Trojan.Generic.1635648 (BitDefender), Worm:Win32/Virauto.A (Microsoft), HEUR:Trojan.Win32.Generic (Kaspersky), Trojan.Win32.Generic.pak!cobra (VIPRE), Win32.HLLW.Autoruner.6389 (DrWeb), Trojan.Generic.1635648 (B) (Emsisoft), Artemis!4B9A84BAC2E7 (McAfee), Trojan.Gen (Symantec), Worm.Win32.AutoRun (Ikarus), Trojan.Generic.1635648 (FSecure), Generic15.BDDH (AVG), Win32:Trojan-gen (Avast)Behaviour: Trojan, Worm
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 4b9a84bac2e79d32f9451c7e2b3f3236
SHA1: 9ccb1cbb65f4472a9f9894dce4774156cc4cded7
SHA256: 6ec50362e0acb586c3ac4738325bf044e8e081bca7306f635585e995f29e3856
SSDeep: 12288:iUqp1OeJwH2K1g3a5kLxkX6Z8DMP NU7KpEjQpKTMZu/IhiD8YvsF2HwNy7UN nq:iU 1kCyh
Size: 453120 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: BorlandDelphi3, UPolyXv05_v6
Company: WinterSoft
Created at: 2009-02-15 01:26:42
Summary: Worm. A program that is primarily replicating on networks or removable drives.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Worm creates the following process(es):
%original file name%.exe:1844
cmd32.exe:1652
File activity
The process %original file name%.exe:1844 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
%Program Files%\Windows NT\explorer.exe (2321 bytes)
The process cmd32.exe:1652 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\20131030(2).zip (222132 bytes)
Registry activity
The process %original file name%.exe:1844 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FA F7 68 5C 58 3F E4 CC A0 0D 05 9B 0E 6A 35 45"
The process cmd32.exe:1652 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "38 72 F2 BB B1 E1 66 2C 1E 1D 0E 9D 4D E8 80 9A"
[HKCU\Control Panel\Desktop]
"ScreenSaveActive" = "1"
"ScreenSaveTimeOut" = "600"
Network activity (URLs)
No activity has been detected.
HOSTS file anomalies
The Worm modifies "%System%\drivers\etc\hosts" file which is used to translate DNS entries to IP addresses. The modified file is 19926 bytes in size. The following strings are added to the hosts file listed below:
127.0.0.1 | download7.avast.com |
127.0.0.1 | download6.avast.com |
127.0.0.1 | download5.avast.com |
127.0.0.1 | download4.avast.com |
127.0.0.1 | download3.avast.com |
127.0.0.1 | download2.avast.com |
127.0.0.1 | download1.avast.com |
127.0.0.1 | download0.avast.com |
127.0.0.1 | download72.avast.com |
127.0.0.1 | download73.avast.com |
127.0.0.1 | download74.avast.com |
127.0.0.1 | download75.avast.com |
127.0.0.1 | download76.avast.com |
127.0.0.1 | download77.avast.com |
127.0.0.1 | download78.avast.com |
127.0.0.1 | download79.avast.com |
127.0.0.1 | download80.avast.com |
127.0.0.1 | download81.avast.com |
127.0.0.1 | download82.avast.com |
127.0.0.1 | download83.avast.com |
127.0.0.1 | download84.avast.com |
127.0.0.1 | download85.avast.com |
127.0.0.1 | download91.avast.com |
127.0.0.1 | download92.avast.com |
