MD5: 121aad89bde6b8a7a9dcf834e12126e1
SHA1: f3ded41a4152916bdf44be1ab15fd347475d19d8
SHA256: c14942366bd89a1eabae811b761cf8739fdad849e43eba8c7416c9793fa0ee29
SSDeep: 24576:NDl3aoF/H IDSoAsySJZf5D0WVBIx3Eo487Bj/0KCu:zaI/eIDmpQLBw3EKBjFd
Size: 1080739 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6, MicrosoftVisualC, MicrosoftVisualCv50v60MFC, MicrosoftVisualC50, Armadillov171
Company: PC Utilities Software Limited
Created at: 2004-09-14 09:41:04
Analyzed on: WindowsXP SP3 32-bit

Summary:

Worm. A program that is primarily replicating on networks or removable drives.

Payload

Process activity

The DeepScan creates the following process(es):

setup.exe:1340
%original file name%.exe:856

The DeepScan injects its code into the following process(es):
No processes have been created.

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:856 makes changes in the file system.
The DeepScan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\setup.exe (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VISEC.HLP (1832 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\amcap.exe (53 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VISEC.CNT (1 bytes)

Registry activity

The process setup.exe:1340 makes changes in the system registry.
The DeepScan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "59 D5 9E AF 8E B0 39 6E 9E 31 24 6A 3E 4D 9C D3"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1105471918"
"Name" = "setup.exe"

[HKLM\SOFTWARE\Microsoft\Direct3D\MostRecentApplication]
"Name" = "setup.exe"

The process %original file name%.exe:856 makes changes in the system registry.
The DeepScan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "45 47 34 D3 59 2D 7F 17 A1 F6 39 99 E2 60 DE 5A"

Dropped PE files

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: Philex Enterprises, Inc.
Product Name: ViSec Application
Product Version: 2, 4, 2, 0
Legal Copyright: Copyright (C) 2002
Legal Trademarks:
Original Filename: ViSec.EXE
Internal Name: ViSec
File Version: 2, 4, 2, 0
File Description: ViSec Application
Comments:
Language: Language Neutral

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

No activity has been detected.

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

Web Traffic was not found.

The DeepScan connects to the servers at the folowing location(s):

.text

`.rdata

@.data

.rsrc

__MSVCRT_HEAP_SELECT

user32.dll

KERNEL32.dll

USER32.dll

GetCPInfo

setup.exe

:Base Visec.hlp

2 Visec Login Feature=Visec Login Feature

2 FTP=FTP

2 FTP does not work=FTP Does Not Work

2 Hot Key does not work.=Hot Key does not work.

W.IIUn

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp

c:\%original file name%.exe

2, 4, 2, 0

ViSec.EXE

setup.exe_1340:

.text

`.rdata

@.data

.rsrc

FtPj

SSSShTzJ

VSSSSh

SSSShx

~%UVW

u$SShe

hXXp://VVV.visec.net/cgi-bin/getip.cgi

commctrl_DragListMsg

Afx:%x:%x:%x:%x:%x

Afx:%x:%x

COMCTL32.DLL

CCmdTarget

GDI32.DLL

CHotKeyCtrl

%*.*f

CMDIChildWnd

CMDIFrameWnd

MSWHEEL_ROLLMSG

RICHED32.DLL

CNotSupportedException

__MSVCRT_HEAP_SELECT

user32.dll

WINMM.dll

RASAPI32.dll

GetCPInfo

KERNEL32.dll

RegisterHotKey

UnregisterHotKey

GetKeyState

CreateDialogIndirectParamA

UnhookWindowsHookEx

SetWindowsHookExA

GetAsyncKeyState

USER32.dll

SetViewportOrgEx

OffsetViewportOrgEx

SetViewportExtEx

ScaleViewportExtEx

GDI32.dll

comdlg32.dll

WINSPOOL.DRV

RegCloseKey

RegOpenKeyExA

RegCreateKeyExA

RegDeleteKeyA

RegEnumKeyExA

ADVAPI32.dll

ShellExecuteA

SHELL32.dll

COMCTL32.dll

ole32.dll

OLEPRO32.DLL

OLEAUT32.dll

HttpSendRequestA

InternetCanonicalizeUrlA

HttpAddRequestHeadersA

HttpOpenRequestA

FtpDeleteFileA

FtpRenameFileA

FtpOpenFileA

FtpCreateDirectoryA

InternetOpenUrlA

WININET.dll

WSOCK32.dll

AVIFIL32.dll

MSVFW32.dll

%s: %s%s

%s - Cameras: %i

Sound files (*.wav)|*.wav||

Unable to connect to Camera: %s

hXXp://

JPEG Files (*.jpg)|*.jpg||

Export video clip (%i-%s) to AVI file

Export the entire video clip to AVI file

AVI Files (*.avi)|*.avi||

%s (%s)

Camera %s will be removed.

