DeepScan.Generic.Malware.SIMg.BD524A80_57988fa16c

by malwarelabrobot on May 30th, 2014 in Malware Descriptions.

Susp_Dropper (Kaspersky), DeepScan:Generic.Malware.SIM!g.BD524A80 (B) (Emsisoft), DeepScan:Generic.Malware.SIM!g.BD524A80 (AdAware), GenericEmailWorm.YR, GenericIRCBot.YR (Lavasoft MAS)
Behaviour: Worm, EmailWorm, IRCBot


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 57988fa16cb89e4ae0c487efd7020a00
SHA1: 626e64f986c933bf76b8407bc844fabd38f9af1b
SHA256: 2de25d401b3be571bb25b8ddb80dad94234a482afd3c1dd59983136489a4f38b
SSDeep: 768:8TeqlLrZsNSWXLLymyB77Jr6OoCEb3yqfwOr822:qrZsz3QozbCqIo
Size: 45056 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: no data
Analyzed on: WindowsXP SP3 32-bit


Summary:

Worm. A program that is primarily replicating on networks or removable drives.

Payload

Behaviour Description
EmailWorm Worm can send e-mails.
IRCBot A bot can communicate with command and control servers via IRC channel.


Process activity

The DeepScan creates the following process(es):

rabrrarar.qqj:1340
rabrrarar.qqj:1716
%original file name%.exe:1252

The DeepScan injects its code into the following process(es):
No processes have been created.

File activity

The process rabrrarar.qqj:1340 makes changes in the file system.
The DeepScan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\ajyyyb.rara.aaz (45 bytes)

The process rabrrarar.qqj:1716 makes changes in the file system.
The DeepScan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\zjrqzi.iira.aaz (45 bytes)

The process %original file name%.exe:1252 makes changes in the file system.
The DeepScan creates and/or writes to the following file(s):

