Sapaq


Difusión: Baja Fecha de Alta:14-06-2009
Última Actualización:14-06-2009

Daño: Bajo

Dispersibilidad: Medio

Nombre completo: Virus.W32/Sapaq @LAN

Tipo: [Virus] - Virus Genérico, normalmente se propaga infectando archivos ejecutables.
Plataforma: [W32] - Ejecutable PE (.EXE, .SCR, .DLL) que corre en Windows de 32 bits: 95, 98, Me, NT, 2000, XP, 2003
Mecanismo principal de difusión: [LAN] - Redes de área local
Tamaño (bytes): 81463

Alias:W32.Sapaq (Symantec)

Método Infección/Efectos

# Se copia a si mismo:

* %System%\drivers\TXP1atform.exe

# Crea los siguientes ficheros:

* %System%\drivers\JM.SYS
* %CommonProgramFiles%\Desktop_1.ini (no malicioso)
* %CommonProgramFiles%\Desktop_2.ini (no malicioso)

# Borra el archivo HOSTS
# Introduce esta entrada en el registro para ejecutarse cada vez que Windows se inicia:

Código:
Clave: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\

Valor: "Explorer" = "%System%\drivers\TXP1atform.exe"
Registra el fichero JM.SYS como servicio del sistema:

Código:
Clave: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DMusic\

Valor: "ImagePath" = "%System%\drivers\JM.SYS"
Ademas crea las siguientes entradas en el registro:

Código:
Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\

Valor: "Debugger" = "ntsd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\360hotfix.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\360rpt.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\360safe.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\360safebox.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\360tray.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\agentsvr.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\apvxdwin.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\ast.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\avcenter.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\avengine.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\avgnt.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\avguard.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\avltmain.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\avp.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\avp32.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\avtask.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\bdagent.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\bdwizreg.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\boxmod.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\ccapp.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\ccenter.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\ccevtmgr.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\ccregvfy.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\ccsetmgr.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\DrvAnti.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\ÐÞ¸´¹¤¾ß.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\egui.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\ekrn.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\extdb.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\frameworkservice.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\frwstub.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\guardfield.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\iparmor.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\kaccore.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\kasmain.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\kav32.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\kavstart.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\kavsvc.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\kavsvcui.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\kislnchr.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\kissvc.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\kmailmon.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\knownsvr.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\kpfw32.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\kpfwsvc.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\kregex.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\kvfw.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\kvmonxp.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\kvmonxp.kxp\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\kvol.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\kvprescan.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\kvsrvxp.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\kvwsc.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\kvxp.kxp\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\kwatch.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\livesrv.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\makereport.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\mcagent.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\mcdash.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\mcdetect.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\mcshield.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\mctskshd.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\mcvsescn.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\mcvsshld.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\mghtml.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\naprdmgr.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\navapsvc.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\navapw32.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\navw32.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\nmain.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\nod32.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\nod32krn.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\nod32kui.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\npfmntor.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\oasclnt.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\pavsrv51.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\pfw.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\psctrls.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\psimreal.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\psimsvc.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\qqdoctormain.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\ras.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\ravmon.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\ravmond.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\ravstub.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\ravtask.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\rfwcfg.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\rfwmain.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\rfwproxy.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\rfwsrv.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\rsagent.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\rsmain.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\rsnetsvr.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\rssafety.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\rstray.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\safebank.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\safeboxtray.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\scan32.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\scanfrm.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\sched.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\seccenter.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\secnotifier.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\SetupLD.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\shstat.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\smartup.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\sndsrvc.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\spbbcsvc.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\symlcsvc.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\tbmon.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\uihost.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\ulibcfg.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\updaterui.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\uplive.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\vcr32.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\vcrmon.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\vptray.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\vsserv.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\vstskmgr.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\vstskmgr.exe \

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\webproxy.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\xcommsvr.exe\

Valor: "Debugger" = "nstd -d"

Clave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\xnlscn.exe\

Valor: "Debugger" = "nstd -d"
# El virus intenta conectarse a traves del puerto 80 a la IP:

* 60.173.10.53

# Descarga software malicioso adicional de:

* http://114baines.com/goto/down[borrado]
* http://52cps.com/goto/down[borrado]
* http://ipshougou.com/goto/down[borrado]
* http://tj.114anhui.com/down/qqma[borrado] (detectado como Trojan.KillAV)

# Intenta realizar conexiones a traves del puerto 139, dentro de la subred, para infectar otros equipos, utilizando las siguientes claves:

* 000000
* 007
* 110
* 111
* 1111
* 111111
* 11111111
* 121212
* 123
* 123123
* 1234
* 12345
* 123456
* 1234567
* 12345678
* 123456789
* 1234qwer
* 123abc
* 123asd
* 123qwe
* 1313
* 2002
* 2003
* 2112
* 2600
* 5150
* 520
* 5201314
* 54321
* 654321
* 6959
* 7777
* 88888888
* aaa
* abc
* abc123
* abcd
* admin
* admin123
* administrator
* alpha
* asdf
* baseball
* ccc
* computer
* database
* enable
* fish
* fuck
* fuckyou
* god
* godblessyou
* golf
* Guest
* harley
* home
* ihavenopass
* letmein
* Login
* love
* mustang
* mypass
* mypass123
* mypc
* mypc123
* owner
* pass
* passwd
* password
* pat
* patrick
* pussy
* pw123
* pwd
* qq520
* qwer
* qwerty
* Root
* server
* sex
* shadow
* super
* sybase
* temp
* temp123
* test
* test123
* win
* xxx
* yxcv
* zxcv

FUENTE: Alerta-Antivirus.es: Detalles del virus Sapaq