{X-X-X-X-4E455443414D}

Your hot key worked!

hXXp://%i.%i.%i.%i

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

serial_number=%s

%s Files (*.%s)|*.%s||

<p><b>Invalid password entered.</b></p>

Content-Location: %s

<html><head><meta http-equiv="refresh" content="0;url=%s"></head></html>

HTTP/1.1 200 OK

HTTP/1.0 404 Not Found

HTTP/1.1 304 Not Modified

HTTP_IF_MODIFIED_SINCE

/favicon.ico

: Failed to login - wrong password

: Login system locked for security purposes

cmd.exe

default.ida

Date: %s

text/vnd.wap.wmlscript

text/vnd.wap.wml

vnd.wap.wmlscriptc

vnd.wap.wbxml

vnd.wap.wmlc

HTTP_ACCEPT

HTTP_X_FORWARDED_FOR

HTTP_USER_AGENT

%s, i %s i i:i:i GMT

HTTP_

<img src="/histimg?date=%s&cam=%s&num=%i&session=$$$"

<a href="/history?date=%i&session=$$$&page=%i%s&play=%s">Playback mode</a>

<a href="/history?date=%i&page=%i&session=$$$%s"><img src="/slidc" border="0" hspace="0" vspace="0"></a>

<a href="/history?date=%i&session=$$$%s">Last</a>

<a href="/history?date=%i&page=%i&session=$$$%s">Next</a> 

<a href="/history?date=%i&page=%i&session=$$$%s">Prev</a> 

%s, %s

<a href="/historywml?session=$$$&date=%s&cam=%s">%s</a><br/>

%s, %s</p><p>

<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.1//EN" "hXXp://VVV.wapforum.org/DTD/wml_1.1.xml">

<card title="%s" id="%s">

<a href="/historywml?session=$$$;date=%s;cam=%s">%s</a><br/>

<img src="/histimg?date=%s;cam=%s;num=%i;session=$$$;width=%i" alt="image" /><br/>

<a href="/historywml?session=$$$;date=%s;cam=%s;page=0">Last</a>

<a href="/historywml?session=$$$;date=%s;cam=%s;page=%i">Next</a>

<a href="/historywml?session=$$$;date=%s;cam=%s;page=%i">Prev</a>

Date: %s, %s<br/></p><p>

<option %svalue="%i">%s</option>

<a href="/historycam?session=$$$;date=%i">%s</a><br/>

<a href="/allvideo?session=$$$&cam=%i">%s</a><br>

&rnd=%x

"liveimg_$$$_%x_800?new=on"

