To complicate detection of its presence in the operating system,
blocks the following features:
- User Account Control (UAC)
Creates and executes the following:
- '%APPDATA%\drivers\winupgro.exe'
Terminates or attempts to terminate
a large number of user processes.
Searches for windows to
detect analytical utilities:
- ClassName: '(null)' WindowName: 'Process Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'RegmonClass' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'GBDYLLO' WindowName: '(null)'
- ClassName: 'OLLYDBG' WindowName: '(null)'
- ClassName: 'FilemonClass' WindowName: '(null)'
- ClassName: 'pediy06' WindowName: '(null)'
Restores hooked functions in System Service Descriptor Table (SSDT).
Hides the following processes:
- %APPDATA%\drivers\winupgro.exe