Systweak Spyware Library
Systweak Spyware Library text
More than 21875 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
Adware.AllSum Analysis Report
Threat Submitted On: 8/22/2007 7:21:52 AM
Threat Analysed On: 8/22/2007 12:21:52 PM
Threat Updated On: 1/27/2011 2:10:33 PM
Type : Adware
Symptoms of AllSum
  • Displays porn/abusive content or intrusive third-party advertisements.
  • Shows deceptive or false warning.
  • Generates advertisement even when the program is not running
  • Synchronously installs other bundled program.
  • The program can places unwanted adverts on computer screen.
Information
Alias : Adware.AllSum.c
Md5 Hash : [3bec6dcf0b28f27474fac9e71cab013a]
File Size : (2290164 bytes)

Technical Details

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System
Note:
Delete the following Files to remove Infection
File: 3618óê¼þíæ¹ã´óê¦.lnk
Path : %homepath%\desktop

Md5Hash :b602f970c27333f0c0875bbe0df5bebd ( 1659 bytes)
File: encrypt.dll
Path : %programfiles%\3618óê¼þíæ¹ã´óê¦

Md5Hash :d4b6c5ff181444da6d907f7f7eac7594 ( 524288 bytes)
File: mailprocess.exe
Path : %programfiles%\3618óê¼þíæ¹ã´óê¦

Md5Hash :1bea16e14d1a1f9e6e8dc44b9b182e03 ( 2024960 bytes)
File: reg.bat
Path : %programfiles%\3618óê¼þíæ¹ã´óê¦

Md5Hash :732761aac3512d70d720d7e1dd987dfc ( 47 bytes)
File: unwise.exe
Path : %programfiles%\3618óê¼þíæ¹ã´óê¦

Md5Hash :0b4c220be3b2bfd235fb9ea624488e1b ( 153088 bytes)
File: wis97.exe
Path : %programfiles%\3618óê¼þíæ¹ã´óê¦

Md5Hash :5ddcf4af53578c80a9a70b5e00b2eadb ( 269144 bytes)
File: xilie3618_cns_yassist.exe
Path : %programfiles%\3618óê¼þíæ¹ã´óê¦

Md5Hash :ed5140fc5d9c15605a3820dc1b5f03d5 ( 365674 bytes)
File: yalive.dll
Path : %programfiles%\yahoo!\assistant\assist

Md5Hash :9e615ffbda717668a50aa3b8e5f523e9 ( 266240 bytes)
File: [RandomName].exe
Path : %workingdir%

Md5Hash :14b76f3f7509ce55ad035b674fca6d65 ( 110592 bytes)
File: 56e23bef.exe
Path : %workingdir%

Md5Hash :ca0e9f2948604660bd94d012d65d24a8 ( 45056 bytes)
File: [RandomName].exe
Path : %workingdir%

Md5Hash :ca0e9f2948604660bd94d012d65d24a8 ( 45056 bytes)
File: [RandomName].exe
Path : %workingdir%

Md5Hash :ce7b6e0fed62052f6690bc8ae620081f ( 249856 bytes)
File: [RandomName].exe
Path : %workingdir%

Md5Hash :f62af29d85d218916eb1d5cb80fcfb2f ( 94208 bytes)
File: zcomsetup.exe
Path : %systemdrive%\progra~1\3618~1

Md5Hash :985a30e96499f449113ca32d312c2402 ( 77824 bytes)
File: alrex.dll
Path : %systemdrive%\progra~1\3721\3721

Md5Hash :2b198b8d77cf50d12bc03035567bf455 ( bytes)
File: cfved.dll
Path : %systemdrive%\progra~1\3721\3721

Md5Hash :6d9207fc5ddec308213a04b080d6531b ( bytes)
File: notifier.dll
Path : %systemdrive%\progra~1\3721\3721

Md5Hash :6e8a0135c5805dcfd093633707612639 ( bytes)
File: alrex.dll
Path : %systemdrive%\progra~1\3721

Md5Hash :2b198b8d77cf50d12bc03035567bf455 ( 32072 bytes)
File: autolive.dll
Path : %systemdrive%\progra~1\3721

Md5Hash :7c16cb7de74b1e79dab886fd1da87ead ( 150856 bytes)
File: cnsm.dll
Path : %systemdrive%\progra~1\3721

Md5Hash :766fdc42ddae7ee56d80bca146897fe6 ( 36864 bytes)
File: i3721res.dat
Path : %systemdrive%\progra~1\3721

Md5Hash :39ba15a0822e4365cf517421066dfe68 ( bytes)
File: coolbar.cab
Path : %systemdrive%\progra~1\yahoo!\assist~1\assist

Md5Hash :8b3c4a65bc6ba66a1a7357b59f0bf4e6 ( bytes)
File: yasbar.dll
Path : %systemdrive%\progra~1\yahoo!\assist~1\assist

Md5Hash :873c42e3fa71814efd06135c2376b934 ( 233472 bytes)
File: ires.dat
Path : %systemdrive%\progra~1\yahoo!\assist~1

