Gatina-B (Win32\Gatina-B)
Typ: Červ
Varianty: Worm/Pintae.A, W32.Pintae.A@mm, W32/Sillyworm.WI,
W32/Namuki, W32/Vanneo.B.worm
OS: MS Windows
Zákeřnost: 4 z 5
Velikost: 41 kb
Popis: Win32\Gatina-B je červem šířícím se jako příloha emailových zpráv. Tento červ je schopen blokovat některé součásti systému a bezpečnostně orientované nástroje.
Po spuštění zkopíruje Win32\Gatina-B sám sebe do následujících souborů:
* %USERPROFILE%\Start Menu\Programs\Startup\MSKernell.bat
* %SYSTEM%\AutoRun.bat
* %WINDOWS%\Exit to DosPrompt.pif
* %WINDOWS%\Mails\DATA.DOC.exe
* %WINDOWS%\Mails\DOCUMENT.DOC.exe
* %WINDOWS%\Mails\INFO.DOC.exe
* %WINDOWS%\Mails\README.DOC.exe
* %WINDOWS%\Mails\TAETAE.TXT.exe
Win32:Gatina-B následně provede několik zápisů do registrů, které zajistí spuštění programu při každém startu Windows.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NOYPI_KANG_ASTI = "%WINDOWS%\Exit to DosPrompt.pif"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\taetae = "%WINDOWS%\Exit to DosPrompt.pif"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\TANG_INA_MO = "%SYSTEM%\AutoRun.bat"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\taengtae = "%SYSTEM%\AutoRun.bat"
A také několik dalších zápisů, které omezí přístup k některým částem systému
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind = "1"
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions NoFindFiles = "1"
Win32:Gatina-B se šíří hromadným rozesíláním emailu s infikovanou přílohou na emailové adresy, které jsou uloženy v adresáři windows (Widnows Address Book). Rozesílané emaily mají následující tvar:
1. Od (jeden z následujících)
* astig@hotmail.com
* noypi@pinoy.com
* Tae@Tae.com
* vaNNeo@viruz.com
* victim@victim.com
* viruz@yahoo.com
* lady_juana_cute@hotmail.com
2. Předmět (jeden z následujících):
* CDO.Message
* FILIPINO'S SECRETS
* My Documents
* My Victim
* New Virus Information
* Philippines Government Top Secret
* TaeTae Virus Information
3. Tělo zprávy (jedno z následujících):
* Hi! Look the Attach Document for more details about FILIPINOS...
* HOY! PINOY AKO! BUO AKING LOOB MAY AGIMAT AKO... FOR MORE LYRICS CHECK THE ATTACH FILE...
* If your computer has been infected by TaeTae Virus. Open the attach file and follow the instruction to remove the virus...
* LYRICS OF BAMBOO AND OTHER BOY BAND
* Please read the attach file for more information about computer virus...
* The Government of the Philippines revealed the truth. For more information please read the Attach file...
4. Název přiloženého souboru (jeden z následujících):
* DATA.DOC.exe
* DOCUMENT.DOC.exe
* INFO.DOC.exe
* README.DOC.exe
* TAETAE.TXT.exe
Win32:Gatina-B blokuje programy/procesy/okna z následujícího seznamu. Jedná se hlavně o části systému umožňující správu počítače a programy orientované na bezpečnost počítače.
* Norton
* AVP Monitor
* Sygate Personal Firewall Pro
* BitDefender
* NOD32 Antivirus Program - [My Profile]
* NOD32 Control Center
* eTrust Antivirus - Local Scanner
* F-Secure Anti-Virus
* My Computer
* Registry Monitor
* Kaspersky Anti-Virus Monitor
* HijackThis
* Anti-Virus
* BlackICE
* Process Explorer - Sysinternals: www.sysinternals.com
* Registry Monitor - Sysinternals: www.sysinternals.com
* Norton AntiVirus Porfessional
* Windows Security Center
* Windows Firewall
* Control Panel
* Run"Turn Off Computer
* Log off Windows
* Command Prompt
* Kaspersky Anti-Virus personal
* AVG E-Mail Server Edition - Advanced Interface
* AVG E-mail Server Edition - Basic Interface
* AVG E-mail Server Edition - Control Centerr
* Pop3trap
* Ad-Aware SE Personal
* Spybot - Search & Destroy
* Sophos Anti-Virus - SWEEP
* Anti-Trojan - Infection Monitor
* Norton AntiVirus
* Registry Editor
* Windows Task Manager
* System Configuration Utility
* Services
* AntiViral Toolkit Pro
* Kaspersky Anti-Virus Scanner
* Ad-aware 6.0 Personal
* System Restore
* WinPatrol
* Dodatek: %WINDOWS% je zástupný symbol pro instalační složku Windows. Nejčastěji je to
o C:\Windows (Windows 95, 98, Me, XP)
o C:\Winnt (Windows NT, 2000)
* %SYSTEM% je zástupný symbol pro systémovou složku. Nejčastěji je to
o C:\Windows\System (Windows 95, 98, Me)
o C:\Winnt\system32 (Windows NT, 2000)
o C:\Windows\System32 (Windows XP)
* %USERPROFILE% je zástupný symbol pro složku s uživatelským profilem, která se nejčastěji nachází v C:\Dokumenty a nastavení\[Aktualní uživatel].
