Virus.Win32.Duel_6e4c273c56

by malwarelabrobot on August 7th, 2013 in Malware Descriptions.

HEUR:Trojan.Win32.Generic (Kaspersky), LooksLike.Win32.Malware!B (v) (VIPRE), Email-Worm.Win32.Brontok!IK (Emsisoft), Virus.Win32.Duel.FD, GenericEmailWorm.YR, GenericIRCBot.YR (Lavasoft MAS)
Behaviour: Trojan, Worm, Email-Worm, EmailWorm, Virus, IRCBot


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary
Technical Details
Removal Recommendations

MD5: 6e4c273c568d39830888bd1ea7723c1f
SHA1: 6035097b592cb2dab8866523ab622f68045c864a
SHA256: 87e0426642f91bf8fdcf52365f770a804e69fb64632760d9a58c150c091d3bb1
SSDeep: 384:gnRt1cfUrCmmqS kci9R9FzkqSal4/ex TxmKf7w Ak1b0x8eG8mXgbzqQ rxLhl: DE4m zIR9uqHvexmKDjRNCg8lbzOm2
Size: 44544 bytes
File type: PE32
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2033-03-30 12:06:02


Summary:

Virus. A program that recursively replicates a possibly evolved copy of itself.

Payload

Behaviour Description
EmailWorm Worm can send e-mails.
IRCBot A bot can communicate with command and control servers via IRC channel.


Process activity

The Virus creates the following process(es):

byjayayar.abr:1500
byjayayar.abr:3392
6e4c273c568d39830888bd1ea7723c1f.exe:2388

File activity

The process byjayayar.abr:1500 makes changes in a file system.
The Virus creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\irbaiy.iyqb.jyy (44 bytes)

The process byjayayar.abr:3392 makes changes in a file system.
The Virus creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\yqqyyr.rarb.jyy (44 bytes)

The process 6e4c273c568d39830888bd1ea7723c1f.exe:2388 makes changes in a file system.
The Virus creates and/or writes to the following file(s):

