Systweak Spyware Library
Systweak Spyware Library text
More than 21875 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
Adtool.MyWebSearch Analysis Report
Threat Submitted On: 10 Nov 2008
Threat Analysed On: 11 Nov 2008
Threat Updated On: 11 Sept 2009
Type : Adtool
Symptoms of aebot
  • Performs malicious activities.
  • Fetches the user’s sensitive information.
  • Enables the attacker to control the system remotely.
Information
Alias : [Not Available]
Md5 Hash : [Not Available]
File Size : [ Not Available ]

Technical Details

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System
Note:
Delete the following Files to remove Infection
File: wininit32.exe
Path : %workingdir%

Md5Hash :( bytes)
File: 1186141874.dat1186141874
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186141885
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186141891
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186141897
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186141903
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186141910
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186141915
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186141921
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186141926
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186141932
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186141939
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186141945
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186141951
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186141968
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186141974
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186141979
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186141985
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186141992
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186141998
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186142005
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186142011
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186142016
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186142022
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186142029
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186142035
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186142041
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186142047
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186142053
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186142059
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186142065
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186142071
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186142077
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186142088
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186142100
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186142112
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186142123
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186142135
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186142146
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186142157
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141874.dat1186142169
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186141952
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186141963
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186141969
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186141974
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186141979
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186141984
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186141995
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142002
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142008
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142013
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142019
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142024
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142029
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142034
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142039
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142045
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142051
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142056
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142061
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142067
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142072
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142077
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142082
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142087
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142093
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142098
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142103
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142108
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142113
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142118
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142124
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142129
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142134
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142139
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142145
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142150
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142155
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142161
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142166
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142171
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142176
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142182
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142187
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142192
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142196
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142201
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142206
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142211
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142216
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142221
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142227
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142232
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142238
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142243
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: 1186141952.dat1186142248
Path : %systemdrive%\temp

Md5Hash :( bytes)
File: abc123.pid
Path : %systemdrive%\temp

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
6e95b62ebae21e8f5dc7c53a2906d9d4 ( 4 bytes)
a8a34ae0b2063d98e43211659da1cba9 ( 4 bytes)
f90261a4e9ff46b5f67056ff306cdcf3 ( 4 bytes)
File: wininit32.exe
Path : %systemdrive%

Md5Hash :59e14b4c20a78abd9292681cd52992e8 ( 122985 bytes)
File: chkini.exe
Path : %windir%\system32

Md5Hash :557648fa9db223166695b88894034ac3 ( 112839 bytes)
File: chkmon16.exe
Path : %windir%\system32

Md5Hash :6f41c134cffa3b1a9d8b8ca96836bd77 ( 92322 bytes)
File: chksrv.exe
Path : %windir%\system32

Md5Hash :165a3f3dcbb4919f8dff43458ccf0828 ( 115252 bytes)
File: drvini.exe
Path : %windir%\system32

Md5Hash :ef1b676e2610dc1aa0859a60b941f8da ( 85022 bytes)
File: regserv16.exe
Path : %windir%\system32

Md5Hash :6a38e80c9f3a6cdf88c499fc3d19b980 ( 140910 bytes)
File: sysdisk.exe
Path : %windir%\system32

Md5Hash :5e4c53fefa0c042eae7c18cbbe41c549 ( 217096 bytes)
File: vxdsrv.exe
Path : %windir%\system32

Md5Hash :33dfbe2f499211b4b4dcabaff7e3305c ( 86063 bytes)
File: vxdstat16.exe
Path : %windir%\system32

Md5Hash :8269f9d62fff4b7bb1f90d818e26563a ( 116429 bytes)
File: winconf32.exe
Path : %windir%\system32

Md5Hash :ede75aafec571829388c13df6a83e56f ( 116951 bytes)
File: windisk32.exe
Path : %windir%\system32

