arrow_back
search
close

WORM_PROLACO.AC

October 13, 2012
 ALIASES:

Worm:Win32/Prolaco.gen!C (Microsoft); IRC/Flood.ff (McAfee); W32.Ackantta@mm (Symantec); Trojan-Dropper.Win32.Typic.bev (Kaspersky); Worm.Win32.Prolaco.gen.c (v) (Sunbelt); Rootkit.36329 (FSecure)

 PLATFORM:

Windows 2000, Windows XP, Windows Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Worm

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

  TECHNICAL DETAILS

File Size:

439,808 bytes

File Type:

EXE

Memory Resident:

Yes

Initial Samples Received Date:

23 Jul 2012

Arrival Details

This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Installation

This worm drops the following copies of itself into the affected system:

  • %System%\AdobeARMI.exe
  • %Program Files%\icq\shared folder\K-Lite Mega Codec v5.5.1.exe
  • %Program Files%\icq\shared folder\YouTubeGet 5.4.exe
  • %Program Files%\icq\shared folder\Windows 2008 Enterprise Server VMWare Virtual Machine.exe
  • %Program Files%\icq\shared folder\K-Lite Mega Codec v5.6.1 Portable.exe
  • %Program Files%\icq\shared folder\Adobe Photoshop CS4 crack.exe
  • %Program Files%\icq\shared folder\VmWare 7.0 keygen.exe
  • %Program Files%\icq\shared folder\WinRAR v3.x keygen RaZoR.exe
  • %Program Files%\icq\shared folder\Twitter FriendAdder 2.1.1.exe
  • %Program Files%\icq\shared folder\PDF Unlocker v2.0.3.exe
  • %Program Files%\icq\shared folder\Image Size Reducer Pro v1.0.1.exe
  • %Program Files%\icq\shared folder\Anti-Porn v13.5.12.29.exe
  • %Program Files%\icq\shared folder\Norton Internet Security 2010 crack.exe
  • %Program Files%\icq\shared folder\Kaspersky AntiVirus 2010 crack.exe
  • %Program Files%\icq\shared folder\PDF-XChange Pro.exe
  • %Program Files%\icq\shared folder\Windows 7 Ultimate keygen.exe
  • %Program Files%\icq\shared folder\RapidShare Killer AIO 2010.exe
  • %Program Files%\icq\shared folder\Ashampoo Snap 3.02.exe
  • %Program Files%\icq\shared folder\Blaze DVD Player Pro v6.52.exe
  • %Program Files%\icq\shared folder\Adobe Illustrator CS4 crack.exe
  • %Program Files%\icq\shared folder\Rapidshare Auto Downloader 3.8.exe
  • %Program Files%\icq\shared folder\Trojan Killer v2.9.4173.exe
  • %Program Files%\icq\shared folder\PDF to Word Converter 3.0.exe
  • %Program Files%\icq\shared folder\Google SketchUp 7.1 Pro.exe
  • %Program Files%\icq\shared folder\McAfee Total Protection 2010.exe
  • %Program Files%\icq\shared folder\Mp3 Splitter and Joiner Pro v3.48.exe
  • %Program Files%\icq\shared folder\Youtube Music Downloader 1.0.exe
  • %Program Files%\icq\shared folder\Adobe Acrobat Reader keygen.exe
  • %Program Files%\icq\shared folder\VmWare keygen.exe
  • %Program Files%\icq\shared folder\AnyDVD HD v.6.3.1.8 Beta incl crack.exe
  • %Program Files%\icq\shared folder\Ad-aware 2010.exe
  • %Program Files%\icq\shared folder\BitDefender AntiVirus 2010 Keygen.exe
  • %Program Files%\icq\shared folder\Norton Anti-Virus 2010 Enterprise Crack.exe
  • %Program Files%\icq\shared folder\Total Commander7 license+keygen.exe
  • %Program Files%\icq\shared folder\LimeWire Pro v4.18.3.exe
  • %Program Files%\icq\shared folder\Download Accelerator Plus v9.exe
  • %Program Files%\icq\shared folder\Internet Download Manager V5.exe
  • %Program Files%\icq\shared folder\Myspace theme collection.exe
  • %Program Files%\icq\shared folder\Nero 9 9.2.6.0 keygen.exe
  • %Program Files%\icq\shared folder\Motorola, nokia, ericsson mobil phone tools.exe
  • %Program Files%\icq\shared folder\Absolute Video Converter 6.2.exe
  • %Program Files%\icq\shared folder\Daemon Tools Pro 4.11.exe
  • %Program Files%\icq\shared folder\Download Boost 2.0.exe
  • %Program Files%\icq\shared folder\Avast 4.8 Professional.exe
  • %Program Files%\icq\shared folder\Grand Theft Auto IV (Offline Activation).exe
  • %Program Files%\icq\shared folder\Alcohol 120 v1.9.7.exe
  • %Program Files%\icq\shared folder\CleanMyPC Registry Cleaner v6.02.exe
  • %Program Files%\icq\shared folder\Super Utilities Pro 2009 11.0.exe
  • %Program Files%\icq\shared folder\Power ISO v4.2 + keygen axxo.exe
  • %Program Files%\icq\shared folder\G-Force Platinum v3.7.5.exe
  • %Program Files%\icq\shared folder\Divx Pro 7 + keymaker.exe
  • %Program Files%\icq\shared folder\Magic Video Converter 8 0 2 18.exe
  • %Program Files%\icq\shared folder\Sophos antivirus updater bypass.exe
  • %Program Files%\icq\shared folder\DVD Tools Nero 10.5.6.0.exe
  • %Program Files%\icq\shared folder\Winamp.Pro.v7.33.PowerPack.Portable+installer.exe
  • %Program Files%\icq\shared folder\PDF password remover (works with all acrobat reader).exe
  • %Program Files%\icq\shared folder\Microsoft.Windows 7 ULTIMATE FINAL activator+keygen x86.exe
  • %Program Files%\icq\shared folder\Windows2008 keygen and activator.exe
  • %Program Files%\icq\shared folder\Tuneup Ultilities 2010.exe
  • %Program Files%\icq\shared folder\Kaspersky Internet Security 2010 keygen.exe
  • %Program Files%\icq\shared folder\Windows XP PRO Corp SP3 valid-key generator.exe
  • %Program Files%\icq\shared folder\Starcraft2 Patch v0.2.exe
  • %Program Files%\icq\shared folder\Starcraft2 keys.txt.exe
  • %Program Files%\icq\shared folder\Starcraft2 Crack.exe
