Susp_Dropper_289c02988a – Adaware

Susp_Dropper (Kaspersky), LooksLike.Win32.Malware!B (v) (VIPRE), Virus.Win32.Heur!IK (Emsisoft), GenericEmailWorm.YR, GenericIRCBot.YR (Lavasoft MAS)Behaviour: Worm, EmailWorm, Virus, IRCBot

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: 289c02988a66135474728cfd12bf15a0

SHA1: c9f19057f5fa6549ea76fbf31772709342f4e1fa

SHA256: c5bb8bf11a21cf748488a4d9e696c129191719260abdeb8fec21802c23e3fcc6

SSDeep: 768:rlvY7Q86VTb1oI5Oa142OrB8VIwvXZdlJ6qBQRg6JYh2:rVkKptOa142OtNKXXvSPJY

Size: 43008 bytes

File type: EXE

Platform: WIN32

Entropy: Not Packed

PEID: UPolyXv05_v6

Company: .

Created at: no data

Analyzed on: WindowsXP SP3 32-bit

Summary: Worm. A program that is primarily replicating on networks or removable drives.

Dynamic Analysis

Payload

Behaviour	Description
EmailWorm	Worm can send e-mails.
IRCBot	A bot can communicate with command and control servers via IRC channel.

Process activity

The Worm creates the following process(es):

%original file name%.exe:3328
byjayayar.abr:1340
byjayayar.abr:2072
wuauclt.exe:1152

The Worm injects its code into the following process(es):No processes have been created.

File activity

The process %original file name%.exe:3328 makes changes in the file system.

The Worm creates and/or writes to the following file(s):

