w.exe - Dangerous
%sysdir%\dllcache\w.exe
Manual removal instructions:
Antivirus Report of %sysdir%\dllcache\w.exe:
%sysdir%\dllcache\w.exe
We suggest you to remove %SysDir%\dllcache\w.exe from your computer as soon as possible.
%SysDir%\dllcache\w.exe is Trojan/Backdoor.
Kill the process %SysDir%\dllcache\w.exe and remove %SysDir%\dllcache\w.exe from Windows startup.
File: sd.exe (C:\sand-box\sd.exe)
-------------------------------------------------------------------------------------
Classification:
Code:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.08.11 Win32:Losabel-AL
AVG 8.5.0.406 2009.08.12 Win32/PolyCrypt
BitDefender 7.2 2009.08.12 GenPack:Generic.Malware.P!Pk!g.559D75AA
Comodo 1949 2009.08.12 -
DrWeb 5.0.0.12182 2009.08.12 Trojan.DownLoad.24821
F-Secure 8.0.14470.0 2009.08.11 Trojan-Downloader.Win32.Agent.cfun
Kaspersky 7.0.0.125 2009.08.12 Trojan-Downloader.Win32.Agent.cfun
Microsoft 1.4903 2009.08.11 TrojanDownloader:Win32/Losabel.F
NOD32 4327 2009.08.11 probably a variant of Win32/Genetik
Symantec 1.4.4.12 2009.08.12 Trojan Horse
Additional information
File size: 65536 bytes
MD5 : 33d9bef7a4474152356f7ba1d845bec5
SHA1 : 62e81638581108cfb6755622e903a3cd349ad769
-------------------------------------------------------------------------------------
Installation
When the program is executed, it creates the following registry subkeys and values:
----------------------------------
Keys added:127
----------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~.exe
HKLM\SOFTWARE\Microsoft\DownloadManager
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012009081420090815
----------------------------------
Values added:129
----------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\Mousiexp: 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 77 2E 65 78 65 00 00 61 5A 3F 00 00 00 00 00 1E 00 00 00 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 78 00 00 78 65 00 00 01 00 00 00 00 00 00 00 1E 00 00 00 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 78 00 00 78 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe\Debugger: 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 77 2E 65 78 65 00 00 61 5A 3F 00 00 00 00 00 1E 00 00 00 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 78 00 00 78 65 00 00 01 00 00 00 00 00 00 00 1E 00 00 00 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 78 00 00 78 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe\Debugger: 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 77 2E 65 78 65 00 00 61 5A 3F 00 00 00 00 00 1E 00 00 00 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 78 00 00 78 65 00 00 01 00 00 00 00 00 00 00 1E 00 00 00 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 78 00 00 78 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe\Debugger: 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 77 2E 65 78 65 00 00 61 5A 3F 00 00 00 00 00 1E 00 00 00 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 78 00 00 78 65 00 00 01 00 00 00 00 00 00 00 1E 00 00 00 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 78 00 00 78 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
...
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe\Debugger: 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 77 2E 65 78 65 00 00 61 5A 3F 00 00 00 00 00 1E 00 00 00 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 78 00 00 78 65 00 00 01 00 00 00 00 00 00 00 1E 00 00 00 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 78 00 00 78 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~.exe\Debugger: 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 77 2E 65 78 65 00 00 61 5A 3F 00 00 00 00 00 1E 00 00 00 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 78 00 00 78 65 00 00 01 00 00 00 00 00 00 00 1E 00 00 00 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 78 00 00 78 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012009081420090815\CachePath: "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012009081420090815"
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012009081420090815\CachePrefix: ":2009081420090815: "
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012009081420090815\CacheLimit: 0x00002000
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012009081420090815\CacheOptions: 0x0000000B
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012009081420090815\CacheRepair: 0x00000000
----------------------------------
Values modified:6
----------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue: 0x00000000
HKCU\Software\Microsoft\Internet Explorer\Main\Window_Placement: 2C 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 20 03 00 00 3A 02 00 00
HKCU\Software\Microsoft\Internet Explorer\Main\Window_Placement: 2C 00 00 00 00 00 00 00 01 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 20 03 00 00 3A 02 00 00
HKCU\Software\Microsoft\Internet Explorer\Security\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F\UserFile: 01 00 00 00 D0 8C 9D DF 01 15 D1 11 8C 7A 00 C0 4F C2 97 EB 01 00 00 00 A2 C5 D9 2F 35 B2 BE 40 BC E1 10 8F D5 25 9D F2 00 00 00
...
