  24. VBS/LoveLetter.D=VBS/LoveLetter.D
  25. VBS/LoveLetter.E=VBS/LoveLetter.E
  26. VBS/LoveLetter.F=VBS/LoveLetter.F
  27. VBS/LoveLetter.G=VBS/LoveLetter.G
  28. VBS/LoveLetter.I=VBS/LoveLetter.I
  29. VBS/LoveLetter.J=VBS/LoveLetter.J
  30. VBS/LoveLetter.K=VBS/LoveLetter.K
  31. VBS/LoveLetter.L=VBS/LoveLetter.L
  32. VBS/LoveLetter.N=VBS/LoveLetter.N
  33. VBS/LoveLetter.P=VBS/LoveLetter.P
  34. VBS/LoveLetter.Q=VBS/LoveLetter.Q
  35. VBS/LoveLetter.S=VBS/LoveLetter.S
  36. VBS/LoveLetter.T=VBS/LoveLetter.T
  37. VBS/LoveLetter.U=VBS/LoveLetter.U
  38. VBS/LoveLetter.V=VBS/LoveLetter.V
  39. VBS/LoveLetter.W=VBS/LoveLetter.W
  40. W32/FunLove=Win32_FLC, Win32.FLC, FLCSS
  41.  
  42. [VirusFamilies]
  43. F13=VOTE
  44. F12=NIMDA
  45. F11=SIRCAM
  46. F07=FUNLOVE
  47. F09=ANNA KOURNIKOVA
  48. F03=COOL NOTEPAD
  49. F10=HELP
  50. F00=I LOVE YOU
  51. F01=KAK WORM
  52. F04=MATRIX
  53. F06=NAVIDAD
  54. F08=PRETTY PARK
  55. F02=SHELL SCRAP
  56. F05=VERONA
  57.  
  58.  
  59. [F13.Family]
  60. Name=VOTE
  61. FileName=
  62.  
  63. [F12.Family]
  64. Name=NIMDA
  65. FileName=
  66.  
  67. [F11.Family]
  68. Name=SIRCAM
  69. FileName=
  70.  
  71. [F10.Family]
  72. Name=HELP
  73. FileName=
  74.  
  75. [F09.Family]
  76. Name=ANNA KOURNIKOVA
  77. FileName=
  78.  
  79. [F08.Family]
  80. Name=PRETTY PARK
  81. FileName=
  82.  
  83. [F00.Family]
  84. Name=I LOVE YOU
  85. FileName=
  86.  
  87. [F01.Family]
  88. Name=KAK WORM
  89. FileName=KAK
  90.  
  91. [F02.Family]
  92. Name=SHELL SCRAP
  93. FileName=SHELL
  94.  
  95. [F03.Family]
  96. Name=COOL NOTEPAD
  97. FileName=
  98.  
  99. [F04.Family]
  100. Name=MTX
  101. FileName=
  102.  
  103. [F05.Family]
  104. Name=VERONA
  105. FileName=
  106.  
  107. [F06.Family]
  108. Name=NAVIDAD
  109. FileName=
  110.  
  111. [F07.Family]
  112. Name=FUNLOVE
  113. FileName=
  114.  
  115. [W32/Vote.Info]
  116. Family=F13
  117. Detect=W32/Vote
  118. Clear=W32/Vote
  119. Aliases=W32/Vote,VOTE
  120. Ids=58507,59595,59596,59597
  121. LaunchPAV=1,/clv /aut /nbr /loc /nos /ext:vbs;exe
  122. LaunchPAV32=1,/clv /aut /nbr /loc /nos /ext:vbs;exe
  123.  
  124. [W32/Nimda.A@mm.Info]
  125. Family=F12
  126. Detect=W32/Nimda.A@mm
  127. Clear=W32/Nimda.A@mm
  128. Aliases=W32/Nimda.A@mm,Nimda
  129. Ids=58707
  130. LaunchPAV=1,/loc /nbr /clv /del /nos /aut /cmp /ext:dll;exe;tmp;doc;dot;eml;nws;asp;htm;html;vir
  131. LaunchPAV32=1,/loc /nbr /clv /del /nos /aut /cmp /ext:dll;exe;tmp;doc;dot;eml;nws;asp;htm;html;vir
  132.  
  133. [VBS/SST.A.Info]
  134. Family=F09
  135. Detect=VBS/SST.A
  136. Clear=VBS/SST.A
  137. Aliases=VBS/SST.A,I-Worm/Lee.O
  138. Ids=15400
  139. LaunchPAV=1,/clv /aut /nbr /loc /nos /ext:vbs;ini
  140. LaunchPAV32=1,/clv /aut /nbr /loc /nos /ext:vbs;ini
  141.  
  142. [W32/PrettyPark.Info]
  143. Family=F08
  144. Detect=W32/PrettyPark
  145. Clear=W32/PrettyPark
  146. Aliases=W32/ExploreZip.Worm.Pack,Wrom.ExploreZip
  147. Ids=55018,28008
  148. LaunchPAV=1,/clv /aut /nbr /loc /nos /ext:exe;vxd
  149. LaunchPAV32=1,/clv /aut /nbr /loc /nos /ext:exe;vxd
  150.  
  151. [I-Worm/MTX.Info]
  152. Family=F04
  153. Detect=I-Worm/MTX
  154. Clear=I-Worm/MTX
  155. Aliases=I-Worm/MTX
  156. Ids=28889,51714,55212
  157. LaunchPAV=1,/mtx /clv /aut /aex /nbr /loc /nos
  158. LaunchPAV32=1,/mtx /clv /aut /aex /nbr /loc /nos
  159.  
  160. [VBS/CoolNotepad.Worm.Info]
  161. Family=F03
  162. Detect=VBS/CoolNotepad.Worm
  163. Clear=VBS/CoolNotepad.Worm
  164. Aliases=VBS/CoolNotepad.Worm
  165. Ids=51328
  166. LaunchPAV=1,/clv /aut /nbr /loc /nos /ext:vbs;ini
  167. LaunchPAV32=1,/clv /aut /nbr /loc /nos /ext:vbs;ini
  168.  
  169. [VBS/LoveLetter.AS.Info]
  170. Family=F00
  171. Detect=VBS/LoveLetter.AS
  172. Clear=VBS/LoveLetter.AS
  173. Aliases=VBS/LoveLetter.AS
  174. Ids=55101
  175.  
  176. [JS/Kak.Worm.Info]
  177. Family=F01
  178. Detect=JS/Kak.Worm
  179. Clear=JS/Kak.Worm
  180. Aliases=VBS.KakWorm, Kagou-Anti-Frosoft, Wsript.Kak.A
  181. Ids=31932
  182. LaunchPAV=1,/clv /aut /nbr /loc /nos /ext:htm;html;hta;reg;bat;kak
  183. LaunchPAV32=1,/clv /aut /nbr /loc /nos /ext:htm;html;hta;reg;bat;kak
  184.  
  185. [JS/Kak.Worm.B.Info]
  186. Family=F01
  187. Detect=JS/Kak.Worm.B
  188. Clear=JS/Kak.Worm.B
  189. Aliases=VBS.KakWorm.B, Wsript.Kak.B, Days
  190. Ids=24215
  191. LaunchPAV=1,/clv /aut /nbr /loc /nos /ext:htm;html;hta;reg;bat;kak
  192. LaunchPAV32=1,/clv /aut /nbr /loc /nos /ext:htm;html;hta;reg;bat;kak
  193.  
  194. [VBS/ShellScrap.Worm.Info]
  195. Family=F02
  196. Detect=VBS/ShellScrap.Worm
  197. Clear=VBS/ShellScrap.Worm
  198. Aliases=VBS/ShellScrap.Worm, VBS/Live_Stages, VBS.Stages.Worm
  199. Ids=51542
  200. LaunchPAV=1,/clv /aut /nbr /loc /nos /ext:shs;ini;exe;vbs
  201. LaunchPAV32=1,/clv /aut /nbr /loc /nos /ext:shs;ini;exe;vbs
  202.  
  203. [VBS/LoveLetter.Info]
  204. Family=F00
  205. Detect=VBS/LoveLetter
  206. Clear=VBS/LoveLetter
  207. Aliases=I LOVE YOU, Worm/LoveLetter, Barok
  208. Ids=51220,51221,51224,51225,51241
  209. LaunchPAV=1,/clv /aut /aex /nbr /loc /nos
  210. LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos
  211.  
