Skip to main content

DeepScan.Generic.Malware.SIMg.C10D24B2_a74de57159

  • Updated

DeepScan:Generic.Malware.SIM!g.C10D24B2 (BitDefender), Virus:Win32/Duel.A@mm (Microsoft), HEUR:Trojan.Win32.Generic (Kaspersky), LooksLike.Win32.Malware!B (v) (VIPRE), Trojan.PWS.Qqshou.829 (DrWeb), DeepScan:Generic.Malware.SIM!g.C10D24B2 (B) (Emsisoft), Generic-FAGI!A74DE5715932 (McAfee), W32.Mixor (Symantec), Email-Worm.Win32.Brontok (Ikarus), DeepScan:Generic.Malware.SIM!g.C10D24B2 (FSecure), I-Worm/Luder.A (AVG), Win32:Malware-gen (Avast), Mal_Xed-3 (TrendMicro), DeepScan:Generic.Malware.SIM!g.C10D24B2 (AdAware), GenericEmailWorm.YR, GenericIRCBot.YR (Lavasoft MAS)Behaviour: Trojan, Worm, Email-Worm, EmailWorm, Virus, IRCBot

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: a74de571593227bbc39b3daf0a235ff1

SHA1: eace7d5bb3e32df07474a13a2488672a84f6775a

SHA256: c90fb16b571932e0f6c01e635f308f342c68b815233a6e6d8663f0db7f2cabd8

SSDeep: 768:PgTLAGXHtIhPOqI8srORTUqjx9JcK/xpZ2:PAhX GqwrigqjD9

Size: 48128 bytes

File type: EXE

Platform: WIN32

Entropy: Not Packed

PEID: UPolyXv05_v6

Company: no certificate found

Created at: 2035-12-07 07:40:02

Analyzed on: WindowsXP SP3 32-bit

Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Dynamic Analysis

Payload

Behaviour Description
EmailWormWorm can send e-mails.
IRCBotA bot can communicate with command and control servers via IRC channel.


Process activity

The DeepScan creates the following process(es):

%original file name%.exe:2016
rzqyjaaar.iza:1068
rzqyjaaar.iza:1816

The DeepScan injects its code into the following process(es):No processes have been created.

File activity

The process %original file name%.exe:2016 makes changes in the file system.


The DeepScan creates and/or writes to the following file(s):

