For Consumer

Virus Profile: Generic Del.x!t!5BFD7BA70D65

Threat Search
Print
   
Virus Profile information details
Risk Assessment: Home Low | Corporate Low
Date Discovered: 2/5/2011
Date Added: 2/5/2011
Origin: Unknown
Length: 393728
Type: Trojan
Subtype: -
DAT Required: N/A
Removal Instructions
   
 
 
   

Description

This is a Trojan detection. Unlike viruses, Trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include e-mail, malicious or hacked Web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Indication of Infection

This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.

Methods of Infection

Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.

   

Virus Characteristics

This is a Trojan

File PropertiesProperty Values
McAfee DetectionGeneric Del.x!t
Length393728 bytes
MD55bfd7ba70d658f98a7249a3af19894f4
SHA13fd4286ffa223655dd2766e15e1a4c024debb1fd


Other Common Detection Aliases

Company NamesDetection Names
avastWin32:Trojan-gen
aviraDR/KillFiles.MK.6
KasperskyTrojan.BAT.KillFiles.mk
BitDefenderTrojan.Generic.5045313
FortiNetW32/Dropper.LOT!tr
Microsofttrojan:win32/meredrop
SymantecTrojan.Gen
normanW32/Suspicious_Gen2.FQSBL (trojan)
pandaTrj/CI.A
Trend MicroTROJ_GEN.R47C2K4
vba32Trojan.BAT.Shutdown.dv
V-BusterTrojan.KillFiles!uImoz45X9eY (trojan)

Other brands and names may be claimed as the property of others.


ActivitiesRisk Levels
No digital signature is presentInformational



System Changes

Some path values have been replaced with environment variables as the exact location may vary with different configurations.
e.g.
%WINDIR% = \WINDOWS (Windows 9x/ME/XP/Vista/7), \WINNT (Windows NT/2000)
%PROGRAMFILES% = \Program Files


The following files were analyzed:

3FD4286FFA223655DD2766E15E1A4C024DEBB1FD

The following files have been deleted:

  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Tracker\end_review.gif
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\AXE8SharedExpat.dll
  • %ALLUSERSPROFILE%\start menu\programs\accessories\entertainment\sound recorder.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Tracker\server_lg.gif
  • %USERPROFILE%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
  • c:\documents and settings\Another User\start menu\programs\accessories\address book.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\cryptocme2.sig
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Tracker\email_initiator.gif
  • %USERPROFILE%\history.db
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Eula.exe
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\ball.bmp
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Save My Settings Wizard.lnk
  • %USERPROFILE%\Local Settings\Application Data\Adobe\Color\ACECache6.lst
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Administrator.bmp
  • %ALLUSERSPROFILE%\start menu\programs\games\solitaire.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Javascripts\JSByteCodeWin.bin
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins3d\drvSOFT.x3d
  • %ALLUSERSPROFILE%\start menu\programs\accessories\system tools\disk defragmenter.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\Words.pdf
  • c:\Users exe File.exe
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Tracker\tl.gif
  • %USERPROFILE%\Recent\mfedtdik.inf.lnk
  • c:\documents and settings\Another User\templates\lotus.wk4
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Tracker\reviewers.gif
  • c:\documents and settings\Another User\favorites\radio station guide.url
  • %ALLUSERSPROFILE%\start menu\programs\administrative tools\microsoft .net framework 1.1 wizards.lnk
  • %APPDATA%\Adobe\Acrobat\8.0\Synchronizer\metadata\Synchronizer80
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\palm tree.bmp
  • C:\Users eMail File.eml
  • c:\documents and settings\Another User\favorites\links\windows.url
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\EScript.api
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\vdk150.dll
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\stupid.bmp
  • %ALLUSERSPROFILE%\Application Data\Adobe\Updater6\AdobeESDGlobalApps.xml
  • c:\documents and settings\default user\start menu\programs\accessories\windows explorer.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Tracker\review_same_reviewers.gif
  • %ALLUSERSPROFILE%\start menu\programs\games\pinball.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\AcroBroker.exe
  • %ALLUSERSPROFILE%\start menu\programs\accessories\wordpad.lnk
  • c:\documents and settings\Another User\application data\microsoft\windows\themes\custom.theme
  • %APPDATA%\Adobe\Acrobat\8.0\AdobeSysFnt08.lst
  • %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
  • %USERPROFILE%\Desktop\Users Javascript.js
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\fish.bmp
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Tracker\trash.gif
  • c:\documents and settings\default user\templates\lotus.wk4
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.STD
  • %USERPROFILE%\Local Settings\Application Data\Adobe\Acrobat\9.0\Updater\updater.log
  • %USERPROFILE%\My Documents\My Pictures\Sample Pictures.lnk
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\airplane.bmp
  • %ALLUSERSPROFILE%\start menu\programs\accessories\windows movie maker.lnk
  • %USERPROFILE%\Desktop\Users vbscript.vbs
  • c:\documents and settings\default user\start menu\programs\accessories\accessibility\utility manager.lnk
  • %USERPROFILE%\tracemon.cfg
  • %USERPROFILE%\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
  • %USERPROFILE%\Recent\release.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Tracker\main.css
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\beach.bmp
  • %USERPROFILE%\My Documents\Users html Document.htm
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Application Recovery.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Optional\README.TXT
  • %APPDATA%\Microsoft\Windows\Themes\Custom.theme
  • c:\documents and settings\default user\application data\microsoft\internet explorer\brndlog.txt
  • C:\Documents and Settings\Another User\SendTo\Mail Recipient.MAPIMail
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\SendMail.api
  • %USERPROFILE%\Recent\mfendisk_m.inf.lnk
  • %USERPROFILE%\My Documents\Users Javascript.js
  • c:\documents and settings\Another User\templates\excel4.xls
  • %USERPROFILE%\Recent\HIPSCore.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\AdobeUpdater.dll
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\horses.bmp
  • %ALLUSERSPROFILE%\start menu\programs\accessories\communications\network setup wizard.lnk
  • %USERPROFILE%\My Documents\Users DBX File.dbx
  • %ALLUSERSPROFILE%\start menu\programs\accessories\entertainment\windows media player.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\DVA.api
  • C:\Documents and Settings\Another User\Local Settings\Temp\ArmUI.ini
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins3d\3difr.x3d
  • %ALLUSERSPROFILE%\start menu\programs\games\minesweeper.lnk
  • %USERPROFILE%\My Documents\Users ASP Document.asp
  • %USERPROFILE%\Recent\inject_config32.ini.lnk
  • %ALLUSERSPROFILE%\documents\my music\music.bmp
  • %USERPROFILE%\Recent\GoatClient.ini.lnk
  • %USERPROFILE%\My Documents\Users Excel Document.xls
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\Annots.api
  • c:\documents and settings\default user\application data\microsoft\internet explorer\brndlog.bak
  • %USERPROFILE%\Desktop\Users text file.txt
  • %USERPROFILE%\Start Menu\Programs\Outlook Express.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Tracker\add_reviewer.gif
  • c:\documents and settings\Another User\application data\microsoft\internet explorer\quick launch\windows media player.lnk
  • c:\documents and settings\Another User\templates\presenta.shw
  • %APPDATA%\Microsoft\Office\Excel11.pip
  • %USERPROFILE%\Recent\SDK.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\PPKLite.api
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\AGM.dll
  • %ALLUSERSPROFILE%\start menu\programs\accessories\communications\new connection wizard.lnk
  • c:\documents and settings\Another User\favorites\msn.com.url
  • c:\documents and settings\default user\templates\sndrec.wav
  • C:\Users ASP Document.asp
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\DigSig.api
  • c:\documents and settings\default user\templates\quattro.wb2
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2003.lnk
  • %USERPROFILE%\My Documents\Users eMail File.eml
  • c:\documents and settings\Another User\local settings\temporary internet files\content.ie5\index.dat
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\ahclient.dll
  • %USERPROFILE%\Recent\BDCORE_datcontent.log.lnk
  • c:\documents and settings\default user\templates\excel4.xls
  • %USERPROFILE%\Start Menu\Programs\Accessories\Notepad.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\Multimedia.api
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Tracker\submission_history.gif
  • c:\documents and settings\Another User\start menu\programs\accessories\accessibility\magnifier.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\QuickTime.mpp
  • %ALLUSERSPROFILE%\documents\my pictures\sample pictures\sunset.jpg
  • c:\documents and settings\Another User\start menu\programs\accessories\accessibility\narrator.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\atl.dll
  • C:\Documents and Settings\Default User\SendTo\Mail Recipient.MAPIMail
  • c:\documents and settings\Another User\templates\amipro.sam
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\CoolType.dll
  • c:\documents and settings\Another User\templates\quattro.wb2
  • %USERPROFILE%\SendTo\Compressed (zipped) Folder.ZFSendToTarget
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\icudt36.dll
  • %USERPROFILE%\Start Menu\Programs\Accessories\Windows Explorer.lnk
  • c:\documents and settings\default user\start menu\programs\accessories\accessibility\magnifier.lnk
  • c:\documents and settings\Another User\templates\wordpfct.wpd
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.THD
  • %TEMP%\Microsoft Office 2003 Setup(0001)_Task(0001).txt
  • %USERPROFILE%\Start Menu\Programs\Windows Media Player.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\AcroSign.prc
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\drip.bmp
  • %ALLUSERSPROFILE%\start menu\programs\administrative tools\services.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Tracker\reviews_super.gif
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\AdobeLinguistic.dll
  • %ALLUSERSPROFILE%\start menu\programs\accessories\system tools\disk cleanup.lnk
  • %APPDATA%\Microsoft\Templates\Normal.dot
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\DataMatrix.pmp
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\RTC.der
  • %USERPROFILE%\Templates\winword2.doc
  • c:\documents and settings\Another User\templates\powerpnt.ppt
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\sqlite.dll
  • %APPDATA%\Microsoft\Internet Explorer\brndlog.bak
  • %USERPROFILE%\My Documents\My Music\Sample Music.lnk
  • %ALLUSERSPROFILE%\documents\my music\music.asx
  • %USERPROFILE%\Templates\excel4.xls
  • %USERPROFILE%\Favorites\Radio Station Guide.url
  • %USERPROFILE%\Start Menu\Programs\Accessories\Address Book.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\acro20.lng
  • C:\Users html Document.htm
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\eBook.api
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\duck.bmp
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.api
  • %USERPROFILE%\Recent\Users html Document.html.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\QRCode.pmp
  • %USERPROFILE%\My Documents\Users text file.txt
  • %ALLUSERSPROFILE%\start menu\programs\accessories\system tools\backup.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\AdobeXMP.dll
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\Checkers.api
  • c:\documents and settings\default user\start menu\programs\remote assistance.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\MCIMPP.mpp
  • %ALLUSERSPROFILE%\documents\my pictures\sample pictures\winter.jpg
  • %USERPROFILE%\Recent\Users html Document.htm.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\logsession.dll
  • %ALLUSERSPROFILE%\start menu\programs\games\internet reversi.lnk
  • %ALLUSERSPROFILE%\start menu\programs\games\freecell.lnk
  • %USERPROFILE%\Recent\tracked.txt.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\A3DUtility.exe
  • %ALLUSERSPROFILE%\application data\microsoft\network\downloader\qmgr0.dat
  • %ALLUSERSPROFILE%\application data\microsoft\media index\wmplibrary_v_0_12.db
  • c:\documents and settings\default user\start menu\programs\accessories\notepad.lnk
  • c:\documents and settings\Another User\start menu\programs\internet explorer.lnk
  • %ALLUSERSPROFILE%\start menu\programs\administrative tools\local security policy.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\Spelling.api
  • %TEMP%\AdobeARM.log
  • %USERPROFILE%\Templates\powerpnt.ppt
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\cat.bmp
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Scanning.lnk
  • c:\documents and settings\default user\templates\wordpfct.wpd
  • c:\documents and settings\default user\templates\wordpfct.wpg
  • %ALLUSERSPROFILE%\documents\my music\sample music\beethoven's symphony no. 9 (scherzo).wma
  • %ALLUSERSPROFILE%\Start Menu\Programs\Adobe Reader 9.lnk
  • %USERPROFILE%\SendTo\My Documents.mydocs
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.STC
  • %APPDATA%\Adobe\Acrobat\8.0\UserCache.bin
  • c:\documents and settings\Another User\start menu\programs\outlook express.lnk
  • C:\Documents and Settings\Another User\SendTo\Desktop (create shortcut).DeskLink
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\LogTransport2.dll
  • %USERPROFILE%\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\lift-off.bmp
  • c:\documents and settings\Another User\templates\winword.doc
  • c:\documents and settings\Another User\favorites\links\free hotmail.url
  • %ALLUSERSPROFILE%\start menu\programs\administrative tools\component services.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Tracker\stop_collection_data.gif
  • c:\documents and settings\default user\start menu\programs\windows media player.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Tracker\forms_distributed.gif
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Acrofx32.dll
  • %USERPROFILE%\Desktop\Users Excel Document.xls
  • C:\Users DBX File.dbx
  • %ALLUSERSPROFILE%\documents\my pictures\sample pictures\blue hills.jpg
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\car.bmp
  • %ALLUSERSPROFILE%\start menu\programs\administrative tools\event viewer.lnk
  • %USERPROFILE%\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk
  • %ALLUSERSPROFILE%\documents\my music\music.wma
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\chess.bmp
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Legal\ENU\eula.ini
  • %ALLUSERSPROFILE%\documents\my pictures\sample pictures\water lilies.jpg
  • %USERPROFILE%\Local Settings\Application Data\Adobe\Acrobat\8.0\Cache\AcroFnt08.lst
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Tracker\review_browser.gif
  • c:\documents and settings\Another User\templates\excel.xls
  • %ALLUSERSPROFILE%\start menu\programs\accessories\system tools\system restore.lnk
  • %USERPROFILE%\Templates\excel.xls
  • %ALLUSERSPROFILE%\start menu\programs\msn explorer.lnk
  • %ALLUSERSPROFILE%\start menu\programs\winrar\winrar help.lnk
  • %APPDATA%\Microsoft\Office\Word11.pip
  • %ALLUSERSPROFILE%\start menu\programs\accessories\communications\network connections.lnk
  • %ALLUSERSPROFILE%\Application Data\Microsoft\OFFICE\DATA\opa11.dat
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\weblink.api
  • %ALLUSERSPROFILE%\start menu\programs\winrar\winrar.lnk
  • %USERPROFILE%\Desktop\Users DBX File.dbx
  • c:\documents and settings\Another User\templates\winword2.doc
  • c:\documents and settings\default user\start menu\programs\accessories\tour windows xp.lnk
  • %USERPROFILE%\Desktop\Users eMail File.eml
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Tracker\pdf.gif
  • %ALLUSERSPROFILE%\start menu\programs\accessories\communications\hyperterminal.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\Updater.api
