Skip to main content

Trojan.Crypt.DW_b65f824429


Trojan.Crypt.DW (BitDefender), Virus:Win32/Duel.A@mm (Microsoft), HEUR:Trojan.Win32.Generic (Kaspersky), LooksLike.Win32.Malware!B (v) (VIPRE), Win32.XWorm.1 (DrWeb), Trojan.Crypt.DW (B) (Emsisoft), Artemis!B65F82442957 (McAfee), W32.Mixor (Symantec), Email-Worm.Win32.LoveLetter (Ikarus), Trojan.Crypt.DW (FSecure), I-Worm/Luder.A (AVG), Win32:Sality (Avast), TROJ_GEN.F0C2C00AB14 (TrendMicro), GenericEmailWorm.YR, GenericIRCBot.YR (Lavasoft MAS)Behaviour: Trojan, Worm, Email-Worm, EmailWorm, Virus, IRCBot

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: b65f82442957a001d32c1f8166b38f62

SHA1: e836be2b6a2af1c8cdb3aa0d6c104bd793ad6d6b

SHA256: b3cbbe53aa52272b63eb322070622778c19b83b257451193c95ebe3702b79e22

SSDeep: 1536:krB6RPeLukkXSOo q17xSGvBTsV3PlJF7/ziTxFxJYV/RuPVII:g6RS3kXSOYlBvBknF70JYV5kVII

Size: 116736 bytes

File type: EXE

Platform: WIN32

Entropy: Not Packed

PEID: UPolyXv05_v6

Company: Fusion Install

Created at: no data

Analyzed on: WindowsXP SP3 32-bit

Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Dynamic Analysis

Payload

Behaviour Description
EmailWormWorm can send e-mails.
IRCBotA bot can communicate with command and control servers via IRC channel.


Process activity

The Trojan creates the following process(es):

%original file name%.exe:3324
wuauclt.exe:1152
abijrazyi.yai:308
abijrazyi.yai:1724

The Trojan injects its code into the following process(es):No processes have been created.

File activity

The process %original file name%.exe:3324 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%WinDir%\$hf_mig$\KB975713\zbyjayaya.rab (601 bytes)
%WinDir%\$hf_mig$\KB973904\update\riazzzari.byq (601 bytes)
%WinDir%\SoftwareDistribution\Download\5721b309e042b0a08775c2542421fa18\rabrrarar.qqj (601 bytes)
%WinDir%\$NtUninstallKB2736233$\spuninst\byqyajqia.qjj (1137 bytes)
%WinDir%\$NtUninstallKB2585542$\spuninst\arrrziiir.rqy (1137 bytes)
%WinDir%\$hf_mig$\KB2724197\update\rabrrarar.qqj (601 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\riazzzari.byq (601 bytes)
%WinDir%\$NtUninstallKB2535512$\spuninst\rabrrarar.qqj (1137 bytes)
%WinDir%\$hf_mig$\KB2655992\update\rabrrarar.qqj.qqj (601 bytes)
%WinDir%\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\abijrazyi.yai (601 bytes)
%WinDir%\$hf_mig$\KB981322\yzbzbyqqj.byj (601 bytes)
%WinDir%\$hf_mig$\KB979309\byqyajqia.qjj (601 bytes)
%WinDir%\$NtUninstallKB950974$\spuninst\abijrazyi.yai (1137 bytes)
%WinDir%\$hf_mig$\KB960859\rabrrarar.qqj (601 bytes)
%WinDir%\$hf_mig$\KB956844\rabrrarar.qqj (601 bytes)
%WinDir%\$hf_mig$\KB2761465\rrzqyjaaa.riz (601 bytes)
%WinDir%\$hf_mig$\KB2483185\update\rrzqyjaaa.riz (601 bytes)
%WinDir%\$hf_mig$\KB2481109\SP3QFE\zbyjayaya.rab (601 bytes)
%WinDir%\$hf_mig$\KB979309\update\rrzqyjaaa.riz (601 bytes)
%WinDir%\$NtUninstallKB979482$\spuninst\riazzzari.byq (1137 bytes)
%WinDir%\ie8updates\KB2744842-IE8\arrrziiir.rqy (1137 bytes)
%Program Files%\WinPcap\rabrrarar.qqjrrziiir.rqy.qjjj (601 bytes)
%WinDir%\$hf_mig$\KB2757638\zbyjayaya.rab (601 bytes)
%WinDir%\$hf_mig$\KB956744\update\byqyajqia.qjj (601 bytes)
%WinDir%\$hf_mig$\KB2423089\abijrazyi.yai (601 bytes)
%WinDir%\$hf_mig$\KB2347290\update\rrzqyjaaa.rizqjjj (601 bytes)
%WinDir%\$hf_mig$\KB952004\update\rrzqyjaaa.rizj.rqy (601 bytes)
%WinDir%\$NtUninstallKB951978$\spuninst\rrzqyjaaa.riz (1137 bytes)
%Program Files%\Outlook Express\rrzqyjaaa.rizyqqj.byj (601 bytes)
%WinDir%\$hf_mig$\KB2744842-IE8\update\arrrziiir.rqy (601 bytes)
%WinDir%\$NtUninstallKB2419632$\spuninst\rrzqyjaaa.riz (1137 bytes)
%WinDir%\$NtUninstallKB2655992$\spuninst\zbyjayaya.rab (1137 bytes)
%WinDir%\$NtUninstallKB951978$\byqyajqia.qjjrazyi.yai (1137 bytes)
%Program Files%\Windows NT\Accessories\byqyajqia.qjjj (601 bytes)
%WinDir%\ie8\yzbzbyqqj.byj (1137 bytes)
%WinDir%\$hf_mig$\KB2360937\arrrziiir.rqy (601 bytes)
%WinDir%\$NtUninstallKB956802$\spuninst\zbyjayaya.rab (1137 bytes)
%Program Files%\Windows NT\Pinball\arrrziiir.rqy.qjjj (601 bytes)
%WinDir%\$NtUninstallKB978695_WM9$\spuninst\arrrziiir.rqy (1137 bytes)
%WinDir%\$hf_mig$\KB898461\update\arrrziiir.rqyj.rqy (601 bytes)
%WinDir%\$NtUninstallKB2676562$\spuninst\yzbzbyqqj.byj (1137 bytes)
%WinDir%\$hf_mig$\KB973507\abijrazyi.yai (601 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\zbyjayaya.rab (601 bytes)
%WinDir%\$hf_mig$\KB2761465\update\arrrziiir.rqy.rqy (601 bytes)
%WinDir%\$hf_mig$\KB2535512\yzbzbyqqj.byj (601 bytes)
%WinDir%\$hf_mig$\KB952004\byqyajqia.qjj (601 bytes)
%WinDir%\$NtUninstallKB952069_WM9$\spuninst\zbyjayaya.rab (1137 bytes)
%WinDir%\$NtUninstallKB981997$\spuninst\byqyajqia.qjj (1137 bytes)
%WinDir%\$hf_mig$\KB977816\abijrazyi.yai (601 bytes)
%WinDir%\$NtUninstallKB952954$\spuninst\abijrazyi.yai (1137 bytes)
%WinDir%\$hf_mig$\KB2584146\zbyjayaya.rab (601 bytes)
%WinDir%\$hf_mig$\KB974318\update\arrrziiir.rqy (601 bytes)
%WinDir%\$hf_mig$\KB2619339\update\abijrazyi.yai.qqj (601 bytes)
%Program Files%\Common Files\Microsoft Shared\DW\yzbzbyqqj.byj (601 bytes)
%WinDir%\$hf_mig$\KB2592799\rrzqyjaaa.riz (601 bytes)
%WinDir%\$hf_mig$\KB950974\update\rabrrarar.qqjj.rqy (601 bytes)
%WinDir%\$hf_mig$\KB2393802\arrrziiir.rqy (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\byqyajqia.qjj (601 bytes)
C:\totalcmd\abijrazyi.yai (601 bytes)
%WinDir%\$NtUninstallKB960859$\spuninst\rrzqyjaaa.riz (1137 bytes)
%WinDir%\$hf_mig$\KB974392\update\yzbzbyqqj.byj (601 bytes)
%WinDir%\$hf_mig$\KB2686509\update\zbyjayaya.rab (601 bytes)
%WinDir%\SoftwareDistribution\Download\34e066ed95c1982b2564a07910fb791f\abijrazyi.yai (601 bytes)
%WinDir%\$hf_mig$\KB978706\SP3QFE\zbyjayaya.rab (601 bytes)
%WinDir%\$NtUninstallKB2507938$\spuninst\byqyajqia.qjj (1137 bytes)
%WinDir%\$hf_mig$\KB923561\update\zbyjayaya.rabj.rqy (601 bytes)
%WinDir%\$NtUninstallKB2770660$\spuninst\zbyjayaya.rab (1137 bytes)
%Program Files%\Windows Media Player\abijrazyi.yai (601 bytes)
%WinDir%\$hf_mig$\KB2419632\yzbzbyqqj.byj (601 bytes)
%WinDir%\$hf_mig$\KB982665\update\riazzzari.byq.byj (601 bytes)
%WinDir%\$hf_mig$\KB978338\update\arrrziiir.rqy (601 bytes)
%WinDir%\$NtUninstallKB968389$\spuninst\yzbzbyqqj.byj (1137 bytes)
%WinDir%\$hf_mig$\KB956802\rrzqyjaaa.riz (601 bytes)
%WinDir%\$hf_mig$\KB977816\update\byqyajqia.qjj (601 bytes)
%WinDir%\$hf_mig$\KB898461\rrzqyjaaa.riz (601 bytes)
%WinDir%\$hf_mig$\KB2653956\byqyajqia.qjj (601 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\abijrazyi.yai (601 bytes)
%WinDir%\$hf_mig$\KB2598479\rabrrarar.qqj (601 bytes)
%WinDir%\$hf_mig$\KB2749655\rabrrarar.qqj (601 bytes)
%WinDir%\$hf_mig$\KB2598845-IE8\zbyjayaya.rab (601 bytes)
%WinDir%\$hf_mig$\KB973869\update\yzbzbyqqj.byj (601 bytes)
%WinDir%\$hf_mig$\KB973815\rrzqyjaaa.riz (601 bytes)
%WinDir%\$NtUninstallKB2659262$\spuninst\riazzzari.byq (1137 bytes)
%WinDir%\$hf_mig$\KB974571\update\riazzzari.byq (601 bytes)
%WinDir%\$NtUninstallKB2570947$\spuninst\abijrazyi.yai (1137 bytes)
%WinDir%\$hf_mig$\KB981997\riazzzari.byq (601 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\byqyajqia.qjj (601 bytes)
%WinDir%\$hf_mig$\KB2618444-IE8\arrrziiir.rqy (601 bytes)
%WinDir%\$NtUninstallKB974392$\spuninst\byqyajqia.qjj (1137 bytes)
%WinDir%\$hf_mig$\KB2483185\byqyajqia.qjj (601 bytes)
%WinDir%\$hf_mig$\KB951978\SP3QFE\zbyjayaya.rabj.rqy (601 bytes)
%WinDir%\$hf_mig$\KB2646524\update\abijrazyi.yai.qqj (601 bytes)
%WinDir%\$hf_mig$\KB2510581\arrrziiir.rqy (601 bytes)
%WinDir%\$hf_mig$\KB956802\update\arrrziiir.rqy (601 bytes)
%WinDir%\$hf_mig$\KB2691442\riazzzari.byq (601 bytes)
%WinDir%\$NtUninstallKB2584146$\byqyajqia.qjj (1137 bytes)
%Program Files%\Outlook Express\yzbzbyqqj.byjyqqj.byj (601 bytes)
%WinDir%\$hf_mig$\KB2724197\arrrziiir.rqy (601 bytes)
%WinDir%\$hf_mig$\KB2676562\update\rabrrarar.qqj (601 bytes)
%WinDir%\$hf_mig$\KB2508429\byqyajqia.qjj (601 bytes)
%WinDir%\$hf_mig$\KB2387149\update\zbyjayaya.rabqjjj (601 bytes)
%WinDir%\$hf_mig$\KB974112\update\byqyajqia.qjj (601 bytes)
%WinDir%\$NtUninstallKB2698365$\spuninst\abijrazyi.yai (1137 bytes)
%WinDir%\$hf_mig$\KB2624667\arrrziiir.rqy (601 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\riazzzari.byq (601 bytes)
%WinDir%\$NtUninstallKB2724197$\spuninst\riazzzari.byq (1137 bytes)
%Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\rabrrarar.qqj (601 bytes)
%WinDir%\xwrm.exe (601 bytes)
%WinDir%\$NtUninstallKB2483185$\spuninst\zbyjayaya.rab (1137 bytes)
%WinDir%\$hf_mig$\KB978706\update\abijrazyi.yai (601 bytes)
%WinDir%\$hf_mig$\KB2347290\byqyajqia.qjj (601 bytes)
%WinDir%\ie8updates\KB982381-IE8\spuninst\zbyjayaya.rab (1137 bytes)
%WinDir%\ie8updates\KB982381-IE8\yzbzbyqqj.byj (1137 bytes)
%WinDir%\$NtUninstallKB973507$\spuninst\rrzqyjaaa.riz (1137 bytes)
%WinDir%\inf\riazzzari.byq (601 bytes)
%WinDir%\$hf_mig$\KB2479943\update\yzbzbyqqj.byj (601 bytes)
%WinDir%\$NtUninstallKB2423089$\spuninst\arrrziiir.rqy (1137 bytes)
%WinDir%\$hf_mig$\KB2440591\update\arrrziiir.rqy (601 bytes)
%WinDir%\$hf_mig$\KB2799329\update\byqyajqia.qjj.rqy (601 bytes)
%WinDir%\$hf_mig$\KB973815\update\arrrziiir.rqy (601 bytes)
%WinDir%\SoftwareDistribution\Download\6006b16c1fd02cf49cb91496eb5460a0\abijrazyi.yai (601 bytes)
%WinDir%\$hf_mig$\KB2779030\zbyjayaya.rab (601 bytes)
%WinDir%\$hf_mig$\KB2584146\update\riazzzari.byq (601 bytes)
%WinDir%\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\update\riazzzari.byq (601 bytes)
%WinDir%\$hf_mig$\KB2510581\update\rabrrarar.qqj (601 bytes)
%WinDir%\$hf_mig$\KB2467659\zbyjayaya.rab (601 bytes)
%WinDir%\$hf_mig$\KB2620712\update\rrzqyjaaa.riz.qqj (601 bytes)
%WinDir%\$hf_mig$\KB971029\rrzqyjaaa.riz (601 bytes)
%WinDir%\$NtUninstallKB2598479$\spuninst\yzbzbyqqj.byj (1137 bytes)
%WinDir%\$NtUninstallKB956572$\spuninst\rabrrarar.qqj (1137 bytes)
%WinDir%\$hf_mig$\KB979482\update\rabrrarar.qqj (601 bytes)
%Program Files%\Common Files\Microsoft Shared\DW\rabrrarar.qqj (601 bytes)
%WinDir%\$hf_mig$\KB2618444-IE8\SP3QFE\rrzqyjaaa.riz (601 bytes)
%WinDir%\$hf_mig$\KB2485663\update\rabrrarar.qqj (601 bytes)
C:\totalcmd\rabrrarar.qqj (601 bytes)
%WinDir%\ie8updates\KB2618444-IE8\byqyajqia.qjj (1137 bytes)
%WinDir%\$NtUninstallKB978338$\spuninst\byqyajqia.qjj (1137 bytes)
%WinDir%\$hf_mig$\KB950762\update\rrzqyjaaa.rizj.rqy (601 bytes)
%WinDir%\$hf_mig$\KB2393802\SP3QFE\byqyajqia.qjj (601 bytes)
%WinDir%\$NtUninstallKB956572$\arrrziiir.rqyyjaaa.riz (1137 bytes)
%WinDir%\$hf_mig$\KB2506212\update\zbyjayaya.rab (601 bytes)
%WinDir%\$hf_mig$\KB2507938\riazzzari.byq (601 bytes)
%WinDir%\$hf_mig$\KB974392\rabrrarar.qqj (601 bytes)
%WinDir%\$hf_mig$\KB2229593\update\abijrazyi.yaiqjjj (601 bytes)
%WinDir%\$NtUninstallKB974112$\spuninst\riazzzari.byq (1137 bytes)
%Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\arrrziiir.rqy (601 bytes)
