Full description

Virus:	TR/Spy.53760.147
Date discovered:	13/10/2010
Type:	Trojan
In the wild:	Yes
Reported Infections:	Low to medium
Distribution Potential:	Low
Damage Potential:	Low to medium
Static file:	Yes
File size:	53.760 Bytes
MD5 checksum:	9afdd3c9ab12d8bfe45d046d150bd47c
VDF version:	7.10.05.186
IVDF version:	7.10.12.206 - Wednesday, October 13, 2010

General Method of propagation:
   • No own spreading routine

Aliases:
   • Symantec: W32.Rontokbro@mm
   • Kaspersky: Worm.Win32.AutoTsifiri.bt
   • TrendMicro: WORM_ESFURY.AA
   • F-Secure: Worm.Win32.AutoTsifiri.bt
   • Sophos: W32/SillyFDC-FA
   • Bitdefender: Trojan.VB.Agent.HU
   • Microsoft: Worm:Win32/Esfury
   • Eset: Win32/AutoRun.VB.UG

Platforms / OS:
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows 7

Side effects:
   • Blocks access to security websites
   • Disable security applications
   • Registry modification

Files It copies itself to the following location:
• %HOME%\%current username%1\winlogon.exe

Registry The following registry keys are added in order to run the processes after reboot:

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "NVIDIA Media Center Library"="%HOME%\%current username%\winlogon.exe"

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "NVIDIA Media Center Library"="%HOME%\%current username%\winlogon.exe"

The following registry keys are added:

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a2servic.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\acs.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ahnsd.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alerter.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antigen.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwcl9.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpexec.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpinst.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpmon.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpnt.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BullGuard.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\callmsi.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cclaw.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccsetmgr.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccshtdwn.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfind.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ChromeSetup.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clamauto.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\consent.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpdclnt.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\crashreporter.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csinject.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csinsm32.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\css1631.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Diskmon.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drvins32.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dumphive.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dv95.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dv95_o.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\earthagent.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecls.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecmd.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\edi.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efinet32.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHttpSrv.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanh95.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ewido.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exit.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fa-setup.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Filemon.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FirewallControlPanel.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FirewallSettings.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fix-it.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flowprotector.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVServer.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot95.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsave32.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fslaunch.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fssm32.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fwenc.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fwinstall.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GenericRenosFix.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gibe.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleToolbarInstaller_download_signed.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEDFix.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmor.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iris.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isrv95.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jed.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav8.0.0.357es.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavsvc.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kis8.0.0.506latam.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpf.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcuimgr.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdll.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw2en.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgui.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\minilog.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monitor.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monsys32.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monsysnt.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monwow.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\moolive.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfagent.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfservice.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrflux.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msblast.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msinfo32.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msn.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspatch.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssmmc32.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mu0311ad.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mwatch.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mxtask.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scan.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scanw.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nai_vs_stat.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav32_loader.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav80try.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navap.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navauto-protect.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navdx.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naveng.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navengnavex15.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcc2k_76_1436.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccclient.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prckiller.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Process.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmonitor.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexplorerv1.0.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Procmon.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\programauditor.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\proport.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectx.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pspf.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\purge.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pview.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pview95.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qconsole.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qserver.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wradmin.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2Fix.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wyvernworksfirewall.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xscan.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutorzauinst.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zauinst.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zlh.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalarm.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

   • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_findviru.exe]
     "Debugger"="%HOME%\%current username%1\winlogon.exe"

The following registry keys are changed:

– [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
   Old value:
   • "Local Page"="%user defined settings%"
   • "Default_Search_URL"="%user defined settings%"
   • "Search Page"="%user defined settings%"
   • "Default_Page_URL"="%user defined settings%"
   • "Start Page"="%user defined settings%"
   New value:
   • "Local Page"="http://x-n-3-c-x-4-3-d-3-1**********.info"
   • "Default_Search_URL"="http://t-.j-z-0**********.info"
   • "Search Page"="http://5-1-u-q-m-t-d**********.info"
   • "Default_Page_URL"="http://5-s-5-2-i-6-x-5**********.info"
   • "Start Page"="http://3-m-b-.a-l-v-d-z**********.info"

– [HKCU\Software\Microsoft\Internet Explorer\Main]
   Old value:
   • "Default_Page_URL"="%user defined settings%"
     "Default_Search_URL"="%user defined settings%"
     "Local Page"="%user defined settings%"
     "Start Page"="%user defined settings%"
     "Start Page"="%user defined settings%"
   New value:
   • "Default_Page_URL"="http://d-b-9-1-7-p-o**********.info"
     "Default_Search_URL"="http://6-c-0-5-1-0-c**********.info"
     "Local Page"="http://3-l-3-s-o-a-7-h**********.info"
     "Start Page"="http://0-9-5-e-9-6-4-j**********.info"
     "Search Page"="http://3-5-w-t-s-7-t-.5**********info"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
   New value:
   • "DisableSR"=dword:00000001

– [HKLM\SYSTEM\ControlSet001\Services\wscsvc]
   New value:
   • "Start"=dword:00000004

– [HKLM\SYSTEM\CurrentControlSet\Services\sr]
   New value:
   • "Start"=dword:00000004

– [HKLM\SYSTEM\CurrentControlSet\Services\wscsvc]
   New value:
   • "Start"=dword:00000004

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
   New value:
   • "Hidden"=dword:00000002
     "HideFileExt"=dword:00000003
     "SuperHidden"=dword:00000001

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
   New value:
   • "NoRun"=dword:00000001
     "NoFile"=dword:00000001
     "NoFolderOptions"=dword:00000001

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
   New value:
   • "ConsentPromptBehaviorAdmin"=dword:00000000
     "EnableLUA"=dword:00000000
     "PromptOnSecureDesktop"=dword:00000001

Hosts The host file is modified as explained:

– In this case existing entries are deleted.

