Home » Virus List
Worm.Generic
Risk Level 1
 
File Size : 1327104 KB
File Type : Portable Executable file
File Name

vir.exe

MD5

6eb5d843256f0c4b8007c3f61477c4a9

SHA1

20233117d44499848064bf81336eced37368337c

SHA256

26fab1818da60bcdab456500015e64e4dcbbaf88d0fc845f1f

General information:

vir.exe

Changes to registry :

* Modifies value "DefaultValue=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
old value "DefaultValue=00000002"
* Creates value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "UseGlobalSettings=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting
* Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps
* Modifies value "RegisteredOrganization=Dhetya yah" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion
binary data=44006800650074007900610020007900610068000000
old value "RegisteredOrganization=0000"
* Modifies value "RegisteredOwner=Maafin" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion
binary data=4D0061006100660069006E000000
old value "RegisteredOwner=Windows User"
binary data=570069006E0064006F0077007300200055007300650072000000
* Modifies value "AlternateShell=Dhetya.exe" in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot
binary data=4400680065007400790061002E006500780065000000
old value "AlternateShell=cmd.exe"
binary data=63006D0064002E006500780065000000
* Modifies value "s1159=Dhetya" in key HKEY_CURRENT_USER\Control Panel\International
binary data=4400680065007400790061000000
old value "s1159=AM"
binary data=41004D000000
* Modifies value "s2359=Dhetya" in key HKEY_CURRENT_USER\Control Panel\International
binary data=4400680065007400790061000000
old value "s2359=PM"
binary data=50004D000000
* Modifies value "Start Page=xnxx.com" in key HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\Main
binary data=78006E00780078002E0063006F006D000000
old value "Start Page=http://go.microsoft.com/fwlink/?LinkId=69157"
binary data=68007400740070003A002F002F0067006F002E006D006900630072006F0073006F00660074002E0063006F006D002F00660077006C0069006E006B002F003F004C0069006E006B00490064003D00360039003100350037000000
* Modifies value "HideFileExt=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
old value empty
* Empties value "Hidden" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
old value "Hidden=00000002"
* Modifies value "NukeOnDelete=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{d830145d-1c80-11e6-b8aa-806e6f6e6963}
old value empty
* Creates value "Explorer=NoClose" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies
binary data=4E006F0043006C006F00730065000000
* Creates value "NoRun=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Explorer
* Creates value "NoFolderOptions=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Explorer
* Creates value "NoDrives=00000004" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Explorer
* Creates value "NoViewOnDrive=00000004" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Explorer
* Creates value "NoFind=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Explorer
* Creates value "NoStarMenuMorePrograms=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Explorer
* Creates value "NoClose=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Explorer
* Creates value "DisableTaskMgr=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\System
* Creates value "DisableCMD=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\System
* Creates value "DisableRegistryTools=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\System
* Creates value "Dhetya.exe=C:\WINDOWS\Dhetya.exe" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run
binary data=43003A005C00570049004E0044004F00570053005C004400680065007400790061002E006500780065000000
* Creates value "(Default)=31" in key HKEY_CURRENT_USER\software\SandboxAutoExec
* Creates value "SandboxieRpcSs.exe=Sandboxie COM Services (RPC)" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Sandboxie
binary data=530061006E00640062006F00780069006500200043004F004D002000530065007200760069006300650073002000280052005000430029000000
* Creates value "Vir.exe=Vir.exe" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\vmware\Desktop\malware
binary data=5600690072002E006500780065000000

Changes to filesystem:

* Creates file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\system3265win31.exe
* Creates file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\system3266win31.exe
* Creates file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\system3267win31.exe
* Creates file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\system3268win31.exe
* Creates file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\system3269win31.exe
* Creates file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\system3270win31.exe
* Creates file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\system3271win31.exe
* Creates file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\system3272win31.exe
* Creates file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\system3273win31.exe
* Creates file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\system3274win31.exe
* Creates file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\system3275win31.exe
* Creates file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\system3276win31.exe
* Creates file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\system3277win31.exe
* Creates file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\system3278win31.exe
* Creates file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\system3279win31.exe
* Creates file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\system3280win31.exe
* Creates file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\system3281win31.exe
* Creates file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\system3282win31.exe
* Creates file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\system3283win31.exe
* Creates file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\system3284win31.exe
* Creates file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\system3285win31.exe
* Creates file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\system3286win31.exe
* Creates file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\system3287win31.exe
* Creates file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\system3288win31.exe
* Creates file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\system3289win31.exe
* Creates file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\system3290win31.exe
* Creates file C:\100persen_aman.exe
* Creates file C:\3gp.exe
* Creates file C:\67Program file.exe
* Creates file C:\aku_ingin_kamu_mati.exe
* Creates file C:\aku_sayang_sama_kamu.exe
* Creates file C:\alkid_sarang_penyamun.exe
* Creates file C:\anti_blokir_situs.exe
* Creates file C:\apa_aja_yang_gratis.exe
* Creates file C:\aplikasi_Keren.exe
* Creates file C:\artis_masa_depan.exe
* Creates file C:\asem_manis_cinta.exe
* Creates file C:\AVG.exe
* Creates file C:\azab_azab_cinta.exe
* Creates file C:\bacaanAnakKecil.exe
* Creates file C:\bacaan_anak_gaul.exe
* Creates file C:\BackStreet.exe
* Creates file C:\bajakan.exe
* Creates file C:\BandQ.exe
* Creates file C:\berhati_nyaman.exe
* Creates file C:\blacklist.exe
* Creates file C:\bokep.exe
* Creates file C:\BOOT_ro.exe
* Creates file C:\borobudur_termasuk_tujuh_keajaiban.exe
* Creates file C:\broken_hearth.exe
* Creates file C:\bukaAku.exe
* Creates file C:\Cakep.exe
* Creates file C:\cantik.exe
* Creates file C:\cerita_dari_hati_yang_terluka.exe
* Creates file C:\Cerita_setelah_MP.exe
* Creates file C:\cerpen.exe
* Creates file C:\CigareteBrand.exe
* Creates file C:\cinta.exe
* Creates file C:\cintaku.exe
* Creates file C:\cintaku_tulus_untukmu.exe
* Creates file C:\cinta_monyet.exe
* Creates file C:\clbk.exe
* Creates file C:\cmd.exe
* Creates file C:\Command.com
* Creates file C:\crack.exe
* Creates file C:\cs.exe
* Creates file C:\cuciMotorKhususCewek.exe
* Creates file C:\curhatanku.exe
* Creates file C:\daftarGaji.exe
* Creates file C:\daftar_fans_club_miyabi.exe
* Creates file C:\daftar_hotspot_nyaman.exe
* Creates file C:\daftar_korban_bencana_gempa07.exe
* Creates file C:\daftar_kunjungan_wisata.exe
* Creates file C:\daftar_nilai.exe
* Creates file C:\DAFTAR_NO_HP.exe
* Creates file C:\daftar_situs_faforit.exe
* Creates file C:\dariHP.exe
* Creates file C:\dari_warnet.exe
* Creates file C:\dasar_pecundang_koe.exe
* Creates file C:\Dhetya_.exe
* Creates file C:\down.exe
* Creates file C:\download.exe
* Creates file C:\Easy_listening.exe
* Creates file C:\editan.exe
* Creates file C:\ejakulasi_dini.exe
* Creates file C:\eksplore_your_inspiration.exe
* Creates file C:\f0lder.exe
* Creates file C:\film.exe
* Creates file C:\filmku.exe
* Creates file C:\folder1.exe
* Creates file C:\folderBaruBuatMu.exe
* Creates file C:\fotoKeluarga.exe
* Creates file C:\foto_ciuman_pertamaku.exe
* Creates file C:\freewhare.exe
* Creates file C:\gambar.exe
* Creates file C:\gambar_orang_bugil.exe
* Creates file C:\game.exe
* Creates file C:\garis_keturunan.exe
* Creates file C:\ga_da_yang_perlu_dijelasin.exe
* Creates file C:\grafity.exe
* Creates file C:\gudeg_yuJum.exe
* Creates file C:\hacking_warnet.exe
* Creates file C:\HaKz_Luph_ulul.exe
* Creates file C:\HaKZ_sakit_hati.exe
* Creates file C:\hancur.exe
* Creates file C:\hapus_air_matamu.exe
* Creates file C:\hari_gini_mikir_cewek.exe
* Creates file C:\hari_gini_perang_tarif.exe
* Creates file C:\hilangnya_mahkota_Bunga.exe
* Creates file C:\inc.exe
* Creates file C:\INDIEjogja.exe
* Creates file C:\ingatkah_kamu_tentang_kenangan_itu.exe
* Creates file C:\inspirasiku.exe
* Creates file C:\jadwal_manggung.exe
* Creates file C:\jadwal_sekolah.exe
* Creates file C:\JanganDiKlik.exe
* Creates file C:\jangan_didelete.exe
* Creates file C:\jangan_dihapus.exe
* Creates file C:\jangan_ganggu_kebebasanku.exe
* Creates file C:\jangan_nangis_gtu.exe
* Creates file C:\jangan_remehkan_aku.exe
* Creates file C:\jantungku_adalah_kamu.exe
* Creates file C:\jasa_skripsi.exe
* Creates file C:\jebol_windows.exe
* Creates file C:\JJP_Kampus_Mengasikkan.exe
* Creates file C:\jogjaPunyaVirus.exe
* Creates file C:\jogo_lambemu_su.exe
* Creates file C:\joki_umptn.exe
* Creates file C:\kapan_kamu_balik_ke_indonesia.exe
* Creates file C:\kartuPerdanaJOGJAJATENG.exe
