Technical Information
- %WINDIR%\Microsoft.NET\Framework\v3.5\AddInProcess.exe with %WINDIR%\Microsoft.NET\Framework\v3.5\AddInProcess.exe
- %WINDIR%\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe with %WINDIR%\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe
- %WINDIR%\twunk_32.exe with %WINDIR%\twunk_32.exe.new
- %WINDIR%\Microsoft.NET\Framework\v3.5\AddInProcess32.exe with %WINDIR%\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
- %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe with %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
- %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe with %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
- %WINDIR%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe with %WINDIR%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
- %WINDIR%\TASKMAN.EXE with %WINDIR%\taskman.exe.new
- %WINDIR%\Microsoft.NET\Framework\v3.5\MSBuild.exe with %WINDIR%\Microsoft.NET\Framework\v3.5\MSBuild.exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\EdmGen.exe with %WINDIR%\Microsoft.NET\Framework\v3.5\EdmGen.exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\vbc.exe with %WINDIR%\Microsoft.NET\Framework\v3.5\vbc.exe
- <SYSTEM32>\dllcache\migrate.exe with <SYSTEM32>\dllcache\migrate.exe.new
- %WINDIR%\Microsoft.NET\Framework\v3.5\csc.exe with %WINDIR%\Microsoft.NET\Framework\v3.5\csc.exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\AddInUtil.exe with %WINDIR%\Microsoft.NET\Framework\v3.5\AddInUtil.exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe with %WINDIR%\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
- %WINDIR%\winhlp32.exe with %WINDIR%\winhlp32.exe.new
- %WINDIR%\regedit.exe with %WINDIR%\regedit.exe.new
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe with %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- %WINDIR%\hh.exe with %WINDIR%\hh.exe.new
- %WINDIR%\NOTEPAD.EXE with %WINDIR%\notepad.exe.new
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe with %WINDIR%\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
- <SYSTEM32>\dllcache\oemig50.exe with <SYSTEM32>\dllcache\oemig50.exe.new
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe with %WINDIR%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe with %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\ngen.exe with %WINDIR%\Microsoft.NET\Framework\v2.0.50727\ngen.exe
- <SYSTEM32>\dllcache\wabmig.exe with <SYSTEM32>\dllcache\wabmig.exe.new
- %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe with %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
- %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe with %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
- %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe with %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
- <SYSTEM32>\dllcache\setup50.exe with <SYSTEM32>\dllcache\setup50.exe.new
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe with %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe with %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
- <SYSTEM32>\dllcache\wab.exe with <SYSTEM32>\dllcache\wab.exe.new
- <SYSTEM32>\dllcache\wordpad.exe with <SYSTEM32>\dllcache\wordpad.exe.new
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\csc.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\csc.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\CasPol.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe
- <SYSTEM32>\dllcache\dialer.exe with <SYSTEM32>\dllcache\dialer.exe.new
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\jsc.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\jsc.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe
- <SYSTEM32>\dllcache\hh.exe with <SYSTEM32>\dllcache\hh.exe.new
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
- <SYSTEM32>\dllcache\pinball.exe with <SYSTEM32>\dllcache\pinball.exe.new
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\ilasm.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\ilasm.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe
- <SYSTEM32>\dllcache\wmplayer.exe with <SYSTEM32>\dllcache\wmplayer.exe.new
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe
- %WINDIR%\Help\Tours\mmTour\tour.exe with %WINDIR%\Help\Tours\mmTour\tour.exe.new
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
- <SYSTEM32>\dllcache\mplayer2.exe with <SYSTEM32>\dllcache\mplayer2.exe.new
- %WINDIR%\Microsoft.NET\Framework\v3.5\WFServicesReg.exe with %WINDIR%\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\bad180 with %WINDIR%\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe with %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe with %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe
- <SYSTEM32>\dllcache\setup_wm.exe with <SYSTEM32>\dllcache\setup_wm.exe.new
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe with %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe with %WINDIR%\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- <SYSTEM32>\dllcache\bckgzm.exe with <SYSTEM32>\dllcache\bckgzm.exe.new
- %WINDIR%\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe with %WINDIR%\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe
- %WINDIR%\Microsoft.NET\Framework\NETFXSBS10.exe with %WINDIR%\Microsoft.NET\Framework\NETFXSBS10.exe
- <SYSTEM32>\dllcache\chkrzm.exe with <SYSTEM32>\dllcache\chkrzm.exe.new
- %WINDIR%\winhlp32.exe with %WINDIR%\winhlp32.exe
- %WINDIR%\twunk_32.exe with %WINDIR%\twunk_32.exe
- %WINDIR%\Microsoft.NET\NETFXRepair.exe with %WINDIR%\Microsoft.NET\NETFXRepair.exe
- %WINDIR%\Help\Tours\mmTour\tour.exe with %WINDIR%\Help\Tours\mmTour\tour.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe with %WINDIR%\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
- <SYSTEM32>\dllcache\hrtzzm.exe with <SYSTEM32>\dllcache\hrtzzm.exe.new
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\cvtres.exe with %WINDIR%\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\csc.exe with %WINDIR%\Microsoft.NET\Framework\v1.1.4322\csc.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe with %WINDIR%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe with %WINDIR%\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CasPol.exe with %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe with %WINDIR%\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- <SYSTEM32>\dllcache\moviemk.exe with <SYSTEM32>\dllcache\moviemk.exe.new
- <SYSTEM32>\dllcache\icwconn2.exe with <SYSTEM32>\dllcache\icwconn2.exe.new
- <SYSTEM32>\dllcache\icwconn1.exe with <SYSTEM32>\dllcache\icwconn1.exe.new
- <SYSTEM32>\dllcache\icwtutor.exe with <SYSTEM32>\dllcache\icwtutor.exe.new
- <SYSTEM32>\dllcache\icwrmind.exe with <SYSTEM32>\dllcache\icwrmind.exe.new
- <SYSTEM32>\dllcache\sapisvr.exe with <SYSTEM32>\dllcache\sapisvr.exe.new
- <SYSTEM32>\dllcache\msinfo32.exe with <SYSTEM32>\dllcache\msinfo32.exe.new
- <SYSTEM32>\dllcache\iexplore.exe with <SYSTEM32>\dllcache\iexplore.exe.new
- <SYSTEM32>\dllcache\iedw.exe with <SYSTEM32>\dllcache\iedw.exe.new
- %WINDIR%\sfk.exe with %WINDIR%\sfk.exe
- %WINDIR%\regedit.exe with %WINDIR%\regedit.exe
- %WINDIR%\TASKMAN.EXE with %WINDIR%\TASKMAN.EXE
- %WINDIR%\sleep.exe with %WINDIR%\sleep.exe
- <SYSTEM32>\dllcache\isignup.exe with <SYSTEM32>\dllcache\isignup.exe.new
- <SYSTEM32>\dllcache\inetwiz.exe with <SYSTEM32>\dllcache\inetwiz.exe.new
- %WINDIR%\NOTEPAD.EXE with %WINDIR%\NOTEPAD.EXE
- %WINDIR%\hh.exe with %WINDIR%\hh.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CasPol.exe with %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- <SYSTEM32>\dllcache\conf.exe with <SYSTEM32>\dllcache\conf.exe.new
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\csc.exe with %WINDIR%\Microsoft.NET\Framework\v2.0.50727\csc.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad181 with %WINDIR%\Microsoft.NET\Framework\v2.0.50727\csc.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe with %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe with %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe with %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe with %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe with %WINDIR%\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\ilasm.exe with %WINDIR%\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\jsc.exe with %WINDIR%\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- <SYSTEM32>\dllcache\msimn.exe with <SYSTEM32>\dllcache\msimn.exe.new
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe with %WINDIR%\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe with %WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
- <SYSTEM32>\dllcache\wb32.exe with <SYSTEM32>\dllcache\wb32.exe.new
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\IEExec.exe with %WINDIR%\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- <SYSTEM32>\dllcache\cb32.exe with <SYSTEM32>\dllcache\cb32.exe.new
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\MigPol.exe with %WINDIR%\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\jsc.exe with %WINDIR%\Microsoft.NET\Framework\v1.1.4322\jsc.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe with %WINDIR%\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
- <SYSTEM32>\dllcache\shvlzm.exe with <SYSTEM32>\dllcache\shvlzm.exe.new