– Access to the following domains is effectively blocked:
   • 208.109.220.95 viabcp.com
   • 208.109.220.95 www.viabcp.com
   • 208.109.220.95 bcpzonasegura.viabcp.com
   • 173.236.97.27 www.produbanco.com
   • 173.236.97.27 produbanco.com
   • 173.236.97.27 www.pichincha.com
   • 173.236.97.27 pichincha.com
   • 173.236.97.27 wwwp1.pichincha.com
   • 173.236.97.27 wwwp2.pichincha.com
   • 173.236.97.27 wwwp3.pichincha.com
   • 173.236.97.27 wwwp4.pichincha.com
   • 173.236.97.27 wwww01.pichincha.com
   • 173.236.97.27 wwww02.pichincha.com
   • 173.236.97.27 wwww03.pichincha.com
   • 173.236.97.27 wwww04.pichincha.com
   • 173.201.254.6 bn.com.pe
   • 173.201.254.6 www.bn.com.pe
   • 173.201.254.6 zonasegura1.bn.com.pe
   • 173.201.254.6 www.zonasegura1.bn.com.pe
   • 173.201.254.6 peliculasid.com
   • 173.201.254.6 www.peliculasid.com
   • 64.117.35.255 iniciorapido.info
   • 64.117.35.255 www.iniciorapido.info
   • 64.117.35.255 buscalo.in
   • 64.117.35.255 www.buscalo.in
   • 64.117.35.255 buscafacil.com
   • 64.117.35.255 www.buscafacil.com
   • 64.117.35.255 emsisoft.com
   • 64.117.35.255 ahnlab.com
   • 64.117.35.255 antivir.es
   • 64.117.35.255 antiy.net
   • 64.117.35.255 authentium.com
   • 64.117.35.255 avast.com
   • 64.117.35.255 avg.com
   • 64.117.35.255 bitdefender.com
   • 64.117.35.255 quickheal.com
   • 64.117.35.255 clamav.net
   • 64.117.35.255 comodo.com
   • 64.117.35.255 drweb.com
   • 64.117.35.255 aladdin.com
   • 64.117.35.255 ca.com
   • 64.117.35.255 f-prot.com
   • 64.117.35.255 f-secure.com
   • 64.117.35.255 fortinet.com
   • 64.117.35.255 gdata.es
   • 64.117.35.255 ikarus.at
   • 64.117.35.255 jiangmin.com
   • 64.117.35.255 kaspersky.com
   • 64.117.35.255 mcafee.com
   • 64.117.35.255 microsoft.com
   • 64.117.35.255 eset.es
   • 64.117.35.255 norman.com
   • 64.117.35.255 nprotect.com
   • 64.117.35.255 pandasecurity.com
   • 64.117.35.255 pctools.com
   • 64.117.35.255 prevx.com
   • 64.117.35.255 rising-global.com
   • 64.117.35.255 sophos.com
   • 64.117.35.255 sunbeltsoftware.com
   • 64.117.35.255 symantec.com
   • 64.117.35.255 hacksoft.com.pe
   • 64.117.35.255 trendmicro.com
   • 64.117.35.255 anti-virus.by
   • 64.117.35.255 hauri.net
   • 64.117.35.255 virusbuster.hu
   • 64.117.35.255 www.emsisoft.com
   • 64.117.35.255 www.ahnlab.com
   • 64.117.35.255 www.antivir.es
   • 64.117.35.255 www.antiy.net
   • 64.117.35.255 www.authentium.com
   • 64.117.35.255 www.avast.com
   • 64.117.35.255 www.avg.com
   • 64.117.35.255 www.bitdefender.com
   • 64.117.35.255 www.quickheal.com
   • 64.117.35.255 www.clamav.net
   • 64.117.35.255 www.comodo.com
   • 64.117.35.255 www.drweb.com
   • 64.117.35.255 www.aladdin.com
   • 64.117.35.255 www.ca.com
   • 64.117.35.255 www.f-prot.com
   • 64.117.35.255 www.f-secure.com
   • 64.117.35.255 www.fortinet.com
   • 64.117.35.255 www.gdata.es
   • 64.117.35.255 www.ikarus.at
   • 64.117.35.255 www.jiangmin.com
   • 64.117.35.255 www.kaspersky.com
   • 64.117.35.255 www.mcafee.com
   • 64.117.35.255 www.microsoft.com
   • 64.117.35.255 www.eset.es
   • 64.117.35.255 www.norman.com
   • 64.117.35.255 www.nprotect.com
   • 64.117.35.255 www.pandasecurity.com
   • 64.117.35.255 www.pctools.com
   • 64.117.35.255 www.prevx.com
   • 64.117.35.255 www.rising-global.com
   • 64.117.35.255 www.sophos.com
   • 64.117.35.255 www.sunbeltsoftware.com
   • 64.117.35.255 www.symantec.com
   • 64.117.35.255 www.hacksoft.com.pe
   • 64.117.35.255 www.trendmicro.com
   • 64.117.35.255 www.anti-virus.by
   • 64.117.35.255 www.hauri.net
   • 64.117.35.255 www.virusbuster.hu
   • 64.117.35.255 www.emsisoft.com
   • 64.117.35.255 www.anti-trojan.net
   • 64.117.35.255 malwarescan.emsisoft.com
