« FakeAlert-DZ
Virus.Win32.Cheburgen.a »

Mal/Packer

No Comments
Domesticus By Domesticus in Malware | 0 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

Mal/Packer Description

Mal/Packer is a malware infection that is used to port other malicious files or application onto an infected system. Mal/Packer can infect a computer through a backdoor or browser security hole usually without notification to the computer user. Mal/Packer is difficult to manually remove.

Type: Malware

Aliases: Mal/EncPk-BW (Sophos)
, Packed.Win32.NSAnti (Ikarus)
, Packed/Upack (AhnLab)
, PE_Patch (Kaspersky Lab)
.

Automatic Detection of Mal/Packer

 
 

Download SpyHunter’s Detection Scanner
to Detect Mal/Packer.

 
 

Mal/Packer has typically the following processes in memory:

  • %CommonDesktopDir%\auto.exe
  • %CommonPrograms%\startup\gbplugin.exe
  • %CommonPrograms%\startup\sys_aupdate.exe
  • %FontsDir%\b4b147bc522828731f1a016bfa72c073\system\svchost.exe
  • %Profiles%\mscrss.exe
  • %ProgramFiles%\aore-unpacktools\about.exe
  • %ProgramFiles%\clzxabxpmdh\fuy0gh6d.exe
  • %ProgramFiles%\common files\system\she.dll
  • %ProgramFiles%\d93310q\gdabn.exe
  • %ProgramFiles%\game accelerator\web.exe
  • %ProgramFiles%\idigital technologies\key serv 2.0\srvcks.exe
  • %ProgramFiles%\internet explorer\inter_1.exe
  • %ProgramFiles%\internet explorer\setupapi.dll
  • %ProgramFiles%\kari\win32ip.exe
  • %ProgramFiles%\navilog1\gnc.exe
  • %ProgramFiles%\nvsvcm.exe
  • %ProgramFiles%\rss team\rs_accounts_seeker.exe
  • %ProgramFiles%\sd updater\uninstall.exe
  • %ProgramFiles%\windows media player\kguwc.exe
  • %ProgramFiles%\winrar\original_files_and_patch\keygen.exe
  • %ProgramFiles%\zero freezer 1.5\data_file.exe
  • %System%\1028\1028.exe
  • %System%\1037\1037.exe
  • %System%\1054\1054.exe
  • %System%\3076\3076.exe
  • %System%\3com_dmi\3com_dmi.exe
  • %System%\51b294.exe
  • %System%\6553bb80.dll
  • %System%\addnew.exe
  • %System%\alalin.exe
  • %System%\alien32.exe
  • %System%\alitin.exe
  • %System%\alxlin.exe
  • %AppData%\timerlocksetup.exe
  • %CommonPrograms%\startup\avg.exe
  • %CommonPrograms%\startup\startup.exe
  • %DesktopDir%\keymaker.exe
  • %Profiles%\2f.tmp_bak.exe
  • %ProgramFiles%\aggress\doorway generator\aggressdoorgen.exe
  • %ProgramFiles%\bifrost\server.exe
  • %ProgramFiles%\common files\system\qqtc32.exe
  • %ProgramFiles%\counter\htmlpeek.dll
  • %ProgramFiles%\game accelerator\gamexl.exe
  • %ProgramFiles%\hotbounce\ifufi2\ifufi2.exe
  • %ProgramFiles%\internet explorer\connection wizard\audwf.exe
  • %ProgramFiles%\internet explorer\piplayer.exe
  • %ProgramFiles%\internet explorer\winrar_all_version.exe
  • %ProgramFiles%\myportal\speed-x\speedx.exe
  • %ProgramFiles%\netlog version 2.0\netlog.exe
  • %ProgramFiles%\outlook express\system.exe
  • %ProgramFiles%\rss team\sqlite3.dll
  • %ProgramFiles%\vopt8\vopt.exe
  • %ProgramFiles%\winrar\activation.exe
  • %ProgramFiles%\wolfbox\uninstall.exe
  • %System%\1025\1025.exe
  • %System%\1033\1033.exe
  • %System%\1042\1042.exe
  • %System%\2052\2052.exe
  • %System%\360mo.dll
  • %System%\40790400.exe
  • %System%\51b380.exe
  • %System%\abpexsgo.exe
  • %System%\ailin.exe
  • %System%\alibaba32.exe
  • %System%\alitao32.exe
  • %System%\alovxjmx.exe
  • %AppData%\iloader.exe
  • %CommonPrograms%\startup\70cuse.lnk.exe
  • %CommonPrograms%\startup\msn.exe
  • %CommonPrograms%\startup\windows32.exe
  • %FontsDir%\unwise_.exe
  • %ProgramFiles%\_twunk_64.exe
  • %ProgramFiles%\bifrost\q.exe
  • %ProgramFiles%\common files\efbaf.exe
  • %ProgramFiles%\common files\system\vbtoedl.exe
  • %ProgramFiles%\desktop lock\keygen.exe
  • %ProgramFiles%\gameos\web.exe
  • %ProgramFiles%\internet download manager\idman.exe
  • %ProgramFiles%\internet explorer\keygen.exe
  • %ProgramFiles%\internet explorer\syssmss.exe
  • %ProgramFiles%\meex.exe
  • %ProgramFiles%\netlog version 2.0\logview.exe
  • %ProgramFiles%\outlook express\keygen.exe
  • %ProgramFiles%\rss team\rsdwn.dll
  • %ProgramFiles%\ssc service utility\s2csplash.dll
  • %ProgramFiles%\windows nt\services.exe
  • %ProgramFiles%\winrar\winrde.exe
  • %System%\1.exe
  • %System%\1031\1031.exe
  • %System%\1041\1041.exe
  • %System%\111.exe
  • %System%\33f5c.dll
  • %System%\3fabe9c0.exe
  • %System%\51b322.exe
  • %System%\about.exe
  • %System%\ahikzqor.exe
  • %System%\alatin.exe
  • %System%\alimoto32.exe
  • %System%\alitte32.exe

