Systweak Spyware Library
Systweak Spyware Library text
More than 21875 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
Trojan-Backdoor.zapchast Analysis Report
Threat Submitted On: 8/7/2008 5:58:00 AM
Threat Analysed On: 8/7/2008 10:58:00 AM
Threat Updated On: 1/28/2011 4:14:18 PM
Type : Trojan-Backdoor
Symptoms of zapchast
  • Performs malicious activities.
  • Fetches the user’s sensitive information.
  • Enables the attacker to control the system remotely.
Information
Alias : backdoor.irc.zapchast.i
Md5 Hash : [30d5388e6aed18a651a61a255941125f]
File Size : (974711 bytes)

Technical Details

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System
Note:
Delete the following Files to remove Infection
File: as.sys
Path : %programfiles%\s3

Md5Hash :f4216c888a8bca2b810fc4b9e013c9c7 ( 7188 bytes)
File: c.sys
Path : %programfiles%\s3

Md5Hash :40891cdb8f4c13a7ac585c99b33e8c5d ( 1144 bytes)
File: cult.exe
Path : %programfiles%\s3

Md5Hash :be22483df3574de41a28b8021092739c ( 80896 bytes)
File: gt.x
Path : %programfiles%\s3

Md5Hash :641fb5deb3ee9ec84f06c26f6e259ad4 ( 786 bytes)
File: hd.exe
Path : %programfiles%\s3

Md5Hash :66f13513a4e7f45ea7c296b628803bac ( 17941 bytes)
File: knlps.sys
Path : %programfiles%\s3

Md5Hash :7453dfe438791983cc2349a8403a51b9 ( 3072 bytes)
File: ksat.bat
Path : %programfiles%\s3

Md5Hash :75fae3fee8e74883564797e3dd1df0c2 ( 34 bytes)
File: law.x
Path : %programfiles%\s3

Md5Hash :7fd0a311b237cd65f5697578e01e78e0 ( 45 bytes)
File: lovelyx.sys
Path : %programfiles%\s3

Md5Hash :bbf9e4cd06e617c9ce19b75ddcc480d6 ( 18208 bytes)
File: ms13.exe
Path : %programfiles%\s3

Md5Hash :80c911cfae0c3b513824b35e5368453e ( 4128 bytes)
File: orrl.exe
Path : %programfiles%\s3

Md5Hash :b9f5c95fc4b652f89b2d2b1e3ca712f2 ( 91648 bytes)
File: ps2m.exe
Path : %programfiles%\s3

Md5Hash :07eea3ffad9e129dfb5f2f114056c708 ( 31744 bytes)
File: pxs.sys
Path : %programfiles%\s3

Md5Hash :40891cdb8f4c13a7ac585c99b33e8c5d ( 1144 bytes)
File: repcale.exe
Path : %programfiles%\s3

Md5Hash :5077d2c5c16e9abf1ed4198bb1325e7d ( 74240 bytes)
File: spoolx.exe
Path : %programfiles%\s3

Md5Hash :8ec1dc41329c12c454595fbfd39f88c2 ( 1771008 bytes)
File: w.e
Path : %programfiles%\s3

Md5Hash :4c7f8a94f53f8683b3427ce7d8d907a7 ( 227 bytes)
File: hd.exe
Path : %programfiles%\sdada

Md5Hash :66f13513a4e7f45ea7c296b628803bac ( 17941 bytes)
File: kiss.exe
Path : %programfiles%\sdada

Md5Hash :8ec1dc41329c12c454595fbfd39f88c2 ( 1771008 bytes)
File: murd3r
Path : %programfiles%\sdada

Md5Hash :40891cdb8f4c13a7ac585c99b33e8c5d ( 1144 bytes)
File: murder.sys
Path : %programfiles%\sdada

Md5Hash :22c86e929bd32f17a2da40b92b691bcc ( 10518 bytes)
File: nassor
Path : %programfiles%\sdada

Md5Hash :40891cdb8f4c13a7ac585c99b33e8c5d ( 1144 bytes)
File: special.exe
Path : %programfiles%\sdada

Md5Hash :e1067576a55175de177bdb565587cc86 ( 444216 bytes)
File: [RandomName].exe
Path : %workingdir%

Md5Hash :0441e9772bd58f5f597c5656865e41c0 ( 1700 bytes)
File: [RandomName].exe
Path : %workingdir%

Md5Hash :62c8f95dc1ce3ae7acc49d1350bda142 ( 27136 bytes)
File: [RandomName].exe
Path : %workingdir%

Md5Hash :ea564baefb7d3bfc731472eff77150ea ( 1336 bytes)
File: kiss.exe
Path : %workingdir%

Md5Hash :( bytes)
File: 1.bat
Path : %systemdrive%\recycler

Md5Hash :ac4c9972ee602e89fe5282eeecd8d4d8 ( 160 bytes)
File: mirc.ini
Path : %systemdrive%\recycler

Md5Hash :9f76a309511bfae25180a7a335286a2a ( bytes)
File: mirc32.exe
Path : %systemdrive%\recycler

Md5Hash :e07274cd16810b5dc280d9699fce2c8e ( 1682432 bytes)
File: moodll.mrc
Path : %systemdrive%\recycler

Md5Hash :e6e78e89202a526d051ff1c602540a52 ( 2977 bytes)
File: nt.dll
Path : %systemdrive%\recycler

Md5Hash :1e1f8496f3ca121d7ee163452cb9fc8d ( 11526 bytes)
File: hstart.exe
Path : %systemdrive%\recycler\s-1-5-21-3252328098-71414409-2463015037-500

Md5Hash :e09d913c401e101ee6ed2df58011f046 ( 6656 bytes)
File: csrss.exe
Path : %systemdrive%\recycler\s-1-5-21-3252328098-71414409-2463015037-501

Md5Hash :90285a5088ce2fa0d125633d48e37de0 ( 606720 bytes)
File: hstart.exe
Path : %systemdrive%\recycler\s-1-5-21-3252328098-71414409-2463015037-501

Md5Hash :e09d913c401e101ee6ed2df58011f046 ( 6656 bytes)
File: wget.exe
Path : %systemdrive%\recycler\s-1-5-21-3252328098-71414409-2463015037-501

Md5Hash :d09f0cab7e4df46f1a368012633a40f8 ( 73216 bytes)
File: a_friend.exe
Path : %systemdrive%\recycler\s-1-5-21-606747145-1085031214-725345543-500

Md5Hash :af84930391f2537390bf7cd68471a89e ( 476103 bytes)
File: id3nt.txt
Path : %systemdrive%\recycler\s-1-5-21-606747145-1085031214-725345543-500

Md5Hash :2accbe43c87f9d7b67c46c07eda2bf61 ( 253196 bytes)
File: nicks.txt
Path : %systemdrive%\recycler\s-1-5-21-606747145-1085031214-725345543-500

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
2a75dc931f6d4101fef844f89cdf2210 ( 13276 bytes)
cf7739a24a9adc98a79fa37e86291b40 ( 294827 bytes)
File: popups.txt
Path : %systemdrive%\recycler\s-1-5-21-606747145-1085031214-725345543-500

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
0c440d3c968c9c45e4cce74722d0e042 ( 2646 bytes)
accbaa68afb41c0faed208b8d8cc7f37 ( 2639 bytes)
File: bt6282.bat
Path : %systemdrive%\temp

Md5Hash :df6887d17e2c9912e637347ec7ca20b5 ( 220 bytes)
File: 0313.ins
Path : %systemdrive%\winnt\system32\bside

Md5Hash :0d7c2442c444538b16b3a48239cc5807 ( bytes)
File: 14101435.ins
Path : %systemdrive%\winnt\system32\bside

Md5Hash :cc7e8580ad27ed8177a4e18e0c5a2597 ( bytes)
File: 16263294.ins
Path : %systemdrive%\winnt\system32\bside

Md5Hash :0fc70c2fdcad53229457bd8f1f9a3ccd ( bytes)
File: 27296716.ins
Path : %systemdrive%\winnt\system32\bside

Md5Hash :d12efcc7034e969a97607fa1ae849c41 ( bytes)
File: 31861617.ins
Path : %systemdrive%\winnt\system32\bside

Md5Hash :15c9c8dadb9bcaee34a130c648b44594 ( bytes)
File: 37224256.ins
Path : %systemdrive%\winnt\system32\bside

Md5Hash :6c930e0981aec7f6af2c0b74b7093850 ( bytes)
File: 46602466.ins
Path : %systemdrive%\winnt\system32\bside

Md5Hash :200dc9400012907e4624ace13350f9df ( bytes)
File: 48171491.ins
Path : %systemdrive%\winnt\system32\bside

Md5Hash :024dee2544e49304ecd77fc6ff87576f ( bytes)
File: 49258879.ins
Path : %systemdrive%\winnt\system32\bside

Md5Hash :c2e868da5758a3224683445eb73e4692 ( bytes)
File: 5008216.ins
Path : %systemdrive%\winnt\system32\bside

Md5Hash :6259005227c084cb314bc020f1308f9d ( bytes)
File: 55752060.ins
Path : %systemdrive%\winnt\system32\bside

Md5Hash :( bytes)
File: 592996.ins
Path : %systemdrive%\winnt\system32\bside

Md5Hash :c208b42af44792e62ab5933d88ee19e8 ( bytes)
File: 5972932.ins
Path : %systemdrive%\winnt\system32\bside

Md5Hash :7fde5442d35da580df9b7879b5a0171b ( bytes)
File: 68105928.ins
Path : %systemdrive%\winnt\system32\bside

Md5Hash :dcda167b7bf10335c4e4f9e687be4d47 ( bytes)
File: 69768441.ins
Path : %systemdrive%\winnt\system32\bside

Md5Hash :2682489fcca64f2252a7b71c62c149bb ( bytes)
File: 7058408.ins
Path : %systemdrive%\winnt\system32\bside

Md5Hash :6e001e3736781a55839aa5db3785bf9a ( bytes)
File: 71793066.ins
Path : %systemdrive%\winnt\system32\bside

Md5Hash :ec3c36da016c7bf5e9b3345e5f49c296 ( bytes)
File: 77047081.ins
Path : %systemdrive%\winnt\system32\bside

Md5Hash :efe2244567dea874fa8de8d260ed06e7 ( bytes)
File: 77279764.ins
Path : %systemdrive%\winnt\system32\bside

Md5Hash :f9f8d1c53d312f17c6f830e7b4e6651d ( bytes)
File: 77446506.ins
Path : %systemdrive%\winnt\system32\bside

Md5Hash :3429ab24928794a853203b28fbff01e4 ( bytes)
File: 77463279.ins
Path : %systemdrive%\winnt\system32\bside

Md5Hash :5e60e2c5457dcb7af02b9764608203e8 ( bytes)
File: 8204747.ins
Path : %systemdrive%\winnt\system32\bside

Md5Hash :477d4f69053aa5cf887471939f6e771e ( bytes)
File: 82562790.ins
Path : %systemdrive%\winnt\system32\bside

Md5Hash :0e75fde9cc08ee3bb6b4d00c3c4fb6b1 ( bytes)
File: 8272202.ins
Path : %systemdrive%\winnt\system32\bside

Md5Hash :b4cedd2a41dd5034d27195d8a0109510 ( bytes)
File: 86102025.ins
Path : %systemdrive%\winnt\system32\bside

Md5Hash :0f07d299c989d4bcd4ddd845bc189c27 ( bytes)
File: 87432872.ins
Path : %systemdrive%\winnt\system32\bside

Md5Hash :40a1da7cfb2594eb2de2436616782be6 ( bytes)
File: 91723679.ins
Path : %systemdrive%\winnt\system32\bside

Md5Hash :a1ad82988af5d5b2c4003c42a81dda17 ( bytes)
File: 95546440.ins
Path : %systemdrive%\winnt\system32\bside

Md5Hash :dfac693cb43ef29ec3b7ca06c46a721a ( bytes)
File: 99832437.ins
Path : %systemdrive%\winnt\system32\bside

Md5Hash :630fd2fffbfcc63925e6ed57abb4e977 ( bytes)
File: bot.dll
Path : %systemdrive%\winnt\system32\bside

Md5Hash :6259005227c084cb314bc020f1308f9d ( 8 bytes)
File: ddt.exe
Path : %systemdrive%\winnt\system32\bside

Md5Hash :dfac693cb43ef29ec3b7ca06c46a721a ( 899439 bytes)
File: devcheck.exe
Path : %systemdrive%\winnt\system32\bside

Md5Hash :3429ab24928794a853203b28fbff01e4 ( 40960 bytes)
File: edit.bat
Path : %systemdrive%\winnt\system32\bside

Md5Hash :efe2244567dea874fa8de8d260ed06e7 ( 888 bytes)
File: il.dbx
Path : %systemdrive%\winnt\system32\bside

Md5Hash :cc7e8580ad27ed8177a4e18e0c5a2597 ( 36457 bytes)
File: ipcscan.exe
Path : %systemdrive%\winnt\system32\bside

Md5Hash :dcda167b7bf10335c4e4f9e687be4d47 ( 78848 bytes)
File: ir.conf
Path : %systemdrive%\winnt\system32\bside

Md5Hash :0d7c2442c444538b16b3a48239cc5807 ( 1170 bytes)
File: libparse.exe
Path : %systemdrive%\winnt\system32\bside

Md5Hash :0f07d299c989d4bcd4ddd845bc189c27 ( 29696 bytes)
File: lock.bat
Path : %systemdrive%\winnt\system32\bside

