Skip to main content

Virus.Win32.Duel_0f236eb343


DeepScan:Generic.Malware.SIM!g.75672BF8 (BitDefender), Virus:Win32/Duel.A@mm (Microsoft), HEUR:Trojan.Win32.Generic (Kaspersky), LooksLike.Win32.Malware!B (v) (VIPRE), Win32.XWorm.1 (DrWeb), Artemis!0F236EB34359 (McAfee), W32.Mixor (Symantec), Email-Worm.Win32.Brontok (Ikarus), DeepScan:Generic.Malware.SIM!g.75672BF8 (FSecure), I-Worm/Luder.A (AVG), Win32:Sality (Avast), Mal_Xed-3 (TrendMicro), Virus.Win32.Duel.FD, GenericEmailWorm.YR, GenericIRCBot.YR (Lavasoft MAS)Behaviour: Trojan, Worm, Email-Worm, EmailWorm, Virus, IRCBot

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: 0f236eb3435921166f15adb1f5f9d9a0

SHA1: 8acc65569a58a2e772cd23a372994a6e785828f2

SHA256: bf7e7d456f5bdbfec222f558968ecdb6fd3874e7e5d6849b519c769986e12623

SSDeep: 1536:aBa6NsMdoG0OO7UKZzV00yA 6hkhk/48XY63CoV 0/:ea6NsqxRKzVd 6EkVXrSaZ/

Size: 110080 bytes

File type: EXE

Platform: WIN32

Entropy: Not Packed

PEID: UPolyXv05_v6

Company: Frserira s

Created at: no data

Analyzed on: WindowsXP SP3 32-bit

Summary: Virus. A program that recursively replicates a possibly evolved copy of itself.

Dynamic Analysis

Payload

Behaviour Description
EmailWormWorm can send e-mails.
IRCBotA bot can communicate with command and control servers via IRC channel.


Process activity

The Virus creates the following process(es):

jzbyjayay.ara:3812
jzbyjayay.ara:3368
%original file name%.exe:2692

The Virus injects its code into the following process(es):No processes have been created.

File activity

The process jzbyjayay.ara:3812 makes changes in the file system.


The Virus creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\arrzia.aijr.iqj (110 bytes)

The process jzbyjayay.ara:3368 makes changes in the file system.


The Virus creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\bbyqbj.rajr.iqj (110 bytes)

The process %original file name%.exe:2692 makes changes in the file system.


The Virus creates and/or writes to the following file(s):