Komentáře
Přehled komentářů
About Ombre and powder brow tattoo at Face Figurati
Hi Guys,
Only if you really think about Ombre and powder brow
tattoo at Face Figurati?! We have detailed information about Signature brow
tattoo by Olha Po
People in Melbourne ask me to perform brow microblading more than anything else — and
I guess there’s a strong demand for that.
A lot of locals are just fed up with constant makeup touch-ups —
only to lose definition as soon as they start their day or exercise.
And honestly, who can blame them? It’s a frustrating hassle.
I’m the founder of Face Figurati, and after close
to 10 years of tattooing brows on clients of all ages, I’ve seen just why people are looking for something
that feels authentic, has durability, and reduces hassle.
But helping locals is pretty special — they’re energetic,
animated, and focused on precision. So getting
brows that not only last through a long hot summer but still look soft and natural is both an craft
and a science.
This guide is going to explain how cosmetic tattooing actually works, who it’s
best for, what happens during the recovery, what you can reasonably see, and a bit about what happens inside the studio at Cosmetic Tattoo Studio Melbourne.
Think of it as an introduction — minus the latte and the small talk you’d typically
get if you just dropped in.
Please visit our site about Eyebrow tattoo Melbourne at Face Figurati please click https://www.stressballs360.com/teamwork-puzzle-set-stressreliever.html for Sign up for a
free consultation now!
Our's Tags: Professional eyebrow tattoo Melbourne, Signature brow tattoo by Olha Po, Eyebrow tattoo touch-up
services Melbourne, Cosmetic brow tattoo at Face Figurati Studio, Cosmetic brow tattoo at Face Figurati Studio, Professional eyebrow tattoo Melbourne
eyeliner tattoos
(Diego, 1. 1. 2026 1:29)
About semi permanent eyeliner
Hello Guys,
Only if you really think about tattoo for eyeliner?!
We have more detailed information about cosmetic eyeliner tattoo
Melbourne
Ever wish your eyeliner would last all day without smudging is
something many of my clients at our Melbourne-based cosmetic tattoo studio
Face Figurati often mention when we first meet. As myself,
Olha Po – a trained cosmetic tattoo professional who has been creating natural eyeliner tattoos for almost a decade,
I’ve seen firsthand how a natural eyeliner tattoo can transform not only the lash
line but the whole daily beauty routine. Instead of rushing in the morning or dealing with heat, sweat and makeup melt, you
can step out with eyes already subtly defined.
Clients often question if it will appear heavy or artificial.
My answer? Not if it’s done with precision and artistry.
A invisible eyeliner tattoo is all about subtle eye framing — enhancing the lash
line in a way that makes the eyes look brighter, lashes fuller and everyday
makeup faster — without the overly done appearance.
At Cosmetic Tattoo Studio Face Figurati, we call this our
signature invisible liner because it gives a lash-enhancing illusion without makeup.
Perfect for anyone who wants long-lasting definition without
the effort.
Please visit our site about eye liner tatoo please click https://wikigranny.com/wiki/index.php/Bottom_Eyeliner_Tattoo_-_Face_Figurati for a free consultation now
Tags: Eyelash tatoo, winged tattoo eyeliner, tattooed winged eyeliner, tattoo eyeliner,
Ombre and powder brow tattoo at Face Figurati
(Phoebe, 21. 1. 2026 4:55)