%Program Files%\MSN Gaming Zone\Windows\iazzzarib.yqa (48 bytes)
%Program Files%\NetMeeting\bijrazyiy.aibiazzzarib.yqa (48 bytes)
%WinDir%\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\byjayayar.abr (48 bytes)
%WinDir%\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5\rrrziiirr.qyr (48 bytes)
%WinDir%\SoftwareDistribution\Download\0c1e5e0ffeb238b1ee5c9ea3a4878374\update\yqyajqiaq.jjr (48 bytes)
C:\totalcmd\byjayayar.abr (48 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\rrrziiirr.qyr (48 bytes)
%WinDir%\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\update\rrrziiirr.qyr (48 bytes)
%WinDir%\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2\zbzbyqqjb.yjz (48 bytes)
%WinDir%\ime\imkr6_1\rrrziiirr.qyr (48 bytes)
%WinDir%\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\update\rrrziiirr.qyr (48 bytes)
%WinDir%\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\rzqyjaaar.iza (48 bytes)
%WinDir%\SoftwareDistribution\Download\57b4b90cc3eead9f6c29b58581d03ae4\update\rzqyjaaar.iza (48 bytes)
%WinDir%\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba\zbzbyqqjb.yjz (48 bytes)
%WinDir%\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\update\byjayayar.abr (48 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\yqyajqiaq.jjr (48 bytes)
%WinDir%\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5\update\abrrararq.qjy (48 bytes)
%WinDir%\SoftwareDistribution\Download\cb88a2f03b29735db957d61a63df6504\update\iazzzarib.yqa (48 bytes)
%WinDir%\Network Diagnostic\zbzbyqqjb.yjz (48 bytes)
%Program Files%\Outlook Express\rrrziiirr.qyrarib.yqa (48 bytes)
%WinDir%\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d\update\zbzbyqqjb.yjz (48 bytes)
%WinDir%\SoftwareDistribution\Download\30438597a812a5d1d7979088d451747f\rrrziiirr.qyr (48 bytes)
%WinDir%\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2\update\byjayayar.abr (48 bytes)
%WinDir%\SoftwareDistribution\Download\bc81666f3868f34642e3f5adbc2719f9\update\rrrziiirr.qyr (48 bytes)
%WinDir%\SoftwareDistribution\Download\0000894bab70b145c3629920ba907f7a\update\iazzzarib.yqa (48 bytes)
%WinDir%\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd\rzqyjaaar.iza (48 bytes)
%Program Files%\NetMeeting\yqyajqiaq.jjriazzzarib.yqa (48 bytes)
%WinDir%\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\rrrziiirr.qyr (48 bytes)
%WinDir%\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\update\rzqyjaaar.iza (48 bytes)
%WinDir%\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\abrrararq.qjy (48 bytes)
%WinDir%\SoftwareDistribution\Download\30438597a812a5d1d7979088d451747f\update\abrrararq.qjy (48 bytes)
%WinDir%\SoftwareDistribution\Download\b6f4642d2b8dc03c5ce1b1a4f77b1bda\abrrararq.qjy (48 bytes)
%WinDir%\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\byjayayar.abr (48 bytes)
%WinDir%\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\update\iazzzarib.yqa (48 bytes)
%WinDir%\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\zbzbyqqjb.yjz (48 bytes)
%WinDir%\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da\update\yqyajqiaq.jjr (48 bytes)
%WinDir%\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\update\bijrazyiy.aib (48 bytes)
%Program Files%\Common Files\Microsoft Shared\MSInfo\bijrazyiy.aib (48 bytes)
%WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\iazzzarib.yqa (48 bytes)
%WinDir%\SoftwareDistribution\Download\8bb5f1c638778df6b77d80bc61ffc63c\yqyajqiaq.jjr (48 bytes)
%WinDir%\SoftwareDistribution\Download\ee4e3d4bf0d346e1b8fdee8197195e59\iazzzarib.yqa (48 bytes)
%WinDir%\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\update\rrrziiirr.qyr (48 bytes)
%WinDir%\SoftwareDistribution\Download\8b9a83d2cde55eb19dc502cc2dd04e0d\update\bijrazyiy.aib (48 bytes)
%WinDir%\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\update\rzqyjaaar.iza (48 bytes)
%WinDir%\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\update\rzqyjaaar.iza (48 bytes)
%WinDir%\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da\bijrazyiy.aib (48 bytes)
%WinDir%\SoftwareDistribution\Download\621a08ac003b616bcaa86aa4d4292d50\update\abrrararq.qjy (48 bytes)
%WinDir%\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\bijrazyiy.aib (48 bytes)
%WinDir%\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\iazzzarib.yqa (48 bytes)
%WinDir%\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6\update\yqyajqiaq.jjr (48 bytes)
%WinDir%\SoftwareDistribution\Download\211409fc1d99b95b32fb0344cad140df\update\rrrziiirr.qyr (48 bytes)
%WinDir%\SoftwareDistribution\Download\c0e4033a7ec549e982572f0d830cf5d0\update\yqyajqiaq.jjr (48 bytes)
%Program Files%\Outlook Express\byjayayar.abrarib.yqa (48 bytes)
%WinDir%\ime\imjp8_1\abrrararq.qjy (48 bytes)
%WinDir%\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\bijrazyiy.aib (48 bytes)
%WinDir%\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\update\iazzzarib.yqa (48 bytes)
%WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\byjayayar.abr (48 bytes)
%WinDir%\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80\byjayayar.abr (48 bytes)
%Program Files%\WinPcap\byjayayar.abrzbyqqjb.yjz.qyra (48 bytes)
%WinDir%\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\yqyajqiaq.jjr (48 bytes)
%WinDir%\pchealth\helpctr\binaries\rzqyjaaar.iza (48 bytes)
%WinDir%\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6\bijrazyiy.aib (48 bytes)
%WinDir%\ime\imjp8_1\iazzzarib.yqa (48 bytes)
%WinDir%\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\iazzzarib.yqa (48 bytes)
%WinDir%\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\update\rrrziiirr.qyr (48 bytes)
%WinDir%\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\update\zbzbyqqjb.yjz (48 bytes)
%WinDir%\$NtUninstallKB898461$\spuninst\yqyajqiaq.jjr (48 bytes)
%Program Files%\Common Files\Adobe\Updater6\zbzbyqqjb.yjz (48 bytes)
%WinDir%\SoftwareDistribution\Download\cb88a2f03b29735db957d61a63df6504\byjayayar.abr (48 bytes)
%Program Files%\Windows NT\Pinball\zbzbyqqjb.yjz.qyra (48 bytes)
%WinDir%\SoftwareDistribution\Download\621a08ac003b616bcaa86aa4d4292d50\rrrziiirr.qyr (48 bytes)
%WinDir%\SoftwareDistribution\Download\8bb5f1c638778df6b77d80bc61ffc63c\update\rzqyjaaar.iza (48 bytes)
%WinDir%\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\update\yqyajqiaq.jjr (48 bytes)
%WinDir%\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\zbzbyqqjb.yjz (48 bytes)
%Program Files%\MSN Gaming Zone\Windows\byjayayar.abrr (48 bytes)
%WinDir%\SoftwareDistribution\Download\e79028ac4f02e201b61b2c632cb0fc5e\rrrziiirr.qyr (48 bytes)
%WinDir%\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\update\zbzbyqqjb.yjz (48 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\byjayayar.abr (48 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rirjiy.jryi.iir (48 bytes)
%WinDir%\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\zbzbyqqjb.yjz (48 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\abrrararq.qjy (48 bytes)
%WinDir%\SoftwareDistribution\Download\0c1e5e0ffeb238b1ee5c9ea3a4878374\bijrazyiy.aib (48 bytes)
%WinDir%\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\abrrararq.qjy (48 bytes)
%WinDir%\SoftwareDistribution\Download\1c47f41cc76cde4c629564d7564f2795\bijrazyiy.aib (48 bytes)
C:\totalcmd\rrrziiirr.qyr (48 bytes)
%WinDir%\SoftwareDistribution\Download\bc81666f3868f34642e3f5adbc2719f9\rzqyjaaar.iza (48 bytes)
%WinDir%\$hf_mig$\KB898461\iazzzarib.yqa (48 bytes)
%WinDir%\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074\update\byjayayar.abr (48 bytes)
%WinDir%\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\SP2QFE\yqyajqiaq.jjr (48 bytes)
%WinDir%\SoftwareDistribution\Download\e5c5fc9bd7a4957f0a45c6db2957c5c9\update\rzqyjaaar.iza (48 bytes)
%WinDir%\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\update\abrrararq.qjy (48 bytes)
%WinDir%\$hf_mig$\KB898461\update\bijrazyiy.aib.qyra (48 bytes)
%WinDir%\ime\imjp8_1\zbzbyqqjb.yjz (48 bytes)
