New Malware v87

**Matt** · 2010-03-18, 20:07

I've collected detection rules for the following Malware:

Malware.Fraud.TotalVistaSecurity
Malware.Lop
Rootkit.Agent
Trojan.Agent(5)
Trojan.Agent.ddod
Trojan.FakeAlert.ttam
Trojan.Swisyn
Trojan.Virtumonde

Category: Trojan

Code:

:: New Malware v87
// Revision 1
// {Cat:Trojan}{Cnt:1}
// {Det:Matt,2010-03-18}


// Malware.Fraud.TotalVistaSecurity:
// Siehe hier: http://www.myantispyware.com/2010/03/18/how-to-remove-vista-defender-pro-removal-guide/
// Und hier: http://htlogs.com/ave-exe-total-vista-security-vista-security-tool-2010/
// %AppData%\ave.exe
// HKEY_CURRENT_USER\Software\Classes\.exe
// HKEY_CURRENT_USER\Software\Classes\secfile


// Malware.Lop:
// AutoRun:"Mapi Ace","C:\ProgramData\New surf surf.8vg","flagifnofile=1"
AutoRun:"Mapi Ace","<$COMMONAPPDATA>\New surf surf.*","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","Mapi Ace"
// File:"<$FILE_EXE>","C:\ProgramData\New surf surf.8vg"
File:"<$FILE_DATA>","<$COMMONAPPDATA>\New surf surf.*"

// AutoRun:"Sixth exit vga dash","C:\ProgramData\Mags Flaw Axis.lsa","flagifnofile=1"
AutoRun:"Sixth exit vga dash","<$COMMONAPPDATA>\Mags Flaw Axis.*","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","Sixth exit vga dash"
// File:"<$FILE_EXE>","C:\ProgramData\Mags Flaw Axis.lsa"
File:"<$FILE_DATA>","<$COMMONAPPDATA>\Mags Flaw Axis.*"


// Rootkit.Agent:
// Ich kann euch keine Dateien geben, aber vielleicht habt ihr ja selber welche und könnt das eine oder andere aufnehmen :-)
// aus einem Logfile von MBAM
// C:\WINDOWS\system32\drivers\symredrv.sys
// C:\WINDOWS\system32\drivers\secdrv.sys
// C:\WINDOWS\system32\drivers\PDFRAME.sys
// C:\WINDOWS\system32\drivers\PDFRAME.sys.bak
// C:\WINDOWS\system32\drivers\nmwcd.sys
// C:\WINDOWS\system32\drivers\nmwcdcj.sys
// C:\WINDOWS\system32\drivers\nmwcdcj.sys.bak
// C:\WINDOWS\system32\drivers\nmwcdcm.sys
// C:\WINDOWS\system32\drivers\se27bus.sys
// C:\WINDOWS\system32\drivers\se27mdfl.sys
// C:\WINDOWS\system32\drivers\se27mdm.sys
// C:\WINDOWS\system32\drivers\se27mgmt.sys
// C:\WINDOWS\system32\drivers\se27nd5.sys
// C:\WINDOWS\system32\drivers\se27obex.sys
// C:\WINDOWS\system32\drivers\se27unic.sys
// C:\WINDOWS\system32\drivers\wpdusb.sys



// Trojan.Agent(1):
// AutoRun:"msioctl.exe","C:\Windows\System32\msioctl.exe /Login","flagifnofile=1"
AutoRun:"msioctl.exe","<$SYSDIR>\msioctl.exe*","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","msioctl.exe"
// File:"<$FILE_EXE>","C:\Windows\System32\msioctl.exe /Login"
File:"<$FILE_EXE>","<$SYSDIR>\msioctl.exe"


// Trojan.Agent(2):
// AutoRun:"winup","C:\WINDOWS\system32\winup.exe","flagifnofile=1"
AutoRun:"winup","<$SYSDIR>\winup.exe","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","winup"
// File:"<$FILE_EXE>","C:\WINDOWS\system32\winup.exe"
File:"<$FILE_EXE>","<$SYSDIR>\winup.exe"


// Trojan.Agent(3):
// Autostart und Dateiname fest!
// Siehe hier: http://www.superantispyware.com/malwarefiles/50E417E0-E461-474B-96E2-077B80325612_24.AVI.html
AutoRun:"50e417e0-e461-474b-96e2-077b80325612_24","<$APPDATA>\50e417e0-e461-474b-96e2-077b80325612_24.avi*","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","50e417e0-e461-474b-96e2-077b80325612_24"
File:"<$FILE_SOUND>","<$APPDATA>\50e417e0-e461-474b-96e2-077b80325612_24.avi"


// Trojan.Agent(4):
// AutoRun:"joaveo","C:\Users\tony\joaveo.exe","flagifnofile=1"
AutoRun:"joaveo","<$PROFILE>\joaveo.exe","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","joaveo"
// File:"<$FILE_EXE>","C:\Users\tony\joaveo.exe"
File:"<$FILE_EXE>","<$PROFILE>\joaveo.exe"