  212. [VBS/LoveLetter.B.Info]
  213. Family=F00
  214. Detect=VBS/LoveLetter
  215. Clear=VBS/LoveLetter
  216. Aliases=VBS/LoveLetter.B
  217. Ids=51238
  218. LaunchPAV=1,/clv /aut /aex /nbr /loc /nos
  219. LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos
  220.  
  221. [VBS/LoveLetter.C.Info]
  222. Family=F00
  223. Detect=VBS/LoveLetter.C
  224. Clear=VBS/LoveLetter.C
  225. Aliases=Very Funny
  226. Ids=51239
  227. LaunchPAV=1,/clv /aut /aex /nbr /loc /nos
  228. LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos
  229.  
  230. [VBS/LoveLetter.D.Info]
  231. Family=F00
  232. Detect=VBS/LoveLetter.D
  233. Clear=VBS/LoveLetter.D
  234. Aliases=VBS/Mothersday, WORM/LoveLetter.D
  235. Ids=51240
  236. LaunchPAV=1,/clv /aut /aex /nbr /loc /nos
  237. LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos
  238.  
  239. [VBS/LoveLetter.E.Info]
  240. Family=F00
  241. Detect=VBS/LoveLetter.E
  242. Clear=VBS/LoveLetter.E
  243. Aliases=WORM/LoveLetter.E
  244. Ids=51236
  245. LaunchPAV=1,/clv /aut /aex /nbr /loc /nos
  246. LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos
  247.  
  248. [VBS/LoveLetter.F.Info]
  249. Family=F00
  250. Detect=VBS/LoveLetter.F
  251. Clear=VBS/LoveLetter.F
  252. Aliases=WORM/LoveLetter.F
  253. Ids=51248
  254. LaunchPAV=1,/clv /aut /aex /nbr /loc /nos
  255. LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos
  256.  
  257. [VBS/LoveLetter.G.Info]
  258. Family=F00
  259. Detect=VBS/LoveLetter.G
  260. Clear=VBS/LoveLetter.G
  261. Aliases=WORM/LoveLetter.G
  262. Ids=51246
  263. LaunchPAV=1,/clv /aut /aex /nbr /loc /nos
  264. LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos
  265.  
  266. [VBS/LoveLetter.H.Info]
  267. Family=F00
  268. Detect=VBS/LoveLetter
  269. Clear=VBS/LoveLetter
  270. Aliases=WORM/LoveLetter.H
  271. Ids=51253
  272. LaunchPAV=1,/clv /aut /aex /nbr /loc /nos
  273. LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos
  274.  
  275. [VBS/LoveLetter.I.Info]
  276. Family=F00
  277. Detect=VBS/LoveLetter.I
  278. Clear=VBS/LoveLetter.I
  279. Aliases=WORM/LoveLetter.I
  280. Ids=51254,51256
  281. LaunchPAV=1,/clv /aut /aex /nbr /loc /nos
  282. LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos
  283.  
  284. [VBS/LoveLetter.J.Info]
  285. Family=F00
  286. Detect=VBS/LoveLetter.J
  287. Clear=VBS/LoveLetter.J
  288. Aliases=WORM/LoveLetter.J
  289. Ids=51260
  290. LaunchPAV=1,/clv /aut /aex /nbr /loc /nos
  291. LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos
  292.  
  293. [VBS/LoveLetter.K.Info]
  294. Family=F00
  295. Detect=VBS/LoveLetter.K
  296. Clear=VBS/LoveLetter.K
  297. Aliases=WORM/LoveLetter.K
  298. Ids=51262
  299. LaunchPAV=1,/clv /aut /aex /nbr /loc /nos
  300. LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos
  301.  
  302. [VBS/LoveLetter.L.Info]
  303. Family=F00
  304. Detect=VBS/LoveLetter.L
  305. Clear=VBS/LoveLetter.L
  306. Aliases=WORM/LoveLetter.L
  307. Ids=51257
  308. LaunchPAV=1,/clv /aut /aex /nbr /loc /nos
  309. LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos
  310.  
  311. [VBS/LoveLetter.M.Info]
  312. Family=F00
  313. Detect=VBS/LoveLetter
  314. Clear=VBS/LoveLetter
  315. Aliases=WORM/LoveLetter.M
  316. Ids=51220
  317. LaunchPAV=1,/clv /aut /aex /nbr /loc /nos
  318. LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos
  319.  
  320. [VBS/LoveLetter.N.Info]
  321. Family=F00
  322. Detect=VBS/LoveLetter.N
  323. Clear=VBS/LoveLetter.N
  324. Aliases=WORM/LoveLetter.N
  325. Ids=51267
  326. LaunchPAV=1,/clv /aut /aex /nbr /loc /nos
  327. LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos
  328.  
  329. [VBS/LoveLetter.O.Info]
  330. Family=F00
  331. Detect=VBS/LoveLetter
  332. Clear=VBS/LoveLetter
  333. Aliases=WORM/LoveLetter.O
  334. Ids=51269
  335. LaunchPAV=1,/clv /aut /aex /nbr /loc /nos
  336. LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos
  337.  
  338. [VBS/LoveLetter.P.Info]
  339. Family=F00
  340. Detect=VBS/LoveLetter.P
  341. Clear=VBS/LoveLetter.P
  342. Aliases=WORM/LoveLetter.P
  343. Ids=51272
  344. LaunchPAV=1,/clv /aut /aex /nbr /loc /nos
  345. LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos
  346.  
  347. [VBS/LoveLetter.Q.Info]
  348. Family=F00
  349. Detect=VBS/LoveLetter.Q
  350. Clear=VBS/LoveLetter.Q
  351. Aliases=WORM/LoveLetter.Q
  352. Ids=51273
  353. LaunchPAV=1,/clv /aut /aex /nbr /loc /nos
  354. LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos
  355.  
  356. [VBS/LoveLetter.R.Info]
  357. Family=F00
  358. Detect=VBS/LoveLetter.G
  359. Clear=VBS/LoveLetter.G
  360. Aliases=WORM/LoveLetter.R
  361. Ids=51275
  362. LaunchPAV=1,/clv /aut /aex /nbr /loc /nos
  363. LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos
  364.  
  365. [VBS/LoveLetter.S.Info]
  366. Family=F00
  367. Detect=VBS/LoveLetter.S
  368. Clear=VBS/LoveLetter.S
  369. Aliases=WORM/LoveLetter.S
  370. Ids=51276
  371. LaunchPAV=1,/clv /aut /aex /nbr /loc /nos
  372. LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos
  373.  
  374. [VBS/LoveLetter.T.Info]
  375. Family=F00
  376. Detect=VBS/LoveLetter.T
  377. Clear=VBS/LoveLetter.T
  378. Aliases=WORM/LoveLetter.T
  379. Ids=51278
  380. LaunchPAV=1,/clv /aut /aex /nbr /loc /nos
  381. LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos
  382.  
  383. [VBS/LoveLetter.U.Info]
  384. Family=F00
  385. Detect=VBS/LoveLetter.U
  386. Clear=VBS/LoveLetter.U
  387. Aliases=WORM/LoveLetter.U
  388. Ids=51279
  389. LaunchPAV=1,/clv /aut /aex /nbr /loc /nos
  390. LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos
  391.  
  392. [VBS/LoveLetter.V.Info]
  393. Family=F00
  394. Detect=VBS/LoveLetter.V
  395. Clear=VBS/LoveLetter.V
  396. Aliases=WORM/LoveLetter.V
  397. Ids=51281
  398. LaunchPAV=1,/clv /aut /aex /nbr /loc /nos
  399. LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos
  400.  
  401. [VBS/LoveLetter.W.Info]
  402. Family=F00
  403. Detect=VBS/LoveLetter.W
  404. Clear=VBS/LoveLetter.W
  405. Aliases=WORM/LoveLetter.W
  406. Ids=51284
  407. LaunchPAV=1,/clv /aut /aex /nbr /loc /nos
  408. LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos
  409.  
  410. [VBS/LoveLetter.X.Info]
  411. Family=F00
  412. Detect=VBS/LoveLetter
  413. Clear=VBS/LoveLetter
  414. Aliases=WORM/LoveLetter.X
  415. Ids=51291
  416. LaunchPAV=1,/clv /aut /aex /nbr /loc /nos
  417. LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos
  418.  