%WinDir%\$NtUninstallKB923561$\spuninst\rabrrarar.qqj (1137 bytes)
%WinDir%\pchealth\helpctr\binaries\byqyajqia.qjj (601 bytes)
%WinDir%\$hf_mig$\KB959426\zbyjayaya.rab (601 bytes)
%WinDir%\$hf_mig$\KB973869\rabrrarar.qqj (601 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\abijrazyi.yai (601 bytes)
%WinDir%\$NtUninstallKB2467659$\spuninst\riazzzari.byq (1137 bytes)
%WinDir%\$hf_mig$\KB956744\abijrazyi.yai (601 bytes)
%WinDir%\$NtUninstallKB2749655$\spuninst\rrzqyjaaa.riz (1137 bytes)
%WinDir%\$hf_mig$\KB956572\update\riazzzari.byq (601 bytes)
%WinDir%\$hf_mig$\KB2727528\update\zbyjayaya.rab (601 bytes)
%WinDir%\$NtUninstallKB2508429$\spuninst\rrzqyjaaa.riz (1137 bytes)
%Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\yzbzbyqqj.byj (601 bytes)
%WinDir%\$hf_mig$\KB2585542\abijrazyi.yai (601 bytes)
%WinDir%\$NtUninstallKB2479943$\spuninst\rrzqyjaaa.riz (1137 bytes)
%WinDir%\$hf_mig$\KB974318\rrzqyjaaa.riz (601 bytes)
%WinDir%\$NtUninstallKB2676562$\arrrziiir.rqy (1137 bytes)
%WinDir%\SoftwareDistribution\Download\dce73325c50b43822620b32408bb3b50\zbyjayaya.rab (601 bytes)
%WinDir%\$hf_mig$\KB2736233\update\abijrazyi.yai (601 bytes)
%WinDir%\$NtUninstallKB2712808$\spuninst\byqyajqia.qjj (1137 bytes)
%WinDir%\$hf_mig$\KB960859\update\yzbzbyqqj.byj (601 bytes)
%WinDir%\$hf_mig$\KB960859\SP3QFE\arrrziiir.rqy (601 bytes)
%WinDir%\SoftwareDistribution\Download\982ca70dcc7d7c5793e4584ca12bd6a6\yzbzbyqqj.byj (601 bytes)
%WinDir%\SoftwareDistribution\Download\982ca70dcc7d7c5793e4584ca12bd6a6\update\zbyjayaya.rab (601 bytes)
%WinDir%\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\arrrziiir.rqy (601 bytes)
%WinDir%\$hf_mig$\KB952954\update\zbyjayaya.rabj.rqy (601 bytes)
%WinDir%\$NtUninstallKB977816$\spuninst\abijrazyi.yai (1137 bytes)
%WinDir%\$hf_mig$\KB2440591\rrzqyjaaa.riz (601 bytes)
%WinDir%\$hf_mig$\KB956572\SP3QFE\byqyajqia.qjj (601 bytes)
%WinDir%\$hf_mig$\KB2618451\update\zbyjayaya.rab.qqj (601 bytes)
%Program Files%\Common Files\Adobe\Updater6\arrrziiir.rqy (601 bytes)
%WinDir%\ie8updates\KB2744842-IE8\spuninst\rabrrarar.qqj (1137 bytes)
%WinDir%\$NtUninstallKB954155_WM9$\spuninst\byqyajqia.qjj (1137 bytes)
%WinDir%\$hf_mig$\KB2655992\arrrziiir.rqy (601 bytes)
%WinDir%\$hf_mig$\KB975560\rabrrarar.qqj (601 bytes)
%WinDir%\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\update\byqyajqia.qjj (601 bytes)
%WinDir%\SoftwareDistribution\Download\34e066ed95c1982b2564a07910fb791f\update\byqyajqia.qjj (601 bytes)
%WinDir%\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\update\yzbzbyqqj.byj (601 bytes)
%WinDir%\$hf_mig$\KB960859\SP3QFE\rrzqyjaaa.riz (601 bytes)
%WinDir%\$hf_mig$\KB960803\update\byqyajqia.qjj (601 bytes)
%WinDir%\$NtUninstallKB952004$\spuninst\rabrrarar.qqj (1137 bytes)
%WinDir%\$NtUninstallKB2758857$\spuninst\rabrrarar.qqj (1137 bytes)
%WinDir%\$hf_mig$\KB951978\riazzzari.byq (601 bytes)
%Program Files%\MSN Gaming Zone\Windows\rabrrarar.qqjj (601 bytes)
%WinDir%\$hf_mig$\KB951978\update\abijrazyi.yaij.rqy (601 bytes)
%WinDir%\$NtUninstallKB2544521$\spuninst\yzbzbyqqj.byj (1137 bytes)
%WinDir%\$NtUninstallKB2661637$\spuninst\abijrazyi.yai (1137 bytes)
%WinDir%\$hf_mig$\KB2507938\update\abijrazyi.yai (601 bytes)
%WinDir%\$hf_mig$\KB2770660\rabrrarar.qqj (601 bytes)
%WinDir%\$hf_mig$\KB978542\rabrrarar.qqj (601 bytes)
%WinDir%\$hf_mig$\KB952954\yzbzbyqqj.byj (601 bytes)
%WinDir%\$hf_mig$\KB2603381\update\byqyajqia.qjj.byq (601 bytes)
%WinDir%\$hf_mig$\KB2736233\riazzzari.byq (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\rrzqyjaaa.rizjqia.qjj (601 bytes)
%WinDir%\$NtUninstallKB956744$\spuninst\yzbzbyqqj.byj (1137 bytes)
%WinDir%\SoftwareDistribution\Download\3b8bc9bbfdb19e4227d5a553f3206c44\update\arrrziiir.rqy (601 bytes)
%WinDir%\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\update\rrzqyjaaa.riz (601 bytes)
%WinDir%\$NtUninstallKB960859$\rabrrarar.qqj (1137 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\arrrziiir.rqy (601 bytes)
%WinDir%\$hf_mig$\KB975025\update\byqyajqia.qjj (601 bytes)
%WinDir%\$hf_mig$\KB2360937\update\rabrrarar.qqjqjjj (601 bytes)
%WinDir%\$hf_mig$\KB2676562\arrrziiir.rqy (601 bytes)
%WinDir%\pchealth\helpctr\binaries\rabrrarar.qqj (601 bytes)
%WinDir%\$NtUninstallKB2799329$\spuninst\rrzqyjaaa.riz (1137 bytes)
%WinDir%\$NtUninstallKB2691442$\spuninst\riazzzari.byq (1137 bytes)
%WinDir%\$hf_mig$\KB2229593\riazzzari.byq (601 bytes)
%WinDir%\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3QFE\riazzzari.byq (601 bytes)
%WinDir%\$NtUninstallKB981322$\spuninst\abijrazyi.yai (1137 bytes)
%WinDir%\$hf_mig$\KB2661637\yzbzbyqqj.byj (601 bytes)
%WinDir%\$hf_mig$\KB2719985\update\zbyjayaya.rab (601 bytes)
%WinDir%\$hf_mig$\KB952287\arrrziiir.rqy (601 bytes)
%WinDir%\$hf_mig$\KB2476490\abijrazyi.yai (601 bytes)
%WinDir%\$hf_mig$\KB923561\SP3QFE\rabrrarar.qqjj.rqy (601 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\rrzqyjaaa.riz (601 bytes)
%WinDir%\$hf_mig$\KB955759\update\abijrazyi.yaij.rqy (601 bytes)
%WinDir%\$hf_mig$\KB982665\zbyjayaya.rab (601 bytes)
%WinDir%\SoftwareDistribution\Download\3b8bc9bbfdb19e4227d5a553f3206c44\rrzqyjaaa.riz (601 bytes)
%WinDir%\$hf_mig$\KB2618451\yzbzbyqqj.byj (601 bytes)
%WinDir%\$hf_mig$\KB2423089\SP3QFE\riazzzari.byq (601 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\zbyjayaya.rab (601 bytes)
%WinDir%\ie8\zbyjayaya.rab (1137 bytes)
%WinDir%\$NtUninstallKB973869$\spuninst\yzbzbyqqj.byj (1137 bytes)
%WinDir%\$hf_mig$\KB2481109\riazzzari.byq (601 bytes)
%WinDir%\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\rabrrarar.qqj (601 bytes)
%WinDir%\$hf_mig$\KB2476490\update\byqyajqia.qjj (601 bytes)
%WinDir%\$hf_mig$\KB971029\update\arrrziiir.rqy (601 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rrzqyjaaa.riz (601 bytes)
%WinDir%\byqyajqia.qjj (601 bytes)
%Program Files%\MSN Gaming Zone\Windows\yzbzbyqqj.byj (601 bytes)
%WinDir%\$NtUninstallKB923561$\yzbzbyqqj.byjrarar.qqj (1137 bytes)
%WinDir%\$hf_mig$\KB2393802\update\rabrrarar.qqj (601 bytes)
%WinDir%\$hf_mig$\KB2115168\update\zbyjayaya.rabqjjj (601 bytes)
%WinDir%\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\byqyajqia.qjj (601 bytes)
%WinDir%\$hf_mig$\KB2481109\update\abijrazyi.yai (601 bytes)
%WinDir%\$hf_mig$\KB2758857\update\byqyajqia.qjj.rqy (601 bytes)
%WinDir%\$hf_mig$\KB2592799\update\arrrziiir.rqy (601 bytes)
%WinDir%\$hf_mig$\KB2698365\byqyajqia.qjj (601 bytes)
%WinDir%\SoftwareDistribution\Download\c86138b508e29791909bf87cca82fe28\update\arrrziiir.rqy (601 bytes)
%WinDir%\$NtUninstallKB974571$\spuninst\rrzqyjaaa.riz (1137 bytes)
%WinDir%\$hf_mig$\KB2598845-IE8\update\riazzzari.byq (601 bytes)
%WinDir%\$NtUninstallKB2686509$\spuninst\zbyjayaya.rab (1137 bytes)
%WinDir%\$hf_mig$\KB2770660\update\yzbzbyqqj.byj.rqy (601 bytes)
%WinDir%\$NtUninstallKB2624667$\spuninst\rrzqyjaaa.riz (1137 bytes)
%WinDir%\$hf_mig$\KB973904\zbyjayaya.rab (601 bytes)
%WinDir%\$hf_mig$\KB2467659\update\riazzzari.byq (601 bytes)
%WinDir%\$hf_mig$\KB975467\rrzqyjaaa.riz (601 bytes)
%Program Files%\Windows Media Player\riazzzari.byq (601 bytes)
%WinDir%\$NtUninstallKB2476490$\spuninst\abijrazyi.yai (1137 bytes)
%WinDir%\$hf_mig$\KB2566454\byqyajqia.qjj (601 bytes)
%WinDir%\$hf_mig$\KB2712808\arrrziiir.rqy (601 bytes)
%WinDir%\$NtUninstallKB2618451$\spuninst\riazzzari.byq (1137 bytes)
%WinDir%\$NtUninstallKB898461$\spuninst\arrrziiir.rqy (1137 bytes)
%WinDir%\$hf_mig$\KB978542\update\yzbzbyqqj.byj (601 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\byqyajqia.qjj (601 bytes)
%WinDir%\$hf_mig$\KB973507\update\byqyajqia.qjj (601 bytes)
%WinDir%\SoftwareDistribution\Download\6006b16c1fd02cf49cb91496eb5460a0\update\byqyajqia.qjj (601 bytes)
%WinDir%\$hf_mig$\KB981997\update\abijrazyi.yai (601 bytes)
%WinDir%\$hf_mig$\KB2443105\rabrrarar.qqj (601 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\yzbzbyqqj.byj (601 bytes)
%WinDir%\$NtUninstallKB2719985$\spuninst\rrzqyjaaa.riz (1137 bytes)
%WinDir%\$hf_mig$\KB952287\update\rabrrarar.qqjj.rqy (601 bytes)
%WinDir%\$hf_mig$\KB2646524\riazzzari.byq (601 bytes)
%WinDir%\$NtUninstallKB955759$\spuninst\rrzqyjaaa.riz (1137 bytes)
%WinDir%\$NtUninstallKB2478960$\spuninst\byqyajqia.qjj (1137 bytes)
%WinDir%\$hf_mig$\KB2387149\yzbzbyqqj.byj (601 bytes)
%WinDir%\$hf_mig$\KB968389\zbyjayaya.rab (601 bytes)
%WinDir%\$hf_mig$\KB946648\riazzzari.byq (601 bytes)
%WinDir%\$hf_mig$\KB2653956\update\rrzqyjaaa.riz.qqj (601 bytes)
%WinDir%\ie8updates\KB2618444-IE8\spuninst\rrzqyjaaa.riz (1137 bytes)
%WinDir%\$NtUninstallKB975558_WM8$\spuninst\yzbzbyqqj.byj (1137 bytes)
%WinDir%\$NtUninstallKB2727528$\spuninst\abijrazyi.yai (1137 bytes)
%Program Files%\Windows NT\rrzqyjaaa.riz (601 bytes)
%WinDir%\$hf_mig$\KB2719985\yzbzbyqqj.byj (601 bytes)
%WinDir%\$NtUninstallKB2779562$\spuninst\abijrazyi.yai (1137 bytes)
%WinDir%\$NtUninstallKB2378111_WM9$\spuninst\yzbzbyqqj.byj (1137 bytes)
%WinDir%\$hf_mig$\KB2686509\yzbzbyqqj.byj (601 bytes)
%WinDir%\$hf_mig$\KB2618444-IE8\update\rabrrarar.qqj (601 bytes)
%WinDir%\$NtUninstallKB978542$\spuninst\rrzqyjaaa.riz (1137 bytes)
%WinDir%\$NtUninstallKB2440591$\spuninst\yzbzbyqqj.byj (1137 bytes)
%WinDir%\$hf_mig$\KB982381-IE8\SP3QFE\arrrziiir.rqy (601 bytes)
%WinDir%\Microsoft.NET\Framework\rabrrarar.qqj (601 bytes)
%WinDir%\$hf_mig$\KB971657\rabrrarar.qqj (601 bytes)
