Virus Profile: Generic Exploit!E70E71F359F9

Threat Search
Print
   
Virus Profile information details
Risk Assessment: Home Low | Corporate Low
Date Discovered: 3/11/2012
Date Added: 3/11/2012
Origin: Unknown
Length: 421674
Type: Trojan
Subtype: -
DAT Required: 6645
Removal Instructions
   
 
 
   

Description

This is a Trojan detection. Unlike viruses, Trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include e-mail, malicious or hacked Web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Indication of Infection

This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.

Methods of Infection

Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.

   

Virus Characteristics

This is a Trojan

File PropertiesProperty Values
McAfee DetectionGeneric Exploit
Length421674 bytes
MD5e70e71f359f983336de951aa10c2fa4e
SHA1960f910d1c447923bc66bfe6c9f0809a4aab2dcb


Other Common Detection Aliases

Company NamesDetection Names
ahnlabTrojan/Win32.Agent
avastWin32:Small-NTV
aviraW32/Sivis.A
KasperskyExploit.JS.Pdfka.fow
Dr.WebTrojan.Siggen3.2175
F-ProtW32/Sivis.A
MicrosoftVirus:Win32/Sivis.A
SymantecTrojan.Gen
normanVasab.A
Trend MicroTROJ_GEN.R47CCBN
vba32Trojan.Agent.nba

Other brands and names may be claimed as the property of others.


ActivitiesRisk Levels
Creates one or more shortcuts (.LNK files) to provide user accessible links to start a program usually form the desktop or start menu.Low
Enumerates many system files and directories.Low
No digital signature is presentInformational


McAfee ScansScan Detections
McAfee BetaGeneric Exploit
McAfee SupportedGeneric Exploit



System Changes

Some path values have been replaced with environment variables as the exact location may vary with different configurations.
e.g.
%WINDIR% = \WINDOWS (Windows 9x/ME/XP/Vista/7), \WINNT (Windows NT/2000)
%PROGRAMFILES% = \Program Files


The following files were analyzed:

960f9[private subnet]bc66bfe6c9f0809a4aab2dcb

The following files have been added to the system:

