EmailWorm.Win32.LoveLetter_f46a6b5a55 – Adaware

Susp_Dropper (Kaspersky), LooksLike.Win32.Malware!B (v) (VIPRE), Email-Worm.Win32.LoveLetter!IK (Emsisoft), GenericEmailWorm.YR, GenericIRCBot.YR (Lavasoft MAS)Behaviour: Worm, Email-Worm, EmailWorm, IRCBot

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: f46a6b5a55f3a61fe068aa08a1cb7954

SHA1: a1d77937c86d76d0a88f511bced7a0705dde176f

SHA256: c87799963e243829acdf66c973d96659f4f04b4def50651a51f21f147f9ce2e7

SSDeep: 768:q2lUFLbPptz7X8qA8BL11cQTQLXhzarYbIrxydPN/:c3fUqLB3cQTMR5bI2

Size: 42496 bytes

File type: PE32

Platform: WIN32

Entropy: Not Packed

PEID: UPolyXv05_v6

Company: FestiveBar

Created at: no data

Summary: Worm. A program that is primarily replicating on networks or removable drives.

Dynamic Analysis

Payload

Behaviour	Description
EmailWorm	Worm can send e-mails.
IRCBot	A bot can communicate with command and control servers via IRC channel.

Process activity

The Worm creates the following process(es):

rzqyjaaar.iza:1240
rzqyjaaar.iza:1852
f46a6b5a55f3a61fe068aa08a1cb7954.exe:332

File activity

The process rzqyjaaar.iza:1240 makes changes in a file system.

The Worm creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\bbaiyy.rjbq.yji (42 bytes)

The process rzqyjaaar.iza:1852 makes changes in a file system.

The Worm creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\qiajbj.rqqq.yji (42 bytes)

The process f46a6b5a55f3a61fe068aa08a1cb7954.exe:332 makes changes in a file system.

The Worm creates and/or writes to the following file(s):