 <a href=/allvideo?session=$$$&rate=%s>%s</a>

 <a href="/allvideo?session=$$$;rate=%s">%s</a>

 <b>%s</b>

HTTP_UA_PIXELS

image/vnd.wap.wbmp

hXXp://VVV.visec.net/directx/

{\rtf1\ansi\ansicpg1251\uc1 \deff0\deflang1049\deflangfe1049{\fonttbl{\f0\froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f1\fswiss\fcharset204\fprq2{\*\panose 020b0604020202020204}Arial;}{\f30\froman\fcharset0\fprq2 Times New Roman;}{\f28\froman\fcharset238\fprq2 Times New Roman CE;}{\f31\froman\fcharset161\fprq2 Times New Roman Greek;}{\f32\froman\fcharset162\fprq2 Times New Roman Tur;}{\f33\froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f34\froman\fcharset178\fprq2 Times New Roman (Arabic);}{\f35\froman\fcharset186\fprq2 Times New Roman Baltic;}{\f38\fswiss\fcharset0\fprq2 Arial;}{\f36\fswiss\fcharset238\fprq2 Arial CE;}{\f39\fswiss\fcharset161\fprq2 Arial Greek;}{\f40\fswiss\fcharset162\fprq2 Arial Tur;}{\f41\fswiss\fcharset177\fprq2 Arial (Hebrew);}{\f42\fswiss\fcharset178\fprq2 Arial (Arabic);}{\f43\fswiss\fcharset186\fprq2 Arial Baltic;}}{\colortbl;\red0\green0\blue0;\red0\green0\blue255;\red0\green255\blue255;\red0\green255\blue0;\red255\green0\blue255;\red255\green0\blue0;\red255\green255\blue0;\red255\green255\blue255;\red0\green0\blue128;\red0\green128\blue128;\red0\green128\blue0;\red128\green0\blue128;\red128\green0\blue0;\red128\green128\blue0;\red128\green128\blue128;\red192\green192\blue192;}{\stylesheet{\ql \li0\ri0\widctlpar\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 \fs24\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 \snext0 Normal;}{\s1\ql \li0\ri0\keepn\widctlpar\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 \b\f1\fs24\ul\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 \sbasedon0 \snext0 heading 1;}{\*\cs10 \additive Default Paragraph Font;}}{\info{\title LICENSE AGREEMENT}{\author A}{\operator Dmitry}{\creatim\yr2002\mo7\dy8\hr16\min15}{\revtim\yr2002\mo7\dy8\hr16\min15}{\version2}{\edmins35}{\nofpages2}{\nofwords412}{\nofchars2350}{\*\company A}{\nofcharsws2885}{\vern8249}}\widowctrl\ftnbj\aenddoc\noxlattoyen\expshrtn\noultrlspc\dntblnsbdb\nospaceforul\formshade\horzdoc\dgmargin\dghspace180\dgvspace180\dghorigin1701\dgvorigin1984\dghshow1\dgvshow1\jexpand\viewkind4\viewscale90\pgbrdrhead\pgbrdrfoot\splytwnine\ftnlytwnine\htmautsp\nolnhtadjtbl\useltbaln\alntblind\lytcalctblwd\lyttblrtgr\lnbrkrule \fet0\sectd \linex0\endnhere\sectlinegrid360\sectdefaultcl {\*\pnseclvl1\pnucrm\pnstart1\pnindent720\pnhang{\pntxta .}}{\*\pnseclvl2\pnucltr\pnstart1\pnindent720\pnhang{\pntxta .}}{\*\pnseclvl3\pndec\pnstart1\pnindent720\pnhang{\pntxta .}}{\*\pnseclvl4\pnlcltr\pnstart1\pnindent720\pnhang{\pntxta )}}{\*\pnseclvl5\pndec\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}{\*\pnseclvl6\pnlcltr\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}{\*\pnseclvl7\pnlcrm\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}{\*\pnseclvl8\pnlcltr\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}{\*\pnseclvl9\pnlcrm\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}\pard\plain \ql \li0\ri0\widctlpar\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 \fs24\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 {\b\f1\fs20 LICENSE AGREEMENT\par }{\f1\fs20 \par Copyright (C) 2002 by Philex Enterprises Inc. All Rights Reserved.\par \par \par }\pard\plain \s1\ql \li0\ri0\keepn\widctlpar\aspalpha\aspnum\faauto\outlinelevel0\adjustright\rin0\lin0\itap0 \b\f1\fs24\ul\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 {\fs20\ulnone LICENSE\par }\pard\plain \ql \li0\ri0\widctlpar\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 \fs24\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 {\f1\fs20 \par THE VISEC PROGRAM, HEREIN CALLED THE "SOFTWARE", IS OWNED BY PHILEX ENTERPRISES INC., AND IS PROTECTED BY UNITED STATES AND INTERNATIONAL COPYRIGHT LAWS. (AND INTERNATIONAL TREATIES). UPON YOUR AGREEMENT TO AND COMPLIANCE WITH THE TERMS OF THIS LICENSE AGREEMENT, PHILEX ENTERPRISES, INC. GRANTS YOU, HEREIN CALLED THE "LICENSEE", THE FOLLOWING NON-TRANSFERABLE, NON-EXCLUSIVE RIGHTS OF USE. PHILEX ENTERPRISES INC.. HAS THE RIGHT TO TERMINATE THIS AGREEMENT IF THE "LICENSEE" FAILS TO COMPLY WITH ANY TERM OR CONDITION OF THIS AGREEMENT. NO TITLE TO THE INTELLECTUAL PROPERTY IN THE "SOFTWARE" IS TRANSFERRED TO YOU. THE "LICENSEE" DOES NOT ACQUIRE ANY RIGHTS TO THE "SOFTWARE" EXCEPT AS EXPRESSLY SET FORTH IN THIS LICENSE.\par \par }\pard\plain \s1\ql \li0\ri0\keepn\widctlpar\aspalpha\aspnum\faauto\outlinelevel0\adjustright\rin0\lin0\itap0 \b\f1\fs24\ul\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 {\fs20\ulnone GRANT OF LICENSE REGARDING THE PROGRAM\par }\pard\plain \ql \li0\ri0\widctlpar\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 \fs24\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 {\f1\fs20 \par PHILEX ENTERPRISES INC. GRANTS THE "LICENSEE" THE FOLLOWING RIGHTS REGARDING THE USE OF THE "SOFTWARE":\par \par 1) USE OF THE "SOFTWARE" FOR THE "LICENSEE'S" PERSONAL OR BUSINESS PURPOSES. \par \par 2) COPYING THE "SOFTWARE"\par i) THE "LICENSEE" MAY NOT MAKE COPIES OF THE "SOFTWARE" OTHER THAN THOSE GRANTED BY LAW FOR ARCHIVAL OR BACKUP PURPOSES.\par ii) THE "SOFTWARE" MAY BE TRANSFERRED TO THE HARD DISK OF ANY COMPUTER, OR NETWORK OF COMPUTERS, BELONGING TO THE "LICENSEE".\par \par }\pard\plain \s1\ql \li0\ri0\keepn\widctlpar\aspalpha\aspnum\faauto\outlinelevel0\adjustright\rin0\lin0\itap0 \b\f1\fs24\ul\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 {\fs20\ulnone RESTRICTIONS REGARDING THE PROGRAM \par }\pard\plain \ql \li0\ri0\widctlpar\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 \fs24\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 {\f1\fs20 \par THE "LICENSEE" MAY NOT DISTRIBUTE, SUBLICENSE, LEASE, SELL, RENT OR OTHERWISE TRANSFER THE "SOFTWARE", OR ANY MODIFICATION OR DERIVATIVE THEREOF, TO ANY OTHER INDIVIDUAL OR GROUP FOR ANY REASON. \par \par }\pard\plain \s1\ql \li0\ri0\keepn\widctlpar\aspalpha\aspnum\faauto\outlinelevel0\adjustright\rin0\lin0\itap0 \b\f1\fs24\ul\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 {\fs20\ulnone LIMITATIONS OF LIABILITY AND DISCLAIMER OF WARRANTY \par }\pard\plain \ql \li0\ri0\widctlpar\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 \fs24\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 {\f1\fs20 \par THERE ARE NO WARRANTY RIGHTS GRANTED TO YOU, THE "LICENSEE", REGARDING THE "SOFTWARE". THE "SOFTWARE" AND ACCOMPANYING WRITTEN MATERIALS ARE SUPPLIED TO THE "LICENSEE" "AS IS" WITHOUT WARRANTY OF ANY KIND. PHILEX ENTERPRISES INC. DOES NOT GUARANTEE, WARRANT, OR MAKE ANY \par REPRESENTATIONS, EITHER EXPRESSED OR IMPLIED, REGARDING THE USE, OR THE RESULTS OF THE USE OF THE "SOFTWARE" OR THE GENERIC WRITTEN MATERIALS WITH REGARDS TO RELIABILITY, ACCURACY, CORRECTNESS, OR OTHERWISE. THE "LICENSEE" ASSUMES THE ENTIRE RISK AS TO THE RESULTS AND PERFORMANCE OF THE "SOFTWARE".\par \par PHILEX ENTERPRISES INC. SHALL NOT BE LIABLE UNDER ANY CIRCUMSTANCES, FOR ANY DAMAGES WHATSOEVER, ARISING OUT OF THE USE, OR THE INABILITY TO USE, THE "SOFTWARE", EVEN IF PHILEX ENTERPRISES HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, OR PHILEX ENTERPRISES INC. IS AT FAULT OR ERROR FOR THE DAMAGES.\par \par BY USING "SOFTWARE," LICENSEE AGREES TO ALL TERMS AND CONDITIONS AND AGREES TO HOLD PHILEX ENTERPRISES INC HARMLESS, ITS EMPLOYEES AND ANY TIER ASSOCIATED WITH DEVELOPMENT OF "SOFTWARE" HARMLESS OF ANY PROBLEMS, ERRORS, LEGAL FEES, COURT FEES AND ANY EXPENSES ASSOCIATED WITH PROBLEMS DIRECTLY OR INDIRECTLY RELATING TO "SOFTWARE."\par }{\par }}

Software\Microsoft\Windows\CurrentVersion\Uninstall\VISEC

Software\Microsoft\Windows\CurrentVersion

%Program Files%

visec.gid

Uninstall Visec.lnk

Visec.lnk

amcap.exe

visec.cnt

visec.hlp

Visec.exe

del "%s"

x.bat

rd "%s"

if exist "%s" goto again

%s <%s>

CSMTPConnection v1.12

Content-type: multipart/mixed; boundary="--6EC9C77A-9269-474b-9764-12DF26B76A0E--BOUNDARY--"

Reply-To: %s

From: %s

To: %s

Subject: %s

X-Mailer: %s

%a, %d %b %Y %H:%M:%S %Z

pass %s

user %s

HELO %s

EHLO %s

----6EC9C77A-9269-474b-9764-12DF26B76A0E--BOUNDARY----

----6EC9C77A-9269-474b-9764-12DF26B76A0E--BOUNDARY--

Content-Type: application/octet-stream; name=%s

Content-Disposition: attachment; filename=%s

RCPT TO:<%s>

MAIL FROM:<%s>

Password:

AUTH LOGIN

CTabFTP

hXXp://VVV.visec.net/ftpaccount/

Please enter a Website Password

Please enter a Website Username

Please enter a port number

Please enter a remote access password

Software\Microsoft\Windows\CurrentVersion\Run

visec.exe

Please enter a disarm password.

The password shouldn't be empty.

Invalid login

Failed to connect to VBO server: %s

Socket error: %s

Winsock.dll version out of range

Socket type not supported

Protocol not supported

Protocol family not supported

Operation not supported

Socket operation on nonsocket

Operation now in progress

Operation already in progress

Address family not supported by protocol family

Logon to VBO server failed: invalid user name or password

hXXp://VVV.visec.net/updateclienturl.php?data=

PVProp150.dll not initialized

PVProp150.dll initialized

PVProp150.dll not loaded

PVProp150.dll

%i:i:i%s

VPassword

VLogin

HTTPPass

UseSmartLogin

HTTP_Port

HTTP_IP

UseHTTP

vbo.disarmt

vbo.disarmp

vbo.countdown

vbo.vq

vbo.acceptcmd

vbo.thisport

vbo.staticip

vbo.backconn

vbo.srinterval

vbo.sendrep

vbo.login

vbo.port

vbo.server

vbo.use

Area.rc%i.

Area.Count

Area.Use

%s - %s

%ssh%i.

vbo.autosendtime

vbo.autosend

vbo.stamp

vbo.scale

vbo.mono

vbo.watch

UpldPassive

UpldPass

UpldLogin

NetURL

Mail.msg

Mail.subj

Mail.stamp

Mail.scale50

Mail.mono

Mail.attach

Mail.send

NoFTP

Couldn't LoadLibrary dpnhpast.dll

dpnhpast.dll

Couldn't LoadLibrary D3D8.DLL

D3D8.DLL

DINPUT.DLL

DDRAW.DLL

KERNEL32.DLL

%s\i

-4E455443414D}

[i.i.i %s] Motion detected, %s

Failed to write the file %s

i.FTP

VISECi_%s_%s_%i

????????.FTP

QUEUEi.FTP

QUEUE???.FTP

FTPQUEUE

C:\VISEC

FTP: %i file(s) uploaded; %i file(s) in queue

/camera.inf

Failed to establish FTP connection. Please check options!

Failed to download: %s

Failed to send SMTP message after 5 attempts, aborting.

FTP files are removed (FTP queue is empty)

Schedule.et

Schedule.st

Schedule.ed

Schedule.sd

Schedule.flags

FtpStamp

FTPFormat

PassiveFTP

FTPPass

FTPLogin

FTPDir

FTPServ

i-i-i %i:i:i%s

SMTPStamp

SMTPScale

SMTPSendMono

SMTPSendImage

SMTPMinutes

SMTPSendMax

SMTPPassword

SMTPLogin

SMTPAuthentication

SMTPServer

EnableSMTP

IMAGE.JPG

Connection to %s failed: %s

Connecting to %s

Failed to send this computer's IP address to VISEC.NET

This computer's IP address successfully sent to VISEC.NET

hXXp://VVV.visec.net/update.txt

Error: Failed to open log file: "%s"

%s: %s

%s_visec.txt

*.vvf

?????.vvf

#NOPATH_%s

report

Failed to open camera %s: maximum number of open cameras is reached

VBO operator changed motion settings for camera %s

. Attachment: %s, %d bytes

Sending %d seconds of live video from camera %s

Canceled live video from camera %s

Camera "%s" isn't configured to send live video to VBO server

Sound clip "%s" is played.

*.wav

Your IP address is: <%s>

If you chose to use <VVV.visec.net> to view video remotely, go to <VVV.visec.net/members.php> and login.

If you chose to not communicate your IP address to <VVV.visec.net> you can type in the IP address listed above, into any web browser.