  • %ALLUSERSPROFILE%\start menu\programs\accessories\entertainment\sound recorder.lnk
  • %USERPROFILE%\Recent\Goat_1.5.235.1931.lnk
  • %USERPROFILE%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
  • c:\documents and settings\Another User\start menu\programs\accessories\address book.lnk
  • %USERPROFILE%\history.db
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Eula.exe
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\ball.bmp
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Save My Settings Wizard.lnk
  • %USERPROFILE%\Local Settings\Application Data\Adobe\Color\ACECache6.lst
  • %ALLUSERSPROFILE%\start menu\programs\games\solitaire.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Javascripts\JSByteCodeWin.bin
  • %ALLUSERSPROFILE%\start menu\programs\accessories\system tools\disk defragmenter.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\Words.pdf
  • c:\Users exe File.exe
  • %USERPROFILE%\Recent\mfedtdik.inf.lnk
  • c:\documents and settings\Another User\templates\lotus.wk4
  • c:\documents and settings\Another User\favorites\radio station guide.url
  • %APPDATA%\Adobe\Acrobat\8.0\Synchronizer\metadata\Synchronizer80
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\palm tree.bmp
  • C:\Users eMail File.eml
  • c:\documents and settings\Another User\favorites\links\windows.url
  • %ALLUSERSPROFILE%\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma
  • %USERPROFILE%\Recent\mfefwsampleinst.xml.lnk
  • %ALLUSERSPROFILE%\Application Data\Adobe\Updater6\AdobeESDGlobalApps.xml
  • c:\documents and settings\default user\start menu\programs\accessories\windows explorer.lnk
  • %ALLUSERSPROFILE%\start menu\programs\games\pinball.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\AcroBroker.exe
  • %ALLUSERSPROFILE%\start menu\programs\accessories\wordpad.lnk
  • c:\documents and settings\Another User\application data\microsoft\windows\themes\custom.theme
  • %APPDATA%\Adobe\Acrobat\8.0\AdobeSysFnt08.lst
  • %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
  • %USERPROFILE%\Desktop\Users Javascript.js
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\fish.bmp
  • c:\documents and settings\default user\templates\lotus.wk4
  • %USERPROFILE%\Local Settings\Application Data\Adobe\Acrobat\9.0\Updater\updater.log
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\airplane.bmp
  • %ALLUSERSPROFILE%\start menu\programs\accessories\windows movie maker.lnk
  • %USERPROFILE%\Desktop\Users vbscript.vbs
  • c:\documents and settings\default user\start menu\programs\accessories\accessibility\utility manager.lnk
  • %USERPROFILE%\tracemon.cfg
  • %USERPROFILE%\Recent\release.lnk
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\beach.bmp
  • c:\documents and settings\default user\start menu\programs\remote assistance.lnk
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\Administrator.bmp
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Optional\README.TXT
  • %APPDATA%\Microsoft\Windows\Themes\Custom.theme
  • c:\documents and settings\default user\application data\microsoft\internet explorer\brndlog.txt
  • C:\Documents and Settings\Another User\SendTo\Mail Recipient.MAPIMail
  • %USERPROFILE%\Recent\mfendisk_m.inf.lnk
  • %USERPROFILE%\My Documents\Users Javascript.js
  • %USERPROFILE%\My Documents\Users Access Database.mdb
  • %USERPROFILE%\Recent\HIPSCore.lnk
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\horses.bmp
  • %ALLUSERSPROFILE%\start menu\programs\accessories\communications\network setup wizard.lnk
  • %USERPROFILE%\My Documents\Users DBX File.dbx
  • %ALLUSERSPROFILE%\start menu\programs\accessories\entertainment\windows media player.lnk
  • C:\Documents and Settings\Another User\Local Settings\Temp\ArmUI.ini
  • %ALLUSERSPROFILE%\start menu\programs\games\minesweeper.lnk
  • %APPDATA%\Microsoft\Internet Explorer\brndlog.txt
  • %USERPROFILE%\My Documents\Users ASP Document.asp
  • %USERPROFILE%\Recent\inject_config32.ini.lnk
  • %ALLUSERSPROFILE%\documents\my music\music.bmp
  • %USERPROFILE%\Recent\GoatClient.ini.lnk
  • %USERPROFILE%\My Documents\Users Excel Document.xls
  • %USERPROFILE%\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
  • c:\documents and settings\default user\application data\microsoft\internet explorer\brndlog.bak
  • %USERPROFILE%\Desktop\Users text file.txt
  • %USERPROFILE%\Start Menu\Programs\Outlook Express.lnk
  • c:\documents and settings\Another User\application data\microsoft\internet explorer\quick launch\windows media player.lnk
  • c:\documents and settings\Another User\templates\presenta.shw
  • %APPDATA%\Microsoft\Office\Excel11.pip
  • %USERPROFILE%\Recent\SDK.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\AGM.dll
  • %ALLUSERSPROFILE%\start menu\programs\accessories\communications\new connection wizard.lnk
  • c:\documents and settings\Another User\favorites\msn.com.url
  • c:\documents and settings\default user\templates\sndrec.wav
  • C:\Users ASP Document.asp
  • c:\documents and settings\default user\templates\quattro.wb2
  • c:\documents and settings\default user\start menu\programs\accessories\synchronize.lnk
  • %USERPROFILE%\My Documents\Users eMail File.eml
  • c:\documents and settings\Another User\local settings\temporary internet files\content.ie5\index.dat
  • %USERPROFILE%\Recent\BDCORE_datcontent.log.lnk
  • c:\documents and settings\default user\templates\excel4.xls
  • %ALLUSERSPROFILE%\start menu\programs\accessories\communications\hyperterminal.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2003.lnk
  • %USERPROFILE%\My Documents\My Pictures\Sample Pictures.lnk
  • %ALLUSERSPROFILE%\documents\my pictures\sample pictures\sunset.jpg
  • c:\documents and settings\Another User\start menu\programs\accessories\accessibility\narrator.lnk
  • C:\Documents and Settings\Default User\SendTo\Mail Recipient.MAPIMail
  • c:\documents and settings\Another User\templates\amipro.sam
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\CoolType.dll
  • c:\documents and settings\Another User\templates\quattro.wb2
  • %USERPROFILE%\SendTo\Compressed (zipped) Folder.ZFSendToTarget
  • %USERPROFILE%\Start Menu\Programs\Accessories\Windows Explorer.lnk
  • c:\documents and settings\default user\start menu\programs\accessories\accessibility\magnifier.lnk
  • c:\documents and settings\networkservice\local settings\temporary internet files\content.ie5\index.dat
  • %TEMP%\Microsoft Office 2003 Setup(0001)_Task(0001).txt
  • %USERPROFILE%\Start Menu\Programs\Windows Media Player.lnk
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\drip.bmp
  • %ALLUSERSPROFILE%\start menu\programs\administrative tools\services.lnk
  • %ALLUSERSPROFILE%\start menu\programs\accessories\system tools\disk cleanup.lnk
  • %APPDATA%\Microsoft\Templates\Normal.dot
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\DataMatrix.pmp
  • %USERPROFILE%\Templates\winword2.doc
  • c:\documents and settings\Another User\templates\powerpnt.ppt
  • %APPDATA%\Microsoft\Internet Explorer\brndlog.bak
  • %USERPROFILE%\My Documents\My Music\Sample Music.lnk
  • %ALLUSERSPROFILE%\documents\my music\music.asx
  • %ALLUSERSPROFILE%\start menu\programs\administrative tools\microsoft .net framework 1.1 wizards.lnk
  • c:\documents and settings\Another User\start menu\programs\accessories\tour windows xp.lnk
  • %USERPROFILE%\Start Menu\Programs\Accessories\Address Book.lnk
  • %USERPROFILE%\Templates\excel4.xls
  • C:\Users html Document.htm
  • %USERPROFILE%\Recent\Users html Document.html.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\QRCode.pmp
  • %USERPROFILE%\My Documents\Users text file.txt
  • %ALLUSERSPROFILE%\start menu\programs\accessories\system tools\backup.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\AdobeXMP.dll
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\Checkers.api
  • %USERPROFILE%\SendTo\Desktop (create shortcut).DeskLink
  • %ALLUSERSPROFILE%\documents\my pictures\sample pictures\winter.jpg
  • %USERPROFILE%\Recent\Users html Document.htm.lnk
  • %ALLUSERSPROFILE%\start menu\programs\games\internet reversi.lnk
  • %ALLUSERSPROFILE%\start menu\programs\games\freecell.lnk
  • %USERPROFILE%\Recent\tracked.txt.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\A3DUtility.exe
  • %APPDATA%\MICROSOFT\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
  • %ALLUSERSPROFILE%\application data\microsoft\media index\wmplibrary_v_0_12.db
  • c:\documents and settings\default user\start menu\programs\accessories\notepad.lnk
  • c:\documents and settings\Another User\start menu\programs\internet explorer.lnk
  • %ALLUSERSPROFILE%\start menu\programs\administrative tools\local security policy.lnk
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\kick.bmp
  • %USERPROFILE%\Templates\powerpnt.ppt
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\cat.bmp
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Scanning.lnk
  • %TEMP%\AdobeARM.log
  • %ALLUSERSPROFILE%\Start Menu\Programs\Adobe Reader 9.lnk
  • %USERPROFILE%\SendTo\My Documents.mydocs
  • %APPDATA%\Adobe\Acrobat\8.0\UserCache.bin
  • c:\documents and settings\Another User\start menu\programs\outlook express.lnk
  • C:\Documents and Settings\Another User\SendTo\Desktop (create shortcut).DeskLink
  • %USERPROFILE%\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\lift-off.bmp
  • c:\documents and settings\Another User\templates\winword.doc
  • c:\documents and settings\Another User\favorites\links\free hotmail.url
  • c:\documents and settings\default user\start menu\programs\windows media player.lnk
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\dirt bike.bmp
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Acrofx32.dll
  • %USERPROFILE%\Desktop\Users Excel Document.xls
  • C:\Users DBX File.dbx
  • %ALLUSERSPROFILE%\documents\my pictures\sample pictures\blue hills.jpg
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\car.bmp
  • %ALLUSERSPROFILE%\start menu\programs\administrative tools\event viewer.lnk
  • %USERPROFILE%\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk
  • %ALLUSERSPROFILE%\documents\my music\music.wma
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\chess.bmp
  • %ALLUSERSPROFILE%\documents\my pictures\sample pictures\water lilies.jpg
  • %USERPROFILE%\Local Settings\Application Data\Adobe\Acrobat\8.0\Cache\AcroFnt08.lst
  • c:\documents and settings\Another User\templates\excel.xls
  • %ALLUSERSPROFILE%\start menu\programs\accessories\system tools\system restore.lnk
  • %USERPROFILE%\Templates\excel.xls
  • %ALLUSERSPROFILE%\start menu\programs\msn explorer.lnk
  • %ALLUSERSPROFILE%\start menu\programs\winrar\winrar help.lnk
  • %APPDATA%\Microsoft\Office\Word11.pip
  • %ALLUSERSPROFILE%\start menu\programs\accessories\communications\network connections.lnk
  • %ALLUSERSPROFILE%\Application Data\Microsoft\OFFICE\DATA\opa11.dat
  • %USERPROFILE%\Desktop\Users DBX File.dbx
  • c:\documents and settings\Another User\templates\winword2.doc
  • c:\documents and settings\default user\start menu\programs\accessories\tour windows xp.lnk
  • %USERPROFILE%\Desktop\Users eMail File.eml
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\frog.bmp
  • c:\documents and settings\default user\templates\winword.doc
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\Accessibility.api
  • %USERPROFILE%\Favorites\Links\Windows Media.url
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe
  • c:\documents and settings\Another User\start menu\programs\accessories\accessibility\utility manager.lnk
  • %USERPROFILE%\Templates\quattro.wb2
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\stupid.bmp
  • C:\Documents and Settings\Another User\SendTo\My Documents.mydocs
  • c:\documents and settings\Another User\start menu\programs\accessories\program compatibility wizard.lnk
  • C:\CONFIG.SYS
  • %ALLUSERSPROFILE%\start menu\programs\accessories\system tools\system information.lnk
  • %USERPROFILE%\Recent\mfeavfk.inf.lnk
  • %APPDATA%\Adobe\Acrobat\9.0\UserCache.bin
  • %TEMP%\Microsoft Office 2003 Setup(0001).txt
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\guest.bmp
  • c:\documents and settings\Another User\cookies\index.dat
  • %APPDATA%\Adobe\Acrobat\9.0\AdobeSysFnt09.lst
  • %ALLUSERSPROFILE%\DESKTOP\Adobe Reader 9.lnk
  • c:\documents and settings\Another User\favorites\links\windows media.url
  • %ALLUSERSPROFILE%\Application Data\Microsoft\User Account Pictures\ASPNET.bmp
  • c:\documents and settings\networkservice\cookies\index.dat
  • %ALLUSERSPROFILE%\start menu\programs\accessories\calculator.lnk
  • c:\documents and settings\Another User\start menu\programs\accessories\accessibility\magnifier.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\AMT\AUMProduct.aup
  • %ALLUSERSPROFILE%\application data\microsoft\network\connections\pbk\rasphone.pbk
  • c:\documents and settings\Another User\application data\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk
  • %ALLUSERSPROFILE%\start menu\programs\administrative tools\microsoft .net framework 1.1 configuration.lnk
  • %APPDATA%\MICROSOFT\Internet Explorer\Quick Launch\Windows Media Player.lnk
  • %USERPROFILE%\Recent\mfempefw.inf.lnk
  • %USERPROFILE%\Recent\BDCore_Hook_List.dat.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\PDFPrevHndlr.dll
  • %ALLUSERSPROFILE%\Application Data\Microsoft\OFFICE\DATA\OPA11.BAK
  • %ALLUSERSPROFILE%\start menu\programs\administrative tools\performance.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\AcroRdIF.dll
  • %ALLUSERSPROFILE%\start menu\programs\winrar\console rar manual.lnk
  • %USERPROFILE%\Recent\Version.txt.lnk
  • %USERPROFILE%\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst
  • %USERPROFILE%\My Documents\Users html Document.htm
  • %USERPROFILE%\Local Settings\Application Data\Adobe\Acrobat\8.0\Updater\updater.log
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Application Recovery.lnk
  • %USERPROFILE%\Recent\terminatereplication.txt.lnk
