CD-ROM Data 2003 March

home *** CD-ROM | disk | FTP | other *** search

/ CD-ROM Data 2003 March / CD Rom Data Mart 2003.iso / Freeware / Panda / QRV.KRN < prev next >

Wrap

INI File | 2002-04-29 | 69.6 KB | 1,445 lines

[Version] MinVersion=2.6.2.26 MaxVersion=2.7.0.0 Version=01.09.04.02 [VirusInformation] W32/Stator=W32/Stator W32/Reeezak.A=W32/Reeezak.A@mm,Keyluc,W32/Zacker.C,W32/Maldal.C@mm W32/Updater=W32/Updater W32/Goner.A=W32/Goner.A I-Worm/Happy=I-Worm/Happy W32/Qaz=W32/Qaz W32/MSInit.A=W32/MSInit.A W32/Badtrans=W32/Badtrans.B,W32/Badtrans@MM W32/Klez=W32/Klez W32/Vote=Vote W32/Nimda=Nimda W32/SirCam=W32/SirCam@mm VBS/Help=VBS/HappyTime.A VBS/SST.A=VBS/SST.A,I-Worm/Lee.O W32/PrettyPark=W32/ExploreZip.Worm.Pack,Wrom.ExploreZip I-Worm/MTX=I-Worm/MTX JS/Kak.Worm=VBS.KakWorm, Kagou-Anti-Frosoft, Wsript.Kak.A JS/Kak.Worm.B=VBS.KakWorm.B, Wsript.Kak.B, Days VBS/ShellScrap.Worm=VBS/ShellScrap.Worm I-Worm/Verona.B=BleBla.B, I-Worm-Blebla.B, Troj/Blebla.B, W32/BleBla@mm W32/Navidad=W32/Navidad W32/Navidad.B=W32/Navidad.B VBS/CoolNotepad.Worm=VBS/CoolNotepad.Worm VBS/LoveLetter=VBS/LoveLetter VBS/LoveLetter.AS=VBS/LoveLetter.AS VBS/LoveLetter.C=VBS/LoveLetter.C VBS/LoveLetter.D=VBS/LoveLetter.D VBS/LoveLetter.E=VBS/LoveLetter.E VBS/LoveLetter.F=VBS/LoveLetter.F VBS/LoveLetter.G=VBS/LoveLetter.G VBS/LoveLetter.I=VBS/LoveLetter.I VBS/LoveLetter.J=VBS/LoveLetter.J VBS/LoveLetter.K=VBS/LoveLetter.K VBS/LoveLetter.L=VBS/LoveLetter.L VBS/LoveLetter.N=VBS/LoveLetter.N VBS/LoveLetter.P=VBS/LoveLetter.P VBS/LoveLetter.Q=VBS/LoveLetter.Q VBS/LoveLetter.S=VBS/LoveLetter.S VBS/LoveLetter.T=VBS/LoveLetter.T VBS/LoveLetter.U=VBS/LoveLetter.U VBS/LoveLetter.V=VBS/LoveLetter.V VBS/LoveLetter.W=VBS/LoveLetter.W W32/FunLove=Win32_FLC, Win32.FLC, FLCSS [VirusFamilies] F23=STATOR F21=REEEZAK F20=UPDATER F19=GONER F18=HAPPY F17=QAZ F16=MSINIT F15=BADTRANS F14=KLEZ F13=VOTE F12=NIMDA F11=SIRCAM F07=FUNLOVE F09=ANNA KOURNIKOVA F03=COOL NOTEPAD F10=HELP F00=I LOVE YOU F01=KAK WORM F04=MATRIX F06=NAVIDAD F08=PRETTY PARK F02=SHELL SCRAP F05=VERONA [F23.Family] Name=STATOR FileName= [F22.Family] Name=BADTRANS@MM FileName= [F21.Family] Name=REEEZAK FileName= [F20.Family] Name=UPDATER FileName= [F19.Family] Name=GONER FileName= [F18.Family] Name=HAPPY FileName= [F17.Family] Name=QAZ FileName= [F16.Family] Name=MSINIT FileName= [F15.Family] Name=BADTRANS FileName= [F14.Family] Name=KLEZ FileName= [F13.Family] Name=VOTE FileName= [F12.Family] Name=NIMDA FileName= [F11.Family] Name=SIRCAM FileName= [F10.Family] Name=HELP FileName= [F09.Family] Name=ANNA KOURNIKOVA FileName= [F08.Family] Name=PRETTY PARK FileName= [F00.Family] Name=I LOVE YOU FileName= [F01.Family] Name=KAK WORM FileName=KAK [F02.Family] Name=SHELL SCRAP FileName=SHELL [F03.Family] Name=COOL NOTEPAD FileName= [F04.Family] Name=MTX FileName= [F05.Family] Name=VERONA FileName= [F06.Family] Name=NAVIDAD FileName= [F07.Family] Name=FUNLOVE FileName= [W32/Stator.Info] Family=F23 Detect=Stator Clear=Stator Aliases=Stator Ids=56530,59493,59627,61025,61120,59471 LaunchPAV=1,/clv /aut /loc /nos /ext:exe;com LaunchPAV32=1,/clv /aut /loc /nos /ext:exe;com [W32/Reeezak.A.Info] Family=F21 Detect=W32/Reeezak.A Clear=W32/Reeezak.A Aliases=Keyluc,W32/Zacker.C,W32/Maldal.C@mm Ids=59897 LaunchPAV=1,/clv /aut /nbr /loc /nos /ext:exe LaunchPAV32=1,/clv /aut /nbr /loc /nos /ext:exe [W32/Updater.Info] Family=F20 Detect=W32/Updater Clear=W32/Updater Aliases=W32/Updater Ids=60086 LaunchPAV=1,/clv /aut /nbr /loc /nos /ext:exe;vbs LaunchPAV32=1,/clv /aut /nbr /loc /nos /ext:exe;vbs [W32/Goner.A.Info] Family=F19 Detect=W32/Goner.A Clear=W32/Goner.A Aliases=W32/Goner.A@mm Ids=59868 LaunchPAV=1,/clv /aut /nbr /loc /nos /ext:scr LaunchPAV32=1,/clv /aut /nbr /loc /nos /ext:scr [I-Worm/Happy.Info] Family=F18 Detect=I-Worm/Happy Clear=I-Worm/Happy Aliases=W32/Ska Ids=24129 LaunchPAV=1,/clv /aut /nbr /loc /nos /ext:exe;ska;dll LaunchPAV32=1,/clv /aut /nbr /loc /nos /ext:exe;ska;dll [W32/Qaz.Info] Family=F17 Detect=W32/Qaz Clear=W32/Qaz Aliases=Trojan/Notepad Ids=55307 LaunchPAV=1,/clv /aut /nbr /loc /nos /ext:exe LaunchPAV32=1,/clv /aut /nbr /loc /nos /ext:exe [W32/MSInit.A.Info] Family=F16 Detect=W32/MSInit.A Clear=W32/MSInit.A Aliases=Worm/Dnet_Winit Ids=55309,59719 LaunchPAV=1,/clv /aut /nbr /loc /nos /ext:exe LaunchPAV32=1,/clv /aut /nbr /loc /nos /ext:exe [W32/Badtrans.Info] Family=F15 Detect=W32/Badtrans Clear=W32/Badtrans Aliases=W32/Badtrans.B,W32/Badtrans@MM Ids=59851,57861,57862,59162,59412 LaunchPAV=1,/clv /aut /nbr /loc /nos /ext:exe;pif;scr;dll LaunchPAV32=1,/clv /aut /nbr /loc /nos /ext:exe;pif;scr;dll [W32/Klez.Info] Family=F14 Detect=W32/Klez Clear=W32/Klez Aliases=W32/Klez Ids=58972,60202,60355 LaunchPAV=1,/clv /aut /nbr /loc /nos /aex /del /delp /cmp LaunchPAV32=1,/clv /aut /nbr /loc /nos /aex /del /delp /cmp LaunchAtRunOnce=1,/selfdel /auto:clear /nopav [W32/Vote.Info] Family=F13 Detect=W32/Vote Clear=W32/Vote Aliases=W32/Vote,VOTE Ids=58507,59595,59596,59597 LaunchPAV=1,/clv /aut /nbr /loc /nos /ext:vbs;exe LaunchPAV32=1,/clv /aut /nbr /loc /nos /ext:vbs;exe [W32/Nimda.Info] Family=F12 Detect=W32/Nimda Clear=W32/Nimda Aliases=W32/Nimda.A@mm,Nimda,W32/Nimda.D,W32/Nimda.E Ids=58707,58941 LaunchPAV=1,/loc /nbr /clv /del /nos /aut /cmp /ext:dll;exe;tmp;doc;dot;eml;nws;asp;htm;html;vir;; LaunchPAV32=1,/loc /nbr /clv /del /nos /aut /cmp /ext:dll;exe;tmp;doc;dot;eml;nws;asp;htm;html;vir;; [VBS/SST.A.Info] Family=F09 Detect=VBS/SST.A Clear=VBS/SST.A Aliases=VBS/SST.A,I-Worm/Lee.O Ids=15400 LaunchPAV=1,/clv /aut /nbr /loc /nos /ext:vbs;ini