DeepScan.Generic.Malware.SIMg.E8952F99_45a0c818df

by malwarelabrobot on April 9th, 2014 in Malware Descriptions.

Susp_Dropper (Kaspersky), DeepScan:Generic.Malware.SIM!g.E8952F99 (B) (Emsisoft), DeepScan:Generic.Malware.SIM!g.E8952F99 (AdAware), GenericEmailWorm.YR, GenericIRCBot.YR (Lavasoft MAS)
Behaviour: Worm, EmailWorm, IRCBot


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 45a0c818df66c5cb3fba5dfe1fd4e108
SHA1: 20abaca50e9e018b6a4820e7ca59b0568df725c6
SHA256: 06f93c9eff892ec0a0f165c4b20301ac5de6fd03a6cd464fe971cdf6abc3ab9b
SSDeep: 3072:g/m7u4KMT6BUtxXhU59oKplfh7Emy/E :qOTHHhU59okhp4E
Size: 113152 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: no data
Analyzed on: WindowsXP SP3 32-bit


Summary:

Worm. A program that is primarily replicating on networks or removable drives.

Payload

Behaviour Description
EmailWorm Worm can send e-mails.
IRCBot A bot can communicate with command and control servers via IRC channel.


Process activity

The DeepScan creates the following process(es):

%original file name%.exe:1548
rqyrabrra.rar:876
rqyrabrra.rar:1788

The DeepScan injects its code into the following process(es):
No processes have been created.

File activity

The process %original file name%.exe:1548 makes changes in the file system.
The DeepScan creates and/or writes to the following file(s):