Md5Hash :d12efcc7034e969a97607fa1ae849c41 ( 199 bytes)
File: mainhq.dbx
Path : %systemdrive%\winnt\system32\bside

Md5Hash :15c9c8dadb9bcaee34a130c648b44594 ( 74527 bytes)
File: mdx.dll
Path : %systemdrive%\winnt\system32\bside

Md5Hash :6c930e0981aec7f6af2c0b74b7093850 ( 32256 bytes)
File: mirc.ini
Path : %systemdrive%\winnt\system32\bside

Md5Hash :477d4f69053aa5cf887471939f6e771e ( 3387 bytes)
File: ntshare2.bat
Path : %systemdrive%\winnt\system32\bside

Md5Hash :6e001e3736781a55839aa5db3785bf9a ( 221 bytes)
File: osql.exe
Path : %systemdrive%\winnt\system32\bside

Md5Hash :7fde5442d35da580df9b7879b5a0171b ( 122880 bytes)
File: psexec.exe
Path : %systemdrive%\winnt\system32\bside

Md5Hash :a1ad82988af5d5b2c4003c42a81dda17 ( 37376 bytes)
File: scansql.exe
Path : %systemdrive%\winnt\system32\bside

Md5Hash :2682489fcca64f2252a7b71c62c149bb ( 53248 bytes)
File: securenetbios.exe
Path : %systemdrive%\winnt\system32\bside

Md5Hash :ec3c36da016c7bf5e9b3345e5f49c296 ( 5632 bytes)
File: spy.bat
Path : %systemdrive%\winnt\system32\bside

Md5Hash :200dc9400012907e4624ace13350f9df ( 2430 bytes)
File: sqlpass.dic
Path : %systemdrive%\winnt\system32\bside

Md5Hash :0e75fde9cc08ee3bb6b4d00c3c4fb6b1 ( 501 bytes)
File: system32.exe
Path : %systemdrive%\winnt\system32\bside

Md5Hash :024dee2544e49304ecd77fc6ff87576f ( 1706496 bytes)
File: views.mdx
Path : %systemdrive%\winnt\system32\bside

Md5Hash :40a1da7cfb2594eb2de2436616782be6 ( 41472 bytes)
File: wget.exe
Path : %systemdrive%\winnt\system32\bside

Md5Hash :f9f8d1c53d312f17c6f830e7b4e6651d ( 162816 bytes)
File: xsys.dll
Path : %systemdrive%\winnt\system32\bside

Md5Hash :c2e868da5758a3224683445eb73e4692 ( 39424 bytes)
File: 0313.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 14101435.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 16263294.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 19771436.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 27296716.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 31861617.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 338776.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 37224256.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 46602466.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 48171491.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 49258879.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 49528816.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 5008216.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 50995733.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 55752060.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 58928647.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 592996.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 5972932.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 67612956.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 68105928.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 68932878.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 69768441.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 70539889.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 7058408.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 71793066.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 77047081.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 77279764.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 77407495.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 77446506.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 77463279.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 82562790.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 8272202.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 8587723.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 86102025.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 87432872.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 91357841.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 91723679.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 95316848.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 95546440.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: 99832437.ins
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :( 0 bytes)
File: acomp.pnf
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :d5206f2b3da36ec3d5768bbec83abb8d ( 10935 bytes)
File: cygwin1.dll
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :669030aa9b542055c9ef56aed531fe7a ( 967522 bytes)
File: firedaemon.exe
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :e3bb90916eb76946eb51f563ffe526f7 ( 81920 bytes)
File: mirc.ini
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :b71dfc832245c689c00322e3b1d1a4e9 ( 5357 bytes)
File: moo.bat
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :b18e98a3969cf3274b350e051b6ff029 ( 102 bytes)
File: netstat.dll
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :df23aba6745dc8348e698e6db3167324 ( 52 bytes)
File: netstat.exe
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :5b4521746eacc0e456794ef466722a8e ( 239154 bytes)
File: psexec.exe
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :13b1f577a984fd5530b0a716e52c041a ( 122880 bytes)
File: secure.bat
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :13b9886863e3a06bca55c89b53b4bfdf ( 636 bytes)
File: securent.bat
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :fbecd0454d06e50e76390b851dd946b2 ( 7084 bytes)
File: serv-uid.old
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :5adcb79c8bdec9f2c401cdc673e87b31 ( 158 bytes)
File: servuadmin.exe
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :4b238caecaa382d8e676daceed9002ad ( 2316800 bytes)
File: servucert.crt
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :7b8fa286633f087b2faf9a9584dcc72a ( 973 bytes)
File: servucert.key
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :2293486183632e8634aa30a1798bc5e7 ( 963 bytes)
File: servudaemon.exe
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :339f5fb5a369f8c9ec9a2256c33a8a69 ( 2121216 bytes)
File: servuperfcount.dll
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :c4183e884d6f632ef84340122f992422 ( 62464 bytes)
File: servutray.exe
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :d4a1a865242a85ca2dbbecf58182d1cf ( 68608 bytes)
File: ssleay32.dll
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :d7103a683acf83407b608fa040ea136d ( 155648 bytes)
File: start.bat
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :e2b65e5ca6511302b6243f250139d503 ( 160 bytes)
File: store.dll
Path : %systemdrive%\winnt\system32\drivers\etc

Md5Hash :5b705137a098751dc76152d512373bb1 ( 26 bytes)
File: a_friend.exe
Path : %temp%

Md5Hash :af84930391f2537390bf7cd68471a89e ( 476103 bytes)
File: aiw57968.exe
Path : %temp%

Md5Hash :5be82656185b51148a4f0b3ecf16788c ( bytes)
File: aiw75609.exe
Path : %temp%

Md5Hash :5be82656185b51148a4f0b3ecf16788c ( bytes)
File: bt0440.bat
Path : %temp%

Md5Hash :0e5e2044cc54574d43a7dfc2aa923719 ( bytes)
File: bt0544.bat
Path : %temp%

Md5Hash :df6887d17e2c9912e637347ec7ca20b5 ( bytes)
File: bt7404.bat
Path : %temp%

Md5Hash :0e5e2044cc54574d43a7dfc2aa923719 ( bytes)
File: bt8114.bat
Path : %temp%

Md5Hash :df6887d17e2c9912e637347ec7ca20b5 ( bytes)
File: 867.reg
Path : %windir%\dan\user

Md5Hash :ef8c9502c99b154e4f45984dc993832d ( bytes)
File: an.exe
Path : %windir%\dan\user

Md5Hash :768142c0383c359412cab7057de7a5c5 ( 37376 bytes)
File: dan.exe
Path : %windir%\dan\user

Md5Hash :e7542c56f99a8fb53049689d47fd94dd ( 25602 bytes)
File: h1d.bat
Path : %windir%\dan\user

