For Home

Virus Profile: Generic.bfr!A9A7B97FB50C

Threat Search
Print
   
Virus Profile information details
Risk Assessment: Home Low | Corporate Low
Date Discovered: 8/20/2012
Date Added: 8/20/2012
Origin: Unknown
Length: 256868
Type: Trojan
Subtype: -
DAT Required: 6809
Removal Instructions
   
 
 
   

Description

This is a Trojan detection. Unlike viruses, Trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include e-mail, malicious or hacked Web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Indication of Infection

This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.

Methods of Infection

Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.

   

Virus Characteristics

This is a Trojan

File PropertiesProperty Values
McAfee DetectionGeneric.bfr
Length256868 bytes
MD5a9a7b97fb50c02df0c2ae29015016d9a
SHA150e712481b84371b42b7129aee1f3623417d3127


Other Common Detection Aliases

Company NamesDetection Names
avastWin32:Malware-gen
AVG (GriSoft)Worm/Generic2.BDAF
aviraTR/Offend.6900223.17
KasperskyTrojan.Win32.Inject.cbmy
BitDefenderTrojan.Generic.6900223
Dr.WebTrojan.Siggen3.2898
FortiNetW32/Inject.CBMY!tr
MicrosoftWorm:MSIL/Knowlog.A
SymantecTrojan.Gen
EsetMSIL/Injector.NZ trojan (variant)
normanW32/Troj_Generic.SAOL
SophosMal/Mdrop-JL
vba32Trojan.Inject.bwvv
V-BusterWorm.Shakblades!oNG5V/JN4Q8

Other brands and names may be claimed as the property of others.


ActivitiesRisk Levels
Attempts to modify the hosts file. This could be used to map hostnames different IP addresses redirecting traffic to an alternate location.High
Attempts to write to a memory location of a previously loaded process.Medium
Attempts to write file to shared locations.Low
Attempts to launch an instance of Internet Explorer.Low
Enumerates many system files and directories.Low
Process attempts to call itself recursivelyLow
Adds or modifies Internet Explorer cookiesLow
Attempts to write to a memory location of an unknown processLow
No digital signature is presentInformational


McAfee ScansScan Detections
McAfee BetaGeneric.bfr
McAfee SupportedGeneric.bfr



System Changes

Some path values have been replaced with environment variables as the exact location may vary with different configurations.
e.g.
%WINDIR% = \WINDOWS (Windows 9x/ME/XP/Vista/7), \WINNT (Windows NT/2000)
%PROGRAMFILES% = \Program Files


The following files were analyzed:

50e712481b84371b42b7129aee1f3623417d3127

The following files have been added to the system:

  • %PROGRAMFILES%\limewire\shared\Gnucleus-crack.exe
  • %PROGRAMFILES%\bearshare\shared\Movie Maker-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\Microsoft ActiveSync-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\Adobe-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\Grokster-crack.exe
  • %PROGRAMFILES%\limewire\shared\ICQ-crack.exe
  • %PROGRAMFILES%\bearshare\shared\Outlook Express-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\Gnucleus-crack.exe
  • %PROGRAMFILES%\limewire\shared\Adobe-crack.exe
  • %PROGRAMFILES%\limewire\shared\Microsoft.NET-crack.exe
  • %PROGRAMFILES%\limewire\shared\WindowsUpdate-crack.exe
  • %PROGRAMFILES%\bearshare\shared\Reference Assemblies-crack.exe
  • %PROGRAMFILES%\bearshare\shared\Internet Explorer-crack.exe
  • %PROGRAMFILES%\bearshare\shared\MSN-crack.exe
  • %PROGRAMFILES%\bearshare\shared\WindowsUpdate-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\Microsoft Office-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\Internet Explorer-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\Grokster-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\Common Files-crack.exe
  • %PROGRAMFILES%\limewire\shared\MSN Gaming Zone-crack.exe
  • %PROGRAMFILES%\limewire\shared\MSN-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\Messenger-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\MSN-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\MSXML 4.0-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\microsoft frontpage-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\ComPlus Applications-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\ICQ-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\Outlook Express-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\Mcafee-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\Adobe-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\Edonkey2000-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\xerox-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\xerox-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\Online Services-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\Windows Media Player-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\Messenger-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\Internet Explorer-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\Edonkey2000-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\modernwarfare2hack.scr
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\ComPlus Applications-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\Uninstall Information-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\Microsoft ActiveSync-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\NetMeeting-crack.exe
  • %PROGRAMFILES%\limewire\shared\xerox-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\Microsoft ActiveSync-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\Bearshare-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\Reference Assemblies-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\imesh-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\Microsoft.NET-crack.exe
  • %PROGRAMFILES%\bearshare\shared\Shareaza-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\Internet Explorer-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\Microsoft Office-crack.exe
  • %PROGRAMFILES%\bearshare\shared\kazaa-crack.exe
  • %PROGRAMFILES%\limewire\shared\myhotexpics.scr
  • %PROGRAMFILES%\kazaa\my shared folder\Morpheus-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\MSN Gaming Zone-crack.exe
  • %PROGRAMFILES%\limewire\shared\Movie Maker-crack.exe
  • %PROGRAMFILES%\bearshare\shared\ComPlus Applications-crack.exe
  • %PROGRAMFILES%\bearshare\shared\KaZaA Lite-crack.exe
  • %PROGRAMFILES%\limewire\shared\brazzersacounts.scr
  • %PROGRAMFILES%\Shareaza\Downloads\imesh-crack.exe
  • %PROGRAMFILES%\limewire\shared\Windows Media Player-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\NetMeeting-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\Common Files-crack.exe
  • %PROGRAMFILES%\bearshare\shared\Simple DNS Plus-crack.exe
  • %PROGRAMFILES%\limewire\shared\Outlook Express-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\myhotexpics.scr
  • %PROGRAMFILES%\bearshare\shared\Common Files-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\ICQ-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\KMD-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\MSXML 4.0-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\myhotexpics.scr
  • %PROGRAMFILES%\limewire\shared\limewire-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\WindowsUpdate-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\kazaa-crack.exe
  • %APPDATA%\temp48.txt
  • %PROGRAMFILES%\edonkey2000\incoming\Mcafee-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\myhotexpics.scr
  • %PROGRAMFILES%\bearshare\shared\Windows Media Player-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\WinRAR-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\Microsoft.NET-crack.exe
  • %PROGRAMFILES%\limewire\shared\myhotpics.scr
  • %PROGRAMFILES%\bearshare\shared\modernwarfare2hack.scr
  • %PROGRAMFILES%\morpheus\My Shared Folder\MSN-crack.exe
  • %PROGRAMFILES%\bearshare\shared\Bearshare-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\KMD-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\Microsoft Office-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\Edonkey2000-crack.exe
  • %PROGRAMFILES%\limewire\shared\Simple DNS Plus-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\Movie Maker-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\Uninstall Information-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\brazzersacounts.scr
  • %PROGRAMFILES%\limewire\shared\KaZaA Lite-crack.exe
  • %PROGRAMFILES%\limewire\shared\Mcafee-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\KMD-crack.exe
  • %PROGRAMFILES%\limewire\shared\Edonkey2000-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\Online Services-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\Mcafee-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\MSXML 4.0-crack.exe
  • %PROGRAMFILES%\limewire\shared\NetMeeting-crack.exe
  • %PROGRAMFILES%\bearshare\shared\ICQ-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\Messenger-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\KaZaA Lite-crack.exe
  • %PROGRAMFILES%\limewire\shared\KMD-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\Gnucleus-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\limewire-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\MSN Gaming Zone-crack.exe
  • %PROGRAMFILES%\bearshare\shared\KMD-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\microsoft frontpage-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\MSN Gaming Zone-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\Reference Assemblies-crack.exe
  • %PROGRAMFILES%\limewire\shared\Windows NT-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\myhotpics.scr
  • %PROGRAMFILES%\edonkey2000\incoming\KMD-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\imesh-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\Windows NT-crack.exe
  • %PROGRAMFILES%\bearshare\shared\MSN Gaming Zone-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\limewire-crack.exe
  • %PROGRAMFILES%\limewire\shared\microsoft frontpage-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\Online Services-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\xerox-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\KaZaA Lite-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\KaZaA Lite-crack.exe
  • %PROGRAMFILES%\limewire\shared\Morpheus-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\Microsoft ActiveSync-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\limewire-crack.exe
  • %PROGRAMFILES%\limewire\shared\imesh-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\MSN-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\WinRAR-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\WindowsUpdate-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\Microsoft.NET-crack.exe
  • %PROGRAMFILES%\bearshare\shared\Online Services-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\imesh-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\MSN-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\Movie Maker-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\Gnucleus-crack.exe
  • %PROGRAMFILES%\bearshare\shared\Microsoft.NET-crack.exe
  • %PROGRAMFILES%\bearshare\shared\xerox-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\Internet Explorer-crack.exe
  • %PROGRAMFILES%\limewire\shared\Shareaza-crack.exe
  • %PROGRAMFILES%\bearshare\shared\Gnucleus-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\myhotpics.scr
  • %PROGRAMFILES%\morpheus\My Shared Folder\Uninstall Information-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\xerox-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\brazzersacounts.scr
  • %PROGRAMFILES%\bearshare\shared\Windows NT-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\Morpheus-crack.exe
  • %PROGRAMFILES%\bearshare\shared\imesh-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\Windows NT-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\Common Files-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\Morpheus-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\Reference Assemblies-crack.exe
  • %PROGRAMFILES%\bearshare\shared\myhotpics.scr
  • %PROGRAMFILES%\grokster\My Grokster\kazaa-crack.exe
  • C:\winlogn.exe
  • %PROGRAMFILES%\Shareaza\Downloads\Adobe-crack.exe
  • %PROGRAMFILES%\bearshare\shared\MSXML 4.0-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\Mcafee-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\Uninstall Information-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\Common Files-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\Adobe-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\WinRAR-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\Outlook Express-crack.exe
  • %PROGRAMFILES%\limewire\shared\ComPlus Applications-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\microsoft frontpage-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\myhotpics.scr
  • %PROGRAMFILES%\grokster\My Grokster\Simple DNS Plus-crack.exe