%WinDir%\$hf_mig$\KB2544521\riazzzari.byq (601 bytes)
%WinDir%\$hf_mig$\KB2423089\update\byqyajqia.qjj (601 bytes)
%WinDir%\$NtUninstallKB971657$\spuninst\abijrazyi.yai (1137 bytes)
%WinDir%\$hf_mig$\KB2631813\yzbzbyqqj.byj (601 bytes)
%WinDir%\$hf_mig$\KB982381-IE8\rabrrarar.qqj (601 bytes)
%WinDir%\$hf_mig$\KB2624667\update\rabrrarar.qqj.qqj (601 bytes)
%WinDir%\Network Diagnostic\riazzzari.byq (601 bytes)
%WinDir%\SoftwareDistribution\Download\59732c3a78c987eaec1ee41ab88e3da8\update\riazzzari.byq (601 bytes)
%WinDir%\SoftwareDistribution\Download\dce73325c50b43822620b32408bb3b50\update\riazzzari.byq (601 bytes)
%WinDir%\$hf_mig$\KB968389\update\riazzzari.byq (601 bytes)
%WinDir%\$NtUninstallKB2620712$\spuninst\byqyajqia.qjj (1137 bytes)
%WinDir%\$hf_mig$\KB979482\arrrziiir.rqy (601 bytes)
%WinDir%\$NtUninstallKB2592799$\spuninst\rabrrarar.qqj (1137 bytes)
%WinDir%\$hf_mig$\KB2758857\abijrazyi.yai (601 bytes)
%WinDir%\$hf_mig$\KB2698365\update\rrzqyjaaa.riz (601 bytes)
%WinDir%\$NtUninstallKB946648$\spuninst\zbyjayaya.rab (1137 bytes)
%WinDir%\$hf_mig$\KB2749655\update\yzbzbyqqj.byj.rqy (601 bytes)
%WinDir%\$hf_mig$\KB2535512\update\zbyjayaya.rab (601 bytes)
%WinDir%\$hf_mig$\KB923561\yzbzbyqqj.byj (601 bytes)
%WinDir%\$hf_mig$\KB2478960\update\arrrziiir.rqy (601 bytes)
%WinDir%\$NtUninstallKB972270$\spuninst\byqyajqia.qjj (1137 bytes)
%WinDir%\$NtUninstallKB2387149$\spuninst\zbyjayaya.rab (1137 bytes)
%WinDir%\$hf_mig$\KB2661637\update\zbyjayaya.rab.qqj (601 bytes)
%WinDir%\$NtUninstallKB2757638$\spuninst\arrrziiir.rqy (1137 bytes)
%WinDir%\$NtUninstallKB2619339$\spuninst\abijrazyi.yai (1137 bytes)
%WinDir%\$hf_mig$\KB2757638\update\riazzzari.byq.rqy (601 bytes)
%WinDir%\$NtUninstallKB2779030$\spuninst\riazzzari.byq (1137 bytes)
%WinDir%\$hf_mig$\KB2779030\update\riazzzari.byq.rqy (601 bytes)
%WinDir%\$hf_mig$\KB971657\update\yzbzbyqqj.byj (601 bytes)
%WinDir%\$hf_mig$\KB969059\abijrazyi.yai (601 bytes)
%WinDir%\$NtUninstallKB2443105$\spuninst\zbyjayaya.rab (1137 bytes)
C:\totalcmd\byqyajqia.qjj (601 bytes)
%WinDir%\$NtUninstallKB975467$\spuninst\rabrrarar.qqj (1137 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\yzbzbyqqj.byj (601 bytes)
%WinDir%\$NtUninstallKB2510581$\spuninst\arrrziiir.rqy (1137 bytes)
%WinDir%\$NtUninstallKB2566454$\spuninst\riazzzari.byq (1137 bytes)
%WinDir%\SoftwareDistribution\Download\982ca70dcc7d7c5793e4584ca12bd6a6\SP3QFE\rabrrarar.qqj (601 bytes)
%WinDir%\$NtUninstallKB2646524$\spuninst\rabrrarar.qqj (1137 bytes)
%WinDir%\$hf_mig$\KB2478960\rrzqyjaaa.riz (601 bytes)
%Program Files%\NetMeeting\riazzzari.byqyzbzbyqqj.byj (601 bytes)
%WinDir%\$NtUninstallKB950762$\spuninst\riazzzari.byq (1137 bytes)
%WinDir%\$NtUninstallKB951978$\arrrziiir.rqyyjaaa.riz (1137 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\rabrrarar.qqj (601 bytes)
%WinDir%\$NtUninstallKB982665$\spuninst\arrrziiir.rqy (1137 bytes)
%WinDir%\$hf_mig$\KB2115168\yzbzbyqqj.byj (601 bytes)
%WinDir%\$hf_mig$\KB969059\update\byqyajqia.qjj (601 bytes)
%WinDir%\$NtUninstallKB982132$\spuninst\rrzqyjaaa.riz (1137 bytes)
%WinDir%\$hf_mig$\KB956572\SP3QFE\arrrziiir.rqy (601 bytes)
%WinDir%\$NtUninstallKB971029$\spuninst\riazzzari.byq (1137 bytes)
%WinDir%\$hf_mig$\KB978706\riazzzari.byq (601 bytes)
%WinDir%\$hf_mig$\KB978338\rrzqyjaaa.riz (601 bytes)
%WinDir%\$NtUninstallKB973815$\spuninst\rabrrarar.qqj (1137 bytes)
%WinDir%\SoftwareDistribution\Download\85ef43cf285b550a459dd3afbad2f0b8\rrzqyjaaa.riz (601 bytes)
%Program Files%\Windows Media Player\zbyjayaya.rabbyj (601 bytes)
%WinDir%\$NtUninstallKB952287$\spuninst\riazzzari.byq (1137 bytes)
%WinDir%\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\zbyjayaya.rab (601 bytes)
%WinDir%\$hf_mig$\KB972270\zbyjayaya.rab (601 bytes)
%WinDir%\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\update\yzbzbyqqj.byj (601 bytes)
%WinDir%\$NtUninstallKB2506212$\spuninst\abijrazyi.yai (1137 bytes)
%WinDir%\$NtUninstallKB974318$\spuninst\abijrazyi.yai (1137 bytes)
%WinDir%\$hf_mig$\KB2419632\update\zbyjayaya.rab (601 bytes)
%WinDir%\$hf_mig$\KB2570947\update\rabrrarar.qqj (601 bytes)
%WinDir%\ie8updates\KB2598845-IE8\spuninst\abijrazyi.yai (1137 bytes)
%WinDir%\$hf_mig$\KB2603381\abijrazyi.yai (601 bytes)
%WinDir%\$hf_mig$\KB2744842-IE8\rrzqyjaaa.riz (601 bytes)
%WinDir%\$NtUninstallKB2631813$\spuninst\arrrziiir.rqy (1137 bytes)
%WinDir%\$NtUninstallKB2485663$\spuninst\riazzzari.byq (1137 bytes)
%Program Files%\NetMeeting\zbyjayaya.rabyzbzbyqqj.byj (601 bytes)
%WinDir%\$hf_mig$\KB2570947\arrrziiir.rqy (601 bytes)
%WinDir%\$hf_mig$\KB2712808\update\rabrrarar.qqj (601 bytes)
%WinDir%\$NtUninstallKB2564958$\spuninst\zbyjayaya.rab (1137 bytes)
%WinDir%\$hf_mig$\KB2544521\update\abijrazyi.yai (601 bytes)
%WinDir%\$NtUninstallKB2761465$\spuninst\yzbzbyqqj.byj (1137 bytes)
%WinDir%\$hf_mig$\KB955759\riazzzari.byq (601 bytes)
%WinDir%\$hf_mig$\KB2620712\byqyajqia.qjj (601 bytes)
%WinDir%\$NtUninstallKB979309$\spuninst\zbyjayaya.rab (1137 bytes)
%WinDir%\$hf_mig$\KB982132\byqyajqia.qjj (601 bytes)
%WinDir%\$hf_mig$\KB982132\update\rrzqyjaaa.riz (601 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\arrrziiir.rqy (601 bytes)
%WinDir%\$NtUninstallKB2653956$\spuninst\yzbzbyqqj.byj (1137 bytes)
%WinDir%\$hf_mig$\KB2566454\update\rrzqyjaaa.riz (601 bytes)
%WinDir%\$NtUninstallKB975560$\spuninst\zbyjayaya.rab (1137 bytes)
%WinDir%\$hf_mig$\KB2744842-IE8\SP3QFE\byqyajqia.qjj (601 bytes)
%WinDir%\$hf_mig$\KB975713\update\riazzzari.byq (601 bytes)
%WinDir%\SoftwareDistribution\Download\85ef43cf285b550a459dd3afbad2f0b8\update\arrrziiir.rqy (601 bytes)
%WinDir%\SoftwareDistribution\Download\c86138b508e29791909bf87cca82fe28\rrzqyjaaa.riz (601 bytes)
%WinDir%\$hf_mig$\KB959426\update\riazzzari.byq (601 bytes)
%Program Files%\MSN Gaming Zone\Windows\rrzqyjaaa.rizj (601 bytes)
%WinDir%\$hf_mig$\KB2485663\arrrziiir.rqy (601 bytes)
%WinDir%\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\arrrziiir.rqy (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\izabzr.aiij.qqr (116 bytes)
%WinDir%\SoftwareDistribution\Download\59732c3a78c987eaec1ee41ab88e3da8\zbyjayaya.rab (601 bytes)
%WinDir%\$NtUninstallKB975713$\spuninst\riazzzari.byq (1137 bytes)
%WinDir%\$hf_mig$\KB2727528\yzbzbyqqj.byj (601 bytes)
%Program Files%\MSN Gaming Zone\Windows\arrrziiir.rqyj (601 bytes)
%WinDir%\$hf_mig$\KB950762\byqyajqia.qjj (601 bytes)
%WinDir%\$NtUninstallKB973540_WM9$\spuninst\arrrziiir.rqy (1137 bytes)
%WinDir%\$NtUninstallKB978706$\spuninst\yzbzbyqqj.byj (1137 bytes)
%WinDir%\$hf_mig$\KB975025\abijrazyi.yai (601 bytes)
%Program Files%\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A93000000001}\yzbzbyqqj.byj (601 bytes)
%WinDir%\$NtUninstallKB2393802$\spuninst\byqyajqia.qjj (1137 bytes)
%WinDir%\$hf_mig$\KB974571\zbyjayaya.rab (601 bytes)
%WinDir%\$hf_mig$\KB2691442\update\abijrazyi.yai (601 bytes)
%WinDir%\$NtUninstallKB959426$\spuninst\abijrazyi.yai (1137 bytes)
%WinDir%\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\rabrrarar.qqj (601 bytes)
%WinDir%\$hf_mig$\KB2631813\update\zbyjayaya.rab.qqj (601 bytes)
%WinDir%\$hf_mig$\KB956572\zbyjayaya.rab (601 bytes)
%WinDir%\$hf_mig$\KB2479943\rabrrarar.qqj (601 bytes)
%WinDir%\SoftwareDistribution\Download\5721b309e042b0a08775c2542421fa18\update\yzbzbyqqj.byj (601 bytes)
%WinDir%\$hf_mig$\KB950974\arrrziiir.rqy (601 bytes)
%WinDir%\$hf_mig$\KB2619339\riazzzari.byq (601 bytes)
%WinDir%\$hf_mig$\KB975467\update\arrrziiir.rqy (601 bytes)
%WinDir%\$NtUninstallKB2603381$\spuninst\zbyjayaya.rab (1137 bytes)
%WinDir%\$hf_mig$\KB956844\update\yzbzbyqqj.byj (601 bytes)
%WinDir%\$hf_mig$\KB2506212\yzbzbyqqj.byj (601 bytes)
%WinDir%\$hf_mig$\KB982381-IE8\update\yzbzbyqqj.byj (601 bytes)
%WinDir%\$hf_mig$\KB972270\update\riazzzari.byq (601 bytes)
%WinDir%\$NtUninstallKB956844$\spuninst\riazzzari.byq (1137 bytes)
%WinDir%\$hf_mig$\KB2598479\update\yzbzbyqqj.byj (601 bytes)
%Program Files%\Common Files\Microsoft Shared\MSInfo\zbyjayaya.rab (601 bytes)
%WinDir%\$NtUninstallKB960803$\spuninst\byqyajqia.qjj (1137 bytes)
%WinDir%\$NtUninstallKB975025$\spuninst\arrrziiir.rqy (1137 bytes)
%WinDir%\$NtUninstallKB2584146$\spuninst\rrzqyjaaa.riz (1137 bytes)
%WinDir%\$hf_mig$\KB2585542\update\byqyajqia.qjj (601 bytes)
%WinDir%\$hf_mig$\KB2443105\update\yzbzbyqqj.byj (601 bytes)
%Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\zbyjayaya.rab (601 bytes)
%WinDir%\$hf_mig$\KB960803\abijrazyi.yai (601 bytes)
%WinDir%\$NtUninstallKB2779562$\byqyajqia.qjj (1137 bytes)
%WinDir%\$hf_mig$\KB974112\abijrazyi.yai (601 bytes)
%WinDir%\$NtUninstallKB969059$\spuninst\zbyjayaya.rab (1137 bytes)
%WinDir%\$hf_mig$\KB2799329\abijrazyi.yai (601 bytes)
%WinDir%\$hf_mig$\KB981322\update\zbyjayaya.rab (601 bytes)
%Program Files%\Outlook Express\rabrrarar.qqjyqqj.byj (601 bytes)
%WinDir%\$hf_mig$\KB946648\update\abijrazyi.yaij.rqy (601 bytes)
%WinDir%\$hf_mig$\KB2508429\update\rrzqyjaaa.riz (601 bytes)
%WinDir%\$NtUninstallKB2481109$\spuninst\yzbzbyqqj.byj (1137 bytes)
%WinDir%\$hf_mig$\KB975560\update\yzbzbyqqj.byj (601 bytes)
%WinDir%\$NtUninstallKB973904$\spuninst\zbyjayaya.rab (1137 bytes)
%WinDir%\$hf_mig$\KB2584146\SP3QFE\yzbzbyqqj.byj (601 bytes)
%Program Files%\NetMeeting\abijrazyi.yaiyzbzbyqqj.byj (601 bytes)
%Program Files%\Outlook Express\byqyajqia.qjjyqqj.byj (601 bytes)