LaunchPAV32=1,/clv /aut /nbr /loc /nos /ext:vbs;ini [W32/PrettyPark.Info] Family=F08 Detect=W32/PrettyPark Clear=W32/PrettyPark Aliases=W32/ExploreZip.Worm.Pack,Wrom.ExploreZip Ids=55018,28008 LaunchPAV=1,/clv /aut /nbr /loc /nos /ext:exe;vxd LaunchPAV32=1,/clv /aut /nbr /loc /nos /ext:exe;vxd [I-Worm/MTX.Info] Family=F04 Detect=I-Worm/MTX Clear=I-Worm/MTX Aliases=I-Worm/MTX Ids=28889,51714,55212 LaunchPAV=1,/mtx /clv /aut /aex /nbr /loc /nos LaunchPAV32=1,/mtx /clv /aut /aex /nbr /loc /nos [VBS/CoolNotepad.Worm.Info] Family=F03 Detect=VBS/CoolNotepad.Worm Clear=VBS/CoolNotepad.Worm Aliases=VBS/CoolNotepad.Worm Ids=51328 LaunchPAV=1,/clv /aut /nbr /loc /nos /ext:vbs;ini LaunchPAV32=1,/clv /aut /nbr /loc /nos /ext:vbs;ini [VBS/LoveLetter.AS.Info] Family=F00 Detect=VBS/LoveLetter.AS Clear=VBS/LoveLetter.AS Aliases=VBS/LoveLetter.AS Ids=55101 [JS/Kak.Worm.Info] Family=F01 Detect=JS/Kak.Worm Clear=JS/Kak.Worm Aliases=VBS.KakWorm, Kagou-Anti-Frosoft, Wsript.Kak.A Ids=31932 LaunchPAV=1,/clv /aut /nbr /loc /nos /ext:htm;html;hta;reg;bat;kak LaunchPAV32=1,/clv /aut /nbr /loc /nos /ext:htm;html;hta;reg;bat;kak [JS/Kak.Worm.B.Info] Family=F01 Detect=JS/Kak.Worm.B Clear=JS/Kak.Worm.B Aliases=VBS.KakWorm.B, Wsript.Kak.B, Days Ids=24215 LaunchPAV=1,/clv /aut /nbr /loc /nos /ext:htm;html;hta;reg;bat;kak LaunchPAV32=1,/clv /aut /nbr /loc /nos /ext:htm;html;hta;reg;bat;kak [VBS/ShellScrap.Worm.Info] Family=F02 Detect=VBS/ShellScrap.Worm Clear=VBS/ShellScrap.Worm Aliases=VBS/ShellScrap.Worm, VBS/Live_Stages, VBS.Stages.Worm Ids=51542 LaunchPAV=1,/clv /aut /nbr /loc /nos /ext:shs;ini;exe;vbs LaunchPAV32=1,/clv /aut /nbr /loc /nos /ext:shs;ini;exe;vbs [VBS/LoveLetter.Info] Family=F00 Detect=VBS/LoveLetter Clear=VBS/LoveLetter Aliases=I LOVE YOU, Worm/LoveLetter, Barok Ids=51220,51221,51224,51225,51241 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos [VBS/LoveLetter.B.Info] Family=F00 Detect=VBS/LoveLetter Clear=VBS/LoveLetter Aliases=VBS/LoveLetter.B Ids=51238 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos [VBS/LoveLetter.C.Info] Family=F00 Detect=VBS/LoveLetter.C Clear=VBS/LoveLetter.C Aliases=Very Funny Ids=51239 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos [VBS/LoveLetter.D.Info] Family=F00 Detect=VBS/LoveLetter.D Clear=VBS/LoveLetter.D Aliases=VBS/Mothersday, WORM/LoveLetter.D Ids=51240 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos [VBS/LoveLetter.E.Info] Family=F00 Detect=VBS/LoveLetter.E Clear=VBS/LoveLetter.E Aliases=WORM/LoveLetter.E Ids=51236 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos [VBS/LoveLetter.F.Info] Family=F00 Detect=VBS/LoveLetter.F Clear=VBS/LoveLetter.F Aliases=WORM/LoveLetter.F Ids=51248 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos [VBS/LoveLetter.G.Info] Family=F00 Detect=VBS/LoveLetter.G Clear=VBS/LoveLetter.G Aliases=WORM/LoveLetter.G Ids=51246 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos [VBS/LoveLetter.H.Info] Family=F00 Detect=VBS/LoveLetter Clear=VBS/LoveLetter Aliases=WORM/LoveLetter.H Ids=51253 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos [VBS/LoveLetter.I.Info] Family=F00 Detect=VBS/LoveLetter.I Clear=VBS/LoveLetter.I Aliases=WORM/LoveLetter.I Ids=51254,51256 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos [VBS/LoveLetter.J.Info] Family=F00 Detect=VBS/LoveLetter.J Clear=VBS/LoveLetter.J Aliases=WORM/LoveLetter.J Ids=51260 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos [VBS/LoveLetter.K.Info] Family=F00 Detect=VBS/LoveLetter.K Clear=VBS/LoveLetter.K Aliases=WORM/LoveLetter.K Ids=51262 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos [VBS/LoveLetter.L.Info] Family=F00 Detect=VBS/LoveLetter.L Clear=VBS/LoveLetter.L Aliases=WORM/LoveLetter.L Ids=51257 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos [VBS/LoveLetter.M.Info] Family=F00 Detect=VBS/LoveLetter Clear=VBS/LoveLetter Aliases=WORM/LoveLetter.M Ids=51220 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos [VBS/LoveLetter.N.Info] Family=F00 Detect=VBS/LoveLetter.N Clear=VBS/LoveLetter.N Aliases=WORM/LoveLetter.N Ids=51267 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos [VBS/LoveLetter.O.Info] Family=F00 Detect=VBS/LoveLetter Clear=VBS/LoveLetter Aliases=WORM/LoveLetter.O Ids=51269 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos [VBS/LoveLetter.P.Info] Family=F00 Detect=VBS/LoveLetter.P Clear=VBS/LoveLetter.P Aliases=WORM/LoveLetter.P Ids=51272 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos [VBS/LoveLetter.Q.Info] Family=F00 Detect=VBS/LoveLetter.Q Clear=VBS/LoveLetter.Q Aliases=WORM/LoveLetter.Q Ids=51273 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos [VBS/LoveLetter.R.Info] Family=F00 Detect=VBS/LoveLetter.G Clear=VBS/LoveLetter.G Aliases=WORM/LoveLetter.R Ids=51275 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos [VBS/LoveLetter.S.Info] Family=F00 Detect=VBS/LoveLetter.S Clear=VBS/LoveLetter.S Aliases=WORM/LoveLetter.S Ids=51276 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos [VBS/LoveLetter.T.Info] Family=F00 Detect=VBS/LoveLetter.T Clear=VBS/LoveLetter.T Aliases=WORM/LoveLetter.T Ids=51278 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos [VBS/LoveLetter.U.Info] Family=F00 Detect=VBS/LoveLetter.U Clear=VBS/LoveLetter.U Aliases=WORM/LoveLetter.U Ids=51279 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos [VBS/LoveLetter.V.Info] Family=F00 Detect=VBS/LoveLetter.V Clear=VBS/LoveLetter.V Aliases=WORM/LoveLetter.V Ids=51281 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos [VBS/LoveLetter.W.Info] Family=F00 