%WinDir%\SoftwareDistribution\Download\0c1e5e0ffeb238b1ee5c9ea3a4878374\update\arrrziiir.rqy (45 bytes)
%WinDir%\SoftwareDistribution\Download\e5c5fc9bd7a4957f0a45c6db2957c5c9\arrrziiir.rqy (45 bytes)
%WinDir%\SoftwareDistribution\Download\0c1e5e0ffeb238b1ee5c9ea3a4878374\rrzqyjaaa.riz (45 bytes)
%WinDir%\SoftwareDistribution\Download\248802b74506342031e926839639c729\sp3qfe\rabrrarar.qqj (45 bytes)
%WinDir%\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\update\riazzzari.byq (45 bytes)
%WinDir%\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\update\byqyajqia.qjj (45 bytes)
%Program Files%\Outlook Express\byqyajqia.qjjjqia.qjj (45 bytes)
%WinDir%\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\update\byqyajqia.qjj (45 bytes)
%WinDir%\SoftwareDistribution\Download\e79028ac4f02e201b61b2c632cb0fc5e\yzbzbyqqj.byj (45 bytes)
%WinDir%\SoftwareDistribution\Download\dffcab319e36b852e5b2d51802010a7a\update\yzbzbyqqj.byj (45 bytes)
%WinDir%\SoftwareDistribution\Download\c0e4033a7ec549e982572f0d830cf5d0\rrzqyjaaa.riz (45 bytes)
%WinDir%\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\update\abijrazyi.yai (45 bytes)
%WinDir%\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\byqyajqia.qjj (45 bytes)
%WinDir%\SoftwareDistribution\Download\8bb5f1c638778df6b77d80bc61ffc63c\arrrziiir.rqy (45 bytes)
%WinDir%\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da\update\arrrziiir.rqy (45 bytes)
%WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\abijrazyi.yai (45 bytes)
%WinDir%\ime\imkr6_1\yzbzbyqqj.byj (45 bytes)
%WinDir%\SoftwareDistribution\Download\cb88a2f03b29735db957d61a63df6504\abijrazyi.yai (45 bytes)
%WinDir%\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\yzbzbyqqj.byj (45 bytes)
%WinDir%\inf\riazzzari.byq (45 bytes)
%WinDir%\SoftwareDistribution\Download\8bb5f1c638778df6b77d80bc61ffc63c\update\rabrrarar.qqj (45 bytes)
%WinDir%\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\arrrziiir.rqy (45 bytes)
%Program Files%\Windows NT\Pinball\riazzzari.byq.byjj (45 bytes)
%Program Files%\MSN Gaming Zone\Windows\abijrazyi.yaij (45 bytes)
%WinDir%\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\rabrrarar.qqj (45 bytes)
%WinDir%\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\rrzqyjaaa.riz (45 bytes)
%WinDir%\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\update\rabrrarar.qqj (45 bytes)
%Program Files%\WinPcap\abijrazyi.yaiazzzari.byq.byjj (45 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\yzbzbyqqj.byj (45 bytes)
%WinDir%\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\riazzzari.byq (45 bytes)
%WinDir%\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\riazzzari.byq (45 bytes)
%WinDir%\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074\riazzzari.byq (45 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\zbyjayaya.rab (45 bytes)
%WinDir%\ime\imjp8_1\byqyajqia.qjj (45 bytes)
%WinDir%\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d\zbyjayaya.rab (45 bytes)
%WinDir%\SoftwareDistribution\Download\dffcab319e36b852e5b2d51802010a7a\rabrrarar.qqj (45 bytes)
%WinDir%\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\arrrziiir.rqy (45 bytes)
%WinDir%\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\update\arrrziiir.rqy (45 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rrzqyjaaa.riz (45 bytes)
%WinDir%\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\update\abijrazyi.yai (45 bytes)
%Program Files%\Outlook Express\abijrazyi.yaijqia.qjj (45 bytes)
%Program Files%\Common Files\Microsoft Shared\MSInfo\rrzqyjaaa.riz (45 bytes)
%WinDir%\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\update\rrzqyjaaa.riz (45 bytes)
C:\totalcmd\rabrrarar.qqj (45 bytes)
%WinDir%\SoftwareDistribution\Download\bc81666f3868f34642e3f5adbc2719f9\update\yzbzbyqqj.byj (45 bytes)
%Program Files%\Windows Media Player\rabrrarar.qqj (45 bytes)
%WinDir%\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\update\riazzzari.byq (45 bytes)
%WinDir%\SoftwareDistribution\Download\8b9a83d2cde55eb19dc502cc2dd04e0d\byqyajqia.qjj (45 bytes)
%WinDir%\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\update\yzbzbyqqj.byj (45 bytes)
%WinDir%\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\byqyajqia.qjj (45 bytes)
%WinDir%\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\update\zbyjayaya.rab (45 bytes)
%WinDir%\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\byqyajqia.qjj (45 bytes)
%WinDir%\SoftwareDistribution\Download\a4c07d9275eb613d842cb1e140d8a426\update\riazzzari.byq (45 bytes)
%WinDir%\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\abijrazyi.yai (45 bytes)
%WinDir%\ime\imjp8_1\arrrziiir.rqy (45 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\riazzzari.byq (45 bytes)
%WinDir%\SoftwareDistribution\Download\248802b74506342031e926839639c729\update\zbyjayaya.rab (45 bytes)
%Program Files%\MSN Gaming Zone\Windows\byqyajqia.qjj (45 bytes)
%WinDir%\SoftwareDistribution\Download\1c47f41cc76cde4c629564d7564f2795\update\arrrziiir.rqy (45 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\arrrziiir.rqy (45 bytes)
%Program Files%\NetMeeting\rabrrarar.qqjbyqyajqia.qjj (45 bytes)
%WinDir%\pchealth\helpctr\binaries\rabrrarar.qqj (45 bytes)
%WinDir%\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\rabrrarar.qqj (45 bytes)
