Trojan.MulDrop5.38060

Technical Information

To ensure autorun and distribution:

Modifies the following registry keys:

[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006] 'PackedCatalogItem' = '{43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,6d,63,6c,73,70,2e,64,6c,6c,00,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005] 'PackedCatalogItem' = '{43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,6d,63,6c,73,70,2e,64,6c,6c,00,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004] 'PackedCatalogItem' = '{43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,6d,63,6c,73,70,2e,64,6c,6c,00,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009] 'PackedCatalogItem' = '{43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,6d,63,6c,73,70,2e,64,6c,6c,00,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008] 'PackedCatalogItem' = '{43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,6d,63,6c,73,70,2e,64,6c,6c,00,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007] 'PackedCatalogItem' = '{43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,6d,63,6c,73,70,2e,64,6c,6c,00,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000023] 'PackedCatalogItem' = '{43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,6d,63,6c,73,70,2e,64,6c,6c,00,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000022] 'PackedCatalogItem' = '{43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,6d,63,6c,73,70,2e,64,6c,6c,00,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021] 'PackedCatalogItem' = '{43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,6d,63,6c,73,70,2e,64,6c,6c,00,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003] 'PackedCatalogItem' = '{43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,6d,63,6c,73,70,2e,64,6c,6c,00,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002] 'PackedCatalogItem' = '{43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,6d,63,6c,73,70,2e,64,6c,6c,00,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001] 'PackedCatalogItem' = '{43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,6d,63,6c,73,70,2e,64,6c,6c,00,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010] 'PackedCatalogItem' = '{43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,6d,63,6c,73,70,2e,64,6c,6c,00,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000022] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011] 'PackedCatalogItem' = '{43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,6d,63,6c,73,70,2e,64,6c,6c,00,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,72,73,76,70,73,70,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,72,73,76,70,73,70,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,72,73,76,70,73,70,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,72,73,76,70,73,70,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MPSExe' = '%PROGRAM_FILES%\McAfee.com\MPS\mscifapp.exe /embedding'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'McRegWiz' = '%PROGRAM_FILES%\McAfee.com\Agent\mcregwiz.exe /autorun'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'McafDellTag' = '%PROGRAM_FILES%\McAfee.com\Agent\mcdeltag.exe'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MCUpdateExe' = '%PROGRAM_FILES%\mcafee.com\agent\mcupdate.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MCAgentExe' = '%PROGRAM_FILES%\mcafee.com\agent\mcagent.exe'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017] 'PackedCatalogItem' = '{43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,6d,63,6c,73,70,2e,64,6c,6c,00,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016] 'PackedCatalogItem' = '{43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,6d,63,6c,73,70,2e,64,6c,6c,00,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015] 'PackedCatalogItem' = '{43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,6d,63,6c,73,70,2e,64,6c,6c,00,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020] 'PackedCatalogItem' = '{43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,6d,63,6c,73,70,2e,64,6c,6c,00,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019] 'PackedCatalogItem' = '{43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,6d,63,6c,73,70,2e,64,6c,6c,00,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018] 'PackedCatalogItem' = '{43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,6d,63,6c,73,70,2e,64,6c,6c,00,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014] 'PackedCatalogItem' = '{43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,6d,63,6c,73,70,2e,64,6c,6c,00,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013] 'PackedCatalogItem' = '{43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,6d,63,6c,73,70,2e,64,6c,6c,00,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012] 'PackedCatalogItem' = '{43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,6d,63,6c,73,70,2e,64,6c,6c,00,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,...'

Creates or modifies the following files:

%WINDIR%\Tasks\McAfee.com Update Check (CRNJEUFU-%USERNAME%).job

Creates the following services:

[<HKLM>\SYSTEM\ControlSet001\Services\WS2IFSL] 'Start' = '00000001'

Malicious functions:

Creates and executes the following:

'%PROGRAM_FILES%\McAfee.com\Agent\mcregwiz.exe' -regserver
'%PROGRAM_FILES%\McAfee.com\Shared\mcinfo.exe' -regserver
'%PROGRAM_FILES%\McAfee.com\Agent\mcupdate.exe'
'%PROGRAM_FILES%\McAfee.com\MPS\mscifapp.exe' -regserver
'%PROGRAM_FILES%\McAfee.com\Shared\mghtml.exe' -Embedding
'%PROGRAM_FILES%\McAfee.com\Shared\mghtml.exe' -regserver
'%PROGRAM_FILES%\McAfee.com\Agent\mcupdmgr.exe' -regserver
'%PROGRAM_FILES%\McAfee.com\Agent\mcagent.exe' -regserver

Executes the following:

'<SYSTEM32>\regsvr32.exe' /s <SYSTEM32>\mclsp.dll

Modifies file system :

Creates the following files:

%TEMP%\MCAC.tmp\tempinst\mpscfg_cab\mpsrem.ui
%TEMP%\MCAC.tmp\tempinst\mpscfg_cab\mps.adf
%TEMP%\MCAC.tmp\tempinst\mpscfg_cab\mps.chm
%TEMP%\MCAC.tmp\tempinst\mpscfg_cab\data.ini
%TEMP%\MCAC.tmp\tempinst\mpscfg_cab\mscifhtm.dll
%TEMP%\MCAC.tmp\tempinst\mpscfg_cab\mpsdb.dll
%TEMP%\MCAC.tmp\tempinst\mpscfg_cab\mcstdb.dat
%TEMP%\MCAC.tmp\tempinst\mpscfg_cab\readme.txt
%TEMP%\MCAC.tmp\tempinst\mps_cab\urldb.dat
%TEMP%\MCAC.tmp\tempinst\mps_cab\gdlsphlr.dll
%TEMP%\MCAC.tmp\tempinst\mps_cab\instlsp.exe
%TEMP%\MCAC.tmp\tempinst\mps_cab\mcgdping.dll
%TEMP%\MCAC.tmp\tempinst\mpscfg_cab\mpscfg.inf
%TEMP%\MCAC.tmp\tempinst\mps_cab\PSAPI.DLL
%TEMP%\MCAC.tmp\tempinst\mps_cab\mclsp.dll
%TEMP%\MCAC.tmp\tempinst\agentcfg_cab\uninst.ico
%TEMP%\MCAC.tmp\tempinst\agentdui_cab\agentdui.inf
%TEMP%\MCAC.tmp\tempinst\agentdui_cab\SCui.dll
%TEMP%\MCAC.tmp\tempinst\agentcfg_cab\SCRes.dll
%TEMP%\MCAC.tmp\tempinst\agentcfg_cab\mcscentr.adf
%TEMP%\MCAC.tmp\tempinst\agentcfg_cab\oemcfg.ini
%TEMP%\MCAC.tmp\tempinst\agentcfg_cab\screm.ui
%TEMP%\MCAC.tmp\tempinst\agentupd_cab\McInfo.exe
%TEMP%\MCAC.tmp\tempinst\mcscoem_cab\oemcfg.ini
%TEMP%\MCAC.tmp\tempinst\mcscoem_cab\oemlogo.gif
%TEMP%\MCAC.tmp\tempinst\mpscfg_cab\mpsres.dll
%TEMP%\MCAC.tmp\tempinst\mcscoem_cab\mcscoem.inf
%TEMP%\MCAC.tmp\tempinst\agentupd_cab\mcupdmgr.exe
%TEMP%\MCAC.tmp\tempinst\agentupd_cab\mcupdui.exe
%TEMP%\MCAC.tmp\tempinst\agentupd_cab\agentupd.inf
%TEMP%\2534950.zip
%ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys\404b466b6bfefd5de0c0a19f33336d46_23ef5514-3059-436f-a4a7-4cefaab20eb1
<SYSTEM32>\Microsoft\Protect\S-1-5-18\fe34752c-d93d-4c9a-9011-fb1b7cffe285
%WINDIR%\Temp\OLD42.tmp
%TEMP%\MCAC.tmp\tempinst\mcafspl_cab\mcafspl.inf
%TEMP%\MCAC.tmp\tempinst\mcafspl_cab\McDelTag.exe
%WINDIR%\LastGood\TMP41.tmp
<SYSTEM32>\Microsoft\Protect\S-1-5-18\Preferred
%ALLUSERSPROFILE%\Start Menu\Programs\McAfee\McAfee Privacy Service\Uninstall McAfee Privacy Service.lnk
%PROGRAM_FILES%\McAfee.com\MPS\gdlsphlr.bkp
%PROGRAM_FILES%\McAfee.com\MPS\urldb.bkp
%ALLUSERSPROFILE%\Desktop\McAfee Privacy Service.lnk
%ALLUSERSPROFILE%\Start Menu\Programs\McAfee\McAfee SecurityCenter\McAfee SecurityCenter.lnk
%ALLUSERSPROFILE%\Desktop\McAfee Security Center.lnk
%ALLUSERSPROFILE%\Start Menu\Programs\McAfee\McAfee Privacy Service\McAfee Privacy Service.lnk
%TEMP%\MCAC.tmp\tempinst\mps_cab\RemoveMPS.exe
%TEMP%\MCAC.tmp\tempinst\mps_cab\mscifapp.exe
%TEMP%\MCAC.tmp\tempinst\mps_cab\McBrHlpr.dll
%TEMP%\MCAC.tmp\tempinst\mps_cab\mcrtl32.dll
%TEMP%\MCAC.tmp\tempinst\mps_cab\monitors.dll
%TEMP%\MCAC.tmp\tempinst\mps_cab\msccfg.dll
%TEMP%\MCAC.tmp\tempinst\mps_cab\sporder.dll
%TEMP%\MCAC.tmp\tempinst\mps_cab\mps.inf
%TEMP%\MCAC.tmp\tempinst\regwiz_cab\rwconfig.ini
%TEMP%\MCAC.tmp\tempinst\mpsreg_cab\mps.ini
%TEMP%\MCAC.tmp\tempinst\mpsreg_cab\mpsreg.inf
%TEMP%\MCAC.tmp\tempinst\regwiz_cab\regwizui.dll
%TEMP%\MCAC.tmp\tempinst\regwiz_cab\mcregwiz.exe
%TEMP%\MCAC.tmp\tempinst\regwiz_cab\oem.ini
%TEMP%\MCAC.tmp\tempinst\regwiz_cab\regwiz.inf
%TEMP%\mpsPaidAU.dell\mps\win9x\~GLH0012.TMP
%TEMP%\mpsPaidAU.dell\mps\winnt\~GLH0013.TMP
%TEMP%\mpsPaidAU.dell\shared\~GLH0014.TMP
%TEMP%\mpsPaidAU.dell\mps\en-au\com\~GLH0011.TMP
%TEMP%\mpsPaidAU.dell\~GLH000e.TMP
%TEMP%\mpsPaidAU.dell\~GLH000f.TMP
%TEMP%\mpsPaidAU.dell\~GLH0010.TMP
%TEMP%\mpsPaidAU.dell\shared\~GLH0015.TMP
%TEMP%\mpsPaidAU.dell\shared\~GLH001a.TMP
%TEMP%\mpsPaidAU.dell\shared\~GLH001b.TMP
%TEMP%\mpsPaidAU.dell\shared\~GLH001c.TMP
%TEMP%\mpsPaidAU.dell\shared\~GLH0019.TMP
%TEMP%\mpsPaidAU.dell\shared\~GLH0016.TMP
%TEMP%\mpsPaidAU.dell\shared\~GLH0017.TMP
%TEMP%\mpsPaidAU.dell\shared\~GLH0018.TMP
%TEMP%\mpsPaidAU.dell\~GLH0003.TMP
%TEMP%\mpsPaidAU.dell\~GLH0004.TMP
%TEMP%\mpsPaidAU.dell\~GLH0005.TMP
%TEMP%\mpsPaidAU.dell\~GLH0002.TMP
%TEMP%\GLC1.tmp
%TEMP%\mpsPaidAU.dell\~GLH0000.TMP
%TEMP%\mpsPaidAU.dell\~GLH0001.TMP
%TEMP%\mpsPaidAU.dell\~GLH0006.TMP
%TEMP%\mpsPaidAU.dell\~GLH000b.TMP
%TEMP%\mpsPaidAU.dell\~GLH000c.TMP
%TEMP%\mpsPaidAU.dell\~GLH000d.TMP
%TEMP%\mpsPaidAU.dell\~GLH000a.TMP
%TEMP%\mpsPaidAU.dell\~GLH0007.TMP
%TEMP%\mpsPaidAU.dell\~GLH0008.TMP
%TEMP%\mpsPaidAU.dell\~GLH0009.TMP
%TEMP%\MCAC.tmp\tempinst\agent_cab\mcagent.exe
%TEMP%\MCAC.tmp\tempinst\agent_cab\mcagntps.dll
%TEMP%\MCAC.tmp\tempinst\agent_cab\mcaping.dll
%TEMP%\MCAC.tmp\tempinst\agent_cab\agent.inf
%TEMP%\mcaB.tmp\mghtml.exe
%TEMP%\mcaB.tmp\dunzip32.dll
%TEMP%\mpsins.ini
%TEMP%\MCAC.tmp\tempinst\agent_cab\mcback.dll
%TEMP%\MCAC.tmp\tempinst\agentcfg_cab\agent.chm
%TEMP%\MCAC.tmp\tempinst\agentcfg_cab\agentcfg.inf
%TEMP%\MCAC.tmp\tempinst\agentcfg_cab\mcltvers.ini
%TEMP%\MCAC.tmp\tempinst\agent_cab\mcupdate.exe
%TEMP%\MCAC.tmp\tempinst\agent_cab\McDash.exe
%TEMP%\MCAC.tmp\tempinst\agent_cab\McScIndx.dll
%TEMP%\MCAC.tmp\tempinst\agent_cab\mcuilib.dll
%PROGRAM_FILES%\McAfee.com\Shared\mcappins.exe
%PROGRAM_FILES%\McAfee.com\Shared\mcappins.inf
<SYSTEM32>\mcinsctl.dll
%TEMP%\SET3.tmp
%TEMP%\mpsPaidAU.dell\shared\~GLH001d.TMP
%TEMP%\mpsPaidAU.dell\shared\~GLH001e.TMP
%TEMP%\mpsPaidAU.dell\shared\~GLH001f.TMP
<SYSTEM32>\mcgdmgr.dll
%TEMP%\mca5.tmp\mghtml.exe
%TEMP%\mca5.tmp\dunzip32.dll
%TEMP%\mcaB.tmp\mghtml.inf
%TEMP%\mca5.tmp\mghtml.inf
%TEMP%\mca4.tmp\mghtml.inf
%TEMP%\mca4.tmp\mghtml.exe
%TEMP%\mca4.tmp\dunzip32.dll

Deletes the following files:

%TEMP%\mcaB.tmp\mghtml.inf
%TEMP%\mcaB.tmp\mghtml.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\CA616DGX.lpk
%TEMP%\2534950.zip
%WINDIR%\Temp\OLD42.tmp
%TEMP%\mca4.tmp\dunzip32.dll
%TEMP%\GLC1.tmp
%TEMP%\mca4.tmp\mghtml.exe
%TEMP%\mcaB.tmp\dunzip32.dll
%TEMP%\mca4.tmp\mghtml.inf

Moves the following files:

from %PROGRAM_FILES%\McAfee.com\MPS\SET2D.tmp to %PROGRAM_FILES%\McAfee.com\MPS\data.ini
from %TEMP%\MCAC.tmp\tempinst\mpscfg_cab\data.ini to %PROGRAM_FILES%\McAfee.com\MPS\SET2D.tmp
from %PROGRAM_FILES%\McAfee.com\MPS\SET2E.tmp to %PROGRAM_FILES%\McAfee.com\MPS\mpsdb.dll
from %TEMP%\MCAC.tmp\tempinst\mpscfg_cab\mpsdb.dll to %PROGRAM_FILES%\McAfee.com\MPS\SET2E.tmp
from %PROGRAM_FILES%\McAfee.com\MPS\SET2C.tmp to %PROGRAM_FILES%\McAfee.com\MPS\mcstdb.dat
from %TEMP%\MCAC.tmp\tempinst\mpscfg_cab\mps.chm to %PROGRAM_FILES%\McAfee.com\MPS\SET2B.tmp
from %PROGRAM_FILES%\McAfee.com\MPS\SET2A.tmp to %PROGRAM_FILES%\McAfee.com\MPS\MPScfg.inf
from %TEMP%\MCAC.tmp\tempinst\mpscfg_cab\mcstdb.dat to %PROGRAM_FILES%\McAfee.com\MPS\SET2C.tmp
from %PROGRAM_FILES%\McAfee.com\MPS\SET2B.tmp to %PROGRAM_FILES%\McAfee.com\MPS\mps.chm
from %TEMP%\MCAC.tmp\tempinst\mpscfg_cab\mps.adf to %PROGRAM_FILES%\McAfee.com\Agent\app\SET2F.tmp
from %PROGRAM_FILES%\McAfee.com\Agent\Custom_Uninstall\SET32.tmp to %PROGRAM_FILES%\McAfee.com\Agent\Custom_Uninstall\mcafspl.inf
from %TEMP%\MCAC.tmp\tempinst\mcafspl_cab\mcafspl.inf to %PROGRAM_FILES%\McAfee.com\Agent\Custom_Uninstall\SET32.tmp
from %ALLUSERSPROFILE%\Application Data\McAfee.com\Agent\RegWiz\RegApp\SET33.tmp to %ALLUSERSPROFILE%\Application Data\McAfee.com\Agent\RegWiz\RegApp\mps.ini
from %TEMP%\MCAC.tmp\tempinst\mpsreg_cab\mps.ini to %ALLUSERSPROFILE%\Application Data\McAfee.com\Agent\RegWiz\RegApp\SET33.tmp
from %PROGRAM_FILES%\McAfee.com\Agent\SET31.tmp to %PROGRAM_FILES%\McAfee.com\Agent\mcdeltag.exe
from %TEMP%\MCAC.tmp\tempinst\mpscfg_cab\mpsrem.ui to %PROGRAM_FILES%\McAfee.com\Agent\Uninst\SET30.tmp
from %PROGRAM_FILES%\McAfee.com\Agent\app\SET2F.tmp to %PROGRAM_FILES%\McAfee.com\Agent\app\mps.adf
from %TEMP%\MCAC.tmp\tempinst\mcafspl_cab\McDelTag.exe to %PROGRAM_FILES%\McAfee.com\Agent\SET31.tmp
from %PROGRAM_FILES%\McAfee.com\Agent\Uninst\SET30.tmp to %PROGRAM_FILES%\McAfee.com\Agent\Uninst\mpsrem.ui
from %TEMP%\MCAC.tmp\tempinst\mcscoem_cab\mcscoem.inf to %PROGRAM_FILES%\McAfee.com\Agent\SET24.tmp
from %PROGRAM_FILES%\McAfee.com\Shared\SET23.tmp to %PROGRAM_FILES%\McAfee.com\Shared\mcinfo.exe
from %TEMP%\MCAC.tmp\tempinst\mcscoem_cab\oemlogo.gif to %PROGRAM_FILES%\McAfee.com\Agent\SET25.tmp
from %PROGRAM_FILES%\McAfee.com\Agent\SET24.tmp to %PROGRAM_FILES%\McAfee.com\Agent\mcscoem.inf
from %TEMP%\MCAC.tmp\tempinst\agentupd_cab\McInfo.exe to %PROGRAM_FILES%\McAfee.com\Shared\SET23.tmp
from %PROGRAM_FILES%\McAfee.com\Agent\SET21.tmp to %PROGRAM_FILES%\McAfee.com\Agent\mcupdui.exe
from %TEMP%\MCAC.tmp\tempinst\agentupd_cab\mcupdui.exe to %PROGRAM_FILES%\McAfee.com\Agent\SET21.tmp
from %PROGRAM_FILES%\McAfee.com\Agent\SET22.tmp to %PROGRAM_FILES%\McAfee.com\Agent\agentupd.inf
from %TEMP%\MCAC.tmp\tempinst\agentupd_cab\agentupd.inf to %PROGRAM_FILES%\McAfee.com\Agent\SET22.tmp
from %PROGRAM_FILES%\McAfee.com\Agent\SET25.tmp to %PROGRAM_FILES%\McAfee.com\Agent\oemlogo.gif
from %TEMP%\MCAC.tmp\tempinst\mpscfg_cab\mscifhtm.dll to %PROGRAM_FILES%\McAfee.com\MPS\SET29.tmp
from %PROGRAM_FILES%\McAfee.com\MPS\SET28.tmp to %PROGRAM_FILES%\McAfee.com\MPS\mpsres.dll
from %TEMP%\MCAC.tmp\tempinst\mpscfg_cab\mpscfg.inf to %PROGRAM_FILES%\McAfee.com\MPS\SET2A.tmp
from %PROGRAM_FILES%\McAfee.com\MPS\SET29.tmp to %PROGRAM_FILES%\McAfee.com\MPS\mscifhtm.dll
from %TEMP%\MCAC.tmp\tempinst\mpscfg_cab\mpsres.dll to %PROGRAM_FILES%\McAfee.com\MPS\SET28.tmp
from %ALLUSERSPROFILE%\Application Data\McAfee.com\Agent\News\SET26.tmp to %ALLUSERSPROFILE%\Application Data\McAfee.com\Agent\News\oemcfg.ini
from %TEMP%\MCAC.tmp\tempinst\mcscoem_cab\oemcfg.ini to %ALLUSERSPROFILE%\Application Data\McAfee.com\Agent\News\SET26.tmp
from %PROGRAM_FILES%\McAfee.com\MPS\SET27.tmp to %PROGRAM_FILES%\McAfee.com\MPS\readme.txt
from %TEMP%\MCAC.tmp\tempinst\mpscfg_cab\readme.txt to %PROGRAM_FILES%\McAfee.com\MPS\SET27.tmp
from %TEMP%\MCAC.tmp\tempinst\regwiz_cab\mcregwiz.exe to %PROGRAM_FILES%\McAfee.com\Agent\SET34.tmp
from %WINDIR%\LastGood\TMP41.tmp to %WINDIR%\LastGood\system32\psapi.dll
from %PROGRAM_FILES%\McAfee.com\MPS\SET40.tmp to %PROGRAM_FILES%\McAfee.com\MPS\RemoveMPS.exe
from <SYSTEM32>\SET43.tmp to %TEMP%\MCAC.tmp\tempinst\mps_cab\psapi.dll
from %TEMP%\MCAC.tmp\tempinst\mps_cab\PSAPI.DLL to <SYSTEM32>\SET43.tmp
from %TEMP%\MCAC.tmp\tempinst\mps_cab\RemoveMPS.exe to %PROGRAM_FILES%\McAfee.com\MPS\SET40.tmp
from %PROGRAM_FILES%\McAfee.com\MPS\SET3E.tmp to %PROGRAM_FILES%\McAfee.com\MPS\mcgdping.dll
from %TEMP%\MCAC.tmp\tempinst\mps_cab\mcgdping.dll to %PROGRAM_FILES%\McAfee.com\MPS\SET3E.tmp
from %PROGRAM_FILES%\McAfee.com\MPS\SET3F.tmp to %PROGRAM_FILES%\McAfee.com\MPS\McBrHlpr.dll
from %TEMP%\MCAC.tmp\tempinst\mps_cab\McBrHlpr.dll to %PROGRAM_FILES%\McAfee.com\MPS\SET3F.tmp
from %TEMP%\MCAC.tmp\tempinst\mps_cab\sporder.dll to <SYSTEM32>\SET44.tmp
from <SYSTEM32>\SET47.tmp to <SYSTEM32>\instlsp.exe
from %TEMP%\MCAC.tmp\tempinst\mps_cab\instlsp.exe to <SYSTEM32>\SET47.tmp
from <SYSTEM32>\SET48.tmp to <SYSTEM32>\mclsp.dll
from %TEMP%\MCAC.tmp\tempinst\mps_cab\mclsp.dll to <SYSTEM32>\SET48.tmp
from <SYSTEM32>\SET46.tmp to <SYSTEM32>\mcrtl32.dll
from %TEMP%\MCAC.tmp\tempinst\mps_cab\urldb.dat to %PROGRAM_FILES%\McAfee.com\MPS\SET45.tmp
from <SYSTEM32>\SET44.tmp to <SYSTEM32>\sporder.dll
from %TEMP%\MCAC.tmp\tempinst\mps_cab\mcrtl32.dll to <SYSTEM32>\SET46.tmp
from %PROGRAM_FILES%\McAfee.com\MPS\SET45.tmp to %PROGRAM_FILES%\McAfee.com\MPS\urldb.dat
from %PROGRAM_FILES%\McAfee.com\Agent\SET37.tmp to %PROGRAM_FILES%\McAfee.com\Agent\rwconfig.ini
from %TEMP%\MCAC.tmp\tempinst\regwiz_cab\rwconfig.ini to %PROGRAM_FILES%\McAfee.com\Agent\SET37.tmp
from %PROGRAM_FILES%\McAfee.com\Agent\Custom_Uninstall\SET38.tmp to %PROGRAM_FILES%\McAfee.com\Agent\Custom_Uninstall\regwiz.inf
from %TEMP%\MCAC.tmp\tempinst\regwiz_cab\regwiz.inf to %PROGRAM_FILES%\McAfee.com\Agent\Custom_Uninstall\SET38.tmp
from %PROGRAM_FILES%\McAfee.com\Agent\SET36.tmp to %PROGRAM_FILES%\McAfee.com\Agent\oem.ini
from %TEMP%\MCAC.tmp\tempinst\regwiz_cab\regwizui.dll to %PROGRAM_FILES%\McAfee.com\Agent\SET35.tmp
from %PROGRAM_FILES%\McAfee.com\Agent\SET34.tmp to %PROGRAM_FILES%\McAfee.com\Agent\mcregwiz.exe
from %TEMP%\MCAC.tmp\tempinst\regwiz_cab\oem.ini to %PROGRAM_FILES%\McAfee.com\Agent\SET36.tmp
from %PROGRAM_FILES%\McAfee.com\Agent\SET35.tmp to %PROGRAM_FILES%\McAfee.com\Agent\regwizui.dll
from %TEMP%\MCAC.tmp\tempinst\mps_cab\monitors.dll to %PROGRAM_FILES%\McAfee.com\MPS\SET39.tmp
from %PROGRAM_FILES%\McAfee.com\MPS\SET3C.tmp to %PROGRAM_FILES%\McAfee.com\MPS\msccfg.dll
from %TEMP%\MCAC.tmp\tempinst\mps_cab\msccfg.dll to %PROGRAM_FILES%\McAfee.com\MPS\SET3C.tmp
from %PROGRAM_FILES%\McAfee.com\MPS\SET3D.tmp to %PROGRAM_FILES%\McAfee.com\MPS\gdlsphlr.dll
from %TEMP%\MCAC.tmp\tempinst\mps_cab\gdlsphlr.dll to %PROGRAM_FILES%\McAfee.com\MPS\SET3D.tmp
from %PROGRAM_FILES%\McAfee.com\MPS\SET3B.tmp to %PROGRAM_FILES%\McAfee.com\MPS\mscifapp.exe
from %TEMP%\MCAC.tmp\tempinst\mps_cab\mps.inf to %PROGRAM_FILES%\McAfee.com\MPS\SET3A.tmp
from %PROGRAM_FILES%\McAfee.com\MPS\SET39.tmp to %PROGRAM_FILES%\McAfee.com\MPS\monitors.dll
from %TEMP%\MCAC.tmp\tempinst\mps_cab\mscifapp.exe to %PROGRAM_FILES%\McAfee.com\MPS\SET3B.tmp
from %PROGRAM_FILES%\McAfee.com\MPS\SET3A.tmp to %PROGRAM_FILES%\McAfee.com\MPS\mps.inf
from %PROGRAM_FILES%\McAfee.com\Agent\SET20.tmp to %PROGRAM_FILES%\McAfee.com\Agent\mcupdmgr.exe
from %TEMP%\mpsPaidAU.dell\shared\~GLH0019.TMP to %TEMP%\mpsPaidAU.dell\shared\mcafspl.cab
from %TEMP%\mpsPaidAU.dell\shared\~GLH0018.TMP to %TEMP%\mpsPaidAU.dell\shared\ComCtl32.cab
from %TEMP%\mpsPaidAU.dell\shared\~GLH001b.TMP to %TEMP%\mpsPaidAU.dell\shared\mcinsctl.dll
from %TEMP%\mpsPaidAU.dell\shared\~GLH001a.TMP to %TEMP%\mpsPaidAU.dell\shared\McGDMgr.dll
from %TEMP%\mpsPaidAU.dell\shared\~GLH0017.TMP to %TEMP%\mpsPaidAU.dell\shared\agentupd.cab
from %TEMP%\mpsPaidAU.dell\shared\~GLH0014.TMP to %TEMP%\mpsPaidAU.dell\shared\agent.cab
from %TEMP%\mpsPaidAU.dell\mps\winnt\~GLH0013.TMP to %TEMP%\mpsPaidAU.dell\mps\winnt\mps.cab
from %TEMP%\mpsPaidAU.dell\shared\~GLH0016.TMP to %TEMP%\mpsPaidAU.dell\shared\agentdui.cab
from %TEMP%\mpsPaidAU.dell\shared\~GLH0015.TMP to %TEMP%\mpsPaidAU.dell\shared\agentcfg.cab
from %TEMP%\mpsPaidAU.dell\shared\~GLH001c.TMP to %TEMP%\mpsPaidAU.dell\shared\mcscoem.cab
from %PROGRAM_FILES%\McAfee.com\Shared\SET9.tmp to %PROGRAM_FILES%\McAfee.com\Shared\dunzip32.dll
from %TEMP%\mca5.tmp\dunzip32.dll to %PROGRAM_FILES%\McAfee.com\Shared\SET9.tmp
from %PROGRAM_FILES%\McAfee.com\Shared\SETA.tmp to %PROGRAM_FILES%\McAfee.com\Shared\mghtml.inf
from %TEMP%\mca5.tmp\mghtml.inf to %PROGRAM_FILES%\McAfee.com\Shared\SETA.tmp
from %PROGRAM_FILES%\McAfee.com\Shared\SET8.tmp to %PROGRAM_FILES%\McAfee.com\Shared\mghtml.exe
