شكرا أخي الكريم على المرور والتعقيب .. يمكن أنا حاولت أختصر الموضوع عن كيفية إزالة هذا التروجان.. لأني عندما ذكرت كثرة تشعباته فمن المعروف أن هذا الفايروس ينسخ نفسه ويستقر في ملفات النظام ومن هنا ينطلق ويبدأ نشاطه.. وعن البرنامج الذي وضعته يعتبر من أفضل البرامج المؤثرة أو بمعني القاتله لهذا الفايروس وهذا عن تجربه عملية علاوه على انه مجاني.

أشكال هذا الفايروس :

Trojan.JS.Zlob.A
Trojan.Zlob-X.a
Trojan.Zlob.F
Win32.Zlob.du
Win32.Zlob.dq
Win32.Zlob.dx
Win32.Zlob.dk
Win32.Zlob.AQW
Troj/Zlob-CE
Trojan.Zlob.B
Trojan.HTML.Zlob.W
Trojan.Zlob.JW
Trojan.Zlob.2.Gen
Trojan.Zlob.N
Trojan.Zlob.C

إضافة إلى

Trojan-Downloader.Zlob.Media-Codec

الذى يتعامل مع ملفات الوسائط :


%DESKTOPDIRECTORY%\ qualitycodec.589.exe
%LOCAL_SETTINGS%\ temp\ laf1.exe
%LOCAL_SETTINGS%\ temp\ nsk27.tmp\ gala.dll
%LOCAL_SETTINGS%\ temp\ nsy79.tmp\ gala.dll
%LOCAL_SETTINGS%\ temp\ p.exe
%local_settings%\ temp\ qualitycodec.107.exe
%local_settings%\ temp\ run.exe
%local_settings%\ temp\ Slysoft.exe
%local_settings%\ temp\ vaxsetup.207.exe
%LOCAL_SETTINGS%\ temp\ zfe1.exe
%LOCAL_SETTINGS%\ temp\ zfe2.exe
%PROGRAM_FILES%\ digikeygen\ digikeygen.exe
%PROGRAM_FILES%\ gold codec\ iesplugin.dll
%PROGRAM_FILES%\ gold codec\ isaddon.dll
%PROGRAM_FILES%\ gold codec\ isamini.exe
%PROGRAM_FILES%\ gold codec\ isamonitor.exe
%PROGRAM_FILES%\ gold codec\ pmmon.exe
%PROGRAM_FILES%\ gold codec\ pmsngr.exe
%PROGRAM_FILES%\ icodecpack\ isaddon.dll
%PROGRAM_FILES%\ icodecpack\ isamini.exe
%PROGRAM_FILES%\ icodecpack\ isamonitor.exe
%PROGRAM_FILES%\ icodecpack\ pmmon.exe
%program_files%\ image access activex object\ iesuninst.exe
%program_files%\ image access activex object\ isadd.dll
%program_files%\ image access activex object\ isamini.exe
%program_files%\ image access activex object\ isamntr.exe
%program_files%\ image access activex object\ pmsnrr.exe
%program_files%\ image access activex object\ pmunst.exe
%PROGRAM_FILES%\ image activex object\ iesplugin.dll
%PROGRAM_FILES%\ image activex object\ isaddon.dll
%PROGRAM_FILES%\ image activex object\ isamini.exe
%PROGRAM_FILES%\ image activex object\ isamonitor.exe
%PROGRAM_FILES%\ image activex object\ pmmon.exe
%PROGRAM_FILES%\ image activex object\ pmsngr.exe
%PROGRAM_FILES%\ image add-on\ icmntr.exe
%PROGRAM_FILES%\ image add-on\ icthis.exe
%PROGRAM_FILES%\ image add-on\ ictmdl.dll
%PROGRAM_FILES%\ image add-on\ ictun.exe
%PROGRAM_FILES%\ image add-on\ icun.exe
%PROGRAM_FILES%\ image add-on\ isfmdl.dll
%PROGRAM_FILES%\ image add-on\ isfmm.exe
%PROGRAM_FILES%\ image add-on\ isfmntr.exe
%PROGRAM_FILES%\ image add-on\ isfun.exe
%program_files%\ IntCodec\ iesplugin.dll
%program_files%\ IntCodec\ iesuninst.exe
%program_files%\ intcodec\ isaddon.dll
%program_files%\ IntCodec\ isamini.exe
%program_files%\ IntCodec\ isamonitor.exe
%program_files%\ intcodec\ isauninst.exe
%program_files%\ IntCodec\ pmmon.exe
%PROGRAM_FILES%\ intcodec\ pmsngr.exe
%program_files%\ IntCodec\ pmuninst.exe
%PROGRAM_FILES%\ internet security\ iesplugin.dll
%PROGRAM_FILES%\ internet security\ isadd.dll
%PROGRAM_FILES%\ internet security\ isamini.exe
%PROGRAM_FILES%\ internet security\ isamntr.exe
%PROGRAM_FILES%\ internet security\ pmmnt.exe
%PROGRAM_FILES%\ internet security\ pmsnrr.exe
%PROGRAM_FILES%\ ivideocodec\ iesplugin.dll
%PROGRAM_FILES%\ ivideocodec\ iesuninst.exe
%PROGRAM_FILES%\ ivideocodec\ isaddon.dll
%PROGRAM_FILES%\ ivideocodec\ isamini.exe
%PROGRAM_FILES%\ ivideocodec\ isamonitor.exe
%PROGRAM_FILES%\ jpeg encoder\ isaddon.dll
%PROGRAM_FILES%\ jpeg encoder\ isamini.exe
%PROGRAM_FILES%\ jpeg encoder\ isamonitor.exe
%PROGRAM_FILES%\ key generator\ iesplugin.dll
%PROGRAM_FILES%\ key generator\ iesuninst.exe
