Systweak Spyware Library
Systweak Spyware Library text
More than 21875 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
Adtool.MyWebSearch Analysis Report
Threat Submitted On: 10 Nov 2008
Threat Analysed On: 11 Nov 2008
Threat Updated On: 11 Sept 2009
Type : Adtool
Symptoms of havar
  • Performs malicious activities.
  • Fetches the user’s sensitive information.
  • Enables the attacker to control the system remotely.
Information
Alias : [Not Available]
Md5 Hash : [04de278532cb4b494411dfd3673ec53b]
File Size : (83008 bytes)

Technical Details

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System
Note:
Delete the following Files to remove Infection
File: 204d7db7309de8c781c11358b0feff85.exe
Path : %programfiles%

Md5Hash :204d7db7309de8c781c11358b0feff85 ( 629451 bytes)
File: 244cdb7485999c652526521b5ce0a206.exe
Path : %programfiles%

Md5Hash :244cdb7485999c652526521b5ce0a206 ( 154624 bytes)
File: 4652ada2f93d7385b4710fe83eab2614.exe
Path : %programfiles%

Md5Hash :4652ada2f93d7385b4710fe83eab2614 ( 64000 bytes)
File: 9c2d034b7ed83b2614b517470c673b62.exe
Path : %programfiles%

Md5Hash :9c2d034b7ed83b2614b517470c673b62 ( 79872 bytes)
File: e3e7763c936754211d19fbb6929b98e0.exe
Path : %programfiles%

Md5Hash :e3e7763c936754211d19fbb6929b98e0 ( 629463 bytes)
File: ee9609385707f76fa8292f6d5d7e9591.exe
Path : %programfiles%

Md5Hash :ee9609385707f76fa8292f6d5d7e9591 ( 629456 bytes)
File: selfdelete.bat
Path : %programfiles%

Md5Hash :8e2d5ad9c581018037889c88946760d6 ( bytes)
File: file.rst
Path : %temp%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
12f1e38eaa662e5242ada1133e27263c ( 75720 bytes)
223db1887c06d14c5f358a105015bad0 ( 642968 bytes)
258f848acc0cbe16cb08383eca425da6 ( 36248 bytes)
4a5d1f7c4707088a954c6c14e4fd295a ( 198935 bytes)
File: 0deb688f89408035c7220286c665b561.exe
Path : %windir%

Md5Hash :0deb688f89408035c7220286c665b561 ( 57172 bytes)
File: 19f80ce1c8591dc10ea36b35287f07f2.exe
Path : %windir%

Md5Hash :19f80ce1c8591dc10ea36b35287f07f2 ( 79872 bytes)
File: 23b3005d587a9b29e67e0b462dda2fea.exe
Path : %windir%

Md5Hash :23b3005d587a9b29e67e0b462dda2fea ( 127488 bytes)
File: 342caae06879ff3ee4fc9ea340b3ca5c.exe
Path : %windir%

Md5Hash :342caae06879ff3ee4fc9ea340b3ca5c ( 238671 bytes)
File: 3d367cd646cb27ceaff6abb24f5b7de0.exe
Path : %windir%

Md5Hash :3d367cd646cb27ceaff6abb24f5b7de0 ( 79872 bytes)
File: 3f8d40870472e2901b938fc8a507462d.exe
Path : %windir%

Md5Hash :3f8d40870472e2901b938fc8a507462d ( 629460 bytes)
File: 6dff7a2ef672b663306fac24c87ea56d.exe
Path : %windir%

Md5Hash :6dff7a2ef672b663306fac24c87ea56d ( 631500 bytes)
File: 82984259e3aa8b9e5e78acc50cc60ea2.exe
Path : %windir%

Md5Hash :82984259e3aa8b9e5e78acc50cc60ea2 ( 57172 bytes)
File: 85b83b4e652203eb42306692e649d472.exe
Path : %windir%

Md5Hash :85b83b4e652203eb42306692e649d472 ( 224317 bytes)
File: 88d0eb5277f5b06735065c7daf4d910e.exe
Path : %windir%

Md5Hash :88d0eb5277f5b06735065c7daf4d910e ( 62368 bytes)
File: 8e605560ba09b90a5b8440f1e7a4ae47.exe
Path : %windir%

