Trojan.Win32.Patched.md (Kaspersky), Virus.Win32.Ramnit.a!dam (v) (VIPRE), Virus.Win32.Zbot!IK (Emsisoft), Trojan.Win32.IEDummy.FD, GenericInjector.YR, BackdoorCaphaw_QKKBAL.YR (Lavasoft MAS)Behaviour: Trojan, Backdoor, Virus
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 27b9d7b0370d2c2579d486fda9d10a72
SHA1: b709875f9d8e6cb8e360a1480cb3a378ad3d9c14
SHA256: 075dac8fdabea244d194bea4f20909236968c175f1a05c19eb7bfcf9c2398827
SSDeep: 6144:Ar82LJOUN5ME7sWpv/BECVmKKYw0lWa/i/qeDVvM:Ar82NNnMADpBNAKXwcD7eDq
Size: 283012 bytes
File type: PE32
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2010-11-30 03:27:34
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
27b9d7b0370d2c2579d486fda9d10a72mgr.exe:604
ckxqffnw.exe:220
27b9d7b0370d2c2579d486fda9d10a72.exe:444
The Trojan injects its code into the following process(es):
iexplore.exe:1552
iexplore.exe:1776
iexplore.exe:424
iexplore.exe:1636
File activity
The process 27b9d7b0370d2c2579d486fda9d10a72mgr.exe:604 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\~TM2.tmp (7385 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~TM1.tmp (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ckxqffnw.exe (41 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\~TM2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~TM1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ckxqffnw.exe (0 bytes)
The process ckxqffnw.exe:220 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings% (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rqbdgaea.sys (14 bytes)
%System%\wbem\Logs\wmiprov.log (4 bytes)
%System%\wbem\Logs\wbemcore.log (344 bytes)
%WinDir%\WinSxS (96 bytes)
\Device\Harddisk0\DR0 (216675 bytes)
%WinDir%\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775 (4 bytes)
%Documents and Settings%\All Users (4 bytes)
%Documents and Settings%\%current user% (4 bytes)
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\test.pml (3361 bytes)
C:\$Directory (2008 bytes)
%WinDir%\Temp\Perflib_Perfdata_7ac.dat (4 bytes)
%Documents and Settings%\%current user%\Local Settings (4 bytes)
%System%\wbem (1152 bytes)
%WinDir%\AppPatch (4 bytes)
%System% (11168 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\rqbdgaea.sys (0 bytes)
The process 27b9d7b0370d2c2579d486fda9d10a72.exe:444 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
C:\27b9d7b0370d2c2579d486fda9d10a72mgr.exe (179 bytes)
The process iexplore.exe:1776 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%Program Files%\cyljsdca\kfdvddln.exe (673 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Startup\kfdvddln.exe (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~TM4.tmp (1513871 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\lgdnecqm.log (96 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\~TM4.tmp (0 bytes)
%Program Files%\cyljsdca\px3.tmp (0 bytes)
The process iexplore.exe:1636 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
C:\Perl\html\lib\B.html (4529 bytes)
C:\Perl\html\bin\ptardiff.html (4430 bytes)
C:\Perl\html\bin\ap-user-guide.html (4093 bytes)
C:\Perl\html\lib\DB.html (5597 bytes)
C:\Perl\html\lib\CPANPLUS\Internals\Report.html (5447 bytes)
C:\Perl\html\lib\ActiveState\OSType.html (4430 bytes)
C:\Perl\html\blank.html (4154 bytes)
C:\Perl\html\lib\B\Concise.html (4437 bytes)
C:\Perl\html\lib\Class\MOP\Method\Wrapped.html (2898 bytes)
C:\Perl\eg\PerlEx\bm.htm (3954 bytes)
C:\Perl\html\lib\arybase.html (4445 bytes)
C:\Perl\html\lib\CGI\Pretty.html (3497 bytes)
C:\Perl\html\lib\ActiveState\Browser.html (3657 bytes)
C:\Perl\html\lib\AutoSplit.html (4287 bytes)
C:\Perl\eg\PerlEx\benchmarks.htm (3588 bytes)
C:\Perl\html\lib\DBD\Gofer\Policy\Base.html (3552 bytes)
C:\Perl\html\faq\Windows\ActivePerl-Winfaq4.html (5034 bytes)
C:\Perl\html\lib\Class\Accessor\Fast.html (4077 bytes)
C:\Perl\html\lib\ActiveState\CPAN.html (4792 bytes)
C:\Perl\html\lib\CPANPLUS\Internals\Fetch.html (4088 bytes)
C:\Perl\eg\PerlEx\benchtop.htm (2775 bytes)
C:\Perl\html\lib\ActivePerl\PPM\Client.html (4567 bytes)
C:\Perl\html\lib\Compress\Raw\Bzip2.html (3761 bytes)
C:\Perl\html\lib\ActiveState\Config\INI.html (3884 bytes)
C:\Perl\html\lib\Data\Dump\Trace.html (4453 bytes)
C:\Perl\html\lib\Class\Load\XS.html (4943 bytes)
C:\Perl\html\install.html (5390 bytes)
C:\Perl\html\bin\podchecker.html (4454 bytes)
C:\Perl\html\lib\Compress\Zlib.html (3307 bytes)
C:\Perl\html\lib\CGI\Push.html (5693 bytes)
C:\Perl\html\bin\xsubpp.html (3620 bytes)
C:\Perl\html\lib\CGI\Switch.html (3247 bytes)
C:\Perl\html\lib\Date\Calc\Object.html (3697 bytes)
C:\Perl\html\lib\AutoLoader.html (5435 bytes)
C:\Perl\html\lib\CPANPLUS\Module.html (5021 bytes)
C:\Perl\html\lib\CPANPLUS\Shell\Default.html (3143 bytes)
C:\Perl\html\lib\CPANPLUS\Selfupdate.html (5459 bytes)
C:\Perl\html\lib\Class\MOP\Attribute.html (5032 bytes)
C:\Perl\html\lib\CPANPLUS\Internals\Source.html (5489 bytes)
C:\Perl\html\lib\CPANPLUS\Dist\MM.html (4418 bytes)
C:\Perl\html\lib\ActiveState\Run.html (4951 bytes)
C:\Perl\html\lib\Archive\Extract.html (3067 bytes)
C:\Perl\html\bin\nytprofcg.html (3941 bytes)
C:\Perl\html\bin\pod2usage.html (3785 bytes)
C:\Perl\html\bin\corelist.html (3548 bytes)
C:\Perl\html\lib\CPAN\Meta\Prereqs.html (4899 bytes)
C:\Perl\html\bin\ap-iis-config.html (3786 bytes)
C:\Perl\html\lib\bigint.html (3269 bytes)
C:\Perl\eg\PerlEx\blank.htm (5503 bytes)
C:\Perl\html\lib\CGI\Apache.html (3518 bytes)
C:\Perl\html\bin\zipdetails.html (2803 bytes)
C:\Perl\html\faq\ActivePerl-faq1.html (5189 bytes)
C:\Perl\html\lib\CPAN\Meta\YAML.html (3615 bytes)
