Technical Information
- [<HKLM>\SOFTWARE\Classes\docfile\Shell\Open\command] '' = '<Full path to virus> "%1"'
- [<HKLM>\SOFTWARE\Classes\docxfile\Shell\Open\command] '' = '<Full path to virus> "%1"'
- [<HKLM>\SOFTWARE\Classes\pdffile\Shell\Open\command] '' = '<Full path to virus> "%1"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'aqswde' = '<Full path to virus>'
- [<HKLM>\SOFTWARE\Classes\txtfile\shell\open\command] '' = '<Full path to virus> "%1"'
- <Drive name for removable media>:\SKP7hs.exe
- %WINDIR%\srchasst\URfYDf.exe
- %WINDIR%\SoftwareDistribution\SelfUpdate\VBgWdB.exe
- %WINDIR%\SoftwareDistribution\EventCache\D8DAUT.exe
- %WINDIR%\srchasst\chars\gHU8K2.exe
- <SYSTEM32>\VX62FU.exe
- %WINDIR%\system\HK2fHT.exe
- %WINDIR%\srchasst\mui\MJ3VG9.exe
- %WINDIR%\SoftwareDistribution\Download\7hJEFL.exe
- %WINDIR%\security\Database\VfSE52.exe
- %WINDIR%\security\56G9GL.exe
- %WINDIR%\Resources\Themes\EFZ2df.exe
- %WINDIR%\security\logs\SVSG8Z.exe
- %WINDIR%\SoftwareDistribution\DataStore\WGFT9P.exe
- %WINDIR%\SoftwareDistribution\R6FhA5.exe
- %WINDIR%\security\templates\gG5gKa.exe
- <SYSTEM32>\3com_dmi\h8ZY79.exe
- <SYSTEM32>\3076\A8Yhd7.exe
- <SYSTEM32>\2052\5NWCgX.exe
- <SYSTEM32>\CatRoot\BaU7dX.exe
- <SYSTEM32>\config\4HaSAY.exe
- <SYSTEM32>\Com\F5SXFN.exe
- <SYSTEM32>\CatRoot2\RaBGCZ.exe
- <SYSTEM32>\1054\WgH32Z.exe
- <SYSTEM32>\1031\RUGD99.exe
- <SYSTEM32>\1028\7dTSK2.exe
- <SYSTEM32>\1025\5DVUgH.exe
- <SYSTEM32>\1033\5gXsDU.exe
- <SYSTEM32>\1042\gSfPS8.exe
- <SYSTEM32>\1041\5Cg5gG.exe
- <SYSTEM32>\1037\h44CgX.exe
- %WINDIR%\msagent\chars\aJ8h97.exe
- %WINDIR%\msagent\XFXUPN.exe
- %WINDIR%\Microsoft.NET\Framework\VW2HXa.exe
- %WINDIR%\msagent\intl\GWHESJ.exe
- %WINDIR%\mui\NW7Yd8.exe
- %WINDIR%\msapps\msinfo\SNHJJZ.exe
- %WINDIR%\msapps\UFsLLN.exe
- %WINDIR%\Microsoft.NET\assembly\8HdUM6.exe
- %WINDIR%\java\6KUHZd.exe
- %WINDIR%\ime\shared\HfMZVV.exe
- %WINDIR%\ime\imkr6_1\QVd93d.exe
- %WINDIR%\java\classes\KV9CB6.exe
- %WINDIR%\Microsoft.NET\VT6YEZ.exe
- %WINDIR%\Media\V7Z4BV.exe
- %WINDIR%\java\trustlib\JDgTJT.exe
- %WINDIR%\pss\HQYTN8.exe
- %WINDIR%\Provisioning\Schemas\4DKSV4.exe
- %WINDIR%\Provisioning\QB2a5X.exe
- %WINDIR%\Registration\M4QAU9.exe
- %WINDIR%\Resources\fhRQLM.exe
- %WINDIR%\repair\fMK4fg.exe
- %WINDIR%\Registration\CRMLog\9DE7CJ.exe
- %WINDIR%\Prefetch\JSaaWP.exe
- %WINDIR%\pchealth\7PHTYZ.exe
- %WINDIR%\Offline Web Pages\ZfE52d.exe
- %WINDIR%\ocx\fUHTER.exe
- %WINDIR%\pchealth\ERRORREP\PGMgWP.exe
- %WINDIR%\PeerNet\MMMG6S.exe
- %WINDIR%\pchealth\UploadLB\JCFJLF.exe
- %WINDIR%\pchealth\helpctr\APLJVg.exe
- <SYSTEM32>\dhcp\fhSVYS.exe