Md5Hash :8e605560ba09b90a5b8440f1e7a4ae47 ( 629458 bytes)
File: 9056419a8fe86f23dbd655e88e4eaa61.exe
Path : %windir%

Md5Hash :9056419a8fe86f23dbd655e88e4eaa61 ( 79872 bytes)
File: 90f8d1da590bd5fd2ced22c430704f1b.exe
Path : %windir%

Md5Hash :90f8d1da590bd5fd2ced22c430704f1b ( 79872 bytes)
File: 9ca46027a9cf2a37596c9d4b9879db13.exe
Path : %windir%

Md5Hash :9ca46027a9cf2a37596c9d4b9879db13 ( 629457 bytes)
File: 9efdec703dad0eaf2cbf5d3e98c258e9.exe
Path : %windir%

Md5Hash :9efdec703dad0eaf2cbf5d3e98c258e9 ( 238676 bytes)
File: aa6b88232dfbde528dcf9df39d363d9f.exe
Path : %windir%

Md5Hash :aa6b88232dfbde528dcf9df39d363d9f ( 79872 bytes)
File: b43b6fcd4e235d7d229ed40e4f84214e.exe
Path : %windir%

Md5Hash :b43b6fcd4e235d7d229ed40e4f84214e ( 79872 bytes)
File: e013d5ea128c652d483cc6bfa72a99ef.exe
Path : %windir%

Md5Hash :e013d5ea128c652d483cc6bfa72a99ef ( 238671 bytes)
File: e0d10ff857a8726950532313df98bc88.exe
Path : %windir%

Md5Hash :e0d10ff857a8726950532313df98bc88 ( 629450 bytes)
File: eaa7f7b62a13a0d86426b6a726caf1d6.exe
Path : %windir%

Md5Hash :eaa7f7b62a13a0d86426b6a726caf1d6 ( 81920 bytes)
File: selfdelete.bat
Path : %windir%

Md5Hash :9eff46cef297c6e58c0794829bb8d90c ( bytes)
File: 0bd076bb4bf3c73f458e0b858ecbb836.exe
Path : %windir%\system32

Md5Hash :0bd076bb4bf3c73f458e0b858ecbb836 ( 224313 bytes)
File: 37e66074ccbc611dd5558712de5583e0.exe
Path : %windir%\system32

Md5Hash :37e66074ccbc611dd5558712de5583e0 ( 79872 bytes)
File: 50d5f504a92e6fb99a772600eb8c5c58.exe
Path : %windir%\system32

Md5Hash :50d5f504a92e6fb99a772600eb8c5c58 ( 63488 bytes)
File: 59127ec8c489a8d32c77be545a6d462b.exe
Path : %windir%\system32

Md5Hash :59127ec8c489a8d32c77be545a6d462b ( 79872 bytes)
File: 6eeccf304a8068ff81654480ab13fe5f.exe
Path : %windir%\system32

Md5Hash :6eeccf304a8068ff81654480ab13fe5f ( 79872 bytes)
File: 6f1a418e0d745d0e54a776427162b2b6.exe
Path : %windir%\system32

Md5Hash :6f1a418e0d745d0e54a776427162b2b6 ( 80384 bytes)
File: 7f3518304dc084981a507200446edb8f.exe
Path : %windir%\system32

Md5Hash :7f3518304dc084981a507200446edb8f ( 79876 bytes)
File: 86a755d7229471beef3ab76bb11ad44a.exe
Path : %windir%\system32

Md5Hash :86a755d7229471beef3ab76bb11ad44a ( 79872 bytes)
File: 8ba549919faaa15c79172f4a00a56538.exe
Path : %windir%\system32

Md5Hash :8ba549919faaa15c79172f4a00a56538 ( 64000 bytes)
File: 8cf96c3232fb67a3bc5b9ddee41f13ff.exe
Path : %windir%\system32

Md5Hash :8cf96c3232fb67a3bc5b9ddee41f13ff ( 79887 bytes)
File: 92db38d41e98e5817ae23fbfb49c5fc5.exe
Path : %windir%\system32