%PROGRAM_FILES%\ key generator\ isaddon.dll
%PROGRAM_FILES%\ key generator\ isamini.exe
%PROGRAM_FILES%\ key generator\ isamonitor.exe
%PROGRAM_FILES%\ key generator\ keygenerator.exe
%PROGRAM_FILES%\ key generator\ pmmon.exe
%PROGRAM_FILES%\ key generator\ pmsngr.exe
%PROGRAM_FILES%\ key generator\ pmuninst.exe
%PROGRAM_FILES%\ media-codec\ iesplugin.dll
%PROGRAM_FILES%\ media-codec\ iesuninst.exe
%PROGRAM_FILES%\ media-codec\ isaddon.dll
%PROGRAM_FILES%\ media-codec\ isamini.exe
%PROGRAM_FILES%\ media-codec\ isamonitor.exe
%PROGRAM_FILES%\ media-codec\ isauninst.exe
%PROGRAM_FILES%\ media-codec\ pmmon.exe
%PROGRAM_FILES%\ media-codec\ pmsngr.exe
%PROGRAM_FILES%\ media-codec\ pmuninst.exe
%PROGRAM_FILES%\ mmediacodec\ isamini.exe
%PROGRAM_FILES%\ netproject\ sbmdl.dll
%PROGRAM_FILES%\ netproject\ sbmntr.exe
%PROGRAM_FILES%\ netproject\ sbsm.exe
%PROGRAM_FILES%\ netproject\ sbun.exe
%PROGRAM_FILES%\ netproject\ scit.exe
%PROGRAM_FILES%\ netproject\ scm.exe
%PROGRAM_FILES%\ netproject\ scu.exe
%PROGRAM_FILES%\ netproject\ wamdl.dll
%PROGRAM_FILES%\ netproject\ waun.exe
%PROGRAM_FILES%\ online add-on\ icmntr.exe
%PROGRAM_FILES%\ online add-on\ icthis.exe
%PROGRAM_FILES%\ online add-on\ ictmdl.dll
%PROGRAM_FILES%\ online add-on\ ictun.exe
%PROGRAM_FILES%\ online add-on\ icun.exe
%PROGRAM_FILES%\ online add-on\ isfmdl.dll
%PROGRAM_FILES%\ online add-on\ isfmm.exe
%PROGRAM_FILES%\ online add-on\ isfmntr.exe
%PROGRAM_FILES%\ online add-on\ isfun.exe
%PROGRAM_FILES%\ online image add-on\ icun.exe
%PROGRAM_FILES%\ online image add-on\ isfmdl.dll
%PROGRAM_FILES%\ online image add-on\ isfmm.exe
%PROGRAM_FILES%\ online image add-on\ isfmntr.exe
%PROGRAM_FILES%\ online image add-on\ isfun.exe
%PROGRAM_FILES%\ online video add-on\ icthis.exe
%PROGRAM_FILES%\ online video add-on\ ictmdl.dll
%PROGRAM_FILES%\ online video add-on\ ictun.exe
%PROGRAM_FILES%\ online video add-on\ icun.exe
%PROGRAM_FILES%\ online video add-on\ isfmdl.dll
%PROGRAM_FILES%\ online video add-on\ isfun.exe
%PROGRAM_FILES%\ pornmag pass\ iesplugin.dll
%PROGRAM_FILES%\ pornmag pass\ iesuninst.exe
%PROGRAM_FILES%\ pornmag pass\ isaddon.dll
%PROGRAM_FILES%\ pornmag pass\ isamini.exe
%PROGRAM_FILES%\ pornmag pass\ isamonitor.exe
%PROGRAM_FILES%\ pornmag pass\ pmmon.exe
%PROGRAM_FILES%\ pornmag pass\ pmsngr.exe
%PROGRAM_FILES%\ pornmag pass\ pornmagpass.exe
%PROGRAM_FILES%\ pornpass manager\ pornpassmanager.exe
%PROGRAM_FILES%\ protection tools\ bpvol.dll
%PROGRAM_FILES%\ protection tools\ smmain.exe
%PROGRAM_FILES%\ protection tools\ smmon.exe
%PROGRAM_FILES%\ protection tools\ splug.dll
%PROGRAM_FILES%\ qualitycodec\ iesplugin.dll
%PROGRAM_FILES%\ qualitycodec\ isaddon.dll
%PROGRAM_FILES%\ qualitycodec\ isamini.exe
%PROGRAM_FILES%\ qualitycodec\ isamonitor.exe
%PROGRAM_FILES%\ qualitycodec\ pmmon.exe
%PROGRAM_FILES%\ qualitycodec\ pmsngr.exe
%PROGRAM_FILES%\ safety bar\ safetybar.dll
%PROGRAM_FILES%\ security toolbar\ security toolbar.dll
%PROGRAM_FILES%\ security tools\ iesbpl.dll
%PROGRAM_FILES%\ security tools\ iesmin.exe
%PROGRAM_FILES%\ security tools\ iesmn.exe
%PROGRAM_FILES%\ security tools\ iesplg.dll
%PROGRAM_FILES%\ security tools\ imsmain.exe
%PROGRAM_FILES%\ security tools\ imsmn.exe
%PROGRAM_FILES%\ strcodec\ iesplugin.dll
%PROGRAM_FILES%\ strcodec\ iesuninst.exe
%PROGRAM_FILES%\ strcodec\ isaddon.dll
%PROGRAM_FILES%\ strcodec\ isamini.exe
%PROGRAM_FILES%\ strcodec\ isamonitor.exe
%PROGRAM_FILES%\ strcodec\ isauninst.exe
%PROGRAM_FILES%\ strcodec\ pmmon.exe
%PROGRAM_FILES%\ strcodec\ pmsngr.exe
%PROGRAM_FILES%\ strcodec\ pmuninst.exe
%PROGRAM_FILES%\ vaxcodec\ trnscoderv4.ocx
