Code:
:: Rogue.Antivirus2008
// {Cat:Malware}{Cnt:1}
// {Det:N.Jones,2008-07-25}
RegyKey:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\","rhc553j0e9cv"
UninstallByKey:"rhc553j0e9cv","0"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\","AntivirXP08"
AutoRun:"SMrhc553j0e9cv","<$PROGRAMFILES>\rhc553j0e9cv\rhc553j0e9cv.exe","filesize>=6000000,filesize<=15000000"
StartmenuItem:"Antivirus XP 2008.lnk","<$PROGRAMFILES>\rhc553j0e9cv\*.exe","filesize>=1,filesize<=5000"
StartmenuItem:"How to Register Antivirus XP 2008.lnk","filesize>=1,filesize<=5000"
StartmenuItem:"License Agreement.lnk","<$PROGRAMFILES>\rhc553j0e9cv\license.txt","filesize>=1,filesize<=5000"
StartmenuItem:"Register Antivirus XP 2008.lnk","filesize>=1,filesize<=5000"
StartmenuItem:"Uninstall.lnk","<$PROGRAMFILES>\rhc553j0e9cv\Uninstall.exe","filesize>=1,filesize<=5000"
File:"<$FILE_DATA>","<$PROGRAMFILES>\rhc553j0e9cv\database.dat","filesize>=1000,filesize<=3000"
File:"<$FILE_TEXT>","<$PROGRAMFILES>\rhc553j0e9cv\license.txt","filesize=19052,md5=A4CEABD89CABE614F390DD8C7E1B26D2"
File:"<$FILE_EXE>","<$PROGRAMFILES>\rhc553j0e9cv\*.exe","filesize>=600000,filesize<=20000000"
File:"<$FILE_DATA>","<$PROGRAMFILES>\rhc553j0e9cv\rhc553j0e9cv.exe.local","filesize<=1"
DesktopIcon:"Antivirus XP 2008.lnk","<$PROGRAMFILES>\rhc553j0e9cv\*.exe","filesize>=1,filesize<=5000"
QuickLaunchIcon:"Antivirus XP 2008.lnk","<$PROGRAMFILES>\rhc553j0e9cv\*.exe","filesize>=1,filesize<=5000"
File:"<$FILE_EXE>","<$SYSDIR>\*.exe","filesize=94208,md5=CE2A2A5A6F1E7A5D6FA31F5277EAB9AB"
Directory:"<$DIR_PROG>","<$APPDATA>\rhc553j0e9cv\Quarantine\Autorun\HKCU","filename=<$PROGRAMFILES>\rhc553j0e9cv\database.dat"
Directory:"<$DIR_PROG>","<$APPDATA>\rhc553j0e9cv\Quarantine\Autorun\HKCU\RunOnce","filename=<$PROGRAMFILES>\rhc553j0e9cv\database.dat"
Directory:"<$DIR_PROG>","<$APPDATA>\rhc553j0e9cv\Quarantine\Autorun\HKLM","filename=<$PROGRAMFILES>\rhc553j0e9cv\database.dat"
Directory:"<$DIR_PROG>","<$APPDATA>\rhc553j0e9cv\Quarantine\Autorun\HKLM\RunOnce","filename=<$PROGRAMFILES>\rhc553j0e9cv\database.dat"
Directory:"<$DIR_PROG>","<$APPDATA>\rhc553j0e9cv\Quarantine\Autorun\StartMenuAllUsers","filename=<$PROGRAMFILES>\rhc553j0e9cv\database.dat"
Directory:"<$DIR_PROG>","<$APPDATA>\rhc553j0e9cv\Quarantine\Autorun\StartMenuCurrentUser","filename=<$PROGRAMFILES>\rhc553j0e9cv\database.dat"
Directory:"<$DIR_PROG>","<$APPDATA>\rhc553j0e9cv\Quarantine\Autorun","filename=<$PROGRAMFILES>\rhc553j0e9cv\database.dat"
Directory:"<$DIR_PROG>","<$APPDATA>\rhc553j0e9cv\Quarantine\BrowserObjects","filename=<$PROGRAMFILES>\rhc553j0e9cv\database.dat"
Directory:"<$DIR_PROG>","<$APPDATA>\rhc553j0e9cv\Quarantine\Packages","filename=<$PROGRAMFILES>\rhc553j0e9cv\database.dat"
Directory:"<$DIR_PROG>","<$APPDATA>\rhc553j0e9cv\Quarantine","filename=<$PROGRAMFILES>\rhc553j0e9cv\database.dat"
Directory:"<$DIR_PROG>","<$APPDATA>\rhc553j0e9cv","filename=<$PROGRAMFILES>\rhc553j0e9cv\database.dat"
Directory:"<$DIR_PROG>","<$PROGRAMFILES>\rhc553j0e9cv","filename=database.dat"
Directory:"<$DIR_PROG>","<$COMMONPROGRAMS>\Antivirus XP 2008"
DownloadFile:"*.exe","filesize=1394196,md5=C5B6DD099BCEAAC80510BEADDF1C0312"
Maybe somebody can have a look on it and give me some feedback