Systweak Spyware Library
Systweak Spyware Library text
More than 21875 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
Adtool.MyWebSearch Analysis Report
Threat Submitted On: 10 Nov 2008
Threat Analysed On: 11 Nov 2008
Threat Updated On: 11 Sept 2009
Type : Adtool
Symptoms of vatos
  • Performs malicious activities.
  • Fetches the user’s sensitive information.
  • Enables the attacker to control the system remotely.
Information
Alias : [Not Available]
Md5 Hash : [Not Available]
File Size : [ Not Available ]

Technical Details

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System
Note:
Delete the following Files to remove Infection
File: [RandomName].exe_
Path : %workingdir%

Md5Hash :055301cba9ea18d2feef570eef63551c ( bytes)
File: [RandomName].exe
Path : %workingdir%

Md5Hash :46159656c142d8a13133a7f03d4f589a ( 986112 bytes)
File: [RandomName].exe_
Path : %workingdir%

Md5Hash :4f66696de256050b6878fc371eb0d390 ( bytes)
File: apm.exe
Path : %workingdir%

Md5Hash :513d917632959c9c3244e69be03fb11d ( 29696 bytes)
File: sysrestore.vbs
Path : %systemdrive%

Md5Hash :237672f260e3000c1f3aa21a72a39ed5 ( 179 bytes)
File: log.vts
Path : %windir%\networks

Md5Hash :b86ada72cc4e913502509e431fc43ef8 ( 1662 bytes)
File: mrsntr.exe
Path : %windir%\networks

Md5Hash :623a6a486569c3a808005d5ec9a325c0 ( 41984 bytes)
File: svchost.exe
Path : %windir%\networks

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
40cb3aa8266d8c222d2a6bcaa60289ed ( 369235 bytes)
77fb9f663dbf34b716ce6cad58fa8299 ( 791042 bytes)
File: wnst.exe
Path : %windir%\networks

Md5Hash :77fb9f663dbf34b716ce6cad58fa8299 ( 791042 bytes)
File: pcgwin32.li3
Path : %windir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
b8208683f9a2ae87f7964645d1d70698 ( 116 bytes)
bd7a4bbac483c1cc23ef722cac5e3679 ( 116 bytes)
File: reboot.exe
Path : %windir%

Md5Hash :40cb3aa8266d8c222d2a6bcaa60289ed ( 369235 bytes)
File: install.com
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
04fc9c9623a1afcccf607a2eeefff052 ( 328192 bytes)
1cf8d28c09de1fe2c91f1eec3b541b4c ( 328203 bytes)
2bcd68bf6800f98b8158112d8763d109 ( 328192 bytes)
2d169f6f45d6f9c28dad087deec36c92 ( 700928 bytes)
38daf7d3842de54f645716c8fe2a11c4 ( 693760 bytes)
5462ba685c7b42eb245222fac822638f ( 328192 bytes)
57a2adb4e0aa9fcec73f733187a75c09 ( 328192 bytes)
59e5f18415edf2f7fb50076af7962ede ( 464896 bytes)
686397b6a2383c9fc627cf694b7233bd ( 328192 bytes)
7540447fb0475873f7c84e91361dbce5 ( 328192 bytes)
8204a7f6bcaceb51745abee73f6664a9 ( 337920 bytes)
873accde34aba92e8d42b6e006c7ad59 ( 700932 bytes)
8dc66514c481334688e139853af9f823 ( 328192 bytes)
938225045cc36258128ffa6760f83e07 ( 326656 bytes)
9ab9988c476e87e0008858bcf7169449 ( 700932 bytes)
9f0380d880ce8bc7bd45c9768f968152 ( 328192 bytes)
a9cef9f11a44aede459fa63bb0623753 ( 700930 bytes)
ad21b36d63bc61190f8b6c6bd20b8865 ( 782336 bytes)
b453bb38a9a20991edfc3b43e6148cf9 ( 328192 bytes)
bc842471a61fedbc3a44c8569bbcf6fd ( 304128 bytes)
be91349e68e859ee29006aa3b7b6e1e6 ( 700933 bytes)
bf2a0b618a7d4299324d9b86f9f09c59 ( 337920 bytes)
c1f7f921239e6ffc5186ae6226ca752b ( 700931 bytes)
c28065856db6da7f7a9623ffc7ab089c ( 700932 bytes)
daab15b4adccbbc05ef69398b355990f ( 328192 bytes)
dc9394467fd06a5c74480ff3e46851c3 ( 328192 bytes)
deb4d7fa4f7a91d1fdfc81cb44c1e54b ( 692736 bytes)
ebaa23e20dbd0be31549620a9f3270f3 ( 455168 bytes)
fdba0fec81bc7c53ed5d931c6c130315 ( 328192 bytes)
File: sysocxw.com
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
010a3977496cd3add9dd8dbc5dcab2b2 ( 46082 bytes)
055301cba9ea18d2feef570eef63551c ( 77330 bytes)
File: avlist.vts
Path : %windir%\system32\workgroups.{208d2c60-3aea-1069-a2d7-08002b30309d}

