****************************************************************************************
		   :
		Net-Worm.Win32.Rovud.a-c
 12.0.0.20   (C) Kaspersky Lab, Antropov Alexey, Vitaly Kamluk, Boris Yampolsky 2000-2008.   
.
****************************************************************************************
 :
	/s -         .
	/n -         .
	/path <  > -        .
	/y -      .
	/i -      .
	/nr -        
	/Rpt[ao][=<   >] -   
		a -   
		o -   ( /  )
 :
	0 -   .
	1 -     .
	2 -       .
	3 -          
		  .
	4 -   .
****************************************************************************************
 :         :
		Net-Worm.Win32.Rovud.a
		Net-Worm.Win32.Rovud.b
		Net-Worm.Win32.Rovud.c
****************************************************************************************
	
	         ,   
  ,     Hook     
(      )     
  /       ,   
     .

	 ,  c   /    
     klwk.com     , 
   ,       (/s[n]). 
       .

	 ,        -  (
       ),       
          
(   ).

	E          ,  
       ( /y)  
   "quiet"    .      .

	     , 
 :
	autoexec.bat
		win %infected file%
	win.ini   [Windows]
		run=< >
	system.ini   [boot]
		shell=< >
	   
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
		HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
			:
				AppInit_DLLs
				Run 				
		HKEY_CLASSES_ROOT\\txtfile\\shell\\open\\command (txt )
			   notepad.exe 
		HKEY_CLASSES_ROOT\exefile\shell\open\command (exe )
			  "%1" %* 
		HKEY_CLASSES_ROOT\comfile\shell\open\command (com )
			  "%1" %* 
		HKEY_CLASSES_ROOT\batfile\shell\open\command (bat )
			  "%1" %* 
		HKEY_CLASSES_ROOT\piffile\shell\open\command (pif )
			  "%1" %* 
		HKEY_CLASSES_ROOT\cmdfile\shell\open\command (cmd )
			  "%1" %* 
		HKEY_CLASSES_ROOT\scrfile\shell\open\command (scr )
			  "%1" /S 
		HKEY_CLASSES_ROOT\scrfile\shell\config\command (scr )
			  "%1" 
		HKEY_CLASSES_ROOT\regfile\shell\open\command (reg )
			  regedit.exe "%1" 
	 NT 
	  mIRC
		< Program Files>\Mirc\script.ini
		< Program Files>\Mirc32\script.ini
	  Pirch
		< Program Files>\Pirch98\events.ini