%WinDir%\$hf_mig$\KB2481109\SP3QFE\abrrararq.qjy (44 bytes)
%WinDir%\$NtUninstallKB2483185$\spuninst\abrrararq.qjy (44 bytes)
%WinDir%\$hf_mig$\KB978338\bijrazyiy.aib (44 bytes)
%WinDir%\$NtUninstallKB2631813$\spuninst\yqyajqiaq.jjr (44 bytes)
%WinDir%\$hf_mig$\KB975025\update\iazzzarib.yqa (44 bytes)
%WinDir%\$hf_mig$\KB2799329\update\iazzzarib.yqa.jjr (44 bytes)
%WinDir%\$hf_mig$\KB2479943\rzqyjaaar.iza (44 bytes)
%WinDir%\$hf_mig$\KB2478960\bijrazyiy.aib (44 bytes)
%WinDir%\$hf_mig$\KB2631813\update\abrrararq.qjy.iza (44 bytes)
C:\totalcmd\byjayayar.abr (44 bytes)
%WinDir%\$hf_mig$\KB2360937\yqyajqiaq.jjr (44 bytes)
%Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\yqyajqiaq.jjr (44 bytes)
%WinDir%\$hf_mig$\KB2592799\update\yqyajqiaq.jjr (44 bytes)
%WinDir%\$hf_mig$\KB975560\rzqyjaaar.iza (44 bytes)
%WinDir%\$hf_mig$\KB2744842-IE8\update\yqyajqiaq.jjr (44 bytes)
%WinDir%\$hf_mig$\KB979309\update\bijrazyiy.aib (44 bytes)
%WinDir%\$hf_mig$\KB2620712\iazzzarib.yqa (44 bytes)
%Program Files%\Common Files\Microsoft Shared\DW\rzqyjaaar.iza (44 bytes)
%WinDir%\$hf_mig$\KB2387149\update\abrrararq.qjyyqar (44 bytes)
%WinDir%\$hf_mig$\KB2757638\update\zbzbyqqjb.yjz.jjr (44 bytes)
%WinDir%\$hf_mig$\KB951978\update\byjayayar.abra.jjr (44 bytes)
%WinDir%\$NtUninstallKB2619339$\spuninst\byjayayar.abr (44 bytes)
%WinDir%\$hf_mig$\KB2570947\yqyajqiaq.jjr (44 bytes)
%Program Files%\MSN Gaming Zone\Windows\bijrazyiy.aiba (44 bytes)
%WinDir%\$hf_mig$\KB2507938\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$hf_mig$\KB923561\update\abrrararq.qjya.jjr (44 bytes)
%Program Files%\NetMeeting\abrrararq.qjyrrrziiirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB2624667\update\rzqyjaaar.iza.iza (44 bytes)
%WinDir%\$hf_mig$\KB2347290\update\bijrazyiy.aibyqar (44 bytes)
%WinDir%\$hf_mig$\KB2799329\byjayayar.abr (44 bytes)
%WinDir%\$hf_mig$\KB2758857\update\iazzzarib.yqa.jjr (44 bytes)
%WinDir%\$NtUninstallKB2620712$\spuninst\iazzzarib.yqa (44 bytes)
%WinDir%\$hf_mig$\KB978706\SP3QFE\abrrararq.qjy (44 bytes)
%WinDir%\$hf_mig$\KB2779030\update\zbzbyqqjb.yjz.jjr (44 bytes)
%WinDir%\$hf_mig$\KB2655992\yqyajqiaq.jjr (44 bytes)
%WinDir%\$NtUninstallKB2440591$\spuninst\rrrziiirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB974112\byjayayar.abr (44 bytes)
%WinDir%\$hf_mig$\KB2508429\iazzzarib.yqa (44 bytes)
%WinDir%\$hf_mig$\KB2544521\update\byjayayar.abr (44 bytes)
%WinDir%\$hf_mig$\KB2761465\update\yqyajqiaq.jjr.jjr (44 bytes)
%WinDir%\$hf_mig$\KB2631813\rrrziiirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB2443105\update\rrrziiirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB960803\update\iazzzarib.yqa (44 bytes)
%Program Files%\MSN Gaming Zone\Windows\rzqyjaaar.izaa (44 bytes)
%WinDir%\$hf_mig$\KB956572\SP3QFE\yqyajqiaq.jjr (44 bytes)
%WinDir%\$hf_mig$\KB2691442\update\byjayayar.abr (44 bytes)
%WinDir%\$hf_mig$\KB956744\update\iazzzarib.yqa (44 bytes)
%WinDir%\$hf_mig$\KB974112\update\iazzzarib.yqa (44 bytes)
%WinDir%\$hf_mig$\KB2719985\update\abrrararq.qjy (44 bytes)
%WinDir%\$hf_mig$\KB2483185\iazzzarib.yqa (44 bytes)
%WinDir%\$hf_mig$\KB2724197\update\rzqyjaaar.iza (44 bytes)
%WinDir%\$hf_mig$\KB946648\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$hf_mig$\KB981997\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$hf_mig$\KB2510581\yqyajqiaq.jjr (44 bytes)
%WinDir%\$hf_mig$\KB981322\rrrziiirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB952004\iazzzarib.yqa (44 bytes)
%WinDir%\$hf_mig$\KB2691442\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$hf_mig$\KB2761465\bijrazyiy.aib (44 bytes)
%WinDir%\$hf_mig$\KB2758857\byjayayar.abr (44 bytes)
%Program Files%\Outlook Express\iazzzarib.yqaiirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB971657\update\rrrziiirr.qyr (44 bytes)
%WinDir%\$NtUninstallKB2479943$\spuninst\bijrazyiy.aib (44 bytes)
%WinDir%\$hf_mig$\KB952287\update\rzqyjaaar.izaa.jjr (44 bytes)
%Program Files%\WinPcap\rzqyjaaar.izayajqiaq.jjr.yqar (44 bytes)
%WinDir%\$hf_mig$\KB2618451\update\abrrararq.qjy.iza (44 bytes)
%WinDir%\$hf_mig$\KB2598845-IE8\update\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$hf_mig$\KB2440591\update\yqyajqiaq.jjr (44 bytes)
%WinDir%\$NtUninstallKB2485663$\spuninst\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$hf_mig$\KB981997\update\byjayayar.abr (44 bytes)
%WinDir%\$NtUninstallKB2691442$\spuninst\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$hf_mig$\KB2476490\byjayayar.abr (44 bytes)
%WinDir%\$hf_mig$\KB951978\SP3QFE\abrrararq.qjya.jjr (44 bytes)
%WinDir%\$hf_mig$\KB2592799\bijrazyiy.aib (44 bytes)
%WinDir%\$hf_mig$\KB972270\update\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$NtUninstallKB2653956$\spuninst\rrrziiirr.qyr (44 bytes)
C:\Perl\bin\yqyajqiaq.jjr (44 bytes)
%WinDir%\$hf_mig$\KB2727528\rrrziiirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB2712808\update\rzqyjaaar.iza (44 bytes)
%WinDir%\$hf_mig$\KB2736233\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$hf_mig$\KB981322\update\abrrararq.qjy (44 bytes)