127.0.0.1 | download93.avast.com |
127.0.0.1 | download94.avast.com |
127.0.0.1 | download95.avast.com |
127.0.0.1 | download96.avast.com |
127.0.0.1 | download97.avast.com |
127.0.0.1 | download98.avast.com |
127.0.0.1 | download99.avast.com |
127.0.0.1 | download100.avast.com |
127.0.0.1 | download200.avast.com |
127.0.0.1 | download201.avast.com |
127.0.0.1 | download202.avast.com |
127.0.0.1 | download203.avast.com |
127.0.0.1 | download204.avast.com |
127.0.0.1 | download205.avast.com |
127.0.0.1 | download206.avast.com |
127.0.0.1 | download207.avast.com |
127.0.0.1 | download208.avast.com |
127.0.0.1 | download209.avast.com |
127.0.0.1 | download210.avast.com |
127.0.0.1 | download211.avast.com |
127.0.0.1 | download212.avast.com |
127.0.0.1 | download213.avast.com |
127.0.0.1 | download214.avast.com |
127.0.0.1 | download501.avast.com |
127.0.0.1 | download502.avast.com |
127.0.0.1 | download503.avast.com |
127.0.0.1 | download504.avast.com |
127.0.0.1 | download505.avast.com |
127.0.0.1 | download511.avast.com |
127.0.0.1 | download512.avast.com |
127.0.0.1 | download513.avast.com |
127.0.0.1 | download514.avast.com |
127.0.0.1 | download515.avast.com |
127.0.0.1 | download516.avast.com |
127.0.0.1 | download600.avast.com |
127.0.0.1 | download601.avast.com |
127.0.0.1 | download602.avast.com |
127.0.0.1 | download603.avast.com |
127.0.0.1 | download604.avast.com |
127.0.0.1 | download605.avast.com |
127.0.0.1 | download606.avast.com |
127.0.0.1 | download607.avast.com |
127.0.0.1 | download608.avast.com |
127.0.0.1 | download609.avast.com |
127.0.0.1 | download617.avast.com |
127.0.0.1 | download618.avast.com |
127.0.0.1 | download619.avast.com |
127.0.0.1 | download620.avast.com |
127.0.0.1 | download621.avast.com |
127.0.0.1 | download622.avast.com |
127.0.0.1 | download623.avast.com |
127.0.0.1 | download624.avast.com |
127.0.0.1 | download625.avast.com |
127.0.0.1 | download626.avast.com |
127.0.0.1 | download627.avast.com |
127.0.0.1 | download628.avast.com |
127.0.0.1 | download629.avast.com |
127.0.0.1 | download630.avast.com |
127.0.0.1 | download631.avast.com |
127.0.0.1 | download632.avast.com |
127.0.0.1 | download633.avast.com |
127.0.0.1 | download634.avast.com |
127.0.0.1 | download635.avast.com |
127.0.0.1 | download636.avast.com |
127.0.0.1 | download637.avast.com |
127.0.0.1 | download638.avast.com |
127.0.0.1 | download639.avast.com |
127.0.0.1 | download640.avast.com |
127.0.0.1 | download641.avast.com |
127.0.0.1 | download642.avast.com |
127.0.0.1 | download643.avast.com |
127.0.0.1 | download644.avast.com |
127.0.0.1 | download645.avast.com |
127.0.0.1 | download646.avast.com |
127.0.0.1 | download647.avast.com |
127.0.0.1 | download648.avast.com |
127.0.0.1 | download649.avast.com |
127.0.0.1 | download650.avast.com |
127.0.0.1 | download651.avast.com |