%WinDir%\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074\zbzbyqqjb.yjz (48 bytes)
%WinDir%\SoftwareDistribution\Download\c0e4033a7ec549e982572f0d830cf5d0\bijrazyiy.aib (48 bytes)
%WinDir%\SoftwareDistribution\Download\e79028ac4f02e201b61b2c632cb0fc5e\update\abrrararq.qjy (48 bytes)
%Program Files%\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A93000000001}\iazzzarib.yqaiy.aibarib.yqa (48 bytes)
%WinDir%\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\abrrararq.qjy (48 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\rrrziiirr.qyr (48 bytes)
%WinDir%\SoftwareDistribution\Download\a4c07d9275eb613d842cb1e140d8a426\abrrararq.qjy (48 bytes)
%WinDir%\inf\zbzbyqqjb.yjz (48 bytes)
%WinDir%\SoftwareDistribution\Download\ee4e3d4bf0d346e1b8fdee8197195e59\update\bijrazyiy.aib (48 bytes)
%Program Files%\MSN Gaming Zone\Windows\zbzbyqqjb.yjzr (48 bytes)
%WinDir%\SoftwareDistribution\Download\17e46901add634f15d293735648771e6\update\zbzbyqqjb.yjz (48 bytes)
%WinDir%\SoftwareDistribution\Download\6b7f938fb3db15dab273f3f1702c318c\update\bijrazyiy.aib (48 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\yqyajqiaq.jjr (48 bytes)
%Program Files%\Windows Media Player\rzqyjaaar.iza (48 bytes)
%WinDir%\SoftwareDistribution\Download\1c47f41cc76cde4c629564d7564f2795\update\yqyajqiaq.jjr (48 bytes)
%WinDir%\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\update\bijrazyiy.aib (48 bytes)
%WinDir%\SoftwareDistribution\Download\248802b74506342031e926839639c729\update\abrrararq.qjy (48 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\rzqyjaaar.iza (48 bytes)
%WinDir%\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\update\yqyajqiaq.jjr (48 bytes)
%WinDir%\SoftwareDistribution\Download\248802b74506342031e926839639c729\rrrziiirr.qyr (48 bytes)
%WinDir%\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\rzqyjaaar.iza (48 bytes)
%WinDir%\SoftwareDistribution\Download\dffcab319e36b852e5b2d51802010a7a\update\rrrziiirr.qyr (48 bytes)
%WinDir%\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\yqyajqiaq.jjr (48 bytes)
%WinDir%\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\update\zbzbyqqjb.yjz (48 bytes)
%Program Files%\Windows Media Player\bijrazyiy.aibyqa (48 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\iazzzarib.yqa (48 bytes)
%Program Files%\MSN Gaming Zone\Windows\abrrararq.qjyr (48 bytes)
%WinDir%\byjayayar.abr (48 bytes)
%WinDir%\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\iazzzarib.yqa (48 bytes)
%WinDir%\SoftwareDistribution\Download\8b9a83d2cde55eb19dc502cc2dd04e0d\iazzzarib.yqa (48 bytes)
%WinDir%\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\update\yqyajqiaq.jjr (48 bytes)
%WinDir%\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\update\iazzzarib.yqa (48 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\byjayayar.abr (48 bytes)
%WinDir%\xwrm.exe (48 bytes)
%Program Files%\Outlook Express\abrrararq.qjyarib.yqa (48 bytes)
%WinDir%\Microsoft.NET\Framework\rzqyjaaar.iza (48 bytes)
%Program Files%\Windows NT\Accessories\rrrziiirr.qyra (48 bytes)
%WinDir%\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba\update\byjayayar.abr (48 bytes)
%WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\sp3qfe\zbzbyqqjb.yjz (48 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\bijrazyiy.aib (48 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\bijrazyiy.aibarib.yqa (48 bytes)
%WinDir%\ime\imjp8_1\rzqyjaaar.iza (48 bytes)
%WinDir%\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\abrrararq.qjy (48 bytes)
%WinDir%\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\byjayayar.abr (48 bytes)
%WinDir%\SoftwareDistribution\Download\248802b74506342031e926839639c729\sp3qfe\rzqyjaaar.iza (48 bytes)
%WinDir%\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\rzqyjaaar.iza (48 bytes)
%Program Files%\NetMeeting\rzqyjaaar.izaiazzzarib.yqa (48 bytes)
%WinDir%\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\update\bijrazyiy.aib (48 bytes)
%WinDir%\ime\imjp8_1\yqyajqiaq.jjr (48 bytes)
C:\totalcmd\rzqyjaaar.iza (48 bytes)
%WinDir%\pchealth\helpctr\binaries\iazzzarib.yqa (48 bytes)
%WinDir%\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d\abrrararq.qjy (48 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\iazzzarib.yqa (48 bytes)
%WinDir%\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd\update\rrrziiirr.qyr (48 bytes)
%WinDir%\SoftwareDistribution\Download\e5c5fc9bd7a4957f0a45c6db2957c5c9\yqyajqiaq.jjr (48 bytes)
%Program Files%\Common Files\Microsoft Shared\DW\iazzzarib.yqa (48 bytes)
%WinDir%\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\byjayayar.abr (48 bytes)
%WinDir%\SoftwareDistribution\Download\0000894bab70b145c3629920ba907f7a\byjayayar.abr (48 bytes)
%WinDir%\SoftwareDistribution\Download\6b7f938fb3db15dab273f3f1702c318c\iazzzarib.yqa (48 bytes)
%WinDir%\SoftwareDistribution\Download\57b4b90cc3eead9f6c29b58581d03ae4\yqyajqiaq.jjr (48 bytes)
%WinDir%\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\zbzbyqqjb.yjz (48 bytes)
%WinDir%\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80\update\iazzzarib.yqa (48 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\bijrazyiy.aib (48 bytes)
%WinDir%\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\rrrziiirr.qyr (48 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\yqyajqiaq.jjr (48 bytes)
%WinDir%\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\bijrazyiy.aib (48 bytes)
%WinDir%\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\rzqyjaaar.iza (48 bytes)
%WinDir%\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\update\bijrazyiy.aib (48 bytes)
%WinDir%\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\yqyajqiaq.jjr (48 bytes)
%Program Files%\Common Files\Microsoft Shared\DW\byjayayar.abr (48 bytes)
%WinDir%\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\rzqyjaaar.iza (48 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\zbzbyqqjb.yjz (48 bytes)
%Program Files%\Windows Media Player\yqyajqiaq.jjr (48 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\zbzbyqqjb.yjz (48 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rrrziiirr.qyr (48 bytes)
%WinDir%\ime\imjp8_1\byjayayar.abr (48 bytes)
%WinDir%\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\update\abrrararq.qjy (48 bytes)
%WinDir%\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\update\iazzzarib.yqa (48 bytes)
%WinDir%\SoftwareDistribution\Download\dffcab319e36b852e5b2d51802010a7a\rzqyjaaar.iza (48 bytes)
%WinDir%\SoftwareDistribution\Download\b6f4642d2b8dc03c5ce1b1a4f77b1bda\update\zbzbyqqjb.yjz (48 bytes)
%WinDir%\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\iazzzarib.yqa (48 bytes)
%Program Files%\Windows NT\abrrararq.qjy (48 bytes)
%WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\sp3qfe\abrrararq.qjy (48 bytes)
%WinDir%\SoftwareDistribution\Download\a4c07d9275eb613d842cb1e140d8a426\update\zbzbyqqjb.yjz (48 bytes)
%WinDir%\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\update\byjayayar.abr (48 bytes)
%WinDir%\SoftwareDistribution\Download\196fa81559690e2494e56094df51cdd8\byjayayar.abr (48 bytes)
%WinDir%\SoftwareDistribution\Download\211409fc1d99b95b32fb0344cad140df\rzqyjaaar.iza (48 bytes)
%WinDir%\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\rrrziiirr.qyr (48 bytes)
%WinDir%\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\update\yqyajqiaq.jjr (48 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\abrrararq.qjy (48 bytes)
%WinDir%\SoftwareDistribution\Download\17e46901add634f15d293735648771e6\abrrararq.qjy (48 bytes)
%WinDir%\SoftwareDistribution\Download\196fa81559690e2494e56094df51cdd8\update\iazzzarib.yqa (48 bytes)
%WinDir%\ime\imjp8_1\bijrazyiy.aib (48 bytes)
%WinDir%\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\byjayayar.abr (48 bytes)
%Program Files%\Outlook Express\iazzzarib.yqaarib.yqa (48 bytes)
%WinDir%\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\bijrazyiy.aib (48 bytes)

