Files size 115,054 bytes
MD5: 67E7F6CD5C200F0E921C9439941D04E4
SHA-1: 0A01B541005A57F195DE20CF8EE94EBCD31C8A86
============================================================
Files created
C:\Documents and Settings\[UserName]\Local Settings\temp\herss.exe
C:\Documents and Settings\[UserName]\Local Settings\temp\cvasds0.dll (0-9)
X:\hjvjte.exe
X:\wcgswa.exe
X:\autorun.inf
X:\se12ydam.exe
Key Added
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\MADOWN
Values Added
HKLM\SOFTWARE\Classes\CLSID\MADOWN\ urlinfo : "dsa2xsa.q"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
cdoosoft : "%Temp%\herss.exe"
Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ Folder\Hidden\SHOWALL\CheckedValue: 0x00000000 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Hidden: 0x00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ShowSuperHidden: 0x00000000 HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoDriveTypeAutoRun: 0x00000091
MD5: 67E7F6CD5C200F0E921C9439941D04E4
SHA-1: 0A01B541005A57F195DE20CF8EE94EBCD31C8A86
============================================================
Files created
C:\Documents and Settings\[UserName]\Local Settings\temp\herss.exe
C:\Documents and Settings\[UserName]\Local Settings\temp\cvasds0.dll (0-9)
X:\hjvjte.exe
X:\wcgswa.exe
X:\autorun.inf
X:\se12ydam.exe
Key Added
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\MADOWN
Values Added
HKLM\SOFTWARE\Classes\CLSID\MADOWN\ urlinfo : "dsa2xsa.q"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
cdoosoft : "%Temp%\herss.exe"
Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ Folder\Hidden\SHOWALL\CheckedValue: 0x00000000 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Hidden: 0x00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ShowSuperHidden: 0x00000000 HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoDriveTypeAutoRun: 0x00000091