Md5Hash :cd468de2235cdd0041d979fe52bdd40e ( 215 bytes)
File: h1d1.bat
Path : %windir%\dan\user

Md5Hash :cd468de2235cdd0041d979fe52bdd40e ( 215 bytes)
File: wind.bat
Path : %windir%\dan\user

Md5Hash :0cf6f4b8098b1f9f99b73d34185dcc17 ( 975 bytes)
File: winexit.exe
Path : %windir%\dan\user

Md5Hash :133121955aa7064318d7d5f53e0e8b33 ( 25600 bytes)
File: wins.bat
Path : %windir%\dan\user

Md5Hash :fc1baf6fa32b340f701193e546e08647 ( 15367 bytes)
File: winstartup.exe
Path : %windir%\dan\user

Md5Hash :aea313b1ff4f04ac414f2c61df103239 ( 566272 bytes)
File: wsock32.exe
Path : %windir%\dan\user

Md5Hash :8e4736319c6335c07f82abe98633bda2 ( 19456 bytes)
File: 0313.ins
Path : %windir%\fonts

Md5Hash :2c33e59b0d9f3aff83bca2976e3c74cc ( bytes)
File: 14101435.ins
Path : %windir%\fonts

Md5Hash :4c7f8a94f53f8683b3427ce7d8d907a7 ( bytes)
File: 16263294.ins
Path : %windir%\fonts

Md5Hash :ed23199e015c44ec420dc5e9cc967726 ( bytes)
File: 27296716.ins
Path : %windir%\fonts

Md5Hash :638a6f2b03c828e9b3c77c104c56f4ea ( bytes)
File: 31861617.ins
Path : %windir%\fonts

Md5Hash :d07bff17553fa8e1eeaf8f19bc6c3ef2 ( bytes)
File: 37224256.ins
Path : %windir%\fonts

Md5Hash :641fb5deb3ee9ec84f06c26f6e259ad4 ( bytes)
File: 46602466.ins
Path : %windir%\fonts

Md5Hash :b9f5c95fc4b652f89b2d2b1e3ca712f2 ( bytes)
File: 48171491.ins
Path : %windir%\fonts

Md5Hash :afb3a0e9c42f3447793fb7c4dcc68cd0 ( bytes)
File: 49258879.ins
Path : %windir%\fonts

Md5Hash :( bytes)
File: 5972932.ins
Path : %windir%\fonts

Md5Hash :7453dfe438791983cc2349a8403a51b9 ( bytes)
File: 69768441.ins
Path : %windir%\fonts

Md5Hash :eb259abae4041d6353a2761414506e45 ( bytes)
File: 7058408.ins
Path : %windir%\fonts

Md5Hash :a3a878c5e1a22a941e84f6e6b16a7016 ( bytes)
File: 71793066.ins
Path : %windir%\fonts

Md5Hash :8ec1dc41329c12c454595fbfd39f88c2 ( bytes)
File: 77279764.ins
Path : %windir%\fonts

Md5Hash :57b629706c3c19e47c65721407c1f469 ( bytes)
File: 77463279.ins
Path : %windir%\fonts

Md5Hash :7fd0a311b237cd65f5697578e01e78e0 ( bytes)
File: 8204747.ins
Path : %windir%\fonts

Md5Hash :66f13513a4e7f45ea7c296b628803bac ( bytes)
File: 82562790.ins
Path : %windir%\fonts

Md5Hash :07eea3ffad9e129dfb5f2f114056c708 ( bytes)
File: 8272202.ins
Path : %windir%\fonts

Md5Hash :15cf838d3e3c36e0a94364eaf5b67250 ( bytes)
File: 86102025.ins
Path : %windir%\fonts

Md5Hash :be22483df3574de41a28b8021092739c ( bytes)
File: 87432872.ins
Path : %windir%\fonts

Md5Hash :5077d2c5c16e9abf1ed4198bb1325e7d ( bytes)
File: 91723679.ins
Path : %windir%\fonts

Md5Hash :75fae3fee8e74883564797e3dd1df0c2 ( bytes)
File: cult.exe
Path : %windir%\fonts

Md5Hash :be22483df3574de41a28b8021092739c ( 80896 bytes)
File: d.dll
Path : %windir%\fonts

Md5Hash :638a6f2b03c828e9b3c77c104c56f4ea ( 33792 bytes)
File: fx.exe
Path : %windir%\fonts

Md5Hash :d07bff17553fa8e1eeaf8f19bc6c3ef2 ( 1485 bytes)
File: gt.x
Path : %windir%\fonts

Md5Hash :641fb5deb3ee9ec84f06c26f6e259ad4 ( 786 bytes)
File: hd.exe
Path : %windir%\fonts

Md5Hash :66f13513a4e7f45ea7c296b628803bac ( 17941 bytes)
File: kill.exe
Path : %windir%\fonts

Md5Hash :a3a878c5e1a22a941e84f6e6b16a7016 ( 3104 bytes)
File: knlps.sys
Path : %windir%\fonts

Md5Hash :7453dfe438791983cc2349a8403a51b9 ( 3072 bytes)
File: ksat.bat
Path : %windir%\fonts

Md5Hash :75fae3fee8e74883564797e3dd1df0c2 ( 34 bytes)
File: law.x
Path : %windir%\fonts

Md5Hash :7fd0a311b237cd65f5697578e01e78e0 ( 45 bytes)
File: lovely.sys
Path : %windir%\fonts

Md5Hash :eb259abae4041d6353a2761414506e45 ( 28910 bytes)
File: mirc.exe
Path : %windir%\fonts

Md5Hash :8ec1dc41329c12c454595fbfd39f88c2 ( 1771008 bytes)
File: orrl.exe
Path : %windir%\fonts

Md5Hash :b9f5c95fc4b652f89b2d2b1e3ca712f2 ( 91648 bytes)
File: ps2m.exe
Path : %windir%\fonts

Md5Hash :07eea3ffad9e129dfb5f2f114056c708 ( 31744 bytes)
File: repcale.exe
Path : %windir%\fonts

Md5Hash :5077d2c5c16e9abf1ed4198bb1325e7d ( 74240 bytes)
File: runner.exe
Path : %windir%\fonts

Md5Hash :57b629706c3c19e47c65721407c1f469 ( 2048 bytes)
File: w.e
Path : %windir%\fonts

Md5Hash :4c7f8a94f53f8683b3427ce7d8d907a7 ( 227 bytes)
File: registry.dll
Path : %windir%\system

Md5Hash :2110965db3a33831ba9d1550103c3047 ( 1802 bytes)
File: svchost.exe
Path : %windir%\system

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
9213b6c64767050c91aab336daa25c9c ( 1790464 bytes)
df68b6ed20cc54364b024a29972c84dd ( 1790464 bytes)
File: 0313.ins
Path : %windir%\system32

Md5Hash :cae7c2dbda218dc8346592ef124b4fcd ( bytes)
File: 27296716.ins
Path : %windir%\system32