  • %Program Files%\icq\shared folder\Starcraft2 Oblivion DLL.exe
  • %Program Files%\icq\shared folder\Starcraft2.exe
  • %Program Files%\grokster\my grokster\K-Lite Mega Codec v5.5.1.exe
  • %Program Files%\grokster\my grokster\YouTubeGet 5.4.exe
  • %Program Files%\grokster\my grokster\Windows 2008 Enterprise Server VMWare Virtual Machine.exe
  • %Program Files%\grokster\my grokster\K-Lite Mega Codec v5.6.1 Portable.exe
  • %Program Files%\grokster\my grokster\Adobe Photoshop CS4 crack.exe
  • %Program Files%\grokster\my grokster\VmWare 7.0 keygen.exe
  • %Program Files%\grokster\my grokster\WinRAR v3.x keygen RaZoR.exe
  • %Program Files%\grokster\my grokster\Twitter FriendAdder 2.1.1.exe
  • %Program Files%\grokster\my grokster\PDF Unlocker v2.0.3.exe
  • %Program Files%\grokster\my grokster\Image Size Reducer Pro v1.0.1.exe
  • %Program Files%\grokster\my grokster\Anti-Porn v13.5.12.29.exe
  • %Program Files%\grokster\my grokster\Norton Internet Security 2010 crack.exe
  • %Program Files%\grokster\my grokster\Kaspersky AntiVirus 2010 crack.exe
  • %Program Files%\grokster\my grokster\PDF-XChange Pro.exe
  • %Program Files%\grokster\my grokster\Windows 7 Ultimate keygen.exe
  • %Program Files%\grokster\my grokster\RapidShare Killer AIO 2010.exe
  • %Program Files%\grokster\my grokster\Ashampoo Snap 3.02.exe
  • %Program Files%\grokster\my grokster\Blaze DVD Player Pro v6.52.exe
  • %Program Files%\grokster\my grokster\Adobe Illustrator CS4 crack.exe
  • %Program Files%\grokster\my grokster\Rapidshare Auto Downloader 3.8.exe
  • %Program Files%\grokster\my grokster\Trojan Killer v2.9.4173.exe
  • %Program Files%\grokster\my grokster\PDF to Word Converter 3.0.exe
  • %Program Files%\grokster\my grokster\Google SketchUp 7.1 Pro.exe
  • %Program Files%\grokster\my grokster\McAfee Total Protection 2010.exe
  • %Program Files%\grokster\my grokster\Mp3 Splitter and Joiner Pro v3.48.exe
  • %Program Files%\grokster\my grokster\Youtube Music Downloader 1.0.exe
  • %Program Files%\grokster\my grokster\Adobe Acrobat Reader keygen.exe
  • %Program Files%\grokster\my grokster\VmWare keygen.exe
  • %Program Files%\grokster\my grokster\AnyDVD HD v.6.3.1.8 Beta incl crack.exe
  • %Program Files%\grokster\my grokster\Ad-aware 2010.exe
  • %Program Files%\grokster\my grokster\BitDefender AntiVirus 2010 Keygen.exe
  • %Program Files%\grokster\my grokster\Norton Anti-Virus 2010 Enterprise Crack.exe
  • %Program Files%\grokster\my grokster\Total Commander7 license+keygen.exe
  • %Program Files%\grokster\my grokster\LimeWire Pro v4.18.3.exe
  • %Program Files%\grokster\my grokster\Download Accelerator Plus v9.exe
  • %Program Files%\grokster\my grokster\Internet Download Manager V5.exe
  • %Program Files%\grokster\my grokster\Myspace theme collection.exe
  • %Program Files%\grokster\my grokster\Nero 9 9.2.6.0 keygen.exe
  • %Program Files%\grokster\my grokster\Motorola, nokia, ericsson mobil phone tools.exe
  • %Program Files%\grokster\my grokster\Absolute Video Converter 6.2.exe
  • %Program Files%\grokster\my grokster\Daemon Tools Pro 4.11.exe
  • %Program Files%\grokster\my grokster\Download Boost 2.0.exe
  • %Program Files%\grokster\my grokster\Avast 4.8 Professional.exe
  • %Program Files%\grokster\my grokster\Grand Theft Auto IV (Offline Activation).exe
  • %Program Files%\grokster\my grokster\Alcohol 120 v1.9.7.exe
  • %Program Files%\grokster\my grokster\CleanMyPC Registry Cleaner v6.02.exe
  • %Program Files%\grokster\my grokster\Super Utilities Pro 2009 11.0.exe
  • %Program Files%\grokster\my grokster\Power ISO v4.2 + keygen axxo.exe
  • %Program Files%\grokster\my grokster\G-Force Platinum v3.7.5.exe
  • %Program Files%\grokster\my grokster\Divx Pro 7 + keymaker.exe
  • %Program Files%\grokster\my grokster\Magic Video Converter 8 0 2 18.exe
  • %Program Files%\grokster\my grokster\Sophos antivirus updater bypass.exe
  • %Program Files%\grokster\my grokster\DVD Tools Nero 10.5.6.0.exe
  • %Program Files%\grokster\my grokster\Winamp.Pro.v7.33.PowerPack.Portable+installer.exe
  • %Program Files%\grokster\my grokster\PDF password remover (works with all acrobat reader).exe
  • %Program Files%\grokster\my grokster\Microsoft.Windows 7 ULTIMATE FINAL activator+keygen x86.exe
  • %Program Files%\grokster\my grokster\Windows2008 keygen and activator.exe
  • %Program Files%\grokster\my grokster\Tuneup Ultilities 2010.exe
  • %Program Files%\grokster\my grokster\Kaspersky Internet Security 2010 keygen.exe
  • %Program Files%\grokster\my grokster\Windows XP PRO Corp SP3 valid-key generator.exe
  • %Program Files%\grokster\my grokster\Starcraft2 Patch v0.2.exe
  • %Program Files%\grokster\my grokster\Starcraft2 keys.txt.exe
  • %Program Files%\grokster\my grokster\Starcraft2 Crack.exe
  • %Program Files%\grokster\my grokster\Starcraft2 Oblivion DLL.exe
  • %Program Files%\grokster\my grokster\Starcraft2.exe
  • %Program Files%\emule\incoming\K-Lite Mega Codec v5.5.1.exe
  • %Program Files%\emule\incoming\YouTubeGet 5.4.exe
  • %Program Files%\emule\incoming\Windows 2008 Enterprise Server VMWare Virtual Machine.exe
  • %Program Files%\emule\incoming\K-Lite Mega Codec v5.6.1 Portable.exe
  • %Program Files%\emule\incoming\Adobe Photoshop CS4 crack.exe
  • %Program Files%\emule\incoming\VmWare 7.0 keygen.exe
  • %Program Files%\emule\incoming\WinRAR v3.x keygen RaZoR.exe
  • %Program Files%\emule\incoming\Twitter FriendAdder 2.1.1.exe
  • %Program Files%\emule\incoming\PDF Unlocker v2.0.3.exe
  • %Program Files%\emule\incoming\Image Size Reducer Pro v1.0.1.exe
  • %Program Files%\emule\incoming\Anti-Porn v13.5.12.29.exe
  • %Program Files%\emule\incoming\Norton Internet Security 2010 crack.exe
  • %Program Files%\emule\incoming\Kaspersky AntiVirus 2010 crack.exe
  • %Program Files%\emule\incoming\PDF-XChange Pro.exe
  • %Program Files%\emule\incoming\Windows 7 Ultimate keygen.exe
  • %Program Files%\emule\incoming\RapidShare Killer AIO 2010.exe
  • %Program Files%\emule\incoming\Ashampoo Snap 3.02.exe
  • %Program Files%\emule\incoming\Blaze DVD Player Pro v6.52.exe
  • %Program Files%\emule\incoming\Adobe Illustrator CS4 crack.exe
  • %Program Files%\emule\incoming\Rapidshare Auto Downloader 3.8.exe
  • %Program Files%\emule\incoming\Trojan Killer v2.9.4173.exe
  • %Program Files%\emule\incoming\PDF to Word Converter 3.0.exe
  • %Program Files%\emule\incoming\Google SketchUp 7.1 Pro.exe
  • %Program Files%\emule\incoming\McAfee Total Protection 2010.exe
  • %Program Files%\emule\incoming\Mp3 Splitter and Joiner Pro v3.48.exe
  • %Program Files%\emule\incoming\Youtube Music Downloader 1.0.exe
  • %Program Files%\emule\incoming\Adobe Acrobat Reader keygen.exe
  • %Program Files%\emule\incoming\VmWare keygen.exe
  • %Program Files%\emule\incoming\AnyDVD HD v.6.3.1.8 Beta incl crack.exe
  • %Program Files%\emule\incoming\Ad-aware 2010.exe
  • %Program Files%\emule\incoming\BitDefender AntiVirus 2010 Keygen.exe
  • %Program Files%\emule\incoming\Norton Anti-Virus 2010 Enterprise Crack.exe
  • %Program Files%\emule\incoming\Total Commander7 license+keygen.exe
  • %Program Files%\emule\incoming\LimeWire Pro v4.18.3.exe
  • %Program Files%\emule\incoming\Download Accelerator Plus v9.exe
  • %Program Files%\emule\incoming\Internet Download Manager V5.exe
  • %Program Files%\emule\incoming\Myspace theme collection.exe
  • %Program Files%\emule\incoming\Nero 9 9.2.6.0 keygen.exe
  • %Program Files%\emule\incoming\Motorola, nokia, ericsson mobil phone tools.exe
  • %Program Files%\emule\incoming\Absolute Video Converter 6.2.exe
  • %Program Files%\emule\incoming\Daemon Tools Pro 4.11.exe
  • %Program Files%\emule\incoming\Download Boost 2.0.exe
  • %Program Files%\emule\incoming\Avast 4.8 Professional.exe
  • %Program Files%\emule\incoming\Grand Theft Auto IV (Offline Activation).exe
  • %Program Files%\emule\incoming\Alcohol 120 v1.9.7.exe
  • %Program Files%\emule\incoming\CleanMyPC Registry Cleaner v6.02.exe
  • %Program Files%\emule\incoming\Super Utilities Pro 2009 11.0.exe
  • %Program Files%\emule\incoming\Power ISO v4.2 + keygen axxo.exe
  • %Program Files%\emule\incoming\G-Force Platinum v3.7.5.exe
  • %Program Files%\emule\incoming\Divx Pro 7 + keymaker.exe
  • %Program Files%\emule\incoming\Magic Video Converter 8 0 2 18.exe
  • %Program Files%\emule\incoming\Sophos antivirus updater bypass.exe
  • %Program Files%\emule\incoming\DVD Tools Nero 10.5.6.0.exe
  • %Program Files%\emule\incoming\Winamp.Pro.v7.33.PowerPack.Portable+installer.exe
  • %Program Files%\emule\incoming\PDF password remover (works with all acrobat reader).exe
  • %Program Files%\emule\incoming\Microsoft.Windows 7 ULTIMATE FINAL activator+keygen x86.exe
  • %Program Files%\emule\incoming\Windows2008 keygen and activator.exe
  • %Program Files%\emule\incoming\Tuneup Ultilities 2010.exe
  • %Program Files%\emule\incoming\Kaspersky Internet Security 2010 keygen.exe
  • %Program Files%\emule\incoming\Windows XP PRO Corp SP3 valid-key generator.exe
  • %Program Files%\emule\incoming\Starcraft2 Patch v0.2.exe
  • %Program Files%\emule\incoming\Starcraft2 keys.txt.exe
  • %Program Files%\emule\incoming\Starcraft2 Crack.exe
  • %Program Files%\emule\incoming\Starcraft2 Oblivion DLL.exe
  • %Program Files%\emule\incoming\Starcraft2.exe
  • %Program Files%\morpheus\my shared folder\K-Lite Mega Codec v5.5.1.exe
  • %Program Files%\morpheus\my shared folder\YouTubeGet 5.4.exe
  • %Program Files%\morpheus\my shared folder\Windows 2008 Enterprise Server VMWare Virtual Machine.exe
  • %Program Files%\morpheus\my shared folder\K-Lite Mega Codec v5.6.1 Portable.exe
  • %Program Files%\morpheus\my shared folder\Adobe Photoshop CS4 crack.exe
  • %Program Files%\morpheus\my shared folder\VmWare 7.0 keygen.exe
  • %Program Files%\morpheus\my shared folder\WinRAR v3.x keygen RaZoR.exe
  • %Program Files%\morpheus\my shared folder\Twitter FriendAdder 2.1.1.exe
  • %Program Files%\morpheus\my shared folder\PDF Unlocker v2.0.3.exe
  • %Program Files%\morpheus\my shared folder\Image Size Reducer Pro v1.0.1.exe
  • %Program Files%\morpheus\my shared folder\Anti-Porn v13.5.12.29.exe
  • %Program Files%\morpheus\my shared folder\Norton Internet Security 2010 crack.exe
  • %Program Files%\morpheus\my shared folder\Kaspersky AntiVirus 2010 crack.exe
  • %Program Files%\morpheus\my shared folder\PDF-XChange Pro.exe