%WinDir%\$hf_mig$\KB2631813\zarrrziii.rrq (601 bytes)
%WinDir%\$hf_mig$\KB951978\jyzbzbyqq.jby (601 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\jyzbzbyqq.jby (601 bytes)
%WinDir%\$hf_mig$\KB973869\update\zarrrziii.rrq (601 bytes)
%WinDir%\$NtUninstallKB2510581$\spuninst\ibyqyajqi.aqj (1137 bytes)
%Program Files%\Windows NT\qabijrazy.iya (601 bytes)
%WinDir%\$hf_mig$\KB982132\briazzzar.iby (601 bytes)
%WinDir%\$hf_mig$\KB952954\zarrrziii.rrq (601 bytes)
%WinDir%\$hf_mig$\KB2691442\jyzbzbyqq.jby (601 bytes)
%Program Files%\Outlook Express\zarrrziii.rrqziii.rrq (601 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\ibyqyajqi.aqj (601 bytes)
%WinDir%\$hf_mig$\KB979482\ibyqyajqi.aqj (601 bytes)
%WinDir%\$hf_mig$\KB2506212\update\yrabrrara.rqq (601 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\jzbyjayay.ara (601 bytes)
%WinDir%\$hf_mig$\KB2360937\update\jrrzqyjaa.ariibyq (601 bytes)
C:\Perl\bin\qabijrazy.iya (601 bytes)
%WinDir%\$hf_mig$\KB2712808\ibyqyajqi.aqj (601 bytes)
%WinDir%\$hf_mig$\KB974571\yrabrrara.rqq (601 bytes)
%WinDir%\$hf_mig$\KB2661637\update\yrabrrara.rqq.ari (601 bytes)
%WinDir%\$hf_mig$\KB971657\update\zarrrziii.rrq (601 bytes)
%Program Files%\Windows Media Player\jzbyjayay.ara (601 bytes)
%WinDir%\$hf_mig$\KB2479943\update\zarrrziii.rrq (601 bytes)
%Program Files%\NetMeeting\jyzbzbyqq.jbyzarrrziii.rrq (601 bytes)
%WinDir%\$hf_mig$\KB973904\yrabrrara.rqq (601 bytes)
%WinDir%\$hf_mig$\KB2618444-IE8\ibyqyajqi.aqj (601 bytes)
%WinDir%\$hf_mig$\KB950974\ibyqyajqi.aqj (601 bytes)
%Program Files%\Outlook Express\jrrzqyjaa.ariziii.rrq (601 bytes)
%WinDir%\$hf_mig$\KB952287\ibyqyajqi.aqj (601 bytes)
%WinDir%\$hf_mig$\KB2393802\ibyqyajqi.aqj (601 bytes)
%WinDir%\$hf_mig$\KB950762\update\qabijrazy.iyay.aqj (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\briazzzar.iby (601 bytes)
%WinDir%\$hf_mig$\KB975025\jzbyjayay.ara (601 bytes)
%WinDir%\$hf_mig$\KB974318\update\ibyqyajqi.aqj (601 bytes)
%Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\zarrrziii.rrq (601 bytes)
%WinDir%\$NtUninstallKB2378111_WM9$\spuninst\zarrrziii.rrq (1137 bytes)
%Program Files%\Wireshark\yrabrrara.rqq (601 bytes)
%WinDir%\$NtUninstallKB2479943$\spuninst\qabijrazy.iya (1137 bytes)
%WinDir%\$hf_mig$\KB2661637\zarrrziii.rrq (601 bytes)
%WinDir%\$NtUninstallKB2419632$\spuninst\qabijrazy.iya (1137 bytes)
%Program Files%\Outlook Express\briazzzar.ibyziii.rrq (601 bytes)
%WinDir%\$hf_mig$\KB951978\SP3QFE\yrabrrara.rqqy.aqj (601 bytes)
%WinDir%\$hf_mig$\KB972270\yrabrrara.rqq (601 bytes)
%Program Files%\WinPcap\jrrzqyjaa.ariyqyajqi.aqj.ibyq (601 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\jrrzqyjaa.ari (601 bytes)
%WinDir%\$hf_mig$\KB2506212\zarrrziii.rrq (601 bytes)
%WinDir%\$hf_mig$\KB2535512\update\yrabrrara.rqq (601 bytes)
%WinDir%\$hf_mig$\KB2443105\update\zarrrziii.rrq (601 bytes)
%WinDir%\$hf_mig$\KB2618451\update\yrabrrara.rqq.ari (601 bytes)
%WinDir%\$hf_mig$\KB2727528\update\yrabrrara.rqq (601 bytes)
%WinDir%\$hf_mig$\KB2779030\update\jyzbzbyqq.jby.aqj (601 bytes)
%WinDir%\$hf_mig$\KB2646524\update\jzbyjayay.ara.ari (601 bytes)
%WinDir%\$hf_mig$\KB973904\update\jyzbzbyqq.jby (601 bytes)
%WinDir%\$hf_mig$\KB2749655\jrrzqyjaa.ari (601 bytes)
%WinDir%\$hf_mig$\KB898461\update\ibyqyajqi.aqjy.aqj (601 bytes)
%WinDir%\$hf_mig$\KB956802\update\ibyqyajqi.aqj (601 bytes)
%WinDir%\$hf_mig$\KB959426\yrabrrara.rqq (601 bytes)
%WinDir%\$hf_mig$\KB2619339\jyzbzbyqq.jby (601 bytes)
%WinDir%\$hf_mig$\KB923561\SP3QFE\jrrzqyjaa.ariy.aqj (601 bytes)
%WinDir%\$hf_mig$\KB960859\SP3QFE\qabijrazy.iya (601 bytes)
%WinDir%\$hf_mig$\KB2387149\update\yrabrrara.rqqibyq (601 bytes)
%WinDir%\$hf_mig$\KB2598479\jrrzqyjaa.ari (601 bytes)
%WinDir%\$hf_mig$\KB2619339\update\jzbyjayay.ara.ari (601 bytes)
%WinDir%\$hf_mig$\KB2799329\jzbyjayay.ara (601 bytes)
%WinDir%\$hf_mig$\KB979309\update\qabijrazy.iya (601 bytes)
%WinDir%\$hf_mig$\KB982381-IE8\jrrzqyjaa.ari (601 bytes)
%WinDir%\$hf_mig$\KB981997\update\jzbyjayay.ara (601 bytes)
%WinDir%\$hf_mig$\KB2584146\yrabrrara.rqq (601 bytes)
%WinDir%\$hf_mig$\KB2744842-IE8\SP3QFE\briazzzar.iby (601 bytes)
%WinDir%\$hf_mig$\KB2423089\update\briazzzar.iby (601 bytes)
%Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\jrrzqyjaa.ari (601 bytes)
%WinDir%\$hf_mig$\KB2393802\update\jrrzqyjaa.ari (601 bytes)
%WinDir%\$hf_mig$\KB2347290\briazzzar.iby (601 bytes)
%WinDir%\$hf_mig$\KB2393802\SP3QFE\briazzzar.iby (601 bytes)
