Dranus
Dranus is a dangerous macro virus that infects Microsoft Word documents and attempts to destroy the entire computer. The spyware modifies Microsoft Word essential security settings and disables its virus protection feature. It also turns off certain Windows security functions and changes the computer clock time. Dranus removes all executable files located in the root of the main hard disk and main computer directory , destroys all software installed into C:Program Files folder and wipes out everything from default document locations C:My Documents and C:My Shared Documents. The virus may show a particular picture and certain messages. Dranus uses files with different names.
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USERSoftwareMicrosoftOffice9.0WordSecurityLevel=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternetSettingsones 1201=0HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoControlPanel=31HKEY_LOCAL_MACHINESOFTWAREMicrosoftRonerDronus=activatedvirusHKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurityCenterAntiVirusDisableNotify=d001HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurityCenterAntiVirusOverride=d001HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurityCenterFirewallDisableNotify=d001HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurityCenterFirewallOverride=d001HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurityCenterUpdatesDisableNotify=d001HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAutoUpdateNOptions=31HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlComputerNameComputerNameComputerName=XFL45-Evolution
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.