  • %Program Files%\morpheus\my shared folder\Windows 7 Ultimate keygen.exe
  • %Program Files%\morpheus\my shared folder\RapidShare Killer AIO 2010.exe
  • %Program Files%\morpheus\my shared folder\Ashampoo Snap 3.02.exe
  • %Program Files%\morpheus\my shared folder\Blaze DVD Player Pro v6.52.exe
  • %Program Files%\morpheus\my shared folder\Adobe Illustrator CS4 crack.exe
  • %Program Files%\morpheus\my shared folder\Rapidshare Auto Downloader 3.8.exe
  • %Program Files%\morpheus\my shared folder\Trojan Killer v2.9.4173.exe
  • %Program Files%\morpheus\my shared folder\PDF to Word Converter 3.0.exe
  • %Program Files%\morpheus\my shared folder\Google SketchUp 7.1 Pro.exe
  • %Program Files%\morpheus\my shared folder\McAfee Total Protection 2010.exe
  • %Program Files%\morpheus\my shared folder\Mp3 Splitter and Joiner Pro v3.48.exe
  • %Program Files%\morpheus\my shared folder\Youtube Music Downloader 1.0.exe
  • %Program Files%\morpheus\my shared folder\Adobe Acrobat Reader keygen.exe
  • %Program Files%\morpheus\my shared folder\VmWare keygen.exe
  • %Program Files%\morpheus\my shared folder\AnyDVD HD v.6.3.1.8 Beta incl crack.exe
  • %Program Files%\morpheus\my shared folder\Ad-aware 2010.exe
  • %Program Files%\morpheus\my shared folder\BitDefender AntiVirus 2010 Keygen.exe
  • %Program Files%\morpheus\my shared folder\Norton Anti-Virus 2010 Enterprise Crack.exe
  • %Program Files%\morpheus\my shared folder\Total Commander7 license+keygen.exe
  • %Program Files%\morpheus\my shared folder\LimeWire Pro v4.18.3.exe
  • %Program Files%\morpheus\my shared folder\Download Accelerator Plus v9.exe
  • %Program Files%\morpheus\my shared folder\Internet Download Manager V5.exe
  • %Program Files%\morpheus\my shared folder\Myspace theme collection.exe
  • %Program Files%\morpheus\my shared folder\Nero 9 9.2.6.0 keygen.exe
  • %Program Files%\morpheus\my shared folder\Motorola, nokia, ericsson mobil phone tools.exe
  • %Program Files%\morpheus\my shared folder\Absolute Video Converter 6.2.exe
  • %Program Files%\morpheus\my shared folder\Daemon Tools Pro 4.11.exe
  • %Program Files%\morpheus\my shared folder\Download Boost 2.0.exe
  • %Program Files%\morpheus\my shared folder\Avast 4.8 Professional.exe
  • %Program Files%\morpheus\my shared folder\Grand Theft Auto IV (Offline Activation).exe
  • %Program Files%\morpheus\my shared folder\Alcohol 120 v1.9.7.exe
  • %Program Files%\morpheus\my shared folder\CleanMyPC Registry Cleaner v6.02.exe
  • %Program Files%\morpheus\my shared folder\Super Utilities Pro 2009 11.0.exe
  • %Program Files%\morpheus\my shared folder\Power ISO v4.2 + keygen axxo.exe
  • %Program Files%\morpheus\my shared folder\G-Force Platinum v3.7.5.exe
  • %Program Files%\morpheus\my shared folder\Divx Pro 7 + keymaker.exe
  • %Program Files%\morpheus\my shared folder\Magic Video Converter 8 0 2 18.exe
  • %Program Files%\morpheus\my shared folder\Sophos antivirus updater bypass.exe
  • %Program Files%\morpheus\my shared folder\DVD Tools Nero 10.5.6.0.exe
  • %Program Files%\morpheus\my shared folder\Winamp.Pro.v7.33.PowerPack.Portable+installer.exe
  • %Program Files%\morpheus\my shared folder\PDF password remover (works with all acrobat reader).exe
  • %Program Files%\morpheus\my shared folder\Microsoft.Windows 7 ULTIMATE FINAL activator+keygen x86.exe
  • %Program Files%\morpheus\my shared folder\Windows2008 keygen and activator.exe
  • %Program Files%\morpheus\my shared folder\Tuneup Ultilities 2010.exe
  • %Program Files%\morpheus\my shared folder\Kaspersky Internet Security 2010 keygen.exe
  • %Program Files%\morpheus\my shared folder\Windows XP PRO Corp SP3 valid-key generator.exe
  • %Program Files%\morpheus\my shared folder\Starcraft2 Patch v0.2.exe
  • %Program Files%\morpheus\my shared folder\Starcraft2 keys.txt.exe
  • %Program Files%\morpheus\my shared folder\Starcraft2 Crack.exe
  • %Program Files%\morpheus\my shared folder\Starcraft2 Oblivion DLL.exe
  • %Program Files%\morpheus\my shared folder\Starcraft2.exe
  • %Program Files%\limewire\shared\K-Lite Mega Codec v5.5.1.exe
  • %Program Files%\limewire\shared\YouTubeGet 5.4.exe
  • %Program Files%\limewire\shared\Windows 2008 Enterprise Server VMWare Virtual Machine.exe
  • %Program Files%\limewire\shared\K-Lite Mega Codec v5.6.1 Portable.exe
  • %Program Files%\limewire\shared\Adobe Photoshop CS4 crack.exe
  • %Program Files%\limewire\shared\VmWare 7.0 keygen.exe
  • %Program Files%\limewire\shared\WinRAR v3.x keygen RaZoR.exe
  • %Program Files%\limewire\shared\Twitter FriendAdder 2.1.1.exe
  • %Program Files%\limewire\shared\PDF Unlocker v2.0.3.exe
  • %Program Files%\limewire\shared\Image Size Reducer Pro v1.0.1.exe
  • %Program Files%\limewire\shared\Anti-Porn v13.5.12.29.exe
  • %Program Files%\limewire\shared\Norton Internet Security 2010 crack.exe
  • %Program Files%\limewire\shared\Kaspersky AntiVirus 2010 crack.exe
  • %Program Files%\limewire\shared\PDF-XChange Pro.exe
  • %Program Files%\limewire\shared\Windows 7 Ultimate keygen.exe
  • %Program Files%\limewire\shared\RapidShare Killer AIO 2010.exe
  • %Program Files%\limewire\shared\Ashampoo Snap 3.02.exe
  • %Program Files%\limewire\shared\Blaze DVD Player Pro v6.52.exe
