Home Malware Programs Viruses Rendul

Rendul

Posted: March 28, 2006

Rendul is a dangerous macro virus that infects Microsoft Word documents.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 exemple.doc
    2 girls.doc
    3 information.doc
    4 joke.doc
    5 list.doc
    6 music.doc
    7 news.doc

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USERSoftwareMicrosoftOffice10.0WordSecurityLevel=1HKEY_CURRENT_USERSoftwareMicrosoftOffice9.0WordSecurityLevel=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoClose=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoCloseKey=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoFavoritesMenu=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoFind=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoRun=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoSaveSettings=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoSetFolders=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoSetTaskbar=HJx02HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoViewContextMenu=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableRegistryTools=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableTaskMgr=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsLendurHKEY_CURRENT_USERSoftwarePoliciesMicrosoftWindowsFirewallDomainProfileEnableFirewall=0HKEY_CURRENT_USERSoftwarePoliciesMicrosoftWindowsFirewallStandardProfileEnableFirewall=0HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurityCenterAntiVirusOverride=1HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurityCenterFirewallOverride=1HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorerNoDesktop=HJx03HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsLendurHKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallDomainProfileEnableFirewall=0HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallStandardProfileEnableFirewall=0
Loading...