// Trojan.Agent(5):
// AutoRun:"Music System","C:\WINDOWS\Tasks\csrss.exe","flagifnofile=1"
AutoRun:"Music System","<$WINDIR>\Tasks\csrss.exe","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","Music System"
// File:"<$FILE_EXE>","C:\WINDOWS\Tasks\csrss.exe"
File:"<$FILE_EXE>","<$WINDIR>\Tasks\csrss.exe"


// Trojan.Agent.ddod:
// AutoRun:"gdf498gtudsigjnsod8guifjgfhfhf","C:\WINDOWS\TEMP\jge2q.exe","flagifnofile=1"
AutoRun:"gdf498gtudsigjnsod8guifjgfhfhf","<$WINDIR>\TEMP\*.exe","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","gdf498gtudsigjnsod8guifjgfhfhf"
// File:"<$FILE_EXE>","C:\WINDOWS\TEMP\jge2q.exe"
// AutoRun:"uishf9wuifwuh387fh3wufinhjfdwefe","c:\users\iaurmelloneug\appdata\local\temp\l6u1k0.exe","flagifnofile=1"
AutoRun:"uishf9wuifwuh387fh3wufinhjfdwefe","<$LOCALAPPDATA>\temp\*.exe","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","uishf9wuifwuh387fh3wufinhjfdwefe"
// File:"<$FILE_EXE>","c:\users\iaurmelloneug\appdata\local\temp\l6u1k0.exe"


// Trojan.FakeAlert.ttam:
// Genau wie xwr?????.dll, bitte aufnehmen! :-)
BrowserHelperEx:"D","filename=hr?????.dll"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{3FEDC3DD-0E89-3C44-8B08-00B93E0A8374}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{3FEDC3DD-0E89-3C44-8B08-00B93E0A8374}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\hr70287.dll"


// Trojan.Swisyn:
// AutoRun:"RTHDBPL","C:\Users\Family\AppData\Local\Temp\30AB.tmp","flagifnofile=1"
AutoRun:"RTHDBPL","<$LOCALAPPDATA>\Temp\????.tmp","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","RTHDBPL"
// File:"<$FILE_EXE>","C:\Users\Family\AppData\Local\Temp\30AB.tmp"


// Trojan.Virtumonde:
BrowserHelperEx:"*","filename=tokivafa.dll"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{362d5e76-83be-42e5-9b93-17766c2e9749}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{362d5e76-83be-42e5-9b93-17766c2e9749}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\tokivafa.dll"

BrowserHelperEx:"*","filename=dskquota32.dll"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{17FC9C15-005D-4EB0-ACCA-B84B4C98F439}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{17FC9C15-005D-4EB0-ACCA-B84B4C98F439}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dskquota32.dll"

BrowserHelperEx:"*","filename=framebuf32.dll"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{010E4AD0-D8CA-4D58-99EF-1DD963F16BB2}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{010E4AD0-D8CA-4D58-99EF-1DD963F16BB2}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\framebuf32.dll"

// AutoRun:"pagazenum","Rundll32.exe "c:\windows\system32\reduwebi.dll",a","flagifnofile=1"
AutoRun:"*","<$SYSDIR>\reduwebi.dll*","flagifnofile=0"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","pagazenum"
// File:"<$FILE_EXE>","Rundll32.exe "c:\windows\system32\reduwebi.dll",a"
File:"<$FILE_LIBRARY>","<$SYSDIR>\reduwebi.dll"

// AutoRun:"Ndaperutewotevig","rundll32.exe "C:\WINDOWS\urexafesujoxumu.dll",Startup","flagifnofile=1"
AutoRun:"*","<$WINDIR>\urexafesujoxumu.dll*","flagifnofile=0"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","Ndaperutewotevig"
// File:"<$FILE_EXE>","rundll32.exe "C:\WINDOWS\urexafesujoxumu.dll",Startup"
File:"<$FILE_LIBRARY>","<$WINDIR>\urexafesujoxumu.dll"

// AutoRun:"yaruninupo","Rundll32.exe "tijayefe.dll",s","flagifnofile=1"
AutoRun:"*","<$SYSDIR>\tijayefe.dll*","flagifnofile=0"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","yaruninupo"
// File:"<$FILE_EXE>","Rundll32.exe "tijayefe.dll",s"
File:"<$FILE_LIBRARY>","<$SYSDIR>\tijayefe.dll"

// AutoRun:"bosinuvak","Rundll32.exe "c:\windows\system32\feyimupa.dll",a","flagifnofile=1"
AutoRun:"*","<$SYSDIR>\feyimupa.dll*","flagifnofile=0"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","bosinuvak"
// File:"<$FILE_EXE>","Rundll32.exe "c:\windows\system32\feyimupa.dll",a"
File:"<$FILE_LIBRARY>","<$SYSDIR>\feyimupa.dll"

// AutoRun:"giyokugaj","Rundll32.exe "c:\windows\system32\forasuho.dll",a","flagifnofile=1"
AutoRun:"*","<$SYSDIR>\forasuho.dll*","flagifnofile=0"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","giyokugaj"
// File:"<$FILE_EXE>","Rundll32.exe "c:\windows\system32\forasuho.dll",a"
File:"<$FILE_LIBRARY>","<$SYSDIR>\forasuho.dll"

// AutoRun:"Cteyufa","rundll32.exe "c:\windows\uxujufanerokowu.dll",Startup","flagifnofile=1"
AutoRun:"*","<$WINDIR>\uxujufanerokowu.dll*","flagifnofile=0"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","Cteyufa"
// File:"<$FILE_EXE>","rundll32.exe "c:\windows\uxujufanerokowu.dll",Startup"
File:"<$FILE_LIBRARY>","<$WINDIR>\uxujufanerokowu.dll"

// AutoRun:"Remote System Protection","rundll32.exe C:\WINDOWS\system32\rvlh9ohz36.dll, HUI_proc","flagifnofile=1"
// AutoRun:"Remote System Protection","rundll32.exe C:\WINDOWS\system32\m1dhjwnz.dll, HUI_proc","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","Remote System Protection"
File:"<$FILE_LIBRARY>","<$SYSDIR>\rvlh9ohz36.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\m1dhjwnz.dll"

// AutoRun:"zgmmilky","rundll32.exe "C:\Users\Jono\AppData\Roaming\rsikgo.dll",dllrges ","flagifnofile=1"
AutoRun:"*","<$APPDATA>\rsikgo.dll*","flagifnofile=0"
RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","zgmmilky"
// File:"<$FILE_EXE>","rundll32.exe "C:\Users\Jono\AppData\Roaming\rsikgo.dll",dllrges "
File:"<$FILE_LIBRARY>","<$APPDATA>\rsikgo.dll"

RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","<$SYSDIR>\reduwebi.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\reduwebi.dll"

RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","zifujozu.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\zifujozu.dll"

RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","<$SYSDIR>\dsprpres32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dsprpres32.dll"

RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","<$SYSDIR>\fphc32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\fphc32.dll"

RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","<$SYSDIR>\forasuho.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\forasuho.dll"

RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","visekovi.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\visekovi.dll"

RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","<$SYSDIR>\wogutopa.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\wogutopa.dll"

RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","<$SYSDIR>\fontsub32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\fontsub32.dll"

RegyKey:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\","b8ae2e09705","DllName=<$SYSDIR>\dsprpres32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dsprpres32.dll"

RegyKey:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\","wintxl32","DllName=<$SYSDIR>\wintxl32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\wintxl32.dll"

RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\","tiramebuh","tiramebuh={89bcadf4-be4d-4c5f-918c-ffee97756094}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\reduwebi.dll"

RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\","mazakesom","mazakesom={dc2ed2e4-96d3-4794-8f18-6cd55707722d}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\feyimupa.dll"

RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\","besenahuw","besenahuw={eea2e58d-c4a7-47f2-a69f-8f18f6ef7b0f}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\wogutopa.dll"

RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\","biwujekuf","biwujekuf={70847649-83f6-4388-815e-92036db569de}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\wogutopa.dll"

RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\","noyutubiy","noyutubiy={598f4d1e-b1e0-4189-a753-4f46887da47a}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\wogutopa.dll"

RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\","mokuyaveh","mokuyaveh={8278042a-f5e5-4082-b242-7f55f8e804f3}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\wogutopa.dll"

RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\","pigibozet","pigibozet={b0a010a9-9a7e-4027-91c5-7398ae7d6e6b}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\forasuho.dll"

RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\","mujuzedij","mujuzedij={eea2e58d-c4a7-47f2-a69f-8f18f6ef7b0f}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\wogutopa.dll"

RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\","gahurihor","gahurihor={70847649-83f6-4388-815e-92036db569de}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\wogutopa.dll"

RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\","jugezatag","jugezatag={598f4d1e-b1e0-4189-a753-4f46887da47a}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\wogutopa.dll"

RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\","jugezatag","jugezatag={8278042a-f5e5-4082-b242-7f55f8e804f3}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\wogutopa.dll"

RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\","gahurihor","gahurihor={b0a010a9-9a7e-4027-91c5-7398ae7d6e6b}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\forasuho.dll"

RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\","tokatiluy","tokatiluy={dc2ed2e4-96d3-4794-8f18-6cd55707722d}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\feyimupa.dll"

RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\","gahurihor","gahurihor={89bcadf4-be4d-4c5f-918c-ffee97756094}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\reduwebi.dll"

RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\","hs3t873tisghs837tgysu7","hs3t873tisghs837tgysu7={A3BA40A2-74F1-52BD-F434-00B15A2C8953}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\m1dhjwnz.dll"

Downloads: 0	Rating: 0 (rated by 0 users)

Thread: New Malware v87

Thread Tools

Display

New Malware v87

Posting Permissions