  • %Program Files%\limewire\shared\Adobe Illustrator CS4 crack.exe
  • %Program Files%\limewire\shared\Rapidshare Auto Downloader 3.8.exe
  • %Program Files%\limewire\shared\Trojan Killer v2.9.4173.exe
  • %Program Files%\limewire\shared\PDF to Word Converter 3.0.exe
  • %Program Files%\limewire\shared\Google SketchUp 7.1 Pro.exe
  • %Program Files%\limewire\shared\McAfee Total Protection 2010.exe
  • %Program Files%\limewire\shared\Mp3 Splitter and Joiner Pro v3.48.exe
  • %Program Files%\limewire\shared\Youtube Music Downloader 1.0.exe
  • %Program Files%\limewire\shared\Adobe Acrobat Reader keygen.exe
  • %Program Files%\limewire\shared\VmWare keygen.exe
  • %Program Files%\limewire\shared\AnyDVD HD v.6.3.1.8 Beta incl crack.exe
  • %Program Files%\limewire\shared\Ad-aware 2010.exe
  • %Program Files%\limewire\shared\BitDefender AntiVirus 2010 Keygen.exe
  • %Program Files%\limewire\shared\Norton Anti-Virus 2010 Enterprise Crack.exe
  • %Program Files%\limewire\shared\Total Commander7 license+keygen.exe
  • %Program Files%\limewire\shared\LimeWire Pro v4.18.3.exe
  • %Program Files%\limewire\shared\Download Accelerator Plus v9.exe
  • %Program Files%\limewire\shared\Internet Download Manager V5.exe
  • %Program Files%\limewire\shared\Myspace theme collection.exe
  • %Program Files%\limewire\shared\Nero 9 9.2.6.0 keygen.exe
  • %Program Files%\limewire\shared\Motorola, nokia, ericsson mobil phone tools.exe
  • %Program Files%\limewire\shared\Absolute Video Converter 6.2.exe
  • %Program Files%\limewire\shared\Daemon Tools Pro 4.11.exe
  • %Program Files%\limewire\shared\Download Boost 2.0.exe
  • %Program Files%\limewire\shared\Avast 4.8 Professional.exe
  • %Program Files%\limewire\shared\Grand Theft Auto IV (Offline Activation).exe
  • %Program Files%\limewire\shared\Alcohol 120 v1.9.7.exe
  • %Program Files%\limewire\shared\CleanMyPC Registry Cleaner v6.02.exe
  • %Program Files%\limewire\shared\Super Utilities Pro 2009 11.0.exe
  • %Program Files%\limewire\shared\Power ISO v4.2 + keygen axxo.exe
  • %Program Files%\limewire\shared\G-Force Platinum v3.7.5.exe
  • %Program Files%\limewire\shared\Divx Pro 7 + keymaker.exe
  • %Program Files%\limewire\shared\Magic Video Converter 8 0 2 18.exe
  • %Program Files%\limewire\shared\Sophos antivirus updater bypass.exe
  • %Program Files%\limewire\shared\DVD Tools Nero 10.5.6.0.exe
  • %Program Files%\limewire\shared\Winamp.Pro.v7.33.PowerPack.Portable+installer.exe
  • %Program Files%\limewire\shared\PDF password remover (works with all acrobat reader).exe
  • %Program Files%\limewire\shared\Microsoft.Windows 7 ULTIMATE FINAL activator+keygen x86.exe
  • %Program Files%\limewire\shared\Windows2008 keygen and activator.exe
  • %Program Files%\limewire\shared\Tuneup Ultilities 2010.exe
  • %Program Files%\limewire\shared\Kaspersky Internet Security 2010 keygen.exe
  • %Program Files%\limewire\shared\Windows XP PRO Corp SP3 valid-key generator.exe
  • %Program Files%\limewire\shared\Starcraft2 Patch v0.2.exe
  • %Program Files%\limewire\shared\Starcraft2 keys.txt.exe
  • %Program Files%\limewire\shared\Starcraft2 Crack.exe
  • %Program Files%\limewire\shared\Starcraft2 Oblivion DLL.exe
  • %Program Files%\limewire\shared\Starcraft2.exe
  • %Program Files%\tesla\files\K-Lite Mega Codec v5.5.1.exe
  • %Program Files%\tesla\files\YouTubeGet 5.4.exe
  • %Program Files%\tesla\files\Windows 2008 Enterprise Server VMWare Virtual Machine.exe
  • %Program Files%\tesla\files\K-Lite Mega Codec v5.6.1 Portable.exe
  • %Program Files%\tesla\files\Adobe Photoshop CS4 crack.exe
  • %Program Files%\tesla\files\VmWare 7.0 keygen.exe
  • %Program Files%\tesla\files\WinRAR v3.x keygen RaZoR.exe
  • %Program Files%\tesla\files\Twitter FriendAdder 2.1.1.exe
  • %Program Files%\tesla\files\PDF Unlocker v2.0.3.exe
  • %Program Files%\tesla\files\Image Size Reducer Pro v1.0.1.exe
  • %Program Files%\tesla\files\Anti-Porn v13.5.12.29.exe
  • %Program Files%\tesla\files\Norton Internet Security 2010 crack.exe
  • %Program Files%\tesla\files\Kaspersky AntiVirus 2010 crack.exe
  • %Program Files%\tesla\files\PDF-XChange Pro.exe
  • %Program Files%\tesla\files\Windows 7 Ultimate keygen.exe
  • %Program Files%\tesla\files\RapidShare Killer AIO 2010.exe
  • %Program Files%\tesla\files\Ashampoo Snap 3.02.exe
  • %Program Files%\tesla\files\Blaze DVD Player Pro v6.52.exe
  • %Program Files%\tesla\files\Adobe Illustrator CS4 crack.exe
  • %Program Files%\tesla\files\Rapidshare Auto Downloader 3.8.exe
  • %Program Files%\tesla\files\Trojan Killer v2.9.4173.exe
  • %Program Files%\tesla\files\PDF to Word Converter 3.0.exe
  • %Program Files%\tesla\files\Google SketchUp 7.1 Pro.exe
  • %Program Files%\tesla\files\McAfee Total Protection 2010.exe
  • %Program Files%\tesla\files\Mp3 Splitter and Joiner Pro v3.48.exe
  • %Program Files%\tesla\files\Youtube Music Downloader 1.0.exe
  • %Program Files%\tesla\files\Adobe Acrobat Reader keygen.exe
  • %Program Files%\tesla\files\VmWare keygen.exe
  • %Program Files%\tesla\files\AnyDVD HD v.6.3.1.8 Beta incl crack.exe
  • %Program Files%\tesla\files\Ad-aware 2010.exe
  • %Program Files%\tesla\files\BitDefender AntiVirus 2010 Keygen.exe
  • %Program Files%\tesla\files\Norton Anti-Virus 2010 Enterprise Crack.exe
  • %Program Files%\tesla\files\Total Commander7 license+keygen.exe
  • %Program Files%\tesla\files\LimeWire Pro v4.18.3.exe
  • %Program Files%\tesla\files\Download Accelerator Plus v9.exe
  • %Program Files%\tesla\files\Internet Download Manager V5.exe
  • %Program Files%\tesla\files\Myspace theme collection.exe
  • %Program Files%\tesla\files\Nero 9 9.2.6.0 keygen.exe
  • %Program Files%\tesla\files\Motorola, nokia, ericsson mobil phone tools.exe
  • %Program Files%\tesla\files\Absolute Video Converter 6.2.exe
  • %Program Files%\tesla\files\Daemon Tools Pro 4.11.exe
  • %Program Files%\tesla\files\Download Boost 2.0.exe
  • %Program Files%\tesla\files\Avast 4.8 Professional.exe
  • %Program Files%\tesla\files\Grand Theft Auto IV (Offline Activation).exe
  • %Program Files%\tesla\files\Alcohol 120 v1.9.7.exe
  • %Program Files%\tesla\files\CleanMyPC Registry Cleaner v6.02.exe
  • %Program Files%\tesla\files\Super Utilities Pro 2009 11.0.exe
  • %Program Files%\tesla\files\Power ISO v4.2 + keygen axxo.exe
  • %Program Files%\tesla\files\G-Force Platinum v3.7.5.exe
  • %Program Files%\tesla\files\Divx Pro 7 + keymaker.exe
  • %Program Files%\tesla\files\Magic Video Converter 8 0 2 18.exe
  • %Program Files%\tesla\files\Sophos antivirus updater bypass.exe
  • %Program Files%\tesla\files\DVD Tools Nero 10.5.6.0.exe
  • %Program Files%\tesla\files\Winamp.Pro.v7.33.PowerPack.Portable+installer.exe
  • %Program Files%\tesla\files\PDF password remover (works with all acrobat reader).exe
  • %Program Files%\tesla\files\Microsoft.Windows 7 ULTIMATE FINAL activator+keygen x86.exe
  • %Program Files%\tesla\files\Windows2008 keygen and activator.exe
  • %Program Files%\tesla\files\Tuneup Ultilities 2010.exe
  • %Program Files%\tesla\files\Kaspersky Internet Security 2010 keygen.exe
  • %Program Files%\tesla\files\Windows XP PRO Corp SP3 valid-key generator.exe
  • %Program Files%\tesla\files\Starcraft2 Patch v0.2.exe
  • %Program Files%\tesla\files\Starcraft2 keys.txt.exe
  • %Program Files%\tesla\files\Starcraft2 Crack.exe
  • %Program Files%\tesla\files\Starcraft2 Oblivion DLL.exe
  • %Program Files%\tesla\files\Starcraft2.exe
  • %Program Files%\winmx\shared\K-Lite Mega Codec v5.5.1.exe
  • %Program Files%\winmx\shared\YouTubeGet 5.4.exe
  • %Program Files%\winmx\shared\Windows 2008 Enterprise Server VMWare Virtual Machine.exe
  • %Program Files%\winmx\shared\K-Lite Mega Codec v5.6.1 Portable.exe
  • %Program Files%\winmx\shared\Adobe Photoshop CS4 crack.exe
  • %Program Files%\winmx\shared\VmWare 7.0 keygen.exe
  • %Program Files%\winmx\shared\WinRAR v3.x keygen RaZoR.exe
  • %Program Files%\winmx\shared\Twitter FriendAdder 2.1.1.exe
  • %Program Files%\winmx\shared\PDF Unlocker v2.0.3.exe
  • %Program Files%\winmx\shared\Image Size Reducer Pro v1.0.1.exe
  • %Program Files%\winmx\shared\Anti-Porn v13.5.12.29.exe
  • %Program Files%\winmx\shared\Norton Internet Security 2010 crack.exe
  • %Program Files%\winmx\shared\Kaspersky AntiVirus 2010 crack.exe
  • %Program Files%\winmx\shared\PDF-XChange Pro.exe
  • %Program Files%\winmx\shared\Windows 7 Ultimate keygen.exe
  • %Program Files%\winmx\shared\RapidShare Killer AIO 2010.exe
  • %Program Files%\winmx\shared\Ashampoo Snap 3.02.exe
  • %Program Files%\winmx\shared\Blaze DVD Player Pro v6.52.exe
  • %Program Files%\winmx\shared\Adobe Illustrator CS4 crack.exe
  • %Program Files%\winmx\shared\Rapidshare Auto Downloader 3.8.exe
  • %Program Files%\winmx\shared\Trojan Killer v2.9.4173.exe
  • %Program Files%\winmx\shared\PDF to Word Converter 3.0.exe
  • %Program Files%\winmx\shared\Google SketchUp 7.1 Pro.exe
  • %Program Files%\winmx\shared\McAfee Total Protection 2010.exe
  • %Program Files%\winmx\shared\Mp3 Splitter and Joiner Pro v3.48.exe
  • %Program Files%\winmx\shared\Youtube Music Downloader 1.0.exe
  • %Program Files%\winmx\shared\Adobe Acrobat Reader keygen.exe
  • %Program Files%\winmx\shared\VmWare keygen.exe
  • %Program Files%\winmx\shared\AnyDVD HD v.6.3.1.8 Beta incl crack.exe
  • %Program Files%\winmx\shared\Ad-aware 2010.exe
  • %Program Files%\winmx\shared\BitDefender AntiVirus 2010 Keygen.exe
  • %Program Files%\winmx\shared\Norton Anti-Virus 2010 Enterprise Crack.exe
  • %Program Files%\winmx\shared\Total Commander7 license+keygen.exe
  • %Program Files%\winmx\shared\LimeWire Pro v4.18.3.exe
  • %Program Files%\winmx\shared\Download Accelerator Plus v9.exe
  • %Program Files%\winmx\shared\Internet Download Manager V5.exe
  • %Program Files%\winmx\shared\Myspace theme collection.exe
  • %Program Files%\winmx\shared\Nero 9 9.2.6.0 keygen.exe
  • %Program Files%\winmx\shared\Motorola, nokia, ericsson mobil phone tools.exe
  • %Program Files%\winmx\shared\Absolute Video Converter 6.2.exe
  • %Program Files%\winmx\shared\Daemon Tools Pro 4.11.exe
  • %Program Files%\winmx\shared\Download Boost 2.0.exe
  • %Program Files%\winmx\shared\Avast 4.8 Professional.exe
  • %Program Files%\winmx\shared\Grand Theft Auto IV (Offline Activation).exe
  • %Program Files%\winmx\shared\Alcohol 120 v1.9.7.exe
  • %Program Files%\winmx\shared\CleanMyPC Registry Cleaner v6.02.exe