Detect=VBS/LoveLetter.W Clear=VBS/LoveLetter.W Aliases=WORM/LoveLetter.W Ids=51284 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos [VBS/LoveLetter.X.Info] Family=F00 Detect=VBS/LoveLetter Clear=VBS/LoveLetter Aliases=WORM/LoveLetter.X Ids=51291 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos [VBS/LoveLetter.Y.Info] Family=F00 Detect=VBS/LoveLetter Clear=VBS/LoveLetter Aliases=WORM/LoveLetter.Y Ids=51292 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos [VBS/LoveLetter.Z.Info] Family=F00 Detect=VBS/LoveLetter Clear=VBS/LoveLetter Aliases=WORM/LoveLetter.Z Ids=51303 LaunchPAV=1,/clv /aut /aex /nbr /loc /nos LaunchPAV32=1,/clv /aut /aex /nbr /loc /nos [I-Worm/Verona.B.Info] Family=F05 Detect=I-Worm/Verona.B Clear=I-Worm/Verona.B Aliases=I-Worm/Verona.B Ids=53486,54857,15353,15352 LaunchPAV=1,/clv /aut /nbr /loc /nos /ext:exe;chm LaunchPAV32=1,/clv /aut /nbr /loc /nos /ext:exe;chm [W32/Navidad.Info] Family=F06 Detect=W32/Navidad Clear=W32/Navidad Aliases=W32/Navidad Ids=55221 LaunchPAV=1,/clv /aut /nbr /loc /nos /ext:exe LaunchPAV32=1,/clv /aut /nbr /loc /nos /ext:exe [W32/Navidad.B.Info] Family=F06 Detect=W32/Navidad.B Clear=W32/Navidad.B Aliases=W32/Navidad.B Ids=54974 LaunchPAV=1,/clv /aut /nbr /loc /nos /ext:exe LaunchPAV32=1,/clv /aut /nbr /loc /nos /ext:exe [W32/FunLove.Info] Family=F07 Detect=W32/FunLove Clear=W32/FunLove Aliases=W32/FunLove Ids=55051,30807,52029,54554 LaunchPAV=1,/clv /aut /nbr /loc /nos /aex LaunchPAV32=1,/clv /aut /nbr /loc /nos /aex [W32/SirCam.Info] Family=F11 Detect=W32/SirCam Clear=W32/SirCam Aliases=W32/SirCam@mm Ids=56752 LaunchPAV=1,/clv /aut /nbr /loc /nos /ext:bat;com;lnk;pif;exe LaunchPAV32=1,/clv /aut /nbr /loc /nos /ext:bat;com;lnk;pif;exe [VBS/Help.Info] Family=F10 Detect=VBS/Help Clear=VBS/Help Aliases=VBS/HappyTime.A Ids=55405,24266 LaunchPAV=1,/clv /aut /nbr /loc /nos /ext:htm;html;vbs;asp;htt;hta LaunchPAV32=1,/clv /aut /nbr /loc /nos /ext:htm;html;vbs;asp;htt;hta [Stator.Detect] REGISTRY_FIND_TEXT_IN_VALUE=HKEY_CLASSES_ROOT,exefile\shell\open\command,"",loadpe.com,FALSE REGISTRY_EXISTS_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,ScanRegistry FILE_EXISTS_BY_PATH0=%SystemRoot%\LOADPE.COM FILE_EXISTS_BY_PATH1=%SystemRoot%\SCANREGW.EXE [W32/Reeezak.A.Detect] FILE_EXISTS_BY_PATH0=%WindowsRoot%\Christmas.exe PROC_EXISTS_BY_NAME0=Christmas.exe REGISTRY_EXISTS_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ZaCker REGISTRY_EXISTS_KEY_VALUE1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main\Start page,http://geocities.com/jobreee/ZaCker.htm [W32/Updater.Detect] FILE_EXISTS_BY_PATH0=%WindowsRoot%\Update.exe FILE_EXISTS_BY_PATH1=%StartUpRoot%\Update.vbs REGISTRY_EXISTS_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,Update [W32/Goner.A.Detect] FILE_EXISTS_BY_PATH0=%SystemRoot%\Gone.scr REGISTRY_EXISTS_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,%SystemRoot%\gone.scr [I-Worm/Happy.Detect] FILE_EXISTS_BY_PATH0=%SystemRoot%\Ska.exe FILE_EXISTS_BY_PATH1=%SystemRoot%\Ska.dll REGISTRY_EXISTS_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunOnce,SKA.EXE [W32/Qaz.Detect] FILE_EXISTS_BY_PATH0=%WindowsRoot%\Note.com REGISTRY_EXISTS_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,startIE [W32/MSInit.A.Detect] FILE_EXISTS_BY_PATH0=%SystemRoot%\WININIT.EXE REGISTRY_EXISTS_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,bymer.scanner REGISTRY_EXISTS_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,distributed.net.client [W32/Badtrans.Detect] PROC_EXISTS_BY_NAME0=KERNEL32.EXE FILE_EXISTS_BY_PATH0=%SystemRoot%\Kernel32.exe FILE_EXISTS_BY_PATH1=%SystemRoot%\Kdll.dll FILE_EXISTS_BY_PATH2=%SystemRoot%\KERN32.EXE FILE_EXISTS_BY_PATH3=%WindowsRoot%\INETD.EXE REGISTRY_EXISTS_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,Kernel32 [W32/Klez.Detect] SERVICE_EXISTS_BY_NAME0=WINSVC PROC_EXISTS_BY_NAME0=WINSVC.EXE FILE_EXISTS_BY_PATH0=%SystemRoot%\Winsvc.exe FILE_EXISTS_BY_PATH1=%SystemRoot%\Wqk.exe FILE_EXISTS_BY_PATH2=%SystemRoot%\Wqk.dll FILE_EXISTS_BY_PATH3=%SystemRoot%\Wink*.exe REGISTRY_EXISTS_KEY0=HKEY_LOCAL_MACHINE,SYSTEM\CurrentControlSet\Services\Wink* REGISTRY_EXISTS_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,WinSvc REGISTRY_EXISTS_KEY_VALUE1=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,WQK REGISTRY_FIND_TEXT_IN_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows,AppInit_DLLs,Wqk.dll,FALSE [W32/Vote.Detect] FILE_EXISTS_BY_PATH0=%SystemRoot%\Zacker.vbs FILE_EXISTS_BY_PATH1=%WindowsRoot%\MixDaLaL.vbs FILE_EXISTS_BY_PATH2=%WindowsRoot%\WTC.exe REGISTRY_EXISTS_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,Norton.Thar REGISTRY_COMPARE_KEY_VALUE0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,start Page,http://us.f1.yahoofs.com/users/da36d538/bc/TimeUpdate.exe?bcaVq97ATaW0yAxk FILE_FIND_TEXT0=%Root%\AUTOEXEC.BAT,"echo y | format C:",FALSE [W32/Nimda.Detect] FILE_FIND_TEXT0=%WindowsRoot%\SYSTEM.INI,"load.exe -dontrunold",FALSE FILE_EXISTS_BY_PATH0=%SystemRoot%\LOAD.EXE PROC_EXISTS_BY_NAME0=LOAD.EXE FILE_EXISTS_BY_PATH1=C:\ADMIN.DLL FILE_EXISTS_BY_PATH2=D:\ADMIN.DLL FILE_EXISTS_BY_PATH3=E:\ADMIN.DLL FILE_EXISTS_BY_PATH4=%WindowsRoot%\MMC.EXE FILE_EXISTS_BY_PATH5=C:\HTTPODBC.DLL FILE_EXISTS_BY_PATH6=D:\HTTPODBC.DLL FILE_EXISTS_BY_PATH7=E:\HTTPODBC.DLL FILE_EXISTS_BY_PATH8=%WindowsRoot%\CSRSS.EXE [W32/Navidad.Detect] FILE_EXISTS_BY_PATH1=%SystemRoot%\WINSVRC.VXD [W32/Navidad.B.Detect] FILE_EXISTS_BY_PATH0=%SystemRoot%\wintask.exe [W32/FunLove.Detect] PROC_EXISTS_BY_NAME0=FLCSS.EXE SERVICE_EXISTS_BY_NAME0=FLC FILE_EXISTS_BY_PATH0=%SystemRoot%\FLCSS.EXE