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\frog.bmp
  • c:\documents and settings\default user\templates\winword.doc
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\Accessibility.api
  • %USERPROFILE%\Favorites\Links\Windows Media.url
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe
  • c:\documents and settings\Another User\start menu\programs\accessories\accessibility\utility manager.lnk
  • %USERPROFILE%\Templates\quattro.wb2
  • C:\Documents and Settings\Another User\SendTo\My Documents.mydocs
  • c:\documents and settings\Another User\start menu\programs\accessories\program compatibility wizard.lnk
  • C:\CONFIG.SYS
  • %ALLUSERSPROFILE%\start menu\programs\accessories\system tools\system information.lnk
  • %USERPROFILE%\Recent\mfeavfk.inf.lnk
  • %APPDATA%\Adobe\Acrobat\9.0\UserCache.bin
  • %USERPROFILE%\Templates\wordpfct.wpg
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\ReadOutLoud.api
  • %USERPROFILE%\Templates\wordpfct.wpd
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\Flash.mpp
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Legal\ENU\license.html
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Tracker\reviews_sent.gif
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.LIC
  • %TEMP%\Microsoft Office 2003 Setup(0001).txt
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\guest.bmp
  • c:\documents and settings\Another User\cookies\index.dat
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\Vdk10.rst
  • %APPDATA%\Adobe\Acrobat\9.0\AdobeSysFnt09.lst
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\adobepdf.xdc
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Tracker\info.gif
  • %ALLUSERSPROFILE%\DESKTOP\Adobe Reader 9.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\AXSLE.dll
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\IA32.api
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.SYX
  • c:\documents and settings\Another User\favorites\links\windows media.url
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\ASPNET.bmp
  • c:\documents and settings\networkservice\cookies\index.dat
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins3d\2d.x3d
  • %PROGRAMFILES%\Adobe\Reader 9.0\Resource\ENUtxt.pdf
  • %ALLUSERSPROFILE%\start menu\programs\accessories\calculator.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\AMT\AUMProduct.aup
  • %ALLUSERSPROFILE%\application data\microsoft\network\connections\pbk\rasphone.pbk
  • c:\documents and settings\Another User\application data\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk
  • %ALLUSERSPROFILE%\start menu\programs\administrative tools\microsoft .net framework 1.1 configuration.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\LogTransport2.exe
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Tracker\form_responses.gif
  • %APPDATA%\MICROSOFT\Internet Explorer\Quick Launch\Windows Media Player.lnk
  • %USERPROFILE%\Recent\mfempefw.inf.lnk
  • %USERPROFILE%\Recent\BDCore_Hook_List.dat.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\PDFPrevHndlr.dll
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Tracker\reviews_joined.gif
  • %ALLUSERSPROFILE%\Application Data\Microsoft\OFFICE\DATA\OPA11.BAK
  • %ALLUSERSPROFILE%\start menu\programs\administrative tools\performance.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\SaveAsRTF.api
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\AcroRdIF.dll
  • %USERPROFILE%\Recent\mfefwsampleinst.xml.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\pe.dll
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Tracker\rss.gif
  • %USERPROFILE%\Start Menu\Programs\Accessories\Synchronize.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.RSD
  • %USERPROFILE%\Recent\Version.txt.lnk
  • %ALLUSERSPROFILE%\application data\microsoft\network\downloader\qmgr1.dat
  • %USERPROFILE%\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Tracker\tr.gif
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.CMP
  • %USERPROFILE%\Local Settings\Application Data\Adobe\Acrobat\8.0\Updater\updater.log
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\PDDom.api
  • %USERPROFILE%\Recent\terminatereplication.txt.lnk
  • %APPDATA%\Microsoft\Internet Explorer\brndlog.txt
  • %USERPROFILE%\My Documents\Users html Document.html
  • %USERPROFILE%\Start Menu\Programs\Remote Assistance.lnk
  • %USERPROFILE%\Start Menu\Programs\Accessories\Command Prompt.lnk
  • c:\documents and settings\default user\start menu\programs\accessories\synchronize.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\AGMGPUOptIn.ini
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\JP2KLib.dll
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\SPPlugins\ADMPlugin.apl
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\dog.bmp