The process wuauclt.exe:1152 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%WinDir%\SoftwareDistribution\DataStore\Logs\edb.chk (100 bytes)
%WinDir%\SoftwareDistribution\DataStore\Logs\edb.log (4392 bytes)
%WinDir%\SoftwareDistribution\DataStore\DataStore.edb (100 bytes)

The Trojan deletes the following file(s):

%WinDir%\SoftwareDistribution\DataStore\Logs\tmp.edb (0 bytes)

The process abijrazyi.yai:308 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\jyiryj.ayjj.qqr (116 bytes)

The process abijrazyi.yai:1724 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\yqbraz.jrzj.qqr (116 bytes)

Registry activity

The process %original file name%.exe:3324 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:


To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"x32x" = "%WinDir%\xwrm.exe"

Network activity (URLs)

No activity has been detected.

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.

Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    %original file name%.exe:3324
    wuauclt.exe:1152
    abijrazyi.yai:308
    abijrazyi.yai:1724

  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    %WinDir%\$hf_mig$\KB975713\zbyjayaya.rab (601 bytes)
    %WinDir%\$hf_mig$\KB973904\update\riazzzari.byq (601 bytes)
    %WinDir%\SoftwareDistribution\Download\5721b309e042b0a08775c2542421fa18\rabrrarar.qqj (601 bytes)
    %WinDir%\$NtUninstallKB2736233$\spuninst\byqyajqia.qjj (1137 bytes)
    %WinDir%\$NtUninstallKB2585542$\spuninst\arrrziiir.rqy (1137 bytes)
    %WinDir%\$hf_mig$\KB2724197\update\rabrrarar.qqj (601 bytes)
    %Program Files%\Common Files\Adobe\ARM\1.0\riazzzari.byq (601 bytes)
    %WinDir%\$NtUninstallKB2535512$\spuninst\rabrrarar.qqj (1137 bytes)
    %WinDir%\$hf_mig$\KB2655992\update\rabrrarar.qqj.qqj (601 bytes)
    %WinDir%\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\abijrazyi.yai (601 bytes)
    %WinDir%\$hf_mig$\KB981322\yzbzbyqqj.byj (601 bytes)
    %WinDir%\$hf_mig$\KB979309\byqyajqia.qjj (601 bytes)
    %WinDir%\$NtUninstallKB950974$\spuninst\abijrazyi.yai (1137 bytes)
    %WinDir%\$hf_mig$\KB960859\rabrrarar.qqj (601 bytes)
    %WinDir%\$hf_mig$\KB956844\rabrrarar.qqj (601 bytes)
    %WinDir%\$hf_mig$\KB2761465\rrzqyjaaa.riz (601 bytes)
    %WinDir%\$hf_mig$\KB2483185\update\rrzqyjaaa.riz (601 bytes)
    %WinDir%\$hf_mig$\KB2481109\SP3QFE\zbyjayaya.rab (601 bytes)
    %WinDir%\$hf_mig$\KB979309\update\rrzqyjaaa.riz (601 bytes)
    %WinDir%\$NtUninstallKB979482$\spuninst\riazzzari.byq (1137 bytes)
    %WinDir%\ie8updates\KB2744842-IE8\arrrziiir.rqy (1137 bytes)
    %Program Files%\WinPcap\rabrrarar.qqjrrziiir.rqy.qjjj (601 bytes)
    %WinDir%\$hf_mig$\KB2757638\zbyjayaya.rab (601 bytes)
    %WinDir%\$hf_mig$\KB956744\update\byqyajqia.qjj (601 bytes)
    %WinDir%\$hf_mig$\KB2423089\abijrazyi.yai (601 bytes)
    %WinDir%\$hf_mig$\KB2347290\update\rrzqyjaaa.rizqjjj (601 bytes)
    %WinDir%\$hf_mig$\KB952004\update\rrzqyjaaa.rizj.rqy (601 bytes)
    %WinDir%\$NtUninstallKB951978$\spuninst\rrzqyjaaa.riz (1137 bytes)
    %Program Files%\Outlook Express\rrzqyjaaa.rizyqqj.byj (601 bytes)
    %WinDir%\$hf_mig$\KB2744842-IE8\update\arrrziiir.rqy (601 bytes)
    %WinDir%\$NtUninstallKB2419632$\spuninst\rrzqyjaaa.riz (1137 bytes)
    %WinDir%\$NtUninstallKB2655992$\spuninst\zbyjayaya.rab (1137 bytes)
    %WinDir%\$NtUninstallKB951978$\byqyajqia.qjjrazyi.yai (1137 bytes)
    %Program Files%\Windows NT\Accessories\byqyajqia.qjjj (601 bytes)
    %WinDir%\ie8\yzbzbyqqj.byj (1137 bytes)
    %WinDir%\$hf_mig$\KB2360937\arrrziiir.rqy (601 bytes)
    %WinDir%\$NtUninstallKB956802$\spuninst\zbyjayaya.rab (1137 bytes)
    %Program Files%\Windows NT\Pinball\arrrziiir.rqy.qjjj (601 bytes)
    %WinDir%\$NtUninstallKB978695_WM9$\spuninst\arrrziiir.rqy (1137 bytes)
    %WinDir%\$hf_mig$\KB898461\update\arrrziiir.rqyj.rqy (601 bytes)
    %WinDir%\$NtUninstallKB2676562$\spuninst\yzbzbyqqj.byj (1137 bytes)
    %WinDir%\$hf_mig$\KB973507\abijrazyi.yai (601 bytes)
    %Program Files%\Common Files\Adobe\ARM\1.0\zbyjayaya.rab (601 bytes)
    %WinDir%\$hf_mig$\KB2761465\update\arrrziiir.rqy.rqy (601 bytes)
    %WinDir%\$hf_mig$\KB2535512\yzbzbyqqj.byj (601 bytes)
    %WinDir%\$hf_mig$\KB952004\byqyajqia.qjj (601 bytes)
    %WinDir%\$NtUninstallKB952069_WM9$\spuninst\zbyjayaya.rab (1137 bytes)
    %WinDir%\$NtUninstallKB981997$\spuninst\byqyajqia.qjj (1137 bytes)
    %WinDir%\$hf_mig$\KB977816\abijrazyi.yai (601 bytes)
    %WinDir%\$NtUninstallKB952954$\spuninst\abijrazyi.yai (1137 bytes)
    %WinDir%\$hf_mig$\KB2584146\zbyjayaya.rab (601 bytes)
    %WinDir%\$hf_mig$\KB974318\update\arrrziiir.rqy (601 bytes)
    %WinDir%\$hf_mig$\KB2619339\update\abijrazyi.yai.qqj (601 bytes)
    %Program Files%\Common Files\Microsoft Shared\DW\yzbzbyqqj.byj (601 bytes)
    %WinDir%\$hf_mig$\KB2592799\rrzqyjaaa.riz (601 bytes)
    %WinDir%\$hf_mig$\KB950974\update\rabrrarar.qqjj.rqy (601 bytes)
    %WinDir%\$hf_mig$\KB2393802\arrrziiir.rqy (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\byqyajqia.qjj (601 bytes)
    C:\totalcmd\abijrazyi.yai (601 bytes)
    %WinDir%\$NtUninstallKB960859$\spuninst\rrzqyjaaa.riz (1137 bytes)
    %WinDir%\$hf_mig$\KB974392\update\yzbzbyqqj.byj (601 bytes)
    %WinDir%\$hf_mig$\KB2686509\update\zbyjayaya.rab (601 bytes)
    %WinDir%\SoftwareDistribution\Download\34e066ed95c1982b2564a07910fb791f\abijrazyi.yai (601 bytes)
    %WinDir%\$hf_mig$\KB978706\SP3QFE\zbyjayaya.rab (601 bytes)
    %WinDir%\$NtUninstallKB2507938$\spuninst\byqyajqia.qjj (1137 bytes)
    %WinDir%\$hf_mig$\KB923561\update\zbyjayaya.rabj.rqy (601 bytes)
    %WinDir%\$NtUninstallKB2770660$\spuninst\zbyjayaya.rab (1137 bytes)
    %Program Files%\Windows Media Player\abijrazyi.yai (601 bytes)
    %WinDir%\$hf_mig$\KB2419632\yzbzbyqqj.byj (601 bytes)
    %WinDir%\$hf_mig$\KB982665\update\riazzzari.byq.byj (601 bytes)
    %WinDir%\$hf_mig$\KB978338\update\arrrziiir.rqy (601 bytes)
    %WinDir%\$NtUninstallKB968389$\spuninst\yzbzbyqqj.byj (1137 bytes)
    %WinDir%\$hf_mig$\KB956802\rrzqyjaaa.riz (601 bytes)
    %WinDir%\$hf_mig$\KB977816\update\byqyajqia.qjj (601 bytes)
    %WinDir%\$hf_mig$\KB898461\rrzqyjaaa.riz (601 bytes)
    %WinDir%\$hf_mig$\KB2653956\byqyajqia.qjj (601 bytes)
    %WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\abijrazyi.yai (601 bytes)
    %WinDir%\$hf_mig$\KB2598479\rabrrarar.qqj (601 bytes)
    %WinDir%\$hf_mig$\KB2749655\rabrrarar.qqj (601 bytes)
    %WinDir%\$hf_mig$\KB2598845-IE8\zbyjayaya.rab (601 bytes)
    %WinDir%\$hf_mig$\KB973869\update\yzbzbyqqj.byj (601 bytes)
    %WinDir%\$hf_mig$\KB973815\rrzqyjaaa.riz (601 bytes)
    %WinDir%\$NtUninstallKB2659262$\spuninst\riazzzari.byq (1137 bytes)
    %WinDir%\$hf_mig$\KB974571\update\riazzzari.byq (601 bytes)
    %WinDir%\$NtUninstallKB2570947$\spuninst\abijrazyi.yai (1137 bytes)
    %WinDir%\$hf_mig$\KB981997\riazzzari.byq (601 bytes)
    %Program Files%\Common Files\Adobe\ARM\1.0\byqyajqia.qjj (601 bytes)
    %WinDir%\$hf_mig$\KB2618444-IE8\arrrziiir.rqy (601 bytes)
    %WinDir%\$NtUninstallKB974392$\spuninst\byqyajqia.qjj (1137 bytes)
    %WinDir%\$hf_mig$\KB2483185\byqyajqia.qjj (601 bytes)
    %WinDir%\$hf_mig$\KB951978\SP3QFE\zbyjayaya.rabj.rqy (601 bytes)
    %WinDir%\$hf_mig$\KB2646524\update\abijrazyi.yai.qqj (601 bytes)
    %WinDir%\$hf_mig$\KB2510581\arrrziiir.rqy (601 bytes)
    %WinDir%\$hf_mig$\KB956802\update\arrrziiir.rqy (601 bytes)
    %WinDir%\$hf_mig$\KB2691442\riazzzari.byq (601 bytes)
    %WinDir%\$NtUninstallKB2584146$\byqyajqia.qjj (1137 bytes)
    %Program Files%\Outlook Express\yzbzbyqqj.byjyqqj.byj (601 bytes)
    %WinDir%\$hf_mig$\KB2724197\arrrziiir.rqy (601 bytes)
    %WinDir%\$hf_mig$\KB2676562\update\rabrrarar.qqj (601 bytes)
    %WinDir%\$hf_mig$\KB2508429\byqyajqia.qjj (601 bytes)