REGISTRY_EXISTS_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,FLC [W32/PrettyPark.Detect] FILE_EXISTS_BY_PATH0=%SystemRoot%\FILES32.VXD [W32/SirCam.Detect] PROC_EXISTS_BY_NAME0=SIRC32.EXE PROC_EXISTS_BY_NAME1=SCAM32.EXE REGISTRY_EXISTS_KEY0=HKEY_LOCAL_MACHINE,SOFTWARE\SirCam REGISTRY_EXISTS_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices,Driver32 FILE_FIND_TEXT0=%Root%\AUTOEXEC.BAT,"@win \recycled\sirc32.exe",FALSE FILE_FIND_TEXT1=%WindowsRoot%\WIN.INI,"SirC32.exe="C:\SirC32.exe"",FALSE REGISTRY_FIND_TEXT_IN_VALUE0=HKEY_CLASSES_ROOT,"inffile\shell\Install\command","","RUN32.EXE",FALSE REGISTRY_FIND_TEXT_IN_VALUE1=HKEY_CLASSES_ROOT,"Unknown\shell\openas\command","","RUN32.EXE",FALSE [VBS/Help.Detect] REGISTRY_EXISTS_KEY0=HKEY_CURRENT_USER,SOFTWARE\Help [VBS/SST.A.Detect] REGISTRY_EXISTS_KEY0=HKEY_CURRENT_USER,Software\OnTheFly [I-Worm/MTX.Detect] REGISTRY_EXISTS_KEY0=HKEY_LOCAL_MACHINE,Software\[MATRIX] REGISTRY_EXISTS_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,SystemBackup PROC_EXISTS_BY_NAME0=MTX_.EXE [JS/Kak.Worm.Detect] REGISTRY_EXISTS_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,cAg0u FILE_EXISTS_BY_PATH0=%StartUpRoot%\KAK.HTA FILE_EXISTS_BY_PATH1=%Root%\AE.KAK [JS/Kak.Worm.B.Detect] REGISTRY_EXISTS_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,cDays FILE_EXISTS_BY_PATH0=%StartUpRoot%\DAY.HTA FILE_EXISTS_BY_PATH1=%WindowsRoot%\Help\DAYS.HTA FILE_EXISTS_BY_PATH2=%Root%\DAYS.DAY [VBS/ShellScrap.Worm.Detect] REGISTRY_EXISTS_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices,ScanReg FILE_EXISTS_BY_PATH0=%StartUpRoot%\LIFE_STAGES.TXT.SHS [VBS/CoolNotepad.Worm.Detect] REGISTRY_EXISTS_KEY_VALUE00=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,COOL_NOTEPAD_DEMO FILE_EXISTS_BY_PATH00=%SystemRoot%\COOL_NOTEPAD_DEMO.TXT.VBS [VBS/LoveLetter.AS.Detect] REGISTRY_EXISTS_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,LINUX32 REGISTRY_EXISTS_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,reload [VBS/LoveLetter.Detect] FILE_EXISTS_BY_PATH1=%SystemRoot%\LOVE-LETTER-FOR-YOU.HTM [VBS/LoveLetter.C.Detect] FILE_EXISTS_BY_PATH1=%SystemRoot%\VERY FUNNY.VBS [VBS/LoveLetter.D.Detect] FILE_EXISTS_BY_PATH1=%SystemRoot%\MOTHERSDAY.HTM [VBS/LoveLetter.E.Detect] REGISTRY_COMPARE_KEY_VALUE0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.hackers.com REGISTRY_COMPARE_KEY_VALUE1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.2600.com [VBS/LoveLetter.F.Detect] REGISTRY_COMPARE_KEY_VALUE0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skycable.tucows.com/files2/setup24.exe FILE_EXISTS_BY_PATH0=%SystemRoot%\SETUP24.EXE FILE_EXISTS_BY_PATH1=%SystemRoot%\URGENT_VIRUS_WARNING.HTM [VBS/LoveLetter.G.Detect] REGISTRY_COMPARE_KEY_VALUE0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://3doc.dailypussy.com/gallery/bunny.html REGISTRY_COMPARE_KEY_VALUE1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Search Page,http://astalavista.box.sk REGISTRY_COMPARE_KEY_VALUE2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Defaul_Page_URL,http://www.persiankitty.com REGISTRY_COMPARE_KEY_VALUE3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Default_Search_URL,http://www.thecrack.net REGISTRY_COMPARE_KEY_VALUE4=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Local Page,system\protect.htm REGISTRY_COMPARE_KEY_VALUE5=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Window Title,Mocro$oft Internet Exploder by Ommen⌐ FILE_EXISTS_BY_PATH0=%SystemRoot%\SETUP24.EXE FILE_EXISTS_BY_PATH1=%SystemRoot%\PROTECT.HTM FILE_EXISTS_BY_PATH2=%SystemRoot%\PROTECT.VBS [VBS/LoveLetter.I.Detect] REGISTRY_EXISTS_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,ESKernel32 REGISTRY_EXISTS_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,ES32DLL [VBS/LoveLetter.J.Detect] FILE_EXISTS_BY_PATH1=%SystemRoot%\VIRUS-PROTECTION-INSTRUCTIONS.HTM FILE_EXISTS_BY_PATH2=%SystemRoot%\VIRUS-PROTECTION-INSTRUCTIONS.VBS [VBS/LoveLetter.K.Detect] FILE_EXISTS_BY_PATH1=%SystemRoot%\NO-HATE-FOR-YOU.HTM [VBS/LoveLetter.L.Detect] FILE_EXISTS_BY_PATH1=%SystemRoot%\BEWERBUNG.HTM [VBS/LoveLetter.N.Detect] REGISTRY_EXISTS_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,SNDVOL32 REGISTRY_EXISTS_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,IEAKDLL [VBS/LoveLetter.P.Detect] FILE_EXISTS_BY_PATH0=%SystemRoot%\SETUP24.EXE FILE_EXISTS_BY_PATH1=%SystemRoot%\VIR-KILLER.HTM [VBS/LoveLetter.Q.Detect] REGISTRY_EXISTS_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MUSERS32.VBS REGISTRY_EXISTS_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,USER32DLL [VBS/LoveLetter.S.Detect] FILE_EXISTS_BY_PATH1=%SystemRoot%\KILLER.HTM [VBS/LoveLetter.T.Detect] FILE_EXISTS_BY_PATH1=%SystemRoot%\BAND-AID.DOC.VBS [VBS/LoveLetter.U.Detect] FILE_EXISTS_BY_PATH1=%SystemRoot%\MAJOR BUG & VIRUS FIX.HTM [VBS/LoveLetter.V.Detect] FILE_EXISTS_BY_PATH1=%SystemRoot%\UOL.HTM [VBS/LoveLetter.W.Detect] FILE_EXISTS_BY_PATH1=%SystemRoot%\BUG AND VIRUS FIX.HTM [I-Worm/Verona.B.Detect] FILE_EXISTS_BY_PATH0=%WindowsRoot%\Sysrnj.exe REGISTRY_COMPARE_KEY_VALUE0=HKEY_CLASSES_ROOT,rnjfile\shell\open\command,,sysrnj.exe "%1" %* REGISTRY_COMPARE_KEY_VALUE1=HKEY_CLASSES_ROOT,.arj,,rnjfile REGISTRY_COMPARE_KEY_VALUE2=HKEY_CLASSES_ROOT,.avi,,rnjfile REGISTRY_COMPARE_KEY_VALUE3=HKEY_CLASSES_ROOT,.bmp,,rnjfile REGISTRY_COMPARE_KEY_VALUE4=HKEY_CLASSES_ROOT,.doc,,rnjfile REGISTRY_COMPARE_KEY_VALUE5=HKEY_CLASSES_ROOT,.exe,,rnjfile REGISTRY_COMPARE_KEY_VALUE6=HKEY_CLASSES_ROOT,.gif,,rnjfile REGISTRY_COMPARE_KEY_VALUE7=HKEY_CLASSES_ROOT,.jpe,,rnjfile