Home » Virus List
Trojan.Win32.Generic
Risk Level 1
 
File Size : 8593342 KB
File Type : Portable Executable file
File Name

AutoWorld 3D Garage.exe

MD5

24db1532abb0bedba58666198a45c119

SHA1

ea44c486e5025cc720851931b1ce43c5fc364803

SHA256

342e6ec58511b5af7fee92d1c31aea6c615bd5034df100c416

General information:

AutoWorld 3D Garage.exe

Changes to registry :

* Modifies value "(Default)=C:\Windows\svchost.com "%1" %*" in key HKEY_LOCAL_MACHINE\software\Classes\exefile\shell\open\command
binary data=43003A005C00570069006E0064006F00770073005C0073007600630068006F00730074002E0063006F006D0020002200250031002200200025002A000000
old value "(Default)="%1" %*"
binary data=2200250031002200200025002A000000
* Creates value "Name=AutoWorld 3D Garage.exe" in key HKEY_LOCAL_MACHINE\software\microsoft\Direct3D\MostRecentApplication
binary data=4100750074006F0057006F0072006C00640020003300440020004700610072006100670065002E006500780065000000
* Creates value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "UseGlobalSettings=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "Inno Setup: Setup Version=5.1.7" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\AutoWorld 3D Garage_is1
binary data=35002E0031002E0037000000
* Creates value "Inno Setup: App Path=C:\Program Files\StatusSoft\AutoWorld 3D Garage" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\AutoWorld 3D Garage_is1
binary data=43003A005C00500072006F006700720061006D002000460069006C00650073005C0053007400610074007500730053006F00660074005C004100750074006F0057006F0072006C00640020003300440020004700610072006100670065000000
* Creates value "InstallLocation=C:\Program Files\StatusSoft\AutoWorld 3D Garage\" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\AutoWorld 3D Garage_is1
binary data=43003A005C00500072006F006700720061006D002000460069006C00650073005C0053007400610074007500730053006F00660074005C004100750074006F0057006F0072006C00640020003300440020004700610072006100670065005C000000
* Creates value "Inno Setup: Icon Group=AutoWorld 3D Garage" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\AutoWorld 3D Garage_is1
binary data=4100750074006F0057006F0072006C00640020003300440020004700610072006100670065000000
* Creates value "Inno Setup: User=vmware" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\AutoWorld 3D Garage_is1
binary data=76006D0077006100720065000000
* Creates value "Inno Setup: Selected Tasks=desktopicon,quicklaunchicon" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\AutoWorld 3D Garage_is1
binary data=6400650073006B0074006F007000690063006F006E002C0071007500690063006B006C00610075006E0063006800690063006F006E000000
* Creates value "DisplayName=AutoWorld 3D Garage 2.24" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\AutoWorld 3D Garage_is1
binary data=4100750074006F0057006F0072006C0064002000330044002000470061007200610067006500200032002E00320034000000
* Creates value "UninstallString="C:\Program Files\StatusSoft\AutoWorld 3D Garage\unins000.exe"" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\AutoWorld 3D Garage_is1
binary data=220043003A005C00500072006F006700720061006D002000460069006C00650073005C0053007400610074007500730053006F00660074005C004100750074006F0057006F0072006C00640020003300440020004700610072006100670065005C0075006E0069006E0073003000300030002E0065007800650022000000
* Creates value "QuietUninstallString="C:\Program Files\StatusSoft\AutoWorld 3D Garage\unins000.exe" /SILENT" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\AutoWorld 3D Garage_is1
binary data=220043003A005C00500072006F006700720061006D002000460069006C00650073005C0053007400610074007500730053006F00660074005C004100750074006F0057006F0072006C00640020003300440020004700610072006100670065005C0075006E0069006E0073003000300030002E00650078006500220020002F00530049004C0045004E0054000000
* Creates value "Publisher=StatusSoft Team" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\AutoWorld 3D Garage_is1
binary data=53007400610074007500730053006F006600740020005400650061006D000000
* Creates value "URLInfoAbout=http://www.statussoft.com" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\AutoWorld 3D Garage_is1
binary data=68007400740070003A002F002F007700770077002E0073007400610074007500730073006F00660074002E0063006F006D000000
* Creates value "HelpLink=http://www.statussoft.com" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\AutoWorld 3D Garage_is1
binary data=68007400740070003A002F002F007700770077002E0073007400610074007500730073006F00660074002E0063006F006D000000
* Creates value "NoModify=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\AutoWorld 3D Garage_is1
* Creates value "NoRepair=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\AutoWorld 3D Garage_is1
* Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting
* Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps
* Creates value "Path=C:\Program Files\StatusSoft\AutoWorld 3D Garage\cars\audia3_2003.aw3" in key HKEY_LOCAL_MACHINE\software\StatusSoft\AutoWorld 3D\Cars\Audi A3 2003
binary data=43003A005C00500072006F006700720061006D002000460069006C00650073005C0053007400610074007500730053006F00660074005C004100750074006F0057006F0072006C00640020003300440020004700610072006100670065005C0063006100720073005C006100750064006900610033005F0032003000300033002E006100770033000000
* Creates value "Color=00FFFF00" in key HKEY_LOCAL_MACHINE\software\StatusSoft\AutoWorld 3D\Cars\Audi A3 2003
* Creates value "Transp=654D0128" in key HKEY_LOCAL_MACHINE\software\StatusSoft\AutoWorld 3D\Cars\Audi A3 2003
* Creates value "WColor=50000000" in key HKEY_LOCAL_MACHINE\software\StatusSoft\AutoWorld 3D\Cars\Audi A3 2003
* Creates value "Path=C:\Program Files\StatusSoft\AutoWorld 3D Garage\cars\AudiTT_1998.aw3" in key HKEY_LOCAL_MACHINE\software\StatusSoft\AutoWorld 3D\Cars\Audi TT 1998
binary data=43003A005C00500072006F006700720061006D002000460069006C00650073005C0053007400610074007500730053006F00660074005C004100750074006F0057006F0072006C00640020003300440020004700610072006100670065005C0063006100720073005C004100750064006900540054005F0031003900390038002E006100770033000000
* Creates value "Color=00FF0000" in key HKEY_LOCAL_MACHINE\software\StatusSoft\AutoWorld 3D\Cars\Audi TT 1998
* Creates value "Transp=654D0128" in key HKEY_LOCAL_MACHINE\software\StatusSoft\AutoWorld 3D\Cars\Audi TT 1998
* Creates value "WColor=50000000" in key HKEY_LOCAL_MACHINE\software\StatusSoft\AutoWorld 3D\Cars\Audi TT 1998
* Creates value "Path=C:\Program Files\StatusSoft\AutoWorld 3D Garage\cars\lambgal_2003.aw3" in key HKEY_LOCAL_MACHINE\software\StatusSoft\AutoWorld 3D\Cars\Lamborghini Gallardo 2003
binary data=43003A005C00500072006F006700720061006D002000460069006C00650073005C0053007400610074007500730053006F00660074005C004100750074006F0057006F0072006C00640020003300440020004700610072006100670065005C0063006100720073005C006C0061006D006200670061006C005F0032003000300033002E006100770033000000
* Creates value "Color=00E80000" in key HKEY_LOCAL_MACHINE\software\StatusSoft\AutoWorld 3D\Cars\Lamborghini Gallardo 2003
* Creates value "Transp=654D0128" in key HKEY_LOCAL_MACHINE\software\StatusSoft\AutoWorld 3D\Cars\Lamborghini Gallardo 2003
* Creates value "WColor=50000000" in key HKEY_LOCAL_MACHINE\software\StatusSoft\AutoWorld 3D\Cars\Lamborghini Gallardo 2003
* Creates value "Path=C:\Program Files\StatusSoft\AutoWorld 3D Garage\cars\lambmur_2001.aw3" in key HKEY_LOCAL_MACHINE\software\StatusSoft\AutoWorld 3D\Cars\Lamborghini Murcielago 2001
binary data=43003A005C00500072006F006700720061006D002000460069006C00650073005C0053007400610074007500730053006F00660074005C004100750074006F0057006F0072006C00640020003300440020004700610072006100670065005C0063006100720073005C006C0061006D0062006D00750072005F0032003000300031002E006100770033000000
* Creates value "Color=00AAAA55" in key HKEY_LOCAL_MACHINE\software\StatusSoft\AutoWorld 3D\Cars\Lamborghini Murcielago 2001
* Creates value "Transp=654D0128" in key HKEY_LOCAL_MACHINE\software\StatusSoft\AutoWorld 3D\Cars\Lamborghini Murcielago 2001
* Creates value "WColor=50000000" in key HKEY_LOCAL_MACHINE\software\StatusSoft\AutoWorld 3D\Cars\Lamborghini Murcielago 2001
* Creates value "Path=C:\Program Files\StatusSoft\AutoWorld 3D Garage\cars\mercsl_2001.aw3" in key HKEY_LOCAL_MACHINE\software\StatusSoft\AutoWorld 3D\Cars\Mercedes-Benz SL 2001
binary data=43003A005C00500072006F006700720061006D002000460069006C00650073005C0053007400610074007500730053006F00660074005C004100750074006F0057006F0072006C00640020003300440020004700610072006100670065005C0063006100720073005C006D0065007200630073006C005F0032003000300031002E006100770033000000
* Creates value "Color=00FFFFFF" in key HKEY_LOCAL_MACHINE\software\StatusSoft\AutoWorld 3D\Cars\Mercedes-Benz SL 2001
* Creates value "Transp=654D0128" in key HKEY_LOCAL_MACHINE\software\StatusSoft\AutoWorld 3D\Cars\Mercedes-Benz SL 2001
* Creates value "WColor=50000000" in key HKEY_LOCAL_MACHINE\software\StatusSoft\AutoWorld 3D\Cars\Mercedes-Benz SL 2001
* Creates value "Path=C:\Program Files\StatusSoft\AutoWorld 3D Garage\cars\mitseclipse_2005.aw3" in key HKEY_LOCAL_MACHINE\software\StatusSoft\AutoWorld 3D\Cars\Mitsubishi Eclipse 2005
binary data=43003A005C00500072006F006700720061006D002000460069006C00650073005C0053007400610074007500730053006F00660074005C004100750074006F0057006F0072006C00640020003300440020004700610072006100670065005C0063006100720073005C006D00690074007300650063006C0069007000730065005F0032003000300035002E006100770033000000
* Creates value "Color=00FF6600" in key HKEY_LOCAL_MACHINE\software\StatusSoft\AutoWorld 3D\Cars\Mitsubishi Eclipse 2005