    %WinDir%\$hf_mig$\KB2387149\update\zbyjayaya.rabqjjj (601 bytes)
    %WinDir%\$hf_mig$\KB974112\update\byqyajqia.qjj (601 bytes)
    %WinDir%\$NtUninstallKB2698365$\spuninst\abijrazyi.yai (1137 bytes)
    %WinDir%\$hf_mig$\KB2624667\arrrziiir.rqy (601 bytes)
    %WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\riazzzari.byq (601 bytes)
    %WinDir%\$NtUninstallKB2724197$\spuninst\riazzzari.byq (1137 bytes)
    %Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\rabrrarar.qqj (601 bytes)
    %WinDir%\xwrm.exe (601 bytes)
    %WinDir%\$NtUninstallKB2483185$\spuninst\zbyjayaya.rab (1137 bytes)
    %WinDir%\$hf_mig$\KB978706\update\abijrazyi.yai (601 bytes)
    %WinDir%\$hf_mig$\KB2347290\byqyajqia.qjj (601 bytes)
    %WinDir%\ie8updates\KB982381-IE8\spuninst\zbyjayaya.rab (1137 bytes)
    %WinDir%\ie8updates\KB982381-IE8\yzbzbyqqj.byj (1137 bytes)
    %WinDir%\$NtUninstallKB973507$\spuninst\rrzqyjaaa.riz (1137 bytes)
    %WinDir%\inf\riazzzari.byq (601 bytes)
    %WinDir%\$hf_mig$\KB2479943\update\yzbzbyqqj.byj (601 bytes)
    %WinDir%\$NtUninstallKB2423089$\spuninst\arrrziiir.rqy (1137 bytes)
    %WinDir%\$hf_mig$\KB2440591\update\arrrziiir.rqy (601 bytes)
    %WinDir%\$hf_mig$\KB2799329\update\byqyajqia.qjj.rqy (601 bytes)
    %WinDir%\$hf_mig$\KB973815\update\arrrziiir.rqy (601 bytes)
    %WinDir%\SoftwareDistribution\Download\6006b16c1fd02cf49cb91496eb5460a0\abijrazyi.yai (601 bytes)
    %WinDir%\$hf_mig$\KB2779030\zbyjayaya.rab (601 bytes)
    %WinDir%\$hf_mig$\KB2584146\update\riazzzari.byq (601 bytes)
    %WinDir%\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\update\riazzzari.byq (601 bytes)
    %WinDir%\$hf_mig$\KB2510581\update\rabrrarar.qqj (601 bytes)
    %WinDir%\$hf_mig$\KB2467659\zbyjayaya.rab (601 bytes)
    %WinDir%\$hf_mig$\KB2620712\update\rrzqyjaaa.riz.qqj (601 bytes)
    %WinDir%\$hf_mig$\KB971029\rrzqyjaaa.riz (601 bytes)
    %WinDir%\$NtUninstallKB2598479$\spuninst\yzbzbyqqj.byj (1137 bytes)
    %WinDir%\$NtUninstallKB956572$\spuninst\rabrrarar.qqj (1137 bytes)
    %WinDir%\$hf_mig$\KB979482\update\rabrrarar.qqj (601 bytes)
    %Program Files%\Common Files\Microsoft Shared\DW\rabrrarar.qqj (601 bytes)
    %WinDir%\$hf_mig$\KB2618444-IE8\SP3QFE\rrzqyjaaa.riz (601 bytes)
    %WinDir%\$hf_mig$\KB2485663\update\rabrrarar.qqj (601 bytes)
    C:\totalcmd\rabrrarar.qqj (601 bytes)
    %WinDir%\ie8updates\KB2618444-IE8\byqyajqia.qjj (1137 bytes)
    %WinDir%\$NtUninstallKB978338$\spuninst\byqyajqia.qjj (1137 bytes)
    %WinDir%\$hf_mig$\KB950762\update\rrzqyjaaa.rizj.rqy (601 bytes)
    %WinDir%\$hf_mig$\KB2393802\SP3QFE\byqyajqia.qjj (601 bytes)
    %WinDir%\$NtUninstallKB956572$\arrrziiir.rqyyjaaa.riz (1137 bytes)
    %WinDir%\$hf_mig$\KB2506212\update\zbyjayaya.rab (601 bytes)
    %WinDir%\$hf_mig$\KB2507938\riazzzari.byq (601 bytes)
    %WinDir%\$hf_mig$\KB974392\rabrrarar.qqj (601 bytes)
    %WinDir%\$hf_mig$\KB2229593\update\abijrazyi.yaiqjjj (601 bytes)
    %WinDir%\$NtUninstallKB974112$\spuninst\riazzzari.byq (1137 bytes)
    %Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\arrrziiir.rqy (601 bytes)
    %WinDir%\$NtUninstallKB923561$\spuninst\rabrrarar.qqj (1137 bytes)
    %WinDir%\pchealth\helpctr\binaries\byqyajqia.qjj (601 bytes)
    %WinDir%\$hf_mig$\KB959426\zbyjayaya.rab (601 bytes)
    %WinDir%\$hf_mig$\KB973869\rabrrarar.qqj (601 bytes)
    %Program Files%\Common Files\Adobe\ARM\1.0\abijrazyi.yai (601 bytes)
    %WinDir%\$NtUninstallKB2467659$\spuninst\riazzzari.byq (1137 bytes)
    %WinDir%\$hf_mig$\KB956744\abijrazyi.yai (601 bytes)
    %WinDir%\$NtUninstallKB2749655$\spuninst\rrzqyjaaa.riz (1137 bytes)
    %WinDir%\$hf_mig$\KB956572\update\riazzzari.byq (601 bytes)
    %WinDir%\$hf_mig$\KB2727528\update\zbyjayaya.rab (601 bytes)
    %WinDir%\$NtUninstallKB2508429$\spuninst\rrzqyjaaa.riz (1137 bytes)
    %Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\yzbzbyqqj.byj (601 bytes)
    %WinDir%\$hf_mig$\KB2585542\abijrazyi.yai (601 bytes)
    %WinDir%\$NtUninstallKB2479943$\spuninst\rrzqyjaaa.riz (1137 bytes)
    %WinDir%\$hf_mig$\KB974318\rrzqyjaaa.riz (601 bytes)
    %WinDir%\$NtUninstallKB2676562$\arrrziiir.rqy (1137 bytes)
    %WinDir%\SoftwareDistribution\Download\dce73325c50b43822620b32408bb3b50\zbyjayaya.rab (601 bytes)
    %WinDir%\$hf_mig$\KB2736233\update\abijrazyi.yai (601 bytes)
    %WinDir%\$NtUninstallKB2712808$\spuninst\byqyajqia.qjj (1137 bytes)
    %WinDir%\$hf_mig$\KB960859\update\yzbzbyqqj.byj (601 bytes)
    %WinDir%\$hf_mig$\KB960859\SP3QFE\arrrziiir.rqy (601 bytes)
    %WinDir%\SoftwareDistribution\Download\982ca70dcc7d7c5793e4584ca12bd6a6\yzbzbyqqj.byj (601 bytes)
    %WinDir%\SoftwareDistribution\Download\982ca70dcc7d7c5793e4584ca12bd6a6\update\zbyjayaya.rab (601 bytes)
    %WinDir%\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\arrrziiir.rqy (601 bytes)
    %WinDir%\$hf_mig$\KB952954\update\zbyjayaya.rabj.rqy (601 bytes)
    %WinDir%\$NtUninstallKB977816$\spuninst\abijrazyi.yai (1137 bytes)
    %WinDir%\$hf_mig$\KB2440591\rrzqyjaaa.riz (601 bytes)
    %WinDir%\$hf_mig$\KB956572\SP3QFE\byqyajqia.qjj (601 bytes)
    %WinDir%\$hf_mig$\KB2618451\update\zbyjayaya.rab.qqj (601 bytes)
    %Program Files%\Common Files\Adobe\Updater6\arrrziiir.rqy (601 bytes)
    %WinDir%\ie8updates\KB2744842-IE8\spuninst\rabrrarar.qqj (1137 bytes)
    %WinDir%\$NtUninstallKB954155_WM9$\spuninst\byqyajqia.qjj (1137 bytes)
    %WinDir%\$hf_mig$\KB2655992\arrrziiir.rqy (601 bytes)
    %WinDir%\$hf_mig$\KB975560\rabrrarar.qqj (601 bytes)
    %WinDir%\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\update\byqyajqia.qjj (601 bytes)
    %WinDir%\SoftwareDistribution\Download\34e066ed95c1982b2564a07910fb791f\update\byqyajqia.qjj (601 bytes)
    %WinDir%\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\update\yzbzbyqqj.byj (601 bytes)
    %WinDir%\$hf_mig$\KB960859\SP3QFE\rrzqyjaaa.riz (601 bytes)
    %WinDir%\$hf_mig$\KB960803\update\byqyajqia.qjj (601 bytes)
    %WinDir%\$NtUninstallKB952004$\spuninst\rabrrarar.qqj (1137 bytes)
    %WinDir%\$NtUninstallKB2758857$\spuninst\rabrrarar.qqj (1137 bytes)
    %WinDir%\$hf_mig$\KB951978\riazzzari.byq (601 bytes)
    %Program Files%\MSN Gaming Zone\Windows\rabrrarar.qqjj (601 bytes)
    %WinDir%\$hf_mig$\KB951978\update\abijrazyi.yaij.rqy (601 bytes)
    %WinDir%\$NtUninstallKB2544521$\spuninst\yzbzbyqqj.byj (1137 bytes)
    %WinDir%\$NtUninstallKB2661637$\spuninst\abijrazyi.yai (1137 bytes)
    %WinDir%\$hf_mig$\KB2507938\update\abijrazyi.yai (601 bytes)
    %WinDir%\$hf_mig$\KB2770660\rabrrarar.qqj (601 bytes)
    %WinDir%\$hf_mig$\KB978542\rabrrarar.qqj (601 bytes)
    %WinDir%\$hf_mig$\KB952954\yzbzbyqqj.byj (601 bytes)
    %WinDir%\$hf_mig$\KB2603381\update\byqyajqia.qjj.byq (601 bytes)
    %WinDir%\$hf_mig$\KB2736233\riazzzari.byq (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\rrzqyjaaa.rizjqia.qjj (601 bytes)
    %WinDir%\$NtUninstallKB956744$\spuninst\yzbzbyqqj.byj (1137 bytes)
    %WinDir%\SoftwareDistribution\Download\3b8bc9bbfdb19e4227d5a553f3206c44\update\arrrziiir.rqy (601 bytes)
    %WinDir%\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\update\rrzqyjaaa.riz (601 bytes)
    %WinDir%\$NtUninstallKB960859$\rabrrarar.qqj (1137 bytes)
    %WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\arrrziiir.rqy (601 bytes)
    %WinDir%\$hf_mig$\KB975025\update\byqyajqia.qjj (601 bytes)
    %WinDir%\$hf_mig$\KB2360937\update\rabrrarar.qqjqjjj (601 bytes)
    %WinDir%\$hf_mig$\KB2676562\arrrziiir.rqy (601 bytes)
    %WinDir%\pchealth\helpctr\binaries\rabrrarar.qqj (601 bytes)
    %WinDir%\$NtUninstallKB2799329$\spuninst\rrzqyjaaa.riz (1137 bytes)
    %WinDir%\$NtUninstallKB2691442$\spuninst\riazzzari.byq (1137 bytes)
    %WinDir%\$hf_mig$\KB2229593\riazzzari.byq (601 bytes)