%WinDir%\SoftwareDistribution\Download\621a08ac003b616bcaa86aa4d4292d50\update\zbyjayaya.rab (45 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ijijrb.aira.aaz (45 bytes)
%Program Files%\Common Files\Adobe\Updater6\riazzzari.byq (45 bytes)
%WinDir%\SoftwareDistribution\Download\bc81666f3868f34642e3f5adbc2719f9\rabrrarar.qqj (45 bytes)
%WinDir%\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\rabrrarar.qqj (45 bytes)
%WinDir%\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\update\rrzqyjaaa.riz (45 bytes)
%WinDir%\SoftwareDistribution\Download\1c47f41cc76cde4c629564d7564f2795\rrzqyjaaa.riz (45 bytes)
%WinDir%\SoftwareDistribution\Download\57b4b90cc3eead9f6c29b58581d03ae4\update\rabrrarar.qqj (45 bytes)
%WinDir%\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\zbyjayaya.rab (45 bytes)
%WinDir%\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\update\rabrrarar.qqj (45 bytes)
C:\totalcmd\yzbzbyqqj.byj (45 bytes)
%Program Files%\Outlook Express\yzbzbyqqj.byjjqia.qjj (45 bytes)
%WinDir%\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\rabrrarar.qqj (45 bytes)
%WinDir%\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\update\rrzqyjaaa.riz (45 bytes)
%WinDir%\pchealth\helpctr\binaries\byqyajqia.qjj (45 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\yzbzbyqqj.byj (45 bytes)
%WinDir%\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\update\byqyajqia.qjj (45 bytes)
%Program Files%\MSN Gaming Zone\Windows\riazzzari.byqj (45 bytes)
%WinDir%\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd\update\yzbzbyqqj.byj (45 bytes)
%WinDir%\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\zbyjayaya.rab (45 bytes)
%WinDir%\SoftwareDistribution\Download\196fa81559690e2494e56094df51cdd8\abijrazyi.yai (45 bytes)
%WinDir%\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\SP2QFE\arrrziiir.rqy (45 bytes)
%WinDir%\SoftwareDistribution\Download\211409fc1d99b95b32fb0344cad140df\rabrrarar.qqj (45 bytes)
%WinDir%\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\update\riazzzari.byq (45 bytes)
%WinDir%\SoftwareDistribution\Download\8b9a83d2cde55eb19dc502cc2dd04e0d\update\rrzqyjaaa.riz (45 bytes)
%WinDir%\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\update\zbyjayaya.rab (45 bytes)
%WinDir%\$NtUninstallKB898461$\spuninst\arrrziiir.rqy (45 bytes)
%Program Files%\Windows Media Player\rrzqyjaaa.rizqjj (45 bytes)
%WinDir%\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd\rabrrarar.qqj (45 bytes)
%WinDir%\SoftwareDistribution\Download\e79028ac4f02e201b61b2c632cb0fc5e\update\zbyjayaya.rab (45 bytes)
%WinDir%\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\abijrazyi.yai (45 bytes)
%WinDir%\$hf_mig$\KB898461\byqyajqia.qjj (45 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\byqyajqia.qjj (45 bytes)
C:\totalcmd\abijrazyi.yai (45 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\byqyajqia.qjj (45 bytes)
%WinDir%\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6\update\arrrziiir.rqy (45 bytes)
%WinDir%\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074\update\abijrazyi.yai (45 bytes)
%WinDir%\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\riazzzari.byq (45 bytes)
%WinDir%\SoftwareDistribution\Download\6b7f938fb3db15dab273f3f1702c318c\update\rrzqyjaaa.riz (45 bytes)
%Program Files%\Common Files\Microsoft Shared\DW\abijrazyi.yai (45 bytes)
%WinDir%\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d\update\riazzzari.byq (45 bytes)
%WinDir%\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\byqyajqia.qjj (45 bytes)
%WinDir%\SoftwareDistribution\Download\0000894bab70b145c3629920ba907f7a\abijrazyi.yai (45 bytes)
%WinDir%\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5\update\zbyjayaya.rab (45 bytes)
%WinDir%\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80\update\byqyajqia.qjj (45 bytes)
%WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\byqyajqia.qjj (45 bytes)
%WinDir%\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\rrzqyjaaa.riz (45 bytes)
%WinDir%\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\rrzqyjaaa.riz (45 bytes)
%WinDir%\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\arrrziiir.rqy (45 bytes)
%WinDir%\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\abijrazyi.yai (45 bytes)
%WinDir%\SoftwareDistribution\Download\cb88a2f03b29735db957d61a63df6504\update\byqyajqia.qjj (45 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\zbyjayaya.rab (45 bytes)
%WinDir%\SoftwareDistribution\Download\ee4e3d4bf0d346e1b8fdee8197195e59\update\rrzqyjaaa.riz (45 bytes)
%WinDir%\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6\rrzqyjaaa.riz (45 bytes)
%WinDir%\SoftwareDistribution\Download\17e46901add634f15d293735648771e6\zbyjayaya.rab (45 bytes)
%WinDir%\ime\imjp8_1\abijrazyi.yai (45 bytes)
%WinDir%\SoftwareDistribution\Download\17e46901add634f15d293735648771e6\update\riazzzari.byq (45 bytes)
%WinDir%\xwrm.exe (45 bytes)
%WinDir%\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\update\yzbzbyqqj.byj (45 bytes)
%WinDir%\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\update\arrrziiir.rqy (45 bytes)
%WinDir%\SoftwareDistribution\Download\621a08ac003b616bcaa86aa4d4292d50\yzbzbyqqj.byj (45 bytes)
%WinDir%\SoftwareDistribution\Download\30438597a812a5d1d7979088d451747f\yzbzbyqqj.byj (45 bytes)