127.0.0.1 | download652.avast.com |
127.0.0.1 | download653.avast.com |
127.0.0.1 | download654.avast.com |
127.0.0.1 | download655.avast.com |
127.0.0.1 | download656.avast.com |
127.0.0.1 | download657.avast.com |
127.0.0.1 | download658.avast.com |
127.0.0.1 | download659.avast.com |
127.0.0.1 | download660.avast.com |
127.0.0.1 | download661.avast.com |
127.0.0.1 | download662.avast.com |
127.0.0.1 | download663.avast.com |
127.0.0.1 | download664.avast.com |
127.0.0.1 | download665.avast.com |
127.0.0.1 | download666.avast.com |
127.0.0.1 | download667.avast.com |
127.0.0.1 | download668.avast.com |
127.0.0.1 | download669.avast.com |
127.0.0.1 | download670.avast.com |
127.0.0.1 | download671.avast.com |
127.0.0.1 | download672.avast.com |
127.0.0.1 | download673.avast.com |
127.0.0.1 | download674.avast.com |
127.0.0.1 | download675.avast.com |
127.0.0.1 | download676.avast.com |
127.0.0.1 | download677.avast.com |
127.0.0.1 | download678.avast.com |
127.0.0.1 | download679.avast.com |
127.0.0.1 | download680.avast.com |
127.0.0.1 | download681.avast.com |
127.0.0.1 | download682.avast.com |
127.0.0.1 | download683.avast.com |
127.0.0.1 | download684.avast.com |
127.0.0.1 | download685.avast.com |
127.0.0.1 | download686.avast.com |
127.0.0.1 | download687.avast.com |
127.0.0.1 | download688.avast.com |
127.0.0.1 | download689.avast.com |
127.0.0.1 | download690.avast.com |
127.0.0.1 | download691.avast.com |
127.0.0.1 | download692.avast.com |
127.0.0.1 | download693.avast.com |
127.0.0.1 | download694.avast.com |
127.0.0.1 | download695.avast.com |
127.0.0.1 | download696.avast.com |
127.0.0.1 | download697.avast.com |
127.0.0.1 | download698.avast.com |
127.0.0.1 | download699.avast.com |
127.0.0.1 | download700.avast.com |
127.0.0.1 | download701.avast.com |
127.0.0.1 | download702.avast.com |
127.0.0.1 | download703.avast.com |
127.0.0.1 | download704.avast.com |
127.0.0.1 | download705.avast.com |
127.0.0.1 | download706.avast.com |
127.0.0.1 | download707.avast.com |
127.0.0.1 | download708.avast.com |
127.0.0.1 | download709.avast.com |
127.0.0.1 | download900.avast.com |
127.0.0.1 | download901.avast.com |
127.0.0.1 | download902.avast.com |
127.0.0.1 | download903.avast.com |
127.0.0.1 | download904.avast.com |
127.0.0.1 | download905.avast.com |
127.0.0.1 | download906.avast.com |
127.0.0.1 | download907.avast.com |
127.0.0.1 | download908.avast.com |
127.0.0.1 | download909.avast.com |
127.0.0.1 | download910.avast.com |
127.0.0.1 | download911.avast.com |
127.0.0.1 | download912.avast.com |
127.0.0.1 | download913.avast.com |
127.0.0.1 | download914.avast.com |
127.0.0.1 | download915.avast.com |
127.0.0.1 | download916.avast.com |
127.0.0.1 | download917.avast.com |
127.0.0.1 | download918.avast.com |
127.0.0.1 | download919.avast.com |
127.0.0.1 | download920.avast.com |
127.0.0.1 | download921.avast.com |
127.0.0.1 | download922.avast.com |
127.0.0.1 | download923.avast.com |
127.0.0.1 | download924.avast.com |
127.0.0.1 | download925.avast.com |
127.0.0.1 | download926.avast.com |
127.0.0.1 | download927.avast.com |
127.0.0.1 | download928.avast.com |
127.0.0.1 | download929.avast.com |
127.0.0.1 | download930.avast.com |
127.0.0.1 | download931.avast.com |
127.0.0.1 | download932.avast.com |
127.0.0.1 | download933.avast.com |
127.0.0.1 | download934.avast.com |
127.0.0.1 | download935.avast.com |
127.0.0.1 | download936.avast.com |
127.0.0.1 | download937.avast.com |
127.0.0.1 | download938.avast.com |
127.0.0.1 | download939.avast.com |
127.0.0.1 | download940.avast.com |
127.0.0.1 | download941.avast.com |
127.0.0.1 | download942.avast.com |
127.0.0.1 | download943.avast.com |
127.0.0.1 | download944.avast.com |
127.0.0.1 | download945.avast.com |
127.0.0.1 | download946.avast.com |
127.0.0.1 | download947.avast.com |
127.0.0.1 | download948.avast.com |
127.0.0.1 | download949.avast.com |
127.0.0.1 | download950.avast.com |
127.0.0.1 | download951.avast.com |
127.0.0.1 | download952.avast.com |
127.0.0.1 | download953.avast.com |
127.0.0.1 | download954.avast.com |
127.0.0.1 | download955.avast.com |
127.0.0.1 | download956.avast.com |
127.0.0.1 | download957.avast.com |
127.0.0.1 | download958.avast.com |
127.0.0.1 | download959.avast.com |
127.0.0.1 | download960.avast.com |
127.0.0.1 | download961.avast.com |
127.0.0.1 | download962.avast.com |
127.0.0.1 | download963.avast.com |
127.0.0.1 | download964.avast.com |
127.0.0.1 | download965.avast.com |
127.0.0.1 | download966.avast.com |
127.0.0.1 | download967.avast.com |
127.0.0.1 | download968.avast.com |
127.0.0.1 | download969.avast.com |
127.0.0.1 | download970.avast.com |
127.0.0.1 | download971.avast.com |
127.0.0.1 | download972.avast.com |
127.0.0.1 | download973.avast.com |
127.0.0.1 | download974.avast.com |
127.0.0.1 | download975.avast.com |
127.0.0.1 | download976.avast.com |
127.0.0.1 | download977.avast.com |
127.0.0.1 | download978.avast.com |
127.0.0.1 | download979.avast.com |
127.0.0.1 | download980.avast.com |
127.0.0.1 | update.avgfrance.com |
127.0.0.1 | update.avg.com |
127.0.0.1 | shadow.grisoft.cz |
127.0.0.1 | update.grisoft.com |
127.0.0.1 | free.grisoft.cz |
127.0.0.1 | update.grisoft.cz |
127.0.0.1 | free.grisoft.com |
127.0.0.1 | guru.avg.com |
127.0.0.1 | dl1.avgate.net |
127.0.0.1 | dl2.avgate.net |
127.0.0.1 | dl3.avgate.net |
127.0.0.1 | dl4.avgate.net |
127.0.0.1 | dl5.avgate.net |
127.0.0.1 | dl6.avgate.net |
127.0.0.1 | dl7.avgate.net |
127.0.0.1 | dl8.freeav.net |
127.0.0.1 | dl9.freeav.net |
127.0.0.1 | dl10.freeav.net |
127.0.0.1 | dl1.antivir-pe.de |
127.0.0.1 | dl2.antivir-pe.de |
127.0.0.1 | dl3.antivir-pe.de |
127.0.0.1 | dl4.antivir-pe.de |
127.0.0.1 | dl1.antivir-pe.com |