C:\Perl\html\lib\DBD\Gofer\Policy\rush.html (3035 bytes)
C:\Perl\html\lib\CPANPLUS\Internals\Utils.html (4314 bytes)
C:\Perl\html\lib\base.html (3380 bytes)
C:\Perl\html\lib\Class\MOP\Method\Meta.html (4217 bytes)
C:\Perl\html\lib\B\Xref.html (4698 bytes)
C:\Perl\html\lib\Class\Load.html (4774 bytes)
C:\Perl\html\bin\psed.html (4681 bytes)
C:\Perl\html\bin\perlglob.html (5250 bytes)
C:\Perl\html\lib\CPANPLUS\Module\Fake.html (3782 bytes)
C:\Perl\html\lib\blib.html (3602 bytes)
C:\Perl\html\lib\ActiveState\Version.html (4242 bytes)
C:\Perl\html\lib\ActivePerl\PPM\RepoPackage.html (3421 bytes)
C:\Perl\html\bin\pl2bat.html (5631 bytes)
C:\Perl\html\lib\Algorithm\DiffOld.html (3698 bytes)
C:\Perl\html\lib\Class\MOP\Method\Constructor.html (5469 bytes)
C:\Perl\html\lib\CPANPLUS\Internals\Search.html (4187 bytes)
C:\Perl\html\lib\CPAN\API\HOWTO.html (4643 bytes)
C:\Perl\eg\IEExamples\plhello.htm (4936 bytes)
C:\Perl\html\lib\Data\Dumper.html (4677 bytes)
C:\Perl\html\lib\B\Showlex.html (4169 bytes)
C:\Perl\html\lib\CPANPLUS\Shell\Default\Plugins\Remote.html (2836 bytes)
C:\Perl\html\lib\Carp.html (5504 bytes)
C:\Perl\html\lib\CPANPLUS\Shell\Default\Plugins\HOWTO.html (3660 bytes)
C:\Perl\html\bin\pwhich.html (4396 bytes)
C:\Perl\html\lib\Bundle\DBD\Pg.html (4138 bytes)
C:\Perl\html\lib\DBD\Oracle\Object.html (4081 bytes)
C:\Perl\html\lib\CPAN.html (3416 bytes)
C:\Perl\html\lib\DBD\File\Developers.html (4983 bytes)
C:\Perl\html\lib\App\Prove\State.html (4548 bytes)
C:\Perl\html\bin\instmodsh.html (2783 bytes)
C:\Perl\html\lib\CPAN\Distroprefs.html (4911 bytes)
C:\Perl\html\lib\CPAN\Meta.html (3273 bytes)
C:\Perl\html\lib\CPANPLUS\Dist\Build\Constants.html (3984 bytes)
C:\Perl\html\lib\DBD\Gofer\Transport\null.html (2929 bytes)
C:\Perl\html\lib\CPANPLUS\Backend.html (4000 bytes)
C:\Perl\html\lib\CGI\Carp.html (4113 bytes)
C:\Perl\html\lib\ActiveState\Indenter.html (4466 bytes)
C:\Perl\html\bin\enc2xs.html (4531 bytes)
C:\Perl\html\lib\Class\MOP\MiniTrait.html (4467 bytes)
C:\Perl\html\lib\Archive\Zip.html (2773 bytes)
C:\Perl\html\lib\B\Debug.html (4123 bytes)
C:\Perl\html\lib\CPANPLUS\Shell.html (5070 bytes)
C:\Perl\html\lib\CPAN\Kwalify.html (3968 bytes)
C:\Perl\html\lib\CPAN\Debug.html (3234 bytes)
C:\Perl\html\lib\ActivePerl\DocTools\Pod.html (4991 bytes)
C:\Perl\html\lib\bignum.html (4855 bytes)
C:\Perl\html\Components\Descriptions.html (4449 bytes)
C:\Perl\html\lib\Data\Dump\Filtered.html (4867 bytes)
C:\Perl\html\lib\Benchmark.html (2568 bytes)
C:\Perl\html\lib\ActivePerl\PPM\Profile.html (3339 bytes)
C:\Perl\html\bin\h2xs.html (4651 bytes)
C:\Perl\html\bin\lwp-download.html (3719 bytes)
C:\Perl\html\lib\Archive\Tar.html (6165 bytes)
C:\Perl\html\bin\cpan2dist.html (3497 bytes)
C:\Perl\html\lib\Class\C3\next.html (3780 bytes)
C:\Perl\html\lib\DBD\ODBC\TO_DO.html (2399 bytes)
C:\Perl\html\lib\CPANPLUS\Dist\Autobundle.html (4065 bytes)
C:\Perl\html\activeperl.html (4402 bytes)
%Documents and Settings%\%current user%\Application Data\Sun\Java\jre1.6.0_18\lzma.dll (2334 bytes)
C:\Perl\html\bin\h2ph.html (4677 bytes)
C:\Perl\html\bin\nytprofmerge.html (5049 bytes)
C:\Perl\html\lib\CPAN\Tarzip.html (3176 bytes)
C:\Perl\html\lib\CPAN\Meta\Feature.html (4253 bytes)
C:\Perl\html\bin\pod2latex.html (4296 bytes)
C:\Perl\html\lib\B\Lint.html (4788 bytes)
C:\Perl\html\lib\ActivePerl\PPM\PPD.html (4664 bytes)
C:\Perl\html\lib\DBD\ODBC\Changes.html (2564 bytes)
C:\Perl\html\bin\perlcritic-gui.html (3453 bytes)
C:\Perl\html\bin\lwp-mirror.html (3847 bytes)
C:\Perl\html\lib\DBD\Gofer.html (4483 bytes)
C:\Perl\html\bin\tkx-ed.html (3634 bytes)
C:\Perl\html\lib\Class\MOP.html (4123 bytes)
C:\Perl\html\lib\Archive\Zip\FAQ.html (2461 bytes)
C:\Perl\html\bin\podselect.html (3835 bytes)
C:\Perl\eg\IEExamples\index.htm (4275 bytes)
C:\Perl\html\lib\ActiveState\StopWatch.html (3636 bytes)
C:\Perl\html\lib\ActivePerl\PPM\Package.html (4856 bytes)
C:\Perl\html\lib\CPANPLUS\Backend\RV.html (4688 bytes)
C:\Perl\html\lib\CPAN\HandleConfig.html (3983 bytes)
C:\Perl\html\lib\DBD\Gofer\Transport\pipeone.html (4254 bytes)
C:\Perl\html\lib\CPAN\Meta\Validator.html (2597 bytes)
C:\Perl\html\Components\Windows\PerlScript.html (4683 bytes)
C:\Perl\html\lib\CPANPLUS\Dist\Build.html (3053 bytes)
C:\Perl\html\lib\DBD\File.html (4821 bytes)
C:\Perl\html\faq\Windows\ActivePerl-Winfaq8.html (5695 bytes)
C:\Perl\html\lib\DBD\Oracle\GetInfo.html (4069 bytes)
C:\Perl\html\lib\CPAN\FirstTime.html (3211 bytes)
C:\Perl\html\lib\Class\C3.html (4588 bytes)
C:\Perl\html\lib\CPANPLUS\FAQ.html (3594 bytes)
C:\Perl\html\faq\Windows\ActivePerl-Winfaq7.html (4719 bytes)
C:\Perl\html\bin\mech-dump.html (3411 bytes)
C:\Perl\html\bin\pstruct.html (4924 bytes)
C:\Perl\html\bin\json_pp.html (4071 bytes)
C:\Perl\html\lib\CPANPLUS\Module\Checksums.html (2829 bytes)
C:\Perl\html\lib\CPAN\Queue.html (3332 bytes)
C:\Perl\html\Components\Windows\PerlISAPI.html (3706 bytes)
C:\Perl\html\lib\CPAN\Meta\Spec.html (4490 bytes)
C:\Perl\html\bin\dbiproxy.html (5723 bytes)
C:\Perl\html\bin\pl2pm.html (4309 bytes)
C:\Perl\html\lib\Class\MOP\Mixin\HasAttributes.html (3953 bytes)
C:\Perl\html\lib\Class\MOP\Module.html (4591 bytes)
C:\Perl\html\bin\s2p.html (4503 bytes)
C:\Perl\html\lib\DBD\CSV.html (4472 bytes)
C:\Perl\html\lib\autodie\hints.html (4642 bytes)
C:\Perl\html\lib\Algorithm\Diff.html (3010 bytes)
C:\Perl\html\lib\DBD\DBM.html (4062 bytes)
C:\Perl\html\bin\perlthanks.html (5217 bytes)
C:\Perl\html\lib\ActivePerl.html (4576 bytes)
C:\Perl\html\lib\autodie\exception.html (5175 bytes)