Md5Hash :7100bb1f02dc50a722071682460712d2 ( 105137 bytes)
File: wininit32.exe
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
22370edcfbfcbaa24bf2f4cfcba44bc9 ( 89104 bytes)
2536317e6d2746dcd4bc7ac268c51e9a ( 94243 bytes)
328dbfb0dc91e30a2ea0784fa12a779c ( 110163 bytes)
d4155f2df01cf982f2c98f63200ecd05 ( 97319 bytes)
File: [randomname].exe
Path : %workingdir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
024d13b39e4e6e1774f696e02e5e0529 ( bytes)
0432e9ed4b684818b453a589dfbf65d7 ( 69632 bytes)
049b13d2590834d1aab3049be3841b08 ( 216114 bytes)
09cfece3e76619268231869bca85fda6 ( 209424 bytes)
0a7765b55b4eb9de03f0589ca106fca8 ( bytes)
0eb7c20f96715890ef370739b4c3abda ( 36368 bytes)
0fba69aa40c86e4a91d07e859c2a40fa ( 69634 bytes)
1a7298e71bba7a183efbd5beeb72046e ( bytes)
1b70d69811de68162d58d323b6adf435 ( 223290 bytes)
215349a3a67f4787395358c7c55690b0 ( 69634 bytes)
218b98edc92bb234c14b25579e065cd2 ( 69637 bytes)
268738f099247d705073e023a4ef8b5a ( 36366 bytes)
28c392a21c80097034cafe19e01d8e54 ( 36368 bytes)
2d85eb4cf7e508702458ee8821ea576a ( 69632 bytes)
3159f2f9bc5d64a78444a2e05fd29336 ( 68608 bytes)
334c60d982455edf9dcb7f4c77defdc9 ( 36366 bytes)
3533c45a289525371b701740e9bea104 ( 239711 bytes)
368b6ac0f773d1cda833577883d9bb07 ( 238684 bytes)
39c94f1a31fc91430b438336a580b1d4 ( 69634 bytes)
3dad766897390941f80ccdd73a308623 ( 33792 bytes)
40c835ed9dab44e565732ed169656e5b ( bytes)
42850ad93a58131ade4915d7e7a79e2c ( 62466 bytes)
44914fc4fa2d7d61956693633f6f4ae7 ( 69635 bytes)
4a6021b7cb1bfc2dea4d634ecf3d396a ( bytes)
52d947888d182d9314d82301adb14e55 ( bytes)
542606c7002359ea46b57467aabb2cb2 ( 69636 bytes)
5a23f0ed9707da4553462c3dfacc51e7 ( bytes)
5cdc90eead76b387e03983ad48e9b2c2 ( 69636 bytes)
5e21201fd21d22bc9c02006a8db2e5af ( 69634 bytes)
5f7732efcf71f3aecebaa62603f20945 ( 69634 bytes)
642b073439918dbc43e9a4c5b561101c ( 36369 bytes)
64668bb4dbaa9ae9a259949a20ae5ac1 ( 69632 bytes)
6599b8c2535ba814412359e7666e262c ( bytes)
68fdd87f6c0cc5f3d1f51bb3b67dba37 ( bytes)
6fe2f0d6cae8a696a6f797f01f0f08b4 ( 69637 bytes)
764791e2da9ab07c0a52fce3d9f7147e ( 69637 bytes)
82f3973d4476be9dbe69a2781e951fca ( 69637 bytes)
8ec6c7caf8055565fcabbd6e6f9e5c35 ( 69636 bytes)
8ff755c45c77d8b399fb4aa38a4c35cf ( 69636 bytes)
9ed6a7e00a573a9d66708a80578e4d82 ( 33794 bytes)
a9ffffc193589d83fab6423c07a2f4a2 ( 69634 bytes)
aaa21892ea8927d6e1472da71bf40f46 ( bytes)
b6a69654ef5d0afeda091db640053905 ( bytes)
b700651fecd2ea65c3ddf70d625ad5b0 ( 36368 bytes)
b9ce6a8de8df0df9ae69503abe292036 ( 69702 bytes)
bc352b0f31cb6f5598fa50be8c1334d7 ( 36368 bytes)
bc5b718ac9d551522634e01786713be7 ( 69637 bytes)
c23448c909b427e73bbcf7b0eb38bbb8 ( 36369 bytes)
c4382945f5bd83d1e74ceb54ce84c25d ( 69702 bytes)
c5baa0beda4663855ee7edde90cbb696 ( 69636 bytes)
cf5d749b7ab40db896c9ca421476d945 ( 245859 bytes)
e92e608d3d5224f69371d311f24097e1 ( 69636 bytes)
e985b2c772f79a5a0f6451fcd05013c0 ( 69637 bytes)
ec72765f2aaafb9f82351702a2d1581e ( 69632 bytes)
ee2bbfa9a7de9154990cf331c1f24e25 ( 197634 bytes)
f6212b841360ad17fba5d19a845f0f6d ( 36366 bytes)
fa2e9f0440d1efd4b22aa895d8922bac ( 105530 bytes)
fa83073c1ae0f7343e6d09e4b7b9caaf ( 36368 bytes)
fab0d2d5986a116ceae9b2d2c115cd85 ( 159271 bytes)
fb716b5a76657832f4d53069a3803300 ( bytes)
ffa2d6d7415db913117363f747b76db4 ( 69637 bytes)
Also creates the following files on user's System which are also created by Genuine Software :-
Note:
These file(s) can be kept as they are also created by genuine Software.
File : 1186142060.dat1186142060
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142100
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142117
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142129
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142140
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142151
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142163
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142175
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142188
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142197
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142203
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142209
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142214
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142220
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142227
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142233
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142239
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142245
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142251
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142257
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142263
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142269
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142275
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142282
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142288
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142294
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142300
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142306
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142313
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142323
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142329
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142335
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142341
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142347
Path : %systemdrive%\temp

