File size: 104662 bytes
CRC32: A45B8AA1
MD5: 1D499A0371F38CC407946794B0C743B6
SHA-1: BBB7014496F82535DF0253E7C692B4D4BC600C44
===================================================
Create fileC:\Documents and Settings\[User]\Local Settings\Temp\herss.exe
C:\Documents and Settings\[User]\Local Settings\Temp\ cvasds0 (0-9)
X:\9u.cmd
X:\autorun.inf
Download file
http://gir88e.net/1mg/am1.rar
C:\Documents and Settings\[User]\Local Settings\Temp\am1.rar >am1.exe
Keys addedHKLM\SOFTWARE\Classes\CLSID\MADOWN
Values addedHKLM\SOFTWARE\Classes\CLSID\MADOWN\urlinfo
HKCU\ Software\Microsoft\Windows\CurrentVersion\Run\
cdoosoft: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\herss.exe"
Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Folder\Hidden\SHOWALL\CheckedValue: 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden: 0x00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0x00000000
HKCU\software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDriveTypeAutoRun: 0x00000091