%WinDir%\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\yzbzbyqqj.byj (45 bytes)
%WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\sp3qfe\riazzzari.byq (45 bytes)
%WinDir%\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2\riazzzari.byq (45 bytes)
%WinDir%\SoftwareDistribution\Download\ee4e3d4bf0d346e1b8fdee8197195e59\byqyajqia.qjj (45 bytes)
%WinDir%\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5\yzbzbyqqj.byj (45 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\abijrazyi.yai (45 bytes)
%WinDir%\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\yzbzbyqqj.byj (45 bytes)
%WinDir%\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da\rrzqyjaaa.riz (45 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\abijrazyi.yai (45 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\rabrrarar.qqj (45 bytes)
%WinDir%\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\zbyjayaya.rab (45 bytes)
%Program Files%\Common Files\Microsoft Shared\DW\byqyajqia.qjj (45 bytes)
%WinDir%\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\rrzqyjaaa.riz (45 bytes)
%WinDir%\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba\riazzzari.byq (45 bytes)
%WinDir%\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\update\arrrziiir.rqy (45 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\yzbzbyqqj.byj (45 bytes)
%WinDir%\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\update\yzbzbyqqj.byj (45 bytes)
%WinDir%\SoftwareDistribution\Download\0000894bab70b145c3629920ba907f7a\update\byqyajqia.qjj (45 bytes)
%WinDir%\SoftwareDistribution\Download\57b4b90cc3eead9f6c29b58581d03ae4\arrrziiir.rqy (45 bytes)
%WinDir%\SoftwareDistribution\Download\196fa81559690e2494e56094df51cdd8\update\byqyajqia.qjj (45 bytes)
%WinDir%\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\zbyjayaya.rab (45 bytes)
%WinDir%\SoftwareDistribution\Download\30438597a812a5d1d7979088d451747f\update\zbyjayaya.rab (45 bytes)
%WinDir%\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\abijrazyi.yai (45 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\rrzqyjaaa.riz (45 bytes)
%WinDir%\Microsoft.NET\Framework\rabrrarar.qqj (45 bytes)
%WinDir%\ime\imjp8_1\rrzqyjaaa.riz (45 bytes)
%WinDir%\abijrazyi.yai (45 bytes)
%WinDir%\SoftwareDistribution\Download\248802b74506342031e926839639c729\yzbzbyqqj.byj (45 bytes)
%WinDir%\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\riazzzari.byq (45 bytes)
%WinDir%\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\update\rabrrarar.qqj (45 bytes)
%WinDir%\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\update\yzbzbyqqj.byj (45 bytes)
%WinDir%\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\update\byqyajqia.qjj (45 bytes)
%WinDir%\SoftwareDistribution\Download\6b7f938fb3db15dab273f3f1702c318c\byqyajqia.qjj (45 bytes)
%WinDir%\SoftwareDistribution\Download\211409fc1d99b95b32fb0344cad140df\update\yzbzbyqqj.byj (45 bytes)
%WinDir%\SoftwareDistribution\Download\b6f4642d2b8dc03c5ce1b1a4f77b1bda\update\riazzzari.byq (45 bytes)
%Program Files%\NetMeeting\arrrziiir.rqybyqyajqia.qjj (45 bytes)
%Program Files%\Windows NT\zbyjayaya.rab (45 bytes)
%Program Files%\NetMeeting\rrzqyjaaa.rizbyqyajqia.qjj (45 bytes)
%WinDir%\$hf_mig$\KB898461\update\rrzqyjaaa.riz.byjj (45 bytes)
%WinDir%\SoftwareDistribution\Download\e5c5fc9bd7a4957f0a45c6db2957c5c9\update\rabrrarar.qqj (45 bytes)
%WinDir%\SoftwareDistribution\Download\b6f4642d2b8dc03c5ce1b1a4f77b1bda\zbyjayaya.rab (45 bytes)
%Program Files%\Windows NT\Accessories\yzbzbyqqj.byjj (45 bytes)
%Program Files%\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A93000000001}\byqyajqia.qjjaa.rizjqia.qjj (45 bytes)
%WinDir%\Network Diagnostic\riazzzari.byq (45 bytes)
%WinDir%\ime\imjp8_1\riazzzari.byq (45 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\rrzqyjaaa.rizjqia.qjj (45 bytes)
%WinDir%\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80\abijrazyi.yai (45 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\riazzzari.byq (45 bytes)
%WinDir%\SoftwareDistribution\Download\c0e4033a7ec549e982572f0d830cf5d0\update\arrrziiir.rqy (45 bytes)
%WinDir%\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\update\rrzqyjaaa.riz (45 bytes)
%WinDir%\ime\imjp8_1\rabrrarar.qqj (45 bytes)
%WinDir%\ime\imjp8_1\zbyjayaya.rab (45 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\arrrziiir.rqy (45 bytes)
%WinDir%\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2\update\abijrazyi.yai (45 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\arrrziiir.rqy (45 bytes)
%WinDir%\SoftwareDistribution\Download\a4c07d9275eb613d842cb1e140d8a426\zbyjayaya.rab (45 bytes)
%Program Files%\Windows Media Player\arrrziiir.rqy (45 bytes)
%Program Files%\Outlook Express\zbyjayaya.rabjqia.qjj (45 bytes)
%WinDir%\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\abijrazyi.yai (45 bytes)
%Program Files%\MSN Gaming Zone\Windows\zbyjayaya.rabj (45 bytes)
%WinDir%\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba\update\abijrazyi.yai (45 bytes)
%WinDir%\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\rabrrarar.qqj (45 bytes)
%WinDir%\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\update\arrrziiir.rqy (45 bytes)
%WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\sp3qfe\zbyjayaya.rab (45 bytes)

Registry activity

The process rabrrarar.qqj:1340 makes changes in the system registry.
The DeepScan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4C 31 60 84 71 91 CE 92 45 95 67 E2 73 F6 48 70"

The process rabrrarar.qqj:1716 makes changes in the system registry.
The DeepScan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4C 44 52 59 1E FE D8 F2 5B DC CF 3E B1 CB 7E 11"

The process %original file name%.exe:1252 makes changes in the system registry.
The DeepScan creates and/or sets the following values in system registry:
To automatically run itself each time Windows is booted, the DeepScan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"x32x" = "%WinDir%\xwrm.exe"

Dropped PE files

MD5 File path
2f815e3e43a652ed4a992094d008e7f6 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\byqyajqia.qjj
2f815e3e43a652ed4a992094d008e7f6 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\rrzqyjaaa.rizjqia.qjj
2dc256c29e03b12a8d564964da0d825f c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ijijrb.aira.aaz
2f815e3e43a652ed4a992094d008e7f6 c:\Perl\bin\riazzzari.byq
2f815e3e43a652ed4a992094d008e7f6 c:\Perl\bin\yzbzbyqqj.byj
2f815e3e43a652ed4a992094d008e7f6 c:\Perl\bin\zbyjayaya.rab
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\Adobe\Reader 9.0\Reader\abijrazyi.yai
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\Adobe\Reader 9.0\Reader\arrrziiir.rqy
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\Adobe\Reader 9.0\Reader\byqyajqia.qjj
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\Adobe\Reader 9.0\Reader\riazzzari.byq
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\Adobe\Reader 9.0\Reader\yzbzbyqqj.byj
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\Adobe\Reader 9.0\Reader\zbyjayaya.rab
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A93000000001}\byqyajqia.qjjaa.rizjqia.qjj
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\Common Files\Adobe\ARM\1.0\arrrziiir.rqy
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\Common Files\Adobe\ARM\1.0\rabrrarar.qqj
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\Common Files\Adobe\ARM\1.0\rrzqyjaaa.riz
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\Common Files\Adobe\ARM\1.0\yzbzbyqqj.byj
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\Common Files\Adobe\Updater6\riazzzari.byq
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\Common Files\Microsoft Shared\DW\abijrazyi.yai
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\Common Files\Microsoft Shared\DW\byqyajqia.qjj
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\Common Files\Microsoft Shared\MSInfo\rrzqyjaaa.riz
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\MSN Gaming Zone\Windows\abijrazyi.yaij
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\MSN Gaming Zone\Windows\byqyajqia.qjj
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\MSN Gaming Zone\Windows\riazzzari.byqj
5ac6cd4642fc24dc829bf5025a557efb c:\Program Files\MSN Gaming Zone\Windows\zClientm.exe
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\MSN Gaming Zone\Windows\zbyjayaya.rabj
5ac6cd4642fc24dc829bf5025a557efb c:\Program Files\MSN Gaming Zone\Windows\zclientm.exe
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\NetMeeting\arrrziiir.rqybyqyajqia.qjj
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\NetMeeting\rabrrarar.qqjbyqyajqia.qjj
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\NetMeeting\rrzqyjaaa.rizbyqyajqia.qjj
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\Outlook Express\abijrazyi.yaijqia.qjj
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\Outlook Express\byqyajqia.qjjjqia.qjj
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\Outlook Express\yzbzbyqqj.byjjqia.qjj
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\Outlook Express\zbyjayaya.rabjqia.qjj
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\WinPcap\abijrazyi.yaiazzzari.byq.byjj
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\Windows Media Player\arrrziiir.rqy
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\Windows Media Player\rabrrarar.qqj
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\Windows Media Player\rrzqyjaaa.rizqjj
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\Windows NT\Accessories\yzbzbyqqj.byjj
faa1fde004b3c60b5a8068a7c3aab151 c:\Program Files\Windows NT\Pinball\PINBALL.EXE
faa1fde004b3c60b5a8068a7c3aab151 c:\Program Files\Windows NT\Pinball\pinball.exe
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\Windows NT\Pinball\riazzzari.byq.byjj
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\Windows NT\zbyjayaya.rab
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\Wireshark\arrrziiir.rqy
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\Wireshark\rabrrarar.qqj
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\Wireshark\riazzzari.byq
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\Wireshark\rrzqyjaaa.riz
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\Wireshark\yzbzbyqqj.byj
2f815e3e43a652ed4a992094d008e7f6 c:\Program Files\Wireshark\zbyjayaya.rab
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\$NtUninstallKB898461$\spuninst\arrrziiir.rqy
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\$hf_mig$\KB898461\byqyajqia.qjj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\$hf_mig$\KB898461\update\rrzqyjaaa.riz.byjj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\abijrazyi.yai
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\arrrziiir.rqy
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\riazzzari.byq
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rrzqyjaaa.riz
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\yzbzbyqqj.byj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\zbyjayaya.rab
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\Microsoft.NET\Framework\rabrrarar.qqj
5e28284f9b5f9097640d58a73d38ad4c c:\WINDOWS\NOTEPAD.EXE
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\Network Diagnostic\riazzzari.byq
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\0000894bab70b145c3629920ba907f7a\abijrazyi.yai
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\0000894bab70b145c3629920ba907f7a\update\byqyajqia.qjj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\rrzqyjaaa.riz
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\update\arrrziiir.rqy
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\rabrrarar.qqj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\update\yzbzbyqqj.byj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\abijrazyi.yai
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\sp3qfe\riazzzari.byq
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\sp3qfe\zbyjayaya.rab
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\byqyajqia.qjj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\0c1e5e0ffeb238b1ee5c9ea3a4878374\rrzqyjaaa.riz
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\0c1e5e0ffeb238b1ee5c9ea3a4878374\update\arrrziiir.rqy
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\rabrrarar.qqj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\update\yzbzbyqqj.byj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\17e46901add634f15d293735648771e6\update\riazzzari.byq
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\17e46901add634f15d293735648771e6\zbyjayaya.rab
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\196fa81559690e2494e56094df51cdd8\abijrazyi.yai
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\196fa81559690e2494e56094df51cdd8\update\byqyajqia.qjj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\1c47f41cc76cde4c629564d7564f2795\rrzqyjaaa.riz
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\1c47f41cc76cde4c629564d7564f2795\update\arrrziiir.rqy
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\211409fc1d99b95b32fb0344cad140df\rabrrarar.qqj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\211409fc1d99b95b32fb0344cad140df\update\yzbzbyqqj.byj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\update\riazzzari.byq
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\zbyjayaya.rab
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\abijrazyi.yai
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\update\byqyajqia.qjj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\rrzqyjaaa.riz
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\update\arrrziiir.rqy
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\248802b74506342031e926839639c729\sp3qfe\rabrrarar.qqj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\248802b74506342031e926839639c729\update\zbyjayaya.rab
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\248802b74506342031e926839639c729\yzbzbyqqj.byj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba\riazzzari.byq
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba\update\abijrazyi.yai