* Creates file C:\karyaku.exe
* Creates file C:\kasetRekamanku.exe
* Creates file C:\kebohongan_publik.exe
* Creates file C:\kenangan_bersama_pacarku.exe
* Creates file C:\kisah_pilu_hari_minggu.exe
* Creates file C:\klik2x.exe
* Creates file C:\komplikasi_anyang_anyangen.exe
* Creates file C:\komputer.exe
* Creates file C:\kumpulan_sms_lucu.exe
* Creates file C:\lagu.exe
* Creates file C:\laguBaruKu.exe
* Creates file C:\lagu_INDO.exe
* Creates file C:\lagu_MANCA.exe
* Creates file C:\lihat_lebih_dalam.exe
* Creates file C:\lintahDarat.exe
* Creates file C:\listenMyMusic.exe
* Creates file C:\lomba_boomber.exe
* Creates file C:\lookMePlease.exe
* Creates file C:\loroJiwo.exe
* Creates file C:\lukisan.exe
* Creates file C:\malioboro_ngulon.exe
* Creates file C:\maniak.exe
* Creates file C:\maria_ozawa.exe
* Creates file C:\masakan_unik.exe
* Creates file C:\masih_ada_hari_esok.exe
* Creates file C:\mati_aja_low.exe
* Creates file C:\misteri.exe
* Creates file C:\modifikasiMotorku.exe
* Creates file C:\mp3jadul.exe
* Creates file C:\muak.exe
* Creates file C:\music.exe
* Creates file C:\musik_asik_jaman_sekarang.exe
* Creates file C:\myNovel.exe
* Creates file C:\nduekku_yo_nduekmu.exe
* Creates file C:\nekat.exe
* Creates file C:\newFolder.exe
* Creates file C:\ngisor_ringin_dinggo_mesum.exe
* Creates file C:\Nonton21yukk.exe
* Creates file C:\nowhere.exe
* Creates file C:\ojo_dumeh_koe_sugeh.exe
* Creates file C:\pacarBaru.exe
* Creates file C:\panggil_tukang_reparasi.exe
* Creates file C:\pasar_jajanan_dan_olah_raga.exe
* Creates file C:\pendem_wae_komputermu.exe
* Creates file C:\penting.exe
* Creates file C:\pergi_dari_hadapanku.exe
* Creates file C:\permainan.exe
* Creates file C:\perpisahanSMA.exe
* Creates file C:\persewaan_tendaKursi.exe
* Creates file C:\persiapanNikah.exe
* Creates file C:\pertarungan_2hati.exe
* Creates file C:\pesan_dari_virus_maker.exe
* Creates file C:\pesan_kematian.exe
* Creates file C:\phishing.exe
* Creates file C:\picture_cah_ndeso.exe
* Creates file C:\prambanan_bikin_putus.exe
* Creates file C:\Program Files\Internet Explorer\hacker.exe
* Creates file C:\Program Files\Internet Explorer\IEfree.exe
* Creates file C:\program.exe
* Creates file C:\program_Hack.exe
* Creates file C:\promosikan_ke_radio2.exe
* Creates file C:\puisi_cinta.exe
* Creates file C:\putus.exe
* Creates file C:\racun_dunia.exe
* Creates file C:\rahasia.exe
* Creates file C:\RestInPeace.exe
* Creates file C:\rias_manten.exe
* Creates file C:\rindu.exe
* Creates file C:\sadarkan_aku_dari_semua_ini.exe
* Creates file C:\sakit_hati.exe
* Creates file C:\salam_kangen_buat_cinta.exe
* Creates file C:\SedotWC.exe
* Creates file C:\separuh_nafasku_pergi_bersamamu.exe
* Creates file C:\servisHp.exe
* Creates file C:\setan_alas_mampir_ngombe.exe
* Creates file C:\silsilah_cah_jogja.exe
* Creates file C:\simpanan_para_pejabat.exe
* Creates file C:\SimpanDiFlasdisk.exe
* Creates file C:\sisakan_satu_hati_untukku.exe
* Creates file C:\sisa_sisa_hidupku.exe
* Creates file C:\situs_situs_kesukaanku.exe
* Creates file C:\SKS.exe
* Creates file C:\soal_soal_UAN.exe
* Creates file C:\source_Virus.exe
* Creates file C:\Special_moment_in_tugu.exe
* Creates file C:\surat_cinta.exe
* Creates file C:\system.exe
* Creates file C:\TambalBan.exe
* Creates file C:\tarif_murah.exe
* Creates file C:\taskman.exe
* Creates file C:\tehnik_hacking.exe
* Creates file C:\telpon_kaleng.exe
* Creates file C:\temen2_chattingku.exe
* Creates file C:\temenFS.exe
* Creates file C:\temenSMA.exe
* Creates file C:\Thanks_To_Nero.exe
* Creates file C:\titipan_Ade.exe
* Creates file C:\tryout.exe
* Creates file C:\tugas_sekolah.exe
* Creates file C:\tukul_lali_karo_githoke.exe
* Creates file C:\Tulisan_Untuk_Penderita_stress.exe
* Creates file C:\tutorial_bikin_virus.exe
* Creates file C:\ujian_hacker1.exe
* Creates file C:\UjungUjungnyaDuit.exe
* Creates file C:\uno_juga_bisa.exe
* Creates file C:\untuk_cinta_yang_terluka.exe
* Creates file C:\untuk_GURUKU.exe
* Creates file C:\Users\win321.exe
* Creates file C:\vidio.exe
* Creates file C:\virus_pertamaku.exe
* Creates file C:\w32.exe
* Creates file C:\warnai_tembokmu_yorc.exe
* Creates file C:\Warnet_bikin_bt.exe
* Creates file C:\warnet_gratis.exe
* Creates file C:\WartelKeliling.exe
* Creates file C:\WE9.exe
* Creates file C:\WelcomeToHELL.exe
* Creates file C:\WINDOW.exe
* Creates file C:\Windows\ Dhetya.exe
* Creates file C:\Windows\alcmTrr.exe
* Creates file C:\Windows\alcwizrd.exe
* Creates file C:\Windows\alman.exe
* Creates file C:\Windows\andai_kau_tahu.exe
* Creates file C:\Windows\anuku_milikbersama.exe
* Creates file C:\Windows\aplication.exe
* Creates file C:\Windows\asli_bikinan_jogja.exe
* Creates file C:\Windows\asm.exe
* Creates file C:\Windows\assembler.exe
* Creates file C:\Windows\balasan_eMail.exe
* Creates file C:\Windows\brontok.exe
* Creates file C:\Windows\C.exe
* Creates file C:\Windows\cintaku_hilang.exe
* Creates file C:\Windows\cme.exe
* Creates file C:\Windows\csrss.exe
* Creates file C:\Windows\Cursors\newCursor.exe
* Creates file C:\Windows\daftar_pertandingan_bola.exe
* Creates file C:\Windows\Debug\adminMode.exe
* Creates file (hidden) C:\Windows\Desktop.ini
* Creates file C:\Windows\devil.exe
* Creates file C:\Windows\disini_aku.exe
* Creates file C:\Windows\DxApeX.exe
* Creates file C:\Windows\epilepsi.exe
* Creates file C:\Windows\expl0rer.exe
* Creates file C:\Windows\FolderKeren.exe
* Creates file C:\Windows\Fonts\rieyshaTrueType.exe
* Creates file C:\Windows\ga_sengaja_kerekam.exe
* Creates file C:\Windows\gdebug.exe
* Creates file C:\Windows\Help\userhelping.exe
* Creates file C:\Windows\help.htm
* Creates file C:\Windows\jamu_khas_jawa.exe
* Creates file C:\Windows\janganHapusAku.exe
* Creates file C:\Windows\jangan_anggap_aku_sampah.exe
* Creates file C:\Windows\jangan_asal_nulis_source.exe
* Creates file C:\Windows\jangan_buang_aku.exe
* Creates file C:\Windows\jangan_bugil_depan_kamera.exe
* Creates file C:\Windows\jangan_ciuman_sembarang_tempat.exe
* Creates file C:\Windows\jangan_jd_cewek_gampangan.exe
