Technical Information
- <SYSTEM32>\tasks\updates\grqyxiufoz
- %APPDATA%\microsoft\windows\start menu\programs\startup\paint.lnk
- C:\far2\far.exe
- %ProgramFiles%\antivirus\antivirus.exe
- %ProgramFiles%\anti-trojan\rcxaf79.tmp
- %ProgramFiles%\anti-trojan\anti-trojan.exe
- %ProgramFiles%\amsn\rcxae30.tmp
- %ProgramFiles%\amsn\amsn.exe
- %ProgramFiles%\amon\rcxace8.tmp
- %ProgramFiles%\antivirus\rcxb0e1.tmp
- %ProgramFiles%\amon\amon.exe
- %ProgramFiles%\alsvc\alsvc.exe
- %ProgramFiles%\almon\rcxaa09.tmp
- %ProgramFiles%\almon\almon.exe
- %ProgramFiles%\airdefense\rcxa882.tmp
- %ProgramFiles%\airdefense\airdefense.exe
- %ProgramFiles%\aimpro\rcxa70a.tmp
- %ProgramFiles%\alsvc\rcxab80.tmp
- %ProgramFiles%\ashavast\rcxb7c9.tmp
- %ProgramFiles%\ashdug\rcxbcfb.tmp
- %ProgramFiles%\armor2net\armor2net.exe
- %ProgramFiles%\ashdug\ashdug.exe
- %ProgramFiles%\ashdisp\rcxbbb2.tmp
- %ProgramFiles%\ashdisp\ashdisp.exe
- %ProgramFiles%\ashchest\rcxba69.tmp
- %ProgramFiles%\ashchest\ashchest.exe
- %ProgramFiles%\ashavsrv\rcxb930.tmp
- %ProgramFiles%\aimpro\aimpro.exe
- %ProgramFiles%\ashavsrv\ashavsrv.exe
- %ProgramFiles%\ashavast\ashavast.exe
- %ProgramFiles%\ash\rcxb680.tmp
- %ProgramFiles%\ash\ash.exe
- %ProgramFiles%\armorsurf\rcxb528.tmp
- %ProgramFiles%\armorsurf\armorsurf.exe
- %ProgramFiles%\armor2net\rcxb3c0.tmp
- %ProgramFiles%\aoltbserver\aoltbserver.exe
- %ProgramFiles%\aoltbserver\rcxb229.tmp
- %ProgramFiles%\aim6\rcxa516.tmp
- %ProgramFiles%\a2upd\rcx994a.tmp
- %ProgramFiles%\a2start\a2start.exe
- %ProgramFiles%\a2service\rcx968a.tmp
- %ProgramFiles%\a2service\a2service.exe
- %ProgramFiles%\a2scan\rcx9532.tmp
- %ProgramFiles%\a2scan\a2scan.exe
- %ProgramFiles%\a2hijackfree\rcx93e9.tmp
- %ProgramFiles%\a2start\rcx97e2.tmp
- %ProgramFiles%\a2hijackfree\a2hijackfree.exe
- %ProgramFiles%\a2guard\a2guard.exe
- %ProgramFiles%\a2cmd\rcx9196.tmp
- %ProgramFiles%\a2cmd\a2cmd.exe
- %ProgramFiles%\360tray\rcx907d.tmp
- %ProgramFiles%\360tray\360tray.exe
- C:\far2\rcx8f34.tmp
- %ProgramFiles%\a2guard\rcx92cf.tmp
- %ProgramFiles%\ackwin32\rcx9e7c.tmp
- %ProgramFiles%\ahnsd\rcxa3ae.tmp
- %ProgramFiles%\a2wizard\a2wizard.exe
- %ProgramFiles%\ahnsd\ahnsd.exe
- %ProgramFiles%\ageofconan\rcxa275.tmp
- %ProgramFiles%\ageofconan\ageofconan.exe
- %ProgramFiles%\agb5\rcxa11d.tmp
- %ProgramFiles%\agb5\agb5.exe
- %ProgramFiles%\admunch\rcx9fb5.tmp
- %ProgramFiles%\aim6\aim6.exe
- %ProgramFiles%\admunch\admunch.exe
- %ProgramFiles%\ackwin32\ackwin32.exe
- %ProgramFiles%\about\rcx9d33.tmp
- %ProgramFiles%\about\about.exe
- %ProgramFiles%\aavshield\rcx9bcc.tmp
- %ProgramFiles%\aavshield\aavshield.exe
- %ProgramFiles%\a2wizard\rcx9a83.tmp
- %ProgramFiles%\a2upd\a2upd.exe
- %ProgramFiles%\ashenhcd\ashenhcd.exe
- %APPDATA%\grqyxiufoz.exe
- %ProgramFiles%\anti-trojan\vanti-trojan.ico
- %ProgramFiles%\amsn\rcxae30.tmp
- %ProgramFiles%\amsn\vamsn.ico
- %ProgramFiles%\amon\rcxace8.tmp
- %ProgramFiles%\amon\vamon.ico
- %ProgramFiles%\alsvc\rcxab80.tmp
- %ProgramFiles%\anti-trojan\rcxaf79.tmp
- %ProgramFiles%\alsvc\valsvc.ico
- %ProgramFiles%\almon\valmon.ico
- %ProgramFiles%\airdefense\rcxa882.tmp
- %ProgramFiles%\airdefense\vairdefense.ico
- %ProgramFiles%\aimpro\rcxa70a.tmp
- %ProgramFiles%\aimpro\vaimpro.ico
- %ProgramFiles%\aim6\rcxa516.tmp
- %ProgramFiles%\almon\rcxaa09.tmp
- %ProgramFiles%\antivirus\vantivirus.ico
- %ProgramFiles%\antivirus\rcxb0e1.tmp
- %ProgramFiles%\aoltbserver\vaoltbserver.ico
- %ProgramFiles%\ashdisp\rcxbbb2.tmp
- %ProgramFiles%\ashdisp\vashdisp.ico
- %ProgramFiles%\ashchest\rcxba69.tmp
- %ProgramFiles%\ashchest\vashchest.ico
- %ProgramFiles%\ashavsrv\rcxb930.tmp
- %ProgramFiles%\ashavsrv\vashavsrv.ico
- %ProgramFiles%\ashavast\rcxb7c9.tmp
- %ProgramFiles%\ashavast\vashavast.ico
- %ProgramFiles%\ash\rcxb680.tmp
- %ProgramFiles%\ash\vash.ico
- %ProgramFiles%\armorsurf\rcxb528.tmp
- %ProgramFiles%\armorsurf\varmorsurf.ico
- %ProgramFiles%\armor2net\rcxb3c0.tmp
- %ProgramFiles%\armor2net\varmor2net.ico
- %ProgramFiles%\aoltbserver\rcxb229.tmp
- %ProgramFiles%\aim6\vaim6.ico
- %ProgramFiles%\ashdug\vashdug.ico
- %ProgramFiles%\ahnsd\rcxa3ae.tmp
- %ProgramFiles%\ageofconan\rcxa275.tmp
- %ProgramFiles%\a2scan\rcx9532.tmp
- %ProgramFiles%\a2scan\va2scan.ico
- %ProgramFiles%\a2hijackfree\rcx93e9.tmp
- %ProgramFiles%\a2hijackfree\va2hijackfree.ico
- %ProgramFiles%\a2guard\rcx92cf.tmp
- %ProgramFiles%\a2guard\va2guard.ico
- %ProgramFiles%\a2service\va2service.ico
- %ProgramFiles%\a2cmd\rcx9196.tmp
- %ProgramFiles%\360tray\rcx907d.tmp
- %ProgramFiles%\360tray\v360tray.ico
- C:\far2\rcx8f34.tmp
- C:\far2\vfar.ico
- %APPDATA%\paint.exe
- %TEMP%\tmpb441.tmp
- %ProgramFiles%\a2cmd\va2cmd.ico
- %ProgramFiles%\a2service\rcx968a.tmp
- %ProgramFiles%\a2start\va2start.ico
- %ProgramFiles%\a2start\rcx97e2.tmp
- %ProgramFiles%\ageofconan\vageofconan.ico
- %ProgramFiles%\agb5\rcxa11d.tmp
- %ProgramFiles%\agb5\vagb5.ico
- %ProgramFiles%\admunch\rcx9fb5.tmp
- %ProgramFiles%\admunch\vadmunch.ico
- %ProgramFiles%\ackwin32\rcx9e7c.tmp
- %ProgramFiles%\ackwin32\vackwin32.ico
- %ProgramFiles%\about\rcx9d33.tmp
- %ProgramFiles%\about\vabout.ico
- %ProgramFiles%\aavshield\rcx9bcc.tmp
- %ProgramFiles%\aavshield\vaavshield.ico
- %ProgramFiles%\a2wizard\rcx9a83.tmp
- %ProgramFiles%\a2wizard\va2wizard.ico
- %ProgramFiles%\a2upd\rcx994a.tmp
- %ProgramFiles%\a2upd\va2upd.ico
- %ProgramFiles%\ahnsd\vahnsd.ico
- %ProgramFiles%\ashdug\rcxbcfb.tmp
- %APPDATA%\grqyxiufoz.exe
- %APPDATA%\paint.exe
- %TEMP%\tmpb441.tmp
- %ProgramFiles%\almon\valmon.ico
- %ProgramFiles%\alsvc\valsvc.ico
- %ProgramFiles%\amon\vamon.ico