The process rzqyjaaar.iza:1068 makes changes in the file system.


The DeepScan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\yzaary.jiri.iir (48 bytes)

The process rzqyjaaar.iza:1816 makes changes in the file system.


The DeepScan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\zriajz.brbi.iir (48 bytes)

Registry activity

The process %original file name%.exe:2016 makes changes in the system registry.


The DeepScan creates and/or sets the following values in system registry:


To automatically run itself each time Windows is booted, the DeepScan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"x32x" = "%WinDir%\xwrm.exe"

Dropped PE files

MD5 File path
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\iazzzarib.yqa
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\bijrazyiy.aibarib.yqa
1d694dd82e9bf76691a062f67d8bbc1fc:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\rirjiy.jryi.iir
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Perl\bin\abrrararq.qjy
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Perl\bin\rrrziiirr.qyr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Perl\bin\zbzbyqqjb.yjz
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\Adobe\Reader 9.0\Reader\abrrararq.qjy
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\Adobe\Reader 9.0\Reader\byjayayar.abr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\Adobe\Reader 9.0\Reader\iazzzarib.yqa
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\Adobe\Reader 9.0\Reader\rrrziiirr.qyr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\Adobe\Reader 9.0\Reader\yqyajqiaq.jjr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\Adobe\Reader 9.0\Reader\zbzbyqqjb.yjz
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A93000000001}\iazzzarib.yqaiy.aibarib.yqa
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\Common Files\Adobe\ARM\1.0\bijrazyiy.aib
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\Common Files\Adobe\ARM\1.0\rrrziiirr.qyr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\Common Files\Adobe\ARM\1.0\rzqyjaaar.iza
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\Common Files\Adobe\ARM\1.0\yqyajqiaq.jjr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\Common Files\Adobe\Updater6\zbzbyqqjb.yjz
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\Common Files\Microsoft Shared\DW\byjayayar.abr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\Common Files\Microsoft Shared\DW\iazzzarib.yqa
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\Common Files\Microsoft Shared\MSInfo\bijrazyiy.aib
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\MSN Gaming Zone\Windows\abrrararq.qjyr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\MSN Gaming Zone\Windows\byjayayar.abrr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\MSN Gaming Zone\Windows\iazzzarib.yqa
5ac6cd4642fc24dc829bf5025a557efbc:\Program Files\MSN Gaming Zone\Windows\zClientm.exe
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\MSN Gaming Zone\Windows\zbzbyqqjb.yjzr
5ac6cd4642fc24dc829bf5025a557efbc:\Program Files\MSN Gaming Zone\Windows\zclientm.exe
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\NetMeeting\bijrazyiy.aibiazzzarib.yqa
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\NetMeeting\rzqyjaaar.izaiazzzarib.yqa
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\NetMeeting\yqyajqiaq.jjriazzzarib.yqa
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\Outlook Express\abrrararq.qjyarib.yqa
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\Outlook Express\byjayayar.abrarib.yqa
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\Outlook Express\iazzzarib.yqaarib.yqa
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\Outlook Express\rrrziiirr.qyrarib.yqa
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\WinPcap\byjayayar.abrzbyqqjb.yjz.qyra
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\Windows Media Player\bijrazyiy.aibyqa
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\Windows Media Player\rzqyjaaar.iza
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\Windows Media Player\yqyajqiaq.jjr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\Windows NT\Accessories\rrrziiirr.qyra
faa1fde004b3c60b5a8068a7c3aab151c:\Program Files\Windows NT\Pinball\PINBALL.EXE
faa1fde004b3c60b5a8068a7c3aab151c:\Program Files\Windows NT\Pinball\pinball.exe
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\Windows NT\Pinball\zbzbyqqjb.yjz.qyra
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\Windows NT\abrrararq.qjy
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\Wireshark\abrrararq.qjy
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\Wireshark\bijrazyiy.aib
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\Wireshark\rrrziiirr.qyr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\Wireshark\rzqyjaaar.iza
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\Wireshark\yqyajqiaq.jjr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\Program Files\Wireshark\zbzbyqqjb.yjz
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\$NtUninstallKB898461$\spuninst\yqyajqiaq.jjr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\$hf_mig$\KB898461\iazzzarib.yqa
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\$hf_mig$\KB898461\update\bijrazyiy.aib.qyra
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\abrrararq.qjy
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\bijrazyiy.aib
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\byjayayar.abr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rrrziiirr.qyr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\yqyajqiaq.jjr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\zbzbyqqjb.yjz
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\Microsoft.NET\Framework\rzqyjaaar.iza
5e28284f9b5f9097640d58a73d38ad4cc:\WINDOWS\NOTEPAD.EXE
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\Network Diagnostic\zbzbyqqjb.yjz
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\0000894bab70b145c3629920ba907f7a\byjayayar.abr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\0000894bab70b145c3629920ba907f7a\update\iazzzarib.yqa
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\bijrazyiy.aib
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\update\yqyajqiaq.jjr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\rzqyjaaar.iza
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\update\rrrziiirr.qyr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\byjayayar.abr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\sp3qfe\abrrararq.qjy
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\sp3qfe\zbzbyqqjb.yjz
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\iazzzarib.yqa
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\0c1e5e0ffeb238b1ee5c9ea3a4878374\bijrazyiy.aib
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\0c1e5e0ffeb238b1ee5c9ea3a4878374\update\yqyajqiaq.jjr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\rzqyjaaar.iza
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\update\rrrziiirr.qyr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\17e46901add634f15d293735648771e6\abrrararq.qjy
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\17e46901add634f15d293735648771e6\update\zbzbyqqjb.yjz
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\196fa81559690e2494e56094df51cdd8\byjayayar.abr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\196fa81559690e2494e56094df51cdd8\update\iazzzarib.yqa
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\1c47f41cc76cde4c629564d7564f2795\bijrazyiy.aib
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\1c47f41cc76cde4c629564d7564f2795\update\yqyajqiaq.jjr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\211409fc1d99b95b32fb0344cad140df\rzqyjaaar.iza
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\211409fc1d99b95b32fb0344cad140df\update\rrrziiirr.qyr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\abrrararq.qjy
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\update\zbzbyqqjb.yjz
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\byjayayar.abr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\update\iazzzarib.yqa
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\bijrazyiy.aib
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\update\yqyajqiaq.jjr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\248802b74506342031e926839639c729\rrrziiirr.qyr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\248802b74506342031e926839639c729\sp3qfe\rzqyjaaar.iza
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\248802b74506342031e926839639c729\update\abrrararq.qjy
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba\update\byjayayar.abr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba\zbzbyqqjb.yjz
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\iazzzarib.yqa