Md5Hash :2a70171d5d89e75e27561ff38a36c2a6 ( bytes)
File: yasbar.dll
Path : %systemdrive%\progra~1\yahoo!\assist~1\update\assist

Md5Hash :873c42e3fa71814efd06135c2376b934 ( bytes)
File: yhelper.dll
Path : %systemdrive%\progra~1\yahoo!\assist~1\update

Md5Hash :c51c51b47ba529f4a9ede19d020d2011 ( bytes)
File: ylive.exe
Path : %systemdrive%\progra~1\yahoo!\assist~1\update

Md5Hash :857fd61e6b92e2d07d95f08924c2260d ( bytes)
File: yalive.dll
Path : %systemdrive%\progra~1\yahoo!\assist~1

Md5Hash :9e615ffbda717668a50aa3b8e5f523e9 ( 266240 bytes)
File: yhelper.dll
Path : %systemdrive%\progra~1\yahoo!\assist~1

Md5Hash :c51c51b47ba529f4a9ede19d020d2011 ( 32768 bytes)
File: ylive.exe
Path : %systemdrive%\progra~1\yahoo!\assist~1

Md5Hash :857fd61e6b92e2d07d95f08924c2260d ( 20480 bytes)
File: 01.png
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :1b447887fb43c2a6ec05b04d6e3a4d67 ( 4312 bytes)
File: 02.png
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :adf59c9ef6239225286be32b0ea4541d ( 4246 bytes)
File: 03.png
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :5b68b3ac6feab413bbae1d7be6d1d3c6 ( 4288 bytes)
File: 04.png
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :11434a973ae8c198b5b4c006cbd8b98a ( 1485 bytes)
File: 05.png
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :98ba93d625c380c70a0af5be7d2f479a ( 1414 bytes)
File: angel.gif
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :bc97734100173d1f7751b5741f186f07 ( 13384 bytes)
File: css1.css
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :958c1135b5281df85305a669ac008a43 ( 1526 bytes)
File: freebelt.htm
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :37642400f2129684e49e906fbefbfd6c ( 5501 bytes)
File: happy.htm
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :898985f509ee58869e0df9e1fc8e09d9 ( 308 bytes)
File: head.htm
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :3893b24d155785f90dd061fe4ca6d6f0 ( 4055 bytes)
File: hotsite.htm
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :c9b86e103f581f0db061e7723c21a476 ( 18141 bytes)
File: icon.ico
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :f6d8c2769bbcf5427afccb8b3afa77cc ( 9062 bytes)
File: index.htm
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :8cbfba9a01c00f2e8e3a535463cd94b5 ( 611 bytes)
File: index1.htm
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :ae40a1413ef1fd23e66bbf340d10dbeb ( 609 bytes)
File: index2.htm
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :218d74c30c4de8b1b67b14d3c733f136 ( 611 bytes)
File: index3.htm
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :60dd68972a8f97633a659b0fae4bcbb3 ( 609 bytes)
File: index4.htm
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :b2c918c35c2f4a0d705ae49f77c9b53a ( 612 bytes)
File: index5.htm
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :46d0e1eb3a37e1767c2cf53f8c0e6928 ( 608 bytes)
File: index6.htm
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :e536877bb81b35cf9b3d381cefcd9887 ( 609 bytes)
File: loading.htm
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :9a4b1ed17cecebfc6f478b2e9ec9111a ( 601 bytes)
File: loading1.htm
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :f881f0a969e236adfc52602cf44da107 ( 602 bytes)
File: login.htm
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :a57536360ad51cb3b7214dd40a4e9cf5 ( 12023 bytes)
File: mov01.gif
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :7da124984567fd77a94406ed261f7972 ( 5178 bytes)
File: mov03.gif
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :2a694872711241561fd93a3fda3f31d7 ( 3906 bytes)
File: mov06.gif
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :01839af03b52e947ea86167216ba5f54 ( 58 bytes)
File: mov11.gif
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :0e368d0c4b8f01ea05674cc5c6621cab ( 5611 bytes)
File: navbg.jpg
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :876608d41302f7117efcbe24456ee353 ( 381 bytes)
File: news.htm
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :9c85dbd3de32e3b23decdde59ba34eb1 ( 113 bytes)
File: pass.xml
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :7ef6067d0e1f851ad36a64545da67700 ( 16964 bytes)
File: playbg.jpg
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :b8ae59db1c5daa9bea5a7952a25f84a7 ( 2826 bytes)
File: pro_s_554.jpg
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :20fc6beca2324d2e0609c6578272bab4 ( 3808 bytes)
File: pro_s_796050914_tv.jpg
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :73f88ce497c9010eacc7723e5d4a9c4d ( 3794 bytes)
File: swfplay.htm
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :bd4ea89b167e94a8bf2cff24e2b9ca08 ( 485 bytes)
File: ta1.jpg
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :eef133f163df908503430acd48687525 ( 1244 bytes)
File: ta2.jpg
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :4b936c6fbeccc7c7554eb97e11b61beb ( 1187 bytes)
File: titlebg.jpg
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :07b3c5df1a60a1645ec3e624bbaae6e9 ( 318 bytes)
File: tools.htm
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :72df3789d9937a94001b47e4239288c7 ( 14702 bytes)
File: top_bg4.jpg
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :c1a3f2159580a1a76cd8da1dd1373b5a ( 4094 bytes)
File: type.dat
Path : %userprofile%\local settings\temporary internet files\lgcdph4l\navang

Md5Hash :ff0e9ac0d17479e139187e1b96e784ed ( 277 bytes)
File: 3618óê¼þíæ¹ã´óê¦.lnk
Path : %userprofile%\start menu\programs\3618óê¼þíæ¹ã´óê¦

Md5Hash :5de5004d3da242ac599ad212ec96db83 ( 1594 bytes)
File: cnsmin.dll
Path : %windir%\downloaded program files

Md5Hash :6d07a29de56b78f2b79a9d1b0b533751 ( 253952 bytes)
File: ntynm1.emm
Path : %windir%\system32\1024\tzt

Md5Hash :52639a4e7701e05fa695f658d497590c ( 184320 bytes)
File: xnqesn.emm
Path : %windir%\system32\1116\tzt

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
20e6b0e65c694d3765b2c8dedb9d0c6f ( 172032 bytes)
576f8b3e4e4b661c354f1258fff5e1cd ( 180224 bytes)
File: 446ce91e.c5b
Path : %windir%\system32

Md5Hash :24f2261ac841b43c6bc6a8ad2b60becb ( 12 bytes)
File: 7cbb5642.c3c
Path : %windir%\system32

Md5Hash :3ac6c373e14270d4f8c5c295bdac74b2 ( 12 bytes)
File: fin.vxd
Path : %windir%\system32\dhpc

Md5Hash :a3b15b9b50bc24e12407bfb49ac87de0 ( 114 bytes)
File: net1.dll
Path : %windir%\system32\dhpc\plugins

Md5Hash :aa2be93432d9bc64c5e574cb6a142292 ( 94208 bytes)
File: net2.dll
Path : %windir%\system32\dhpc\plugins

Md5Hash :718983984527bbb63fc8a01651b9e6c1 ( 86016 bytes)
File: net3.dll
Path : %windir%\system32\dhpc\plugins

Md5Hash :da074da51e37acb563310bbbceba5b61 ( 110592 bytes)
File: net4.dll
Path : %windir%\system32\dhpc\plugins

Md5Hash :3d2ae0fa9b19f70bee3b2726e722d124 ( 118784 bytes)
File: wins.dll
Path : %windir%\system32\dhpc

Md5Hash :e1570ffde856437a9523d34834d9c9dc ( 253952 bytes)
File: mgrjjg.sys
Path : %windir%\system32\drivers

Md5Hash :43948fdb7cb5ac07ed8436e71836ec56 ( 41984 bytes)
File: qdqikc.sys
Path : %windir%\system32\drivers

Md5Hash :30eb9fd071d37a8edd768117432aef5c ( bytes)
File: guid.vxd
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
05fa21e535e8b064e2717dcc0638d190 ( 119 bytes)
11d0f19efde3a01cc760ed4121427043 ( 112 bytes)
13aacf5a54d3a8ff1b499397a928cfc2 ( 125 bytes)
47954e26063a03605c387d97bfb17adc ( 125 bytes)
5693e03ee47b7da395aea78f75f697c3 ( 125 bytes)
56ef67a2339281ae0124ba91f31e170c ( 125 bytes)
588c29f636d0f2c28e5e3da6b9782504 ( 125 bytes)
5901488243baaaf016af46ca5ac05be1 ( 125 bytes)
5d19f76c4cced4114366bcef6587ba96 ( 125 bytes)
7230fea0511c5d2603dda7935a201a18 ( 125 bytes)
7c12695fa07957fdd131c67f152579e7 ( 112 bytes)
9ce90f9e28b315ae589ba67bc6ffcadd ( 125 bytes)
9f87b891c5ecfc95c596d9523320f98e ( 125 bytes)
baa1db59ab719eb98315ae6508b45af6 ( 119 bytes)
d59257d8bcff689cbe5cd9bc0760988a ( 125 bytes)
e964eba6355622e166994f4ec7826a3c ( 119 bytes)
File: guidctrl.exe
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
6bead7d8878dfeff35669e3cd5424ab7 ( bytes)
d3025a778fcbfce2a6b02947327e6a5a ( bytes)
File: ibmuuid_.dll
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
0df856e9aceeeae1e8ca23d18c574fa2 ( 36 bytes)
abe9a762d6f10d1e42ee9b1f0ff0412c ( 36 bytes)
File: ibmvdr_.dll
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
5db80ab2d38cfc7ef592124db81a74e6 ( 6 bytes)
cca121d6eb923f1d9e2e51fe93c27fee ( 7 bytes)
File: navang.cpz
Path : %windir%\system32\mscache

Md5Hash :57962e2674d38010bee1c7db512c304c ( 64574 bytes)
File: cfscfg.7z
Path : %windir%\system32\msibm