%WinDir%\$hf_mig$\KB2481109\SP3QFE\abrrararq.qjy (43 bytes)
%WinDir%\$NtUninstallKB2631813$\spuninst\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB979309\update\bijrazyiy.aib (43 bytes)
C:\totalcmd\byjayayar.abr (43 bytes)
%Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2592799\update\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB975560\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB2757638\update\zbzbyqqjb.yjz.jjr (43 bytes)
%WinDir%\$NtUninstallKB979309$\spuninst\abrrararq.qjy (43 bytes)
%WinDir%\SoftwareDistribution\Download\85ef43cf285b550a459dd3afbad2f0b8\update\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2347290\update\bijrazyiy.aibyqar (43 bytes)
%WinDir%\$hf_mig$\KB2758857\update\iazzzarib.yqa.jjr (43 bytes)
%WinDir%\$NtUninstallKB956572$\spuninst\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB960803\update\iazzzarib.yqa (43 bytes)
%WinDir%\$NtUninstallKB2779562$\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB956572\SP3QFE\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2719985\update\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2483185\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB923561\update\abrrararq.qjya.jjr (43 bytes)
%WinDir%\$hf_mig$\KB946648\zbzbyqqjb.yjz (43 bytes)
%WinDir%\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\update\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB2761465\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB2661637\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2440591\update\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB981322\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB972270\update\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB2423089\update\iazzzarib.yqa (43 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2393802\update\rzqyjaaar.iza (43 bytes)
%WinDir%\ie8updates\KB2744842-IE8\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB955759\update\byjayayar.abra.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2719985\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2507938\update\byjayayar.abr (43 bytes)
%WinDir%\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\update\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2507938\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$NtUninstallKB2676562$\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2566454\update\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB977816\update\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB2744842-IE8\SP3QFE\iazzzarib.yqa (43 bytes)
%WinDir%\$NtUninstallKB2598479$\spuninst\rrrziiirr.qyr (43 bytes)
%WinDir%\$NtUninstallKB923561$\spuninst\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB2440591\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB974318\update\yqyajqiaq.jjr (43 bytes)
%WinDir%\SoftwareDistribution\Download\dce73325c50b43822620b32408bb3b50\update\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB2570947\update\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB2618444-IE8\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2585542\update\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB2115168\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2229593\zbzbyqqjb.yjz (43 bytes)
%WinDir%\SoftwareDistribution\Download\6006b16c1fd02cf49cb91496eb5460a0\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB2584146\SP3QFE\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2646524\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB974571\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2115168\update\abrrararq.qjyyqar (43 bytes)
%WinDir%\$NtUninstallKB951978$\spuninst\bijrazyiy.aib (43 bytes)
%WinDir%\$NtUninstallKB979482$\spuninst\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$NtUninstallKB2570947$\spuninst\byjayayar.abr (43 bytes)
%WinDir%\$NtUninstallKB2443105$\spuninst\abrrararq.qjy (43 bytes)
%WinDir%\$NtUninstallKB975467$\spuninst\rzqyjaaar.iza (43 bytes)
%WinDir%\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB2749655$\spuninst\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB2619339\update\byjayayar.abr.iza (43 bytes)
%WinDir%\$hf_mig$\KB2535512\rrrziiirr.qyr (43 bytes)
%WinDir%\$NtUninstallKB2770660$\spuninst\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB960859\SP3QFE\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB2467659\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB898461\update\yqyajqiaq.jjra.jjr (43 bytes)
%WinDir%\$NtUninstallKB2544521$\spuninst\rrrziiirr.qyr (43 bytes)
%WinDir%\xwrm.exe (43 bytes)
%WinDir%\Microsoft.NET\Framework\rzqyjaaar.iza (43 bytes)
%Program Files%\Outlook Express\rrrziiirr.qyriirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2727528\update\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB982381-IE8\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB2592799$\spuninst\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB2691442$\spuninst\zbzbyqqjb.yjz (43 bytes)
%Program Files%\Common Files\Microsoft Shared\DW\rrrziiirr.qyr (43 bytes)
C:\totalcmd\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB950762\update\bijrazyiy.aiba.jjr (43 bytes)
%WinDir%\$NtUninstallKB2566454$\spuninst\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$NtUninstallKB956844$\spuninst\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB956802\update\yqyajqiaq.jjr (43 bytes)
%WinDir%\$NtUninstallKB2478960$\spuninst\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB2393802\yqyajqiaq.jjr (43 bytes)
%WinDir%\$NtUninstallKB954155_WM9$\spuninst\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB2724197\update\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB959426\update\zbzbyqqjb.yjz (43 bytes)
%WinDir%\ie8updates\KB2618444-IE8\iazzzarib.yqa (43 bytes)
%WinDir%\$NtUninstallKB2585542$\spuninst\yqyajqiaq.jjr (43 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\bijrazyiy.aib (43 bytes)
%WinDir%\$NtUninstallKB973507$\spuninst\bijrazyiy.aib (43 bytes)
%WinDir%\SoftwareDistribution\Download\34e066ed95c1982b2564a07910fb791f\update\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB952004\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB978542\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB2378111_WM9$\spuninst\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB982665\abrrararq.qjy (43 bytes)
%WinDir%\SoftwareDistribution\Download\3b8bc9bbfdb19e4227d5a553f3206c44\update\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2419632\update\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2535512\update\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2347290\iazzzarib.yqa (43 bytes)
%Program Files%\Outlook Express\bijrazyiy.aibiirr.qyr (43 bytes)
%WinDir%\$NtUninstallKB974318$\spuninst\byjayayar.abr (43 bytes)
%WinDir%\ie8updates\KB982381-IE8\spuninst\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2744842-IE8\bijrazyiy.aib (43 bytes)
%WinDir%\$NtUninstallKB973815$\spuninst\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB2603381\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB2485663\yqyajqiaq.jjr (43 bytes)
%WinDir%\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB2655992\update\rzqyjaaar.iza.iza (43 bytes)
%WinDir%\$NtUninstallKB2727528$\spuninst\byjayayar.abr (43 bytes)
%WinDir%\$NtUninstallKB956572$\yqyajqiaq.jjrazyiy.aib (43 bytes)
%WinDir%\$NtUninstallKB971029$\spuninst\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$NtUninstallKB2564958$\spuninst\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2479943\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB2419632$\spuninst\bijrazyiy.aib (43 bytes)
%WinDir%\$NtUninstallKB2535512$\spuninst\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB978695_WM9$\spuninst\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2620712\iazzzarib.yqa (43 bytes)
%Program Files%\Common Files\Microsoft Shared\DW\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB2387149\update\abrrararq.qjyyqar (43 bytes)
%WinDir%\$hf_mig$\KB951978\update\byjayayar.abra.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2570947\yqyajqiaq.jjr (43 bytes)
%Program Files%\MSN Gaming Zone\Windows\bijrazyiy.aiba (43 bytes)
%Program Files%\NetMeeting\abrrararq.qjyrrrziiirr.qyr (43 bytes)
%WinDir%\Network Diagnostic\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB2508429\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB2544521\update\byjayayar.abr (43 bytes)
%WinDir%\$NtUninstallKB959426$\spuninst\byjayayar.abr (43 bytes)
%WinDir%\$NtUninstallKB974392$\spuninst\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB2691442\update\byjayayar.abr (43 bytes)
%WinDir%\$NtUninstallKB2779030$\spuninst\zbzbyqqjb.yjz (43 bytes)
%Program Files%\WinPcap\rzqyjaaar.izayajqiaq.jjr.yqar (43 bytes)
%WinDir%\$NtUninstallKB982132$\spuninst\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB2476490\byjayayar.abr (43 bytes)
%WinDir%\$NtUninstallKB975025$\spuninst\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2592799\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB2712808\update\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB974571\update\zbzbyqqjb.yjz (43 bytes)
%WinDir%\SoftwareDistribution\Download\982ca70dcc7d7c5793e4584ca12bd6a6\SP3QFE\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB960859$\spuninst\bijrazyiy.aib (43 bytes)
%WinDir%\$NtUninstallKB2507938$\spuninst\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB2476490\update\iazzzarib.yqa (43 bytes)
%WinDir%\$NtUninstallKB2479943$\spuninst\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB2653956\iazzzarib.yqa (43 bytes)
