CRC32: 4E868B9C
MD5: 7112746B97FE64C040F51570FA416AA4
SHA-1: F52C5C1ECF6CAA32AC04DD8C00CD5D8217A5C46C
MD5: 7112746B97FE64C040F51570FA416AA4
SHA-1: F52C5C1ECF6CAA32AC04DD8C00CD5D8217A5C46C
====================================================
One or more files with the name XH319R9B.BAT creates, deletes, copies or moves the following files and folders:- Deletes c:\windows\system32\drivers\cdaudio.sys
- Copies file$�_CHAR(0x12)_\dllcache\cdaudio.sys to c:\windows\system32\drivers\cdaudio.sys
- Deletes c:\windows\system32\olhrwef.exe
- Deletes c:\windows\system32\nmdfgds0.dll
- Creates c:\windows\system32\nmdfgds0.dll
- Deletes c:\xh319r9b.ba
- Copies filec:\windows\system32\olhrwef.exe to c:\xh319r9b.ba
- Deletes c:\autorun.in
- Creates c:\autorun.in
- Deletes d:\xh319r9b.ba
- Copies filec:\windows\system32\olhrwef.exe to d:\xh319r9b.ba
- Deletes d:\autorun.in
- Creates d:\autorun.in
- Deletes c:\docume~1\user\locals~1\temp\help1.rar
- Opens/modifes c:\autoexec.bat
- Creates c:\docume~1\user\locals~1\temp\help1.rar
- Deletes c:\docume~1\user\locals~1\temp\help.exe
- Creates c:\docume~1\user\locals~1\temp\help.exe
- Copies file\dllcache\cdaudio.sys to c:\windows\system32\drivers\cdaudio.sys
- Copies filec:\docume~1\user\locals~1\temp\help.exe to c:\windows\system32\olhrwef.exe
- Deletes c:\windows\system32\c.exe
- Creates c:\windows\system32\c.exe