Md5Hash :19b59e43c31c00fd77a8edb8a34b3756 ( 485 bytes)
File: empty.txt
Path : %windir%\system32\workgroups.{208d2c60-3aea-1069-a2d7-08002b30309d}

Md5Hash :329a5336801502b6344b593a3a6257ce ( 8 bytes)
File: ieakhtm.dll
Path : %windir%\system32\workgroups.{208d2c60-3aea-1069-a2d7-08002b30309d}

Md5Hash :90336a7eaf8597a014dac46e68bdccfe ( 59392 bytes)
File: log.vts
Path : %windir%\system32\workgroups.{208d2c60-3aea-1069-a2d7-08002b30309d}

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
1265a59abaa58da2d5bd2efebd1b4df0 ( 1700 bytes)
151a73074f08a19be3993fb2143fdc6f ( 1699 bytes)
2d96784773bbe8ca3746f37d30cf1518 ( 1699 bytes)
3a5884d663e8caacfaac2096f44d7116 ( 1662 bytes)
3f19fe7925da203557b44ce47eb8dca5 ( 2311 bytes)
3f961b3da89947ba9d27268cd59c1978 ( 2320 bytes)
45d74b54aec49cff872e8e0e1ce9da42 ( 1683 bytes)
4c4908a7bd6fd79e0f2e6b03a2664650 ( 1700 bytes)
4d7e4a54ef698e1f3eed2ebb5a6746e3 ( 1662 bytes)
5805e809ba5c6d4036cdec1a246e9d6d ( 1683 bytes)
7040b220f6410a2222dc0e2cd20a5c22 ( 1661 bytes)
70b045c0c47baf29329b8115abbca116 ( 1699 bytes)
86a70ae5913ca7dbcb3b3d1fa9c98e9d ( 1661 bytes)
8bdefe20f89961da37f17a6878dce689 ( 1661 bytes)
8c054e6cace0e6311ee3bc69f58ed4aa ( 2320 bytes)
a57cea5601b1709a3e1c08f4eac7733a ( 1661 bytes)
b137c3a5d6c8dd2ee20867e59ac86b10 ( 1662 bytes)
b1ddc54fdaa1fd7debc882ccaca94039 ( 1682 bytes)
b86ada72cc4e913502509e431fc43ef8 ( 1662 bytes)
bc96c114877992767568b5bc5efd3a30 ( 1661 bytes)
ca04373c011b41cc0b03020b1495aced ( 1662 bytes)
da313839a013b1dfa18062993b3ed7d9 ( 1661 bytes)
e90146a0501106e7df3db396aa9c1c9c ( 1662 bytes)
ec7f8d60ed0f2411e99d9a01a385e8ca ( 1699 bytes)
File: ser.dat
Path : %windir%\system32\workgroups.{208d2c60-3aea-1069-a2d7-08002b30309d}

Md5Hash :12dfc6032d8cfb769a61428a0fb591b3 ( 103 bytes)
File: svchost.exe
Path : %windir%\system32\workgroups.{208d2c60-3aea-1069-a2d7-08002b30309d}