C:\Perl\html\bin\ptar.html (2232 bytes)
C:\Perl\html\bin\nytprofhtml.html (5431 bytes)
C:\Perl\html\lib\CPANPLUS\Configure.html (4505 bytes)
C:\Perl\html\lib\Class\MOP\Mixin.html (4278 bytes)
C:\Perl\html\lib\Class\MOP\Class\Immutable\Trait.html (3288 bytes)
C:\Perl\html\lib\ActiveState\Table.html (4856 bytes)
C:\Perl\html\lib\ActiveState\Duration.html (3958 bytes)
C:\Perl\html\lib\ActiveState\DateTime.html (4145 bytes)
C:\Perl\html\lib\Bundle\DBI.html (2573 bytes)
C:\Perl\html\lib\ActiveState\PerlCritic\UserProfile.html (4119 bytes)
C:\Perl\html\lib\CGI\Fast.html (3527 bytes)
C:\Perl\html\lib\DBD\ODBC.html (5111 bytes)
C:\Perl\html\lib\CPANPLUS\Dist.html (4853 bytes)
C:\Perl\html\lib\CPANPLUS\Shell\Default\Plugins\CustomSource.html (3922 bytes)
C:\Perl\html\lib\B\Terse.html (4344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ckxqffnw.exe (2776 bytes)
C:\Perl\html\lib\Bit\Vector\Overload.html (3972 bytes)
C:\Perl\html\lib\ActiveState\DiskUsage.html (4591 bytes)
C:\Perl\html\lib\DBD\File\HowTo.html (5219 bytes)
C:\Perl\html\lib\CPAN\Mirrors.html (4914 bytes)
C:\Perl\bin\PerlMsg.dll (2761 bytes)
C:\Perl\html\lib\ActivePerl\PPM\InstallArea.html (4682 bytes)
C:\Perl\html\bin\libnetcfg.html (4251 bytes)
C:\Perl\html\bin\ppm.html (2453 bytes)
C:\Perl\html\lib\CGI\Cookie.html (2540 bytes)
C:\Perl\html\lib\Class\MOP\Object.html (3882 bytes)
C:\Perl\html\lib\CPAN\Version.html (3812 bytes)
C:\Perl\html\lib\ActiveState\Scineplex.html (5045 bytes)
C:\Perl\html\lib\DBD\Gofer\Transport\stream.html (3460 bytes)
C:\Perl\html\lib\ActiveState\Bytes.html (2279 bytes)
C:\Perl\html\faq\Windows\ActivePerl-Winfaq10.html (5018 bytes)
C:\Perl\html\lib\Class\MOP\Method\Inlined.html (2999 bytes)
C:\Perl\html\lib\CGI.html (3499 bytes)
C:\Perl\html\lib\constant.html (3713 bytes)
C:\Perl\html\lib\CORE.html (4337 bytes)
C:\Perl\html\lib\Class\Accessor.html (5297 bytes)
C:\Perl\html\bin\dbilogstrip.html (3415 bytes)
C:\Perl\html\bin\lwp-request.html (3199 bytes)
C:\Perl\html\faq\ActivePerl-faq.html (3164 bytes)
C:\Perl\html\lib\CPANPLUS\Shell\Classic.html (2587 bytes)
C:\Perl\html\lib\autodie\exception\system.html (2944 bytes)
C:\Perl\html\lib\autouse.html (5159 bytes)
C:\Perl\html\bin\splain.html (6861 bytes)
C:\Perl\html\lib\Date\Calendar\Year.html (4202 bytes)
C:\Perl\html\bin\pod2html.html (2964 bytes)
C:\Perl\html\lib\CPANPLUS\Error.html (5474 bytes)
C:\Perl\html\lib\Class\MOP\Mixin\AttributeCore.html (4435 bytes)
C:\Perl\html\bin\prove.html (5576 bytes)
C:\Perl\html\bin\nytprofcsv.html (5047 bytes)
C:\Perl\html\faq\Windows\ActivePerl-Winfaq9.html (3983 bytes)
C:\Perl\html\lib\Class\Accessor\Faster.html (3186 bytes)
C:\Perl\html\bin\find2perl.html (5647 bytes)
C:\Perl\html\lib\CPAN\Meta\History.html (3740 bytes)
C:\Perl\html\lib\Archive\Tar\File.html (5184 bytes)
C:\Perl\html\lib\App\Prove.html (4912 bytes)
C:\Perl\html\Copyright.html (4284 bytes)
C:\Perl\html\bin\cpan.html (4327 bytes)
C:\Perl\eg\aspSamples\index.htm (4773 bytes)
C:\Perl\html\lib\Data\OptList.html (4058 bytes)
C:\Perl\eg\IEExamples\plmouse.htm (3445 bytes)
C:\Perl\html\lib\Class\MOP\Method\Overload.html (3898 bytes)
C:\Perl\html\lib\DBD\Gofer\Transport\corostream.html (3079 bytes)
C:\Perl\html\lib\Config\Extensions.html (4592 bytes)
C:\Perl\html\lib\ActiveState\Path.html (4578 bytes)
C:\Perl\html\bin\cpanp.html (4731 bytes)
C:\Perl\html\lib\CPANPLUS\Hacking.html (3338 bytes)
C:\Perl\html\lib\Config\Tiny.html (4763 bytes)
C:\Perl\html\lib\Class\MOP\Instance.html (4394 bytes)
C:\Perl\html\lib\Class\Struct.html (5576 bytes)
C:\Perl\html\lib\Attribute\Handlers.html (5063 bytes)
C:\Perl\html\lib\ActivePerl\Config.html (3929 bytes)
C:\Perl\html\lib\ActiveState\Win32\Shell.html (4292 bytes)
C:\Perl\html\bin\perlbug.html (5233 bytes)
C:\Perl\html\lib\App\Prove\State\Result.html (4024 bytes)
C:\Perl\html\lib\ActiveState\RelocateTree.html (4356 bytes)
C:\Perl\html\bin\shasum.html (4090 bytes)
C:\Perl\html\bin\config_data.html (4366 bytes)
C:\Perl\html\bin\piconv.html (3803 bytes)
C:\Perl\html\faq\ActivePerl-faq3.html (3405 bytes)
C:\Perl\html\faq\Windows\ActivePerl-Winfaq12.html (2245 bytes)
C:\Perl\html\lib\Class\MOP\Method.html (5088 bytes)
C:\Perl\html\lib\Compress\Raw\Zlib.html (4041 bytes)
C:\Perl\html\lib\Bit\Vector.html (5783 bytes)
C:\Perl\html\lib\Data\Dump.html (4582 bytes)
C:\Perl\html\lib\DBD\ODBC\FAQ.html (3998 bytes)
C:\Perl\html\lib\CPANPLUS\Shell\Default\Plugins\Source.html (4840 bytes)
C:\Perl\html\lib\Carp\Clan.html (4203 bytes)
C:\Perl\html\lib\Bit\Vector\String.html (5805 bytes)
C:\Perl\html\faq\Windows\ActivePerl-Winfaq6.html (5051 bytes)
C:\Perl\html\lib\App\Prove\State\Result\Test.html (4919 bytes)
C:\Perl\html\bin\dbiprof.html (4746 bytes)
C:\Perl\html\lib\Date\Calendar.html (4775 bytes)
C:\Perl\html\bin\runperl.html (3505 bytes)
C:\Perl\html\lib\Cwd.html (4655 bytes)
C:\Perl\html\lib\Class\MOP\Package.html (4620 bytes)
C:\Perl\html\lib\ActiveState\ModInfo.html (3711 bytes)
C:\Perl\html\Components\Windows\PerlEz.html (5890 bytes)
C:\Perl\eg\IEExamples\plwelcome.htm (4551 bytes)
C:\Perl\html\lib\Class\MOP\Deprecated.html (4001 bytes)
C:\Perl\html\lib\Bundle\DBD\CSV.html (4176 bytes)
C:\Perl\html\lib\CPANPLUS\Config\HomeEnv.html (4191 bytes)
C:\Perl\html\lib\bytes.html (4376 bytes)
C:\Perl\html\lib\Class\MOP\Method\Accessor.html (3748 bytes)
C:\Perl\html\bin\reloc_perl.html (4375 bytes)
C:\Perl\html\lib\B\Keywords.html (4574 bytes)
C:\Perl\html\lib\Date\Calc.html (5029 bytes)
C:\Perl\html\lib\CPAN\Meta\Converter.html (3778 bytes)
C:\Perl\html\bin\exetype.html (2185 bytes)