   • 64.117.35.255 forum.emsisoft.com
   • 64.117.35.255 www.emsisoft.net
   • 64.117.35.255 www.emsisoft.it
   • 64.117.35.255 www.emsisoft.de
   • 64.117.35.255 www.anti-trojan-software.net
   • 64.117.35.255 mamutu.com
   • 64.117.35.255 www.emsisoft.es
   • 64.117.35.255 malwarescan.emsisoft.de
   • 64.117.35.255 ww.emsisoft.com
   • 64.117.35.255 www.emsisoft.fr
   • 64.117.35.255 www.emsisoft.nl
   • 64.117.35.255 onlinecheck.emsisoft.com
   • 64.117.35.255 onlinecheck.emsisoft.de
   • 64.117.35.255 www.emsisoft.org
   • 64.117.35.255 scan.anti-trojan.net
   • 64.117.35.255 www.trojaner.info
   • 64.117.35.255 onlinecheck.emsisoft.org
   • 64.117.35.255 onlinecheck.emsisoft.net
   • 64.117.35.255 blitzblank.com
   • 64.117.35.255 www.emsisoft.at
   • 64.117.35.255 www.emsisoft.jp
   • 64.117.35.255 www.mamutu.com
   • 64.117.35.255 malwarescan.emsisoft.es
   • 64.117.35.255 www.mamutu.de
   • 64.117.35.255 download5.emsisoft.com
   • 64.117.35.255 download1.emsisoft.com
   • 64.117.35.255 download4.emsisoft.com
   • 64.117.35.255 global.ahnlab.com
   • 64.117.35.255 www.hackshields.com
   • 64.117.35.255 www.internationalservicecheck.com
   • 64.117.35.255 www.irangoals.com
   • 64.117.35.255 ixomodels.com
   • 64.117.35.255 www.indielisboa.com
   • 64.117.35.255 www.latin-mass-society.org
   • 64.117.35.255 www.arpia.be
   • 64.117.35.255 www.owen.org
   • 64.117.35.255 www.prdouglas.co.uk
   • 64.117.35.255 www.zarya.info
   • 64.117.35.255 www.willsee.com
   • 64.117.35.255 halmapr.com
   • 64.117.35.255 karuna-shechen.org
   • 64.117.35.255 www.barder.com
   • 64.117.35.255 www.antivir.es
   • 64.117.35.255 www.buraka.tv
   • 64.117.35.255 www.dr-bull.com
   • 64.117.35.255 www.manchester-offices.co.uk
   • 64.117.35.255 saverssite.com
   • 64.117.35.255 canada.karuna-shechen.org
   • 64.117.35.255 developmentdrums.org
   • 64.117.35.255 www.imddomains.co.uk
   • 64.117.35.255 cutlines.org
   • 64.117.35.255 elblogdemanu.com
   • 64.117.35.255 ruben.bzin.net
   • 64.117.35.255 welkam.co.jp
   • 64.117.35.255 www.cambridge-steiner-school.co.uk
   • 64.117.35.255 naturesimages.net
   • 64.117.35.255 www.1stavenuelimousines.co.uk
   • 64.117.35.255 www.mtr-design.com
   • 64.117.35.255 dev.depeuter.org
   • 64.117.35.255 www.emeraldclassic.co.uk
   • 64.117.35.255 www.peterhearnwaste.co.uk
   • 64.117.35.255 etrr.co.uk
   • 64.117.35.255 www.avoncourt.com
   • 64.117.35.255 sarahmcconnellphotography.net
   • 64.117.35.255 www.ixomodels.com
   • 64.117.35.255 natsko.com
   • 64.117.35.255 www.nottinghampoetryseries.com
   • 64.117.35.255 www.sheffieldmind.co.uk
   • 64.117.35.255 ixostore.ixomodels.com
   • 64.117.35.255 www.flairweddings.co.uk
   • 64.117.35.255 www.fimasys.com
   • 64.117.35.255 cohartuk.com
   • 64.117.35.255 qqjkw.net
   • 64.117.35.255 vivo-austin.com
   • 64.117.35.255 www.freeality.com
   • 64.117.35.255 bestofewan.com
   • 64.117.35.255 www.handwritingforkids.com
   • 64.117.35.255 cowsmo.com
   • 64.117.35.255 www.2xlgames.com
   • 64.117.35.255 kimzimmer.net
   • 64.117.35.255 basetendencies.com
   • 64.117.35.255 trackingtheworld.com
   • 64.117.35.255 www.reviewsofbooks.com
   • 64.117.35.255 www.collectedcurios.com
   • 64.117.35.255 www.renningers.com
   • 64.117.35.255 ccslaughterspdx.com
   • 64.117.35.255 www.briarhurst.com
   • 64.117.35.255 www.smf.org
   • 64.117.35.255 ribbonwarehouse.com
   • 64.117.35.255 www.garryowen.com
   • 64.117.35.255 45pounds.com
   • 64.117.35.255 isotopecomics.com
   • 64.117.35.255 roysephotos.com
   • 64.117.35.255 www.stadiumpage.com
   • 64.117.35.255 www.elvis-express.com
   • 64.117.35.255 www.tomorrowsedge.net
   • 64.117.35.255 www.beautybar.com
   • 64.117.35.255 pineleafboys.com
   • 64.117.35.255 www.mountainlakeslodge.com
   • 64.117.35.255 pvtc.org
   • 64.117.35.255 bhsbees.com
   • 64.117.35.255 baristamagazine.com
   • 64.117.35.255 www.gokidding.com
   • 64.117.35.255 defalcos.com
   • 64.117.35.255 www.celticmerchant.com
   • 64.117.35.255 www.hxproduction.com
   • 64.117.35.255 www.wellgousa.com
   • 64.117.35.255 blog.titanium-jewelry.com
   • 64.117.35.255 www.brightoctober.com
   • 64.117.35.255 hishomeforchildren.com
   • 64.117.35.255 www.phoenixtrikeworks.com
   • 64.117.35.255 www.professorbeyer.com
   • 64.117.35.255 www.secondchanceboxer.com
   • 64.117.35.255 www.residentphotography.com
   • 64.117.35.255 woottonfootball.com
   • 64.117.35.255 www.deborahshelton.net
   • 64.117.35.255 bobbondart.com
   • 64.117.35.255 www.authentium.com
   • 64.117.35.255 asap.authentium.com
   • 64.117.35.255 www.authentium.com.au
   • 64.117.35.255 avast.com
   • 64.117.35.255 www.avast.com
   • 64.117.35.255 files.avast.com
   • 64.117.35.255 download535.avast.com
   • 64.117.35.255 avg.com
   • 64.117.35.255 www.avg.com
   • 64.117.35.255 grisoft.com
   • 64.117.35.255 www.grisoft.com
   • 64.117.35.255 antivirus-tools.com
   • 64.117.35.255 archive.bitdefender.com
   • 64.117.35.255 avx.rob-have.net
   • 64.117.35.255 b-have.orgbitdefender-ar.com
   • 64.117.35.255 bitdefender.com
   • 64.117.35.255 bitdefender.org
   • 64.117.35.255 bitdefenderchina.com
   • 64.117.35.255 bitdefenderguatemala.com
   • 64.117.35.255 bitdefendermalaysia.com
   • 64.117.35.255 bitdefendertaiwan.com
   • 64.117.35.255 bitdefenderuruguay.com
   • 64.117.35.255 bitdefenderusa.com
   • 64.117.35.255 buy.bitdefender-es.com
   • 64.117.35.255 buy.bitdefender.com
   • 64.117.35.255 buy.bitdefender.de
   • 64.117.35.255 de.bitdefender.com
   • 64.117.35.255 fr.bitdefender.com
   • 64.117.35.255 futurenow.bitdefender.com
   • 64.117.35.255 it.bitdefender.com
   • 64.117.35.255 jobs.bitdefender.com
   • 64.117.35.255 kb.bitdefender.com
   • 64.117.35.255 kb.bitdefender.de
   • 64.117.35.255 kb.bitdefender.us
   • 64.117.35.255 latin.bitdefender.com
   • 64.117.35.255 linux.bitdefender.com
   • 64.117.35.255 malwarecity.com
   • 64.117.35.255 malwarecity.netmalwarecity.org
   • 64.117.35.255 malwarepedia.com
   • 64.117.35.255 neunet.orgnews.bitdefender.com
   • 64.117.35.255 nl.bitdefender.com
   • 64.117.35.255 renewals.bitdefender.com
   • 64.117.35.255 sales.bitdefender.com
   • 64.117.35.255 square.bitdefender.com
   • 64.117.35.255 store.bitdefender.com
   • 64.117.35.255 store.de.bitdefender.com
   • 64.117.35.255 us.bitdefender.com
   • 64.117.35.255 virusscanonline.net
   • 64.117.35.255 wedoantivirus.com
   • 64.117.35.255 www.antivirus-tools.com
   • 64.117.35.255 www.avx.ro
   • 64.117.35.255 www.bit-defender.de
   • 64.117.35.255 www.bitdefende.de
   • 64.117.35.255 www.bitdefender-es.com
   • 64.117.35.255 www.bitdefender.be
   • 64.117.35.255 www.bitdefender.cl
   • 64.117.35.255 www.bitdefender.co.uk
   • 64.117.35.255 www.bitdefender.com
   • 64.117.35.255 www.bitdefender.com.au
   • 64.117.35.255 www.bitdefender.com.sg
   • 64.117.35.255 www.bitdefender.com.tw
   • 64.117.35.255 www.bitdefender.com.vn
   • 64.117.35.255 www.bitdefender.de
   • 64.117.35.255 www.bitdefender.es
   • 64.117.35.255 www.bitdefender.fr
   • 64.117.35.255 www.bitdefender.hk
   • 64.117.35.255 www.bitdefender.us
   • 64.117.35.255 www.bitdefenderme.com
   • 64.117.35.255 www.malwarecity.com
   • 64.117.35.255 www.malwarecity.fr
   • 64.117.35.255 quickheal.com
   • 64.117.35.255 www.quickheal.com
   • 64.117.35.255 www.clamav.net
   • 64.117.35.255 cgi.clamav.net
   • 64.117.35.255 lurker.clamav.net
   • 64.117.35.255 wwws.clamav.net
   • 64.117.35.255 lists.clamav.net
   • 64.117.35.255 bugs.clamav.net
   • 64.117.35.255 system-cleaner.comodo.com
   • 64.117.35.255 backup.comodo.com
   • 64.117.35.255 www.comodoantispam.com
   • 64.117.35.255 easy-vpn.comodo.com
   • 64.117.35.255 www.trustlogo.com
   • 64.117.35.255 ztl.comodo.com
   • 64.117.35.255 www.livepcsupport.com
   • 64.117.35.255 www.whichssl.com
   • 64.117.35.255 www.trustix.com
   • 64.117.35.255 disk-encryption.comodo.com
   • 64.117.35.255 speedtest.comodo.com
   • 64.117.35.255 www.contentverification.com
   • 64.117.35.255 idauthority.com
   • 64.117.35.255 www.comodo.tv
   • 64.117.35.255 online-backup.comodo.com
   • 64.117.35.255 www.testmypcsecurity.com
   • 64.117.35.255 www.ccssforum.org
   • 64.117.35.255 i-vault.comodo.com
   • 64.117.35.255 internetsecurity.comodo.com
   • 64.117.35.255 www.comodopartners.com
   • 64.117.35.255 timestamp.comodoca.com
   • 64.117.35.255 secure-email.comodo.com
   • 64.117.35.255 timestamp.wosign.com
   • 64.117.35.255 rover800.gaima.co.uk
   • 64.117.35.255 www.nsclean.com
   • 64.117.35.255 www.contentverification.com
   • 64.117.35.255 new-estore.drweb.com
   • 64.117.35.255 support.drweb.com
   • 64.117.35.255 pda.drweb.com
   • 64.117.35.255 updates.drweb.com
   • 64.117.35.255 drweb.com
   • 64.117.35.255 vms.drweb.com
   • 64.117.35.255 solutions.drweb.com
   • 64.117.35.255 news.drweb.com
   • 64.117.35.255 my.drweb.com
   • 64.117.35.255 buy.drweb.com
   • 64.117.35.255 products.drweb.com
   • 64.117.35.255 new-support.drweb.com
   • 64.117.35.255 promotions.drweb.com
   • 64.117.35.255 network.drweb.com
   • 64.117.35.255 customers.drweb.com
   • 64.117.35.255 store.drweb.com
   • 64.117.35.255 company.drweb.com
   • 64.117.35.255 training.drweb.com
   • 64.117.35.255 license.drweb.com
   • 64.117.35.255 cureit.ru
   • 64.117.35.255 free.drweb.com
   • 64.117.35.255 info.drweb.com
   • 64.117.35.255 new-partners.drweb.com
   • 64.117.35.255 drweb.net
   • 64.117.35.255 new-company.drweb.com
   • 64.117.35.255 new-beta.drweb.com
   • 64.117.35.255 new-forum.drweb.com
   • 64.117.35.255 secure.av-desk.com
   • 64.117.35.255 www.av-desk.com
   • 64.117.35.255 new-solutions.drweb.com
   • 64.117.35.255 new-www.drweb.com
   • 64.117.35.255 www.freedrweb.ru
   • 64.117.35.255 daniloff.net
   • 64.117.35.255 drweb-inside.com
   • 64.117.35.255 drwebinside.com
   • 64.117.35.255 aladdin.com
   • 64.117.35.255 alladdin.ru
   • 64.117.35.255 chickensroamfree.com
   • 64.117.35.255 ealaddin.net
   • 64.117.35.255 ealaddin.orgeshop.aladdin.com
   • 64.117.35.255 secureme.com
   • 64.117.35.255 www.aks.com
   • 64.117.35.255 www.aladdin.com
   • 64.117.35.255 www.ealaddin.com
   • 64.117.35.255 www.ealaddin.com
   • 64.117.35.255 auwww.ealaddin.nl
   • 64.117.35.255 www.esafe.com
   • 64.117.35.255 www.hasp.se
   • 64.117.35.255 www.safenet-inc.com
   • 64.117.35.255 www3.safenet-inc.com
   • 64.117.35.255 www.ca.com
   • 64.117.35.255 cacomvip.ca.com
   • 64.117.35.255 www.netegrity.com
   • 64.117.35.255 search.ca.com
   • 64.117.35.255 cai.com
   • 64.117.35.255 www.f-prot.com
   • 64.117.35.255 frisk-software.com
   • 64.117.35.255 www.frisk.is
   • 64.117.35.255 www.frisk-software.com
   • 64.117.35.255 f-secure.com
   • 64.117.35.255 f-secure.frf-secure.hk
   • 64.117.35.255 f-secure.nlfsecure.com
   • 64.117.35.255 fsecure.nlwebyard.com
   • 64.117.35.255 www.f-secure.com
   • 64.117.35.255 www.fsecure.com
   • 64.117.35.255 www.virus.fi
   • 64.117.35.255 fortihero.com
   • 64.117.35.255 fortilog.com
   • 64.117.35.255 fortinet.co.at
   • 64.117.35.255 fortinet.com
   • 64.117.35.255 fortiprotect.com
   • 64.117.35.255 fortiwifi.com
   • 64.117.35.255 www.apsecure.com
   • 64.117.35.255 www.fortifed.com
   • 64.117.35.255 www.fortiid.com
   • 64.117.35.255 www.fortimail.com
   • 64.117.35.255 www.fortinet-apac.com
   • 64.117.35.255 www.fortinet.ch
   • 64.117.35.255 www.fortinet.co.il
   • 64.117.35.255 www.fortinet.com
   • 64.117.35.255 www.fortinet.com
   • 64.117.35.255 arwww.fortinet.cz
   • 64.117.35.255 www.fortinet.net
   • 64.117.35.255 www.fortinet.nl
   • 64.117.35.255 www.fortinet.sg
   • 64.117.35.255 www.fortinetuk.com
   • 64.117.35.255 www.secure-elements.com
   • 64.117.35.255 gdata.es
   • 64.117.35.255 www.gdata.es
   • 64.117.35.255 ikarus.at
   • 64.117.35.255 www.ikarus.at
   • 64.117.35.255 global.jiangmin.com
   • 64.117.35.255 jiangmin.com.cn
   • 64.117.35.255 jiangmin.com
   • 64.117.35.255 www.jiangmin.com.cn
   • 64.117.35.255 www.kaspersky.com
   • 64.117.35.255 forum.kaspersky.com
   • 64.117.35.255 support.kaspersky.co
   • 64.117.35.255 usa.kaspersky.com
   • 64.117.35.255 brazil.kaspersky.com
   • 64.117.35.255 latam.kaspersky.com
   • 64.117.35.255 kaspersky.com
   • 64.117.35.255 me.kaspersky.com
   • 64.117.35.255 images.kaspersky.com
   • 64.117.35.255 www.mcafee.com
   • 64.117.35.255 support.mcafee.com
   • 64.117.35.255 msr.mcafee.com
   • 64.117.35.255 home.mcafee.com
   • 64.117.35.255 networkassociates.com
   • 64.117.35.255 us.mcafee.com
   • 64.117.35.255 tr.mcafee.com
   • 64.117.35.255 au.mcafee.com
   • 64.117.35.255 mx.mcafee.com
   • 64.117.35.255 networkassociates.nai.com
   • 64.117.35.255 go.mcafee.com
   • 64.117.35.255 fr.mcafee.com
   • 64.117.35.255 uk.mcafee.com
   • 64.117.35.255 de.mcafee.com
   • 64.117.35.255 obscgi.mcafee.com
   • 64.117.35.255 nai.com
   • 64.117.35.255 www.entercept.com
   • 64.117.35.255 jp.mcafee.com
   • 64.117.35.255 mcafeeb2b.com
   • 64.117.35.255 cn.mcafee.com
   • 64.117.35.255 service.mcafee.com
   • 64.117.35.255 br.mcafee.com
   • 64.117.35.255 www.mcafee.at
   • 64.117.35.255 mcafeeretail.com
   • 64.117.35.255 it.mcafee.com
   • 64.117.35.255 tw.mcafee.com
   • 64.117.35.255 privacy.microsoft.com
   • 64.117.35.255 tempuri.org
   • 64.117.35.255 schemas.xmlsoap.org
   • 64.117.35.255 www.microsoft.com
   • 64.117.35.255 specs.xmlsoap.org
   • 64.117.35.255 www.eugrantsadvisor.ie
   • 64.117.35.255 schemas.microsoft.com
   • 64.117.35.255 encarta.msn.com
   • 64.117.35.255 www.sysinternals.com
   • 64.117.35.255 grv.microsoft.com
   • 64.117.35.255 www.xmlsoap.org
   • 64.117.35.255 www.eugrantsadvisor.se
   • 64.117.35.255 www.eugrantsadvisor.com
   • 64.117.35.255 research.microsoft.com
   • 64.117.35.255 www.engyro.com
   • 64.117.35.255 www.exchangeyourcareer.com
   • 64.117.35.255 www.eugrantsadvisor.de
   • 64.117.35.255 exchangeyourcareer.net
   • 64.117.35.255 eugrantsadvisor.de
   • 64.117.35.255 eugrantsadvisor.cz
   • 64.117.35.255 www.eset.es
   • 64.117.35.255 demos.eset.es
   • 64.117.35.255 descargas.eset.es
   • 64.117.35.255 blogs.protegerse.com
   • 64.117.35.255 eos.eset.es
   • 64.117.35.255 pedidos.protegerse.com
   • 64.117.35.255 reg-int.nod32-es.com
   • 64.117.35.255 reg.eset.es
   • 64.117.35.255 vicentevirtual.com
   • 64.117.35.255 cou85.com
   • 64.117.35.255 www.norman.com
   • 64.117.35.255 fsc.norman.com
   • 64.117.35.255 nprobeta.norman.com
   • 64.117.35.255 register.norman.com
   • 64.117.35.255 webadmin.norman.no
   • 64.117.35.255 sandbox.norman.com
   • 64.117.35.255 www.nprotect.com
   • 64.117.35.255 global.nprotect.com
   • 64.117.35.255 www.nprotect.co.kr
   • 64.117.35.255 www.npin.co.kr
   • 64.117.35.255 siren24.nprotect.com
   • 64.117.35.255 15660808.co.kr
   • 64.117.35.255 biz.nprotect.com
   • 64.117.35.255 nprotect.net
   • 64.117.35.255 www.nprotect.com.br
