Dranus

Posted: March 28, 2006

Dranus is a dangerous macro virus that infects Microsoft Word documents and attempts to destroy the entire computer. The spyware modifies Microsoft Word essential security settings and disables its virus protection feature. It also turns off certain Windows security functions and changes the computer clock time. Dranus removes all executable files located in the root of the main hard disk and main computer directory , destroys all software installed into C:Program Files folder and wipes out everything from default document locations C:My Documents and C:My Shared Documents. The virus may show a particular picture and certain messages. Dranus uses files with different names.

Registry Modifications

The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USERSoftwareMicrosoftOffice9.0WordSecurityLevel=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternetSettingsones1201=0HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoControlPanel=31HKEY_LOCAL_MACHINESOFTWAREMicrosoftRonerDronus=activatedvirusHKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurityCenterAntiVirusDisableNotify=d001HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurityCenterAntiVirusOverride=d001HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurityCenterFirewallDisableNotify=d001HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurityCenterFirewallOverride=d001HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurityCenterUpdatesDisableNotify=d001HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAutoUpdateNOptions=31HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlComputerNameComputerNameComputerName=XFL45-Evolution

Dranus

Registry Modifications

Leave a Reply