Trojan.Win32.Delphi_20c9afc1a0
Trojan.Win32.Delphi.FD, Trojan.Win32.Sasfis.FD, Trojan.Win32.Swrort.3.FD, VirTool.Win32.DelfInject.FD (Lavasoft MAS)
Behaviour: Trojan, VirTool
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
The sample has been submitted by Lavasoft customers.
MD5: 20c9afc1a09dbc07b1a922511fd5fd81
SHA1: fe50065514e773bda12f1b96146d52ab26f3cfac
SHA256: 71c67b25c1c40e9103e2101ef6fdd179c6d9bdb5c137683c3ee38b9d7b6ea2f4
SSDeep: 49152:hHjgY7pkJFOTs4eNe6Yzkt3dBuBhrP6gzn4Z6wuKN1rKYpAFOmmw1QyMTH3DLoyQ:n7GSrkLmnUNr/fwOyMjDbhPX7nM/Lt
Size: 3693712 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: Sta
Created at: 2014-01-18 05:39:43
Analyzed on: WindowsXP SP3 32-bit
Summary:
Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
YYMusic.exe:552
YYJia.exe:948
%original file name%.exe:1760
The Trojan injects its code into the following process(es):
YYJia.exe:1656
File activity
The process YYMusic.exe:552 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files%\YYMusic\2014220\SysConfig.ini (217 bytes)
%Program Files%\YYMusic\2014220\Data\client.ini (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT (18432 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\RTEJ67TP\desktop.ini (67 bytes)
%Program Files%\YYMusic\2014220\Data\user2.ini (196 bytes)
%Program Files%\YYMusic\2014220\Data\server.ini (1024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\RTEJ67TP\ver[1].txt (36 bytes)
%Documents and Settings%\%current user%\Ø÷ñрðýýþõ\Óò·áÙßÃÂшµјÑâ€Ã….url (71 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\RTEJ67TP\a[1].htm (3 bytes)
%Documents and Settings%\%current user%\Ø÷ñрðýýþõ\ÃœüâýѕьÃÅ¡Ã’ÃÂш.url (74 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\RTEJ67TP\tj[1].ashx (3 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\RTEJ67TP\a[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\RTEJ67TP\tj[1].ashx (0 bytes)
The process YYJia.exe:1656 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\YYXMDT\OLDSet.Xml (3594 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\YYXMDT\DMSet.Xml (3594 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
The process %original file name%.exe:1760 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files%\YYMusic\2014220\picture\baidu_c2cec3fdfc03924517c1df928694a4c27d1e2532.jpg (24090 bytes)
%Program Files%\YYMusic\2014220\Skin\bkcolor_4.png (5768 bytes)
%Program Files%\YYMusic\2014220\lyrics\baidu_262581.lrc (993 bytes)
%Program Files%\YYMusic\2014220\Skin\tooltipbk.png (319 bytes)
%Program Files%\YYMusic\2014220\Skin\playersidebg.jpg (1568 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensioncloseahover.png (1179 bytes)
%Program Files%\YYMusic\2014220\Skin\icon.png (1706 bytes)
%Program Files%\YYMusic\2014220\Skin\frmplaylist.xml (5434 bytes)
%Program Files%\YYMusic\2014220\Skin\lyrictoplay.png (1342 bytes)
%Program Files%\YYMusic\2014220\Skin\frmWebBrowser.xml (308 bytes)
%Program Files%\YYMusic\2014220\audio.dll (129168 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_close.png (1118 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_ok.png (3950 bytes)
%Documents and Settings%\%current user%\Óûðòýþõ üõýю\ßрþóрðüüы\YYMusic\ÕôæÓ№¤ѕÃ¯\à¶äèYYMusic.lnk (700 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmMenuFrame.xml (1663 bytes)
%Program Files%\YYMusic\2014220\Skin\list_title_bg.png (1049 bytes)
%Program Files%\YYMusic\2014220\Skin\DefaultUserImage.jpg (6747 bytes)
%Program Files%\YYMusic\2014220\Skin\random.jpg (1983 bytes)
%Program Files%\YYMusic\2014220\Skin\bkcolor_3.png (3933 bytes)
%Program Files%\YYMusic\2014220\Skin\frmdownmenu.xml (1702 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_9k.png (4098 bytes)
%Program Files%\YYMusic\2014220\Skin\lista.png (1063 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionmina.png (1047 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmConfig.xml (4521 bytes)
%Program Files%\YYMusic\2014220\swresample-0.dll (107680 bytes)
%Program Files%\YYMusic\2014220\channels.xml (33290 bytes)
%Program Files%\YYMusic\2014220\Skin\sys_check_btn_whiter.png (318 bytes)
%Program Files%\YYMusic\2014220\Skin\headimg.png (32082 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionlogin.png (2951 bytes)
%Program Files%\YYMusic\2014220\Skin\input-password.png (1705 bytes)
%Program Files%\YYMusic\2014220\Skin\frmProgressToolTip.xml (393 bytes)
%Program Files%\YYMusic\2014220\Skin\color_008.bmp (556 bytes)
%Program Files%\YYMusic\2014220\Skin\playingnext.png (4967 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensiontop.png (1350 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_split.png (1006 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-delete.png (1137 bytes)
%Program Files%\YYMusic\2014220\Skin\pop_bkimage.png (1803 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionbigahover.png (1084 bytes)
%Program Files%\YYMusic\2014220\YYMusic.exe (1007760 bytes)
%Program Files%\YYMusic\2014220\Skin\playinginga.jpg (5601 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_vol.png (1275 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_xm.png (5013 bytes)
%Program Files%\YYMusic\2014220\Data\client.ini (38 bytes)
%Program Files%\YYMusic\2014220\Skin\downda.png (1531 bytes)
%Program Files%\YYMusic\2014220\Skin\menu.png (1285 bytes)
%Program Files%\YYMusic\2014220\Skin\system_menu_btnmini.png (1606 bytes)
%Program Files%\YYMusic\2014220\Skin\power.png (5511 bytes)
%Program Files%\YYMusic\2014220\Skin\sound (2).jpg (1925 bytes)
%Program Files%\YYMusic\2014220\Skin\color_012.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\Skin\BtnRightTop.png (1285 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_color.png (1344 bytes)
%Program Files%\YYMusic\2014220\Skin\loading03.png (1300 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-pause.png (5528 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmColor.xml (1633 bytes)
%Program Files%\YYMusic\2014220\Skin\progress_fore.png (2929 bytes)
%Program Files%\YYMusic\2014220\Skin\random02hover.jpg (2108 bytes)
%Program Files%\YYMusic\2014220\Skin\prev.png (2316 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionbiga.png (1073 bytes)
%Program Files%\YYMusic\2014220\Skin\color_003.bmp (560 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionsetahover.png (1305 bytes)
%Program Files%\YYMusic\2014220\Skin\next.png (2182 bytes)
%Program Files%\YYMusic\2014220\Skin\tab_comm.png (1127 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_itself.png (1170 bytes)
%Program Files%\YYMusic\2014220\Skin\lyricdelete.png (1146 bytes)
%Program Files%\YYMusic\2014220\Skin\random01hover.jpg (2232 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_fh.png (4560 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_small.png (1279 bytes)
%Program Files%\YYMusic\2014220\Skin\collection.png (3470 bytes)
%Program Files%\YYMusic\2014220\Skin\random02.jpg (1888 bytes)
%Program Files%\YYMusic\2014220\Skin\color_013.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\Skin\color_unsel.bmp (5880 bytes)
%Program Files%\YYMusic\2014220\Skin\random0520.png (1780 bytes)
%Program Files%\YYMusic\2014220\Skin\progresstooltip.png (3111 bytes)
%Program Files%\YYMusic\2014220\Skin\musiclibrary.png (3726 bytes)
%Program Files%\YYMusic\2014220\Skin\mini.png (1606 bytes)
%Program Files%\YYMusic\2014220\Skin\bkcolor_1.png (5612 bytes)
%Program Files%\YYMusic\2014220\lyrics\baidu_13766042.lrc (1466 bytes)
%Program Files%\YYMusic\2014220\picture\baidu_c8ea15ce36d3d539f9c9305e3b87e950342ab0b2.jpg (41244 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmHotKeyTip.xml (482 bytes)
%Program Files%\YYMusic\2014220\Skin\random03hover.jpg (1426 bytes)
%Program Files%\YYMusic\2014220\Skin\slider_bg.png (1001 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_big.png (1295 bytes)
%Program Files%\YYMusic\2014220\Skin\forecolor_4.png (4865 bytes)
%Program Files%\YYMusic\2014220\Skin\playerbg01.png (1599 bytes)
%Program Files%\YYMusic\2014220\Skin\reflash.png (1868 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-login2.png (6202 bytes)
%Program Files%\YYMusic\2014220\YYJia.exe (656528 bytes)
%Program Files%\YYMusic\2014220\Skin\125x125.jpg (22934 bytes)
%Program Files%\YYMusic\2014220\Skin\sys_check_btn_red.png (1421 bytes)
%Program Files%\YYMusic\2014220\Skin\color_003highlight.bmp (564 bytes)
%Program Files%\YYMusic\2014220\lyrics\baidu_13881991.lrc (1794 bytes)
%Program Files%\YYMusic\2014220\Skin\hotkeytipbk.png (1161 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionclosea.png (1180 bytes)
%Program Files%\YYMusic\2014220\pthreadGC2.dll (117488 bytes)
%Program Files%\YYMusic\2014220\Skin\frmWindowLrcParent.xml (157 bytes)
%Program Files%\YYMusic\2014220\Skin\exit.png (2043 bytes)
%Program Files%\YYMusic\2014220\Skin\color_011.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\Skin\list_scroll_bar.png (1110 bytes)
%Program Files%\YYMusic\2014220\Skin\AutoRunTipFrame.xml (1974 bytes)
%Program Files%\YYMusic\2014220\Skin\color_001.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\LyricFrameVoice.png (2850 bytes)
%Program Files%\YYMusic\2014220\avcodec-54.dll (737952 bytes)
%Program Files%\YYMusic\2014220\Skin\lyricmute.png (1328 bytes)
%Program Files%\YYMusic\2014220\Skin\font_bkcolor.png (2990 bytes)
%Program Files%\YYMusic\2014220\source.dll (203920 bytes)
%Program Files%\YYMusic\2014220\PlayerUpdate.exe (156304 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_res.png (1137 bytes)
%Program Files%\YYMusic\2014220\Skin\color_004.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\bg2.png (1014 bytes)
%Program Files%\YYMusic\2014220\Skin\WindowLrcbkIamge.png (732 bytes)
%Program Files%\YYMusic\2014220\Skin\playerbg02.png (1568 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-fav.png (3293 bytes)
%Program Files%\YYMusic\2014220\Skin\max.png (1120 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmDropDownMenuFrame.xml (1661 bytes)
%Program Files%\YYMusic\2014220\Skin\random01a.jpg (2251 bytes)
%Program Files%\YYMusic\2014220\Skin\mineahover.png (1606 bytes)
%Program Files%\YYMusic\2014220\Skin\BtnHidePlayList.png (1865 bytes)
%Program Files%\YYMusic\2014220\Skin\minea.png (1630 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmLrc.xml (7660 bytes)
%Program Files%\YYMusic\2014220\Skin\lyriclike.png (1350 bytes)
%Program Files%\YYMusic\2014220\Skin\mainframeshadow.png (132105 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_prev.png (1247 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionfeedbacka.png (1381 bytes)
%Program Files%\YYMusic\2014220\Skin\playingprev.jpg (1396 bytes)
%Program Files%\YYMusic\2014220\Skin\sys_check_btn_blue.png (1410 bytes)
%Program Files%\YYMusic\2014220\Skin\bkcolor_6.png (5307 bytes)
%Program Files%\YYMusic\2014220\Skin\SelectColor_SliderBar_Thumb.png (1346 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionclose.png (1226 bytes)
%Documents and Settings%\%current user%\Óûðòýþõ üõýю\ßрþóрðüüы\YYMusic\№é·Åæчâі.lnk (334 bytes)
%Program Files%\YYMusic\2014220\Skin\bkcolor_2.png (5222 bytes)
%Program Files%\YYMusic\2014220\Skin\frmWindowLrc.xml (174 bytes)
%Program Files%\YYMusic\2014220\Skin\color_007.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\search.png (3944 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmLrcChild.xml (263 bytes)
%Program Files%\YYMusic\2014220\Skin\frmlogin.xml (3823 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionset.png (1383 bytes)
%Program Files%\YYMusic\2014220\Skin\PlayProgressForeImage.png (142 bytes)
%Program Files%\YYMusic\2014220\Skin\color_002.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\bg_2.png (1119 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_pause.png (1067 bytes)
%Program Files%\YYMusic\2014220\Skin\forecolor_3.png (5407 bytes)
%Program Files%\YYMusic\2014220\Skin\color_006.bmp (560 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionmin.png (1052 bytes)
%Program Files%\YYMusic\2014220\Skin\voiceall0528.png (1310 bytes)
%Program Files%\YYMusic\2014220\picture\baidu_e1fe9925bc315c60bbe955728cb1cb134954772a.jpg (16578 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_btn_down.png (1136 bytes)
%Program Files%\YYMusic\2014220\Skin\voice0520.png (1637 bytes)
%Program Files%\YYMusic\2014220\Skin\color_007highlight.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\voice00528.png (1231 bytes)
%Program Files%\YYMusic\2014220\Skin\history.png (4046 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_sc.png (3695 bytes)
%Program Files%\YYMusic\2014220\Skin\miniґ°.png (1606 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionminahover.png (1058 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_feedback.png (1107 bytes)
%Program Files%\YYMusic\2014220\Skin\channel.png (3075 bytes)
%Program Files%\YYMusic\2014220\avcore.dll (97936 bytes)
%Program Files%\YYMusic\2014220\Skin\color_004highlight.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\remembertt.jpg (1860 bytes)
%Program Files%\YYMusic\2014220\Skin\forecolor_6.png (5404 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_kw.png (5427 bytes)
%Program Files%\YYMusic\2014220\Skin\color_bg.bmp (32240 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensiontopahover.png (1342 bytes)
%Program Files%\YYMusic\2014220\Skin\playingrandom.jpg (1590 bytes)
%Program Files%\YYMusic\2014220\Skin\DownLoadProgressForeImage.png (1025 bytes)
%Program Files%\YYMusic\2014220\Skin\lyricdeletea2.png (2891 bytes)
%Program Files%\YYMusic\2014220\Skin\close.png (1210 bytes)
%Program Files%\YYMusic\2014220\Skin\MessageBox.xml (1577 bytes)
%Program Files%\YYMusic\2014220\Skin\sound.jpg (1925 bytes)
%Program Files%\YYMusic\2014220\Skin\back.png (1684 bytes)
%Program Files%\YYMusic\2014220\Skin\more.png (1083 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-anonymity.png (8941 bytes)
%Program Files%\YYMusic\2014220\Skin\playingpreva.jpg (1730 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmSetWindowLrcFrame.xml (3859 bytes)
%Program Files%\YYMusic\2014220\Skin\loading01.png (1304 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_db.png (3492 bytes)
%Program Files%\YYMusic\2014220\Skin\border.png (1114 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_set.png (1262 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-next.png (4263 bytes)
%Program Files%\YYMusic\2014220\Skin\prevention.png (3651 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_btn_on.png (1283 bytes)
%Program Files%\YYMusic\2014220\Skin\min.png (1021 bytes)
%Program Files%\YYMusic\2014220\Skin\play0520.png (1485 bytes)
%Program Files%\YYMusic\2014220\Skin\color_list_bk.png (57846 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_forward.png (1094 bytes)
%Program Files%\YYMusic\2014220\Skin\like.png (3577 bytes)
%Program Files%\YYMusic\2014220\Skin\playingplaying.jpg (2791 bytes)
%Program Files%\YYMusic\2014220\Skin\astop.png (3320 bytes)
%Program Files%\YYMusic\2014220\Skin\voice1000528.png (2828 bytes)
%Program Files%\YYMusic\2014220\Skin\prev0520.png (1351 bytes)
%Program Files%\YYMusic\2014220\Skin\system_menu_btnsteup.png (3024 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-login.png (3196 bytes)
%Program Files%\YYMusic\2014220\Skin\fbcaptionbk.png (1453 bytes)
%Program Files%\YYMusic\2014220\Data\dh.ini (56 bytes)
%Program Files%\YYMusic\2014220\Skin\SetTipFrame.xml (1835 bytes)
%Program Files%\YYMusic\2014220\Skin\random02a.jpg (2119 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_bd.png (4427 bytes)
%Documents and Settings%\%current user%\Óûðòýþõ üõýю\ßрþóрðüüы\YYMusic\YYMusic.lnk (698 bytes)
%Program Files%\YYMusic\2014220\Skin\color_001highlight.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\system_menu_btnexit - ё±±ѕ.png (2043 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_next.png (1122 bytes)
%Program Files%\YYMusic\2014220\Skin\sys_check_btn.png (1416 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_back.png (1098 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionfeedbackahover.png (1372 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmPopWnd.xml (354 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensiontopa.png (1328 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_ok_blue.png (2491 bytes)
%Program Files%\YYMusic\2014220\Skin\system_menu_btnfeedback.png (2209 bytes)
%Program Files%\YYMusic\2014220\Skin\lyriclikea.png (1350 bytes)
%Program Files%\YYMusic\2014220\Skin\âфÑїÜх.png (1001 bytes)
%Program Files%\YYMusic\2014220\Skin\play2.png (3709 bytes)
%Program Files%\YYMusic\2014220\Skin\feedback.png (2209 bytes)
%Program Files%\YYMusic\2014220\Skin\button.png (3427 bytes)
%Program Files%\YYMusic\2014220\Skin\color_002highlight.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\playingrandoma.jpg (2224 bytes)
%Program Files%\YYMusic\2014220\Skin\lrclist.png (4667 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionfeedback.png (1453 bytes)
%Program Files%\YYMusic\2014220\Skin\loading04.png (1300 bytes)
%Program Files%\YYMusic\2014220\Skin\update.xml (2820 bytes)
%Program Files%\YYMusic\2014220\Skin\color_010.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\SysConfig.ini (235 bytes)
%Program Files%\YYMusic\2014220\Skin\sound100.jpg (1813 bytes)
%Program Files%\YYMusic\2014220\Skin\list_scroll_bar2.png (1097 bytes)
%Program Files%\YYMusic\2014220\Skin\320x225.png (22990 bytes)
%Program Files%\YYMusic\2014220\Skin\color_006highlight.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\lyriclikea2.png (3157 bytes)
%Program Files%\YYMusic\2014220\Skin\normalVolume.png (2055 bytes)
%Program Files%\YYMusic\2014220\Skin\âфÑїµчÅêµó.png (1346 bytes)
%Program Files%\YYMusic\2014220\Skin\loading02.png (1298 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_close.png (2974 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionseta.png (1314 bytes)
%Program Files%\YYMusic\2014220\Skin\input-user.png (1658 bytes)
%Program Files%\YYMusic\2014220\Skin\scrollbar.png (1829 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionbig.png (1087 bytes)
%Program Files%\YYMusic\2014220\Skin\home.png (2709 bytes)
%Program Files%\YYMusic\2014220\Skin\downd.png (1528 bytes)
%Program Files%\YYMusic\2014220\Skin\playerlist.png (4638 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-play.png (5858 bytes)
%Program Files%\YYMusic\2014220\Skin\bkcolor_5.png (5406 bytes)
%Program Files%\YYMusic\2014220\Skin\list.png (1077 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_icon.png (3324 bytes)
%Program Files%\YYMusic\2014220\DuiLib.dll (488080 bytes)
%Program Files%\YYMusic\2014220\Skin\mine.png (1619 bytes)
%Program Files%\YYMusic\2014220\Skin\color_009.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmFeedBack.xml (411 bytes)
%Program Files%\YYMusic\2014220\Skin\pushedVolume.png (2869 bytes)
%Program Files%\YYMusic\2014220\Skin\random03.jpg (1372 bytes)
%Program Files%\YYMusic\2014220\Data\server.ini (1024 bytes)
%Program Files%\YYMusic\2014220\Skin\color_008highlight.bmp (552 bytes)
%Program Files%\YYMusic\2014220\Skin\system_menu_btnexit.png (4253 bytes)
%Program Files%\YYMusic\2014220\Skin\next0520.png (1414 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_desktop.png (1149 bytes)
%Program Files%\YYMusic\2014220\Skin\color_005.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\bk.png (129602 bytes)
%Program Files%\YYMusic\2014220\Skin\random01.jpg (1993 bytes)
%Program Files%\YYMusic\2014220\Skin\lyricdeletea.png (1090 bytes)
%Program Files%\YYMusic\2014220\Skin\steup.png (3024 bytes)
%Program Files%\YYMusic\2014220\Skin\random03a.jpg (1404 bytes)
%Program Files%\YYMusic\2014220\Skin\frmplayer.xml (10156 bytes)
%Program Files%\YYMusic\2014220\favorfm.xml (66 bytes)
%Program Files%\YYMusic\2014220\Skin\listahover.png (1076 bytes)
%Program Files%\YYMusic\2014220\Skin\playinging.jpg (2753 bytes)
%Program Files%\YYMusic\2014220\Skin\voice0a0528.png (1293 bytes)
%Program Files%\YYMusic\2014220\Unins.exe (281232 bytes)
%Program Files%\YYMusic\2014220\Skin\bkcolor_7.png (5129 bytes)
%Program Files%\YYMusic\2014220\Skin\system_menu_btntop.png (3320 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_mutevol.png (3110 bytes)
%Program Files%\YYMusic\2014220\Skin\list_item.xml (1326 bytes)
%Program Files%\YYMusic\2014220\Data\version.ini (32 bytes)
%Program Files%\YYMusic\2014220\Skin\forecolor_5.png (5372 bytes)
%Program Files%\YYMusic\2014220\Skin\LoginBk.png (102991 bytes)
%Program Files%\YYMusic\2014220\avformat-54.dll (378528 bytes)
%Program Files%\YYMusic\2014220\Skin\forecolor_1.png (4421 bytes)
%Program Files%\YYMusic\2014220\Skin\progresstooltipbk.png (60521 bytes)
%Program Files%\YYMusic\2014220\Skin\downdahover.png (1513 bytes)
%Program Files%\YYMusic\2014220\Skin\list_pause.png (1302 bytes)
%Program Files%\YYMusic\2014220\Skin\LrcBk.png (7678 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_comm.png (1164 bytes)
%Program Files%\YYMusic\2014220\Skin\color_014.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\Skin\list_play.png (1375 bytes)
%Program Files%\YYMusic\2014220\Skin\forgettt.jpg (1981 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_play.png (1244 bytes)
%Program Files%\YYMusic\2014220\Skin\font_forecolor.png (1605 bytes)
%Program Files%\YYMusic\2014220\libav.dll (193680 bytes)
%Program Files%\YYMusic\2014220\Skin\bg3.png (3264 bytes)
%Program Files%\YYMusic\2014220\Skin\color_015.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\Skin\color_016.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\Skin\list_item_bg.png (1018 bytes)
%Program Files%\YYMusic\2014220\Skin\system_menu_btnmin.png (3713 bytes)
%Program Files%\YYMusic\2014220\Skin\color_005highlight.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\forecolor_7.png (5552 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_bg.png (1288 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmSystemMenuFrame.xml (1654 bytes)
%Program Files%\YYMusic\2014220\avutil-52.dll (174240 bytes)
%Program Files%\YYMusic\2014220\Skin\playingvoice.png (3122 bytes)
%Program Files%\YYMusic\2014220\Skin\forecolor_2.png (5515 bytes)
%Program Files%\YYMusic\2014220\Skin\dash.png (955 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_ok_red.png (2498 bytes)
%Program Files%\YYMusic\2014220\Data\setup.ini (46 bytes)
Registry activity
The process YYMusic.exe:552 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65324"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65324"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65324"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 30 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CF 2D 44 57 85 C0 FF 98 0D A9 E1 48 7C 41 4B BC"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65324"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YYMusic_2014220" = "%Program Files%\YYMusic\2014220\YYMusic.exe -mini"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YYMusic_News_2014220" = "%Program Files%\YYMusic\2014220\YYJia.exe -mini"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process YYJia.exe:1656 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65324"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 2F 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65324"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65324"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DE 03 CF 9C 8F A7 A3 4E 49 62 D9 30 4A 8E 97 5E"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65324"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process YYJia.exe:948 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B3 A6 AD 1D 17 50 7E 7B 01 09 E9 12 88 10 67 21"
The process %original file name%.exe:1760 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\âфÃÂæFM]
"DisplayName" = "YYMusic"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\Ãœþø ôþúуüõýты\Ãœþø рøÑÂуýúø"
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\âфÃÂæFM]
"DisplayIcon" = "%Program Files%\YYMusic\2014220\Unins.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Óûðòýþõ üõýю"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\âфÃÂæFM]
"UninstallString" = "%Program Files%\YYMusic\2014220\Unins.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\Ãœþø ôþúуüõýты"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
"CommonMusic" = "%Documents and Settings%\All Users\Ãâ€Ã¾ÃºÑƒÃ¼ÃµÃ½Ñ‚Ñ‹\ÃœþѠüу÷ыúð"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\àðñþчøù ÑÂтþû"
[HKLM\SOFTWARE\YyfmPlay]
"RD" = "_2014220"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Ãâ€Ã¾ÃºÑƒÃ¼ÃµÃ½Ñ‚Ñ‹"
[HKLM\SOFTWARE\YYMusic]
"RD" = "_2014220"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Óûðòýþõ üõýю"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\âфÃÂæFM]
"Publisher" = "YYMusic"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Ãâ€Ã¾ÃºÑƒÃ¼ÃµÃ½Ñ‚Ñ‹\Ãœþø òøôõþ÷ðÿøÑÂø"
"CommonPictures" = "%Documents and Settings%\All Users\Ãâ€Ã¾ÃºÑƒÃ¼ÃµÃ½Ñ‚Ñ‹\Ãœþø рøÑÂуýúø"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A0 BF E0 5D A7 D6 B5 68 B2 F2 C7 56 D4 05 D5 D0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\àðñþчøù ÑÂтþû"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\âфÃÂæFM]
"DisplayVersion" = "1.0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Óûðòýþõ üõýю\ßрþóрðüüы"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"
The Trojan deletes the following value(s) in system registry:
The Trojan disables automatic startup of the application by deleting the following autorun value:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YyfmPlay"
"BoxNews"
"YYMusic_News"
"YYMusic"
Network activity (URLs)
| URL | IP |
|---|---|
| hxxp://update.yinyue.fm/DM5/DMSet.Xml |  222.186.60.13 |
| hxxp://update.yinyue.fm/tj.ashx | |
| hxxp://update.yinyue.fm/a.ashx?v=51856086832E9ADB32CC6A9B6C71DCBCC7C74FC51D7CB5113174FECED7F13C18C0C8B1AB73BA45DEED104630DCBC32D1683F373E788B33870079C2970BD8B6BA896DF390AB045112338BAC450D2072B22BE17713DB1ECE3885EEFD3039D20A0003D26306363B7D2651F8D15274EFDA40CBCE8E3B8F607294 | |
| hxxp://update.yinyue.fm/appupdate/ver.txt | |
| tongji.yinyue.fm | 222.186.60.13 |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
VersionInfo
Company Name: Sta
Product Name: ??FM????
Product Version: 1.0.0.0
Legal Copyright: Copyright (C) 2012
Legal Trademarks:
Original Filename: SetupApp.exe
Internal Name: SetupApp.exe
File Version: 1.0.0.0
File Description: ??FM????
Comments:
Language: Chinese (Simplified, PRC)
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .text | 4096 | 96280 | 96768 | 4.56971 | 68509f9d87f1a11e9bbd7486a832c951 |
| .rdata | 102400 | 24300 | 24576 | 3.44421 | 656dda3489126e9fdada8dd6750ba725 |
| .data | 126976 | 12580 | 5120 | 2.29426 | 2252c8646b3326b8c4b2d29678bc1e55 |
| .rsrc | 143360 | 3542040 | 3542528 | 5.50927 | 2ab8acc008b47033cc93505806784942 |
| .reloc | 3686400 | 16630 | 16896 | 1.65655 | 1680cc09cb313c5c1ff3381a341ef242 |
Dropped from:
82f75ba489c1ff9a585071ba58eb1896
7d103aeebc299de2abaec560e30cfe59
6ce00d9d7296de63d192e6a8929c58a6
ce10ceee1891075be6863d20034f0d56
d39097a568934aa97fb581d06e2e3493
5882c060f26d61dc476acc1ef7fb63ce
65f85c9c7da9fd3e36a8e192b48a23c5
38e75de76f9ed0bf981e38d767b9d5ca
2117fe8e9505aecf6fe4ee137d6fd567
Downloaded by:
12a058fbcb65151e0bba3f2f337d11b8
39204ef8caa9a448f94afb5237f5e283
238348521fe692a8ca989afe3a727e71
4fb9ebdce467aa7af78c81b1497bfd63
67625a1daa2d64375aecc51c1ca8c490
515fa8893d098f8b864f1398921e0efc
4b55d0a0cd5b73280b9a7c31bf492bf2
7e33274a98626548fdab0cd17c2bf889
6be4864824c552f648e1c18546f0a2af
a86f035560400b4549c43ab680bc90ad
954e0e2a36837f46366169084846107d
04828579e5676dd0e01367c0b5e75966
21f167be46f628cd3acd104a8bbe4f01
b1cb3ef1bdf83219d41cf226bdc47400
a345fe613d4e5635e2d478cf94645a30
aad31948789fca9d2300a8e0a60b9254
8383a38ef1c234bd70eafece86dab5b3
0a5336a15a0ad64e117db6457162847d
7c5ff8f55e88255ccba16e54737206f7
2bbacbc52ab8aa43cbd9e258e4ef6fe5
2d1ebc6609293a95abc67fc043f37a1b
9a0342e2e51f8318d6b35d2413ccd242
689b463d6ad26ce26b8b603ddb4b764c
e0007753fc9f70760d5747004acd2105
ff4ad68d8ee1d66bdf92d975b74d4164
c10c4c4aac72339f18bf0ef68b491691
e9776a745637797a405a265dd3b20f24
f9f71bb0065931af8765da9071f1e1cf
f910b5e3528d65f0441f6f243107d8de
2b3ee0402e409d424dc795926418a340
34010884e05a65536a9d12baa10a24c5
5e3555d37a81eb8a8a870e067b64e503
df9c1863d6087a687a6e83648e60a1c7
855d6ed7896f17c2dab578aa128da2bf
6e1c89afa9b229d7d1f3d80dcb7bbede
44257dbac9391e13ae4b865ae2580c69
965593cfc1187d5de2b0c0a87fe332a2
dc9ef3cb1d80c7dd8cd35a43d5c1248c
fae0f915b811a4112c33a290d3922447
ffaa34151fbde524201ffa0472fbc3b5
25a743118e1ac3fb2d13ac6e70545211
9710c03d96461286acb3694c5e2c2187
a16c200f747cf0aca5fb11fb44bfe31b
b404a5f7dacccff27e5f2851b3b56d04
4129b470794559abb46f4b1b5fd656e7
5d465a9a7a4b22fe81499e6ed5cc302a
e8e5a367cb7662bab8bfa5123f753638
8cf2108cf638d6304cfd77dc250c9a9f
9a666b068868d3e53b3d2a5c8eea6bf1
c049b6cc72d21679660842ccca4a6fd2
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 0
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
YYMusic.exe:552
YYJia.exe:948
%original file name%.exe:1760 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Program Files%\YYMusic\2014220\SysConfig.ini (217 bytes)
%Program Files%\YYMusic\2014220\Data\client.ini (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT (18432 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\RTEJ67TP\desktop.ini (67 bytes)
%Program Files%\YYMusic\2014220\Data\user2.ini (196 bytes)
%Program Files%\YYMusic\2014220\Data\server.ini (1024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\RTEJ67TP\ver[1].txt (36 bytes)
%Documents and Settings%\%current user%\Ø÷ñрðýýþõ\Óò·áÙßÃÂшµјÑâ€Ã….url (71 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\RTEJ67TP\a[1].htm (3 bytes)
%Documents and Settings%\%current user%\Ø÷ñрðýýþõ\ÃœüâýѕьÃÅ¡Ã’ÃÂш.url (74 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\RTEJ67TP\tj[1].ashx (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\YYXMDT\OLDSet.Xml (3594 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\YYXMDT\DMSet.Xml (3594 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Program Files%\YYMusic\2014220\picture\baidu_c2cec3fdfc03924517c1df928694a4c27d1e2532.jpg (24090 bytes)
%Program Files%\YYMusic\2014220\Skin\bkcolor_4.png (5768 bytes)
%Program Files%\YYMusic\2014220\lyrics\baidu_262581.lrc (993 bytes)
%Program Files%\YYMusic\2014220\Skin\tooltipbk.png (319 bytes)
%Program Files%\YYMusic\2014220\Skin\playersidebg.jpg (1568 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensioncloseahover.png (1179 bytes)
%Program Files%\YYMusic\2014220\Skin\icon.png (1706 bytes)
%Program Files%\YYMusic\2014220\Skin\frmplaylist.xml (5434 bytes)
%Program Files%\YYMusic\2014220\Skin\lyrictoplay.png (1342 bytes)
%Program Files%\YYMusic\2014220\Skin\frmWebBrowser.xml (308 bytes)
%Program Files%\YYMusic\2014220\audio.dll (129168 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_close.png (1118 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_ok.png (3950 bytes)
%Documents and Settings%\%current user%\Óûðòýþõ üõýю\ßрþóрðüüы\YYMusic\ÕôæÓ№¤ѕÃ¯\à¶äèYYMusic.lnk (700 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmMenuFrame.xml (1663 bytes)
%Program Files%\YYMusic\2014220\Skin\list_title_bg.png (1049 bytes)
%Program Files%\YYMusic\2014220\Skin\DefaultUserImage.jpg (6747 bytes)
%Program Files%\YYMusic\2014220\Skin\random.jpg (1983 bytes)
%Program Files%\YYMusic\2014220\Skin\bkcolor_3.png (3933 bytes)
%Program Files%\YYMusic\2014220\Skin\frmdownmenu.xml (1702 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_9k.png (4098 bytes)
%Program Files%\YYMusic\2014220\Skin\lista.png (1063 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionmina.png (1047 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmConfig.xml (4521 bytes)
%Program Files%\YYMusic\2014220\swresample-0.dll (107680 bytes)
%Program Files%\YYMusic\2014220\channels.xml (33290 bytes)
%Program Files%\YYMusic\2014220\Skin\sys_check_btn_whiter.png (318 bytes)
%Program Files%\YYMusic\2014220\Skin\headimg.png (32082 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionlogin.png (2951 bytes)
%Program Files%\YYMusic\2014220\Skin\input-password.png (1705 bytes)
%Program Files%\YYMusic\2014220\Skin\frmProgressToolTip.xml (393 bytes)
%Program Files%\YYMusic\2014220\Skin\color_008.bmp (556 bytes)
%Program Files%\YYMusic\2014220\Skin\playingnext.png (4967 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensiontop.png (1350 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_split.png (1006 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-delete.png (1137 bytes)
%Program Files%\YYMusic\2014220\Skin\pop_bkimage.png (1803 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionbigahover.png (1084 bytes)
%Program Files%\YYMusic\2014220\YYMusic.exe (1007760 bytes)
%Program Files%\YYMusic\2014220\Skin\playinginga.jpg (5601 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_vol.png (1275 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_xm.png (5013 bytes)
%Program Files%\YYMusic\2014220\Skin\downda.png (1531 bytes)
%Program Files%\YYMusic\2014220\Skin\menu.png (1285 bytes)
%Program Files%\YYMusic\2014220\Skin\system_menu_btnmini.png (1606 bytes)
%Program Files%\YYMusic\2014220\Skin\power.png (5511 bytes)
%Program Files%\YYMusic\2014220\Skin\sound (2).jpg (1925 bytes)
%Program Files%\YYMusic\2014220\Skin\color_012.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\Skin\BtnRightTop.png (1285 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_color.png (1344 bytes)
%Program Files%\YYMusic\2014220\Skin\loading03.png (1300 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-pause.png (5528 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmColor.xml (1633 bytes)
%Program Files%\YYMusic\2014220\Skin\progress_fore.png (2929 bytes)
%Program Files%\YYMusic\2014220\Skin\random02hover.jpg (2108 bytes)
%Program Files%\YYMusic\2014220\Skin\prev.png (2316 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionbiga.png (1073 bytes)
%Program Files%\YYMusic\2014220\Skin\color_003.bmp (560 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionsetahover.png (1305 bytes)
%Program Files%\YYMusic\2014220\Skin\next.png (2182 bytes)
%Program Files%\YYMusic\2014220\Skin\tab_comm.png (1127 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_itself.png (1170 bytes)
%Program Files%\YYMusic\2014220\Skin\lyricdelete.png (1146 bytes)
%Program Files%\YYMusic\2014220\Skin\random01hover.jpg (2232 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_fh.png (4560 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_small.png (1279 bytes)
%Program Files%\YYMusic\2014220\Skin\collection.png (3470 bytes)
%Program Files%\YYMusic\2014220\Skin\random02.jpg (1888 bytes)
%Program Files%\YYMusic\2014220\Skin\color_013.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\Skin\color_unsel.bmp (5880 bytes)
%Program Files%\YYMusic\2014220\Skin\random0520.png (1780 bytes)
%Program Files%\YYMusic\2014220\Skin\progresstooltip.png (3111 bytes)
%Program Files%\YYMusic\2014220\Skin\musiclibrary.png (3726 bytes)
%Program Files%\YYMusic\2014220\Skin\mini.png (1606 bytes)
%Program Files%\YYMusic\2014220\Skin\bkcolor_1.png (5612 bytes)
%Program Files%\YYMusic\2014220\lyrics\baidu_13766042.lrc (1466 bytes)
%Program Files%\YYMusic\2014220\picture\baidu_c8ea15ce36d3d539f9c9305e3b87e950342ab0b2.jpg (41244 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmHotKeyTip.xml (482 bytes)
%Program Files%\YYMusic\2014220\Skin\random03hover.jpg (1426 bytes)
%Program Files%\YYMusic\2014220\Skin\slider_bg.png (1001 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_big.png (1295 bytes)
%Program Files%\YYMusic\2014220\Skin\forecolor_4.png (4865 bytes)
%Program Files%\YYMusic\2014220\Skin\playerbg01.png (1599 bytes)
%Program Files%\YYMusic\2014220\Skin\reflash.png (1868 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-login2.png (6202 bytes)
%Program Files%\YYMusic\2014220\YYJia.exe (656528 bytes)
%Program Files%\YYMusic\2014220\Skin\125x125.jpg (22934 bytes)
%Program Files%\YYMusic\2014220\Skin\sys_check_btn_red.png (1421 bytes)
%Program Files%\YYMusic\2014220\Skin\color_003highlight.bmp (564 bytes)
%Program Files%\YYMusic\2014220\lyrics\baidu_13881991.lrc (1794 bytes)
%Program Files%\YYMusic\2014220\Skin\hotkeytipbk.png (1161 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionclosea.png (1180 bytes)
%Program Files%\YYMusic\2014220\pthreadGC2.dll (117488 bytes)
%Program Files%\YYMusic\2014220\Skin\frmWindowLrcParent.xml (157 bytes)
%Program Files%\YYMusic\2014220\Skin\exit.png (2043 bytes)
%Program Files%\YYMusic\2014220\Skin\color_011.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\Skin\list_scroll_bar.png (1110 bytes)
%Program Files%\YYMusic\2014220\Skin\AutoRunTipFrame.xml (1974 bytes)
%Program Files%\YYMusic\2014220\Skin\color_001.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\LyricFrameVoice.png (2850 bytes)
%Program Files%\YYMusic\2014220\avcodec-54.dll (737952 bytes)
%Program Files%\YYMusic\2014220\Skin\lyricmute.png (1328 bytes)
%Program Files%\YYMusic\2014220\Skin\font_bkcolor.png (2990 bytes)
%Program Files%\YYMusic\2014220\source.dll (203920 bytes)
%Program Files%\YYMusic\2014220\PlayerUpdate.exe (156304 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_res.png (1137 bytes)
%Program Files%\YYMusic\2014220\Skin\color_004.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\bg2.png (1014 bytes)
%Program Files%\YYMusic\2014220\Skin\WindowLrcbkIamge.png (732 bytes)
%Program Files%\YYMusic\2014220\Skin\playerbg02.png (1568 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-fav.png (3293 bytes)
%Program Files%\YYMusic\2014220\Skin\max.png (1120 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmDropDownMenuFrame.xml (1661 bytes)
%Program Files%\YYMusic\2014220\Skin\random01a.jpg (2251 bytes)
%Program Files%\YYMusic\2014220\Skin\mineahover.png (1606 bytes)
%Program Files%\YYMusic\2014220\Skin\BtnHidePlayList.png (1865 bytes)
%Program Files%\YYMusic\2014220\Skin\minea.png (1630 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmLrc.xml (7660 bytes)
%Program Files%\YYMusic\2014220\Skin\lyriclike.png (1350 bytes)
%Program Files%\YYMusic\2014220\Skin\mainframeshadow.png (132105 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_prev.png (1247 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionfeedbacka.png (1381 bytes)
%Program Files%\YYMusic\2014220\Skin\playingprev.jpg (1396 bytes)
%Program Files%\YYMusic\2014220\Skin\sys_check_btn_blue.png (1410 bytes)
%Program Files%\YYMusic\2014220\Skin\bkcolor_6.png (5307 bytes)
%Program Files%\YYMusic\2014220\Skin\SelectColor_SliderBar_Thumb.png (1346 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionclose.png (1226 bytes)
%Documents and Settings%\%current user%\Óûðòýþõ üõýю\ßрþóрðüüы\YYMusic\№é·Åæчâі.lnk (334 bytes)
%Program Files%\YYMusic\2014220\Skin\bkcolor_2.png (5222 bytes)
%Program Files%\YYMusic\2014220\Skin\frmWindowLrc.xml (174 bytes)
%Program Files%\YYMusic\2014220\Skin\color_007.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\search.png (3944 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmLrcChild.xml (263 bytes)
%Program Files%\YYMusic\2014220\Skin\frmlogin.xml (3823 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionset.png (1383 bytes)
%Program Files%\YYMusic\2014220\Skin\PlayProgressForeImage.png (142 bytes)
%Program Files%\YYMusic\2014220\Skin\color_002.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\bg_2.png (1119 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_pause.png (1067 bytes)
%Program Files%\YYMusic\2014220\Skin\forecolor_3.png (5407 bytes)
%Program Files%\YYMusic\2014220\Skin\color_006.bmp (560 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionmin.png (1052 bytes)
%Program Files%\YYMusic\2014220\Skin\voiceall0528.png (1310 bytes)
%Program Files%\YYMusic\2014220\picture\baidu_e1fe9925bc315c60bbe955728cb1cb134954772a.jpg (16578 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_btn_down.png (1136 bytes)
%Program Files%\YYMusic\2014220\Skin\voice0520.png (1637 bytes)
%Program Files%\YYMusic\2014220\Skin\color_007highlight.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\voice00528.png (1231 bytes)
%Program Files%\YYMusic\2014220\Skin\history.png (4046 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_sc.png (3695 bytes)
%Program Files%\YYMusic\2014220\Skin\miniґ°.png (1606 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionminahover.png (1058 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_feedback.png (1107 bytes)
%Program Files%\YYMusic\2014220\Skin\channel.png (3075 bytes)
%Program Files%\YYMusic\2014220\avcore.dll (97936 bytes)
%Program Files%\YYMusic\2014220\Skin\color_004highlight.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\remembertt.jpg (1860 bytes)
%Program Files%\YYMusic\2014220\Skin\forecolor_6.png (5404 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_kw.png (5427 bytes)
%Program Files%\YYMusic\2014220\Skin\color_bg.bmp (32240 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensiontopahover.png (1342 bytes)
%Program Files%\YYMusic\2014220\Skin\playingrandom.jpg (1590 bytes)
%Program Files%\YYMusic\2014220\Skin\DownLoadProgressForeImage.png (1025 bytes)
%Program Files%\YYMusic\2014220\Skin\lyricdeletea2.png (2891 bytes)
%Program Files%\YYMusic\2014220\Skin\close.png (1210 bytes)
%Program Files%\YYMusic\2014220\Skin\MessageBox.xml (1577 bytes)
%Program Files%\YYMusic\2014220\Skin\sound.jpg (1925 bytes)
%Program Files%\YYMusic\2014220\Skin\back.png (1684 bytes)
%Program Files%\YYMusic\2014220\Skin\more.png (1083 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-anonymity.png (8941 bytes)
%Program Files%\YYMusic\2014220\Skin\playingpreva.jpg (1730 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmSetWindowLrcFrame.xml (3859 bytes)
%Program Files%\YYMusic\2014220\Skin\loading01.png (1304 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_db.png (3492 bytes)
%Program Files%\YYMusic\2014220\Skin\border.png (1114 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_set.png (1262 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-next.png (4263 bytes)
%Program Files%\YYMusic\2014220\Skin\prevention.png (3651 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_btn_on.png (1283 bytes)
%Program Files%\YYMusic\2014220\Skin\min.png (1021 bytes)
%Program Files%\YYMusic\2014220\Skin\play0520.png (1485 bytes)
%Program Files%\YYMusic\2014220\Skin\color_list_bk.png (57846 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_forward.png (1094 bytes)
%Program Files%\YYMusic\2014220\Skin\like.png (3577 bytes)
%Program Files%\YYMusic\2014220\Skin\playingplaying.jpg (2791 bytes)
%Program Files%\YYMusic\2014220\Skin\astop.png (3320 bytes)
%Program Files%\YYMusic\2014220\Skin\voice1000528.png (2828 bytes)
%Program Files%\YYMusic\2014220\Skin\prev0520.png (1351 bytes)
%Program Files%\YYMusic\2014220\Skin\system_menu_btnsteup.png (3024 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-login.png (3196 bytes)
%Program Files%\YYMusic\2014220\Skin\fbcaptionbk.png (1453 bytes)
%Program Files%\YYMusic\2014220\Data\dh.ini (56 bytes)
%Program Files%\YYMusic\2014220\Skin\SetTipFrame.xml (1835 bytes)
%Program Files%\YYMusic\2014220\Skin\random02a.jpg (2119 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_bd.png (4427 bytes)
%Documents and Settings%\%current user%\Óûðòýþõ üõýю\ßрþóрðüüы\YYMusic\YYMusic.lnk (698 bytes)
%Program Files%\YYMusic\2014220\Skin\color_001highlight.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\system_menu_btnexit - ё±±ѕ.png (2043 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_next.png (1122 bytes)
%Program Files%\YYMusic\2014220\Skin\sys_check_btn.png (1416 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_back.png (1098 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionfeedbackahover.png (1372 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmPopWnd.xml (354 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensiontopa.png (1328 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_ok_blue.png (2491 bytes)
%Program Files%\YYMusic\2014220\Skin\system_menu_btnfeedback.png (2209 bytes)
%Program Files%\YYMusic\2014220\Skin\lyriclikea.png (1350 bytes)
%Program Files%\YYMusic\2014220\Skin\âфÑїÜх.png (1001 bytes)
%Program Files%\YYMusic\2014220\Skin\play2.png (3709 bytes)