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\update\bijrazyiy.aib
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\update\rzqyjaaar.iza
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\yqyajqiaq.jjr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\30438597a812a5d1d7979088d451747f\rrrziiirr.qyr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\30438597a812a5d1d7979088d451747f\update\abrrararq.qjy
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2\update\byjayayar.abr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2\zbzbyqqjb.yjz
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\iazzzarib.yqa
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\update\bijrazyiy.aib
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\57b4b90cc3eead9f6c29b58581d03ae4\update\rzqyjaaar.iza
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\57b4b90cc3eead9f6c29b58581d03ae4\yqyajqiaq.jjr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\621a08ac003b616bcaa86aa4d4292d50\rrrziiirr.qyr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\621a08ac003b616bcaa86aa4d4292d50\update\abrrararq.qjy
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\update\byjayayar.abr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\zbzbyqqjb.yjz
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\6b7f938fb3db15dab273f3f1702c318c\iazzzarib.yqa
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\6b7f938fb3db15dab273f3f1702c318c\update\bijrazyiy.aib
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\update\rzqyjaaar.iza
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\yqyajqiaq.jjr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5\rrrziiirr.qyr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5\update\abrrararq.qjy
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\byjayayar.abr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\zbzbyqqjb.yjz
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\8b9a83d2cde55eb19dc502cc2dd04e0d\iazzzarib.yqa
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\8b9a83d2cde55eb19dc502cc2dd04e0d\update\bijrazyiy.aib
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\8bb5f1c638778df6b77d80bc61ffc63c\update\rzqyjaaar.iza
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\8bb5f1c638778df6b77d80bc61ffc63c\yqyajqiaq.jjr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\rrrziiirr.qyr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\update\abrrararq.qjy
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\update\byjayayar.abr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\zbzbyqqjb.yjz
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\iazzzarib.yqa
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\update\bijrazyiy.aib
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\SP2QFE\yqyajqiaq.jjr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\rzqyjaaar.iza
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\update\rrrziiirr.qyr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\a4c07d9275eb613d842cb1e140d8a426\abrrararq.qjy
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\a4c07d9275eb613d842cb1e140d8a426\update\zbzbyqqjb.yjz
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\byjayayar.abr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\update\iazzzarib.yqa
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6\bijrazyiy.aib
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6\update\yqyajqiaq.jjr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd\rzqyjaaar.iza
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd\update\rrrziiirr.qyr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\b6f4642d2b8dc03c5ce1b1a4f77b1bda\abrrararq.qjy
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\b6f4642d2b8dc03c5ce1b1a4f77b1bda\update\zbzbyqqjb.yjz
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80\byjayayar.abr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80\update\iazzzarib.yqa
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da\bijrazyiy.aib
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da\update\yqyajqiaq.jjr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\bc81666f3868f34642e3f5adbc2719f9\rzqyjaaar.iza
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\bc81666f3868f34642e3f5adbc2719f9\update\rrrziiirr.qyr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\abrrararq.qjy
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\update\zbzbyqqjb.yjz
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\byjayayar.abr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\update\iazzzarib.yqa
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\c0e4033a7ec549e982572f0d830cf5d0\bijrazyiy.aib
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\c0e4033a7ec549e982572f0d830cf5d0\update\yqyajqiaq.jjr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\rzqyjaaar.iza
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\rrrziiirr.qyr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\abrrararq.qjy
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\zbzbyqqjb.yjz
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\cb88a2f03b29735db957d61a63df6504\byjayayar.abr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\cb88a2f03b29735db957d61a63df6504\update\iazzzarib.yqa
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\bijrazyiy.aib
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\update\yqyajqiaq.jjr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\rzqyjaaar.iza
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\update\rrrziiirr.qyr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\abrrararq.qjy
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\update\zbzbyqqjb.yjz
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\byjayayar.abr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\update\iazzzarib.yqa
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\bijrazyiy.aib
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\update\yqyajqiaq.jjr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\dffcab319e36b852e5b2d51802010a7a\rzqyjaaar.iza
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\dffcab319e36b852e5b2d51802010a7a\update\rrrziiirr.qyr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d\abrrararq.qjy
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d\update\zbzbyqqjb.yjz
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\iazzzarib.yqa
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\update\bijrazyiy.aib
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\e5c5fc9bd7a4957f0a45c6db2957c5c9\update\rzqyjaaar.iza
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\e5c5fc9bd7a4957f0a45c6db2957c5c9\yqyajqiaq.jjr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\e79028ac4f02e201b61b2c632cb0fc5e\rrrziiirr.qyr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\e79028ac4f02e201b61b2c632cb0fc5e\update\abrrararq.qjy
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074\update\byjayayar.abr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074\zbzbyqqjb.yjz
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\ee4e3d4bf0d346e1b8fdee8197195e59\iazzzarib.yqa
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\ee4e3d4bf0d346e1b8fdee8197195e59\update\bijrazyiy.aib
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\update\rzqyjaaar.iza
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\yqyajqiaq.jjr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\rrrziiirr.qyr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\update\abrrararq.qjy
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\byjayayar.abr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\ime\imjp8_1\abrrararq.qjy
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\ime\imjp8_1\bijrazyiy.aib
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\ime\imjp8_1\byjayayar.abr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\ime\imjp8_1\iazzzarib.yqa
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\ime\imjp8_1\rzqyjaaar.iza
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\ime\imjp8_1\yqyajqiaq.jjr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\ime\imjp8_1\zbzbyqqjb.yjz
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\ime\imkr6_1\rrrziiirr.qyr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\inf\zbzbyqqjb.yjz
5e28284f9b5f9097640d58a73d38ad4cc:\WINDOWS\notepad.exe
b32a4db8fa8ba07afb1e86f8c9fb852ec:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe
b32a4db8fa8ba07afb1e86f8c9fb852ec:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\pchealth\helpctr\binaries\iazzzarib.yqa
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\pchealth\helpctr\binaries\rzqyjaaar.iza
64d1ff51dbe95ed71ecc3447bfc77c0cc:\WINDOWS\xwrm.exe
64d1ff51dbe95ed71ecc3447bfc77c0cc:\totalcmd\byjayayar.abr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\totalcmd\rrrziiirr.qyr
64d1ff51dbe95ed71ecc3447bfc77c0cc:\totalcmd\rzqyjaaar.iza