  419. [VBS/LoveLetter.Y.Info]
  420. Family=F00
  421. Detect=VBS/LoveLetter
  422. Clear=VBS/LoveLetter
  423. Aliases=WORM/LoveLetter.Y
  424. Ids=51292
  425. LaunchPAV=1,/clv /aut /aex /nbr /loc /nos
  426. LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos
  427.  
  428. [VBS/LoveLetter.Z.Info]
  429. Family=F00
  430. Detect=VBS/LoveLetter
  431. Clear=VBS/LoveLetter
  432. Aliases=WORM/LoveLetter.Z
  433. Ids=51303
  434. LaunchPAV=1,/clv /aut /aex /nbr /loc /nos
  435. LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos
  436.  
  437. [I-Worm/Verona.B.Info]
  438. Family=F05
  439. Detect=I-Worm/Verona.B
  440. Clear=I-Worm/Verona.B
  441. Aliases=I-Worm/Verona.B
  442. Ids=53486,54857,15353,15352
  443. LaunchPAV=1,/clv /aut /nbr /loc /nos /ext:exe;chm
  444. LaunchPAV32=1,/clv /aut /nbr /loc /nos /ext:exe;chm
  445.  
  446. [W32/Navidad.Info]
  447. Family=F06
  448. Detect=W32/Navidad
  449. Clear=W32/Navidad
  450. Aliases=W32/Navidad
  451. Ids=55221
  452. LaunchPAV=1,/clv /aut /nbr /loc /nos /ext:exe
  453. LaunchPAV32=1,/clv /aut /nbr /loc /nos /ext:exe
  454.  
  455. [W32/Navidad.B.Info]
  456. Family=F06
  457. Detect=W32/Navidad.B
  458. Clear=W32/Navidad.B
  459. Aliases=W32/Navidad.B
  460. Ids=54974
  461. LaunchPAV=1,/clv /aut /nbr /loc /nos /ext:exe
  462. LaunchPAV32=1,/clv /aut /nbr /loc /nos /ext:exe
  463.  
  464. [W32/FunLove.Info]
  465. Family=F07
  466. Detect=W32/FunLove
  467. Clear=W32/FunLove
  468. Aliases=W32/FunLove
  469. Ids=55051,30807,52029,54554
  470. LaunchPAV=1,/clv /aut /nbr /loc /nos /aex
  471. LaunchPAV32=1,/clv /aut /nbr /loc /nos /aex
  472.  
  473. [W32/SirCam.Info]
  474. Family=F11
  475. Detect=W32/SirCam
  476. Clear=W32/SirCam
  477. Aliases=W32/SirCam@mm
  478. Ids=56752
  479. LaunchPAV=1,/clv /aut /nbr /loc /nos /ext:bat;com;lnk;pif;exe
  480. LaunchPAV32=1,/clv /aut /nbr /loc /nos /ext:bat;com;lnk;pif;exe
  481.  
  482. [VBS/Help.Info]
  483. Family=F10
  484. Detect=VBS/Help
  485. Clear=VBS/Help
  486. Aliases=VBS/HappyTime.A
  487. Ids=55405,24266
  488. LaunchPAV=1,/clv /aut /nbr /loc /nos /ext:htm;html;vbs;asp;htt;hta
  489. LaunchPAV32=1,/clv /aut /nbr /loc /nos /ext:htm;html;vbs;asp;htt;hta
  490.  
  491. [W32/Vote.Detect]
  492. FILE_EXISTS_BY_PATH0=%SystemRoot%\Zacker.vbs
  493. FILE_EXISTS_BY_PATH1=%WindowsRoot%\MixDaLaL.vbs
  494. FILE_EXISTS_BY_PATH2=%WindowsRoot%\WTC.exe
  495. REGISTRY_EXISTS_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,Norton.Thar
  496. REGISTRY_COMPARE_KEY_VALUE0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,start Page,http://us.f1.yahoofs.com/users/da36d538/bc/TimeUpdate.exe?bcaVq97ATaW0yAxk
  497. FILE_FIND_TEXT0=%Root%\AUTOEXEC.BAT,"echo y | format C:",FALSE
  498.  
  499. [W32/Nimda.A@mm.Detect]
  500. FILE_FIND_TEXT0=%WindowsRoot%\SYSTEM.INI,"load.exe -dontrunold",FALSE
  501. FILE_EXISTS_BY_PATH0=%SystemRoot%\LOAD.EXE
  502. PROC_EXISTS_BY_NAME0=LOAD.EXE
  503. FILE_EXISTS_BY_PATH1=C:\ADMIN.DLL
  504. FILE_EXISTS_BY_PATH2=D:\ADMIN.DLL
  505. FILE_EXISTS_BY_PATH3=E:\ADMIN.DLL
  506. FILE_EXISTS_BY_PATH4=%WindowsRoot%\MMC.EXE
  507.  
  508. [W32/Navidad.Detect]
  509. FILE_EXISTS_BY_PATH1=%SystemRoot%\WINSVRC.VXD
  510.  
  511. [W32/Navidad.B.Detect]
  512. FILE_EXISTS_BY_PATH0=%SystemRoot%\wintask.exe
  513.  
  514. [W32/FunLove.Detect]
  515. PROC_EXISTS_BY_NAME0=FLCSS.EXE
  516. SERVICE_EXISTS_BY_NAME0=FLC
  517. FILE_EXISTS_BY_PATH0=%SystemRoot%\FLCSS.EXE
  518. REGISTRY_EXISTS_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,FLC
  519.  
  520. [W32/PrettyPark.Detect]
  521. FILE_EXISTS_BY_PATH0=%SystemRoot%\FILES32.VXD
  522.  
  523. [W32/SirCam.Detect]
  524. PROC_EXISTS_BY_NAME0=SIRC32.EXE
  525. PROC_EXISTS_BY_NAME1=SCAM32.EXE
  526. REGISTRY_EXISTS_KEY0=HKEY_LOCAL_MACHINE,SOFTWARE\SirCam
  527. REGISTRY_EXISTS_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices,Driver32
  528. FILE_FIND_TEXT0=%Root%\AUTOEXEC.BAT,"@win \recycled\sirc32.exe",FALSE
  529. FILE_FIND_TEXT1=%WindowsRoot%\WIN.INI,"SirC32.exe="C:\SirC32.exe"",FALSE
  530. REGISTRY_FIND_TEXT_IN_VALUE0=HKEY_CLASSES_ROOT,"inffile\shell\Install\command","","RUN32.EXE",FALSE
  531. REGISTRY_FIND_TEXT_IN_VALUE1=HKEY_CLASSES_ROOT,"Unknown\shell\openas\command","","RUN32.EXE",FALSE
  532.  
  533. [VBS/Help.Detect]
  534. REGISTRY_EXISTS_KEY0=HKEY_CURRENT_USER,SOFTWARE\Help
  535.  
  536. [VBS/SST.A.Detect]
  537. REGISTRY_EXISTS_KEY0=HKEY_CURRENT_USER,Software\OnTheFly
  538.  
  539. [I-Worm/MTX.Detect]
  540. REGISTRY_EXISTS_KEY0=HKEY_LOCAL_MACHINE,Software\[MATRIX]
  541. REGISTRY_EXISTS_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,SystemBackup
  542. PROC_EXISTS_BY_NAME0=MTX_.EXE
  543.  
  544. [JS/Kak.Worm.Detect]
  545. REGISTRY_EXISTS_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,cAg0u
  546. FILE_EXISTS_BY_PATH0=%StartUpRoot%\KAK.HTA
  547. FILE_EXISTS_BY_PATH1=%Root%\AE.KAK
  548.  
  549. [JS/Kak.Worm.B.Detect]
  550. REGISTRY_EXISTS_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,cDays
  551. FILE_EXISTS_BY_PATH0=%StartUpRoot%\DAY.HTA
  552. FILE_EXISTS_BY_PATH1=%WindowsRoot%\Help\DAYS.HTA
  553. FILE_EXISTS_BY_PATH2=%Root%\DAYS.DAY
  554.  
  555. [VBS/ShellScrap.Worm.Detect]
  556. REGISTRY_EXISTS_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices,ScanReg
  557. FILE_EXISTS_BY_PATH0=%StartUpRoot%\LIFE_STAGES.TXT.SHS
  558.  
  559. [VBS/CoolNotepad.Worm.Detect]
  560. REGISTRY_EXISTS_KEY_VALUE00=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,COOL_NOTEPAD_DEMO
  561. FILE_EXISTS_BY_PATH00=%SystemRoot%\COOL_NOTEPAD_DEMO.TXT.VBS
  562.  
  563. [VBS/LoveLetter.AS.Detect]
  564. REGISTRY_EXISTS_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,LINUX32
  565. REGISTRY_EXISTS_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,reload
  566.  
  567. [VBS/LoveLetter.Detect]
  568. FILE_EXISTS_BY_PATH1=%SystemRoot%\LOVE-LETTER-FOR-YOU.HTM
  569.  
  570. [VBS/LoveLetter.C.Detect]
  571. FILE_EXISTS_BY_PATH1=%SystemRoot%\VERY FUNNY.VBS
  572.  
  573. [VBS/LoveLetter.D.Detect]
  574. FILE_EXISTS_BY_PATH1=%SystemRoot%\MOTHERSDAY.HTM
  575.  
  576. [VBS/LoveLetter.E.Detect]
  577. REGISTRY_COMPARE_KEY_VALUE0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.hackers.com
  578. REGISTRY_COMPARE_KEY_VALUE1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.2600.com
  579.  
  580. [VBS/LoveLetter.F.Detect]
  581. REGISTRY_COMPARE_KEY_VALUE0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skycable.tucows.com/files2/setup24.exe
  582. FILE_EXISTS_BY_PATH0=%SystemRoot%\SETUP24.EXE
  583. FILE_EXISTS_BY_PATH1=%SystemRoot%\URGENT_VIRUS_WARNING.HTM
  584.  
  585. [VBS/LoveLetter.G.Detect]
  586. REGISTRY_COMPARE_KEY_VALUE0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://3doc.dailypussy.com/gallery/bunny.html
  587. REGISTRY_COMPARE_KEY_VALUE1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Search Page,http://astalavista.box.sk
  588. REGISTRY_COMPARE_KEY_VALUE2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Defaul_Page_URL,http://www.persiankitty.com
  589. REGISTRY_COMPARE_KEY_VALUE3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Default_Search_URL,http://www.thecrack.net
  590. REGISTRY_COMPARE_KEY_VALUE4=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Local Page,system\protect.htm
  591. REGISTRY_COMPARE_KEY_VALUE5=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Window Title,Mocro$oft Internet Exploder by Ommen⌐
  592. FILE_EXISTS_BY_PATH0=%SystemRoot%\SETUP24.EXE
  593. FILE_EXISTS_BY_PATH1=%SystemRoot%\PROTECT.HTM
  594. FILE_EXISTS_BY_PATH2=%SystemRoot%\PROTECT.VBS
  595.  
  596. [VBS/LoveLetter.I.Detect]
  597. REGISTRY_EXISTS_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,ESKernel32
  598. REGISTRY_EXISTS_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,ES32DLL
  599.  
  600. [VBS/LoveLetter.J.Detect]
  601. FILE_EXISTS_BY_PATH1=%SystemRoot%\VIRUS-PROTECTION-INSTRUCTIONS.HTM
  602. FILE_EXISTS_BY_PATH2=%SystemRoot%\VIRUS-PROTECTION-INSTRUCTIONS.VBS
  603.  
  604. [VBS/LoveLetter.K.Detect]
  605. FILE_EXISTS_BY_PATH1=%SystemRoot%\NO-HATE-FOR-YOU.HTM
  606.  
  607. [VBS/LoveLetter.L.Detect]
  608. FILE_EXISTS_BY_PATH1=%SystemRoot%\BEWERBUNG.HTM
  609.  
  610. [VBS/LoveLetter.N.Detect]
  611. REGISTRY_EXISTS_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,SNDVOL32
  612. REGISTRY_EXISTS_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,IEAKDLL
  613.  
  614. [VBS/LoveLetter.P.Detect]
  615. FILE_EXISTS_BY_PATH0=%SystemRoot%\SETUP24.EXE
  616. FILE_EXISTS_BY_PATH1=%SystemRoot%\VIR-KILLER.HTM
  617.  
  618. [VBS/LoveLetter.Q.Detect]
  619. REGISTRY_EXISTS_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MUSERS32.VBS
  620. REGISTRY_EXISTS_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,USER32DLL
  621.  
  622. [VBS/LoveLetter.S.Detect]
  623. FILE_EXISTS_BY_PATH1=%SystemRoot%\KILLER.HTM
  624.  
  625. [VBS/LoveLetter.T.Detect]
  626. FILE_EXISTS_BY_PATH1=%SystemRoot%\BAND-AID.DOC.VBS
  627.  
  628. [VBS/LoveLetter.U.Detect]
  629. FILE_EXISTS_BY_PATH1=%SystemRoot%\MAJOR BUG & VIRUS FIX.HTM
  630.  
  631. [VBS/LoveLetter.V.Detect]
  632. FILE_EXISTS_BY_PATH1=%SystemRoot%\UOL.HTM
  633.  
  634. [VBS/LoveLetter.W.Detect]
  635. FILE_EXISTS_BY_PATH1=%SystemRoot%\BUG AND VIRUS FIX.HTM
  636.  
  637. [I-Worm/Verona.B.Detect]
  638. FILE_EXISTS_BY_PATH0=%WindowsRoot%\Sysrnj.exe
  639. REGISTRY_COMPARE_KEY_VALUE0=HKEY_CLASSES_ROOT,rnjfile\shell\open\command,,sysrnj.exe "%1" %*
  640. REGISTRY_COMPARE_KEY_VALUE1=HKEY_CLASSES_ROOT,.arj,,rnjfile
  641. REGISTRY_COMPARE_KEY_VALUE2=HKEY_CLASSES_ROOT,.avi,,rnjfile
  642. REGISTRY_COMPARE_KEY_VALUE3=HKEY_CLASSES_ROOT,.bmp,,rnjfile
  643. REGISTRY_COMPARE_KEY_VALUE4=HKEY_CLASSES_ROOT,.doc,,rnjfile
  644. REGISTRY_COMPARE_KEY_VALUE5=HKEY_CLASSES_ROOT,.exe,,rnjfile
  645. REGISTRY_COMPARE_KEY_VALUE6=HKEY_CLASSES_ROOT,.gif,,rnjfile
  646. REGISTRY_COMPARE_KEY_VALUE7=HKEY_CLASSES_ROOT,.jpe,,rnjfile
  647. REGISTRY_COMPARE_KEY_VALUE8=HKEY_CLASSES_ROOT,.jpeg,,rnjfile
  648. REGISTRY_COMPARE_KEY_VALUE9=HKEY_CLASSES_ROOT,.jpg,,rnjfile
  649. REGISTRY_COMPARE_KEY_VALUE10=HKEY_CLASSES_ROOT,.lha,,rnjfile
  650. REGISTRY_COMPARE_KEY_VALUE11=HKEY_CLASSES_ROOT,.mp2,,rnjfile
  651. REGISTRY_COMPARE_KEY_VALUE12=HKEY_CLASSES_ROOT,.mp3,,rnjfile
  652. REGISTRY_COMPARE_KEY_VALUE13=HKEY_CLASSES_ROOT,.mpeg,,rnjfile
  653. REGISTRY_COMPARE_KEY_VALUE14=HKEY_CLASSES_ROOT,.mpg,,rnjfile
  654. REGISTRY_COMPARE_KEY_VALUE15=HKEY_CLASSES_ROOT,.rar,,rnjfile
  655. REGISTRY_COMPARE_KEY_VALUE16=HKEY_CLASSES_ROOT,.reg,,rnjfile
  656. REGISTRY_COMPARE_KEY_VALUE17=HKEY_CLASSES_ROOT,.vqf,,rnjfile
  657. REGISTRY_COMPARE_KEY_VALUE18=HKEY_CLASSES_ROOT,.wma,,rnjfile
  658. REGISTRY_COMPARE_KEY_VALUE19=HKEY_CLASSES_ROOT,.wmf,,rnjfile
  659. REGISTRY_COMPARE_KEY_VALUE20=HKEY_CLASSES_ROOT,.wmv,,rnjfile
  660. REGISTRY_COMPARE_KEY_VALUE21=HKEY_CLASSES_ROOT,.xls,,rnjfile
  661. REGISTRY_COMPARE_KEY_VALUE22=HKEY_CLASSES_ROOT,.zip,,rnjfile
  662.  
  663. [VBS/SST.A.Clear]
  664. REGISTRY_DELETE_KEY0=HKEY_CURRENT_USER,Software\OnTheFly
  665. PROC_TERMINATE_BY_NAME0=WSCRIPT.EXE
  666. FILE_DELETE_BY_PATH0=%WindowsRoot%\AnnaKournikova.jpg.vbs
  667.  
  668. [I-Worm/MTX.Clear]
  669. PROC_TERMINATE_BY_NAME0=MTX_.EXE
  670. FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,SystemBackup
  671. REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,SystemBackup
  672. REGISTRY_DELETE_KEY0=HKEY_LOCAL_MACHINE,Software\[MATRIX]
  673. FILE_DELETE_BY_PATH0=%WindowsRoot%\WIN32.DLL
  674. FILE_DELETE_BY_PATH1=%WindowsRoot%\IE_PACK.EXE
  675. FILE_DELETE_BY_PATH2=%WindowsRoot%\MTX_.EXE
  676. FILE_DELETE_BY_PATH3=%SystemRoot%\WSOCK32.MTX
  677. FILE_COPY_BY_PATH_TO_PATH0=%SystemRoot%\WSOCK32.DLL,%SystemRoot%\WSOCK32.MTX
  678.  
  679. [JS/Kak.Worm.Clear]
  680. OUTLOOKEXPRESS_DELETE_SIGNATURES_IF_CONTAIN_TEXT_BY_VAR0=KAK_A
  681. FILE_DELETE_BY_PATH0=%StartUpRoot%\KAK.HTA
  682. FILE_DELETE_BY_PATH1=%WindowsRoot%\KAK.HTM
  683. FILE_DELETE_BY_PATH2=%WindowsRoot%\KAK.REG
  684. FILE_MOVE_BY_PATH_TO_PATH0=%Root%\AE.KAK,%Root%\AUTOEXEC.BAT
  685. FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,cAg0u
  686. REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,cAg0u
  687.  
  688. [JS/Kak.Worm.B.Clear]
  689. OUTLOOKEXPRESS_DELETE_SIGNATURES_IF_CONTAIN_TEXT_BY_VAR0=KAK_B
  690. FILE_DELETE_BY_PATH0=%StartUpRoot%\DAY.HTA
  691. FILE_DELETE_BY_PATH1=%WindowsRoot%\COMMAND\DEFAULT.HTM
  692. FILE_DELETE_BY_PATH2=%WindowsRoot%\DAY.REG
  693. FILE_DELETE_BY_PATH3=%WindowsRoot%\Help\DAYS.HTA
  694. FILE_MOVE_BY_PATH_TO_PATH0=%Root%\DAYS.DAY,%Root%\AUTOEXEC.BAT
  695. FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,cDays
  696. REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,cDays
  697.  
  698. [VBS/ShellScrap.Worm.Clear]
  699. FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_USERS,.DEFAULT\SOFTWARE\Mirabilis\ICQ\Agent\Apps\ICQ,Parameters
  700. REGISTRY_SET_KEY_VALUE_WITH_FORMAT_STRING_PATH_PARAMETER0=HKEY_LOCAL_MACHINE,Software\CLASSES\regfile\DefaultIcon,"","%s,1",%WindowsRoot%\REGEDIT.EXE
  701. REGISTRY_SET_KEY_VALUE_WITH_FORMAT_STRING_PATH_PARAMETER1=HKEY_LOCAL_MACHINE,Software\CLASSES\regfile\shell\open\command,"","%s "%1"",%WindowsRoot%\REGEDIT.EXE
  702. REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices,ScanReg
  703. REGISTRY_DELETE_KEY_VALUE1=HKEY_USERS,.DEFAULT\SOFTWARE\Mirabilis\ICQ\Agent\Apps\ICQ,Parameters
  704. REGISTRY_DELETE_KEY_VALUE2=HKEY_CLASSES_ROOT,ShellScrap,AlwaysShowExt
  705. REGISTRY_SET_KEY_VALUE0=HKEY_CLASSES_ROOT,ShellScrap,NeverShowExt,
  706. FILE_MOVE_BY_PATH_TO_PATH0=%RecycledRoot%\RECYCLED.VXD,%WindowsRoot%\REGEDIT.EXE
  707. FILE_DELETE_BY_PATH0=%SystemRoot%\MSINFO16.TLB
  708. FILE_DELETE_BY_PATH1=%WindowsRoot%\MSINFO16.TLB
  709. FILE_DELETE_BY_PATH2=%SystemRoot%\SCANREG.VBS
  710. FILE_DELETE_BY_PATH3=%SystemRoot%\VBASET.OLB
  711. FILE_DELETE_BY_PATH4=%RecycledRoot%\DBINDEX.VBS
  712. FILE_DELETE_BY_PATH5=%RecycledRoot%\MSRCYCLD.DAT
  713. FILE_DELETE_BY_PATH6=%RecycledRoot%\RCYCLDBN.DAT
  714. FILE_DELETE_BY_PATH7=%WindowsRoot%\LIFE_STAGES.TXT.SHS
  715. FILE_DELETE_BY_PATH8=%StartUpRoot%\LIFE_STAGES.TXT.SHS
  716. FILE_DELETE_BY_PATH9=%MyDocumentsRoot%\IMPORTANT*.SHS
  717. FILE_DELETE_BY_PATH10=%MyDocumentsRoot%\SECRET*.SHS
  718. FILE_DELETE_BY_PATH11=%MyDocumentsRoot%\UNKNOWN*.SHS
  719. FILE_DELETE_BY_PATH12=%MyDocumentsRoot%\REPORT*.SHS
  720. FILE_DELETE_BY_PATH18=%MyDocumentsRoot%\INFO*.SHS
  721. FILE_DELETE_BY_PATH13=%Root%\IMPORTANT*.SHS
  722. FILE_DELETE_BY_PATH14=%Root%\SECRET*.SHS
  723. FILE_DELETE_BY_PATH15=%Root%\UNKNOWN*.SHS
  724. FILE_DELETE_BY_PATH16=%Root%\REPORT*.SHS
  725. FILE_DELETE_BY_PATH17=%Root%\INFO*.SHS
  726. FILE_DELETE_BY_PATH19=%ProgramsRoot%\IMPORTANT*.SHS
  727. FILE_DELETE_BY_PATH20=%ProgramsRoot%\SECRET*.SHS
  728. FILE_DELETE_BY_PATH21=%ProgramsRoot%\UNKNOWN*.SHS
  729. FILE_DELETE_BY_PATH22=%ProgramsRoot%\REPORT*.SHS
  730. FILE_DELETE_BY_PATH23=%ProgramsRoot%\INFO*.SHS
  731. FILE_DELETE_BY_PATH24=%StartUpRoot%\LIFE_STAGES.TXT.SHS
  732.  
  733. [VBS/CoolNotepad.Worm.Clear]
  734. FILE_DELETE_BY_REGISTRY_KEY_VALUE00=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,COOL_NOTEPAD_DEMO
  735. REGISTRY_DELETE_KEY_VALUE00=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,COOL_NOTEPAD_DEMO
  736. REGISTRY_SET_KEY_VALUE_WITH_TYPE00=DWORD,HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoDesktop,0,0
  737. FILE_DELETE_BY_PATH0=%SystemRoot%\COOL_NOTEPAD_DEMO.TXT.VBS
  738.  
  739. [VBS/LoveLetter.AS.Clear]
  740. FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,LINUX32
  741. FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,reload
  742. REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,LINUX32
  743. REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,reload
  744. REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://members.fortunecity.com/plancolombia/macromedia32.zip,http://www.pandasoftware.com
  745. REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://members.fortunecity.com/plancolombia/linux321.zip,http://www.pandasoftware.com
  746. REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://members.fortunecity.com/plancolombia/linux322.zip,http://www.pandasoftware.com
  747. FILE_DELETE_BY_PATH0=%SystemRoot%\US-PRESIDENT-AND-FBI-SECRETS.HTM
  748.  