%WinDir%\$hf_mig$\KB2419632\zarrrziii.rrq (601 bytes)
%WinDir%\$hf_mig$\KB2476490\update\briazzzar.iby (601 bytes)
%WinDir%\$hf_mig$\KB2736233\update\jzbyjayay.ara (601 bytes)
%WinDir%\$hf_mig$\KB2744842-IE8\qabijrazy.iya (601 bytes)
%WinDir%\$hf_mig$\KB2115168\zarrrziii.rrq (601 bytes)
%WinDir%\$hf_mig$\KB956744\jzbyjayay.ara (601 bytes)
%Program Files%\Common Files\Microsoft Shared\DW\zarrrziii.rrq (601 bytes)
%WinDir%\$hf_mig$\KB2598845-IE8\update\jyzbzbyqq.jby (601 bytes)
%WinDir%\$hf_mig$\KB2585542\update\briazzzar.iby (601 bytes)
%WinDir%\$hf_mig$\KB2758857\update\briazzzar.iby.aqj (601 bytes)
%Program Files%\Common Files\Microsoft Shared\MSInfo\yrabrrara.rqq (601 bytes)
%WinDir%\$hf_mig$\KB974392\jrrzqyjaa.ari (601 bytes)
%WinDir%\$hf_mig$\KB977816\update\briazzzar.iby (601 bytes)
%WinDir%\$hf_mig$\KB2598479\update\zarrrziii.rrq (601 bytes)
%WinDir%\$hf_mig$\KB2508429\briazzzar.iby (601 bytes)
%WinDir%\$hf_mig$\KB2507938\update\jzbyjayay.ara (601 bytes)
%Program Files%\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A93000000001}\zarrrziii.rrq (601 bytes)
%WinDir%\$hf_mig$\KB2761465\update\ibyqyajqi.aqj.aqj (601 bytes)
%WinDir%\$NtUninstallKB2440591$\spuninst\zarrrziii.rrq (1137 bytes)
%WinDir%\$hf_mig$\KB973507\update\briazzzar.iby (601 bytes)
%WinDir%\$NtUninstallKB2566454$\spuninst\jyzbzbyqq.jby (1137 bytes)
%WinDir%\$hf_mig$\KB2620712\update\qabijrazy.iya.ari (601 bytes)
%WinDir%\$NtUninstallKB2467659$\spuninst\jyzbzbyqq.jby (1137 bytes)
%Program Files%\Outlook Express\qabijrazy.iyaziii.rrq (601 bytes)
%WinDir%\$hf_mig$\KB898461\qabijrazy.iya (601 bytes)
%WinDir%\$hf_mig$\KB2712808\update\jrrzqyjaa.ari (601 bytes)
%WinDir%\$hf_mig$\KB950762\briazzzar.iby (601 bytes)
%WinDir%\$NtUninstallKB2506212$\spuninst\jzbyjayay.ara (1137 bytes)
%WinDir%\$hf_mig$\KB2584146\SP3QFE\zarrrziii.rrq (601 bytes)
%WinDir%\$hf_mig$\KB2757638\update\jyzbzbyqq.jby.aqj (601 bytes)
%WinDir%\$hf_mig$\KB2585542\jzbyjayay.ara (601 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\zarrrziii.rrq (601 bytes)
%WinDir%\$NtUninstallKB2387149$\spuninst\yrabrrara.rqq (1137 bytes)
D:\jyzbzbyqq.jby (601 bytes)
%WinDir%\$hf_mig$\KB2510581\update\jrrzqyjaa.ari (601 bytes)
C:\Perl\bin\ibyqyajqi.aqj (601 bytes)
%Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\yrabrrara.rqq (601 bytes)
%WinDir%\$hf_mig$\KB956802\qabijrazy.iya (601 bytes)
%WinDir%\$hf_mig$\KB978338\update\ibyqyajqi.aqj (601 bytes)
%WinDir%\$hf_mig$\KB2646524\jyzbzbyqq.jby (601 bytes)
%Program Files%\Wireshark\ibyqyajqi.aqj (601 bytes)
%WinDir%\$hf_mig$\KB2440591\qabijrazy.iya (601 bytes)
%WinDir%\$hf_mig$\KB2507938\jyzbzbyqq.jby (601 bytes)
%WinDir%\$hf_mig$\KB956572\SP3QFE\ibyqyajqi.aqj (601 bytes)
%WinDir%\$hf_mig$\KB956844\jrrzqyjaa.ari (601 bytes)
%WinDir%\$hf_mig$\KB2570947\update\jrrzqyjaa.ari (601 bytes)
%WinDir%\$hf_mig$\KB2653956\update\qabijrazy.iya.ari (601 bytes)
%WinDir%\$hf_mig$\KB971029\update\ibyqyajqi.aqj (601 bytes)
%WinDir%\$hf_mig$\KB2584146\update\jyzbzbyqq.jby (601 bytes)
%WinDir%\$hf_mig$\KB982665\update\jyzbzbyqq.jby.rrq (601 bytes)
%WinDir%\$hf_mig$\KB2603381\update\briazzzar.iby.jby (601 bytes)
%WinDir%\$hf_mig$\KB982132\update\qabijrazy.iya (601 bytes)
%WinDir%\$hf_mig$\KB2467659\update\jyzbzbyqq.jby (601 bytes)
%WinDir%\$hf_mig$\KB982381-IE8\SP3QFE\ibyqyajqi.aqj (601 bytes)
%WinDir%\$NtUninstallKB2485663$\spuninst\jyzbzbyqq.jby (1137 bytes)
%WinDir%\$hf_mig$\KB2727528\zarrrziii.rrq (601 bytes)
%WinDir%\$hf_mig$\KB2691442\update\jzbyjayay.ara (601 bytes)
%Program Files%\Wireshark\qabijrazy.iya (601 bytes)
%WinDir%\$hf_mig$\KB2631813\update\yrabrrara.rqq.ari (601 bytes)
%WinDir%\$NtUninstallKB2443105$\spuninst\yrabrrara.rqq (1137 bytes)
%WinDir%\$hf_mig$\KB2478960\update\ibyqyajqi.aqj (601 bytes)
%WinDir%\$hf_mig$\KB2481109\jyzbzbyqq.jby (601 bytes)
%WinDir%\$hf_mig$\KB960803\update\briazzzar.iby (601 bytes)
%Program Files%\Wireshark\jzbyjayay.ara (601 bytes)
%Program Files%\Windows NT\Accessories\briazzzar.ibyq (601 bytes)
%WinDir%\$hf_mig$\KB981997\jyzbzbyqq.jby (601 bytes)
%WinDir%\$hf_mig$\KB2653956\briazzzar.iby (601 bytes)
%WinDir%\$hf_mig$\KB969059\update\briazzzar.iby (601 bytes)
%WinDir%\$NtUninstallKB2483185$\spuninst\yrabrrara.rqq (1137 bytes)
%Program Files%\MSN Gaming Zone\Windows\jrrzqyjaa.ariy (601 bytes)
%WinDir%\$hf_mig$\KB2423089\jzbyjayay.ara (601 bytes)
%WinDir%\$hf_mig$\KB973815\update\ibyqyajqi.aqj (601 bytes)
