Systweak Spyware Library
Systweak Spyware Library text
More than 21875 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
Trojan-Backdoor.assasin.20 Analysis Report
Threat Submitted On: 9/25/2008 5:44:42 AM
Threat Analysed On: 9/25/2008 10:44:42 AM
Threat Updated On: 1/28/2011 5:49:04 AM
Type : Trojan-Backdoor
Symptoms of assasin.20
  • Performs malicious activities.
  • Fetches the user’s sensitive information.
  • Enables the attacker to control the system remotely.
Information
Alias : backdoor.win32.assasin.20.an
Md5 Hash : [ce749c5c3b39599dc70596fcc4e62080]
File Size : [Not Available]

Technical Details

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System
Note:
Delete the following Files to remove Infection
File: mary had a little lamb.bst
Path : %homepath%\desktop\assasinv20\assasin 2.0 final\beep scripts

Md5Hash :7f5c5d8ffa67d697460e5c35dc93f501 ( 513 bytes)
File: the wheels on the bus go round and round.bst
Path : %homepath%\desktop\assasinv20\assasin 2.0 final\beep scripts

Md5Hash :861aa0e55b8448467648f5a861d74c1d ( 553 bytes)
File: twinkle little star.bst
Path : %homepath%\desktop\assasinv20\assasin 2.0 final\beep scripts

Md5Hash :c22aba4b901eee22682279218a1169ab ( 259 bytes)
File: client.exe
Path : %homepath%\desktop\assasinv20\assasin 2.0 final

Md5Hash :071c0dd37935382414b3adf2ff3390aa ( 640000 bytes)
File: 00.dll
Path : %homepath%\desktop\assasinv20\assasin 2.0 final\dll

Md5Hash :7d977bb499533b0153f71a745fc9d609 ( 112128 bytes)
File: 01.dll
Path : %homepath%\desktop\assasinv20\assasin 2.0 final\dll

Md5Hash :4863288993edf0123647357a53b5c8f1 ( 215552 bytes)
File: 02.dll
Path : %homepath%\desktop\assasinv20\assasin 2.0 final\dll

Md5Hash :6d31edf51da77443ff4001a7b1a29442 ( 180224 bytes)
File: 03.dll
Path : %homepath%\desktop\assasinv20\assasin 2.0 final\dll

Md5Hash :c3c8731a7c2d2cd25909d914824de00d ( 84480 bytes)
File: german tutorial.chm
Path : %homepath%\desktop\assasinv20\assasin 2.0 final\help

Md5Hash :51423bbc168bafc5941ac99567dcf62c ( 2394809 bytes)
File: untitled-2.psd
Path : %homepath%\desktop\assasinv20\assasin 2.0 final\help\images

Md5Hash :e063efb23ef56fd97745e0d4ab4616b5 ( 55509 bytes)
File: ports.dat
Path : %homepath%\desktop\assasinv20\assasin 2.0 final\options

Md5Hash :feb54d8189bde291b4bcd9ed6ff44bc7 ( 14 bytes)
File: server.dll
Path : %homepath%\desktop\assasinv20\assasin 2.0 final\setup files

Md5Hash :2327ef47dc5ce548fc3e459be934aa64 ( 60416 bytes)
File: server.exe
Path : %homepath%\desktop\assasinv20\assasin 2.0 final\setup files

Md5Hash :d898a5547b9cd17381edd16d24fb8cb7 ( 58880 bytes)
File: stub.exe
Path : %homepath%\desktop\assasinv20\assasin 2.0 final\setup files

Md5Hash :5863f9db89550a422ef4addff8ab955c ( 43520 bytes)
File: avi.exe
Path : %homepath%\desktop\assasinv20\assasin 2.0 final\tools

Md5Hash :1a0e50ec970e645e8ae9d55dc5ffbf85 ( 788992 bytes)
File: logsim.exe
Path : %homepath%\desktop\assasinv20\assasin 2.0 final\tools

Md5Hash :d380260b132e134cda09dd295716fbb7 ( 289792 bytes)
File: pluginexample.~dpr
Path : %homepath%\desktop\assasinv20\assasin 2.0 final\user dll example