Md5Hash :2764486ae9794a6a3f41e0c22fbaadc1 ( bytes)
File: 31861617.ins
Path : %windir%\system32

Md5Hash :4336edeea2d7d38399c626575569facf ( bytes)
File: 37224256.ins
Path : %windir%\system32

Md5Hash :303e73e6032697b2f4fe9932a8743aee ( bytes)
File: d.dll
Path : %windir%\system32\552

Md5Hash :638a6f2b03c828e9b3c77c104c56f4ea ( 33792 bytes)
File: kasber22.exe
Path : %windir%\system32\552

Md5Hash :b3027dffa9bbac7e1999223cf737200b ( 574464 bytes)
File: msn.dll
Path : %windir%\system32\552

Md5Hash :f1f6421f7bb0066bd07cd3815f909dec ( 18432 bytes)
File: norton.exe
Path : %windir%\system32\552

Md5Hash :66f13513a4e7f45ea7c296b628803bac ( 17941 bytes)
File: of.exe
Path : %windir%\system32\552

Md5Hash :403db7f54bc6f10c6bbe50a3319d57f0 ( 17408 bytes)
File: org.reg
Path : %windir%\system32\552

Md5Hash :bca5a9fa7235f00cbc31c8f0baef7a4d ( bytes)
File: ps2m.exe
Path : %windir%\system32\552

Md5Hash :07eea3ffad9e129dfb5f2f114056c708 ( 31744 bytes)
File: securaq.exe
Path : %windir%\system32\552

Md5Hash :8570e9b52e6f54370f2c61fa65116544 ( 19968 bytes)
File: 7058408.ins
Path : %windir%\system32

Md5Hash :ad075956ac9e362bc183fdcac9ba872f ( bytes)
File: 8204747.ins
Path : %windir%\system32

Md5Hash :e1cdabfa7f91ec781010e1ec4a3e2589 ( bytes)
File: 86102025.ins
Path : %windir%\system32

Md5Hash :f1a2c7ab1cb9746c4408acb016d36fb0 ( bytes)
File: astem.as
Path : %windir%\system32

Md5Hash :cae7c2dbda218dc8346592ef124b4fcd ( 35739 bytes)
File: bstem.as
Path : %windir%\system32

Md5Hash :f1a2c7ab1cb9746c4408acb016d36fb0 ( 27881 bytes)
File: c.exe
Path : %windir%\system32

Md5Hash :42f2374361aa921cdd3c0063b295490f ( 484894 bytes)
File: cl4ss.exe
Path : %windir%\system32

Md5Hash :58310fc9bbcf4d1a15c5b5786fd53a2c ( 146944 bytes)
File: cult.exe
Path : %windir%\system32

Md5Hash :42e3393b11f3cb8f4db3f8e56a92e7e3 ( 61440 bytes)
File: dlcl.edp
Path : %windir%\system32

Md5Hash :e058d53bc431a8d81d0093fd851cad81 ( 2528 bytes)
File: rundll.exe
Path : %windir%\system32\drivers\etc

Md5Hash :14fd8bf1f67a34d61a074b1d8b08ab4e ( 363 bytes)
File: svchost.exe
Path : %windir%\system32\drivers\etc

Md5Hash :dd6dab5797b43d121af479e22ca82f23 ( 508416 bytes)
File: vir.exe
Path : %windir%\system32\drivers\etc

Md5Hash :129456fbbc566c3563481962192411f1 ( 10367 bytes)
File: win.com
Path : %windir%\system32\drivers\etc

Md5Hash :dae361b11210e5b72f7884acff06099b ( 155 bytes)
File: win.exe
Path : %windir%\system32\drivers\etc

Md5Hash :a91a1f4e6d1f64b0cff53435cc94156c ( 10876 bytes)
File: x.exe
Path : %windir%\system32\drivers\etc

Md5Hash :ad335b0089e0237487b54ccd56a0c889 ( 22528 bytes)
File: remote.ini
Path : %windir%\system32\drivers\nvidia\dll

Md5Hash :e8988ee4c2d19175db2dbaf4a8015eb1 ( 3154 bytes)
File: aliases.ini
Path : %windir%\system32\drivers\shellz

Md5Hash :1a34bf4ced13c646fee11b6dd841f179 ( 92 bytes)
File: fullinfo.bat
Path : %windir%\system32\drivers\shellz

Md5Hash :8587bf5681bd3f55b3f004a4b4b6763d ( 632 bytes)
File: fullinfo.lnk
Path : %windir%\system32\drivers\shellz

Md5Hash :bd9f419e10b6a36d3ed4f8a00c2d4606 ( 574 bytes)
File: fullinfo2.lnk
Path : %windir%\system32\drivers\shellz

Md5Hash :e685e744affbc87a428dd85a2d0e4c07 ( 576 bytes)
File: fullname.txt
Path : %windir%\system32\drivers\shellz

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
a4e6dd20c2acbdd72e79f78f9e3355df ( 1640 bytes)
c3df4b41e16fe740709a8cf494485440 ( 731 bytes)
File: hidewndw.exe
Path : %windir%\system32\drivers\shellz

Md5Hash :6a7d2cbd8111bc7080c832f8a3442256 ( 40960 bytes)
File: icon.rc
Path : %windir%\system32\drivers\shellz

Md5Hash :e243bb0c035861901e0fb6f8a035f68e ( 25 bytes)
File: ident.txt
Path : %windir%\system32\drivers\shellz

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
150c30a8dabbdd05db60c329d42dddc9 ( 1018 bytes)
150f476632e2b07b75d9b5b434a47f36 ( 1249 bytes)
File: ipconf.lnk
Path : %windir%\system32\drivers\shellz

Md5Hash :fb4ae0b4a01c8296acdca489f94c57ea ( 570 bytes)
File: mirc.ini
Path : %windir%\system32\drivers\shellz

Md5Hash :81263d64dd2f4e925034219192cb046d ( 2644 bytes)
File: netinfo.bat
Path : %windir%\system32\drivers\shellz

Md5Hash :0b2d6d607c41ca8a4cdfb1bb257ba7e4 ( 194 bytes)
File: netinfo.lnk
Path : %windir%\system32\drivers\shellz

Md5Hash :953bf32a7bd1979cb9ac69a4c5c186f2 ( 572 bytes)
File: nicks.txt
Path : %windir%\system32\drivers\shellz

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
2436dd240f5e722e80f9faaa9c497e53 ( 148343 bytes)
48d50b808b24ce5a376134365aaf1cc6 ( 139544 bytes)
File: postcards.jpg
Path : %windir%\system32\drivers\shellz

Md5Hash :c6987126a61e5bc84a46179ebd59e884 ( 40306 bytes)
File: procese.bat
Path : %windir%\system32\drivers\shellz