%PROGRAM_FILES%\ video access activex object\ isadd.dll
%PROGRAM_FILES%\ video access activex object\ isamini.exe
%PROGRAM_FILES%\ video access activex object\ isamntr.exe
%PROGRAM_FILES%\ video access activex object\ pmmnt.exe
%PROGRAM_FILES%\ video access activex object\ pmsnrr.exe
%PROGRAM_FILES%\ video activex access\ iesbpl.dll
%PROGRAM_FILES%\ video activex access\ iesmin.exe
%PROGRAM_FILES%\ video activex access\ iesmn.exe
%PROGRAM_FILES%\ video activex access\ iesplg.dll
%PROGRAM_FILES%\ video activex access\ imsmain.exe
%PROGRAM_FILES%\ video activex access\ imsmn.exe
%PROGRAM_FILES%\ video activex object\ iesplugin.dll
%PROGRAM_FILES%\ video activex object\ iesuninst.exe
%PROGRAM_FILES%\ video activex object\ isadd.dll
%PROGRAM_FILES%\ video activex object\ isaddon.dll
%PROGRAM_FILES%\ video activex object\ isamini.exe
%PROGRAM_FILES%\ video activex object\ isamntr.exe
%PROGRAM_FILES%\ video activex object\ isamonitor.exe
%PROGRAM_FILES%\ video activex object\ isauninst.exe
%PROGRAM_FILES%\ video activex object\ pmmnt.exe
%PROGRAM_FILES%\ video activex object\ pmmon.exe
%PROGRAM_FILES%\ video activex object\ pmsngr.exe
%PROGRAM_FILES%\ video activex object\ pmsnrr.exe
%PROGRAM_FILES%\ video activex object\ pmuninst.exe
%program_files%\ video add-on\ ictmdl.dll
%program_files%\ video add-on\ ifsmdl.dll
%PROGRAM_FILES%\ video ax object\ bpmini.exe
%PROGRAM_FILES%\ video ax object\ bpmon.exe
%PROGRAM_FILES%\ video ax object\ bpvol.dll
%PROGRAM_FILES%\ video ax object\ smmain.exe
%PROGRAM_FILES%\ video ax object\ smmon.exe
%PROGRAM_FILES%\ video ax object\ splug.dll
%PROGRAM_FILES%\ videokeycodec\ iesplugin.dll
%PROGRAM_FILES%\ videokeycodec\ isaddon.dll
%PROGRAM_FILES%\ videokeycodec\ isamini.exe
%PROGRAM_FILES%\ videokeycodec\ isamonitor.exe
%PROGRAM_FILES%\ videokeycodec\ pmmon.exe
%PROGRAM_FILES%\ videokeycodec\ pmsngr.exe
%PROGRAM_FILES%\ videoscodec\ iesplugin.dll
%PROGRAM_FILES%\ videoscodec\ isaddon.dll
%PROGRAM_FILES%\ videoscodec\ isamini.exe
%PROGRAM_FILES%\ videoscodec\ isamonitor.exe
%PROGRAM_FILES%\ videoscodec\ pmmon.exe
%PROGRAM_FILES%\ videoscodec\ pmsngr.exe
%program_files%\ X Password Generator\ pmsngr.exe
%PROGRAM_FILES%\ x password manager\ xpassmanager.exe
%SYSTEM%\ cthkpcv.dll
%SYSTEM%\ cwgppb.dll
%SYSTEM%\ gwquvw.dll
%SYSTEM%\ hjpprpu.dll
%SYSTEM%\ ieffse32.dll
%SYSTEM%\ isntfy.exe
%SYSTEM%\ issrch.exe
%SYSTEM%\ ixt0.dll
%SYSTEM%\ oebxpba.dll
%SYSTEM%\ qrzsyr.dll
%system%\ qxfgcg.dll
%SYSTEM%\ regmod.exe
%SYSTEM%\ rrtcany.dll
%SYSTEM%\ vblhanf.dll
%SYSTEM%\ xqpauzx.dll
%windows%\ videoc.dll
{2701D9F4-4760-48D7-9A04-A25ECCD06A8C}_TRUECODEC.EXE_DEUPX.EXE
{A719A1B3-5585-4C67-A429-50ED8DF45D89}_SOFTCODEC.EXE_DEUPX.EXE
~laf1.exe
009230058abafd7bc153bf024fb39d49.exe
03cde3dd4003470f2b55af623c9c5e90.exe
044b938a-dc47-4ffd-b8d7-de2440cd8aad.exe
0c762a7900dc490829bd3c93a7dd3014.exe
0c89f982009561f526e9f026891dba17.exe
1.exe
1[1].exe
1[2].exe
108.exe
1090f558-819e-4100-abfb-da592358e7c3.exe
10f9b6ad7cf5f8aba0ed2edae4f21ae4.exe
1259658124752fc0907956e29434eec2.exe
13.exe
13f32df3e317882aec9b8dfdf62cdf97.exe
14b211d56fdf8df261c546d66286ab4e.exe
159d3e23b581068f8a61091fae2f7801.exe
1676.exe
1730e17aa38980ebd73ec23d024d97c0.exe
190c9e53eab656e40ab88d0786dcb5f7.exe
19ee40cb-f9e0-4a12-9191-ff44a1a20ce2.exe
1b3ffe9ede0604dd87989cf5a478b396.exe
1c53e8b497d17c2ac9c7915534d235b2.exe
1d20266858fd4b8283194e6b740ee6aa.exe
1e74d45b-7065-477c-aee9-d6c10885937f.exe
1edaddca9be70777755eca11a996e78d.dll
1VideoAccessCodecInstall.exe
209e3e73cd64e5c66de716fbd3184b5d.exe
22e35ccd53a2c2d69b3cb9128195e24e.exe
23D36ABDA.exe
251.exe
2688ef77b707188362ff23b5f800ec5d.exe
26ea621143dcfde054160623ba37a9a3.exe