Md5Hash :( bytes)
File : 1186142060.dat1186142353
Path : %systemdrive%\temp

Md5Hash :( bytes)
The following Registry Values are added to the provided Registry Keys :-
Note:
Delete the added Values from the Key to remove Infection
|__ Value Added :
1001 = "[reg_dword, value: 00000000]"
|__ Value Added :
1609 = "[REG_DWORD, value: 00000001]"
|__ Value Added :
1E05 = "[REG_DWORD, value: 00030000]"
|__ Value Added :
dllscan = "windisk32.exe -drivers"
|__ Value Added :
dllservice16 = "drvini.exe -drivers"
|__ Value Added :
DriveInit = "vxdstat16.exe -drivers"
|__ Value Added :
SysInit = "wininit32.exe -drivers"
|__ Value Added :
winstat16 = "chkini.exe -drivers"
|__ Value Added :
dllscan = "windisk32.exe -services"
|__ Value Added :
dllservice16 = "drvini.exe -services"
|__ Value Added :
DriveInit = "vxdstat16.exe -services"
|__ Value Added :
SysInit = "wininit32.exe -services"
|__ Value Added :
winstat16 = "chkini.exe -services"
|__ Value Added :
dllscan = "windisk32.exe -services"
|__ Value Added :
dllservice16 = "drvini.exe -services"
|__ Value Added :
DriveInit = "vxdstat16.exe -services"
|__ Value Added :
SysInit = "wininit32.exe -services"
|__ Value Added :
winstat16 = "chkini.exe -services"

NOTE:

1. %workingdir% Refers to the current directory in which user is working.
2. %systemdrive% Refers to the windows System drive folder. By default it is 'C:\'
3. %windir% Refers to the windows root folder. By default it is 'C:\Windows'

Important: We strongly recommend that you backup the Registry before making any changes to it. Incorrect changes to the Registry can result in permanent data loss or corrupted Files. Modify the malicious\suspicious Subkeys only.

Click Here for more spywarelib.com recommended PC Security and Optimization Tools

To modify registry entries in Windows Operating System:
Follow Steps:
1. Click Start > Run
2. Type “regedit” : to open registry editor
3. Navigate to required registry Key from the Left Tree control and modify accordingly.


Microsoft Gold Certified Partner

© Systweak Inc., 1999-2011 All rights reserved.