%WinDir%\$hf_mig$\KB978706\SP3QFE\yrabrrara.rqq (601 bytes)
%WinDir%\$hf_mig$\KB2624667\update\jrrzqyjaa.ari.ari (601 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\qabijrazy.iya (601 bytes)
%WinDir%\$hf_mig$\KB2799329\update\briazzzar.iby.aqj (601 bytes)
%WinDir%\$hf_mig$\KB923561\update\yrabrrara.rqqy.aqj (601 bytes)
%WinDir%\$hf_mig$\KB2483185\briazzzar.iby (601 bytes)
%WinDir%\$hf_mig$\KB974318\qabijrazy.iya (601 bytes)
%WinDir%\$hf_mig$\KB979482\update\jrrzqyjaa.ari (601 bytes)
%WinDir%\$hf_mig$\KB982381-IE8\update\zarrrziii.rrq (601 bytes)
%WinDir%\$hf_mig$\KB2770660\update\zarrrziii.rrq.aqj (601 bytes)
%WinDir%\$hf_mig$\KB2440591\update\ibyqyajqi.aqj (601 bytes)
%WinDir%\$hf_mig$\KB2686509\zarrrziii.rrq (601 bytes)
%WinDir%\$hf_mig$\KB975467\update\ibyqyajqi.aqj (601 bytes)
%WinDir%\$hf_mig$\KB979309\briazzzar.iby (601 bytes)
%WinDir%\$hf_mig$\KB2655992\update\jrrzqyjaa.ari.ari (601 bytes)
%WinDir%\$hf_mig$\KB975025\update\briazzzar.iby (601 bytes)
%WinDir%\$hf_mig$\KB2423089\SP3QFE\jyzbzbyqq.jby (601 bytes)
%WinDir%\$hf_mig$\KB2618444-IE8\update\jrrzqyjaa.ari (601 bytes)
%WinDir%\$hf_mig$\KB2478960\qabijrazy.iya (601 bytes)
%WinDir%\$hf_mig$\KB975713\update\jyzbzbyqq.jby (601 bytes)
%WinDir%\$hf_mig$\KB2510581\ibyqyajqi.aqj (601 bytes)
%WinDir%\$hf_mig$\KB2618451\zarrrziii.rrq (601 bytes)
%WinDir%\$hf_mig$\KB2360937\ibyqyajqi.aqj (601 bytes)
%WinDir%\$hf_mig$\KB973869\jrrzqyjaa.ari (601 bytes)
%WinDir%\$hf_mig$\KB950974\update\jrrzqyjaa.ariy.aqj (601 bytes)
C:\totalcmd\briazzzar.iby (601 bytes)
%WinDir%\$hf_mig$\KB977816\jzbyjayay.ara (601 bytes)
%WinDir%\$hf_mig$\KB2744842-IE8\update\ibyqyajqi.aqj (601 bytes)
%WinDir%\$NtUninstallKB2508429$\spuninst\qabijrazy.iya (1137 bytes)
%WinDir%\$hf_mig$\KB2535512\zarrrziii.rrq (601 bytes)
%WinDir%\$hf_mig$\KB2655992\ibyqyajqi.aqj (601 bytes)
%WinDir%\$hf_mig$\KB955759\update\jzbyjayay.aray.aqj (601 bytes)
%WinDir%\$hf_mig$\KB2347290\update\qabijrazy.iyaibyq (601 bytes)
%WinDir%\$hf_mig$\KB2618444-IE8\SP3QFE\qabijrazy.iya (601 bytes)
%WinDir%\$hf_mig$\KB2686509\update\yrabrrara.rqq (601 bytes)
%WinDir%\$hf_mig$\KB974571\update\jyzbzbyqq.jby (601 bytes)
%WinDir%\$hf_mig$\KB978706\update\jzbyjayay.ara (601 bytes)
%Program Files%\Wireshark\jyzbzbyqq.jby (601 bytes)
%WinDir%\$hf_mig$\KB952954\update\yrabrrara.rqqy.aqj (601 bytes)
%WinDir%\$NtUninstallKB2393802$\spuninst\briazzzar.iby (1137 bytes)
%WinDir%\$hf_mig$\KB982665\yrabrrara.rqq (601 bytes)
%WinDir%\$hf_mig$\KB952004\update\qabijrazy.iyay.aqj (601 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\briazzzar.iby (601 bytes)
%WinDir%\$hf_mig$\KB974112\jzbyjayay.ara (601 bytes)
%WinDir%\$hf_mig$\KB2724197\update\jrrzqyjaa.ari (601 bytes)
%WinDir%\$NtUninstallKB2535512$\spuninst\jrrzqyjaa.ari (1137 bytes)
%WinDir%\$hf_mig$\KB2676562\ibyqyajqi.aqj (601 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\briazzzar.iby (601 bytes)
%WinDir%\$hf_mig$\KB981322\zarrrziii.rrq (601 bytes)
%WinDir%\$NtUninstallKB2478960$\spuninst\briazzzar.iby (1137 bytes)
%WinDir%\$hf_mig$\KB2481109\update\jzbyjayay.ara (601 bytes)
%WinDir%\$hf_mig$\KB2467659\yrabrrara.rqq (601 bytes)
%Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\ibyqyajqi.aqj (601 bytes)
%WinDir%\$hf_mig$\KB2620712\briazzzar.iby (601 bytes)
%WinDir%\xwrm.exe (536 bytes)
%WinDir%\$hf_mig$\KB2115168\update\yrabrrara.rqqibyq (601 bytes)
%WinDir%\$hf_mig$\KB952287\update\jrrzqyjaa.ariy.aqj (601 bytes)
%WinDir%\$hf_mig$\KB975560\jrrzqyjaa.ari (601 bytes)
%WinDir%\$hf_mig$\KB2592799\update\ibyqyajqi.aqj (601 bytes)
%WinDir%\$hf_mig$\KB981322\update\yrabrrara.rqq (601 bytes)
C:\totalcmd\jzbyjayay.ara (601 bytes)
%WinDir%\$hf_mig$\KB2770660\jrrzqyjaa.ari (601 bytes)
%WinDir%\$hf_mig$\KB952004\briazzzar.iby (601 bytes)
%WinDir%\$hf_mig$\KB2566454\briazzzar.iby (601 bytes)
%WinDir%\$hf_mig$\KB972270\update\jyzbzbyqq.jby (601 bytes)
%Program Files%\MSN Gaming Zone\Windows\ibyqyajqi.aqjy (601 bytes)
%WinDir%\$hf_mig$\KB956572\SP3QFE\briazzzar.iby (601 bytes)
%WinDir%\$hf_mig$\KB975560\update\zarrrziii.rrq (601 bytes)
%WinDir%\$hf_mig$\KB2570947\ibyqyajqi.aqj (601 bytes)
%Program Files%\Common Files\Adobe\Updater6\ibyqyajqi.aqj (601 bytes)
%WinDir%\$NtUninstallKB2423089$\spuninst\ibyqyajqi.aqj (1137 bytes)
%WinDir%\$hf_mig$\KB2481109\SP3QFE\yrabrrara.rqq (601 bytes)
%WinDir%\$hf_mig$\KB2736233\jyzbzbyqq.jby (601 bytes)
%WinDir%\$hf_mig$\KB2598845-IE8\yrabrrara.rqq (601 bytes)
%WinDir%\$hf_mig$\KB2443105\jrrzqyjaa.ari (601 bytes)