* Creates file C:\Windows\jangan_musnahkan_aku.exe
* Creates file C:\Windows\kangen.exe
* Creates file C:\Windows\kepalamu_akan_pecah.exe
* Creates file C:\Windows\keracunan.exe
* Creates file C:\Windows\ketagihan.exe
* Creates file C:\Windows\kini_ku_coba.exe
* Creates file C:\Windows\kuda_troya.exe
* Creates file C:\Windows\lokal.exe
* Creates file C:\Windows\lookUp.exe
* Creates file C:\Windows\lo_pikir_lo_sempurna.exe
* Creates file C:\Windows\lo_salah_besar.exe
* Creates file C:\Windows\lsass.exe
* Creates file C:\Windows\matamu.exe
* Creates file C:\Windows\Media\newMedia.exe
* Creates file C:\Windows\Media\restart.wav
* Creates file C:\Windows\mencari_penggantimu.exe
* Creates file C:\Windows\meninggalkan_diriku.exe
* Creates file C:\Windows\merindukanmu.exe
* Creates file C:\Windows\mimik_asi_dulu.exe
* Creates file C:\Windows\MixCall.exe
* Creates file C:\Windows\MSCUNIN.exe
* Creates file C:\Windows\mySkill.exe
* Creates file C:\Windows\mySql.exe
* Creates file C:\Windows\oem.exe
* Creates file C:\Windows\oemlogo.pif
* Creates file C:\Windows\oh_bintangku.exe
* Creates file C:\Windows\peliharaanku.exe
* Creates file C:\Windows\pesan_lagu.exe
* Creates file C:\Windows\regedut.exe
* Creates file C:\Windows\Registration\daftar.txt
* Creates file C:\Windows\Registration\registy.exe
* Creates file C:\Windows\request_dari_penggemar.exe
* Creates file C:\Windows\riani.exe
* Creates file C:\Windows\rolasan.exe
* Creates file C:\Windows\rontokBro.exe
* Creates file C:\Windows\sejauh_kau_pergi.exe
* Creates file C:\Windows\separuh_otakku.exe
* Creates file C:\Windows\seri_xxx.exe
* Creates file C:\Windows\services.exe
* Creates file C:\Windows\sewu_telu.exe
* Creates file C:\Windows\sistemkomputerHank.exe
* Creates file C:\Windows\SkeTel.exe
* Creates file C:\Windows\smss.exe
* Creates file C:\Windows\SoftwareDistribution\downloads.exe
* Creates file C:\Windows\susu_kental_manis_cap_cay.exe
* Creates file C:\Windows\system\oeminfo.exe
* Creates file C:\Windows\system32\adil_jika_kamu_bahagia.exe
* Creates file C:\Windows\system32\aku_hanya_seonggok_daging.exe
* Creates file C:\Windows\system32\aparatIkutDibelakang.exe
* Creates file C:\Windows\system32\atas_kehidupanmu.exe
* Creates file C:\Windows\system32\BalikManingNangLaptop.exe
* Creates file C:\Windows\system32\berduka_untuk_nasib_bangsa.exe
* Creates file C:\Windows\system32\BlackMagic.exe
* Creates file C:\Windows\system32\boikot_hasilBumi.exe
* Creates file C:\Windows\system32\ciblek.exe
* Creates file C:\Windows\system32\cterlAltDel.exe
* Creates file C:\Windows\system32\cumaPakaiApaYangKamuMintaDariOrtu.exe
* Creates file C:\Windows\system32\dan_coobaan_untukmu.exe
* Creates file C:\Windows\system32\dengan_sedikit_pengetahuan.exe
* Creates file C:\Windows\system32\dibebankan_anak_cucu.exe
* Creates file C:\Windows\system32\did_i_ask_your_opinion.exe
* Creates file C:\Windows\system32\doa_orang_teraniaya.exe
* Creates file C:\Windows\system32\Friendster_tempat_gaul.exe
* Creates file C:\Windows\system32\gaDa_yangPeduli.exe
* Creates file C:\Windows\system32\gakKanSelesaikanMasalah.exe
* Creates file C:\Windows\system32\gantiPemimpin.exe
* Creates file C:\Windows\system32\GituAjaKokRepot.exe
* Creates file C:\Windows\system32\hacking_Friendster.exe
* Creates file C:\Windows\system32\helpMePlease.exe
* Creates file C:\Windows\system32\IEXPLORE.EXE
* Creates file C:\Windows\system32\ihateLove.exe
* Creates file C:\Windows\system32\iLegalLoggingMerajalela.exe
* Creates file C:\Windows\system32\jadi_tanaman.exe
* Creates file C:\Windows\system32\janganCumaBilang.exe
* Creates file C:\Windows\system32\jangan_mengeluh.exe
* Creates file C:\Windows\system32\jangan_salahkan_aku.exe
* Creates file C:\Windows\system32\kamuPikir_KamuKeren.exe
* Creates file C:\Windows\system32\kamu_pikir_hidup_ini_adil.exe
* Creates file C:\Windows\system32\karnaINI HANYAcOBAAN.exe
* Creates file C:\Windows\system32\katanya_tanah_dan_batu.exe
* Creates file C:\Windows\system32\kerja_setengah2.exe
* Creates file C:\Windows\system32\kkn_sambil_macarin_anak_pak_rt.exe
* Creates file C:\Windows\system32\KodeRed.exe
* Creates file C:\Windows\system32\litle2_I_See.exe
* Creates file C:\Windows\system32\loking2FOR_Something.exe
* Creates file C:\Windows\system32\makan_harta_anak_yatim_lo.exe
* Creates file C:\Windows\system32\malming_maingame_sendiri.exe
* Creates file C:\Windows\system32\matiAjaLo.exe
* Creates file C:\Windows\system32\mati_di_lumbung_padi.exe
* Creates file C:\Windows\system32\mikirinNegara.exe
* Creates file C:\Windows\system32\mikirMakanBuatBesokAJA.exe
* Creates file C:\Windows\system32\MIRC.exe
* Creates file C:\Windows\system32\nyatanya_banyak_busung_lapar.exe
* Creates file C:\Windows\system32\pejabat_korup.exe
* Creates file C:\Windows\system32\rakyat_menderita.exe
* Creates file C:\Windows\system32\rieysha.exe
* Creates file C:\Windows\system32\SekolahInternasBosoJowo.exe
* Creates file C:\Windows\system32\simpangLima.exe
* Creates file C:\Windows\system32\sos.exe
* Creates file C:\Windows\system32\SuckLove.exe
* Creates file C:\Windows\system32\SUDAHadaDIDEPANmata.exe
* Creates file C:\Windows\system32\susah.exe
* Creates file C:\Windows\system32\takPernahCintaAlam.exe
* Creates file C:\Windows\system32\utang_negara_ini.exe
* Creates file C:\Windows\system32\We_Are_New_Generation.exe
* Creates file C:\Windows\system32\We_Dont_NEED_Education.exe
* Creates file C:\Windows\system32\win34.exe
* Creates file C:\Windows\system32\yahooMassangger.exe
* Creates file C:\Windows\system32\yang_kamu_sedikitpun_tak_tahu.exe
* Creates file C:\Windows\sYstem69.exe
* Creates file C:\Windows\system88.exe
* Creates file C:\Windows\systemCom.exe
* Creates file C:\Windows\TAKSMAN.com
* Creates file C:\Windows\tapi_tak_ada.exe
* Creates file C:\Windows\Tasks\newScedule.exe
* Creates file C:\Windows\Temp\Intel.exe
* Creates file C:\Windows\virus_jogja.exe
* Creates file C:\Windows\virut.exe
* Creates file C:\Windows\w33.exe
* Creates file C:\Windows\Web\download.exe
* Creates file C:\Windows\Web\index.html
* Creates file C:\Windows\winhlep.exe