Md5Hash :( bytes)
File: intro.htm
Path : %windir%\system32\msibm

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
a1895693d95d815147485b07288cf962 ( 186 bytes)
ea64afbec732d3d294d50aa5718b925f ( 186 bytes)
File: intro.tpl
Path : %windir%\system32\msibm

Md5Hash :e0782089e9f016369e89a4ec36474355 ( 161 bytes)
File: lowlvl.dll
Path : %windir%\system32\msibm

Md5Hash :5ad7b028f0431453d05d5bedcdee3574 ( 45118 bytes)
File: post.htm
Path : %windir%\system32\msibm

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
ac0368d1f0bd90d3747c0c8378f3b034 ( 185 bytes)
d7ef177f2b91e0da1409ca70b738b2c5 ( 185 bytes)
File: post.tpl
Path : %windir%\system32\msibm

Md5Hash :7ba5508ca1abca116183c1dcdbcf31d2 ( 160 bytes)
File: uninstall.exe
Path : %windir%\system32\msibm

Md5Hash :c322679b3292066812aa91948057c57b ( 43470 bytes)
File: as.dll
Path : %windir%\system32\msicn\plugins

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
a8cc52a312a74d8f4e513d5a1a7f2b0b ( 118784 bytes)
b6c8ef3136f9fdb6ff25c8df6f2b70c2 ( 118784 bytes)
File: asmgr.fz
Path : %windir%\system32\msicn\plugins

Md5Hash :7898fadc18164bd00e6e4a61e84dfb0c ( 65536 bytes)
File: bm.dll
Path : %windir%\system32\msicn\plugins

Md5Hash :14b76f3f7509ce55ad035b674fca6d65 ( 110592 bytes)
File: cd.dll
Path : %windir%\system32\msicn\plugins

Md5Hash :473791f2426f2d9e24a88fa6af6ceec5 ( 98304 bytes)
File: lup.dll
Path : %windir%\system32\msicn\plugins

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
258e2d9d354ead7a8a1a9f76826827c4 ( 86016 bytes)
59f00040cdaf8b9c087a94989b18d499 ( 86016 bytes)
File: navangel.dll
Path : %windir%\system32\msicn\plugins

Md5Hash :0c865868825b222e8e9be3ce767a1ddb ( 61440 bytes)
File: ube.exe
Path : %windir%\system32\msicn

Md5Hash :84ffa9630ea6266f098c3ca7aed84e77 ( 60145 bytes)
File: msuuid_.dll
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
b4f90def434f8e7eb0b60645f40e4615 ( 36 bytes)
b8ee360cc0eda9b37bcac9e95618e3c7 ( 36 bytes)
File: msxml1.dll
Path : %windir%\system32

Md5Hash :52639a4e7701e05fa695f658d497590c ( 184320 bytes)
File: spoolsv32.exe
Path : %windir%\system32\spoolsv32