   • 64.117.35.255 liveprotect.net
   • 64.117.35.255 nprotect.seoul.go.kr
   • 64.117.35.255 chollian.nprotect.co.kr
   • 64.117.35.255 www.pandasecurity.com
   • 64.117.35.255 research.pandasecurity.com
   • 64.117.35.255 support.pandasecurity.com
   • 64.117.35.255 pandalabs.pandasecurity.com
   • 64.117.35.255 pandasecurity.com
   • 64.117.35.255 mop.pandasecurity.com
   • 64.117.35.255 timeforyourbusi.pandasecurity.com
   • 64.117.35.255 cybercrime.pandasecurity.com
   • 64.117.35.255 free.pandasecurity.com
   • 64.117.35.255 cloudprotection.pandasecurity.com
   • 64.117.35.255 shop.pandasecurity.com
   • 64.117.35.255 soporte.pandasecurity.com
   • 64.117.35.255 together.pctools.com
   • 64.117.35.255 www.prevx.com
   • 64.117.35.255 info.prevx.com
   • 64.117.35.255 free.prevx.com
   • 64.117.35.255 spywarefiles.prevx.com
   • 64.117.35.255 spywaredlls.prevx.com
   • 64.117.35.255 shield.prevx.com
   • 64.117.35.255 www.prevx1.com
   • 64.117.35.255 howsafeismypc.com
   • 64.117.35.255 www.retento.com
   • 64.117.35.255 www.freerav.com
   • 64.117.35.255 www.rising-global.com
   • 64.117.35.255 www.risingav.com.au
   • 64.117.35.255 support.rising-global.com
   • 64.117.35.255 superboy2010.com.au
   • 64.117.35.255 www.sophos.com
   • 64.117.35.255 feeds.sophos.com
   • 64.117.35.255 esp.sophos.com
   • 64.117.35.255 cn.sophos.com
   • 64.117.35.255 tw.sophos.com
   • 64.117.35.255 kr.sophos.com
   • 64.117.35.255 sophos.com
   • 64.117.35.255 podcasts.sophos.com
   • 64.117.35.255 www.sunbeltsoftware.com
   • 64.117.35.255 go.sunbeltsoftware.com
   • 64.117.35.255 oem.sunbeltsoftware.com
   • 64.117.35.255 antispam.sunbeltsoftware.com
   • 64.117.35.255 antispyware.sunbeltsoftware.com
   • 64.117.35.255 antivirus.sunbeltsoftware.com
   • 64.117.35.255 sunbeltsoftware.com
   • 64.117.35.255 shop.sunbeltsoftware.com
   • 64.117.35.255 live.sunbeltsoftware.com
   • 64.117.35.255 firewall.sunbeltsoftware.com
   • 64.117.35.255 www.symantec.com
   • 64.117.35.255 security.symantec.com
   • 64.117.35.255 securityrespons.symantec.com
   • 64.117.35.255 service1.symantec.com
   • 64.117.35.255 enterprisesecur.symantec.com
   • 64.117.35.255 eval.symantec.com
   • 64.117.35.255 symantec.com
   • 64.117.35.255 definitions.symantec.com
   • 64.117.35.255 investor.symantec.com
   • 64.117.35.255 et.symantec.com
   • 64.117.35.255 sfdoccentral.symantec.com
   • 64.117.35.255 servicenews.symantec.com
   • 64.117.35.255 securityrespons.symantec.com
   • 64.117.35.255 sea.symantec.com
   • 64.117.35.255 go.symantec.com
   • 64.117.35.255 dell.symantec.com
   • 64.117.35.255 sun.symantec.com
   • 64.117.35.255 marian.symantec.com
   • 64.117.35.255 tms.symantec.com
   • 64.117.35.255 securitycheck.symantec.com
   • 64.117.35.255 smallbiz.symantec.com
   • 64.117.35.255 www.symantec.com
   • 64.117.35.255 visualtracking.symantec.com
   • 64.117.35.255 search.symantec.com
   • 64.117.35.255 liveupdate.symantec.com
   • 64.117.35.255 sitedirector.symantec.com
   • 64.117.35.255 edm.symantec.com
   • 64.117.35.255 hostedmailsecur.symantec.com
   • 64.117.35.255 www4.symantec.com
   • 64.117.35.255 education.symantec.com
   • 64.117.35.255 vos.symantec.com
   • 64.117.35.255 www.hacksoft.com.pe
   • 64.117.35.255 hacksoft.pe
   • 64.117.35.255 www.hacksoft.pe
   • 64.117.35.255 housecall.trendmicro.com
   • 64.117.35.255 www.trendmicro.com
   • 64.117.35.255 housecall65.trendmicro.com
   • 64.117.35.255 us.trendmicro.com
   • 64.117.35.255 blog.trendmicro.com
   • 64.117.35.255 emea.trendmicro.com
   • 64.117.35.255 housecall60.trendmicro.com
   • 64.117.35.255 jp.trendmicro.com
   • 64.117.35.255 de.trendmicro.com
   • 64.117.35.255 it.trendmicro.com
