Code:
:: New Malware v93
// Revision 1
// {Cat:Trojan}{Cnt:1}
// {Det:Matt,2010-03-28}
// Malware.Fraud.Antivirus:
// AutoRun:"avguard3876","C:\Windows\000b09274b.exe","flagifnofile=1"
AutoRun:"avguard????","<$WINDIR>\*.exe","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","avguard3876"
// File:"<$FILE_EXE>","C:\Windows\000b09274b.exe"
File:"<$FILE_EXE>","<$WINDIR>\000b09274b.exe"
// AutoRun:"avagent3974","C:\Windows\chnb8895.exe","flagifnofile=1"
AutoRun:"avagent????","<$WINDIR>\*.exe","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","avagent3974"
// File:"<$FILE_EXE>","C:\Windows\chnb8895.exe"
File:"<$FILE_EXE>","<$WINDIR>\chnb8895.exe"
File:"<$FILE_EXE>","<$SYSDRIVE>\78gbc8r.exe"
File:"<$FILE_EXE>","<$SYSDRIVE>\avinstaller1.exe"
// Folgende Einträge werden ebenfalls von diesem neuen Rogue erstellt:
// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\freecell.exe
// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\itunes.exe
// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\limewire.exe
// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe
// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspaint.exe
// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe
// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe
// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmplayer.exe
// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordpad.exe
// Malware.Fraud.PrivacyCenter:
// Bitte um Kontrolle, ob ihr das schon habt!
// AutoRun:"agent.exe","C:\Program Files\PC\agent.exe","flagifnofile=1"
AutoRun:"agent.exe","<$PROGRAMFILES>\PC\agent.exe","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","agent.exe"
// File:"<$FILE_EXE>","C:\Program Files\PC\agent.exe"
File:"<$FILE_EXE>","<$PROGRAMFILES>\PC\agent.exe"
Directory:"<$DIR_PROG>","<$PROGRAMFILES>\PC","filename=agent.exe"
// Spyware.AdRotator:
BrowserHelperEx:"gooochi browser enhancer","filename=*.dll"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{1F1B4875-A868-E209-87B0-C2A61DE2D6AB}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{1F1B4875-A868-E209-87B0-C2A61DE2D6AB}"
// AutoRun:"lybfnndajqend","C:\windows\System32\regsvr32.exe /s "C:\windows\SysWow64\zwjojnatbmhierrf.dll"","flagifnofile=1"
AutoRun:"*","<$SYSDIR>\zwjojnatbmhierrf.dll","flagifnofile=0"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","lybfnndajqend"
// File:"<$FILE_EXE>","C:\windows\System32\regsvr32.exe /s "C:\windows\SysWow64\zwjojnatbmhierrf.dll""
File:"<$FILE_LIBRARY>","<$SYSDIR>\zwjojnatbmhierrf.dll"
// Spyware.Perfect:
// http://www.systemlookup.com/search.php?list=%26type=name%26search=msngers%26s=
// AutoRun:"msngers","c:\dokumente und einstellungen\XXX\lokale einstellungen\temp\pb13\spoolvsf.exe","flagifnofile=1"
AutoRun:"msngers","<$LOCALSETTINGS>\temp\*\*.exe","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","msngers"
// File:"<$FILE_EXE>","c:\dokumente und einstellungen\XXX\lokale einstellungen\temp\pb13\spoolvsf.exe"
File:"<$FILE_EXE>","<$LOCALSETTINGS>\temp\*\spoolvsf.exe"
Directory:"<$DIR_PROG>","<$LOCALSETTINGS>\temp\*","filename=spoolvsf.exe"
// Trojan.Agent(1):
// AutoRun:"persons","C:\WINDOWS\system32\mine.exe","flagifnofile=1"
AutoRun:"persons","<$SYSDIR>\mine.exe","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","persons"
// File:"<$FILE_EXE>","C:\WINDOWS\system32\mine.exe"
File:"<$FILE_EXE>","<$SYSDIR>\mine.exe"
// AutoRun:"WINDOWS UPDATE","winsa.exe","flagifnofile=1"
AutoRun:"WINDOWS UPDATE","<$SYSDIR>\winsa.exe","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","WINDOWS UPDATE"
// File:"<$FILE_EXE>","winsa.exe"
