Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'test' = 'e:\YahooMessenger.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'test' = 'f:\YahooMessenger.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'test' = '<Drive name for removable media>:\YahooMessenger.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'test' = 'c:\IDM.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'test' = 'c:\xampp\log.exe'
- <Drive name for removable media>:\YahooMessenger.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- '<SYSTEM32>\tskill.exe' /A avsch*
- '<SYSTEM32>\tskill.exe' /A sche*
- '<SYSTEM32>\tskill.exe' /A panda*
- '<SYSTEM32>\tskill.exe' /A pav*
- '<SYSTEM32>\tskill.exe' /A padmin
- '<SYSTEM32>\tskill.exe' /A sweep*
- '<SYSTEM32>\tskill.exe' /A scan*
- '<SYSTEM32>\tskill.exe' /A realm*
- '<SYSTEM32>\tskill.exe' /A syman*
- '<SYSTEM32>\tskill.exe' /A virus*
- '<SYSTEM32>\tskill.exe' /A nisum*
- '<SYSTEM32>\tskill.exe' /A issvc
- '<SYSTEM32>\tskill.exe' /A loge*
- '<SYSTEM32>\tskill.exe' /A ccc*
- '<SYSTEM32>\tskill.exe' /A npfmn*
- '<SYSTEM32>\tskill.exe' /A cpd*
- '<SYSTEM32>\tskill.exe' /A pop*
- '<SYSTEM32>\tskill.exe' /A pcc*
- '<SYSTEM32>\tskill.exe' /A tmp*
- '<SYSTEM32>\tskill.exe' /A tmn*
- '<SYSTEM32>\tskill.exe' /A ad-*
- '<SYSTEM32>\reg.exe' add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v test /t REG_SZ /d c:\xampp\log.exe /f
- '<SYSTEM32>\reg.exe' add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v test /t REG_SZ /d %PROGRAM_FILES%\Microsoft Office\log.exe /f
- '<SYSTEM32>\reg.exe' add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v test /t REG_SZ /d %PROGRAM_FILES%\log.exe /f
- '<SYSTEM32>\reg.exe' add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v test /t REG_SZ /d c:\Documents and Settings\log.exe /f
- '<SYSTEM32>\reg.exe' add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v test /t REG_SZ /d c:\Documents and Settings\user\log.exe /f
- '<SYSTEM32>\reg.exe' add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v test /t REG_SZ /d e:\YahooMessenger.exe /f
- '<SYSTEM32>\reg.exe' add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v test /t REG_SZ /d f:\YahooMessenger.exe /f
- '<SYSTEM32>\reg.exe' add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v test /t REG_SZ /d <Drive name for removable media>:\YahooMessenger.exe /f
- '<SYSTEM32>\reg.exe' add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v test /t REG_SZ /d %PROGRAM_FILES%\Mozilla Firefox\log.exe /f
- '<SYSTEM32>\reg.exe' add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v test /t REG_SZ /d %PROGRAM_FILES%\Adobe\log.exe /f
- '<SYSTEM32>\tskill.exe' /A offg*
- '<SYSTEM32>\net.exe' stop "Security Center"
- '<SYSTEM32>\tskill.exe' /A norm*
- '<SYSTEM32>\tskill.exe' /A safe*
- '<SYSTEM32>\tskill.exe' /A avas*
- '%WINDIR%\regedit.exe' /S "%HOMEPATH%\Local Settings\Temp.kill.reg"
- '<SYSTEM32>\reg.exe' add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v test /t REG_SZ /d c:\IDM.exe /f
- '<SYSTEM32>\net1.exe' stop SharedAccess
- '<SYSTEM32>\net1.exe' stop "Security Center"
- '<SYSTEM32>\net.exe' stop SharedAccess
- '<SYSTEM32>\tskill.exe' /A nv*
- '<SYSTEM32>\tskill.exe' /A nav*
- '<SYSTEM32>\tskill.exe' /A OUTPOST
- '<SYSTEM32>\tskill.exe' /A ZONEALARM
- '<SYSTEM32>\tskill.exe' /A SAFEWEB
- '<SYSTEM32>\tskill.exe' /A BLACKICE
- '<SYSTEM32>\tskill.exe' /A def*
- '<SYSTEM32>\tskill.exe' /A cle
- '<SYSTEM32>\tskill.exe' /A F-*
- '<SYSTEM32>\tskill.exe' /A ESAFE
- '<SYSTEM32>\tskill.exe' /A av*
- '<SYSTEM32>\tskill.exe' /A fire*
- '<SYSTEM32>\netsh.exe' firewall set opmode mode=disable
- '<SYSTEM32>\net.exe' stop УSecurity CenterФ
- '<SYSTEM32>\net1.exe' stop УSecurity CenterФ
- '<SYSTEM32>\tskill.exe' /A PersFw
- '<SYSTEM32>\tskill.exe' /A KAV*
- '<SYSTEM32>\tskill.exe' /A bullguard
- '<SYSTEM32>\tskill.exe' /A anti*
- '<SYSTEM32>\tskill.exe' /A spy*
- '<SYSTEM32>\tskill.exe' /A kav
- '<SYSTEM32>\tskill.exe' /A zauinst
- '<SYSTEM32>\tskill.exe' /A upd*
- '<SYSTEM32>\tskill.exe' /A zap*
- '<SYSTEM32>\tskill.exe' /A msiexec
- '<SYSTEM32>\tskill.exe' /A isafe
- '<SYSTEM32>\tskill.exe' /A norton*
- '<SYSTEM32>\tskill.exe' /A norton au*
- '<SYSTEM32>\tskill.exe' /A cc*
- '<SYSTEM32>\tskill.exe' /A zlclien*
- '<SYSTEM32>\tskill.exe' /A minilog
- '<SYSTEM32>\tskill.exe' /A ewid*
- '<SYSTEM32>\tskill.exe' /A guard*
- '<SYSTEM32>\tskill.exe' /A aswupdsv
- '<SYSTEM32>\tskill.exe' /A avg*
- '<SYSTEM32>\tskill.exe' /A ash*
- '<SYSTEM32>\tskill.exe' /A mcafe*
- '<SYSTEM32>\tskill.exe' /A mghtml
- '<SYSTEM32>\tskill.exe' /A msmp*
- '<SYSTEM32>\tskill.exe' /A guar*
- '<SYSTEM32>\tskill.exe' /A gcasDt*
- outpost.exe
- NAVAPW32.EXE
- firefox.exe
- ZONEALARM.EXE
- ash.exe
- GUARD.EXE
- zapro.exe
- ashAvast.exe
- ashAvSrv.exe
- AVGCTRL.EXE
- AVP.COM
- avgcc.exe
- AVGCC32.EXE
- AVP.EXE
- AVPM.EXE
- AVSYNMGR.EXE
- AVP32.EXE
- AVPCC.EXE
- C:\IDM.exe
- %HOMEPATH%\Local Settings\Temp.kill.reg
- %TEMP%\2776IRKB.bat
- %TEMP%\2776IRKB.bat
- %TEMP%\2776IRKB.bat
- %HOMEPATH%\Local Settings\Temp.kill.reg
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'