Md5Hash :bff3b26d999100859c6392151cc351c0 ( 53248 bytes)
File: wmpdrm.dll
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
20e6b0e65c694d3765b2c8dedb9d0c6f ( 172032 bytes)
576f8b3e4e4b661c354f1258fff5e1cd ( 180224 bytes)
File: [randomname].exe
Path : %workingdir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
00ff0f8e01ca737c4cb262d79d9378c5 ( 53253 bytes)
02e71636f598ea2c1ef96fc5c9124846 ( 492896 bytes)
04fe1113910f325c087faf0bf7fb42b0 ( 53273 bytes)
0519309892dcb1c625a7520bf7bf480d ( 492907 bytes)
062b5dd0b96cb44f79a4eadaf48edd14 ( 492894 bytes)
063313ae9dab61907f613ac18937941c ( 201385 bytes)
075d4c26ef327b375ecf263613db3c92 ( 537733 bytes)
0a2497f759fd23e736ec3448fbe74fa6 ( 492961 bytes)
0b65b43d42191badf648db9ace2368da ( 492897 bytes)
0cd4cc43c31568359c1c3b6f3b824051 ( 492897 bytes)
0d6d3f35c7e9b6cfbe12652cf287c2ce ( 36946 bytes)
11dcf269f7d5503026f810a89764d201 ( 492895 bytes)
12155509279ce75b929efbc778a5eb09 ( 537734 bytes)
129228bf9eece3426cfcfd27b7932a4b ( 492896 bytes)
12ea6c41d731085a4fd80a6503a2ab1e ( 36952 bytes)
15ee2f616c917c86db231ce70f85d568 ( 45079 bytes)
1651bcaa40e78652d1143704c483ecb4 ( 492898 bytes)
1ba477d696209abc59a6022657798c64 ( 537729 bytes)
1d07cce7dbe5ee5881dc19b23d74c580 ( 492964 bytes)
1f07346327d1e29a9df201821fbf7971 ( 492894 bytes)
1fa3f65db942af44d6a8705119a6cd1e ( 492891 bytes)
2048f9e9605a17492e94dc086c6ea309 ( 492897 bytes)
2089a6c7298d9dbcd9d349b19bcbf84a ( 493029 bytes)
23e56398a9c359d80db077fc8e75e303 ( 492895 bytes)
266049b6b6a2994736b5d8b6f6795a66 ( 492895 bytes)
26ef8ebc95414ce4e8eab50edc8caec4 ( 53250 bytes)
271d0a867004cfdb1cbc8cdbd09492bd ( 45078 bytes)
2819d7927f8fd4f9afd3a3c7c4826d20 ( 53252 bytes)
2878178dcf149b9c171e7d63a3558d14 ( 492898 bytes)
2a725bee20ee85805f800382b7267ce2 ( 492908 bytes)
2c2f31f57dba032edd490d346788d93b ( 53263 bytes)
2c69af7ac4b5eaf049d6ed93fa64e262 ( 492893 bytes)
2cbcb18460bb3be80f5cab0de94008c6 ( 537732 bytes)
2d597deef59ee4494a18d939aaa71c12 ( 492909 bytes)
2e37d1216d602ead427c17328afcbb15 ( 492898 bytes)
2ea4ed5b5601a22e5ededf8a3dec307f ( 37016 bytes)
312ee878c4b79035ab146833395eea89 ( 492889 bytes)
34fd3a2dabc32c64903aea7be8cafa56 ( 492963 bytes)
363f75fcffe822dc23b0724472096997 ( 492961 bytes)
367031f30264fcff8a6fdb64b48a130e ( 45081 bytes)
37e3398ec4495d8309f74ee2622b6c75 ( 53259 bytes)
380a3bbd55968b3db81fb541d784894b ( 492897 bytes)
39479ee589648c5798905758784d301d ( 492898 bytes)
3a1fd3e37610fc0c6f0867d65e333ddc ( 249871 bytes)
3b58fe80bd2448e8db783e7da9a8ea30 ( 45073 bytes)
3bec6dcf0b28f27474fac9e71cab013a ( 2290164 bytes)
3da5e5d56ca8c9401a052190ee044c77 ( 492899 bytes)
3e230a00a1311d242d284e54896df808 ( 537726 bytes)
4048b0cca3276888a91cf6d6359fa857 ( 492894 bytes)
42d8cb6e7872bf71472556afb5d46530 ( 36947 bytes)
42e55009bcc2af583ef85ff874d0021d ( 492896 bytes)
43a574b987973c92f27a854377ac41d1 ( 492898 bytes)
445cd2f5cb91591a47413d2d7af307d5 ( 492897 bytes)
4590324ccc0c33d8d169521fd4a862fa ( 492909 bytes)
45f2180adae050b3b7bc925cffe7216a ( 36955 bytes)
4613e0bce008f2e57283178b7f101460 ( 492963 bytes)
47a8e6bc459f97fdeca977bcaf422181 ( 492898 bytes)
4871c9656d3d115e21bc9a5a75ea4908 ( 492898 bytes)
48834c04b3a35dee7159ee04f4782cc1 ( 45084 bytes)
48b1812d45e64bc8a729c6d74378de10 ( 492898 bytes)
4c570b066929d0c
Also creates the following files on user's System which are also created by Genuine Software :-
Note:
These file(s) can be kept as they are also created by genuine Software.
File : guid.vxd
Path : %windir%\system32

Md5Hash :71bb76031197331942b636a1e54bdd30 ( 119 bytes)
The following Registry Values are added to the provided Registry Keys :-
Note:
Delete the added Values from the Key to remove Infection
|__ Value Added :
cnsmin = "rundll32.exe %windir%\downlo~1\cnsmin.dll,rundll32"
|__ Value Added :
mscfs = "rundll32 %windir%\system32\msibm\cfsys.dll,cfs"
|__ Value Added :
mscfs = "rundll32 ,cfs"
|__ Value Added :
spoolsv = "%windir%\system32\spoolsv\spoolsv.exe -printer"
|__ Value Added :
spoolsv32 = "%windir%\system32\spoolsv32\spoolsv32.exe -printer"
Creates the following child process(s) on execution:

%systemdrive%\progra~1\3618~1\zcomse~1.exe

%systemdrive%\progra~1\3618~1\wis97.exe

%systemdrive%\progra~1\3618~1\xilie3~1.exe

%systemdrive%\docume~1\antisp~1\locals~1\temp\glj4.tmp %programfiles%\3618ÓʼþÍƹã´óʦ\encrypt.dll

%windir%\system32\msibm\cfsqdll.exe 20

services.exe

rundll32.exe %windir%\system32\msibm\cfsbho.dll,firstgenguid

rundll32.exe %windir%\system32\msibm\cfsbho.dll,reguser

rundll32.exe %windir%\system32\msibm\cfsys.dll,cfs

%windir%\explorer.exe

%programfiles%\internet explorer\iexplore.exe

%windir%\system32\alg.exe

%windir%\system32\rundll32.exe %systemdrive%\progra~1\3721\cnsm.dll,rundll32

%windir%\system32\rundll32.exe %systemdrive%\progra~1\3721\helper.dll,rundll32

%systemdrive%\progra~1\yahoo!\assist~1\ylive.exe

rundll32.exe %windir%\downlo~1\cnsmin.dll,rundll32

%windir%\system32\rundll32.exe %systemdrive%\progra~1\3721\cfved.dll,dllunregisterserver