C:\Perl\bin\abrrararq.qjy (42 bytes)
%Program Files%\MSN Gaming Zone\Windows\iazzzarib.yqa (42 bytes)
%Program Files%\NetMeeting\bijrazyiy.aibiazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\byjayayar.abr (42 bytes)
%WinDir%\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\0c1e5e0ffeb238b1ee5c9ea3a4878374\update\yqyajqiaq.jjr (42 bytes)
C:\totalcmd\byjayayar.abr (42 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\update\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2\zbzbyqqjb.yjz (42 bytes)
%WinDir%\ime\imkr6_1\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\update\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\57b4b90cc3eead9f6c29b58581d03ae4\update\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba\zbzbyqqjb.yjz (42 bytes)
%WinDir%\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\update\byjayayar.abr (42 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\yqyajqiaq.jjr (42 bytes)
%WinDir%\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5\update\abrrararq.qjy (42 bytes)
%WinDir%\SoftwareDistribution\Download\cb88a2f03b29735db957d61a63df6504\update\iazzzarib.yqa (42 bytes)
%WinDir%\Network Diagnostic\zbzbyqqjb.yjz (42 bytes)
%Program Files%\Outlook Express\rrrziiirr.qyrarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d\update\zbzbyqqjb.yjz (42 bytes)
%WinDir%\SoftwareDistribution\Download\30438597a812a5d1d7979088d451747f\rrrziiirr.qyr (42 bytes)
%Program Files%\Wireshark\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2\update\byjayayar.abr (42 bytes)
%WinDir%\SoftwareDistribution\Download\bc81666f3868f34642e3f5adbc2719f9\update\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\0000894bab70b145c3629920ba907f7a\update\iazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd\rzqyjaaar.iza (42 bytes)
%Program Files%\NetMeeting\yqyajqiaq.jjriazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\update\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\abrrararq.qjy (42 bytes)
%WinDir%\SoftwareDistribution\Download\30438597a812a5d1d7979088d451747f\update\abrrararq.qjy (42 bytes)
%WinDir%\SoftwareDistribution\Download\b6f4642d2b8dc03c5ce1b1a4f77b1bda\abrrararq.qjy (42 bytes)
%WinDir%\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\byjayayar.abr (42 bytes)
%WinDir%\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\update\iazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\zbzbyqqjb.yjz (42 bytes)
%WinDir%\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da\update\yqyajqiaq.jjr (42 bytes)
%WinDir%\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\update\bijrazyiy.aib (42 bytes)
%Program Files%\Common Files\Microsoft Shared\MSInfo\bijrazyiy.aib (42 bytes)
%WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\iazzzarib.yqa (42 bytes)
C:\Perl\bin\zbzbyqqjb.yjz (42 bytes)
%WinDir%\SoftwareDistribution\Download\8bb5f1c638778df6b77d80bc61ffc63c\yqyajqiaq.jjr (42 bytes)
%WinDir%\SoftwareDistribution\Download\ee4e3d4bf0d346e1b8fdee8197195e59\iazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\update\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\8b9a83d2cde55eb19dc502cc2dd04e0d\update\bijrazyiy.aib (42 bytes)
%WinDir%\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\update\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\update\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da\bijrazyiy.aib (42 bytes)
%WinDir%\SoftwareDistribution\Download\621a08ac003b616bcaa86aa4d4292d50\update\abrrararq.qjy (42 bytes)
%WinDir%\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\bijrazyiy.aib (42 bytes)
%WinDir%\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\iazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6\update\yqyajqiaq.jjr (42 bytes)
%Program Files%\Wireshark\zbzbyqqjb.yjz (42 bytes)
%WinDir%\SoftwareDistribution\Download\211409fc1d99b95b32fb0344cad140df\update\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\c0e4033a7ec549e982572f0d830cf5d0\update\yqyajqiaq.jjr (42 bytes)
%Program Files%\Outlook Express\byjayayar.abrarib.yqa (42 bytes)
%WinDir%\ime\imjp8_1\abrrararq.qjy (42 bytes)
%WinDir%\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\bijrazyiy.aib (42 bytes)
%WinDir%\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\update\iazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\byjayayar.abr (42 bytes)
%WinDir%\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80\byjayayar.abr (42 bytes)
%Program Files%\WinPcap\byjayayar.abrzbyqqjb.yjz.qyra (42 bytes)
%Program Files%\Wireshark\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\yqyajqiaq.jjr (42 bytes)
%WinDir%\pchealth\helpctr\binaries\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6\bijrazyiy.aib (42 bytes)