%WinDir%\$hf_mig$\KB968389\update\jyzbzbyqq.jby (601 bytes)
%WinDir%\$hf_mig$\KB2419632\update\yrabrrara.rqq (601 bytes)
%WinDir%\$hf_mig$\KB971657\jrrzqyjaa.ari (601 bytes)
%WinDir%\$hf_mig$\KB2698365\briazzzar.iby (601 bytes)
%WinDir%\$NtUninstallKB2476490$\spuninst\jzbyjayay.ara (1137 bytes)
%WinDir%\$hf_mig$\KB2592799\qabijrazy.iya (601 bytes)
%WinDir%\$hf_mig$\KB2761465\qabijrazy.iya (601 bytes)
%Program Files%\Windows Media Player\jyzbzbyqq.jby (601 bytes)
%WinDir%\$hf_mig$\KB923561\zarrrziii.rrq (601 bytes)
%WinDir%\$hf_mig$\KB971029\qabijrazy.iya (601 bytes)
%WinDir%\$hf_mig$\KB2603381\jzbyjayay.ara (601 bytes)
%WinDir%\$NtUninstallKB2544521$\spuninst\zarrrziii.rrq (1137 bytes)
%WinDir%\$hf_mig$\KB2544521\jyzbzbyqq.jby (601 bytes)
%WinDir%\$NtUninstallKB2570947$\spuninst\jzbyjayay.ara (1137 bytes)
%Program Files%\Common Files\Microsoft Shared\DW\jrrzqyjaa.ari (601 bytes)
%WinDir%\$hf_mig$\KB959426\update\jyzbzbyqq.jby (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\qabijrazy.iyazzar.iby (601 bytes)
%WinDir%\$hf_mig$\KB978542\update\zarrrziii.rrq (601 bytes)
%WinDir%\$hf_mig$\KB955759\jyzbzbyqq.jby (601 bytes)
%Program Files%\Windows Media Player\yrabrrara.rqqrrq (601 bytes)
%WinDir%\$hf_mig$\KB960803\jzbyjayay.ara (601 bytes)
%WinDir%\$hf_mig$\KB978338\qabijrazy.iya (601 bytes)
%WinDir%\$hf_mig$\KB2476490\jzbyjayay.ara (601 bytes)
%WinDir%\$hf_mig$\KB969059\jzbyjayay.ara (601 bytes)
%WinDir%\$hf_mig$\KB978706\jyzbzbyqq.jby (601 bytes)
%Program Files%\Wireshark\briazzzar.iby (601 bytes)
%WinDir%\$hf_mig$\KB973507\jzbyjayay.ara (601 bytes)
%WinDir%\$hf_mig$\KB974112\update\briazzzar.iby (601 bytes)
%WinDir%\$hf_mig$\KB2698365\update\qabijrazy.iya (601 bytes)
%WinDir%\$hf_mig$\KB951978\update\jzbyjayay.aray.aqj (601 bytes)
%WinDir%\$NtUninstallKB2481109$\spuninst\zarrrziii.rrq (1137 bytes)
%WinDir%\$hf_mig$\KB956572\yrabrrara.rqq (601 bytes)
%WinDir%\$NtUninstallKB2564958$\spuninst\yrabrrara.rqq (1137 bytes)
%WinDir%\$hf_mig$\KB2508429\update\qabijrazy.iya (601 bytes)
%WinDir%\$hf_mig$\KB975713\yrabrrara.rqq (601 bytes)
%WinDir%\$NtUninstallKB2507938$\spuninst\briazzzar.iby (1137 bytes)
%WinDir%\$hf_mig$\KB2229593\jyzbzbyqq.jby (601 bytes)
%WinDir%\$hf_mig$\KB960859\jrrzqyjaa.ari (601 bytes)
%Program Files%\MSN Gaming Zone\Windows\zarrrziii.rrq (601 bytes)
%WinDir%\$hf_mig$\KB956572\update\jyzbzbyqq.jby (601 bytes)
%WinDir%\$hf_mig$\KB960859\SP3QFE\ibyqyajqi.aqj (601 bytes)
%Program Files%\Windows NT\Pinball\ibyqyajqi.aqj.ibyq (601 bytes)
%Program Files%\NetMeeting\jzbyjayay.arazarrrziii.rrq (601 bytes)
%WinDir%\$hf_mig$\KB946648\update\jzbyjayay.aray.aqj (601 bytes)
%WinDir%\$hf_mig$\KB2624667\ibyqyajqi.aqj (601 bytes)
%WinDir%\$hf_mig$\KB2566454\update\qabijrazy.iya (601 bytes)
%WinDir%\$hf_mig$\KB946648\jyzbzbyqq.jby (601 bytes)
%WinDir%\$hf_mig$\KB968389\yrabrrara.rqq (601 bytes)
%Program Files%\NetMeeting\yrabrrara.rqqzarrrziii.rrq (601 bytes)
%WinDir%\$hf_mig$\KB2719985\update\yrabrrara.rqq (601 bytes)
%WinDir%\$hf_mig$\KB956844\update\zarrrziii.rrq (601 bytes)
%WinDir%\$hf_mig$\KB2544521\update\jzbyjayay.ara (601 bytes)
%Program Files%\MSN Gaming Zone\Windows\qabijrazy.iyay (601 bytes)
%WinDir%\$hf_mig$\KB973815\qabijrazy.iya (601 bytes)
%WinDir%\$hf_mig$\KB2749655\update\zarrrziii.rrq.aqj (601 bytes)
%WinDir%\$hf_mig$\KB2758857\jzbyjayay.ara (601 bytes)
%WinDir%\$hf_mig$\KB2485663\update\jrrzqyjaa.ari (601 bytes)
%WinDir%\$hf_mig$\KB2483185\update\qabijrazy.iya (601 bytes)
%WinDir%\$hf_mig$\KB975467\qabijrazy.iya (601 bytes)
C:\Perl\bin\briazzzar.iby (601 bytes)
%WinDir%\$hf_mig$\KB2676562\update\jrrzqyjaa.ari (601 bytes)
%WinDir%\$hf_mig$\KB2485663\ibyqyajqi.aqj (601 bytes)
%WinDir%\$hf_mig$\KB2229593\update\jzbyjayay.araibyq (601 bytes)
%WinDir%\$hf_mig$\KB960859\update\zarrrziii.rrq (601 bytes)
%WinDir%\$hf_mig$\KB2387149\zarrrziii.rrq (601 bytes)
%WinDir%\$hf_mig$\KB2719985\zarrrziii.rrq (601 bytes)
%WinDir%\$hf_mig$\KB2479943\jrrzqyjaa.ari (601 bytes)
%WinDir%\$hf_mig$\KB978542\jrrzqyjaa.ari (601 bytes)
%WinDir%\$hf_mig$\KB956744\update\briazzzar.iby (601 bytes)
%WinDir%\$hf_mig$\KB974392\update\zarrrziii.rrq (601 bytes)
%WinDir%\$hf_mig$\KB2724197\ibyqyajqi.aqj (601 bytes)
%WinDir%\$hf_mig$\KB2757638\yrabrrara.rqq (601 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\yrabrrara.rqq (601 bytes)
%WinDir%\$hf_mig$\KB2779030\yrabrrara.rqq (601 bytes)
C:\totalcmd\jrrzqyjaa.ari (601 bytes)