  749. [VBS/LoveLetter.Clear]
  750. PROC_TERMINATE_BY_NAME0=WINFAT32.EXE
  751. FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32
  752. FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL
  753. FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX
  754. REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32
  755. REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL
  756. REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX
  757. REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  758. REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  759. REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  760. REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  761. FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE
  762. FILE_DELETE_BY_PATH1=%SystemRoot%\LOVE-LETTER-FOR-YOU.HTM
  763. FILE_DELETE_BY_PATH2=%SystemRoot%\LOVE-LETTER-FOR-YOU.TXT.VBS
  764.  
  765. [VBS/LoveLetter.C.Clear]
  766. PROC_TERMINATE_BY_NAME0=WINFAT32.EXE
  767. FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32
  768. FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL
  769. FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX
  770. REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32
  771. REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL
  772. REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX
  773. REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  774. REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  775. REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  776. REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  777. FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE
  778. FILE_DELETE_BY_PATH1=%SystemRoot%\VERY FUNNY.VBS
  779. FILE_DELETE_BY_PATH2=%SystemRoot%\VERY FUNNY.HTM
  780.  
  781. [VBS/LoveLetter.D.Clear]
  782. PROC_TERMINATE_BY_NAME0=WINFAT32.EXE
  783. FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32
  784. FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL
  785. FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX
  786. REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32
  787. REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL
  788. REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX
  789. REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  790. REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  791. REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  792. REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  793. FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE
  794. FILE_DELETE_BY_PATH1=%SystemRoot%\MOTHERSDAY.VBS
  795. FILE_DELETE_BY_PATH2=%SystemRoot%\MOTHERSDAY.HTM
  796.  
  797. [VBS/LoveLetter.E.Clear]
  798. PROC_TERMINATE_BY_NAME0=WINFAT32.EXE
  799. FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32
  800. FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL
  801. FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WinFAT32
  802. REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32
  803. REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL
  804. REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WinFAT32
  805. REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.hackers.com,http://www.pandasoftware.com
  806. REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.2600.com,http://www.pandasoftware.com
  807. FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE
  808. FILE_DELETE_BY_PATH1=%SystemRoot%\MOTHERSDAY.VBS
  809. FILE_DELETE_BY_PATH2=%SystemRoot%\MOTHERSDAY.HTM
  810.  
  811. [VBS/LoveLetter.F.Clear]
  812. FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32
  813. FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL
  814. REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32
  815. REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL
  816. REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skycable.tucows.com/files2/setup24.exe,http://www.pandasoftware.com
  817. FILE_DELETE_BY_PATH2=%SystemRoot%\URGENT_VIRUS_WARNING.HTM
  818.  
  819. [VBS/LoveLetter.G.Clear]
  820. FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32
  821. FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL
  822. REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32
  823. REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL
  824. REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX
  825. REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://3doc.dailypussy.com/gallery/bunny.html,http://www.pandasoftware.com
  826. REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Search Page,http://astalavista.box.sk,http://www.pandasoftware.com
  827. REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Defaul_Page_URL,http://www.persiankitty.com,http://www.pandasoftware.com
  828. REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Default_Search_URL,http://www.thecrack.net,http://www.pandasoftware.com
  829. REGISTRY_SET_KEY_VALUE_IF_EQUAL4=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Local Page,system\protect.htm,http://www.pandasoftware.com
  830. REGISTRY_SET_KEY_VALUE_IF_EQUAL5=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Window Title,Mocro$oft Internet Exploder by Ommen⌐,Microsoft Internet Explorer
  831. FILE_DELETE_BY_PATH0=%SystemRoot%\SETUP24.EXE
  832. FILE_DELETE_BY_PATH1=%SystemRoot%\PROTECT.HTM
  833. FILE_DELETE_BY_PATH2=%SystemRoot%\PROTECT.VBS
  834.  
  835. [VBS/LoveLetter.I.Clear]
  836. PROC_TERMINATE_BY_NAME0=WINFAT32.EXE
  837. FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,ESKernel32
  838. FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,ES32DLL
  839. ILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX
  840. REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,ESKernel32
  841. REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,ES32DLL
  842. REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX
  843. REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  844. REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  845. REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  846. REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  847. FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE
  848. FILE_DELETE_BY_PATH1=%SystemRoot%\IMPORTANT.HTM
  849. FILE_DELETE_BY_PATH2=%SystemRoot%\IMPORTANT.TXT.VBS
  850.  
  851. [VBS/LoveLetter.J.Clear]
  852. PROC_TERMINATE_BY_NAME0=WINFAT32.EXE
  853. FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32
  854. FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL
  855. FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX
  856. REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32
  857. REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL
  858. REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX
  859. REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  860. REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  861. REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  862. REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  863. FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE
  864. FILE_DELETE_BY_PATH1=%SystemRoot%\VIRUS-PROTECTION-INSTRUCTIONS.HTM
  865. FILE_DELETE_BY_PATH2=%SystemRoot%\VIRUS-PROTECTION-INSTRUCTIONS.VBS
  866.  
  867. [VBS/LoveLetter.K.Clear]
  868. PROC_TERMINATE_BY_NAME0=WINFAT32.EXE
  869. FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32
  870. FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL
  871. FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX
  872. REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32
  873. REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL
  874. REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX
  875. REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  876. REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  877. REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  878. REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  879. FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE
  880. FILE_DELETE_BY_PATH1=%SystemRoot%\NO-HATE-FOR-YOU.HTM
  881.  
  882. [VBS/LoveLetter.L.Clear]
  883. PROC_TERMINATE_BY_NAME0=WINFAT32.EXE
  884. FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32
  885. FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL
  886. FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX
  887. REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32
  888. REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL
  889. REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX
  890. REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  891. REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  892. REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  893. REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  894. FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE
  895. FILE_DELETE_BY_PATH1=%SystemRoot%\BEWERBUNG.HTM
  896. FILE_DELETE_BY_PATH2=%SystemRoot%\BEWERBUNG.TXT.VBS
  897.  
  898. [VBS/LoveLetter.N.Clear]
  899. PROC_TERMINATE_BY_NAME0=WINFAT32.EXE
  900. FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,SNDVOL32
  901. FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,IEAKDLL
  902. FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX
  903. REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,SNDVOL32
  904. REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,IEAKDLL
  905. REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX
  906. REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.astalavista.box.sk,http://www.pandasoftware.com
  907. REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  908. REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  909. REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  910. FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE
  911. FILE_DELETE_BY_PATH1=%SystemRoot%\IMPORTANT.HTM
  912. FILE_DELETE_BY_PATH2=%SystemRoot%\IMPORTANT.TXT.VBS
  913.  
  914. [VBS/LoveLetter.P.Clear]
  915. FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32
  916. FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL
  917. FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX
  918. REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32
  919. REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL
  920. REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX
  921. REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.yahoo.com/Vir-Killer.exe,http://www.pandasoftware.com
  922. REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.msn.com/Vir-Killer.exe,http://www.pandasoftware.com
  923. REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.Hotmail.com/Vir-Killer.exe,http://www.pandasoftware.com
  924. REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.Aol.com/Vir-Killer.exe,http://www.pandasoftware.com
  925. FILE_DELETE_BY_PATH0=%SystemRoot%\SETUP24.EXE
  926. FILE_DELETE_BY_PATH1=%SystemRoot%\VIR-KILLER.HTM
  927. FILE_DELETE_BY_PATH2=%SystemRoot%\VIR-KILLER.VBS
  928.  
  929. [VBS/LoveLetter.Q.Clear]
  930. PROC_TERMINATE_BY_NAME0=WINFAT32.EXE
  931. FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MUSERS32.VBS
  932. FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,USER32DLL
  933. FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX
  934. REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MUSERS32.VBS
  935. REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,USER32DLL
  936. REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX
  937. REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  938. REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  939. REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  940. REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  941. FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE
  942. FILE_DELETE_BY_PATH1=%SystemRoot%\LOOK.HTM
  943. FILE_DELETE_BY_PATH2=%SystemRoot%\LOOK.VBS
  944.  