* Creates file C:\Windows\winlogon.exe
* Creates file C:\Windows\wormku.exe
* Creates file C:\Windows\yang_seperti_dirimu.exe
* Creates file C:\xxx.exe
* Creates file C:\yang_Mau_diburning.exe
* Creates file C:\zhareta.exe
* Creates file C:\Users\vmware\AppData\Local\Temp\~DF89B6DF090CA473E4.TMP
* Creates file C:\Users\vmware\AppData\Local65HaKz.exe
* Creates file C:\Users\vmware\AppData\Local66HaKz.exe
* Creates file C:\Users\vmware\AppData\Local67HaKz.exe
* Creates file C:\Users\vmware\AppData\Local68HaKz.exe
* Creates file C:\Users\vmware\AppData\Local69HaKz.exe
* Creates file C:\Users\vmware\AppData\Local70HaKz.exe
* Creates file C:\Users\vmware\AppData\Local71HaKz.exe
* Creates file C:\Users\vmware\AppData\Local72HaKz.exe
* Creates file C:\Users\vmware\AppData\Local73HaKz.exe
* Creates file C:\Users\vmware\AppData\Local74HaKz.exe
* Creates file C:\Users\vmware\AppData\Local75HaKz.exe
* Creates file C:\Users\vmware\AppData\Local76HaKz.exe
* Creates file C:\Users\vmware\AppData\Local77HaKz.exe
* Creates file C:\Users\vmware\AppData\Local78HaKz.exe
* Creates file C:\Users\vmware\AppData\Local79HaKz.exe
* Creates file C:\Users\vmware\AppData\Local80HaKz.exe
* Creates file C:\Users\vmware\AppData\Local81HaKz.exe
* Creates file C:\Users\vmware\AppData\Local82HaKz.exe
* Creates file C:\Users\vmware\AppData\Local83HaKz.exe
* Creates file C:\Users\vmware\AppData\Local84HaKz.exe
* Creates file C:\Users\vmware\AppData\Local85HaKz.exe
* Creates file C:\Users\vmware\AppData\Local86HaKz.exe
* Creates file C:\Users\vmware\AppData\Local87HaKz.exe
* Creates file C:\Users\vmware\AppData\Local88HaKz.exe
* Creates file C:\Users\vmware\AppData\Local89HaKz.exe
* Creates file C:\Users\vmware\AppData\Local90HaKz.exe
* Creates file C:\Users\vmware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup65AVG User Interface.exe
* Creates file C:\Users\vmware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup66AVG User Interface.exe
* Creates file C:\Users\vmware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup67AVG User Interface.exe
* Creates file C:\Users\vmware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup68AVG User Interface.exe
* Creates file C:\Users\vmware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup69AVG User Interface.exe
* Creates file C:\Users\vmware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup70AVG User Interface.exe
* Creates file C:\Users\vmware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup71AVG User Interface.exe
* Creates file C:\Users\vmware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup72AVG User Interface.exe
* Creates file C:\Users\vmware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup73AVG User Interface.exe
* Creates file C:\Users\vmware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup74AVG User Interface.exe
* Creates file C:\Users\vmware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup75AVG User Interface.exe
* Creates file C:\Users\vmware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup76AVG User Interface.exe
* Creates file C:\Users\vmware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup77AVG User Interface.exe
* Creates file C:\Users\vmware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup78AVG User Interface.exe
* Creates file C:\Users\vmware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup79AVG User Interface.exe
* Creates file C:\Users\vmware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup80AVG User Interface.exe
* Creates file C:\Users\vmware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup81AVG User Interface.exe
* Creates file C:\Users\vmware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup82AVG User Interface.exe
* Creates file C:\Users\vmware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup83AVG User Interface.exe
* Creates file C:\Users\vmware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup84AVG User Interface.exe
* Creates file C:\Users\vmware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup85AVG User Interface.exe
* Creates file C:\Users\vmware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup86AVG User Interface.exe
* Creates file C:\Users\vmware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup87AVG User Interface.exe
* Creates file C:\Users\vmware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup88AVG User Interface.exe
* Creates file C:\Users\vmware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup89AVG User Interface.exe
* Creates file C:\Users\vmware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup90AVG User Interface.exe
* Creates file C:\Users\vmware\AppData\Roaming65Admin.exe
* Creates file C:\Users\vmware\AppData\Roaming66Admin.exe
* Creates file C:\Users\vmware\AppData\Roaming67Admin.exe
* Creates file C:\Users\vmware\AppData\Roaming68Admin.exe
* Creates file C:\Users\vmware\AppData\Roaming69Admin.exe
* Creates file C:\Users\vmware\AppData\Roaming70Admin.exe
* Creates file C:\Users\vmware\AppData\Roaming71Admin.exe
* Creates file C:\Users\vmware\AppData\Roaming72Admin.exe
* Creates file C:\Users\vmware\AppData\Roaming73Admin.exe
* Creates file C:\Users\vmware\AppData\Roaming74Admin.exe
* Creates file C:\Users\vmware\AppData\Roaming75Admin.exe
* Creates file C:\Users\vmware\AppData\Roaming76Admin.exe
* Creates file C:\Users\vmware\AppData\Roaming77Admin.exe
* Creates file C:\Users\vmware\AppData\Roaming78Admin.exe
* Creates file C:\Users\vmware\AppData\Roaming79Admin.exe
* Creates file C:\Users\vmware\AppData\Roaming80Admin.exe
* Creates file C:\Users\vmware\AppData\Roaming81Admin.exe
* Creates file C:\Users\vmware\AppData\Roaming82Admin.exe
* Creates file C:\Users\vmware\AppData\Roaming83Admin.exe
* Creates file C:\Users\vmware\AppData\Roaming84Admin.exe
* Creates file C:\Users\vmware\AppData\Roaming85Admin.exe
* Creates file C:\Users\vmware\AppData\Roaming86Admin.exe
* Creates file C:\Users\vmware\AppData\Roaming87Admin.exe
* Creates file C:\Users\vmware\AppData\Roaming88Admin.exe
* Creates file C:\Users\vmware\AppData\Roaming89Admin.exe
* Creates file C:\Users\vmware\AppData\Roaming90Admin.exe

