Avira Virus Lab

TR/Agent.12345344

  • Name
    TR/Agent.12345344
  • Date discovered
    Jul 11, 2015
  • Type
    Malware
  • Impact
    Medium 
  • Reported Infections
    Low 
  • Operating System
    Windows
  • VDF version
    7.11.247.84 (2015-07-11 15:16)

Stay safe from all these threats with Avira Free Antivirus.

Avira Free Antivirus Download Free

The term 'TR' denotes a trojan horse that is able to spy out data, violate your privacy, or perform unwanted modifications to the system.

  • VDF
    7.11.247.84 (2015-07-11 15:16)
  • Aliases
    ClamAV: Win.Trojan.Swrort-13999
    Dr. Web: Trojan.DownLoader1.51147
  • Files
    The following files are created:
    • %APPDATA%\VOS\HDDRegenerator\VirtApp.ini
    • %APPDATA%\VOS\HDDRegenerator\VirtApp.ini.20110102-102951.866.stamp
    • %APPDATA%\VOS\HDDRegenerator\AppVirtDll_HDDRegenerator.dll
    • %APPDATA%\VOS\HDDRegenerator\AppVirtDll_HDDRegenerator.dll.20110102-102951.866.stamp
    • %APPDATA%\VOS\HDDRegenerator\VirtFiles.db
    • %APPDATA%\VOS\HDDRegenerator\VirtFiles.db.20110102-102951.866.stamp
    • %APPDATA%\VOS\HDDRegenerator\VirtReg.export
    • %APPDATA%\VOS\HDDRegenerator\VirtReg.export.20110102-102951.866.stamp
    • %APPDATA%\VOS\HDDRegenerator\%Common DesktopDirectory%\HDD Regenerator.lnk
    • %APPDATA%\VOS\HDDRegenerator\%Common StartMenu%\Programmi\HDD Regenerator\HDD Regenerator.lnk
    • %APPDATA%\VOS\HDDRegenerator\%Common StartMenu%\Programmi\HDD Regenerator\Readme.lnk
    • %APPDATA%\VOS\HDDRegenerator\%Program Files%\HDD Regenerator\Microsoft.Windows.Common-Controls\Microsoft.Windows.Common-Controls.manifest
    • %APPDATA%\VOS\HDDRegenerator\%Program Files%\HDD Regenerator\Microsoft.Windows.Common-Controls\comctl32.dll
    • %APPDATA%\VOS\HDDRegenerator\%Program Files%\HDD Regenerator\hddreg.exe.manifest
    • %APPDATA%\VOS\HDDRegenerator\%Windows%\Installer\{97A39919-9FEA-48B7-AB2B-4F99212D1E98}\Microsoft.Windows.Common-Controls\Microsoft.Windows.Common-Controls.manifest
    • %APPDATA%\VOS\HDDRegenerator\%Windows%\Installer\{97A39919-9FEA-48B7-AB2B-4F99212D1E98}\Microsoft.Windows.Common-Controls\comctl32.dll
    • %APPDATA%\VOS\HDDRegenerator\%System%\borlndmm.dll
    • %APPDATA%\VOS\HDDRegenerator\%Program Files%\HDD Regenerator\SysDlls\borlndmm.dll
    • %APPDATA%\VOS\HDDRegenerator\%System%\cc32100mt.dll
    • %APPDATA%\VOS\HDDRegenerator\%Program Files%\HDD Regenerator\SysDlls\cc32100mt.dll
    • %APPDATA%\VOS\HDDRegenerator\%Program Files%\HDD Regenerator\SysDlls\SysDlls.manifest
    • %APPDATA%\VOS\HDDRegenerator\VirtReg.db
    • %APPDATA%\VOS\HDDRegenerator\ZipCache
    • %APPDATA%\VOS\HDDRegenerator\ZipCache.20110102-102951.679.stamp
    • %APPDATA%\VOS\HDDRegenerator\%Program Files%\HDD Regenerator\Shell.exe
    • %APPDATA%\VOS\HDDRegenerator\%Program Files%\HDD Regenerator\HDD Regenerator.exe
    The following files are changed:
    • %APPDATA%\VOS\HDDRegenerator\VirtFiles.db
    The following files are deleted:
    • %TEMPDIR%\~DF1538.tmp
  • Injections
    • %PROGRAM FILES%\HDD Regenerator\Shell.exe
    • %PROGRAM FILES%\HDD Regenerator\HDD Regenerator.exe
  • Registry
    The following registry entries are added:
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\CLSID\{C915F573-4C11-4968-9080-29E611FDBE9F}] @ = "eSeller Class"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\CLSID\{C915F573-4C11-4968-9080-29E611FDBE9F}\InprocServer32] @ = "%WINDIR%\eSellerateControl365.dll" "InprocServer32" = "lz[gX^8WG?9F8?Y(pctX>xhG9n9GeS9)_ijQX^R&8;" "ThreadingModel" = "Apartment"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\CLSID\{C915F573-4C11-4968-9080-29E611FDBE9F}\ProgID] @ = "eSellerateControl.365.1"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\CLSID\{C915F573-4C11-4968-9080-29E611FDBE9F}\VersionIndependentProgID] @ = "eSellerateControl.365"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\eSellerateControl.365] @ = "eSeller Class"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\eSellerateControl.365\CurVer] @ = "eSellerateControl.365.1"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\eSellerateControl.365.1] @ = "eSeller Class"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\Installer\Features\91993A79AEF97B84BAB2F49912D2E189] "AlwaysInstall" = ""