Md5Hash :f19c6bc3726bc076288ee23f36c8eed1 ( 3892 bytes)
File: pluginexample.dll
Path : %homepath%\desktop\assasinv20\assasin 2.0 final\user dll example

Md5Hash :72a776e8e564f7977fdf1ab3a48b7cf7 ( 117248 bytes)
File: pluginexample.dof
Path : %homepath%\desktop\assasinv20\assasin 2.0 final\user dll example

Md5Hash :3cee4e84a1c74e212d7eeb10f5def458 ( 1097 bytes)
File: pluginexample.dpr
Path : %homepath%\desktop\assasinv20\assasin 2.0 final\user dll example

Md5Hash :f19c6bc3726bc076288ee23f36c8eed1 ( 3892 bytes)
File: pluginexample.drc
Path : %homepath%\desktop\assasinv20\assasin 2.0 final\user dll example

Md5Hash :d1d69c7252b4c362a51879c727eba772 ( 9556 bytes)
File: pluginexample.map
Path : %homepath%\desktop\assasinv20\assasin 2.0 final\user dll example

Md5Hash :0cfc3df8aa44ed64f1b8bf6d89f38500 ( 96831 bytes)
File: pluginexample.mes
Path : %homepath%\desktop\assasinv20\assasin 2.0 final\user dll example

Md5Hash :4897ef01daeda18c09dd80acd5e59466 ( 1011 bytes)
File: pluginexample.res
Path : %homepath%\desktop\assasinv20\assasin 2.0 final\user dll example

Md5Hash :c10e6b606994c2342d1c6dc7f1cdca26 ( 876 bytes)
File: hacking library.url
Path : %homepath%\desktop\assasinv20

Md5Hash :5cc07f10655b26b5886b1356de2d364e ( 170 bytes)
File: [RandomName].exe
Path : %workingdir%

Md5Hash :517a76a039358d389b8c4e6b0b76b180 ( 16384 bytes)
File: [RandomName].exe
Path : %workingdir%

Md5Hash :6e73dae5bfc51c1eaf8476fbeb36bb30 ( 58880 bytes)
File: keyhook.dll
Path : %workingdir%

Md5Hash :517a76a039358d389b8c4e6b0b76b180 ( 16384 bytes)
File: pluginexample.dll
Path : %workingdir%

Md5Hash :72a776e8e564f7977fdf1ab3a48b7cf7 ( 117248 bytes)
File: 1.mzp
Path : %windir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
1946223cc2a6f234647d4c9f0f1b1d17 ( bytes)
1e9bcadf14f2664c08a0b82128e77e6b ( bytes)
251a5975e882de70ce068ef281e405fe ( 296 bytes)
27bbf8e6595f10783f3ed78fb7977b0c ( 68818 bytes)
2b1f5142b09802593e472f66aa0794b2 ( 9611 bytes)
2fd4855f2aa1ec1c8a32fa8c5efb0034 ( bytes)
3d06bfecaea2ad315c3bfc4d85d57126 ( bytes)
42675ae0313d3c22e15f08b75002cc1c ( 186686 bytes)
4e320e84403f27bfedada471272ec5b7 ( 241456 bytes)
62cc2400e5e330e7d53f0ae47e588faa ( 60939 bytes)
9f21c95ca83e147aad003fe72c76c884 ( 334 bytes)
dad00cb2004d4c50540bcb11faeb0826 ( bytes)
e6ef7ba93f99f3bbe1d81f783eb11888 ( bytes)
f9f970b0c15cc6d5aa897985a0b0f9e4 ( 349 bytes)
File: 1.mzp
Path : %windir%\deleteme

Md5Hash :9f21c95ca83e147aad003fe72c76c884 ( 334 bytes)
File: deleteme.dat
Path : %windir%\deleteme

Md5Hash :( bytes)
File: deleteme.exe
Path : %windir%\deleteme

Md5Hash :413d323382f3d6d7a7aeaddfa449e7c5 ( 59218 bytes)
File: svchost.exe
Path : %windir%

Md5Hash :8591bdbc83cdb3a05d9034273ff168dc ( 791930 bytes)
File: 1.mzp
Path : %windir%\system32\dlls

Md5Hash :27bbf8e6595f10783f3ed78fb7977b0c ( 68818 bytes)
File: 0.dll
Path : %windir%\system32\dlls\1

Md5Hash :6e73dae5bfc51c1eaf8476fbeb36bb30 ( 58880 bytes)
File: rundll32.exe
Path : %windir%\system32\dlls

Md5Hash :5a2fbcb790381ead4a075039bf2c4ef8 ( 125218 bytes)
File: tuicvde.sys
Path : %windir%\system32\drivers

Md5Hash :fa1b89d5d934ab70b9a5f005c0a06f72 ( 29408 bytes)
File: fxe.dll
Path : %windir%\system32

Md5Hash :b8075938807159ed2bbe18557350be08 ( 49152 bytes)
File: 1.mzp
Path : %windir%\system32\grouppolicy\group

Md5Hash :( bytes)
File: grpsvc.exe
Path : %windir%\system32\grouppolicy\group

Md5Hash :( bytes)
File: l99erx.bat
Path : %windir%\system32

Md5Hash :52a0b2bb33899cd3766b94c56d8204a0 ( bytes)
File: 1.mzp
Path : %windir%\system32\win types

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
42675ae0313d3c22e15f08b75002cc1c ( 186686 bytes)
c083b23caf221fe5b402f45d51efdcf8 ( 775999 bytes)
File: 0.dll
Path : %windir%\system32\win types\1

Md5Hash :13f46090b15583011a6ea3d4527f3657 ( 186368 bytes)
File: win const.exe
Path : %windir%\system32\win types

Md5Hash :ce749c5c3b39599dc70596fcc4e62080 ( 344386 bytes)
File: 1.mzp
Path : %windir%\win types

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
4e320e84403f27bfedada471272ec5b7 ( 241456 bytes)
62cc2400e5e330e7d53f0ae47e588faa ( 60939 bytes)
File: 0.dll
Path : %windir%\win types\1

Md5Hash :2327ef47dc5ce548fc3e459be934aa64 ( 60416 bytes)
File: rundll32.exe
Path : %windir%\win types

Md5Hash :cb7d40ded5b771e19e3c8cb1ea484805 ( 223759 bytes)
File: win const.exe
Path : %windir%\win types

Md5Hash :f16472c682fb369a3263de0a98d207ab ( 284980 bytes)
File: 1.mzp
Path : %windir%\win

Md5Hash :( bytes)
File: svchost.dat
Path : %windir%\win

Md5Hash :f0e5d2dd55de6051f60ef81396fdc11d ( bytes)
File: svchost.exe
Path : %windir%\win

Md5Hash :04a80a8bd6066d41c892618bb589a7f4 ( 68449 bytes)
File: svchost0.idx
Path : %windir%\win

Md5Hash :( bytes)
File: svchost1.dat
Path : %windir%\win

Md5Hash :( bytes)
File: svchost1.idx
Path : %windir%\win

Md5Hash :( bytes)
File: 1.exe
Path : %windir%\wins

Md5Hash :c7094b9cbe2941ee313913c3e484a76f ( bytes)
File: 1.mzp
Path : %windir%\wins

Md5Hash :71599b306252237b74478bf2c93bcf10 ( 381810 bytes)
File: svchost.dat
Path : %windir%\wins

Md5Hash :58ff5655ff1a39d00857153e57fe8dcd ( bytes)
File: svchost.exe
Path : %windir%\wins

Md5Hash :8591bdbc83cdb3a05d9034273ff168dc ( 791930 bytes)
File: svchost5.dll
Path : %windir%\wins