27092f30-2ef4-4a96-b9d9-86626f11c39e.exe
27564eeb-4a56-4c9c-8cca-cdd344a0cd8a.dll
28EA80784.exe
29e5e78384c5f527a8ca3cb14eb7d9f3.exe
2b0e5e68-f415-46a4-8a70-a0f0ca445654.exe
2b28a4dba8e5f0c59f9f4ffd87c82a09.exe
2b32a95aca680b555785b98720b68f91.exe
2ba8d90204d3546d7f6b51ea76e3aca4.exe
2c5bc9d3faeba122e435e5f5d0c96b27.exe
2e5d1464e3b349159f629e8b752665dd.exe
2e9afafd821fd5182d6df3d7767e32b2.exe
2ffc93821a46bf5f4d23c183b32968c4.exe
2setup.exe
2setup_1_.exe
3.exe
304c6ad43c58be927289f076c0ffd198.exe
31ec28f85a8bad99adc9b25e1de98389.exe
34047e3411ac9357324958743f7de33a.exe
355d48a3e46b56f613e14a79c867bdac.exe
3650965ac4f509752b32bf7107f7ad5e.exe
3701402829230.exe
38b54a72-278c-4a2d-8ba9-6f3602132ab6.exe
39073671.exe
399269681647191f0e02c9ec2b869ecd.exe
3d0d9153e771f1f336a23a8b2fe34da5.exe
3da87f7d3dafbc9c91d14b8458982115.exe
3dfbe0a8339f3e839da00eaf720e517f.exe
4.exe
4031e67ecc218c0da6c1480f0f0a9ccd.exe
4060.exe
409271.dll
43f39f964d3bc785f38f833782b81704.exe
446eff24-86df-4b8f-83f8-884a38628375.exe
4739009a5f9d7ad6c3f9cbac201adea9.exe
48ab2326abe868de26eb43f19545f922.exe
4bb9b960243054545b4ff500dbd72fa2.exe
4f600c0719d08d44b762c6ca58e821c4.exe
4fadc22204f67c66093742d7d374075f.exe
4fe2a7385cf8738d7c8111cc6851c2e1.exe
526af7cd07d5222110d8f174fcdfe5db.exe
538b531edd75e440ad18145314c8fee9.exe
5520b9df8d4687b4b7b99fa1fb108847.exe
561ba73b36e4f9007a6df6fd8b65ccb9.exe
5640ef4f61cddafe4de8398fc9fd765c.exe
599548e6-2910-4484-818c-ca5eda81f52d.exe
5a71a2563ef8f47bd70b4c18a863f5e8.exe
5ac7d761ee5857a4f75deeabd369c96c.exe
5d2269cfc00d12b55a379244e4c4931b.exe
5f26f424016dabf5a7808008e4e163ba.exe
5f8e7e6f7829e9eeb26a91ece3284620.exe
5ffa94845f58b614efef220a092f0bc7.exe
634738c79c8f885dd2e0278a69d413a1.exe
6365014e26f1dd3025ceea79ed6c937f.exe
6483833550b1640e4dc1abac01d6667e.exe
64afaf89a2597575463c84b5c337ce35.exe
6608db7hp8db7b.exe
6608db7hp8db7c.exe
66b5c2c8-b203-4edb-b4e9-b11df34f41a7.exe
68394186-c9b6-4fa8-9f27-1aa691f29b59.exe
69604c0512bc726daaa2fc59e2e6741a.exe
698e38dc2048612e9b6da4ce4dbe817f.exe
6bbebeda2cccf8ffeed2145925264e0b.exe
6d3878a8cc392a62795aa19449a865c7.exe
6d390385ab5562cf8e8fc05606c17492.exe
6df0962c4e2c7b23eee0598c1a161149.exe
6f5aa26a-8f13-4d6a-8485-257766d00750.exe
7121d684aab9efe683ea6d9449c021de.exe
71e64ebe4e81928f842e56c746cc318f.exe
71fe19af0671536e8b203f7fdf3263de.exe
75447ad81ef9a036bb032c45bfaa4ac0.exe
76020_4435731_codecmoon1000.exe
76020_6743095_usafindsite_com.exe
76022_8133496_ixcodec1176.exe
76022_8136622_WebSoftCodecSetup.exe
76024_4315977_WebSoftCodecSetup.exe
76024_6224936_WebSoftCodecSetup.exe
76025_7324123_WebSoftCodecSetup.exe
76028_4947375_MediaTubeCodec.exe
76029_8089058_lightcodec1000.exe
76031_8517549_WebSoftCodecSetup.exe
76032_5321667_MediaTubeCodec.exe
76032_7769135_turbocodec1000.exe
76033_344356_MediaTubeCodec.exe
76033_5756271_MediaTubeCodec.exe
76034_4673122_MediaTubeCodec.exe
76036_5262348_MediaTubeCodec.exe
76037_4760066_MediaTubeCodec.exe
76038_5930096_MediaTubeCodec.exe
76038_8220945_XXXmediaCodec.exe
76039_5394460_MediaTubeCodec.exe
76046_7465231_MediaTubeCodec.exe
76046_8188516_MediaTubeCodec.exe
76047_3158595_XXXmediaCodec.exe
76047_4086826_MediaTubeCodec.exe
76047_5873842_XXXmediaCodec.exe
76047_758243_endcodec1000.exe
76047_7594887_MediaTubeCodec.exe
775f5de51f543f8903d6f75b6015377c.exe
779abc60800eb5445486bc302eef859a.exe
7a25fef3-da5d-4d10-b2d2-8810c6328541.exe
7a6713ea3f044db17ebb5eaa04b30837.exe
7a6fe947e56bc314a0e3ea6d01868de1.exe
7b42f23b07ffbcc0f597673fb8ca8560.exe
7dde36d292b0668208fdda5ca4ef9927.exe
822fa7d9-4789-47e6-96ed-500d63a8641d.exe
837c14c7b97029c5a4304912142eb889.exe
85099e3c-3388-46a6-a82c-e62bf6979bae.exe