%Program Files%\YYMusic\2014220\Skin\feedback.png (2209 bytes)
%Program Files%\YYMusic\2014220\Skin\button.png (3427 bytes)
%Program Files%\YYMusic\2014220\Skin\color_002highlight.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\playingrandoma.jpg (2224 bytes)
%Program Files%\YYMusic\2014220\Skin\lrclist.png (4667 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionfeedback.png (1453 bytes)
%Program Files%\YYMusic\2014220\Skin\loading04.png (1300 bytes)
%Program Files%\YYMusic\2014220\Skin\update.xml (2820 bytes)
%Program Files%\YYMusic\2014220\Skin\color_010.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\Skin\sound100.jpg (1813 bytes)
%Program Files%\YYMusic\2014220\Skin\list_scroll_bar2.png (1097 bytes)
%Program Files%\YYMusic\2014220\Skin\320x225.png (22990 bytes)
%Program Files%\YYMusic\2014220\Skin\color_006highlight.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\lyriclikea2.png (3157 bytes)
%Program Files%\YYMusic\2014220\Skin\normalVolume.png (2055 bytes)
%Program Files%\YYMusic\2014220\Skin\âфÑїµчÅêµó.png (1346 bytes)
%Program Files%\YYMusic\2014220\Skin\loading02.png (1298 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_close.png (2974 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionseta.png (1314 bytes)
%Program Files%\YYMusic\2014220\Skin\input-user.png (1658 bytes)
%Program Files%\YYMusic\2014220\Skin\scrollbar.png (1829 bytes)
%Program Files%\YYMusic\2014220\Skin\suspensionbig.png (1087 bytes)
%Program Files%\YYMusic\2014220\Skin\home.png (2709 bytes)
%Program Files%\YYMusic\2014220\Skin\downd.png (1528 bytes)
%Program Files%\YYMusic\2014220\Skin\playerlist.png (4638 bytes)
%Program Files%\YYMusic\2014220\Skin\btn-play.png (5858 bytes)
%Program Files%\YYMusic\2014220\Skin\bkcolor_5.png (5406 bytes)
%Program Files%\YYMusic\2014220\Skin\list.png (1077 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_icon.png (3324 bytes)
%Program Files%\YYMusic\2014220\DuiLib.dll (488080 bytes)
%Program Files%\YYMusic\2014220\Skin\mine.png (1619 bytes)
%Program Files%\YYMusic\2014220\Skin\color_009.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmFeedBack.xml (411 bytes)
%Program Files%\YYMusic\2014220\Skin\pushedVolume.png (2869 bytes)
%Program Files%\YYMusic\2014220\Skin\random03.jpg (1372 bytes)
%Program Files%\YYMusic\2014220\Skin\color_008highlight.bmp (552 bytes)
%Program Files%\YYMusic\2014220\Skin\system_menu_btnexit.png (4253 bytes)
%Program Files%\YYMusic\2014220\Skin\next0520.png (1414 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_desktop.png (1149 bytes)
%Program Files%\YYMusic\2014220\Skin\color_005.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\bk.png (129602 bytes)
%Program Files%\YYMusic\2014220\Skin\random01.jpg (1993 bytes)
%Program Files%\YYMusic\2014220\Skin\lyricdeletea.png (1090 bytes)
%Program Files%\YYMusic\2014220\Skin\steup.png (3024 bytes)
%Program Files%\YYMusic\2014220\Skin\random03a.jpg (1404 bytes)
%Program Files%\YYMusic\2014220\Skin\frmplayer.xml (10156 bytes)
%Program Files%\YYMusic\2014220\favorfm.xml (66 bytes)
%Program Files%\YYMusic\2014220\Skin\listahover.png (1076 bytes)
%Program Files%\YYMusic\2014220\Skin\playinging.jpg (2753 bytes)
%Program Files%\YYMusic\2014220\Skin\voice0a0528.png (1293 bytes)
%Program Files%\YYMusic\2014220\Unins.exe (281232 bytes)
%Program Files%\YYMusic\2014220\Skin\bkcolor_7.png (5129 bytes)
%Program Files%\YYMusic\2014220\Skin\system_menu_btntop.png (3320 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_mutevol.png (3110 bytes)
%Program Files%\YYMusic\2014220\Skin\list_item.xml (1326 bytes)
%Program Files%\YYMusic\2014220\Data\version.ini (32 bytes)
%Program Files%\YYMusic\2014220\Skin\forecolor_5.png (5372 bytes)
%Program Files%\YYMusic\2014220\Skin\LoginBk.png (102991 bytes)
%Program Files%\YYMusic\2014220\avformat-54.dll (378528 bytes)
%Program Files%\YYMusic\2014220\Skin\forecolor_1.png (4421 bytes)
%Program Files%\YYMusic\2014220\Skin\progresstooltipbk.png (60521 bytes)
%Program Files%\YYMusic\2014220\Skin\downdahover.png (1513 bytes)
%Program Files%\YYMusic\2014220\Skin\list_pause.png (1302 bytes)
%Program Files%\YYMusic\2014220\Skin\LrcBk.png (7678 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_comm.png (1164 bytes)
%Program Files%\YYMusic\2014220\Skin\color_014.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\Skin\list_play.png (1375 bytes)
%Program Files%\YYMusic\2014220\Skin\forgettt.jpg (1981 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_play.png (1244 bytes)
%Program Files%\YYMusic\2014220\Skin\font_forecolor.png (1605 bytes)
%Program Files%\YYMusic\2014220\libav.dll (193680 bytes)
%Program Files%\YYMusic\2014220\Skin\bg3.png (3264 bytes)
%Program Files%\YYMusic\2014220\Skin\color_015.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\Skin\color_016.bmp (1064 bytes)
%Program Files%\YYMusic\2014220\Skin\list_item_bg.png (1018 bytes)
%Program Files%\YYMusic\2014220\Skin\system_menu_btnmin.png (3713 bytes)
%Program Files%\YYMusic\2014220\Skin\color_005highlight.bmp (564 bytes)
%Program Files%\YYMusic\2014220\Skin\forecolor_7.png (5552 bytes)
%Program Files%\YYMusic\2014220\Skin\pl_bg.png (1288 bytes)
%Program Files%\YYMusic\2014220\Skin\FrmSystemMenuFrame.xml (1654 bytes)
%Program Files%\YYMusic\2014220\avutil-52.dll (174240 bytes)
%Program Files%\YYMusic\2014220\Skin\playingvoice.png (3122 bytes)
%Program Files%\YYMusic\2014220\Skin\forecolor_2.png (5515 bytes)
%Program Files%\YYMusic\2014220\Skin\dash.png (955 bytes)
%Program Files%\YYMusic\2014220\Skin\btn_ok_red.png (2498 bytes)
%Program Files%\YYMusic\2014220\Data\setup.ini (46 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YYMusic_2014220" = "%Program Files%\YYMusic\2014220\YYMusic.exe -mini"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YYMusic_News_2014220" = "%Program Files%\YYMusic\2014220\YYJia.exe -mini" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
*Manual removal may cause unexpected system behaviour and should be performed at your own risk.