%WinDir%\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba\update\jqiaqjjrr.zqy (601 bytes)
%WinDir%\ime\imjp8_1\ararqqjyz.bzb (601 bytes)
%WinDir%\SoftwareDistribution\Download\bc81666f3868f34642e3f5adbc2719f9\update\yayarabri.azz (601 bytes)
%Program Files%\Windows Media Player\rizarrrzi.iir (601 bytes)
%WinDir%\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\yayarabri.azz (601 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\rizarrrzi.iir (601 bytes)
%WinDir%\SoftwareDistribution\Download\b6f4642d2b8dc03c5ce1b1a4f77b1bda\update\azyiyaiby.qya (601 bytes)
%Program Files%\MSN Gaming Zone\Windows\yaibyqyaj.qia (601 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\rizarrrzi.iir (601 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\rabriazzz.ari (601 bytes)
%Program Files%\Windows Media Player\rqyrabrra.rar (601 bytes)
%WinDir%\SoftwareDistribution\Download\8bb5f1c638778df6b77d80bc61ffc63c\update\yqqjbyjzb.yja (601 bytes)
%WinDir%\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\update\jaaarizar.rrz (601 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\iiirrqyra.brr (601 bytes)
%WinDir%\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\update\jqiaqjjrr.zqy (601 bytes)
%WinDir%\SoftwareDistribution\Download\0c1e5e0ffeb238b1ee5c9ea3a4878374\iiirrqyra.brr (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\qjjrrzqyj.aaaqyaj.qia (601 bytes)
%WinDir%\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\update\iiirrqyra.brr (601 bytes)
%WinDir%\SoftwareDistribution\Download\6b7f938fb3db15dab273f3f1702c318c\jaaarizar.rrz (601 bytes)
C:\totalcmd\jqiaqjjrr.zqy (601 bytes)
%WinDir%\SoftwareDistribution\Download\e5c5fc9bd7a4957f0a45c6db2957c5c9\update\yqqjbyjzb.yja (601 bytes)
%WinDir%\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80\update\jaaarizar.rrz (601 bytes)
%Program Files%\Common Files\Microsoft Shared\DW\yaibyqyaj.qia (601 bytes)
%Program Files%\Windows NT\Accessories\qqjyzbzby.qqja (601 bytes)
%WinDir%\SoftwareDistribution\Download\248802b74506342031e926839639c729\yayarabri.azz (601 bytes)
%WinDir%\SoftwareDistribution\Download\0000894bab70b145c3629920ba907f7a\jqiaqjjrr.zqy (601 bytes)
%Program Files%\Windows NT\byjzbyjay.aya (601 bytes)
%WinDir%\SoftwareDistribution\Download\ee4e3d4bf0d346e1b8fdee8197195e59\update\iiirrqyra.brr (601 bytes)
C:\totalcmd\yayarabri.azz (601 bytes)
%WinDir%\SoftwareDistribution\Download\30438597a812a5d1d7979088d451747f\update\zaribyqab.ijr (601 bytes)
%WinDir%\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\update\jaaarizar.rrz (601 bytes)
%WinDir%\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\update\ararqqjyz.bzb (601 bytes)
%WinDir%\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da\update\ararqqjyz.bzb (601 bytes)
%WinDir%\ime\imjp8_1\zaribyqab.ijr (601 bytes)
%WinDir%\SoftwareDistribution\Download\211409fc1d99b95b32fb0344cad140df\update\yayarabri.azz (601 bytes)
%WinDir%\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd\update\yayarabri.azz (601 bytes)
%WinDir%\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\update\zaribyqab.ijr (601 bytes)
%Program Files%\NetMeeting\rizarrrzi.iiryaibyqyaj.qia (601 bytes)
%WinDir%\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\update\yayarabri.azz (601 bytes)
%WinDir%\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\iiirrqyra.brr (601 bytes)
%WinDir%\SoftwareDistribution\Download\c0e4033a7ec549e982572f0d830cf5d0\iiirrqyra.brr (601 bytes)
%WinDir%\SoftwareDistribution\Download\e79028ac4f02e201b61b2c632cb0fc5e\yayarabri.azz (601 bytes)
%WinDir%\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\yayarabri.azz (601 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\azyiyaiby.qya (601 bytes)
%WinDir%\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5\yayarabri.azz (601 bytes)
%WinDir%\SoftwareDistribution\Download\211409fc1d99b95b32fb0344cad140df\yqqjbyjzb.yja (601 bytes)
%WinDir%\SoftwareDistribution\Download\e5c5fc9bd7a4957f0a45c6db2957c5c9\ararqqjyz.bzb (601 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\yaibyqyaj.qia (601 bytes)
%WinDir%\SoftwareDistribution\Download\e79028ac4f02e201b61b2c632cb0fc5e\update\zaribyqab.ijr (601 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\jqiaqjjrr.zqy (601 bytes)
%WinDir%\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\jqiaqjjrr.zqy (601 bytes)
%WinDir%\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\zaribyqab.ijr (601 bytes)
%WinDir%\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\jaaarizar.rrz (601 bytes)
%WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\sp3qfe\zaribyqab.ijr (601 bytes)
%WinDir%\SoftwareDistribution\Download\bc81666f3868f34642e3f5adbc2719f9\yqqjbyjzb.yja (601 bytes)
%WinDir%\SoftwareDistribution\Download\57b4b90cc3eead9f6c29b58581d03ae4\ararqqjyz.bzb (601 bytes)
%WinDir%\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\update\yayarabri.azz (601 bytes)
%WinDir%\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\update\azyiyaiby.qya (601 bytes)
%WinDir%\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\update\yayarabri.azz (601 bytes)
%WinDir%\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\update\ararqqjyz.bzb (601 bytes)
%WinDir%\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\zaribyqab.ijr (601 bytes)
%WinDir%\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2\azyiyaiby.qya (601 bytes)
%WinDir%\pchealth\helpctr\binaries\yqqjbyjzb.yja (601 bytes)
%WinDir%\SoftwareDistribution\Download\1c47f41cc76cde4c629564d7564f2795\iiirrqyra.brr (601 bytes)
%WinDir%\$hf_mig$\KB898461\update\iiirrqyra.brr.qqja (601 bytes)
%WinDir%\SoftwareDistribution\Download\dffcab319e36b852e5b2d51802010a7a\yqqjbyjzb.yja (601 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\byjzbyjay.aya (601 bytes)
%WinDir%\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\yqqjbyjzb.yja (601 bytes)
%WinDir%\ime\imjp8_1\iiirrqyra.brr (601 bytes)
%WinDir%\SoftwareDistribution\Download\1c47f41cc76cde4c629564d7564f2795\update\ararqqjyz.bzb (601 bytes)
%WinDir%\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\update\iiirrqyra.brr (601 bytes)
%WinDir%\SoftwareDistribution\Download\30438597a812a5d1d7979088d451747f\yayarabri.azz (601 bytes)
%Program Files%\MSN Gaming Zone\Windows\byqabijra.zyij (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\yaibyqyaj.qia (601 bytes)
%Program Files%\Common Files\Microsoft Shared\MSInfo\qjjrrzqyj.aaa (601 bytes)
%WinDir%\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\yqqjbyjzb.yja (601 bytes)
%Program Files%\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A93000000001}\yaibyqyaj.qiayj.aaaqyaj.qia (601 bytes)
%WinDir%\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\jaaarizar.rrz (601 bytes)
%WinDir%\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\yqqjbyjzb.yja (601 bytes)
%WinDir%\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\SP2QFE\ararqqjyz.bzb (601 bytes)
%WinDir%\SoftwareDistribution\Download\8b9a83d2cde55eb19dc502cc2dd04e0d\update\iiirrqyra.brr (601 bytes)
%WinDir%\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\update\jaaarizar.rrz (601 bytes)
%WinDir%\$hf_mig$\KB898461\jaaarizar.rrz (601 bytes)
%WinDir%\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6\iiirrqyra.brr (601 bytes)
%WinDir%\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80\jqiaqjjrr.zqy (601 bytes)
%WinDir%\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\update\iiirrqyra.brr (601 bytes)
%WinDir%\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\jqiaqjjrr.zqy (601 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\ararqqjyz.bzb (601 bytes)
%WinDir%\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\iiirrqyra.brr (601 bytes)
%WinDir%\SoftwareDistribution\Download\c0e4033a7ec549e982572f0d830cf5d0\update\ararqqjyz.bzb (601 bytes)
%WinDir%\SoftwareDistribution\Download\17e46901add634f15d293735648771e6\zaribyqab.ijr (601 bytes)
%WinDir%\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\jaaarizar.rrz (601 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\byqabijra.zyi (601 bytes)
C:\totalcmd\yqqjbyjzb.yja (601 bytes)
%WinDir%\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\update\yqqjbyjzb.yja (601 bytes)
%WinDir%\SoftwareDistribution\Download\cb88a2f03b29735db957d61a63df6504\update\jaaarizar.rrz (601 bytes)
%WinDir%\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\update\jaaarizar.rrz (601 bytes)
%WinDir%\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\update\azyiyaiby.qya (601 bytes)
%WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\sp3qfe\azyiyaiby.qya (601 bytes)
%WinDir%\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\update\ararqqjyz.bzb (601 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\yayarabri.azz (601 bytes)
%WinDir%\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\jaaarizar.rrz (601 bytes)
%WinDir%\SoftwareDistribution\Download\248802b74506342031e926839639c729\update\zaribyqab.ijr (601 bytes)
%WinDir%\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\jqiaqjjrr.zqy (601 bytes)
%WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\jaaarizar.rrz (601 bytes)
%Program Files%\NetMeeting\rqyrabrra.raryaibyqyaj.qia (601 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\rqyrabrra.rar (601 bytes)
%WinDir%\SoftwareDistribution\Download\ee4e3d4bf0d346e1b8fdee8197195e59\jaaarizar.rrz (601 bytes)
%WinDir%\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\iiirrqyra.brr (601 bytes)
%WinDir%\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\azyiyaiby.qya (601 bytes)
%WinDir%\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\update\zaribyqab.ijr (601 bytes)
%WinDir%\jqiaqjjrr.zqy (601 bytes)
%WinDir%\SoftwareDistribution\Download\0c1e5e0ffeb238b1ee5c9ea3a4878374\update\ararqqjyz.bzb (601 bytes)
%Program Files%\WinPcap\byqabijra.zyibriazzz.ari.qqja (601 bytes)
%WinDir%\Microsoft.NET\Framework\yqqjbyjzb.yja (601 bytes)
%WinDir%\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\jqiaqjjrr.zqy (601 bytes)
%WinDir%\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2\update\jqiaqjjrr.zqy (601 bytes)
%WinDir%\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\ararqqjyz.bzb (601 bytes)
%WinDir%\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\update\yqqjbyjzb.yja (601 bytes)
%WinDir%\xwrm.exe (601 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\qqjyzbzby.qqj (601 bytes)
%WinDir%\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\yqqjbyjzb.yja (601 bytes)
%WinDir%\SoftwareDistribution\Download\57b4b90cc3eead9f6c29b58581d03ae4\update\yqqjbyjzb.yja (601 bytes)
%WinDir%\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6\update\ararqqjyz.bzb (601 bytes)
%WinDir%\SoftwareDistribution\Download\196fa81559690e2494e56094df51cdd8\jqiaqjjrr.zqy (601 bytes)
%WinDir%\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\yayarabri.azz (601 bytes)
%WinDir%\$NtUninstallKB898461$\spuninst\ararqqjyz.bzb (1137 bytes)
%WinDir%\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\azyiyaiby.qya (601 bytes)
%WinDir%\SoftwareDistribution\Download\b6f4642d2b8dc03c5ce1b1a4f77b1bda\zaribyqab.ijr (601 bytes)
%WinDir%\ime\imjp8_1\yqqjbyjzb.yja (601 bytes)
%WinDir%\SoftwareDistribution\Download\dffcab319e36b852e5b2d51802010a7a\update\yayarabri.azz (601 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\qjjrrzqyj.aaa (601 bytes)
%WinDir%\Network Diagnostic\azyiyaiby.qya (601 bytes)
%WinDir%\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\zaribyqab.ijr (601 bytes)
%WinDir%\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\ararqqjyz.bzb (601 bytes)
%Program Files%\Windows Media Player\qjjrrzqyj.aaaqia (601 bytes)
%Program Files%\Common Files\Adobe\Updater6\rabriazzz.ari (601 bytes)
%WinDir%\SoftwareDistribution\Download\a4c07d9275eb613d842cb1e140d8a426\update\azyiyaiby.qya (601 bytes)
%WinDir%\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\update\ararqqjyz.bzb (601 bytes)
%Program Files%\Outlook Express\byjzbyjay.ayaqyaj.qia (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ryairz.yqjy.yyy (113 bytes)
%WinDir%\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074\update\jqiaqjjrr.zqy (601 bytes)
%Program Files%\MSN Gaming Zone\Windows\rabriazzz.arij (601 bytes)
%WinDir%\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\update\yayarabri.azz (601 bytes)
%WinDir%\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\azyiyaiby.qya (601 bytes)
%Program Files%\NetMeeting\qjjrrzqyj.aaayaibyqyaj.qia (601 bytes)
%WinDir%\SoftwareDistribution\Download\6b7f938fb3db15dab273f3f1702c318c\update\iiirrqyra.brr (601 bytes)
%WinDir%\ime\imkr6_1\yayarabri.azz (601 bytes)
%WinDir%\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\ararqqjyz.bzb (601 bytes)
%WinDir%\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\update\iiirrqyra.brr (601 bytes)
%WinDir%\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\yqqjbyjzb.yja (601 bytes)
%WinDir%\SoftwareDistribution\Download\248802b74506342031e926839639c729\sp3qfe\yqqjbyjzb.yja (601 bytes)
%Program Files%\Common Files\Microsoft Shared\DW\byqabijra.zyi (601 bytes)
%WinDir%\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5\update\zaribyqab.ijr (601 bytes)
%WinDir%\SoftwareDistribution\Download\a4c07d9275eb613d842cb1e140d8a426\zaribyqab.ijr (601 bytes)
%WinDir%\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\update\yqqjbyjzb.yja (601 bytes)
%Program Files%\MSN Gaming Zone\Windows\byjzbyjay.ayaj (601 bytes)
%WinDir%\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074\azyiyaiby.qya (601 bytes)
%WinDir%\SoftwareDistribution\Download\8bb5f1c638778df6b77d80bc61ffc63c\ararqqjyz.bzb (601 bytes)
%WinDir%\inf\azyiyaiby.qya (601 bytes)
%WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\jqiaqjjrr.zqy (601 bytes)
%WinDir%\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d\zaribyqab.ijr (601 bytes)
%WinDir%\ime\imjp8_1\jqiaqjjrr.zqy (601 bytes)
%WinDir%\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba\azyiyaiby.qya (601 bytes)
%WinDir%\SoftwareDistribution\Download\621a08ac003b616bcaa86aa4d4292d50\yayarabri.azz (601 bytes)
%WinDir%\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\azyiyaiby.qya (601 bytes)
%WinDir%\pchealth\helpctr\binaries\jaaarizar.rrz (601 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\qqjyzbzby.qqj (601 bytes)
%WinDir%\ime\imjp8_1\azyiyaiby.qya (601 bytes)
%WinDir%\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd\yqqjbyjzb.yja (601 bytes)
%WinDir%\SoftwareDistribution\Download\0000894bab70b145c3629920ba907f7a\update\jaaarizar.rrz (601 bytes)
%WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\zaribyqab.ijr (601 bytes)
%WinDir%\SoftwareDistribution\Download\196fa81559690e2494e56094df51cdd8\update\jaaarizar.rrz (601 bytes)
%WinDir%\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\iiirrqyra.brr (601 bytes)
%WinDir%\ime\imjp8_1\jaaarizar.rrz (601 bytes)
%WinDir%\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\update\azyiyaiby.qya (601 bytes)
%WinDir%\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\update\jqiaqjjrr.zqy (601 bytes)
%WinDir%\SoftwareDistribution\Download\cb88a2f03b29735db957d61a63df6504\jqiaqjjrr.zqy (601 bytes)
%Program Files%\Outlook Express\yaibyqyaj.qiaqyaj.qia (601 bytes)
%WinDir%\SoftwareDistribution\Download\17e46901add634f15d293735648771e6\update\azyiyaiby.qya (601 bytes)
%WinDir%\SoftwareDistribution\Download\8b9a83d2cde55eb19dc502cc2dd04e0d\jaaarizar.rrz (601 bytes)
%WinDir%\SoftwareDistribution\Download\621a08ac003b616bcaa86aa4d4292d50\update\zaribyqab.ijr (601 bytes)
%Program Files%\Outlook Express\qqjyzbzby.qqjqyaj.qia (601 bytes)
%WinDir%\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da\iiirrqyra.brr (601 bytes)
%WinDir%\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\zaribyqab.ijr (601 bytes)
%Program Files%\Outlook Express\byqabijra.zyiqyaj.qia (601 bytes)
%Program Files%\Windows NT\Pinball\rabriazzz.ari.qqja (601 bytes)
%WinDir%\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\jqiaqjjrr.zqy (601 bytes)
%WinDir%\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d\update\azyiyaiby.qya (601 bytes)