Registry activity

The process %original file name%.exe:2692 makes changes in the system registry.


The Virus creates and/or sets the following values in system registry:


To automatically run itself each time Windows is booted, the Virus adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"x32x" = "%WinDir%\xwrm.exe"

Network activity (URLs)

No activity has been detected.

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.

Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    jzbyjayay.ara:3812
    jzbyjayay.ara:3368
    %original file name%.exe:2692

  2. Delete the original Virus file.
  3. Delete or disinfect the following files created/modified by the Virus:

    %Documents and Settings%\%current user%\Local Settings\Temp\arrzia.aijr.iqj (110 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\bbyqbj.rajr.iqj (110 bytes)
    %WinDir%\$hf_mig$\KB2631813\zarrrziii.rrq (601 bytes)
    %WinDir%\$hf_mig$\KB951978\jyzbzbyqq.jby (601 bytes)
    %Program Files%\Common Files\Adobe\ARM\1.0\jyzbzbyqq.jby (601 bytes)
    %WinDir%\$hf_mig$\KB973869\update\zarrrziii.rrq (601 bytes)
    %WinDir%\$NtUninstallKB2510581$\spuninst\ibyqyajqi.aqj (1137 bytes)
    %Program Files%\Windows NT\qabijrazy.iya (601 bytes)
    %WinDir%\$hf_mig$\KB982132\briazzzar.iby (601 bytes)
    %WinDir%\$hf_mig$\KB952954\zarrrziii.rrq (601 bytes)
    %WinDir%\$hf_mig$\KB2691442\jyzbzbyqq.jby (601 bytes)
    %Program Files%\Outlook Express\zarrrziii.rrqziii.rrq (601 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\ibyqyajqi.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB979482\ibyqyajqi.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB2506212\update\yrabrrara.rqq (601 bytes)
    %Program Files%\Common Files\Adobe\ARM\1.0\jzbyjayay.ara (601 bytes)
    %WinDir%\$hf_mig$\KB2360937\update\jrrzqyjaa.ariibyq (601 bytes)
    C:\Perl\bin\qabijrazy.iya (601 bytes)
    %WinDir%\$hf_mig$\KB2712808\ibyqyajqi.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB974571\yrabrrara.rqq (601 bytes)
    %WinDir%\$hf_mig$\KB2661637\update\yrabrrara.rqq.ari (601 bytes)
    %WinDir%\$hf_mig$\KB971657\update\zarrrziii.rrq (601 bytes)
    %Program Files%\Windows Media Player\jzbyjayay.ara (601 bytes)
    %WinDir%\$hf_mig$\KB2479943\update\zarrrziii.rrq (601 bytes)
    %Program Files%\NetMeeting\jyzbzbyqq.jbyzarrrziii.rrq (601 bytes)
    %WinDir%\$hf_mig$\KB973904\yrabrrara.rqq (601 bytes)
    %WinDir%\$hf_mig$\KB2618444-IE8\ibyqyajqi.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB950974\ibyqyajqi.aqj (601 bytes)
    %Program Files%\Outlook Express\jrrzqyjaa.ariziii.rrq (601 bytes)
    %WinDir%\$hf_mig$\KB952287\ibyqyajqi.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB2393802\ibyqyajqi.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB950762\update\qabijrazy.iyay.aqj (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\briazzzar.iby (601 bytes)
    %WinDir%\$hf_mig$\KB975025\jzbyjayay.ara (601 bytes)
    %WinDir%\$hf_mig$\KB974318\update\ibyqyajqi.aqj (601 bytes)
    %Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\zarrrziii.rrq (601 bytes)
    %WinDir%\$NtUninstallKB2378111_WM9$\spuninst\zarrrziii.rrq (1137 bytes)
    %Program Files%\Wireshark\yrabrrara.rqq (601 bytes)
    %WinDir%\$NtUninstallKB2479943$\spuninst\qabijrazy.iya (1137 bytes)
    %WinDir%\$hf_mig$\KB2661637\zarrrziii.rrq (601 bytes)
    %WinDir%\$NtUninstallKB2419632$\spuninst\qabijrazy.iya (1137 bytes)
    %Program Files%\Outlook Express\briazzzar.ibyziii.rrq (601 bytes)
    %WinDir%\$hf_mig$\KB951978\SP3QFE\yrabrrara.rqqy.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB972270\yrabrrara.rqq (601 bytes)
    %Program Files%\WinPcap\jrrzqyjaa.ariyqyajqi.aqj.ibyq (601 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\jrrzqyjaa.ari (601 bytes)
    %WinDir%\$hf_mig$\KB2506212\zarrrziii.rrq (601 bytes)
    %WinDir%\$hf_mig$\KB2535512\update\yrabrrara.rqq (601 bytes)
    %WinDir%\$hf_mig$\KB2443105\update\zarrrziii.rrq (601 bytes)
    %WinDir%\$hf_mig$\KB2618451\update\yrabrrara.rqq.ari (601 bytes)
    %WinDir%\$hf_mig$\KB2727528\update\yrabrrara.rqq (601 bytes)
    %WinDir%\$hf_mig$\KB2779030\update\jyzbzbyqq.jby.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB2646524\update\jzbyjayay.ara.ari (601 bytes)
    %WinDir%\$hf_mig$\KB973904\update\jyzbzbyqq.jby (601 bytes)
    %WinDir%\$hf_mig$\KB2749655\jrrzqyjaa.ari (601 bytes)
    %WinDir%\$hf_mig$\KB898461\update\ibyqyajqi.aqjy.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB956802\update\ibyqyajqi.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB959426\yrabrrara.rqq (601 bytes)
    %WinDir%\$hf_mig$\KB2619339\jyzbzbyqq.jby (601 bytes)
    %WinDir%\$hf_mig$\KB923561\SP3QFE\jrrzqyjaa.ariy.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB960859\SP3QFE\qabijrazy.iya (601 bytes)
    %WinDir%\$hf_mig$\KB2387149\update\yrabrrara.rqqibyq (601 bytes)
    %WinDir%\$hf_mig$\KB2598479\jrrzqyjaa.ari (601 bytes)
    %WinDir%\$hf_mig$\KB2619339\update\jzbyjayay.ara.ari (601 bytes)
    %WinDir%\$hf_mig$\KB2799329\jzbyjayay.ara (601 bytes)
    %WinDir%\$hf_mig$\KB979309\update\qabijrazy.iya (601 bytes)
    %WinDir%\$hf_mig$\KB982381-IE8\jrrzqyjaa.ari (601 bytes)
    %WinDir%\$hf_mig$\KB981997\update\jzbyjayay.ara (601 bytes)
    %WinDir%\$hf_mig$\KB2584146\yrabrrara.rqq (601 bytes)
    %WinDir%\$hf_mig$\KB2744842-IE8\SP3QFE\briazzzar.iby (601 bytes)
    %WinDir%\$hf_mig$\KB2423089\update\briazzzar.iby (601 bytes)
    %Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\jrrzqyjaa.ari (601 bytes)
    %WinDir%\$hf_mig$\KB2393802\update\jrrzqyjaa.ari (601 bytes)
    %WinDir%\$hf_mig$\KB2347290\briazzzar.iby (601 bytes)
    %WinDir%\$hf_mig$\KB2393802\SP3QFE\briazzzar.iby (601 bytes)
    %WinDir%\$hf_mig$\KB2419632\zarrrziii.rrq (601 bytes)
    %WinDir%\$hf_mig$\KB2476490\update\briazzzar.iby (601 bytes)
    %WinDir%\$hf_mig$\KB2736233\update\jzbyjayay.ara (601 bytes)
    %WinDir%\$hf_mig$\KB2744842-IE8\qabijrazy.iya (601 bytes)
    %WinDir%\$hf_mig$\KB2115168\zarrrziii.rrq (601 bytes)
    %WinDir%\$hf_mig$\KB956744\jzbyjayay.ara (601 bytes)
    %Program Files%\Common Files\Microsoft Shared\DW\zarrrziii.rrq (601 bytes)
    %WinDir%\$hf_mig$\KB2598845-IE8\update\jyzbzbyqq.jby (601 bytes)
    %WinDir%\$hf_mig$\KB2585542\update\briazzzar.iby (601 bytes)
    %WinDir%\$hf_mig$\KB2758857\update\briazzzar.iby.aqj (601 bytes)
    %Program Files%\Common Files\Microsoft Shared\MSInfo\yrabrrara.rqq (601 bytes)
    %WinDir%\$hf_mig$\KB974392\jrrzqyjaa.ari (601 bytes)
    %WinDir%\$hf_mig$\KB977816\update\briazzzar.iby (601 bytes)
    %WinDir%\$hf_mig$\KB2598479\update\zarrrziii.rrq (601 bytes)
    %WinDir%\$hf_mig$\KB2508429\briazzzar.iby (601 bytes)
    %WinDir%\$hf_mig$\KB2507938\update\jzbyjayay.ara (601 bytes)