* Creates value "Transp=654D0128" in key HKEY_LOCAL_MACHINE\software\StatusSoft\AutoWorld 3D\Cars\Mitsubishi Eclipse 2005
* Creates value "WColor=50000000" in key HKEY_LOCAL_MACHINE\software\StatusSoft\AutoWorld 3D\Cars\Mitsubishi Eclipse 2005
* Creates value "Path=C:\Program Files\StatusSoft\AutoWorld 3D Garage" in key HKEY_LOCAL_MACHINE\software\StatusSoft\AutoWorld 3D\Savers\Garage
binary data=43003A005C00500072006F006700720061006D002000460069006C00650073005C0053007400610074007500730053006F00660074005C004100750074006F0057006F0072006C00640020003300440020004700610072006100670065000000
* Creates value "Speaker Configuration=00000004" in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\MediaResources\DirectSound\Speaker Configuration
* Creates value "SCRNSAVE.EXE=C:\Windows\system32\AutoWo~1.scr" in key HKEY_CURRENT_USER\Control Panel\Desktop
binary data=43003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C004100750074006F0057006F007E0031002E007300630072000000
* Modifies value "NukeOnDelete=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{d830145d-1c80-11e6-b8aa-806e6f6e6963}
old value empty
* Creates value "(Default)=31" in key HKEY_CURRENT_USER\software\SandboxAutoExec
* Creates Registry key HKEY_CURRENT_USER\software\StatusSoft\AutoWorld 3D\Cars\Audi A3 2003
* Creates Registry key HKEY_CURRENT_USER\software\StatusSoft\AutoWorld 3D\Cars\Audi TT 1998
* Creates Registry key HKEY_CURRENT_USER\software\StatusSoft\AutoWorld 3D\Cars\Lamborghini Gallardo 2003
* Creates Registry key HKEY_CURRENT_USER\software\StatusSoft\AutoWorld 3D\Cars\Lamborghini Murcielago 2001
* Creates Registry key HKEY_CURRENT_USER\software\StatusSoft\AutoWorld 3D\Cars\Mercedes-Benz SL 2001
* Creates Registry key HKEY_CURRENT_USER\software\StatusSoft\AutoWorld 3D\Cars\Mitsubishi Eclipse 2005
* Creates value "RegUrl=https://www.plimus.com/jsp/buynow.jsp?contractId=1687012" in key HKEY_CURRENT_USER\software\StatusSoft\AutoWorld 3D\Savers\Garage
binary data=680074007400700073003A002F002F007700770077002E0070006C0069006D00750073002E0063006F006D002F006A00730070002F006200750079006E006F0077002E006A00730070003F0063006F006E0074007200610063007400490064003D0031003600380037003000310032000000
* Creates value "ShowFPS=00000001" in key HKEY_CURRENT_USER\software\StatusSoft\AutoWorld 3D\Savers\Garage
* Creates value "ShowHelp=00000002" in key HKEY_CURRENT_USER\software\StatusSoft\AutoWorld 3D\Savers\Garage
* Creates value "DigClock_24H=00000002" in key HKEY_CURRENT_USER\software\StatusSoft\AutoWorld 3D\Savers\Garage
* Creates value "ShowTime=00000001" in key HKEY_CURRENT_USER\software\StatusSoft\AutoWorld 3D\Savers\Garage
* Creates value "VSYNC=00000001" in key HKEY_CURRENT_USER\software\StatusSoft\AutoWorld 3D\Savers\Garage
* Creates value "ExitOnMouseMove=00000002" in key HKEY_CURRENT_USER\software\StatusSoft\AutoWorld 3D\Savers\Garage
* Creates value "SFX=00000002" in key HKEY_CURRENT_USER\software\StatusSoft\AutoWorld 3D\Savers\Garage
* Creates value "Music=00000002" in key HKEY_CURRENT_USER\software\StatusSoft\AutoWorld 3D\Savers\Garage
* Creates value "UseDesktopSettings=00000002" in key HKEY_CURRENT_USER\software\StatusSoft\AutoWorld 3D\Savers\Garage
* Creates value "GmCntrl=00000064" in key HKEY_CURRENT_USER\software\StatusSoft\AutoWorld 3D\Savers\Garage
* Creates value "Height=00000258" in key HKEY_CURRENT_USER\software\StatusSoft\AutoWorld 3D\Savers\Garage
* Creates value "Width=00000320" in key HKEY_CURRENT_USER\software\StatusSoft\AutoWorld 3D\Savers\Garage
* Creates value "BitCount=00000020" in key HKEY_CURRENT_USER\software\StatusSoft\AutoWorld 3D\Savers\Garage
* Creates value "MusicVolume=00000064" in key HKEY_CURRENT_USER\software\StatusSoft\AutoWorld 3D\Savers\Garage
* Creates value "SandboxieRpcSs.exe=Sandboxie COM Services (RPC)" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Sandboxie
binary data=530061006E00640062006F00780069006500200043004F004D002000530065007200760069006300650073002000280052005000430029000000
* Creates value "Neshta.exe=AutoWorld 3D Garage Setup " in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Sandbox\vmware\DefaultBox\user\current\AppData\Local\Temp\3582-490
binary data=4100750074006F0057006F0072006C0064002000330044002000470061007200610067006500200053006500740075007000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000
* Creates value "is-342C8.tmp=Setup/Uninstall" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Sandbox\vmware\DefaultBox\user\current\AppData\Local\Temp\is-5LC7F.tmp
binary data=530065007400750070002F0055006E0069006E007300740061006C006C000000
* Creates value "AutoWorld 3D Garage.exe=AutoWorld 3D" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Sandbox\vmware\DefaultBox\drive\C\Program Files\StatusSoft\AutoWorld 3D Garage
binary data=4100750074006F0057006F0072006C0064002000330044000000

Changes to filesystem:

* Modifies file C:\Boot\memtest.exe
* Modifies file C:\bsa\BSA.EXE
* Modifies file C:\bsa\EXEINFO.EXE
* Modifies file C:\bsa\HAPI.EXE
* Modifies file C:\bsa\LANG\Translator.exe
* Modifies file C:\bsa\MDMP32.EXE
* Modifies file C:\bsa\MDMP64.EXE
* Modifies file C:\bsa\PCAP\UUDEVIEW.EXE
* Modifies file C:\bsa\PEID.EXE
* Modifies file C:\bsa\R3S32.EXE
* Modifies file C:\bsa\R3S64.EXE
* Modifies file C:\bsa\SIGNSRCH.EXE
* Modifies file C:\Documents and Settings\vmware\AppData\Local\Application Data\APPLIC~1\Temp\storePwd.exe
* Modifies file C:\Documents and Settings\vmware\AppData\Local\Application Data\Temp\storePwd.exe
* Modifies file C:\Documents and Settings\vmware\AppData\Local\Application Data\Temp\upgrader.exe
* Modifies file C:\Documents and Settings\vmware\AppData\Local\Application Data\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\BSA.EXE
* Modifies file C:\Documents and Settings\vmware\AppData\Local\Application Data\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\EXEINFO.EXE
* Modifies file C:\Documents and Settings\vmware\AppData\Local\Application Data\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\HAPI.EXE
* Modifies file C:\Documents and Settings\vmware\AppData\Local\Application Data\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\LANG\Translator.exe
* Modifies file C:\Documents and Settings\vmware\AppData\Local\Application Data\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\MDMP32.EXE
* Modifies file C:\Documents and Settings\vmware\AppData\Local\Application Data\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\MDMP64.EXE
* Modifies file C:\Documents and Settings\vmware\AppData\Local\Application Data\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\PCAP\UUDEVIEW.EXE
* Modifies file C:\Documents and Settings\vmware\AppData\Local\Application Data\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\PEID.EXE
* Modifies file C:\Documents and Settings\vmware\AppData\Local\Application Data\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\R3S32.EXE
* Modifies file C:\Documents and Settings\vmware\AppData\Local\Application Data\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\R3S64.EXE
* Modifies file C:\Documents and Settings\vmware\AppData\Local\Application Data\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\SIGNSRCH.EXE
* Modifies file C:\Documents and Settings\vmware\AppData\Local\Application Data\Temp\vmware-vmware\VMwareDnD\bac98776\SandboxieInstall\SandboxieInstall.exe
* Modifies file C:\Documents and Settings\vmware\AppData\Local\Application Data\Temp\vmware-vmware\VMwareDnD\bac98776\WinPcap_4_1_3\WinPcap_4_1_3.exe
* Modifies file C:\Documents and Settings\vmware\AppData\Local\Temp\storePwd.exe
* Modifies file C:\Documents and Settings\vmware\AppData\Local\Temp\upgrader.exe
* Modifies file C:\Documents and Settings\vmware\AppData\Local\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\BSA.EXE
* Modifies file C:\Documents and Settings\vmware\AppData\Local\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\EXEINFO.EXE
* Modifies file C:\Documents and Settings\vmware\AppData\Local\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\HAPI.EXE
* Modifies file C:\Documents and Settings\vmware\AppData\Local\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\LANG\Translator.exe
* Modifies file C:\Documents and Settings\vmware\AppData\Local\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\MDMP32.EXE
* Modifies file C:\Documents and Settings\vmware\AppData\Local\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\MDMP64.EXE
* Modifies file C:\Documents and Settings\vmware\AppData\Local\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\PCAP\UUDEVIEW.EXE
* Modifies file C:\Documents and Settings\vmware\AppData\Local\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\PEID.EXE
* Modifies file C:\Documents and Settings\vmware\AppData\Local\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\R3S32.EXE
* Modifies file C:\Documents and Settings\vmware\AppData\Local\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\R3S64.EXE
* Modifies file C:\Documents and Settings\vmware\AppData\Local\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\SIGNSRCH.EXE
* Modifies file C:\Documents and Settings\vmware\AppData\Local\Temp\vmware-vmware\VMwareDnD\bac98776\SandboxieInstall\SandboxieInstall.exe
* Modifies file C:\Documents and Settings\vmware\AppData\Local\Temp\vmware-vmware\VMwareDnD\bac98776\WinPcap_4_1_3\WinPcap_4_1_3.exe
* Modifies file C:\Documents and Settings\vmware\Desktop\bsa\BSA.EXE
* Modifies file C:\Documents and Settings\vmware\Desktop\bsa\EXEINFO.EXE
* Modifies file C:\Documents and Settings\vmware\Desktop\bsa\HAPI.EXE
* Modifies file C:\Documents and Settings\vmware\Desktop\bsa\LANG\Translator.exe
* Modifies file C:\Documents and Settings\vmware\Desktop\bsa\MDMP32.EXE
* Modifies file C:\Documents and Settings\vmware\Desktop\bsa\MDMP64.EXE
* Modifies file C:\Documents and Settings\vmware\Desktop\bsa\PCAP\UUDEVIEW.EXE
* Modifies file C:\Documents and Settings\vmware\Desktop\bsa\PEID.EXE
* Modifies file C:\Documents and Settings\vmware\Desktop\bsa\R3S32.EXE
* Modifies file C:\Documents and Settings\vmware\Desktop\bsa\R3S64.EXE
* Modifies file C:\Documents and Settings\vmware\Desktop\bsa\SIGNSRCH.EXE
* Creates file C:\Documents and Settings\vmware\Desktop\report\119\Virus.Win32.Lamer.exe
* Modifies file C:\Documents and Settings\vmware\Desktop\SandboxieInstall\SandboxieInstall.exe
* Modifies file C:\Documents and Settings\vmware\Desktop\WinPcap_4_1_3\WinPcap_4_1_3.exe
* Modifies file C:\Documents and Settings\vmware\Local Settings\Temp\storePwd.exe
* Modifies file C:\Documents and Settings\vmware\Local Settings\Temp\upgrader.exe
* Modifies file C:\Documents and Settings\vmware\Local Settings\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\BSA.EXE
* Modifies file C:\Documents and Settings\vmware\Local Settings\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\EXEINFO.EXE
* Modifies file C:\Documents and Settings\vmware\Local Settings\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\HAPI.EXE
* Modifies file C:\Documents and Settings\vmware\Local Settings\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\LANG\Translator.exe
* Modifies file C:\Documents and Settings\vmware\Local Settings\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\MDMP32.EXE
* Modifies file C:\Documents and Settings\vmware\Local Settings\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\MDMP64.EXE
* Modifies file C:\Documents and Settings\vmware\Local Settings\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\PCAP\UUDEVIEW.EXE
* Modifies file C:\Documents and Settings\vmware\Local Settings\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\PEID.EXE
* Modifies file C:\Documents and Settings\vmware\Local Settings\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\R3S32.EXE
* Modifies file C:\Documents and Settings\vmware\Local Settings\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\R3S64.EXE
* Modifies file C:\Documents and Settings\vmware\Local Settings\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\SIGNSRCH.EXE
* Modifies file C:\Documents and Settings\vmware\Local Settings\Temp\vmware-vmware\VMwareDnD\bac98776\SandboxieInstall\SandboxieInstall.exe
* Modifies file C:\Documents and Settings\vmware\Local Settings\Temp\vmware-vmware\VMwareDnD\bac98776\WinPcap_4_1_3\WinPcap_4_1_3.exe
* Modifies file C:\Program Files\Common Files\microsoft shared\ink\ConvertInkStore.exe
* Modifies file C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe
* Modifies file C:\Program Files\Common Files\microsoft shared\ink\InkWatson.exe
* Modifies file C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
* Modifies file C:\Program Files\Common Files\microsoft shared\ink\mip.exe
* Modifies file C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe
* Modifies file C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
* Modifies file C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe
* Modifies file C:\Program Files\Common Files\VMware\Drivers\vss\comreg.exe
* Modifies file C:\Program Files\DVD Maker\DVDMaker.exe
* Modifies file C:\Program Files\Google\Chrome\Application\50.0.2661.102\delegate_execute.exe
* Modifies file C:\Program Files\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe
* Modifies file C:\Program Files\Google\Chrome\Application\50.0.2661.102\Installer\setup.exe
* Modifies file C:\Program Files\Google\Chrome\Application\50.0.2661.102\nacl64.exe
* Modifies file C:\Program Files\Google\Chrome\Application\50.0.2661.94\delegate_execute.exe
* Modifies file C:\Program Files\Google\Chrome\Application\50.0.2661.94\Installer\chrmstp.exe
* Modifies file C:\Program Files\Google\Chrome\Application\50.0.2661.94\Installer\setup.exe
* Modifies file C:\Program Files\Google\Chrome\Application\50.0.2661.94\nacl64.exe
* Modifies file C:\Program Files\Google\Chrome\Application\chrome.exe
* Modifies file C:\Program Files\Google\Update\1.3.30.3\GoogleCrashHandler.exe
* Modifies file C:\Program Files\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
* Modifies file C:\Program Files\Google\Update\1.3.30.3\GoogleUpdate.exe
* Modifies file C:\Program Files\Google\Update\1.3.30.3\GoogleUpdateBroker.exe
* Modifies file C:\Program Files\Google\Update\1.3.30.3\GoogleUpdateComRegisterShell64.exe
* Modifies file C:\Program Files\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe
* Modifies file C:\Program Files\Google\Update\1.3.30.3\GoogleUpdateSetup.exe
* Modifies file C:\Program Files\Google\Update\1.3.30.3\GoogleUpdateWebPlugin.exe
* Modifies file C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.30.3\GoogleUpdateSetup.exe
* Modifies file C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\50.0.2661.102\50.0.2661.102_50.0.2661.94_chrome_updater.exe
* Modifies file C:\Program Files\Google\Update\GoogleUpdate.exe
* Modifies file C:\Program Files\Internet Explorer\ExtExport.exe
* Modifies file C:\Program Files\Internet Explorer\ieinstal.exe
* Modifies file C:\Program Files\Internet Explorer\ielowutil.exe
* Modifies file C:\Program Files\Internet Explorer\iexplore.exe
* Modifies file C:\Program Files\Microsoft Games\Chess\Chess.exe
* Modifies file C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe
* Modifies file C:\Program Files\Microsoft Games\Hearts\Hearts.exe
* Modifies file C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe
* Modifies file C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe
* Modifies file C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe
* Modifies file C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe
* Modifies file C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe
* Modifies file C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe
* Modifies file C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
* Modifies file C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
* Modifies file C:\Program Files\Mozilla Firefox\crashreporter.exe
* Modifies file C:\Program Files\Mozilla Firefox\firefox.exe
* Modifies file C:\Program Files\Mozilla Firefox\maintenanceservice.exe
* Modifies file C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe
* Modifies file C:\Program Files\Mozilla Firefox\plugin-container.exe
* Modifies file C:\Program Files\Mozilla Firefox\plugin-hang-ui.exe
* Modifies file C:\Program Files\Mozilla Firefox\uninstall\helper.exe
* Modifies file C:\Program Files\Mozilla Firefox\updater.exe
* Modifies file C:\Program Files\Mozilla Firefox\webapp-uninstaller.exe