REGISTRY_COMPARE_KEY_VALUE8=HKEY_CLASSES_ROOT,.jpeg,,rnjfile REGISTRY_COMPARE_KEY_VALUE9=HKEY_CLASSES_ROOT,.jpg,,rnjfile REGISTRY_COMPARE_KEY_VALUE10=HKEY_CLASSES_ROOT,.lha,,rnjfile REGISTRY_COMPARE_KEY_VALUE11=HKEY_CLASSES_ROOT,.mp2,,rnjfile REGISTRY_COMPARE_KEY_VALUE12=HKEY_CLASSES_ROOT,.mp3,,rnjfile REGISTRY_COMPARE_KEY_VALUE13=HKEY_CLASSES_ROOT,.mpeg,,rnjfile REGISTRY_COMPARE_KEY_VALUE14=HKEY_CLASSES_ROOT,.mpg,,rnjfile REGISTRY_COMPARE_KEY_VALUE15=HKEY_CLASSES_ROOT,.rar,,rnjfile REGISTRY_COMPARE_KEY_VALUE16=HKEY_CLASSES_ROOT,.reg,,rnjfile REGISTRY_COMPARE_KEY_VALUE17=HKEY_CLASSES_ROOT,.vqf,,rnjfile REGISTRY_COMPARE_KEY_VALUE18=HKEY_CLASSES_ROOT,.wma,,rnjfile REGISTRY_COMPARE_KEY_VALUE19=HKEY_CLASSES_ROOT,.wmf,,rnjfile REGISTRY_COMPARE_KEY_VALUE20=HKEY_CLASSES_ROOT,.wmv,,rnjfile REGISTRY_COMPARE_KEY_VALUE21=HKEY_CLASSES_ROOT,.xls,,rnjfile REGISTRY_COMPARE_KEY_VALUE22=HKEY_CLASSES_ROOT,.zip,,rnjfile [Stator.Clear] REGISTRY_SET_KEY_VALUE0=HKEY_CLASSES_ROOT,exefile\shell\open\command,"",""%1" %*" REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,ScanRegistry FILE_DELETE_BY_PATH0=%SystemRoot%\LOADPE.COM FILE_DELETE_BY_PATH1=%SystemRoot%\SCANREGW.EXE DLL_EXEC_FUNCTION_VOID0=QRVKRN.DLL,QRVAUX_ClearW32Stator [W32/Reeezak.A.Clear] PROC_TERMINATE_BY_NAME0=Christmas.exe FILE_DELETE_BY_PATH0=%WindowsRoot%\Christmas.exe REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ZaCker REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start page,http://geocities.com/jobreee/ZaCker.htm,http://www.pandasoftware.com [W32/Updater.Clear] FILE_DELETE_BY_PATH0=%WindowsRoot%\Update.exe FILE_DELETE_BY_PATH1=%StartUpRoot%\Update.vbs REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,Update [W32/Goner.A.Clear] FILE_DELETE_BY_PATH0=%SystemRoot%\Gone.scr REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,%SystemRoot%\gone.scr [I-Worm/Happy.Clear] FILE_DELETE_BY_PATH0=%SystemRoot%\Ska.exe FILE_DELETE_BY_PATH1=%SystemRoot%\Ska.dll FILE_DELETE_BY_PATH2=%SystemRoot%\Liste.ska REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunOnce,SKA.EXE FILE_MOVE_BY_PATH_TO_PATH0=%SystemRoot%\WSOCK32.SKA,%SystemRoot%\Wsock32.dll [W32/Qaz.Clear] REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,startIE FILE_MOVE_BY_PATH_TO_PATH0=%WindowsRoot%\Note.com,%WindowsRoot%\Notepad.exe [W32/MSInit.A.Clear] FILE_DELETE_BY_PATH0=%SystemRoot%\WININIT.EXE REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,bymer.scanner REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,distributed.net.client INI_SET_KEY_VALUE0=%WindowsRoot%\WIN.INI,windows,load,"" [W32/Badtrans.Clear] PROC_TERMINATE_BY_NAME0=Kernel32.EXE FILE_DELETE_BY_PATH0=%SystemRoot%\Kernel32.exe FILE_DELETE_BY_PATH1=%SystemRoot%\Kdll.dll FILE_DELETE_BY_PATH2=%SystemRoot%\KERN32.EXE FILE_DELETE_BY_PATH3=%WindowsRoot%\INETD.EXE FILE_REPLACE_TEXT1=%WindowsRoot%\WIN.INI,"\INETD.EXE","",FALSE REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,Kernel32 REGISTRY_NULL_KEY_VALUE0=HKEY_CURRENT_USER,Software\Microsoft\Windows NT\CurrentVersion\Windows,Run [W32/Klez.Clear] PROC_TERMINATE_BY_NAME0=WINSVC.EXE SERVICE_DELETE_BY_NAME0=WINSVC SERVICE_DELETE_BY_NAME1=WINK* FILE_DELETE_BY_PATH0=%SystemRoot%\Winsvc.exe FILE_DELETE_BY_PATH1=%SystemRoot%\Wqk.exe FILE_DELETE_BY_PATH2=%SystemRoot%\Wqk.dll FILE_DELETE_BY_PATH3=%SystemRoot%\Wink*.exe FILE_DELETE_BY_PATH4=%TempRoot%\k*.EXE PATH_MAKE_BY_PATH0=%SystemRoot%\Winsvc.exe,1,HSR PATH_MAKE_BY_PATH1=%SystemRoot%\Wqk.exe,1,HSR PATH_MAKE_BY_PATH2=%SystemRoot%\Wqk.dll,1,HSR FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,Wink REGISTRY_DELETE_KEY0=HKEY_LOCAL_MACHINE,System\CurrentControlSet\Services\Wink* REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,WinSvc REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,WQK REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,Wink REGISTRY_REPLACE_TEXT_IN_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows,AppInit_DLLs,"Wqk.dll","",FALSE [VBS/SST.A.Clear] REGISTRY_DELETE_KEY0=HKEY_CURRENT_USER,Software\OnTheFly PROC_TERMINATE_BY_NAME0=WSCRIPT.EXE FILE_DELETE_BY_PATH0=%WindowsRoot%\AnnaKournikova.jpg.vbs [I-Worm/MTX.Clear] PROC_TERMINATE_BY_NAME0=MTX_.EXE FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,SystemBackup REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,SystemBackup REGISTRY_DELETE_KEY0=HKEY_LOCAL_MACHINE,Software\[MATRIX] FILE_DELETE_BY_PATH0=%WindowsRoot%\WIN32.DLL FILE_DELETE_BY_PATH1=%WindowsRoot%\IE_PACK.EXE FILE_DELETE_BY_PATH2=%WindowsRoot%\MTX_.EXE FILE_DELETE_BY_PATH3=%SystemRoot%\WSOCK32.MTX FILE_COPY_BY_PATH_TO_PATH0=%SystemRoot%\WSOCK32.DLL,%SystemRoot%\WSOCK32.MTX [JS/Kak.Worm.Clear] OUTLOOKEXPRESS_DELETE_SIGNATURES_IF_CONTAIN_TEXT_BY_VAR0=KAK_A FILE_DELETE_BY_PATH0=%StartUpRoot%\KAK.HTA FILE_DELETE_BY_PATH1=%WindowsRoot%\KAK.HTM FILE_DELETE_BY_PATH2=%WindowsRoot%\KAK.REG FILE_MOVE_BY_PATH_TO_PATH0=%Root%\AE.KAK,%Root%\AUTOEXEC.BAT FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,cAg0u REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,cAg0u [JS/Kak.Worm.B.Clear] OUTLOOKEXPRESS_DELETE_SIGNATURES_IF_CONTAIN_TEXT_BY_VAR0=KAK_B FILE_DELETE_BY_PATH0=%StartUpRoot%\DAY.HTA FILE_DELETE_BY_PATH1=%WindowsRoot%\COMMAND\DEFAULT.HTM FILE_DELETE_BY_PATH2=%WindowsRoot%\DAY.REG FILE_DELETE_BY_PATH3=%WindowsRoot%\Help\DAYS.HTA FILE_MOVE_BY_PATH_TO_PATH0=%Root%\DAYS.DAY,%Root%\AUTOEXEC.BAT FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,cDays REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,cDays [VBS/ShellScrap.Worm.Clear] FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_USERS,.DEFAULT\SOFTWARE\Mirabilis\ICQ\Agent\Apps\ICQ,Parameters