127.0.0.1 | dl2.antivir-pe.com |
127.0.0.1 | dl3.antivir-pe.com |
127.0.0.1 | dl4.antivir-pe.com |
127.0.0.1 | dl1.antivir.de |
127.0.0.1 | dl2.antivir.de |
127.0.0.1 | dl3.antivir.de |
127.0.0.1 | dl4.antivir.de |
127.0.0.1 | notifier.antivir-pe.de |
127.0.0.1 | update.bitdefender.com |
127.0.0.1 | buddy.bitdefender.com |
127.0.0.1 | upgrade.bitdefender.com |
127.0.0.1 | upgrade1.bitdefender.com |
127.0.0.1 | upgrade2.bitdefender.com |
127.0.0.1 | upgrade3.bitdefender.com |
127.0.0.1 | upgrade4.bitdefender.com |
127.0.0.1 | kb.bitdefender.com |
127.0.0.1 | ftp.bitdefender.com |
127.0.0.1 | updates.drweb.com |
127.0.0.1 | update.drweb.com |
127.0.0.1 | msk.drweb.com |
127.0.0.1 | msk1.drweb.com |
127.0.0.1 | msk2.drweb.com |
127.0.0.1 | msk3.drweb.com |
127.0.0.1 | msk4.drweb.com |
127.0.0.1 | msk5.drweb.com |
127.0.0.1 | msk6.drweb.com |
127.0.0.1 | msk7.drweb.com |
127.0.0.1 | fr.drweb.com |
127.0.0.1 | fr1.drweb.com |
127.0.0.1 | fr2.drweb.com |
127.0.0.1 | fr3.drweb.com |
127.0.0.1 | fr4.drweb.com |
127.0.0.1 | fr5.drweb.com |
127.0.0.1 | fr6.drweb.com |
127.0.0.1 | fr7.drweb.com |
127.0.0.1 | dnl-cd1.kaspersky-labs.com |
127.0.0.1 | dnl-cd10.kaspersky-labs.com |
127.0.0.1 | dnl-cd11.kaspersky-labs.com |
127.0.0.1 | dnl-cd12.kaspersky-labs.com |
127.0.0.1 | dnl-cd13.kaspersky-labs.com |
127.0.0.1 | dnl-cd14.kaspersky-labs.com |
127.0.0.1 | dnl-cd2.kaspersky-labs.com |
127.0.0.1 | dnl-cd3.kaspersky-labs.com |
127.0.0.1 | dnl-cd4.kaspersky-labs.com |
127.0.0.1 | dnl-cd5.kaspersky-labs.com |
127.0.0.1 | dnl-cd6.kaspersky-labs.com |
127.0.0.1 | dnl-cd7.kaspersky-labs.com |
127.0.0.1 | dnl-cd8.kaspersky-labs.com |
127.0.0.1 | dnl-cd9.kaspersky-labs.com |
127.0.0.1 | dnl-cn1.kaspersky-labs.com |
127.0.0.1 | dnl-cn10.kaspersky-labs.com |
127.0.0.1 | dnl-cn11.kaspersky-labs.com |
127.0.0.1 | dnl-cn12.kaspersky-labs.com |
127.0.0.1 | dnl-cn13.kaspersky-labs.com |
127.0.0.1 | dnl-cn14.kaspersky-labs.com |
127.0.0.1 | dnl-cn15.kaspersky-labs.com |
127.0.0.1 | dnl-cn2.kaspersky-labs.com |
127.0.0.1 | dnl-cn3.kaspersky-labs.com |
127.0.0.1 | dnl-cn4.kaspersky-labs.com |
127.0.0.1 | dnl-cn5.kaspersky-labs.com |
127.0.0.1 | dnl-cn6.kaspersky-labs.com |
127.0.0.1 | dnl-cn7.kaspersky-labs.com |
127.0.0.1 | dnl-cn8.kaspersky-labs.com |
127.0.0.1 | dnl-cn9.kaspersky-labs.com |
127.0.0.1 | dnl-eu1.kaspersky-labs.com |
127.0.0.1 | dnl-eu10.kaspersky-labs.com |
127.0.0.1 | dnl-eu11.kaspersky-labs.com |
127.0.0.1 | dnl-eu12.kaspersky-labs.com |
127.0.0.1 | dnl-eu13.kaspersky-labs.com |
127.0.0.1 | dnl-eu14.kaspersky-labs.com |
127.0.0.1 | dnl-eu15.kaspersky-labs.com |
127.0.0.1 | dnl-eu2.kaspersky-labs.com |
127.0.0.1 | dnl-eu3.kaspersky-labs.com |
127.0.0.1 | dnl-eu4.kaspersky-labs.com |
127.0.0.1 | dnl-eu5.kaspersky-labs.com |
127.0.0.1 | dnl-eu6.kaspersky-labs.com |
127.0.0.1 | dnl-eu7.kaspersky-labs.com |
127.0.0.1 | dnl-eu8.kaspersky-labs.com |