%WinDir%\ime\imjp8_1\iazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\iazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\update\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\update\zbzbyqqjb.yjz (42 bytes)
%WinDir%\$NtUninstallKB898461$\spuninst\yqyajqiaq.jjr (42 bytes)
%Program Files%\Common Files\Adobe\Updater6\zbzbyqqjb.yjz (42 bytes)
%WinDir%\SoftwareDistribution\Download\cb88a2f03b29735db957d61a63df6504\byjayayar.abr (42 bytes)
%Program Files%\Windows NT\Pinball\zbzbyqqjb.yjz.qyra (42 bytes)
%WinDir%\SoftwareDistribution\Download\621a08ac003b616bcaa86aa4d4292d50\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\8bb5f1c638778df6b77d80bc61ffc63c\update\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\update\yqyajqiaq.jjr (42 bytes)
%WinDir%\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\zbzbyqqjb.yjz (42 bytes)
%Program Files%\Wireshark\bijrazyiy.aib (42 bytes)
%Program Files%\MSN Gaming Zone\Windows\byjayayar.abrr (42 bytes)
%WinDir%\SoftwareDistribution\Download\e79028ac4f02e201b61b2c632cb0fc5e\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\update\zbzbyqqjb.yjz (42 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\byjayayar.abr (42 bytes)
D:\zbzbyqqjb.yjz (42 bytes)
%WinDir%\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\zbzbyqqjb.yjz (42 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\abrrararq.qjy (42 bytes)
%WinDir%\SoftwareDistribution\Download\0c1e5e0ffeb238b1ee5c9ea3a4878374\bijrazyiy.aib (42 bytes)
%WinDir%\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\abrrararq.qjy (42 bytes)
%WinDir%\SoftwareDistribution\Download\1c47f41cc76cde4c629564d7564f2795\bijrazyiy.aib (42 bytes)
C:\totalcmd\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\bc81666f3868f34642e3f5adbc2719f9\rzqyjaaar.iza (42 bytes)
%WinDir%\$hf_mig$\KB898461\iazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074\update\byjayayar.abr (42 bytes)
%WinDir%\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\SP2QFE\yqyajqiaq.jjr (42 bytes)
%WinDir%\SoftwareDistribution\Download\e5c5fc9bd7a4957f0a45c6db2957c5c9\update\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\update\abrrararq.qjy (42 bytes)
%WinDir%\$hf_mig$\KB898461\update\bijrazyiy.aib.qyra (42 bytes)
%WinDir%\ime\imjp8_1\zbzbyqqjb.yjz (42 bytes)
%WinDir%\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074\zbzbyqqjb.yjz (42 bytes)
%WinDir%\SoftwareDistribution\Download\c0e4033a7ec549e982572f0d830cf5d0\bijrazyiy.aib (42 bytes)
%WinDir%\SoftwareDistribution\Download\e79028ac4f02e201b61b2c632cb0fc5e\update\abrrararq.qjy (42 bytes)
%Program Files%\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A93000000001}\iazzzarib.yqaiy.aibarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\abrrararq.qjy (42 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\a4c07d9275eb613d842cb1e140d8a426\abrrararq.qjy (42 bytes)
%WinDir%\inf\zbzbyqqjb.yjz (42 bytes)
%WinDir%\SoftwareDistribution\Download\ee4e3d4bf0d346e1b8fdee8197195e59\update\bijrazyiy.aib (42 bytes)
%Program Files%\MSN Gaming Zone\Windows\zbzbyqqjb.yjzr (42 bytes)
%WinDir%\SoftwareDistribution\Download\17e46901add634f15d293735648771e6\update\zbzbyqqjb.yjz (42 bytes)
%WinDir%\SoftwareDistribution\Download\6b7f938fb3db15dab273f3f1702c318c\update\bijrazyiy.aib (42 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\yqyajqiaq.jjr (42 bytes)
%Program Files%\Windows Media Player\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\1c47f41cc76cde4c629564d7564f2795\update\yqyajqiaq.jjr (42 bytes)
%WinDir%\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\update\bijrazyiy.aib (42 bytes)
%WinDir%\SoftwareDistribution\Download\248802b74506342031e926839639c729\update\abrrararq.qjy (42 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\update\yqyajqiaq.jjr (42 bytes)
%WinDir%\SoftwareDistribution\Download\248802b74506342031e926839639c729\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\dffcab319e36b852e5b2d51802010a7a\update\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\yqyajqiaq.jjr (42 bytes)
%WinDir%\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\update\zbzbyqqjb.yjz (42 bytes)
%Program Files%\Windows Media Player\bijrazyiy.aibyqa (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\iazzzarib.yqa (42 bytes)
%Program Files%\MSN Gaming Zone\Windows\abrrararq.qjyr (42 bytes)
%WinDir%\byjayayar.abr (42 bytes)
%WinDir%\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\iazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\8b9a83d2cde55eb19dc502cc2dd04e0d\iazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\update\yqyajqiaq.jjr (42 bytes)
%WinDir%\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\update\iazzzarib.yqa (42 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\byjayayar.abr (42 bytes)
%WinDir%\xwrm.exe (42 bytes)
%Program Files%\Outlook Express\abrrararq.qjyarib.yqa (42 bytes)