%WinDir%\$hf_mig$\KB956844\update\rrrziiirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB975713\update\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$hf_mig$\KB2712808\yqyajqiaq.jjr (44 bytes)
%WinDir%\$hf_mig$\KB2770660\rzqyjaaar.iza (44 bytes)
%WinDir%\$hf_mig$\KB975467\bijrazyiy.aib (44 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\byjayayar.abr (44 bytes)
%WinDir%\$hf_mig$\KB2736233\update\byjayayar.abr (44 bytes)
%WinDir%\$hf_mig$\KB2686509\update\abrrararq.qjy (44 bytes)
%Program Files%\Outlook Express\rzqyjaaar.izaiirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB978706\update\byjayayar.abr (44 bytes)
%WinDir%\$hf_mig$\KB2476490\update\iazzzarib.yqa (44 bytes)
%WinDir%\$hf_mig$\KB951978\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$hf_mig$\KB979482\update\rzqyjaaar.iza (44 bytes)
%WinDir%\$hf_mig$\KB2653956\iazzzarib.yqa (44 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\abrrararq.qjy (44 bytes)
%WinDir%\$NtUninstallKB2603381$\spuninst\abrrararq.qjy (44 bytes)
%WinDir%\$hf_mig$\KB2676562\yqyajqiaq.jjr (44 bytes)
%WinDir%\$hf_mig$\KB2618451\rrrziiirr.qyr (44 bytes)
%WinDir%\$NtUninstallKB2719985$\spuninst\bijrazyiy.aib (44 bytes)
%WinDir%\$hf_mig$\KB2478960\update\yqyajqiaq.jjr (44 bytes)
%Program Files%\NetMeeting\zbzbyqqjb.yjzrrrziiirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB969059\byjayayar.abr (44 bytes)
%Program Files%\Common Files\Adobe\Updater6\yqyajqiaq.jjr (44 bytes)
%WinDir%\$hf_mig$\KB974571\update\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$hf_mig$\KB974392\update\rrrziiirr.qyr (44 bytes)
%WinDir%\$NtUninstallKB2510581$\spuninst\yqyajqiaq.jjr (44 bytes)
%WinDir%\$NtUninstallKB2598479$\spuninst\rrrziiirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB956572\update\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$hf_mig$\KB955759\update\byjayayar.abra.jjr (44 bytes)
%WinDir%\$NtUninstallKB2570947$\spuninst\byjayayar.abr (44 bytes)
%WinDir%\$hf_mig$\KB960859\SP3QFE\yqyajqiaq.jjr (44 bytes)
%WinDir%\$hf_mig$\KB2719985\rrrziiirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB2507938\update\byjayayar.abr (44 bytes)
%WinDir%\$NtUninstallKB2507938$\spuninst\iazzzarib.yqa (44 bytes)
%WinDir%\$hf_mig$\KB2749655\update\rrrziiirr.qyr.jjr (44 bytes)
C:\Perl\bin\bijrazyiy.aib (44 bytes)
%WinDir%\$hf_mig$\KB2618444-IE8\SP3QFE\bijrazyiy.aib (44 bytes)
%WinDir%\$hf_mig$\KB978542\rzqyjaaar.iza (44 bytes)
%WinDir%\$hf_mig$\KB956844\rzqyjaaar.iza (44 bytes)
%WinDir%\$hf_mig$\KB2661637\update\abrrararq.qjy.iza (44 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\iazzzarib.yqa (44 bytes)
%WinDir%\$NtUninstallKB2676562$\yqyajqiaq.jjr (44 bytes)
%Program Files%\Wireshark\bijrazyiy.aib (44 bytes)
%WinDir%\$hf_mig$\KB2423089\byjayayar.abr (44 bytes)
%WinDir%\$hf_mig$\KB2566454\update\bijrazyiy.aib (44 bytes)
%WinDir%\$hf_mig$\KB973869\rzqyjaaar.iza (44 bytes)
%WinDir%\$hf_mig$\KB982381-IE8\SP3QFE\yqyajqiaq.jjr (44 bytes)
%WinDir%\$hf_mig$\KB975467\update\yqyajqiaq.jjr (44 bytes)
%WinDir%\$hf_mig$\KB952004\update\bijrazyiy.aiba.jjr (44 bytes)
%WinDir%\$hf_mig$\KB2387149\rrrziiirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB977816\update\iazzzarib.yqa (44 bytes)
%WinDir%\$NtUninstallKB2698365$\spuninst\byjayayar.abr (44 bytes)
%WinDir%\$hf_mig$\KB2467659\update\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$hf_mig$\KB2744842-IE8\SP3QFE\iazzzarib.yqa (44 bytes)
D:\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$hf_mig$\KB971029\update\yqyajqiaq.jjr (44 bytes)
%Program Files%\MSN Gaming Zone\Windows\yqyajqiaq.jjra (44 bytes)
%WinDir%\$NtUninstallKB2476490$\spuninst\byjayayar.abr (44 bytes)
%WinDir%\$hf_mig$\KB982132\iazzzarib.yqa (44 bytes)
%WinDir%\$hf_mig$\KB2440591\bijrazyiy.aib (44 bytes)
%WinDir%\$hf_mig$\KB974318\update\yqyajqiaq.jjr (44 bytes)
%WinDir%\$hf_mig$\KB973815\bijrazyiy.aib (44 bytes)
%Program Files%\Common Files\Adobe\ARM\1.0\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$hf_mig$\KB978706\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$hf_mig$\KB2570947\update\rzqyjaaar.iza (44 bytes)
%WinDir%\$hf_mig$\KB975713\abrrararq.qjy (44 bytes)
%WinDir%\$NtUninstallKB2724197$\spuninst\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$hf_mig$\KB2481109\update\byjayayar.abr (44 bytes)
%WinDir%\$hf_mig$\KB946648\update\byjayayar.abra.jjr (44 bytes)
%WinDir%\$hf_mig$\KB960859\update\rrrziiirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB2585542\update\iazzzarib.yqa (44 bytes)
%WinDir%\$hf_mig$\KB950974\yqyajqiaq.jjr (44 bytes)
%WinDir%\$NtUninstallKB2419632$\spuninst\bijrazyiy.aib (44 bytes)
%WinDir%\$hf_mig$\KB2115168\rrrziiirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB982132\update\bijrazyiy.aib (44 bytes)
%WinDir%\$hf_mig$\KB2506212\update\abrrararq.qjy (44 bytes)
%WinDir%\$hf_mig$\KB2506212\rrrziiirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB2585542\byjayayar.abr (44 bytes)
%WinDir%\$hf_mig$\KB2360937\update\rzqyjaaar.izayqar (44 bytes)
%WinDir%\$hf_mig$\KB2393802\yqyajqiaq.jjr (44 bytes)
%WinDir%\$NtUninstallKB2564958$\spuninst\abrrararq.qjy (44 bytes)
%WinDir%\$hf_mig$\KB956802\bijrazyiy.aib (44 bytes)
%Program Files%\Windows Media Player\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$hf_mig$\KB2584146\SP3QFE\rrrziiirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB2584146\abrrararq.qjy (44 bytes)
%WinDir%\$hf_mig$\KB2646524\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$hf_mig$\KB973815\update\yqyajqiaq.jjr (44 bytes)
%WinDir%\$hf_mig$\KB2347290\iazzzarib.yqa (44 bytes)
%WinDir%\$hf_mig$\KB2510581\update\rzqyjaaar.iza (44 bytes)
%WinDir%\$hf_mig$\KB974571\abrrararq.qjy (44 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\rrrziiirr.qyr (44 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\rzqyjaaar.iza (44 bytes)
%WinDir%\$hf_mig$\KB2584146\update\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$hf_mig$\KB960859\rzqyjaaar.iza (44 bytes)
%WinDir%\$hf_mig$\KB2115168\update\abrrararq.qjyyqar (44 bytes)
%WinDir%\$hf_mig$\KB898461\bijrazyiy.aib (44 bytes)
C:\totalcmd\iazzzarib.yqa (44 bytes)
%WinDir%\$NtUninstallKB2659262$\spuninst\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$NtUninstallKB2618451$\spuninst\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$hf_mig$\KB950762\iazzzarib.yqa (44 bytes)
%WinDir%\$hf_mig$\KB950974\update\rzqyjaaar.izaa.jjr (44 bytes)
%Program Files%\Wireshark\byjayayar.abr (44 bytes)
%Program Files%\Wireshark\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$NtUninstallKB2655992$\spuninst\abrrararq.qjy (44 bytes)
%WinDir%\$hf_mig$\KB974392\rzqyjaaar.iza (44 bytes)
%Program Files%\MSN Gaming Zone\Windows\rrrziiirr.qyr (44 bytes)
%WinDir%\$NtUninstallKB2535512$\spuninst\rzqyjaaar.iza (44 bytes)
C:\Perl\bin\iazzzarib.yqa (44 bytes)
%Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\rrrziiirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB923561\SP3QFE\rzqyjaaar.izaa.jjr (44 bytes)
%WinDir%\$hf_mig$\KB2485663\update\rzqyjaaar.iza (44 bytes)
%WinDir%\$hf_mig$\KB2757638\abrrararq.qjy (44 bytes)
%WinDir%\$hf_mig$\KB973507\byjayayar.abr (44 bytes)
%WinDir%\$NtUninstallKB2443105$\spuninst\abrrararq.qjy (44 bytes)
%WinDir%\$NtUninstallKB2393802$\spuninst\iazzzarib.yqa (44 bytes)
%WinDir%\$NtUninstallKB2686509$\spuninst\abrrararq.qjy (44 bytes)
%WinDir%\$NtUninstallKB2506212$\spuninst\byjayayar.abr (44 bytes)
%WinDir%\$hf_mig$\KB2423089\SP3QFE\zbzbyqqjb.yjz (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\iazzzarib.yqa (44 bytes)
%WinDir%\$hf_mig$\KB2744842-IE8\bijrazyiy.aib (44 bytes)
%WinDir%\$hf_mig$\KB2619339\update\byjayayar.abr.iza (44 bytes)
%WinDir%\$hf_mig$\KB2770660\update\rrrziiirr.qyr.jjr (44 bytes)
%WinDir%\$hf_mig$\KB2535512\rrrziiirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB2443105\rzqyjaaar.iza (44 bytes)
%WinDir%\$hf_mig$\KB975025\byjayayar.abr (44 bytes)
%WinDir%\$hf_mig$\KB952954\update\abrrararq.qjya.jjr (44 bytes)
%Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\abrrararq.qjy (44 bytes)
%WinDir%\$hf_mig$\KB2646524\update\byjayayar.abr.iza (44 bytes)
%WinDir%\$hf_mig$\KB923561\rrrziiirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB956572\abrrararq.qjy (44 bytes)
%WinDir%\$hf_mig$\KB960859\SP3QFE\bijrazyiy.aib (44 bytes)
%WinDir%\$hf_mig$\KB2467659\abrrararq.qjy (44 bytes)
%WinDir%\$NtUninstallKB2387149$\spuninst\abrrararq.qjy (44 bytes)
%WinDir%\$hf_mig$\KB2724197\yqyajqiaq.jjr (44 bytes)
%WinDir%\$hf_mig$\KB898461\update\yqyajqiaq.jjra.jjr (44 bytes)
%WinDir%\$NtUninstallKB2544521$\spuninst\rrrziiirr.qyr (44 bytes)
%WinDir%\xwrm.exe (44 bytes)
%WinDir%\$NtUninstallKB2646524$\spuninst\rzqyjaaar.iza (44 bytes)
%WinDir%\$hf_mig$\KB2620712\update\bijrazyiy.aib.iza (44 bytes)
%WinDir%\$hf_mig$\KB2698365\update\bijrazyiy.aib (44 bytes)
%Program Files%\Outlook Express\rrrziiirr.qyriirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB2727528\update\abrrararq.qjy (44 bytes)
%WinDir%\$hf_mig$\KB982381-IE8\rzqyjaaar.iza (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\bijrazyiy.aibarib.yqa (44 bytes)
%WinDir%\$hf_mig$\KB969059\update\iazzzarib.yqa (44 bytes)
%WinDir%\$NtUninstallKB2592799$\spuninst\rzqyjaaar.iza (44 bytes)
%Program Files%\Windows Media Player\abrrararq.qjyqyr (44 bytes)
%WinDir%\$hf_mig$\KB2749655\rzqyjaaar.iza (44 bytes)
%WinDir%\$hf_mig$\KB2423089\update\iazzzarib.yqa (44 bytes)
%Program Files%\Windows Media Player\byjayayar.abr (44 bytes)
%WinDir%\$hf_mig$\KB971029\bijrazyiy.aib (44 bytes)
%Program Files%\Common Files\Microsoft Shared\DW\rrrziiirr.qyr (44 bytes)
%WinDir%\$NtUninstallKB2481109$\spuninst\rrrziiirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB982381-IE8\update\rrrziiirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB956572\SP3QFE\iazzzarib.yqa (44 bytes)
%Program Files%\Windows NT\Pinball\yqyajqiaq.jjr.yqar (44 bytes)
C:\totalcmd\rzqyjaaar.iza (44 bytes)
%WinDir%\$NtUninstallKB2584146$\spuninst\bijrazyiy.aib (44 bytes)
%WinDir%\$hf_mig$\KB950762\update\bijrazyiy.aiba.jjr (44 bytes)
%WinDir%\$hf_mig$\KB960803\byjayayar.abr (44 bytes)
%WinDir%\$NtUninstallKB2727528$\spuninst\byjayayar.abr (44 bytes)
%WinDir%\$hf_mig$\KB973869\update\rrrziiirr.qyr (44 bytes)
%WinDir%\$NtUninstallKB2566454$\spuninst\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$hf_mig$\KB2393802\update\rzqyjaaar.iza (44 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\iazzzarib.yqa (44 bytes)
%WinDir%\$hf_mig$\KB2229593\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$hf_mig$\KB956802\update\yqyajqiaq.jjr (44 bytes)
%WinDir%\$hf_mig$\KB2483185\update\bijrazyiy.aib (44 bytes)
%WinDir%\$hf_mig$\KB971657\rzqyjaaar.iza (44 bytes)
%WinDir%\$NtUninstallKB2478960$\spuninst\iazzzarib.yqa (44 bytes)
%WinDir%\$hf_mig$\KB982665\update\zbzbyqqjb.yjz.qyr (44 bytes)
%WinDir%\$hf_mig$\KB974318\bijrazyiy.aib (44 bytes)
%WinDir%\$NtUninstallKB2676562$\spuninst\rrrziiirr.qyr (44 bytes)
%WinDir%\$NtUninstallKB2584146$\iazzzarib.yqa (44 bytes)
%WinDir%\$hf_mig$\KB977816\byjayayar.abr (44 bytes)
%WinDir%\$hf_mig$\KB2779030\abrrararq.qjy (44 bytes)
%WinDir%\$hf_mig$\KB2598479\rzqyjaaar.iza (44 bytes)
%WinDir%\$hf_mig$\KB973904\abrrararq.qjy (44 bytes)
%WinDir%\$hf_mig$\KB2481109\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$hf_mig$\KB959426\update\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$hf_mig$\KB2618444-IE8\update\rzqyjaaar.iza (44 bytes)
%WinDir%\$hf_mig$\KB2618444-IE8\yqyajqiaq.jjr (44 bytes)
%Program Files%\Wireshark\abrrararq.qjy (44 bytes)
%WinDir%\$hf_mig$\KB978338\update\yqyajqiaq.jjr (44 bytes)
%WinDir%\$hf_mig$\KB2485663\yqyajqiaq.jjr (44 bytes)
%WinDir%\$hf_mig$\KB2479943\update\rrrziiirr.qyr (44 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\yqyajqiaq.jjr (44 bytes)
%WinDir%\$hf_mig$\KB978542\update\rrrziiirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB2393802\SP3QFE\iazzzarib.yqa (44 bytes)
%WinDir%\$hf_mig$\KB2508429\update\bijrazyiy.aib (44 bytes)
%WinDir%\$NtUninstallKB2712808$\spuninst\iazzzarib.yqa (44 bytes)
%Program Files%\Wireshark\iazzzarib.yqa (44 bytes)
%WinDir%\$hf_mig$\KB973507\update\iazzzarib.yqa (44 bytes)
%WinDir%\$hf_mig$\KB2653956\update\bijrazyiy.aib.iza (44 bytes)
%WinDir%\$hf_mig$\KB972270\abrrararq.qjy (44 bytes)
%WinDir%\$hf_mig$\KB2686509\rrrziiirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB968389\update\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$hf_mig$\KB968389\abrrararq.qjy (44 bytes)
%Program Files%\Common Files\Microsoft Shared\MSInfo\abrrararq.qjy (44 bytes)
%WinDir%\$hf_mig$\KB973904\update\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$hf_mig$\KB2598845-IE8\abrrararq.qjy (44 bytes)
%WinDir%\$NtUninstallKB2423089$\spuninst\yqyajqiaq.jjr (44 bytes)
%WinDir%\$hf_mig$\KB975560\update\rrrziiirr.qyr (44 bytes)
%Program Files%\Wireshark\yqyajqiaq.jjr (44 bytes)
%WinDir%\$hf_mig$\KB2566454\iazzzarib.yqa (44 bytes)
%WinDir%\$NtUninstallKB2624667$\spuninst\bijrazyiy.aib (44 bytes)
%WinDir%\$hf_mig$\KB979482\yqyajqiaq.jjr (44 bytes)
%WinDir%\$NtUninstallKB2378111_WM9$\spuninst\rrrziiirr.qyr (44 bytes)
%WinDir%\$NtUninstallKB2508429$\spuninst\bijrazyiy.aib (44 bytes)
%WinDir%\$hf_mig$\KB982665\abrrararq.qjy (44 bytes)
%WinDir%\$hf_mig$\KB2419632\rrrziiirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB2419632\update\abrrararq.qjy (44 bytes)
%Program Files%\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A93000000001}\rrrziiirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB952287\yqyajqiaq.jjr (44 bytes)
%WinDir%\$hf_mig$\KB2535512\update\abrrararq.qjy (44 bytes)
%WinDir%\$hf_mig$\KB2698365\iazzzarib.yqa (44 bytes)
%WinDir%\$hf_mig$\KB2619339\zbzbyqqjb.yjz (44 bytes)
%Program Files%\Windows NT\Accessories\iazzzarib.yqar (44 bytes)
%Program Files%\Outlook Express\bijrazyiy.aibiirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB956744\byjayayar.abr (44 bytes)
%WinDir%\$hf_mig$\KB2661637\rrrziiirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB2603381\update\iazzzarib.yqa.yjz (44 bytes)
%WinDir%\$hf_mig$\KB952954\rrrziiirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB2229593\update\byjayayar.abryqar (44 bytes)
%WinDir%\$hf_mig$\KB2598479\update\rrrziiirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB2676562\update\rzqyjaaar.iza (44 bytes)
%WinDir%\$NtUninstallKB2661637$\spuninst\byjayayar.abr (44 bytes)
%WinDir%\$hf_mig$\KB2603381\byjayayar.abr (44 bytes)
%WinDir%\$hf_mig$\KB979309\iazzzarib.yqa (44 bytes)
%Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\rzqyjaaar.iza (44 bytes)
%WinDir%\$hf_mig$\KB959426\abrrararq.qjy (44 bytes)
%WinDir%\$NtUninstallKB2585542$\spuninst\yqyajqiaq.jjr (44 bytes)
%Program Files%\Windows NT\bijrazyiy.aib (44 bytes)
%WinDir%\$NtUninstallKB2467659$\spuninst\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$hf_mig$\KB955759\zbzbyqqjb.yjz (44 bytes)
%WinDir%\$hf_mig$\KB2655992\update\rzqyjaaar.iza.iza (44 bytes)
%WinDir%\$hf_mig$\KB2624667\yqyajqiaq.jjr (44 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\bijrazyiy.aib (44 bytes)
%Program Files%\NetMeeting\byjayayar.abrrrrziiirr.qyr (44 bytes)
%WinDir%\$hf_mig$\KB2544521\zbzbyqqjb.yjz (44 bytes)