Network services:

* Queries DNS "wpad.localdomain".
* Queries DNS "dns.msftncsi.com".
* Queries DNS "tools.google.com".
* Downloads file from "w.c0mo.com/r.htm".
* Downloads file from "www.google.com/adsense/domains/caf.js".
* Downloads file from "d32ffatx74qnju.cloudfront.net/themes/saledefault.css".
* Downloads file from "d32ffatx74qnju.cloudfront.net/themes/assets/style.css".
* Downloads file from "fonts.googleapis.com/css?family=Libre+Baskerville:400,700".
* Downloads file from "fonts.googleapis.com/css?family=Boogaloo".
* Downloads file from "www.parkingcrew.net/scripts/sale_form.js".
* Downloads file from "d32ffatx74qnju.cloudfront.net/themes/cleanPeppermintBlack_4b29b84c/style.css".
* Downloads file from "fonts.gstatic.com/s/librebaskerville/v4/pR0sBQVcY0JZc_ciXjFsK2F7WC2UG4aaA4SZk0HPHJg.eot".
* Downloads file from "fonts.gstatic.com/s/boogaloo/v6/T5vB8h5AY7XmkrpRXqdjXvesZW2xOQ-xsNqO47m55DA.eot".
* Downloads file from "d32ffatx74qnju.cloudfront.net/themes/cleanPeppermintBlack_4b29b84c/images/chalkboard.jpg".
* Downloads file from "d32ffatx74qnju.cloudfront.net/themes/sale/orange.png".
* Downloads file from "d32ffatx74qnju.cloudfront.net/scripts/js3caf.js".
* Downloads file from "www.google-analytics.com/ga.js".
* Downloads file from "w.c0mo.com/track.php?domain=c0mo.com&toggle=browserjs&uid=MTQ2NDI0NzYwMC40NzM5OjQ5NmJjOTEyMjQwMDBhMDVhYjY4ZWFmNDI3ZmU3MjViMTZiMDhlN2Q1ODExMzNiZDNkYTkxY2YzMmQzNzdjYjM6NTc0NmE1MzA3M2I5Ng%3D%3D".
* Downloads file from "www.google-analytics.com/r/__utm.gif?utmwv=5.6.7&utms=1&utmn=2111889620&utmhn=w.c0mo.com&utme=8(Theme*Theme%20Type*Category%20ID*5!domty)9(CleanPeppermintBlack*two*0*5!ascii)11(1)&utmcs=utf-8&utmsr=1596x748&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=c0mo.com&utmhid=1150002770&utmr=-&utmp=%2Fr.htm&utmht=1464247607567&utmac=UA-48689684-1&utmcc=__utma%3D35451623.66272890.1464247606.1464247606.1464247606.1%3B%2B__utmz%3D35451623.1464247606.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&aip=1&utmjid=885079650&utmredir=1&utmu=qxQAAAAAAAAAAAAAAAAAAAAE~".
* Downloads file from "www.gstatic.com/domainads/tracking/caf.gif?ts=1464247607786&rid=5451888".
* Downloads file from "dp.g.doubleclick.net/static/caf/slave.html".
* Downloads file from "dp.g.doubleclick.net/apps/domainpark/domainpark.cgi?max_radlink_len=40&r=m&fexp=21404&client=dp-teaminternet03_3ph&channel=bucket011%2Cbucket048&hl=hi&adtest=off&type=3&optimize_terms=on&drid=as-drid-2325302772630928&uiopt=false&oe=UTF-8&ie=UTF-8&format=r10%7Cs&adrep=0&num=0&output=caf&domain_name=w.c0mo.com&v=3&allwcallad=1&adext=as1%2Csr1%2Cctc1&bsl=8&u_his=0&u_tz=330&dt=1464247607879&u_w=1596&u_h=748&biw=0&bih=0&psw=0&psh=0&frm=0&uio=uv3cs1ff2sa16fa2sl1sr1cc1-wi666st22sa14lt33-&jsv=13427&rurl=http%3A%2F%2Fw.c0mo.com%2Fr.htm".
* Downloads file from "ajax.googleapis.com/ajax/libs/webfont/1/webfont.js".
* Downloads file from "fonts.googleapis.com/css?family=Libre+Baskerville".
* Downloads file from "w.c0mo.com/track.php?domain=c0mo.com&caf=1&toggle=feed&feed=afc&uid=MTQ2NDI0NzYwMC40NzM5OjQ5NmJjOTEyMjQwMDBhMDVhYjY4ZWFmNDI3ZmU3MjViMTZiMDhlN2Q1ODExMzNiZDNkYTkxY2YzMmQzNzdjYjM6NTc0NmE1MzA3M2I5Ng%3D%3D".
* Downloads file from "w.c0mo.com/track.php?domain=c0mo.com&caf=1&toggle=answercheck&answer=yes&uid=MTQ2NDI0NzYwMC40NzM5OjQ5NmJjOTEyMjQwMDBhMDVhYjY4ZWFmNDI3ZmU3MjViMTZiMDhlN2Q1ODExMzNiZDNkYTkxY2YzMmQzNzdjYjM6NTc0NmE1MzA3M2I5Ng%3D%3D".
* Downloads file from "afs.googleusercontent.com/dp-teaminternet/arr_3faad3.png".
* Downloads file from "w.c0mo.com/favicon.ico".
* Downloads file from "go.microsoft.com/fwlink/?LinkID=121792".
* Downloads file from "windows.microsoft.com/en-US/internet-explorer/products/ie-8/welcome".
* Downloads file from "windows.microsoft.com/en-us/internet-explorer/ie-8-welcome".
* Downloads file from "windows.microsoft.com/scripts/4.2/wol/modernizr.wol.js".
* Downloads file from "res2.windows.microsoft.com/resources/4.2/wol/shared/css/windows8_site_ltr.css".
* Downloads file from "res2.windows.microsoft.com/resbox/en/windows/main/15d2470f-0fcf-45e9-bf5b-c943236a61cf_534.css".
* Downloads file from "res1.windows.microsoft.com/siteresources/siteresource.ashx?id=wolNotificationCSS&hash=82512a82d6c2cb2120298514a390b3a6f2023c70e80c6401d351bc5f357b0368&us=WOLWebUrl&var=LTR".
* Downloads file from "www.bing.com/favicon.ico".
* Downloads file from "js.k0102.com/go.asp".
* Downloads file from "res2.windows.microsoft.com/resbox/en/windows/main/e64030e7-ad8c-4be8-a45a-b69a2df3caef_13.eot?".
