New Malware v5 improved

[Matt]

optimized detection rules for Team Spybot

Category: Trojan

Code:

:: New Malware v5 improved
// Revision 1
// {Cat:Trojan}{Cnt:1}
// {Det:Matt,2009-05-15}

// Die Datei internat.exe von Windows befindet sich im Ornder system32 !!
// Troj/Lydra-F:
AutoRun:"internat","<$WINDIR>\internat.exe","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","internat"
File:"<$FILE_EXE>","<$WINDIR>\internat.exe"

// W32.Aimdes.B Worm:
AutoRun:"SYS32DLL","SYS32DLL","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","SYS32DLL"
File:"<$FILE_EXE>","SYS32DLL"

// Adware.AdRotator:
//BrowserHelperEx:"adssite","flagfile=1"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{d2664ebb-ee0a-0693-81bc-b9f05f0b0c13}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{d2664ebb-ee0a-0693-81bc-b9f05f0b0c13}"

// Trojan:Win32/Ertfor.A
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{C2BA40A1-74F3-42BD-F434-12345A2C8953}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{C2BA40A1-74F3-42BD-F434-12345A2C8953}"
AutoRun:"autochk","<$SYSDIR>\autochk.dll","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","autochk"
File:"<$FILE_EXE>","<$SYSDIR>\autochk.dll"
AutoRun:"autochk","<$LOCALSETTINGS>\protect.dll","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","autochk"
File:"<$FILE_EXE>","<$LOCALSETTINGS>\protect.dll"

// Trojan.Agent, die letzten drei Buchstaben des Dateinamen sind zufällig, daher habe ich beim ersten Eintrag anstatt "48" drei Sternchen gewählt:
AutoRun:"Hotfix-KB5504305","<$SYSDIR>\rundll*.exe","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","Hotfix-KB5504305"
File:"<$FILE_EXE>","<$SYSDIR>\rundll48.exe"
RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","Hotfix-KB5504305"

// Trojan.Dropper, CLSID ist zufällig!!:
RegyKey:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\Protocols\Filter\","text/html","CLSID={********-****-****-****-************}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dsound3dd.dll"

// Virtumonde:
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{57049016-abee-46e3-8078-af54e8b923b7}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{57049016-abee-46e3-8078-af54e8b923b7}"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{37113941-f025-4a5f-9552-2a649db45b2e}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{37113941-f025-4a5f-9552-2a649db45b2e}"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{8e0e651f-50c6-49ba-9f39-943b1cddbde1}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{8e0e651f-50c6-49ba-9f39-943b1cddbde1}"
//BrowserHelperEx:"{69936232-80b2-5d0a-fef4-927ed56d538a}","flagfile=1"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{a835d65d-e729-4fef-a0d5-2b0823263996}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{a835d65d-e729-4fef-a0d5-2b0823263996}"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{bf58be34-47c6-4b8b-84e3-f401fae73864}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{bf58be34-47c6-4b8b-84e3-f401fae73864}"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{bfd12117-ea21-48c1-ae5f-ba3ead6e238e}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{bfd12117-ea21-48c1-ae5f-ba3ead6e238e}"
//BrowserHelperEx:"{ac940494-3e8d-bcab-6ff4-b221d98a62d4}","flagfile=1"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{4d26a89d-122b-4ff6-bacb-d8e3494049ca}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{4d26a89d-122b-4ff6-bacb-d8e3494049ca}"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{a50cc7d6-fe12-4731-a173-d8645ee9b928}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{a50cc7d6-fe12-4731-a173-d8645ee9b928}"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{0624A090-5F6C-4C22-BE65-257EA19DF66e}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{0624A090-5F6C-4C22-BE65-257EA19DF66e}"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{45F516EF-C127-4BA0-8C4A-57CAC3EF413D}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{45F516EF-C127-4BA0-8C4A-57CAC3EF413D}"
//BrowserHelperEx:"<$SYSDIR>\afnoinkdsfe.dll","flagfile=1"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{C2BA40A1-74F3-42BD-F434-12345A2C8953}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{C2BA40A1-74F3-42BD-F434-12345A2C8953}"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{f9328a9a-e18c-478e-b89b-bc896a7c9b6e}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{f9328a9a-e18c-478e-b89b-bc896a7c9b6e}"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{6be51ef0-2f9f-4040-8603-0c5563bc2b84}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{6be51ef0-2f9f-4040-8603-0c5563bc2b84}"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{223bc51b-65af-483d-a152-d0e0b74628c6}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{223bc51b-65af-483d-a152-d0e0b74628c6}"
//BrowserHelperEx:"<$SYSDIR>\yhs783ijfo3fe.dll","flagfile=1"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{b2ba40a2-74f0-42bd-f434-12345a2c8953}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{b2ba40a2-74f0-42bd-f434-12345a2c8953}"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{393b4588-eb00-40fa-819d-5d3369b72b1d}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{393b4588-eb00-40fa-819d-5d3369b72b1d}"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{97BCD40C-98F3-4B3F-A7D8-954AFCF5D3B9}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{97BCD40C-98F3-4B3F-A7D8-954AFCF5D3B9}"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{C80CD2BB-D729-4AD9-A182-9B0EA9B00360}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{C80CD2BB-D729-4AD9-A182-9B0EA9B00360}"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{D5F4C762-F161-4B0E-A29E-FCF811937B9E}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{D5F4C762-F161-4B0E-A29E-FCF811937B9E}"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\","SSODL","SSODL={EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{33346FF9-BBF4-4250-80D7-A6D0E9C6EC35}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{33346FF9-BBF4-4250-80D7-A6D0E9C6EC35}"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{4BEBF74A-42B6-4F1B-A1E1-C058FB4F152b}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{4BEBF74A-42B6-4F1B-A1E1-C058FB4F152b}"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{93744D69-6EB2-4082-8095-F328BF6994F6}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{93744D69-6EB2-4082-8095-F328BF6994F6}"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{E4AF23CA-3256-4B08-9CCB-6AB104BAEE8b}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{E4AF23CA-3256-4B08-9CCB-6AB104BAEE8b}"
//BrowserHelperEx:"<$SYSDIR>\afnoinkdsfe.dll","flagfile=1"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{C2BA40A1-74F3-42BD-F434-12345A2C8953}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{C2BA40A1-74F3-42BD-F434-12345A2C8953}"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{038ACA2F-16F3-4B4A-B905-ED3F17C22C7c}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{038ACA2F-16F3-4B4A-B905-ED3F17C22C7c}"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{21F0578D-EED7-4F18-A04D-901E866FD9DF}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{21F0578D-EED7-4F18-A04D-901E866FD9DF}"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{232D2677-68EE-4FA1-B988-279EBC8969ED}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{232D2677-68EE-4FA1-B988-279EBC8969ED}"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{96403BCF-73C3-40C1-8867-AECB77078B25}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{96403BCF-73C3-40C1-8867-AECB77078B25}"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{AB9C44D8-4752-4BFC-97E0-612B61A878B3}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{AB9C44D8-4752-4BFC-97E0-612B61A878B3}"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{B0D8EED5-12DE-4837-8797-4847471A2014}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{B0D8EED5-12DE-4837-8797-4847471A2014}"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{C0B3DCB7-925D-46F4-9BAA-7A7420FDE186}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{C0B3DCB7-925D-46F4-9BAA-7A7420FDE186}"

AutoRun:"*","<$SYSDIR>\sevayija.dll","flagifnofile=0"
AutoRun:"prnet","<$SYSDIR>\prnet.tmp","flagifnofile=1"
AutoRun:"CPM*","<$SYSDIR>\lehevusa.dll","flagifnofile=1"
AutoRun:"*","<$SYSDIR>\yejedotu.dll","flagifnofile=0"
AutoRun:"*","<$SYSDIR>\nuhakiko.dll","flagifnofile=0"
AutoRun:"CPM*","<$SYSDIR>\guluzemu.dll","flagifnofile=1"
AutoRun:"*","<$SYSDIR>\vezowolu.dll","flagifnofile=0"
AutoRun:"*","<$SYSDIR>\dubavalu.dll","flagifnofile=0"
AutoRun:"*","<$SYSDIR>\yovalono.dll","flagifnofile=0"
AutoRun:"CPM*","<$SYSDIR>\bofuwike.dll","flagifnofile=1"
AutoRun:"*","<$SYSDIR>\rewagiki.dll","flagifnofile=0"
AutoRun:"CPM*","<$SYSDIR>\bivakiru.dll","flagifnofile=1"
AutoRun:"*","<$SYSDIR>\kegakise.dll","flagifnofile=1"

RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","wuhelufizo"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","prnet"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","CPMb713b0db"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","b4208347"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","kigobekoha"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","CPMf7256025"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","f41653b9"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","jukaveraki"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","2cee2ecf"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","CPM2fdd1d53"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","pijupakapa"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","CPM13cf6fdb"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","tevobiribe"

RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","prnet"

RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","<$SYSDIR>\tenejepu.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","<$SYSDIR>\pufivaha.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","<$SYSDIR>\gakikedo.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","<$SYSDIR>\lehevusa.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","<$SYSDIR>\tadupele.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","<$SYSDIR>\kawolumi.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","<$SYSDIR>\jarizasu.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","<$SYSDIR>\bofuwike.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","<$SYSDIR>\yukikono.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","<$SYSDIR>\jiligija.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","<$SYSDIR>\bivakiru.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","<$SYSDIR>\wipoveku.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","<$SYSDIR>\bonafefa.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","<$SYSDIR>\bizuzuti.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","<$SYSDIR>\kajovofu.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","<$SYSDIR>\vajarusu.dll"