C:\Perl\html\lib\autodie.html (4784 bytes)
C:\Perl\html\lib\ActiveState\Tkx\TextSyntaxTags.html (4257 bytes)
C:\Perl\html\lib\Date\Calc\PP.html (3729 bytes)
C:\Perl\html\lib\ActiveState\Color.html (3302 bytes)
C:\Perl\eg\PerlEx\benchmain.htm (3658 bytes)
C:\Perl\html\faq\Windows\ActivePerl-Winfaq5.html (4918 bytes)
C:\Perl\html\lib\Archive\Zip\Tree.html (5275 bytes)
C:\Perl\html\lib\CPANPLUS\Internals\Extract.html (3257 bytes)
C:\Perl\html\lib\B\Deparse.html (4672 bytes)
C:\Perl\html\lib\DBD\Gofer\Transport\Base.html (4019 bytes)
C:\Perl\html\lib\CPANPLUS\Internals.html (4426 bytes)
C:\Perl\html\lib\Class\MOP\Mixin\HasMethods.html (3770 bytes)
C:\Perl\html\lib\CPANPLUS\Internals\Source\SQLite.html (3362 bytes)
C:\Perl\html\lib\CGI\Util.html (3629 bytes)
C:\Perl\html\lib\attributes.html (2864 bytes)
C:\Perl\html\lib\CPANPLUS\Internals\Source\Memory.html (4426 bytes)
C:\Perl\html\lib\Class\MOP\Class.html (5785 bytes)
C:\Perl\html\bin\lwp-dump.html (3909 bytes)
C:\Perl\html\lib\charnames.html (4810 bytes)
C:\Perl\html\bin\c2ph.html (4668 bytes)
C:\Perl\html\lib\Class\MOP\Method\Generated.html (3610 bytes)
C:\Perl\html\bin\ptargrep.html (2269 bytes)
C:\Perl\html\lib\Config.html (2186 bytes)
C:\Perl\html\lib\CPANPLUS\Config.html (5436 bytes)
C:\Perl\html\lib\DBD\Gofer\Policy\pedantic.html (4265 bytes)
C:\Perl\html\lib\ActivePerl\PPM\Arch.html (3468 bytes)
C:\Perl\html\bin\ap-update-html.html (4426 bytes)
C:\Perl\html\bin\pod2text.html (3904 bytes)
C:\Perl\html\lib\Class\Data\Inheritable.html (4525 bytes)
C:\Perl\html\bin\perlivp.html (5469 bytes)
C:\Perl\html\lib\CPANPLUS\Module\Author.html (4327 bytes)
C:\Perl\html\lib\App\Cpan.html (6383 bytes)
C:\Perl\html\lib\CPANPLUS\Dist\Sample.html (3840 bytes)
C:\Perl\html\index.html (2913 bytes)
C:\Perl\html\lib\Date\Calendar\Profiles.html (5217 bytes)
C:\Perl\html\lib\ActiveState\Prompt.html (3706 bytes)
C:\Perl\html\lib\DBD\File\Roadmap.html (4660 bytes)
C:\Perl\html\lib\CPANPLUS\Dist\Base.html (4501 bytes)
C:\Perl\html\faq\ActivePerl-faq2.html (4754 bytes)
C:\Perl\html\lib\CPANPLUS.html (5225 bytes)
C:\Perl\html\lib\DBD\Gofer\Policy\classic.html (2902 bytes)
C:\Perl\html\bin\pod2man.html (3499 bytes)
C:\Perl\html\lib\bigrat.html (2179 bytes)
C:\Perl\html\lib\ActiveState\Handy.html (4416 bytes)
C:\Perl\html\lib\CPANPLUS\Module\Author\Fake.html (3101 bytes)
C:\Perl\html\faq\Windows\ActivePerl-Winfaq2.html (3706 bytes)
C:\Perl\html\changes.html (4132 bytes)
C:\Perl\html\lib\B\Lint\Debug.html (3554 bytes)
C:\Perl\html\lib\Archive\Zip\MemberRead.html (5310 bytes)
C:\Perl\html\lib\AnyDBM_File.html (4391 bytes)
C:\Perl\html\lib\Clone.html (4323 bytes)
C:\Perl\html\lib\ActiveState\Menu.html (4410 bytes)
C:\Perl\html\lib\Algorithm\C3.html (4882 bytes)
C:\Perl\eg\IEExamples\plcalc.htm (4661 bytes)
C:\Perl\html\bin\perlcritic.html (5433 bytes)
C:\Perl\html\lib\CPAN\Meta\Requirements.html (5197 bytes)
C:\Perl\html\lib\CPAN\Nox.html (3488 bytes)
Registry activity
The process 27b9d7b0370d2c2579d486fda9d10a72mgr.exe:604 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C9 F2 7E 22 38 42 BD 97 CF C0 53 BB 53 0E B9 78"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"ckxqffnw.exe" = "ckxqffnw"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
The process ckxqffnw.exe:220 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C0 B8 42 C9 9F 4A CA 24 8E 7F 5A 8E D4 66 96 5F"
The process 27b9d7b0370d2c2579d486fda9d10a72.exe:444 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Apple Computer, Inc.\QuickTime\QuickTimeUpdateInProgress]
"QuickTimeUpdateCompletion" = "1"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Update Completion 0" = "c:\27b9d7b0370d2c2579d486fda9d10a72.exe -atboottime QuickTime Update Completion 0"
The process iexplore.exe:1552 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "84 F1 EB D2 25 65 19 E1 AA 8B FB A5 23 46 EC 69"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
The process iexplore.exe:1776 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "09 E1 7F 16 B5 D5 5B CE 42 D6 E4 46 DA AB DD DB"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit" = "%System%\userinit.exe,,%Program Files%\cyljsdca\kfdvddln.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
The Trojan deletes the following registry key(s):
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
The process iexplore.exe:424 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0C 0B 3B C8 53 8A D1 12 AF 91 0C 36 42 4E 8D 4D"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
The process iexplore.exe:1636 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "14 23 EC 0E B3 83 A1 77 73 DD F1 76 CC 24 8F 55"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"1201" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"1201" = "0"
Network activity (URLs)
| URL | IP |
|---|---|
| caswerdoomers.com | 69.43.161.174 |
| xopierhooter.com | 69.43.161.180 |
| google.com | 24.200.237.99 |
| zaertuoderkaxk.com | 69.164.203.105 |
| redor-moffies.com | 69.164.203.105 |
Rootkit activity
The Trojan installs the following kernel-mode hooks:
ZwCreateKey
ZwOpenKey
The Trojan installs the following user-mode hooks in USER32.dll:
TranslateMessage
The Trojan installs the following user-mode hooks in WS2_32.dll:
WSASendTo
WSARecvFrom
WSASend
recv
WSARecv
send
closesocket
recvfrom
sendto
The Trojan installs the following user-mode hooks in ntdll.dll:
LdrLoadDll
NtResumeThread
NtQueryDirectoryFile
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Scan a system with an anti-rootkit tool.