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\IEExec.exe with %WINDIR%\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
- <SYSTEM32>\dllcache\rvsezm.exe with <SYSTEM32>\dllcache\rvsezm.exe.new
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe with %WINDIR%\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\ilasm.exe with %WINDIR%\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe with %WINDIR%\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\vbc.exe with %WINDIR%\Microsoft.NET\Framework\v1.1.4322\vbc.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe with %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe with %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe with %WINDIR%\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\ngen.exe with %WINDIR%\Microsoft.NET\Framework\v1.1.4322\ngen.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe with %WINDIR%\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
- <SYSTEM32>\dllcache\zclientm.exe with <SYSTEM32>\dllcache\zclientm.exe.new
- C:\boot00.exe
- <Full path to virus>.exe
- C:\boot00.exe (downloaded from the Internet)
- %PROGRAM_FILES%\MSN Gaming Zone\Windows\zClientm.exe
- %PROGRAM_FILES%\MSN Gaming Zone\Windows\shvlzm.exe
- %PROGRAM_FILES%\MSN Gaming Zone\Windows\Rvsezm.exe
- %PROGRAM_FILES%\NetMeeting\cb32.exe
- %PROGRAM_FILES%\Outlook Express\msimn.exe
- %PROGRAM_FILES%\NetMeeting\wb32.exe
- %PROGRAM_FILES%\NetMeeting\conf.exe
- %PROGRAM_FILES%\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe
- %PROGRAM_FILES%\MSN\MSNCoreFiles\Install\msnsusii.exe
- %PROGRAM_FILES%\Movie Maker\moviemk.exe
- %PROGRAM_FILES%\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe
- %PROGRAM_FILES%\MSN Gaming Zone\Windows\hrtzzm.exe
- %PROGRAM_FILES%\MSN Gaming Zone\Windows\chkrzm.exe
- %PROGRAM_FILES%\MSN Gaming Zone\Windows\bckgzm.exe
- %PROGRAM_FILES%\Windows NT\hypertrm.exe
- %PROGRAM_FILES%\Windows NT\dialer.exe
- %PROGRAM_FILES%\Windows Media Player\wmplayer.exe
- %PROGRAM_FILES%\Windows NT\Accessories\wordpad.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\RestorePointSize
- <Auxiliary element>
- %PROGRAM_FILES%\Windows NT\Pinball\PINBALL.EXE
- %PROGRAM_FILES%\Outlook Express\wab.exe
- %PROGRAM_FILES%\Outlook Express\setup50.exe
- %PROGRAM_FILES%\Outlook Express\oemig50.exe
- %PROGRAM_FILES%\Outlook Express\wabmig.exe
- %PROGRAM_FILES%\Windows Media Player\setup_wm.exe
- %PROGRAM_FILES%\Windows Media Player\mplayer2.exe
- %PROGRAM_FILES%\Windows Media Player\migrate.exe
- %PROGRAM_FILES%\FireFox\mangle.exe
- %PROGRAM_FILES%\FireFox\js.exe
- %PROGRAM_FILES%\FireFox\firefox.exe
- %PROGRAM_FILES%\FireFox\nsinstall.exe
- %PROGRAM_FILES%\FireFox\updater.exe
- %PROGRAM_FILES%\FireFox\shlibsign.exe
- %PROGRAM_FILES%\FireFox\plugin-container.exe
- %CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE
- C:\Far2\Far.exe
- C:\boot00.exe
- %CommonProgramFiles%\Microsoft Shared\DW\DWTRIG20.EXE
- %PROGRAM_FILES%\FireFox\crashreporter.exe
- %CommonProgramFiles%\Microsoft Shared\Speech\sapisvr.exe
- %CommonProgramFiles%\Microsoft Shared\MSInfo\msinfo32.exe
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\icwrmind.exe
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\icwconn2.exe
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\icwconn1.exe
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\icwtutor.exe
- %PROGRAM_FILES%\Messenger\msmsgs.exe
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\isignup.exe
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\inetwiz.exe
- %PROGRAM_FILES%\FireFox\xpt_dump.exe
- %PROGRAM_FILES%\FireFox\xpidl.exe
- %PROGRAM_FILES%\FireFox\xpcshell.exe
- %PROGRAM_FILES%\FireFox\xpt_link.exe
- %PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE
- %PROGRAM_FILES%\Internet Explorer\iedw.exe
- %PROGRAM_FILES%\FireFox\uninstall\helper.exe
- <Current directory>\bad12
- C:\boot00.exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\bad65
- %WINDIR%\Microsoft.NET\Framework\v3.5\bad191
- %WINDIR%\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\bad197
- %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\bad173
- %WINDIR%\Microsoft.NET\Framework\v3.0\WPF\bad92
- %WINDIR%\Microsoft.NET\Framework\v3.5\bad5
- %WINDIR%\Microsoft.NET\Framework\v3.5\bad100
- %WINDIR%\Microsoft.NET\Framework\v3.5\bad129
- %WINDIR%\Microsoft.NET\Framework\v3.5\bad79
- %WINDIR%\Microsoft.NET\Framework\v3.5\bad40
- %WINDIR%\Microsoft.NET\Framework\v3.5\bad180
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad12
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad172
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad183