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\byqyajqia.qjj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\update\rrzqyjaaa.riz
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\arrrziiir.rqy
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\update\rabrrarar.qqj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\30438597a812a5d1d7979088d451747f\update\zbyjayaya.rab
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\30438597a812a5d1d7979088d451747f\yzbzbyqqj.byj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2\riazzzari.byq
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2\update\abijrazyi.yai
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\byqyajqia.qjj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\update\rrzqyjaaa.riz
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\57b4b90cc3eead9f6c29b58581d03ae4\arrrziiir.rqy
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\57b4b90cc3eead9f6c29b58581d03ae4\update\rabrrarar.qqj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\621a08ac003b616bcaa86aa4d4292d50\update\zbyjayaya.rab
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\621a08ac003b616bcaa86aa4d4292d50\yzbzbyqqj.byj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\riazzzari.byq
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\update\abijrazyi.yai
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\6b7f938fb3db15dab273f3f1702c318c\byqyajqia.qjj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\6b7f938fb3db15dab273f3f1702c318c\update\rrzqyjaaa.riz
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\arrrziiir.rqy
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\update\rabrrarar.qqj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5\update\zbyjayaya.rab
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5\yzbzbyqqj.byj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\riazzzari.byq
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\abijrazyi.yai
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\8b9a83d2cde55eb19dc502cc2dd04e0d\byqyajqia.qjj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\8b9a83d2cde55eb19dc502cc2dd04e0d\update\rrzqyjaaa.riz
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\8bb5f1c638778df6b77d80bc61ffc63c\arrrziiir.rqy
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\8bb5f1c638778df6b77d80bc61ffc63c\update\rabrrarar.qqj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\update\zbyjayaya.rab
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\yzbzbyqqj.byj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\riazzzari.byq
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\update\abijrazyi.yai
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\byqyajqia.qjj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\update\rrzqyjaaa.riz
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\SP2QFE\arrrziiir.rqy
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\rabrrarar.qqj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\update\yzbzbyqqj.byj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\a4c07d9275eb613d842cb1e140d8a426\update\riazzzari.byq
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\a4c07d9275eb613d842cb1e140d8a426\zbyjayaya.rab
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\abijrazyi.yai
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\update\byqyajqia.qjj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6\rrzqyjaaa.riz
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6\update\arrrziiir.rqy
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd\rabrrarar.qqj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd\update\yzbzbyqqj.byj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\b6f4642d2b8dc03c5ce1b1a4f77b1bda\update\riazzzari.byq
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\b6f4642d2b8dc03c5ce1b1a4f77b1bda\zbyjayaya.rab
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80\abijrazyi.yai
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80\update\byqyajqia.qjj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da\rrzqyjaaa.riz
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da\update\arrrziiir.rqy
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\bc81666f3868f34642e3f5adbc2719f9\rabrrarar.qqj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\bc81666f3868f34642e3f5adbc2719f9\update\yzbzbyqqj.byj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\update\riazzzari.byq
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\zbyjayaya.rab
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\abijrazyi.yai
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\update\byqyajqia.qjj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\c0e4033a7ec549e982572f0d830cf5d0\rrzqyjaaa.riz
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\c0e4033a7ec549e982572f0d830cf5d0\update\arrrziiir.rqy
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\rabrrarar.qqj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\yzbzbyqqj.byj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\riazzzari.byq
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\zbyjayaya.rab
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\cb88a2f03b29735db957d61a63df6504\abijrazyi.yai
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\cb88a2f03b29735db957d61a63df6504\update\byqyajqia.qjj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\rrzqyjaaa.riz
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\update\arrrziiir.rqy
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\rabrrarar.qqj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\update\yzbzbyqqj.byj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\update\riazzzari.byq
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\zbyjayaya.rab
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\abijrazyi.yai
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\update\byqyajqia.qjj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\rrzqyjaaa.riz
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\update\arrrziiir.rqy
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\dffcab319e36b852e5b2d51802010a7a\rabrrarar.qqj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\dffcab319e36b852e5b2d51802010a7a\update\yzbzbyqqj.byj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d\update\riazzzari.byq
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d\zbyjayaya.rab
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\byqyajqia.qjj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\update\rrzqyjaaa.riz
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\e5c5fc9bd7a4957f0a45c6db2957c5c9\arrrziiir.rqy
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\e5c5fc9bd7a4957f0a45c6db2957c5c9\update\rabrrarar.qqj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\e79028ac4f02e201b61b2c632cb0fc5e\update\zbyjayaya.rab
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\e79028ac4f02e201b61b2c632cb0fc5e\yzbzbyqqj.byj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074\riazzzari.byq
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074\update\abijrazyi.yai
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\ee4e3d4bf0d346e1b8fdee8197195e59\byqyajqia.qjj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\ee4e3d4bf0d346e1b8fdee8197195e59\update\rrzqyjaaa.riz
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\arrrziiir.rqy
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\update\rabrrarar.qqj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\update\zbyjayaya.rab
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\yzbzbyqqj.byj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\abijrazyi.yai
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\ime\imjp8_1\abijrazyi.yai
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\ime\imjp8_1\arrrziiir.rqy
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\ime\imjp8_1\byqyajqia.qjj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\ime\imjp8_1\rabrrarar.qqj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\ime\imjp8_1\riazzzari.byq
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\ime\imjp8_1\rrzqyjaaa.riz
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\ime\imjp8_1\zbyjayaya.rab
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\ime\imkr6_1\yzbzbyqqj.byj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\inf\riazzzari.byq
5e28284f9b5f9097640d58a73d38ad4c c:\WINDOWS\notepad.exe
b32a4db8fa8ba07afb1e86f8c9fb852e c:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\pchealth\helpctr\binaries\byqyajqia.qjj
b32a4db8fa8ba07afb1e86f8c9fb852e c:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\pchealth\helpctr\binaries\rabrrarar.qqj
2f815e3e43a652ed4a992094d008e7f6 c:\WINDOWS\xwrm.exe
2f815e3e43a652ed4a992094d008e7f6 c:\totalcmd\abijrazyi.yai
2f815e3e43a652ed4a992094d008e7f6 c:\totalcmd\rabrrarar.qqj
2f815e3e43a652ed4a992094d008e7f6 c:\totalcmd\yzbzbyqqj.byj