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.

Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    %original file name%.exe:2016
    rzqyjaaar.iza:1068
    rzqyjaaar.iza:1816

  2. Delete the original DeepScan file.
  3. Delete or disinfect the following files created/modified by the DeepScan:

    %Program Files%\MSN Gaming Zone\Windows\iazzzarib.yqa (48 bytes)
    %Program Files%\NetMeeting\bijrazyiy.aibiazzzarib.yqa (48 bytes)
    %WinDir%\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\byjayayar.abr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5\rrrziiirr.qyr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\0c1e5e0ffeb238b1ee5c9ea3a4878374\update\yqyajqiaq.jjr (48 bytes)
    C:\totalcmd\byjayayar.abr (48 bytes)
    %Program Files%\Common Files\Adobe\ARM\1.0\rrrziiirr.qyr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\update\rrrziiirr.qyr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2\zbzbyqqjb.yjz (48 bytes)
    %WinDir%\ime\imkr6_1\rrrziiirr.qyr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\update\rrrziiirr.qyr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\rzqyjaaar.iza (48 bytes)
    %WinDir%\SoftwareDistribution\Download\57b4b90cc3eead9f6c29b58581d03ae4\update\rzqyjaaar.iza (48 bytes)
    %WinDir%\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba\zbzbyqqjb.yjz (48 bytes)
    %WinDir%\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\update\byjayayar.abr (48 bytes)
    %Program Files%\Common Files\Adobe\ARM\1.0\yqyajqiaq.jjr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5\update\abrrararq.qjy (48 bytes)
    %WinDir%\SoftwareDistribution\Download\cb88a2f03b29735db957d61a63df6504\update\iazzzarib.yqa (48 bytes)
    %WinDir%\Network Diagnostic\zbzbyqqjb.yjz (48 bytes)
    %Program Files%\Outlook Express\rrrziiirr.qyrarib.yqa (48 bytes)
    %WinDir%\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d\update\zbzbyqqjb.yjz (48 bytes)
    %WinDir%\SoftwareDistribution\Download\30438597a812a5d1d7979088d451747f\rrrziiirr.qyr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2\update\byjayayar.abr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\bc81666f3868f34642e3f5adbc2719f9\update\rrrziiirr.qyr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\0000894bab70b145c3629920ba907f7a\update\iazzzarib.yqa (48 bytes)
    %WinDir%\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd\rzqyjaaar.iza (48 bytes)
    %Program Files%\NetMeeting\yqyajqiaq.jjriazzzarib.yqa (48 bytes)
    %WinDir%\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\rrrziiirr.qyr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\update\rzqyjaaar.iza (48 bytes)
    %WinDir%\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\abrrararq.qjy (48 bytes)
    %WinDir%\SoftwareDistribution\Download\30438597a812a5d1d7979088d451747f\update\abrrararq.qjy (48 bytes)
    %WinDir%\SoftwareDistribution\Download\b6f4642d2b8dc03c5ce1b1a4f77b1bda\abrrararq.qjy (48 bytes)
    %WinDir%\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\byjayayar.abr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\update\iazzzarib.yqa (48 bytes)
    %WinDir%\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\zbzbyqqjb.yjz (48 bytes)
    %WinDir%\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da\update\yqyajqiaq.jjr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\update\bijrazyiy.aib (48 bytes)
    %Program Files%\Common Files\Microsoft Shared\MSInfo\bijrazyiy.aib (48 bytes)
    %WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\iazzzarib.yqa (48 bytes)
    %WinDir%\SoftwareDistribution\Download\8bb5f1c638778df6b77d80bc61ffc63c\yqyajqiaq.jjr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\ee4e3d4bf0d346e1b8fdee8197195e59\iazzzarib.yqa (48 bytes)
    %WinDir%\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\update\rrrziiirr.qyr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\8b9a83d2cde55eb19dc502cc2dd04e0d\update\bijrazyiy.aib (48 bytes)
    %WinDir%\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\update\rzqyjaaar.iza (48 bytes)
    %WinDir%\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\update\rzqyjaaar.iza (48 bytes)
    %WinDir%\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da\bijrazyiy.aib (48 bytes)
    %WinDir%\SoftwareDistribution\Download\621a08ac003b616bcaa86aa4d4292d50\update\abrrararq.qjy (48 bytes)
    %WinDir%\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\bijrazyiy.aib (48 bytes)
    %WinDir%\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\iazzzarib.yqa (48 bytes)
    %WinDir%\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6\update\yqyajqiaq.jjr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\211409fc1d99b95b32fb0344cad140df\update\rrrziiirr.qyr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\c0e4033a7ec549e982572f0d830cf5d0\update\yqyajqiaq.jjr (48 bytes)
    %Program Files%\Outlook Express\byjayayar.abrarib.yqa (48 bytes)
    %WinDir%\ime\imjp8_1\abrrararq.qjy (48 bytes)
    %WinDir%\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\bijrazyiy.aib (48 bytes)
    %WinDir%\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\update\iazzzarib.yqa (48 bytes)
    %WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\byjayayar.abr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80\byjayayar.abr (48 bytes)
    %Program Files%\WinPcap\byjayayar.abrzbyqqjb.yjz.qyra (48 bytes)
    %WinDir%\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\yqyajqiaq.jjr (48 bytes)
    %WinDir%\pchealth\helpctr\binaries\rzqyjaaar.iza (48 bytes)
    %WinDir%\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6\bijrazyiy.aib (48 bytes)
    %WinDir%\ime\imjp8_1\iazzzarib.yqa (48 bytes)
    %WinDir%\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\iazzzarib.yqa (48 bytes)
    %WinDir%\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\update\rrrziiirr.qyr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\update\zbzbyqqjb.yjz (48 bytes)
    %WinDir%\$NtUninstallKB898461$\spuninst\yqyajqiaq.jjr (48 bytes)
    %Program Files%\Common Files\Adobe\Updater6\zbzbyqqjb.yjz (48 bytes)
    %WinDir%\SoftwareDistribution\Download\cb88a2f03b29735db957d61a63df6504\byjayayar.abr (48 bytes)
    %Program Files%\Windows NT\Pinball\zbzbyqqjb.yjz.qyra (48 bytes)
    %WinDir%\SoftwareDistribution\Download\621a08ac003b616bcaa86aa4d4292d50\rrrziiirr.qyr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\8bb5f1c638778df6b77d80bc61ffc63c\update\rzqyjaaar.iza (48 bytes)
    %WinDir%\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\update\yqyajqiaq.jjr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\zbzbyqqjb.yjz (48 bytes)
    %Program Files%\MSN Gaming Zone\Windows\byjayayar.abrr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\e79028ac4f02e201b61b2c632cb0fc5e\rrrziiirr.qyr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\update\zbzbyqqjb.yjz (48 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\byjayayar.abr (48 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\rirjiy.jryi.iir (48 bytes)
    %WinDir%\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\zbzbyqqjb.yjz (48 bytes)
    %WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\abrrararq.qjy (48 bytes)
    %WinDir%\SoftwareDistribution\Download\0c1e5e0ffeb238b1ee5c9ea3a4878374\bijrazyiy.aib (48 bytes)
    %WinDir%\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\abrrararq.qjy (48 bytes)
    %WinDir%\SoftwareDistribution\Download\1c47f41cc76cde4c629564d7564f2795\bijrazyiy.aib (48 bytes)
    C:\totalcmd\rrrziiirr.qyr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\bc81666f3868f34642e3f5adbc2719f9\rzqyjaaar.iza (48 bytes)
    %WinDir%\$hf_mig$\KB898461\iazzzarib.yqa (48 bytes)
    %WinDir%\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074\update\byjayayar.abr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\SP2QFE\yqyajqiaq.jjr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\e5c5fc9bd7a4957f0a45c6db2957c5c9\update\rzqyjaaar.iza (48 bytes)
    %WinDir%\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\update\abrrararq.qjy (48 bytes)
    %WinDir%\$hf_mig$\KB898461\update\bijrazyiy.aib.qyra (48 bytes)
    %WinDir%\ime\imjp8_1\zbzbyqqjb.yjz (48 bytes)