Md5Hash :e5942b9485191aac8982a06705320b1c ( 343552 bytes)
File: [randomname].exe
Path : %workingdir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
04a80a8bd6066d41c892618bb589a7f4 ( bytes)
071c0dd37935382414b3adf2ff3390aa ( 640000 bytes)
077d6f111709b46ff22537d9028ee046 ( 58882 bytes)
0b0d22b7ce73bbbb31fd92244f4958f1 ( 212135 bytes)
0e073811915b1521d92841b6546a1079 ( 677376 bytes)
0f3e0629c46df292ebc5433018290e45 ( 9216 bytes)
13c4609d558115f0484917dce70e7672 ( 139266 bytes)
1a0e50ec970e645e8ae9d55dc5ffbf85 ( 788992 bytes)
1d60768dd1b4c09b6150349d68fd47fd ( 137220 bytes)
1efafa1e75f1f1c0a9f8aa8e11fd7946 ( 125220 bytes)
1fdcafe2fbab275016b87a1d6ccdc348 ( 66959 bytes)
2327ef47dc5ce548fc3e459be934aa64 ( 60416 bytes)
242ccee54ceaea692ee19716740a53b4 ( 5525459 bytes)
27f8ec69b143fee2484cd2fc3732babf ( 9216 bytes)
29f86f3a791cb01f453becc4ffcc6e0b ( 60421 bytes)
3505e5fb018f7c37e38e18ade645d082 ( 66961 bytes)
3b91d8017e1e92eb32dd9dc857f17f74 ( 800071 bytes)
3ceeec969c286469dfafc57f8fe578a2 ( 5525454 bytes)
413d323382f3d6d7a7aeaddfa449e7c5 ( 59218 bytes)
48476c845d9af333374a1d0ab09972d1 ( 60416 bytes)
4c6e4a92a13664a6ca9e00f29b671eca ( 501248 bytes)
5863f9db89550a422ef4addff8ab955c ( 43520 bytes)
5a2fbcb790381ead4a075039bf2c4ef8 ( 125218 bytes)
5d614d9765ea814293ad04a5003b75f4 ( 5525459 bytes)
616921f1eb1aab39a33482932f041886 ( 60418 bytes)
6422ca8694fa59168c66f0aee6112601 ( 223761 bytes)
72a776e8e564f7977fdf1ab3a48b7cf7 ( 117248 bytes)
73414507286a3f6c5a35e41b869340a8 ( 104385 bytes)
7a03ce223ab53cb11eca2c6e55a0f133 ( 117250 bytes)
7c6a38883eb82dd1cc2adeaec51526b3 ( 16384 bytes)
94408cce472d55156421b99a7da93c6d ( 125271 bytes)
94a24a0a9eea9cf82d3cda1adea73d10 ( 139264 bytes)
9ec78be21265bc3b3695c5d712e3e9e5 ( 2493440 bytes)
a0e69547348ca9221314a1aa7229cc73 ( 133120 bytes)
af07a38510f51730200233cbbd54a636 ( 60204 bytes)
b41bcbe7de4874cce05db929d1fab27a ( 47893 bytes)
b6010718c7ccfbfc007f6aa269c9f091 ( 85218 bytes)
b63ea6f18f6d41aa29999ff716f8edd5 ( 2531328 bytes)
b86efe0ba99c3d9b73fde244dd27e966 ( 50688 bytes)
b88f4499d44db797b6e68943080ab554 ( 16384 bytes)
b88fc163a74840c364a94bafc07da18c ( 43522 bytes)
b91ed312ebe4e62ae2599ced704e5361 ( 657111 bytes)
c1ab45642c4aa96558d1178076136c09 ( 121344 bytes)
c67dbc66a66d26a47c47b3e31ff4097d ( 135168 bytes)
cb7d40ded5b771e19e3c8cb1ea484805 ( bytes)
cdcf2ef7a8afb1ba92df19a2f2bfa721 ( 5525456 bytes)
ce749c5c3b39599dc70596fcc4e62080 ( bytes)
d380260b132e134cda09dd295716fbb7 ( 289792 bytes)
d5142f4a03f58d2c4e4f4fe9e77aeb46 ( 2493442 bytes)
d614a2b080abb41a9fe6c29fe3cd0aac ( 501250 bytes)
d898a5547b9cd17381edd16d24fb8cb7 ( 58880 bytes)
de0a3580b902259058fc5a73e71bf382 ( 60420 bytes)
e545ec3ad30cb06afb5756827351bc63 ( 5525456 bytes)
e8d1c02b2c76dadcbe26a1cc8d2ddd55 ( 738917 bytes)
e9e1fae124aa484c04aa68039e86d2b6 ( 75603 bytes)
f85cf27664079fc2f378133f96f633c8 ( 135170 bytes)
fe3280bef0237bd03b40ba28799d350d ( 791380 bytes)
fed534c6d1a552dfb02594c5b850b28d ( 145776 bytes)
ff60dc8ee81b2349d1784d7fe75fca9e ( 5525469 bytes)
Also creates the following files on user's System which are also created by Genuine Software :-
Note:
These file(s) can be kept as they are also created by genuine Software.
File : server.dll
Path : %workingdir%

