Rendul is a dangerous macro virus that infects Microsoft Word documents. Once executed, Rendul installs itself to the system and creates several infected text documents. Then it runs a payload. The virus lowers Microsoft Word security settings, disables the Windows Firewall, the Task Manager and the Registry Editor, alters system configuration. It also changes mouse settings and deletes all executables, images, text and spreadsheet documents, archives and some other files it finds in the root of the main hard disk, main Windows folder and default system directory.
HKEY_CURRENT_USERSoftwareMicrosoftOffice9.0WordSecurityLevel=1HKEY_CURRENT_USERSoftwareMicrosoftOffice10.0WordSecurityLevel=1HKEY_CURRENT_USERSoftwarePoliciesMicrosoftWindowsFirewallDomainProfileEnableFirewall=0HKEY_CURRENT_USERSoftwarePoliciesMicrosoftWindowsFirewallStandardProfileEnableFirewall=0HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableRegistryTools=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableTaskMgr=1HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallDomainProfileEnableFirewall=0HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallStandardProfileEnableFirewall=0HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoClose=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoCloseKey=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoFavoritesMenu=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoFind=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoRun=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoSaveSettings=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoSetFolders=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoSetTaskbar=HJx02HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoViewContextMenu=1HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorerNoDesktop=HJx03HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterAntiVirusOverride=1HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterFirewallOverride=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsLendurHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsLendur