Systweak Spyware Library
Systweak Spyware Library text
More than 21875 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
Adtool.MyWebSearch Analysis Report
Threat Submitted On: 10 Nov 2008
Threat Analysed On: 11 Nov 2008
Threat Updated On: 11 Sept 2009
Type : Adtool
Symptoms of inject
  • Performs malicious activities.
  • Fetches the user’s sensitive information.
  • Enables the attacker to control the system remotely.
Information
Alias : [Not Available]
Md5 Hash : [f9c50ac73eb040f19a8116deb4a3b30f]
File Size : (11264 bytes)

Technical Details

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System
Note:
Delete the following Files to remove Infection
File: 1.exe
Path : %allusersprofile%\¡¸¿ªê¼¡¹²ëµ¥\³ìðò\æô¶¯

Md5Hash :67832570c06193b1b665185492f1a42d ( 741888 bytes)
File: pcgwin32.li5
Path : %allusersprofile%\application data\lrwua6t1rzzl

Md5Hash :c756ed095185e42db0f6e74187da678a ( 2581 bytes)
File: windows32.exe
Path : %allusersprofile%\start menu\programs\startup

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
73f60c9772739f9f1c7e6b186bdce34f ( 4609968 bytes)
849415c5c1f1d9e0725c01464a8375dc ( 5875200 bytes)
bc433af649458ac88706c8842d3505a3 ( 4673974 bytes)
File: _se082.exe
Path : %programfiles%

Md5Hash :c7c6d7df2b34d4351b6b3540ddece016 ( 502272 bytes)
File: server.exe
Path : %programfiles%\bifrost

Md5Hash :271c38ae2a8d5249bb8a8e67f6f073bd ( 42877 bytes)
File: imgvew.com
Path : %programfiles%\common files

Md5Hash :2e38fd6eca3ae3892e3711bad27977c9 ( 70736 bytes)
File: paramstr.txt
Path : %programfiles%\common files\microsoft shared\msinfo

Md5Hash :871ddde36b2e686f85d5093fa8ad4f0b ( 44 bytes)
File: risingings.exe
Path : %programfiles%\common files\microsoft shared\msinfo

Md5Hash :76a3751279dd92ad299c095ec0767ad7 ( 676352 bytes)
File: ghost.exe
Path : %programfiles%\ghost

Md5Hash :added4c731ed0b7918e3a88ab952029e ( 246999 bytes)
File: narrator.exe
Path : %programfiles%

Md5Hash :d290602594cfb4d4b3464e86467ed721 ( 559524 bytes)
File: ws2help.dll
Path : %programfiles%\netmeeting

Md5Hash :c800f6971b43dd5f94c16192757d6d8a ( bytes)
File: se082.exe
Path : %programfiles%

Md5Hash :c7c6d7df2b34d4351b6b3540ddece016 ( 502272 bytes)
File: ¼«ëù445 (ò»ð¡ê±ò»500ö»²»êçîêìâ).exe
Path : %systemdrive%

Md5Hash :0c05790a0666b9e9472bc1179f476326 ( 169789 bytes)
File: cmsetac.dll
Path : %workingdir%

Md5Hash :e94d715363264ba4c94a9a94730a2858 ( 33792 bytes)
File: safeguard.exe
Path : %workingdir%

Md5Hash :28fc49c142ed8d8ba6b37c919e838814 ( bytes)
File: r.exe
Path : %systemdrive%

Md5Hash :54eac1d1188db597948050b9c7eac9b6 ( 134064 bytes)
File: svsys.exe
Path : %systemdrive%\recycler\s-1-5-21-1482476501-1644491937-682003330-1013

Md5Hash :f815b759d4f1d2fdcce9c3760758e5af ( 32256 bytes)
File: wmmplayer.exe
Path : %systemdrive%\restore\s-1-5-21-1482476501-1644491937-682003330-1013

Md5Hash :ce3430dc7473dbe1cd5c1f37e0b52430 ( 44082 bytes)
File: shell.exe
Path : %systemdrive%

Md5Hash :92d4c59832b05b080b99b39c473894b6 ( 32768 bytes)
File: windows:soundman.exe
Path : %systemdrive%

Md5Hash :( bytes)
File: windows:winlogon.exe
Path : %systemdrive%

Md5Hash :( bytes)
File: 109250_360.temp
Path : %temp%

Md5Hash :186c02acec9aa4c0d869a18670346c5e ( 101888 bytes)
File: 160421_360.temp
Path : %temp%

Md5Hash :a88cbe9f3b09363a806e8936c879988f ( 101888 bytes)
File: 63625_360.temp
Path : %temp%

Md5Hash :69db883f6ca2f3464cc179465671a13e ( 101888 bytes)
File: 81109_360.temp
Path : %temp%

Md5Hash :a88cbe9f3b09363a806e8936c879988f ( 101888 bytes)
File: 85875_360.temp
Path : %temp%

Md5Hash :a2bea9df594b497e5b79a2e7dc50a424 ( 101888 bytes)
File: 93125_360.temp
Path : %temp%

Md5Hash :3a7ed1641c9dfaa5f2ead753993bfea1 ( 101888 bytes)
File: 95734_360.temp
Path : %temp%

Md5Hash :a2bea9df594b497e5b79a2e7dc50a424 ( 101888 bytes)
File: best.exe
Path : %temp%

Md5Hash :2b3deb41bea6cd584f7a6434f717c287 ( 329700 bytes)
File: result.exe
Path : %temp%

Md5Hash :38425b29ae33161b1ee07c6cf99612d2 ( 37376 bytes)
File: server.exe
Path : %temp%

Md5Hash :51d9bdd7ced14493b18594323bf0f0d1 ( bytes)
File: temky.exe
Path : %temp%

Md5Hash :bd4bc41dcf04bc38fc75e068df7e73de ( bytes)
File: tmp.exe
Path : %temp%

Md5Hash :8f0b9f9d1c7449c0001354388acf15c3 ( 15374 bytes)
File: tmp1.exe
Path : %temp%

Md5Hash :d0828e4c54a917a87e7304fe16386f2a ( 122880 bytes)
File: tmp1.tmp
Path : %temp%

Md5Hash :49969f3d2a11838c67704c8770da597d ( bytes)
File: winamp5531_full_emusic-7plus_de-de.exe
Path : %temp%

Md5Hash :92a829c4505be64c8766cc529ba189f3 ( 9413760 bytes)
File: addon.dat
Path : %userprofile%\application data

Md5Hash :ca4721cfa3ee4b8f3a9350a7712eddd7 ( 23640 bytes)
File: extens.dat
Path : %userprofile%\application data

Md5Hash :398dba5dc470ea1b2c51aa98b93dc080 ( 22040 bytes)
File: jed.exe
Path : %userprofile%

Md5Hash :38ee831c1c51567f9475798e0b4329d4 ( 13824 bytes)
File: aaa3.exe
Path : %userprofile%\start menu\programs\startup

Md5Hash :ffe2b23adadce390dd4cd3d0cc03d737 ( 25088 bytes)
File: config.exe
Path : %userprofile%\start menu\programs\startup

Md5Hash :1abeec14d98813d0a547cd20a6e015ce ( 17408 bytes)
File: sconfig.exe
Path : %userprofile%\start menu\programs\startup

Md5Hash :7198f4f53224674c57a715dcd031e09d ( 17408 bytes)
File: :svvchost.exe
Path : %windir%

Md5Hash :( bytes)
File: _narrator.exe
Path : %windir%

Md5Hash :d290602594cfb4d4b3464e86467ed721 ( 559524 bytes)
File: cmsetac.dll
Path : %windir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
1427f0704672d24230e6bf9e5c3594b5 ( 33792 bytes)
1d003797066ebd101c609687f6468405 ( 33792 bytes)
File: dhcp.dll
Path : %windir%