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad97
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad160
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad148
- %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\bad127
- %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\bad104
- %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\bad159
- %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\bad23
- %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\bad122
- %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\bad198
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad36
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad129
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad126
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad119
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad167
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad163
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad26
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad66
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad162
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad18
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad39
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad75
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad30
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad11
- %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\bad83
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad174
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad133
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad32
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad93
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad135
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad193
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad46
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad24
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad115
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad181
- %WINDIR%\Microsoft.NET\Framework\bad134
- %WINDIR%\Microsoft.NET\bad0
- %WINDIR%\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\bad55
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad27
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad25
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad147
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad77
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad119
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad62
- %WINDIR%\bad63
- %WINDIR%\bad164
- %WINDIR%\bad142
- %WINDIR%\bad131
- %WINDIR%\bad108
- %WINDIR%\bad176
- %WINDIR%\bad116
- %WINDIR%\Help\Tours\mmTour\bad79
- %WINDIR%\bad138
- %WINDIR%\bad158
- %WINDIR%\bad122
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad143
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad72
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad69
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad70
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad137
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad181
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad99
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad161
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad196
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad33
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad121
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad88
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad110
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad12
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad131
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad154
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad135
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad170
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad93
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad110
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad130
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad169
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad43
- from %WINDIR%\Microsoft.NET\Framework\v3.5\AddInProcess32.exe to %WINDIR%\Microsoft.NET\Framework\v3.5\bad191
- from %WINDIR%\Microsoft.NET\Framework\v3.5\AddInUtil.exe to %WINDIR%\Microsoft.NET\Framework\v3.5\bad5
- from %WINDIR%\Microsoft.NET\Framework\v3.5\AddInProcess.exe to %WINDIR%\Microsoft.NET\Framework\v3.5\bad65
- from %WINDIR%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe to %WINDIR%\Microsoft.NET\Framework\v3.0\WPF\bad92
- from %WINDIR%\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe to %WINDIR%\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\bad197