- Terminate malicious process(es) (How to End a Process With the Task Manager):
27b9d7b0370d2c2579d486fda9d10a72mgr.exe:604
ckxqffnw.exe:220
27b9d7b0370d2c2579d486fda9d10a72.exe:444 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temp\~TM2.tmp (7385 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~TM1.tmp (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ckxqffnw.exe (41 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rqbdgaea.sys (14 bytes)
%System%\wbem\Logs\wmiprov.log (4 bytes)
%System%\wbem\Logs\wbemcore.log (344 bytes)
%WinDir%\WinSxS (96 bytes)
\Device\Harddisk0\DR0 (216675 bytes)
%WinDir%\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775 (4 bytes)
%Documents and Settings%\All Users (4 bytes)
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\test.pml (3361 bytes)
C:\$Directory (2008 bytes)
%WinDir%\Temp\Perflib_Perfdata_7ac.dat (4 bytes)
%WinDir%\AppPatch (4 bytes)
C:\27b9d7b0370d2c2579d486fda9d10a72mgr.exe (179 bytes)
%Program Files%\cyljsdca\kfdvddln.exe (673 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Startup\kfdvddln.exe (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~TM4.tmp (1513871 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\lgdnecqm.log (96 bytes)
C:\Perl\html\lib\B.html (4529 bytes)
C:\Perl\html\bin\ptardiff.html (4430 bytes)
C:\Perl\html\bin\ap-user-guide.html (4093 bytes)
C:\Perl\html\lib\DB.html (5597 bytes)
C:\Perl\html\lib\CPANPLUS\Internals\Report.html (5447 bytes)
C:\Perl\html\lib\ActiveState\OSType.html (4430 bytes)
C:\Perl\html\blank.html (4154 bytes)
C:\Perl\html\lib\B\Concise.html (4437 bytes)
C:\Perl\html\lib\Class\MOP\Method\Wrapped.html (2898 bytes)
C:\Perl\eg\PerlEx\bm.htm (3954 bytes)
C:\Perl\html\lib\arybase.html (4445 bytes)
C:\Perl\html\lib\CGI\Pretty.html (3497 bytes)
C:\Perl\html\lib\ActiveState\Browser.html (3657 bytes)
C:\Perl\html\lib\AutoSplit.html (4287 bytes)
C:\Perl\eg\PerlEx\benchmarks.htm (3588 bytes)
C:\Perl\html\lib\DBD\Gofer\Policy\Base.html (3552 bytes)
C:\Perl\html\faq\Windows\ActivePerl-Winfaq4.html (5034 bytes)
C:\Perl\html\lib\Class\Accessor\Fast.html (4077 bytes)
C:\Perl\html\lib\ActiveState\CPAN.html (4792 bytes)
C:\Perl\html\lib\CPANPLUS\Internals\Fetch.html (4088 bytes)
C:\Perl\eg\PerlEx\benchtop.htm (2775 bytes)
C:\Perl\html\lib\ActivePerl\PPM\Client.html (4567 bytes)
C:\Perl\html\lib\Compress\Raw\Bzip2.html (3761 bytes)
C:\Perl\html\lib\ActiveState\Config\INI.html (3884 bytes)
C:\Perl\html\lib\Data\Dump\Trace.html (4453 bytes)
C:\Perl\html\lib\Class\Load\XS.html (4943 bytes)
C:\Perl\html\install.html (5390 bytes)
C:\Perl\html\bin\podchecker.html (4454 bytes)
C:\Perl\html\lib\Compress\Zlib.html (3307 bytes)
C:\Perl\html\lib\CGI\Push.html (5693 bytes)
C:\Perl\html\bin\xsubpp.html (3620 bytes)
C:\Perl\html\lib\CGI\Switch.html (3247 bytes)
C:\Perl\html\lib\Date\Calc\Object.html (3697 bytes)
C:\Perl\html\lib\AutoLoader.html (5435 bytes)
C:\Perl\html\lib\CPANPLUS\Module.html (5021 bytes)
C:\Perl\html\lib\CPANPLUS\Shell\Default.html (3143 bytes)
C:\Perl\html\lib\CPANPLUS\Selfupdate.html (5459 bytes)
C:\Perl\html\lib\Class\MOP\Attribute.html (5032 bytes)
C:\Perl\html\lib\CPANPLUS\Internals\Source.html (5489 bytes)
C:\Perl\html\lib\CPANPLUS\Dist\MM.html (4418 bytes)
C:\Perl\html\lib\ActiveState\Run.html (4951 bytes)
C:\Perl\html\lib\Archive\Extract.html (3067 bytes)
C:\Perl\html\bin\nytprofcg.html (3941 bytes)
C:\Perl\html\bin\pod2usage.html (3785 bytes)
C:\Perl\html\bin\corelist.html (3548 bytes)
C:\Perl\html\lib\CPAN\Meta\Prereqs.html (4899 bytes)
C:\Perl\html\bin\ap-iis-config.html (3786 bytes)
C:\Perl\html\lib\bigint.html (3269 bytes)
C:\Perl\eg\PerlEx\blank.htm (5503 bytes)
C:\Perl\html\lib\CGI\Apache.html (3518 bytes)
C:\Perl\html\bin\zipdetails.html (2803 bytes)
C:\Perl\html\faq\ActivePerl-faq1.html (5189 bytes)
C:\Perl\html\lib\CPAN\Meta\YAML.html (3615 bytes)
C:\Perl\html\lib\DBD\Gofer\Policy\rush.html (3035 bytes)
C:\Perl\html\lib\CPANPLUS\Internals\Utils.html (4314 bytes)
C:\Perl\html\lib\base.html (3380 bytes)
C:\Perl\html\lib\Class\MOP\Method\Meta.html (4217 bytes)
C:\Perl\html\lib\B\Xref.html (4698 bytes)
C:\Perl\html\lib\Class\Load.html (4774 bytes)
C:\Perl\html\bin\psed.html (4681 bytes)
C:\Perl\html\bin\perlglob.html (5250 bytes)
C:\Perl\html\lib\CPANPLUS\Module\Fake.html (3782 bytes)
C:\Perl\html\lib\blib.html (3602 bytes)
C:\Perl\html\lib\ActiveState\Version.html (4242 bytes)
C:\Perl\html\lib\ActivePerl\PPM\RepoPackage.html (3421 bytes)
C:\Perl\html\bin\pl2bat.html (5631 bytes)
