Systweak Spyware Library
Systweak Spyware Library text
More than 21875 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
Adtool.MyWebSearch Analysis Report
Threat Submitted On: 10 Nov 2008
Threat Analysed On: 11 Nov 2008
Threat Updated On: 11 Sept 2009
Type : Adtool
Symptoms of killwin
  • Performs illicit activities under the disguise of a useful program.
  • Download malicious code and programs such as keyloggers.
  • It is capable of fetching user’s personal and confidential information.
Information
Alias : [Not Available]
Md5 Hash : [Not Available]
File Size : [ Not Available ]

Technical Details

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System
Note:
Delete the following Files to remove Infection
File: loadme.bat
Path : %allusersprofile%\startm~1\programs\startup

Md5Hash :5fd9dbbf7cd06d331850ef67029b98c8 ( 48 bytes)
File: _shellsettings.dat
Path : %programfiles%\easybits for kids

Md5Hash :6d989a72854521a42dcb9dfff34b56a9 ( 29 bytes)
File: gbiehabn.dll
Path : %programfiles%\gbplugin

Md5Hash :( bytes)
File: gbiehbsb.dll
Path : %programfiles%\gbplugin

Md5Hash :( bytes)
File: gbiehuni.dll
Path : %programfiles%\gbplugin

Md5Hash :( bytes)
File: scpibdns.bin
Path : %programfiles%\scpad

Md5Hash :( bytes)
File: scpiburl.bin
Path : %programfiles%\scpad

Md5Hash :( bytes)
File: scplib.dll
Path : %programfiles%\scpad

Md5Hash :( bytes)
File: scpsssh2.dll
Path : %programfiles%\scpad

Md5Hash :( bytes)
File: @b@ddon.exe
Path : %systemdrive%

Md5Hash :( bytes)
File: a721.bat
Path : %systemdrive%

Md5Hash :41d609243f220cfee7dfa543401db8eb ( bytes)
File: aiyii.vbs
Path : %systemdrive%

Md5Hash :( bytes)
File: autoexec.bat.exe
Path : %systemdrive%

Md5Hash :( bytes)
File: boot.ini.exe
Path : %systemdrive%

Md5Hash :( bytes)
File: command.com
Path : %systemdrive%

Md5Hash :2a699a010b8c1665cbe571839f69bb69 ( 65536 bytes)
File: config.sys.exe
Path : %systemdrive%

Md5Hash :( bytes)
File: [RandomName].exe_
Path : %workingdir%

Md5Hash :7e5b8685e39756d0118d6e31d7b471c3 ( bytes)
File: config.sys
Path : %workingdir%

Md5Hash :( bytes)
File: ntdetect.com
Path : %workingdir%

Md5Hash :( bytes)
File: io.sys.exe
Path : %systemdrive%

Md5Hash :( bytes)
File: msdos.sys.exe
Path : %systemdrive%

Md5Hash :( bytes)
File: ntdetect.com.exe
Path : %systemdrive%

Md5Hash :( bytes)
File: owned.bat
Path : %systemdrive%

Md5Hash :ef6779c14eb339eb15c280803b3e333b ( 132 bytes)
File: pagefile.sys.exe
Path : %systemdrive%

Md5Hash :( bytes)
File: pagefilesystem.sys
Path : %systemdrive%

Md5Hash :dfe4d272f4778ed5c498ce7b572b1e7d ( 2775028736 bytes)
File: regi.reg
Path : %systemdrive%

Md5Hash :9dd5eab7b66b1a00126831115bf27761 ( bytes)
File: shadow.idx.exe
Path : %systemdrive%

Md5Hash :( bytes)
File: sys dll del.bat
Path : %systemdrive%\temp

Md5Hash :be0ce2d25c9116252bdba3a40e2395ec ( bytes)
File: a33652.bat
Path : %temp%

Md5Hash :80e73cd535e90e225e62a56f98fc4793 ( 907 bytes)
File: batfile.bat
Path : %temp%\b2e1

Md5Hash :3a4841a7661ff49c7d51ccf96783a6fb ( 5456 bytes)
File: bt8436.bat
Path : %temp%

