Gen.Variant.Zusy.105773_2ab1e4c1f5

by malwarelabrobot on October 29th, 2014 in Malware Descriptions.

not-a-virus:HEUR:AdWare.Win32.MultiPlug.heur (Kaspersky), Gen:Variant.Zusy.105773 (B) (Emsisoft), Gen:Variant.Zusy.105773 (AdAware), Trojan-Downloader.Win32.Moure.FD (Lavasoft MAS)
Behaviour: Trojan-Downloader, Trojan, Adware

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
The sample has been submitted by Lavasoft customers.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: 2ab1e4c1f50d140cefa8b1199b47c10f
SHA1: ec49ea5466fda5eb4e9028a58f666bd1fba49c8a
SHA256: 56fb1afc81684d3763772643f6778e33f44d8cf4002944273058a148e26cbc50
SSDeep: 49152:4QWLkvb48/xpZO7ZgSgm3WuraJHsxJM7vhLhVHY8:4QWLkvDOim3xMeMjhLP
Size: 2182144 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2014-08-26 17:39:56
Analyzed on: WindowsXP SP3 32-bit

Summary:

Trojan-Downloader. Trojan program, which downloads files from the Internet without user's notice and executes them.

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

%original file name%.exe:320

The Trojan injects its code into the following process(es):
No processes have been created.

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:320 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\hbbejekdkigdbcgplcidaahjcciedlgl\sSjMExYH.js (6 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\hbbejekdkigdbcgplcidaahjcciedlgl\Vf.js (27 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\[email protected]\bootstrap.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\hbbejekdkigdbcgplcidaahjcciedlgl\newtab.html (373 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\hbbejekdkigdbcgplcidaahjcciedlgl\lsdb.js (8 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\[email protected]\content\bg.js (31 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Program Files%\MySearch\Ke6GZYS.tlb (259 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\[email protected]\chrome.manifest (28 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Program Files%\MySearch\Ke6GZYS.dat (261 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\hbbejekdkigdbcgplcidaahjcciedlgl\kVKiGmc.js (6 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%System%\GroupPolicy\Machine\Registry.pol (264 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Program Files%\MySearch\Ke6GZYS.dll (15792 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\hbbejekdkigdbcgplcidaahjcciedlgl\background.html (139 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\hbbejekdkigdbcgplcidaahjcciedlgl\content.js (6 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\Ke6GZYS.x64.dll (1793 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\Ke6GZYS.tlb (3 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\nlXrVXSd.dat (5 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\Ke6GZYS.dll (1733 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\[email protected]\install.rdf (597 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%System%\GroupPolicy\gpt.ini (315 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\hbbejekdkigdbcgplcidaahjcciedlgl\manifest.json (550 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\[email protected]\content\cBe.js (48 bytes)

Registry activity

The process %original file name%.exe:320 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B0 54 58 26 D1 2D 56 39 01 0A 04 CF 01 80 61 F6"

[HKLM\SOFTWARE\Policies\Google\Update]
"UpdateDefault" = "0"

[HKLM\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"ap" = "-dev-multi-chrome"

[HKCU\Software\RegisteredApplicationsEx]
"3e8312396b6965ae2c17d93b65fac5f7" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"ap" = "2.0-dev-multi-chrome"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{E0D61E01-16C0-41B7-B181-7FBAAED58EC2}Machine\Software\Policies\Google\Chrome]
"MetricsReportingEnabled" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The Trojan deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{E0D61E01-16C0-41B7-B181-7FBAAED58EC2}Machine\Software\Policies\Google\Chrome]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{E0D61E01-16C0-41B7-B181-7FBAAED58EC2}Machine\Software\Policies]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{E0D61E01-16C0-41B7-B181-7FBAAED58EC2}Machine\Software]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{E0D61E01-16C0-41B7-B181-7FBAAED58EC2}Machine]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{E0D61E01-16C0-41B7-B181-7FBAAED58EC2}Machine\Software\Policies\Google]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{E0D61E01-16C0-41B7-B181-7FBAAED58EC2}User]

Dropped PE files

MD5	File path
374367ba293ed2c64cb7bfc4d1fe1417	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\447a5d80\Ke6GZYS.dll
54e21b7dae36a033b7e663765a15b095	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\447a5d80\Ke6GZYS.x64.dll
374367ba293ed2c64cb7bfc4d1fe1417	c:\Program Files\MySearch\Ke6GZYS.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	343640	344064	4.73668	26326d8a229bfac7b831b5ba7cac1cee
.rdata	348160	32322	32768	3.47672	3c269488880fb755cd73bd26a225435a
.data	380928	1802300	1792000	5.50827	dc033cd93aa55bdd2aeb306b158ae1aa
.rsrc	2187264	760	1024	3.11296	1cd0392a65072150dbcaefa1b52cbbae
.reloc	2191360	10774	11264	3.34718	0b5973839f8520cb6b38634febd91650

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

No activity has been detected.

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

Web Traffic was not found.

