Nume:TR/Agent.65024.12
Descoperit pe data de:20/08/2008
Tip:Troian
ITW:Da
Numar infectii raportate:Scazut
Potential de raspandire:Scazut spre mediu
Potential de distrugere:Mediu
Fisier static:Da
Marime:65.024 Bytes
MD5:451a367d7635781d55cb5f9c24b59f61
Versiune IVDF:7.00.06.45 - Wednesday, August 20, 2008

 General Alias:
   •  Mcafee: W32/Autorun.worm.c
   •  Panda: Trj/KillAV.MF
   •  Eset: Win32/TrojanDownloader.Delf.OWU
   •  Bitdefender: Win32.Worm.Autorun.UO


Sistem de operare:
   • Windows 2000
   • Windows XP
   • Windows 2003


Efecte secundare:
   • Descarca un fisier malware
   • Creeaza un fisier malware

 Fisiere Se copiaza in urmatoarea locatie:
   • %SYSDIR%\dllcache\f.exe




Incearca sa descarce un fisier:

– Adresa este urmatoarea:
   • http://www.dy8899dy.com/hhgg/**********
La momentul realizarii descrierii, acest fisier nu era disponibil pentru o analiza ulterioara.

 Registrii sistemului Urmatoarele chei sunt adaugate in registrii sistemului:

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\AgentSvr.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\pagefile.pif]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KAVPFW.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KWatchX.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\AoYun.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KaScrScn.SCR]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\360rpt.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\RavTask.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KVSrvXP.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\iparmo.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\pagefile.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\NAVSetup.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KVMonXP.kxp]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\av.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\PFW.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KRepair.COM]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KAVDX.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\SDGames.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\niu.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\nod32krn.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\360Safe.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\TNT.Exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\SysSafe.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KVCenter.kxp]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\runiep.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\FTCleanerShell.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\RavMonD.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\TrojDie.kxp]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\taskmgr.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\regedit.Exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\kvolself.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KASMain.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\guangd.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ccSvcHst.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KVMonXP_1.kxp]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Discovery.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\PFWLiveUpdate.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\SREng.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Ras.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KASTask.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KvXP.kxp]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\mcconsol.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UmxPol.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\QHSET.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\servet.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avp.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KMFilter.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\kvwsc.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UFO.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\AppSvc32.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KMailMon.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UmxAgent.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\mmsk.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\loaddll.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KISLnchr.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\adam.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\HijackThis.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\RsAgent.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\rfwcfg.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\nod32kui.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\cross.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\kernelwind32.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KvfwMcl.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\shcfg32.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UmxAttachment.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\kvol.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\SmartUp.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KPFWSvc.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KRegEx.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\IceSword.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UmxCfg.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\FileDsty.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\~.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UmxFwHlp.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\autoruns.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\XP.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\safelive.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\symlcsvc.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KvReport.kxp]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\kvupload.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\RavMon.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\kabaload.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Rsaupd.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\rfwsrv.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KWatch.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\TrojanDetector.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\regedit32.Exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KAVStart.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\MagicSet.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\scan32.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\AvMonitor.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\
   run]
   • "Mousiexp"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avp.com]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KVStub.kxp]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\auto.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\mmqczj.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\AutoRun.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UpLive.EXE]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\360tray.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KvDetect.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Trojanwall.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\RegClean.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\TxoMoU.Exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KsLoader.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\CCenter.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KWatch9x.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\RfwMain.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\zxsweep.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KAV32.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UIHost.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\appdllman.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KAVSetup.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Rav.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KPFW32.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\RavStub.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\rfwProxy.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Wsyscheck.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\WoptiClean.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avgrssvc.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\KPFW32X.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\sos.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\logogo.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Iparmor.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\isPwdSvc.exe]
   • "Debugger"="%SYSDIR%\dllcache\f.exe"



Urmatoarele chei din registri sunt modificate:

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
   Noua valoare:
   • "Hidden"=dword:0x00000002

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
   Folder\Hidden\SHOWALL]
   Noua valoare:
   • "CheckedValue"=dword:0x00000000

 Detaliile fisierului Compresia fisierului:
Pentru a ingreuna detectia si a reduce marimea fisierului, este folosit un program de compresie runtime.

Description inserted by Petre Galan on Friday, March 5, 2010
Description updated by Petre Galan on Friday, March 5, 2010

Back . . . .