Md5Hash :2ef85b13283bd1ba2d5157c756f6ebd8 ( bytes)
File: gentee.dll
Path : %temp%\gentee00

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
30439e079a3d603c461d2c2f4f8cb064 ( 102400 bytes)
3cac0fba8f075595e71b9cea58dcc3ce ( 102400 bytes)
File: guig.dll
Path : %temp%\gentee00

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
2eaed54cdb5fdb8e6251de8dcd4ec25a ( 20480 bytes)
4efc3a713465f1dda1adb79508518d25 ( 20480 bytes)
8168fef43575749aaea1bbdd03babe2b ( 20480 bytes)
90ed95c6c42be7d9ef95480a54a9414f ( 20480 bytes)
9b741674245340cb9c503b296f361e2e ( 20480 bytes)
f78ee6369ada1fb02b776498146cc903 ( 20480 bytes)
fa3db33dcefded7b4fdcb948a5e6e53e ( 20480 bytes)
File: setup_temp.gea
Path : %temp%\gentee00

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
02fe3a72a83ceb69a74a7e036b2e5640 ( 28039 bytes)
0bdd797b7010c0d2851ccd97134fbfe0 ( 7881 bytes)
1d0c1c7e57cf8c37ce067e54189e1df1 ( 16704 bytes)
1eb75fd21e0cc8ef54373e5b0f9ddcf7 ( 12544 bytes)
208498fda4d748c36f457952cedb0fcb ( 17538 bytes)
242dcc7f72785b64ba0b75cfc9b162e7 ( 15593 bytes)
25997e1f82a654db8262433dcfc6575b ( 33694 bytes)
28c660eb57d91639014460be68d55fc2 ( 10448 bytes)
298745e1b1ed18994506aa818d35339f ( 17907 bytes)
29c1963c2d7063930dd0577a67221ac3 ( 17031 bytes)
3548baa2700cd86ddc9aecfbb0e21595 ( 7490 bytes)
3672f0b1e5e1801bd5b331bb3df24017 ( 6158 bytes)
45b125f69d05c4681502ddd591e9eae7 ( 30920 bytes)
50b1b6f523615fdb4a1bdfca04f50014 ( 20762 bytes)
635aac20ca5394d18bd6d90bf3b66076 ( 632 bytes)
67b516fa634c0047958870308da6f6ee ( 817 bytes)
69a80890bb83ec47d1358c8816fb7875 ( 1550 bytes)
6c610d0ebe31bd4c4ea1d90d82811f58 ( 11410 bytes)
6c833fb684832dd33abe83037bd3408b ( 16704 bytes)
6de4cb6d5ee5443ff45a01334f446b88 ( 14220 bytes)
6ec0b3a16fbc1b1b212d7d7f374e321d ( 14682 bytes)
6fc526ece24dac3b41e5ed4cc618cdee ( 14326 bytes)
732a7939a2b2ab79e98dab3eafff0cb7 ( 23510 bytes)
74e6bde332b91d38aa5aca329e23e554 ( 632 bytes)
949d31ec8883922fcac04b92fb29a4cf ( 29206 bytes)
96f743aff5ac2ede5c6d9a4307dff183 ( bytes)
9de04a570aa47da2eea2018e2ca59e16 ( 20605 bytes)
c12f3e4789185e922e3ba113c7d1d75b ( 13360 bytes)
cbb4949eeea55f76bd076b4125afe23c ( 17667 bytes)
d1f62158826656c0da52ccf4bbfd76eb ( 6044 bytes)
eab017e34e518a005c2a8309c3b930a9 ( 17233 bytes)
f3eaaae829acd97530ded865d40d0015 ( 6986 bytes)
File: liar5.exe
Path : %temp%

Md5Hash :4b70bf12260977e74b0c81aa0dc06843 ( 69632 bytes)
File: newexe11_298.exe
Path : %temp%

Md5Hash :75aa4736ed4f6826233f53a5e68e7ffd ( 176128 bytes)
File: sccp.exe
Path : %temp%

Md5Hash :2c26f8a19373ee348872055c28dd0e02 ( 32768 bytes)
File: server.exe
Path : %temp%