Md5Hash :528476eed3979451c83466ac324d02b4 ( 95 bytes)
File: procese.lnk
Path : %windir%\system32\drivers\shellz

Md5Hash :e2eb3afa71c9cb00ee7a1af5721bd684 ( 572 bytes)
File: remote.ini
Path : %windir%\system32\drivers\shellz

Md5Hash :0a4a63f068ac5defcf168fb2372ac2ae ( 209 bytes)
File: script.ini
Path : %windir%\system32\drivers\shellz

Md5Hash :6c9be42574fc51aceae48b624a463f73 ( 9626 bytes)
File: servers.ini
Path : %windir%\system32\drivers\shellz

Md5Hash :2e862984e6b276daa71e1f3f0f2ff98a ( 985 bytes)
File: servers2.ini
Path : %windir%\system32\drivers\shellz

Md5Hash :2e862984e6b276daa71e1f3f0f2ff98a ( 985 bytes)
File: setup.lnk
Path : %windir%\system32\drivers\shellz

Md5Hash :268a8b438a96af21a9d9f108d8f092ce ( 789 bytes)
File: sup.bat
Path : %windir%\system32\drivers\shellz

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
cdc2c0bc7cbe6371f4ad77c1990faee1 ( 588 bytes)
d480f464bd5abdce1d9c5d3f412cfbb3 ( 586 bytes)
File: sup.reg
Path : %windir%\system32\drivers\shellz

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
0f898f99e34e848e3693da6b187f8576 ( 574 bytes)
d2b195145f1ad01650f1836fadbe7e01 ( 562 bytes)
File: sup2.bat
Path : %windir%\system32\drivers\shellz

Md5Hash :9ddcaef22a354578c24a748acd793253 ( 468 bytes)
File: users.ini
Path : %windir%\system32\drivers\shellz

Md5Hash :2e2dc9bc583e5a8d3887d0ac23c08b4f ( 95 bytes)
File: winspector.exe
Path : %windir%\system32\drivers\shellz

Md5Hash :b766003f431cad186bd115f5761592d1 ( 1790464 bytes)
File: winspector.lnk
Path : %windir%\system32\drivers\shellz

Md5Hash :4b4755919cb8ff5c92a460374f9e77a5 ( 578 bytes)
File: zzzxx.exe
Path : %windir%\system32\drivers\shellz

Md5Hash :bc61112615e1742104119f73dece190d ( 1337756 bytes)
File: dstem.as
Path : %windir%\system32

Md5Hash :5ac9ee1cb0ff013b78ab4e397b53bd20 ( 277 bytes)
File: few.exe
Path : %windir%\system32

Md5Hash :3181efd0c6967e81a6a3427bcb8b45fa ( 151040 bytes)
File: ffe.e
Path : %windir%\system32

Md5Hash :c9d5e870520e0963bd1d34ef559a1ee1 ( 74752 bytes)
File: ger.exe
Path : %windir%\system32

Md5Hash :2dc1b2d870a5a1bd3bfc15a6351a660b ( 49107 bytes)
File: 132.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 133.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 143.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 155.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 158.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 189.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 191.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 202.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 209.reg
Path : %windir%\system32\himansz

Md5Hash :3f775443864e9e9b26fe2cef66bbf37b ( 136 bytes)
File: 239.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 247.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 269.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 271.reg
Path : %windir%\system32\himansz

Md5Hash :3f775443864e9e9b26fe2cef66bbf37b ( 136 bytes)
File: 278.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 294.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 318.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 320.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 323.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 324.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 343.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 349.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 351.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 375.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 387.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 395.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 406.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 411.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 414.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 444.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 451.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 455.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 460.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 464.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 465.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 470.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 494.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 500.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 516.reg
Path : %windir%\system32\himansz

Md5Hash :3f775443864e9e9b26fe2cef66bbf37b ( 136 bytes)
File: 518.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 523.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 525.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 528.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 529.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 532.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 551.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 555.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 576.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 595.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 596.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 601.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 606.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 616.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 619.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 625.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 634.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 640.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 642.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 663.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 664.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 670.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 679.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 683.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 686.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 703.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 716.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 724.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 733.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 741.reg
Path : %windir%\system32\himansz

Md5Hash :3f775443864e9e9b26fe2cef66bbf37b ( bytes)
File: 748.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 755.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 761.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 773.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 779.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 780.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 821.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 825.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 845.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 847.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 856.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 868.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 871.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 878.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 891.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 896.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 916.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 928.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 931.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 932.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 950.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: 992.reg
Path : %windir%\system32\himansz

Md5Hash :( bytes)
File: hide.exe
Path : %windir%\system32\himansz

Md5Hash :66f13513a4e7f45ea7c296b628803bac ( 17941 bytes)
File: mirc.exe
Path : %windir%\system32\himansz

Md5Hash :8beb1789c6c95173a6df5a1d525e3c9d ( 574464 bytes)
File: ir.cn
Path : %windir%\system32\iis

Md5Hash :bd5acf6efa11feff9a5fc225bebccae3 ( 3377 bytes)
File: ir2.cn
Path : %windir%\system32\iis

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
1c606fef776bf5c1f3a06eb1390f506b ( 2945 bytes)
4d40dc873bf857152baa4c8615634a31 ( 2246 bytes)
File: ircnz.dll
Path : %windir%\system32\iis

Md5Hash :62456b6cbdb93b6f1458469d90c57e2c ( 30720 bytes)
File: mirc.reg
Path : %windir%\system32\iis

Md5Hash :9a1c20549988cd4e3ce73449b8d4bbd9 ( 151 bytes)
File: services.exe
Path : %windir%\system32\iis

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
6b95926f1c12fb3e6605844e91855be8 ( 53760 bytes)
ea2e9e72f5bc8ac2549b325a757d321d ( 53760 bytes)
File: setup2.exe
Path : %windir%\system32\iis

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
93b7d224119b1c0ee716c791b782661f ( 117760 bytes)
f959a6c0e577dec0a8cd617d3b5a254b ( 117760 bytes)
File: sxe2c.tmp
Path : %windir%\system32\iis

Md5Hash :810f556084a89f6a1253094cbd568338 ( bytes)
File: sxe32.tmp
Path : %windir%\system32\iis

Md5Hash :810f556084a89f6a1253094cbd568338 ( bytes)
File: winlogon.exe
Path : %windir%\system32\iis

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
1ce029c70d04ccf0258f32b0353762ce ( 626107 bytes)
5915c4cd8b6ba516d95d595fd6a477ed ( 805888 bytes)
File: fldrs.exe
Path : %windir%\system32\msrr

Md5Hash :1435f75c3477cc2c2ad065a8fba98fef ( 129445 bytes)
File: msrh.exe
Path : %windir%\system32\msrr

Md5Hash :86a0e06c99c530926f8f15e2c127abb7 ( 26112 bytes)
File: msrr.exe
Path : %windir%\system32\msrr