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\duck.bmp
  • %USERPROFILE%\My Documents\Users html Document.html
  • %USERPROFILE%\Recent\Goat.lnk
  • %USERPROFILE%\Start Menu\Programs\Remote Assistance.lnk
  • %USERPROFILE%\Start Menu\Programs\Accessories\Command Prompt.lnk
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\dog.bmp
  • %USERPROFILE%\Recent\Local Disk (C).lnk
  • %USERPROFILE%\Recent\mfendisk.inf.lnk
  • %ALLUSERSPROFILE%\start menu\programs\games\spider solitaire.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Esl\AiodLite.dll
  • %ALLUSERSPROFILE%\start menu\programs\accessories\entertainment\volume control.lnk
  • %USERPROFILE%\Templates\presenta.shw
  • %APPDATA%\Microsoft\Office\Recent\Templates.LNK
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\snowflake.bmp
  • %USERPROFILE%\Desktop\Users eMail Message.msg
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2003.lnk
  • C:\Users Access Database.mdb
  • c:\documents and settings\Another User\application data\microsoft\internet explorer\brndlog.bak
  • C:\Users Excel Document.xls
  • C:\Documents and Settings\Default User\SendTo\Desktop (create shortcut).DeskLink
  • %ALLUSERSPROFILE%\start menu\programs\games\hearts.lnk
  • %APPDATA%\Adobe\Acrobat\9.0\SharedDataEvents
  • %APPDATA%\Adobe\Acrobat\8.0\AdobeCMapFnt08.lst
  • c:\documents and settings\default user\start menu\programs\accessories\program compatibility wizard.lnk
  • %USERPROFILE%\Recent\mfebvt.xml.lnk
  • c:\documents and settings\default user\start menu\programs\accessories\accessibility\narrator.lnk
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\butterfly.bmp
  • c:\documents and settings\default user\templates\presenta.shw
  • %USERPROFILE%\Desktop\Shortcut to SystemCore.lnk
  • %ALLUSERSPROFILE%\start menu\programs\windows messenger.lnk
  • %USERPROFILE%\Start Menu\Programs\Internet Explorer.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\authplay.dll
  • %USERPROFILE%\My Documents\Users Word Document.doc
  • c:\documents and settings\Another User\my documents\my music\sample music.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Imaging.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\Annots.api
  • %USERPROFILE%\Local Settings\Application Data\Adobe\Color\ACECache10.lst
  • %USERPROFILE%\Templates\sndrec.wav
  • %ALLUSERSPROFILE%\application data\microsoft\network\connections\pbk\sharedaccess.ini
  • %USERPROFILE%\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
  • %ALLUSERSPROFILE%\start menu\programs\winrar\winrar.lnk
  • %ALLUSERSPROFILE%\start menu\programs\accessories\paint.lnk
  • c:\documents and settings\Another User\start menu\programs\windows media player.lnk
  • C:\Documents and Settings\Another User\history.db
  • c:\documents and settings\default user\local settings\temporary internet files\content.ie5\index.dat
  • %USERPROFILE%\Desktop\Users html Document.html
  • C:\AUTOEXEC.BAT
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\AcroRd32.dll
  • c:\documents and settings\Another User\start menu\programs\accessories\synchronize.lnk
  • %USERPROFILE%\Favorites\Links\Customize Links.url
  • c:\documents and settings\default user\templates\winword2.doc
  • %USERPROFILE%\Desktop\Users ASP Document.asp
  • %USERPROFILE%\Templates\winword.doc
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
  • c:\documents and settings\Another User\favorites\links\customize links.url
  • C:\Users text file.txt
  • %ALLUSERSPROFILE%\start menu\windows catalog.lnk
  • %ALLUSERSPROFILE%\start menu\programs\accessories\system tools\files and settings transfer wizard.lnk
  • c:\documents and settings\default user\templates\excel.xls
  • c:\documents and settings\Another User\application data\microsoft\internet explorer\brndlog.txt
  • %USERPROFILE%\Favorites\Links\Windows.url
  • %USERPROFILE%\Desktop\Users Word Document.doc
  • %USERPROFILE%\Desktop\Users html Document.htm
  • %APPDATA%\Adobe\Acrobat\9.0\AdobeCMapFnt09.lst
  • %USERPROFILE%\SendTo\Mail Recipient.MAPIMail
  • c:\documents and settings\Another User\application data\microsoft\internet explorer\quick launch\show desktop.scf
  • %USERPROFILE%\DESKTOP\Shortcut to tracemon.exe.lnk
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\guitar.bmp
  • C:\Documents and Settings\Another User\SendTo\Compressed (zipped) Folder.ZFSendToTarget
  • %USERPROFILE%\Favorites\Links\Free Hotmail.url
  • %TEMP%\BakuTechPreviewInstallLog.txt
  • C:\Users vbscript.vbs
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\ACE.dll
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\AcroRd32.exe
  • c:\documents and settings\Another User\my documents\my pictures\sample pictures.lnk