CWiseFTP

CWiseRALogin

CWiseRAPort

Corrupt JPEG data: found marker 0xx instead of RST%d

Warning: unknown JFIF revision number %d.d

Corrupt JPEG data: %u extraneous bytes before marker 0xx

Inconsistent progression sequence for component %d coefficient %d

Unknown Adobe color transform code %d

Obtained XMS handle %u

Freed XMS handle %u

Unrecognized component IDs %d %d %d, assuming YCbCr

Opened temporary file %s

Closed temporary file %s

Ss=%d, Se=%d, Ah=%d, Al=%d

Component %d: dc=%d ac=%d

Start Of Scan: %d components

Component %d: %dhx%dv q=%d

Start Of Frame 0xx: width=%u, height=%u, components=%d

Smoothing not supported with nonstandard sampling ratios

RST%d

At marker 0xx, recovery action %d

Selected %d colors for quantization

Quantizing to %d colors

Quantizing to %d = %d*%d*%d colors

%4u %4u %4u %4u %4u %4u %4u %4u

Unexpected marker 0xx

Skipping marker 0xx, length %u

with %d x %d thumbnail image

Unknown JFIF minor revision number %d.d

Warning: thumbnail image size does not match data length %u

JFIF APP0 marker, density %dx%d %d

= = = = = = = =

Obtained EMS handle %u

Freed EMS handle %u

Define Restart Interval %u

Define Quantization Table %d precision %d

Define Huffman Table 0xx

Define Arithmetic Table 0xx: 0xx

Unknown APP14 marker (not Adobe), length %u

Unknown APP0 marker (not JFIF), length %u

Adobe APP14 marker: version %d, flags 0xx 0xx, transform %d

Unsupported marker type 0xx

Failed to create temporary file %s

Unsupported JPEG process: SOF type 0xx

Cannot quantize to more than %d colors

Cannot quantize to fewer than %d colors

Cannot quantize more than %d color components

Insufficient memory (case %d)

Not a JPEG file: starts with 0xx 0xx

Quantization table 0xx was not defined

Huffman table 0xx was not defined

Backing store not supported

Cannot transcode due to multiple use of quantization table %d

Maximum supported image dimension is %u pixels

Empty JPEG image (DNL not supported)

Bogus DQT index %d

Bogus DHT index %d

Bogus DAC value 0x%x

Bogus DAC index %d

Unsupported color conversion request

Too many color components: %d, max %d

Buffer passed to JPEG library is too small

JPEG parameter struct mismatch: library thinks size is %u, caller expects %u

Improper call to JPEG library in state %d

Invalid scan script at entry %d

Invalid progressive parameters at scan script entry %d

Invalid progressive parameters Ss=%d Se=%d Ah=%d Al=%d

Unsupported JPEG data precision %d

Invalid memory pool code %d

Wrong JPEG library version: library is %d, caller expects %d

IDCT output block size %d not supported

Invalid component ID %d in SOS

Bogus message code %d

%ld%c

.?AVCCmdTarget@@

.PAVCException@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.PAVCUserException@@

.PAVCObject@@

.PAVCSimpleException@@

.PAVCResourceException@@

.?AVCHotKeyCtrl@@

.PAVCOleException@@

.PAVCArchiveException@@

.?AVCMDIFrameWnd@@

.?AVCMDIChildWnd@@

.?AVCStatusCmdUI@@

.?AVCToolCmdUI@@

.PAVCMemoryException@@

.PAVCNotSupportedException@@

.?AVCNotSupportedException@@

zcÁ

windows

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\setup.exe

/B^[\%S

.KZ*^

hICrT>c

?.IX^

.wb,f

33333333331

3333333

wwvBÍD5I

wwvBÝDDRD

fEÞT"%g

%DUUU"G

%U"Ti

P%U3E

feRB#3#2D%s

Extended (Date/Camera/<time>.jpg)

Windows 95 Utopia Sound Scheme

[email protected]

@ @@ @` @

`@ `@@`@``@

<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">

window.document.lvideo.src = source;

window.document.lvideo.onload = nextimage;

window.clearTimeout(timerID);

ns4 = (document.layers)? true:false;

ie4 = (document.all)? true:false;

width = (ns4)? window.innerWidth-16 : document.body.offsetWidth-20;

imgbuf.onload = swapimage;

imgbuf.src = source;

timerID = window.setTimeout('refreshimage()', time);

deftime = 1000 * document.forms[0].rate.value;