    %WinDir%\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3QFE\riazzzari.byq (601 bytes)
    %WinDir%\$NtUninstallKB981322$\spuninst\abijrazyi.yai (1137 bytes)
    %WinDir%\$hf_mig$\KB2661637\yzbzbyqqj.byj (601 bytes)
    %WinDir%\$hf_mig$\KB2719985\update\zbyjayaya.rab (601 bytes)
    %WinDir%\$hf_mig$\KB952287\arrrziiir.rqy (601 bytes)
    %WinDir%\$hf_mig$\KB2476490\abijrazyi.yai (601 bytes)
    %WinDir%\$hf_mig$\KB923561\SP3QFE\rabrrarar.qqjj.rqy (601 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\rrzqyjaaa.riz (601 bytes)
    %WinDir%\$hf_mig$\KB955759\update\abijrazyi.yaij.rqy (601 bytes)
    %WinDir%\$hf_mig$\KB982665\zbyjayaya.rab (601 bytes)
    %WinDir%\SoftwareDistribution\Download\3b8bc9bbfdb19e4227d5a553f3206c44\rrzqyjaaa.riz (601 bytes)
    %WinDir%\$hf_mig$\KB2618451\yzbzbyqqj.byj (601 bytes)
    %WinDir%\$hf_mig$\KB2423089\SP3QFE\riazzzari.byq (601 bytes)
    %WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\zbyjayaya.rab (601 bytes)
    %WinDir%\ie8\zbyjayaya.rab (1137 bytes)
    %WinDir%\$NtUninstallKB973869$\spuninst\yzbzbyqqj.byj (1137 bytes)
    %WinDir%\$hf_mig$\KB2481109\riazzzari.byq (601 bytes)
    %WinDir%\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\rabrrarar.qqj (601 bytes)
    %WinDir%\$hf_mig$\KB2476490\update\byqyajqia.qjj (601 bytes)
    %WinDir%\$hf_mig$\KB971029\update\arrrziiir.rqy (601 bytes)
    %WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rrzqyjaaa.riz (601 bytes)
    %WinDir%\byqyajqia.qjj (601 bytes)
    %Program Files%\MSN Gaming Zone\Windows\yzbzbyqqj.byj (601 bytes)
    %WinDir%\$NtUninstallKB923561$\yzbzbyqqj.byjrarar.qqj (1137 bytes)
    %WinDir%\$hf_mig$\KB2393802\update\rabrrarar.qqj (601 bytes)
    %WinDir%\$hf_mig$\KB2115168\update\zbyjayaya.rabqjjj (601 bytes)
    %WinDir%\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\byqyajqia.qjj (601 bytes)
    %WinDir%\$hf_mig$\KB2481109\update\abijrazyi.yai (601 bytes)
    %WinDir%\$hf_mig$\KB2758857\update\byqyajqia.qjj.rqy (601 bytes)
    %WinDir%\$hf_mig$\KB2592799\update\arrrziiir.rqy (601 bytes)
    %WinDir%\$hf_mig$\KB2698365\byqyajqia.qjj (601 bytes)
    %WinDir%\SoftwareDistribution\Download\c86138b508e29791909bf87cca82fe28\update\arrrziiir.rqy (601 bytes)
    %WinDir%\$NtUninstallKB974571$\spuninst\rrzqyjaaa.riz (1137 bytes)
    %WinDir%\$hf_mig$\KB2598845-IE8\update\riazzzari.byq (601 bytes)
    %WinDir%\$NtUninstallKB2686509$\spuninst\zbyjayaya.rab (1137 bytes)
    %WinDir%\$hf_mig$\KB2770660\update\yzbzbyqqj.byj.rqy (601 bytes)
    %WinDir%\$NtUninstallKB2624667$\spuninst\rrzqyjaaa.riz (1137 bytes)
    %WinDir%\$hf_mig$\KB973904\zbyjayaya.rab (601 bytes)
    %WinDir%\$hf_mig$\KB2467659\update\riazzzari.byq (601 bytes)
    %WinDir%\$hf_mig$\KB975467\rrzqyjaaa.riz (601 bytes)
    %Program Files%\Windows Media Player\riazzzari.byq (601 bytes)
    %WinDir%\$NtUninstallKB2476490$\spuninst\abijrazyi.yai (1137 bytes)
    %WinDir%\$hf_mig$\KB2566454\byqyajqia.qjj (601 bytes)
    %WinDir%\$hf_mig$\KB2712808\arrrziiir.rqy (601 bytes)
    %WinDir%\$NtUninstallKB2618451$\spuninst\riazzzari.byq (1137 bytes)
    %WinDir%\$NtUninstallKB898461$\spuninst\arrrziiir.rqy (1137 bytes)
    %WinDir%\$hf_mig$\KB978542\update\yzbzbyqqj.byj (601 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\byqyajqia.qjj (601 bytes)
    %WinDir%\$hf_mig$\KB973507\update\byqyajqia.qjj (601 bytes)
    %WinDir%\SoftwareDistribution\Download\6006b16c1fd02cf49cb91496eb5460a0\update\byqyajqia.qjj (601 bytes)
    %WinDir%\$hf_mig$\KB981997\update\abijrazyi.yai (601 bytes)
    %WinDir%\$hf_mig$\KB2443105\rabrrarar.qqj (601 bytes)
    %WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\yzbzbyqqj.byj (601 bytes)
    %WinDir%\$NtUninstallKB2719985$\spuninst\rrzqyjaaa.riz (1137 bytes)
    %WinDir%\$hf_mig$\KB952287\update\rabrrarar.qqjj.rqy (601 bytes)
    %WinDir%\$hf_mig$\KB2646524\riazzzari.byq (601 bytes)
    %WinDir%\$NtUninstallKB955759$\spuninst\rrzqyjaaa.riz (1137 bytes)
    %WinDir%\$NtUninstallKB2478960$\spuninst\byqyajqia.qjj (1137 bytes)
    %WinDir%\$hf_mig$\KB2387149\yzbzbyqqj.byj (601 bytes)
    %WinDir%\$hf_mig$\KB968389\zbyjayaya.rab (601 bytes)
    %WinDir%\$hf_mig$\KB946648\riazzzari.byq (601 bytes)
    %WinDir%\$hf_mig$\KB2653956\update\rrzqyjaaa.riz.qqj (601 bytes)
    %WinDir%\ie8updates\KB2618444-IE8\spuninst\rrzqyjaaa.riz (1137 bytes)
    %WinDir%\$NtUninstallKB975558_WM8$\spuninst\yzbzbyqqj.byj (1137 bytes)
    %WinDir%\$NtUninstallKB2727528$\spuninst\abijrazyi.yai (1137 bytes)
    %Program Files%\Windows NT\rrzqyjaaa.riz (601 bytes)
    %WinDir%\$hf_mig$\KB2719985\yzbzbyqqj.byj (601 bytes)
    %WinDir%\$NtUninstallKB2779562$\spuninst\abijrazyi.yai (1137 bytes)
    %WinDir%\$NtUninstallKB2378111_WM9$\spuninst\yzbzbyqqj.byj (1137 bytes)
    %WinDir%\$hf_mig$\KB2686509\yzbzbyqqj.byj (601 bytes)
    %WinDir%\$hf_mig$\KB2618444-IE8\update\rabrrarar.qqj (601 bytes)
    %WinDir%\$NtUninstallKB978542$\spuninst\rrzqyjaaa.riz (1137 bytes)
    %WinDir%\$NtUninstallKB2440591$\spuninst\yzbzbyqqj.byj (1137 bytes)
    %WinDir%\$hf_mig$\KB982381-IE8\SP3QFE\arrrziiir.rqy (601 bytes)
    %WinDir%\Microsoft.NET\Framework\rabrrarar.qqj (601 bytes)
    %WinDir%\$hf_mig$\KB971657\rabrrarar.qqj (601 bytes)
    %WinDir%\$hf_mig$\KB2544521\riazzzari.byq (601 bytes)
    %WinDir%\$hf_mig$\KB2423089\update\byqyajqia.qjj (601 bytes)
    %WinDir%\$NtUninstallKB971657$\spuninst\abijrazyi.yai (1137 bytes)
    %WinDir%\$hf_mig$\KB2631813\yzbzbyqqj.byj (601 bytes)
    %WinDir%\$hf_mig$\KB982381-IE8\rabrrarar.qqj (601 bytes)
    %WinDir%\$hf_mig$\KB2624667\update\rabrrarar.qqj.qqj (601 bytes)
    %WinDir%\Network Diagnostic\riazzzari.byq (601 bytes)
    %WinDir%\SoftwareDistribution\Download\59732c3a78c987eaec1ee41ab88e3da8\update\riazzzari.byq (601 bytes)
    %WinDir%\SoftwareDistribution\Download\dce73325c50b43822620b32408bb3b50\update\riazzzari.byq (601 bytes)
    %WinDir%\$hf_mig$\KB968389\update\riazzzari.byq (601 bytes)
    %WinDir%\$NtUninstallKB2620712$\spuninst\byqyajqia.qjj (1137 bytes)
    %WinDir%\$hf_mig$\KB979482\arrrziiir.rqy (601 bytes)
    %WinDir%\$NtUninstallKB2592799$\spuninst\rabrrarar.qqj (1137 bytes)
    %WinDir%\$hf_mig$\KB2758857\abijrazyi.yai (601 bytes)
    %WinDir%\$hf_mig$\KB2698365\update\rrzqyjaaa.riz (601 bytes)
    %WinDir%\$NtUninstallKB946648$\spuninst\zbyjayaya.rab (1137 bytes)
    %WinDir%\$hf_mig$\KB2749655\update\yzbzbyqqj.byj.rqy (601 bytes)
    %WinDir%\$hf_mig$\KB2535512\update\zbyjayaya.rab (601 bytes)
    %WinDir%\$hf_mig$\KB923561\yzbzbyqqj.byj (601 bytes)
    %WinDir%\$hf_mig$\KB2478960\update\arrrziiir.rqy (601 bytes)
    %WinDir%\$NtUninstallKB972270$\spuninst\byqyajqia.qjj (1137 bytes)
    %WinDir%\$NtUninstallKB2387149$\spuninst\zbyjayaya.rab (1137 bytes)
    %WinDir%\$hf_mig$\KB2661637\update\zbyjayaya.rab.qqj (601 bytes)
    %WinDir%\$NtUninstallKB2757638$\spuninst\arrrziiir.rqy (1137 bytes)
    %WinDir%\$NtUninstallKB2619339$\spuninst\abijrazyi.yai (1137 bytes)
    %WinDir%\$hf_mig$\KB2757638\update\riazzzari.byq.rqy (601 bytes)
    %WinDir%\$NtUninstallKB2779030$\spuninst\riazzzari.byq (1137 bytes)
    %WinDir%\$hf_mig$\KB2779030\update\riazzzari.byq.rqy (601 bytes)
    %WinDir%\$hf_mig$\KB971657\update\yzbzbyqqj.byj (601 bytes)
    %WinDir%\$hf_mig$\KB969059\abijrazyi.yai (601 bytes)
    %WinDir%\$NtUninstallKB2443105$\spuninst\zbyjayaya.rab (1137 bytes)
    C:\totalcmd\byqyajqia.qjj (601 bytes)
    %WinDir%\$NtUninstallKB975467$\spuninst\rabrrarar.qqj (1137 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\yzbzbyqqj.byj (601 bytes)
    %WinDir%\$NtUninstallKB2510581$\spuninst\arrrziiir.rqy (1137 bytes)
    %WinDir%\$NtUninstallKB2566454$\spuninst\riazzzari.byq (1137 bytes)
    %WinDir%\SoftwareDistribution\Download\982ca70dcc7d7c5793e4584ca12bd6a6\SP3QFE\rabrrarar.qqj (601 bytes)