RegyKey:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\","akgqpynq","DllName=<$SYSDIR>\hezgzdm.dll"
RegyKey:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\","__c006610E","DllName=<$SYSDIR>\__c006610E.dat"
RegyKey:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\","oczafztk","DllName=<$SYSDIR>\mtmuwhf.dll"

RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\","SSODL","SSODL={EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"

RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\","STS","STS={EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\","sdfsefsfdvdubgiungfuyd","sdfsefsfdvdubgiungfuyd={C2BA40A1-74F3-42BD-F434-12345A2C8953}"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\","jso8joigm409gopgmrlgd","jso8joigm409gopgmrlgd={B2BA40A2-74F0-42BD-F434-12345A2C8953}"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\","STS","STS={EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\","sdfsefsfdvdubgiungfuyd","sdfsefsfdvdubgiungfuyd={C2BA40A1-74F3-42BD-F434-12345A2C8953}"

File:"<$FILE_EXE>","<$SYSDIR>\sevayija.dll"
File:"<$FILE_EXE>","<$SYSDIR>\prnet.tmp"
File:"<$FILE_EXE>","<$SYSDIR>\lehevusa.dll"
File:"<$FILE_EXE>","<$SYSDIR>\yejedotu.dll"
File:"<$FILE_EXE>","<$SYSDIR>\nuhakiko.dll"
File:"<$FILE_EXE>","<$SYSDIR>\guluzemu.dll"
File:"<$FILE_EXE>","<$SYSDIR>\vezowolu.dll"
File:"<$FILE_EXE>","<$SYSDIR>\dubavalu.dll"
File:"<$FILE_EXE>","<$SYSDIR>\yovalono.dll"
File:"<$FILE_EXE>","<$SYSDIR>\bofuwike.dll"
File:"<$FILE_EXE>","<$SYSDIR>\rewagiki.dll"
File:"<$FILE_EXE>","<$SYSDIR>\bivakiru.dll"
File:"<$FILE_EXE>","<$SYSDIR>\kegakise.dll"
File:"<$FILE_WEBPAGE>","<$SYSDIR>\tenejepu.dll"
File:"<$FILE_WEBPAGE>","<$SYSDIR>\pufivaha.dll"
File:"<$FILE_WEBPAGE>","<$SYSDIR>\gakikedo.dll"
File:"<$FILE_WEBPAGE>","<$SYSDIR>\lehevusa.dll"
File:"<$FILE_WEBPAGE>","<$SYSDIR>\tadupele.dll"
File:"<$FILE_WEBPAGE>","<$SYSDIR>\kawolumi.dll"
File:"<$FILE_WEBPAGE>","<$SYSDIR>\bofuwike.dll"
File:"<$FILE_WEBPAGE>","<$SYSDIR>\yukikono.dll"
File:"<$FILE_WEBPAGE>","<$SYSDIR>\jarizasu.dll"
File:"<$FILE_WEBPAGE>","<$SYSDIR>\jiligija.dll"
File:"<$FILE_WEBPAGE>","<$SYSDIR>\bivakiru.dll"
File:"<$FILE_WEBPAGE>","<$SYSDIR>\wipoveku.dll"
File:"<$FILE_WEBPAGE>","<$SYSDIR>\bonafefa.dll"
File:"<$FILE_WEBPAGE>","<$SYSDIR>\bizuzuti.dll"
File:"<$FILE_WEBPAGE>","<$SYSDIR>\kajovofu.dll"
File:"<$FILE_WEBPAGE>","<$SYSDIR>\vajarusu.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\lehevusa.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\lehevusa.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\guluzemu.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\guluzemu.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\hezgzdm.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\kawolumi.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\afnoinkdsfe.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\kawolumi.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\bofuwike.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\bofuwike.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\yhs783ijfo3fe.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\bivakiru.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\__c006610E.dat"
File:"<$FILE_LIBRARY>","<$SYSDIR>\afnoinkdsfe.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\mtmuwhf.dll"

// You NEED the name of this LSP and use it with Winsock, do NOT just use this file command!
// Winsock:"ntdll64.dll","0"
//Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll

// Unbekannter Trojaner, wahrscheinlich Virtumonde:
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{B585F945-4782-4863-A3E7-27C02D4C4929}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{B585F945-4782-4863-A3E7-27C02D4C4929}"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{D810B78A-D010-44DF-8445-AC58086B600E}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{D810B78A-D010-44DF-8445-AC58086B600E}"
RegyKey:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\","cbXOHWPf","DllName=<$SYSDIR>\cbXOHWPf.dll"
RegyKey:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\","mlJAqqRL","DllName=<$SYSDIR>\mlJAqqRL.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\cbXOHWPf.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\mlJAqqRL.dll"

Downloads: 0	Rating: 5 (rated by 1 user)