The process rqyrabrra.rar:876 makes changes in the file system.
The DeepScan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\qjyyyz.iriy.yyy (113 bytes)

The process rqyrabrra.rar:1788 makes changes in the file system.
The DeepScan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\iijyjr.qziy.yyy (113 bytes)

Registry activity

The process %original file name%.exe:1548 makes changes in the system registry.
The DeepScan creates and/or sets the following values in system registry:
To automatically run itself each time Windows is booted, the DeepScan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"x32x" = "%WinDir%\xwrm.exe"

Dropped PE files

MD5 File path
c3eacaeb98e6eccf860715c9a1b3014e c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\yaibyqyaj.qia
c3eacaeb98e6eccf860715c9a1b3014e c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\qjjrrzqyj.aaaqyaj.qia
c3eacaeb98e6eccf860715c9a1b3014e c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\ryairz.yqjy.yyy
c3eacaeb98e6eccf860715c9a1b3014e c:\Perl\bin\byjzbyjay.aya
c3eacaeb98e6eccf860715c9a1b3014e c:\Perl\bin\qqjyzbzby.qqj
c3eacaeb98e6eccf860715c9a1b3014e c:\Perl\bin\rabriazzz.ari
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\Adobe\Reader 9.0\Reader\byjzbyjay.aya
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\Adobe\Reader 9.0\Reader\byqabijra.zyi
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\Adobe\Reader 9.0\Reader\qqjyzbzby.qqj
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\Adobe\Reader 9.0\Reader\rabriazzz.ari
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\Adobe\Reader 9.0\Reader\rizarrrzi.iir
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\Adobe\Reader 9.0\Reader\yaibyqyaj.qia
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A93000000001}\yaibyqyaj.qiayj.aaaqyaj.qia
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\Common Files\Adobe\ARM\1.0\qjjrrzqyj.aaa
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\Common Files\Adobe\ARM\1.0\qqjyzbzby.qqj
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\Common Files\Adobe\ARM\1.0\rizarrrzi.iir
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\Common Files\Adobe\ARM\1.0\rqyrabrra.rar
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\Common Files\Adobe\Updater6\rabriazzz.ari
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\Common Files\Microsoft Shared\DW\byqabijra.zyi
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\Common Files\Microsoft Shared\DW\yaibyqyaj.qia
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\Common Files\Microsoft Shared\MSInfo\qjjrrzqyj.aaa
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\MSN Gaming Zone\Windows\byjzbyjay.ayaj
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\MSN Gaming Zone\Windows\byqabijra.zyij
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\MSN Gaming Zone\Windows\rabriazzz.arij
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\MSN Gaming Zone\Windows\yaibyqyaj.qia
5ac6cd4642fc24dc829bf5025a557efb c:\Program Files\MSN Gaming Zone\Windows\zClientm.exe
5ac6cd4642fc24dc829bf5025a557efb c:\Program Files\MSN Gaming Zone\Windows\zclientm.exe
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\NetMeeting\qjjrrzqyj.aaayaibyqyaj.qia
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\NetMeeting\rizarrrzi.iiryaibyqyaj.qia
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\NetMeeting\rqyrabrra.raryaibyqyaj.qia
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\Outlook Express\byjzbyjay.ayaqyaj.qia
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\Outlook Express\byqabijra.zyiqyaj.qia
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\Outlook Express\qqjyzbzby.qqjqyaj.qia
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\Outlook Express\yaibyqyaj.qiaqyaj.qia
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\WinPcap\byqabijra.zyibriazzz.ari.qqja
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\Windows Media Player\qjjrrzqyj.aaaqia
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\Windows Media Player\rizarrrzi.iir
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\Windows Media Player\rqyrabrra.rar
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\Windows NT\Accessories\qqjyzbzby.qqja
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\Windows NT\Pinball\rabriazzz.ari.qqja
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\Windows NT\byjzbyjay.aya
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\Wireshark\izaayyzjy.iry
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\Wireshark\jayjzaayz.jia
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\Wireshark\qjjrrzqyj.aaa
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\Wireshark\qqjyzbzby.qqj
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\Wireshark\rizarrrzi.iir
c3eacaeb98e6eccf860715c9a1b3014e c:\Program Files\Wireshark\rqyrabrra.rar
c3eacaeb98e6eccf860715c9a1b3014e c:\WINDOWS\$NtUninstallKB898461$\spuninst\ararqqjyz.bzb
c3eacaeb98e6eccf860715c9a1b3014e c:\WINDOWS\$hf_mig$\KB898461\jaaarizar.rrz
c3eacaeb98e6eccf860715c9a1b3014e c:\WINDOWS\$hf_mig$\KB898461\update\iiirrqyra.brr.qqja
c3eacaeb98e6eccf860715c9a1b3014e c:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\ararqqjyz.bzb
c3eacaeb98e6eccf860715c9a1b3014e c:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\azyiyaiby.qya
c3eacaeb98e6eccf860715c9a1b3014e c:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\iiirrqyra.brr
c3eacaeb98e6eccf860715c9a1b3014e c:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\jqiaqjjrr.zqy
c3eacaeb98e6eccf860715c9a1b3014e c:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\yayarabri.azz
c3eacaeb98e6eccf860715c9a1b3014e c:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\zaribyqab.ijr
c3eacaeb98e6eccf860715c9a1b3014e c:\WINDOWS\ime\imjp8_1\ararqqjyz.bzb
c3eacaeb98e6eccf860715c9a1b3014e c:\WINDOWS\ime\imjp8_1\azyiyaiby.qya
c3eacaeb98e6eccf860715c9a1b3014e c:\WINDOWS\ime\imjp8_1\iiirrqyra.brr
c3eacaeb98e6eccf860715c9a1b3014e c:\WINDOWS\ime\imjp8_1\jaaarizar.rrz
c3eacaeb98e6eccf860715c9a1b3014e c:\WINDOWS\ime\imjp8_1\jqiaqjjrr.zqy
c3eacaeb98e6eccf860715c9a1b3014e c:\WINDOWS\ime\imjp8_1\yqqjbyjzb.yja
c3eacaeb98e6eccf860715c9a1b3014e c:\WINDOWS\ime\imjp8_1\zaribyqab.ijr
c3eacaeb98e6eccf860715c9a1b3014e c:\WINDOWS\ime\imkr6_1\yayarabri.azz
c3eacaeb98e6eccf860715c9a1b3014e c:\WINDOWS\xwrm.exe
c3eacaeb98e6eccf860715c9a1b3014e c:\totalcmd\jqiaqjjrr.zqy
c3eacaeb98e6eccf860715c9a1b3014e c:\totalcmd\yayarabri.azz
c3eacaeb98e6eccf860715c9a1b3014e c:\totalcmd\yqqjbyjzb.yja