Registry activity

The process 6e4c273c568d39830888bd1ea7723c1f.exe:2388 makes changes in a system registry.
The Virus creates and/or sets the following values in system registry:
To automatically run itself each time Windows is booted, the Virus adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"x32x" = "%WinDir%\xwrm.exe"

Network activity (URLs)

No activity has been detected.

Rootkit activity

No anomalies have been detected.

Propagation


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    byjayayar.abr:1500
    byjayayar.abr:3392
    6e4c273c568d39830888bd1ea7723c1f.exe:2388

  2. Delete the original Virus file.
  3. Delete or disinfect the following files created/modified by the Virus:

    %Documents and Settings%\%current user%\Local Settings\Temp\irbaiy.iyqb.jyy (44 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\yqqyyr.rarb.jyy (44 bytes)
    %WinDir%\$hf_mig$\KB2481109\SP3QFE\abrrararq.qjy (44 bytes)
    %WinDir%\$NtUninstallKB2483185$\spuninst\abrrararq.qjy (44 bytes)
    %WinDir%\$hf_mig$\KB978338\bijrazyiy.aib (44 bytes)
    %WinDir%\$NtUninstallKB2631813$\spuninst\yqyajqiaq.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB975025\update\iazzzarib.yqa (44 bytes)
    %WinDir%\$hf_mig$\KB2799329\update\iazzzarib.yqa.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB2479943\rzqyjaaar.iza (44 bytes)
    %WinDir%\$hf_mig$\KB2478960\bijrazyiy.aib (44 bytes)
    %WinDir%\$hf_mig$\KB2631813\update\abrrararq.qjy.iza (44 bytes)
    C:\totalcmd\byjayayar.abr (44 bytes)
    %WinDir%\$hf_mig$\KB2360937\yqyajqiaq.jjr (44 bytes)
    %Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\yqyajqiaq.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB2592799\update\yqyajqiaq.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB975560\rzqyjaaar.iza (44 bytes)
    %WinDir%\$hf_mig$\KB2744842-IE8\update\yqyajqiaq.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB979309\update\bijrazyiy.aib (44 bytes)
    %WinDir%\$hf_mig$\KB2620712\iazzzarib.yqa (44 bytes)
    %Program Files%\Common Files\Microsoft Shared\DW\rzqyjaaar.iza (44 bytes)
    %WinDir%\$hf_mig$\KB2387149\update\abrrararq.qjyyqar (44 bytes)
    %WinDir%\$hf_mig$\KB2757638\update\zbzbyqqjb.yjz.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB951978\update\byjayayar.abra.jjr (44 bytes)
    %WinDir%\$NtUninstallKB2619339$\spuninst\byjayayar.abr (44 bytes)
    %WinDir%\$hf_mig$\KB2570947\yqyajqiaq.jjr (44 bytes)
    %Program Files%\MSN Gaming Zone\Windows\bijrazyiy.aiba (44 bytes)
    %WinDir%\$hf_mig$\KB2507938\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$hf_mig$\KB923561\update\abrrararq.qjya.jjr (44 bytes)
    %Program Files%\NetMeeting\abrrararq.qjyrrrziiirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB2624667\update\rzqyjaaar.iza.iza (44 bytes)
    %WinDir%\$hf_mig$\KB2347290\update\bijrazyiy.aibyqar (44 bytes)
    %WinDir%\$hf_mig$\KB2799329\byjayayar.abr (44 bytes)
    %WinDir%\$hf_mig$\KB2758857\update\iazzzarib.yqa.jjr (44 bytes)
    %WinDir%\$NtUninstallKB2620712$\spuninst\iazzzarib.yqa (44 bytes)
    %WinDir%\$hf_mig$\KB978706\SP3QFE\abrrararq.qjy (44 bytes)
    %WinDir%\$hf_mig$\KB2779030\update\zbzbyqqjb.yjz.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB2655992\yqyajqiaq.jjr (44 bytes)
    %WinDir%\$NtUninstallKB2440591$\spuninst\rrrziiirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB974112\byjayayar.abr (44 bytes)
    %WinDir%\$hf_mig$\KB2508429\iazzzarib.yqa (44 bytes)
    %WinDir%\$hf_mig$\KB2544521\update\byjayayar.abr (44 bytes)
    %WinDir%\$hf_mig$\KB2761465\update\yqyajqiaq.jjr.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB2631813\rrrziiirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB2443105\update\rrrziiirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB960803\update\iazzzarib.yqa (44 bytes)
    %Program Files%\MSN Gaming Zone\Windows\rzqyjaaar.izaa (44 bytes)
    %WinDir%\$hf_mig$\KB956572\SP3QFE\yqyajqiaq.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB2691442\update\byjayayar.abr (44 bytes)
    %WinDir%\$hf_mig$\KB956744\update\iazzzarib.yqa (44 bytes)
    %WinDir%\$hf_mig$\KB974112\update\iazzzarib.yqa (44 bytes)
    %WinDir%\$hf_mig$\KB2719985\update\abrrararq.qjy (44 bytes)
    %WinDir%\$hf_mig$\KB2483185\iazzzarib.yqa (44 bytes)
    %WinDir%\$hf_mig$\KB2724197\update\rzqyjaaar.iza (44 bytes)
    %WinDir%\$hf_mig$\KB946648\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$hf_mig$\KB981997\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$hf_mig$\KB2510581\yqyajqiaq.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB981322\rrrziiirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB952004\iazzzarib.yqa (44 bytes)
    %WinDir%\$hf_mig$\KB2691442\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$hf_mig$\KB2761465\bijrazyiy.aib (44 bytes)
    %WinDir%\$hf_mig$\KB2758857\byjayayar.abr (44 bytes)
    %Program Files%\Outlook Express\iazzzarib.yqaiirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB971657\update\rrrziiirr.qyr (44 bytes)
    %WinDir%\$NtUninstallKB2479943$\spuninst\bijrazyiy.aib (44 bytes)
    %WinDir%\$hf_mig$\KB952287\update\rzqyjaaar.izaa.jjr (44 bytes)
    %Program Files%\WinPcap\rzqyjaaar.izayajqiaq.jjr.yqar (44 bytes)
    %WinDir%\$hf_mig$\KB2618451\update\abrrararq.qjy.iza (44 bytes)
    %WinDir%\$hf_mig$\KB2598845-IE8\update\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$hf_mig$\KB2440591\update\yqyajqiaq.jjr (44 bytes)
    %WinDir%\$NtUninstallKB2485663$\spuninst\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$hf_mig$\KB981997\update\byjayayar.abr (44 bytes)
    %WinDir%\$NtUninstallKB2691442$\spuninst\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$hf_mig$\KB2476490\byjayayar.abr (44 bytes)
    %WinDir%\$hf_mig$\KB951978\SP3QFE\abrrararq.qjya.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB2592799\bijrazyiy.aib (44 bytes)
    %WinDir%\$hf_mig$\KB972270\update\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$NtUninstallKB2653956$\spuninst\rrrziiirr.qyr (44 bytes)
    C:\Perl\bin\yqyajqiaq.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB2727528\rrrziiirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB2712808\update\rzqyjaaar.iza (44 bytes)
    %WinDir%\$hf_mig$\KB2736233\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$hf_mig$\KB981322\update\abrrararq.qjy (44 bytes)
    %WinDir%\$hf_mig$\KB956844\update\rrrziiirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB975713\update\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$hf_mig$\KB2712808\yqyajqiaq.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB2770660\rzqyjaaar.iza (44 bytes)
    %WinDir%\$hf_mig$\KB975467\bijrazyiy.aib (44 bytes)
    %Program Files%\Common Files\Adobe\ARM\1.0\byjayayar.abr (44 bytes)
    %WinDir%\$hf_mig$\KB2736233\update\byjayayar.abr (44 bytes)
    %WinDir%\$hf_mig$\KB2686509\update\abrrararq.qjy (44 bytes)
    %Program Files%\Outlook Express\rzqyjaaar.izaiirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB978706\update\byjayayar.abr (44 bytes)
    %WinDir%\$hf_mig$\KB2476490\update\iazzzarib.yqa (44 bytes)
    %WinDir%\$hf_mig$\KB951978\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$hf_mig$\KB979482\update\rzqyjaaar.iza (44 bytes)
    %WinDir%\$hf_mig$\KB2653956\iazzzarib.yqa (44 bytes)
    %Program Files%\Common Files\Adobe\ARM\1.0\abrrararq.qjy (44 bytes)
    %WinDir%\$NtUninstallKB2603381$\spuninst\abrrararq.qjy (44 bytes)
    %WinDir%\$hf_mig$\KB2676562\yqyajqiaq.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB2618451\rrrziiirr.qyr (44 bytes)