  945. [VBS/LoveLetter.S.Clear]
  946. PROC_TERMINATE_BY_NAME0=WINFAT32.EXE
  947. FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32
  948. FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL
  949. FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX
  950. REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32
  951. REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL
  952. REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX
  953. REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  954. REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  955. REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  956. REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  957. FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE
  958. FILE_DELETE_BY_PATH1=%SystemRoot%\KILLER.HTM
  959. FILE_DELETE_BY_PATH2=%SystemRoot%\KILLEMALL.TXT.VBS
  960.  
  961. [VBS/LoveLetter.T.Clear]
  962. PROC_TERMINATE_BY_NAME0=WINFAT32.EXE
  963. FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32
  964. FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL
  965. FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX
  966. REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32
  967. REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL
  968. REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX
  969. REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.2600.com,http://www.pandasoftware.com
  970. FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE
  971. FILE_DELETE_BY_PATH1=%SystemRoot%\BAND-AID.DOC.VBS
  972.  
  973. [VBS/LoveLetter.U.Clear]
  974. PROC_TERMINATE_BY_NAME0=WINFAT32.EXE
  975. FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32
  976. FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL
  977. FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX
  978. REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32
  979. REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL
  980. REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX
  981. REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  982. REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  983. REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  984. REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com
  985. FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE
  986. FILE_DELETE_BY_PATH1=%SystemRoot%\MAJOR BUG & VIRUS FIX.HTM
  987.  
  988. [VBS/LoveLetter.V.Clear]
  989. PROC_TERMINATE_BY_NAME0=WINFAT32.EXE
  990. FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32
  991. FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL
  992. FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX
  993. REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32
  994. REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL
  995. REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX
  996. REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.uol.com.br/,http://www.pandasoftware.com
  997. FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE
  998. FILE_DELETE_BY_PATH1=%SystemRoot%\UOL.HTM
  999. FILE_DELETE_BY_PATH2=%SystemRoot%\UOL.TXT.VBS
  1000.  
  1001. [VBS/LoveLetter.W.Clear]
  1002. FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32
  1003. FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL
  1004. FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX
  1005. REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32
  1006. REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL
  1007. REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX
  1008. REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.2600.com,http://www.pandasoftware.com
  1009. FILE_DELETE_BY_PATH1=%SystemRoot%\BUG AND VIRUS FIX.HTM
  1010. FILE_DELETE_BY_PATH2=%SystemRoot%\BUG AND VIRUS FIX.TXT.VBS
  1011.  
  1012. [I-Worm/Verona.B.Clear]
  1013. FILE_DELETE_BY_PATH0=%WindowsRoot%\Sysrnj.exe
  1014. REGISTRY_SET_KEY_VALUE0=HKEY_CLASSES_ROOT,.arj,,
  1015. REGISTRY_SET_KEY_VALUE1=HKEY_CLASSES_ROOT,.avi,,avifile
  1016. REGISTRY_SET_KEY_VALUE2=HKEY_CLASSES_ROOT,.bmp,,Paint.Picture
  1017. REGISTRY_SET_KEY_VALUE3=HKEY_CLASSES_ROOT,.doc,,
  1018. REGISTRY_SET_KEY_VALUE4=HKEY_CLASSES_ROOT,.exe,,exefile
  1019. REGISTRY_SET_KEY_VALUE5=HKEY_CLASSES_ROOT,.gif,,giffile
  1020. REGISTRY_SET_KEY_VALUE6=HKEY_CLASSES_ROOT,.jpe,,jpegfile
  1021. REGISTRY_SET_KEY_VALUE7=HKEY_CLASSES_ROOT,.jpeg,,jpegfile
  1022. REGISTRY_SET_KEY_VALUE8=HKEY_CLASSES_ROOT,.jpg,,jpegfile
  1023. REGISTRY_SET_KEY_VALUE9=HKEY_CLASSES_ROOT,.lha,,
  1024. REGISTRY_SET_KEY_VALUE10=HKEY_CLASSES_ROOT,.mp2,,mpegfile
  1025. REGISTRY_SET_KEY_VALUE11=HKEY_CLASSES_ROOT,.mp3,,mp3file
  1026. REGISTRY_SET_KEY_VALUE12=HKEY_CLASSES_ROOT,.mpeg,,mpegfile
  1027. REGISTRY_SET_KEY_VALUE13=HKEY_CLASSES_ROOT,.mpg,,mpegfile
  1028. REGISTRY_SET_KEY_VALUE14=HKEY_CLASSES_ROOT,.rar,,
  1029. REGISTRY_SET_KEY_VALUE15=HKEY_CLASSES_ROOT,.reg,,regfile
  1030. REGISTRY_SET_KEY_VALUE16=HKEY_CLASSES_ROOT,.vqf,,
  1031. REGISTRY_SET_KEY_VALUE17=HKEY_CLASSES_ROOT,.wma,,WMAfile
  1032. REGISTRY_SET_KEY_VALUE18=HKEY_CLASSES_ROOT,.wmf,,WMF_auto_file
  1033. REGISTRY_SET_KEY_VALUE19=HKEY_CLASSES_ROOT,.wmv,,WMVFile
  1034. REGISTRY_SET_KEY_VALUE20=HKEY_CLASSES_ROOT,.xls,,
  1035. REGISTRY_SET_KEY_VALUE21=HKEY_CLASSES_ROOT,.zip,,
  1036. REGISTRY_DELETE_KEY0=HKEY_CLASSES_ROOT,rnjfile\DefaultIcon
  1037. REGISTRY_DELETE_KEY1=HKEY_CLASSES_ROOT,rnjfile\shell\open\command
  1038. REGISTRY_DELETE_KEY2=HKEY_CLASSES_ROOT,rnjfile\shell\open
  1039. REGISTRY_DELETE_KEY3=HKEY_CLASSES_ROOT,rnjfile\shell\
  1040. REGISTRY_DELETE_KEY4=HKEY_CLASSES_ROOT,rnjfile
  1041.  
  1042. [W32/Navidad.Clear]
  1043. REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,Win32BaseServiceMOD
  1044. REGISTRY_SET_KEY_VALUE0=HKEY_CLASSES_ROOT,exefile\shell\open\command,"",""%1" %*"
  1045. FILE_DELETE_BY_PATH1=%SystemRoot%\WINSVRC.VXD
  1046. PROC_TERMINATE_BY_NAME0=NAVIDAD.EXE
  1047.  
  1048. [W32/Navidad.B.Clear]
  1049. REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,Win32BaseServiceMOD
  1050. REGISTRY_SET_KEY_VALUE0=HKEY_CLASSES_ROOT,exefile\shell\open\command,"",""%1" %*"
  1051. PROC_TERMINATE_BY_NAME0=WINTASK.EXE
  1052. PROC_TERMINATE_BY_NAME1=EMANUEL.EXE
  1053. FILE_DELETE_BY_PATH0=%SystemRoot%\wintask.exe
  1054.  
  1055. [W32/FunLove.Clear]
  1056. PROC_TERMINATE_BY_NAME0=FLCSS.EXE
  1057. FILE_DELETE_BY_PATH0=%SystemRoot%\FLCSS.EXE
  1058. PATH_MAKE_BY_PATH0=%SystemRoot%\FLCSS.EXE,1,HSR
  1059. SERVICE_DELETE_BY_NAME0=FLC
  1060. REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,FLC
  1061.  
  1062. [W32/PrettyPark.Clear]
  1063. REGISTRY_SET_KEY_VALUE0=HKEY_CLASSES_ROOT,exefile\shell\open\command,"",""%1" %*"
  1064. PROC_TERMINATE_BY_NAME0=FILES32.VXD
  1065. FILE_DELETE_BY_PATH0=%SystemRoot%\FILES32.VXD
  1066.  
  1067. [VBS/Help.Clear]
  1068. FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_CURRENT_USER,SOFTWARE\Help,wallPaper
  1069. FILE_DELETE_BY_PATH0=%WindowsRoot%\UNTITLED.HTM
  1070. REGISTRY_DELETE_KEY0=HKEY_CURRENT_USER,SOFTWARE\Help
  1071. REGISTRY_SET_KEY_VALUE0=HKEY_CURRENT_USER,Control Panel\Desktop,Wallpaper,""
  1072.  