C:\Perl\html\lib\Algorithm\DiffOld.html (3698 bytes)
C:\Perl\html\lib\Class\MOP\Method\Constructor.html (5469 bytes)
C:\Perl\html\lib\CPANPLUS\Internals\Search.html (4187 bytes)
C:\Perl\html\lib\CPAN\API\HOWTO.html (4643 bytes)
C:\Perl\eg\IEExamples\plhello.htm (4936 bytes)
C:\Perl\html\lib\Data\Dumper.html (4677 bytes)
C:\Perl\html\lib\B\Showlex.html (4169 bytes)
C:\Perl\html\lib\CPANPLUS\Shell\Default\Plugins\Remote.html (2836 bytes)
C:\Perl\html\lib\Carp.html (5504 bytes)
C:\Perl\html\lib\CPANPLUS\Shell\Default\Plugins\HOWTO.html (3660 bytes)
C:\Perl\html\bin\pwhich.html (4396 bytes)
C:\Perl\html\lib\Bundle\DBD\Pg.html (4138 bytes)
C:\Perl\html\lib\DBD\Oracle\Object.html (4081 bytes)
C:\Perl\html\lib\CPAN.html (3416 bytes)
C:\Perl\html\lib\DBD\File\Developers.html (4983 bytes)
C:\Perl\html\lib\App\Prove\State.html (4548 bytes)
C:\Perl\html\bin\instmodsh.html (2783 bytes)
C:\Perl\html\lib\CPAN\Distroprefs.html (4911 bytes)
C:\Perl\html\lib\CPAN\Meta.html (3273 bytes)
C:\Perl\html\lib\CPANPLUS\Dist\Build\Constants.html (3984 bytes)
C:\Perl\html\lib\DBD\Gofer\Transport\null.html (2929 bytes)
C:\Perl\html\lib\CPANPLUS\Backend.html (4000 bytes)
C:\Perl\html\lib\CGI\Carp.html (4113 bytes)
C:\Perl\html\lib\ActiveState\Indenter.html (4466 bytes)
C:\Perl\html\bin\enc2xs.html (4531 bytes)
C:\Perl\html\lib\Class\MOP\MiniTrait.html (4467 bytes)
C:\Perl\html\lib\Archive\Zip.html (2773 bytes)
C:\Perl\html\lib\B\Debug.html (4123 bytes)
C:\Perl\html\lib\CPANPLUS\Shell.html (5070 bytes)
C:\Perl\html\lib\CPAN\Kwalify.html (3968 bytes)
C:\Perl\html\lib\CPAN\Debug.html (3234 bytes)
C:\Perl\html\lib\ActivePerl\DocTools\Pod.html (4991 bytes)
C:\Perl\html\lib\bignum.html (4855 bytes)
C:\Perl\html\Components\Descriptions.html (4449 bytes)
C:\Perl\html\lib\Data\Dump\Filtered.html (4867 bytes)
C:\Perl\html\lib\Benchmark.html (2568 bytes)
C:\Perl\html\lib\ActivePerl\PPM\Profile.html (3339 bytes)
C:\Perl\html\bin\h2xs.html (4651 bytes)
C:\Perl\html\bin\lwp-download.html (3719 bytes)
C:\Perl\html\lib\Archive\Tar.html (6165 bytes)
C:\Perl\html\bin\cpan2dist.html (3497 bytes)
C:\Perl\html\lib\Class\C3\next.html (3780 bytes)
C:\Perl\html\lib\DBD\ODBC\TO_DO.html (2399 bytes)
C:\Perl\html\lib\CPANPLUS\Dist\Autobundle.html (4065 bytes)
C:\Perl\html\activeperl.html (4402 bytes)
%Documents and Settings%\%current user%\Application Data\Sun\Java\jre1.6.0_18\lzma.dll (2334 bytes)
C:\Perl\html\bin\h2ph.html (4677 bytes)
C:\Perl\html\bin\nytprofmerge.html (5049 bytes)
C:\Perl\html\lib\CPAN\Tarzip.html (3176 bytes)
C:\Perl\html\lib\CPAN\Meta\Feature.html (4253 bytes)
C:\Perl\html\bin\pod2latex.html (4296 bytes)
C:\Perl\html\lib\B\Lint.html (4788 bytes)
C:\Perl\html\lib\ActivePerl\PPM\PPD.html (4664 bytes)
C:\Perl\html\lib\DBD\ODBC\Changes.html (2564 bytes)
C:\Perl\html\bin\perlcritic-gui.html (3453 bytes)
C:\Perl\html\bin\lwp-mirror.html (3847 bytes)
C:\Perl\html\lib\DBD\Gofer.html (4483 bytes)
C:\Perl\html\bin\tkx-ed.html (3634 bytes)
C:\Perl\html\lib\Class\MOP.html (4123 bytes)
C:\Perl\html\lib\Archive\Zip\FAQ.html (2461 bytes)
C:\Perl\html\bin\podselect.html (3835 bytes)
C:\Perl\eg\IEExamples\index.htm (4275 bytes)
C:\Perl\html\lib\ActiveState\StopWatch.html (3636 bytes)
C:\Perl\html\lib\ActivePerl\PPM\Package.html (4856 bytes)
C:\Perl\html\lib\CPANPLUS\Backend\RV.html (4688 bytes)
C:\Perl\html\lib\CPAN\HandleConfig.html (3983 bytes)
C:\Perl\html\lib\DBD\Gofer\Transport\pipeone.html (4254 bytes)
C:\Perl\html\lib\CPAN\Meta\Validator.html (2597 bytes)
C:\Perl\html\Components\Windows\PerlScript.html (4683 bytes)
C:\Perl\html\lib\CPANPLUS\Dist\Build.html (3053 bytes)
C:\Perl\html\lib\DBD\File.html (4821 bytes)
C:\Perl\html\faq\Windows\ActivePerl-Winfaq8.html (5695 bytes)
C:\Perl\html\lib\DBD\Oracle\GetInfo.html (4069 bytes)
C:\Perl\html\lib\CPAN\FirstTime.html (3211 bytes)
C:\Perl\html\lib\Class\C3.html (4588 bytes)
C:\Perl\html\lib\CPANPLUS\FAQ.html (3594 bytes)
C:\Perl\html\faq\Windows\ActivePerl-Winfaq7.html (4719 bytes)
C:\Perl\html\bin\mech-dump.html (3411 bytes)
C:\Perl\html\bin\pstruct.html (4924 bytes)
C:\Perl\html\bin\json_pp.html (4071 bytes)
C:\Perl\html\lib\CPANPLUS\Module\Checksums.html (2829 bytes)
C:\Perl\html\lib\CPAN\Queue.html (3332 bytes)
C:\Perl\html\Components\Windows\PerlISAPI.html (3706 bytes)
C:\Perl\html\lib\CPAN\Meta\Spec.html (4490 bytes)
C:\Perl\html\bin\dbiproxy.html (5723 bytes)
C:\Perl\html\bin\pl2pm.html (4309 bytes)
C:\Perl\html\lib\Class\MOP\Mixin\HasAttributes.html (3953 bytes)
C:\Perl\html\lib\Class\MOP\Module.html (4591 bytes)