  • %USERPROFILE%\My Documents\Users eMail Message.msg
  • %USERPROFILE%\Recent\filetype.lnk
  • %ALLUSERSPROFILE%\start menu\programs\administrative tools\computer management.lnk
  • c:\documents and settings\Another User\start menu\programs\accessories\accessibility\on-screen keyboard.lnk
  • %ALLUSERSPROFILE%\start menu\programs\games\internet backgammon.lnk
  • %ALLUSERSPROFILE%\start menu\programs\games\internet checkers.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.api
  • %USERPROFILE%\Templates\amipro.sam
  • %ALLUSERSPROFILE%\start menu\programs\administrative tools\data sources (odbc).lnk
  • c:\documents and settings\default user\templates\powerpnt.ppt
  • %USERPROFILE%\Favorites\Radio Station Guide.url
  • c:\Users exe File.exe
  • %ALLUSERSPROFILE%\application data\microsoft\user account pictures\default pictures\pink flower.bmp
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\pe.dll
  • c:\documents and settings\Another User\start menu\programs\accessories\notepad.lnk
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk
  • c:\documents and settings\default user\start menu\programs\accessories\accessibility\on-screen keyboard.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\AdobePDF417.pmp
  • %ALLUSERSPROFILE%\start menu\programs\administrative tools\component services.lnk
  • C:\Users html Document.html
  • %USERPROFILE%\Favorites\MSN.com.url
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2003.lnk
  • %APPDATA%\Microsoft\Office\MSO1033.acl
  • C:\Users Word Document.doc
  • %TEMP%\offcln11.log
  • %USERPROFILE%\Start Menu\Programs\Accessories\Notepad.lnk
  • c:\documents and settings\Another User\templates\excel4.xls
  • %ALLUSERSPROFILE%\start menu\programs\accessories\accessibility\accessibility wizard.lnk
  • %ALLUSERSPROFILE%\Start Menu\Set Program Access and Defaults.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\BIB.dll
  • %USERPROFILE%\My Documents\Users vbscript.vbs
  • %ALLUSERSPROFILE%\start menu\programs\games\internet spades.lnk
  • %ALLUSERSPROFILE%\documents\my music\sample music\new stories (highway blues).wma
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
  • %USERPROFILE%\Desktop\emaillist.txt
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
  • c:\documents and settings\Another User\templates\sndrec.wav
  • C:\Documents and Settings\Another User\Local Settings\Temp\AdobeARM.log
  • %USERPROFILE%\Desktop\Shortcut to SYSTEM32.lnk
  • %USERPROFILE%\Local Settings\Application Data\Adobe\Updater5\aum.log
  • %ALLUSERSPROFILE%\start menu\programs\accessories\system tools\character map.lnk
  • %ALLUSERSPROFILE%\Application Data\Microsoft\corecon\1.0\addons\Microsoft.NetCF.3.5.xsl
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\BIBUtils.dll
  • c:\documents and settings\Another User\start menu\programs\remote assistance.lnk
  • %ALLUSERSPROFILE%\start menu\programs\accessories\system tools\scheduled tasks.lnk
  • %ALLUSERSPROFILE%\start menu\windows update.lnk
  • %PROGRAMFILES%\Adobe\Reader 9.0\Reader\PDFPrevHndlrShim.exe
  • c:\documents and settings\default user\cookies\index.dat
  • %USERPROFILE%\Recent\VSCore.lnk
  • c:\documents and settings\default user\templates\amipro.sam
  • %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft O
       

    All Users:

    Please use the following instructions for all supported versions of Windows to remove threats and other potential risks:

    1.Disable System Restore .

    2.Update to current engine and DAT files for detection and removal.

    3.Run a complete system scan.

    Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

    1. Please go to the Microsoft Recovery Console and restore a clean MBR.

    On windows XP:

    Insert the Windows XP CD into the CD-ROM drive and restart the computer.
    When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
    Select the Windows installation that is compromised and provide the administrator password
    Issue 'fixmbr' command to restore the Master Boot Record
    Follow onscreen instructions
    Reset and remove the CD from CD-ROM drive.


    On Windows Vista and 7:

    Insert the Windows CD into the CD-ROM drive and restart the computer.
    Click on "Repair Your Computer"
    When the System Recovery Options dialog comes up, choose the Command Prompt.
    Issue 'bootrec /fixmbr' command to restore the Master Boot Record
    Follow onscreen instructions
    Reset and remove the CD from CD-ROM drive.

       

    PC Infected? Get Expert Help

    McAfee
    Virus Removal Service

    Connect to one of our Security Experts by phone. Have your PC fixed remotely - while you watch!

    $89.95