Md5Hash :e33392ee3263c85206e16763db4ae820 ( 29053 bytes)
File: temp.exe
Path : %temp%

Md5Hash :51a9bdc2c38e62742aa2a9224af3dc75 ( 82382 bytes)
File: tmpfile0.bat
Path : %temp%

Md5Hash :3e00feb24be9d5137f22759a8a3e4781 ( 1228 bytes)
File: uninst1.exe
Path : %temp%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
0249d7bc6ecb734f4ae55e91ac336384 ( 126976 bytes)
1fc6c590539e9dc535be182ca5d4df2c ( 105472 bytes)
3b5f2b1022b9483d4f248fc611fd08d7 ( 130048 bytes)
4cf4be3fa51bb32c37243ee5e3b79f3a ( 130048 bytes)
7744cb5f07dc5a07feb32fd6222617de ( 123904 bytes)
d9a7e6a8ceeb313cda8215b22e0ced49 ( 113664 bytes)
File: kaspersky update.bat.lnk
Path : %userprofile%\start menu\programs\startup

Md5Hash :c5510818c806e2f377d9c6d5f8edd3ea ( 431 bytes)
File: ms office.bat
Path : %userprofile%\start menu\programs\startup

Md5Hash :974565d0930d0918669a0f5964577648 ( 16841 bytes)
File: svchost.exe
Path : %userprofile%\start menu\programs\startup

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
010c801a156888b2a27cccf7cb25681e ( 3248 bytes)
03d43877f0e3e205bad7bd3924ffdeed ( 3246 bytes)
File: ultimated key-gen.exe
Path : %userprofile%\start menu\programs\startup

Md5Hash :08a8efc1d60e3e2c20f80297bc992f7b ( 217430 bytes)
File: aiyii.vbs
Path : %windir%

Md5Hash :51f10d4fd28c87d216c9992402354e1e ( 114 bytes)
File: checkrepl.vbs
Path : %windir%

Md5Hash :51f10d4fd28c87d216c9992402354e1e ( 114 bytes)
File: clean.vbs
Path : %windir%

Md5Hash :51f10d4fd28c87d216c9992402354e1e ( 114 bytes)
File: clone.vbs
Path : %windir%

Md5Hash :51f10d4fd28c87d216c9992402354e1e ( 114 bytes)
File: conall.vbs
Path : %windir%

Md5Hash :51f10d4fd28c87d216c9992402354e1e ( 114 bytes)
File: defprn.vbs
Path : %windir%

Md5Hash :51f10d4fd28c87d216c9992402354e1e ( 114 bytes)
File: gbieh.dll
Path : %windir%\downloaded program files

Md5Hash :b7f0d45dbdeccd873d41a3abd16624a5 ( 405504 bytes)
File: gbiehabn.dll
Path : %windir%\downloaded program files

Md5Hash :b7f0d45dbdeccd873d41a3abd16624a5 ( 405504 bytes)
File: gbiehbsb.dll
Path : %windir%\downloaded program files

Md5Hash :b7f0d45dbdeccd873d41a3abd16624a5 ( 405504 bytes)
File: gbiehcef.dll
Path : %windir%\downloaded program files

Md5Hash :b7f0d45dbdeccd873d41a3abd16624a5 ( 405504 bytes)
File: gbiehisg.dll
Path : %windir%\downloaded program files

Md5Hash :b7f0d45dbdeccd873d41a3abd16624a5 ( 405504 bytes)
File: gbiehuni.dll
Path : %windir%\downloaded program files

Md5Hash :b7f0d45dbdeccd873d41a3abd16624a5 ( 405504 bytes)
File: gbpdist.dll
Path : %windir%\downloaded program files

Md5Hash :b7f0d45dbdeccd873d41a3abd16624a5 ( 405504 bytes)
File: drvmgr.vbs
Path : %windir%

Md5Hash :51f10d4fd28c87d216c9992402354e1e ( 114 bytes)
File: forms.vbs
Path : %windir%

Md5Hash :51f10d4fd28c87d216c9992402354e1e ( 114 bytes)
File: frsflags.vbs
Path : %windir%

