Mal/Packer
Mal/Packer is a disturbing malware infection attacking Windows XP and Vista operating systems. After infecting, Mal/Packer will inject malicious .exe and .dll files and hinder users from accessing the registry. Mal/Packer affects computer systems through pornographic related adult web sites, corrupt multimedia codecs, SPAM e-mail or through suspicious file sharing downloads. Mal/Packer is a destructive malware that can seriously destroy Windows system.
Aliases
Mal/EncPk-BW (Sophos)
Packed.Win32.NSAnti (Ikarus)
Packed/Upack (AhnLab)
PE_Patch (Kaspersky Lab)
Packed.Win32.NSAnti (Ikarus)
Packed/Upack (AhnLab)
PE_Patch (Kaspersky Lab)
File System Modifications
- The following files were created in the system:
# File Name 1 %AppData%\iloader.exe 2 %AppData%\timerlocksetup.exe 3 %CommonDesktopDir%\auto.exe 4 %CommonPrograms%\startup\70cuse.lnk.exe 5 %CommonPrograms%\startup\avg.exe 6 %CommonPrograms%\startup\gbplugin.exe 7 %CommonPrograms%\startup\livemessenger.scr 8 %CommonPrograms%\startup\msn.exe 9 %CommonPrograms%\startup\startup.exe 10 %CommonPrograms%\startup\sys_aupdate.exe 11 %CommonPrograms%\startup\windows32.exe 12 %DesktopDir%\keymaker.exe 13 %FontsDir%\b4b147bc522828731f1a016bfa72c073\system\svchost.exe 14 %FontsDir%\unwise_.exe 15 %Profiles%\2f.tmp_bak.exe 16 %Profiles%\mscrss.exe 17 %ProgramFiles%\_twunk_64.exe 18 %ProgramFiles%\aggress\doorway generator\aggressdoorgen.exe 19 %ProgramFiles%\aore-unpacktools\about.exe 20 %ProgramFiles%\bifrost\q.exe 21 %ProgramFiles%\bifrost\server.exe 22 %ProgramFiles%\clzxabxpmdh\fuy0gh6d.exe 23 %ProgramFiles%\common files\efbaf.exe 24 %ProgramFiles%\common files\system\qqtc32.exe 25 %ProgramFiles%\common files\system\she.dll 26 %ProgramFiles%\common files\system\vbtoedl.exe 27 %ProgramFiles%\counter\htmlpeek.dll 28 %ProgramFiles%\d93310q\gdabn.exe 29 %ProgramFiles%\desktop lock\keygen.exe 30 %ProgramFiles%\game accelerator\gamexl.exe 31 %ProgramFiles%\game accelerator\web.exe 32 %ProgramFiles%\gameos\web.exe 33 %ProgramFiles%\hotbounce\ifufi2\ifufi2.exe 34 %ProgramFiles%\idigital technologies\key serv 2.0\srvcks.exe 35 %ProgramFiles%\internet download manager\idman.exe 36 %ProgramFiles%\internet explorer\connection wizard\audwf.exe 37 %ProgramFiles%\internet explorer\inter_1.exe 38 %ProgramFiles%\internet explorer\keygen.exe 39 %ProgramFiles%\internet explorer\piplayer.exe 40 %ProgramFiles%\internet explorer\setupapi.dll 41 %ProgramFiles%\internet explorer\syssmss.exe 42 %ProgramFiles%\internet explorer\winrar_all_version.exe 43 %ProgramFiles%\kari\win32ip.exe 44 %ProgramFiles%\meex.exe 45 %ProgramFiles%\myportal\speed-x\speedx.exe 46 %ProgramFiles%\navilog1\gnc.exe 47 %ProgramFiles%\netlog version 2.0\logview.exe 48 %ProgramFiles%\netlog version 2.0\netlog.exe 49 %ProgramFiles%\nvsvcm.exe 50 %ProgramFiles%\outlook express\keygen.exe 51 %ProgramFiles%\outlook express\system.exe 52 %ProgramFiles%\rss team\rs_accounts_seeker.exe 53 %ProgramFiles%\rss team\rsdwn.dll 54 %ProgramFiles%\rss team\sqlite3.dll 55 %ProgramFiles%\sd updater\uninstall.exe 56 %ProgramFiles%\ssc service utility\s2csplash.dll 57 %ProgramFiles%\vopt8\vopt.exe 58 %ProgramFiles%\windows media player\kguwc.exe 59 %ProgramFiles%\windows nt\services.exe 60 %ProgramFiles%\winrar\activation.exe 61 %ProgramFiles%\winrar\original_files_and_patch\keygen.exe 62 %ProgramFiles%\winrar\winrde.exe 63 %ProgramFiles%\wolfbox\uninstall.exe 64 %ProgramFiles%\zero freezer 1.5\data_file.exe 65 %System%\1.exe 66 %System%\1025\1025.exe 67 %System%\1028\1028.exe 68 %System%\1031\1031.exe 69 %System%\1033\1033.exe 70 %System%\1037\1037.exe 71 %System%\1041\1041.exe 72 %System%\1042\1042.exe 73 %System%\1054\1054.exe 74 %System%\111.exe 75 %System%\2052\2052.exe 76 %System%\3076\3076.exe 77 %System%\33f5c.dll 78 %System%\360mo.dll 79 %System%\3com_dmi\3com_dmi.exe 80 %System%\3fabe9c0.exe 81 %System%\40790400.exe 82 %System%\51b294.exe 83 %System%\51b322.exe 84 %System%\51b380.exe 85 %System%\6553bb80.dll 86 %System%\about.exe 87 %System%\abpexsgo.exe 88 %System%\addnew.exe 89 %System%\ahikzqor.exe 90 %System%\ailin.exe 91 %System%\alalin.exe 92 %System%\alatin.exe 93 %System%\alibaba32.exe 94 %System%\alien32.exe 95 %System%\alimoto32.exe 96 %System%\alitao32.exe 97 %System%\alitin.exe 98 %System%\alitte32.exe 99 %System%\alovxjmx.exe 100 %System%\alxlin.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TTGrfwruUws.exeHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WINGB_ENHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11FDB6D4-166A-47BF-A0F8-A09DABA75FC1}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11FDB6D4-166A-47BF-A0F8-A09DABA75FC1}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51716C09-6B08-4CCF-B526-718E912C0573}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51716C09-6B08-4CCF-B526-718E912C0573}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{526EB425-7F56-4773-8D70-B8E45AA8E2B6}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{526EB425-7F56-4773-8D70-B8E45AA8E2B6}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6049BC02-7EDA-4C41-B4AB-D5398607C39E}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6049BC02-7EDA-4C41-B4AB-D5398607C39E}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74DA2FEC-F68F-4DC7-9A45-9174AC044427}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74DA2FEC-F68F-4DC7-9A45-9174AC044427}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81EB905C-EDF8-4033-80BF-E0F4F46733DF}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81EB905C-EDF8-4033-80BF-E0F4F46733DF}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84639C2D-CD75-4081-B515-329AFCECBF19}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84639C2D-CD75-4081-B515-329AFCECBF19}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8708994F-1758-4C2C-9A3F-FA22D6CCCB41}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8708994F-1758-4C2C-9A3F-FA22D6CCCB41}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87DE8A1A-96C5-4420-B222-EF998F697CE7}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87DE8A1A-96C5-4420-B222-EF998F697CE7}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A6A5B34-D995-4C5D-9338-B5E264B4A87}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A6A5B34-D995-4C5D-9338-B5E264B4A87}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2BCFCEE-C939-433F-A32A-7353A6E720DB}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2BCFCEE-C939-433F-A32A-7353A6E720DB}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B59F0A61-EF3E-4A2B-9E3A-4A84EDDF2308}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B59F0A61-EF3E-4A2B-9E3A-4A84EDDF2308}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7F1BFDC-4B6C-4E2F-AF7A-638D2D47802C}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7F1BFDC-4B6C-4E2F-AF7A-638D2D47802C}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C07B914B-C164-42D2-9838-1422C3F70D99}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C07B914B-C164-42D2-9838-1422C3F70D99}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB661471-055A-4C5B-9ED0-497B9908FEF5}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB661471-055A-4C5B-9ED0-497B9908FEF5}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1639D0B-CC74-4C22-B662-F2F9367CBEFC}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1639D0B-CC74-4C22-B662-F2F9367CBEFC}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F181F067-7046-4DCB-993F-200990736305}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F181F067-7046-4DCB-993F-200990736305}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\693Vdiher{.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\693VriwPjuVyf.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\693ghod|v.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\693wud|.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DjhqwVyu.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FFhqwhu.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GuXsgdwh.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IudphzrunVhuylfh.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NDEdfnUhsruw.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NLVVyf.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSIZ65.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSizVyf.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NVZheVklhog.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NYVuyS.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NZdwfk.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NdyVwduw.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSPrq.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSVYF.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSVYF4.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSVYF5.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PfSur{|.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PfWud|.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsiVuy.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TTGrfwru.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Udy.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UdyPrq.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UdyPrqG.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UdyVwxe.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UdyWdvn.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UhjJxlgh.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UvDjhqw.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UvWud|.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VKVWDW.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VfdqIup.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dqwldus.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dys.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egdjhqw.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ffHywPju.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ffVhwPju.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ffVyfKvw.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ffdss.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ghizdwfk.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hjxl.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hnuq.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hqjlqhvhuyhu.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndffruh.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npdloprq.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\olyhvuy.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfdjhqw.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pflqvxsg.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfpvfvyf.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfqdvyf.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfvkhoo.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfvklhog.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfv|vprq.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfxsgpju.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pihdqq.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pihywsv.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qdSugPju.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\txwpvhuy.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uizvuy.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uvqhwvyu.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uvvdihw|.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uwyvfdq.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vdiher{Wud|.exeHKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\E0200804
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Mal/Packer may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
* See Free Trial offer below. EULA and Privacy/Cookie Policy.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.