%WinDir%\Microsoft.NET\Framework\rzqyjaaar.iza (42 bytes)
%Program Files%\Windows NT\Accessories\rrrziiirr.qyra (42 bytes)
%WinDir%\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba\update\byjayayar.abr (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rabaia.jyyq.yji (42 bytes)
%WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\sp3qfe\zbzbyqqjb.yjz (42 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\bijrazyiy.aib (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\bijrazyiy.aibarib.yqa (42 bytes)
%WinDir%\ime\imjp8_1\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\abrrararq.qjy (42 bytes)
%WinDir%\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\byjayayar.abr (42 bytes)
%WinDir%\SoftwareDistribution\Download\248802b74506342031e926839639c729\sp3qfe\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\rzqyjaaar.iza (42 bytes)
%Program Files%\NetMeeting\rzqyjaaar.izaiazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\update\bijrazyiy.aib (42 bytes)
%WinDir%\ime\imjp8_1\yqyajqiaq.jjr (42 bytes)
C:\totalcmd\rzqyjaaar.iza (42 bytes)
%WinDir%\pchealth\helpctr\binaries\iazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d\abrrararq.qjy (42 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\iazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd\update\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\e5c5fc9bd7a4957f0a45c6db2957c5c9\yqyajqiaq.jjr (42 bytes)
%Program Files%\Common Files\Microsoft Shared\DW\iazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\byjayayar.abr (42 bytes)
%WinDir%\SoftwareDistribution\Download\0000894bab70b145c3629920ba907f7a\byjayayar.abr (42 bytes)
%WinDir%\SoftwareDistribution\Download\6b7f938fb3db15dab273f3f1702c318c\iazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\57b4b90cc3eead9f6c29b58581d03ae4\yqyajqiaq.jjr (42 bytes)
%WinDir%\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\zbzbyqqjb.yjz (42 bytes)
C:\Perl\bin\rrrziiirr.qyr (42 bytes)
%Program Files%\Wireshark\abrrararq.qjy (42 bytes)
%WinDir%\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80\update\iazzzarib.yqa (42 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\bijrazyiy.aib (42 bytes)
%WinDir%\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\rrrziiirr.qyr (42 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\yqyajqiaq.jjr (42 bytes)
%WinDir%\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\bijrazyiy.aib (42 bytes)
%WinDir%\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\update\bijrazyiy.aib (42 bytes)
%WinDir%\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\yqyajqiaq.jjr (42 bytes)
%Program Files%\Common Files\Microsoft Shared\DW\byjayayar.abr (42 bytes)
%WinDir%\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\rzqyjaaar.iza (42 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\zbzbyqqjb.yjz (42 bytes)
%Program Files%\Windows Media Player\yqyajqiaq.jjr (42 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\zbzbyqqjb.yjz (42 bytes)
%Program Files%\Wireshark\yqyajqiaq.jjr (42 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rrrziiirr.qyr (42 bytes)
%WinDir%\ime\imjp8_1\byjayayar.abr (42 bytes)
%WinDir%\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\update\abrrararq.qjy (42 bytes)
%WinDir%\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\update\iazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\dffcab319e36b852e5b2d51802010a7a\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\b6f4642d2b8dc03c5ce1b1a4f77b1bda\update\zbzbyqqjb.yjz (42 bytes)
%WinDir%\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\iazzzarib.yqa (42 bytes)
%Program Files%\Windows NT\abrrararq.qjy (42 bytes)
%WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\sp3qfe\abrrararq.qjy (42 bytes)
%WinDir%\SoftwareDistribution\Download\a4c07d9275eb613d842cb1e140d8a426\update\zbzbyqqjb.yjz (42 bytes)
%WinDir%\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\update\byjayayar.abr (42 bytes)
%WinDir%\SoftwareDistribution\Download\196fa81559690e2494e56094df51cdd8\byjayayar.abr (42 bytes)
%WinDir%\SoftwareDistribution\Download\211409fc1d99b95b32fb0344cad140df\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\update\yqyajqiaq.jjr (42 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\abrrararq.qjy (42 bytes)
%WinDir%\SoftwareDistribution\Download\17e46901add634f15d293735648771e6\abrrararq.qjy (42 bytes)
%WinDir%\SoftwareDistribution\Download\196fa81559690e2494e56094df51cdd8\update\iazzzarib.yqa (42 bytes)
%WinDir%\ime\imjp8_1\bijrazyiy.aib (42 bytes)
%WinDir%\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\byjayayar.abr (42 bytes)
%Program Files%\Outlook Express\iazzzarib.yqaarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\bijrazyiy.aib (42 bytes)