* Modifies file C:\Program Files\Mozilla Firefox\webapprt-stub.exe
* Modifies file C:\Program Files\Mozilla Firefox\wow_helper.exe
* Modifies file C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
* Modifies file C:\Program Files\Mozilla Maintenance Service\Uninstall.exe
* Creates file C:\Program Files\StatusSoft\AutoWorld 3D Garage\AutoWorld 3D Garage.exe
* Creates file C:\Program Files\StatusSoft\AutoWorld 3D Garage\AutoWorld 3D.url
* Creates file C:\Program Files\StatusSoft\AutoWorld 3D Garage\cars\audia3_2003.aw3
* Creates file C:\Program Files\StatusSoft\AutoWorld 3D Garage\cars\auditt_1998.aw3
* Creates file C:\Program Files\StatusSoft\AutoWorld 3D Garage\cars\lambgal_2003.aw3
* Creates file C:\Program Files\StatusSoft\AutoWorld 3D Garage\cars\lambmur_2001.aw3
* Creates file C:\Program Files\StatusSoft\AutoWorld 3D Garage\cars\mercsl_2001.aw3
* Creates file C:\Program Files\StatusSoft\AutoWorld 3D Garage\cars\mitseclipse_2005.aw3
* Creates file C:\Program Files\StatusSoft\AutoWorld 3D Garage\Configure AutoWorld 3D Garage.exe
* Creates file C:\Program Files\StatusSoft\AutoWorld 3D Garage\license.txt
* Creates file C:\Program Files\StatusSoft\AutoWorld 3D Garage\Music\sample.mp3
* Creates file C:\Program Files\StatusSoft\AutoWorld 3D Garage\PlayList.pla
* Creates file C:\Program Files\StatusSoft\AutoWorld 3D Garage\readme.txt
* Creates file C:\Program Files\StatusSoft\AutoWorld 3D Garage\unins000.dat
* Creates file C:\Program Files\StatusSoft\AutoWorld 3D Garage\unins000.exe
* Modifies file C:\Program Files\VMware\VMware Tools\rpctool.exe
* Modifies file C:\Program Files\VMware\VMware Tools\TPAutoConnect.exe
* Modifies file C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
* Modifies file C:\Program Files\VMware\VMware Tools\TPVCGateway.exe
* Modifies file C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
* Modifies file C:\Program Files\VMware\VMware Tools\VMwareHostOpen.exe
* Modifies file C:\Program Files\VMware\VMware Tools\VMwareResolutionSet.exe
* Modifies file C:\Program Files\VMware\VMware Tools\VMwareXferlogs.exe
* Modifies file C:\Program Files\VMware\VMware Tools\zip.exe
* Modifies file C:\Program Files\Windows Defender\MpCmdRun.exe
* Modifies file C:\Program Files\Windows Defender\MSASCui.exe
* Modifies file C:\Program Files\Windows Journal\Journal.exe
* Modifies file C:\Program Files\Windows Journal\PDIALOG.exe
* Modifies file C:\Program Files\Windows Mail\wab.exe
* Modifies file C:\Program Files\Windows Mail\wabmig.exe
* Modifies file (hidden) C:\Program Files\Windows Mail\WinMail.exe
* Modifies file C:\Program Files\Windows Media Player\setup_wm.exe
* Modifies file C:\Program Files\Windows Media Player\wmlaunch.exe
* Modifies file C:\Program Files\Windows Media Player\wmpconfig.exe
* Modifies file C:\Program Files\Windows Media Player\WMPDMC.exe
* Modifies file C:\Program Files\Windows Media Player\wmplayer.exe
* Modifies file C:\Program Files\Windows Media Player\wmpnetwk.exe
* Modifies file C:\Program Files\Windows Media Player\wmpnscfg.exe
* Modifies file C:\Program Files\Windows Media Player\wmprph.exe
* Modifies file C:\Program Files\Windows Media Player\wmpshare.exe
* Modifies file C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
* Modifies file C:\Program Files\Windows NT\Accessories\wordpad.exe
* Modifies file C:\Program Files\Windows Photo Viewer\ImagingDevices.exe
* Modifies file C:\Program Files\Windows Sidebar\sidebar.exe
* Modifies file C:\Program Files\WinPcap\rpcapd.exe
* Modifies file C:\Program Files\WinPcap\Uninstall.exe
* Creates file C:\Windows\directx.sys
* Creates file C:\Windows\svchost.com
* Creates file C:\Windows\system32\AutoWorld 3D Garage.scr
* Creates file C:\Windows\system32\bass.dll
* Creates file C:\Windows\system32\fgexec.dll
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoWorld 3D Garage\AutoWorld 3D on the Web.lnk
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoWorld 3D Garage\Configure AutoWorld 3D Garage.lnk
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoWorld 3D Garage\Run AutoWorld 3D Garage.lnk
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoWorld 3D Garage\Uninstall AutoWorld 3D Garage.lnk
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoWorld 3D Garage\View License.lnk
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoWorld 3D Garage\View Readme.lnk
* Modifies file C:\Users\vmware\AppData\Local\Application Data\APPLIC~1\APPLIC~1\Temp\storePwd.exe
* Modifies file C:\Users\vmware\AppData\Local\Application Data\APPLIC~1\APPLIC~1\Temp\upgrader.exe
* Modifies file C:\Users\vmware\AppData\Local\Application Data\APPLIC~1\APPLIC~1\Temp\VMWARE~1\VMWARE~1\bac98776\bsa\BSA.EXE
* Modifies file C:\Users\vmware\AppData\Local\Application Data\APPLIC~1\APPLIC~1\Temp\VMWARE~1\VMWARE~1\bac98776\bsa\EXEINFO.EXE
* Modifies file C:\Users\vmware\AppData\Local\Application Data\APPLIC~1\APPLIC~1\Temp\VMWARE~1\VMWARE~1\bac98776\bsa\HAPI.EXE
* Modifies file C:\Users\vmware\AppData\Local\Application Data\APPLIC~1\APPLIC~1\Temp\VMWARE~1\VMWARE~1\bac98776\bsa\LANG\TRANSL~1.EXE
* Modifies file C:\Users\vmware\AppData\Local\Application Data\APPLIC~1\APPLIC~1\Temp\VMWARE~1\VMWARE~1\bac98776\bsa\MDMP32.EXE
* Modifies file C:\Users\vmware\AppData\Local\Application Data\APPLIC~1\APPLIC~1\Temp\VMWARE~1\VMWARE~1\bac98776\bsa\MDMP64.EXE
* Modifies file C:\Users\vmware\AppData\Local\Application Data\APPLIC~1\APPLIC~1\Temp\VMWARE~1\VMWARE~1\bac98776\bsa\PCAP\UUDEVIEW.EXE
* Modifies file C:\Users\vmware\AppData\Local\Application Data\APPLIC~1\APPLIC~1\Temp\VMWARE~1\VMWARE~1\bac98776\bsa\PEID.EXE
* Modifies file C:\Users\vmware\AppData\Local\Application Data\APPLIC~1\APPLIC~1\Temp\VMWARE~1\VMWARE~1\bac98776\bsa\R3S32.EXE
* Modifies file C:\Users\vmware\AppData\Local\Application Data\APPLIC~1\APPLIC~1\Temp\VMWARE~1\VMWARE~1\bac98776\bsa\R3S64.EXE