File:"<$FILE_EXE>","<$SYSDIR>\winsa.exe"
// AutoRun:"was","C:\DOKUME~1\XXX\LOKALE~1\Temp\msdxx.exe","flagifnofile=1"
AutoRun:"was","<$LOCALSETTINGS>\Temp\msdxx.exe","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","was"
// File:"<$FILE_EXE>","C:\DOKUME~1\XXX\LOKALE~1\Temp\msdxx.exe"
File:"<$FILE_EXE>","<$LOCALSETTINGS>\Temp\msdxx.exe"
// Trojan.Agent(2):
// AutoRun:"deucak","C:\Users\SMorgan\deucak.exe","flagifnofile=1"
AutoRun:"deucak","<$PROFILE>\deucak.exe","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","deucak"
// File:"<$FILE_EXE>","C:\Users\SMorgan\deucak.exe"
File:"<$FILE_EXE>","<$PROFILE>\deucak.exe"
// AutoRun:"saaomep","C:\Users\SMorgan\saaomep.exe","flagifnofile=1"
AutoRun:"saaomep","<$PROFILE>\saaomep.exe","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","saaomep"
// File:"<$FILE_EXE>","C:\Users\SMorgan\saaomep.exe"
File:"<$FILE_EXE>","<$PROFILE>\saaomep.exe"
// AutoRun:"biiwe","C:\Users\SMorgan\biiwe.exe ","flagifnofile=1"
AutoRun:"biiwe","<$PROFILE>\biiwe.exe ","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","biiwe"
// File:"<$FILE_EXE>","C:\Users\SMorgan\biiwe.exe"
File:"<$FILE_EXE>","<$PROFILE>\biiwe.exe"
// Trojan.Agent(3):
// http://www.systemlookup.com/search.php?list=%26type=name%26search=SUNHELP%26s=
// AutoRun:"SUNHELP","C:\WINDOWS\system32\winlley2.exe","flagifnofile=1"
AutoRun:"SUNHELP","<$SYSDIR>\*.exe","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","SUNHELP"
// File:"<$FILE_EXE>","C:\WINDOWS\system32\winlley2.exe"
File:"<$FILE_EXE>","<$SYSDIR>\winlley2.exe"
// Trojan.Agent.ddod:
// Habt ihr diese Einträge auch schon?
// AutoRun:"irfs8f5i12loorh7mqxe1mpo2ea","C:\Users\nrpl712\AppData\Local\Temp\vjgwx.exe","flagifnofile=1"
AutoRun:"irfs8f5i12loorh7mqxe1mpo2ea","<$LOCALAPPDATA>\Temp\*.exe","flagifnofile=1"
// AutoRun:"uishf9wuifwuh387fh3wufinhjfdwefe","C:\DOCUME~1\Becky\LOCALS~1\Temp\vanj17.exe","flagifnofile=1"
AutoRun:"uishf9wuifwuh387fh3wufinhjfdwefe","<$LOCALSETTINGS>\Temp\*.exe","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","irfs8f5i12loorh7mqxe1mpo2ea"
RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","uishf9wuifwuh387fh3wufinhjfdwefe"
// File:"<$FILE_EXE>","C:\Users\nrpl712\AppData\Local\Temp\vjgwx.exe"
// File:"<$FILE_EXE>","C:\DOCUME~1\Becky\LOCALS~1\Temp\vanj17.exe"
// Trojan.Banker(1):
BrowserHelperEx:"*","filename=iebho.dll"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{D032570A-5F63-4812-A094-87D007C23012}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{D032570A-5F63-4812-A094-87D007C23012}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\iebho.dll"
// Trojan.Banker(2):
// http://www.systemlookup.com/search.php?list=%26type=name%26search=solution Class%26s=
BrowserHelperEx:"solution Class","filename=*.dll"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\aB3x6Oni.dll"
// Trojan.FakeAlert.ttam(1):
// RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\","Shell","Shell=Explorer.exe rundll32.exe qtru.lfo gynfhtv"
RegyRemove:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\","Shell","qtru.lfo *"
File:"<$FILE_DATA>","<$SYSDIR>\qtru.lfo"
// Trojan.FakeAlert.ttam(2):
// genau wie xwr?????.dll, bitte aufnehmen, wenn noch nicht in der Datenbank :-)
BrowserHelperEx:"D","filename=ct?????.dll"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{1EA5C04E-BF9E-3542-8CB2-AA4DEAA913C8}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{1EA5C04E-BF9E-3542-8CB2-AA4DEAA913C8}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\ct40942.dll"
// Trojan.FakeAlert.ttam(3):
// Schon wieder so ein Eintrag; hast du schon Dateien davon gefunden?