8774e587a31e3d44fa773a227d5356ea.exe
88a860468063b83447b249bd05287fa7.exe
8a005be6fd089cbff87343d39bbe1ab1.exe
8ba5cfb50162791dcfab87183a1a20e0.exe
8c8de04a6c44accb18220d1ced789ec5.exe
8d8018c41cebb0c5fb6e497954dbd1cc.exe
8e4061b3-1471-4156-a34d-43276451d62c.exe
90811b9489bfb07c51c1e0de18aa59ed.exe
92a7d46858eff70e85975f3feaec1ff5.exe
98f0bb4dd424f7cd8216cd28d2c8f699.exe
992380f6-aeb2-4500-a1bb-8d1635ae831c.exe
9ac75bd369ff5569f7ed24b786b4cf38.exe
9be4ee0b-631f-447d-adbb-24146cb50341.exe
a.exe
A_Day_in_the_Life_v1.3_by_c0nspiracy.zip.exe
a02f8f5d05baeada10c4b6a557366f24.exe
a11fe64dbec30f758bcb85178a692da0.exe
a42c8fc0a2370126885b197d37c918e8.exe
a4c4e2b1-872a-43e0-a922-4c646ba7d557.exe
a52297059c5c33ac56393b501a0fad87.dll
a6de394f-4497-4568-bdf7-481d7f6af5cd.exe
a7f5cc3cb7e25653393862b3d17b3a08.exe
a9cf06dd7533754c315c0a6a7653d25a.exe
aaa5dd78f6bf69d35f22e7910ab596b2.exe
aabd6099-1d7d-46b2-988e-3d542a475b93.EXE
abc.dll
abccodec1000.exe
accesssetup.1149.exe
accesssetup.1534.exe
activex(2).exe
activex.exe
adultviewer.exe
af1.exe
aksetup.1700.exe
alofkmn.dll
ampkfst.dll
atmclk.exe
Au_.exe
axosetup.1651.exe
axosetup.336.exe
b03eaee6712ef73cccf690a69feecbd0.dll
b176.exe
b36eb9c2308b5c3389a84fb24624fc93.exe
b7fa9da7-ae76-491e-8d94-6a0a6c7e5702.exe
b80.exe
b8689ff43d4ef978c12b7fe5d7b0adf9.exe
b880db4df0189bb171f09105ca18fc4c.exe
b94bbdd70ae74d457140cb4b5cdf67f6.exe
ba3fa627cce30d6d8228851f5c35ace5.exe
bb169ccc9e90a323ae5e7d77e6d91e68.exe
bb84fa0e1f38513b7e2bece054744312.exe
bbjgfjec.dll
bde16237414521b10be55048bfa96a95.exe
bindmod.dll
binret2.exe
bklgvsf.dll
blackcodec1273[1].exe
blopenvtok.dll
bmxknd.exe
bndsrdkq.dll
bndsrwgo.dll
boxdoxnmf.exe
boxdoxrsk.exe
boxdoxtds.exe
br1.exe
braincodec.503.exe
braincodec.872.exe
bxsbang.dll
c:\ temp\ strcodec.435.exe
c:\ temp\ vaxsetup.207.exe
c11f6e1e974305727e4da480a7dd0ca0.exe
c1886a2d5d9a1f48e42c395155e11668.exe
c2eb64a0f577d0aaa99261a59ba52c5d.exe
c4184110448d804380466cf7d10b64b3.exe
c467d961969a4a944cedc9b373898c89.exe
c6a56b0ec4f7323342345197d038b5c3.exe
c8ef12d1ee65bf459a87b1e8809e8645.exe
CA1SQ9TV.exe
caa81d26-3d81-4aa9-aee2-e90169f095f6.exe
calc.exe
cb9fee96c0b8b2a990a7296e7bc9cb7e.exe
cbfac30024497b7dee87191498158b0d.exe
cc8925e4fce33b8e3f4a064a24fbdbaa.exe
cd2d3fc7-a714-442e-86c6-58d454f5e354.exe
ced110e714f11fa3a80832a8d407704b.exe
cf238eb5-f89b-4cc5-b75c-fc1d65138d1f.exe
cgtfkfrqwn.exe
cleancodec4441[1].exe
cmdbcs.dll
cmdbcs.exe
cnsqtkrnkl.exe
cnsqtkrwxr.exe
codec.exe
codec_setup.exe
codecmoon4058.exe
codecmoon4531.exe
codecops1190.exe
codecpretty1335.exe
codeczang1176.exe
crkexe-fff.exe
CSRSS.exe
cup.dll
cup_1.dll
cup_2.dll
d.exe
d17b352e5e083544b6ae6a0852c0af26.exe
d2dc3223c9656e3c52849d80a9522d65.exe
d5f3b4b17861319367ccafcfeb95b2cc.exe
d6491d5b9c9b104da308fbcf5e6d8e4a.exe
da308b9d75ab93b59917007a8b42782b.exe
DA91B1ED.exe
dbffc98b04791c66e40f3c3db6852c0c.exe
dcomcfg.exe
ddxplugin.exe
delficodec4531[1].exe
df9f606e-d0b8-4fad-a4b9-04d10fadc604.exe
digikeygen_ver1.107.exe
digikeygen_ver1.541-a.exe
digikeygen_ver1.541-b.exe
digikeygen_ver1.541.exe
digipass_ver1.554.exe
diva.exe
dmxdrf.exe
dmxldp.exe
dnqdlpmlox.dll
dntpkwolox.dll
domnftwlvq.dll
dopfwrllwr.dll
download.exe
driverpp.sys
dvdaccess1000.exe
dvdaccess1020.exe
dvdaccess1042.exe
dvdaccess1050.exe
dvdaccess1093.exe
dvdaccess1100.exe
dvdaccess1227.exe
dvdaccess1500.exe
dvdcodec1000.exe
dvicodec1002.exe
dvicodec1003.exe
dxpvqlmgtv.dll
dxpvqlmqng.dll
e013aa95e0db15f5843d85e79200f15d.exe
e17fdad5-357e-4fb8-905b-799cbb229e6d.exe
e3e84a1d9ce6aff5fb898f48410d48e0.exe
e45ca697f1ba1acddf9d5690e4ca413b.exe
e82d8b1f-d6db-4c15-a172-849ab9697d33.exe
e97c7bcbfc5d8fcbdbf2da09c31dcfdc.exe