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\Installer\Products\91993A79AEF97B84BAB2F49912D2E189] "ProductName" = "HDD Regenerator" "PackageCode" = "C37A35154EEC1F142A22C8F973633FD8" "Language" = dword:00000409 "Version" = dword:140b000b "Assignment" = dword:00000001 "AdvertiseFlags" = dword:00000184 "ProductIcon" = "%WINDIR%\Installer\{97A39919-9FEA-48B7-AB2B-4F99212D1E98}\ARPPRODUCTICON.exe" "InstanceType" = dword:00000000 "AuthorizedLUAApp" = dword:00000000 "Clients" = ":;"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\Installer\Products\91993A79AEF97B84BAB2F49912D2E189\SourceList\Media] "DiskPrompt" = "[1]" "1" = "DISK1;1"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\36EB8DED78653F64290EE86C78113865] "91993A79AEF97B84BAB2F49912D2E189" = ""
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\Interface\{40A9417F-F41E-40A2-BAA5-FE0ACB1CF8F8}] @ = "IeSeller"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\TypeLib\{169FBBF8-0478-42A4-B386-4F5B2CF9A98B}\1.0] @ = "eSellerateControl 3.6.5 Library"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\TypeLib\{169FBBF8-0478-42A4-B386-4F5B2CF9A98B}\1.0\0\win32] @ = "%WINDIR%\eSellerateControl365.dll"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\TypeLib\{169FBBF8-0478-42A4-B386-4F5B2CF9A98B}\1.0\FLAGS] @ = "0"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Classes\TypeLib\{169FBBF8-0478-42A4-B386-4F5B2CF9A98B}\1.0\HELPDIR] @ = "%WINDIR%\\"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG] "Seed" = %hex values%
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\36EB8DED78653F64290EE86C78113865] "91993A79AEF97B84BAB2F49912D2E189" = ""
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CD57F742E376B14AACEE4E7386A674E] "91993A79AEF97B84BAB2F49912D2E189" = "%PROGRAM FILES%\"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\16A0EEC0600AE1B4BAF991A4DBB166EA] "91993A79AEF97B84BAB2F49912D2E189" = "%PROGRAM FILES%\HDD Regenerator\Shell.exe"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\313E69A4EEB26534D84286E1FA14BB55] "91993A79AEF97B84BAB2F49912D2E189" = "%PROGRAM FILES%\HDD Regenerator\"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\476DBA7A72DBBAE418BCA5D19869FF5E] "91993A79AEF97B84BAB2F49912D2E189" = "%PROGRAM FILES%\HDD Regenerator\Purchase.exe"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\595E5B4BD41CD9242B94AFDA3268411F] "91993A79AEF97B84BAB2F49912D2E189" = "%SYSDIR%\"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\74D0877D01C70F24ABA79F18EBD2B5E3] "91993A79AEF97B84BAB2F49912D2E189" = "%WINDIR%\eSellerateControl365.dll"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\80C059A9A265C8946A4189E1A02D95DA] "91993A79AEF97B84BAB2F49912D2E189" = "C?\WINDOWS\system32\cc32100mt.dll"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\93794A6B7B77623489C6005F2AB2D95D] "91993A79AEF97B84BAB2F49912D2E189" = "%PROGRAM FILES%\HDD Regenerator\HDD Regenerator.exe"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\93D00ABDC873C134CABB14CEF92BD866] "91993A79AEF97B84BAB2F49912D2E189" = "%PROGRAM FILES%\HDD Regenerator\hddreg.exe"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AEAE8CB7E28330C449885392EC3126BE] "91993A79AEF97B84BAB2F49912D2E189" = "%WINDIR%\"
    • [HKEY_CURRENT_USER\Software\VOS\HDDRegenerator\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D91CAC9FB1154544687B0E2A030C1A59] "91993A79AEF97B84BAB2F49912D2E189" = "C?\WINDOWS\system32\borlndmm.dll"
  • HTTP Requests
    • www.*******.net/vers/hr2011/kshv2w110
    • www.*******.net/vers/hr2011/kshv2w110?5445414D20524553555252454354494F4E40323030342D30383031

Help make the web safer by sending us suspicious files/URLs to analyze

Submit your file/URL or Go to support.avira.com

Why submit a suspicious file?

If you encountered a suspicious file or website that’s not in our database, we’ll analyze it and determine whether it’s harmful. Our findings are then pushed out to our millions of users with their next virus database update. If you have Avira, you’ll get that update too. Don’t have Avira? Get it on our homepage.