Registry activity

The process f46a6b5a55f3a61fe068aa08a1cb7954.exe:332 makes changes in a system registry.

The Worm creates and/or sets the following values in system registry:

To automatically run itself each time Windows is booted, the Worm adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"x32x" = "%WinDir%\xwrm.exe"

Network activity (URLs)

No activity has been detected.

Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):
rzqyjaaar.iza:1240
rzqyjaaar.iza:1852
f46a6b5a55f3a61fe068aa08a1cb7954.exe:332
Delete the original Worm file.
Delete or disinfect the following files created/modified by the Worm:
%Documents and Settings%\%current user%\Local Settings\Temp\bbaiyy.rjbq.yji (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qiajbj.rqqq.yji (42 bytes)
C:\Perl\bin\abrrararq.qjy (42 bytes)
%Program Files%\MSN Gaming Zone\Windows\iazzzarib.yqa (42 bytes)
%Program Files%\NetMeeting\bijrazyiy.aibiazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\byjayayar.abr (42 bytes)
%WinDir%\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\0c1e5e0ffeb238b1ee5c9ea3a4878374\update\yqyajqiaq.jjr (42 bytes)
C:\totalcmd\byjayayar.abr (42 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\update\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2\zbzbyqqjb.yjz (42 bytes)
%WinDir%\ime\imkr6_1\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\update\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\57b4b90cc3eead9f6c29b58581d03ae4\update\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba\zbzbyqqjb.yjz (42 bytes)
%WinDir%\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\update\byjayayar.abr (42 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\yqyajqiaq.jjr (42 bytes)
%WinDir%\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5\update\abrrararq.qjy (42 bytes)
%WinDir%\SoftwareDistribution\Download\cb88a2f03b29735db957d61a63df6504\update\iazzzarib.yqa (42 bytes)
%WinDir%\Network Diagnostic\zbzbyqqjb.yjz (42 bytes)
%Program Files%\Outlook Express\rrrziiirr.qyrarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d\update\zbzbyqqjb.yjz (42 bytes)
%WinDir%\SoftwareDistribution\Download\30438597a812a5d1d7979088d451747f\rrrziiirr.qyr (42 bytes)
%Program Files%\Wireshark\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2\update\byjayayar.abr (42 bytes)
%WinDir%\SoftwareDistribution\Download\bc81666f3868f34642e3f5adbc2719f9\update\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\0000894bab70b145c3629920ba907f7a\update\iazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd\rzqyjaaar.iza (42 bytes)
%Program Files%\NetMeeting\yqyajqiaq.jjriazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\update\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\abrrararq.qjy (42 bytes)
%WinDir%\SoftwareDistribution\Download\30438597a812a5d1d7979088d451747f\update\abrrararq.qjy (42 bytes)
%WinDir%\SoftwareDistribution\Download\b6f4642d2b8dc03c5ce1b1a4f77b1bda\abrrararq.qjy (42 bytes)
%WinDir%\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\byjayayar.abr (42 bytes)
%WinDir%\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\update\iazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\zbzbyqqjb.yjz (42 bytes)
%WinDir%\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da\update\yqyajqiaq.jjr (42 bytes)
%WinDir%\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\update\bijrazyiy.aib (42 bytes)
%Program Files%\Common Files\Microsoft Shared\MSInfo\bijrazyiy.aib (42 bytes)
%WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\iazzzarib.yqa (42 bytes)
C:\Perl\bin\zbzbyqqjb.yjz (42 bytes)
%WinDir%\SoftwareDistribution\Download\8bb5f1c638778df6b77d80bc61ffc63c\yqyajqiaq.jjr (42 bytes)
%WinDir%\SoftwareDistribution\Download\ee4e3d4bf0d346e1b8fdee8197195e59\iazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\update\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\8b9a83d2cde55eb19dc502cc2dd04e0d\update\bijrazyiy.aib (42 bytes)
