Gen.Variant.Adware.Graftor.153648_b1af5ac3e5

by malwarelabrobot on October 26th, 2014 in Malware Descriptions.

Gen:Variant.Adware.Graftor.153648 (BitDefender), HEUR:Trojan.Win32.Generic (Kaspersky), Gen:Variant.Adware.Graftor.153648 (B) (Emsisoft), MultiPlug (McAfee), Trojan-Spy.Zbot (Ikarus), Gen:Variant.Adware.Graftor.153648 (FSecure), Generic5.BGRV (AVG), Win32:PUP-gen [PUP] (Avast), Gen:Variant.Adware.Graftor.153648 (AdAware), Trojan-Downloader.Win32.Moure.FD (Lavasoft MAS)
Behaviour: Trojan-Downloader, Trojan-Spy, Trojan, PUP, Adware


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: b1af5ac3e5b0f50ab7635880c70c7175
SHA1: a254bb4b9f52b7142bf0f492ed63be8c5f3feceb
SHA256: 5d3c51ecec9ffb91c4dfb1cc4c78db82901fde2aa6b214a796d0e79ed62bdfab
SSDeep: 49152:QDggio68XKl7r7 4UqfZGwwqy84PQVPcQv8eupvv8O66dJA:QD3o8XKZrCsfZGwS84PQ9cNvpvd
Size: 2178048 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2014-08-23 01:41:36
Analyzed on: WindowsXPESX SP3 32-bit


Summary:

Trojan-Downloader. Trojan program, which downloads files from the Internet without user's notice and executes them.

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

%original file name%.exe:1264

The Trojan injects its code into the following process(es):
No processes have been created.

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:1264 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\PU3S.x64.dll (1793 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\[email protected]\chrome.manifest (25 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\jmlmmochpfiibegipfgefagefpmoagaa\P3GvG.js (6 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\[email protected]\bootstrap.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
%Program Files%\priicecchiop\PU3S.tlb (259 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\[email protected]\content\Yzf.js (48 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
%Program Files%\priicecchiop\PU3S.dll (15792 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
%System%\GroupPolicy\Machine\Registry.pol (264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\[email protected]\install.rdf (608 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\jmlmmochpfiibegipfgefagefpmoagaa\manifest.json (504 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\jmlmmochpfiibegipfgefagefpmoagaa\I.js (26 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\[email protected]\content\bg.js (33 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\jmlmmochpfiibegipfgefagefpmoagaa\content.js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\jmlmmochpfiibegipfgefagefpmoagaa\x4H.js (6 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
%System%\GroupPolicy\gpt.ini (315 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
%Program Files%\priicecchiop\PU3S.dat (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\jmlmmochpfiibegipfgefagefpmoagaa\lsdb.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\jmlmmochpfiibegipfgefagefpmoagaa\background.html (138 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\PU3S.dll (1733 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\FnHSM.dat (5 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\PU3S.tlb (3 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)

Registry activity

The process %original file name%.exe:1264 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "13 06 A6 28 C0 CB 28 ED 81 6F 8D AE 37 5B 05 BF"

[HKLM\SOFTWARE\Policies\Google\Update]
"UpdateDefault" = "0"

[HKLM\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"ap" = "-dev-multi-chrome"

[HKCU\Software\RegisteredApplicationsEx]
"40334eb6428471bf12fe50d26e957f12" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"ap" = "2.0-dev-multi-chrome"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{AE78FAD3-77ED-45C6-85F0-85048408759F}Machine\Software\Policies\Google\Chrome]
"MetricsReportingEnabled" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The Trojan deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{AE78FAD3-77ED-45C6-85F0-85048408759F}Machine\Software]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{AE78FAD3-77ED-45C6-85F0-85048408759F}Machine]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{AE78FAD3-77ED-45C6-85F0-85048408759F}User]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{AE78FAD3-77ED-45C6-85F0-85048408759F}Machine\Software\Policies\Google]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{AE78FAD3-77ED-45C6-85F0-85048408759F}Machine\Software\Policies\Google\Chrome]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{AE78FAD3-77ED-45C6-85F0-85048408759F}Machine\Software\Policies]

Dropped PE files

MD5 File path
374367ba293ed2c64cb7bfc4d1fe1417 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\70fa42c3\PU3S.dll
54e21b7dae36a033b7e663765a15b095 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\70fa42c3\PU3S.x64.dll
374367ba293ed2c64cb7bfc4d1fe1417 c:\Program Files\priicecchiop\PU3S.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 339991 340480 4.75175 11f8d9cab4251822f2868e88f4b55fc6
.rdata 348160 32722 32768 3.49463 a21a8c2ba98428ff39623ab1775e7b33
.data 380928 40444 30208 1.65289 09da0d4e54d4df7795e2308c3c55e4ae
.rsrc 421888 760 1762304 5.5209 5cb0a7b4c6f2282dfe50e59881c8805a
.reloc 425984 10762 11264 3.34015 ea47dc90400df4e01f6553558236814b

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 3
f459bed88d2ef5ed121e2e0316bd1ce8
ed31af926bd601de1747c080ffb76466
05e3b573186119b74f8146403d45fe61

URLs

No activity has been detected.

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

Web Traffic was not found.

The Trojan connects to the servers at the folowing location(s):

wuauclt.exe_1276:

.text
`.data
.rsrc
@.reloc
wuauclt.pdb
GetProcessHeap
KERNEL32.dll
_wcmdln
_amsg_exit
msvcrt.dll
ntdll.dll
ole32.dll
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
ADVAPI32.dll
USER32.dll
OLEAUT32.dll
SHLWAPI.dll
zcÁ
version="6.0.0.0"
name="Microsoft.Windows.windowsupdate.wuauclt"
<windowsSettings>
<dpiAware xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
</windowsSettings>
name="Microsoft.Windows.Common-Controls"
publicKeyToken="6595b64144ccf1df"
<requestedExecutionLevel
wuaueng.dll
Error: 0xx. wuauclt handler: failed to spawn COM server
Error: 0xx. wuauclt handler: failed to load wuaueng
/ReportNow
/ShowWindowsUpdate
/CloseWindowsUpdate
wuauclt.exe failed to get proc address for UI export object with error %#lx
Failed to load %s with error %X
wucltui.dll
wucltux.dll
call RunAUClientUI on wucltui.dll/wucltux.dll
Ntdll.dll
WuSqm %ls session datapoint (id:%d) is incremented with dword %d.
wuauclt.exe is exiting with code 0xX
wuauclt.exe launched with command line %s
kernel32.dll
WUWeb
Report
7.6.7600.256
Global\WindowsUpdateTracingMutex
WindowsUpdate.log
SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Trace
Windows
shell32.dll
%s: %s [
%s: %s
%s\%s
= Module: %s
= Module: <failed with %d>
= Process: %s
= Process: <failed with %d>
=========== Logging initialized (build: %s, tz: %s) ===========
wups2.dll
wups.dll
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup\ServiceStartup\
%hs %ls page "%ls", hr=%X
Microsoft.WindowsUpdate
wupdmgr.exe
Failed to cocreate IShellWindows, error = 0xlX
Failed to obtain window doc for window %d, error = 0xlX
Failed to obtain folder view for window %d, error = 0xlX
Failed to obtain folder IPersist for window %d, error = 0xlX
Window %d is NOT a WU window
Done enumerating windows
Quit for window %d failed: 0xlX
Window %d is a WU window. Attempting to close
Failed to obtain class ID for window %d, error = 0xlX
Got NULL disp interface for window %d
Got %d instead of VT_DISPATCH for window %d
Failed to obtain IWebBrowserApp for window %d, error = 0xlX
Failed to enumerate window %d, error = 0xlX
Found %d explorer windows
Closing WU explorer windows
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\VolatileData
WUAppNotificationWindows
SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired
SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired\Mandatory
SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\PostRebootReporting
SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\Pending\
%chdhd
hd-hd-hd%chd:hd:hd:hd
%WinDir%
Windows Update
7.6.7600.256 (winmain_wtr_wsus3sp2(oobla).120602-1459)
wuauclt.exe
Windows
Operating System


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    %original file name%.exe:1264

  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    %Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\PU3S.x64.dll (1793 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\[email protected]\chrome.manifest (25 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\jmlmmochpfiibegipfgefagefpmoagaa\P3GvG.js (6 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\[email protected]\bootstrap.js (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
    %Program Files%\priicecchiop\PU3S.tlb (259 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\[email protected]\content\Yzf.js (48 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
    %Program Files%\priicecchiop\PU3S.dll (15792 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
    %System%\GroupPolicy\Machine\Registry.pol (264 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\[email protected]\install.rdf (608 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\jmlmmochpfiibegipfgefagefpmoagaa\manifest.json (504 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\jmlmmochpfiibegipfgefagefpmoagaa\I.js (26 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\[email protected]\content\bg.js (33 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\jmlmmochpfiibegipfgefagefpmoagaa\content.js (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\jmlmmochpfiibegipfgefagefpmoagaa\x4H.js (6 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
    %System%\GroupPolicy\gpt.ini (315 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
    %Program Files%\priicecchiop\PU3S.dat (261 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\jmlmmochpfiibegipfgefagefpmoagaa\lsdb.js (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\jmlmmochpfiibegipfgefagefpmoagaa\background.html (138 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\PU3S.dll (1733 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\FnHSM.dat (5 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\70fa42c3\PU3S.tlb (3 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\background.html (138 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\manifest.json (760 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\content.js (262 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\lsdb.js (263 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\P3GvG.js (262 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\x4H.js (262 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmlmmochpfiibegipfgefagefpmoagaa\3.9\I.js (1040 bytes)

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now