  • %PROGRAMFILES%\bearshare\shared\Edonkey2000-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\ICQ-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\Messenger-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\Grokster-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\Shareaza-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\Reference Assemblies-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\Grokster-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\Windows Media Player-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\WinRAR-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\Movie Maker-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\Uninstall Information-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\Outlook Express-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\NetMeeting-crack.exe
  • %PROGRAMFILES%\bearshare\shared\Microsoft Office-crack.exe
  • %PROGRAMFILES%\limewire\shared\Microsoft ActiveSync-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\imesh-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\kazaa-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\Movie Maker-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\microsoft frontpage-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\Outlook Express-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\Edonkey2000-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\kazaa-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\Online Services-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\WinRAR-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\kazaa-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\Simple DNS Plus-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\brazzersacounts.scr
  • %PROGRAMFILES%\kazaa\my shared folder\Online Services-crack.exe
  • %PROGRAMFILES%\bearshare\shared\brazzersacounts.scr
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\Gnucleus-crack.exe
  • %PROGRAMFILES%\bearshare\shared\WinRAR-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\MSN Gaming Zone-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\Microsoft Office-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\Internet Explorer-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\WindowsUpdate-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\ICQ-crack.exe
  • %PROGRAMFILES%\bearshare\shared\Morpheus-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\myhotpics.scr
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\Windows Media Player-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\Adobe-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\ComPlus Applications-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\Microsoft.NET-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\KMD-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\Outlook Express-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\Shareaza-crack.exe
  • %PROGRAMFILES%\limewire\shared\Uninstall Information-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\MSN-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\limewire-crack.exe
  • %PROGRAMFILES%\bearshare\shared\Uninstall Information-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\limewire-crack.exe
  • %PROGRAMFILES%\limewire\shared\modernwarfare2hack.scr
  • %PROGRAMFILES%\morpheus\My Shared Folder\NetMeeting-crack.exe
  • %PROGRAMFILES%\bearshare\shared\myhotexpics.scr
  • %PROGRAMFILES%\Shareaza\Downloads\KaZaA Lite-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\ICQ-crack.exe
  • %PROGRAMFILES%\bearshare\shared\limewire-crack.exe
  • %PROGRAMFILES%\bearshare\shared\Mcafee-crack.exe
  • %PROGRAMFILES%\limewire\shared\Microsoft Office-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\modernwarfare2hack.scr
  • %PROGRAMFILES%\kazaa\my shared folder\Microsoft ActiveSync-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\Bearshare-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\MSN Gaming Zone-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\Messenger-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\Windows Media Player-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\Reference Assemblies-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\Morpheus-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\Microsoft Office-crack.exe
  • %PROGRAMFILES%\limewire\shared\WinRAR-crack.exe
  • %PROGRAMFILES%\limewire\shared\Bearshare-crack.exe
  • %PROGRAMFILES%\bearshare\shared\Grokster-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\Grokster-crack.exe
  • %PROGRAMFILES%\bearshare\shared\Adobe-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\ComPlus Applications-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\Bearshare-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\Windows Media Player-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\kazaa-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\Windows NT-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\myhotexpics.scr
  • %PROGRAMFILES%\morpheus\My Shared Folder\KMD-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\Mcafee-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\Morpheus-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\NetMeeting-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\Morpheus-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\myhotpics.scr
  • %PROGRAMFILES%\morpheus\My Shared Folder\Windows Media Player-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\brazzersacounts.scr
  • %PROGRAMFILES%\Shareaza\Downloads\Internet Explorer-crack.exe
  • %PROGRAMFILES%\limewire\shared\Internet Explorer-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\Simple DNS Plus-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\modernwarfare2hack.scr
  • %PROGRAMFILES%\limewire\shared\Grokster-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\xerox-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\Gnucleus-crack.exe
  • %PROGRAMFILES%\bearshare\shared\microsoft frontpage-crack.exe
  • %PROGRAMFILES%\limewire\shared\Reference Assemblies-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\Windows NT-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\MSXML 4.0-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\Windows NT-crack.exe
  • %PROGRAMFILES%\bearshare\shared\NetMeeting-crack.exe
  • %PROGRAMFILES%\limewire\shared\MSXML 4.0-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\Gnucleus-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\Microsoft ActiveSync-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\Simple DNS Plus-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\Edonkey2000-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\Messenger-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\microsoft frontpage-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\limewire-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\Microsoft.NET-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\Windows NT-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\MSXML 4.0-crack.exe
  • %USERPROFILE%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
  • %PROGRAMFILES%\edonkey2000\incoming\Bearshare-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\Shareaza-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\Mcafee-crack.exe
  • %PROGRAMFILES%\limewire\shared\Messenger-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\Movie Maker-crack.exe
  • C:\workgroup
  • %PROGRAMFILES%\morpheus\My Shared Folder\Microsoft.NET-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\modernwarfare2hack.scr
  • %PROGRAMFILES%\kazaa\my shared folder\WindowsUpdate-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\Microsoft Office-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\Bearshare-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\brazzersacounts.scr
  • %PROGRAMFILES%\morpheus\My Shared Folder\MSN Gaming Zone-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\modernwarfare2hack.scr
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\Outlook Express-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\Shareaza-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\NetMeeting-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\MSXML 4.0-crack.exe
  • %PROGRAMFILES%\bearshare\shared\Microsoft ActiveSync-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\Reference Assemblies-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\WindowsUpdate-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\Simple DNS Plus-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\Online Services-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\Edonkey2000-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\Shareaza-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\ComPlus Applications-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\microsoft frontpage-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\WindowsUpdate-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\MSN-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\KaZaA Lite-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\Bearshare-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\Simple DNS Plus-crack.exe
  • %PROGRAMFILES%\bearshare\shared\Messenger-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\Common Files-crack.exe
  • %PROGRAMFILES%\kazaa\my shared folder\Shareaza-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\myhotexpics.scr
  • %PROGRAMFILES%\limewire\shared\Online Services-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\Common Files-crack.exe
  • %PROGRAMFILES%\KaZaA Lite\My Shared Folder\xerox-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\Grokster-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\ComPlus Applications-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\ICQ-crack.exe
  • %PROGRAMFILES%\Shareaza\Downloads\WinRAR-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\Adobe-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\Uninstall Information-crack.exe
  • %PROGRAMFILES%\limewire\shared\Common Files-crack.exe
  • %PROGRAMFILES%\edonkey2000\incoming\Movie Maker-crack.exe
  • %PROGRAMFILES%\morpheus\My Shared Folder\KaZaA Lite-crack.exe
  • %PROGRAMFILES%\limewire\shared\kazaa-crack.exe
  • %PROGRAMFILES%\grokster\My Grokster\imesh-crack.exe
The following files have been changed:

  • %WINDIR%\SYSTEM32\drivers\etc\hosts
The following files were temporarily written to disk then later removed:

  • %PROGRAMFILES%\windows media player\npdrmv2.zip
  • %PROGRAMFILES%\windows media player\npds.zip
The following registry elements have been changed:

  • HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\CMDMAPPING\{92780B25-18CC-41C8-B9BE-3C9C571A8263} = 8193
  • HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\CMDMAPPING\NEXTID = 8194
  • HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\WINDOW_PLACEMENT = [binary data]
  • HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\LOCKED = 1
  • HKEY_CURRENT_USER\SOFTWARE\WINRAR\FILELIST\FILECOLUMNWIDTHS\MTIME = 100
  • HKEY_CURRENT_USER\SOFTWARE\WINRAR\FILELIST\FILECOLUMNWIDTHS\NAME = 120
  • HKEY_CURRENT_USER\SOFTWARE\WINRAR\FILELIST\FILECOLUMNWIDTHS\SIZE = 80
  • HKEY_CURRENT_USER\SOFTWARE\WINRAR\FILELIST\FILECOLUMNWIDTHS\TYPE = 12
       

    All Users:

    Please use the following instructions for all supported versions of Windows to remove threats and other potential risks:

    1.Disable System Restore .

    2.Update to current engine and DAT files for detection and removal.

    3.Run a complete system scan.

    Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

    1. Please go to the Microsoft Recovery Console and restore a clean MBR.

    On windows XP:

    Insert the Windows XP CD into the CD-ROM drive and restart the computer.
    When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
    Select the Windows installation that is compromised and provide the administrator password
    Issue 'fixmbr' command to restore the Master Boot Record
    Follow onscreen instructions
    Reset and remove the CD from CD-ROM drive.


    On Windows Vista and 7:

    Insert the Windows CD into the CD-ROM drive and restart the computer.
    Click on "Repair Your Computer"
    When the System Recovery Options dialog comes up, choose the Command Prompt.
    Issue 'bootrec /fixmbr' command to restore the Master Boot Record
    Follow onscreen instructions
    Reset and remove the CD from CD-ROM drive.