Md5Hash :51f10d4fd28c87d216c9992402354e1e ( 114 bytes)
File: persist.vbs
Path : %windir%

Md5Hash :51f10d4fd28c87d216c9992402354e1e ( 114 bytes)
File: porn_screensaver_hot!_0day!.bat
Path : %windir%

Md5Hash :e6eefb8cb6600944df4e601aee3201a7 ( 71168 bytes)
File: portconv.vbs
Path : %windir%

Md5Hash :51f10d4fd28c87d216c9992402354e1e ( 114 bytes)
File: portmgr.vbs
Path : %windir%

Md5Hash :51f10d4fd28c87d216c9992402354e1e ( 114 bytes)
File: prncfg.vbs
Path : %windir%

Md5Hash :51f10d4fd28c87d216c9992402354e1e ( 114 bytes)
File: prnctrl.vbs
Path : %windir%

Md5Hash :51f10d4fd28c87d216c9992402354e1e ( 114 bytes)
File: prndata.vbs
Path : %windir%

Md5Hash :51f10d4fd28c87d216c9992402354e1e ( 114 bytes)
File: prnmgr.vbs
Path : %windir%

Md5Hash :51f10d4fd28c87d216c9992402354e1e ( 114 bytes)
File: queryad.vbs
Path : %windir%

Md5Hash :51f10d4fd28c87d216c9992402354e1e ( 114 bytes)
File: sfc.exe
Path : %windir%

Md5Hash :2a699a010b8c1665cbe571839f69bb69 ( 65536 bytes)
File: snphh.js
Path : %windir%

Md5Hash :54a41c62b2821677582031d1d28ab7a9 ( bytes)
File: svchost.exe
Path : %windir%

Md5Hash :bd8676519e0a2a353e24dca0d3c1e70e ( 144368 bytes)
File: logo1.bat
Path : %windir%\system

Md5Hash :64706fdadb5e28a6ff16e1959fc52acf ( 436 bytes)
File: abaddon.exe
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
0f12e254f958ae615b69bf3f0a498e2b ( 59392 bytes)
1defe2caa5f0ce5c734eaa12351925c5 ( 59392 bytes)
5e295e6e0cef0fbc2d48a85a1f32d04b ( 59392 bytes)
61ff86e9f048550baba01820be2a54bf ( 59904 bytes)
7304408859fdf25f47327dedc9ca349f ( 59392 bytes)
e40ce2d7f6ad04ed41ec9e79c5e716f0 ( 59392 bytes)
File: aiyii.vbs
Path : %windir%\system32

Md5Hash :51f10d4fd28c87d216c9992402354e1e ( bytes)
File: gb.dll
Path : %windir%\system32

Md5Hash :b7f0d45dbdeccd873d41a3abd16624a5 ( 405504 bytes)
File: liar5.exe
Path : %windir%\system32

Md5Hash :4b70bf12260977e74b0c81aa0dc06843 ( 69632 bytes)
File: loadme.exe
Path : %windir%\system32

Md5Hash :640ef22065eec76bb02cfcf29e82fe94 ( 61954 bytes)
File: scpibcfg.bin
Path : %windir%\system32

Md5Hash :b7f0d45dbdeccd873d41a3abd16624a5 ( 405504 bytes)
File: scpibdns.bin
Path : %windir%\system32

Md5Hash :b7f0d45dbdeccd873d41a3abd16624a5 ( 405504 bytes)
File: scpibsig.bin
Path : %windir%\system32

Md5Hash :b7f0d45dbdeccd873d41a3abd16624a5 ( 405504 bytes)
File: scpiburl.bin
Path : %windir%\system32

Md5Hash :b7f0d45dbdeccd873d41a3abd16624a5 ( 405504 bytes)
File: scpibwct.bin
Path : %windir%\system32

Md5Hash :b7f0d45dbdeccd873d41a3abd16624a5 ( 405504 bytes)
File: scplib.dll
Path : %windir%\system32

Md5Hash :b7f0d45dbdeccd873d41a3abd16624a5 ( 405504 bytes)
File: scpmib.dll
Path : %windir%\system32