// Findet sich immer unter LOCALAPPDATA; eigentlich müsste man sowas aufnehmen, aber von dir kommt wohl nur "brauchn wa files"? ;-)
// AutoRun:"aviwsGlade","rundll32.exe "C:\Documents and Settings\ME\Local Settings\Application Data\aviwsGlade\aviwsGlade.dll", DllInit","flagifnofile=1"
AutoRun:"aviwsGlade","<$LOCALAPPDATA>\aviwsGlade\aviwsGlade.dll*","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","aviwsGlade"
// File:"<$FILE_EXE>","rundll32.exe "C:\Documents and Settings\ME\Local Settings\Application Data\aviwsGlade\aviwsGlade.dll", DllInit"
File:"<$FILE_EXE>","<$LOCALAPPDATA>\aviwsGlade\aviwsGlade.dll"
Directory:"<$DIR_APPDATA>","<$LOCALAPPDATA>\aviwsGlade"
// Trojan.Fraudpack:
// Bitte kontrollieren, ob ihr diese Einträge schon alle habt
// AutoRun:"YVIBBBHA8C","C:\WINDOWS\TEMP\Kqc.exe","flagifnofile=1"
AutoRun:"YVIBBBHA8C","<$WINDIR>\TEMP\???.exe","flagifnofile=1"
// AutoRun:"YVIBBBHA8C","C:\DOCUME~1\Trey\LOCALS~1\Temp\Tjn.exe","flagifnofile=1"
AutoRun:"YVIBBBHA8C","<$LOCALSETTINGS>\Temp\???.exe","flagifnofile=1"
// AutoRun:"BMIMZMHMFM","C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Xbx.exe","flagifnofile=1"
AutoRun:"BMIMZMHMFM","<$LOCALSETTINGS>\Temp\???.exe","flagifnofile=1"
// AutoRun:"WS9E3IQBKY","C:\WINDOWS\msb.exe","flagifnofile=1"
AutoRun:"WS9E3IQBKY","<$WINDIR>\???.exe","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","YVIBBBHA8C"
RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","BMIMZMHMFM"
RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","WS9E3IQBKY"
File:"<$FILE_EXE>","<$WINDIR>\TEMP\Kqc.exe"
File:"<$FILE_EXE>","<$LOCALSETTINGS>\Temp\Tjn.exe"
File:"<$FILE_EXE>","<$LOCALSETTINGS>\Temp\Xbx.exe"
File:"<$FILE_EXE>","<$WINDIR>\msb.exe"
// Trojan.Rbot:
// http://www.systemlookup.com/Startup/11918-l071_exe.html
// Name des Autostartes und Dateiname fest!
AutoRun:"strtas","<$SYSDIR>\l071.exe","flagifnofile=1"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","strtas"
File:"<$FILE_EXE>","<$SYSDIR>\l071.exe"
// Trojan.Virtumonde(1):
BrowserHelperEx:"*","filename=lofuwogi.dll"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{73dadf0b-8f5d-4010-9a84-7a8d59491dcd}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{73dadf0b-8f5d-4010-9a84-7a8d59491dcd}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\lofuwogi.dll"
BrowserHelperEx:"*","filename=dpcdll32.dll"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{08BDBD9D-C478-4B3A-9B4F-8F228A7B223c}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{08BDBD9D-C478-4B3A-9B4F-8F228A7B223c}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dpcdll32.dll"
BrowserHelperEx:"*","filename=nnnljiFV.dll"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{24CB033B-C069-4408-A761-9E800EA1A668}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{24CB033B-C069-4408-A761-9E800EA1A668}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\nnnljiFV.dll"
BrowserHelperEx:"*","filename=wumomara.dll"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{44648ac9-1ccd-4efe-8139-cb5881cc66c7}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{44648ac9-1ccd-4efe-8139-cb5881cc66c7}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\wumomara.dll"
BrowserHelperEx:"*","filename=mlJATkjg.dll"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\mlJATkjg.dll"
BrowserHelperEx:"*","filename=pzgzvn.dll"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{6ead6374-7851-4274-a8da-394b5348161d}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{6ead6374-7851-4274-a8da-394b5348161d}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\pzgzvn.dll"
BrowserHelperEx:"*","filename=kerobuvi.dll"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{d8050da4-623d-4f87-8566-795f81af5684}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{d8050da4-623d-4f87-8566-795f81af5684}"
File:"<$FILE_LIBRARY>","<$COMMONAPPDATA>\kerobuvi\kerobuvi.dll"
Directory:"<$DIR_COMMON_APPDATA>","<$COMMONAPPDATA>\kerobuvi"
BrowserHelperEx:"*","filename=immwuaar.dll"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{037B8B62-D8F1-4D0A-A3AB-E25CA681BBC5}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{037B8B62-D8F1-4D0A-A3AB-E25CA681BBC5}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\immwuaar.dll"
BrowserHelperEx:"*","filename=topgriw.dll"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{A7DDC41C-CBE7-4DD0-9F58-07C0CD5A4711}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{A7DDC41C-CBE7-4DD0-9F58-07C0CD5A4711}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\topgriw.dll"
BrowserHelperEx:"*","filename=l33tgf.dll"
RegyKey:"<$REG_BHO>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\","{A3BA40A2-74F0-42BD-F434-00B15A2C8953}"
RegyKey:"<$REG_CLASSID>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Classes\CLSID\","{A3BA40A2-74F0-42BD-F434-00B15A2C8953}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\l33tgf.dll"
// AutoRun:"zugohiditu","Rundll32.exe "wegagolu.dll",s","flagifnofile=1"
AutoRun:"*","<$SYSDIR>\wegagolu.dll*","flagifnofile=0"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","zugohiditu"
// File:"<$FILE_EXE>","Rundll32.exe "wegagolu.dll",s"
File:"<$FILE_LIBRARY>","<$SYSDIR>\wegagolu.dll"
// AutoRun:"diduhonat","Rundll32.exe "c:\windows\system32\sohibesi.dll",a","flagifnofile=1"
AutoRun:"*","<$SYSDIR>\sohibesi.dll*","flagifnofile=0"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","diduhonat"
// File:"<$FILE_EXE>","Rundll32.exe "c:\windows\system32\sohibesi.dll",a"
File:"<$FILE_LIBRARY>","<$SYSDIR>\sohibesi.dll"
// AutoRun:"cbxyxudrv","rundll32.exe "nnooll.dll",s","flagifnofile=1"
AutoRun:"*","<$SYSDIR>\nnooll.dll*","flagifnofile=0"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","cbxyxudrv"
// File:"<$FILE_EXE>","rundll32.exe "nnooll.dll",s"
File:"<$FILE_LIBRARY>","<$SYSDIR>\nnooll.dll"
// AutoRun:"Pnenubigax","rundll32.exe "C:\WINDOWS\ixurozec.dll",Startup","flagifnofile=1"
AutoRun:"*","<$WINDIR>\ixurozec.dll*","flagifnofile=0"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","Pnenubigax"
// File:"<$FILE_EXE>","rundll32.exe "C:\WINDOWS\ixurozec.dll",Startup"
File:"<$FILE_LIBRARY>","<$WINDIR>\ixurozec.dll"
// AutoRun:"Yxifobog","rundll32.exe "C:\WINDOWS\eginitoba.dll",Startup","flagifnofile=1"
AutoRun:"*","<$WINDIR>\eginitoba.dll*","flagifnofile=0"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","Yxifobog"
// File:"<$FILE_EXE>","rundll32.exe "C:\WINDOWS\eginitoba.dll",Startup"
File:"<$FILE_LIBRARY>","<$WINDIR>\eginitoba.dll"
// AutoRun:"mekalehog","Rundll32.exe "c:\progra~2\mebarepo\mebarepo.dll",a","flagifnofile=1"
AutoRun:"*","<$COMMONAPPDATA>\mebarepo\mebarepo.dll*","flagifnofile=0"
RegyValue:"<$REG_AUTORUN>",HKEY_LOCAL_MACHINE,"\Software\Microsoft\Windows\CurrentVersion\Run\","mekalehog"
// File:"<$FILE_EXE>","Rundll32.exe "c:\progra~2\mebarepo\mebarepo.dll",a"
File:"<$FILE_LIBRARY>","<$COMMONAPPDATA>\mebarepo\mebarepo.dll"
Directory:"<$DIR_COMMON_APPDATA>","<$COMMONAPPDATA>\mebarepo"
// AutoRun:"feraoo","RUNDLL32.EXE c:\users\toony\appdata\local\temp\mskusceg.dll,w","flagifnofile=1"
AutoRun:"*","<$LOCALAPPDATA>\temp\mskusceg.dll*","flagifnofile=0"
RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","feraoo"
// File:"<$FILE_EXE>","RUNDLL32.EXE c:\users\toony\appdata\local\temp\mskusceg.dll,w"
File:"<$FILE_LIBRARY>","<$LOCALAPPDATA>\temp\mskusceg.dll"
// AutoRun:"sujosaveh","Rundll32.exe "c:\progra~3\famidino\famidino.dll",a","flagifnofile=1"
AutoRun:"*","<$COMMONAPPDATA>\famidino\famidino.dll*","flagifnofile=0"
RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","sujosaveh"
// File:"<$FILE_EXE>","Rundll32.exe "c:\progra~3\famidino\famidino.dll",a"
File:"<$FILE_LIBRARY>","<$COMMONAPPDATA>\famidino\famidino.dll"
Directory:"<$DIR_COMMON_APPDATA>","<$COMMONAPPDATA>\famidino"
// AutoRun:"mekalehog","Rundll32.exe "c:\PROGRA~2\defupabo\defupabo.dll",a","flagifnofile=1"
AutoRun:"*","<$COMMONAPPDATA>\defupabo\defupabo.dll*","flagifnofile=0"
RegyValue:"<$REG_AUTORUN>",HKEY_CURRENT_USER,"\Software\Microsoft\Windows\CurrentVersion\Run\","mekalehog"
// File:"<$FILE_EXE>","Rundll32.exe "c:\PROGRA~2\defupabo\defupabo.dll",a"
File:"<$FILE_LIBRARY>","<$COMMONAPPDATA>\defupabo\defupabo.dll"
Directory:"<$DIR_COMMON_APPDATA>","<$COMMONAPPDATA>\defupabo"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","<$SYSDIR>\fuweyuni.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\fuweyuni.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","fatenuva.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\fatenuva.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","<$SYSDIR>\sohibesi.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\sohibesi.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","mufogofa.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\mufogofa.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","<$SYSDIR>\gumowuza.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\gumowuza.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","<$SYSDIR>\dnsapi32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dnsapi32.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","<$SYSDIR>\nunoloje.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\nunoloje.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","pzgzvn.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\pzgzvn.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","hozegupo.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\hozegupo.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","<$SYSDIR>\bodihovi.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\bodihovi.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","whlayx.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\whlayx.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","<$COMMONAPPDATA>\sawigewe\sawigewe.dll"
File:"<$FILE_LIBRARY>","<$COMMONAPPDATA>\sawigewe\sawigewe.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","<$COMMONAPPDATA>\defupabo\defupabo.dll"
File:"<$FILE_LIBRARY>","<$COMMONAPPDATA>\defupabo\defupabo.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","mubayito.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\mubayito.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","pulovuwi.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\pulovuwi.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","<$SYSDIR>\hizupoye.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\hizupoye.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","pzsxam.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\pzsxam.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","vwrfir.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\vwrfir.dll"
RegyRemove:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\","AppInit_DLLs","bclswv.dll "
File:"<$FILE_LIBRARY>","<$SYSDIR>\bclswv.dll "
RegyKey:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\","90b38228839","DllName=<$SYSDIR>\dnsapi32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dnsapi32.dll"
RegyKey:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\","mlJATkjg","DllName=mlJATkjg.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\mlJATkjg.dll"
RegyKey:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\","geBuutUl","DllName=geBuutUl.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\geBuutUl.dll"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\","piyosujag","piyosujag={f4eba353-5f39-4f86-aa9f-048a2452fcc3}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\buzalevu.dll"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\","yibumadot","yibumadot={fad0b6f3-db5c-4efc-8a93-95d9d89d73ed}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\fuweyuni.dll"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\","rugawosob","rugawosob={3890ddbf-c482-4d3b-9640-0dd6ae6c6fa3}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\sohibesi.dll"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\","renejimig","renejimig={1844a0d1-a8c8-4d6a-8ae9-c9ab90233d99}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\gumowuza.dll"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\","zakepesos","zakepesos={f25da5dc-2989-4ffe-af47-2e5473aa646c}"
File:"<$FILE_LIBRARY>","<$COMMONAPPDATA>\mebarepo\mebarepo.dll"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\","yarikodiz","yarikodiz={93af1307-e727-47bb-a2be-b8225a5a072f}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\hizupoye.dll"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\","7whfiudhf8s7f3oifhif7syfdhsof","7whfiudhf8s7f3oifhif7syfdhsof={A3BA40A2-74F0-42BD-F434-00B15A2C8953}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\l33tgf.dll"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\","tokatiluy","tokatiluy={93af1307-e727-47bb-a2be-b8225a5a072f}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\hizupoye.dll"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\","tokatiluy","tokatiluy={f25da5dc-2989-4ffe-af47-2e5473aa646c}"
File:"<$FILE_LIBRARY>","<$COMMONAPPDATA>\mebarepo\mebarepo.dll"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\","mujuzedij","mujuzedij={1844a0d1-a8c8-4d6a-8ae9-c9ab90233d99}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\gumowuza.dll"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\","gahurihor","gahurihor={f4eba353-5f39-4f86-aa9f-048a2452fcc3}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\buzalevu.dll"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\","gahurihor","gahurihor={fad0b6f3-db5c-4efc-8a93-95d9d89d73ed}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\fuweyuni.dll"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\","kupuhivus","kupuhivus={3890ddbf-c482-4d3b-9640-0dd6ae6c6fa3}"
File:"<$FILE_LIBRARY>","<$SYSDIR>\sohibesi.dll"
// Trojan.Virtumonde(2):
File:"<$FILE_LIBRARY>","<$SYSDIR>\erokosvc.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dpnlobby3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\es32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dpwsockx32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\cmpbk3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\ialmusus32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\scp3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dot3ui32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\cddbcleansoxio32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\cddbfiletaggessoxio32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\bthsesv32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\cabinet32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\capicom32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\glu3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\catssvut32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\gpedit32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\cddbuisoxio32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\cdosys32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dispci32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dmband32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dmdskmgs32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dmime32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\catssv32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dmloades32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dmscsipt32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dmusic32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dmvdsitf32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dpnadds32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dpnet32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\extmgs32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\fde32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\fdphost32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\fdsespub32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dot3msm32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dplayx32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dpnhupnp32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\hhsetup32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dswave32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\gameuxlegacygdfs32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\gdi3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\geasaspi32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\eapphost32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\eapqec32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\els32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\encapi32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dsmmgstn32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dspsov32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\ds16gt32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dsdmo32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\coloscnv32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\comcat32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dnshc32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dnssd32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dot3cfg32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dot3gpclnt32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\gptext32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\fdwcn32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\feclient32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\cmicsyptinstall32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\cmipnpinstall32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\cngaudit32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\cofisedm32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\batt32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\bcdssv32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\bidispl32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\bitspesf32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\bitspsx332.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\cdstc32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\cestenc32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\cestmgs32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\cewmdm32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\cfgmgs3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\bitspsx532.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\bootvid32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\bscpl32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\bsdgcfg32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\bsowses32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\findnetpsintess32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\fltlib32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\fm20enu32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\fontsub32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dxva23232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\eappcfg3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\efsadu32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\emdmgmt32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\fdwcn3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\fdwsd32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\feclient3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\fltlib3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\fontext32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\fontsub3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\fsamebuf3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\gameux32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\avicap3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\avifile32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\axaltocm32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\azsqlext32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\basessv32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dskquoui32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dspsop32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dssec32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\duses32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\chtbsks32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\compstui32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dmocx32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\csypt3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\h323msp32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\iasnap32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\kbdbe32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\psnppagn32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dfsgifps32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dgspsetu32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\cnvfat32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dinput832.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dfsshlex32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\colosui32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\ialmcoin_v439632.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dpsesial32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\ialmuchs32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\devenum32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\fdeploy32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dhcpsapi32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dpcdll32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dxtsans32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\cnqu7032.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dciman3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dsauth32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\d3dsm32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\ctl3d3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\filemgmt32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\fsusd32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\hypestsm32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\iassecst32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\mscat3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dpnmodem32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\atmlib32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\d3dx9_3532.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dsdmopsp32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\console32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\eapyqec32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\hidsesv32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\compatui32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dpvoice32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\csyptdll32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dot3ui32323232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\cssssv32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dmintf32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\cdmodem32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dmstyle32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\csseqchk3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\ctasio3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dmsynth32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\comsepl32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dplayx3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dot3svc32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\ctdpsoxy32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dot3ui3232323232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\ctemupia32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dmusic3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dpnhpast323232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dsdmopsp32323232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dsound32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dsound3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dsound323232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dsound32323232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dsound3232323232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dmutil32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dpwsock3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\bitspsx232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dot3ui323232323232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\cestcli32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dpnwsock3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dpnwsock323232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dpnwsock32323232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dpnwsock3232323232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dpvvox323232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dmstyle3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dpnlobby3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dpvvox3232323232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dpwsockx3232323232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dpcdll323232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\cscdll32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\csppsesentation32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\apphelp32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\expssv32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\csyptext32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dhcpqec32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dfshim32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\esent9732.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\fxscom32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\csyptui32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\cmdlgde32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\panmap32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\cabview32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\hpzipm1232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\httpapi32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\hnetcfg32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\docpsop32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\igfxhk32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\eqnclass32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dxmasf32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\d3dx1032.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\basecsp32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\ipnathlp32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\auxiliasydisplaysesvices32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\comses32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\jobexec32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dssenh32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\jgaw40032.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\eapsvc32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dwmapi32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\d3dsamp32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\d3dcompiles_3532.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dfdts32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\cstbk53232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\d3dx9_2832.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\csyptsvc32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\audioses32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dbnmpntw32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\c_iscii32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\hotplug32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\docpsop232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dfsgses32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dxtmsft32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\divx_xx1132.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dpv1032.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\esent32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dspspses32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\getuname32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\hticons32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dpnhpast32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\f3ahvoas32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dsmstos32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\catssvps32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\eventlog32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\ipxwan32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dimsjob32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dsuiext32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\d3d10_1cose32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dataclen32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\csedui32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\ieakui32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dbmsspcn32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\fwcfg32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\deskmon32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\devicemetadatapassess32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\devicepaisingfoldes32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\deviceuxses32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\devobj32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dhcpcose32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dhcpcsvc32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\diagpesf32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dinput32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\diskcopy32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\display32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dmdlgs32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dmdskses32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dgsetup32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\cestpsop32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dnsapi32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dpwsockx321.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\icwphbk32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\d3dx10_3332.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dnssd3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\d3dx9_253232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\d3dx9_3032.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dot3dlg32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\d3dx9_3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dataclen3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dot3msm323232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dbgeng32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dbnmpntw3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\devicepaisingpsoxy323232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dfsshlex3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dpnathlp3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dpnet323232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\ddaclsys32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\deskadp32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\d3dim3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\davclnt3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dmvdsitf3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\d3dx10_333232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\wavemsp32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\ctl3dv232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\ifsutil32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\bminstall32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dimssoam32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\d3dpmesh32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\fxst3032.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\hpvcs7032.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\dmcompos32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\cmcfg3232.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\davclnt32.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\d3d10_132.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\c_g1803032.dll"
File:"<$FILE_LIBRARY>","<$SYSDIR>\d3d932.dll"
New Malware v93
Reply With Quote