Md5Hash :92db38d41e98e5817ae23fbfb49c5fc5 ( 79872 bytes)
File: a23d9e3c9fdfe4c2d81d99b6faee0b25.exe
Path : %windir%\system32

Md5Hash :a23d9e3c9fdfe4c2d81d99b6faee0b25 ( 80384 bytes)
File: a9fcff47c7b4ef9641f177993a500f33.exe
Path : %windir%\system32

Md5Hash :a9fcff47c7b4ef9641f177993a500f33 ( 79872 bytes)
File: aec479f9c19680cd0c04e78c4e285cea.exe
Path : %windir%\system32

Md5Hash :aec479f9c19680cd0c04e78c4e285cea ( 79872 bytes)
File: c4e0767beb1feae144e2c6eb93303453.exe
Path : %windir%\system32

Md5Hash :c4e0767beb1feae144e2c6eb93303453 ( 79872 bytes)
File: c513d472910fe28f8ff2f02c302c57cf.exe
Path : %windir%\system32

Md5Hash :c513d472910fe28f8ff2f02c302c57cf ( 83456 bytes)
File: d041f0e783b86aee91f661ed1894fb71.exe
Path : %windir%\system32

Md5Hash :d041f0e783b86aee91f661ed1894fb71 ( 79876 bytes)
File: d7b5c893df7f89d7886da04bba1a011e.exe
Path : %windir%\system32

Md5Hash :d7b5c893df7f89d7886da04bba1a011e ( 79877 bytes)
File: ee1858c54d60bca2032d33364d89985c.exe
Path : %windir%\system32

Md5Hash :ee1858c54d60bca2032d33364d89985c ( 130536 bytes)
File: selfdelete.bat
Path : %windir%\system32

Md5Hash :643089755f840538555c3329c426b7d2 ( bytes)
File: userset.exe
Path : %windir%

