• Domingo 22 de Diciembre de 2024, 20:04

Autor Tema:  Sigougou  (Leído 1615 veces)

RadicalEd

  • Moderador
  • ******
  • Mensajes: 2430
  • Nacionalidad: co
    • Ver Perfil
Sigougou
« en: Viernes 14 de Noviembre de 2008, 14:32 »
0
Datos Técnicos
Peligrosidad: 3 - Media
Difusión: Baja
Fecha de Alta: 14-11-2008
Última Actualización: 14-11-2008
Daño: Alto
[Explicación de los criterios]
Dispersibilidad: Alto
Nombre completo: Worm.W32/Sigougou@US    
Tipo: [Worm] - Programa que se replica copiándose entero (sin infectar otros ficheros) en la máquina infectada, y a través de redes de ordenadores
Plataforma: [W32] - Ejecutable PE (.EXE, .SCR, .DLL) que corre en Windows de 32 bits: 95, 98, Me, NT, 2000, XP, 2003 y Vista
Mecanismo principal de difusión: [US] - Unidades del sistema (locales, mapeadas, extraíbles).
Tamaño (bytes): 180704
Alias: W32/Sigougou (PerAntivirus), W32.Sigougou (Symantec)
Detalles
Método de Infección/Efectos

Gusano que infecta las unidades lógicas existentes en la Red Local (LAN) y en los equipos personales. Borra llaves de registro para impedir que el sistema sea reiniciado en Modo Seguro.
Deshabilita múltiples procesos relacionados a seguridad del sistema, impide la ejecución de programas y descarga malware de un sitio web chino, alojado en un servidor de Florida, USA.

Una vez ingresado al sistema se copia a la siguientes rutas con los nombres:

    * %System%sbsb.exe
    * %SystemDrive%sbsb.exe

Nota:%System% es una variable que hace referencia al directorio del sistema de Windows. Por defecto es C:WindowsSystem (Windows 95/98/Me), C:WinntSystem32 (Windows NT/2000), o C:WindowsSystem32 (Windows XP).

%SystemDrive% es una variable que hace referencia a la unidad en la que Windows está instalado. Por defecto es C:.

Para ejecutarse la próxima vez que se re-inicie el sistema crea la siguientes claves de registro:

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun

Valor: "sbsb" = "%System%sbsb.exe"

En el siguiente inicio del equipo, el gusano deshabilita el Administrador de la Barra de Tareas y Acceso a Actualizaciones de Windows con las claves de registro:

Clave: HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

Valor: "DisableTaskMgr" = "01, 00, 00, 00"

Clave: HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

Valor: "DisableWindowsUpdateAccess" = "01, 00, 00, 00"

Para impedir la ejecución de diversos programas relacionados con software de seguridad y control, genera las siguientes claves en el registro:

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Options360hotfix.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Options360rpt.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Options360Safe.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Options360safebox.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Options360tray.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionsadam.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsAgentSvr.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsAntiArp.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsAppSvc32.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionsarvmon.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsAutoGuarder.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionsautoruns.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionsavgrssvc.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsAvMonitor.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionsavp.com

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionsavp.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsCCenter.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsccSvcHst.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsFileDsty.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionsfindt2005.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsFTCleanerShell.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsHijackThis.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsIceSword.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionsiparmo.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsIparmor.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsIsHelp.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsisPwdSvc.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionskabaload.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsKaScrScn.SCR

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsKASMain.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsKASTask.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsKAV32.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsKAVDX.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsKAVPFW.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsKAVSetup.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsKAVStart.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionskillhidepid.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsKISLnchr.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsKMailMon.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsKMFilter.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsKPFW32.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsKPFW32X.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsKPFWSvc.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsKRegEx.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsKRepair.COM

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsKsLoader.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsKVCenter.kxp

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsKvDetect.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionskvfw.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsKvfwMcl.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsKVMonXP.kxp

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsKVMonXP_1.kxp

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionskvol.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionskvolself.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsKvReport.kxp

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsKVScan.kxp

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsKVSrvXP.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsKVStub.kxp

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionskvupload.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionskvwsc.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsKvXP.kxp

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsKvXP_1.kxp

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsKWatch.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsKWatch9x.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsKWatchX.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionsloaddll.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsMagicSet.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionsmcconsol.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionsmmqczj.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionsmmsk.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsNAVSetup.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionsnod32krn.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionsnod32kui.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsPFW.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsPFWLiveUpdate.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsQHSET.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsRas.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsRav.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsRavCopy.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsRavMon.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsRavMonD.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsRavStore.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsRavStub.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionsravt08.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsRavTask.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsRegClean.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionsrfwcfg.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsRfwMain.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionsrfwolusr.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsrfwProxy.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionsrfwsrv.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsRsAgent.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsRsaupd.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionsruniep.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionssafebank.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionssafeboxTray.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionssafelive.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionsscan32.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionsshcfg32.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionssmartassistant.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsSmartUp.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsSREng.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsSREngPS.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionssymlcsvc.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution Optionssyscheck.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsSyscheck2.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsSysSafe.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsToolsUp.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsTrojanDetector.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsTrojanwall.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsTrojDie.kxp

Valor: Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsUIHost.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsUmxAgent.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsUmxAttachment.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsUmxCfg.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsUmxFwHlp.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsUmxPol.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsUpLive.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Image File Execution OptionsWoptiClean.exe

Valor: Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion

Image File Execution Optionszxsweep.exe

Valor: Debugger" = "ntsd -d"

Para impedir que el sistema pueda ser reiniciado en Modo Seguro, borra las claves:

Clave: HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimal

{4D36E967-E325-11CE-BFC1-08002BE10318}

Valor: "default" = "DiskDrive"

Clave: HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetwork

{4D36E967-E325-11CE-BFC1-08002BE10318}

Valor: "default" = "DiskDrive"

Clave: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal

{4D36E967-E325-11CE-BFC1-08002BE10318}

Valor: "default" = "DiskDrive"

Clave: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork

{4D36E967-E325-11CE-BFC1-08002BE10318}

Valor: "default" = "DiskDrive"

Finalmente, intenta decargar aleatoriamente un archivo desde un sitio web Chino, ubicado en un hosting de los Estados Unidos:

    * http://nb88.cn/ad/list[Eliminado]

Método de Propagación

Sigougou se propaga a través de redes con recursos compartidos configuradas con contraseñas débiles. Y además se propaga copiándose a todos los discos fijos y unidades lógicas y extraíbles

Para ejecutarse cada vez que se acceda a discos fijos, unidades lógicas y redes con recursos compartidos crea el siguiente archivo:

    * %SystemDrive%AutoRun.inf

Otros detalles

Está desarrollado en Assembler con una extensión de 180,704 y comprimido con rutinas propias.
El pasado son solo recuerdos, el futuro son solo sueños