CRC32: E0F07D1A
MD5: 549E6D5C0318B913B1C56B4703BAECE3
SHA-1: 804846EC5ED80C2628C1A38B2503A39A05140564
============================================================
MD5: 549E6D5C0318B913B1C56B4703BAECE3
SHA-1: 804846EC5ED80C2628C1A38B2503A39A05140564
============================================================
One or more files with the name XS6KPR0.EXE creates, deletes, copies or moves the following files and folders:
- Deletes c:\windows\system32\drivers\cdaudio.sys
- Copies file$�_CHAR(0x12)_\dllcache\cdaudio.sys to c:\windows\system32\drivers\cdaudio.sys
- Deletes c:\docume~1\user\locals~1\temp\herss.exe
- Deletes c:\docume~1\user\locals~1\temp\cvasds0.dll
- Creates c:\docume~1\user\locals~1\temp\cvasds0.dll
- Deletes c:\xs6kpr0.ex
- Copies filec:\docume~1\user\locals~1\temp\herss.exe to c:\xs6kpr0.ex
- Deletes c:\autorun.in
- Creates c:\autorun.in
- Deletes d:\xs6kpr0.ex
- Copies filec:\docume~1\user\locals~1\temp\herss.exe to d:\xs6kpr0.ex
- Deletes d:\autorun.in
- Creates d:\autorun.in
- Deletes c:\docume~1\user\locals~1\temp\am1.rar
- Deletes c:\docume~1\user\locals~1\temp\am.ex
- Opens/modifes c:\autoexec.bat
- Creates c:\docume~1\user\locals~1\temp\am1.rar
- Deletes c:\docume~1\user\locals~1\temp\am.exe
- Creates c:\docume~1\user\locals~1\temp\am.exe
- Copies file4�_CHAR(0x03)_ P�_CHAR(0x03)_ t�_CHAR(0x03)_ ˜�_CHAR(0x03)_ ��_CHAR(0x01)_ ��_CHAR(0x03)_ _CHAR(0x08)_�_CHAR(0x03)_ _CHAR(0x1C)_�_CHAR(0x03)_ ��� ou_CHAR(0x03)_ \dllcache\cdaudio.sys to c:\windows\system32\drivers\cdaudio.sys
- Copies filec:\docume~1\user\locals~1\temp\am.exe to c:\docume~1\user\locals~1\temp\herss.exe
- Deletes c:\docume~1\user\locals~1\temp\cvasds1.dll
- Creates c:\docume~1\user\locals~1\temp\cvasds1.dll