Md5Hash :b8b33ba368449cbe1b37f54667c34777 ( 28672 bytes)
File: exel.exe
Path : %windir%

Md5Hash :d086a76e594c5b9a0775f33ed14cb99b ( 98304 bytes)
File: mscola.exe
Path : %windir%

Md5Hash :e2055a01899f1333a58cc787e94c7208 ( 17920 bytes)
File: mstwain32.exe
Path : %windir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
068eeb05061d3aa780d7a8642cbe109c ( 121344 bytes)
3bbb2bdb24d1e2e5ea8ebb82adfe9870 ( 289280 bytes)
cd288029353565e8d0e7836338f10ebb ( 198656 bytes)
d0828e4c54a917a87e7304fe16386f2a ( 122880 bytes)
File: gz.exe
Path : %windir%\prefetch

Md5Hash :9a1aa78446fe722d61134bb0a305c67c ( 795925 bytes)
File: sentinal.exe
Path : %windir%

Md5Hash :80e9f7863e2b17927faff9248a7d4b5e ( 21504 bytes)
File: services.exe
Path : %windir%

Md5Hash :834ddf46f08ca3dea28b3f2b3ed2c1f1 ( 360492 bytes)
File: lz090209.exe
Path : %windir%\system

Md5Hash :affa7401740426debb3c12b5f937aef4 ( 59513 bytes)
File: lz32dla.dll
Path : %windir%\system

Md5Hash :2bef3e14f76b68e20dd998e2e37c49f2 ( 96768 bytes)
File: sservice.exe
Path : %windir%\system

Md5Hash :834ddf46f08ca3dea28b3f2b3ed2c1f1 ( 360492 bytes)
File: system32:ghost.exe
Path : %windir%

Md5Hash :( bytes)
File: system32:javaup.exe
Path : %windir%

Md5Hash :( bytes)
File: system32:scrnsave.scr
Path : %windir%

Md5Hash :( bytes)
File: system32:shvour.exe
Path : %windir%

Md5Hash :( bytes)
File: _risingings.exe
Path : %windir%\system32

Md5Hash :76a3751279dd92ad299c095ec0767ad7 ( 676352 bytes)
File: 360net.dll
Path : %windir%\system32

Md5Hash :ca0df64d31f8ab852c8e1c24b2ecb2bf ( 88091 bytes)
File: 6to4ex.dll
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
08e374206aa7b74c08093a5bc5e3b768 ( 97315 bytes)
c96191e3a88cd539f938f0ae108b5402 ( 101419 bytes)
File: abs001 .dll
Path : %windir%\system32

Md5Hash :721d65357a79878fc657c64a628820bc ( 123904 bytes)
File: agent.exe
Path : %windir%\system32

Md5Hash :0f092915553e9a241bec439c950231a4 ( 57344 bytes)
File: bbsyju.exe
Path : %windir%\system32

Md5Hash :89b810f3ccadea873e611da0950256bd ( 193113 bytes)
File: bgswitch.exe
Path : %windir%\system32

Md5Hash :21e3f775736eb640c39e12b99dc5105f ( bytes)
File: cedcbdbfefbef.dll
Path : %windir%\system32

Md5Hash :12cc391254fc09271996da1d1e1d7197 ( bytes)
File: ntndis.exe
Path : %windir%\system32\drivers

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
13fb453b494a6116b4a0da2224a523c0 ( 55808 bytes)
517402016d742c853c26ce76a786e07c ( 58880 bytes)
5e4c2dd7daa3505048a8c1a5fa7ec593 ( 55808 bytes)
File: winsawids.sys
Path : %windir%\system32\drivers

Md5Hash :8484b421698c4b84a8735d2941bd3494 ( 4220 bytes)
File: dud3msn.exe
Path : %windir%\system32