  • %Program Files%\winmx\shared\Super Utilities Pro 2009 11.0.exe
  • %Program Files%\winmx\shared\Power ISO v4.2 + keygen axxo.exe
  • %Program Files%\winmx\shared\G-Force Platinum v3.7.5.exe
  • %Program Files%\winmx\shared\Divx Pro 7 + keymaker.exe
  • %Program Files%\winmx\shared\Magic Video Converter 8 0 2 18.exe
  • %Program Files%\winmx\shared\Sophos antivirus updater bypass.exe
  • %Program Files%\winmx\shared\DVD Tools Nero 10.5.6.0.exe
  • %Program Files%\winmx\shared\Winamp.Pro.v7.33.PowerPack.Portable+installer.exe
  • %Program Files%\winmx\shared\PDF password remover (works with all acrobat reader).exe
  • %Program Files%\winmx\shared\Microsoft.Windows 7 ULTIMATE FINAL activator+keygen x86.exe
  • %Program Files%\winmx\shared\Windows2008 keygen and activator.exe
  • %Program Files%\winmx\shared\Tuneup Ultilities 2010.exe
  • %Program Files%\winmx\shared\Kaspersky Internet Security 2010 keygen.exe
  • %Program Files%\winmx\shared\Windows XP PRO Corp SP3 valid-key generator.exe
  • %Program Files%\winmx\shared\Starcraft2 Patch v0.2.exe
  • %Program Files%\winmx\shared\Starcraft2 keys.txt.exe
  • %Program Files%\winmx\shared\Starcraft2 Crack.exe
  • %Program Files%\winmx\shared\Starcraft2 Oblivion DLL.exe
  • %Program Files%\winmx\shared\Starcraft2.exe
  • %System Root%\Downloads\K-Lite Mega Codec v5.5.1.exe
  • %System Root%\Downloads\YouTubeGet 5.4.exe
  • %System Root%\Downloads\Windows 2008 Enterprise Server VMWare Virtual Machine.exe
  • %System Root%\Downloads\K-Lite Mega Codec v5.6.1 Portable.exe
  • %System Root%\Downloads\Adobe Photoshop CS4 crack.exe
  • %System Root%\Downloads\VmWare 7.0 keygen.exe
  • %System Root%\Downloads\WinRAR v3.x keygen RaZoR.exe
  • %System Root%\Downloads\Twitter FriendAdder 2.1.1.exe
  • %System Root%\Downloads\PDF Unlocker v2.0.3.exe
  • %System Root%\Downloads\Image Size Reducer Pro v1.0.1.exe
  • %System Root%\Downloads\Anti-Porn v13.5.12.29.exe
  • %System Root%\Downloads\Norton Internet Security 2010 crack.exe
  • %System Root%\Downloads\Kaspersky AntiVirus 2010 crack.exe
  • %System Root%\Downloads\PDF-XChange Pro.exe
  • %System Root%\Downloads\Windows 7 Ultimate keygen.exe
  • %System Root%\Downloads\RapidShare Killer AIO 2010.exe
  • %System Root%\Downloads\Ashampoo Snap 3.02.exe
  • %System Root%\Downloads\Blaze DVD Player Pro v6.52.exe
  • %System Root%\Downloads\Adobe Illustrator CS4 crack.exe
  • %System Root%\Downloads\Rapidshare Auto Downloader 3.8.exe
  • %System Root%\Downloads\Trojan Killer v2.9.4173.exe
  • %System Root%\Downloads\PDF to Word Converter 3.0.exe
  • %System Root%\Downloads\Google SketchUp 7.1 Pro.exe
  • %System Root%\Downloads\McAfee Total Protection 2010.exe
  • %System Root%\Downloads\Mp3 Splitter and Joiner Pro v3.48.exe
  • %System Root%\Downloads\Youtube Music Downloader 1.0.exe
  • %System Root%\Downloads\Adobe Acrobat Reader keygen.exe
  • %System Root%\Downloads\VmWare keygen.exe
  • %System Root%\Downloads\AnyDVD HD v.6.3.1.8 Beta incl crack.exe
  • %System Root%\Downloads\Ad-aware 2010.exe
  • %System Root%\Downloads\BitDefender AntiVirus 2010 Keygen.exe
  • %System Root%\Downloads\Norton Anti-Virus 2010 Enterprise Crack.exe
  • %System Root%\Downloads\Total Commander7 license+keygen.exe
  • %System Root%\Downloads\LimeWire Pro v4.18.3.exe
  • %System Root%\Downloads\Download Accelerator Plus v9.exe
  • %System Root%\Downloads\Internet Download Manager V5.exe
  • %System Root%\Downloads\Myspace theme collection.exe
  • %System Root%\Downloads\Nero 9 9.2.6.0 keygen.exe
  • %System Root%\Downloads\Motorola, nokia, ericsson mobil phone tools.exe
  • %System Root%\Downloads\Absolute Video Converter 6.2.exe
  • %System Root%\Downloads\Daemon Tools Pro 4.11.exe
  • %System Root%\Downloads\Download Boost 2.0.exe
  • %System Root%\Downloads\Avast 4.8 Professional.exe
  • %System Root%\Downloads\Grand Theft Auto IV (Offline Activation).exe
  • %System Root%\Downloads\Alcohol 120 v1.9.7.exe
  • %System Root%\Downloads\CleanMyPC Registry Cleaner v6.02.exe
  • %System Root%\Downloads\Super Utilities Pro 2009 11.0.exe
  • %System Root%\Downloads\Power ISO v4.2 + keygen axxo.exe
  • %System Root%\Downloads\G-Force Platinum v3.7.5.exe
  • %System Root%\Downloads\Divx Pro 7 + keymaker.exe
  • %System Root%\Downloads\Magic Video Converter 8 0 2 18.exe
  • %System Root%\Downloads\Sophos antivirus updater bypass.exe
  • %System Root%\Downloads\DVD Tools Nero 10.5.6.0.exe
  • %System Root%\Downloads\Winamp.Pro.v7.33.PowerPack.Portable+installer.exe
  • %System Root%\Downloads\PDF password remover (works with all acrobat reader).exe
  • %System Root%\Downloads\Microsoft.Windows 7 ULTIMATE FINAL activator+keygen x86.exe
  • %System Root%\Downloads\Windows2008 keygen and activator.exe
  • %System Root%\Downloads\Tuneup Ultilities 2010.exe
  • %System Root%\Downloads\Kaspersky Internet Security 2010 keygen.exe
  • %System Root%\Downloads\Windows XP PRO Corp SP3 valid-key generator.exe
  • %System Root%\Downloads\Starcraft2 Patch v0.2.exe
  • %System Root%\Downloads\Starcraft2 keys.txt.exe
  • %System Root%\Downloads\Starcraft2 Crack.exe
  • %System Root%\Downloads\Starcraft2 Oblivion DLL.exe
  • %System Root%\Downloads\Starcraft2.exe