C:\Perl\html\bin\s2p.html (4503 bytes)
C:\Perl\html\lib\DBD\CSV.html (4472 bytes)
C:\Perl\html\lib\autodie\hints.html (4642 bytes)
C:\Perl\html\lib\Algorithm\Diff.html (3010 bytes)
C:\Perl\html\lib\DBD\DBM.html (4062 bytes)
C:\Perl\html\bin\perlthanks.html (5217 bytes)
C:\Perl\html\lib\ActivePerl.html (4576 bytes)
C:\Perl\html\lib\autodie\exception.html (5175 bytes)
C:\Perl\html\bin\ptar.html (2232 bytes)
C:\Perl\html\bin\nytprofhtml.html (5431 bytes)
C:\Perl\html\lib\CPANPLUS\Configure.html (4505 bytes)
C:\Perl\html\lib\Class\MOP\Mixin.html (4278 bytes)
C:\Perl\html\lib\Class\MOP\Class\Immutable\Trait.html (3288 bytes)
C:\Perl\html\lib\ActiveState\Table.html (4856 bytes)
C:\Perl\html\lib\ActiveState\Duration.html (3958 bytes)
C:\Perl\html\lib\ActiveState\DateTime.html (4145 bytes)
C:\Perl\html\lib\Bundle\DBI.html (2573 bytes)
C:\Perl\html\lib\ActiveState\PerlCritic\UserProfile.html (4119 bytes)
C:\Perl\html\lib\CGI\Fast.html (3527 bytes)
C:\Perl\html\lib\DBD\ODBC.html (5111 bytes)
C:\Perl\html\lib\CPANPLUS\Dist.html (4853 bytes)
C:\Perl\html\lib\CPANPLUS\Shell\Default\Plugins\CustomSource.html (3922 bytes)
C:\Perl\html\lib\B\Terse.html (4344 bytes)
C:\Perl\html\lib\Bit\Vector\Overload.html (3972 bytes)
C:\Perl\html\lib\ActiveState\DiskUsage.html (4591 bytes)
C:\Perl\html\lib\DBD\File\HowTo.html (5219 bytes)
C:\Perl\html\lib\CPAN\Mirrors.html (4914 bytes)
C:\Perl\bin\PerlMsg.dll (2761 bytes)
C:\Perl\html\lib\ActivePerl\PPM\InstallArea.html (4682 bytes)
C:\Perl\html\bin\libnetcfg.html (4251 bytes)
C:\Perl\html\bin\ppm.html (2453 bytes)
C:\Perl\html\lib\CGI\Cookie.html (2540 bytes)
C:\Perl\html\lib\Class\MOP\Object.html (3882 bytes)
C:\Perl\html\lib\CPAN\Version.html (3812 bytes)
C:\Perl\html\lib\ActiveState\Scineplex.html (5045 bytes)
C:\Perl\html\lib\DBD\Gofer\Transport\stream.html (3460 bytes)
C:\Perl\html\lib\ActiveState\Bytes.html (2279 bytes)
C:\Perl\html\faq\Windows\ActivePerl-Winfaq10.html (5018 bytes)
C:\Perl\html\lib\Class\MOP\Method\Inlined.html (2999 bytes)
C:\Perl\html\lib\CGI.html (3499 bytes)
C:\Perl\html\lib\constant.html (3713 bytes)
C:\Perl\html\lib\CORE.html (4337 bytes)
C:\Perl\html\lib\Class\Accessor.html (5297 bytes)
C:\Perl\html\bin\dbilogstrip.html (3415 bytes)
C:\Perl\html\bin\lwp-request.html (3199 bytes)
C:\Perl\html\faq\ActivePerl-faq.html (3164 bytes)
C:\Perl\html\lib\CPANPLUS\Shell\Classic.html (2587 bytes)
C:\Perl\html\lib\autodie\exception\system.html (2944 bytes)
C:\Perl\html\lib\autouse.html (5159 bytes)
C:\Perl\html\bin\splain.html (6861 bytes)
C:\Perl\html\lib\Date\Calendar\Year.html (4202 bytes)
C:\Perl\html\bin\pod2html.html (2964 bytes)
C:\Perl\html\lib\CPANPLUS\Error.html (5474 bytes)
C:\Perl\html\lib\Class\MOP\Mixin\AttributeCore.html (4435 bytes)
C:\Perl\html\bin\prove.html (5576 bytes)
C:\Perl\html\bin\nytprofcsv.html (5047 bytes)
C:\Perl\html\faq\Windows\ActivePerl-Winfaq9.html (3983 bytes)
C:\Perl\html\lib\Class\Accessor\Faster.html (3186 bytes)
C:\Perl\html\bin\find2perl.html (5647 bytes)
C:\Perl\html\lib\CPAN\Meta\History.html (3740 bytes)
C:\Perl\html\lib\Archive\Tar\File.html (5184 bytes)
C:\Perl\html\lib\App\Prove.html (4912 bytes)
C:\Perl\html\Copyright.html (4284 bytes)
C:\Perl\html\bin\cpan.html (4327 bytes)
C:\Perl\eg\aspSamples\index.htm (4773 bytes)
C:\Perl\html\lib\Data\OptList.html (4058 bytes)
C:\Perl\eg\IEExamples\plmouse.htm (3445 bytes)
C:\Perl\html\lib\Class\MOP\Method\Overload.html (3898 bytes)
C:\Perl\html\lib\DBD\Gofer\Transport\corostream.html (3079 bytes)
C:\Perl\html\lib\Config\Extensions.html (4592 bytes)
C:\Perl\html\lib\ActiveState\Path.html (4578 bytes)
C:\Perl\html\bin\cpanp.html (4731 bytes)
C:\Perl\html\lib\CPANPLUS\Hacking.html (3338 bytes)
C:\Perl\html\lib\Config\Tiny.html (4763 bytes)
C:\Perl\html\lib\Class\MOP\Instance.html (4394 bytes)
C:\Perl\html\lib\Class\Struct.html (5576 bytes)
C:\Perl\html\lib\Attribute\Handlers.html (5063 bytes)
C:\Perl\html\lib\ActivePerl\Config.html (3929 bytes)
C:\Perl\html\lib\ActiveState\Win32\Shell.html (4292 bytes)
C:\Perl\html\bin\perlbug.html (5233 bytes)
C:\Perl\html\lib\App\Prove\State\Result.html (4024 bytes)
C:\Perl\html\lib\ActiveState\RelocateTree.html (4356 bytes)
C:\Perl\html\bin\shasum.html (4090 bytes)
C:\Perl\html\bin\config_data.html (4366 bytes)
C:\Perl\html\bin\piconv.html (3803 bytes)
C:\Perl\html\faq\ActivePerl-faq3.html (3405 bytes)
C:\Perl\html\faq\Windows\ActivePerl-Winfaq12.html (2245 bytes)
C:\Perl\html\lib\Class\MOP\Method.html (5088 bytes)