   • 64.117.35.255 itw.trendmicro.com
   • 64.117.35.255 esupport.trendmicro.com
   • 64.117.35.255 es.trendmicro.com
   • 64.117.35.255 br.trendmicro.com
   • 64.117.35.255 tw.trendmicro.com
   • 64.117.35.255 la.trendmicro.com
   • 64.117.35.255 uk.trendmicro.com
   • 64.117.35.255 ru.trendmicro.com
   • 64.117.35.255 smbstore.trendmicro.com
   • 64.117.35.255 apac.trendmicro.com
   • 64.117.35.255 store.trendmicro.com
   • 64.117.35.255 training.trendmicro.com
   • 64.117.35.255 trial.trendmicro.com
   • 64.117.35.255 ushousecall02.trendmicro.com
   • 64.117.35.255 subwiz.trendmicro.com
   • 64.117.35.255 go.trendmicro.com
   • 64.117.35.255 feeds.trendmicro.com
   • 64.117.35.255 channelpartner.trendmicro.com
   • 64.117.35.255 wtc.trendmicro.com
   • 64.117.35.255 shop.trendmicro.com
   • 64.117.35.255 fr.trendmicro.com
   • 64.117.35.255 threatinfo.trendmicro.com
   • 64.117.35.255 newsletters.trendmicro.com
   • 64.117.35.255 www.anti-virus.by
   • 64.117.35.255 bg.virusblokada.com
   • 64.117.35.255 www.vba.com.by
   • 64.117.35.255 beta.anti-virus.by
   • 64.117.35.255 www.bg.virusblokada.com
   • 64.117.35.255 www.hauri.net
   • 64.117.35.255 www.hauri.co.kr
   • 64.117.35.255 company.hauri.net
   • 64.117.35.255 www.globalhauri.com
   • 64.117.35.255 shop.hauri.co.kr
   • 64.117.35.255 hauri.co.kr
   • 64.117.35.255 pg.hauri.net
   • 64.117.35.255 esecurity.livecall.co.kr
   • 64.117.35.255 mall.hauri.co.kr
   • 64.117.35.255 company.hauri.co.kr
   • 64.117.35.255 haurijapan.com
   • 64.117.35.255 virobot.co.kr
   • 64.117.35.255 www.virusbuster.hu
   • 64.117.35.255 virusbuster.hu
   • 64.117.35.255 scanner.novirusthanks.org
   • 64.117.35.255 scanner2.novirusthanks.or
   • 64.117.35.255 novirusthanks.org
   • 64.117.35.255 www.novirusthanks.org
   • 64.117.35.255 virustotal.com
   • 64.117.35.255 www.virustotal.com
   • 64.117.35.255 virscan.org
   • 64.117.35.255 www.virscan.org
   • 64.117.35.255 virusscan.jotti.org
   • 64.117.35.255 jotti.org
   • 64.117.35.255 www.jotti.org
   • 64.117.35.255 viruschief.com
   • 64.117.35.255 www.viruschief.com
   • 64.117.35.255 scanner.virus.org
   • 64.117.35.255 virus.org
   • 64.117.35.255 www.virus.org
   • 64.117.35.255 scan4you.net
   • 64.117.35.255 www.scan4you.net
   • 64.117.35.255 avhide.com
   • 64.117.35.255 www.avhide.com
   • 64.117.35.255 anubis.iseclab.org
   • 64.117.35.255 iseclab.org
   • 64.117.35.255 www.iseclab.org
   • 64.117.35.255 threatexpert.com
   • 64.117.35.255 www.threatexpert.com

Miscellaneous Checks for an internet connection by contacting the following web site:
• www.whatismyip.org
Accesses internet resources:
• http://9-p-5-k-p-z-8-6-k-f-q**********.info

File details Programming language:
The malware program was written in Visual Basic.

Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
• UPX

Description inserted by Ana Maria Niculescu on Thursday, March 3, 2011
Description updated by Ana Maria Niculescu on Friday, March 4, 2011

Back . . . .

Call Us

+1 800-403-7019

Drop us a line

We'll get back to you lickety-split.

Nice to hear from you!

Thank you for contacting Avira.

Featured products

More products

Most popular

All products

Home Products

Business Products

Virus Lab

More Support

Become an Avira Partner

Home Products

Business Products

Just want to evaluate a product?

Manuals and Tools

Call Us

+1 800-403-7019

Drop us a line

We'll get back to you lickety-split.

Nice to hear from you!

Thank you for contacting Avira.

Featured products

More products

Most popular

All products

Home Products

Business Products

Virus Lab

More Support

Become an Avira Partner

Home Products

Business Products

Just want to evaluate a product?

Manuals and Tools