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
irqqjzbq 4096 4096 1536 0.596697 fef1af39891c56ec0d74560c2baf8295
ajqrzqyj 8192 32768 32256 4.47401 a1b25ab8955dc0c63c5dc98ef98f786f
aaarizar 40960 4096 512 0.468013 03990ce32513f25d3855296b7bc8aa4d
rrziiirr 45056 4096 2048 3.92473 6481060bb77e469e5fdb95d8e5c6ab31
qyrabrra 49152 61440 61440 5.35942 e058aa851f6889b433752a6fa056a57c

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

No activity has been detected.

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

Web Traffic was not found.

%original file name%.exe_1548:

\xwrm.exe
%WinDir%\xwrm.exe
Software\Microsoft\Windows\CurrentVersion\Run
USER %s 8 * :%s
NICK %s
PONG %s
JOIN #england
PRIVMSG #england :.-:[X-Worm]:-.
irc.undernet.org
MAIL FROM:<%s>
RCPT TO:<%s>
--%s--
From:<%s>
To: %s
Subject:%s
boundary="%s"
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
charset="windows-1255"
name= "%s%s"
Content-Disposition: attachment; filename="%s%s"
Support
No.reply
8.txtt:
8.htmt2
8.rtft*
8.doct"
8.bdxt
8.phpt
8.jspt
8.cgit
smtp
ws2_32.dll
dc7262f-206.167.78.17-1360768137
scorecardresearch.com/
1425083008
30425027
1426151008
30280152
1360768137
1151008
msn.com/
1424459648
30286187
1557551008
2039315584
30281596
2579431008
2420883456
30427039
3890521008
4245850752
30427038
1419901008
ADVAPI32.DLL
RegOpenKeyExA
RegCloseKey
User32.dll
[email protected][1].txt
h[2].txt
4531-1003
ADM@SS~1.TXT
8.exe
8.scrtt
8.avitJ
8.doctB
8.mp3t:
8.mpgt2
8.xlst*
8.jpgt"
8.zipt
8.isot
8.pdft
8.pptt
8.rart
c:\WINDOWS\_default.pif
stem.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
nSolicitedRCUI.htm
rs.Soap.dll
SFC.DLL
WinExec
jaaarizar.rrz
c:\WINDOWS\jaaarizar.rrz
bution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\update\zaribyqab.ijr
qyaj.qia
ReadMe.exe
c:\%original file name%.exe
e6.exe
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\ryairz.yqjy.yyy
GetWindowsDirectoryA
FPTBAWDRF-INOCPANDANTIAMONN32SNOD3NPSSSMSSSCANZONEPROTMONIRWEBMIRCCKDOTROJSAFEJEDITRAYANDASPIDPLORNDLLTRENNSPLNSCHSYSTALERj
KERNEL32.dll
;N.Er
J'Z4Y}.UaY
S
P=d.ssZ
.Ag{||"M*/
c.dM:
}%fTC


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    %original file name%.exe:1548
    rqyrabrra.rar:876
    rqyrabrra.rar:1788