%WinDir%\$NtUninstallKB2719985$\spuninst\bijrazyiy.aib (43 bytes)
%Program Files%\Common Files\Adobe\Updater6\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB974392\update\rrrziiirr.qyr (43 bytes)
%WinDir%\pchealth\helpctr\binaries\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB956572\update\zbzbyqqjb.yjz (43 bytes)
%WinDir%\SoftwareDistribution\Download\dce73325c50b43822620b32408bb3b50\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2749655\update\rrrziiirr.qyr.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2618444-IE8\SP3QFE\bijrazyiy.aib (43 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rrrziiirr.qyr (43 bytes)
%WinDir%\$NtUninstallKB952069_WM9$\spuninst\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB975467\update\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2676562\yqyajqiaq.jjr (43 bytes)
%WinDir%\$NtUninstallKB982665$\spuninst\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2506212\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB978338\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB2481109\update\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB946648\update\byjayayar.abra.jjr (43 bytes)
%WinDir%\$hf_mig$\KB960859\update\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB982132\update\bijrazyiy.aib (43 bytes)
%WinDir%\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB952954$\spuninst\byjayayar.abr (43 bytes)
%Program Files%\Windows Media Player\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB972270\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2603381\update\iazzzarib.yqa.yjz (43 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB981322\update\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2423089\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB950974\update\rzqyjaaar.izaa.jjr (43 bytes)
%WinDir%\$hf_mig$\KB974392\rzqyjaaar.iza (43 bytes)
%Program Files%\MSN Gaming Zone\Windows\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2661637\update\abrrararq.qjy.iza (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB923561\SP3QFE\rzqyjaaar.izaa.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2770660\update\rrrziiirr.qyr.jjr (43 bytes)
%WinDir%\$hf_mig$\KB978338\update\yqyajqiaq.jjr (43 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\byjayayar.abr (43 bytes)
%WinDir%\$NtUninstallKB2620712$\spuninst\iazzzarib.yqa (43 bytes)
%WinDir%\SoftwareDistribution\Download\5721b309e042b0a08775c2542421fa18\update\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB923561\rrrziiirr.qyr (43 bytes)
%Program Files%\Windows Media Player\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB982381-IE8\update\rrrziiirr.qyr (43 bytes)
%WinDir%\$NtUninstallKB2686509$\spuninst\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB960803\byjayayar.abr (43 bytes)
%WinDir%\pchealth\helpctr\binaries\iazzzarib.yqa (43 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB2799329\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB2483185\update\bijrazyiy.aib (43 bytes)
%WinDir%\ie8\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB974318\bijrazyiy.aib (43 bytes)
%WinDir%\$NtUninstallKB2584146$\iazzzarib.yqa (43 bytes)
%WinDir%\ie8updates\KB982381-IE8\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB977816\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB2598479\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB960803$\spuninst\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB978542\update\rrrziiirr.qyr (43 bytes)
%WinDir%\$NtUninstallKB2712808$\spuninst\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB2653956\update\bijrazyiy.aib.iza (43 bytes)
%WinDir%\$hf_mig$\KB971657\update\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2686509\update\abrrararq.qjy (43 bytes)
%WinDir%\$NtUninstallKB956802$\spuninst\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2419632\rrrziiirr.qyr (43 bytes)
%Program Files%\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A93000000001}\rrrziiirr.qyr (43 bytes)
%WinDir%\$NtUninstallKB951978$\yqyajqiaq.jjrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB2620712\update\bijrazyiy.aib.iza (43 bytes)
%WinDir%\$NtUninstallKB968389$\spuninst\rrrziiirr.qyr (43 bytes)
%WinDir%\$NtUninstallKB2661637$\spuninst\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB979309\iazzzarib.yqa (43 bytes)
%Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB955759\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB952287\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2624667\yqyajqiaq.jjr (43 bytes)
%WinDir%\$NtUninstallKB2483185$\spuninst\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2799329\update\iazzzarib.yqa.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2478960\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB2631813\update\abrrararq.qjy.iza (43 bytes)
%WinDir%\$hf_mig$\KB2691442\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB956844\update\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2744842-IE8\update\yqyajqiaq.jjr (43 bytes)
%WinDir%\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\update\rrrziiirr.qyr (43 bytes)
%WinDir%\$NtUninstallKB2619339$\spuninst\byjayayar.abr (43 bytes)
%WinDir%\$NtUninstallKB978338$\spuninst\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB975025\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB978706\SP3QFE\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2779030\update\zbzbyqqjb.yjz.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2655992\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB974112\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB2761465\update\yqyajqiaq.jjr.jjr (43 bytes)
%WinDir%\SoftwareDistribution\Download\6006b16c1fd02cf49cb91496eb5460a0\update\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB973904\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2510581\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB968389\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2758857\byjayayar.abr (43 bytes)
%Program Files%\Outlook Express\iazzzarib.yqaiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB981997\update\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB2618451\update\abrrararq.qjy.iza (43 bytes)
%WinDir%\$NtUninstallKB972270$\spuninst\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB975713\abrrararq.qjy (43 bytes)
%WinDir%\$NtUninstallKB2624667$\spuninst\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB951978\SP3QFE\abrrararq.qjya.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2727528\rrrziiirr.qyr (43 bytes)
%WinDir%\$NtUninstallKB981322$\spuninst\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB975713\update\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB2712808\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2736233\update\byjayayar.abr (43 bytes)
%WinDir%\$NtUninstallKB978706$\spuninst\rrrziiirr.qyr (43 bytes)
%Program Files%\Outlook Express\rzqyjaaar.izaiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB973507\byjayayar.abr (43 bytes)
%Program Files%\NetMeeting\zbzbyqqjb.yjzrrrziiirr.qyr (43 bytes)
%WinDir%\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\abrrararq.qjy (43 bytes)
%WinDir%\$NtUninstallKB2510581$\spuninst\yqyajqiaq.jjr (43 bytes)
%WinDir%\$NtUninstallKB2659262$\spuninst\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$NtUninstallKB898461$\spuninst\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB971029\update\yqyajqiaq.jjr (43 bytes)
%WinDir%\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\update\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB956844\rzqyjaaar.iza (43 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\abrrararq.qjy (43 bytes)
%WinDir%\$NtUninstallKB975560$\spuninst\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2443105\update\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2387149\rrrziiirr.qyr (43 bytes)
%WinDir%\ie8\abrrararq.qjy (43 bytes)
%WinDir%\$NtUninstallKB2476490$\spuninst\byjayayar.abr (43 bytes)
%WinDir%\$NtUninstallKB2603381$\spuninst\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB978706\zbzbyqqjb.yjz (43 bytes)
%WinDir%\ie8updates\KB2618444-IE8\spuninst\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB979482\yqyajqiaq.jjr (43 bytes)
%WinDir%\SoftwareDistribution\Download\34e066ed95c1982b2564a07910fb791f\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB2506212\update\abrrararq.qjy (43 bytes)
%WinDir%\$NtUninstallKB2584146$\spuninst\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB973815\update\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB982665\update\zbzbyqqjb.yjz.qyr (43 bytes)
%WinDir%\$hf_mig$\KB956802\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB2510581\update\rzqyjaaar.iza (43 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\rrrziiirr.qyr (43 bytes)
%WinDir%\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\byjayayar.abr (43 bytes)
%WinDir%\inf\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$NtUninstallKB971657$\spuninst\byjayayar.abr (43 bytes)
%WinDir%\$NtUninstallKB2655992$\spuninst\abrrararq.qjy (43 bytes)
%WinDir%\$NtUninstallKB969059$\spuninst\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2757638\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB973815\bijrazyiy.aib (43 bytes)
%WinDir%\$NtUninstallKB2393802$\spuninst\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB2423089\SP3QFE\zbzbyqqjb.yjz (43 bytes)
%WinDir%\SoftwareDistribution\Download\c86138b508e29791909bf87cca82fe28\update\yqyajqiaq.jjr (43 bytes)