- from %WINDIR%\Microsoft.NET\Framework\v3.5\csc.exe to %WINDIR%\Microsoft.NET\Framework\v3.5\bad40
- from %WINDIR%\Microsoft.NET\Framework\v3.5\vbc.exe to %WINDIR%\Microsoft.NET\Framework\v3.5\bad129
- from %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe to %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\bad198
- from %WINDIR%\Microsoft.NET\Framework\v3.5\MSBuild.exe to %WINDIR%\Microsoft.NET\Framework\v3.5\bad100
- from %WINDIR%\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe to %WINDIR%\Microsoft.NET\Framework\v3.5\bad180
- from %WINDIR%\Microsoft.NET\Framework\v3.5\EdmGen.exe to %WINDIR%\Microsoft.NET\Framework\v3.5\bad79
- from %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe to %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\bad173
- from %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe to %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad12
- from %WINDIR%\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe to %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad172
- from %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe to %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad183
- from %WINDIR%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe to %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad97
- from %WINDIR%\Microsoft.NET\Framework\v2.0.50727\ngen.exe to %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad160
- from %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe to %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad148
- from %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe to %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\bad127
- from %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe to %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\bad104
- from %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe to %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\bad159
- from %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe to %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\bad23
- from %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe to %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\bad122
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe to %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad129
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe to %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad163
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe to %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad36
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe to %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad167
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\csc.exe to %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad126
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe to %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad18
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe to %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad66
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe to %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad148
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\jsc.exe to %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad26
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\ilasm.exe to %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad39
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe to %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad162
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\CasPol.exe to %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad119
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe to %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad75
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe to %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad30
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe to %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad11
- from %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe to %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\bad83
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe to %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad174
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe to %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad133
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe to %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad32
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe to %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad93
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe to %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad135