  2. Delete the original DeepScan file.
  3. Delete or disinfect the following files created/modified by the DeepScan:

    %WinDir%\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba\update\jqiaqjjrr.zqy (601 bytes)
    %WinDir%\ime\imjp8_1\ararqqjyz.bzb (601 bytes)
    %WinDir%\SoftwareDistribution\Download\bc81666f3868f34642e3f5adbc2719f9\update\yayarabri.azz (601 bytes)
    %Program Files%\Windows Media Player\rizarrrzi.iir (601 bytes)
    %WinDir%\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\yayarabri.azz (601 bytes)
    %Program Files%\Common Files\Adobe\ARM\1.0\rizarrrzi.iir (601 bytes)
    %WinDir%\SoftwareDistribution\Download\b6f4642d2b8dc03c5ce1b1a4f77b1bda\update\azyiyaiby.qya (601 bytes)
    %Program Files%\MSN Gaming Zone\Windows\yaibyqyaj.qia (601 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\rizarrrzi.iir (601 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\rabriazzz.ari (601 bytes)
    %Program Files%\Windows Media Player\rqyrabrra.rar (601 bytes)
    %WinDir%\SoftwareDistribution\Download\8bb5f1c638778df6b77d80bc61ffc63c\update\yqqjbyjzb.yja (601 bytes)
    %WinDir%\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\update\jaaarizar.rrz (601 bytes)
    %WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\iiirrqyra.brr (601 bytes)
    %WinDir%\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\update\jqiaqjjrr.zqy (601 bytes)
    %WinDir%\SoftwareDistribution\Download\0c1e5e0ffeb238b1ee5c9ea3a4878374\iiirrqyra.brr (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\qjjrrzqyj.aaaqyaj.qia (601 bytes)
    %WinDir%\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\update\iiirrqyra.brr (601 bytes)
    %WinDir%\SoftwareDistribution\Download\6b7f938fb3db15dab273f3f1702c318c\jaaarizar.rrz (601 bytes)
    C:\totalcmd\jqiaqjjrr.zqy (601 bytes)
    %WinDir%\SoftwareDistribution\Download\e5c5fc9bd7a4957f0a45c6db2957c5c9\update\yqqjbyjzb.yja (601 bytes)
    %WinDir%\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80\update\jaaarizar.rrz (601 bytes)
    %Program Files%\Common Files\Microsoft Shared\DW\yaibyqyaj.qia (601 bytes)
    %Program Files%\Windows NT\Accessories\qqjyzbzby.qqja (601 bytes)
    %WinDir%\SoftwareDistribution\Download\248802b74506342031e926839639c729\yayarabri.azz (601 bytes)
    %WinDir%\SoftwareDistribution\Download\0000894bab70b145c3629920ba907f7a\jqiaqjjrr.zqy (601 bytes)
    %Program Files%\Windows NT\byjzbyjay.aya (601 bytes)
    %WinDir%\SoftwareDistribution\Download\ee4e3d4bf0d346e1b8fdee8197195e59\update\iiirrqyra.brr (601 bytes)
    C:\totalcmd\yayarabri.azz (601 bytes)
    %WinDir%\SoftwareDistribution\Download\30438597a812a5d1d7979088d451747f\update\zaribyqab.ijr (601 bytes)
    %WinDir%\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\update\jaaarizar.rrz (601 bytes)
    %WinDir%\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\update\ararqqjyz.bzb (601 bytes)
    %WinDir%\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da\update\ararqqjyz.bzb (601 bytes)
    %WinDir%\ime\imjp8_1\zaribyqab.ijr (601 bytes)
    %WinDir%\SoftwareDistribution\Download\211409fc1d99b95b32fb0344cad140df\update\yayarabri.azz (601 bytes)
    %WinDir%\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd\update\yayarabri.azz (601 bytes)
    %WinDir%\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\update\zaribyqab.ijr (601 bytes)
    %Program Files%\NetMeeting\rizarrrzi.iiryaibyqyaj.qia (601 bytes)
    %WinDir%\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\update\yayarabri.azz (601 bytes)
    %WinDir%\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\iiirrqyra.brr (601 bytes)
    %WinDir%\SoftwareDistribution\Download\c0e4033a7ec549e982572f0d830cf5d0\iiirrqyra.brr (601 bytes)
    %WinDir%\SoftwareDistribution\Download\e79028ac4f02e201b61b2c632cb0fc5e\yayarabri.azz (601 bytes)
    %WinDir%\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\yayarabri.azz (601 bytes)
    %WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\azyiyaiby.qya (601 bytes)
    %WinDir%\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5\yayarabri.azz (601 bytes)
    %WinDir%\SoftwareDistribution\Download\211409fc1d99b95b32fb0344cad140df\yqqjbyjzb.yja (601 bytes)
    %WinDir%\SoftwareDistribution\Download\e5c5fc9bd7a4957f0a45c6db2957c5c9\ararqqjyz.bzb (601 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\yaibyqyaj.qia (601 bytes)
    %WinDir%\SoftwareDistribution\Download\e79028ac4f02e201b61b2c632cb0fc5e\update\zaribyqab.ijr (601 bytes)
    %WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\jqiaqjjrr.zqy (601 bytes)
    %WinDir%\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\jqiaqjjrr.zqy (601 bytes)
    %WinDir%\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\zaribyqab.ijr (601 bytes)
    %WinDir%\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\jaaarizar.rrz (601 bytes)
    %WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\sp3qfe\zaribyqab.ijr (601 bytes)
    %WinDir%\SoftwareDistribution\Download\bc81666f3868f34642e3f5adbc2719f9\yqqjbyjzb.yja (601 bytes)
    %WinDir%\SoftwareDistribution\Download\57b4b90cc3eead9f6c29b58581d03ae4\ararqqjyz.bzb (601 bytes)
    %WinDir%\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\update\yayarabri.azz (601 bytes)
    %WinDir%\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\update\azyiyaiby.qya (601 bytes)
    %WinDir%\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\update\yayarabri.azz (601 bytes)
    %WinDir%\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\update\ararqqjyz.bzb (601 bytes)
    %WinDir%\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\zaribyqab.ijr (601 bytes)
    %WinDir%\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2\azyiyaiby.qya (601 bytes)