<meta http-equiv="Content-Language" content="en-us">

<title>VISEC - Login</title>

<p>Please enter a password to log into VISEC: </p>

<form method="POST" action="/" name="login">

<p><input type="password" name="psw" id="psw" size="35" tabindex="1"><input type="submit" value="Submit" name="B1"></p>

document.forms[0].psw.focus();

<card title="VISEC - Login" id="login">

VISEC Login. Please enter a password to login.<br/>

Password: <input title="Password" type="password" name="psw"/>

<a href="/?wml=off">HTML version (can be unsupported by your device)</a>

<a href="/allvideo?session=$$$;wml=off">HTML version (can be unsupported by your device)</a>

<meta HTTP-EQUIV="Content-Type" content="text/html; charset=windows-1252">

<META HTTP-EQUIV="refresh" content=9999>

<meta http-equiv="refresh" content="45; url=/allvideo?session=$$$">

<a href="allvideo?session=$$$&script=off">Users with limited scripting support click here for live video - limited scripting</a>

<title>Login</title>

<p><b><font color="#FF0000">INCORRECT PASSWORD.<br>

timerID = window.setTimeout('mytimer()', time);

<p>Note: this page requires that your browser support <b>JavaScript</b>.</p>

Invalid key!

&Clear FTP queue

&Align windows

&Export...

You first assign a Hot Key combination and then choose to hide Visec. Anytime you press the Hot Key combination, Visec will then reappear from secret mode into regular mode.

&Create Hot Key combination, to use to return from secret mode:

msctls_hotkey32

HotKey1

Before using a Hot Key combination for the fist time, be sure to test it. Some Hot Key combinations may not work, and assigning them without testing, could make your Visec inaccessible.

Test hot key

Now please press the Hot Key you entered to test it. Click Cancel if the Hot Key does not work.

We strongly recommend that you exit all Windows programs before running this Setup program.

Please read the following License Agreement. Press the Page Down key to read the rest of the agreement.

&Execute VISEC when the setup is complete

We noticed your computer does not have the newest multimedia support called DirectX, (which is part of Windows). Visec needs DirectX version 8.0 or higher to function properly.

Please click here to visit our website and download the latest version of DirectX:

You can connect Visec remotely from Internet. Visec will act as HTTP server or, in other works, like a web site.

Your login in VISEC.NET:

&Let VISEC.NET know this IP address:

If you correctly fill the above information you can let VISEC.NET track your computer's IP address. This will help you login from wherever you are.

Remote access password (used to connect to VISEC from another computer over the Internet):

Sample URL:

Connection port for HTTP (default is 80):

This will keep a log of all of IP addresses that try to login.

Upload images to FTP server (this is optional)

Upload images in monochrome mode for faster transfer (approx 3 times faster)

FTP server (name or IP address):

Login:

&Use passive mode

If you have an FTP server, fill in the appropriate information below. Most users do not have an FTP server. If you are unsure, do not select this option. <Click here to learn how to get an ftp account>

Visec can upload images to an FTP server, to store images remotely.

Hot Key

My SMTP server requires authentication

Login to &POP3 server before sending a message (some providers require this)

SMTP server:

&Login:

Note: You can also leave this unchecked and use the Windows Auto Disconnect feature.

Connect to your computer remotely from the Internet using a web browser. In this mode, Visec will act like a website, allowing you to see live and historical video. (Note, remote access only allows users with a valid username and password access.)

Remote access password:

Port:

Login here to see remote access:

Website Username:

To use this feature you must create a username and password at: <VVV.visec.net/signup.php>. Once created you can login at: <VVV.visec.net/members.php>

Visec will then automatically send your IP address to our website <VVV.visec.net>. Our site will assist you in connecting to your computer when you're away.

&SMTP server:

An SMTP server is your outgoing mail server. (Do not put hotmail.com, yahoo.com, juno.com, etc.) An SMTP server is usually in the form of mail.isp.net, and is normally provided by your ISP.

To enhance the features of Visec, an Internet connection is recomended. With an Internet Connection, Visec can send alerts, upload files to a website, and even let you remotely connect to your computer.

Visec can upload photos to your FTP server. Do you want to use this feature?

Yes, please upload images to FTP server

FTP &host name/address:

&Password:

Upload images in Monochrome (black && white) to reduce file size. If unchecked images will be uploaded in color.

Visit <VVV.visec.net/signup.php> to create a username and password.

After you sign up at <VVV.visec.net>, type in your:

Check this box if you know your IP <%s> address is static. You can manually enter your IP address in any browser to view video remotely.

We see different IP addresses. The %s seems to be the local IP address to your computer, and the %s seems to be the Physical IP address to a Router or Firewall.