Md5Hash :d132e394a7e54b8d5e4842d20e0c307b ( 211488 bytes)
File: [randomname].exe
Path : %workingdir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
026af818726d7f9f08357f0515962856 ( 58368 bytes)
042c22819456545b7e5f3103bd0ef823 ( 127488 bytes)
04de278532cb4b494411dfd3673ec53b ( 83008 bytes)
064e9da51f7713988dc76f30e2ee55ca ( 207606 bytes)
06a3aea0ef0c7d5fe14728429308d2f7 ( 629454 bytes)
06d5c7a9ff389f99519e4f6596164217 ( 79872 bytes)
0bd076bb4bf3c73f458e0b858ecbb836 ( bytes)
0deb688f89408035c7220286c665b561 ( bytes)
10ee2839a1f184fe3c44da202b6aea7f ( 629463 bytes)
12f1e38eaa662e5242ada1133e27263c ( 75720 bytes)
136ca50ac244770cf6fc9522a73543ef ( 79872 bytes)
1502dc5fd16421aec1ed93b18d8a6508 ( 127488 bytes)
19f80ce1c8591dc10ea36b35287f07f2 ( bytes)
1c1de16d9e260a6e5d59e2235b5eb379 ( 596575 bytes)
1fa918703907042e2e7b8ddd0afeef4d ( 1928192 bytes)
204d7db7309de8c781c11358b0feff85 ( 629451 bytes)
21d35b6748c6bce80ca270f3b101bf94 ( 79872 bytes)
223db1887c06d14c5f358a105015bad0 ( 642968 bytes)
23b3005d587a9b29e67e0b462dda2fea ( bytes)
242cf65f324487a1d3d01bd80edc200b ( 596575 bytes)
244cdb7485999c652526521b5ce0a206 ( bytes)
258f848acc0cbe16cb08383eca425da6 ( 36248 bytes)
28a686df77f236abdb45e902c8e5bd63 ( 51712 bytes)
2cb290fdbd169b6ca7d4c5eb71467ab7 ( 651264 bytes)
2fb5c5410916180b4fe7e94cbaadecb0 ( 79872 bytes)
30e9b7aa229fff06bbdf42616492f261 ( 670208 bytes)
342caae06879ff3ee4fc9ea340b3ca5c ( 238671 bytes)
342f3953867f68eada49c888a5885929 ( 79872 bytes)
3437629e2b3b522b84864742b3a89d03 ( 58368 bytes)
37e66074ccbc611dd5558712de5583e0 ( 79872 bytes)
38bcae6f3c15b9a414a5baebd85523ad ( 298496 bytes)
3a1908f38f9575b61e9020c48a7ec82f ( 275973 bytes)
3a3bf87a64ec8bcfa8c1923527ed369d ( 83008 bytes)
3b1ffbd281f6375ee74a7ffe914e9b6f ( 2871298 bytes)
3d367cd646cb27ceaff6abb24f5b7de0 ( 79872 bytes)
3f8d40870472e2901b938fc8a507462d ( bytes)
3f92a3ac9ddec1c6cce1e12b2a53ae13 ( 79872 bytes)
3fbf68bb2fa017c2ca0e83868b8f30b6 ( 79872 bytes)
3ff6881f17659ce8233f218c208b4c5a ( 238687 bytes)
416a2f14848dbeddb9afc8af5e1e01e4 ( 61440 bytes)
437190c71da2529dd8a5f707ff4bdc66 ( 79874 bytes)
4652ada2f93d7385b4710fe83eab2614 ( bytes)
46ebc00986f75a177b86625ead18eaac ( 1710592 bytes)
4790a78de9156ad7fad282cf95169b49 ( 629451 bytes)
4864f5026f86ca9161b643040b6468c3 ( 79872 bytes)
4a5d1f7c4707088a954c6c14e4fd295a ( 198935 bytes)
4e0184eb65c13c51f3e96af90d7fc9b9 ( 93184 bytes)
50d5f504a92e6fb99a772600eb8c5c58 ( bytes)
51ded3c09d62578de9afe3a77bcd5474 ( 629461 bytes)
589c5cf4457436710a8ff5ff90394e53 ( 1690624 bytes)
59127ec8c489a8d32c77be545a6d462b ( 79872 bytes)
594af27c61c9e9aa0dc3c5bba428a06c ( 79872 bytes)
5b168a3f63691236c537cb105e16afb9 ( 61440 bytes)
5b53b7cec779520c6d49c61b9fc67f38 ( 140307 bytes)
5f43e7a4870be094c8ec0f4e459ac572 ( 2466306 bytes)
64d624bf00b23da39fb54d5774d01725 ( 439808 bytes)
64ef75d354907a9b28e8561285a00cf9 ( 93184 bytes)
6640d4417cddd65de32aecf232dcee25 ( 79872 bytes)
67b2d746a269e80795ec399803036b73 ( 75264 bytes)
67ff793b746b3859a67aed74f46f4898 ( 300243 bytes)
68a46669f7edcaa89752790e9f03414d ( 79872 bytes)
6a8e748e6bcbd6900719
The following Registry Values are added to the provided Registry Keys :-
Note:
Delete the added Values from the Key to remove Infection
|__ Value Added :
Win32 Service = "%SYSTEMDRIVE%\Data\90216ffd6abee7cae2d5c8bfe390a326.exe"
|__ Value Added :
win32 service = "%SYSTEMDRIVE%\data\95ed9f26006c5bb102c42b47491e04ff.exe"
|__ Value Added :
win32 service = "%windir%\23b3005d587a9b29e67e0b462dda2fea.exe"
|__ Value Added :
win32 service = "%windir%\88d0eb5277f5b06735065c7daf4d910e.exe"
|__ Value Added :