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe to %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad193
- from %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe to %WINDIR%\Microsoft.NET\Framework\v4.0.30319\bad46
- from %WINDIR%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe to %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad181
- from %WINDIR%\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe to %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad27
- from %WINDIR%\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe to %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad115
- from %WINDIR%\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe to %WINDIR%\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\bad55
- from %WINDIR%\Microsoft.NET\Framework\NETFXSBS10.exe to %WINDIR%\Microsoft.NET\Framework\bad134
- from %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CasPol.exe to %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad119
- from %WINDIR%\Microsoft.NET\Framework\v1.1.4322\IEExec.exe to %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad147
- from %WINDIR%\Microsoft.NET\Framework\v1.1.4322\ilasm.exe to %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad143
- from %WINDIR%\Microsoft.NET\Framework\v1.1.4322\cvtres.exe to %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad25
- from %WINDIR%\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe to %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad62
- from %WINDIR%\Microsoft.NET\Framework\v1.1.4322\csc.exe to %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad77
- from %WINDIR%\Microsoft.NET\NETFXRepair.exe to %WINDIR%\Microsoft.NET\bad0
- from %WINDIR%\sfk.exe to %WINDIR%\bad63
- from %WINDIR%\sleep.exe to %WINDIR%\bad164
- from %WINDIR%\regedit.exe to %WINDIR%\bad142
- from %WINDIR%\hh.exe to %WINDIR%\bad131
- from %WINDIR%\NOTEPAD.EXE to %WINDIR%\bad108
- from %WINDIR%\TASKMAN.EXE to %WINDIR%\bad176
- from %WINDIR%\winhlp32.exe to %WINDIR%\bad116
- from %WINDIR%\Help\Tours\mmTour\tour.exe to %WINDIR%\Help\Tours\mmTour\bad79
- from %WINDIR%\winhelp.exe to %WINDIR%\bad138
- from %WINDIR%\twunk_16.exe to %WINDIR%\bad158
- from %WINDIR%\twunk_32.exe to %WINDIR%\bad122
- from %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CasPol.exe to %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad69
- from %WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe to %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad99
- from %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe to %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad72
- from %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe to %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad181
- from %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe to %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad70
- from %WINDIR%\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe to %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad121
- from %WINDIR%\Microsoft.NET\Framework\v2.0.50727\jsc.exe to %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad196
- from %WINDIR%\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe to %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad24
- from %WINDIR%\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe to %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad161
- from %WINDIR%\Microsoft.NET\Framework\v2.0.50727\IEExec.exe to %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad88
- from %WINDIR%\Microsoft.NET\Framework\v2.0.50727\ilasm.exe to %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad33
- from %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe to %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad137
- from %WINDIR%\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe to %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad110
- from %WINDIR%\Microsoft.NET\Framework\v1.1.4322\ngen.exe to %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad12
- from %WINDIR%\Microsoft.NET\Framework\v1.1.4322\MigPol.exe to %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad131
- from %WINDIR%\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe to %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad154
- from %WINDIR%\Microsoft.NET\Framework\v1.1.4322\jsc.exe to %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad135
- from %WINDIR%\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe to %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad170
- from %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe to %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad93