  • %USERPROFILE%\Recent\Local Disk (C).lnk
  • %USERPROFILE%\Recent\mfendisk.inf.lnk
  • %ALLUSERSPROFILE%\start menu\programs\games\spider solitaire.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Esl\AiodLite.dll
  • %ALLUSERSPROFILE%\start menu\programs\accessories\entertainment\volume control.lnk
  • %USERPROFILE%\Templates\presenta.shw
  • %APPDATA%\Microsoft\Office\Recent\Templates.LNK
  • c:\documents and settings\Another User\templates\wordpfct.wpg
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\snowflake.bmp
  • %USERPROFILE%\Desktop\Users eMail Message.msg
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2003.lnk
  • c:\Users exe File.exe
  • C:\Users Access Database.mdb
  • %ALLUSERSPROFILE%\Application Data\Microsoft\corecon\1.0\addons\Microsoft.NetCF.3.5.xsl
  • C:\Users Excel Document.xls
  • C:\Documents and Settings\Default User\SendTo\Desktop (create shortcut).DeskLink
  • %ALLUSERSPROFILE%\start menu\programs\games\hearts.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\ViewerPS.dll
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Tracker\br.gif
  • %APPDATA%\Adobe\Acrobat\9.0\SharedDataEvents
  • %APPDATA%\Adobe\Acrobat\8.0\AdobeCMapFnt08.lst
  • c:\documents and settings\default user\start menu\programs\accessories\program compatibility wizard.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Tracker\email_all.gif
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\PDFSigQFormalRep.pdf
  • %USERPROFILE%\Recent\mfebvt.xml.lnk
  • c:\documents and settings\default user\start menu\programs\accessories\accessibility\narrator.lnk
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\butterfly.bmp
  • c:\documents and settings\default user\templates\presenta.shw
  • %USERPROFILE%\Desktop\Shortcut to SystemCore.lnk
  • %ALLUSERSPROFILE%\start menu\programs\windows messenger.lnk
  • %USERPROFILE%\Start Menu\Programs\Internet Explorer.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\authplay.dll
  • c:\documents and settings\Another User\my documents\my music\sample music.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Imaging.lnk
  • %USERPROFILE%\Local Settings\Application Data\Adobe\Color\ACECache10.lst
  • %USERPROFILE%\Templates\sndrec.wav
  • %ALLUSERSPROFILE%\application data\microsoft\network\connections\pbk\sharedaccess.ini
  • %USERPROFILE%\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins3d\prc\MyriadCAD.otf
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\kick.bmp
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\rt3d.dll
  • %ALLUSERSPROFILE%\start menu\programs\accessories\paint.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\ReadMe.htm
  • c:\documents and settings\Another User\start menu\programs\windows media player.lnk
  • C:\Documents and Settings\Another User\history.db
  • c:\documents and settings\default user\local settings\temporary internet files\content.ie5\index.dat
  • %USERPROFILE%\Desktop\Users html Document.html
  • %USERPROFILE%\Desktop\Users Access Database.mdb
  • C:\AUTOEXEC.BAT
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\AcroRd32.dll
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\dirt bike.bmp
  • c:\documents and settings\networkservice\local settings\temporary internet files\content.ie5\index.dat
  • c:\documents and settings\Another User\start menu\programs\accessories\synchronize.lnk
  • %ALLUSERSPROFILE%\Application Data\Adobe\Acrobat\9.0\Replicate\Security\directories.acrodata
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\icucnv36.dll
Back to Top
Back To Overview View Removal Instructions
   

All Users:

Please use the following instructions for all supported versions of Windows to remove threats and other potential risks:

1.Disable System Restore .

2.Update to current engine and DAT files for detection and removal.

3.Run a complete system scan.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

1. Please go to the Microsoft Recovery Console and restore a clean MBR.

On windows XP:

Insert the Windows XP CD into the CD-ROM drive and restart the computer.
When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
Select the Windows installation that is compromised and provide the administrator password
Issue 'fixmbr' command to restore the Master Boot Record
Follow onscreen instructions
Reset and remove the CD from CD-ROM drive.


On Windows Vista and 7:

Insert the Windows CD into the CD-ROM drive and restart the computer.
Click on "Repair Your Computer"
When the System Recovery Options dialog comes up, choose the Command Prompt.
Issue 'bootrec /fixmbr' command to restore the Master Boot Record
Follow onscreen instructions
Reset and remove the CD from CD-ROM drive.

   

PC Infected? Get Expert Help

McAfee
Virus Removal Service

Connect to one of our Security Experts by phone. Have your PC fixed remotely - while you watch!

$89.95