Md5Hash :2327ef47dc5ce548fc3e459be934aa64 ( 60416 bytes)
File : .dat
Path : %windir%

Md5Hash :( bytes)
File : .dat
Path : %windir%\

Md5Hash :( bytes)
File : 1.mzp
Path : %windir%\

Md5Hash :( bytes)
File : 1.mzp
Path : %windir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
( bytes)
735a0716584187691b3d890d12a45d1d ( 653921 bytes)
File : pcgwin32.li4
Path : %windir%

Md5Hash :26df03ea30a509122c7e744284bc28d1 ( 528 bytes)
File : [randomname].exe
Path : %workingdir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
003116cc99025b42441000eefa8398df ( 60928 bytes)
071c0dd37935382414b3adf2ff3390aa ( 640000 bytes)
0e073811915b1521d92841b6546a1079 ( 677376 bytes)
1a7c42c922ce41218081cfeb4ec21dc5 ( 53760 bytes)
2dbbfdece463177a985674b80a5356bf ( 62464 bytes)
5863f9db89550a422ef4addff8ab955c ( 43520 bytes)
d898a5547b9cd17381edd16d24fb8cb7 ( 58880 bytes)
The following Registry Values are added to the provided Registry Keys :-
Note:
Delete the added Values from the Key to remove Infection
|__ Value Added :
deleteme = "%windir%\deleteme\deleteme.exe"
|__ Value Added :
tcpsvc = "%windir%\win\svchost.exe"
Creates the following child process(s) on execution:

%windir%\system32\win types\win const.exe %workingdir%\[random name].exe

%programfiles%\internet explorer\iexplore.exe

services.exe

Creates the Following MUTEX(s) on user's System:-
global\mchswdi$5d8mutex
global\mchswdi$6acmutex
shell.cmrupidllist
msratingmutex
raspbfile
ctf.lbes.mutexdefaults-1-5-21-3844214322-2610908656-3284161240-1010
ctf.compart.mutexdefaults-1-5-21-3844214322-2610908656-3284161240-1010
ctf.asm.mutexdefaults-1-5-21-3844214322-2610908656-3284161240-1010
ctf.layouts.mutexdefaults-1-5-21-3844214322-2610908656-3284161240-1010
ctf.tmd.mutexdefaults-1-5-21-3844214322-2610908656-3284161240-1010
msimgsizecachemutex
ddrawwindowlistmutex
ddrawdriverobjectlistmutex
__ddrawexclmode__
__ddrawcheckexclmode__
Tries To Connect to The Following Urls:-
Http_Version :http/1.1
65.55.12.249/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Http_Version :http/1.1
211.206.123.219/
Http_Version :http/1.1
65.55.15.243/adsadclient31.dll?getsad=&dpjs=4&pg=msnrec&ap=1402
Http_Version :http/1.1
65.54.152.126/
Http_Version :http/1.1
4.23.58.124/br/hp/11/en-us/js/tr_6.js
Http_Version :http/1.1
4.23.58.124/br/hp/11/en-us/js/hp_8.js
Http_Version :http/1.1
4.23.58.124/br/hp/11/en-us/js/ieminwidth_2.js
Http_Version :http/1.1
4.23.58.124/br/hp/11/en-us/css/ie_5.css
Http_Version :http/1.1
4.23.58.124/br/hp/11/en-us/css/ie6_5.css
Http_Version :http/1.1
4.23.58.124/br/hp/11/en-us/css/i/bg_blue_2.gif
Http_Version :http/1.1
4.23.58.124/br/hp/11/en-us/css/ovr_11.css
Http_Version :http/1.1
4.23.58.124/br/gbl/css/6/decoration/pipe.gif
Http_Version :http/1.1
65.55.149.121/c.gif?di=340&pi=7317&ps=95101&tp=http://www.msn.com/default.aspxw&rf=
Http_Version :http/1.1
65.55.149.121/c.gif?di=340&pi=7317&ps=95101&tp=http://www.msn.com/default.aspxw&rf=&muid=3c637b4f85744e768864d050d14dd617
Http_Version :http/1.1
4.23.58.124/br/hp/11/en-us/css/w/31.png
Http_Version :http/1.1
4.23.58.124/br/hp/11/en-us/css/i/t.gif
Http_Version :http/1.1
4.23.58.124/i/b6/32e46de281a68b9c33fc582d2569d.gif
Http_Version :http/1.1
4.23.58.124/i/ad/dc843f8852e5bda66aec5b203a46.swf
Http_Version :http/1.1
4.23.58.124/i/48/86f1396496dfe1bad68ab5f28409.gif
Http_Version :http/1.1
4.23.58.124/i/48/6cde404b4bfec334d023e5422081e0.gif
Http_Version :http/1.1
4.23.58.124/i/78/7ce57843948d6df13e79a2de4e15c.gif
Http_Version :http/1.1
4.23.58.124/i/78/7d16834754946363dd6763268f8f.jpg
Http_Version :http/1.1
4.23.58.124/i/c3/cf93be7fe1689e124939d88328087.jpg
Http_Version :http/1.1
4.23.58.124/i/81/2f2274287ccd77d3b18664a32436a.jpg
Http_Version :http/1.1
4.23.58.124/i/7d/a539719dc78e2ffff9b9ce44a3a88.gif
Http_Version :http/1.1
4.23.58.124/i/65/9a7c2df39240a86918d6da76d8fd9.jpg
Http_Version :http/1.1
4.23.58.124/i/8f/d2ada6f894973cab2232f5dbcc8.jpg
Http_Version :http/1.1
65.55.15.243/adsadclient31.dll?getsad=&dpjs=4&pg=msn9ut&ap=1399
Http_Version :http/1.1
65.55.15.243/adsadclient31.dll?getsad=&dpjs=4&pg=msnsur&ap=1140
Http_Version :http/1.1
4.23.58.124/br/hp/11/en-us/css/i/glow_b.gif
Http_Version :http/1.1
4.23.58.124/br/gbl/css/6/decoration/02/pipe.gif
Http_Version :http/1.1
65.55.239.164/c.gif?di=340&pi=7317&ps=95101&tp=http://www.msn.com/default.aspxw&rf=&redc=c.msn.com&mxfr=3c637b4f85744e768864d050d14dd617
Http_Version :http/1.1
4.23.58.124/br/hp/11/en-us/css/i/msn_b2.gif
Http_Version :http/1.1
4.23.58.124/br/hp/11/en-us/css/i/t.gif?http://tk2.stb.s-msn.com/i/65/9a7c2df39240a86918d6da76d8fd9.jpg