(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.. %Program Files% is the default Program Files folder, usually C:\Program Files.. %System Root% is the root folder, which is usually C:\. It is also where the operating system is located.)

It creates the following folders:

  • %Program Files%\Mozilla Firefox
  • %Program Files%\Mozilla Firefox\extensions
  • %Program Files%\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
  • %Program Files%\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome
  • %Program Files%\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content
  • %User Profile%\Application Data\SystemProc

(Note: %Program Files% is the default Program Files folder, usually C:\Program Files.. %User Profile% is the current user's profile folder, which is usually C:\Windows\Profiles\{user name} on Windows 98 and ME, C:\WINNT\Profiles\{user name} on Windows NT, and C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003.)

Autostart Technique

This worm adds the following registry entries to enable its automatic execution at every system startup:

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Adobe Reader Updater6 = "%System%\AdobeARMI.exe"

Other System Modifications

This worm adds the following registry keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\
Adobe6

HKEY_CURRENT_USER\Software\Microsoft\
Adobe6

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\policies\
Explorer\Run

It adds the following registry entries:

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer
adobe076 = "11"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer
adobe086 = "22"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\
List
%System%\AdobeARMI.exe = "%System%\AdobeARMI.exe:*:Enabled:Explorer"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\policies\
system
EnableLUA = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center
UACDisableNotify = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\policies\
Explorer\Run
RTHDBPL = "%System%\adobereader.exe"

HKEY_CURRENT_USER\Identities
KillSelf = "ok"

HKEY_CURRENT_USER\Identities
Curr version = "25"

HKEY_CURRENT_USER\Identities
First Start = "%System%\adobereader.exe"

HKEY_CURRENT_USER\Identities
Last Date = "22-11-2011"

HKEY_CURRENT_USER\Identities
Send Inst = "ok"

HKEY_CURRENT_USER\Identities
Inst Date = "22-11-2011"

HKEY_CURRENT_USER\Identities
Popup count = "0"

HKEY_CURRENT_USER\Identities
Popup time = "0"

HKEY_CURRENT_USER\Identities
Popup date = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\policies\
Explorer\Run
RTHDBPL = "%User Profile%\SystemProc\lsass.exe"

Dropping Routine

This worm drops the following files:

  • %System%\AdobeARMI.exe
  • %System%\adobereader.exe
  • %Program Files%\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
  • %Program Files%\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
  • %Program Files%\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
  • %User Profile%\SystemProc\lsass.exe

(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.. %Program Files% is the default Program Files folder, usually C:\Program Files.. %User Profile% is the current user's profile folder, which is usually C:\Windows\Profiles\{user name} on Windows 98 and ME, C:\WINNT\Profiles\{user name} on Windows NT, and C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003.)

This report is generated via an automated analysis system.

  SOLUTION

Minimum Scan Engine:

9.200

Step 1

For Windows XP and Windows Server 2003 users, before doing any scans, please make sure you disable System Restore to allow full scanning of your computer.

Step 2

Restart in Safe Mode

[ Learn More ]

Step 3

Delete this registry key

[ Learn More ]

Important: Editing the Windows Registry incorrectly can lead to irreversible system malfunction. Please do this step only if you know how or you can ask assistance from your system administrator. Else, check this Microsoft article first before modifying your computer's registry.

  • In HKEY_LOCAL_MACHINE\Software\Microsoft
    • Adobe6
  • In HKEY_CURRENT_USER\Software\Microsoft
    • Adobe6
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    • Run

Step 4

Delete this registry value

[ Learn More ]

Important: Editing the Windows Registry incorrectly can lead to irreversible system malfunction. Please do this step only if you know how or you can ask assistance from your system administrator. Else, check this Microsoft article first before modifying your computer's registry.

  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • Adobe Reader Updater6 = "%System%\AdobeARMI.exe"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
    • adobe076 = "11"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
    • adobe086 = "22"
  • In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    • %System%\AdobeARMI.exe = "%System%\AdobeARMI.exe:*:Enabled:Explorer"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    • EnableLUA = "0"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
    • UACDisableNotify = "1"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    • RTHDBPL = "%System%\adobereader.exe"
  • In HKEY_CURRENT_USER\Identities
    • KillSelf = "ok"
  • In HKEY_CURRENT_USER\Identities
    • Curr version = "25"
  • In HKEY_CURRENT_USER\Identities
    • First Start = "%System%\adobereader.exe"
  • In HKEY_CURRENT_USER\Identities
    • Last Date = "22-11-2011"
  • In HKEY_CURRENT_USER\Identities
    • Send Inst = "ok"
  • In HKEY_CURRENT_USER\Identities
    • Inst Date = "22-11-2011"
  • In HKEY_CURRENT_USER\Identities
    • Popup count = "0"
  • In HKEY_CURRENT_USER\Identities
    • Popup time = "0"
  • In HKEY_CURRENT_USER\Identities
    • Popup date = "0"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    • RTHDBPL = "%User Profile%\SystemProc\lsass.exe"

Step 5

Search and delete these files

[ Learn More ]
There may be some component files that are hidden. Please make sure you check the Search Hidden Files and Folders checkbox in the "More advanced options" option to include all hidden files and folders in the search result.
  • %System%\AdobeARMI.exe
  • %System%\adobereader.exe
  • %Program Files%\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
  • %Program Files%\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
  • %Program Files%\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
  • %User Profile%\SystemProc\lsass.exe

Step 6

Search and delete these folders

[ Learn More ]
Please make sure you check the Search Hidden Files and Folders checkbox in the More advanced options option to include all hidden folders in the search result.
  • %Program Files%\Mozilla Firefox
  • %Program Files%\Mozilla Firefox\extensions
  • %Program Files%\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
  • %Program Files%\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome
  • %Program Files%\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content
  • %User Profile%\Application Data\SystemProc

Step 7

Restart in normal mode and scan your computer with your Trend Micro product for files detected as WORM_PROLACO.AC. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.


Did this description help? Tell us how we did.