127.0.0.1 | dnl-eu9.kaspersky-labs.com |
127.0.0.1 | dnl-jp1.kaspersky-labs.com |
127.0.0.1 | dnl-jp10.kaspersky-labs.com |
127.0.0.1 | dnl-jp11.kaspersky-labs.com |
127.0.0.1 | dnl-jp12.kaspersky-labs.com |
127.0.0.1 | dnl-jp13.kaspersky-labs.com |
127.0.0.1 | dnl-jp14.kaspersky-labs.com |
127.0.0.1 | dnl-jp15.kaspersky-labs.com |
127.0.0.1 | dnl-jp2.kaspersky-labs.com |
127.0.0.1 | dnl-jp3.kaspersky-labs.com |
127.0.0.1 | dnl-jp4.kaspersky-labs.com |
127.0.0.1 | dnl-jp5.kaspersky-labs.com |
127.0.0.1 | dnl-jp6.kaspersky-labs.com |
127.0.0.1 | dnl-jp7.kaspersky-labs.com |
127.0.0.1 | dnl-jp8.kaspersky-labs.com |
127.0.0.1 | dnl-jp9.kaspersky-labs.com |
127.0.0.1 | dnl-kr1.kaspersky-labs.com |
127.0.0.1 | dnl-kr10.kaspersky-labs.com |
127.0.0.1 | dnl-kr11.kaspersky-labs.com |
127.0.0.1 | dnl-kr12.kaspersky-labs.com |
127.0.0.1 | dnl-kr13.kaspersky-labs.com |
127.0.0.1 | dnl-kr14.kaspersky-labs.com |
127.0.0.1 | dnl-kr15.kaspersky-labs.com |
127.0.0.1 | dnl-kr2.kaspersky-labs.com |
127.0.0.1 | dnl-kr3.kaspersky-labs.com |
127.0.0.1 | dnl-kr4.kaspersky-labs.com |
127.0.0.1 | dnl-kr5.kaspersky-labs.com |
127.0.0.1 | dnl-kr6.kaspersky-labs.com |
127.0.0.1 | dnl-kr7.kaspersky-labs.com |
127.0.0.1 | dnl-kr8.kaspersky-labs.com |
127.0.0.1 | dnl-kr9.kaspersky-labs.com |
127.0.0.1 | dnl-ru1.kaspersky-labs.com |
127.0.0.1 | dnl-ru10.kaspersky-labs.com |
127.0.0.1 | dnl-ru11.kaspersky-labs.com |
127.0.0.1 | dnl-ru12.kaspersky-labs.com |
127.0.0.1 | dnl-ru13.kaspersky-labs.com |
127.0.0.1 | dnl-ru14.kaspersky-labs.com |
127.0.0.1 | dnl-ru15.kaspersky-labs.com |
127.0.0.1 | dnl-ru2.kaspersky-labs.com |
127.0.0.1 | dnl-ru3.kaspersky-labs.com |
127.0.0.1 | dnl-ru4.kaspersky-labs.com |
127.0.0.1 | dnl-ru5.kaspersky-labs.com |
127.0.0.1 | dnl-ru6.kaspersky-labs.com |
127.0.0.1 | dnl-ru7.kaspersky-labs.com |
127.0.0.1 | dnl-ru8.kaspersky-labs.com |
127.0.0.1 | dnl-ru9.kaspersky-labs.com |
127.0.0.1 | dnl-us1.kaspersky-labs.com |
127.0.0.1 | dnl-us10.kaspersky-labs.com |
127.0.0.1 | dnl-us11.kaspersky-labs.com |
127.0.0.1 | dnl-us12.kaspersky-labs.com |
127.0.0.1 | dnl-us13.kaspersky-labs.com |
127.0.0.1 | dnl-us14.kaspersky-labs.com |
127.0.0.1 | dnl-us15.kaspersky-labs.com |
127.0.0.1 | dnl-us2.kaspersky-labs.com |
127.0.0.1 | dnl-us3.kaspersky-labs.com |
127.0.0.1 | dnl-us4.kaspersky-labs.com |
127.0.0.1 | dnl-us5.kaspersky-labs.com |
127.0.0.1 | dnl-us6.kaspersky-labs.com |
127.0.0.1 | dnl-us7.kaspersky-labs.com |
127.0.0.1 | dnl-us8.kaspersky-labs.com |
127.0.0.1 | dnl-us9.kaspersky-labs.com |
127.0.0.1 | u0.eset.com |
127.0.0.1 | u1.eset.com |
127.0.0.1 | u2.eset.com |
127.0.0.1 | u3.eset.com |
127.0.0.1 | u4.eset.com |
127.0.0.1 | u5.eset.com |
127.0.0.1 | u6.eset.com |
127.0.0.1 | u7.eset.com |
127.0.0.1 | u8.eset.com |
127.0.0.1 | u9.eset.com |
127.0.0.1 | u10.eset.com |
127.0.0.1 | u11.eset.com |