Md5Hash :7cd88c92be5de321e263df57a368c3c7 ( 1836544 bytes)
File: msrr.thc
Path : %windir%\system32\msrr

Md5Hash :7ab10d354b298450764f70ce372d06a5 ( 2872 bytes)
File: nnick.mrc
Path : %windir%\system32\msrr

Md5Hash :316b693fa12802381824336e1b6ef2ce ( 796 bytes)
File: start.lnk
Path : %windir%\system32\msrr

Md5Hash :c6c7d97592afdf3d02ef3f04837fe7f9 ( 562 bytes)
File: win32.exe
Path : %windir%\system32\msrr

Md5Hash :a831b87de09a85f4fee04a3c7b9da470 ( 171520 bytes)
File: workit.exe
Path : %windir%\system32\msrr

Md5Hash :e24705c405b952d642384235a45a1d03 ( 143360 bytes)
File: xend.exe
Path : %windir%\system32\msrr

Md5Hash :7a545045efd24527774b51873745345b ( 34304 bytes)
File: oystem.er
Path : %windir%\system32

Md5Hash :4336edeea2d7d38399c626575569facf ( 14017 bytes)
File: palsp.exe
Path : %windir%\system32

Md5Hash :bb8cfe2ec9b9ae97900af123febed5c1 ( 669184 bytes)
File: repcale.exe
Path : %windir%\system32

Md5Hash :aaa45fe7d2b0f13407f3d0f9186fa34b ( 125952 bytes)
File: securay.exe
Path : %windir%\system32

Md5Hash :303e73e6032697b2f4fe9932a8743aee ( 66048 bytes)
File: tskdbg.exe
Path : %windir%\system32

Md5Hash :e1cdabfa7f91ec781010e1ec4a3e2589 ( 579072 bytes)
File: ugsk.tbx
Path : %windir%\system32

Md5Hash :9e04f30981e052ac4e1a24bfc4d8124f ( 4297 bytes)
File: w.e
Path : %windir%\system32

Md5Hash :69298fac46a926a9bed15b2ee3334e18 ( 225 bytes)
File: yrtsiger.bat
Path : %windir%\system32

Md5Hash :9ff44aa644a62ad64144697255f074e5 ( 145 bytes)
File: a.reg
Path : %windir%\temp\spoolsv

Md5Hash :3a6124b67b70cfc076115d6c03a46555 ( 1260 bytes)
File: com.mrc
Path : %windir%\temp\spoolsv

Md5Hash :4c5d728ddd428fa0e7623521822848af ( 15759 bytes)
File: userinit.exe
Path : %windir%

Md5Hash :cfc31c5dee4f5703471683669d4476b3 ( 630784 bytes)
File: winamp uninstaller.exe
Path : %windir%

Md5Hash :cb916a7d4cb4f83cce2c4de566b11894 ( 48973 bytes)
File: windows login service uninstaller.exe
Path : %windir%

Md5Hash :a2ca73d1177e9a404a731b545fe02b2f ( 49067 bytes)
File: [randomname].exe
Path : %workingdir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
00b63a21229312966cada56b3543ba18 ( 3125 bytes)
01521e33e6e431e3596e01785305a207 ( 7867 bytes)
02453cbd7933f942d67735dcfc0b9e50 ( 658 bytes)
0268fbef1342cec429433b5313c45a27 ( 9602 bytes)
02e172836e6e7ddd4bb1b2400175fd9d ( 8016 bytes)
0343893bf8bb228c69573b473bdcd0c2 ( 4052 bytes)
069b0e2d061c3560efd8f382b40da55b ( 3635 bytes)
07c69278a493970007f11ba78661de39 ( 7487 bytes)
0889ffc09ab947a59934fba72521ad7a ( 718156 bytes)
0c0be898cbbd0a9e9a73f653c49ce3a5 ( 7417 bytes)
0d3a7850787c1aecc706a4ae7f447433 ( 194 bytes)
0d7d2cbabc5a445674dff79670dd362d ( 2650 bytes)
0dc601715d07248ec8f450c022ad91a5 ( 1925112 bytes)
0ef649f2b2c0eb8160832e4c4f900d62 ( 1158960 bytes)
0f4af3521a8fcbe172889e9a3816858a ( 1345377 bytes)
0f525b953719b096a6690217331aa1e3 ( 961216 bytes)
10f25735a9462f7fc55644f8b8f4026a ( 3503 bytes)
11ee9dc1bc4c8c6fe1183128718a0195 ( 1925099 bytes)
13bbe3dbb99a6cf4ffd97385dd59f21d ( 1468 bytes)
14bb99b63e9b3304f7e476cd198827e4 ( 7816 bytes)
15fb2506a1001cf3a420774547ed7b58 ( 3407 bytes)
1841a1b9d3840edee47e54309038a052 ( 9350 bytes)
18f734f9b57cb79646d23e8a76599c24 ( 2975 bytes)
1a93acb5d1f2433e57d725b11507b994 ( 1190985 bytes)
1a9bb48bbf7325cbdbd703ced3f9cfb6 ( 3100 bytes)
1b013b53d0940473153ec84d4bc2aeb4 ( 691477 bytes)
1ba0db624c6a7b1fbf6b62a94ba8f0a0 ( 3986 bytes)
1ce8a1fa98ebccc17c6b35b26ec865ca ( 8185 bytes)
1d16fc6bb83c7ef6468856562387d929 ( 7506 bytes)
1dd46f2336185cfbfaa2eb13c1d994b4 ( 15637 bytes)
1f40335b303970634d88f7aa92f23f03 ( 3304 bytes)
1f8786416397249557e7795792aee279 ( 3492 bytes)
204969aa56a1f0073b70414a2e8e789c ( 8494 bytes)
20f3d8a4665ae420ace7ade6a12bd395 ( 3861793 bytes)
21e3a70c562d21f1f6e1b9d6e4b695ef ( 4276 bytes)
22e317307f0c6e1180d8168eff83cc48 ( 1384095 bytes)
2500032590f49e82c54329fd26eaf6e8 ( 437248 bytes)
250c9c70c6749dcd580bb49ed8883f71 ( 701602 bytes)
26391837f0b4a69d3c843f90757689ad ( 413696 bytes)
265917b9153f6de4eb916622c1c1c238 ( 3188 bytes)
2770e93961654f03858ef8ed99358ecc ( 961281 bytes)
278d3ea8b30699be9270b200072cd9ff ( 1384082 bytes)
278dabe53127105efb4b1e49af8c3344 ( 14928 bytes)
299957c9a8f73020dce840db02af450c ( 3323 bytes)
2aa13a5d4204d3961e144f7e88d47567 ( 659429 bytes)
2bb7a1196c918d8fea51c9efdc0f9285 ( 39936 bytes)
2d6cd57e8f73e4c0ad869c189330c91e ( 7877 bytes)
2d8004e15b58d0d1e32201da32481e48 ( 10483 bytes)
2ee5aa686b7c93a0eafc6ec296b18fd2 ( 1622 bytes)
30d5388e6aed18a651a61a255941125f ( 974711 bytes)
30e4053ec8b843e7abb99c3b98d66280 ( 2843 bytes)
318ec32130cd9d13e6aab065da6a5e4c ( 42662 bytes)
31df88b61e2d658c3211a1ed4c3b8fd7 ( 976001 bytes)
38c3a766ffdb04ea9b3153a56740682e ( 1700 bytes)
39232fc4f8b33acde1a5d11b70c4708d ( 2868290 bytes)
3ad2cfdb02edb643bfe1268f562d73c3 ( 1925097 bytes)
3c1e5c895c3630422fbd42c79953cc0d ( 825558 bytes)
3ef708c03860ed42a53e063807acf66c ( 3237 bytes)
3f8361374ddd09b6cbbd4984afef8bfd ( 3312 bytes)
403f8ae5710341727467b97d7588119b ( 2644 bytes)
424d11a98bccbffd13922b3e220334a9 ( 1185036 bytes)
42c0528f0ff8ad
Also creates the following files on user's System which are also created by Genuine Software :-
Note:
These file(s) can be kept as they are also created by genuine Software.
File : svchost.exe
Path : %systemdrive%\recycler\s-1-5-21-3252328098-71414409-2463015037-500