Md5Hash :791bb5ea3e724841fd3c6390165b8b81 ( 489952 bytes)
File: efcdvmkb.dll
Path : %windir%\system32

Md5Hash :e7266ce0c94ce2668e1794b1a050882f ( 36352 bytes)
File: exlorers.exe
Path : %windir%\system32

Md5Hash :2b2b8438ee79f76bcbc72ae0efb2e76f ( 184739 bytes)
File: fservice.exe
Path : %windir%\system32

Md5Hash :834ddf46f08ca3dea28b3f2b3ed2c1f1 ( 360492 bytes)
File: hacker.com
Path : %windir%\system32

Md5Hash :a56c169898c3fc1ca831f4b9dd581e65 ( 495616 bytes)
File: hd_driver.exe
Path : %windir%\system32

Md5Hash :0caf1e429fdfb6415e59c764fcb79422 ( 29696 bytes)
File: ias360.dll
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
1656635f21ad39b1552b21613ff474d0 ( 101923 bytes)
35d8dfcb532724c69aab611b9b461b45 ( 101923 bytes)
3843ecfea9bb0f7787bfb32f0235a8e0 ( 101923 bytes)
7738e0861b3e5e1fec94a1a2d4340d8a ( 101923 bytes)
cd909a1b8f51ac069fc52c3dbdcf7d28 ( 101923 bytes)
File: icq.exe
Path : %windir%\system32

Md5Hash :868715eb386853b1d29946100ec33a2a ( 196096 bytes)
File: install.dat
Path : %windir%\system32

Md5Hash :33be6196cc5a5e3f4b885c74f6075fbc ( 8 bytes)
File: kernel16.dll
Path : %windir%\system32

Md5Hash :2f15e7c7c44773ecf9f3cafc535b5919 ( 53760 bytes)
File: khfcsrrq.dll
Path : %windir%\system32

Md5Hash :26926eb70b7d2cadc50a4bbe6878f953 ( 36864 bytes)
File: misc3.exe
Path : %windir%\system32

Md5Hash :a78baad982c9042bda7e5deab818c781 ( 6528 bytes)
File: msngrs.exe
Path : %windir%\system32

Md5Hash :910395414b33a44bb44e70cfac0187d1 ( bytes)
File: nwcworkstation360.dll
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
026e374c557f112bfe83c658dd34d121 ( 101915 bytes)
0e059d6a0f3f08082712c2f828ea244b ( 101919 bytes)
1ad57078aae15d800a3206b21745f31f ( 101927 bytes)
250d248f5c4b0cca993b725fbdbb6336 ( 87583 bytes)
2e5ca4eed425e0e37d33dda64b2a1c99 ( 96291 bytes)
2e5d51f483e657cdd26cc26f2b39906b ( 96799 bytes)
36581cd1946c2ed76a6004356f5c4ff8 ( 96295 bytes)
4b5254f1893ea13cc5e76172083ca5a4 ( 87583 bytes)
517561389760de20ff4539ec0b0997e7 ( 96807 bytes)
63e8be0b9c92fbcec52a1391ac88898e ( 96283 bytes)
718dcef5ee8fe8edf53cedc5bd1dc4c5 ( 97460 bytes)
96674f603ae84b1d26bd018eb83ad3d4 ( 101919 bytes)
979f8f048e2f3f12ffcd6ea1c39fd39c ( 88095 bytes)
b659511521d6ae5773d31c6f406abba3 ( 101911 bytes)
e59fc78a4d2840ebc34968d07ec87f95 ( 92715 bytes)
File: nwcworkstationbak.dll
Path : %windir%\system32

Md5Hash :4ec6b8ec6208a6fc7ac5039b2028659d ( 100903 bytes)
File: nwcworkstationsystem.dll
Path : %windir%\system32

Md5Hash :df247e6bea02bfba82692320f0fdaa0c ( 100931 bytes)
File: oks.exe
Path : %windir%\system32