%WinDir%\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\update\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\update\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da\bijrazyiy.aib (42 bytes)
%WinDir%\SoftwareDistribution\Download\621a08ac003b616bcaa86aa4d4292d50\update\abrrararq.qjy (42 bytes)
%WinDir%\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\bijrazyiy.aib (42 bytes)
%WinDir%\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\iazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6\update\yqyajqiaq.jjr (42 bytes)
%Program Files%\Wireshark\zbzbyqqjb.yjz (42 bytes)
%WinDir%\SoftwareDistribution\Download\211409fc1d99b95b32fb0344cad140df\update\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\c0e4033a7ec549e982572f0d830cf5d0\update\yqyajqiaq.jjr (42 bytes)
%Program Files%\Outlook Express\byjayayar.abrarib.yqa (42 bytes)
%WinDir%\ime\imjp8_1\abrrararq.qjy (42 bytes)
%WinDir%\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\bijrazyiy.aib (42 bytes)
%WinDir%\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\update\iazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\byjayayar.abr (42 bytes)
%WinDir%\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80\byjayayar.abr (42 bytes)
%Program Files%\WinPcap\byjayayar.abrzbyqqjb.yjz.qyra (42 bytes)
%Program Files%\Wireshark\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\yqyajqiaq.jjr (42 bytes)
%WinDir%\pchealth\helpctr\binaries\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6\bijrazyiy.aib (42 bytes)
%WinDir%\ime\imjp8_1\iazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\iazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\update\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\update\zbzbyqqjb.yjz (42 bytes)
%WinDir%\$NtUninstallKB898461$\spuninst\yqyajqiaq.jjr (42 bytes)
%Program Files%\Common Files\Adobe\Updater6\zbzbyqqjb.yjz (42 bytes)
%WinDir%\SoftwareDistribution\Download\cb88a2f03b29735db957d61a63df6504\byjayayar.abr (42 bytes)
%Program Files%\Windows NT\Pinball\zbzbyqqjb.yjz.qyra (42 bytes)
%WinDir%\SoftwareDistribution\Download\621a08ac003b616bcaa86aa4d4292d50\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\8bb5f1c638778df6b77d80bc61ffc63c\update\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\update\yqyajqiaq.jjr (42 bytes)
%WinDir%\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\zbzbyqqjb.yjz (42 bytes)
%Program Files%\Wireshark\bijrazyiy.aib (42 bytes)
%Program Files%\MSN Gaming Zone\Windows\byjayayar.abrr (42 bytes)
%WinDir%\SoftwareDistribution\Download\e79028ac4f02e201b61b2c632cb0fc5e\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\update\zbzbyqqjb.yjz (42 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\byjayayar.abr (42 bytes)
D:\zbzbyqqjb.yjz (42 bytes)
%WinDir%\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\zbzbyqqjb.yjz (42 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\abrrararq.qjy (42 bytes)
%WinDir%\SoftwareDistribution\Download\0c1e5e0ffeb238b1ee5c9ea3a4878374\bijrazyiy.aib (42 bytes)
%WinDir%\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\abrrararq.qjy (42 bytes)
%WinDir%\SoftwareDistribution\Download\1c47f41cc76cde4c629564d7564f2795\bijrazyiy.aib (42 bytes)
C:\totalcmd\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\bc81666f3868f34642e3f5adbc2719f9\rzqyjaaar.iza (42 bytes)
%WinDir%\$hf_mig$\KB898461\iazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074\update\byjayayar.abr (42 bytes)
%WinDir%\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\SP2QFE\yqyajqiaq.jjr (42 bytes)
%WinDir%\SoftwareDistribution\Download\e5c5fc9bd7a4957f0a45c6db2957c5c9\update\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\update\abrrararq.qjy (42 bytes)
%WinDir%\$hf_mig$\KB898461\update\bijrazyiy.aib.qyra (42 bytes)