Md5Hash :b7f0d45dbdeccd873d41a3abd16624a5 ( 405504 bytes)
File: scpsssh2.dll
Path : %windir%\system32

Md5Hash :b7f0d45dbdeccd873d41a3abd16624a5 ( 405504 bytes)
File: snagos.exe
Path : %windir%\system32

Md5Hash :b7f0d45dbdeccd873d41a3abd16624a5 ( 405504 bytes)
File: snengine.exe
Path : %windir%\system32

Md5Hash :b7f0d45dbdeccd873d41a3abd16624a5 ( 405504 bytes)
File: sshib.dll
Path : %windir%\system32

Md5Hash :b7f0d45dbdeccd873d41a3abd16624a5 ( 405504 bytes)
File: up04.exe
Path : %windir%\system32

Md5Hash :da46394237991f798f99cb64244ad71d ( 1231872 bytes)
File: wgax4.dll
Path : %windir%\system32

Md5Hash :d907821d046aa0ba25bdee4ae74edda7 ( 41982 bytes)
File: win32.exe
Path : %windir%\system32

Md5Hash :eeab98631b7a09a2018bac53224c5781 ( 16898 bytes)
File: windows updatesp4.exe
Path : %windir%\system32

Md5Hash :4b045bb2c2150b82042157a96c4a789d ( 209408 bytes)
File: uatvs.bat
Path : %windir%

Md5Hash :3a4841a7661ff49c7d51ccf96783a6fb ( 5456 bytes)
File: ultimated key-gen uninstaller.exe
Path : %windir%

