Systweak Spyware Library
Systweak Spyware Library text
More than 21875 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
Adtool.MyWebSearch Analysis Report
Threat Submitted On: 10 Nov 2008
Threat Analysed On: 11 Nov 2008
Threat Updated On: 11 Sept 2009
Type : Adtool
Symptoms of latinus
  • Performs malicious activities.
  • Fetches the user’s sensitive information.
  • Enables the attacker to control the system remotely.
Information
Alias : [Not Available]
Md5 Hash : [33adc78e455f1a55f7f928f80e28322d]
File Size : (340480 bytes)

Technical Details

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System
Note:
Delete the following Files to remove Infection
File: edit server.exe
Path : %homepath%\desktop\latinus14

Md5Hash :f6e44accbd857372563fd8dcd7fd2103 ( 380416 bytes)
File: latinus.exe
Path : %homepath%\desktop\latinus14

Md5Hash :06d467337c4ad52a40f8c97e42a5af60 ( 662528 bytes)
File: more hacking tools downloads can be found here.url
Path : %homepath%\desktop\latinus14

Md5Hash :013ad87766e6566a45e23a4136a31e14 ( 76 bytes)
File: server.exe
Path : %homepath%\desktop\latinus14

Md5Hash :3ad2cb159ca37796026f411ff325900f ( 413184 bytes)
File: [RandomName].exe
Path : %workingdir%

Md5Hash :8cdca2bf25edc6c61f4680c2d6bbc5db ( 488448 bytes)
File: mshtml.exe
Path : %windir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
0af09aad197d4054a052835f5a4a01a8 ( 516096 bytes)
260e17430211dfebdf2970e9ee15b24a ( 512000 bytes)
35fdde76cb3b9740fa31928828e72aa1 ( 486400 bytes)
3c7579066d51d4a0bbb028db28d122ea ( 486402 bytes)
59a5569e21ea01d11f678c485a0bbe15 ( 216240 bytes)
File: winrun.exe
Path : %windir%

Md5Hash :baf4c674a41332abc2ec9d9816f6800b ( 552960 bytes)
File: [randomname].exe
Path : %workingdir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
06d467337c4ad52a40f8c97e42a5af60 ( 662528 bytes)
0af09aad197d4054a052835f5a4a01a8 ( 516096 bytes)
0cf3f435a1522f5fa52bdca207d9f345 ( 74754 bytes)
0e875124ceeb9b365146480e18fc2c31 ( 247296 bytes)
25c47a57b59eb1ad5f3095751c74775e ( 262148 bytes)
260e17430211dfebdf2970e9ee15b24a ( 512000 bytes)
2daf600f499b607cd9103226106ba88d ( 262146 bytes)
33adc78e455f1a55f7f928f80e28322d ( 340480 bytes)
35fdde76cb3b9740fa31928828e72aa1 ( 486400 bytes)
49e0286771c8b5d5ffd627b93e2ea838 ( 928256 bytes)
4ce42f3057249baf94d017ddf45fb71f ( bytes)
539b86f1030c18183fe5f05ed64d37d9 ( 525824 bytes)
59a5569e21ea01d11f678c485a0bbe15 ( 216240 bytes)
61e4764e156f6f0525baf58e305620ff ( 23040 bytes)
620f8cdac2b25fa5f98d70a3bdcd1400 ( bytes)
67e3a5bf67e11253bf5856948ec6171e ( 451586 bytes)
7bdb597219e6de4e202dbfdb5647c0b4 ( 533506 bytes)
818766e7345c17afa44349b07e9eb189 ( 22528 bytes)
83f4eee4c6a61af2ad958875ce9bd8dd ( 340482 bytes)
8509d61a28ce86787a4606b9b0aa2961 ( 533504 bytes)
97d3b0dea2afd65a117c5d785434418d ( 23042 bytes)
ab38603b6f82f55e3e5240d2638fa3c4 ( 827392 bytes)
aeba48c129e3cb0ce8d53765845214cc ( 413194 bytes)
b3165c5db1c5a7d8fcfae7a6f3730a67 ( 497152 bytes)
b3735630e425db7570c4b82ea3922773 ( 74752 bytes)
b4aab8cd41ec96d7605ba851d1d298c6 ( 566520 bytes)
baf4c674a41332abc2ec9d9816f6800b ( 552960 bytes)
c8d7e8a9513d0e2a52ae56c2bea75b94 ( 525826 bytes)
d3f6de81c2681b60ec79113aba3fd3b8 ( 655360 bytes)
d74b7052acde19b63d03f2b2295ce298 ( 413196 bytes)
e05adc17fb8cbadf7b18065f1f9c3eb4 ( 549888 bytes)
e611b14c282408d424313b6526bd58d1 ( 336896 bytes)
ee8c5e837965fb3803e0c5fb6c579db3 ( 928258 bytes)
f85feff6d71aa4f57ede356946fda712 ( 413186 bytes)
The following Registry Values are added to the provided Registry Keys :-
Note:
Delete the added Values from the Key to remove Infection
|__ Value Added :
MS HTML = "%WINDIR%\msHtml.exe"
|__ Value Added :
msstartup = "%windir%\winrun.exe"
Creates the following child process(s) on execution:

services.exe

Creates the Following MUTEX(s) on user's System:-
unique_string_of _your_choice
raspbfile

NOTE:

1. %homepath% Refers to the windows current user's profile folder. By default it is 'C:\Documents and Settings\[user]'
3. %workingdir% Refers to the current directory in which user is working.
4. %windir% Refers to the windows root folder. By default it is 'C:\Windows'

Important: We strongly recommend that you backup the Registry before making any changes to it. Incorrect changes to the Registry can result in permanent data loss or corrupted Files. Modify the malicious\suspicious Subkeys only.

Click Here for more spywarelib.com recommended PC Security and Optimization Tools

To modify registry entries in Windows Operating System:
Follow Steps:
1. Click Start > Run
2. Type “regedit” : to open registry editor
3. Navigate to required registry Key from the Left Tree control and modify accordingly.


Microsoft Gold Certified Partner

© Systweak Inc., 1999-2011 All rights reserved.