FrEn

E-mail Print PDF

cradle of filth remover. Patch for the virus cradle_of_filth.vbe
Written by Administrator  |  Friday, 18 September 2009 04:13
AddThis Social Bookmark Button
Information

A rather awkward virus, prohibits certain programs, prohibits the access to certain menus and functionalities of Windows such as the stop button, the access to the registry, thes task manager, the desktop, the files’ options etc…

Open also notepad with each starting of Windows and registered there a parody of "notre Père qui est aux cieux". Notre Gates qui est à Seattle...

The virus cradle of filth is propagated through removable drive, the virus copies periodically there two files autorun.inf and cradle_of_filth.vbe, if you remove them, these two files will go back to their places few seconds after their suppression.



File

The virus puts two files in all removable drive

  • autorun.inf
  • cradle_of_filth.vbe

The virus puts also a file in the System repertory:

  • <system>\cradle_of_filth.vbe

Registry

Creates the registry entry

  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoChangeStartMenu
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoComputersNearMe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrive
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveAutoRun
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoHardwareTab
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsHistory
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsMenu
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoResolveSearch
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoShellSearchButton
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\UncheckedValue

Creates the registry entry

  • HKLM\Software\Microsoft\Command Processor\AutoRun
  • HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR

Replaces the userinit's value

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit
C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe cradle_of_filth.vbe
Must be
C:\Windows\userinit.exe,


ATTENTION This virus launches out automatically each time you open a removable disk, it is thus preferable to download this patch and to decompress it on the desktop and to launch it.
 

Comments  

 
0 #1 p 2009-12-22 05:43
no desktop icons
Quote
 

Add comment


Security code
Refresh

Related articles
Latest posts
Free malware removal tool to remove Dr. Guard
_WRITTEN_BY Administrator 01/03/2010
Dr. Guard is a rogue Antispyware from the Paladin Antivirus Family, it's a malware that pretends to be an Antivirus. It is a wolf in sheep's clothing. It conducts a fake scan of your system; you are…Read more...
Free malware removal tool to remove Paladin Antivirus
_WRITTEN_BY Administrator 27/02/2010
Paladin Antivirus is a rogue Antispyware, a scareware, it's a malware that pretends to be an Antivirus. It is a wolf in sheep's clothing. It conducts a fake scan of your system; you are warned by a…Read more...
Free malware removal tool to remove PC Defender
_WRITTEN_BY Administrator 24/02/2010
PC Defender is a rogue Antispyware, it's a malware that pretends to be an Antivirus. It is a wolf in sheep's clothing. It conducts a fake scan of your system; you are warned by a fake alarm that…Read more...
Free malware removal tool to remove Control Manager
_WRITTEN_BY Administrator 24/02/2010

Control Manager is another fake Antivirus that install itself on your computer. Once installed, it tries to trick you into buying a full version of the program, that doesn't even exist, because…Read more...

Free virus removal tool to remove Mal.Resdro-A
_WRITTEN_BY Administrator 24/02/2010

Resdro-A is a virus that may reprensent a security risk for your system. Mal/Resdro-A shows a Adobe Flash Player Update, ignore this, this is a fake warning.

Once on your system, this fake…Read more...

.
Information | Contact

© All Rights Reserved. net-studio.org 2009