Md5Hash :4daff4bd96641b750219ffff2d585fa9 ( bytes)
File: qqgame.exe
Path : %windir%\system32

Md5Hash :a4d37e96519f76715fcc6c20b10e97cf ( 8704 bytes)
File: salla.exe
Path : %windir%\system32

Md5Hash :8f0b9f9d1c7449c0001354388acf15c3 ( 15374 bytes)
File: schotserts.exe
Path : %windir%\system32

Md5Hash :bd4bc41dcf04bc38fc75e068df7e73de ( 384000 bytes)
File: secupdat.dat
Path : %windir%\system32

Md5Hash :3d34a52beaf4e45c89cb08924e845a62 ( 69120 bytes)
File: sjdmspqp.exe
Path : %windir%\system32

Md5Hash :42a640fa64eec75f8d71f3b616c1f349 ( 218197 bytes)
File: sooos.exe
Path : %windir%\system32

Md5Hash :d81350b97ec5daa76242eca1e3db8344 ( bytes)
File: svhost.exe
Path : %windir%\system32

Md5Hash :ef356482a34b0472d9204569cf7486c1 ( 9773 bytes)
File: syscoms.exe
Path : %windir%\system32

Md5Hash :db897ae2d70731b203444db6fba69ab6 ( 9730 bytes)
File: taskmngr.exe
Path : %windir%\system32

Md5Hash :83884db2c4500356d369673c3de92513 ( 386136 bytes)
File: win32sysmc.exe
Path : %windir%\system32\win32ocx

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
0ffdc9584bc51d5be128a14b8e99097b ( 141824 bytes)
88a0917fb768cb5c1595ec3751298a31 ( 141824 bytes)
File: winampaa.exe
Path : %windir%\system32

Md5Hash :6aafb169a87b26e32574d663d7bedb1a ( 158720 bytes)
File: winlogo.exe
Path : %windir%\system32

Md5Hash :af21b75b3c87975bf66055b69c329bc2 ( 18945 bytes)
File: wwindor.com
Path : %windir%\system32

Md5Hash :2b0938910336c2f8715cef877e14053a ( 291328 bytes)
File: wwindor.dat
Path : %windir%\system32

Md5Hash :76141c4ecf542485bd2c5b44d3d14e3a ( 202752 bytes)
File: taskmngr.exe
Path : %windir%

Md5Hash :5675c080a36c8db7cd9488f60246c7c5 ( 98304 bytes)
File: startt.job
Path : %windir%\tasks

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
0e24ebe7b73dd6fead267c5601d9e879 ( 206 bytes)
200d96c8a99d613154db0e2b4b453a13 ( 206 bytes)
5514bd65bb6dca8b9691ce4c6d8e02d6 ( 206 bytes)
File: happyyy.exe
Path : %windir%\temp

Md5Hash :1806e39616134c491494f5e84eea0f16 ( 428623 bytes)
File: play.exe
Path : %windir%\temp

Md5Hash :70e441042f1ce2f27052248faf1a9a74 ( bytes)
File: wallpaper.com
Path : %windir%\web

Md5Hash :938c0bebd05135f577a0de4996753c20 ( 86608 bytes)
File: winserver.exe
Path : %windir%

Md5Hash :a5145afc4b7ff974eafbd19a2ef6b7d2 ( 66560 bytes)
File: winsystem.exe
Path : %windir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
ac2e597992340b48302bd3c77094db41 ( bytes)
ad54a1e444a353a6230c94d67da780a8 ( bytes)
File: winudpmgr.exe
Path : %windir%