39 D9 E3 A4 6D 49 8E 1A 79 0D 4B 9B DE 2E C2 D7 45 19 16 05 43 93 BF AE 5D 57 D1 70 01 EF 56 D9 50 10 6E 02 5E 8F C2 2E A6 50 8C 66 71 92 2A 01 3B 55 41 BB 1B C1 EB 4D 02 60 03 EC 64 87 DF EA A1 37 7F 7B A4 E0 47 F6 7F 3F 4E 26 3D 71 63 73 72 20 0C D2 4C ED FD 5C 04 73 B2 53 4F 29 EC 92 02 5A BF B3 36 0D 1C CA B7 7A FC AB 46 11 41 AD CF 10 21 6C 9E AD 7B 30 15 C3 F9 27 4D 80 7B 11 1E F4 49 11 09 A7 66 DE 6D 3F EB BE 71 3B 35 79 66 32 71 C4 89 2F CD AE 5F C4 9F BB A5 28 1F E9 1E C9 DF 86 83 82 8E 08 8D F2 0D 9E 6D B6 37 DE 46 09 B2 64 82 96 68 99 5D B1 8C 6C EB C9 38 AD BA 6F EE 03 5F F3 B4 43 CE A4 0E 26 69 CA A7 85 82 CD 95 24 05 28 C9 CA 17 B7 14 00 00 00 C8 B3 11 F1 15 F9 F5 03 1E CD 58 33 25 D2 7D 0B DE B6 5B EF
----------------------------------
Files added:2
----------------------------------
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012009081420090815\index.dat
C:\WINDOWS\system32\dllcache\w.exe
----------------------------------
Files deleted:0
----------------------------------
----------------------------------
Files [attributes?] modified:3
----------------------------------
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\sand-box\sd.exe
----------------------------------
Folders added:1
----------------------------------
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012009081420090815
----------------------------------
Folders deleted:0
----------------------------------
----------------------------------
Total changes:268
----------------------------------
-------------------------------------------------------------------------------------
Internet activity:
Code:
HTTP GET http://www.dj5201314dj.com/images/czkpid...
HTTP GET http://140.115.135.135/ANNOUNCE/ANNO1.EX...
-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:
Item Name: Mousiexp
Author: Microsoft Corporation
Related File: C:\WINDOWS\system32\dllcache\w.exe
Type: Explorer Run
Item Name: 360rpt.exe
Author:
Related File: C:\WINDOWS\system32\dllcache\w.exe
Type: Image Executions Debugger
Item Name: 360Safe.exe
Author:
Related File: C:\WINDOWS\system32\dllcache\w.exe
Type: Image Executions Debugger
...
Item Name: zxsweep.exe
Author:
Related File: C:\WINDOWS\system32\dllcache\w.exe
Type: Image Executions Debugger
Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
| %sysdir%\dllcache\w.exe | Malware |
| %sysdir%\dllcache\w.exe | Dangerous |
| %sysdir%\dllcache\w.exe | High Risk |
%SysDir%\dllcache\w.exe is Trojan/Backdoor.
Kill the process %SysDir%\dllcache\w.exe and remove %SysDir%\dllcache\w.exe from Windows startup.
File: sd.exe (C:\sand-box\sd.exe)
-------------------------------------------------------------------------------------
Classification:
Code:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.08.11 Win32:Losabel-AL
AVG 8.5.0.406 2009.08.12 Win32/PolyCrypt
BitDefender 7.2 2009.08.12 GenPack:Generic.Malware.P!Pk!g.559D75AA
Comodo 1949 2009.08.12 -
DrWeb 5.0.0.12182 2009.08.12 Trojan.DownLoad.24821
F-Secure 8.0.14470.0 2009.08.11 Trojan-Downloader.Win32.Agent.cfun
Kaspersky 7.0.0.125 2009.08.12 Trojan-Downloader.Win32.Agent.cfun
Microsoft 1.4903 2009.08.11 TrojanDownloader:Win32/Losabel.F
NOD32 4327 2009.08.11 probably a variant of Win32/Genetik
Symantec 1.4.4.12 2009.08.12 Trojan Horse
Additional information
File size: 65536 bytes
MD5 : 33d9bef7a4474152356f7ba1d845bec5
SHA1 : 62e81638581108cfb6755622e903a3cd349ad769
-------------------------------------------------------------------------------------
Installation
When the program is executed, it creates the following registry subkeys and values:
----------------------------------
Keys added:127
----------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~.exe
HKLM\SOFTWARE\Microsoft\DownloadManager
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012009081420090815
----------------------------------
Values added:129
----------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\Mousiexp: 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 77 2E 65 78 65 00 00 61 5A 3F 00 00 00 00 00 1E 00 00 00 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 78 00 00 78 65 00 00 01 00 00 00 00 00 00 00 1E 00 00 00 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 78 00 00 78 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe\Debugger: 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 77 2E 65 78 65 00 00 61 5A 3F 00 00 00 00 00 1E 00 00 00 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 78 00 00 78 65 00 00 01 00 00 00 00 00 00 00 1E 00 00 00 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 78 00 00 78 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe\Debugger: 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 77 2E 65 78 65 00 00 61 5A 3F 00 00 00 00 00 1E 00 00 00 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 78 00 00 78 65 00 00 01 00 00 00 00 00 00 00 1E 00 00 00 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 78 00 00 78 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe\Debugger: 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 77 2E 65 78 65 00 00 61 5A 3F 00 00 00 00 00 1E 00 00 00 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 78 00 00 78 65 00 00 01 00 00 00 00 00 00 00 1E 00 00 00 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 78 00 00 78 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
...