%WinDir%\$NtUninstallKB973904$\spuninst\abrrararq.qjy (43 bytes)
%Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB956572\abrrararq.qjy (43 bytes)
%WinDir%\$NtUninstallKB2506212$\spuninst\byjayayar.abr (43 bytes)
%WinDir%\$NtUninstallKB2481109$\spuninst\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB956572\SP3QFE\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB973869\update\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2585542\byjayayar.abr (43 bytes)
%WinDir%\$NtUninstallKB2698365$\spuninst\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB971657\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB946648$\spuninst\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2779030\abrrararq.qjy (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iraazy.ryrj.qqa (43 bytes)
%WinDir%\ie8updates\KB2598845-IE8\spuninst\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB956744\byjayayar.abr (43 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2393802\SP3QFE\iazzzarib.yqa (43 bytes)
%WinDir%\SoftwareDistribution\Download\3b8bc9bbfdb19e4227d5a553f3206c44\bijrazyiy.aib (43 bytes)
%WinDir%\$NtUninstallKB974571$\spuninst\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB2508429\update\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB956744\update\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB981997\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB979482\update\rzqyjaaar.iza (43 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB2566454\iazzzarib.yqa (43 bytes)
%WinDir%\SoftwareDistribution\Download\59732c3a78c987eaec1ee41ab88e3da8\update\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB973507\update\iazzzarib.yqa (43 bytes)
%WinDir%\SoftwareDistribution\Download\c86138b508e29791909bf87cca82fe28\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB952954\rrrziiirr.qyr (43 bytes)
%Program Files%\Windows NT\bijrazyiy.aib (43 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB2544521\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB975025\update\iazzzarib.yqa (43 bytes)
%WinDir%\$NtUninstallKB978542$\spuninst\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB2631813\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2360937\yqyajqiaq.jjr (43 bytes)
%WinDir%\$NtUninstallKB2485663$\spuninst\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB982381-IE8\SP3QFE\yqyajqiaq.jjr (43 bytes)
%WinDir%\$NtUninstallKB2618451$\spuninst\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB952004\update\bijrazyiy.aiba.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2624667\update\rzqyjaaar.iza.iza (43 bytes)
%WinDir%\$hf_mig$\KB960859\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB2440591$\spuninst\rrrziiirr.qyr (43 bytes)
%WinDir%\SoftwareDistribution\Download\59732c3a78c987eaec1ee41ab88e3da8\abrrararq.qjy (43 bytes)
%WinDir%\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3QFE\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$NtUninstallKB973540_WM9$\spuninst\yqyajqiaq.jjr (43 bytes)
%Program Files%\MSN Gaming Zone\Windows\rzqyjaaar.izaa (43 bytes)
%WinDir%\$NtUninstallKB952287$\spuninst\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB974112\update\iazzzarib.yqa (43 bytes)
%WinDir%\$NtUninstallKB2423089$\spuninst\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB952287\update\rzqyjaaar.izaa.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2598845-IE8\update\zbzbyqqjb.yjz (43 bytes)
%WinDir%\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\iazzzarib.yqa (43 bytes)
%WinDir%\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\update\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB959426\abrrararq.qjy (43 bytes)
%WinDir%\$NtUninstallKB2653956$\spuninst\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB982132\iazzzarib.yqa (43 bytes)
%WinDir%\$NtUninstallKB956744$\spuninst\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2736233\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB2770660\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB975467\bijrazyiy.aib (43 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\byjayayar.abr (43 bytes)
%WinDir%\$NtUninstallKB960859$\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB975560\update\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB978706\update\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB952954\update\abrrararq.qjya.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2618451\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2478960\update\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB969059\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB950762\iazzzarib.yqa (43 bytes)
%WinDir%\$NtUninstallKB974112$\spuninst\zbzbyqqjb.yjz (43 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\iazzzarib.yqa (43 bytes)
%WinDir%\$NtUninstallKB923561$\rrrziiirr.qyrjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB973869\rzqyjaaar.iza (43 bytes)
%WinDir%\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2467659\update\zbzbyqqjb.yjz (43 bytes)
%Program Files%\MSN Gaming Zone\Windows\yqyajqiaq.jjra (43 bytes)
%WinDir%\$NtUninstallKB2761465$\spuninst\rrrziiirr.qyr (43 bytes)
%WinDir%\$NtUninstallKB2736233$\spuninst\iazzzarib.yqa (43 bytes)
%WinDir%\$NtUninstallKB977816$\spuninst\byjayayar.abr (43 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB950974\yqyajqiaq.jjr (43 bytes)
%WinDir%\SoftwareDistribution\Download\85ef43cf285b550a459dd3afbad2f0b8\bijrazyiy.aib (43 bytes)
%WinDir%\$NtUninstallKB951978$\iazzzarib.yqayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB971029\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB2360937\update\rzqyjaaar.izayqar (43 bytes)
%WinDir%\$NtUninstallKB950974$\spuninst\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB2584146\abrrararq.qjy (43 bytes)
%Program Files%\Windows NT\Accessories\iazzzarib.yqar (43 bytes)
%WinDir%\$hf_mig$\KB960859\SP3QFE\yqyajqiaq.jjr (43 bytes)
%WinDir%\$NtUninstallKB981997$\spuninst\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB2619339\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB2584146\update\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$NtUninstallKB2799329$\spuninst\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB898461\bijrazyiy.aib (43 bytes)
C:\totalcmd\iazzzarib.yqa (43 bytes)
%WinDir%\$NtUninstallKB952004$\spuninst\rzqyjaaar.iza (43 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\yqyajqiaq.jjr (43 bytes)
%WinDir%\$NtUninstallKB950762$\spuninst\zbzbyqqjb.yjz (43 bytes)
%Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2485663\update\rzqyjaaar.iza (43 bytes)
%WinDir%\SoftwareDistribution\Download\982ca70dcc7d7c5793e4584ca12bd6a6\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB951978\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB2443105\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB955759$\spuninst\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB2646524\update\byjayayar.abr.iza (43 bytes)
%WinDir%\$NtUninstallKB2387149$\spuninst\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2724197\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2698365\update\bijrazyiy.aib (43 bytes)
%WinDir%\ie8updates\KB2744842-IE8\spuninst\rzqyjaaar.iza (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\bijrazyiy.aibarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB969059\update\iazzzarib.yqa (43 bytes)
%WinDir%\SoftwareDistribution\Download\982ca70dcc7d7c5793e4584ca12bd6a6\update\abrrararq.qjy (43 bytes)
%Program Files%\Windows Media Player\abrrararq.qjyqyr (43 bytes)
%WinDir%\$hf_mig$\KB2749655\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB2724197$\spuninst\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB2698365\iazzzarib.yqa (43 bytes)
%Program Files%\Windows NT\Pinball\yqyajqiaq.jjr.yqar (43 bytes)
%WinDir%\$NtUninstallKB975558_WM8$\spuninst\rrrziiirr.qyr (43 bytes)
%WinDir%\$NtUninstallKB2676562$\spuninst\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2481109\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB2618444-IE8\update\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB2479943\update\rrrziiirr.qyr (43 bytes)
%WinDir%\$NtUninstallKB2758857$\spuninst\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB2686509\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB968389\update\zbzbyqqjb.yjz (43 bytes)
%WinDir%\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\yqyajqiaq.jjr (43 bytes)
%WinDir%\$NtUninstallKB973869$\spuninst\rrrziiirr.qyr (43 bytes)
%Program Files%\Common Files\Microsoft Shared\MSInfo\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB973904\update\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB2598845-IE8\abrrararq.qjy (43 bytes)
%WinDir%\SoftwareDistribution\Download\5721b309e042b0a08775c2542421fa18\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB2508429$\spuninst\bijrazyiy.aib (43 bytes)
%WinDir%\$NtUninstallKB2646524$\spuninst\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB975713$\spuninst\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB2229593\update\byjayayar.abryqar (43 bytes)
%WinDir%\$hf_mig$\KB2598479\update\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2676562\update\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB2467659$\spuninst\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$NtUninstallKB2779562$\spuninst\byjayayar.abr (43 bytes)
%Program Files%\NetMeeting\byjayayar.abrrrrziiirr.qyr (43 bytes)
%WinDir%\$NtUninstallKB2757638$\spuninst\yqyajqiaq.jjr (43 bytes)

The process byjayayar.abr:1340 makes changes in the file system.

The Worm creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\ayyzjy.iryj.qqa (43 bytes)

The process byjayayar.abr:2072 makes changes in the file system.

The Worm creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\ayqyri.zjzj.qqa (43 bytes)

The process wuauclt.exe:1152 makes changes in the file system.

The Worm creates and/or writes to the following file(s):

%WinDir%\SoftwareDistribution\DataStore\Logs\edb.chk (100 bytes)
%WinDir%\SoftwareDistribution\DataStore\Logs\edb.log (4392 bytes)
%WinDir%\SoftwareDistribution\DataStore\DataStore.edb (100 bytes)

The Worm deletes the following file(s):

%WinDir%\SoftwareDistribution\DataStore\Logs\tmp.edb (0 bytes)

Registry activity

The process %original file name%.exe:3328 makes changes in the system registry.

The Worm creates and/or sets the following values in system registry:

To automatically run itself each time Windows is booted, the Worm adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"x32x" = "%WinDir%\xwrm.exe"

The process byjayayar.abr:1340 makes changes in the system registry.

The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "47 D8 15 E4 E6 82 A7 B9 FC 70 76 F1 B7 9B 4D 8C"

The process byjayayar.abr:2072 makes changes in the system registry.

The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3B DD 78 D0 30 E4 39 78 85 3E C3 38 96 86 2C 25"

Network activity (URLs)

No activity has been detected.