Md5Hash :b45e8680e2e3cb5cfe38b2bc09e7419b ( 125952 bytes)
File: [randomname].exe
Path : %workingdir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
006c1efc20c2fb01f40b015194ef4c90 ( bytes)
00d629ddf9143efeee8c5c59a46eeb57 ( 44925 bytes)
02e95e0e1ad2d6b2785433cbe02e0d4b ( 86528 bytes)
043f383fcfd767d28bea16b0afc5f074 ( 45484 bytes)
04aec1fcf50c501a5cb5b153f2df9d1d ( 27648 bytes)
068eeb05061d3aa780d7a8642cbe109c ( 121344 bytes)
07f8d79d801c08434aba777bf4443718 ( bytes)
0872714ae3b627c2c4b6f7a3fec29cae ( 740864 bytes)
0b4abfc6a0c101ffeffce408c2871c58 ( 1756215 bytes)
0c1075a555a22df73fad459c09929108 ( 96811 bytes)
0c51ee341dd3bbd9765a7117de5d673d ( bytes)
0caf1e429fdfb6415e59c764fcb79422 ( 29696 bytes)
0cb519bd1fe4ab02b0296cc6518bcdae ( 97315 bytes)
0df4cf1f94f360c9c45e7b0ed120eaab ( bytes)
0e47fb79c157d39c249202b530796a11 ( 36864 bytes)
0f092915553e9a241bec439c950231a4 ( bytes)
0ffdc9584bc51d5be128a14b8e99097b ( 141824 bytes)
110c3e265aa3d13364dcd289c6616cdf ( bytes)
1270e982c9b9498b167327236c073c45 ( 244508 bytes)
13fb453b494a6116b4a0da2224a523c0 ( 55808 bytes)
150ff6db39ffb062801f7513066e1d27 ( 86528 bytes)
155d182b3a4f597b31cf5aee7a786705 ( 126464 bytes)
15602c51102d3182906fcf94d7b974ea ( 86528 bytes)
17169fa8d157c32e52185b293189ec7a ( bytes)
172b0eebc84bdeb0abbd76de06b75613 ( 14476 bytes)
1780adf1285c9e025ca8a203316e0b4d ( 45589 bytes)
1796d56ff59b34a918dfd16c3c605ffa ( 12545 bytes)
1801589d04f05e13d887414363156152 ( bytes)
18e0f50b4b62e13e33b5900d54317ddd ( 12288 bytes)
197b84ed61344592b6f1e8d34c2e6c31 ( 59392 bytes)
198c12fb30ad00e93e7bd4f6915740d2 ( 26624 bytes)
1abeec14d98813d0a547cd20a6e015ce ( 17408 bytes)
1da49048c8b470c0588ff26b7ff894b3 ( 90873 bytes)
1f25b402eac2549207df25cec2cb9e5b ( 52753 bytes)
1f71fd4d8d8b95333135e2ead9c5f185 ( 11264 bytes)
219e254ee45c36bdc7dd57217bb07f6f ( 11264 bytes)
21e3f775736eb640c39e12b99dc5105f ( 16384 bytes)
23b0d7994ac93798c611a8e87e15af82 ( 9216 bytes)
23f3bb29dbf8d7486b72e25e2fabc45a ( 10240 bytes)
2561de36076c4528877e194f93cb44cc ( 117248 bytes)
2628fbd9bec583a421eb1cb4e526c063 ( 97280 bytes)
26580474096eadb1285abe03e95d3db8 ( 40960 bytes)
271c38ae2a8d5249bb8a8e67f6f073bd ( 42877 bytes)
2729cf949d096057e3b51a513d4980e0 ( bytes)
2735ed828182b2f1ee0feeff4901836b ( 9708432 bytes)
27a0d2df5f9f612b802e3114abf3657b ( bytes)
28df245d9459d8ff5ee769165230d7d7 ( 16384 bytes)
2a1d1b699f5c7f86e62f7d46a95c3ba2 ( bytes)
2b0938910336c2f8715cef877e14053a ( bytes)
2b2b8438ee79f76bcbc72ae0efb2e76f ( 184739 bytes)
2b3deb41bea6cd584f7a6434f717c287 ( 329700 bytes)
2e38fd6eca3ae3892e3711bad27977c9 ( bytes)
2ebe9f4b5b7c3d16c85c749da53b70ca ( 163970 bytes)
2ee4fb29b603edc612e674c66080cba2 ( 576000 bytes)
2fc06b2cae48f6beda201ab78380cdfa ( 22544 bytes)
3061211bcb2ff82126d91cf218a13666 ( bytes)
31de15995435f993f76c07cb7375a0d9 ( 44925 bytes)
3288bc3b235079e208a990a9e6555ec3 ( 32256 bytes)
3701eeb2c55cbdd94a8b635f469fc3c3 ( bytes)
37afb7b89a84ee364daab94f8ee154e5 ( 11264 bytes)
3826c6e530bd90ebbfe41a8a0e368521 ( 11264 bytes)
385b7b1871ff3f767099e30c3c0b87ef ( 61487 bytes)
3910b0583eff2efccc537932
Also creates the following files on user's System which are also created by Genuine Software :-
Note:
These file(s) can be kept as they are also created by genuine Software.
File : 0b4abfc6a0c101ffeffce408c2871c58.exe
Path : %temp%

