Not-a-virus.Keygen.CloneDVD

By JubileeX in Worms

Translate To:

Threat Scorecard

Popularity Rank:	23,057
Threat Level:	60 % (Medium)
Infected Computers:	1,326

First Seen:	July 24, 2009
Last Seen:	March 20, 2026
OS(es) Affected:	Windows

Not-a-virus.Keygen.CloneDVD is a malicious Worm that spreads across existing networks. Not-a-virus.Keygen.CloneDVD can download other corrupt files from the Internet onto the system. Not-a-virus.Keygen.CloneDVD also has the ability to send private emails directly to a recipient mail server for malicious purposes. Not-a-virus.Keygen.CloneDVD poses a severe security risk and should be removed immediately.

Table of Contents

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
AVG	Generic25.CJCV
Fortinet	W32/BDoor.CEP!tr.bdr
AhnLab-V3	Trojan/Win32.ADH
AntiVir	BDS/Bifrose.A.394
Kaspersky	Trojan.Win32.Midgare.bbsz
ClamAV	Trojan.Midgare-167
CAT-QuickHeal	Trojan.Midgare.bbsz
Panda	Trj/Thed.M
AVG	Generic5_c.BUVP
TrendMicro	TROJ_SPNR.11I612
F-Secure	Gen:Variant.Barys.1607
eSafe	Win32.GenVariant.Kaz
McAfee	BackDoor-FACW!FEA05B1E642B
AVG	Generic5_c.AUMF
AhnLab-V3	Backdoor/Win32.Buzy

SpyHunter Detects & Remove Not-a-virus.Keygen.CloneDVD

File System Details

Not-a-virus.Keygen.CloneDVD may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	KEYGEN.EXE	c78823c750512ab280b62ec17ee2173a	571
Name: KEYGEN.EXE MD5: c78823c750512ab280b62ec17ee2173a Size: 32.76 KB (32768 bytes) Detections: 571 Type: Executable File Path: D:\Program Files\Adobe_Audition_1\Soft\SonicFoundry Sound Forge 6.0e\KEYGEN.EXE Group: Malware file Last Updated: March 7, 2026
2.	wuauclt.exe	2e2d0c602a60fba0ee1f3c68d2532237	76
Name: wuauclt.exe MD5: 2e2d0c602a60fba0ee1f3c68d2532237 Size: 135.16 KB (135168 bytes) Detections: 76 Type: Executable File Path: C: Group: Malware file Last Updated: April 17, 2019
3.	csrs.exe	a94dc5a0361bb54f4c40abf404441379	34
Name: csrs.exe MD5: a94dc5a0361bb54f4c40abf404441379 Size: 115.77 KB (115775 bytes) Detections: 34 Type: Executable File Path: %WINDIR% Group: Malware file Last Updated: November 22, 2010
4.	update.exe	4b63963bcc580f48f5a40bda656ebd51	6
Name: update.exe MD5: 4b63963bcc580f48f5a40bda656ebd51 Size: 67.73 KB (67735 bytes) Detections: 6 Type: Executable File Path: %WINDIR%\system32 Group: Malware file Last Updated: October 27, 2010
5.	winsrvcn.exe	f75a8c506ed70d465e15065146843385	4
Name: winsrvcn.exe MD5: f75a8c506ed70d465e15065146843385 Size: 48.64 KB (48640 bytes) Detections: 4 Type: Executable File Path: %USERPROFILE% Group: Malware file Last Updated: December 1, 2010
6.	server.exe	1bf5e02e439c6cf09c220d5710b46ad5	4
Name: server.exe MD5: 1bf5e02e439c6cf09c220d5710b46ad5 Size: 27.51 KB (27517 bytes) Detections: 4 Type: Executable File Path: %PROGRAMFILES%\Bifrost Group: Malware file Last Updated: September 4, 2019
7.	csrss.exe	b6c30f087bb3cbc38c7abb3e2ca4eaf2	2
Name: csrss.exe MD5: b6c30f087bb3cbc38c7abb3e2ca4eaf2 Size: 389.14 KB (389148 bytes) Detections: 2 Type: Executable File Path: %APPDATA% Group: Malware file Last Updated: September 28, 2010
8.	alvsvpd.exe	61e2355a9bc4d852c06571b51f084448	2
Name: alvsvpd.exe MD5: 61e2355a9bc4d852c06571b51f084448 Size: 90.9 KB (90909 bytes) Detections: 2 Type: Executable File Path: %USERPROFILE%\Local Settings Group: Malware file Last Updated: May 18, 2012
9.	camfrog.exe	c8b0f1482d5026134d4be7f3b906b21f	1
Name: camfrog.exe MD5: c8b0f1482d5026134d4be7f3b906b21f Size: 39.38 KB (39389 bytes) Detections: 1 Type: Executable File Path: %APPDATA% Group: Malware file Last Updated: December 27, 2011
10.	system32.exe	e83b9b6a0f906ad6564afc890ea5c6bd	1
Name: system32.exe MD5: e83b9b6a0f906ad6564afc890ea5c6bd Size: 2.58 MB (2582165 bytes) Detections: 1 Type: Executable File Path: %APPDATA% Group: Malware file Last Updated: November 16, 2010
11.	file[1].exe	9b1b8011f18ac6b95c87cc5c115514e7	0
Name: file[1].exe MD5: 9b1b8011f18ac6b95c87cc5c115514e7 Size: 38.91 KB (38919 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
12.	ffx.exe	905d88c67659fe04a35ec2c0f86c4ed0	0
Name: ffx.exe MD5: 905d88c67659fe04a35ec2c0f86c4ed0 Size: 143.87 KB (143872 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
13.	winsystem.exe	4920b9bcc50cac48ce4cb3f4ce4c527e	0
Name: winsystem.exe MD5: 4920b9bcc50cac48ce4cb3f4ce4c527e Size: 100.06 KB (100063 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
14.	svchost.exe	624f45f8ef3f192e8eb09a529fe0e3fe	0
Name: svchost.exe MD5: 624f45f8ef3f192e8eb09a529fe0e3fe Size: 584.19 KB (584192 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
15.	spoolsv.exe	c665a55e56966c44171d9c8900fbb529	0
Name: spoolsv.exe MD5: c665a55e56966c44171d9c8900fbb529 Size: 47.61 KB (47616 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: January 21, 2010
16.	ccdrive32.exe	39f2c3805d88cf76c5d79c54c1e37349	0
Name: ccdrive32.exe MD5: 39f2c3805d88cf76c5d79c54c1e37349 Size: 75.26 KB (75264 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: January 26, 2010
17.	rundll32.exe	8d08b75195561ed02caa6f0abb3b4fd8	0
Name: rundll32.exe MD5: 8d08b75195561ed02caa6f0abb3b4fd8 Size: 61.44 KB (61440 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: March 19, 2010
18.	msn.exe	2afb4ee104bc1d0be383845845a9b511	0
Name: msn.exe MD5: 2afb4ee104bc1d0be383845845a9b511 Size: 237.56 KB (237568 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: March 19, 2010
19.	H2sfasH.exe	31eb4ff720d93075a2fcbb203c590ff2	0
Name: H2sfasH.exe MD5: 31eb4ff720d93075a2fcbb203c590ff2 Size: 81.4 KB (81408 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: March 23, 2010
20.	msvmcls64.exe	ae7fa2384864f34947ac24f45ca9e4bf	0
Name: msvmcls64.exe MD5: ae7fa2384864f34947ac24f45ca9e4bf Size: 219.13 KB (219136 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: March 30, 2010
21.	win23.exe	f2e2909a1aa1ba25357768061979b621	0
Name: win23.exe MD5: f2e2909a1aa1ba25357768061979b621 Size: 170.17 KB (170178 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: April 8, 2010
22.	file.exe	d948009c57aa4ef2d0e1944b561c12ba	0
Name: file.exe MD5: d948009c57aa4ef2d0e1944b561c12ba Size: 370.68 KB (370688 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: May 17, 2016