    %WinDir%\$NtUninstallKB2646524$\spuninst\rabrrarar.qqj (1137 bytes)
    %WinDir%\$hf_mig$\KB2478960\rrzqyjaaa.riz (601 bytes)
    %Program Files%\NetMeeting\riazzzari.byqyzbzbyqqj.byj (601 bytes)
    %WinDir%\$NtUninstallKB950762$\spuninst\riazzzari.byq (1137 bytes)
    %WinDir%\$NtUninstallKB951978$\arrrziiir.rqyyjaaa.riz (1137 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\rabrrarar.qqj (601 bytes)
    %WinDir%\$NtUninstallKB982665$\spuninst\arrrziiir.rqy (1137 bytes)
    %WinDir%\$hf_mig$\KB2115168\yzbzbyqqj.byj (601 bytes)
    %WinDir%\$hf_mig$\KB969059\update\byqyajqia.qjj (601 bytes)
    %WinDir%\$NtUninstallKB982132$\spuninst\rrzqyjaaa.riz (1137 bytes)
    %WinDir%\$hf_mig$\KB956572\SP3QFE\arrrziiir.rqy (601 bytes)
    %WinDir%\$NtUninstallKB971029$\spuninst\riazzzari.byq (1137 bytes)
    %WinDir%\$hf_mig$\KB978706\riazzzari.byq (601 bytes)
    %WinDir%\$hf_mig$\KB978338\rrzqyjaaa.riz (601 bytes)
    %WinDir%\$NtUninstallKB973815$\spuninst\rabrrarar.qqj (1137 bytes)
    %WinDir%\SoftwareDistribution\Download\85ef43cf285b550a459dd3afbad2f0b8\rrzqyjaaa.riz (601 bytes)
    %Program Files%\Windows Media Player\zbyjayaya.rabbyj (601 bytes)
    %WinDir%\$NtUninstallKB952287$\spuninst\riazzzari.byq (1137 bytes)
    %WinDir%\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\zbyjayaya.rab (601 bytes)
    %WinDir%\$hf_mig$\KB972270\zbyjayaya.rab (601 bytes)
    %WinDir%\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\update\yzbzbyqqj.byj (601 bytes)
    %WinDir%\$NtUninstallKB2506212$\spuninst\abijrazyi.yai (1137 bytes)
    %WinDir%\$NtUninstallKB974318$\spuninst\abijrazyi.yai (1137 bytes)
    %WinDir%\$hf_mig$\KB2419632\update\zbyjayaya.rab (601 bytes)
    %WinDir%\$hf_mig$\KB2570947\update\rabrrarar.qqj (601 bytes)
    %WinDir%\ie8updates\KB2598845-IE8\spuninst\abijrazyi.yai (1137 bytes)
    %WinDir%\$hf_mig$\KB2603381\abijrazyi.yai (601 bytes)
    %WinDir%\$hf_mig$\KB2744842-IE8\rrzqyjaaa.riz (601 bytes)
    %WinDir%\$NtUninstallKB2631813$\spuninst\arrrziiir.rqy (1137 bytes)
    %WinDir%\$NtUninstallKB2485663$\spuninst\riazzzari.byq (1137 bytes)
    %Program Files%\NetMeeting\zbyjayaya.rabyzbzbyqqj.byj (601 bytes)
    %WinDir%\$hf_mig$\KB2570947\arrrziiir.rqy (601 bytes)
    %WinDir%\$hf_mig$\KB2712808\update\rabrrarar.qqj (601 bytes)
    %WinDir%\$NtUninstallKB2564958$\spuninst\zbyjayaya.rab (1137 bytes)
    %WinDir%\$hf_mig$\KB2544521\update\abijrazyi.yai (601 bytes)
    %WinDir%\$NtUninstallKB2761465$\spuninst\yzbzbyqqj.byj (1137 bytes)
    %WinDir%\$hf_mig$\KB955759\riazzzari.byq (601 bytes)
    %WinDir%\$hf_mig$\KB2620712\byqyajqia.qjj (601 bytes)
    %WinDir%\$NtUninstallKB979309$\spuninst\zbyjayaya.rab (1137 bytes)
    %WinDir%\$hf_mig$\KB982132\byqyajqia.qjj (601 bytes)
    %WinDir%\$hf_mig$\KB982132\update\rrzqyjaaa.riz (601 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\arrrziiir.rqy (601 bytes)
    %WinDir%\$NtUninstallKB2653956$\spuninst\yzbzbyqqj.byj (1137 bytes)
    %WinDir%\$hf_mig$\KB2566454\update\rrzqyjaaa.riz (601 bytes)
    %WinDir%\$NtUninstallKB975560$\spuninst\zbyjayaya.rab (1137 bytes)
    %WinDir%\$hf_mig$\KB2744842-IE8\SP3QFE\byqyajqia.qjj (601 bytes)
    %WinDir%\$hf_mig$\KB975713\update\riazzzari.byq (601 bytes)
    %WinDir%\SoftwareDistribution\Download\85ef43cf285b550a459dd3afbad2f0b8\update\arrrziiir.rqy (601 bytes)
    %WinDir%\SoftwareDistribution\Download\c86138b508e29791909bf87cca82fe28\rrzqyjaaa.riz (601 bytes)
    %WinDir%\$hf_mig$\KB959426\update\riazzzari.byq (601 bytes)
    %Program Files%\MSN Gaming Zone\Windows\rrzqyjaaa.rizj (601 bytes)
    %WinDir%\$hf_mig$\KB2485663\arrrziiir.rqy (601 bytes)
    %WinDir%\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\arrrziiir.rqy (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\izabzr.aiij.qqr (116 bytes)
    %WinDir%\SoftwareDistribution\Download\59732c3a78c987eaec1ee41ab88e3da8\zbyjayaya.rab (601 bytes)
    %WinDir%\$NtUninstallKB975713$\spuninst\riazzzari.byq (1137 bytes)
    %WinDir%\$hf_mig$\KB2727528\yzbzbyqqj.byj (601 bytes)
    %Program Files%\MSN Gaming Zone\Windows\arrrziiir.rqyj (601 bytes)
    %WinDir%\$hf_mig$\KB950762\byqyajqia.qjj (601 bytes)
    %WinDir%\$NtUninstallKB973540_WM9$\spuninst\arrrziiir.rqy (1137 bytes)
    %WinDir%\$NtUninstallKB978706$\spuninst\yzbzbyqqj.byj (1137 bytes)
    %WinDir%\$hf_mig$\KB975025\abijrazyi.yai (601 bytes)
    %Program Files%\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A93000000001}\yzbzbyqqj.byj (601 bytes)
    %WinDir%\$NtUninstallKB2393802$\spuninst\byqyajqia.qjj (1137 bytes)
    %WinDir%\$hf_mig$\KB974571\zbyjayaya.rab (601 bytes)
    %WinDir%\$hf_mig$\KB2691442\update\abijrazyi.yai (601 bytes)
    %WinDir%\$NtUninstallKB959426$\spuninst\abijrazyi.yai (1137 bytes)
    %WinDir%\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\rabrrarar.qqj (601 bytes)
    %WinDir%\$hf_mig$\KB2631813\update\zbyjayaya.rab.qqj (601 bytes)
    %WinDir%\$hf_mig$\KB956572\zbyjayaya.rab (601 bytes)
    %WinDir%\$hf_mig$\KB2479943\rabrrarar.qqj (601 bytes)
    %WinDir%\SoftwareDistribution\Download\5721b309e042b0a08775c2542421fa18\update\yzbzbyqqj.byj (601 bytes)
    %WinDir%\$hf_mig$\KB950974\arrrziiir.rqy (601 bytes)
    %WinDir%\$hf_mig$\KB2619339\riazzzari.byq (601 bytes)
    %WinDir%\$hf_mig$\KB975467\update\arrrziiir.rqy (601 bytes)
    %WinDir%\$NtUninstallKB2603381$\spuninst\zbyjayaya.rab (1137 bytes)
    %WinDir%\$hf_mig$\KB956844\update\yzbzbyqqj.byj (601 bytes)
    %WinDir%\$hf_mig$\KB2506212\yzbzbyqqj.byj (601 bytes)
    %WinDir%\$hf_mig$\KB982381-IE8\update\yzbzbyqqj.byj (601 bytes)
    %WinDir%\$hf_mig$\KB972270\update\riazzzari.byq (601 bytes)
    %WinDir%\$NtUninstallKB956844$\spuninst\riazzzari.byq (1137 bytes)
    %WinDir%\$hf_mig$\KB2598479\update\yzbzbyqqj.byj (601 bytes)
    %Program Files%\Common Files\Microsoft Shared\MSInfo\zbyjayaya.rab (601 bytes)
    %WinDir%\$NtUninstallKB960803$\spuninst\byqyajqia.qjj (1137 bytes)
    %WinDir%\$NtUninstallKB975025$\spuninst\arrrziiir.rqy (1137 bytes)
    %WinDir%\$NtUninstallKB2584146$\spuninst\rrzqyjaaa.riz (1137 bytes)
    %WinDir%\$hf_mig$\KB2585542\update\byqyajqia.qjj (601 bytes)
    %WinDir%\$hf_mig$\KB2443105\update\yzbzbyqqj.byj (601 bytes)
    %Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\zbyjayaya.rab (601 bytes)
    %WinDir%\$hf_mig$\KB960803\abijrazyi.yai (601 bytes)
    %WinDir%\$NtUninstallKB2779562$\byqyajqia.qjj (1137 bytes)
    %WinDir%\$hf_mig$\KB974112\abijrazyi.yai (601 bytes)
    %WinDir%\$NtUninstallKB969059$\spuninst\zbyjayaya.rab (1137 bytes)
    %WinDir%\$hf_mig$\KB2799329\abijrazyi.yai (601 bytes)
    %WinDir%\$hf_mig$\KB981322\update\zbyjayaya.rab (601 bytes)
    %Program Files%\Outlook Express\rabrrarar.qqjyqqj.byj (601 bytes)
    %WinDir%\$hf_mig$\KB946648\update\abijrazyi.yaij.rqy (601 bytes)
    %WinDir%\$hf_mig$\KB2508429\update\rrzqyjaaa.riz (601 bytes)
    %WinDir%\$NtUninstallKB2481109$\spuninst\yzbzbyqqj.byj (1137 bytes)
    %WinDir%\$hf_mig$\KB975560\update\yzbzbyqqj.byj (601 bytes)
    %WinDir%\$NtUninstallKB973904$\spuninst\zbyjayaya.rab (1137 bytes)
    %WinDir%\$hf_mig$\KB2584146\SP3QFE\yzbzbyqqj.byj (601 bytes)
    %Program Files%\NetMeeting\abijrazyi.yaiyzbzbyqqj.byj (601 bytes)
    %Program Files%\Outlook Express\byqyajqia.qjjyqqj.byj (601 bytes)
    %WinDir%\SoftwareDistribution\DataStore\Logs\edb.chk (100 bytes)
    %WinDir%\SoftwareDistribution\DataStore\Logs\edb.log (4392 bytes)
    %WinDir%\SoftwareDistribution\DataStore\DataStore.edb (100 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\jyiryj.ayjj.qqr (116 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\yqbraz.jrzj.qqr (116 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "x32x" = "%WinDir%\xwrm.exe"

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

Network Activity

Map

Strings from Dumps