C:\Perl\html\lib\Compress\Raw\Zlib.html (4041 bytes)
C:\Perl\html\lib\Bit\Vector.html (5783 bytes)
C:\Perl\html\lib\Data\Dump.html (4582 bytes)
C:\Perl\html\lib\DBD\ODBC\FAQ.html (3998 bytes)
C:\Perl\html\lib\CPANPLUS\Shell\Default\Plugins\Source.html (4840 bytes)
C:\Perl\html\lib\Carp\Clan.html (4203 bytes)
C:\Perl\html\lib\Bit\Vector\String.html (5805 bytes)
C:\Perl\html\faq\Windows\ActivePerl-Winfaq6.html (5051 bytes)
C:\Perl\html\lib\App\Prove\State\Result\Test.html (4919 bytes)
C:\Perl\html\bin\dbiprof.html (4746 bytes)
C:\Perl\html\lib\Date\Calendar.html (4775 bytes)
C:\Perl\html\bin\runperl.html (3505 bytes)
C:\Perl\html\lib\Cwd.html (4655 bytes)
C:\Perl\html\lib\Class\MOP\Package.html (4620 bytes)
C:\Perl\html\lib\ActiveState\ModInfo.html (3711 bytes)
C:\Perl\html\Components\Windows\PerlEz.html (5890 bytes)
C:\Perl\eg\IEExamples\plwelcome.htm (4551 bytes)
C:\Perl\html\lib\Class\MOP\Deprecated.html (4001 bytes)
C:\Perl\html\lib\Bundle\DBD\CSV.html (4176 bytes)
C:\Perl\html\lib\CPANPLUS\Config\HomeEnv.html (4191 bytes)
C:\Perl\html\lib\bytes.html (4376 bytes)
C:\Perl\html\lib\Class\MOP\Method\Accessor.html (3748 bytes)
C:\Perl\html\bin\reloc_perl.html (4375 bytes)
C:\Perl\html\lib\B\Keywords.html (4574 bytes)
C:\Perl\html\lib\Date\Calc.html (5029 bytes)
C:\Perl\html\lib\CPAN\Meta\Converter.html (3778 bytes)
C:\Perl\html\bin\exetype.html (2185 bytes)
C:\Perl\html\lib\autodie.html (4784 bytes)
C:\Perl\html\lib\ActiveState\Tkx\TextSyntaxTags.html (4257 bytes)
C:\Perl\html\lib\Date\Calc\PP.html (3729 bytes)
C:\Perl\html\lib\ActiveState\Color.html (3302 bytes)
C:\Perl\eg\PerlEx\benchmain.htm (3658 bytes)
C:\Perl\html\faq\Windows\ActivePerl-Winfaq5.html (4918 bytes)
C:\Perl\html\lib\Archive\Zip\Tree.html (5275 bytes)
C:\Perl\html\lib\CPANPLUS\Internals\Extract.html (3257 bytes)
C:\Perl\html\lib\B\Deparse.html (4672 bytes)
C:\Perl\html\lib\DBD\Gofer\Transport\Base.html (4019 bytes)
C:\Perl\html\lib\CPANPLUS\Internals.html (4426 bytes)
C:\Perl\html\lib\Class\MOP\Mixin\HasMethods.html (3770 bytes)
C:\Perl\html\lib\CPANPLUS\Internals\Source\SQLite.html (3362 bytes)
C:\Perl\html\lib\CGI\Util.html (3629 bytes)
C:\Perl\html\lib\attributes.html (2864 bytes)
C:\Perl\html\lib\CPANPLUS\Internals\Source\Memory.html (4426 bytes)
C:\Perl\html\lib\Class\MOP\Class.html (5785 bytes)
C:\Perl\html\bin\lwp-dump.html (3909 bytes)
C:\Perl\html\lib\charnames.html (4810 bytes)
C:\Perl\html\bin\c2ph.html (4668 bytes)
C:\Perl\html\lib\Class\MOP\Method\Generated.html (3610 bytes)
C:\Perl\html\bin\ptargrep.html (2269 bytes)
C:\Perl\html\lib\Config.html (2186 bytes)
C:\Perl\html\lib\CPANPLUS\Config.html (5436 bytes)
C:\Perl\html\lib\DBD\Gofer\Policy\pedantic.html (4265 bytes)
C:\Perl\html\lib\ActivePerl\PPM\Arch.html (3468 bytes)
C:\Perl\html\bin\ap-update-html.html (4426 bytes)
C:\Perl\html\bin\pod2text.html (3904 bytes)
C:\Perl\html\lib\Class\Data\Inheritable.html (4525 bytes)
C:\Perl\html\bin\perlivp.html (5469 bytes)
C:\Perl\html\lib\CPANPLUS\Module\Author.html (4327 bytes)
C:\Perl\html\lib\App\Cpan.html (6383 bytes)
C:\Perl\html\lib\CPANPLUS\Dist\Sample.html (3840 bytes)
C:\Perl\html\index.html (2913 bytes)
C:\Perl\html\lib\Date\Calendar\Profiles.html (5217 bytes)
C:\Perl\html\lib\ActiveState\Prompt.html (3706 bytes)
C:\Perl\html\lib\DBD\File\Roadmap.html (4660 bytes)
C:\Perl\html\lib\CPANPLUS\Dist\Base.html (4501 bytes)
C:\Perl\html\faq\ActivePerl-faq2.html (4754 bytes)
C:\Perl\html\lib\CPANPLUS.html (5225 bytes)
C:\Perl\html\lib\DBD\Gofer\Policy\classic.html (2902 bytes)
C:\Perl\html\bin\pod2man.html (3499 bytes)
C:\Perl\html\lib\bigrat.html (2179 bytes)
C:\Perl\html\lib\ActiveState\Handy.html (4416 bytes)
C:\Perl\html\lib\CPANPLUS\Module\Author\Fake.html (3101 bytes)
C:\Perl\html\faq\Windows\ActivePerl-Winfaq2.html (3706 bytes)
C:\Perl\html\changes.html (4132 bytes)
C:\Perl\html\lib\B\Lint\Debug.html (3554 bytes)
C:\Perl\html\lib\Archive\Zip\MemberRead.html (5310 bytes)
C:\Perl\html\lib\AnyDBM_File.html (4391 bytes)
C:\Perl\html\lib\Clone.html (4323 bytes)
C:\Perl\html\lib\ActiveState\Menu.html (4410 bytes)
C:\Perl\html\lib\Algorithm\C3.html (4882 bytes)
C:\Perl\eg\IEExamples\plcalc.htm (4661 bytes)
C:\Perl\html\bin\perlcritic.html (5433 bytes)
C:\Perl\html\lib\CPAN\Meta\Requirements.html (5197 bytes)
C:\Perl\html\lib\CPAN\Nox.html (3488 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Update Completion 0" = "c:\27b9d7b0370d2c2579d486fda9d10a72.exe -atboottime QuickTime Update Completion 0" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.