REGISTRY_SET_KEY_VALUE_WITH_FORMAT_STRING_PATH_PARAMETER0=HKEY_LOCAL_MACHINE,Software\CLASSES\regfile\DefaultIcon,"","%s,1",%WindowsRoot%\REGEDIT.EXE REGISTRY_SET_KEY_VALUE_WITH_FORMAT_STRING_PATH_PARAMETER1=HKEY_LOCAL_MACHINE,Software\CLASSES\regfile\shell\open\command,"","%s "%1"",%WindowsRoot%\REGEDIT.EXE REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices,ScanReg REGISTRY_DELETE_KEY_VALUE1=HKEY_USERS,.DEFAULT\SOFTWARE\Mirabilis\ICQ\Agent\Apps\ICQ,Parameters REGISTRY_DELETE_KEY_VALUE2=HKEY_CLASSES_ROOT,ShellScrap,AlwaysShowExt REGISTRY_SET_KEY_VALUE0=HKEY_CLASSES_ROOT,ShellScrap,NeverShowExt, FILE_MOVE_BY_PATH_TO_PATH0=%RecycledRoot%\RECYCLED.VXD,%WindowsRoot%\REGEDIT.EXE FILE_DELETE_BY_PATH0=%SystemRoot%\MSINFO16.TLB FILE_DELETE_BY_PATH1=%WindowsRoot%\MSINFO16.TLB FILE_DELETE_BY_PATH2=%SystemRoot%\SCANREG.VBS FILE_DELETE_BY_PATH3=%SystemRoot%\VBASET.OLB FILE_DELETE_BY_PATH4=%RecycledRoot%\DBINDEX.VBS FILE_DELETE_BY_PATH5=%RecycledRoot%\MSRCYCLD.DAT FILE_DELETE_BY_PATH6=%RecycledRoot%\RCYCLDBN.DAT FILE_DELETE_BY_PATH7=%WindowsRoot%\LIFE_STAGES.TXT.SHS FILE_DELETE_BY_PATH8=%StartUpRoot%\LIFE_STAGES.TXT.SHS FILE_DELETE_BY_PATH9=%MyDocumentsRoot%\IMPORTANT*.SHS FILE_DELETE_BY_PATH10=%MyDocumentsRoot%\SECRET*.SHS FILE_DELETE_BY_PATH11=%MyDocumentsRoot%\UNKNOWN*.SHS FILE_DELETE_BY_PATH12=%MyDocumentsRoot%\REPORT*.SHS FILE_DELETE_BY_PATH18=%MyDocumentsRoot%\INFO*.SHS FILE_DELETE_BY_PATH13=%Root%\IMPORTANT*.SHS FILE_DELETE_BY_PATH14=%Root%\SECRET*.SHS FILE_DELETE_BY_PATH15=%Root%\UNKNOWN*.SHS FILE_DELETE_BY_PATH16=%Root%\REPORT*.SHS FILE_DELETE_BY_PATH17=%Root%\INFO*.SHS FILE_DELETE_BY_PATH19=%ProgramsRoot%\IMPORTANT*.SHS FILE_DELETE_BY_PATH20=%ProgramsRoot%\SECRET*.SHS FILE_DELETE_BY_PATH21=%ProgramsRoot%\UNKNOWN*.SHS FILE_DELETE_BY_PATH22=%ProgramsRoot%\REPORT*.SHS FILE_DELETE_BY_PATH23=%ProgramsRoot%\INFO*.SHS FILE_DELETE_BY_PATH24=%StartUpRoot%\LIFE_STAGES.TXT.SHS [VBS/CoolNotepad.Worm.Clear] FILE_DELETE_BY_REGISTRY_KEY_VALUE00=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,COOL_NOTEPAD_DEMO REGISTRY_DELETE_KEY_VALUE00=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,COOL_NOTEPAD_DEMO REGISTRY_SET_KEY_VALUE_WITH_TYPE00=DWORD,HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoDesktop,0,0 FILE_DELETE_BY_PATH0=%SystemRoot%\COOL_NOTEPAD_DEMO.TXT.VBS [VBS/LoveLetter.AS.Clear] FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,LINUX32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,reload REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,LINUX32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,reload REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://members.fortunecity.com/plancolombia/macromedia32.zip,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://members.fortunecity.com/plancolombia/linux321.zip,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://members.fortunecity.com/plancolombia/linux322.zip,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\US-PRESIDENT-AND-FBI-SECRETS.HTM [VBS/LoveLetter.Clear] PROC_TERMINATE_BY_NAME0=WINFAT32.EXE FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\LOVE-LETTER-FOR-YOU.HTM FILE_DELETE_BY_PATH2=%SystemRoot%\LOVE-LETTER-FOR-YOU.TXT.VBS [VBS/LoveLetter.C.Clear] PROC_TERMINATE_BY_NAME0=WINFAT32.EXE FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\VERY FUNNY.VBS FILE_DELETE_BY_PATH2=%SystemRoot%\VERY FUNNY.HTM [VBS/LoveLetter.D.Clear] PROC_TERMINATE_BY_NAME0=WINFAT32.EXE FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\MOTHERSDAY.VBS FILE_DELETE_BY_PATH2=%SystemRoot%\MOTHERSDAY.HTM [VBS/LoveLetter.E.Clear] PROC_TERMINATE_BY_NAME0=WINFAT32.EXE FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WinFAT32 REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WinFAT32 REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.hackers.com,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.2600.com,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\MOTHERSDAY.VBS FILE_DELETE_BY_PATH2=%SystemRoot%\MOTHERSDAY.HTM [VBS/LoveLetter.F.Clear] FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skycable.tucows.com/files2/setup24.exe,http://www.pandasoftware.com FILE_DELETE_BY_PATH2=%SystemRoot%\URGENT_VIRUS_WARNING.HTM [VBS/LoveLetter.G.Clear] FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://3doc.dailypussy.com/gallery/bunny.html,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Search Page,http://astalavista.box.sk,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Defaul_Page_URL,http://www.persiankitty.com,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Default_Search_URL,http://www.thecrack.net,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL4=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Local Page,system\protect.htm,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL5=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Window Title,Mocro$oft Internet Exploder by Ommen⌐,Microsoft Internet Explorer FILE_DELETE_BY_PATH0=%SystemRoot%\SETUP24.