* Modifies file C:\Users\vmware\AppData\Local\Application Data\APPLIC~1\APPLIC~1\Temp\VMWARE~1\VMWARE~1\bac98776\bsa\SIGNSRCH.EXE
* Modifies file C:\Users\vmware\AppData\Local\Application Data\APPLIC~1\APPLIC~1\Temp\VMWARE~1\VMWARE~1\bac98776\SANDBO~1\SANDBO~1.EXE
* Modifies file C:\Users\vmware\AppData\Local\Application Data\APPLIC~1\APPLIC~1\Temp\VMWARE~1\VMWARE~1\bac98776\WINPCA~1\WINPCA~1.EXE
* Modifies file C:\Users\vmware\AppData\Local\Application Data\Temp\storePwd.exe
* Modifies file C:\Users\vmware\AppData\Local\Application Data\Temp\upgrader.exe
* Modifies file C:\Users\vmware\AppData\Local\Application Data\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\BSA.EXE
* Modifies file C:\Users\vmware\AppData\Local\Application Data\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\EXEINFO.EXE
* Modifies file C:\Users\vmware\AppData\Local\Application Data\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\HAPI.EXE
* Modifies file C:\Users\vmware\AppData\Local\Application Data\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\LANG\Translator.exe
* Modifies file C:\Users\vmware\AppData\Local\Application Data\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\MDMP32.EXE
* Modifies file C:\Users\vmware\AppData\Local\Application Data\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\MDMP64.EXE
* Modifies file C:\Users\vmware\AppData\Local\Application Data\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\PCAP\UUDEVIEW.EXE
* Modifies file C:\Users\vmware\AppData\Local\Application Data\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\PEID.EXE
* Modifies file C:\Users\vmware\AppData\Local\Application Data\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\R3S32.EXE
* Modifies file C:\Users\vmware\AppData\Local\Application Data\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\R3S64.EXE
* Modifies file C:\Users\vmware\AppData\Local\Application Data\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\SIGNSRCH.EXE
* Modifies file C:\Users\vmware\AppData\Local\Application Data\Temp\vmware-vmware\VMwareDnD\bac98776\SandboxieInstall\SandboxieInstall.exe
* Modifies file C:\Users\vmware\AppData\Local\Application Data\Temp\vmware-vmware\VMwareDnD\bac98776\WinPcap_4_1_3\WinPcap_4_1_3.exe
* Creates file C:\Users\vmware\AppData\Local\Temp\3582-490\Neshta.exe
* Modifies file C:\Users\vmware\AppData\Local\Temp\storePwd.exe
* Modifies file C:\Users\vmware\AppData\Local\Temp\upgrader.exe
* Modifies file C:\Users\vmware\AppData\Local\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\BSA.EXE
* Modifies file C:\Users\vmware\AppData\Local\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\EXEINFO.EXE
* Modifies file C:\Users\vmware\AppData\Local\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\HAPI.EXE
* Modifies file C:\Users\vmware\AppData\Local\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\LANG\Translator.exe
* Modifies file C:\Users\vmware\AppData\Local\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\MDMP32.EXE
* Modifies file C:\Users\vmware\AppData\Local\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\MDMP64.EXE
* Modifies file C:\Users\vmware\AppData\Local\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\PCAP\UUDEVIEW.EXE
* Modifies file C:\Users\vmware\AppData\Local\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\PEID.EXE
* Modifies file C:\Users\vmware\AppData\Local\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\R3S32.EXE
* Modifies file C:\Users\vmware\AppData\Local\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\R3S64.EXE
* Modifies file C:\Users\vmware\AppData\Local\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\SIGNSRCH.EXE
* Modifies file C:\Users\vmware\AppData\Local\Temp\vmware-vmware\VMwareDnD\bac98776\SandboxieInstall\SandboxieInstall.exe
* Modifies file C:\Users\vmware\AppData\Local\Temp\vmware-vmware\VMwareDnD\bac98776\WinPcap_4_1_3\WinPcap_4_1_3.exe
* Creates file C:\Users\vmware\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Run AutoWorld 3D Garage.lnk
* Modifies file C:\Users\vmware\Desktop\bsa\BSA.EXE
* Modifies file C:\Users\vmware\Desktop\bsa\EXEINFO.EXE
* Modifies file C:\Users\vmware\Desktop\bsa\HAPI.EXE
* Modifies file C:\Users\vmware\Desktop\bsa\LANG\Translator.exe
* Modifies file C:\Users\vmware\Desktop\bsa\MDMP32.EXE
* Modifies file C:\Users\vmware\Desktop\bsa\MDMP64.EXE
* Modifies file C:\Users\vmware\Desktop\bsa\PCAP\UUDEVIEW.EXE
* Modifies file C:\Users\vmware\Desktop\bsa\PEID.EXE
* Modifies file C:\Users\vmware\Desktop\bsa\R3S32.EXE
* Modifies file C:\Users\vmware\Desktop\bsa\R3S64.EXE
* Modifies file C:\Users\vmware\Desktop\bsa\SIGNSRCH.EXE
* Creates file C:\Users\vmware\Desktop\Configure AutoWorld 3D Garage.lnk
* Creates file C:\Users\vmware\Desktop\report\119\Virus.Win32.Lamer.exe
* Creates file C:\Users\vmware\Desktop\Run AutoWorld 3D Garage.lnk
* Modifies file C:\Users\vmware\Desktop\SandboxieInstall\SandboxieInstall.exe
* Modifies file C:\Users\vmware\Desktop\WinPcap_4_1_3\WinPcap_4_1_3.exe
* Modifies file C:\Users\vmware\Local Settings\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\Temp\storePwd.exe
* Modifies file C:\Users\vmware\Local Settings\Temp\storePwd.exe
* Modifies file C:\Users\vmware\Local Settings\Temp\upgrader.exe
* Modifies file C:\Users\vmware\Local Settings\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\BSA.EXE
* Modifies file C:\Users\vmware\Local Settings\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\EXEINFO.EXE
* Modifies file C:\Users\vmware\Local Settings\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\HAPI.EXE
* Modifies file C:\Users\vmware\Local Settings\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\LANG\Translator.exe
* Modifies file C:\Users\vmware\Local Settings\Temp\vmware-vmware\VMwareDnD\bac98776\bsa\MDMP32.EXE