    %WinDir%\pchealth\helpctr\binaries\yqqjbyjzb.yja (601 bytes)
    %WinDir%\SoftwareDistribution\Download\1c47f41cc76cde4c629564d7564f2795\iiirrqyra.brr (601 bytes)
    %WinDir%\$hf_mig$\KB898461\update\iiirrqyra.brr.qqja (601 bytes)
    %WinDir%\SoftwareDistribution\Download\dffcab319e36b852e5b2d51802010a7a\yqqjbyjzb.yja (601 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\byjzbyjay.aya (601 bytes)
    %WinDir%\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\yqqjbyjzb.yja (601 bytes)
    %WinDir%\ime\imjp8_1\iiirrqyra.brr (601 bytes)
    %WinDir%\SoftwareDistribution\Download\1c47f41cc76cde4c629564d7564f2795\update\ararqqjyz.bzb (601 bytes)
    %WinDir%\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\update\iiirrqyra.brr (601 bytes)
    %WinDir%\SoftwareDistribution\Download\30438597a812a5d1d7979088d451747f\yayarabri.azz (601 bytes)
    %Program Files%\MSN Gaming Zone\Windows\byqabijra.zyij (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\yaibyqyaj.qia (601 bytes)
    %Program Files%\Common Files\Microsoft Shared\MSInfo\qjjrrzqyj.aaa (601 bytes)
    %WinDir%\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\yqqjbyjzb.yja (601 bytes)
    %Program Files%\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A93000000001}\yaibyqyaj.qiayj.aaaqyaj.qia (601 bytes)
    %WinDir%\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\jaaarizar.rrz (601 bytes)
    %WinDir%\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\yqqjbyjzb.yja (601 bytes)
    %WinDir%\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\SP2QFE\ararqqjyz.bzb (601 bytes)
    %WinDir%\SoftwareDistribution\Download\8b9a83d2cde55eb19dc502cc2dd04e0d\update\iiirrqyra.brr (601 bytes)
    %WinDir%\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\update\jaaarizar.rrz (601 bytes)
    %WinDir%\$hf_mig$\KB898461\jaaarizar.rrz (601 bytes)
    %WinDir%\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6\iiirrqyra.brr (601 bytes)
    %WinDir%\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80\jqiaqjjrr.zqy (601 bytes)
    %WinDir%\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\update\iiirrqyra.brr (601 bytes)
    %WinDir%\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\jqiaqjjrr.zqy (601 bytes)
    %WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\ararqqjyz.bzb (601 bytes)
    %WinDir%\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\iiirrqyra.brr (601 bytes)
    %WinDir%\SoftwareDistribution\Download\c0e4033a7ec549e982572f0d830cf5d0\update\ararqqjyz.bzb (601 bytes)
    %WinDir%\SoftwareDistribution\Download\17e46901add634f15d293735648771e6\zaribyqab.ijr (601 bytes)
    %WinDir%\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\jaaarizar.rrz (601 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\byqabijra.zyi (601 bytes)
    C:\totalcmd\yqqjbyjzb.yja (601 bytes)
    %WinDir%\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\update\yqqjbyjzb.yja (601 bytes)
    %WinDir%\SoftwareDistribution\Download\cb88a2f03b29735db957d61a63df6504\update\jaaarizar.rrz (601 bytes)
    %WinDir%\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\update\jaaarizar.rrz (601 bytes)
    %WinDir%\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\update\azyiyaiby.qya (601 bytes)
    %WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\sp3qfe\azyiyaiby.qya (601 bytes)
    %WinDir%\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\update\ararqqjyz.bzb (601 bytes)
    %WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\yayarabri.azz (601 bytes)
    %WinDir%\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\jaaarizar.rrz (601 bytes)
    %WinDir%\SoftwareDistribution\Download\248802b74506342031e926839639c729\update\zaribyqab.ijr (601 bytes)
    %WinDir%\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\jqiaqjjrr.zqy (601 bytes)
    %WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\jaaarizar.rrz (601 bytes)
    %Program Files%\NetMeeting\rqyrabrra.raryaibyqyaj.qia (601 bytes)
    %Program Files%\Common Files\Adobe\ARM\1.0\rqyrabrra.rar (601 bytes)
    %WinDir%\SoftwareDistribution\Download\ee4e3d4bf0d346e1b8fdee8197195e59\jaaarizar.rrz (601 bytes)
    %WinDir%\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\iiirrqyra.brr (601 bytes)
    %WinDir%\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\azyiyaiby.qya (601 bytes)
    %WinDir%\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\update\zaribyqab.ijr (601 bytes)
    %WinDir%\jqiaqjjrr.zqy (601 bytes)
    %WinDir%\SoftwareDistribution\Download\0c1e5e0ffeb238b1ee5c9ea3a4878374\update\ararqqjyz.bzb (601 bytes)
    %Program Files%\WinPcap\byqabijra.zyibriazzz.ari.qqja (601 bytes)
    %WinDir%\Microsoft.NET\Framework\yqqjbyjzb.yja (601 bytes)
    %WinDir%\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\jqiaqjjrr.zqy (601 bytes)
    %WinDir%\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2\update\jqiaqjjrr.zqy (601 bytes)
    %WinDir%\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\ararqqjyz.bzb (601 bytes)
    %WinDir%\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\update\yqqjbyjzb.yja (601 bytes)
    %WinDir%\xwrm.exe (601 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\qqjyzbzby.qqj (601 bytes)
    %WinDir%\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\yqqjbyjzb.yja (601 bytes)
    %WinDir%\SoftwareDistribution\Download\57b4b90cc3eead9f6c29b58581d03ae4\update\yqqjbyjzb.yja (601 bytes)
    %WinDir%\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6\update\ararqqjyz.bzb (601 bytes)
    %WinDir%\SoftwareDistribution\Download\196fa81559690e2494e56094df51cdd8\jqiaqjjrr.zqy (601 bytes)
    %WinDir%\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\yayarabri.azz (601 bytes)