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:3328
byjayayar.abr:1340
byjayayar.abr:2072
wuauclt.exe:1152
Delete the original Worm file.
Delete or disinfect the following files created/modified by the Worm:
%WinDir%\$hf_mig$\KB2481109\SP3QFE\abrrararq.qjy (43 bytes)
%WinDir%\$NtUninstallKB2631813$\spuninst\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB979309\update\bijrazyiy.aib (43 bytes)
C:\totalcmd\byjayayar.abr (43 bytes)
%Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2592799\update\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB975560\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB2757638\update\zbzbyqqjb.yjz.jjr (43 bytes)
%WinDir%\$NtUninstallKB979309$\spuninst\abrrararq.qjy (43 bytes)
%WinDir%\SoftwareDistribution\Download\85ef43cf285b550a459dd3afbad2f0b8\update\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2347290\update\bijrazyiy.aibyqar (43 bytes)
%WinDir%\$hf_mig$\KB2758857\update\iazzzarib.yqa.jjr (43 bytes)
%WinDir%\$NtUninstallKB956572$\spuninst\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB960803\update\iazzzarib.yqa (43 bytes)
%WinDir%\$NtUninstallKB2779562$\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB956572\SP3QFE\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2719985\update\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2483185\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB923561\update\abrrararq.qjya.jjr (43 bytes)
%WinDir%\$hf_mig$\KB946648\zbzbyqqjb.yjz (43 bytes)
%WinDir%\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\update\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB2761465\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB2661637\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2440591\update\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB981322\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB972270\update\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB2423089\update\iazzzarib.yqa (43 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2393802\update\rzqyjaaar.iza (43 bytes)
%WinDir%\ie8updates\KB2744842-IE8\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB955759\update\byjayayar.abra.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2719985\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2507938\update\byjayayar.abr (43 bytes)
%WinDir%\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\update\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2507938\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$NtUninstallKB2676562$\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2566454\update\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB977816\update\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB2744842-IE8\SP3QFE\iazzzarib.yqa (43 bytes)
%WinDir%\$NtUninstallKB2598479$\spuninst\rrrziiirr.qyr (43 bytes)
%WinDir%\$NtUninstallKB923561$\spuninst\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB2440591\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB974318\update\yqyajqiaq.jjr (43 bytes)
%WinDir%\SoftwareDistribution\Download\dce73325c50b43822620b32408bb3b50\update\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB2570947\update\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB2618444-IE8\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2585542\update\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB2115168\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2229593\zbzbyqqjb.yjz (43 bytes)
%WinDir%\SoftwareDistribution\Download\6006b16c1fd02cf49cb91496eb5460a0\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB2584146\SP3QFE\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2646524\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB974571\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2115168\update\abrrararq.qjyyqar (43 bytes)
%WinDir%\$NtUninstallKB951978$\spuninst\bijrazyiy.aib (43 bytes)
%WinDir%\$NtUninstallKB979482$\spuninst\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$NtUninstallKB2570947$\spuninst\byjayayar.abr (43 bytes)
%WinDir%\$NtUninstallKB2443105$\spuninst\abrrararq.qjy (43 bytes)
%WinDir%\$NtUninstallKB975467$\spuninst\rzqyjaaar.iza (43 bytes)
%WinDir%\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB2749655$\spuninst\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB2619339\update\byjayayar.abr.iza (43 bytes)
%WinDir%\$hf_mig$\KB2535512\rrrziiirr.qyr (43 bytes)
%WinDir%\$NtUninstallKB2770660$\spuninst\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB960859\SP3QFE\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB2467659\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB898461\update\yqyajqiaq.jjra.jjr (43 bytes)
%WinDir%\$NtUninstallKB2544521$\spuninst\rrrziiirr.qyr (43 bytes)
%WinDir%\xwrm.exe (43 bytes)
%WinDir%\Microsoft.NET\Framework\rzqyjaaar.iza (43 bytes)
%Program Files%\Outlook Express\rrrziiirr.qyriirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2727528\update\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB982381-IE8\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB2592799$\spuninst\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB2691442$\spuninst\zbzbyqqjb.yjz (43 bytes)
%Program Files%\Common Files\Microsoft Shared\DW\rrrziiirr.qyr (43 bytes)
C:\totalcmd\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB950762\update\bijrazyiy.aiba.jjr (43 bytes)
%WinDir%\$NtUninstallKB2566454$\spuninst\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$NtUninstallKB956844$\spuninst\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB956802\update\yqyajqiaq.jjr (43 bytes)
%WinDir%\$NtUninstallKB2478960$\spuninst\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB2393802\yqyajqiaq.jjr (43 bytes)
%WinDir%\$NtUninstallKB954155_WM9$\spuninst\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB2724197\update\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB959426\update\zbzbyqqjb.yjz (43 bytes)
%WinDir%\ie8updates\KB2618444-IE8\iazzzarib.yqa (43 bytes)
%WinDir%\$NtUninstallKB2585542$\spuninst\yqyajqiaq.jjr (43 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\bijrazyiy.aib (43 bytes)
%WinDir%\$NtUninstallKB973507$\spuninst\bijrazyiy.aib (43 bytes)
%WinDir%\SoftwareDistribution\Download\34e066ed95c1982b2564a07910fb791f\update\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB952004\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB978542\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB2378111_WM9$\spuninst\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB982665\abrrararq.qjy (43 bytes)
%WinDir%\SoftwareDistribution\Download\3b8bc9bbfdb19e4227d5a553f3206c44\update\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2419632\update\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2535512\update\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2347290\iazzzarib.yqa (43 bytes)
%Program Files%\Outlook Express\bijrazyiy.aibiirr.qyr (43 bytes)
%WinDir%\$NtUninstallKB974318$\spuninst\byjayayar.abr (43 bytes)
%WinDir%\ie8updates\KB982381-IE8\spuninst\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2744842-IE8\bijrazyiy.aib (43 bytes)
%WinDir%\$NtUninstallKB973815$\spuninst\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB2603381\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB2485663\yqyajqiaq.jjr (43 bytes)
%WinDir%\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB2655992\update\rzqyjaaar.iza.iza (43 bytes)
%WinDir%\$NtUninstallKB2727528$\spuninst\byjayayar.abr (43 bytes)
%WinDir%\$NtUninstallKB956572$\yqyajqiaq.jjrazyiy.aib (43 bytes)
%WinDir%\$NtUninstallKB971029$\spuninst\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$NtUninstallKB2564958$\spuninst\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2479943\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB2419632$\spuninst\bijrazyiy.aib (43 bytes)
%WinDir%\$NtUninstallKB2535512$\spuninst\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB978695_WM9$\spuninst\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2620712\iazzzarib.yqa (43 bytes)
%Program Files%\Common Files\Microsoft Shared\DW\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB2387149\update\abrrararq.qjyyqar (43 bytes)
%WinDir%\$hf_mig$\KB951978\update\byjayayar.abra.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2570947\yqyajqiaq.jjr (43 bytes)
%Program Files%\MSN Gaming Zone\Windows\bijrazyiy.aiba (43 bytes)
%Program Files%\NetMeeting\abrrararq.qjyrrrziiirr.qyr (43 bytes)
%WinDir%\Network Diagnostic\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB2508429\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB2544521\update\byjayayar.abr (43 bytes)
%WinDir%\$NtUninstallKB959426$\spuninst\byjayayar.abr (43 bytes)
%WinDir%\$NtUninstallKB974392$\spuninst\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB2691442\update\byjayayar.abr (43 bytes)
%WinDir%\$NtUninstallKB2779030$\spuninst\zbzbyqqjb.yjz (43 bytes)
%Program Files%\WinPcap\rzqyjaaar.izayajqiaq.jjr.yqar (43 bytes)
%WinDir%\$NtUninstallKB982132$\spuninst\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB2476490\byjayayar.abr (43 bytes)
%WinDir%\$NtUninstallKB975025$\spuninst\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2592799\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB2712808\update\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB974571\update\zbzbyqqjb.yjz (43 bytes)
%WinDir%\SoftwareDistribution\Download\982ca70dcc7d7c5793e4584ca12bd6a6\SP3QFE\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB960859$\spuninst\bijrazyiy.aib (43 bytes)
%WinDir%\$NtUninstallKB2507938$\spuninst\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB2476490\update\iazzzarib.yqa (43 bytes)
%WinDir%\$NtUninstallKB2479943$\spuninst\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB2653956\iazzzarib.yqa (43 bytes)