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\PROTECT.HTM FILE_DELETE_BY_PATH2=%SystemRoot%\PROTECT.VBS [VBS/LoveLetter.I.Clear] PROC_TERMINATE_BY_NAME0=WINFAT32.EXE FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,ESKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,ES32DLL ILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,ESKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,ES32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\IMPORTANT.HTM FILE_DELETE_BY_PATH2=%SystemRoot%\IMPORTANT.TXT.VBS [VBS/LoveLetter.J.Clear] PROC_TERMINATE_BY_NAME0=WINFAT32.EXE FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\VIRUS-PROTECTION-INSTRUCTIONS.HTM FILE_DELETE_BY_PATH2=%SystemRoot%\VIRUS-PROTECTION-INSTRUCTIONS.VBS [VBS/LoveLetter.K.Clear] PROC_TERMINATE_BY_NAME0=WINFAT32.EXE FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\NO-HATE-FOR-YOU.HTM [VBS/LoveLetter.L.Clear] PROC_TERMINATE_BY_NAME0=WINFAT32.EXE FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\BEWERBUNG.HTM FILE_DELETE_BY_PATH2=%SystemRoot%\BEWERBUNG.TXT.VBS [VBS/LoveLetter.N.Clear] PROC_TERMINATE_BY_NAME0=WINFAT32.EXE FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,SNDVOL32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,IEAKDLL FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,SNDVOL32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,IEAKDLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.astalavista.box.sk,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\IMPORTANT.HTM FILE_DELETE_BY_PATH2=%SystemRoot%\IMPORTANT.TXT.VBS [VBS/LoveLetter.P.Clear] FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.yahoo.com/Vir-Killer.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.msn.com/Vir-Killer.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.Hotmail.com/Vir-Killer.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.Aol.com/Vir-Killer.exe,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\SETUP24.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\VIR-KILLER.HTM FILE_DELETE_BY_PATH2=%SystemRoot%\VIR-KILLER.VBS [VBS/LoveLetter.Q.Clear] PROC_TERMINATE_BY_NAME0=WINFAT32.EXE FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MUSERS32.VBS FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,USER32DLL FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MUSERS32.VBS REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,USER32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\LOOK.HTM FILE_DELETE_BY_PATH2=%SystemRoot%\LOOK.VBS [VBS/LoveLetter.S.Clear] PROC_TERMINATE_BY_NAME0=WINFAT32.EXE FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\KILLER.HTM FILE_DELETE_BY_PATH2=%SystemRoot%\KILLEMALL.TXT.VBS [VBS/LoveLetter.T.Clear] PROC_TERMINATE_BY_NAME0=WINFAT32.EXE FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.2600.com,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\BAND-AID.DOC.VBS [VBS/LoveLetter.U.Clear] PROC_TERMINATE_BY_NAME0=WINFAT32.EXE FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL1=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL2=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe,http://www.pandasoftware.com REGISTRY_SET_KEY_VALUE_IF_EQUAL3=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\MAJOR BUG & VIRUS FIX.HTM [VBS/LoveLetter.V.Clear] PROC_TERMINATE_BY_NAME0=WINFAT32.EXE FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.uol.com.br/,http://www.pandasoftware.com FILE_DELETE_BY_PATH0=%SystemRoot%\WINFAT32.EXE FILE_DELETE_BY_PATH1=%SystemRoot%\UOL.HTM FILE_DELETE_BY_PATH2=%SystemRoot%\UOL.TXT.VBS [VBS/LoveLetter.W.Clear] FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 FILE_DELETE_BY_REGISTRY_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL FILE_DELETE_BY_REGISTRY_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,MSKernel32 REGISTRY_DELETE_KEY_VALUE1=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\RunServices,Win32DLL REGISTRY_DELETE_KEY_VALUE2=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,WIN-BUGSFIX REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://www.2600.com,http://www.pandasoftware.com FILE_DELETE_BY_PATH1=%SystemRoot%\BUG AND VIRUS FIX.HTM FILE_DELETE_BY_PATH2=%SystemRoot%\BUG AND VIRUS FIX.TXT.VBS [I-Worm/Verona.B.Clear] FILE_DELETE_BY_PATH0=%WindowsRoot%\Sysrnj.exe REGISTRY_SET_KEY_VALUE0=HKEY_CLASSES_ROOT,.arj,, REGISTRY_SET_KEY_VALUE1=HKEY_CLASSES_ROOT,.avi,,avifile REGISTRY_SET_KEY_VALUE2=HKEY_CLASSES_ROOT,.bmp,,Paint.Picture REGISTRY_SET_KEY_VALUE3=HKEY_CLASSES_ROOT,.doc,, REGISTRY_SET_KEY_VALUE4=HKEY_CLASSES_ROOT,.exe,,exefile REGISTRY_SET_KEY_VALUE5=HKEY_CLASSES_ROOT,.gif,,giffile REGISTRY_SET_KEY_VALUE6=HKEY_CLASSES_ROOT,.jpe,,jpegfile REGISTRY_SET_KEY_VALUE7=HKEY_CLASSES_ROOT,.jpeg,,jpegfile REGISTRY_SET_KEY_VALUE8=HKEY_CLASSES_ROOT,.jpg,,jpegfile REGISTRY_SET_KEY_VALUE9=HKEY_CLASSES_ROOT,.lha,, REGISTRY_SET_KEY_VALUE10=HKEY_CLASSES_ROOT,.mp2,,mpegfile REGISTRY_SET_KEY_VALUE11=HKEY_CLASSES_ROOT,.mp3,,mp3file REGISTRY_SET_KEY_VALUE12=HKEY_CLASSES_ROOT,.mpeg,,mpegfile REGISTRY_SET_KEY_VALUE13=HKEY_CLASSES_ROOT,.mpg,,mpegfile REGISTRY_SET_KEY_VALUE14=HKEY_CLASSES_ROOT,.rar,, REGISTRY_SET_KEY_VALUE15=HKEY_CLASSES_ROOT,.reg,,regfile REGISTRY_SET_KEY_VALUE16=HKEY_CLASSES_ROOT,.vqf,, REGISTRY_SET_KEY_VALUE17=HKEY_CLASSES_ROOT,.wma,,WMAfile REGISTRY_SET_KEY_VALUE18=HKEY_CLASSES_ROOT,.wmf,,WMF_auto_file REGISTRY_SET_KEY_VALUE19=HKEY_CLASSES_ROOT,.wmv,,WMVFile REGISTRY_SET_KEY_VALUE20=HKEY_CLASSES_ROOT,.xls,, REGISTRY_SET_KEY_VALUE21=HKEY_CLASSES_ROOT,.zip,, REGISTRY_DELETE_KEY0=HKEY_CLASSES_ROOT,rnjfile\DefaultIcon REGISTRY_DELETE_KEY1=HKEY_CLASSES_ROOT,rnjfile\shell\open\command REGISTRY_DELETE_KEY2=HKEY_CLASSES_ROOT,rnjfile\shell\open REGISTRY_DELETE_KEY3=HKEY_CLASSES_ROOT,rnjfile\shell\ REGISTRY_DELETE_KEY4=HKEY_CLASSES_ROOT,rnjfile [W32/Navidad.Clear] REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,Win32BaseServiceMOD REGISTRY_SET_KEY_VALUE0=HKEY_CLASSES_ROOT,exefile\shell\open\command,"",""%1" %*" FILE_DELETE_BY_PATH1=%SystemRoot%\WINSVRC.VXD PROC_TERMINATE_BY_NAME0=NAVIDAD.EXE [W32/Navidad.B.Clear] REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,Win32BaseServiceMOD