Network services:

No Change

Process/window/string information:

* Keylogger functionality.
* Gets user name information.
* Gets system default language ID.
* Gets input locale identifiers.
* Gets volume information.
* Gets computer name.
* Checks for debuggers.
* Creates process "null, "C:\Users\vmware\AppData\Local\Temp\is-5LC7F.tmp\is-342C8.tmp" /SL4 $80760 "C:\Users\vmware\AppData\Local\Temp\3582-490\Neshta.exe" 8277160 52224 , null".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\user\current\AppData\Local\Temp\is-5LC7F.tmp\is-342C8.tmp".
* Creates process "C:\Windows\svchost.com, "C:\Windows\svchost.com" "C:\PROGRA~1\STATUS~1\AUTOWO~1\AUTOWO~1.EXE" /s, C:\Program Files\StatusSoft\AutoWorld 3D Garage".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\drive\C\Windows\svchost.com".
* Creates process "null, C:\PROGRA~1\STATUS~1\AUTOWO~1\AUTOWO~1.EXE /s, null".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\drive\C\Program Files\StatusSoft\AutoWorld 3D Garage\AutoWorld 3D Garage.exe".
* Creates a mutex "Local\DirectSound DllMain mutex (0x00000DC0)".
* Creates a mutex "DirectSound Administrator shared thread array (lock)".
* Opens a service named "AudioSrv".
* Sleeps 1 seconds.

Additional Information:

How To Remove AutoWorld 3D Garage.exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where AutoWorld 3D Garage.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top