Tries to Download Files from the following links :-

http://download.3721.com/download/wmpns.ini

http://download.3721.com/download/askfj.cab

http://download.3721.com/download/autolive.ini?0|cf83&t=212687

http://download.3721.com/download/autolvup.cab?t=243531

http://download.3721.com/download/helperup.cab?t=269734

http://download.3721.com/download/cns03up.cab?t=332828

http://download.3721.com/download/notifup.cab?t=354828

http://download.3721.com/download/alrex.cab?t=357187

http://download.3721.com/download/cfved.cab?t=359265

Creates the Following MUTEX(s) on user's System:-
zcom-bind-7733-4b7d-92b0-3046c9191831
raspbfile
mutex_111
cnsminmutex
0xaccd86d0, 0x2770, 0x4d96, 0xb1, 0xb9, 0xc2, 0x28, 0x7f, 0xff, 0x35, 0xa4
global\{63e3925a-fe0e-49b8-afe3-d0f19d19a0cd}
0x4c792a4c, 0x4607, 0x4fab, 0x8c, 0xdb, 0x42, 0x34, 0x48, 0x9c, 0x4, 0x26
cnshelpermutex
autolive_auto_auto
cnsautoupdatemutex
ylive_mutex
cnsminbypassnamemutex
chinaddrmainmutexstr
Tries To Connect to The Following Urls:-
Http_Version :http/1.0
60.28.209.85/clientaction/download/5009002200030000
Http_Version :http/1.1
202.165.100.105/download/wmpns.ini
Http_Version :http/1.1
202.165.100.105/download/askfj.cab
Http_Version :http/1.1
202.104.11.94/cfs/reguser.php?guid=8733278c2d5c48a7a75802538fdd79ed&vdr=wis97
Http_Version :http/1.0
202.104.11.94/cfs/cfscfg.7z.md5?vendor=wis97&guid=8733278c2d5c48a7a75802538fdd79ed
Http_Version :http/1.0
202.104.11.94/cfs/cfscfg.7z?vendor=wis97&guid=8733278c2d5c48a7a75802538fdd79ed
Http_Version :http/1.1
202.165.100.106/download/autolvup.cab?t=243531
Http_Version :http/1.1
202.165.100.105/download/autolive.ini?0|cf83&t=212687
Http_Version :http/1.1
202.165.100.101/download/cfved.cab?t=359265
Http_Version :http/1.1
202.165.100.101/download/notifup.cab?t=354828
Http_Version :http/1.1
202.165.100.101/download/alrex.cab?t=357187
Http_Version :http/1.1
202.165.100.101/download/cns03up.cab?t=332828
Tries To Connect's to the following IP Address(s) through UDP(User DataGram Protocal) :-

127.0.0.1

Copies the Following Files to Given Location :-

Copies :%userprofile%\start menu\programs\3618ÓʼþÍƹã´óʦ\3618ÓʼþÍƹã´óʦ.lnk

To : %programfiles%\3618ÓʼþÍƹã´óʦ\backup\3618ÓʼþÍƹã´óʦ.lnk

Copies :%homepath%\desktop\3618ÓʼþÍƹã´óʦ.lnk

To : %programfiles%\3618ÓʼþÍƹã´óʦ\backup\3618ÓʼþÍƹã´óʦ.lnk

Copies :%systemdrive%\progra~1\3721\3721\autolive.dll

To : %systemdrive%\progra~1\3721\autolive.dll

Copies :%systemdrive%\progra~1\3721\3721\cns01.dat

To : %systemdrive%\progra~1\3721\cns01.dat

Copies :%systemdrive%\progra~1\3721\3721\helper.dll

To : %systemdrive%\progra~1\3721\helper.dll

Copies :%systemdrive%\progra~1\yahoo!\assist~1\update\assist\yasbar.dll

To : %systemdrive%\progra~1\yahoo!\assist~1\assist\yasbar.dll

Copies :%systemdrive%\progra~1\yahoo!\assist~1\update\yal01.dat

To : %systemdrive%\progra~1\yahoo!\assist~1\yal01.dat

Copies :%systemdrive%\progra~1\yahoo!\assist~1\update\yhelper.dll

To : %systemdrive%\progra~1\yahoo!\assist~1\yhelper.dll

Copies :%systemdrive%\progra~1\yahoo!\assist~1\update\ylive.exe

To : %systemdrive%\progra~1\yahoo!\assist~1\ylive.exe

Copies :%systemdrive%\progra~1\yahoo!\assist~1\assist\update\coolbar\prodef.ini

To : %systemdrive%\progra~1\yahoo!\assist~1\assist\coolbar\prodef.ini

Copies :%systemdrive%\progra~1\yahoo!\assist~1\assist\update\coolbar\profile.ini

To : %systemdrive%\progra~1\yahoo!\assist~1\assist\coolbar\profile.ini

Copies :%systemdrive%\progra~1\yahoo!\assist~1\assist\update\images\adkiller.bmp

To : %systemdrive%\progra~1\yahoo!\assist~1\assist\images\adkiller.bmp

Copies :%systemdrive%\progra~1\yahoo!\assist~1\assist\update\images\alert.bmp

To : %systemdrive%\progra~1\yahoo!\assist~1\assist\images\alert.bmp

Copies :%systemdrive%\progra~1\yahoo!\assist~1\assist\update\images\alertnew.bmp

To : %systemdrive%\progra~1\yahoo!\assist~1\assist\images\alertnew.bmp

Copies :%systemdrive%\progra~1\yahoo!\assist~1\assist\update\images\anitvirus.bmp