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
04fc9c9623a1afcccf607a2eeefff052 ( 328192 bytes)
1cf8d28c09de1fe2c91f1eec3b541b4c ( 328203 bytes)
2bcd68bf6800f98b8158112d8763d109 ( 328192 bytes)
2d169f6f45d6f9c28dad087deec36c92 ( 700928 bytes)
38daf7d3842de54f645716c8fe2a11c4 ( 693760 bytes)
5462ba685c7b42eb245222fac822638f ( 328192 bytes)
57a2adb4e0aa9fcec73f733187a75c09 ( 328192 bytes)
59e5f18415edf2f7fb50076af7962ede ( 464896 bytes)
686397b6a2383c9fc627cf694b7233bd ( 328192 bytes)
7540447fb0475873f7c84e91361dbce5 ( 328192 bytes)
8204a7f6bcaceb51745abee73f6664a9 ( 337920 bytes)
873accde34aba92e8d42b6e006c7ad59 ( 700932 bytes)
8dc66514c481334688e139853af9f823 ( 328192 bytes)
938225045cc36258128ffa6760f83e07 ( 326656 bytes)
9ab9988c476e87e0008858bcf7169449 ( 700932 bytes)
9f0380d880ce8bc7bd45c9768f968152 ( 328192 bytes)
a9cef9f11a44aede459fa63bb0623753 ( 700930 bytes)
ad21b36d63bc61190f8b6c6bd20b8865 ( 782336 bytes)
b453bb38a9a20991edfc3b43e6148cf9 ( 328192 bytes)
bc842471a61fedbc3a44c8569bbcf6fd ( 304128 bytes)
be91349e68e859ee29006aa3b7b6e1e6 ( 700933 bytes)
bf2a0b618a7d4299324d9b86f9f09c59 ( 337920 bytes)
c1f7f921239e6ffc5186ae6226ca752b ( 700931 bytes)
c28065856db6da7f7a9623ffc7ab089c ( 700932 bytes)
daab15b4adccbbc05ef69398b355990f ( 328192 bytes)
dc9394467fd06a5c74480ff3e46851c3 ( 328192 bytes)
deb4d7fa4f7a91d1fdfc81cb44c1e54b ( 692736 bytes)
ebaa23e20dbd0be31549620a9f3270f3 ( 455168 bytes)
fdba0fec81bc7c53ed5d931c6c130315 ( 328192 bytes)
File: [randomname].exe
Path : %workingdir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
010a3977496cd3add9dd8dbc5dcab2b2 ( 46082 bytes)
04fc9c9623a1afcccf607a2eeefff052 ( 328192 bytes)
055301cba9ea18d2feef570eef63551c ( 77330 bytes)
0f6421e0ac5c61f54f4c06ffb2abd042 ( 1210880 bytes)
1cf8d28c09de1fe2c91f1eec3b541b4c ( 328203 bytes)
2bcd68bf6800f98b8158112d8763d109 ( 328192 bytes)
2d169f6f45d6f9c28dad087deec36c92 ( 700928 bytes)
38daf7d3842de54f645716c8fe2a11c4 ( 693760 bytes)
40cb3aa8266d8c222d2a6bcaa60289ed ( 369235 bytes)
4f66696de256050b6878fc371eb0d390 ( 47620 bytes)
5462ba685c7b42eb245222fac822638f ( 328192 bytes)
57a2adb4e0aa9fcec73f733187a75c09 ( 328192 bytes)
59e5f18415edf2f7fb50076af7962ede ( 464896 bytes)
63897d49bf99e277f11dc22365c1f819 ( 59840 bytes)
686397b6a2383c9fc627cf694b7233bd ( bytes)
7540447fb0475873f7c84e91361dbce5 ( 328192 bytes)
77fb9f663dbf34b716ce6cad58fa8299 ( 791042 bytes)
8204a7f6bcaceb51745abee73f6664a9 ( 337920 bytes)
873accde34aba92e8d42b6e006c7ad59 ( 700932 bytes)
8dc66514c481334688e139853af9f823 ( 328192 bytes)
938225045cc36258128ffa6760f83e07 ( 326656 bytes)
9ab9988c476e87e0008858bcf7169449 ( 700932 bytes)
9f0380d880ce8bc7bd45c9768f968152 ( 328192 bytes)
a9cef9f11a44aede459fa63bb0623753 ( 700930 bytes)
ad21b36d63bc61190f8b6c6bd20b8865 ( 782336 bytes)
b453bb38a9a20991edfc3b43e6148cf9 ( 328192 bytes)
bc842471a61fedbc3a44c8569bbcf6fd ( bytes)
be91349e68e859ee29006aa3b7b6e1e6 ( 700933 bytes)
bf2a0b618a7d4299324d9b86f9f09c59 ( bytes)
c1f7f921239e6ffc5186ae6226ca752b ( 700931 bytes)
c28065856db6da7f7a9623ffc7ab089c ( 700932 bytes)
daab15b4adccbbc05ef69398b355990f ( 328192 bytes)
dc9394467fd06a5c74480ff3e46851c3 ( 328192 bytes)
deb4d7fa4f7a91d1fdfc81cb44c1e54b ( bytes)
ebaa23e20dbd0be31549620a9f3270f3 ( 455168 bytes)
ed9a84261f6769c03740740ceb6d7895 ( 129540 bytes)
f6e09356ef7be975a0e70353f5312f59 ( 328192 bytes)
fdba0fec81bc7c53ed5d931c6c130315 ( 328192 bytes)
The following Registry Values are added to the provided Registry Keys :-
Note:
Delete the added Values from the Key to remove Infection
|__ Value Added :
%windir%\explorer.exe = "enablenxshowui"

NOTE:

2. %workingdir% Refers to the current directory in which user is working.
3. %systemdrive% Refers to the windows System drive folder. By default it is 'C:\'
4. %windir% Refers to the windows root folder. By default it is 'C:\Windows'

Important: We strongly recommend that you backup the Registry before making any changes to it. Incorrect changes to the Registry can result in permanent data loss or corrupted Files. Modify the malicious\suspicious Subkeys only.

Click Here for more spywarelib.com recommended PC Security and Optimization Tools

To modify registry entries in Windows Operating System:
Follow Steps:
1. Click Start > Run
2. Type “regedit” : to open registry editor
3. Navigate to required registry Key from the Left Tree control and modify accordingly.


Microsoft Gold Certified Partner

© Systweak Inc., 1999-2011 All rights reserved.