- %WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\gQ9QQ6.exe
- %WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\fXWYGT.exe
- %WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\96GKAB.exe
- %WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\U5SUTH.exe
- %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\DXddRP.exe
- %WINDIR%\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\59K9XH.exe
- %WINDIR%\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\sD3h56.exe
- %WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\NEVV9R.exe
- %WINDIR%\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\VJAffD.exe
- %WINDIR%\WinSxS\Manifests\Ma8ADX.exe
- %WINDIR%\WinSxS\InstallTemp\3UAsBQ.exe
- %WINDIR%\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\6YB25g.exe
- %WINDIR%\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\36R3GR.exe
- %WINDIR%\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\DYhH6J.exe
- %WINDIR%\WinSxS\Policies\NJKgBG.exe
- %WINDIR%\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\3sQdh6.exe
- %WINDIR%\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\sd7XVG.exe
- %WINDIR%\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\KUd3CG.exe
- %WINDIR%\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\527RYF.exe
- %WINDIR%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\QWPJR4.exe
- %WINDIR%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\QC5TPL.exe
- %WINDIR%\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0\UG7AJZ.exe
- %WINDIR%\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\JYaUaG.exe
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\fsH78L.exe
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\MgUST6.exe
- %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\ZF6hPF.exe
- %WINDIR%\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\JUM3Pd.exe
- %WINDIR%\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\SFD7A7.exe
- %WINDIR%\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\Y2PFG7.exe
- %WINDIR%\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\V2SYMa.exe
- <SYSTEM32>\mui\4BEsHS.exe
- <SYSTEM32>\MsDtc\2fT6LJ.exe
- <SYSTEM32>\Macromed\VfQ43E.exe
- <SYSTEM32>\npp\3sdZPJ.exe
- <SYSTEM32>\Restore\7MMEDW.exe
- <SYSTEM32>\ras\fMFCE2.exe
- <SYSTEM32>\oobe\sWGC4D.exe
- <SYSTEM32>\inetsrv\JGEUMU.exe
- <SYSTEM32>\en-us\25LSQF.exe
- <DRIVERS>\N6f2VB.exe
- <SYSTEM32>\DirectX\RSfd7a.exe
- <SYSTEM32>\export\Q4YhSg.exe
- <SYSTEM32>\IME\2DXsDd.exe
- <SYSTEM32>\icsxml\UH2F7D.exe
- <SYSTEM32>\ias\EXCBMX.exe
- %WINDIR%\twain_32\XZVhHQ.exe
- %WINDIR%\Temp\AMEAPS.exe
- <SYSTEM32>\XPSViewer\J67L9A.exe
- %WINDIR%\Web\ZZfLGs.exe
- %WINDIR%\WinSxS\QJ56R2.exe
- %WINDIR%\Web\Wallpaper\CRsYNh.exe
- %WINDIR%\Web\printers\KVgfLE.exe
- <SYSTEM32>\xircom\dE3BEQ.exe
- <SYSTEM32>\spool\d6DdWC.exe
- <SYSTEM32>\ShellExt\VRUK72.exe
- <SYSTEM32>\Setup\8W4798.exe
- <SYSTEM32>\URTTEMP\Es6AaB.exe
- <SYSTEM32>\wins\4MQBsC.exe
- <SYSTEM32>\wbem\6F2ThA.exe
- <SYSTEM32>\usmt\GTKRMh.exe
- %WINDIR%\ime\imjp8_1\3ZQ4C8.exe
- C:\Far2\Plugins\MacroView\g88495.exe
- C:\Far2\Plugins\HlfViewer\WZZaMP.exe
- C:\Far2\Plugins\FTP\3NH6Uf.exe
- C:\Far2\Plugins\Network\g2JZRQ.exe
- C:\Far2\Plugins\WinSCP\hQ5sH6.exe
- C:\Far2\Plugins\TmpPanel\fPUGL8.exe
- C:\Far2\Plugins\ProcList\HYDRFf.exe
- C:\Far2\Plugins\FileCase\8DP9N4.exe
- C:\Far2\Plugins\DrawLine\T9B8VM.exe
- C:\Far2\Plugins\Compare\MXH63F.exe
- C:\Far2\Plugins\Colorer\UKSXDs.exe
- C:\Far2\Plugins\EditCase\TDdZhF.exe
- C:\Far2\Plugins\FarCmds\UTYZPS.exe
- C:\Far2\Plugins\ExtSearch\S7LR5J.exe
- C:\Far2\Plugins\EMenu\R3C5dJ.exe
- %CommonProgramFiles%\SpeechEngines\89FETX.exe
- %CommonProgramFiles%\Services\sPDRh3.exe
- %CommonProgramFiles%\ODBC\g4VSE5.exe
- %CommonProgramFiles%\System\5SUDBQ.exe
- %PROGRAM_FILES%\FireFox\chrome\W9NNJ9.exe
- %PROGRAM_FILES%\FireFox\GFHXEC.exe
- %PROGRAM_FILES%\ComPlus Applications\fQgUUQ.exe
- %CommonProgramFiles%\MSSoap\UBJVN7.exe
- C:\Far2\PluginSDK\Headers.pas\LW44AY.exe
- C:\Far2\PluginSDK\Headers.c\fSX3d5.exe
- C:\Far2\PluginSDK\KGHf2d.exe
- <Auxiliary element>
- %CommonProgramFiles%\Microsoft Shared\2FRdf8.exe
- %CommonProgramFiles%\R7G7EE.exe
- %PROGRAM_FILES%\sVdEsQ.exe
- %HOMEPATH%\My Documents\6WgQUa.exe
- %HOMEPATH%\Favorites\PfGJQf.exe
- %HOMEPATH%\Desktop\2TEgCD.exe
- %HOMEPATH%\Start Menu\D6YGUD.exe
- C:\Far2\Addons\Colors\hKEYJ3.exe
- C:\Far2\Addons\HTBGX9.exe
- C:\Far2\EHBRaM.exe
- %HOMEPATH%\VPU57J.exe
- %ALLUSERSPROFILE%\V93sJ2.exe
- C:\Documents and Settings\R8dKKC.exe
- <Current directory>\JNRh57.exe
- %ALLUSERSPROFILE%\Desktop\MaY8Na.exe
- %ALLUSERSPROFILE%\Start Menu\WP9MTC.exe
- %ALLUSERSPROFILE%\Favorites\f4BMCg.exe
- %ALLUSERSPROFILE%\Documents\Fh6gZM.exe
- C:\Far2\Plugins\7-Zip\QJUaR2.exe
- C:\Far2\Plugins\YHV9JU.exe
- C:\Far2\FExcept\D6HZJV.exe
- C:\Far2\Plugins\Align\aSNUGG.exe
- C:\Far2\Plugins\Brackets\fCgLVT.exe
- C:\Far2\Plugins\AutoWrap\HF43Kf.exe
- C:\Far2\Plugins\arclite\J3f5Qf.exe
- C:\Far2\Encyclopedia\6X4ssW.exe
- C:\Far2\Addons\Shell\dPJUUs.exe
- C:\Far2\Addons\SetUp\BGaUWR.exe
- C:\Far2\Addons\Macros\AFgSEC.exe
- C:\Far2\Addons\XLat\AhWTaY.exe
- C:\Far2\Documentation\rus\7faWXf.exe
- C:\Far2\Documentation\eng\7hZXR2.exe
- C:\Far2\Documentation\hLh9gT.exe
- %PROGRAM_FILES%\FireFox\components\45BZ2P.exe
- %PROGRAM_FILES%\xerox\WEPYaE.exe
- %PROGRAM_FILES%\Windows NT\Pinball\QHaYh8.exe
- %PROGRAM_FILES%\Windows NT\Accessories\dH9YQ8.exe
- %PROGRAM_FILES%\xerox\nwwia\Dg2JQT.exe
- %WINDIR%\AppPatch\75FU8C.exe
- %WINDIR%\addins\QAX4S5.exe
- %WINDIR%\QAN4MK.exe
- %PROGRAM_FILES%\Windows NT\6U4JJ7.exe
- %PROGRAM_FILES%\Windows Media Player\LDEdAh.exe
- %PROGRAM_FILES%\Reference Assemblies\Microsoft\A89agG.exe
- %PROGRAM_FILES%\Reference Assemblies\gLs548.exe
- %PROGRAM_FILES%\Windows Media Player\Icons\84BF7Z.exe
- %PROGRAM_FILES%\Windows Media Player\Visualizations\GFSSHJ.exe
- %PROGRAM_FILES%\Windows Media Player\Skins\M5YaBT.exe
- %PROGRAM_FILES%\Windows Media Player\Sample Playlists\BCAL5H.exe
- %WINDIR%\ime\7BsU5Q.exe
- %WINDIR%\Help\Tours\gC6KJZ.exe
- %WINDIR%\Help\NVWQHH.exe
- %WINDIR%\ime\chsime\WKCTJL.exe
- %WINDIR%\ime\imejp98\8dC7RM.exe
- %WINDIR%\ime\imejp\8d3VN5.exe
- %WINDIR%\ime\CHTIME\3XCML7.exe
- %WINDIR%\ehome\VFsGND.exe
- %WINDIR%\Cursors\5P26GN.exe
- %WINDIR%\Connection Wizard\gQCCGR.exe
- %WINDIR%\Config\DDQ3RJ.exe
- %WINDIR%\Debug\5MPWK3.exe
- %WINDIR%\Driver Cache\i386\URMNV8.exe
- %WINDIR%\Driver Cache\fMKhEP.exe
- %WINDIR%\Debug\UserMode\DECJVX.exe
- %PROGRAM_FILES%\Internet Explorer\MUI\TSQPTg.exe
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\fEDfPK.exe
- %PROGRAM_FILES%\Internet Explorer\Mg9LL3.exe
- %PROGRAM_FILES%\Internet Explorer\PLUGINS\QU7WY5.exe
- %PROGRAM_FILES%\microsoft frontpage\XE9LQ2.exe
- %PROGRAM_FILES%\Messenger\3LL72A.exe
- %PROGRAM_FILES%\Internet Explorer\SIGNUP\UaX8HC.exe
- %PROGRAM_FILES%\FireFox\uninstall\ThJVgK.exe
- %PROGRAM_FILES%\FireFox\extensions\dYTFYU.exe
- %PROGRAM_FILES%\FireFox\dictionaries\UsshPH.exe
- %PROGRAM_FILES%\FireFox\defaults\Kf3Ps6.exe
- %PROGRAM_FILES%\FireFox\modules\TdXd36.exe
- %PROGRAM_FILES%\FireFox\searchplugins\GJEPdB.exe
- %PROGRAM_FILES%\FireFox\res\Wh4AJ5.exe
- %PROGRAM_FILES%\FireFox\plugins\FhNRVC.exe
- %PROGRAM_FILES%\MSN Gaming Zone\gY9gQ6.exe
- %PROGRAM_FILES%\MSN\MSNCoreFiles\fPD6BS.exe
- %PROGRAM_FILES%\MSN\E5J5Yh.exe
- %PROGRAM_FILES%\MSN Gaming Zone\Windows\Ff8XfV.exe
- %PROGRAM_FILES%\Outlook Express\sRg8Ch.exe
- %PROGRAM_FILES%\Online Services\3fQREQ.exe
- %PROGRAM_FILES%\NetMeeting\3NLgFL.exe
- %PROGRAM_FILES%\MSBuild\Microsoft\8V4NVZ.exe
- %PROGRAM_FILES%\Microsoft.NET\RedistList\sha9PW.exe
- %PROGRAM_FILES%\Microsoft.NET\5KZ57d.exe
- %PROGRAM_FILES%\microsoft frontpage\version3.0\JDaU9g.exe
- %PROGRAM_FILES%\Movie Maker\NY9ZEK.exe
- %PROGRAM_FILES%\MSBuild\6HZS8f.exe
- %PROGRAM_FILES%\Movie Maker\Shared\HLB34d.exe
- %PROGRAM_FILES%\Movie Maker\MUI\LTKYC2.exe
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'