%WinDir%\$NtUninstallKB2719985$\spuninst\bijrazyiy.aib (43 bytes)
%Program Files%\Common Files\Adobe\Updater6\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB974392\update\rrrziiirr.qyr (43 bytes)
%WinDir%\pchealth\helpctr\binaries\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB956572\update\zbzbyqqjb.yjz (43 bytes)
%WinDir%\SoftwareDistribution\Download\dce73325c50b43822620b32408bb3b50\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2749655\update\rrrziiirr.qyr.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2618444-IE8\SP3QFE\bijrazyiy.aib (43 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rrrziiirr.qyr (43 bytes)
%WinDir%\$NtUninstallKB952069_WM9$\spuninst\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB975467\update\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2676562\yqyajqiaq.jjr (43 bytes)
%WinDir%\$NtUninstallKB982665$\spuninst\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2506212\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB978338\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB2481109\update\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB946648\update\byjayayar.abra.jjr (43 bytes)
%WinDir%\$hf_mig$\KB960859\update\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB982132\update\bijrazyiy.aib (43 bytes)
%WinDir%\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB952954$\spuninst\byjayayar.abr (43 bytes)
%Program Files%\Windows Media Player\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB972270\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2603381\update\iazzzarib.yqa.yjz (43 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB981322\update\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2423089\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB950974\update\rzqyjaaar.izaa.jjr (43 bytes)
%WinDir%\$hf_mig$\KB974392\rzqyjaaar.iza (43 bytes)
%Program Files%\MSN Gaming Zone\Windows\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2661637\update\abrrararq.qjy.iza (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB923561\SP3QFE\rzqyjaaar.izaa.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2770660\update\rrrziiirr.qyr.jjr (43 bytes)
%WinDir%\$hf_mig$\KB978338\update\yqyajqiaq.jjr (43 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\byjayayar.abr (43 bytes)
%WinDir%\$NtUninstallKB2620712$\spuninst\iazzzarib.yqa (43 bytes)
%WinDir%\SoftwareDistribution\Download\5721b309e042b0a08775c2542421fa18\update\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB923561\rrrziiirr.qyr (43 bytes)
%Program Files%\Windows Media Player\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB982381-IE8\update\rrrziiirr.qyr (43 bytes)
%WinDir%\$NtUninstallKB2686509$\spuninst\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB960803\byjayayar.abr (43 bytes)
%WinDir%\pchealth\helpctr\binaries\iazzzarib.yqa (43 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB2799329\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB2483185\update\bijrazyiy.aib (43 bytes)
%WinDir%\ie8\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB974318\bijrazyiy.aib (43 bytes)
%WinDir%\$NtUninstallKB2584146$\iazzzarib.yqa (43 bytes)
%WinDir%\ie8updates\KB982381-IE8\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB977816\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB2598479\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB960803$\spuninst\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB978542\update\rrrziiirr.qyr (43 bytes)
%WinDir%\$NtUninstallKB2712808$\spuninst\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB2653956\update\bijrazyiy.aib.iza (43 bytes)
%WinDir%\$hf_mig$\KB971657\update\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2686509\update\abrrararq.qjy (43 bytes)
%WinDir%\$NtUninstallKB956802$\spuninst\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2419632\rrrziiirr.qyr (43 bytes)
%Program Files%\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A93000000001}\rrrziiirr.qyr (43 bytes)
%WinDir%\$NtUninstallKB951978$\yqyajqiaq.jjrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB2620712\update\bijrazyiy.aib.iza (43 bytes)
%WinDir%\$NtUninstallKB968389$\spuninst\rrrziiirr.qyr (43 bytes)
%WinDir%\$NtUninstallKB2661637$\spuninst\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB979309\iazzzarib.yqa (43 bytes)
%Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB955759\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB952287\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2624667\yqyajqiaq.jjr (43 bytes)
%WinDir%\$NtUninstallKB2483185$\spuninst\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2799329\update\iazzzarib.yqa.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2478960\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB2631813\update\abrrararq.qjy.iza (43 bytes)
%WinDir%\$hf_mig$\KB2691442\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB956844\update\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2744842-IE8\update\yqyajqiaq.jjr (43 bytes)
%WinDir%\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\update\rrrziiirr.qyr (43 bytes)
%WinDir%\$NtUninstallKB2619339$\spuninst\byjayayar.abr (43 bytes)
%WinDir%\$NtUninstallKB978338$\spuninst\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB975025\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB978706\SP3QFE\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2779030\update\zbzbyqqjb.yjz.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2655992\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB974112\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB2761465\update\yqyajqiaq.jjr.jjr (43 bytes)
%WinDir%\SoftwareDistribution\Download\6006b16c1fd02cf49cb91496eb5460a0\update\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB973904\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2510581\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB968389\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2758857\byjayayar.abr (43 bytes)
%Program Files%\Outlook Express\iazzzarib.yqaiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB981997\update\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB2618451\update\abrrararq.qjy.iza (43 bytes)
%WinDir%\$NtUninstallKB972270$\spuninst\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB975713\abrrararq.qjy (43 bytes)
%WinDir%\$NtUninstallKB2624667$\spuninst\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB951978\SP3QFE\abrrararq.qjya.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2727528\rrrziiirr.qyr (43 bytes)
%WinDir%\$NtUninstallKB981322$\spuninst\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB975713\update\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB2712808\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2736233\update\byjayayar.abr (43 bytes)
%WinDir%\$NtUninstallKB978706$\spuninst\rrrziiirr.qyr (43 bytes)
%Program Files%\Outlook Express\rzqyjaaar.izaiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB973507\byjayayar.abr (43 bytes)
%Program Files%\NetMeeting\zbzbyqqjb.yjzrrrziiirr.qyr (43 bytes)
%WinDir%\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\abrrararq.qjy (43 bytes)
%WinDir%\$NtUninstallKB2510581$\spuninst\yqyajqiaq.jjr (43 bytes)
%WinDir%\$NtUninstallKB2659262$\spuninst\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$NtUninstallKB898461$\spuninst\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB971029\update\yqyajqiaq.jjr (43 bytes)
%WinDir%\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\update\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB956844\rzqyjaaar.iza (43 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\abrrararq.qjy (43 bytes)
%WinDir%\$NtUninstallKB975560$\spuninst\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2443105\update\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2387149\rrrziiirr.qyr (43 bytes)
%WinDir%\ie8\abrrararq.qjy (43 bytes)
%WinDir%\$NtUninstallKB2476490$\spuninst\byjayayar.abr (43 bytes)
%WinDir%\$NtUninstallKB2603381$\spuninst\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB978706\zbzbyqqjb.yjz (43 bytes)
%WinDir%\ie8updates\KB2618444-IE8\spuninst\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB979482\yqyajqiaq.jjr (43 bytes)
%WinDir%\SoftwareDistribution\Download\34e066ed95c1982b2564a07910fb791f\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB2506212\update\abrrararq.qjy (43 bytes)
%WinDir%\$NtUninstallKB2584146$\spuninst\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB973815\update\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB982665\update\zbzbyqqjb.yjz.qyr (43 bytes)
%WinDir%\$hf_mig$\KB956802\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB2510581\update\rzqyjaaar.iza (43 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\rrrziiirr.qyr (43 bytes)
%WinDir%\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\byjayayar.abr (43 bytes)
%WinDir%\inf\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$NtUninstallKB971657$\spuninst\byjayayar.abr (43 bytes)
%WinDir%\$NtUninstallKB2655992$\spuninst\abrrararq.qjy (43 bytes)
%WinDir%\$NtUninstallKB969059$\spuninst\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2757638\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB973815\bijrazyiy.aib (43 bytes)
%WinDir%\$NtUninstallKB2393802$\spuninst\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB2423089\SP3QFE\zbzbyqqjb.yjz (43 bytes)
%WinDir%\SoftwareDistribution\Download\c86138b508e29791909bf87cca82fe28\update\yqyajqiaq.jjr (43 bytes)
%WinDir%\$NtUninstallKB973904$\spuninst\abrrararq.qjy (43 bytes)
%Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB956572\abrrararq.qjy (43 bytes)
%WinDir%\$NtUninstallKB2506212$\spuninst\byjayayar.abr (43 bytes)
%WinDir%\$NtUninstallKB2481109$\spuninst\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB956572\SP3QFE\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB973869\update\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2585542\byjayayar.abr (43 bytes)
%WinDir%\$NtUninstallKB2698365$\spuninst\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB971657\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB946648$\spuninst\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2779030\abrrararq.qjy (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iraazy.ryrj.qqa (43 bytes)
%WinDir%\ie8updates\KB2598845-IE8\spuninst\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB956744\byjayayar.abr (43 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2393802\SP3QFE\iazzzarib.yqa (43 bytes)
%WinDir%\SoftwareDistribution\Download\3b8bc9bbfdb19e4227d5a553f3206c44\bijrazyiy.aib (43 bytes)
%WinDir%\$NtUninstallKB974571$\spuninst\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB2508429\update\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB956744\update\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB981997\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB979482\update\rzqyjaaar.iza (43 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB2566454\iazzzarib.yqa (43 bytes)
%WinDir%\SoftwareDistribution\Download\59732c3a78c987eaec1ee41ab88e3da8\update\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB973507\update\iazzzarib.yqa (43 bytes)
%WinDir%\SoftwareDistribution\Download\c86138b508e29791909bf87cca82fe28\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB952954\rrrziiirr.qyr (43 bytes)
%Program Files%\Windows NT\bijrazyiy.aib (43 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB2544521\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB975025\update\iazzzarib.yqa (43 bytes)
%WinDir%\$NtUninstallKB978542$\spuninst\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB2631813\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2360937\yqyajqiaq.jjr (43 bytes)
%WinDir%\$NtUninstallKB2485663$\spuninst\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB982381-IE8\SP3QFE\yqyajqiaq.jjr (43 bytes)
%WinDir%\$NtUninstallKB2618451$\spuninst\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB952004\update\bijrazyiy.aiba.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2624667\update\rzqyjaaar.iza.iza (43 bytes)
%WinDir%\$hf_mig$\KB960859\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB2440591$\spuninst\rrrziiirr.qyr (43 bytes)
%WinDir%\SoftwareDistribution\Download\59732c3a78c987eaec1ee41ab88e3da8\abrrararq.qjy (43 bytes)
%WinDir%\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3QFE\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$NtUninstallKB973540_WM9$\spuninst\yqyajqiaq.jjr (43 bytes)
%Program Files%\MSN Gaming Zone\Windows\rzqyjaaar.izaa (43 bytes)
%WinDir%\$NtUninstallKB952287$\spuninst\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB974112\update\iazzzarib.yqa (43 bytes)
%WinDir%\$NtUninstallKB2423089$\spuninst\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB952287\update\rzqyjaaar.izaa.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2598845-IE8\update\zbzbyqqjb.yjz (43 bytes)
%WinDir%\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\iazzzarib.yqa (43 bytes)
%WinDir%\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\update\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB959426\abrrararq.qjy (43 bytes)
%WinDir%\$NtUninstallKB2653956$\spuninst\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB982132\iazzzarib.yqa (43 bytes)
%WinDir%\$NtUninstallKB956744$\spuninst\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2736233\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB2770660\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB975467\bijrazyiy.aib (43 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\byjayayar.abr (43 bytes)
%WinDir%\$NtUninstallKB960859$\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB975560\update\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB978706\update\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB952954\update\abrrararq.qjya.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2618451\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2478960\update\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB969059\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB950762\iazzzarib.yqa (43 bytes)
%WinDir%\$NtUninstallKB974112$\spuninst\zbzbyqqjb.yjz (43 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\iazzzarib.yqa (43 bytes)
%WinDir%\$NtUninstallKB923561$\rrrziiirr.qyrjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB973869\rzqyjaaar.iza (43 bytes)
%WinDir%\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2467659\update\zbzbyqqjb.yjz (43 bytes)
%Program Files%\MSN Gaming Zone\Windows\yqyajqiaq.jjra (43 bytes)
%WinDir%\$NtUninstallKB2761465$\spuninst\rrrziiirr.qyr (43 bytes)
%WinDir%\$NtUninstallKB2736233$\spuninst\iazzzarib.yqa (43 bytes)
%WinDir%\$NtUninstallKB977816$\spuninst\byjayayar.abr (43 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB950974\yqyajqiaq.jjr (43 bytes)
%WinDir%\SoftwareDistribution\Download\85ef43cf285b550a459dd3afbad2f0b8\bijrazyiy.aib (43 bytes)
%WinDir%\$NtUninstallKB951978$\iazzzarib.yqayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB971029\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB2360937\update\rzqyjaaar.izayqar (43 bytes)
%WinDir%\$NtUninstallKB950974$\spuninst\byjayayar.abr (43 bytes)
%WinDir%\$hf_mig$\KB2584146\abrrararq.qjy (43 bytes)
%Program Files%\Windows NT\Accessories\iazzzarib.yqar (43 bytes)
%WinDir%\$hf_mig$\KB960859\SP3QFE\yqyajqiaq.jjr (43 bytes)
%WinDir%\$NtUninstallKB981997$\spuninst\iazzzarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB2619339\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB2584146\update\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$NtUninstallKB2799329$\spuninst\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB898461\bijrazyiy.aib (43 bytes)
C:\totalcmd\iazzzarib.yqa (43 bytes)
%WinDir%\$NtUninstallKB952004$\spuninst\rzqyjaaar.iza (43 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\yqyajqiaq.jjr (43 bytes)
%WinDir%\$NtUninstallKB950762$\spuninst\zbzbyqqjb.yjz (43 bytes)
%Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2485663\update\rzqyjaaar.iza (43 bytes)
%WinDir%\SoftwareDistribution\Download\982ca70dcc7d7c5793e4584ca12bd6a6\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB951978\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB2443105\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB955759$\spuninst\bijrazyiy.aib (43 bytes)
%WinDir%\$hf_mig$\KB2646524\update\byjayayar.abr.iza (43 bytes)
%WinDir%\$NtUninstallKB2387149$\spuninst\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB2724197\yqyajqiaq.jjr (43 bytes)
%WinDir%\$hf_mig$\KB2698365\update\bijrazyiy.aib (43 bytes)
%WinDir%\ie8updates\KB2744842-IE8\spuninst\rzqyjaaar.iza (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\bijrazyiy.aibarib.yqa (43 bytes)
%WinDir%\$hf_mig$\KB969059\update\iazzzarib.yqa (43 bytes)
%WinDir%\SoftwareDistribution\Download\982ca70dcc7d7c5793e4584ca12bd6a6\update\abrrararq.qjy (43 bytes)
%Program Files%\Windows Media Player\abrrararq.qjyqyr (43 bytes)
%WinDir%\$hf_mig$\KB2749655\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB2724197$\spuninst\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB2698365\iazzzarib.yqa (43 bytes)
%Program Files%\Windows NT\Pinball\yqyajqiaq.jjr.yqar (43 bytes)
%WinDir%\$NtUninstallKB975558_WM8$\spuninst\rrrziiirr.qyr (43 bytes)
%WinDir%\$NtUninstallKB2676562$\spuninst\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2481109\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB2618444-IE8\update\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB2479943\update\rrrziiirr.qyr (43 bytes)
%WinDir%\$NtUninstallKB2758857$\spuninst\rzqyjaaar.iza (43 bytes)
%WinDir%\$hf_mig$\KB2686509\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB968389\update\zbzbyqqjb.yjz (43 bytes)
%WinDir%\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\yqyajqiaq.jjr (43 bytes)
%WinDir%\$NtUninstallKB973869$\spuninst\rrrziiirr.qyr (43 bytes)
%Program Files%\Common Files\Microsoft Shared\MSInfo\abrrararq.qjy (43 bytes)
%WinDir%\$hf_mig$\KB973904\update\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB2598845-IE8\abrrararq.qjy (43 bytes)
%WinDir%\SoftwareDistribution\Download\5721b309e042b0a08775c2542421fa18\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB2508429$\spuninst\bijrazyiy.aib (43 bytes)
%WinDir%\$NtUninstallKB2646524$\spuninst\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB975713$\spuninst\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$hf_mig$\KB2229593\update\byjayayar.abryqar (43 bytes)
%WinDir%\$hf_mig$\KB2598479\update\rrrziiirr.qyr (43 bytes)
%WinDir%\$hf_mig$\KB2676562\update\rzqyjaaar.iza (43 bytes)
%WinDir%\$NtUninstallKB2467659$\spuninst\zbzbyqqjb.yjz (43 bytes)
%WinDir%\$NtUninstallKB2779562$\spuninst\byjayayar.abr (43 bytes)
%Program Files%\NetMeeting\byjayayar.abrrrrziiirr.qyr (43 bytes)
%WinDir%\$NtUninstallKB2757638$\spuninst\yqyajqiaq.jjr (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ayyzjy.iryj.qqa (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ayqyri.zjzj.qqa (43 bytes)
%WinDir%\SoftwareDistribution\DataStore\Logs\edb.chk (100 bytes)
%WinDir%\SoftwareDistribution\DataStore\Logs\edb.log (4392 bytes)
%WinDir%\SoftwareDistribution\DataStore\DataStore.edb (100 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"x32x" = "%WinDir%\xwrm.exe"

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

Network Activity

Map

Strings from Dumps