127.0.0.1 | u12.eset.com |
127.0.0.1 | u13.eset.com |
127.0.0.1 | u14.eset.com |
127.0.0.1 | u15.eset.com |
127.0.0.1 | u16.eset.com |
127.0.0.1 | u17.eset.com |
127.0.0.1 | u18.eset.com |
127.0.0.1 | u19.eset.com |
127.0.0.1 | u20.eset.com |
127.0.0.1 | u21.eset.com |
127.0.0.1 | u22.eset.com |
127.0.0.1 | u23.eset.com |
127.0.0.1 | u24.eset.com |
127.0.0.1 | u25.eset.com |
127.0.0.1 | u26.eset.com |
127.0.0.1 | u27.eset.com |
127.0.0.1 | u28.eset.com |
127.0.0.1 | u29.eset.com |
127.0.0.1 | u30.eset.com |
127.0.0.1 | u31.eset.com |
127.0.0.1 | u32.eset.com |
127.0.0.1 | u33.eset.com |
127.0.0.1 | u34.eset.com |
127.0.0.1 | u35.eset.com |
127.0.0.1 | u36.eset.com |
127.0.0.1 | u37.eset.com |
127.0.0.1 | u38.eset.com |
127.0.0.1 | u39.eset.com |
127.0.0.1 | u40.eset.com |
127.0.0.1 | u41.eset.com |
127.0.0.1 | u42.eset.com |
127.0.0.1 | u43.eset.com |
127.0.0.1 | u44.eset.com |
127.0.0.1 | u45.eset.com |
127.0.0.1 | u46.eset.com |
127.0.0.1 | u47.eset.com |
127.0.0.1 | u48.eset.com |
127.0.0.1 | u49.eset.com |
127.0.0.1 | u50.eset.com |
127.0.0.1 | u51.eset.com |
127.0.0.1 | u52.eset.com |
127.0.0.1 | u53.eset.com |
127.0.0.1 | u54.eset.com |
127.0.0.1 | u55.eset.com |
127.0.0.1 | u56.eset.com |
127.0.0.1 | u57.eset.com |
127.0.0.1 | u58.eset.com |
127.0.0.1 | u59.eset.com |
127.0.0.1 | u60.eset.com |
127.0.0.1 | u61.eset.com |
127.0.0.1 | u62.eset.com |
127.0.0.1 | u63.eset.com |
127.0.0.1 | u64.eset.com |
127.0.0.1 | u65.eset.com |
127.0.0.1 | u66.eset.com |
127.0.0.1 | u67.eset.com |
127.0.0.1 | u68.eset.com |
127.0.0.1 | u69.eset.com |
127.0.0.1 | u70.eset.com |
127.0.0.1 | u71.eset.com |
127.0.0.1 | u72.eset.com |
127.0.0.1 | u73.eset.com |
127.0.0.1 | u74.eset.com |
127.0.0.1 | u75.eset.com |
127.0.0.1 | u76.eset.com |
127.0.0.1 | u77.eset.com |
127.0.0.1 | u78.eset.com |
127.0.0.1 | u79.eset.com |
127.0.0.1 | u80.eset.com |
127.0.0.1 | u81.eset.com |
127.0.0.1 | u82.eset.com |
127.0.0.1 | u83.eset.com |
127.0.0.1 | u84.eset.com |
127.0.0.1 | u85.eset.com |
127.0.0.1 | u86.eset.com |
127.0.0.1 | u87.eset.com |
127.0.0.1 | u88.eset.com |
127.0.0.1 | u89.eset.com |
127.0.0.1 | u90.eset.com |
127.0.0.1 | u91.eset.com |
127.0.0.1 | u92.eset.com |
127.0.0.1 | u93.eset.com |
127.0.0.1 | u94.eset.com |
127.0.0.1 | u95.eset.com |
127.0.0.1 | u96.eset.com |
127.0.0.1 | u97.eset.com |
127.0.0.1 | u98.eset.com |
127.0.0.1 | u99.eset.com |
127.0.0.1 | u100.eset.com |
127.0.0.1 | up1.nod123.cn |
127.0.0.1 | nod32.datsec.de |
127.0.0.1 | niufour.norman.no |
127.0.0.1 | download.norman.no |
127.0.0.1 | niuone.norman.no |
127.0.0.1 | niusix.norman.no |
127.0.0.1 | niutwo.norman.no |
127.0.0.1 | niuseven.norman.no |
127.0.0.1 | niuthree.norman.no |
127.0.0.1 | niunine.norman.no |
127.0.0.1 | niufive.norman.no |
127.0.0.1 | niueight.norman.no |
127.0.0.1 | sandbox.norman.com |
127.0.0.1 | liveupdate.symantec.com |