To : %systemdrive%\progra~1\yahoo!\assist~1\assist\images\anitvirus.bmp

Copies :%systemdrive%\progra~1\yahoo!\assist~1\assist\update\images\assist.bmp

To : %systemdrive%\progra~1\yahoo!\assist~1\assist\images\assist.bmp

Copies :%systemdrive%\progra~1\yahoo!\assist~1\assist\update\images\clear.bmp

To : %systemdrive%\progra~1\yahoo!\assist~1\assist\images\clear.bmp

Copies :%systemdrive%\progra~1\yahoo!\assist~1\assist\update\images\custheme.bmp

To : %systemdrive%\progra~1\yahoo!\assist~1\assist\images\custheme.bmp

Copies :%systemdrive%\progra~1\yahoo!\assist~1\assist\update\images\daoyan3.bmp

To : %systemdrive%\progra~1\yahoo!\assist~1\assist\images\daoyan3.bmp

Copies :%systemdrive%\progra~1\yahoo!\assist~1\assist\update\images\gouwu.bmp

To : %systemdrive%\progra~1\yahoo!\assist~1\assist\images\gouwu.bmp

Copies :%systemdrive%\progra~1\yahoo!\assist~1\assist\update\images\hilight.bmp

To : %systemdrive%\progra~1\yahoo!\assist~1\assist\images\hilight.bmp

Copies :%systemdrive%\progra~1\yahoo!\assist~1\assist\update\images\iefix.bmp

To : %systemdrive%\progra~1\yahoo!\assist~1\assist\images\iefix.bmp

Copies :%systemdrive%\progra~1\yahoo!\assist~1\assist\update\images\logo.bmp

To : %systemdrive%\progra~1\yahoo!\assist~1\assist\images\logo.bmp

Copies :%systemdrive%\progra~1\yahoo!\assist~1\assist\update\images\music.bmp

To : %systemdrive%\progra~1\yahoo!\assist~1\assist\images\music.bmp

Copies :%systemdrive%\progra~1\yahoo!\assist~1\assist\update\images\musiclink.bmp

To : %systemdrive%\progra~1\yahoo!\assist~1\assist\images\musiclink.bmp

Copies :%systemdrive%\progra~1\yahoo!\assist~1\assist\update\images\musictop.bmp

To : %systemdrive%\progra~1\yahoo!\assist~1\assist\images\musictop.bmp

Copies :%systemdrive%\progra~1\yahoo!\assist~1\assist\update\images\picture.bmp

To : %systemdrive%\progra~1\yahoo!\assist~1\assist\images\picture.bmp

Copies :%systemdrive%\progra~1\yahoo!\assist~1\assist\update\images\search.bmp

To : %systemdrive%\progra~1\yahoo!\assist~1\assist\images\search.bmp

Copies :%systemdrive%\progra~1\yahoo!\assist~1\assist\update\images\searchtop.bmp

To : %systemdrive%\progra~1\yahoo!\assist~1\assist\images\searchtop.bmp

Copies :%systemdrive%\progra~1\yahoo!\assist~1\assist\update\images\settings.bmp

To : %systemdrive%\progra~1\yahoo!\assist~1\assist\images\settings.bmp

Copies :%systemdrive%\progra~1\yahoo!\assist~1\assist\update\images\thumbs.db

To : %systemdrive%\progra~1\yahoo!\assist~1\assist\images\thumbs.db

Copies :%systemdrive%\progra~1\yahoo!\assist~1\assist\update\images\yphtb.bmp

To : %systemdrive%\progra~1\yahoo!\assist~1\assist\images\yphtb.bmp

Copies :%systemdrive%\progra~1\yahoo!\assist~1\assist\update\searchbar\prodef.ini

To : %systemdrive%\progra~1\yahoo!\assist~1\assist\searchbar\prodef.ini

Copies :%systemdrive%\progra~1\yahoo!\assist~1\assist\update\searchbar\profile.ini

To : %systemdrive%\progra~1\yahoo!\assist~1\assist\searchbar\profile.ini

Copies :%systemdrive%\progra~1\yahoo!\assist~1\assist\update\securitybar\prodef.ini

To : %systemdrive%\progra~1\yahoo!\assist~1\assist\securitybar\prodef.ini

Copies :%systemdrive%\progra~1\yahoo!\assist~1\assist\update\securitybar\profile.ini