Http_Version :http/1.1
4.23.58.124/br/hp/11/en-us/css/i/blu_search_header.gif
Http_Version :http/1.1
4.23.58.124/i/b4/95f449a09da558ac8b717e74bc5ba2.jpg
Http_Version :http/1.1
4.23.58.124/i/b5/37cbad1a43ada38194792eb59b3f7.jpg
Http_Version :http/1.1
4.23.58.124/i/4c/5956258b20d74814bc3cc85780fe39.jpg
Http_Version :http/1.1
4.23.58.124/i/46/f0e8e3452e93d7aedbaeb34be54d2d.jpg
Http_Version :http/1.1
4.23.58.124/i/e8/466e2d4fa58880995f7dee9fcc902a.jpg
Http_Version :http/1.1
4.23.58.124/i/10/32d1f1a8317149b080c83f1d741b1.jpg
Http_Version :http/1.1
4.23.58.124/i/ef/5d3e925c4ea61f6d6ae68da7a922.jpg
Http_Version :http/1.1
4.23.58.124/br/hp/11/en-us/css/i/t.gif?http://tk2.stb.s-msn.com/i/8f/d2ada6f894973cab2232f5dbcc8.jpg
Http_Version :http/1.1
4.23.58.124/br/hp/11/en-us/css/i/osb.gif
Http_Version :http/1.1
65.55.15.243/adsadclient31.dll?getsad=&dpjs=4&pg=msnmmt&ap=1402
Http_Version :http/1.1
4.23.58.124/br/hp/11/en-us/css/i/bullet.gif
Http_Version :http/1.1
4.23.58.124/br/hp/11/en-us/css/i/new.gif
Http_Version :http/1.1
4.23.58.124/br/hp/11/en-us/css/i/alarrow.gif
Http_Version :http/1.1
65.55.15.243/adsadclient31.dll?getsad=&dpjs=4&pg=msnvdc&ap=1071
Http_Version :http/1.1
4.23.58.124/br/hp/11/en-us/css/i/buttons.gif
Http_Version :http/1.1
125.23.216.202/cs/80280/tags/msnhprb.js
Http_Version :http/1.1
192.221.114.126/ads/1/0000000001_000000000000000643135.jpg
Http_Version :http/1.1
8.12.213.124/ads/1/0000000001_000000000000000017246.gif
Http_Version :http/1.1
4.23.58.124/br/hp/11/en-us/css/i/video.gif
Http_Version :http/1.1
4.23.58.124/br/hp/11/en-us/css/i/wplay.gif
Http_Version :http/1.1
4.23.58.124/br/hp/11/en-us/css/i/wgem.gif
Http_Version :http/1.1
4.23.58.124/br/hp/11/en-us/css/i/arr.gif
Http_Version :http/1.1
4.23.58.124/br/hp/11/en-us/css/i/flyoutcdown.gif
Http_Version :http/1.1
74.125.242.89/ad/n3340.autos.msn.com/b2743455.7;sz=1x1;kw=k2030_flash;ord=1226967240?
Http_Version :http/1.1
125.252.226.32/viewad/1361549/119-dl_1x1_tracking_pixel.gif
Http_Version :http/1.1
4.23.58.124/br/hp/11/en-us/css/i/hm.gif
Http_Version :http/1.1
4.23.58.124/br/gbl/css/6/decoration/msft.gif
Tries To Connect's to the following IP Address(s) through UDP(User DataGram Protocal) :-

127.0.0.1

Copies the Following Files to Given Location :-

Copies :%windir%\1.mzp

To : %windir%\system32\win types\1.mzp

Copies :%workingdir%\[random name].exe

To : %windir%\system32\win types\win const.exe

NOTE:

1. %homepath% Refers to the windows current user's profile folder. By default it is 'C:\Documents and Settings\[user]'
3. %workingdir% Refers to the current directory in which user is working.
4. %windir% Refers to the windows root folder. By default it is 'C:\Windows'

Important: We strongly recommend that you backup the Registry before making any changes to it. Incorrect changes to the Registry can result in permanent data loss or corrupted Files. Modify the malicious\suspicious Subkeys only.

Click Here for more spywarelib.com recommended PC Security and Optimization Tools

To modify registry entries in Windows Operating System:
Follow Steps:
1. Click Start > Run
2. Type “regedit” : to open registry editor
3. Navigate to required registry Key from the Left Tree control and modify accordingly.


Microsoft Gold Certified Partner

© Systweak Inc., 1999-2011 All rights reserved.