%WinDir%\ime\imjp8_1\zbzbyqqjb.yjz (42 bytes)
%WinDir%\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074\zbzbyqqjb.yjz (42 bytes)
%WinDir%\SoftwareDistribution\Download\c0e4033a7ec549e982572f0d830cf5d0\bijrazyiy.aib (42 bytes)
%WinDir%\SoftwareDistribution\Download\e79028ac4f02e201b61b2c632cb0fc5e\update\abrrararq.qjy (42 bytes)
%Program Files%\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A93000000001}\iazzzarib.yqaiy.aibarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\abrrararq.qjy (42 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\a4c07d9275eb613d842cb1e140d8a426\abrrararq.qjy (42 bytes)
%WinDir%\inf\zbzbyqqjb.yjz (42 bytes)
%WinDir%\SoftwareDistribution\Download\ee4e3d4bf0d346e1b8fdee8197195e59\update\bijrazyiy.aib (42 bytes)
%Program Files%\MSN Gaming Zone\Windows\zbzbyqqjb.yjzr (42 bytes)
%WinDir%\SoftwareDistribution\Download\17e46901add634f15d293735648771e6\update\zbzbyqqjb.yjz (42 bytes)
%WinDir%\SoftwareDistribution\Download\6b7f938fb3db15dab273f3f1702c318c\update\bijrazyiy.aib (42 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\yqyajqiaq.jjr (42 bytes)
%Program Files%\Windows Media Player\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\1c47f41cc76cde4c629564d7564f2795\update\yqyajqiaq.jjr (42 bytes)
%WinDir%\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\update\bijrazyiy.aib (42 bytes)
%WinDir%\SoftwareDistribution\Download\248802b74506342031e926839639c729\update\abrrararq.qjy (42 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\update\yqyajqiaq.jjr (42 bytes)
%WinDir%\SoftwareDistribution\Download\248802b74506342031e926839639c729\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\dffcab319e36b852e5b2d51802010a7a\update\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\yqyajqiaq.jjr (42 bytes)
%WinDir%\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\update\zbzbyqqjb.yjz (42 bytes)
%Program Files%\Windows Media Player\bijrazyiy.aibyqa (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\iazzzarib.yqa (42 bytes)
%Program Files%\MSN Gaming Zone\Windows\abrrararq.qjyr (42 bytes)
%WinDir%\byjayayar.abr (42 bytes)
%WinDir%\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\iazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\8b9a83d2cde55eb19dc502cc2dd04e0d\iazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\update\yqyajqiaq.jjr (42 bytes)
%WinDir%\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\update\iazzzarib.yqa (42 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\byjayayar.abr (42 bytes)
%WinDir%\xwrm.exe (42 bytes)
%Program Files%\Outlook Express\abrrararq.qjyarib.yqa (42 bytes)
%WinDir%\Microsoft.NET\Framework\rzqyjaaar.iza (42 bytes)
%Program Files%\Windows NT\Accessories\rrrziiirr.qyra (42 bytes)
%WinDir%\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba\update\byjayayar.abr (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rabaia.jyyq.yji (42 bytes)
%WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\sp3qfe\zbzbyqqjb.yjz (42 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\bijrazyiy.aib (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\bijrazyiy.aibarib.yqa (42 bytes)
%WinDir%\ime\imjp8_1\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\abrrararq.qjy (42 bytes)
%WinDir%\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\byjayayar.abr (42 bytes)
%WinDir%\SoftwareDistribution\Download\248802b74506342031e926839639c729\sp3qfe\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\rzqyjaaar.iza (42 bytes)
%Program Files%\NetMeeting\rzqyjaaar.izaiazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\update\bijrazyiy.aib (42 bytes)
%WinDir%\ime\imjp8_1\yqyajqiaq.jjr (42 bytes)
C:\totalcmd\rzqyjaaar.iza (42 bytes)