Md5Hash :4635935fc972c582632bf45c26bfcb0e ( 8192 bytes)
File : svchost.exe
Path : %systemdrive%\recycler\s-1-5-21-3252328098-71414409-2463015037-501

Md5Hash :4635935fc972c582632bf45c26bfcb0e ( 8192 bytes)
File : sup.exe
Path : %systemdrive%\recycler\s-1-5-21-606747145-1085031214-725345543-500

Md5Hash :8ecf1b30f5fbb12a2fe138364d351a26 ( 149742 bytes)
File : dll.exe
Path : %windir%\system

Md5Hash :d4b6928743743b563383af9e5cad9061 ( 675840 bytes)
File : sup.reg
Path : %windir%\system

Md5Hash :f83598700d4740fa9eab3af8a538197e ( 139 bytes)
File : svhost.exe
Path : %windir%\system

Md5Hash :c49ef30807ec1e39ba76cf5d7b45bb94 ( 253952 bytes)
File : explorer.exe
Path : %windir%\system32

Md5Hash :b766003f431cad186bd115f5761592d1 ( 1790464 bytes)
File : remote.ini
Path : dll

Md5Hash :e8988ee4c2d19175db2dbaf4a8015eb1 ( bytes)
The following Registry Values are added to the provided Registry Keys :-
Note:
Delete the added Values from the Key to remove Infection
|__ Value Added :
rvc6player = "%windir%\system32\tskdbg.exe"
|__ Value Added :
boleta = "%windir%\system32\repcale.exe %windir%\system32\palsp.exe"
|__ Value Added :
feelalright = "%windir%\system32\himansz\mirc.exe"
|__ Value Added :
GNP Generic Host Process = "%windir%\system\svchost.exe"
|__ Value Added :
GNP Generic Host Process = "%windir%\system\svchost.exe"
|__ Value Added :
IExplorer = "%WINDIR%\system32\explorer.exe"
|__ Value Added :
kiss = "%programfiles%\sdada\special.exe"
|__ Value Added :
msennger = "%windir%\system32\552\kasber22.exe"
|__ Value Added :
myth = "%programfiles%\s3\ms13.exe"
|__ Value Added :
nerochick = "%windir%\dan\user\winstartup.exe"
|__ Value Added :
Real0ne = "%SYSTEMDRIVE%\temp\gsf4\boys.exe"
|__ Value Added :
routeri66 = "%windir%\fonts\runner.exe"
|__ Value Added :
rvc6player = "%windir%\system32\tskdbg.exe"
|__ Value Added :
spoolsv = ""%windir%\temp\spoolsv\spoolsv.exe""
|__ Value Added :
taskmgr = "%SYSTEMDRIVE%\WINNT\system32\explorer.exe"
|__ Value Added :
winreg = "%windir%\system32\drivers\etc\svchost.exe"
|__ Value Added :
AppDirectory = "%SYSTEMDRIVE%\recycler\s-1-5-21-606747145-1085031214-725345543-500"
|__ Value Added :
Application = "%SYSTEMDRIVE%\recycler\s-1-5-21-606747145-1085031214-725345543-500\csrss.exe"
Creates the following child process(s) on execution:

%windir%\temp\spoolsv\run.bat /silent /s /s /qn /sp- /passive -s -s

%windir%\regedit.exe regedit /s %windir%\temp\spoolsv\a.reg

%windir%\temp\spoolsv\spoolsv.exe

%windir%\system32\rundll32.exe rundll32.exe %windir%\system32\shimgvw.dll,imageview_fullscreen %windir%\temp\spoolsv\xmas.jpg

%windir%\system32\attrib.exe attrib +h +s %windir%\temp\spoolsv

Copies the Following Files to Given Location :-

Copies :%windir%\temp\spoolsv\tmp1.$$$

To : %windir%\temp\spoolsv\control.ini

Copies :%windir%\temp\spoolsv\tmp2.$$$

To : %windir%\temp\spoolsv\control.ini

Copies :%windir%\temp\spoolsv\tmp3.$$$

To : %windir%\temp\spoolsv\control.ini

Copies :%windir%\temp\spoolsv\tmp4.$$$

To : %windir%\temp\spoolsv\control.ini

Copies :%windir%\temp\spoolsv\tmp5.$$$

To : %windir%\temp\spoolsv\remote.ini

Copies :%windir%\temp\spoolsv\tmp6.$$$

To : %windir%\temp\spoolsv\remote.ini

NOTE:

1. %programfiles% Refers to the program files folder. By default it is 'C:\Program Files'
3. %workingdir% Refers to the current directory in which user is working.
4. %systemdrive% Refers to the windows System drive folder. By default it is 'C:\'
5. %temp% Refers to the windows temp folder. By default it is 'C:\Documents and Settings\[user]\Local Settings\Temp'
6. %windir% Refers to the windows root folder. By default it is 'C:\Windows'

Important: We strongly recommend that you backup the Registry before making any changes to it. Incorrect changes to the Registry can result in permanent data loss or corrupted Files. Modify the malicious\suspicious Subkeys only.

Click Here for more spywarelib.com recommended PC Security and Optimization Tools

To modify registry entries in Windows Operating System:
Follow Steps:
1. Click Start > Run
2. Type “regedit” : to open registry editor
3. Navigate to required registry Key from the Left Tree control and modify accordingly.


Microsoft Gold Certified Partner

© Systweak Inc., 1999-2011 All rights reserved.