    %Program Files%\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A93000000001}\zarrrziii.rrq (601 bytes)
    %WinDir%\$hf_mig$\KB2761465\update\ibyqyajqi.aqj.aqj (601 bytes)
    %WinDir%\$NtUninstallKB2440591$\spuninst\zarrrziii.rrq (1137 bytes)
    %WinDir%\$hf_mig$\KB973507\update\briazzzar.iby (601 bytes)
    %WinDir%\$NtUninstallKB2566454$\spuninst\jyzbzbyqq.jby (1137 bytes)
    %WinDir%\$hf_mig$\KB2620712\update\qabijrazy.iya.ari (601 bytes)
    %WinDir%\$NtUninstallKB2467659$\spuninst\jyzbzbyqq.jby (1137 bytes)
    %Program Files%\Outlook Express\qabijrazy.iyaziii.rrq (601 bytes)
    %WinDir%\$hf_mig$\KB898461\qabijrazy.iya (601 bytes)
    %WinDir%\$hf_mig$\KB2712808\update\jrrzqyjaa.ari (601 bytes)
    %WinDir%\$hf_mig$\KB950762\briazzzar.iby (601 bytes)
    %WinDir%\$NtUninstallKB2506212$\spuninst\jzbyjayay.ara (1137 bytes)
    %WinDir%\$hf_mig$\KB2584146\SP3QFE\zarrrziii.rrq (601 bytes)
    %WinDir%\$hf_mig$\KB2757638\update\jyzbzbyqq.jby.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB2585542\jzbyjayay.ara (601 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\zarrrziii.rrq (601 bytes)
    %WinDir%\$NtUninstallKB2387149$\spuninst\yrabrrara.rqq (1137 bytes)
    D:\jyzbzbyqq.jby (601 bytes)
    %WinDir%\$hf_mig$\KB2510581\update\jrrzqyjaa.ari (601 bytes)
    C:\Perl\bin\ibyqyajqi.aqj (601 bytes)
    %Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\yrabrrara.rqq (601 bytes)
    %WinDir%\$hf_mig$\KB956802\qabijrazy.iya (601 bytes)
    %WinDir%\$hf_mig$\KB978338\update\ibyqyajqi.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB2646524\jyzbzbyqq.jby (601 bytes)
    %Program Files%\Wireshark\ibyqyajqi.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB2440591\qabijrazy.iya (601 bytes)
    %WinDir%\$hf_mig$\KB2507938\jyzbzbyqq.jby (601 bytes)
    %WinDir%\$hf_mig$\KB956572\SP3QFE\ibyqyajqi.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB956844\jrrzqyjaa.ari (601 bytes)
    %WinDir%\$hf_mig$\KB2570947\update\jrrzqyjaa.ari (601 bytes)
    %WinDir%\$hf_mig$\KB2653956\update\qabijrazy.iya.ari (601 bytes)
    %WinDir%\$hf_mig$\KB971029\update\ibyqyajqi.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB2584146\update\jyzbzbyqq.jby (601 bytes)
    %WinDir%\$hf_mig$\KB982665\update\jyzbzbyqq.jby.rrq (601 bytes)
    %WinDir%\$hf_mig$\KB2603381\update\briazzzar.iby.jby (601 bytes)
    %WinDir%\$hf_mig$\KB982132\update\qabijrazy.iya (601 bytes)
    %WinDir%\$hf_mig$\KB2467659\update\jyzbzbyqq.jby (601 bytes)
    %WinDir%\$hf_mig$\KB982381-IE8\SP3QFE\ibyqyajqi.aqj (601 bytes)
    %WinDir%\$NtUninstallKB2485663$\spuninst\jyzbzbyqq.jby (1137 bytes)
    %WinDir%\$hf_mig$\KB2727528\zarrrziii.rrq (601 bytes)
    %WinDir%\$hf_mig$\KB2691442\update\jzbyjayay.ara (601 bytes)
    %Program Files%\Wireshark\qabijrazy.iya (601 bytes)
    %WinDir%\$hf_mig$\KB2631813\update\yrabrrara.rqq.ari (601 bytes)
    %WinDir%\$NtUninstallKB2443105$\spuninst\yrabrrara.rqq (1137 bytes)
    %WinDir%\$hf_mig$\KB2478960\update\ibyqyajqi.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB2481109\jyzbzbyqq.jby (601 bytes)
    %WinDir%\$hf_mig$\KB960803\update\briazzzar.iby (601 bytes)
    %Program Files%\Wireshark\jzbyjayay.ara (601 bytes)
    %Program Files%\Windows NT\Accessories\briazzzar.ibyq (601 bytes)
    %WinDir%\$hf_mig$\KB981997\jyzbzbyqq.jby (601 bytes)
    %WinDir%\$hf_mig$\KB2653956\briazzzar.iby (601 bytes)
    %WinDir%\$hf_mig$\KB969059\update\briazzzar.iby (601 bytes)
    %WinDir%\$NtUninstallKB2483185$\spuninst\yrabrrara.rqq (1137 bytes)
    %Program Files%\MSN Gaming Zone\Windows\jrrzqyjaa.ariy (601 bytes)
    %WinDir%\$hf_mig$\KB2423089\jzbyjayay.ara (601 bytes)
    %WinDir%\$hf_mig$\KB973815\update\ibyqyajqi.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB978706\SP3QFE\yrabrrara.rqq (601 bytes)
    %WinDir%\$hf_mig$\KB2624667\update\jrrzqyjaa.ari.ari (601 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\qabijrazy.iya (601 bytes)
    %WinDir%\$hf_mig$\KB2799329\update\briazzzar.iby.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB923561\update\yrabrrara.rqqy.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB2483185\briazzzar.iby (601 bytes)
    %WinDir%\$hf_mig$\KB974318\qabijrazy.iya (601 bytes)
    %WinDir%\$hf_mig$\KB979482\update\jrrzqyjaa.ari (601 bytes)
    %WinDir%\$hf_mig$\KB982381-IE8\update\zarrrziii.rrq (601 bytes)
    %WinDir%\$hf_mig$\KB2770660\update\zarrrziii.rrq.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB2440591\update\ibyqyajqi.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB2686509\zarrrziii.rrq (601 bytes)
    %WinDir%\$hf_mig$\KB975467\update\ibyqyajqi.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB979309\briazzzar.iby (601 bytes)
    %WinDir%\$hf_mig$\KB2655992\update\jrrzqyjaa.ari.ari (601 bytes)
    %WinDir%\$hf_mig$\KB975025\update\briazzzar.iby (601 bytes)
    %WinDir%\$hf_mig$\KB2423089\SP3QFE\jyzbzbyqq.jby (601 bytes)
    %WinDir%\$hf_mig$\KB2618444-IE8\update\jrrzqyjaa.ari (601 bytes)
    %WinDir%\$hf_mig$\KB2478960\qabijrazy.iya (601 bytes)
    %WinDir%\$hf_mig$\KB975713\update\jyzbzbyqq.jby (601 bytes)
    %WinDir%\$hf_mig$\KB2510581\ibyqyajqi.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB2618451\zarrrziii.rrq (601 bytes)
    %WinDir%\$hf_mig$\KB2360937\ibyqyajqi.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB973869\jrrzqyjaa.ari (601 bytes)
    %WinDir%\$hf_mig$\KB950974\update\jrrzqyjaa.ariy.aqj (601 bytes)
    C:\totalcmd\briazzzar.iby (601 bytes)
    %WinDir%\$hf_mig$\KB977816\jzbyjayay.ara (601 bytes)
    %WinDir%\$hf_mig$\KB2744842-IE8\update\ibyqyajqi.aqj (601 bytes)
    %WinDir%\$NtUninstallKB2508429$\spuninst\qabijrazy.iya (1137 bytes)
    %WinDir%\$hf_mig$\KB2535512\zarrrziii.rrq (601 bytes)
    %WinDir%\$hf_mig$\KB2655992\ibyqyajqi.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB955759\update\jzbyjayay.aray.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB2347290\update\qabijrazy.iyaibyq (601 bytes)
    %WinDir%\$hf_mig$\KB2618444-IE8\SP3QFE\qabijrazy.iya (601 bytes)
    %WinDir%\$hf_mig$\KB2686509\update\yrabrrara.rqq (601 bytes)
    %WinDir%\$hf_mig$\KB974571\update\jyzbzbyqq.jby (601 bytes)
    %WinDir%\$hf_mig$\KB978706\update\jzbyjayay.ara (601 bytes)
    %Program Files%\Wireshark\jyzbzbyqq.jby (601 bytes)
    %WinDir%\$hf_mig$\KB952954\update\yrabrrara.rqqy.aqj (601 bytes)
    %WinDir%\$NtUninstallKB2393802$\spuninst\briazzzar.iby (1137 bytes)
    %WinDir%\$hf_mig$\KB982665\yrabrrara.rqq (601 bytes)
    %WinDir%\$hf_mig$\KB952004\update\qabijrazy.iyay.aqj (601 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\briazzzar.iby (601 bytes)
    %WinDir%\$hf_mig$\KB974112\jzbyjayay.ara (601 bytes)
    %WinDir%\$hf_mig$\KB2724197\update\jrrzqyjaa.ari (601 bytes)
    %WinDir%\$NtUninstallKB2535512$\spuninst\jrrzqyjaa.ari (1137 bytes)