* Downloads file from "res1.windows.microsoft.com/resbox/en/windows/main/93e33485-fea3-4687-a642-2c5dd233522f_12.eot?".
* Downloads file from "res2.windows.microsoft.com/resbox/en/windows/main/736e3781-6a19-4119-b717-e61f0d8982c0_12.eot?".
* Downloads file from "res2.windows.microsoft.com/resbox/en/windows/main/08ce8e54-41ba-4695-9963-a7669022faec_12.eot?".
* Downloads file from "res2.windows.microsoft.com/resbox/en/windows/main/5a7873a1-fd4e-4462-8ab2-32bd729117c6_7.png".
* Downloads file from "ajax.aspnetcdn.com/ajax/4.5.1/1/MicrosoftAjax.js".
* Downloads file from "ajax.aspnetcdn.com/ajax/jQuery/jquery-1.8.3.min.js".
* Downloads file from "windows.microsoft.com/scripts/4.2/wol/wol.common.js".
* Downloads file from "ocsp.omniroot.com/baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACBAcnqkc%3D".
* Downloads file from "js.microsoft.com/library/svy/windows/pre_broker.js".
* Downloads file from "www.google-analytics.com/r/__utm.gif?utmwv=5.6.7&utms=1&utmn=1678327964&utmhn=js.k0102.com&utme=8(Theme*Theme%20Type*Category%20ID*5!domty)9(CleanPeppermintBlack*two*0*5!ascii)11(1)&utmcs=utf-8&utmsr=1596x748&utmvp=388x198&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=k0102.com&utmhid=673316303&utmr=-&utmp=%2Fgo.asp&utmht=1464247645413&utmac=UA-48689684-1&utmcc=__utma%3D210768270.919903980.1464247645.1464247645.1464247645.1%3B%2B__utmz%3D210768270.1464247645.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&aip=1&utmjid=2032183097&utmredir=1&utmu=qxQAAAAAAAAAAAAAAAAAAAAE~".
* Downloads file from "d32ffatx74qnju.cloudfront.net/scripts/json3.min.js".
* Downloads file from "js.k0102.com/track.php?domain=k0102.com&toggle=browserjs&uid=MTQ2NDI0NzYzOC4yMTU3OjZiMTYzMjNkMGRmYmNjMGQzMWJjN2RlYTViYzU3M2RkZjkyZTU4ZDE4NTU1NzcwMmJjN2E5NzU1YmIyMTA4NjI6NTc0NmE1NTYzNGFmNQ%3D%3D".
* Downloads file from "www.gstatic.com/domainads/tracking/caf.gif?ts=1464247650296&rid=590643".
* Downloads file from "dp.g.doubleclick.net/apps/domainpark/domainpark.cgi?max_radlink_len=40&r=m&fexp=21404&client=dp-teaminternet02_3ph&channel=bucket011%2Cbucket042&hl=hi&adtest=off&type=3&optimize_terms=on&drid=as-drid-2823696925907968&uiopt=false&oe=UTF-8&ie=UTF-8&format=r10%7Cs&adrep=0&num=0&output=caf&domain_name=js.k0102.com&v=3&allwcallad=1&adext=as1%2Csr1%2Cctc1&bsl=8&u_his=0&u_tz=330&dt=1464247650296&u_w=1596&u_h=748&biw=388&bih=198&psw=388&psh=198&frm=0&uio=uv3cs1ff2sa16fa2sl1sr1cc1-wi666st22sa14lt33-&jsv=13427&rurl=http%3A%2F%2Fjs.k0102.com%2Fgo.asp".
* Downloads file from "js.k0102.com/track.php?domain=k0102.com&caf=1&toggle=feed&feed=afc&uid=MTQ2NDI0NzYzOC4yMTU3OjZiMTYzMjNkMGRmYmNjMGQzMWJjN2RlYTViYzU3M2RkZjkyZTU4ZDE4NTU1NzcwMmJjN2E5NzU1YmIyMTA4NjI6NTc0NmE1NTYzNGFmNQ%3D%3D".
* Downloads file from "js.k0102.com/track.php?domain=k0102.com&caf=1&toggle=answercheck&answer=yes&uid=MTQ2NDI0NzYzOC4yMTU3OjZiMTYzMjNkMGRmYmNjMGQzMWJjN2RlYTViYzU3M2RkZjkyZTU4ZDE4NTU1NzcwMmJjN2E5NzU1YmIyMTA4NjI6NTc0NmE1NTYzNGFmNQ%3D%3D".
* Downloads file from "jj.gxgxy.net/html/qb2.html".
* Downloads file from "d32ffatx74qnju.cloudfront.net/themes/sale/sale_simple.png".
* Downloads file from "www.google-analytics.com/r/__utm.gif?utmwv=5.6.7&utms=1&utmn=2108403946&utmhn=jj.gxgxy.net&utme=8(Theme*Theme%20Type*Category%20ID*5!domty)9(CleanPeppermintBlack*two*0*5!ascii)11(1)&utmcs=utf-8&utmsr=1596x748&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=gxgxy.net&utmhid=388656735&utmr=-&utmp=%2Fhtml%2Fqb2.html&utmht=1464247837765&utmac=UA-48689684-1&utmcc=__utma%3D210745806.660855929.1464247836.1464247836.1464247836.1%3B%2B__utmz%3D210745806.1464247836.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&aip=1&utmjid=1505610952&utmredir=1&utmu=qxQAAAAAAAAAAAAAAAAAAAAE~".
* Downloads file from "jj.gxgxy.net/track.php?domain=gxgxy.net&toggle=browserjs&uid=MTQ2NDI0NzgzNS4yMDk6MWEzNjVlN2NmYWJmN2EyMDM1MGI3MjZlZTc3Y2FjZGM4YjVjNzA5YWRmZWNlMzQwMDU2M2FmMTZhZjhmYmMwYjo1NzQ2YTYxYjMzMDg1".
* Downloads file from "www.gstatic.com/domainads/tracking/caf.gif?ts=1464247838810&rid=1100944".
* Downloads file from "dp.g.doubleclick.net/apps/domainpark/domainpark.cgi?max_radlink_len=40&r=m&fexp=21404&client=dp-teaminternet02_3ph&channel=bucket011%2Cbucket047&hl=hi&adtest=off&type=3&optimize_terms=on&drid=as-drid-2347195947241528&uiopt=false&oe=UTF-8&ie=UTF-8&format=r10%7Cs&adrep=0&num=0&output=caf&domain_name=jj.gxgxy.net&v=3&allwcallad=1&adext=as1%2Csr1%2Cctc1&bsl=8&u_his=0&u_tz=330&dt=1464247838825&u_w=1596&u_h=748&biw=0&bih=0&psw=0&psh=0&frm=0&uio=uv3cs1ff2sa16fa2sl1sr1cc1-wi666st22sa14lt33-&jsv=13427&rurl=http%3A%2F%2Fjj.gxgxy.net%2Fhtml%2Fqb2.html".
