Gen.Variant.Adware.MPlug.7_40374dafc7

by malwarelabrobot on May 11th, 2015 in Malware Descriptions.

Susp_Dropper (Kaspersky), Gen:Variant.Adware.MPlug.7 (B) (Emsisoft), Gen:Variant.Adware.MPlug.7 (AdAware), Trojan-Downloader.Win32.Moure.FD (Lavasoft MAS)
Behaviour: Trojan-Downloader, Trojan, Adware


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 40374dafc7c5638bd9662267a699d810
SHA1: e4ad736836e4a53594f6733d101326b2889b1da6
SHA256: 1bea3ce1fe6c374c0838626b92f7000823a5982fb6546f373a6e82f51750a115
SSDeep: 49152:czxF3zmyq2JwAc9CvL2MuDWbKcuALFfDAMixyl2hbFVAzKWAvsqo0XgIQYGzfAY:cdF/wAzIDWQO5A4lsFmAv7dXNzG
Size: 3505664 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2014-09-23 21:59:40
Analyzed on: WindowsXP SP3 32-bit


Summary:

Trojan-Downloader. Trojan program, which downloads files from the Internet without user's notice and executes them.

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

%original file name%.exe:1756
regsvr32.exe:1976

The Trojan injects its code into the following process(es):
No processes have been created.

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:1756 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\jcfdhpapljfleonbonmmejmijjoabckj\background.html (140 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\jcfdhpapljfleonbonmmejmijjoabckj\lsdb.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\vVtefebBT5z2wx.tlb (3 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\jcfdhpapljfleonbonmmejmijjoabckj\content.js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\jcfdhpapljfleonbonmmejmijjoabckj\manifest.json (501 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\[email protected]\install.rdf (595 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
%Documents and Settings%\All Users\Application Data\NextCoauP\8MvRYL4cXqoiftW.dat (261 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
%System%\GroupPolicy\Machine\Registry.pol (264 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\[email protected]\content\bg.js (29 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
%Program Files%\NextCoauP\vVtefebBT5z2wx.dll (21472 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
%Program Files%\NextCoauP\vVtefebBT5z2wx.x64.dll (24192 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\vVtefebBT5z2wx.x64.dll (3784 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
%Program Files%\NextCoauP\vVtefebBT5z2wx.dat (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\jcfdhpapljfleonbonmmejmijjoabckj\tz8.js (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\[email protected] (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\[email protected]\chrome.manifest (35 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
%System%\GroupPolicy\gpt.ini (315 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\8MvRYL4cXqoiftW.dat (5 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
%Documents and Settings%\All Users\Application Data\f362fc35c4a3dbfb\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}.20150510014632 (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\[email protected]\bootstrap.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\vVtefebBT5z2wx.dll (3702 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
%Program Files%\NextCoauP\vVtefebBT5z2wx.tlb (259 bytes)
%Documents and Settings%\All Users\Application Data\NextCoauP\8MvRYL4cXqoiftW.exe (107131 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\jcfdhpapljfleonbonmmejmijjoabckj\manifest.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\[email protected]\content (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\[email protected]\bootstrap.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\[email protected] (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\vVtefebBT5z2wx.x64.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\vVtefebBT5z2wx.tlb (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\vVtefebBT5z2wx.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\[email protected]\chrome.manifest (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\[email protected]\content\bg.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\8MvRYL4cXqoiftW.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\[email protected]\install.rdf (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\jcfdhpapljfleonbonmmejmijjoabckj\lsdb.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\jcfdhpapljfleonbonmmejmijjoabckj\content.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\jcfdhpapljfleonbonmmejmijjoabckj\tz8.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\jcfdhpapljfleonbonmmejmijjoabckj\background.html (0 bytes)

Registry activity

The process %original file name%.exe:1756 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\..9\CLSID]
"(Default)" = "{29f00c7a-e53c-4c33-a47b-836710ad91b3}"

[HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0]
"(Default)" = "IEPluginLib"

[HKCR\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\TypeLib]
"Version" = "1.0"
"(Default)" = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}]
"DisplayVersion" = "2.3.0.1156"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCR\..9]
"(Default)" = "NextCoauP"

[HKCR\Interface\{9B41579A-1996-42F9-8F84-7B7786818CEF}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{29f00c7a-e53c-4c33-a47b-836710ad91b3}\VersionIndependentProgID]
"(Default)" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}]
"CategoryName" = "Apps"

[HKCU\Software\RegisteredApplicationsEx]
"965ce4d0d83236704fd7ade7ecd6ccc4" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID]
"{29f00c7a-e53c-4c33-a47b-836710ad91b3}" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"ap" = "-dev-multi-chrome"

[HKCR\Interface\{9B41579A-1996-42F9-8F84-7B7786818CEF}\TypeLib]
"(Default)" = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"ap" = "2.0-dev-multi-chrome"

[HKCR\CLSID\{29f00c7a-e53c-4c33-a47b-836710ad91b3}\ProgID]
"(Default)" = ".9"

[HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS]
"(Default)" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{EBBF82D6-9867-4B6F-8FA5-4CA655C619DE}Machine\Software\Policies\Google\Chrome]
"MetricsReportingEnabled" = "0"

[HKCR\Interface\{9B41579A-1996-42F9-8F84-7B7786818CEF}]
"(Default)" = "IPlaghinMein"

[HKCR\CLSID\{29f00c7a-e53c-4c33-a47b-836710ad91b3}\InprocServer32]
"(Default)" = "%Program Files%\NextCoauP\vVtefebBT5z2wx.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}]
"DisplayName" = "NextCoauP"

[HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32]
"(Default)" = "%Program Files%\NextCoauP\vVtefebBT5z2wx.tlb"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}]
"SilentUninstall" = "%Documents and Settings%\All Users\Application Data\NextCoauP\8MvRYL4cXqoiftW.exe !x:1 /s /n /i:ExecuteCommands;UninstallCommands"

[HKCR\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}]
"(Default)" = "IRegistry"

[HKCR\CLSID\{29f00c7a-e53c-4c33-a47b-836710ad91b3}]
"(Default)" = "NextCoauP"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}]
"URLInfoAbout" = "http://nextcoup.info "

[HKCR\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\.\CLSID]
"(Default)" = "{29f00c7a-e53c-4c33-a47b-836710ad91b3}"

[HKCR\.\CurVer]
"(Default)" = ".9"

[HKCR\Interface\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}]
"(Default)" = "ILocalStorage"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}]
"InstallDate" = "20140923"
"URLUpdateInfo" = "http://nextcoup.info "

[HKCR\.]
"(Default)" = "NextCoauP"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}]
"_In" = "20150509"

[HKCR\Interface\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}\TypeLib]
"(Default)" = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FB E4 1F 3F 6F 09 37 5A 20 E1 DB A6 58 D6 90 8F"

[HKCR\Interface\{9B41579A-1996-42F9-8F84-7B7786818CEF}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Policies\Google\Update]
"UpdateDefault" = "0"

[HKCR\CLSID\{29f00c7a-e53c-4c33-a47b-836710ad91b3}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}]
"DisplayIcon" = "C:\Windows\System32\msiexec.exe"

[HKCR\Interface\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}]
"NoRepair" = "1"

[HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR]
"(Default)" = "%Program Files%\NextCoauP"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}]
"NoModify" = "1"
"Publisher" = ""

[HKCR\Interface\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{9B41579A-1996-42F9-8F84-7B7786818CEF}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}]
"UninstallString" = "%Documents and Settings%\All Users\Application Data\NextCoauP\8MvRYL4cXqoiftW.exe !x:1 /s /n /i:ExecuteCommands;UninstallCommands"