ebc7cedb584a97093f1026f0ec4f56b3.exe
ebf52908db4410d28591f4c0a23badde.exe
ecodec-v4.107.exe
ecodec-v4.276.exe
ecodec-v4.400.exe
econf32.exe
ee344dcaac5564809635a35be044b25e.exe
elitecodec.exe
emfd.exe
emlkdvo.dll
ensfolr.dll
epxonwo.dll
f41d4004-eb89-443b-804b-ce23c8ebdcd3.exe
f4461f804e55a6d1038b4999286e1276.exe
fbee3d7757de2c42de27966369824eef.exe
fdff573f08f7e77f45a5c969cf21cfed.exe
fff9f6ff989feaf3d7a1fb91f7eda21d.exe
fk.exe
fknxwqf.exe
FlyCodec.exe
foxflpd.exe
FOYGq2JV9B[1].exe
freebsd.exe
fuurod.sys
fvkwdrt.exe
fxmngr.exe
fxtqdrl.exe
gala.dll
gala_1.dll
gala_2.dll
gala_3.dll
gala_4.dll
ght.dll
goldcodec.107.exe
goldcodec.111.exe
goldcodec.112.exe
goldcodec.115.exe
goldcodec.318.exe
goldcodec.434.exe
goldcodec.589.exe
gormet.dll
graxkrsd.dll
gvazchcv.dll
hdtip.dll
hiprxw.exe
hipsdw.exe
hjoqor.dll
hnml.dll
hostctrl.dll
hpzef34c.exe
hqcodec.exe
hstsys.dll
hujcvkzw.dll
icmntr.exe
icodec4_01a.exe
icthis.exe
ictmdl.dll
ictun.exe
icun.exe
iesbpl.dll
iesbunst.exe
iesmin.exe
iesmn.exe
iesplg.dll
iesplugin.dll
iesuninst.exe
iesunst.exe
imsmain.exe
imsmn.exe
imsunst.exe
inc-codec1000.exe
index (2).exe
index.exe
install.exe
install_cn.0306-2050.exe
install_cn.0307-0000.exe
install_cn.0307-0900-1.exe
install_cn.0308-0900.exe
install_cn.0308-2030.exe
intcodec-v6.107.exe
intcodec-v6.131.exe
intcodec-v6.207.exe
intcodec-v6.541.exe
intcodec-v6.550.exe
ipwypwpk.dll
isadd.dll
isaddon.dll
isamini.exe
isamntr.exe
isamonitor.exe
isauninst.exe
isecur (2).dll
isecur.dll
isfmdl.dll
isfmm.exe
isfmntr.exe
isfun.exe
ISHOST.EXE
ISMINI.EXE
isunst.exe
ivideocodec.207.exe
ivideocodec.424.exe
ivideocodec.573.exe
IXT0.DLL
jiqa74mg.exe
jpegencoder.107.exe
kbdctrl.dll
kdlmm.exe
keycodec.107.exe
keycodec.107a.exe
keycodec.207.exe
keycodec.324.exe
keygen-fff.exe
keygenerator (1).exe
keygenerator.exe
keysetup.1700.exe
keysetup.336.exe
kg.exe
kopmet.dll
l.exe
l10.exe
l11.exe
l11[1].exe
l12.exe
l14.exe
l15.exe
l16.exe
l17.exe
l18.exe
l6.exe
l7.exe
l80.exe
l9.exe
laf1.exe
laf1.Unpacked.VMPatched.exe
laf2.exe
laf2.Unpacked.VMPatched.exe
laf3.exe
laf3.Unpacked.VMPatched.exe
laf5.exe
leosrv.dll
loader.exe
lovteclxf.exe
lovtecvto.exe
main.exe
malware.exe
mcodec-v5.175.exe
mcodec-v5.541.exe
media.exe
media_codec_install_wizard_3912969.exe
media_codec_install_wizard_3912998.exe
media_codec_iw_3912995.exe
mediacodec-4.207.exe
mediacodec-v4.107.exe
mediacodec-v4.143.exe
mediacodec-v4.178.exe
mediacodec-v4.207.exe
mediacodec-v4.300.exe
mediacodec-v4.397.exe
mediacodec-v4.400.exe
mediacodec-v4.541.exe
mediacodec-v4.729.exe
mediaeldoradocodec.ocx
MediaTubeCodec.exe
MediaTubeCodec_ver1.144.0.exe
MediaTubeCodec_ver1.682.0.exe
mendoza1.exe
mmcodec.207.exe
mmcodec.595.exe
mooncodec1000[1].exe
moviesdvds1169.exe
MsIMMs32.dll
msmhost.dll
msmsgs.exe
msram.exe
msvb.dll
mxstat.exe
myinstaller.exe
netadv.dll
newmediacodecinstaller.exe
nopctrl.dll
notepad.exe
npqtsrak.exe
nretcip.exe
nslbvxpgagr.dll
ntspkfxt.dll
nvctrl.exe
ocgrep.dll
ojxgtbz.exe
our.exe
p.exe
perfectcodec.107.exe
perfectcodec.399.exe
perfectcodec.568.exe
phpid_4088.exe
pid1000.exe
pid107.exe
pid4001.exe
PLAYERCODECVALID.EXE
pmmnt.exe
pmmon.exe
pmsngr.exe
pmsnrr.exe
pmuninst.exe
pmunst.exe
popnetkqw.dll
pornmagpass (1).exe
pornmagpass (2).exe
pornmagpass.exe
pornmagpass_ver1.107.exe
pornmagpass_ver1.131.exe
pornmagpass_ver1.229.exe
pornpassmanager.exe
powercodec.exe
ppmanager.1031.exe
ppmanager.107.exe
PPMANAGER.207.EXE
ppmanager.399.exe
protectedviewer.exe
pscw95kg.zip.exe
qazcodec1176.exe
qazcodec4531.exe
qualitycodec.107.exe
qualitycodec.207.exe
qualitycodec.318.exe
qualitycodec.438.exe
qualitycodec.503.exe
qualitycodec.589.exe
qwe.dll
rar.exe
Ravasktao.exe
regperf.exe