More files

Registry Details

Not-a-virus.Keygen.CloneDVD may create the following registry entry or registry entries:

Regexp file mask

%ALLUSERSPROFILE%\cachemgr.exe

%SystemDrive%\Setup\CacheMgr.exe

%TEMP%\XX--XX--XX.txt

Analysis Report

General information

Family Name:	Backdoor.Bifrose
Signature status:	No Signature

Known Samples

MD5: 8b6450f6d43a9e848f6d33b06b3411c3

SHA1: 1f677ad0abcfe8f0c4c694c7732c7f95a94d08f6

SHA256: 8150596BCBBE51058C6988D0278A1AB14DC14F02700639E771D420726A81BA9A

File Size: 3.17 MB, 3166208 bytes

MD5: ba5de8b0ccd90eab0ab08ca8faa5b697

SHA1: 93ce801c072fa3cabe89cbe99fe335b4d62e3002

SHA256: 584A45DCA84D00B14EDD873BF269AE72A66044C13134E146951B16A5CCD12456

File Size: 5.02 MB, 5015040 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have relocations information
File doesn't have security information
File has exports table
File has TLS information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)

File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Comments	Modified by an unpaid evaluation copy of Resource Tuner 2 (www.heaventools.com) Modified by an unpaid evaluation copy of Resource Tuner 2. http://www.heaventools.com
Company Name	Hanbitsoft corp.
File Description	Tantra AutoUpdater Tantra Client
File Version	6, 9, 0, 6 2.1.0.3
Internal Name	HTLaunch
Legal Copyright	Copyright (c) - 2003 Hanbitsoft corp. khanakat.azurewebsites.net
Original Filename	HTLaunch.exe
Product Name	Tantra Client
Product Version	2.1.0.3 1, 0, 0, 1

File Traits

00 section
2+ executable sections
HighEntropy
RT
VirtualQueryEx
x86

Block Information

Total Blocks:	6,482
Potentially Malicious Blocks:	1
Whitelisted Blocks:	6,440
Unknown Blocks:	41

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

... Data truncated

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

BadJoke.LMG
Banker.RF
Casbaneiro.A
Delf.GFA
Filecoder.RR

Installmonstr.EC
MSIL.Agent.FG

Windows API Usage

Category	API
Other Suspicious	SetWindowsHookEx
User Data Access	GetComputerName GetUserName GetUserObjectInformation

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Not-a-virus.Keygen.CloneDVD

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

SpyHunter Detects & Remove Not-a-virus.Keygen.CloneDVD

File System Details

Registry Details

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Windows API Usage

Windows API Usage

Submit Comment

Trending

Valrelio.co.in

Your Account Will Be Disabled Email Scam

Ledger - Suspicious DEX Activity Detected Email Scam

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen

Pornktube.porn