    %WinDir%\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074\zbzbyqqjb.yjz (48 bytes)
    %WinDir%\SoftwareDistribution\Download\c0e4033a7ec549e982572f0d830cf5d0\bijrazyiy.aib (48 bytes)
    %WinDir%\SoftwareDistribution\Download\e79028ac4f02e201b61b2c632cb0fc5e\update\abrrararq.qjy (48 bytes)
    %Program Files%\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A93000000001}\iazzzarib.yqaiy.aibarib.yqa (48 bytes)
    %WinDir%\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\abrrararq.qjy (48 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\rrrziiirr.qyr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\a4c07d9275eb613d842cb1e140d8a426\abrrararq.qjy (48 bytes)
    %WinDir%\inf\zbzbyqqjb.yjz (48 bytes)
    %WinDir%\SoftwareDistribution\Download\ee4e3d4bf0d346e1b8fdee8197195e59\update\bijrazyiy.aib (48 bytes)
    %Program Files%\MSN Gaming Zone\Windows\zbzbyqqjb.yjzr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\17e46901add634f15d293735648771e6\update\zbzbyqqjb.yjz (48 bytes)
    %WinDir%\SoftwareDistribution\Download\6b7f938fb3db15dab273f3f1702c318c\update\bijrazyiy.aib (48 bytes)
    %WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\yqyajqiaq.jjr (48 bytes)
    %Program Files%\Windows Media Player\rzqyjaaar.iza (48 bytes)
    %WinDir%\SoftwareDistribution\Download\1c47f41cc76cde4c629564d7564f2795\update\yqyajqiaq.jjr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\update\bijrazyiy.aib (48 bytes)
    %WinDir%\SoftwareDistribution\Download\248802b74506342031e926839639c729\update\abrrararq.qjy (48 bytes)
    %Program Files%\Common Files\Adobe\ARM\1.0\rzqyjaaar.iza (48 bytes)
    %WinDir%\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\update\yqyajqiaq.jjr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\248802b74506342031e926839639c729\rrrziiirr.qyr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\rzqyjaaar.iza (48 bytes)
    %WinDir%\SoftwareDistribution\Download\dffcab319e36b852e5b2d51802010a7a\update\rrrziiirr.qyr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\yqyajqiaq.jjr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\update\zbzbyqqjb.yjz (48 bytes)
    %Program Files%\Windows Media Player\bijrazyiy.aibyqa (48 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\iazzzarib.yqa (48 bytes)
    %Program Files%\MSN Gaming Zone\Windows\abrrararq.qjyr (48 bytes)
    %WinDir%\byjayayar.abr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\iazzzarib.yqa (48 bytes)
    %WinDir%\SoftwareDistribution\Download\8b9a83d2cde55eb19dc502cc2dd04e0d\iazzzarib.yqa (48 bytes)
    %WinDir%\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\update\yqyajqiaq.jjr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\update\iazzzarib.yqa (48 bytes)
    %WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\byjayayar.abr (48 bytes)
    %WinDir%\xwrm.exe (48 bytes)
    %Program Files%\Outlook Express\abrrararq.qjyarib.yqa (48 bytes)
    %WinDir%\Microsoft.NET\Framework\rzqyjaaar.iza (48 bytes)
    %Program Files%\Windows NT\Accessories\rrrziiirr.qyra (48 bytes)
    %WinDir%\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba\update\byjayayar.abr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\sp3qfe\zbzbyqqjb.yjz (48 bytes)
    %Program Files%\Common Files\Adobe\ARM\1.0\bijrazyiy.aib (48 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\bijrazyiy.aibarib.yqa (48 bytes)
    %WinDir%\ime\imjp8_1\rzqyjaaar.iza (48 bytes)
    %WinDir%\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\abrrararq.qjy (48 bytes)
    %WinDir%\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\byjayayar.abr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\248802b74506342031e926839639c729\sp3qfe\rzqyjaaar.iza (48 bytes)
    %WinDir%\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\rzqyjaaar.iza (48 bytes)
    %Program Files%\NetMeeting\rzqyjaaar.izaiazzzarib.yqa (48 bytes)
    %WinDir%\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\update\bijrazyiy.aib (48 bytes)
    %WinDir%\ime\imjp8_1\yqyajqiaq.jjr (48 bytes)
    C:\totalcmd\rzqyjaaar.iza (48 bytes)
    %WinDir%\pchealth\helpctr\binaries\iazzzarib.yqa (48 bytes)
    %WinDir%\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d\abrrararq.qjy (48 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\iazzzarib.yqa (48 bytes)
    %WinDir%\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd\update\rrrziiirr.qyr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\e5c5fc9bd7a4957f0a45c6db2957c5c9\yqyajqiaq.jjr (48 bytes)
    %Program Files%\Common Files\Microsoft Shared\DW\iazzzarib.yqa (48 bytes)
    %WinDir%\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\byjayayar.abr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\0000894bab70b145c3629920ba907f7a\byjayayar.abr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\6b7f938fb3db15dab273f3f1702c318c\iazzzarib.yqa (48 bytes)
    %WinDir%\SoftwareDistribution\Download\57b4b90cc3eead9f6c29b58581d03ae4\yqyajqiaq.jjr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\zbzbyqqjb.yjz (48 bytes)
    %WinDir%\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80\update\iazzzarib.yqa (48 bytes)
    %WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\bijrazyiy.aib (48 bytes)
    %WinDir%\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\rrrziiirr.qyr (48 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\yqyajqiaq.jjr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\bijrazyiy.aib (48 bytes)
    %WinDir%\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\rzqyjaaar.iza (48 bytes)
    %WinDir%\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\update\bijrazyiy.aib (48 bytes)
    %WinDir%\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\yqyajqiaq.jjr (48 bytes)
    %Program Files%\Common Files\Microsoft Shared\DW\byjayayar.abr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\rzqyjaaar.iza (48 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\zbzbyqqjb.yjz (48 bytes)
    %Program Files%\Windows Media Player\yqyajqiaq.jjr (48 bytes)
    %WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\zbzbyqqjb.yjz (48 bytes)
    %WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rrrziiirr.qyr (48 bytes)
    %WinDir%\ime\imjp8_1\byjayayar.abr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\update\abrrararq.qjy (48 bytes)
    %WinDir%\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\update\iazzzarib.yqa (48 bytes)
    %WinDir%\SoftwareDistribution\Download\dffcab319e36b852e5b2d51802010a7a\rzqyjaaar.iza (48 bytes)
    %WinDir%\SoftwareDistribution\Download\b6f4642d2b8dc03c5ce1b1a4f77b1bda\update\zbzbyqqjb.yjz (48 bytes)
    %WinDir%\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\iazzzarib.yqa (48 bytes)
    %Program Files%\Windows NT\abrrararq.qjy (48 bytes)
    %WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\sp3qfe\abrrararq.qjy (48 bytes)
    %WinDir%\SoftwareDistribution\Download\a4c07d9275eb613d842cb1e140d8a426\update\zbzbyqqjb.yjz (48 bytes)
    %WinDir%\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\update\byjayayar.abr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\196fa81559690e2494e56094df51cdd8\byjayayar.abr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\211409fc1d99b95b32fb0344cad140df\rzqyjaaar.iza (48 bytes)
    %WinDir%\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\rrrziiirr.qyr (48 bytes)
    %WinDir%\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\update\yqyajqiaq.jjr (48 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\abrrararq.qjy (48 bytes)
    %WinDir%\SoftwareDistribution\Download\17e46901add634f15d293735648771e6\abrrararq.qjy (48 bytes)
    %WinDir%\SoftwareDistribution\Download\196fa81559690e2494e56094df51cdd8\update\iazzzarib.yqa (48 bytes)
    %WinDir%\ime\imjp8_1\bijrazyiy.aib (48 bytes)
    %WinDir%\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\byjayayar.abr (48 bytes)
    %Program Files%\Outlook Express\iazzzarib.yqaarib.yqa (48 bytes)
    %WinDir%\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\bijrazyiy.aib (48 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\yzaary.jiri.iir (48 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\zriajz.brbi.iir (48 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "x32x" = "%WinDir%\xwrm.exe"