- from %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe to %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad110
- from %WINDIR%\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe to %WINDIR%\Microsoft.NET\Framework\v2.0.50727\bad130
- from %WINDIR%\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe to %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad169
- from %WINDIR%\Microsoft.NET\Framework\v1.1.4322\vbc.exe to %WINDIR%\Microsoft.NET\Framework\v1.1.4322\bad43
- from %PROGRAM_FILES%\Outlook Express\wab.exe.new to %PROGRAM_FILES%\Outlook Express\wab.exe
- from %PROGRAM_FILES%\Outlook Express\setup50.exe.new to %PROGRAM_FILES%\Outlook Express\setup50.exe
- from %PROGRAM_FILES%\Windows Media Player\migrate.exe.new to %PROGRAM_FILES%\Windows Media Player\migrate.exe
- from %PROGRAM_FILES%\Outlook Express\wabmig.exe.new to %PROGRAM_FILES%\Outlook Express\wabmig.exe
- from %PROGRAM_FILES%\Outlook Express\oemig50.exe.new to %PROGRAM_FILES%\Outlook Express\oemig50.exe
- from %PROGRAM_FILES%\NetMeeting\conf.exe.new to %PROGRAM_FILES%\NetMeeting\conf.exe
- from %PROGRAM_FILES%\NetMeeting\cb32.exe.new to %PROGRAM_FILES%\NetMeeting\cb32.exe
- from %PROGRAM_FILES%\Outlook Express\msimn.exe.new to %PROGRAM_FILES%\Outlook Express\msimn.exe
- from %PROGRAM_FILES%\NetMeeting\wb32.exe.new to %PROGRAM_FILES%\NetMeeting\wb32.exe
- from <SYSTEM32>\dllcache\rvsezm.exe.new to <SYSTEM32>\dllcache\rvsezm.exe
- from %PROGRAM_FILES%\Windows NT\Pinball\pinball.exe.new to %PROGRAM_FILES%\Windows NT\Pinball\pinball.exe
- from <SYSTEM32>\dllcache\pinball.exe.new to <SYSTEM32>\dllcache\pinball.exe
- from <SYSTEM32>\dllcache\zclientm.exe.new to <SYSTEM32>\dllcache\zclientm.exe
- from %PROGRAM_FILES%\Windows NT\Accessories\wordpad.exe.new to %PROGRAM_FILES%\Windows NT\Accessories\wordpad.exe
- from %PROGRAM_FILES%\Windows Media Player\setup_wm.exe.new to %PROGRAM_FILES%\Windows Media Player\setup_wm.exe
- from %PROGRAM_FILES%\Windows Media Player\mplayer2.exe.new to %PROGRAM_FILES%\Windows Media Player\mplayer2.exe
- from %PROGRAM_FILES%\Windows NT\dialer.exe.new to %PROGRAM_FILES%\Windows NT\dialer.exe
- from %PROGRAM_FILES%\Windows Media Player\wmplayer.exe.new to %PROGRAM_FILES%\Windows Media Player\wmplayer.exe
- from %PROGRAM_FILES%\MSN Gaming Zone\Windows\zclientm.exe.new to %PROGRAM_FILES%\MSN Gaming Zone\Windows\zclientm.exe
- from %PROGRAM_FILES%\Internet Explorer\Connection Wizard\icwconn2.exe.new to %PROGRAM_FILES%\Internet Explorer\Connection Wizard\icwconn2.exe
- from %PROGRAM_FILES%\Internet Explorer\Connection Wizard\icwconn1.exe.new to %PROGRAM_FILES%\Internet Explorer\Connection Wizard\icwconn1.exe
- from %PROGRAM_FILES%\Internet Explorer\Connection Wizard\icwtutor.exe.new to %PROGRAM_FILES%\Internet Explorer\Connection Wizard\icwtutor.exe
- from %PROGRAM_FILES%\Internet Explorer\Connection Wizard\icwrmind.exe.new to %PROGRAM_FILES%\Internet Explorer\Connection Wizard\icwrmind.exe
- from %PROGRAM_FILES%\Internet Explorer\iexplore.exe.new to %PROGRAM_FILES%\Internet Explorer\iexplore.exe
- from %CommonProgramFiles%\Microsoft Shared\MSInfo\msinfo32.exe.new to %CommonProgramFiles%\Microsoft Shared\MSInfo\msinfo32.exe
- from <Full path to virus>.exe to <Current directory>\bad12
- from %PROGRAM_FILES%\Internet Explorer\iedw.exe.new to %PROGRAM_FILES%\Internet Explorer\iedw.exe
- from %CommonProgramFiles%\Microsoft Shared\Speech\sapisvr.exe.new to %CommonProgramFiles%\Microsoft Shared\Speech\sapisvr.exe
- from %PROGRAM_FILES%\MSN Gaming Zone\Windows\hrtzzm.exe.new to %PROGRAM_FILES%\MSN Gaming Zone\Windows\hrtzzm.exe
- from %PROGRAM_FILES%\MSN Gaming Zone\Windows\chkrzm.exe.new to %PROGRAM_FILES%\MSN Gaming Zone\Windows\chkrzm.exe
- from %PROGRAM_FILES%\MSN Gaming Zone\Windows\shvlzm.exe.new to %PROGRAM_FILES%\MSN Gaming Zone\Windows\shvlzm.exe
- from %PROGRAM_FILES%\MSN Gaming Zone\Windows\rvsezm.exe.new to %PROGRAM_FILES%\MSN Gaming Zone\Windows\rvsezm.exe
- from %PROGRAM_FILES%\MSN Gaming Zone\Windows\bckgzm.exe.new to %PROGRAM_FILES%\MSN Gaming Zone\Windows\bckgzm.exe
- from %PROGRAM_FILES%\Internet Explorer\Connection Wizard\isignup.exe.new to %PROGRAM_FILES%\Internet Explorer\Connection Wizard\isignup.exe
- from %PROGRAM_FILES%\Internet Explorer\Connection Wizard\inetwiz.exe.new to %PROGRAM_FILES%\Internet Explorer\Connection Wizard\inetwiz.exe
- from <SYSTEM32>\dllcache\iexplore.exe.new to <SYSTEM32>\dllcache\iexplore.exe
- from %PROGRAM_FILES%\Movie Maker\moviemk.exe.new to %PROGRAM_FILES%\Movie Maker\moviemk.exe
- 'www.vi###192.h18.ru':80
- www.vi###192.h18.ru/1.exe
- DNS ASK www.vi###192.h18.ru