Md5Hash :( bytes)
File: xtgrs.bat
Path : %windir%

Md5Hash :3a4841a7661ff49c7d51ccf96783a6fb ( 5456 bytes)
File: [randomname].exe
Path : %workingdir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
0023a05fb74b4f5ea0d611158b4ae41d ( 601212 bytes)
010c801a156888b2a27cccf7cb25681e ( 3248 bytes)
018aaf9148af1220cc48ddb2149217b8 ( 9220 bytes)
01974ac7a21d4f95f1169410b8df7383 ( 28674 bytes)
03d43877f0e3e205bad7bd3924ffdeed ( 3246 bytes)
049aa4929fb1b2c6f6613cd965772268 ( 123904 bytes)
0539bb942174cb91dac44ed09bf1b158 ( 36866 bytes)
06ec579e39f75fe42515d00426c8dd4c ( 12800 bytes)
07c657f567185389e6bc4e2e7217102a ( 332323 bytes)
081f878ed7ecf2129d68897c4d1cfad8 ( 9221 bytes)
08984acdf9a852cc28932c1f7351432d ( 113664 bytes)
0ab62d991f73740a99251e5766ef543a ( 169276 bytes)
0b754a485c88baf5ef80074379064d4e ( 110592 bytes)
0bf18ae34b82cc2303d0763a5cb49d23 ( 154626 bytes)
0dde92e8c6de390bc8c110ae0cea6082 ( 52037 bytes)
0f12e254f958ae615b69bf3f0a498e2b ( 59392 bytes)
1139c5c19910ff33ce1430c68e1e8205 ( 733 bytes)
11c006793080a461ebb71d24f5ca50d1 ( 73834 bytes)
11df82d51aa8879c2e77698118fb9468 ( 5125 bytes)
12a2224ef88aaabfa7fdd410f8099fe4 ( 358916 bytes)
1493d9c0cd94f8d2946651d80a73848a ( 5124 bytes)
1615b8287eb48debf91987c066c9e498 ( 75570 bytes)
1defe2caa5f0ce5c734eaa12351925c5 ( 59392 bytes)
2152ed13794c939e6da1314175063855 ( 5279241 bytes)
21bebdf91df97ac86ba9917ae3616db3 ( 12802 bytes)
2463cc91b8dc069461ac58bdc688ddb7 ( 707072 bytes)
25a294640e107edccedb2b265b113307 ( 44998 bytes)
273b208b77b00f00c83fd2732f2a2759 ( 89604 bytes)
27b9105bb051993bd0cec09b4bef8c37 ( 43008 bytes)
294d7aee4a3d573ebddaf8b997fe43c7 ( 89602 bytes)
2a630caf8fa70b00c95c078085615bf2 ( 1202478 bytes)
2a699a010b8c1665cbe571839f69bb69 ( 65536 bytes)
2bb607ed4edbd279cdd42db3d5e6833e ( 18 bytes)
2bf570975fc6c247cf464b11dfb13c62 ( 28672 bytes)
2d1bf270484843f3ec11a0ffcac2c3fa ( 358917 bytes)
2d63ac4300e3ebfd482a4b75ff5cd52d ( 358917 bytes)
2db660d66efeda9d6e273b6c7960f4f3 ( 9286 bytes)
2f1554de96113bddf4f543b05f00cd78 ( 130920 bytes)
33f16416b9768003067fa90cf37d21e4 ( 2015050 bytes)
34b94aa62450f3ae26f80189a210b061 ( 44998 bytes)
3623398adb6e26b82e47278c0cb9a3d7 ( 5122 bytes)
373dbab06f4058257db7ee99c3e3a777 ( 75568 bytes)
38ffabea52fc6e327687cb9abfac1e48 ( 57498 bytes)
398d7b6416dd81605c54716a3dd87a32 ( 1204999 bytes)
3afdc2a49514cda3094f4b9a2f5d8d6c ( 189226 bytes)
3c5e13f50586cbf7aa9a73ecfaf22050 ( 5125 bytes)
3eb43495f56c7a0594185f77364508e0 ( 89600 bytes)
3f1f01a9e7582736b3614ed62b3f576e ( 446464 bytes)
3f4da8fd58496717e3a04e7b867f1c20 ( 17408 bytes)
3f81c966d247143e50eeded2dbb26726 ( 516161 bytes)
3fc5bd3ee0339963f05650f689321783 ( 89602 bytes)
40509f32fda60e185c89701cf2a02395 ( 77826 bytes)
41b3db194656988c58177d144f9590ed ( 100352 bytes)
446d9a242f1f4a6e3025ba2cd8efe638 ( bytes)
44eb9cb9098859b9f5f7d06f3c7101cf ( 77826 bytes)
45c3a8ec1a148e5f5d7229652c41f8fd ( 25090 bytes)
45d5a5e38f796b0772c43c5075c2fa88 ( 180325 bytes)
45df641b33e133f5397a62a9a7ad36ba ( 42498 bytes)
474b5c68fd8f0d987ad4b3282b0b4235 ( 31744 bytes)
479c9ee46fd1376d50015bf1d444a714 ( 24578 bytes)
4916113aa165332cf5dbcd45b25408db ( 12290 bytes)
4b045
Also creates the following files on user's System which are also created by Genuine Software :-
Note:
These file(s) can be kept as they are also created by genuine Software.
File : win.com
Path : %systemdrive%\winnt\system32

Md5Hash :( bytes)
File : unppmd.dll
Path : %temp%\gentee00

Md5Hash :7b97f7a822f0f4f54c54b8ef92aaf09a ( 8704 bytes)
File : gdipfontcachev1.dat
Path : %userprofile%\local settings\application data

Md5Hash :8d7b88478e26c1a252cd41c7450ca00f ( 12328 bytes)
File : calc.exe
Path : %windir%

Md5Hash :( bytes)
File : sfc.exe
Path : %windir%\command

Md5Hash :( bytes)
File : sfc.exe
Path : %windir%\system

Md5Hash :2a699a010b8c1665cbe571839f69bb69 ( 65536 bytes)
File : 1.dos
Path : %windir%\system32

Md5Hash :eeb024f2c81f0d55936fb825d21a91d6 ( 388608 bytes)
File : 2.dos
Path : %windir%\system32

Md5Hash :29ed429a12deeaee5e40307c5215e8d8 ( 42496 bytes)
File : 3.dos
Path : %windir%\system32

Md5Hash :7c52632ddcd68a5d87f293e5e9d0361c ( 124928 bytes)
File : cmd.dat
Path : %windir%\system32