- %ProgramFiles%\amsn\vamsn.ico
- %ProgramFiles%\anti-trojan\vanti-trojan.ico
- %ProgramFiles%\aimpro\vaimpro.ico
- %ProgramFiles%\airdefense\vairdefense.ico
- %ProgramFiles%\antivirus\vantivirus.ico
- %ProgramFiles%\armorsurf\varmorsurf.ico
- %ProgramFiles%\ash\vash.ico
- %ProgramFiles%\ashavast\vashavast.ico
- %ProgramFiles%\ashavsrv\vashavsrv.ico
- %ProgramFiles%\ashchest\vashchest.ico
- %ProgramFiles%\aoltbserver\vaoltbserver.ico
- %ProgramFiles%\armor2net\varmor2net.ico
- %ProgramFiles%\aim6\vaim6.ico
- %ProgramFiles%\ahnsd\vahnsd.ico
- %ProgramFiles%\ageofconan\vageofconan.ico
- %ProgramFiles%\360tray\v360tray.ico
- %ProgramFiles%\a2cmd\va2cmd.ico
- %ProgramFiles%\a2guard\va2guard.ico
- %ProgramFiles%\a2hijackfree\va2hijackfree.ico
- %ProgramFiles%\a2scan\va2scan.ico
- %ProgramFiles%\a2service\va2service.ico
- C:\far2\vfar.ico
- %ProgramFiles%\a2start\va2start.ico
- %ProgramFiles%\a2wizard\va2wizard.ico
- %ProgramFiles%\aavshield\vaavshield.ico
- %ProgramFiles%\about\vabout.ico
- %ProgramFiles%\ackwin32\vackwin32.ico
- %ProgramFiles%\admunch\vadmunch.ico
- %ProgramFiles%\agb5\vagb5.ico
- %ProgramFiles%\a2upd\va2upd.ico
- %ProgramFiles%\ashdisp\vashdisp.ico
- %ProgramFiles%\ashdug\vashdug.ico
- from %ProgramFiles%\360tray\360tray.exe to %ProgramFiles%\360tray\v360tray.exe
- from %ProgramFiles%\almon\almon.exe to %ProgramFiles%\almon\valmon.exe
- from %ProgramFiles%\alsvc\alsvc.exe to %ProgramFiles%\alsvc\valsvc.exe
- from %ProgramFiles%\amon\amon.exe to %ProgramFiles%\amon\vamon.exe
- from %ProgramFiles%\amsn\amsn.exe to %ProgramFiles%\amsn\vamsn.exe
- from %ProgramFiles%\anti-trojan\anti-trojan.exe to %ProgramFiles%\anti-trojan\vanti-trojan.exe
- from %ProgramFiles%\antivirus\antivirus.exe to %ProgramFiles%\antivirus\vantivirus.exe
- from %ProgramFiles%\armor2net\armor2net.exe to %ProgramFiles%\armor2net\varmor2net.exe
- from %ProgramFiles%\ashdug\ashdug.exe to %ProgramFiles%\ashdug\vashdug.exe
- from %ProgramFiles%\armorsurf\armorsurf.exe to %ProgramFiles%\armorsurf\varmorsurf.exe
- from %ProgramFiles%\ash\ash.exe to %ProgramFiles%\ash\vash.exe
- from %ProgramFiles%\ashavast\ashavast.exe to %ProgramFiles%\ashavast\vashavast.exe
- from %ProgramFiles%\ashavsrv\ashavsrv.exe to %ProgramFiles%\ashavsrv\vashavsrv.exe
- from %ProgramFiles%\ashchest\ashchest.exe to %ProgramFiles%\ashchest\vashchest.exe
- from %ProgramFiles%\ashdisp\ashdisp.exe to %ProgramFiles%\ashdisp\vashdisp.exe
- from %ProgramFiles%\airdefense\airdefense.exe to %ProgramFiles%\airdefense\vairdefense.exe
- from %ProgramFiles%\aoltbserver\aoltbserver.exe to %ProgramFiles%\aoltbserver\vaoltbserver.exe
- from %ProgramFiles%\aimpro\aimpro.exe to %ProgramFiles%\aimpro\vaimpro.exe
- from %ProgramFiles%\a2upd\a2upd.exe to %ProgramFiles%\a2upd\va2upd.exe