    %WinDir%\$NtUninstallKB898461$\spuninst\ararqqjyz.bzb (1137 bytes)
    %WinDir%\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\azyiyaiby.qya (601 bytes)
    %WinDir%\SoftwareDistribution\Download\b6f4642d2b8dc03c5ce1b1a4f77b1bda\zaribyqab.ijr (601 bytes)
    %WinDir%\ime\imjp8_1\yqqjbyjzb.yja (601 bytes)
    %WinDir%\SoftwareDistribution\Download\dffcab319e36b852e5b2d51802010a7a\update\yayarabri.azz (601 bytes)
    %Program Files%\Common Files\Adobe\ARM\1.0\qjjrrzqyj.aaa (601 bytes)
    %WinDir%\Network Diagnostic\azyiyaiby.qya (601 bytes)
    %WinDir%\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\zaribyqab.ijr (601 bytes)
    %WinDir%\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\ararqqjyz.bzb (601 bytes)
    %Program Files%\Windows Media Player\qjjrrzqyj.aaaqia (601 bytes)
    %Program Files%\Common Files\Adobe\Updater6\rabriazzz.ari (601 bytes)
    %WinDir%\SoftwareDistribution\Download\a4c07d9275eb613d842cb1e140d8a426\update\azyiyaiby.qya (601 bytes)
    %WinDir%\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\update\ararqqjyz.bzb (601 bytes)
    %Program Files%\Outlook Express\byjzbyjay.ayaqyaj.qia (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ryairz.yqjy.yyy (113 bytes)
    %WinDir%\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074\update\jqiaqjjrr.zqy (601 bytes)
    %Program Files%\MSN Gaming Zone\Windows\rabriazzz.arij (601 bytes)
    %WinDir%\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\update\yayarabri.azz (601 bytes)
    %WinDir%\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\azyiyaiby.qya (601 bytes)
    %Program Files%\NetMeeting\qjjrrzqyj.aaayaibyqyaj.qia (601 bytes)
    %WinDir%\SoftwareDistribution\Download\6b7f938fb3db15dab273f3f1702c318c\update\iiirrqyra.brr (601 bytes)
    %WinDir%\ime\imkr6_1\yayarabri.azz (601 bytes)
    %WinDir%\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\ararqqjyz.bzb (601 bytes)
    %WinDir%\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\update\iiirrqyra.brr (601 bytes)
    %WinDir%\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\yqqjbyjzb.yja (601 bytes)
    %WinDir%\SoftwareDistribution\Download\248802b74506342031e926839639c729\sp3qfe\yqqjbyjzb.yja (601 bytes)
    %Program Files%\Common Files\Microsoft Shared\DW\byqabijra.zyi (601 bytes)
    %WinDir%\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5\update\zaribyqab.ijr (601 bytes)
    %WinDir%\SoftwareDistribution\Download\a4c07d9275eb613d842cb1e140d8a426\zaribyqab.ijr (601 bytes)
    %WinDir%\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\update\yqqjbyjzb.yja (601 bytes)
    %Program Files%\MSN Gaming Zone\Windows\byjzbyjay.ayaj (601 bytes)
    %WinDir%\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074\azyiyaiby.qya (601 bytes)
    %WinDir%\SoftwareDistribution\Download\8bb5f1c638778df6b77d80bc61ffc63c\ararqqjyz.bzb (601 bytes)
    %WinDir%\inf\azyiyaiby.qya (601 bytes)
    %WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\jqiaqjjrr.zqy (601 bytes)
    %WinDir%\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d\zaribyqab.ijr (601 bytes)
    %WinDir%\ime\imjp8_1\jqiaqjjrr.zqy (601 bytes)
    %WinDir%\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba\azyiyaiby.qya (601 bytes)
    %WinDir%\SoftwareDistribution\Download\621a08ac003b616bcaa86aa4d4292d50\yayarabri.azz (601 bytes)
    %WinDir%\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\azyiyaiby.qya (601 bytes)
    %WinDir%\pchealth\helpctr\binaries\jaaarizar.rrz (601 bytes)
    %Program Files%\Common Files\Adobe\ARM\1.0\qqjyzbzby.qqj (601 bytes)
    %WinDir%\ime\imjp8_1\azyiyaiby.qya (601 bytes)
    %WinDir%\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd\yqqjbyjzb.yja (601 bytes)
    %WinDir%\SoftwareDistribution\Download\0000894bab70b145c3629920ba907f7a\update\jaaarizar.rrz (601 bytes)
    %WinDir%\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\zaribyqab.ijr (601 bytes)
    %WinDir%\SoftwareDistribution\Download\196fa81559690e2494e56094df51cdd8\update\jaaarizar.rrz (601 bytes)
    %WinDir%\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\iiirrqyra.brr (601 bytes)
    %WinDir%\ime\imjp8_1\jaaarizar.rrz (601 bytes)
    %WinDir%\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\update\azyiyaiby.qya (601 bytes)
    %WinDir%\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\update\jqiaqjjrr.zqy (601 bytes)
    %WinDir%\SoftwareDistribution\Download\cb88a2f03b29735db957d61a63df6504\jqiaqjjrr.zqy (601 bytes)
    %Program Files%\Outlook Express\yaibyqyaj.qiaqyaj.qia (601 bytes)
    %WinDir%\SoftwareDistribution\Download\17e46901add634f15d293735648771e6\update\azyiyaiby.qya (601 bytes)
    %WinDir%\SoftwareDistribution\Download\8b9a83d2cde55eb19dc502cc2dd04e0d\jaaarizar.rrz (601 bytes)
    %WinDir%\SoftwareDistribution\Download\621a08ac003b616bcaa86aa4d4292d50\update\zaribyqab.ijr (601 bytes)
    %Program Files%\Outlook Express\qqjyzbzby.qqjqyaj.qia (601 bytes)
    %WinDir%\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da\iiirrqyra.brr (601 bytes)
    %WinDir%\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\zaribyqab.ijr (601 bytes)
    %Program Files%\Outlook Express\byqabijra.zyiqyaj.qia (601 bytes)
    %Program Files%\Windows NT\Pinball\rabriazzz.ari.qqja (601 bytes)
    %WinDir%\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\jqiaqjjrr.zqy (601 bytes)
    %WinDir%\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d\update\azyiyaiby.qya (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qjyyyz.iriy.yyy (113 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\iijyjr.qziy.yyy (113 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "x32x" = "%WinDir%\xwrm.exe"

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now