Md5Hash :eeb024f2c81f0d55936fb825d21a91d6 ( 388608 bytes)
File : 1.dos
Path : %windir%\system32\dllcache

Md5Hash :eeb024f2c81f0d55936fb825d21a91d6 ( 388608 bytes)
File : 2.dos
Path : %windir%\system32\dllcache

Md5Hash :29ed429a12deeaee5e40307c5215e8d8 ( 42496 bytes)
File : 3.dos
Path : %windir%\system32\dllcache

Md5Hash :7c52632ddcd68a5d87f293e5e9d0361c ( 124928 bytes)
File : win.com
Path : %windir%

Md5Hash :2a699a010b8c1665cbe571839f69bb69 ( 65536 bytes)
File : win.ini
Path : %windir%

Md5Hash :2a699a010b8c1665cbe571839f69bb69 ( 65536 bytes)
File : win.vbs
Path : %windir%

Md5Hash :8715347d6b7b2e3a7cfe5adf2d510ce3 ( 477 bytes)
The following Registry Values are added to the provided Registry Keys :-
Note:
Delete the added Values from the Key to remove Infection
|__ Value Added :
0eea1f23 = "%SYSTEMDRIVE%\data\0eea1f23.exe"
|__ Value Added :
479c9ee46fd1376d50015bf1d444a714 = "%SYSTEMDRIVE%\data\479c9ee46fd1376d50015bf1d444a714.exe"
|__ Value Added :
561bfa11b82844068728bdd8d0e850d9 = "%SYSTEMDRIVE%\Data\561bfa11b82844068728bdd8d0e850d9.exe"
|__ Value Added :
72de7d3b = "%SYSTEMDRIVE%\data\72de7d3b.exe"
|__ Value Added :
ba945033 = "%SYSTEMDRIVE%\data\ba945033.exe"
|__ Value Added :
c3cc4ad4c45ad6ecc4695b4bf9ba2c7f = "%SYSTEMDRIVE%\Data\c3cc4ad4c45ad6ecc4695b4bf9ba2c7f.exe"
|__ Value Added :
currency = "%SYSTEMDRIVE%\data\e49ccd0671ea0d57bd530c48414ed122.exe"
|__ Value Added :
load = "%windir%\system32\win32.exe"
|__ Value Added :
norton32 = "%windir%\system32\abaddon.exe"
|__ Value Added :
sccp = "%TEMP%\sccp.exe"
|__ Value Added :
server = "%TEMP%\server.exe"
|__ Value Added :
start = "%SYSTEMDRIVE%\data\e749959d6a2563f2ec97d7a09cd17360.exe"
|__ Value Added :
svchost = "%windir%\svchost.exe"
|__ Value Added :
windows update sp3 = "[reg_expand_sz, value: %windir%\system32\windows updatesp4.exe]"
|__ Value Added :
temp = "%SYSTEMDRIVE%\autoexec.bat"

NOTE:

1. %allusersprofile% Refers to the windows all users profile folder. By default it is 'C:\Documents and Settings\All Users'
2. %programfiles% Refers to the program files folder. By default it is 'C:\Program Files'
3. %systemdrive% Refers to the windows System drive folder. By default it is 'C:\'
5. %workingdir% Refers to the current directory in which user is working.
6. %temp% Refers to the windows temp folder. By default it is 'C:\Documents and Settings\[user]\Local Settings\Temp'
7. %userprofile% Refers to the windows current user's profile folder. By default it is 'C:\Documents and Settings\[user]'
8. %windir% Refers to the windows root folder. By default it is 'C:\Windows'

Important: We strongly recommend that you backup the Registry before making any changes to it. Incorrect changes to the Registry can result in permanent data loss or corrupted Files. Modify the malicious\suspicious Subkeys only.

Click Here for more spywarelib.com recommended PC Security and Optimization Tools

To modify registry entries in Windows Operating System:
Follow Steps:
1. Click Start > Run
2. Type “regedit” : to open registry editor
3. Navigate to required registry Key from the Left Tree control and modify accordingly.


Microsoft Gold Certified Partner

© Systweak Inc., 1999-2011 All rights reserved.