Ciri-ciri dari virus Alman ini adalah sebagai berikut :
C:\Windows\linkinfo.dll
C:\Windows\System32\drivers\LsDrv118.sys
C:\Windows\system32\drivers\nvmini.sys
C:\Windows\System32\drivers\cdralw.sys
C:\Windows\System32\drivers\riodrvs.sys
C:\Windows\System32\drivers\DKIs6.sys
merubah dan menambahkan registry windows
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\%file%]
- DisplayName = ‘NVIDIA Compatible Windows Miniport Driver’
- Imagepath = “%system%\drivers\%file%.sys”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_%file%]
- NextInstance = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_%file%000]
- Service = %file%
- Legacy = 1
- ConfigFlags = 0
- Class = LegacyDriver
- ClassGUID = “{8ECC055D-047F-11D1-A537-0000F8753ED1}”
- DevicesDesc = %file%
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_%file%000\Control]
- NewlyCreated = 0
- ActiveService = %file%
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\%file%
- DisplayName = RioDrvs Usb Driver
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\%file%
- DisplayName = RioDrvs Usb Driver
Posted by joseph23 