%WinDir%\pchealth\helpctr\binaries\iazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d\abrrararq.qjy (42 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\iazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd\update\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\e5c5fc9bd7a4957f0a45c6db2957c5c9\yqyajqiaq.jjr (42 bytes)
%Program Files%\Common Files\Microsoft Shared\DW\iazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\byjayayar.abr (42 bytes)
%WinDir%\SoftwareDistribution\Download\0000894bab70b145c3629920ba907f7a\byjayayar.abr (42 bytes)
%WinDir%\SoftwareDistribution\Download\6b7f938fb3db15dab273f3f1702c318c\iazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\57b4b90cc3eead9f6c29b58581d03ae4\yqyajqiaq.jjr (42 bytes)
%WinDir%\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\zbzbyqqjb.yjz (42 bytes)
C:\Perl\bin\rrrziiirr.qyr (42 bytes)
%Program Files%\Wireshark\abrrararq.qjy (42 bytes)
%WinDir%\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80\update\iazzzarib.yqa (42 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\bijrazyiy.aib (42 bytes)
%WinDir%\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\rrrziiirr.qyr (42 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\yqyajqiaq.jjr (42 bytes)
%WinDir%\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\bijrazyiy.aib (42 bytes)
%WinDir%\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\update\bijrazyiy.aib (42 bytes)
%WinDir%\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\yqyajqiaq.jjr (42 bytes)
%Program Files%\Common Files\Microsoft Shared\DW\byjayayar.abr (42 bytes)
%WinDir%\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\rzqyjaaar.iza (42 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\zbzbyqqjb.yjz (42 bytes)
%Program Files%\Windows Media Player\yqyajqiaq.jjr (42 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\zbzbyqqjb.yjz (42 bytes)
%Program Files%\Wireshark\yqyajqiaq.jjr (42 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rrrziiirr.qyr (42 bytes)
%WinDir%\ime\imjp8_1\byjayayar.abr (42 bytes)
%WinDir%\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\update\abrrararq.qjy (42 bytes)
%WinDir%\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\update\iazzzarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\dffcab319e36b852e5b2d51802010a7a\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\b6f4642d2b8dc03c5ce1b1a4f77b1bda\update\zbzbyqqjb.yjz (42 bytes)
%WinDir%\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\iazzzarib.yqa (42 bytes)
%Program Files%\Windows NT\abrrararq.qjy (42 bytes)
%WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\sp3qfe\abrrararq.qjy (42 bytes)
%WinDir%\SoftwareDistribution\Download\a4c07d9275eb613d842cb1e140d8a426\update\zbzbyqqjb.yjz (42 bytes)
%WinDir%\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\update\byjayayar.abr (42 bytes)
%WinDir%\SoftwareDistribution\Download\196fa81559690e2494e56094df51cdd8\byjayayar.abr (42 bytes)
%WinDir%\SoftwareDistribution\Download\211409fc1d99b95b32fb0344cad140df\rzqyjaaar.iza (42 bytes)
%WinDir%\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\rrrziiirr.qyr (42 bytes)
%WinDir%\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\update\yqyajqiaq.jjr (42 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\abrrararq.qjy (42 bytes)
%WinDir%\SoftwareDistribution\Download\17e46901add634f15d293735648771e6\abrrararq.qjy (42 bytes)
%WinDir%\SoftwareDistribution\Download\196fa81559690e2494e56094df51cdd8\update\iazzzarib.yqa (42 bytes)
%WinDir%\ime\imjp8_1\bijrazyiy.aib (42 bytes)
%WinDir%\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\byjayayar.abr (42 bytes)
%Program Files%\Outlook Express\iazzzarib.yqaarib.yqa (42 bytes)
%WinDir%\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\bijrazyiy.aib (42 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"x32x" = "%WinDir%\xwrm.exe"

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

Network Activity

Map

Strings from Dumps