127.0.0.1 | update.symantec.com |
127.0.0.1 | updates.symantec.com |
127.0.0.1 | symantec-ese.baynote.net |
127.0.0.1 | stats.norton.com |
127.0.0.1 | customer.symantec.com |
127.0.0.1 | renewalcenter.symantec.com |
127.0.0.1 | security.symantec.com |
127.0.0.1 | shop.symantec.com |
127.0.0.1 | securityresponse.symantec.com |
127.0.0.1 | ftp.symantec.com |
127.0.0.1 | rads.mcafee.com |
127.0.0.1 | fr.mcafee.com |
127.0.0.1 | mast.mcafee.com |
127.0.0.1 | us.mcafee.com |
127.0.0.1 | ftp.nai.com |
127.0.0.1 | download.mcafee.com |
127.0.0.1 | dispatch.mcafee.com |
127.0.0.1 | secure.nai.com |
127.0.0.1 | download1.quickheal.com |
127.0.0.1 | download2.quickheal.com |
127.0.0.1 | download3.quickheal.com |
127.0.0.1 | download4.quickheal.com |
127.0.0.1 | download5.quickheal.com |
127.0.0.1 | download6.quickheal.com |
127.0.0.1 | download7.quickheal.com |
127.0.0.1 | download8.quickheal.com |
127.0.0.1 | download9.quickheal.com |
127.0.0.1 | download10.quickheal.com |
127.0.0.1 | update.quickheal.com |
127.0.0.1 | sophos1.ucd.ie |
127.0.0.1 | sophos2.ucd.ie |
127.0.0.1 | sophos3.ucd.ie |
127.0.0.1 | sophos4.ucd.ie |
127.0.0.1 | sophos5.ucd.ie |
127.0.0.1 | sophos6.ucd.ie |
127.0.0.1 | sophos7.ucd.ie |
127.0.0.1 | sophos8.ucd.ie |
127.0.0.1 | sophos9.ucd.ie |
127.0.0.1 | sophos10.ucd.ie |
127.0.0.1 | update.sophos.com |
127.0.0.1 | pccreg.trendmicro.com |
127.0.0.1 | pccreg.antivirus.com |
127.0.0.1 | housecall.trendmicro.com |
127.0.0.1 | cn.trendmicro.com |
127.0.0.1 | files.trendmicro-europe.com |
127.0.0.1 | fr.bitdefender.com |
127.0.0.1 | update.trendmicro.com |
127.0.0.1 | ieupdate.gdata.de |
127.0.0.1 | ieupdate6.gdata.de |
127.0.0.1 | ieupdate5.gdata.de |
127.0.0.1 | ieupdate4.gdata.de |
127.0.0.1 | ieupdate3.gdata.de |
127.0.0.1 | ieupdate2.gdata.de |
127.0.0.1 | ieupdate1.gdata.de |
127.0.0.1 | acs.pandasoftware.com |
127.0.0.1 | downloads.My-eTrust.com |
127.0.0.1 | antivirus.cai.com |
127.0.0.1 | ftp.ca.co |
127.0.0.1 | ftp.esafe.com |
127.0.0.1 | updates.f-prot.com |
127.0.0.1 | ftp.f-prot.com |
127.0.0.1 | update.ikarus-software.at |
127.0.0.1 | avu.zonelabs.com |
127.0.0.1 | windowsupdate.microsoft.com |
127.0.0.1 | ftp.microworldsystems.com |
127.0.0.1 | update.aladdin.com |
127.0.0.1 | update.authentium.com |
127.0.0.1 | update.bitdefender.com |
127.0.0.1 | update.ewido.com |
127.0.0.1 | update.hispasec.com |
127.0.0.1 | up.duba.net |
127.0.0.1 | update.ikaka.com |
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:1844
cmd32.exe:1652 - Delete the original Worm file.
- Delete or disinfect the following files created/modified by the Worm:
%Program Files%\Windows NT\explorer.exe (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\20131030(2).zip (222132 bytes) - Restore the original content of the HOSTS file (%System%\drivers\etc\hosts): 127.0.0.1 localhost
- Reboot the computer.