The Trojan connects to the servers at the folowing location(s):

wuauclt.exe_1548:

.text

`.data

.rsrc

@.reloc

wuauclt.pdb

GetProcessHeap

KERNEL32.dll

_wcmdln

_amsg_exit

msvcrt.dll

ntdll.dll

ole32.dll

RegCloseKey

RegOpenKeyExW

RegCreateKeyExW

ADVAPI32.dll

USER32.dll

OLEAUT32.dll

SHLWAPI.dll

zcÁ

version="6.0.0.0"

name="Microsoft.Windows.windowsupdate.wuauclt"

<windowsSettings>

<dpiAware xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>

</windowsSettings>

name="Microsoft.Windows.Common-Controls"

publicKeyToken="6595b64144ccf1df"

<requestedExecutionLevel

wuaueng.dll

Error: 0xx. wuauclt handler: failed to spawn COM server

Error: 0xx. wuauclt handler: failed to load wuaueng

/ReportNow

/ShowWindowsUpdate

/CloseWindowsUpdate

wuauclt.exe failed to get proc address for UI export object with error %#lx

Failed to load %s with error %X

wucltui.dll

wucltux.dll

call RunAUClientUI on wucltui.dll/wucltux.dll

Ntdll.dll

WuSqm %ls session datapoint (id:%d) is incremented with dword %d.

wuauclt.exe is exiting with code 0xX

wuauclt.exe launched with command line %s

kernel32.dll

WUWeb

Report

7.6.7600.256

Global\WindowsUpdateTracingMutex

WindowsUpdate.log

SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Trace

Windows

shell32.dll

%s: %s [

%s: %s

%s\%s

= Module: %s

= Module: <failed with %d>

= Process: %s

= Process: <failed with %d>

=========== Logging initialized (build: %s, tz: %s) ===========

wups2.dll

wups.dll

Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup\ServiceStartup\

%hs %ls page "%ls", hr=%X

Microsoft.WindowsUpdate

wupdmgr.exe

Failed to cocreate IShellWindows, error = 0xlX

Failed to obtain window doc for window %d, error = 0xlX

Failed to obtain folder view for window %d, error = 0xlX

Failed to obtain folder IPersist for window %d, error = 0xlX

Window %d is NOT a WU window

Done enumerating windows

Quit for window %d failed: 0xlX

Window %d is a WU window. Attempting to close

Failed to obtain class ID for window %d, error = 0xlX

Got NULL disp interface for window %d

Got %d instead of VT_DISPATCH for window %d

Failed to obtain IWebBrowserApp for window %d, error = 0xlX

Failed to enumerate window %d, error = 0xlX

Found %d explorer windows

Closing WU explorer windows

Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\VolatileData

WUAppNotificationWindows

SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired

SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired\Mandatory

SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\PostRebootReporting

SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\Pending\

%chdhd

hd-hd-hd%chd:hd:hd:hd

%WinDir%

Windows Update

7.6.7600.256 (winmain_wtr_wsus3sp2(oobla).120602-1459)

wuauclt.exe

Windows

Operating System

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):

%original file name%.exe:320
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:

%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\hbbejekdkigdbcgplcidaahjcciedlgl\sSjMExYH.js (6 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\hbbejekdkigdbcgplcidaahjcciedlgl\Vf.js (27 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\[email protected]\bootstrap.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\hbbejekdkigdbcgplcidaahjcciedlgl\newtab.html (373 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\hbbejekdkigdbcgplcidaahjcciedlgl\lsdb.js (8 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\[email protected]\content\bg.js (31 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Program Files%\MySearch\Ke6GZYS.tlb (259 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\[email protected]\chrome.manifest (28 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Program Files%\MySearch\Ke6GZYS.dat (261 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\hbbejekdkigdbcgplcidaahjcciedlgl\kVKiGmc.js (6 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%System%\GroupPolicy\Machine\Registry.pol (264 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Program Files%\MySearch\Ke6GZYS.dll (15792 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\hbbejekdkigdbcgplcidaahjcciedlgl\background.html (139 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\hbbejekdkigdbcgplcidaahjcciedlgl\content.js (6 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\Ke6GZYS.x64.dll (1793 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\Ke6GZYS.tlb (3 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\nlXrVXSd.dat (5 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\Ke6GZYS.dll (1733 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\[email protected]\install.rdf (597 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%System%\GroupPolicy\gpt.ini (315 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\kVKiGmc.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\hbbejekdkigdbcgplcidaahjcciedlgl\manifest.json (550 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\sSjMExYH.js (262 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\lsdb.js (264 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\Vf.js (1040 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\manifest.json (806 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\background.html (139 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\newtab.html (629 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\hbbejekdkigdbcgplcidaahjcciedlgl\2.1\content.js (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\447a5d80\[email protected]\content\cBe.js (48 bytes)

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Permalink

Back to the blog

e-mail

Google+

Twitter

Facebook

Gen.Variant.Zusy.105773_2ab1e4c1f5

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet

Gen.Variant.Zusy.105773_2ab1e4c1f5

E-mail

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet