MD5: d298bd9ea7880fc72b6dc028c8c688bc
SHA1: ad01a4fd44f20f42b7d6c99bae6e91a49183bba5
SHA256: 45cd670cd61b811e4b48242961b2ebc223c04c29ee383e5d942efb305551649b
SSDeep: 6144:Ee34 UBWK8EGMUjp5cGQ3Mek1B3B9h8Ins3i8AEYBSawz1YSsqs:tyGvjp5cj35kDB9hrs3zARBSaJS8
Size: 365470 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2009-12-06 00:50:52
Analyzed on: WindowsXP SP3 32-bit

Summary:

Trojan-Dropper. Trojan program, intended for stealth installation of other malware into user's system.

Payload

No specific payload has been found.

Process activity

The Trojan-Dropper creates the following process(es):

dxwsetup.exe:1236
setup.exe:1288

The Trojan-Dropper injects its code into the following process(es):

%original file name%.exe:348

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process dxwsetup.exe:1236 makes changes in the file system.
The Trojan-Dropper creates and/or writes to the following file(s):

%System%\DirectX\websetup\SET5.tmp (601 bytes)
%System%\DirectX\websetup\SET6.tmp (12287 bytes)
%WinDir%\setupapi.log (5088 bytes)
%WinDir%\Logs\DirectX.log (1635 bytes)

The Trojan-Dropper deletes the following file(s):

%System%\DirectX\websetup\SET6.tmp (0 bytes)
%System%\DirectX\websetup\SET5.tmp (0 bytes)
%WinDir%\inf\oem10.inf (0 bytes)

The process %original file name%.exe:348 makes changes in the file system.
The Trojan-Dropper creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp\FG (130 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp\NSISdl.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp\B (5128 bytes)

The Trojan-Dropper deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsi1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp (0 bytes)

The process setup.exe:1288 makes changes in the file system.
The Trojan-Dropper creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\dxwsetup.inf (477 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\dsetup32.dll (29860 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\dxwsetup.exe (8657 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\dxwsetup.cif (922 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\dsetup.dll (2104 bytes)

Registry activity

The process dxwsetup.exe:1236 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1D 0E AD 23 50 74 56 54 9D D1 E0 7A 95 1C 13 B2"

[HKLM\SYSTEM\LastKnownGoodRecovery\LastGood]
"INF/oem10.inf" = "1"
"INF/oem10.PNF" = "1"

The process %original file name%.exe:348 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "27 C1 4C AB A9 5E C3 38 AE F8 96 76 90 8F FD 3C"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process setup.exe:1288 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "58 C4 EF EE 0B 50 3D 5E 4C FB 7F 40 38 46 DC A4"

To automatically run itself each time Windows is booted, the Trojan-Dropper adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"wextract_cleanup0" = "rundll32.exe %System%\advpack.dll,DelNodeRunDLL32 C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\"

Dropped PE files

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

No activity has been detected.

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

Web Traffic was not found.

The Trojan-Dropper connects to the servers at the folowing location(s):

.text

`.rdata

@.data

.ndata

.rsrc

uDSSh

.DEFAULT\Control Panel\International

Software\Microsoft\Windows\CurrentVersion

GetWindowsDirectoryA

KERNEL32.dll

ExitWindowsEx

USER32.dll

GDI32.dll

SHFileOperationA

ShellExecuteA

SHELL32.dll

RegEnumKeyA

RegCreateKeyExA

RegCloseKey

RegDeleteKeyA

RegOpenKeyExA

ADVAPI32.dll

COMCTL32.dll

ole32.dll

VERSION.dll

verifying installer: %d%%

hXXp://nsis.sf.net/NSIS_Error

... %d%%

~nsu.tmp

%u.%u%s%s

RegDeleteKeyExA

%s=%s

*?|<>/":

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsy2.tmp\setup.exe

nzip&tid=4347756&pid=1090&b_typ=pe&reb=1&name=Five.Nights.at.Freddys.4

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsy2.tmp\B->C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsy2.tmp\setup.exe

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsy2.tmp\B

ISdl.dll

i.iB*

xzE>%x,

"dxwsetup.exe"

DirectX 9.0 Web setup

P"dxwsetup.exe" /windowsupdate

3hXXp://crl.microsoft.com/pki/crl/products/CSPCA.crl0H

,hXXp://VVV.microsoft.com/pki/certs/CSPCA.crt0

3hXXp://crl.microsoft.com/pki/crl/products/tspca.crl0H

,hXXp://VVV.microsoft.com/pki/certs/tspca.crt0

hXXp://VVV.microsoft.com/DirectX0

.reloc

WS2_32.dll

NSISdl.dll

invalid URL

Host: %s

GET %s HTTP/1.0

User-Agent: NSISDL/1.2 (Mozilla)

http=

Software\Microsoft\Windows\CurrentVersion\Internet Settings

Unable to open %s

%skB (%d%%) of %skB at %u.
ukB/s

(%u hours remaining)

(%u minutes remaining)

(%u seconds remaining)

Downloading %s

System.dll

callback%d

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsy2.tmp

nsy2.tmp

ME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsy2.tmp\setup.exe

ame=Five.Nights.at.Freddys.4

E~1\"%CurrentUserName%"\LOCALS~1\Temp\nsy2.tmp\FG

am=sevenzip&tid=4347756&pid=1090&b_typ=pe&reb=1&name=Five.Nights.at.Freddys.4

l.ic-free.xyz/stub_maker.php?program=sevenzip&tid=4347756&pid=1090&b_typ=pe&reb=1&name=Five.Nights.at.Freddys.4

c:\%original file name%.exe

%original file name%.exe

CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsi1.tmp

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\

201509292114

hXXp://dl.ic-free.xyz/stub_maker.php?program=sevenzip&tid=4347756&pid=1090&b_typ=pe&reb=1&name=Five.Nights.at.Freddys.4

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46</description><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/></application></compatibility></assembly>

9.29.1962.0

DXWebSetup

dxwebsetup.exe

Windows

Operating System

%original file name%.exe_348_rwx_10004000_00001000:

callback%d

setup.exe_1288:

.text

`.data

.rsrc

advapi32.dll

advpack.dll

wininit.ini

Software\Microsoft\Windows\CurrentVersion\App Paths

setupapi.dll

setupx.dll

IXPd.TMP

TMP4351$.TMP

FINISHMSG

USRQCMD

ADMQCMD

msdownld.tmp

wextract.pdb

PSSSSSSh

t8SShs7

RegCloseKey

RegOpenKeyExA

RegCreateKeyExA

RegQueryInfoKeyA

ADVAPI32.dll

GetWindowsDirectoryA

KERNEL32.dll

GDI32.dll

ExitWindowsEx

MsgWaitForMultipleObjects

USER32.dll

COMCTL32.dll

VERSION.dll

rundll32.exe %s,InstallHinfSection %s 128 %s

SHELL32.DLL

Software\Microsoft\Windows\CurrentVersion\RunOnce

PendingFileRenameOperations

System\CurrentControlSet\Control\Session Manager\FileRenameOperations

wextract_cleanup%d

%s /D:%s

rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"

Command.com /c %s

DirectX 9.0 Web setup

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\

33333330

3333333

33333333

PA"dxwsetup.exe" /windowsupdate

dsetup.dll

dsetup32.dll

dxwsetup.exe

dxwsetup.cif

dxwsetup.inf

v.cW5

n%1x_

K.PU9

%FgnR

.hU4s

)%fJ|

Sqld

/.iv"

m5.qK

]].We

Wq:G%s

oe.PC

PB.tA 5

Ox.Pl

 b.AY

.rXLI

(.Ki3b

.gd&3

i.iB*

xzE>%x,

"dxwsetup.exe"

P"dxwsetup.exe" /windowsupdate

Please read the following license agreement. Press the PAGE DOWN key to see the rest of the agreement.

CFailed to get disk space information from: %s.

System Message: %s.&A required resource cannot be located. Are you sure you want to cancel?

8Unable to retrieve operating system version information.!Memory allocation request failed.

Filetable full.Ên not change to destination folder.

Setup could not find a drive with %s KB free disk space to install the program. Please free up some space first and press RETRY or press CANCEL to exit setup.KThat folder is invalid. Please make sure the folder exists and is writable.IYou must specify a folder with fully qualified pathname or choose Cancel.!Could not update folder edit box.5Could not load functions required for browser dialog.7Could not load Shell32.dll required for browser dialog.

(Error creating process <%s>. Reason: %s1The cluster size in this system is not supported.,A required resource appears to be corrupted.QWindows 95 or Windows NT 4.0 Beta 2 or greater is required for this installation.

Error loading %shGetProcAddress() failed on function '%s'. Possible reason: incorrect version of advpack.dll being used./Windows 95 or Windows NT is required to install

Could not create folder '%s'

To install this program, you need %s KB disk space on drive %s. It is recommended that you free up the required disk space before you continue.

Error retrieving Windows folder

$NT Shutdown: OpenProcessToken error.)NT Shutdown: AdjustTokenPrivileges error.!NT Shutdown: ExitWindowsEx error.}Extracting file failed. It is most likely caused by low memory (low disk space for swapping file) or corrupted Cabinet file.aThe setup program could not retrieve the volume information for drive (%s) .

System message: %s.xSetup could not find a drive with %s KB free disk space to install the program. Please free up some space and try again.eThe installation program appears to be damaged or corrupted. Contact the vendor of this application.

/C:<Cmd> -- Override Install Command defined by author.

eAnother copy of the '%s' package is already running on your system. Do you want to run another copy?

Could not find the file: %s.

:The folder '%s' does not exist. Do you want to create it?hAnother copy of the '%s' package is already running on your system. You can only run one copy at a time.OThe '%s' package is not compatible with the version of Windows you are running.SThe '%s' package is not compatible with the version of the file: %s on your system.

9.29.1962.0

DXWebSetup

dxwebsetup.exe

Windows

Operating System

dxwsetup.exe_1236:

.text

`.data

.rsrc

@.reloc

%s %s: %s: (null)

%s %s: %s: %s

%s%s%s

Logs\DirectX.log

DXSETUP_DPF(): GetWindowsDirectory() failed.

Logs\DXError.log

%s(): %s

DXSError(): FormatMessage() failed, error = %d.

(0x%x)

%s(): %s failed.

%s(): %s failed, error = %d.

%s(): %s failed, error = 0x%x.

module: %s(%s), file: %s, line: %d, function: %s

[%s %s]

Unable to load %s.

e:\bt\193462\setup\deliverables\dsetup\inc\dsinline.h

Module: %s, Function: %s

advpack.dll

GetFileVersionInfoBlock(): %s does not have version information.

GetFileVersionInfoBlock(): Unable to get FileVersionInfoSize, file: %s, reason: %d.

ntdll.dll

e:\bt\193462\setup\deliverables\dxwsetup\dxwsetup.cpp

DSetupCallback(): Phase = %d, Steps = %d

Unable to remove %s.

Unable to create path string, %s%s.

\ntkrnlpa.exe

Unable to create path string, %s\*.*.

Unable to remove: %s which is locked, reason = %d.

DeleteFile("%s") return 0, reason = %d.

Unable to create path string, %s\%s.

e:\bt\193462\setup\deliverables\dxwsetup\inline.h

RegOpenKeyEx()

Software\Microsoft\Windows\CurrentVersion\RunOnce

rundll32.exe %s\advpack.dll,DelNodeRunDLL32 "%s\"

GetFileAttributes() returned -1, reason = %d.

kernel32.dll

e:\bt\193462\setup\deliverables\dxwsetup\dxwsetup.h

IsIA64(): Windows 2000 or Windows 9x

CDSetup(): try to load dsetup.dll from current dir.

\DirectX\WebSetup

\dsetup.dll

This platform is not supported.

Unable to create path string, %s\dxupdate.cab.

DXRemoveFile() failed. Unable to remove dxupdate.cab. (Not fatal...)

\dxupdate.cab

Version in CIF: %d.%d.%d.%d

Install Section: [%s]

%s_%s

\system32\drivers\gm.dls

GetWindowsDirectory()

DXVersion: %d.d.d.d

dxwsetup.cif

SetBaseUrl()

hXXp://download.microsoft.com/download/8/0/D/80D7E79D-C0E4-415A-BCCA-E229EAFE2679

IsSupportedPlatform

end of DirectX WindowsUpdate

end of DirectX WindowsUpdate, need to reboot

CreatePropertySheet() returns %d.

dxwsetup.inf

comctl32.dll version: %d.d.d.d

\comctl32.dll

/windowsupdate

%s will be removed at reboot.

OnEngineStatusChange(): EngineStatus = 0x%X, SubStatus = 0x%X

OnStartInstall(): DLSize = %d, InstallSize = %d

OnStartComponent(): ID = %s, DLSize = %d, InstallSize = %d, str = %s

OnComponentProgress(): Phase = %d, Progress = %d

OnStopComponent(): ID = %s, hr = 0x%X, Phase = %d, str = %s, status = 0x%X

OnStopInstall(): hr = 0x%X, str = %s, status = 0x%X

OnEngineProblem(): problem = 0x%X

PlugIn size: %d

e:\bt\193462\setup\deliverables\dxwsetup\psheets.cpp

Setup Version: %d.d.d.d.d

DirectX Version: %d.d.d.d.d

dxupdate.dll

wintrust.dll

setupapi.dll

%s is not trusted due to certificate problem. Please check valid certificate is installed and Cryptographic Services are enabled.

%s is not trusted. The file may be damaged. Please check valid certificate is installed and Cryptographic Services are enabled.

%s is not trusted. The file is not signed properly.

DXCheckTrust(): %s is trusted.

e:\bt\193462\setup\deliverables\dxwsetup\dxupdate.cpp

RemoveDXUpdateCab(): %s is removed.

Unable to remove %s, need to remove this file.

dxupdate.cab

hXXp://download.microsoft.com/download/1/7/1/1718CCC4-6315-4D8E-9543-8E28A4E18C4C

Unable to find dxupdate.dll.

GetCDXUpdate(): Loading %s in %s.

Unable to iterate through %s. The file may be damaged.

GetCDXUpdate(): Extracting %s from %s.

e:\bt\193462\setup\deliverables\dxwsetup\utils.cpp

Currently %s is newer than the one being installed

Target file: '%s'

Target file is Version %d.%d.%d.%d

Source file is Version %d.%d.%d.%d

Unable to get Version on source file %s

Unable to get Version on target file %s

\user.exe

RegCloseKey()

StringToVersionInfo() failed, version = %s.

GetDXVersion(): This may be a older DirectX which does not have the directx key in the registry.

Unable to create path string, %s\Logs\directx.log.

\Logs\directx.log

SPFILENOTIFY_DELETEERROR: Unable to delete %s.

Deleted file %s.

Deleted file %s with DELAY_UNTIL_REBOOT.

SPFILENOTIFY_COPYERROR: Unable to copy %s.

Installed file %s

Unable to open %s.

Extracted file %s from cab

SPFILENOTIFY_FILEEXTRACTED: error = %d

Unable to proceed %s:[%s]. The file may be damaged.

Unable to copy %s to %s.

[Strings.eng]

Use string section : [Strings.%s]

[Strings.%s]

GetProcessWindowStation

operator

dxwsetup.pdb

SSh@$

SShh&

SSh\-

P@SShk

u.Sj0ha

SSh@2

SSh|3

RegCloseKey

RegOpenKeyExA

ADVAPI32.dll

GetWindowsDirectoryA

KERNEL32.dll

GDI32.dll

USER32.dll

COMCTL32.dll

SHFileOperationA

SHELL32.dll

VERSION.dll

ole32.dll

GetCPInfo

GetProcessHeap

%WinDir%\Logs\DirectX.log

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\dxwsetup.exe

k2v_.mX0q[,hT9

|/oZ/nY-kV.mX0q[/oZ0r\2u_2v_5}e6

)`N*dQ,gS/nY/nY/oZ/oZ/nY0q[-jV-kV.mXO

?3&YH0q[0q[0q[/nY/nY.mX.mX.mX-jV-jV-kV-kV*dQI

|||}}}~~~

|||^^^{{{

version="1.0.0.0"

name="Microsoft.DirectX.Setup"

name="Microsoft.Windows.Common-Controls"

version="6.0.0.0"

publicKeyToken="6595b64144ccf1df"

<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />

3,41464[4

6 7'7.7:7|7

=$> >1>>>

6b6u6|6

6|7

6 6@6\6`6

= =$=(=,=0=4=8=<=@=

mscoree.dll

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

KERNEL32.DLL

WUSER32.DLL

The DirectX setup wizard guides you through installation of DirectX Runtime Components. Please read the following license agreement. Press the PAGE DOWN key to see the rest of the agreement. You must accept the agreement to continue the setup.

o dos componentes de tempo de execu

Sla uw werk op en sluit alle toepassingen voordat u doorgaat.

mto operacn

Instalace byla ukoncena.dInstalacn

.QInstalacn

fen Sie die Netzwerkverbindung.DDie Datei konnte nicht gedownloadet werden, da sie nicht g

Komponenten werden installiertSDirectX-Laufzeitkomponenten werden gedownloadet. Dies kann einige Minuten dauern...jVer

Do you want to continue?ZDirectX is not completely installed on your computer. Are you sure you want to quit setup?7This package is not supported on this Operating System.

Setup is canceled.RSetup could not download the file. Please retry later or check network connection.OSetup could not download the file since the file to be downloaded is not valid.

Installing ComponentsFDownloading DirectX Runtime Components. This may take a few minutes...jSearching for updated DirectX Runtime Components and updating as necessary. This may take a few minutes...

n?9Este paquete no es compatible con este sistema operativo.&Se cancel

n.vEl programa de instalaci

n de red.QEl programa de instalaci

n sea necesario. Esta operaci

e.xLe programme d'installation n'a pas pu t

seau.VLe programme d'installation n'a pas pu t

cution DirectX. Ceci peut prendre quelques minutes...nRecherche des pilotes DirectX modifi

Continuare?FInstallazione di DirectX non completata. Interrompere l'installazione?6Pacchetto non supportato nel sistema operativo in uso.

Installazione annullata.iImpossibile scaricare il file. Riprovare in un secondo momento oppure controllare la connessione di rete.GImpossibile scaricare il file poich

StatoPAttendere. Il programma di installazione sta completando le seguenti operazioni.

in corso il download dei componenti DirectX. L'operazione potrebbe richiedere alcuni minuti...

in corso la ricerca dei componenti di run-time di DirectX. Se necessario, i componenti verranno aggiornati. L'operazione potrebbe richiedere alcuni minuti...

Setup is geannuleerd.dSetup kan het bestand niet downloaden. Probeer het later opnieuw of controleer de netwerkverbinding.DSetup kan het bestand niet downloaden omdat het bestand ongeldig is.

DirectX Setup.Het runtime-onderdeel voor DirectX installeren

VoortgangRSetup is bezig met het voltooien van de volgende handelingen. Een ogenblik geduld.'Bezig met het downloaden van onderdelen(Bezig met het installeren van onderdelenWBezig met het downloaden van DirectX-runtimeonderdelen. Dit kan enkele minuten duren...qBezig met zoeken naar ge

Czy chcesz kontynuowac?pProgram DirectX nie zostal calkowicie zainstalowany na tym komputerze. Czy na pewno chcesz zakonczyc instalacje?;Ten pakiet nie jest obslugiwany w tym systemie operacyjnym.

zniej lub sprawdz polaczenie sieciowe.NInstalator nie moze pobrac pliku, poniewaz pobierany plik nie jest prawidlowy.

o do DirectXWEste programa instala os componentes de tempo de execu

completamente instalado neste computador. Tem certeza de que deseja sair da instala

suporte a este pacote neste Sistema Operacional.

o foi cancelada.mA instala

o de rede.QA instala

o do DirectX4Instalar componentes de tempo de execu

Instalando componentesqFazendo o download de componentes de tempo de execu

Procurando por componentes de tempo de execu

r operativsystemet.

ts.YDet gick inte att h

gra minuter...hS

%s ...

: %d.%d MB

: %d KB

: d:d:d

hXXp://VVV.microsoft.com/directx

hXXp://Microsoft.com/DirectX

hXXp://VVV.betaplace.com

hXXp://VVV.BetaPlace.com

Windows(R)!

%s...

: %d kB2Odhadovan

DirectX z webov

nky hXXp://VVV.microsoft.com/directx. Instalaci ukonc

te na webov

m serveru hXXp://Microsoft.com/DirectX. Aktualizovanou predprodejn

m serveru hXXp://VVV.betaplace.com.DInstalacn

DirectX: %s

stup k webov

mu serveru hXXp://VVV.BetaPlace.com, budete muset syst

m Windows(R) znovu nainstalovat.GChcete pokracovat v instalaci t

Downloaden von %s...

e: %d.%d MB

e: %d KB4Gesch

tzte verbleibende Downloadzeit: d:d:d

Das DirectX-Laufzeitpaket ist nicht mit der installierten Version von Internet Explorer kompatibel. Downloaden und installieren Sie das wiederverteilbare DirectX-Paket von hXXp://VVV.microsoft.com/directx. Klicken Sie auf OK, um den Vorgang zu beenden.

Diese Vorabversion von DirectX ist bereits abgelaufen. Besuchen Sie hXXp://Microsoft.com/DirectX, um die neueste ver

ffentlichte DirectX-Version zu downloaden, oder besuchen Sie hXXp://VVV.betaplace.com, um die aktuelle Vorabversion zu downloaden.&DirectX-Setup - VORABVERSIONWARNUNG!!!.Diese Vorabversion von DirectX L

UFT am %s AB!

ssen Windows(R) erneut installieren, wenn Sie

gen, und auf die Website hXXp://VVV.BetaPlace.com zugreifen, wenn die Kennung abl

Downloading %s ...

Download size: %d.%d MB

Download size: %d KB/Estimated downloading time left: d:d:d

This DirectX runtime package is not compatible with the version of Internet Explorer currently installed. Please download and install DirectX Redistributable package from hXXp://VVV.microsoft.com/directx. Press OK to exit.

This pre-release version of DirectX has already expired. Please goto hXXp://Microsoft.com/DirectX to get the latest released version DirectX., or to hXXp://VVV.betaplace.com to get an updated pre-release version.&DirectX setup - pre-release WARNING!!!2This pre-release version of DirectX EXPIRES on %s!

You will need to re-install Windows(R) if you do not have a valid DirectX BetaID and access to hXXp://VVV.BetaPlace.com website when it expires!XWould you like to continue with the installation of this pre-release version of DirectX?

Descargando %s ...

o de descarga: %d.%d MB

o de descarga: %d KB4Tiempo de descarga restante estimado: d:d:d

n de Internet Explorer instalada actualmente. Descargue e instale el paquete redistribuible de DirectX desde hXXp://VVV.microsoft.com/directx. Presione Aceptar para salir.

n preliminar ya ha caducado. Vaya a hXXp://Microsoft.com/DirectX para obtener la versi

s reciente disponible de DirectX o a hXXp://VVV.betaplace.com para obtener una versi

n preliminar de DirectX CADUCA el %s.

que volver a instalar Windows(R) si no tiene un Id. v

n beta de DirectX y accede al sitio web hXXp://VVV.BetaPlace.com cuando el Id. haya caducadoJ

chargement de %s en cours...#Taille de t

: %d.%d Mo Taille de t

: %d Ko7Temps restant estim

chargez et installez le package DirectX redistribuable depuis le site hXXp://VVV.microsoft.com/directx. Appuyez sur OK pour quitter.

. Visitez le site hXXp://Microsoft.com/DirectX (site en anglais) pour obtenir la derni

e de DirectX, ou le site hXXp://VVV.betaplace.com (site en anglais) pour obtenir une version pr

jour.JAvertissement - Programme d'installation de DirectX version pr

commerciale de DirectX expirera le %s.

installer Windows(R) si vous ne disposez pas d'un identificateur valide de B

hXXp://VVV.BetaPlace.com [site en anglais] lorsque l'identificateur expirera.RVoulez-vous poursuivre l'installation de cette version pr

Download di %s in corso...

Dimensione download: %d.%d MB

Dimensione download: %d KB2Tempo restante di download stimato: d.d.d

compatibile con la versione di Internet Explorer attualmente installata. Scaricare e installare il pacchetto DirectX Redistributable da hXXp://VVV.microsoft.com/directx (informazioni in lingua inglese). Premere OK per uscire.

scaduta. Visitare il sito Web hXXp://Microsoft.com/DirectX per ottenere l'ultima versione completa di DirectX o la pagina hXXp://VVV.betaplace.com per ottenere una versione preliminare aggiornata.6Installazione di DirectX - Avviso versione preliminare3Questa versione preliminare di DirectX SCADE il %s.

necessario reinstallare Windows(R) se alla scadenza non si dispone di un BetaID valido per DirectX e di accesso al sito Web hXXp://VVV.BetaPlace.comEContinuare l'installazione di questa versione preliminare di DirectX?

hXXp://Microsoft.com/DirectX

hXXp://VVV.betaplace.com

hXXp://VVV.BetaPlace.com Web

Windows

. hXXp://VVV.microsoft.com/directx

. hXXp://Microsoft.com/DirectX

, hXXp://VVV.betaplace.com

Windows(R)

Dialoogvenster van MS Shell#Bezig met het downloaden van %s ...

Downloadgrootte: %d.%d MB

Downloadgrootte: %d kB1Geschatte resterende downloadtijd: d:d:d

nstalleerd. Download en installeer het DirectX Redistributable-pakket van hXXp://VVV.microsoft.com/directx. Klik op OK om de wizard af te sluiten.

Deze evaluatieversie is reeds verlopen. Ga naar hXXp://Microsoft.com/DirectX voor de meest recente releaseversie van DirectX of ga naar hXXp://VVV.betaplace.com voor een bijgewerkte evaluatieversie.-DirectX Setup. Waarschuwing: evaluatieversie.0Deze evaluatieversie van DirectX verloopt op %s!

U dient Windows(r) opnieuw te installeren als u geen geldige b

ta-id voor DirectX en toegang tot de website hXXp://VVV.betaplace.com hebt wanneer DirectX verloopt.HWilt u doorgaan met de installatie van deze evaluatieversie van DirectX?

Trwa pobieranie %s ...#Rozmiar pobieranego pliku: %d.%d MB Rozmiar pobieranego pliku: %d KB3Szacowany pozostaly czas pobierania: d:d:d

w wykonawczych programu DirectX nie jest zgodny z zainstalowana obecnie wersja programu Internet Explorer. Pobierz i zainstaluj pakiet redystrybucyjny programu DirectX z witryny hXXp://VVV.microsoft.com/directx. Nacisnij przycisk OK, aby zakonczyc.

Waznosc tej wersji wstepnej juz wygasla. Przejdz do witryny hXXp://Microsoft.com/DirectX, aby uzyskac najnowsza z wydanych wersji programu DirectX, lub do witryny hXXp://VVV.betaplace.com, aby uzyskac zaktualizowana wersje wstepna.<Instalator programu DirectX - OSTRZEZENIE O WERSJI WSTEPNEJ!7Waznosc tej wersji wstepnej programu DirectX WYGASA %s!

Po wygasnieciu waznosci tej wersji trzeba bedzie ponownie zainstalowac system Windows(R) w wypadku braku prawidlowego identyfikatora Beta programu DirectX i dostepu do witryny hXXp://VVV.BetaPlace.com w sieci web!ICzy chcesz kontynuowac instalowanie tej wersji wstepnej programu DirectX?

Fazendo o download de %s ...

Tamanho do download: %d.%d MB

Tamanho do download: %d KB3Tempo de download estimado restante: d:d:d

Este pacote de Tempo de Execu

vel em hXXp://VVV.microsoft.com/directx. Pressione OK para sair.

expirou. Visite hXXp://Microsoft.com/DirectX para obter a vers

o mais recente do DirectX, ou hXXp://VVV.betaplace.com para obter uma vers

amento do DirectX EXPIRA em %s!

de reinstalar o Windows(R) se n

lida e acessar hXXp://VVV.BetaPlace.com quando ela expirar!HDeseja continuar a instala

%s ...&

: %d.%d

hXXp://VVV.microsoft.com/directx.

hXXp://Microsoft.com/DirectX,

hXXp://VVV.betaplace.com,

Windows(R)

hXXp://VVV.BetaPlace.com.?

mtar %s...

mtningsstorlek: %d.%d MB

mtningsstorlek: %d kB,

mtning: d:d:d

n hXXp://VVV.microsoft.com/directx. Klicka p

till webbplatsen hXXp://Microsoft.com/DirectX f

mta den senaste officiella versionen av DirectX eller till hXXp://VVV.betaplace.com om du vill h

lla den %s.

ste installera om Windows(R) om du inte har ett giltigt DirectX BetaID och

tkomst till webbplatsen hXXp://VVV.BetaPlace.com n

%Optionale DirectX-LaufzeitkomponentennDie optionalen DirectX-Laufzeitkomponenten werden gesucht und gedownloadet. Dies kann einige Minuten dauern...rEine neuere oder gleichwertige Version von DirectX ist bereits installiert. Eine Installation ist nicht notwendig.

in corso la ricerca e il download dei componenti facoltativi DirectX Runtime. L'operazione potrebbe richiedere alcuni minuti...

...WDirectX

(Optionele onderdelen van DirectX Runtime^Optionele onderdelen van DirectX Runtime zoeken en downloaden. Dit kan enkele minuten duren...dEr is al een nieuwere of gelijkwaardige versie van DirectX ge

5Componentes Opcionais de Tempo de Execu

o do DirectXyProcurando e fazendo download de Componentes Opcionais de Tempo de Execu

Windows

mu WIndows.<Rozhran

pro instalaci..Zdrojov

..Zdrojov

ne %d MB. M

ch souboru.GInstalacn

r die Installation von DirectX neu starten. Klicken Sie auf "OK", um den Computer jetzt neu zu starten..DirectX-Setup wurde erfolgreich abgeschlossen.YDiese DirectX-Version ist mit der zurzeit installierten Windows-Version nicht kompatibel.GEine f

hr %d MB ben

EDirectX setup needs to restart your machine, press OK to restart now.)DirectX setup has completed successfully.ZThis version of DirectX is not compatible with the version of Windows currently installed.9DirectX could not find a file necessary for installation.!DirectX source file is incorrect.!DirectX source file is incorrect.%DirectX did not copy a required file.

DirectX needs approximately %dMB. You can increase available disk space by uninstalling applications or by deleting unneeded files.1DirectX setup could not find a required inf file.

correctamente.YEsta versi

n de Windows instalada actualmente.CDirectX no pudo encontrar un archivo necesario para la instalaci

DirectX necesita aproximadamente %dMB. Puede aumentar el espacio disponible en disco desinstalando aplicaciones o eliminando archivos innecesarios.@La instalaci

un archivo .inf necesario.

e.`Cette version de DirectX n'est pas compatible avec la version de Windows actuellement install

e.BDirectX n'a pas pu trouver un fichier n

%d Mo environ sont n

sinstallant des applications ou en supprimant des fichiers inutiles.ULe programme d'installation de DirectX n'a pas pu trouver un fichier .inf n

compatibile con la versione di Windows attualmente installata.;Impossibile trovare un file necessario per l'installazione.%File origine di DirectX non corretto.%File origine di DirectX non corretto.'Impossibile copiare un file necessario.

DirectX richiede circa %d MB. Per liberare spazio su disco, disinstallare alcune applicazioni o eliminare i file non necessari.'Impossibile trovare un file necessario.

nstalleerd nadat het systeem opnieuw is opgestart. Klik op OK om opnieuw op te starten.'De installatie van DirectX is voltooid.VDe huidige DirectX-versie is niet compatibel met de ge

nstalleerde versie van Windows.>DirectX kan een voor installatie benodigd bestand niet vinden."DirectX-bronbestand is niet juist."DirectX-bronbestand is niet juist.2DirectX heeft een vereist bestand niet gekopieerd.

DirectX vereist ongeveer %dMB vrije schijfruimte. U kunt schijfruimte vrijmaken door toepassingen of overbodige bestanden te verwijderen.6DirectX Setup kan een vereist INF-bestand niet vinden.

hInstalator programu DirectX musi zrestartowac komputer. Aby zrestartowac go teraz, nacisnij przycisk OK.8Instalacja programu DirectX zostala ukonczona pomyslnie.^Ta wersja programu DirectX nie jest zgodna z wersja aktualnie zainstalowanego systemu Windows.AProgram DirectX nie moze znalezc pliku potrzebnego do instalacji.'Plik zr

Interfejs DirectX wymaga okolo %d MB. Mozesz zwiekszyc dostepne miejsce na dysku odinstalowujac aplikacje lub usuwajac niepotrzebne pliki.BInstalator programu DirectX nie moze znalezc wymaganego pliku inf.

xito.aEsta vers

o do sistema operacional atualmente instalado.EO DirectX n

O DirectX precisa de aproximadamente %dMB. Voc

rios.QO Programa de Instala

Windows.8DirectX:

rdig.XDen h

r inte kompatibel med den Windows-version som

r installerad.DDet gick inte att hitta en n

r %d MB. Du kan

vs.JInstallationsprogrammet f

DXError.log

DirectX.log

(ManagedDX.CAB)

.NET Framework RC2

.NET Framework

to chybe naleznete v souborech DXError.log a DirectX.log ve slo

ce Windows.DRozhran

mu Windows NT podporov

operacn

tko Storno.HRozhran

mu Windows NT predinstalov

treba znovu instalovat.wAktu

mu.qTyp procesoru nen

DirectX (ManagedDX.CAB) v distribucn

.NET Framework verze RC2 nebo novej

.NET Framework a spustte instalaci rozhran

DirectX znovu.ZStahov

ba, a zda je certifik

Weitere Informationen zum Ermitteln des Problem finden Sie in den Dateien "dxerror.log" und "directx.log" im Ordner "Windows".7DirectX3D wird von dieser NT-Version nicht unterst

her.yDie Kabinettdatei f

r die Managed DirectX-Komponente (ManagedDX.CAB) ist im DirectX-Verzeichnis "redist" nicht vorhanden.

r die Managed DirectX-Komponente muss .NET Framework RC2 oder h

her installiert werden, bevor DirectX installiert wird. Installieren Sie das aktuelle .NET Framework, und f

hren Sie dann DirectX-Setup erneut aus.dFehler beim Downloaden einer f

Please refer to DXError.log and DirectX.log in your Windows folder to determine problem..This version on NT does not support DirectX3D.&An unknown operating system was found.

User hit the cancel key.3DirectX was not preinstalled on this version on NT.rDirectX setup has determined that a newer version of DirectX is already installed.

Please logon again as an Administrator or contact your PC Administrator.qProcessor type is unsupported by DirectX.

DirectX supports Pentium-compatible and K6 class processors or higher.dThe Managed DirectX component cab file (ManagedDX.CAB) is missing from the DirectX redist directory.

The Managed DirectX component requires the .NET Framework RC2 or newer version to be installed before DirectX. Please install the latest .NET Framework and then run DirectX setup again.MDownloading a file necessary for installation failed. Please run setup again.

A cabinet file necessary for installation cannot be trusted. Please verify the Cryptographic Services are enabled and the cabinet file certificate is valid.

n de DirectX no pudo encontrar un directorio necesario.fError interno.

Consulte DXError.log y DirectX.log en la carpeta Windows para identificar el problema.'Esta versi

un sistema operativo desconocido.&El usuario presion

DirectX es compatible con procesadores compatibles con Pentium y con procesadores de clase K6 o superior.|No se encuentra el archivo CAB de componentes Managed DirectX (ManagedDX.CAB) en el directorio de redistribuci

El componente Managed DirectX necesita .NET Framework RC2 o una versi

s reciente de .NET Framework y vuelva a ejecutar el programa de instalaci

n de DirectX.jError al descargar un archivo necesario para la instalaci

Un archivo .CAB necesario para la instalaci

lido el certificado del archivo .CAB.

Consultez les fichiers DXError.log et DirectX.log situ

s dans le dossier Windows pour d

DirectX prend en charge les processeurs compatibles Pentium et K6 ou plus.sLe fichier CAB des composants Managed DirectX (ManagedDX.CAB) est introuvable dans le r

cessite l'installation de .NET Framework RC2 ou une version plus r

re version de .NET Framework, puis r

cutez le programme d'installation de DirectX.jUn fichier n

s, et que le certificat du fichier CAB est valide.

Per individuare il problema, vedere i file DXError.log e DirectX.log nella cartella di Windows.1La versione su Windows NT non supporta DirectX3D.*Rilevato un sistema operativo sconosciuto.!Operazione annullata dall'utente.CDirectX non

stato preinstallato su questa versione di Windows NT.

Per individuare il problema, vedere i file DXError.log e DirectX.log nella cartella di Windows.cFile cab del componente DirectX gestito (ManagedDX.CAB) mancante dalla directory redist di DirectX.

Il componente gestito DirectX richiede .NET Framework RC2 o una versione pi

recente disponibile di .NET Framework e ripetere l'installazione di DirectX.pImpossibile scaricare un file necessario per l'installazione. Eseguire nuovamente il programma di installazione.

Un file CAB necessario per l'installazione risulta non attendibile. Verificare che i servizi di crittografia siano abilitati e che il certificato relativo al file CAB sia valido.

(ManagedDX.CAB)

DirectX.log

Windows NT

.GManaged DirectX

(ManagedDX.CAB)

.NET Framework

Raadpleeg DXError.log en DirectX.log in de map Windows om vast te stellen wat het probleem is..Deze versie van NT ondersteunt DirectX3D niet.2Er is een onbekend besturingssysteem aangetroffen.

nstalleerd op deze versie van NT.sDirectX Setup heeft ontdekt dat er al een nieuwere versie van DirectX is ge

DirectX ondersteunt Pentium-compatibele en klasse K6-processors of hoger.dHet cab-bestand voor het DirectX-beheeronderdeel (ManagedDX.CAB) ontbreekt in de DirectX redist-map.

.NET Framework RC2 of een latere versie moet zijn ge

nstalleerd voordat u het onderdeel Managed DirectX kunt installeren. Installeer de nieuwste versie van .NET Framework en voer vervolgens Setup voor DirectX opnieuw uit.fHet downloaden van een bestand dat voor de installatie vereist is, is mislukt. Voer Setup opnieuw uit.

n of meerdere bestanden door een toepassing zijn geopend. Sluit alle toepassingen af voordat u de installatie van DirectX opnieuw uitvoert.

Een CAB-bestand dat nodig is voor de installatie wordt niet vertrouwd. Controleer of de service Cryptographic Services ingeschakeld is en of het certificaat van het CAB-bestand geldig is.

FInstalator programu DirectX nie moze zlokalizowac wymaganego katalogu.tWystapil wewnetrzny blad systemu.

Sprawdz plik DXError.log i DirectX.log w folderze Windows, aby rozpoznac problem.-Ta wersja systemu NT nie obsluguje DirectX3D.&Znaleziono nieznany system operacyjny.$Uzytkownik nacisnal przycisk Anuluj.JProgram DirectX nie zostal wstepnie zainstalowany w tej wersji systemu NT.|Instalator programu DirectX wykryl, ze jest juz zainstalowana nowsza wersja programu DirectX.

Program DirectX obsluguje procesory zgodne z Pentium oraz procesory klasy K6 lub nowsze.\Brak pliku cab skladnika Managed DirectX (ManagedDX.CAB) w katalogu redist programu DirectX.

Skladnik Managed DirectX wymaga zainstalowania struktury .NET Framework RC2 lub nowszej przed programem DirectX. Zainstaluj najnowsza architekture .NET Framework, a nastepnie uruchom ponownie Instalatora programu DirectX.YPobieranie pliku wymaganego do instalacji nie powiodlo sie. Uruchom ponownie instalatora.

Nie mozna zaufac plikowi cabinet wymaganemu dla instalacji. Sprawdz, czy uslugi kryptograficzne sa wlaczone i czy certyfikat pliku cabinet jest prawidlowy.

ria.xErro interno de sistema.

Consulte os arquivos DXError.log e DirectX.log na pasta do Windows para determinar o problema..Esta vers

suporte ao DirectX3D.,Sistema operacional desconhecido encontrado.(Usu

o oferece suporte a este tipo de processador. O

DirectX oferece suporte a processadores compat

veis com Pentium ou da classe K6 ou superiores.nO arquivo de instala

o do componente Managed DirectX (ManagedDX.CAB) est

Para ser instalado antes do DirectX, o componente Managed DirectX requer o.NET Framework RC2 ou vers

o mais recente do .NET Framework e execute a instala

o do DirectX novamente.lFalha ao fazer o download de um arquivo necess

o. Execute o programa de instala

o em uso por um aplicativo. Feche todos os aplicativos antes de executar a instala

o habilitados e que o certificado do arquivo de gabinete

Windows. 

.BDirectX:

ndig katalog.kEtt internt fel uppstod.

Information om felet finns i filen DXError.log och DirectX.log i Windows-mappen..Den h

nt operativsystem hittades.&Anv

r.jProcessortypen st

gre.ZCAB-filen med DirectX-komponenten f

r hanterad kod (ManagedDX.CAB) saknas i redist-mappen.

ver .NET Framework RC2 eller senare innan du installerar DirectX. Installera den senaste versionen av .NET Framework och f

r aktiverad och att kabinettfilens certifikat

Directx.log

4.9.0.0904

dxwsetup.exe

Microsoft(R) DirectX for Windows(R)

DirectX for Windows

r Windows

DirectX para Windows

DirectX pour Windows

DirectX per Windows

Microsoft(R) DirectX voor Windows(R)

DirectX dla systemu Windows

Windows

Remove it with Ad-Aware

1. Click (here) to download and install Ad-Aware Free Antivirus.
2. Update the definition files.
3. Run a full scan of your computer.

Manual removal*

1. Terminate malicious process(es) (How to End a Process With the Task Manager):
   

   dxwsetup.exe:1236
   setup.exe:1288

2. Delete the original Trojan-Dropper file.
   
3. Delete or disinfect the following files created/modified by the Trojan-Dropper:
   

   %System%\DirectX\websetup\SET5.tmp (601 bytes)
   %System%\DirectX\websetup\SET6.tmp (12287 bytes)
   %WinDir%\setupapi.log (5088 bytes)
   %WinDir%\Logs\DirectX.log (1635 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp\FG (130 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp\NSISdl.dll (14 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp\System.dll (11 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp\B (5128 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\dxwsetup.inf (477 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\dsetup32.dll (29860 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\dxwsetup.exe (8657 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\dxwsetup.cif (922 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\dsetup.dll (2104 bytes)

4. Delete the following value(s) in the autorun key (How to Work with System Registry):
   

   [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
   "wextract_cleanup0" = "rundll32.exe %System%\advpack.dll,DelNodeRunDLL32 C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\"

5. Reboot the computer.
   

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.