File size 116,812 bytes
MD5: F1BAE35D296930D2076B9D84BA0C95EA
SHA-1: 9BC4F0C1CBCA3718342BBCAAE2E7BEA759BBFFEE
============================================================
Files created
C:\WINDOWS\system32\olhrwef.exe
C:\WINDOWS\system32\nmdfgds0.dll (0-9)
X:\ljnhwt.bat
X:\yudald.bat
X:\autorun.inf
Keys AddedHKLM\SOFTWARE\Classes\CLSID\MADOWN
HKLM \SYSTEM\ControlSet001\Services\AVPsys
HKLM \SYSTEM\ControlSet001\Services\AVPsys\Security
HKLM \SYSTEM\ControlSet001\Services\AVPsys\Enum
HKLM \SYSTEM\CurrentControlSet\Services\AVPsys
HKLM \SYSTEM\CurrentControlSet\Services\AVPsys\Security
HKLM \SYSTEM\CurrentControlSet\Services\AVPsys\Enum
Values addedHKLM \SOFTWARE\Classes\CLSID\MADOWN\
urlinfo : "mcjhjk.v"
HKLM \ControlSet001\Services\AVPsys\Enum\
Count : 0x00000000
NextInstance : 0x00000000
INITSTARTFAILED : 0x00000001
HKLM \ControlSet001\Services\AVPsys\Security\
Security : 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0
HKLM \ControlSet001\Services\AVPsys\
Type : 0x00000001
Start : 0x00000003
ErrorControl : 0x00000001
ImagePath : "%System%\drivers\cdaudio.sys"
DisplayName : "AVPsys"
HKLM \CurrentControlSet\Services\AVPsys\Enum\
Count : 0x00000000
NextInstance : 0x00000000
INITSTARTFAILED : 0x00000001
HKLM \SYSTEM\CurrentControlSet\Services\AVPsys\Security\
Security : 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0
HKLM\CurrentControlSet\Services\AVPsys
Type : 0x00000001
Start : 0x00000003
ErrorControl : 0x00000001
ImagePath : "%System%\drivers\cdaudio.sys"
DisplayName : "AVPsys"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
cdoosoft : "%System%\olhrwef.exe"
Values Modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\Hidden\SHOWALL\CheckedValue: 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Hidden: 0x00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ShowSuperHidden: 0x00000000
MD5: F1BAE35D296930D2076B9D84BA0C95EA
SHA-1: 9BC4F0C1CBCA3718342BBCAAE2E7BEA759BBFFEE
============================================================
Files created
C:\WINDOWS\system32\olhrwef.exe
C:\WINDOWS\system32\nmdfgds0.dll (0-9)
X:\ljnhwt.bat
X:\yudald.bat
X:\autorun.inf
Keys AddedHKLM\SOFTWARE\Classes\CLSID\MADOWN
HKLM \SYSTEM\ControlSet001\Services\AVPsys
HKLM \SYSTEM\ControlSet001\Services\AVPsys\Security
HKLM \SYSTEM\ControlSet001\Services\AVPsys\Enum
HKLM \SYSTEM\CurrentControlSet\Services\AVPsys
HKLM \SYSTEM\CurrentControlSet\Services\AVPsys\Security
HKLM \SYSTEM\CurrentControlSet\Services\AVPsys\Enum
Values addedHKLM \SOFTWARE\Classes\CLSID\MADOWN\
urlinfo : "mcjhjk.v"
HKLM \ControlSet001\Services\AVPsys\Enum\
Count : 0x00000000
NextInstance : 0x00000000
INITSTARTFAILED : 0x00000001
HKLM \ControlSet001\Services\AVPsys\Security\
Security : 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0
HKLM \ControlSet001\Services\AVPsys\
Type : 0x00000001
Start : 0x00000003
ErrorControl : 0x00000001
ImagePath : "%System%\drivers\cdaudio.sys"
DisplayName : "AVPsys"
HKLM \CurrentControlSet\Services\AVPsys\Enum\
Count : 0x00000000
NextInstance : 0x00000000
INITSTARTFAILED : 0x00000001
HKLM \SYSTEM\CurrentControlSet\Services\AVPsys\Security\
Security : 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0
HKLM\CurrentControlSet\Services\AVPsys
Type : 0x00000001
Start : 0x00000003
ErrorControl : 0x00000001
ImagePath : "%System%\drivers\cdaudio.sys"
DisplayName : "AVPsys"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
cdoosoft : "%System%\olhrwef.exe"
Values Modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\Hidden\SHOWALL\CheckedValue: 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Hidden: 0x00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ShowSuperHidden: 0x00000000
