Vollständige Virenbeschreibung

Nume:	TR/Agent.65024.12
Descoperit pe data de:	20/08/2008
Tip:	Troian
ITW:	Da
Numar infectii raportate:	Scazut
Potential de raspandire:	Scazut spre mediu
Potential de distrugere:	Mediu
Fisier static:	Da
Marime:	65.024 Bytes
MD5:	451a367d7635781d55cb5f9c24b59f61
Versiune IVDF:	7.00.06.45 - Mittwoch, 20. August 2008

General Alias:
   • Mcafee: W32/Autorun.worm.c
   • Panda: Trj/KillAV.MF
   • Eset: Win32/TrojanDownloader.Delf.OWU
   • Bitdefender: Win32.Worm.Autorun.UO

Sistem de operare:
   • Windows 2000
   • Windows XP
   • Windows 2003

Efecte secundare:
   • Descarca un fisier malware
   • Creeaza un fisier malware

Fisiere Se copiaza in urmatoarea locatie:
• %SYSDIR%\dllcache\f.exe

Incearca sa descarce un fisier:

– Adresa este urmatoarea:
• http://www.dy8899dy.com/hhgg/**********
La momentul realizarii descrierii, acest fisier nu era disponibil pentru o analiza ulterioara.

Registrii sistemului Urmatoarele chei sunt adaugate in registrii sistemului:

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\AgentSvr.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\pagefile.pif]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KAVPFW.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KWatchX.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\AoYun.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KaScrScn.SCR]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\360rpt.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\RavTask.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KVSrvXP.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\iparmo.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\pagefile.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\NAVSetup.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KVMonXP.kxp]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\av.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\PFW.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KRepair.COM]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KAVDX.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\SDGames.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\niu.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\nod32krn.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\360Safe.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\TNT.Exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\SysSafe.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KVCenter.kxp]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\runiep.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\FTCleanerShell.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\RavMonD.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\TrojDie.kxp]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\taskmgr.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\regedit.Exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\kvolself.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KASMain.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\guangd.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ccSvcHst.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KVMonXP_1.kxp]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Discovery.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\PFWLiveUpdate.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\SREng.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Ras.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KASTask.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KvXP.kxp]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\mcconsol.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UmxPol.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\QHSET.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\servet.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avp.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KMFilter.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\kvwsc.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UFO.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\AppSvc32.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KMailMon.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UmxAgent.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\mmsk.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\loaddll.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KISLnchr.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\adam.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\HijackThis.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\RsAgent.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\rfwcfg.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\nod32kui.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\cross.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\kernelwind32.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KvfwMcl.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\shcfg32.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UmxAttachment.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\kvol.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\SmartUp.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KPFWSvc.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KRegEx.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\IceSword.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UmxCfg.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\FileDsty.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\~.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UmxFwHlp.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\autoruns.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\XP.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\safelive.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\symlcsvc.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KvReport.kxp]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\kvupload.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\RavMon.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\kabaload.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Rsaupd.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\rfwsrv.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KWatch.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\TrojanDetector.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\regedit32.Exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KAVStart.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\MagicSet.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\scan32.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\AvMonitor.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\
   run]
   • "Mousiexp"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avp.com]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KVStub.kxp]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\auto.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\mmqczj.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\AutoRun.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UpLive.EXE]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\360tray.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KvDetect.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Trojanwall.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\RegClean.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\TxoMoU.Exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KsLoader.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\CCenter.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KWatch9x.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\RfwMain.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\zxsweep.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KAV32.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UIHost.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\appdllman.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KAVSetup.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Rav.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KPFW32.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\RavStub.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\rfwProxy.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Wsyscheck.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\WoptiClean.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avgrssvc.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KPFW32X.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\sos.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\logogo.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Iparmor.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\isPwdSvc.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

Urmatoarele chei din registri sunt modificate:

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
   Noua valoare:
   • "Hidden"=dword:0x00000002

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
   Folder\Hidden\SHOWALL]
   Noua valoare:
   • "CheckedValue"=dword:0x00000000

Detaliile fisierului Compresia fisierului:
Pentru a ingreuna detectia si a reduce marimea fisierului, este folosit un program de compresie runtime.

Die Beschreibung wurde erstellt von Petre Galan am Freitag, 5. März 2010
Die Beschreibung wurde geändert von Petre Galan am Freitag, 5. März 2010

zurück . . . .

PC Schutz

Gratis-Produkte

Beliebteste Produkte

Alle Produkte

Bundle-Lösungen

Arbeitsplatzrechner

Server

Bundle-Lösungen

Mail Gateways

Web Gateways

Kollaborationsplattformen

Für Privatanwender

Für Unternehmen

Virenlabor

Mehr Support

Avira Partner werden

Für Privatanwender

Für Unternehmen

Sie möchten das Produkt nur testen?

Handbücher und Tools