    %WinDir%\$NtUninstallKB2719985$\spuninst\bijrazyiy.aib (44 bytes)
    %WinDir%\$hf_mig$\KB2478960\update\yqyajqiaq.jjr (44 bytes)
    %Program Files%\NetMeeting\zbzbyqqjb.yjzrrrziiirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB969059\byjayayar.abr (44 bytes)
    %Program Files%\Common Files\Adobe\Updater6\yqyajqiaq.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB974571\update\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$hf_mig$\KB974392\update\rrrziiirr.qyr (44 bytes)
    %WinDir%\$NtUninstallKB2510581$\spuninst\yqyajqiaq.jjr (44 bytes)
    %WinDir%\$NtUninstallKB2598479$\spuninst\rrrziiirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB956572\update\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$hf_mig$\KB955759\update\byjayayar.abra.jjr (44 bytes)
    %WinDir%\$NtUninstallKB2570947$\spuninst\byjayayar.abr (44 bytes)
    %WinDir%\$hf_mig$\KB960859\SP3QFE\yqyajqiaq.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB2719985\rrrziiirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB2507938\update\byjayayar.abr (44 bytes)
    %WinDir%\$NtUninstallKB2507938$\spuninst\iazzzarib.yqa (44 bytes)
    %WinDir%\$hf_mig$\KB2749655\update\rrrziiirr.qyr.jjr (44 bytes)
    C:\Perl\bin\bijrazyiy.aib (44 bytes)
    %WinDir%\$hf_mig$\KB2618444-IE8\SP3QFE\bijrazyiy.aib (44 bytes)
    %WinDir%\$hf_mig$\KB978542\rzqyjaaar.iza (44 bytes)
    %WinDir%\$hf_mig$\KB956844\rzqyjaaar.iza (44 bytes)
    %WinDir%\$hf_mig$\KB2661637\update\abrrararq.qjy.iza (44 bytes)
    %Program Files%\Common Files\Adobe\ARM\1.0\iazzzarib.yqa (44 bytes)
    %WinDir%\$NtUninstallKB2676562$\yqyajqiaq.jjr (44 bytes)
    %Program Files%\Wireshark\bijrazyiy.aib (44 bytes)
    %WinDir%\$hf_mig$\KB2423089\byjayayar.abr (44 bytes)
    %WinDir%\$hf_mig$\KB2566454\update\bijrazyiy.aib (44 bytes)
    %WinDir%\$hf_mig$\KB973869\rzqyjaaar.iza (44 bytes)
    %WinDir%\$hf_mig$\KB982381-IE8\SP3QFE\yqyajqiaq.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB975467\update\yqyajqiaq.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB952004\update\bijrazyiy.aiba.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB2387149\rrrziiirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB977816\update\iazzzarib.yqa (44 bytes)
    %WinDir%\$NtUninstallKB2698365$\spuninst\byjayayar.abr (44 bytes)
    %WinDir%\$hf_mig$\KB2467659\update\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$hf_mig$\KB2744842-IE8\SP3QFE\iazzzarib.yqa (44 bytes)
    D:\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$hf_mig$\KB971029\update\yqyajqiaq.jjr (44 bytes)
    %Program Files%\MSN Gaming Zone\Windows\yqyajqiaq.jjra (44 bytes)
    %WinDir%\$NtUninstallKB2476490$\spuninst\byjayayar.abr (44 bytes)
    %WinDir%\$hf_mig$\KB982132\iazzzarib.yqa (44 bytes)
    %WinDir%\$hf_mig$\KB2440591\bijrazyiy.aib (44 bytes)
    %WinDir%\$hf_mig$\KB974318\update\yqyajqiaq.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB973815\bijrazyiy.aib (44 bytes)
    %Program Files%\Common Files\Adobe\ARM\1.0\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$hf_mig$\KB978706\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$hf_mig$\KB2570947\update\rzqyjaaar.iza (44 bytes)
    %WinDir%\$hf_mig$\KB975713\abrrararq.qjy (44 bytes)
    %WinDir%\$NtUninstallKB2724197$\spuninst\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$hf_mig$\KB2481109\update\byjayayar.abr (44 bytes)
    %WinDir%\$hf_mig$\KB946648\update\byjayayar.abra.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB960859\update\rrrziiirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB2585542\update\iazzzarib.yqa (44 bytes)
    %WinDir%\$hf_mig$\KB950974\yqyajqiaq.jjr (44 bytes)
    %WinDir%\$NtUninstallKB2419632$\spuninst\bijrazyiy.aib (44 bytes)
    %WinDir%\$hf_mig$\KB2115168\rrrziiirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB982132\update\bijrazyiy.aib (44 bytes)
    %WinDir%\$hf_mig$\KB2506212\update\abrrararq.qjy (44 bytes)
    %WinDir%\$hf_mig$\KB2506212\rrrziiirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB2585542\byjayayar.abr (44 bytes)
    %WinDir%\$hf_mig$\KB2360937\update\rzqyjaaar.izayqar (44 bytes)
    %WinDir%\$hf_mig$\KB2393802\yqyajqiaq.jjr (44 bytes)
    %WinDir%\$NtUninstallKB2564958$\spuninst\abrrararq.qjy (44 bytes)
    %WinDir%\$hf_mig$\KB956802\bijrazyiy.aib (44 bytes)
    %Program Files%\Windows Media Player\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$hf_mig$\KB2584146\SP3QFE\rrrziiirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB2584146\abrrararq.qjy (44 bytes)
    %WinDir%\$hf_mig$\KB2646524\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$hf_mig$\KB973815\update\yqyajqiaq.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB2347290\iazzzarib.yqa (44 bytes)
    %WinDir%\$hf_mig$\KB2510581\update\rzqyjaaar.iza (44 bytes)
    %WinDir%\$hf_mig$\KB974571\abrrararq.qjy (44 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\rrrziiirr.qyr (44 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\rzqyjaaar.iza (44 bytes)
    %WinDir%\$hf_mig$\KB2584146\update\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$hf_mig$\KB960859\rzqyjaaar.iza (44 bytes)
    %WinDir%\$hf_mig$\KB2115168\update\abrrararq.qjyyqar (44 bytes)
    %WinDir%\$hf_mig$\KB898461\bijrazyiy.aib (44 bytes)
    C:\totalcmd\iazzzarib.yqa (44 bytes)
    %WinDir%\$NtUninstallKB2659262$\spuninst\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$NtUninstallKB2618451$\spuninst\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$hf_mig$\KB950762\iazzzarib.yqa (44 bytes)
    %WinDir%\$hf_mig$\KB950974\update\rzqyjaaar.izaa.jjr (44 bytes)
    %Program Files%\Wireshark\byjayayar.abr (44 bytes)
    %Program Files%\Wireshark\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$NtUninstallKB2655992$\spuninst\abrrararq.qjy (44 bytes)
    %WinDir%\$hf_mig$\KB974392\rzqyjaaar.iza (44 bytes)
    %Program Files%\MSN Gaming Zone\Windows\rrrziiirr.qyr (44 bytes)
    %WinDir%\$NtUninstallKB2535512$\spuninst\rzqyjaaar.iza (44 bytes)
    C:\Perl\bin\iazzzarib.yqa (44 bytes)
    %Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\rrrziiirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB923561\SP3QFE\rzqyjaaar.izaa.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB2485663\update\rzqyjaaar.iza (44 bytes)
    %WinDir%\$hf_mig$\KB2757638\abrrararq.qjy (44 bytes)
    %WinDir%\$hf_mig$\KB973507\byjayayar.abr (44 bytes)
    %WinDir%\$NtUninstallKB2443105$\spuninst\abrrararq.qjy (44 bytes)
    %WinDir%\$NtUninstallKB2393802$\spuninst\iazzzarib.yqa (44 bytes)
    %WinDir%\$NtUninstallKB2686509$\spuninst\abrrararq.qjy (44 bytes)
    %WinDir%\$NtUninstallKB2506212$\spuninst\byjayayar.abr (44 bytes)
    %WinDir%\$hf_mig$\KB2423089\SP3QFE\zbzbyqqjb.yjz (44 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\iazzzarib.yqa (44 bytes)
    %WinDir%\$hf_mig$\KB2744842-IE8\bijrazyiy.aib (44 bytes)
    %WinDir%\$hf_mig$\KB2619339\update\byjayayar.abr.iza (44 bytes)
    %WinDir%\$hf_mig$\KB2770660\update\rrrziiirr.qyr.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB2535512\rrrziiirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB2443105\rzqyjaaar.iza (44 bytes)
    %WinDir%\$hf_mig$\KB975025\byjayayar.abr (44 bytes)
    %WinDir%\$hf_mig$\KB952954\update\abrrararq.qjya.jjr (44 bytes)
    %Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\abrrararq.qjy (44 bytes)
    %WinDir%\$hf_mig$\KB2646524\update\byjayayar.abr.iza (44 bytes)
    %WinDir%\$hf_mig$\KB923561\rrrziiirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB956572\abrrararq.qjy (44 bytes)