Mal/Packer creates the following registry entries:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51716C09-6B08-4CCF-B526-718E912C0573}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{526EB425-7F56-4773-8D70-B8E45AA8E2B6}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74DA2FEC-F68F-4DC7-9A45-9174AC044427}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81EB905C-EDF8-4033-80BF-E0F4F46733DF}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8708994F-1758-4C2C-9A3F-FA22D6CCCB41}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87DE8A1A-96C5-4420-B222-EF998F697CE7}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2BCFCEE-C939-433F-A32A-7353A6E720DB}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B59F0A61-EF3E-4A2B-9E3A-4A84EDDF2308}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C07B914B-C164-42D2-9838-1422C3F70D99}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB661471-055A-4C5B-9ED0-497B9908FEF5}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F181F067-7046-4DCB-993F-200990736305}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\693Vdiher{.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DjhqwVyu.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egdjhqw.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ffHywPju.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ghizdwfk.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hnuq.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NDEdfnUhsruw.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NLVVyf.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSizVyf.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NZdwfk.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pflqvxsg.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PfSur{|.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfv|vprq.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pihdqq.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSPrq.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSVYF5.exe
  • * HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TTGrfwruUws.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UdyPrq.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UdyWdvn.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UvDjhqw.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UvWud|.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VfdqIup.exe
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\E0200804
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11FDB6D4-166A-47BF-A0F8-A09DABA75FC1}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{526EB425-7F56-4773-8D70-B8E45AA8E2B6}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6049BC02-7EDA-4C41-B4AB-D5398607C39E}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81EB905C-EDF8-4033-80BF-E0F4F46733DF}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84639C2D-CD75-4081-B515-329AFCECBF19}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87DE8A1A-96C5-4420-B222-EF998F697CE7}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A6A5B34-D995-4C5D-9338-B5E264B4A87}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B59F0A61-EF3E-4A2B-9E3A-4A84EDDF2308}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7F1BFDC-4B6C-4E2F-AF7A-638D2D47802C}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB661471-055A-4C5B-9ED0-497B9908FEF5}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1639D0B-CC74-4C22-B662-F2F9367CBEFC}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\693ghod|v.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\693wud|.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dys.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FFhqwhu.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ffVyfKvw.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hjxl.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IudphzrunVhuylfh.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NdyVwduw.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSIZ65.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NYVuyS.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfdjhqw.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfqdvyf.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfvklhog.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfxsgpju.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsiVuy.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSVYF4.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TTGrfwru.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Udy.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UdyVwxe.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uizvuy.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uvvdihw|.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vdiher{Wud|.exe
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11FDB6D4-166A-47BF-A0F8-A09DABA75FC1}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51716C09-6B08-4CCF-B526-718E912C0573}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6049BC02-7EDA-4C41-B4AB-D5398607C39E}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74DA2FEC-F68F-4DC7-9A45-9174AC044427}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84639C2D-CD75-4081-B515-329AFCECBF19}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8708994F-1758-4C2C-9A3F-FA22D6CCCB41}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A6A5B34-D995-4C5D-9338-B5E264B4A87}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2BCFCEE-C939-433F-A32A-7353A6E720DB}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7F1BFDC-4B6C-4E2F-AF7A-638D2D47802C}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C07B914B-C164-42D2-9838-1422C3F70D99}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1639D0B-CC74-4C22-B662-F2F9367CBEFC}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F181F067-7046-4DCB-993F-200990736305}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\693VriwPjuVyf.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dqwldus.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ffdss.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ffVhwPju.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GuXsgdwh.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hqjlqhvhuyhu.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndffruh.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npdloprq.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NVZheVklhog.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\olyhvuy.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfpvfvyf.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfvkhoo.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PfWud|.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pihywsv.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSVYF.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qdSugPju.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\txwpvhuy.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UdyPrqG.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UhjJxlgh.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uvqhwvyu.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uwyvfdq.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VKVWDW.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WINGB_EN

Important Article Disclaimer

article disclaimer
ESG Support Center

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Furl
  • StumbleUpon
  • Technorati
  • YahooMyWeb
This entry was posted on 10/28/09 and is filed under Malware. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.

Top Malware

Recommended Products

Featured Videos

Poll

How much money have you spent trying to rid your PC of spyware?
View Results

Recent Articles

Top FAQs


Archives

Home Sitemap RSS Feed Privacy Policy End User License Agreement Copyright 2003-2009. Enigma Software Group USA, LLC. All Rights Reserved.