Md5Hash :3e930c641079443d4de036167a69caa2 ( 1695232 bytes)
File : syssetup1.dll
Path : %windir%\inf

Md5Hash :81051bcc2cf1bedf378224b0a93e2877 ( 2 bytes)
File : win.com
Path : %windir%\system32

Md5Hash :614eaf5c786c26b6739872932a138abe ( 27930 bytes)
The following Registry Values are added to the provided Registry Keys :-
Note:
Delete the added Values from the Key to remove Infection
|__ Value Added :
microsoft update machine = "bbsyju.exe"
|__ Value Added :
mstwain32 = "%windir%\mstwain32.exe"
|__ Value Added :
syspersonalfirewall = "exlorers.exe"
|__ Value Added :
task manager = "taskmngr.exe"
|__ Value Added :
win.com = "%windir%\system32\win.com"
|__ Value Added :
winsysmc = "%windir%\system32\win32ocx\win32sysmc.exe"
|__ Value Added :
*win.com = "%windir%\system32\win.com"
|__ Value Added :
syspersonalfirewall = "exlorers.exe"
|__ Value Added :
%windir%\system32\svchost.exe = "enablenxshowui"
|__ Value Added :
bindport_port = "[reg_dword, value: 0000317b]"
|__ Value Added :
ftpd_port = "[reg_dword, value: 00000015]"
|__ Value Added :
ftpd_state = "[reg_dword, value: 00000001]"
|__ Value Added :
socks4_port = "[reg_dword, value: 000063ec]"
|__ Value Added :
socks4_state = "[reg_dword, value: 00000001]"
|__ Value Added :
blud = "kvpgvr/ou5hh8rbndm9ifb8dg2jrtniicv4bezgosf1xur6foqr+w7tioxm9y1kv"
|__ Value Added :
asynchronous = "[reg_dword, value: 00000001]"
|__ Value Added :
dllname = "%windir%\system32\cedcbdbfefbef.dll"
|__ Value Added :
impersonate = "[reg_dword, value: 00000000]"
|__ Value Added :
asynchronous = "[reg_dword, value: 00000001]"
|__ Value Added :
impersonate = "[reg_dword, value: 00000000]"
|__ Value Added :
directx for microsoft® windows = "%windir%\system32\fservice.exe"
|__ Value Added :
dlnblz = "%windir%\system\lz090209.exe"
|__ Value Added :
×ô¶¯¸üðâ = "%SYSTEMDRIVE%\data\8319ecaaa6bb9ebd3b83859577f25838.exe"
|__ Value Added :
bgswitch.exe = "%windir%\system32\bgswitch.exe"
|__ Value Added :
ctfmon.exe = "%SYSTEMDRIVE%\windows:ctfmon.exe"
|__ Value Added :
icq6 = "%windir%\system32\icq.exe"
|__ Value Added :
microsoft = "winampaa.exe"
|__ Value Added :
microsoft security monitor process = "exel.exe"
|__ Value Added :
microsoft update machine = "bbsyju.exe"
|__ Value Added :
mscola = "%windir%\mscola.exe"
|__ Value Added :
msngrs.exe = "%windir%\system32\msngrs.exe"
|__ Value Added :
msnm = "%windir%\system32:msn3.exe"
|__ Value Added :
nytro.exe = "%windir%\system32\nytro.exe"
|__ Value Added :
rmx.exe = "%windir%\system32\salla.exe"
|__ Value Added :
seed = "%windir%\system32\winlogo.exe"
|__ Value Added :
smssr.exe = "%windir%\system32\sooos.exe"
|__ Value Added :
symentec = "%SYSTEMDRIVE%\windows:sysmentec.exe"
|__ Value Added :
sysdll = "%SYSTEMDRIVE%\data\af7e947ecaa5882325906249d4ee2ef4.exe"
|__ Value Added :
syspersonalfirewall = "exlorers.exe"
|__ Value Added :
system32 = "%windir%\sentinal.exe"
|__ Value Added :
systray = "%SYSTEMDRIVE%\data\f43ca7a53195831394d89616fda63150.exe"
|__ Value Added :
task manager = "taskmngr.exe"
|__ Value Added :
win.com = "%windir%\system32\win.com"
|__ Value Added :
win32 security updates downloader = "dud3msn.exe"
|__ Value Added :
windows udp control center = "winudpmgr.exe"
|__ Value Added :
windows32 = "%SYSTEMDRIVE%\arquivos de programas\windows32.exe"
|__ Value Added :
winlogon = "%SYSTEMDRIVE%\windows:winlogon.exe"
|__ Value Added :
*win.com = "%windir%\system32\win.com"
|__ Value Added :
syspersonalfirewall = "exlorers.exe"
|__ Value Added :
microsoft = "winampaa.exe"
|__ Value Added :
microsoft security monitor process = "exel.exe"
|__ Value Added :
microsoft update machine = "bbsyju.exe"
|__ Value Added :
syspersonalfirewall = "exlorers.exe"
|__ Value Added :
task manager = "taskmngr.exe"
|__ Value Added :
win32 security updates downloader = "dud3msn.exe"
Creates the following child process(s) on execution:

%windir%\explorer.exe

%windir%\system32\svchost.exe

%windir%\system32\dwwin.exe -x -s 1288

services.exe

Creates the Following MUTEX(s) on user's System:-
)!voqa.i0
raspbfile

NOTE:

1. %allusersprofile% Refers to the windows all users profile folder. By default it is 'C:\Documents and Settings\All Users'
2. %programfiles% Refers to the program files folder. By default it is 'C:\Program Files'
3. %systemdrive% Refers to the windows System drive folder. By default it is 'C:\'
4. %workingdir% Refers to the current directory in which user is working.
5. %temp% Refers to the windows temp folder. By default it is 'C:\Documents and Settings\[user]\Local Settings\Temp'
6. %userprofile% Refers to the windows current user's profile folder. By default it is 'C:\Documents and Settings\[user]'
7. %windir% Refers to the windows root folder. By default it is 'C:\Windows'

Important: We strongly recommend that you backup the Registry before making any changes to it. Incorrect changes to the Registry can result in permanent data loss or corrupted Files. Modify the malicious\suspicious Subkeys only.

Click Here for more spywarelib.com recommended PC Security and Optimization Tools

To modify registry entries in Windows Operating System:
Follow Steps:
1. Click Start > Run
2. Type “regedit” : to open registry editor
3. Navigate to required registry Key from the Left Tree control and modify accordingly.


Microsoft Gold Certified Partner

© Systweak Inc., 1999-2011 All rights reserved.