    %WinDir%\$hf_mig$\KB2676562\ibyqyajqi.aqj (601 bytes)
    %Program Files%\Common Files\Adobe\ARM\1.0\briazzzar.iby (601 bytes)
    %WinDir%\$hf_mig$\KB981322\zarrrziii.rrq (601 bytes)
    %WinDir%\$NtUninstallKB2478960$\spuninst\briazzzar.iby (1137 bytes)
    %WinDir%\$hf_mig$\KB2481109\update\jzbyjayay.ara (601 bytes)
    %WinDir%\$hf_mig$\KB2467659\yrabrrara.rqq (601 bytes)
    %Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\ibyqyajqi.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB2620712\briazzzar.iby (601 bytes)
    %WinDir%\xwrm.exe (536 bytes)
    %WinDir%\$hf_mig$\KB2115168\update\yrabrrara.rqqibyq (601 bytes)
    %WinDir%\$hf_mig$\KB952287\update\jrrzqyjaa.ariy.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB975560\jrrzqyjaa.ari (601 bytes)
    %WinDir%\$hf_mig$\KB2592799\update\ibyqyajqi.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB981322\update\yrabrrara.rqq (601 bytes)
    C:\totalcmd\jzbyjayay.ara (601 bytes)
    %WinDir%\$hf_mig$\KB2770660\jrrzqyjaa.ari (601 bytes)
    %WinDir%\$hf_mig$\KB952004\briazzzar.iby (601 bytes)
    %WinDir%\$hf_mig$\KB2566454\briazzzar.iby (601 bytes)
    %WinDir%\$hf_mig$\KB972270\update\jyzbzbyqq.jby (601 bytes)
    %Program Files%\MSN Gaming Zone\Windows\ibyqyajqi.aqjy (601 bytes)
    %WinDir%\$hf_mig$\KB956572\SP3QFE\briazzzar.iby (601 bytes)
    %WinDir%\$hf_mig$\KB975560\update\zarrrziii.rrq (601 bytes)
    %WinDir%\$hf_mig$\KB2570947\ibyqyajqi.aqj (601 bytes)
    %Program Files%\Common Files\Adobe\Updater6\ibyqyajqi.aqj (601 bytes)
    %WinDir%\$NtUninstallKB2423089$\spuninst\ibyqyajqi.aqj (1137 bytes)
    %WinDir%\$hf_mig$\KB2481109\SP3QFE\yrabrrara.rqq (601 bytes)
    %WinDir%\$hf_mig$\KB2736233\jyzbzbyqq.jby (601 bytes)
    %WinDir%\$hf_mig$\KB2598845-IE8\yrabrrara.rqq (601 bytes)
    %WinDir%\$hf_mig$\KB2443105\jrrzqyjaa.ari (601 bytes)
    %WinDir%\$hf_mig$\KB968389\update\jyzbzbyqq.jby (601 bytes)
    %WinDir%\$hf_mig$\KB2419632\update\yrabrrara.rqq (601 bytes)
    %WinDir%\$hf_mig$\KB971657\jrrzqyjaa.ari (601 bytes)
    %WinDir%\$hf_mig$\KB2698365\briazzzar.iby (601 bytes)
    %WinDir%\$NtUninstallKB2476490$\spuninst\jzbyjayay.ara (1137 bytes)
    %WinDir%\$hf_mig$\KB2592799\qabijrazy.iya (601 bytes)
    %WinDir%\$hf_mig$\KB2761465\qabijrazy.iya (601 bytes)
    %Program Files%\Windows Media Player\jyzbzbyqq.jby (601 bytes)
    %WinDir%\$hf_mig$\KB923561\zarrrziii.rrq (601 bytes)
    %WinDir%\$hf_mig$\KB971029\qabijrazy.iya (601 bytes)
    %WinDir%\$hf_mig$\KB2603381\jzbyjayay.ara (601 bytes)
    %WinDir%\$NtUninstallKB2544521$\spuninst\zarrrziii.rrq (1137 bytes)
    %WinDir%\$hf_mig$\KB2544521\jyzbzbyqq.jby (601 bytes)
    %WinDir%\$NtUninstallKB2570947$\spuninst\jzbyjayay.ara (1137 bytes)
    %Program Files%\Common Files\Microsoft Shared\DW\jrrzqyjaa.ari (601 bytes)
    %WinDir%\$hf_mig$\KB959426\update\jyzbzbyqq.jby (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\qabijrazy.iyazzar.iby (601 bytes)
    %WinDir%\$hf_mig$\KB978542\update\zarrrziii.rrq (601 bytes)
    %WinDir%\$hf_mig$\KB955759\jyzbzbyqq.jby (601 bytes)
    %Program Files%\Windows Media Player\yrabrrara.rqqrrq (601 bytes)
    %WinDir%\$hf_mig$\KB960803\jzbyjayay.ara (601 bytes)
    %WinDir%\$hf_mig$\KB978338\qabijrazy.iya (601 bytes)
    %WinDir%\$hf_mig$\KB2476490\jzbyjayay.ara (601 bytes)
    %WinDir%\$hf_mig$\KB969059\jzbyjayay.ara (601 bytes)
    %WinDir%\$hf_mig$\KB978706\jyzbzbyqq.jby (601 bytes)
    %Program Files%\Wireshark\briazzzar.iby (601 bytes)
    %WinDir%\$hf_mig$\KB973507\jzbyjayay.ara (601 bytes)
    %WinDir%\$hf_mig$\KB974112\update\briazzzar.iby (601 bytes)
    %WinDir%\$hf_mig$\KB2698365\update\qabijrazy.iya (601 bytes)
    %WinDir%\$hf_mig$\KB951978\update\jzbyjayay.aray.aqj (601 bytes)
    %WinDir%\$NtUninstallKB2481109$\spuninst\zarrrziii.rrq (1137 bytes)
    %WinDir%\$hf_mig$\KB956572\yrabrrara.rqq (601 bytes)
    %WinDir%\$NtUninstallKB2564958$\spuninst\yrabrrara.rqq (1137 bytes)
    %WinDir%\$hf_mig$\KB2508429\update\qabijrazy.iya (601 bytes)
    %WinDir%\$hf_mig$\KB975713\yrabrrara.rqq (601 bytes)
    %WinDir%\$NtUninstallKB2507938$\spuninst\briazzzar.iby (1137 bytes)
    %WinDir%\$hf_mig$\KB2229593\jyzbzbyqq.jby (601 bytes)
    %WinDir%\$hf_mig$\KB960859\jrrzqyjaa.ari (601 bytes)
    %Program Files%\MSN Gaming Zone\Windows\zarrrziii.rrq (601 bytes)
    %WinDir%\$hf_mig$\KB956572\update\jyzbzbyqq.jby (601 bytes)
    %WinDir%\$hf_mig$\KB960859\SP3QFE\ibyqyajqi.aqj (601 bytes)
    %Program Files%\Windows NT\Pinball\ibyqyajqi.aqj.ibyq (601 bytes)
    %Program Files%\NetMeeting\jzbyjayay.arazarrrziii.rrq (601 bytes)
    %WinDir%\$hf_mig$\KB946648\update\jzbyjayay.aray.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB2624667\ibyqyajqi.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB2566454\update\qabijrazy.iya (601 bytes)
    %WinDir%\$hf_mig$\KB946648\jyzbzbyqq.jby (601 bytes)
    %WinDir%\$hf_mig$\KB968389\yrabrrara.rqq (601 bytes)
    %Program Files%\NetMeeting\yrabrrara.rqqzarrrziii.rrq (601 bytes)
    %WinDir%\$hf_mig$\KB2719985\update\yrabrrara.rqq (601 bytes)
    %WinDir%\$hf_mig$\KB956844\update\zarrrziii.rrq (601 bytes)
    %WinDir%\$hf_mig$\KB2544521\update\jzbyjayay.ara (601 bytes)
    %Program Files%\MSN Gaming Zone\Windows\qabijrazy.iyay (601 bytes)
    %WinDir%\$hf_mig$\KB973815\qabijrazy.iya (601 bytes)
    %WinDir%\$hf_mig$\KB2749655\update\zarrrziii.rrq.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB2758857\jzbyjayay.ara (601 bytes)
    %WinDir%\$hf_mig$\KB2485663\update\jrrzqyjaa.ari (601 bytes)
    %WinDir%\$hf_mig$\KB2483185\update\qabijrazy.iya (601 bytes)
    %WinDir%\$hf_mig$\KB975467\qabijrazy.iya (601 bytes)
    C:\Perl\bin\briazzzar.iby (601 bytes)
    %WinDir%\$hf_mig$\KB2676562\update\jrrzqyjaa.ari (601 bytes)
    %WinDir%\$hf_mig$\KB2485663\ibyqyajqi.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB2229593\update\jzbyjayay.araibyq (601 bytes)
    %WinDir%\$hf_mig$\KB960859\update\zarrrziii.rrq (601 bytes)
    %WinDir%\$hf_mig$\KB2387149\zarrrziii.rrq (601 bytes)
    %WinDir%\$hf_mig$\KB2719985\zarrrziii.rrq (601 bytes)
    %WinDir%\$hf_mig$\KB2479943\jrrzqyjaa.ari (601 bytes)
    %WinDir%\$hf_mig$\KB978542\jrrzqyjaa.ari (601 bytes)
    %WinDir%\$hf_mig$\KB956744\update\briazzzar.iby (601 bytes)
    %WinDir%\$hf_mig$\KB974392\update\zarrrziii.rrq (601 bytes)
    %WinDir%\$hf_mig$\KB2724197\ibyqyajqi.aqj (601 bytes)
    %WinDir%\$hf_mig$\KB2757638\yrabrrara.rqq (601 bytes)
    %Program Files%\Common Files\Adobe\ARM\1.0\yrabrrara.rqq (601 bytes)
    %WinDir%\$hf_mig$\KB2779030\yrabrrara.rqq (601 bytes)
    C:\totalcmd\jrrzqyjaa.ari (601 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "x32x" = "%WinDir%\xwrm.exe"

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

Network Activity

Map

Strings from Dumps