* Downloads file from "jj.gxgxy.net/track.php?domain=gxgxy.net&caf=1&toggle=feed&feed=afc&uid=MTQ2NDI0NzgzNS4yMDk6MWEzNjVlN2NmYWJmN2EyMDM1MGI3MjZlZTc3Y2FjZGM4YjVjNzA5YWRmZWNlMzQwMDU2M2FmMTZhZjhmYmMwYjo1NzQ2YTYxYjMzMDg1".
* Downloads file from "jj.gxgxy.net/track.php?domain=gxgxy.net&caf=1&toggle=answercheck&answer=yes&uid=MTQ2NDI0NzgzNS4yMDk6MWEzNjVlN2NmYWJmN2EyMDM1MGI3MjZlZTc3Y2FjZGM4YjVjNzA5YWRmZWNlMzQwMDU2M2FmMTZhZjhmYmMwYjo1NzQ2YTYxYjMzMDg1".
* Downloads file from "jj.gxgxy.net/favicon.ico".
* Downloads file from "jj.gxgxy.net/html/dg2.html".
* Downloads file from "www.google-analytics.com/__utm.gif?utmwv=5.6.7&utms=2&utmn=915075319&utmhn=jj.gxgxy.net&utme=8(Theme*Theme%20Type*Category%20ID*5!domty)9(CleanPeppermintBlack*two*0*5!ascii)11(1)&utmcs=utf-8&utmsr=1596x748&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=gxgxy.net&utmhid=1839811070&utmr=-&utmp=%2Fhtml%2Fdg2.html&utmht=1464248133603&utmac=UA-48689684-1&utmcc=__utma%3D210745806.660855929.1464247836.1464247836.1464247836.1%3B%2B__utmz%3D210745806.1464247836.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&aip=1&utmjid=&utmu=qxQAAAAAAAAAAAAAAAAAAAAE~".
* Downloads file from "jj.gxgxy.net/track.php?domain=gxgxy.net&toggle=browserjs&uid=MTQ2NDI0ODEzMC45MTQxOmRkODVjNjI0MDQ3ZjlmNzQyNWY3MGQ5NzQzYzJkMGY3YWZjODk3ZGYxMzcyYjVkY2U4OGIzM2JjNGQ1NTI5YjA6NTc0NmE3NDJkZjMxNQ%3D%3D".
* Downloads file from "www.gstatic.com/domainads/tracking/caf.gif?ts=1464248136708&rid=5240133".
* Downloads file from "dp.g.doubleclick.net/apps/domainpark/domainpark.cgi?max_radlink_len=40&r=m&fexp=21404&client=dp-teaminternet02_3ph&channel=bucket011%2Cbucket048&hl=hi&adtest=off&type=3&optimize_terms=on&drid=as-drid-2347195947241528&uiopt=false&oe=UTF-8&ie=UTF-8&format=r10%7Cs&adrep=0&num=0&output=caf&domain_name=jj.gxgxy.net&v=3&allwcallad=1&adext=as1%2Csr1%2Cctc1&bsl=8&u_his=0&u_tz=330&dt=1464248136739&u_w=1596&u_h=748&biw=0&bih=0&psw=0&psh=0&frm=0&uio=uv3cs1ff2sa16fa2sl1sr1cc1-wi666st22sa14lt33-&jsv=13427&rurl=http%3A%2F%2Fjj.gxgxy.net%2Fhtml%2Fdg2.html".
* Downloads file from "jj.gxgxy.net/track.php?domain=gxgxy.net&caf=1&toggle=feed&feed=afc&uid=MTQ2NDI0ODEzMC45MTQxOmRkODVjNjI0MDQ3ZjlmNzQyNWY3MGQ5NzQzYzJkMGY3YWZjODk3ZGYxMzcyYjVkY2U4OGIzM2JjNGQ1NTI5YjA6NTc0NmE3NDJkZjMxNQ%3D%3D".
* Downloads file from "jj.gxgxy.net/track.php?domain=gxgxy.net&caf=1&toggle=answercheck&answer=yes&uid=MTQ2NDI0ODEzMC45MTQxOmRkODVjNjI0MDQ3ZjlmNzQyNWY3MGQ5NzQzYzJkMGY3YWZjODk3ZGYxMzcyYjVkY2U4OGIzM2JjNGQ1NTI5YjA6NTc0NmE3NDJkZjMxNQ%3D%3D".
* Downloads file from "www.google-analytics.com/__utm.gif?utmwv=5.6.7&utms=3&utmn=1556373926&utmhn=jj.gxgxy.net&utme=8(Theme*Theme%20Type*Category%20ID*5!domty)9(CleanPeppermintBlack*two*0*5!ascii)11(1)&utmcs=utf-8&utmsr=1596x748&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=gxgxy.net&utmhid=667778495&utmr=-&utmp=%2Fhtml%2Fdg2.html&utmht=1464248146879&utmac=UA-48689684-1&utmcc=__utma%3D210745806.660855929.1464247836.1464247836.1464247836.1%3B%2B__utmz%3D210745806.1464247836.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&aip=1&utmjid=&utmu=qxQAAAAAAAAAAAAAAAAAAAAE~".
* Downloads file from "www.gstatic.com/domainads/tracking/caf.gif?ts=1464248147612&rid=2949206".
* Downloads file from "dp.g.doubleclick.net/apps/domainpark/domainpark.cgi?max_radlink_len=40&r=m&fexp=21404&client=dp-teaminternet02_3ph&channel=bucket011%2Cbucket048&hl=hi&adtest=off&type=3&optimize_terms=on&drid=as-drid-2347195947241528&uiopt=false&oe=UTF-8&ie=UTF-8&format=r10%7Cs&adrep=0&num=0&output=caf&domain_name=jj.gxgxy.net&v=3&allwcallad=1&adext=as1%2Csr1%2Cctc1&bsl=8&u_his=0&u_tz=330&dt=1464248147612&u_w=1596&u_h=748&biw=0&bih=0&psw=0&psh=0&frm=0&uio=uv3cs1ff2sa16fa2sl1sr1cc1-wi666st22sa14lt33-&jsv=13427&rurl=http%3A%2F%2Fjj.gxgxy.net%2Fhtml%2Fdg2.html".
* Downloads file from "youda2000.vicp.net/my/iexplorer.exe".
* Downloads file from "youda2000.vicp.net/my/svchost.dll".
* Downloads file from "youda2000.vicp.net/my/ssshost.exe".

Process/window/string information:

* Gets system default language ID.
* Gets volume information.
* Checks for debuggers.
* Creates an event named "OleDfRoot4315C5384B0D5DE7".
* Enables privilege SeShutdownPrivilege.
* Enables process privileges.
* Ends Windows session.

Additional Information:

How To Remove vir.exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where vir.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top