REGISTRY_SET_KEY_VALUE0=HKEY_CLASSES_ROOT,exefile\shell\open\command,"",""%1" %*" PROC_TERMINATE_BY_NAME0=WINTASK.EXE PROC_TERMINATE_BY_NAME1=EMANUEL.EXE FILE_DELETE_BY_PATH0=%SystemRoot%\wintask.exe [W32/FunLove.Clear] PROC_TERMINATE_BY_NAME0=FLCSS.EXE FILE_DELETE_BY_PATH0=%SystemRoot%\FLCSS.EXE PATH_MAKE_BY_PATH0=%SystemRoot%\FLCSS.EXE,1,HSR SERVICE_DELETE_BY_NAME0=FLC REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,FLC [W32/PrettyPark.Clear] REGISTRY_SET_KEY_VALUE0=HKEY_CLASSES_ROOT,exefile\shell\open\command,"",""%1" %*" PROC_TERMINATE_BY_NAME0=FILES32.VXD FILE_DELETE_BY_PATH0=%SystemRoot%\FILES32.VXD [VBS/Help.Clear] FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_CURRENT_USER,SOFTWARE\Help,wallPaper FILE_DELETE_BY_PATH0=%WindowsRoot%\UNTITLED.HTM REGISTRY_DELETE_KEY0=HKEY_CURRENT_USER,SOFTWARE\Help REGISTRY_SET_KEY_VALUE0=HKEY_CURRENT_USER,Control Panel\Desktop,Wallpaper,"" [W32/SirCam.Clear.NT] PROC_TERMINATE_BY_NAME0=SIRC32.EXE PROC_TERMINATE_BY_NAME1=SCAM32.EXE PROC_TERMINATE_BY_NAME2=RUN32.EXE PROC_TERMINATE_BY_NAME3=RUNDLL32.EXE REGISTRY_SET_KEY_VALUE0=HKEY_CLASSES_ROOT,exefile\shell\open\command,"",""%1" %*" FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices,Driver32 REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices,Driver32 REGISTRY_DELETE_KEY0=HKEY_LOCAL_MACHINE,SOFTWARE\SirCam FILE_DELETE_BY_PATH00=%RecycledRoot%\SIRC32.EXE FILE_DELETE_BY_PATH01=%SystemRoot%\SCD.DLL FILE_DELETE_BY_PATH02=%SystemRoot%\SCW1.DLL FILE_DELETE_BY_PATH03=%SystemRoot%\SCI1.DLL FILE_DELETE_BY_PATH04=%SystemRoot%\SCY1.DLL FILE_DELETE_BY_PATH05=%SystemRoot%\SCH1.DLL FILE_DELETE_BY_PATH06=%SystemRoot%\SCT1.DLL FILE_DELETE_BY_PATH07=%WindowsRoot%\ScMx32.exe FILE_DELETE_BY_PATH08=%StartUpRoot%\Microsoft Internet Office.exe FILE_DELETE_BY_PATH09=%RecycledRoot%\SIRCAM.SYS FILE_DELETE_BY_PATH10=%Root%\SIRC32.EXE FILE_REPLACE_TEXT0=%Root%\AUTOEXEC.BAT,"@win \recycled\sirc32.exe","",FALSE FILE_REPLACE_TEXT1=%WindowsRoot%\WIN.INI,"SirC32.exe="C:\SirC32.exe"","",FALSE REGISTRY_REPLACE_TEXT_IN_VALUE0=HKEY_CLASSES_ROOT,"inffile\shell\Install\command","","RUN32.EXE","RUNDLL32.EXE",FALSE REGISTRY_REPLACE_TEXT_IN_VALUE1=HKEY_CLASSES_ROOT,"Unknown\shell\openas\command","","RUN32.EXE","RUNDLL32.EXE",FALSE FILE_MOVE_BY_PATH_TO_PATH0=%SystemRoot%\RUN32.EXE,%SystemRoot%\RUNDLL32.EXE [W32/SirCam.Clear.9X] PROC_TERMINATE_BY_NAME0=SIRC32.EXE PROC_TERMINATE_BY_NAME1=SCAM32.EXE PROC_TERMINATE_BY_NAME2=RUN32.EXE PROC_TERMINATE_BY_NAME3=RUNDLL32.EXE REGISTRY_SET_KEY_VALUE0=HKEY_CLASSES_ROOT,exefile\shell\open\command,"",""%1" %*" FILE_DELETE_BY_REGISTRY_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices,Driver32 REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices,Driver32 REGISTRY_DELETE_KEY0=HKEY_LOCAL_MACHINE,SOFTWARE\SirCam FILE_DELETE_BY_PATH00=%RecycledRoot%\SIRC32.EXE FILE_DELETE_BY_PATH01=%SystemRoot%\SCD.DLL FILE_DELETE_BY_PATH02=%SystemRoot%\SCW1.DLL FILE_DELETE_BY_PATH03=%SystemRoot%\SCI1.DLL FILE_DELETE_BY_PATH04=%SystemRoot%\SCY1.DLL FILE_DELETE_BY_PATH05=%SystemRoot%\SCH1.DLL FILE_DELETE_BY_PATH06=%SystemRoot%\SCT1.DLL FILE_DELETE_BY_PATH07=%WindowsRoot%\ScMx32.exe FILE_DELETE_BY_PATH08=%StartUpRoot%\Microsoft Internet Office.exe FILE_DELETE_BY_PATH09=%RecycledRoot%\SIRCAM.SYS FILE_DELETE_BY_PATH10=%Root%\SIRC32.EXE FILE_REPLACE_TEXT0=%Root%\AUTOEXEC.BAT,"@win \recycled\sirc32.exe","",FALSE FILE_REPLACE_TEXT1=%WindowsRoot%\WIN.INI,"SirC32.exe="C:\SirC32.exe"","",FALSE REGISTRY_REPLACE_TEXT_IN_VALUE0=HKEY_CLASSES_ROOT,"inffile\shell\Install\command","","RUN32.EXE","RUNDLL.EXE",FALSE REGISTRY_REPLACE_TEXT_IN_VALUE1=HKEY_CLASSES_ROOT,"Unknown\shell\openas\command","","RUN32.EXE","RUNDLL32.EXE",FALSE FILE_MOVE_BY_PATH_TO_PATH0=%WindowsRoot%\RUN32.EXE,%WindowsRoot%\RUNDLL32.EXE [W32/Nimda.Clear] PROC_TERMINATE_BY_NAME0=LOAD.EXE FILE_DELETE_BY_PATH00=%WindowsRoot%\MMC.EXE FILE_DELETE_BY_PATH01=%WindowsRoot%\CSRSS.EXE FILE_DELETE_BY_PATH02=%TempRoot%\MEP*.EXE FILE_DELETE_BY_PATH03=%WindowsRoot%\WININIT.INI FILE_REPLACE_TEXT1=%WindowsRoot%\SYSTEM.INI," load.exe -dontrunold","",FALSE FILE_DELETE_BY_PATH04=%TempRoot%\MEP*.* FILE_DELETE_BY_PATH05=%WindowsRoot%\MEP*.* FILE_DELETE_BY_PATH06=%SystemRoot%\LOAD.EXE USER_DISABLE_BY_NAME0=guest FILE_DELETE_BY_PATH07=C:\ADMIN.DLL FILE_DELETE_BY_PATH08=D:\ADMIN.DLL FILE_DELETE_BY_PATH09=E:\ADMIN.DLL FILE_DELETE_BY_PATH10=C:\HTTPODBC.DLL FILE_DELETE_BY_PATH11=D:\HTTPODBC.DLL FILE_DELETE_BY_PATH12=E:\HTTPODBC.DLL FILE_DELETE_BY_PATH13=C:\INETPUB\WWWROOT\TFTP* FILE_DELETE_BY_PATH14=C:\INETPUB\SCRIPTS\TFTP* FILE_DELETE_BY_PATH15=D:\INETPUB\WWWROOT\TFTP* FILE_DELETE_BY_PATH16=D:\INETPUB\SCRIPTS\TFTP* FILE_DELETE_BY_PATH17=E:\INETPUB\WWWROOT\TFTP* FILE_DELETE_BY_PATH18=E:\INETPUB\SCRIPTS\TFTP* FILE_DELETE_BY_PATH19=F:\INETPUB\WWWROOT\TFTP* FILE_DELETE_BY_PATH20=F:\INETPUB\SCRIPTS\TFTP* FILE_DELETE_BY_PATH21=G:\INETPUB\WWWROOT\TFTP* FILE_DELETE_BY_PATH22=G:\INETPUB\SCRIPTS\TFTP* [W32/Vote.Clear] FILE_DELETE_BY_PATH00=%SystemRoot%\Zacker.vbs FILE_DELETE_BY_PATH01=%WindowsRoot%\MixDaLaL.vbs FILE_DELETE_BY_PATH02=%WindowsRoot%\WTC.exe REGISTRY_DELETE_KEY_VALUE0=HKEY_LOCAL_MACHINE,Software\Microsoft\Windows\CurrentVersion\Run,Norton.Thar REGISTRY_SET_KEY_VALUE_IF_EQUAL0=HKEY_CURRENT_USER,Software\Microsoft\Internet Explorer\Main,Start Page,http://us.f1.yahoofs.com/users/da36d538/bc/TimeUpdate.exe?bcaVq97ATaW0yAxk,http://www.pandasoftware.com FILE_REPLACE_TEXT0=%Root%\AUTOEXEC.BAT,"echo y | format C:","",FALSE [ByteStrings] KAK_A=4B414B2E48544D KAK_B=44454641554C542E48544D