    %WinDir%\$hf_mig$\KB960859\SP3QFE\bijrazyiy.aib (44 bytes)
    %WinDir%\$hf_mig$\KB2467659\abrrararq.qjy (44 bytes)
    %WinDir%\$NtUninstallKB2387149$\spuninst\abrrararq.qjy (44 bytes)
    %WinDir%\$hf_mig$\KB2724197\yqyajqiaq.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB898461\update\yqyajqiaq.jjra.jjr (44 bytes)
    %WinDir%\$NtUninstallKB2544521$\spuninst\rrrziiirr.qyr (44 bytes)
    %WinDir%\xwrm.exe (44 bytes)
    %WinDir%\$NtUninstallKB2646524$\spuninst\rzqyjaaar.iza (44 bytes)
    %WinDir%\$hf_mig$\KB2620712\update\bijrazyiy.aib.iza (44 bytes)
    %WinDir%\$hf_mig$\KB2698365\update\bijrazyiy.aib (44 bytes)
    %Program Files%\Outlook Express\rrrziiirr.qyriirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB2727528\update\abrrararq.qjy (44 bytes)
    %WinDir%\$hf_mig$\KB982381-IE8\rzqyjaaar.iza (44 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\bijrazyiy.aibarib.yqa (44 bytes)
    %WinDir%\$hf_mig$\KB969059\update\iazzzarib.yqa (44 bytes)
    %WinDir%\$NtUninstallKB2592799$\spuninst\rzqyjaaar.iza (44 bytes)
    %Program Files%\Windows Media Player\abrrararq.qjyqyr (44 bytes)
    %WinDir%\$hf_mig$\KB2749655\rzqyjaaar.iza (44 bytes)
    %WinDir%\$hf_mig$\KB2423089\update\iazzzarib.yqa (44 bytes)
    %Program Files%\Windows Media Player\byjayayar.abr (44 bytes)
    %WinDir%\$hf_mig$\KB971029\bijrazyiy.aib (44 bytes)
    %Program Files%\Common Files\Microsoft Shared\DW\rrrziiirr.qyr (44 bytes)
    %WinDir%\$NtUninstallKB2481109$\spuninst\rrrziiirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB982381-IE8\update\rrrziiirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB956572\SP3QFE\iazzzarib.yqa (44 bytes)
    %Program Files%\Windows NT\Pinball\yqyajqiaq.jjr.yqar (44 bytes)
    C:\totalcmd\rzqyjaaar.iza (44 bytes)
    %WinDir%\$NtUninstallKB2584146$\spuninst\bijrazyiy.aib (44 bytes)
    %WinDir%\$hf_mig$\KB950762\update\bijrazyiy.aiba.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB960803\byjayayar.abr (44 bytes)
    %WinDir%\$NtUninstallKB2727528$\spuninst\byjayayar.abr (44 bytes)
    %WinDir%\$hf_mig$\KB973869\update\rrrziiirr.qyr (44 bytes)
    %WinDir%\$NtUninstallKB2566454$\spuninst\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$hf_mig$\KB2393802\update\rzqyjaaar.iza (44 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\iazzzarib.yqa (44 bytes)
    %WinDir%\$hf_mig$\KB2229593\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$hf_mig$\KB956802\update\yqyajqiaq.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB2483185\update\bijrazyiy.aib (44 bytes)
    %WinDir%\$hf_mig$\KB971657\rzqyjaaar.iza (44 bytes)
    %WinDir%\$NtUninstallKB2478960$\spuninst\iazzzarib.yqa (44 bytes)
    %WinDir%\$hf_mig$\KB982665\update\zbzbyqqjb.yjz.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB974318\bijrazyiy.aib (44 bytes)
    %WinDir%\$NtUninstallKB2676562$\spuninst\rrrziiirr.qyr (44 bytes)
    %WinDir%\$NtUninstallKB2584146$\iazzzarib.yqa (44 bytes)
    %WinDir%\$hf_mig$\KB977816\byjayayar.abr (44 bytes)
    %WinDir%\$hf_mig$\KB2779030\abrrararq.qjy (44 bytes)
    %WinDir%\$hf_mig$\KB2598479\rzqyjaaar.iza (44 bytes)
    %WinDir%\$hf_mig$\KB973904\abrrararq.qjy (44 bytes)
    %WinDir%\$hf_mig$\KB2481109\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$hf_mig$\KB959426\update\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$hf_mig$\KB2618444-IE8\update\rzqyjaaar.iza (44 bytes)
    %WinDir%\$hf_mig$\KB2618444-IE8\yqyajqiaq.jjr (44 bytes)
    %Program Files%\Wireshark\abrrararq.qjy (44 bytes)
    %WinDir%\$hf_mig$\KB978338\update\yqyajqiaq.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB2485663\yqyajqiaq.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB2479943\update\rrrziiirr.qyr (44 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\yqyajqiaq.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB978542\update\rrrziiirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB2393802\SP3QFE\iazzzarib.yqa (44 bytes)
    %WinDir%\$hf_mig$\KB2508429\update\bijrazyiy.aib (44 bytes)
    %WinDir%\$NtUninstallKB2712808$\spuninst\iazzzarib.yqa (44 bytes)
    %Program Files%\Wireshark\iazzzarib.yqa (44 bytes)
    %WinDir%\$hf_mig$\KB973507\update\iazzzarib.yqa (44 bytes)
    %WinDir%\$hf_mig$\KB2653956\update\bijrazyiy.aib.iza (44 bytes)
    %WinDir%\$hf_mig$\KB972270\abrrararq.qjy (44 bytes)
    %WinDir%\$hf_mig$\KB2686509\rrrziiirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB968389\update\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$hf_mig$\KB968389\abrrararq.qjy (44 bytes)
    %Program Files%\Common Files\Microsoft Shared\MSInfo\abrrararq.qjy (44 bytes)
    %WinDir%\$hf_mig$\KB973904\update\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$hf_mig$\KB2598845-IE8\abrrararq.qjy (44 bytes)
    %WinDir%\$NtUninstallKB2423089$\spuninst\yqyajqiaq.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB975560\update\rrrziiirr.qyr (44 bytes)
    %Program Files%\Wireshark\yqyajqiaq.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB2566454\iazzzarib.yqa (44 bytes)
    %WinDir%\$NtUninstallKB2624667$\spuninst\bijrazyiy.aib (44 bytes)
    %WinDir%\$hf_mig$\KB979482\yqyajqiaq.jjr (44 bytes)
    %WinDir%\$NtUninstallKB2378111_WM9$\spuninst\rrrziiirr.qyr (44 bytes)
    %WinDir%\$NtUninstallKB2508429$\spuninst\bijrazyiy.aib (44 bytes)
    %WinDir%\$hf_mig$\KB982665\abrrararq.qjy (44 bytes)
    %WinDir%\$hf_mig$\KB2419632\rrrziiirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB2419632\update\abrrararq.qjy (44 bytes)
    %Program Files%\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A93000000001}\rrrziiirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB952287\yqyajqiaq.jjr (44 bytes)
    %WinDir%\$hf_mig$\KB2535512\update\abrrararq.qjy (44 bytes)
    %WinDir%\$hf_mig$\KB2698365\iazzzarib.yqa (44 bytes)
    %WinDir%\$hf_mig$\KB2619339\zbzbyqqjb.yjz (44 bytes)
    %Program Files%\Windows NT\Accessories\iazzzarib.yqar (44 bytes)
    %Program Files%\Outlook Express\bijrazyiy.aibiirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB956744\byjayayar.abr (44 bytes)
    %WinDir%\$hf_mig$\KB2661637\rrrziiirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB2603381\update\iazzzarib.yqa.yjz (44 bytes)
    %WinDir%\$hf_mig$\KB952954\rrrziiirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB2229593\update\byjayayar.abryqar (44 bytes)
    %WinDir%\$hf_mig$\KB2598479\update\rrrziiirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB2676562\update\rzqyjaaar.iza (44 bytes)
    %WinDir%\$NtUninstallKB2661637$\spuninst\byjayayar.abr (44 bytes)
    %WinDir%\$hf_mig$\KB2603381\byjayayar.abr (44 bytes)
    %WinDir%\$hf_mig$\KB979309\iazzzarib.yqa (44 bytes)
    %Documents and Settings%\All Users\Application Data\Adobe\Reader\9.3\ARM\18298\rzqyjaaar.iza (44 bytes)
    %WinDir%\$hf_mig$\KB959426\abrrararq.qjy (44 bytes)
    %WinDir%\$NtUninstallKB2585542$\spuninst\yqyajqiaq.jjr (44 bytes)
    %Program Files%\Windows NT\bijrazyiy.aib (44 bytes)
    %WinDir%\$NtUninstallKB2467659$\spuninst\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$hf_mig$\KB955759\zbzbyqqjb.yjz (44 bytes)
    %WinDir%\$hf_mig$\KB2655992\update\rzqyjaaar.iza.iza (44 bytes)
    %WinDir%\$hf_mig$\KB2624667\yqyajqiaq.jjr (44 bytes)
    %Program Files%\Adobe\Reader 9.0\Reader\bijrazyiy.aib (44 bytes)
    %Program Files%\NetMeeting\byjayayar.abrrrrziiirr.qyr (44 bytes)
    %WinDir%\$hf_mig$\KB2544521\zbzbyqqjb.yjz (44 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "x32x" = "%WinDir%\xwrm.exe"

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now