- from %ProgramFiles%\a2cmd\a2cmd.exe to %ProgramFiles%\a2cmd\va2cmd.exe
- from %ProgramFiles%\a2guard\a2guard.exe to %ProgramFiles%\a2guard\va2guard.exe
- from %ProgramFiles%\a2hijackfree\a2hijackfree.exe to %ProgramFiles%\a2hijackfree\va2hijackfree.exe
- from %ProgramFiles%\a2scan\a2scan.exe to %ProgramFiles%\a2scan\va2scan.exe
- from %ProgramFiles%\a2service\a2service.exe to %ProgramFiles%\a2service\va2service.exe
- from %ProgramFiles%\a2start\a2start.exe to %ProgramFiles%\a2start\va2start.exe
- from %ProgramFiles%\a2wizard\a2wizard.exe to %ProgramFiles%\a2wizard\va2wizard.exe
- from %ProgramFiles%\ahnsd\ahnsd.exe to %ProgramFiles%\ahnsd\vahnsd.exe
- from %ProgramFiles%\aavshield\aavshield.exe to %ProgramFiles%\aavshield\vaavshield.exe
- from %ProgramFiles%\about\about.exe to %ProgramFiles%\about\vabout.exe
- from %ProgramFiles%\ackwin32\ackwin32.exe to %ProgramFiles%\ackwin32\vackwin32.exe
- from %ProgramFiles%\admunch\admunch.exe to %ProgramFiles%\admunch\vadmunch.exe
- from %ProgramFiles%\agb5\agb5.exe to %ProgramFiles%\agb5\vagb5.exe
- from %ProgramFiles%\ageofconan\ageofconan.exe to %ProgramFiles%\ageofconan\vageofconan.exe
- from %ProgramFiles%\aim6\aim6.exe to %ProgramFiles%\aim6\vaim6.exe
- from %ProgramFiles%\ashenhcd\ashenhcd.exe to %ProgramFiles%\ashenhcd\vashenhcd.exe
- C:\Far2\Far.exe
- %ProgramFiles%\ALsvc\ALsvc.exe
- %ProgramFiles%\amon\amon.exe
- %ProgramFiles%\amsn\amsn.exe
- %ProgramFiles%\Anti-Trojan\Anti-Trojan.exe
- %ProgramFiles%\AntiVirus\AntiVirus.exe
- %ProgramFiles%\airdefense\airdefense.exe
- %ProgramFiles%\ALMon\ALMon.exe
- %ProgramFiles%\AolTbServer\AolTbServer.exe
- %ProgramFiles%\ash\ash.exe
- %ProgramFiles%\ashAvast\ashAvast.exe
- %ProgramFiles%\ashAvSrv\ashAvSrv.exe
- %ProgramFiles%\ashchest\ashchest.exe
- %ProgramFiles%\ashDisp\ashDisp.exe
- %ProgramFiles%\Armor2net\Armor2net.exe
- %ProgramFiles%\armorsurf\armorsurf.exe
- %ProgramFiles%\aimpro\aimpro.exe
- %ProgramFiles%\aim6\aim6.exe
- %ProgramFiles%\AhnSD\AhnSD.exe
- %ProgramFiles%\a2cmd\a2cmd.exe
- %ProgramFiles%\a2guard\a2guard.exe
- %ProgramFiles%\a2HiJackFree\a2HiJackFree.exe
- %ProgramFiles%\a2scan\a2scan.exe
- %ProgramFiles%\a2service\a2service.exe
- %ProgramFiles%\a2start\a2start.exe
- %ProgramFiles%\360tray\360tray.exe
- %ProgramFiles%\a2upd\a2upd.exe
- %ProgramFiles%\aavshield\aavshield.exe
- %ProgramFiles%\About\About.exe
- %ProgramFiles%\AckWin32\AckWin32.exe
- %ProgramFiles%\AdMunch\AdMunch.exe
- %ProgramFiles%\Agb5\Agb5.exe
- %ProgramFiles%\ageofconan\ageofconan.exe
- %ProgramFiles%\a2wizard\a2wizard.exe
- %ProgramFiles%\ashDug\ashDug.exe
- %ProgramFiles%\ashEnhcd\ashEnhcd.exe
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\grqyXiUfOZ" /XML "%TEMP%\tmpB441.tmp"' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\grqyXiUfOZ" /XML "%TEMP%\tmpB441.tmp"