from %TEMP%\mpsPaidAU.dell\shared\~GLH001e.TMP to %TEMP%\mpsPaidAU.dell\shared\mpsreg.cab
from %TEMP%\mpsPaidAU.dell\shared\~GLH001d.TMP to %TEMP%\mpsPaidAU.dell\shared\mghtml.cab
from %TEMP%\mca5.tmp\mghtml.exe to %PROGRAM_FILES%\McAfee.com\Shared\SET8.tmp
from %TEMP%\mpsPaidAU.dell\shared\~GLH001f.TMP to %TEMP%\mpsPaidAU.dell\shared\RegWiz.cab
from %TEMP%\mpsPaidAU.dell\~GLH0006.TMP to %TEMP%\mpsPaidAU.dell\EulaRes.dll
from %TEMP%\mpsPaidAU.dell\~GLH0005.TMP to %TEMP%\mpsPaidAU.dell\autorun.inf
from %TEMP%\mpsPaidAU.dell\~GLH0008.TMP to %TEMP%\mpsPaidAU.dell\McAppins.exe
from %TEMP%\mpsPaidAU.dell\~GLH0007.TMP to %TEMP%\mpsPaidAU.dell\install.ini
from %TEMP%\mpsPaidAU.dell\~GLH0004.TMP to %TEMP%\mpsPaidAU.dell\AgOEMVer.ini
from %TEMP%\mpsPaidAU.dell\~GLH0001.TMP to %TEMP%\mpsPaidAU.dell\agentins.ui
from %TEMP%\mpsPaidAU.dell\~GLH0000.TMP to %TEMP%\mpsPaidAU.dell\agentins.inf
from %TEMP%\mpsPaidAU.dell\~GLH0003.TMP to %TEMP%\mpsPaidAU.dell\AgntIcfg.ini
from %TEMP%\mpsPaidAU.dell\~GLH0002.TMP to %TEMP%\mpsPaidAU.dell\agentver.ini
from %TEMP%\mpsPaidAU.dell\~GLH0009.TMP to %TEMP%\mpsPaidAU.dell\mcappins.inf
from %TEMP%\mpsPaidAU.dell\~GLH0010.TMP to %TEMP%\mpsPaidAU.dell\SetupRes.dll
from %TEMP%\mpsPaidAU.dell\~GLH000f.TMP to %TEMP%\mpsPaidAU.dell\setup.exe
from %TEMP%\mpsPaidAU.dell\mps\win9x\~GLH0012.TMP to %TEMP%\mpsPaidAU.dell\mps\win9x\mps.cab
from %TEMP%\mpsPaidAU.dell\mps\en-au\com\~GLH0011.TMP to %TEMP%\mpsPaidAU.dell\mps\en-au\com\mpscfg.cab
from %TEMP%\mpsPaidAU.dell\~GLH000e.TMP to %TEMP%\mpsPaidAU.dell\mpsver.ini
from %TEMP%\mpsPaidAU.dell\~GLH000b.TMP to %TEMP%\mpsPaidAU.dell\mpscfg.ini
from %TEMP%\mpsPaidAU.dell\~GLH000a.TMP to %TEMP%\mpsPaidAU.dell\mcuninst.dll
from %TEMP%\mpsPaidAU.dell\~GLH000d.TMP to %TEMP%\mpsPaidAU.dell\mpsins.ui
from %TEMP%\mpsPaidAU.dell\~GLH000c.TMP to %TEMP%\mpsPaidAU.dell\mpsins.inf
from %TEMP%\MCAC.tmp\tempinst\agent_cab\mcagent.exe to %PROGRAM_FILES%\McAfee.com\Agent\SETD.tmp
from %TEMP%\MCAC.tmp\tempinst\agentcfg_cab\agent.chm to %PROGRAM_FILES%\McAfee.com\Agent\SET1A.tmp
from %PROGRAM_FILES%\McAfee.com\Agent\SET19.tmp to %PROGRAM_FILES%\McAfee.com\Agent\oemcfg.ini
from %TEMP%\MCAC.tmp\tempinst\agentcfg_cab\agentcfg.inf to %PROGRAM_FILES%\McAfee.com\Agent\SET1B.tmp
from %PROGRAM_FILES%\McAfee.com\Agent\SET1A.tmp to %PROGRAM_FILES%\McAfee.com\Agent\agent.chm
from %TEMP%\MCAC.tmp\tempinst\agentcfg_cab\oemcfg.ini to %PROGRAM_FILES%\McAfee.com\Agent\SET19.tmp
from %PROGRAM_FILES%\McAfee.com\Agent\SET17.tmp to %PROGRAM_FILES%\McAfee.com\Agent\mcscentr.adf
from %TEMP%\MCAC.tmp\tempinst\agentcfg_cab\mcscentr.adf to %PROGRAM_FILES%\McAfee.com\Agent\SET17.tmp
from %PROGRAM_FILES%\McAfee.com\Agent\SET18.tmp to %PROGRAM_FILES%\McAfee.com\Agent\mcltvers.ini
from %TEMP%\MCAC.tmp\tempinst\agentcfg_cab\mcltvers.ini to %PROGRAM_FILES%\McAfee.com\Agent\SET18.tmp
from %PROGRAM_FILES%\McAfee.com\Agent\SET1B.tmp to %PROGRAM_FILES%\McAfee.com\Agent\agentcfg.inf