To : %systemdrive%\progra~1\yahoo!\assist~1\assist\securitybar\profile.ini

Copies :%systemdrive%\progra~1\yahoo!\assist~1\assist\yalive.dll

To : %systemdrive%\progra~1\yahoo!\assist~1\yalive.dll

Copies :%windir%\system32\msibm\cfsupd.dll

To : %windir%\system32\bakcfs\cfsupd.dll

Copies :%windir%\system32\msibm\lowlvl.dll

To : %windir%\system32\bakcfs\lowlvl.dll

Copies :%windir%\system32\msibm\linbak.dll

To : %windir%\system32\bakcfs\linbak.dll

Copies :%windir%\system32\msibm\cfsbho.dll

To : %windir%\system32\bakcfs\cfsbho.dll

Copies :%windir%\system32\msibm\cfs7zd.dll

To : %windir%\system32\bakcfs\cfs7zd.dll

Copies :%windir%\system32\msibm\cfsys.dll

To : %windir%\system32\bakcfs\cfsys.dll

Copies :%systemdrive%\progra~1\3721\3721\cns03.dat

To : %systemdrive%\progra~1\3721\cns03.dat

Copies :%systemdrive%\progra~1\3721\3721\notifier.dll

To : %systemdrive%\progra~1\3721\notifier.dll

Copies :%systemdrive%\progra~1\3721\3721\alrex.dll

To : %systemdrive%\progra~1\3721\alrex.dll

Copies :%systemdrive%\progra~1\3721\3721\cfved.dll

To : %systemdrive%\progra~1\3721\cfved.dll

Moves the Following Files to Given Location :-
Moves :%systemdrive%\docume~1\antisp~1\locals~1\temp\~glh0000.tmp
To : %systemdrive%\docume~1\antisp~1\locals~1\temp\glfe.tmp
Moves :%systemdrive%\docume~1\antisp~1\locals~1\temp\~glh0001.tmp
To : %systemdrive%\docume~1\antisp~1\locals~1\temp\glf11.tmp
Moves :%programfiles%\3618ÓʼþÍƹã´óʦ\~glh0002.tmp
To : %programfiles%\3618ÓʼþÍƹã´óʦ\unwise.exe
Moves :%programfiles%\3618ÓʼþÍƹã´óʦ\~glh0003.tmp
To : %programfiles%\3618ÓʼþÍƹã´óʦ\encrypt.dll
Moves :%programfiles%\3618ÓʼþÍƹã´óʦ\~glh0004.tmp
To : %programfiles%\3618ÓʼþÍƹã´óʦ\reg.bat
Moves :%programfiles%\3618ÓʼþÍƹã´óʦ\~glh0005.tmp
To : %programfiles%\3618ÓʼþÍƹã´óʦ\xilie3618_cns_yassist.exe
Moves :%systemdrive%\progra~1\3618~1\temp.000
To : %systemdrive%\progra~1\3618~1\~glh0007.tmp
Moves :%systemdrive%\progra~1\3618~1\~glh0007.tmp
To : %systemdrive%\progra~1\3618~1\zcomsetup.exe
Moves :%programfiles%\3618ÓʼþÍƹã´óʦ\~glh0008.tmp
To : %programfiles%\3618ÓʼþÍƹã´óʦ\dns.htm
Moves :%programfiles%\3618ÓʼþÍƹã´óʦ\~glh0009.tmp
To : %programfiles%\3618ÓʼþÍƹã´óʦ\help.htm
Moves :%programfiles%\3618ÓʼþÍƹã´óʦ\~glh000a.tmp
To : %programfiles%\3618ÓʼþÍƹã´óʦ\mailprocess.exe
Moves :%programfiles%\3618ÓʼþÍƹã´óʦ\~glh000b.tmp
To : %programfiles%\3618ÓʼþÍƹã´óʦ\regsoft.ini
Moves :%programfiles%\3618ÓʼþÍƹã´óʦ\~glh000c.tmp
To : %programfiles%\3618ÓʼþÍƹã´óʦ\wis97.exe

NOTE:

1. %homepath% Refers to the windows current user's profile folder. By default it is 'C:\Documents and Settings\[user]'
2. %programfiles% Refers to the program files folder. By default it is 'C:\Program Files'
4. %workingdir% Refers to the current directory in which user is working.
5. %systemdrive% Refers to the windows System drive folder. By default it is 'C:\'
6. %userprofile% Refers to the windows current user's profile folder. By default it is 'C:\Documents and Settings\[user]'
7. %windir% Refers to the windows root folder. By default it is 'C:\Windows'

Important: We strongly recommend that you backup the Registry before making any changes to it. Incorrect changes to the Registry can result in permanent data loss or corrupted Files. Modify the malicious\suspicious Subkeys only.

Click Here for more spywarelib.com recommended PC Security and Optimization Tools

To modify registry entries in Windows Operating System:
Follow Steps:
1. Click Start > Run
2. Type “regedit” : to open registry editor
3. Navigate to required registry Key from the Left Tree control and modify accordingly.


Microsoft Gold Certified Partner

© Systweak Inc., 1999-2011 All rights reserved.