retnsrp.dll
rle.dll
rle_1.dll
rle_2.dll
rle_3.dll
routipnfd.exe
routippdg.exe
routipqno.exe
routiprpo.exe
run.exe
rundll32.exe
sapnet.dll
sbmdl.dll
sbmntr.exe
sbsm.exe
sbun.exe
scit.exe
scm.exe
scnchk32.exe
scu.exe
sdr.exe
search_us.exe
security_toolbar.dll
setup (1).exe
setup (10).exe
setup (11).exe
setup (12).exe
setup (2).exe
setup (3).exe
setup (4).exe
setup (5).exe
setup (6).exe
setup (7).exe
setup (8).exe
setup (9).exe
setup-the_bad_boy_bellsouth.net.exe
Setup..exe
setup.104.exe
setup.105.exe
setup.106.exe
setup.107.exe
setup.111.exe
setup.120.exe
setup.123.exe
setup.exe
setup[1].exe
setup2.exe
setup9.exe
setupax.207.exe
setupd.exe
setupmedia.107.exe
setupmedia.1603.exe
setupmedia.1651.exe
setupmedia.16512.exe
setupmedia.1651d.exe
setupmedia.1651d2.exe
setupmedia.1800.exe
setuppm.173.exe
setuppm.500.exe
sexmilla.exe
shanech_bs_VideoAccessCodecInstall.exe
shlyapa.exe
silvercodec.exe
siteentrance2000.exe
smmain.exe
smunst.exe
sockappgkv.exe
softcodec.107.exe
softcodec.131.exe
softcodec.324.exe
strcodec.107.exe
supercodec.exe
sv-codec-v4_01a.exe
sv32_2.exe
svideocodec3_0.exe
svideocodec4_01a.exe
svideocodeclight1_04b.exe
sxs (1).dll
sxs.dll
sysanri.exe
syscore.dll
sysdx.dll
syshzpg.exe
syskxp.dll
system.exe
sysvol32.dll
te-ar684.exe
tmp4d8.dll
tmp4da.dll
truecodec.exe
ttvbongfl.exe
ttvbonkog.dll
ttvbonnlq.exe
ttvbonsfp.exe
ultrahqcodec1301.exe
update.exe
update236.exe
upxdnd.dll
vaxsetup.1179.exe
vaxsetup.320.exe
vaxsetup.418.exe
vaxsetup.438.exe
vaxsetup.707.exe
vaxsetup.996.exe
vaxsetup.exe
vc3_05b.exe
vccodec.175.exe
vccodec.286.exe
vcodec.exe
vcodec_ver3.102.exe
vcodec_ver3.111.exe
vcodec2_1a_final.exe
vidcodec.107.exe
vidcodec.400.exe
VIDCODECS.EXE
VideoAccessCodec.0306-2100.ocx
VideoAccessCodec.0307-0000.ocx
VideoAccessCodec.0307-0130.ocx
VideoAccessCodec.0307-0300.ocx
VideoAccessCodec.0307-0330.ocx
VideoAccessCodec.0307-0600.ocx
VideoAccessCodec.0307-0900-1.ocx
VideoAccessCodec.0307-0900-2.ocx
VideoAccessCodec.0307-1200.ocx
VideoAccessCodec.0307-1500.ocx
VideoAccessCodec.0307-1800-1.ocx
VideoAccessCodec.0307-1800-2.ocx
VideoAccessCodec.0307-2100-1.ocx
VideoAccessCodec.0307-2100-2.ocx
VideoAccessCodec.0308-0000-1.ocx
VideoAccessCodec.0308-0000-2.ocx
VideoAccessCodec.0308-0200.ocx
VideoAccessCodec.0308-0300.ocx
VideoAccessCodec.0308-0800.ocx
VideoAccessCodec.0308-0900.ocx
VideoAccessCodec.0308-1200.ocx
VideoAccessCodec.0308-1330.ocx
VideoAccessCodec.0308-1500.ocx
VideoAccessCodec.0308-1800.ocx
VideoAccessCodec.0308-1900.ocx
VideoAccessCodec.0308-2030.ocx
VideoAccessCodec.0308-2100.ocx
VideoAccessCodecInstall(2).exe
VideoAccessCodecInstall(3).exe
VideoAccessCodecInstall(4).exe
VideoAccessCodecInstall(5).exe
VideoAccessCodecInstall.exe
VideoAccessCodecInstall[1].exe
videocodec2_1a.exe
videocodec3_05b.exe
videocodecaccessinstall.exe
videomp3_setup_3913107.exe
videosaccess1000.exe
videosaccess1065.exe
videosaccess1110.exe
videosaccess1119.exe
voipwet.dll
vpncore.exe
vpnpms.exe
vpnptm.exe
vrlwn11a3.exe
wamdl.dll
waun.exe
whipclkx.dll
win7.tmp.exe
win93.tmp.exe
WINA4.TMP.EXE
WindowsXP-KB238104-x86-CHS.exe
winlog.exe
wmcodec.107.exe
WMPCONF.DLL
wsremover.exe
xcvwer.dll
xpassman-v3.107.exe
xpassman-v3.541.exe
xxl.dll
xxl_1.dll
xxxcodec-v3.508.exe
XXXmediaCodec.exe
yxwrkrch.dll
zcodec.exe
zcodec1000.exe
zcodec1022.exe
ZCodec1055.exe
zen.dll
zen_1.dll
zen_2.dll
zen_3.dll
zen_4.dll
zen_5.dll
zfe1(2).exe
zfe1.exe
zfe2.exe
zfe4.exe
zipcodec-v6.175.exe
zipcodec-v6.207.exe
zipcodec-v6.403-july5.exe
zipcodec-v6.403-july6.exe
zipcodec-v6.403.exe
zipcodec-v6.403a.exe
zipcodec-v6.541-july5.exe
zipcodec-v6.541.exe
zipcodec-v6.722.exe
zipcodec-v6.783.exe
zlob.exe
zs1.exe
zs2.exe
zsetup.exe



وهناك غيرها....

ملفاته هي :


msmsgs.exe
pmsngr.exe
kdqrn.exe
02.exe
kdvhv.exe
kdoaf.exe
kdkwb.exe
kdkat.exe
kdlfk.exe
kdefp.exe
kdoaf.exe
kdkwb.exe
System\\kdkat.exe
System\\kdlfk.exe
System\\kdefp.exe


ومكان تواجده في مجلد System32 وهذه ملفات Dll التي يستهدفها :

C:\Windows\System32\lvhjtsa.dll
C:\Windows\System32\tdidrv32.sys
C:\Windows\System32\sozctue.dll
C:\Windows\System32\kknwg.dll
C:\Windows\System32\baoohy.dll
C:\Windows\System32\dcggain.dll
C:\Windows\System32\rkvdr.dll
C:\Windows\System32\vualf.dll
C:\Windows\System32\rkaxfza.dll
C:\Windows\System32\uyhjw.dll
C:\Windows\System32\qdsba.dll
C:\Windows\System32\rtmipr.dll


وحال دخوله الجهاز يبادر إلى نسخ نفسة هكذا....

%System%\msmsgs.exe

ويضيف هذه القيمه إلى الريجستري :

RegSvr32" = "%System%\msmsgs.exe"

هنا :

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run

والقيمة :

"Shell" = "Explorer.exe, msmsgs.exe"

هنا

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

والقيمة :

"notepad.exe" = "msmsgs.exe"

هنا :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion
\policies\explorer\run


وذلك كي يبدأ نشاطة عند بداية تشغيل الجهاز.


والقيمة :

"uuid" = "86c29b2f-3389-418b-9b47-c2b09b6abc07"

هنا :

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion

حتى يظهر نوافذ الخطأ


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\RegSvr32=%System%\msmsgs.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell=explorer.exe,msms gs.exe
HKCU\Software\Internet Security\
HKCU\Software\HQvideo



هذه إضافة مختصرة عن تشعبات هذا الفايروس على النظام


وأي سؤال أنا حاضر