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
iirijzbi 4096 4096 1536 0.707756 cb2c7ff9798cbe5f73b4d9ecc897c503
iyaayrzy 8192 32768 32256 4.39775 5204dec43c1bdc12d0283e598d6b4030
qrazrjra 40960 4096 512 0.468013 03990ce32513f25d3855296b7bc8aa4d
rqjjayzi 45056 4096 2048 3.92473 6481060bb77e469e5fdb95d8e5c6ab31

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

No activity has been detected.

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

Web Traffic was not found.

The DeepScan connects to the servers at the folowing location(s):

Strings from Dumps were not found.


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    rabrrarar.qqj:1340
    rabrrarar.qqj:1716
    %original file name%.exe:1252

  2. Delete the original DeepScan file.
  3. Delete or disinfect the following files created/modified by the DeepScan:

    %Documents and Settings%\%current user%\Local Settings\Temp\ajyyyb.rara.aaz (45 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\zjrqzi.iira.aaz (45 bytes)
    %WinDir%\SoftwareDistribution\Download\0c1e5e0ffeb238b1ee5c9ea3a4878374\update\arrrziiir.rqy (45 bytes)
    %WinDir%\SoftwareDistribution\Download\e5c5fc9bd7a4957f0a45c6db2957c5c9\arrrziiir.rqy (45 bytes)
    %WinDir%\SoftwareDistribution\Download\0c1e5e0ffeb238b1ee5c9ea3a4878374\rrzqyjaaa.riz (45 bytes)
    %WinDir%\SoftwareDistribution\Download\248802b74506342031e926839639c729\sp3qfe\rabrrarar.qqj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\update\riazzzari.byq (45 bytes)
    %WinDir%\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\update\byqyajqia.qjj (45 bytes)
    %Program Files%\Outlook Express\byqyajqia.qjjjqia.qjj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\update\byqyajqia.qjj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\e79028ac4f02e201b61b2c632cb0fc5e\yzbzbyqqj.byj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\dffcab319e36b852e5b2d51802010a7a\update\yzbzbyqqj.byj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\c0e4033a7ec549e982572f0d830cf5d0\rrzqyjaaa.riz (45 bytes)
    %WinDir%\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\update\abijrazyi.yai (45 bytes)
    %WinDir%\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\byqyajqia.qjj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\8bb5f1c638778df6b77d80bc61ffc63c\arrrziiir.rqy (45 bytes)
    %WinDir%\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da\update\arrrziiir.rqy (45 bytes)
    %WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\abijrazyi.yai (45 bytes)
    %WinDir%\ime\imkr6_1\yzbzbyqqj.byj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\cb88a2f03b29735db957d61a63df6504\abijrazyi.yai (45 bytes)
    %WinDir%\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\yzbzbyqqj.byj (45 bytes)
    %WinDir%\inf\riazzzari.byq (45 bytes)
    %WinDir%\SoftwareDistribution\Download\8bb5f1c638778df6b77d80bc61ffc63c\update\rabrrarar.qqj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\arrrziiir.rqy (45 bytes)
    %Program Files%\Windows NT\Pinball\riazzzari.byq.byjj (45 bytes)
    %Program Files%\MSN Gaming Zone\Windows\abijrazyi.yaij (45 bytes)
    %WinDir%\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\rabrrarar.qqj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\rrzqyjaaa.riz (45 bytes)
    %WinDir%\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\update\rabrrarar.qqj (45 bytes)
    %Program Files%\WinPcap\abijrazyi.yaiazzzari.byq.byjj (45 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\yzbzbyqqj.byj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\riazzzari.byq (45 bytes)
    %WinDir%\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\riazzzari.byq (45 bytes)
    %WinDir%\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074\riazzzari.byq (45 bytes)
    %WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\zbyjayaya.rab (45 bytes)
    %WinDir%\ime\imjp8_1\byqyajqia.qjj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d\zbyjayaya.rab (45 bytes)
    %WinDir%\SoftwareDistribution\Download\dffcab319e36b852e5b2d51802010a7a\rabrrarar.qqj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\arrrziiir.rqy (45 bytes)
    %WinDir%\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\update\arrrziiir.rqy (45 bytes)
    %WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rrzqyjaaa.riz (45 bytes)
    %WinDir%\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\update\abijrazyi.yai (45 bytes)
    %Program Files%\Outlook Express\abijrazyi.yaijqia.qjj (45 bytes)
    %Program Files%\Common Files\Microsoft Shared\MSInfo\rrzqyjaaa.riz (45 bytes)
    %WinDir%\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\update\rrzqyjaaa.riz (45 bytes)
    C:\totalcmd\rabrrarar.qqj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\bc81666f3868f34642e3f5adbc2719f9\update\yzbzbyqqj.byj (45 bytes)
    %Program Files%\Windows Media Player\rabrrarar.qqj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\update\riazzzari.byq (45 bytes)
    %WinDir%\SoftwareDistribution\Download\8b9a83d2cde55eb19dc502cc2dd04e0d\byqyajqia.qjj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\update\yzbzbyqqj.byj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\byqyajqia.qjj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\update\zbyjayaya.rab (45 bytes)
    %WinDir%\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\byqyajqia.qjj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\a4c07d9275eb613d842cb1e140d8a426\update\riazzzari.byq (45 bytes)
    %WinDir%\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\abijrazyi.yai (45 bytes)
    %WinDir%\ime\imjp8_1\arrrziiir.rqy (45 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\riazzzari.byq (45 bytes)
    %WinDir%\SoftwareDistribution\Download\248802b74506342031e926839639c729\update\zbyjayaya.rab (45 bytes)
    %Program Files%\MSN Gaming Zone\Windows\byqyajqia.qjj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\1c47f41cc76cde4c629564d7564f2795\update\arrrziiir.rqy (45 bytes)
    %Program Files%\Common Files\Adobe\ARM\1.0\arrrziiir.rqy (45 bytes)
    %Program Files%\NetMeeting\rabrrarar.qqjbyqyajqia.qjj (45 bytes)
    %WinDir%\pchealth\helpctr\binaries\rabrrarar.qqj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\rabrrarar.qqj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\621a08ac003b616bcaa86aa4d4292d50\update\zbyjayaya.rab (45 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ijijrb.aira.aaz (45 bytes)
    %Program Files%\Common Files\Adobe\Updater6\riazzzari.byq (45 bytes)
    %WinDir%\SoftwareDistribution\Download\bc81666f3868f34642e3f5adbc2719f9\rabrrarar.qqj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\rabrrarar.qqj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\update\rrzqyjaaa.riz (45 bytes)
    %WinDir%\SoftwareDistribution\Download\1c47f41cc76cde4c629564d7564f2795\rrzqyjaaa.riz (45 bytes)
    %WinDir%\SoftwareDistribution\Download\57b4b90cc3eead9f6c29b58581d03ae4\update\rabrrarar.qqj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\zbyjayaya.rab (45 bytes)
    %WinDir%\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\update\rabrrarar.qqj (45 bytes)
    C:\totalcmd\yzbzbyqqj.byj (45 bytes)
    %Program Files%\Outlook Express\yzbzbyqqj.byjjqia.qjj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\rabrrarar.qqj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\update\rrzqyjaaa.riz (45 bytes)
    %WinDir%\pchealth\helpctr\binaries\byqyajqia.qjj (45 bytes)
    %WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\yzbzbyqqj.byj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\update\byqyajqia.qjj (45 bytes)
    %Program Files%\MSN Gaming Zone\Windows\riazzzari.byqj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd\update\yzbzbyqqj.byj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\zbyjayaya.rab (45 bytes)
    %WinDir%\SoftwareDistribution\Download\196fa81559690e2494e56094df51cdd8\abijrazyi.yai (45 bytes)
    %WinDir%\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\SP2QFE\arrrziiir.rqy (45 bytes)
    %WinDir%\SoftwareDistribution\Download\211409fc1d99b95b32fb0344cad140df\rabrrarar.qqj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\update\riazzzari.byq (45 bytes)
    %WinDir%\SoftwareDistribution\Download\8b9a83d2cde55eb19dc502cc2dd04e0d\update\rrzqyjaaa.riz (45 bytes)
    %WinDir%\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\update\zbyjayaya.rab (45 bytes)