[HKCR\Interface\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}\TypeLib]
"Version" = "1.0"

It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29f00c7a-e53c-4c33-a47b-836710ad91b3}]
"(Default)" = "NextCoauP"

"NoExplorer" = "1"

The Trojan deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{EBBF82D6-9867-4B6F-8FA5-4CA655C619DE}Machine\Software]
[HKCR\CLSID\{29f00c7a-e53c-4c33-a47b-836710ad91b3}]
[HKCR\CLSID\{29f00c7a-e53c-4c33-a47b-836710ad91b3}\Programmable]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29f00c7a-e53c-4c33-a47b-836710ad91b3}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{EBBF82D6-9867-4B6F-8FA5-4CA655C619DE}Machine\Software\Policies]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29f00c7a-e53c-4c33-a47b-836710ad91b3}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects]
[HKCU\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{EBBF82D6-9867-4B6F-8FA5-4CA655C619DE}Machine\Software\Policies\Google\Chrome]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{EBBF82D6-9867-4B6F-8FA5-4CA655C619DE}Machine]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{EBBF82D6-9867-4B6F-8FA5-4CA655C619DE}User]
[HKCR\CLSID\{29f00c7a-e53c-4c33-a47b-836710ad91b3}\VersionIndependentProgID]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{EBBF82D6-9867-4B6F-8FA5-4CA655C619DE}Machine\Software\Policies\Google]
[HKCU\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{29f00c7a-e53c-4c33-a47b-836710ad91b3}]
[HKCR\CLSID\{29f00c7a-e53c-4c33-a47b-836710ad91b3}\InprocServer32]
[HKCR\CLSID\{29f00c7a-e53c-4c33-a47b-836710ad91b3}\ProgID]

The process regsvr32.exe:1976 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DF 7D A6 00 41 A6 31 69 7D 9D 70 5C 8D 56 64 9F"

Dropped PE files

MD5 File path
462f6a54c1b19b50b0ef9b5a9781b0c9 c:\Program Files\NextCoauP\vVtefebBT5z2wx.dll
54228e87edf4f3500667e390a0b349e4 c:\Program Files\NextCoauP\vVtefebBT5z2wx.x64.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 1229165 1229312 3.93499 a0abf611b238ca92c6744c8ef9e46fdd
.rdata 1236992 2157230 2157568 5.43863 2b22c628d5495515468c2955532b6c26
.data 3395584 96092 84992 4.02765 88adf70dfe40eeaa1bab5b383ff6c682
.rsrc 3493888 984 1024 3.28355 7c2917c7dd3923d17fd06f6b6cf1c7b7
.reloc 3497984 31240 31744 4.22849 fb4d3cb411e84bf35b19784b2cdd3eec

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

No activity has been detected.

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

Web Traffic was not found.

The Trojan connects to the servers at the folowing location(s):

wuauclt.exe_440:

.text
`.data
.rsrc
@.reloc
wuauclt.pdb
GetProcessHeap
KERNEL32.dll
_wcmdln
_amsg_exit
msvcrt.dll
ntdll.dll
ole32.dll
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
ADVAPI32.dll
USER32.dll
OLEAUT32.dll
SHLWAPI.dll
zcÁ
version="6.0.0.0"
name="Microsoft.Windows.windowsupdate.wuauclt"
<windowsSettings>
<dpiAware xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
</windowsSettings>
name="Microsoft.Windows.Common-Controls"
publicKeyToken="6595b64144ccf1df"
<requestedExecutionLevel
wuaueng.dll
Error: 0xx. wuauclt handler: failed to spawn COM server
Error: 0xx. wuauclt handler: failed to load wuaueng
/ReportNow
/ShowWindowsUpdate
/CloseWindowsUpdate
wuauclt.exe failed to get proc address for UI export object with error %#lx
Failed to load %s with error %X
wucltui.dll
wucltux.dll
call RunAUClientUI on wucltui.dll/wucltux.dll
Ntdll.dll
WuSqm %ls session datapoint (id:%d) is incremented with dword %d.
wuauclt.exe is exiting with code 0xX
wuauclt.exe launched with command line %s
kernel32.dll
WUWeb
Report
7.6.7600.256
Global\WindowsUpdateTracingMutex
WindowsUpdate.log
SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Trace
Windows
shell32.dll
%s: %s [
%s: %s
%s\%s
= Module: %s
= Module: <failed with %d>
= Process: %s
= Process: <failed with %d>
=========== Logging initialized (build: %s, tz: %s) ===========
wups2.dll
wups.dll
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup\ServiceStartup\
%hs %ls page "%ls", hr=%X
Microsoft.WindowsUpdate
wupdmgr.exe
Failed to cocreate IShellWindows, error = 0xlX
Failed to obtain window doc for window %d, error = 0xlX
Failed to obtain folder view for window %d, error = 0xlX
Failed to obtain folder IPersist for window %d, error = 0xlX
Window %d is NOT a WU window
Done enumerating windows
Quit for window %d failed: 0xlX
Window %d is a WU window. Attempting to close
Failed to obtain class ID for window %d, error = 0xlX
Got NULL disp interface for window %d
Got %d instead of VT_DISPATCH for window %d
Failed to obtain IWebBrowserApp for window %d, error = 0xlX
Failed to enumerate window %d, error = 0xlX
Found %d explorer windows
Closing WU explorer windows
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\VolatileData
WUAppNotificationWindows
SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired
SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired\Mandatory
SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\PostRebootReporting
SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\Pending\
%chdhd
hd-hd-hd%chd:hd:hd:hd
%WinDir%
Windows Update
7.6.7600.256 (winmain_wtr_wsus3sp2(oobla).120602-1459)
wuauclt.exe
Windows
Operating System


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    %original file name%.exe:1756
    regsvr32.exe:1976

  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    %Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\jcfdhpapljfleonbonmmejmijjoabckj\background.html (140 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\jcfdhpapljfleonbonmmejmijjoabckj\lsdb.js (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\vVtefebBT5z2wx.tlb (3 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\jcfdhpapljfleonbonmmejmijjoabckj\content.js (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\jcfdhpapljfleonbonmmejmijjoabckj\manifest.json (501 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\[email protected]\install.rdf (595 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
    %Documents and Settings%\All Users\Application Data\NextCoauP\8MvRYL4cXqoiftW.dat (261 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
    %System%\GroupPolicy\Machine\Registry.pol (264 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\[email protected]\content\bg.js (29 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
    %Program Files%\NextCoauP\vVtefebBT5z2wx.dll (21472 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
    %Program Files%\NextCoauP\vVtefebBT5z2wx.x64.dll (24192 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\vVtefebBT5z2wx.x64.dll (3784 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
    %Program Files%\NextCoauP\vVtefebBT5z2wx.dat (261 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\jcfdhpapljfleonbonmmejmijjoabckj\tz8.js (27 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\[email protected]\chrome.manifest (35 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
    %System%\GroupPolicy\gpt.ini (315 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\8MvRYL4cXqoiftW.dat (5 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\content.js (261 bytes)
    %Documents and Settings%\All Users\Application Data\f362fc35c4a3dbfb\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}.20150510014632 (186 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\[email protected]\bootstrap.js (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\lsdb.js (263 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\08cd4ca9\vVtefebBT5z2wx.dll (3702 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\manifest.json (757 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\background.html (140 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\jcfdhpapljfleonbonmmejmijjoabckj\1.0\tz8.js (1040 bytes)
    %Program Files%\NextCoauP\vVtefebBT5z2wx.tlb (259 bytes)
    %Documents and Settings%\All Users\Application Data\NextCoauP\8MvRYL4cXqoiftW.exe (107131 bytes)

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now