  1073. [W32/SirCam.Clear.NT]
  1074. PROC_TERMINATE_BY_NAME0=SIRC32.EXE
  1075. PROC_TERMINATE_BY_NAME1=SCAM32.EXE
  1076. PROC_TERMINATE_BY_NAME2=RUN32.EXE
  1077. PROC_TERMINATE_BY_NAME3=RUNDLL32.EXE
  1078. REGISTRY_SET_KEY_VALUE0=HKEY_CLASSES_ROOT,exefile\shell\open\command,"",""%1" %*"
  1079. FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices,Driver32
  1080. REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices,Driver32
  1081. REGISTRY_DELETE_KEY0=HKEY_LOCAL_MACHINE,SOFTWARE\SirCam
  1082. FILE_DELETE_BY_PATH00=%RecycledRoot%\SIRC32.EXE
  1083. FILE_DELETE_BY_PATH01=%SystemRoot%\SCD.DLL
  1084. FILE_DELETE_BY_PATH02=%SystemRoot%\SCW1.DLL
  1085. FILE_DELETE_BY_PATH03=%SystemRoot%\SCI1.DLL
  1086. FILE_DELETE_BY_PATH04=%SystemRoot%\SCY1.DLL
  1087. FILE_DELETE_BY_PATH05=%SystemRoot%\SCH1.DLL
  1088. FILE_DELETE_BY_PATH06=%SystemRoot%\SCT1.DLL
  1089. FILE_DELETE_BY_PATH07=%WindowsRoot%\ScMx32.exe
  1090. FILE_DELETE_BY_PATH08=%StartUpRoot%\Microsoft Internet Office.exe
  1091. FILE_DELETE_BY_PATH09=%RecycledRoot%\SIRCAM.SYS
  1092. FILE_DELETE_BY_PATH10=%Root%\SIRC32.EXE
  1093. FILE_REPLACE_TEXT0=%Root%\AUTOEXEC.BAT,"@win \recycled\sirc32.exe","",FALSE
  1094. FILE_REPLACE_TEXT1=%WindowsRoot%\WIN.INI,"SirC32.exe="C:\SirC32.exe"","",FALSE
  1095. REGISTRY_REPLACE_TEXT_IN_VALUE0=HKEY_CLASSES_ROOT,"inffile\shell\Install\command","","RUN32.EXE","RUNDLL32.EXE",FALSE
  1096. REGISTRY_REPLACE_TEXT_IN_VALUE1=HKEY_CLASSES_ROOT,"Unknown\shell\openas\command","","RUN32.EXE","RUNDLL32.EXE",FALSE
  1097. FILE_MOVE_BY_PATH_TO_PATH0=%SystemRoot%\RUN32.EXE,%SystemRoot%\RUNDLL32.EXE
  1098.  
  1099. [W32/SirCam.Clear.9X]
  1100. PROC_TERMINATE_BY_NAME0=SIRC32.EXE
  1101. PROC_TERMINATE_BY_NAME1=SCAM32.EXE
  1102. PROC_TERMINATE_BY_NAME2=RUN32.EXE
  1103. PROC_TERMINATE_BY_NAME3=RUNDLL32.EXE
  1104. REGISTRY_SET_KEY_VALUE0=HKEY_CLASSES_ROOT,exefile\shell\open\command,"",""%1" %*"
  1105. FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices,Driver32
  1106. REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices,Driver32
  1107. REGISTRY_DELETE_KEY0=HKEY_LOCAL_MACHINE,SOFTWARE\SirCam
  1108. FILE_DELETE_BY_PATH00=%RecycledRoot%\SIRC32.EXE
  1109. FILE_DELETE_BY_PATH01=%SystemRoot%\SCD.DLL
  1110. FILE_DELETE_BY_PATH02=%SystemRoot%\SCW1.DLL
  1111. FILE_DELETE_BY_PATH03=%SystemRoot%\SCI1.DLL
  1112. FILE_DELETE_BY_PATH04=%SystemRoot%\SCY1.DLL
  1113. FILE_DELETE_BY_PATH05=%SystemRoot%\SCH1.DLL
  1114. FILE_DELETE_BY_PATH06=%SystemRoot%\SCT1.DLL
  1115. FILE_DELETE_BY_PATH07=%WindowsRoot%\ScMx32.exe
  1116. FILE_DELETE_BY_PATH08=%StartUpRoot%\Microsoft Internet Office.exe
  1117. FILE_DELETE_BY_PATH09=%RecycledRoot%\SIRCAM.SYS
  1118. FILE_DELETE_BY_PATH10=%Root%\SIRC32.EXE
  1119. FILE_REPLACE_TEXT0=%Root%\AUTOEXEC.BAT,"@win \recycled\sirc32.exe","",FALSE
  1120. FILE_REPLACE_TEXT1=%WindowsRoot%\WIN.INI,"SirC32.exe="C:\SirC32.exe"","",FALSE
  1121. REGISTRY_REPLACE_TEXT_IN_VALUE0=HKEY_CLASSES_ROOT,"inffile\shell\Install\command","","RUN32.EXE","RUNDLL.EXE",FALSE
  1122. REGISTRY_REPLACE_TEXT_IN_VALUE1=HKEY_CLASSES_ROOT,"Unknown\shell\openas\command","","RUN32.EXE","RUNDLL32.EXE",FALSE
  1123. FILE_MOVE_BY_PATH_TO_PATH0=%WindowsRoot%\RUN32.EXE,%WindowsRoot%\RUNDLL32.EXE
  1124.  
  1125. [W32/Nimda.A@mm.Clear]
  1126. PROC_TERMINATE_BY_NAME0=LOAD.EXE
  1127. FILE_DELETE_BY_PATH00=%WindowsRoot%\MMC.EXE
  1128. FILE_DELETE_BY_PATH01=%TempRoot%\MEP*.EXE
  1129. FILE_DELETE_BY_PATH02=%WindowsRoot%\WININIT.INI
  1130. FILE_REPLACE_TEXT1=%WindowsRoot%\SYSTEM.INI," load.exe -dontrunold","",FALSE
  1131. FILE_DELETE_BY_PATH03=%TempRoot%\MEP*.*
  1132. FILE_DELETE_BY_PATH04=%SystemRoot%\LOAD.EXE
  1133. USER_DISABLE_BY_NAME0=guest
  1134. FILE_DELETE_BY_PATH05=C:\ADMIN.DLL
  1135. FILE_DELETE_BY_PATH06=D:\ADMIN.DLL
  1136. FILE_DELETE_BY_PATH07=E:\ADMIN.DLL
  1137. FILE_DELETE_BY_PATH08=C:\INETPUB\WWWROOT\TFTP*
  1138. FILE_DELETE_BY_PATH09=C:\INETPUB\SCRIPTS\TFTP*
  1139. FILE_DELETE_BY_PATH10=D:\INETPUB\WWWROOT\TFTP*
  1140. FILE_DELETE_BY_PATH11=D:\INETPUB\SCRIPTS\TFTP*
  1141. FILE_DELETE_BY_PATH12=E:\INETPUB\WWWROOT\TFTP*
  1142. FILE_DELETE_BY_PATH13=E:\INETPUB\SCRIPTS\TFTP*
  1143. FILE_DELETE_BY_PATH14=F:\INETPUB\WWWROOT\TFTP*
  1144. FILE_DELETE_BY_PATH15=F:\INETPUB\SCRIPTS\TFTP*
  1145. FILE_DELETE_BY_PATH16=G:\INETPUB\WWWROOT\TFTP*
  1146. FILE_DELETE_BY_PATH17=G:\INETPUB\SCRIPTS\TFTP*
  1147.  
  1148. [W32/Vote.Clear]
  1149. FILE_DELETE_BY_PATH00=%SystemRoot%\Zacker.vbs
  1150. FILE_DELETE_BY_PATH01=%WindowsRoot%\MixDaLaL.vbs
  1151. FILE_DELETE_BY_PATH02=%WindowsRoot%\WTC.exe
  1152. REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,Norton.Thar
  1153. REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://us.f1.yahoofs.com/users/da36d538/bc/TimeUpdate.exe?bcaVq97ATaW0yAxk,http://www.pandasoftware.com
  1154. FILE_REPLACE_TEXT0=%Root%\AUTOEXEC.BAT,"echo y | format C:","",FALSE
  1155.  
  1156.  
  1157. [ByteStrings]
  1158. KAK_A=4B414B2E48544D
  1159. KAK_B=44454641554C542E48544D
  1160.