    %WinDir%\$NtUninstallKB898461$\spuninst\arrrziiir.rqy (45 bytes)
    %Program Files%\Windows Media Player\rrzqyjaaa.rizqjj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd\rabrrarar.qqj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\e79028ac4f02e201b61b2c632cb0fc5e\update\zbyjayaya.rab (45 bytes)
    %WinDir%\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\abijrazyi.yai (45 bytes)
    %WinDir%\$hf_mig$\KB898461\byqyajqia.qjj (45 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\byqyajqia.qjj (45 bytes)
    C:\totalcmd\abijrazyi.yai (45 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\byqyajqia.qjj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6\update\arrrziiir.rqy (45 bytes)
    %WinDir%\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074\update\abijrazyi.yai (45 bytes)
    %WinDir%\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\riazzzari.byq (45 bytes)
    %WinDir%\SoftwareDistribution\Download\6b7f938fb3db15dab273f3f1702c318c\update\rrzqyjaaa.riz (45 bytes)
    %Program Files%\Common Files\Microsoft Shared\DW\abijrazyi.yai (45 bytes)
    %WinDir%\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d\update\riazzzari.byq (45 bytes)
    %WinDir%\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\byqyajqia.qjj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\0000894bab70b145c3629920ba907f7a\abijrazyi.yai (45 bytes)
    %WinDir%\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5\update\zbyjayaya.rab (45 bytes)
    %WinDir%\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80\update\byqyajqia.qjj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\byqyajqia.qjj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\rrzqyjaaa.riz (45 bytes)
    %WinDir%\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\rrzqyjaaa.riz (45 bytes)
    %WinDir%\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\arrrziiir.rqy (45 bytes)
    %WinDir%\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\abijrazyi.yai (45 bytes)
    %WinDir%\SoftwareDistribution\Download\cb88a2f03b29735db957d61a63df6504\update\byqyajqia.qjj (45 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\zbyjayaya.rab (45 bytes)
    %WinDir%\SoftwareDistribution\Download\ee4e3d4bf0d346e1b8fdee8197195e59\update\rrzqyjaaa.riz (45 bytes)
    %WinDir%\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6\rrzqyjaaa.riz (45 bytes)
    %WinDir%\SoftwareDistribution\Download\17e46901add634f15d293735648771e6\zbyjayaya.rab (45 bytes)
    %WinDir%\ime\imjp8_1\abijrazyi.yai (45 bytes)
    %WinDir%\SoftwareDistribution\Download\17e46901add634f15d293735648771e6\update\riazzzari.byq (45 bytes)
    %WinDir%\xwrm.exe (45 bytes)
    %WinDir%\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\update\yzbzbyqqj.byj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\update\arrrziiir.rqy (45 bytes)
    %WinDir%\SoftwareDistribution\Download\621a08ac003b616bcaa86aa4d4292d50\yzbzbyqqj.byj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\30438597a812a5d1d7979088d451747f\yzbzbyqqj.byj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\yzbzbyqqj.byj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\sp3qfe\riazzzari.byq (45 bytes)
    %WinDir%\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2\riazzzari.byq (45 bytes)
    %WinDir%\SoftwareDistribution\Download\ee4e3d4bf0d346e1b8fdee8197195e59\byqyajqia.qjj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5\yzbzbyqqj.byj (45 bytes)
    %WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\abijrazyi.yai (45 bytes)
    %WinDir%\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\yzbzbyqqj.byj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da\rrzqyjaaa.riz (45 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\abijrazyi.yai (45 bytes)
    %Program Files%\Common Files\Adobe\ARM\1.0\rabrrarar.qqj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\zbyjayaya.rab (45 bytes)
    %Program Files%\Common Files\Microsoft Shared\DW\byqyajqia.qjj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\rrzqyjaaa.riz (45 bytes)
    %WinDir%\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba\riazzzari.byq (45 bytes)
    %WinDir%\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\update\arrrziiir.rqy (45 bytes)
    %Program Files%\Common Files\Adobe\ARM\1.0\yzbzbyqqj.byj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\update\yzbzbyqqj.byj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\0000894bab70b145c3629920ba907f7a\update\byqyajqia.qjj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\57b4b90cc3eead9f6c29b58581d03ae4\arrrziiir.rqy (45 bytes)
    %WinDir%\SoftwareDistribution\Download\196fa81559690e2494e56094df51cdd8\update\byqyajqia.qjj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\zbyjayaya.rab (45 bytes)
    %WinDir%\SoftwareDistribution\Download\30438597a812a5d1d7979088d451747f\update\zbyjayaya.rab (45 bytes)
    %WinDir%\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\abijrazyi.yai (45 bytes)
    %Program Files%\Common Files\Adobe\ARM\1.0\rrzqyjaaa.riz (45 bytes)
    %WinDir%\Microsoft.NET\Framework\rabrrarar.qqj (45 bytes)
    %WinDir%\ime\imjp8_1\rrzqyjaaa.riz (45 bytes)
    %WinDir%\abijrazyi.yai (45 bytes)
    %WinDir%\SoftwareDistribution\Download\248802b74506342031e926839639c729\yzbzbyqqj.byj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\riazzzari.byq (45 bytes)
    %WinDir%\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\update\rabrrarar.qqj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\update\yzbzbyqqj.byj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\update\byqyajqia.qjj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\6b7f938fb3db15dab273f3f1702c318c\byqyajqia.qjj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\211409fc1d99b95b32fb0344cad140df\update\yzbzbyqqj.byj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\b6f4642d2b8dc03c5ce1b1a4f77b1bda\update\riazzzari.byq (45 bytes)
    %Program Files%\NetMeeting\arrrziiir.rqybyqyajqia.qjj (45 bytes)
    %Program Files%\Windows NT\zbyjayaya.rab (45 bytes)
    %Program Files%\NetMeeting\rrzqyjaaa.rizbyqyajqia.qjj (45 bytes)
    %WinDir%\$hf_mig$\KB898461\update\rrzqyjaaa.riz.byjj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\e5c5fc9bd7a4957f0a45c6db2957c5c9\update\rabrrarar.qqj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\b6f4642d2b8dc03c5ce1b1a4f77b1bda\zbyjayaya.rab (45 bytes)
    %Program Files%\Windows NT\Accessories\yzbzbyqqj.byjj (45 bytes)
    %Program Files%\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A93000000001}\byqyajqia.qjjaa.rizjqia.qjj (45 bytes)
    %WinDir%\Network Diagnostic\riazzzari.byq (45 bytes)
    %WinDir%\ime\imjp8_1\riazzzari.byq (45 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\rrzqyjaaa.rizjqia.qjj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80\abijrazyi.yai (45 bytes)
    %WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\riazzzari.byq (45 bytes)
    %WinDir%\SoftwareDistribution\Download\c0e4033a7ec549e982572f0d830cf5d0\update\arrrziiir.rqy (45 bytes)
    %WinDir%\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\update\rrzqyjaaa.riz (45 bytes)
    %WinDir%\ime\imjp8_1\rabrrarar.qqj (45 bytes)
    %WinDir%\ime\imjp8_1\zbyjayaya.rab (45 bytes)
    %WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\arrrziiir.rqy (45 bytes)
    %WinDir%\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2\update\abijrazyi.yai (45 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\arrrziiir.rqy (45 bytes)
    %WinDir%\SoftwareDistribution\Download\a4c07d9275eb613d842cb1e140d8a426\zbyjayaya.rab (45 bytes)
    %Program Files%\Windows Media Player\arrrziiir.rqy (45 bytes)
    %Program Files%\Outlook Express\zbyjayaya.rabjqia.qjj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\abijrazyi.yai (45 bytes)
    %Program Files%\MSN Gaming Zone\Windows\zbyjayaya.rabj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba\update\abijrazyi.yai (45 bytes)
    %WinDir%\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\rabrrarar.qqj (45 bytes)
    %WinDir%\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\update\arrrziiir.rqy (45 bytes)
    %WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\sp3qfe\zbyjayaya.rab (45 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "x32x" = "%WinDir%\xwrm.exe"

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now