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe\Debugger: 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 77 2E 65 78 65 00 00 61 5A 3F 00 00 00 00 00 1E 00 00 00 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 78 00 00 78 65 00 00 01 00 00 00 00 00 00 00 1E 00 00 00 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 78 00 00 78 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~.exe\Debugger: 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 77 2E 65 78 65 00 00 61 5A 3F 00 00 00 00 00 1E 00 00 00 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 78 00 00 78 65 00 00 01 00 00 00 00 00 00 00 1E 00 00 00 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 64 6C 6C 63 61 63 68 65 5C 78 00 00 78 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012009081420090815\CachePath: "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012009081420090815"
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012009081420090815\CachePrefix: ":2009081420090815: "
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012009081420090815\CacheLimit: 0x00002000
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012009081420090815\CacheOptions: 0x0000000B
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012009081420090815\CacheRepair: 0x00000000
----------------------------------
Values modified:6
----------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue: 0x00000000
HKCU\Software\Microsoft\Internet Explorer\Main\Window_Placement: 2C 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 20 03 00 00 3A 02 00 00
HKCU\Software\Microsoft\Internet Explorer\Main\Window_Placement: 2C 00 00 00 00 00 00 00 01 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 20 03 00 00 3A 02 00 00
HKCU\Software\Microsoft\Internet Explorer\Security\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F\UserFile: 01 00 00 00 D0 8C 9D DF 01 15 D1 11 8C 7A 00 C0 4F C2 97 EB 01 00 00 00 A2 C5 D9 2F 35 B2 BE 40 BC E1 10 8F D5 25 9D F2 00 00 00
...
39 D9 E3 A4 6D 49 8E 1A 79 0D 4B 9B DE 2E C2 D7 45 19 16 05 43 93 BF AE 5D 57 D1 70 01 EF 56 D9 50 10 6E 02 5E 8F C2 2E A6 50 8C 66 71 92 2A 01 3B 55 41 BB 1B C1 EB 4D 02 60 03 EC 64 87 DF EA A1 37 7F 7B A4 E0 47 F6 7F 3F 4E 26 3D 71 63 73 72 20 0C D2 4C ED FD 5C 04 73 B2 53 4F 29 EC 92 02 5A BF B3 36 0D 1C CA B7 7A FC AB 46 11 41 AD CF 10 21 6C 9E AD 7B 30 15 C3 F9 27 4D 80 7B 11 1E F4 49 11 09 A7 66 DE 6D 3F EB BE 71 3B 35 79 66 32 71 C4 89 2F CD AE 5F C4 9F BB A5 28 1F E9 1E C9 DF 86 83 82 8E 08 8D F2 0D 9E 6D B6 37 DE 46 09 B2 64 82 96 68 99 5D B1 8C 6C EB C9 38 AD BA 6F EE 03 5F F3 B4 43 CE A4 0E 26 69 CA A7 85 82 CD 95 24 05 28 C9 CA 17 B7 14 00 00 00 C8 B3 11 F1 15 F9 F5 03 1E CD 58 33 25 D2 7D 0B DE B6 5B EF
----------------------------------
Files added:2
----------------------------------
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012009081420090815\index.dat
C:\WINDOWS\system32\dllcache\w.exe
----------------------------------
Files deleted:0
----------------------------------
----------------------------------
Files [attributes?] modified:3
----------------------------------
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\sand-box\sd.exe
----------------------------------
Folders added:1
----------------------------------
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012009081420090815
----------------------------------
Folders deleted:0
----------------------------------
----------------------------------
Total changes:268
----------------------------------
-------------------------------------------------------------------------------------
Internet activity:
Code:
HTTP GET http://www.dj5201314dj.com/images/czkpid...
HTTP GET http://140.115.135.135/ANNOUNCE/ANNO1.EX...
-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:
Item Name: Mousiexp
Author: Microsoft Corporation
Related File: C:\WINDOWS\system32\dllcache\w.exe
Type: Explorer Run
Item Name: 360rpt.exe
Author:
Related File: C:\WINDOWS\system32\dllcache\w.exe
Type: Image Executions Debugger
Item Name: 360Safe.exe
Author:
Related File: C:\WINDOWS\system32\dllcache\w.exe
Type: Image Executions Debugger
...
Item Name: zxsweep.exe
Author:
Related File: C:\WINDOWS\system32\dllcache\w.exe
Type: Image Executions Debugger
Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.