|
Malware -
Viruses
|
- creates files in the c:\windows\system32 files with random names, the names are composed of 8 random letters, files with extension .dll and one with extension .exe
most of the .dll files store e-mail addresses, a .dll file and the .exe file are copies of the virus
- Regedit, Task Manager, Task Monitor are disabled
- A process called "link" in created in the memory
- The following registry keys are created
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\"_Hazafibb"="%SYSTEM%\%random%.exe"]
%random% is a name formed from 8 random characters
[HKEY_LOCAL_MACHINE\Software\Microsoft\_Hazafibb]
|
|