from %TEMP%\MCAC.tmp\tempinst\agentdui_cab\agentdui.inf to %PROGRAM_FILES%\McAfee.com\Agent\SET1F.tmp
from %PROGRAM_FILES%\McAfee.com\Agent\SET1E.tmp to %PROGRAM_FILES%\McAfee.com\Agent\scui.dll
from %TEMP%\MCAC.tmp\tempinst\agentupd_cab\mcupdmgr.exe to %PROGRAM_FILES%\McAfee.com\Agent\SET20.tmp
from %PROGRAM_FILES%\McAfee.com\Agent\SET1F.tmp to %PROGRAM_FILES%\McAfee.com\Agent\agentdui.inf
from %TEMP%\MCAC.tmp\tempinst\agentdui_cab\SCui.dll to %PROGRAM_FILES%\McAfee.com\Agent\SET1E.tmp
from %PROGRAM_FILES%\McAfee.com\Agent\Uninst\SET1C.tmp to %PROGRAM_FILES%\McAfee.com\Agent\Uninst\screm.ui
from %TEMP%\MCAC.tmp\tempinst\agentcfg_cab\screm.ui to %PROGRAM_FILES%\McAfee.com\Agent\Uninst\SET1C.tmp
from %PROGRAM_FILES%\McAfee.com\Agent\Uninst\SET1D.tmp to %PROGRAM_FILES%\McAfee.com\Agent\Uninst\uninst.ico
from %TEMP%\MCAC.tmp\tempinst\agentcfg_cab\uninst.ico to %PROGRAM_FILES%\McAfee.com\Agent\Uninst\SET1D.tmp
from %PROGRAM_FILES%\McAfee.com\Agent\SET10.tmp to %PROGRAM_FILES%\McAfee.com\Agent\mcaping.dll
from %TEMP%\MCAC.tmp\tempinst\agent_cab\mcaping.dll to %PROGRAM_FILES%\McAfee.com\Agent\SET10.tmp
from %PROGRAM_FILES%\McAfee.com\Agent\SET11.tmp to %PROGRAM_FILES%\McAfee.com\Agent\mcagntps.dll
from %TEMP%\MCAC.tmp\tempinst\agent_cab\mcagntps.dll to %PROGRAM_FILES%\McAfee.com\Agent\SET11.tmp
from %PROGRAM_FILES%\McAfee.com\Agent\SETF.tmp to %PROGRAM_FILES%\McAfee.com\Agent\mcupdate.exe
from %TEMP%\MCAC.tmp\tempinst\agent_cab\McDash.exe to %PROGRAM_FILES%\McAfee.com\Agent\SETE.tmp
from %PROGRAM_FILES%\McAfee.com\Agent\SETD.tmp to %PROGRAM_FILES%\McAfee.com\Agent\mcagent.exe
from %TEMP%\MCAC.tmp\tempinst\agent_cab\mcupdate.exe to %PROGRAM_FILES%\McAfee.com\Agent\SETF.tmp
from %PROGRAM_FILES%\McAfee.com\Agent\SETE.tmp to %PROGRAM_FILES%\McAfee.com\Agent\mcdash.exe
from %TEMP%\MCAC.tmp\tempinst\agent_cab\mcuilib.dll to %PROGRAM_FILES%\McAfee.com\Agent\SET12.tmp
from %PROGRAM_FILES%\McAfee.com\Agent\SET15.tmp to %PROGRAM_FILES%\McAfee.com\Agent\agent.inf
from %TEMP%\MCAC.tmp\tempinst\agent_cab\agent.inf to %PROGRAM_FILES%\McAfee.com\Agent\SET15.tmp
from %PROGRAM_FILES%\McAfee.com\Agent\SET16.tmp to %PROGRAM_FILES%\McAfee.com\Agent\scres.dll
from %TEMP%\MCAC.tmp\tempinst\agentcfg_cab\SCRes.dll to %PROGRAM_FILES%\McAfee.com\Agent\SET16.tmp
from %PROGRAM_FILES%\McAfee.com\Agent\SET14.tmp to %PROGRAM_FILES%\McAfee.com\Agent\McScIndx.dll
from %TEMP%\MCAC.tmp\tempinst\agent_cab\mcback.dll to %PROGRAM_FILES%\McAfee.com\Agent\SET13.tmp
from %PROGRAM_FILES%\McAfee.com\Agent\SET12.tmp to %PROGRAM_FILES%\McAfee.com\Agent\mcuilib.dll
from %TEMP%\MCAC.tmp\tempinst\agent_cab\McScIndx.dll to %PROGRAM_FILES%\McAfee.com\Agent\SET14.tmp
from %PROGRAM_FILES%\McAfee.com\Agent\SET13.tmp to %PROGRAM_FILES%\McAfee.com\Agent\mcback.dll

Miscellaneous:

Searches for the following windows:

ClassName: 'MS_WebcheckMonitor' WindowName: ''
ClassName: 'MS_AutodialMonitor' WindowName: ''
ClassName: 'Shell_TrayWnd' WindowName: ''

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

Technical Information

Curing recommendations

Free trial