For more information click here: <hXXp://VVV.visec.net/support.htm>

While this is usually a simple procedure, you may need to contact a network administrator to assist with this if you are uncertain.

Enter a password to login to your computer via remote access. This is not the same password used to login to the VVV.visec.net site.

This password will be used on your computer to connect directly to your system. You can always change this in the options menu in Visec, under the Remote Access tab.

Choose a port number to connect to (a port is like a pipe, where data travels through).

Most users will choose port 80. If you are unsure, leave the port at the default setting of 80.

My SMTP server requires &authentication

Do NOT upload images to &FTP server

&Enter password:

&Retype password:

Make sure you write down your password, because if lost the program must be uninstalled and then reinstalled.

&Enter password to unlock:

Note: You can also email us at: <[email protected]> and will reply back with the required numbers to activate this software.

&Upload images to your website over FTP (like a internet web cam)

&Passive mode

With this feature, you will be able to see images on your website, for example: hXXp://VVV.yourdomain.com/filename.jpg This file can change every 10 seconds. Note this feature does not store an archive of images to this directory.

Camera &URL:

The camera URL must refer to JPEG image existing somewhere in network.

e.g. hXXp://domain.com/netcam.jpg

This is the location of the network camera's .jpg image.

Make image monochrome to reduce the size of message

Visec can connect to a monitoring station called VBO (Visec Back Office) and report when motion is detected. Read more about VBO at: <VVV.visec.net/vbo.html>

&Port (default %i):

Send a &report every

This computer &has a static IP address. Allow connections of port

Receive &data from VBO when sending an online status report (see above)

&Disarm password:

&Convert the image to monochrome

You have received a message from VBO operator

Please enter a password to disarm:

Visec is now armed and ready to alert VBO operator.

2, 4, 2, 0

ViSec.EXE

KThe path you selected: %s does not exisit.

Arrange Icons/Arrange windows so they overlap

Cascade Windows5Arrange windows as non-overlapping tiles

Tile Windows5Arrange windows as non-overlapping tiles

Tile Windows(Split the active window into panes

Replace%Select the entire document

Redo,Another window already has the same hot key.

Unable to set this hot key.

Device list)Open all existing camera windows

View Video Coverage-Define hotkey used to return from secret mode Switch to Secret Mode

Remove all files from FTP queue/Tune Visec step by step

qPort %d is already in use!

Make sure there is no other applications running that are already bound to that port.

Can't listen on port %d!

Make sure the TCP/IP transport is set up correctly and that no other applications are already listening on that port.

Can't start HTTP server./Can't start receiving commands from VBO server.

Delete video coverage7Align windows automatically

Align windows automatically

Operation failed!

The IP address detected is: %s

It appears that you are using a firewall and/or router that will need to be configured to allow you to connect to a specific port.

Invalid value for port number

This is provided by your ISP. Usually this is smtp.yourispname. For example if you had earthlink.net your smtp would be: smtp.earhtlink.netuThe system was unable to detect the IP address of this computer.

Please check your internet connection and try again.*Failed to connect to the server: visec.net5There is no new update available. Please check later.nA newer version %i.%i.%i.%i is now available.

Please visit <VVV.visec.net/update> to download the new version.

All Files (*.*)

No error message is available.'An unsupported operation was attempted.$A required resource was unavailable.

Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.

Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else..An unexpected error occurred while reading %1..An unexpected error occurred while writing %1.

Access to %1 was denied..An invalid file handle was associated with %1.<%1 could not be removed because it is the current directory.6%1 could not be created because the directory is full.

Seek failed on A hardware I/O error was reported while accessing %1.0A sharing violation occurred while accessing %1.0A locking violation occurred while accessing %1.

Disk full while accessing %1..An attempt was made to access %1 past its end.

No error occurred.-An unknown error occurred while accessing %1./An attempt was made to write to the reading %1..An attempt was made to access %1 past its end.0An attempt was made to read from the writing %1.

#Unable to load mail system support.

Remove it with Ad-Aware

1. Click (here) to download and install Ad-Aware Free Antivirus.
2. Update the definition files.
3. Run a full scan of your computer.

Manual removal*

1. Terminate malicious process(es) (How to End a Process With the Task Manager):
   

   setup.exe:1340
   %original file name%.exe:856

2. Delete the original DeepScan file.
   
3. Delete or disinfect the following files created/modified by the DeepScan:
   

   %Documents and Settings%\%current user%\Local Settings\Temp\setup.exe (5442 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\VISEC.HLP (1832 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\amcap.exe (53 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\VISEC.CNT (1 bytes)

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.