File size :116,664 bytes
MD5: 092DDC2BFB9E81138CD9A23E4DE85418
SHA-1: 2F757A2BFAAF85C3FFF45021EEAC2E5B50799E96
============================================================
Files created
X:\ek.com
X:\autorun.inf
C:\WINDOWS\system32\kavo.exe
C:\WINDOWS\system32\kavo0.dll (0-9)
C:\Documents and Settings\Administrator\Local Settings\Temp\ra2m5a.dll
Keys Added:
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SDRTYX
HKLM \SYSTEM\ControlSet001\Enum\Root\LEGACY_SDRTYX\0000
HKLM \SYSTEM\ControlSet001\Enum\Root\LEGACY_SDRTYX\0000\Control
HKLM \SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SDRTYX
HKLM \SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SDRTYX\0000
HKLM \SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SDRTYX\0000\Control
Values Added:
HKLM \SYSTEM\ControlSet001\Enum\Root\LEGACY_SDRTYX\0000\Control\
*NewlyCreated* : 0x00000000
ActiveService : "sdrtyx"
HKLM \SYSTEM\ControlSet001\Enum\Root\LEGACY_SDRTYX\0000\
Service : "sdrtyx"
Legacy : 0x00000001
ConfigFlags : 0x00000000
Class : "LegacyDriver"
ClassGUID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
DeviceDesc : "sdrtyx"
HKLM \SYSTEM\ControlSet001\Enum\Root\LEGACY_SDRTYX\
NextInstance : 0x00000001
HKLM \SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SDRTYX\0000\Control\
*NewlyCreated* : 0x00000000
ActiveService : "sdrtyx"
HKLM \SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SDRTYX\0000\
Service : "sdrtyx"
Legacy : 0x00000001
ConfigFlags : 0x00000000
Class = "LegacyDriver"
ClassGUID : "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
DeviceDesc : "sdrtyx"
HKLM \SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SDRTYX\
NextInstance : 0x00000001
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
kava : "%System%\kavo.exe"
Values Modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\Hidden\SHOWALL\CheckedValue: 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Hidden: 0x00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ShowSuperHidden: 0x00000000
MD5: 092DDC2BFB9E81138CD9A23E4DE85418
SHA-1: 2F757A2BFAAF85C3FFF45021EEAC2E5B50799E96
============================================================
Files created
X:\ek.com
X:\autorun.inf
C:\WINDOWS\system32\kavo.exe
C:\WINDOWS\system32\kavo0.dll (0-9)
C:\Documents and Settings\Administrator\Local Settings\Temp\ra2m5a.dll
Keys Added:
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SDRTYX
HKLM \SYSTEM\ControlSet001\Enum\Root\LEGACY_SDRTYX\0000
HKLM \SYSTEM\ControlSet001\Enum\Root\LEGACY_SDRTYX\0000\Control
HKLM \SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SDRTYX
HKLM \SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SDRTYX\0000
HKLM \SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SDRTYX\0000\Control
Values Added:
HKLM \SYSTEM\ControlSet001\Enum\Root\LEGACY_SDRTYX\0000\Control\
*NewlyCreated* : 0x00000000
ActiveService : "sdrtyx"
HKLM \SYSTEM\ControlSet001\Enum\Root\LEGACY_SDRTYX\0000\
Service : "sdrtyx"
Legacy : 0x00000001
ConfigFlags : 0x00000000
Class : "LegacyDriver"
ClassGUID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
DeviceDesc : "sdrtyx"
HKLM \SYSTEM\ControlSet001\Enum\Root\LEGACY_SDRTYX\
NextInstance : 0x00000001
HKLM \SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SDRTYX\0000\Control\
*NewlyCreated* : 0x00000000
ActiveService : "sdrtyx"
HKLM \SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SDRTYX\0000\
Service : "sdrtyx"
Legacy : 0x00000001
ConfigFlags : 0x00000000
Class = "LegacyDriver"
ClassGUID : "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
DeviceDesc : "sdrtyx"
HKLM \SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SDRTYX\
NextInstance : 0x00000001
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
kava : "%System%\kavo.exe"
Values Modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\Hidden\SHOWALL\CheckedValue: 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Hidden: 0x00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ShowSuperHidden: 0x00000000