win32 service = "%windir%\system32\c4e0767beb1feae144e2c6eb93303453.exe"
|__ Value Added :
win32 service = "%windir%\system32\ee1858c54d60bca2032d33364d89985c.exe"
|__ Value Added :
06a3aea0ef0c7d5fe14728429308d2f7.exe = ""
|__ Value Added :
0bd076bb4bf3c73f458e0b858ecbb836.exe = "%SYSTEMDRIVE%\data\0bd076bb4bf3c73f458e0b858ecbb836.exe"
|__ Value Added :
204d7db7309de8c781c11358b0feff85.exe = "%programfiles%\204d7db7309de8c781c11358b0feff85.exe"
|__ Value Added :
342caae06879ff3ee4fc9ea340b3ca5c.exe = "%windir%\342caae06879ff3ee4fc9ea340b3ca5c.exe"
|__ Value Added :
3f8d40870472e2901b938fc8a507462d.exe = "%windir%\3f8d40870472e2901b938fc8a507462d.exe"
|__ Value Added :
3ff6881f17659ce8233f218c208b4c5a.exe = "%SYSTEMDRIVE%\data\3ff6881f17659ce8233f218c208b4c5a.exe"
|__ Value Added :
4790a78de9156ad7fad282cf95169b49.exe = ""
|__ Value Added :
6dff7a2ef672b663306fac24c87ea56d.exe = "%windir%\6dff7a2ef672b663306fac24c87ea56d.exe"
|__ Value Added :
6f59ba93516141585510282e5704924c.exe = ""
|__ Value Added :
8e605560ba09b90a5b8440f1e7a4ae47.exe = "%windir%\8e605560ba09b90a5b8440f1e7a4ae47.exe"
|__ Value Added :
97e0734abe8943805d17dbea65c79c7f.exe = ""
|__ Value Added :
9ca46027a9cf2a37596c9d4b9879db13.exe = "%windir%\9ca46027a9cf2a37596c9d4b9879db13.exe"
|__ Value Added :
9efdec703dad0eaf2cbf5d3e98c258e9.exe = "%windir%\9efdec703dad0eaf2cbf5d3e98c258e9.exe"
|__ Value Added :
9f5e794f17d49e7ddfce9c670f557f91.exe = ""
|__ Value Added :
a1baf43e1abc562f2db586fbee210cb2.exe = ""
|__ Value Added :
e013d5ea128c652d483cc6bfa72a99ef.exe = "%windir%\e013d5ea128c652d483cc6bfa72a99ef.exe"
|__ Value Added :
e0d10ff857a8726950532313df98bc88.exe = "%windir%\e0d10ff857a8726950532313df98bc88.exe"
|__ Value Added :
e3e7763c936754211d19fbb6929b98e0.exe = "%programfiles%\e3e7763c936754211d19fbb6929b98e0.exe"
|__ Value Added :
ede906fc5d2f13a648e685eabfe6d354.exe = ""
|__ Value Added :
ee9609385707f76fa8292f6d5d7e9591.exe = "%programfiles%\ee9609385707f76fa8292f6d5d7e9591.exe"
|__ Value Added :
userset = "%windir%\userset.exe"
|__ Value Added :
Win32 Service = "%SYSTEMDRIVE%\Data\90216ffd6abee7cae2d5c8bfe390a326.exe"
|__ Value Added :
win32 service = "%SYSTEMDRIVE%\data\95ed9f26006c5bb102c42b47491e04ff.exe"
|__ Value Added :
win32 service = "%windir%\23b3005d587a9b29e67e0b462dda2fea.exe"
|__ Value Added :
win32 service = "%windir%\88d0eb5277f5b06735065c7daf4d910e.exe"
|__ Value Added :
win32 service = "%windir%\system32\c4e0767beb1feae144e2c6eb93303453.exe"
|__ Value Added :
win32 service = "%windir%\system32\ee1858c54d60bca2032d33364d89985c.exe"
Creates the following child process(s) on execution:

%windir%\system32\drwtsn32 -p 412 -e 1228 -g

NOTE:

1. %programfiles% Refers to the program files folder. By default it is 'C:\Program Files'
2. %temp% Refers to the windows temp folder. By default it is 'C:\Documents and Settings\[user]\Local Settings\Temp'
3. %windir% Refers to the windows root folder. By default it is 'C:\Windows'
4. %workingdir% Refers to the current directory in which user is working.

Important: We strongly recommend that you backup the Registry before making any changes to it. Incorrect changes to the Registry can result in permanent data loss or corrupted Files. Modify the malicious\suspicious Subkeys only.

Click Here for more spywarelib.com recommended PC Security and Optimization Tools

To modify registry entries in Windows Operating System:
Follow Steps:
1. Click Start > Run
2. Type “regedit” : to open registry editor
3. Navigate to required registry Key from the Left Tree control and modify accordingly.


Microsoft Gold Certified Partner

© Systweak Inc., 1999-2011 All rights reserved.