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

VersionInfo

No information is available.

No information is available.

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
ziyaiyja4096409615360.5552826173ef018156c03cd70273c3f1746572
jybjabiq819232768322564.564280ba96b754934d7da90fb1fe8c45c14b4
rbzijqqr4096040965120.46801303990ce32513f25d3855296b7bc8aa4d
rzziibii45056409620483.924736481060bb77e469e5fdb95d8e5c6ab31

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Network Activity

URLs

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

Map

The DeepScan connects to the servers at the folowing location(s):

Strings from Dumps

%original file name%.exe_2016:

\xwrm.exe

\xwrm.exe

%WinDir%\xwrm.exe

%WinDir%\xwrm.exe

Software\Microsoft\Windows\CurrentVersion\Run

Software\Microsoft\Windows\CurrentVersion\Run

USER %s 8 * :%s

USER %s 8 * :%s

NICK %s

NICK %s

PONG %s

PONG %s

JOIN #england

JOIN #england

PRIVMSG #england :.-:[X-Worm]:-.

PRIVMSG #england :.-:[X-Worm]:-.

irc.undernet.org

irc.undernet.org

MAIL FROM:<%s>

MAIL FROM:<%s>

RCPT TO:<%s>

RCPT TO:<%s>

--%s--

--%s--

From:<%s>

From:<%s>

To: %s

To: %s

Subject:%s

Subject:%s

boundary="%s"

boundary="%s"

X-Mailer: Microsoft Outlook Express 6.00.2800.1106

X-Mailer: Microsoft Outlook Express 6.00.2800.1106

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106

charset="windows-1255"

charset="windows-1255"

name= "%s%s"

name= "%s%s"

Content-Disposition: attachment; filename="%s%s"

Content-Disposition: attachment; filename="%s%s"

Support

Support

No.reply

No.reply

8.txtt:

8.txtt:

8.htmt2

8.htmt2

8.rtft*

8.rtft*

8.doct"

8.doct"

8.bdxt

8.bdxt

8.phpt

8.phpt

8.jspt

8.jspt

8.cgit

8.cgit

smtp

smtp

ws2_32.dll

ws2_32.dll

t menu button. Clipping the button is better than showing portions of the Vista desktop background window.

t menu button. Clipping the button is better than showing portions of the Vista desktop background window.

Windows

Windows

Operating System

Operating System

ADVAPI32.DLL

ADVAPI32.DLL

RegOpenKeyExA

RegOpenKeyExA

RegCloseKey

RegCloseKey

User32.dll

User32.dll

vmwarefilters.txt

vmwarefilters.txt

9e6400_75ed9567-aa58-4c8e-a8ea-3cad7c47ab03

9e6400_75ed9567-aa58-4c8e-a8ea-3cad7c47ab03

VMWARE~1.TXT

VMWARE~1.TXT

8.exe

8.exe

8.scrtt

8.scrtt

8.avitJ

8.avitJ

8.doctB

8.doctB

8.mp3t:

8.mp3t:

8.mpgt2

8.mpgt2

8.xlst*

8.xlst*

8.jpgt"

8.jpgt"

8.zipt

8.zipt

8.isot

8.isot

8.pdft

8.pdft

8.pptt

8.pptt

8.rart

8.rart

c:\WINDOWS\_default.pif

c:\WINDOWS\_default.pif

stem.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll

stem.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll

nSolicitedRCUI.htm

nSolicitedRCUI.htm

rs.Soap.dll

rs.Soap.dll

SFC.DLL

SFC.DLL

WinExec

WinExec

iazzzarib.yqa

iazzzarib.yqa

c:\WINDOWS\iazzzarib.yqa

c:\WINDOWS\iazzzarib.yqa

bution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\update\abrrararq.qjy

bution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\update\abrrararq.qjy

arib.yqa

arib.yqa

ReadMe.exe

ReadMe.exe

c:\%original file name%.exe

c:\%original file name%.exe

c0.exe

c0.exe

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\rirjiy.jryi.iir

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\rirjiy.jryi.iir

GetWindowsDirectoryA

GetWindowsDirectoryA

FPTBAWDRF-INOCPANDANTIAMONN32SNOD3NPSSSMSSSCANZONEPROTMONIRWEBMIRCCKDOTROJSAFEJEDITRAYANDASPIDPLORNDLLTRENNSPLNSCHSYSTALERj

FPTBAWDRF-INOCPANDANTIAMONN32SNOD3NPSSSMSSSCANZONEPROTMONIRWEBMIRCCKDOTROJSAFEJEDITRAYANDASPIDPLORNDLLTRENNSPLNSCHSYSTALERj

KERNEL32.dll

KERNEL32.dll