Visit ThreatExpert web site |Close Report

Submission Summary:

What's been foundSeverity Level
Downloads/requests other files from Internet.
Registers a 32-bit in-process server DLL.
Contains characteristics of an identified security risk.

 

Technical Details:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

 

Possible Security Risk

Threat CategoryDescription
A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment
A potentially unwanted adware program designed to deliver various advertisements to the users' systems

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %DesktopDir%\��Ȥ����.lnk 1,429 bytes MD5: 0xEEB71F6C9A6C160F5396671F3D8911B8
SHA-1: 0x9EFCEC523A5D84B937D85360BAB42701E1369A45		 (not available)
2 %Temp%\is-5HM82.tmp\EbayTools299.exe 95,566 bytes MD5: 0x6828915939147691C4BCD165BD376075
SHA-1: 0x97D3AEDE9730B4AF5774E8220F8DF23E3B6B421F		 packed with UPX [Kaspersky Lab]
3 %Temp%\is-5HM82.tmp\jbwb_cns_yassist.exe 363,724 bytes MD5: 0x1D5A53342AEE5CB0A1032D2C06119B5F
SHA-1: 0x19B4589833B011958CF054F0BBBC01A12EC6A816		 Trojan Horse [Symantec]
Generic PUP.z!p [McAfee]
Mal/Generic-L [Sophos]
Virus.Win32.AdWare [Ikarus]
4 %Programs%\��Ȥ����.lnk 1,435 bytes MD5: 0xA97F1BD35F7BAE4F96C2059EEF3C4A51
SHA-1: 0xFC1E535D3513AAD43747D5AA23E7DC5C7D53F195		 (not available)
5 %StartMenu%\��Ȥ����.lnk 1,429 bytes MD5: 0x60854F15BFE88F21797E24470176E924
SHA-1: 0xE6CBAD9760E87BD0C637CAF32919E0EF2877DA7C		 (not available)
6 %ProgramFiles%\3721\3721\AutoLive.dll
%ProgramFiles%\3721\AutoLive.dll 		150,856 bytes MD5: 0x4F3A3F4057930434F39F0AA7524AA20C
SHA-1: 0x822F25D7E2AE2511FE89540A8668F3E1872962B0		 CnsMin [McAfee]
Trojan.Generic [Ikarus]
7 %ProgramFiles%\3721\3721\Helper.dll
%ProgramFiles%\3721\Helper.dll 		40,264 bytes MD5: 0x0D84DE5CDCFA5D6F6026BAD93784976E
SHA-1: 0x29C41DCFAB97153338B012227B3C9617E936D775		 CnsMin [McAfee]
Spyware:Win32/CnsMin [Microsoft]
Trojan.Generic [Ikarus]
Win-Trojan/Xema.variant [AhnLab]
8 %ProgramFiles%\3721\alliveex.dll 142,664 bytes MD5: 0x8E222BA7531B6144EB7A95E38D83FC13
SHA-1: 0x2C26F41B07B7E052CD44C3C5956268CA099C624F		 CnsMin [McAfee]
AdWare.CnsMin.B.2 [Ikarus]
9 %ProgramFiles%\3721\alrex.dll 32,072 bytes MD5: 0xE8078DB51ABF2C3AF35D8F7931D17B06
SHA-1: 0x4E357016A8DD22C083C59B25C21D130566E8AA95		 CnsMin [McAfee]
Virus.Win32.Cnsmin [Ikarus]
10 %ProgramFiles%\3721\autolive.ini 1,188 bytes MD5: 0xEB9FDBC399B460E65354F8749D6523C7
SHA-1: 0xFC93A0CB8DBAA3B1AF2CA7E0AC0327BDA1C80583		 (not available)
11 %ProgramFiles%\3721\autolvsw.ini 814 bytes MD5: 0x90D13F2FC94D9FF71B4469019D4FB758
SHA-1: 0x329CBD8AA6A556EDC14348F1BB7A640A812C493B		 (not available)
12 %ProgramFiles%\3721\cns01.dat
%ProgramFiles%\Yahoo!\Assistant\yal01.dat 		5,064 bytes MD5: 0xDB218185F9AA52F633B59D4C790018A7
SHA-1: 0xD87B1B4D0C8D7BE0D536E02C2DEA9FA9510F2CCC		 (not available)
13 %ProgramFiles%\3721\cns03.dat 1,889 bytes MD5: 0xE2F5880D48B675C9F58D842166999618
SHA-1: 0x66AADF8491A72391431164DE223A534B556B55B4		 (not available)
14 %ProgramFiles%\3721\CnsM.dll 36,864 bytes MD5: 0x57BC7EAECA6FF60890332BC73D3C9E0A
SHA-1: 0x18E2E84B07FC12DFA2AD6103B6D97CED42FADE2B		 Adware.Gen [Symantec]
TrojanSpy:Win32/Jhook.A [Microsoft]
AdWare.cns.tyu.36864 [Ikarus]
15 %ProgramFiles%\3721\notifier.dll 97,608 bytes MD5: 0x6E8A0135C5805DCFD093633707612639
SHA-1: 0x554A05394CB2AC57AC7C0021E9270231E76CF58D		 CnsMin [McAfee]
AdWare.Agent [Ikarus]
Win-Trojan/Xema.variant [AhnLab]
16 %ProgramFiles%\3721\windex.dat 11,616 bytes MD5: 0x9DEBD9EA424C733A929611C815BCCFAC
SHA-1: 0x6E92085DAC84489E875D07871E232B17A44997C2		 possibleThreat.windex [Ikarus]
17 %ProgramFiles%\3721\winhex.dat 72 bytes MD5: 0x8087046BBF54BEC53CBCA8F7C465C6BA
SHA-1: 0x245C852EF73B8F45C3E3BA927E8EC02D2E20B50B		 possibleThreat.winhex [Ikarus]
18 %ProgramFiles%\EbayTools\EbaySetup.exe 24,576 bytes MD5: 0x21AD7AFD2B6CDD763E9591D4244BD489
SHA-1: 0x8A1A279A0D2B55FC27E4B7D168450D766B8A9BF4		 (not available)
19 %ProgramFiles%\Yahoo!\Assistant\Assist\CoolBar\prodef.ini 5,217 bytes MD5: 0xC855335E2C37B8E4BC6A824D4C407120
SHA-1: 0xE4A7FE834FA2272871F56A1EF4A0A2A77876BA14		 (not available)
20 %ProgramFiles%\Yahoo!\Assistant\Assist\CoolBar\profile.ini 5,515 bytes MD5: 0xE50CD79A8204D6E56A240D3F7CECF411
SHA-1: 0xD78C6A9BAE16BD11B16F87428C0B8F8CDA22A793		 (not available)
21 %ProgramFiles%\Yahoo!\Assistant\Assist\float.gif 7,645 bytes MD5: 0x8AD99B0B70C7B7497DD6BA1ECB38C53D
SHA-1: 0x5B1B485862AFFDE73063DD8ADB0FC7FFAB3A9676		 (not available)
22 %ProgramFiles%\Yahoo!\Assistant\Assist\Images\adkiller.bmp 604 bytes MD5: 0x797A7955E4869D421F672CD2E5FB6BDE
SHA-1: 0x4120908D501AD837286CAFEDC8CD8096DC2B6364		 (not available)
23 %ProgramFiles%\Yahoo!\Assistant\Assist\Images\alert.bmp 968 bytes MD5: 0xF4F9EAC50E78DFD4A4004AC5F32ED08F
SHA-1: 0x4D3650D12843DE95D2ED38A9EA19E04DFD9070D4		 (not available)
24 %ProgramFiles%\Yahoo!\Assistant\Assist\Images\alertnew.bmp 1,040 bytes MD5: 0xB83F1530AEC748DA7C8AD556E4A93DFE
SHA-1: 0x39174DD717DC03364FB78EEBD57B56CF72845A4B		 (not available)
25 %ProgramFiles%\Yahoo!\Assistant\Assist\Images\anitvirus.bmp 1,064 bytes MD5: 0x63E7B4DC11CD991F1A9BD6F1A05CD793
SHA-1: 0x83AF59C8C2EE1F640FCD3FE8FE9A7F30CFB06840		 (not available)
26 %ProgramFiles%\Yahoo!\Assistant\Assist\Images\assist.bmp 1,392 bytes MD5: 0x3423A84E4E32C757C8EFAC8E6F0C3D37
SHA-1: 0xCAB1679CFE7B08EB06F4FCC66E15F42E85FF6D22		 (not available)
27 %ProgramFiles%\Yahoo!\Assistant\Assist\Images\clear.bmp 632 bytes MD5: 0x6F4CB62838EA147D9A709758603753B1
SHA-1: 0x2C0FC07356EA99AAA600FA3C142C3C3132BEDD64		 (not available)
28 %ProgramFiles%\Yahoo!\Assistant\Assist\Images\custheme.bmp 1,064 bytes MD5: 0xE7154532ACA11E6EEC0E37B8CF346097
SHA-1: 0x50C8C25C579D6149B396DAC4E9227B185892564B		 (not available)
29 %ProgramFiles%\Yahoo!\Assistant\Assist\Images\gouwu.bmp 1,064 bytes MD5: 0x9585A21D733A9D50D8187F0352D660C4
SHA-1: 0xE87A01B56D64021895208DE5406C10F16614C81D		 (not available)
30 %ProgramFiles%\Yahoo!\Assistant\Assist\Images\hilight.bmp 548 bytes MD5: 0x02464DB07BEE403185FA5CAA215985EE
SHA-1: 0x0F8E7AA14EE9FB4803523A35B6F05EC4B5BAF54B		 (not available)
31 %ProgramFiles%\Yahoo!\Assistant\Assist\Images\iefix.bmp 728 bytes MD5: 0x976B1311EB2C36AB27B8F59F57E94C69
SHA-1: 0xF98EEB688620F30F0B06CF418F7DFD401A6D5FF7		 (not available)
32 %ProgramFiles%\Yahoo!\Assistant\Assist\Images\logo.bmp 4,304 bytes MD5: 0x4F37AED264AA2AC1CD1810EF4EF70B8B
SHA-1: 0x5B5E0C2F749AFCE3E2D2F4B8BA0711AFBCBA4B7C		 (not available)
33 %ProgramFiles%\Yahoo!\Assistant\Assist\Images\music.bmp 736 bytes MD5: 0xEB3937826A87B7E43A2206267363AA6F
SHA-1: 0x26B67E80595772E90EE3B39514C81FED47391C14		 (not available)
34 %ProgramFiles%\Yahoo!\Assistant\Assist\Images\musiclink.bmp 1,064 bytes MD5: 0x928DF8E5F1ECD37EDF3CCE7B16C03E54
SHA-1: 0x3E762F53594FACE3F859F9336E780F6169E50158		 (not available)
35 %ProgramFiles%\Yahoo!\Assistant\Assist\Images\musictop.bmp 1,140 bytes MD5: 0x3015ECB6454CAD99534E7B282490C415
SHA-1: 0x684BCD42723F7A947F7AE5A481EBE0E38E735172		 (not available)
36 %ProgramFiles%\Yahoo!\Assistant\Assist\Images\picture.bmp 848 bytes MD5: 0x5E9E4375795DE9D7F086EE834F80FE8C
SHA-1: 0x1A683F2CAD6D7DC499C40545B9D1D895E276113F		 (not available)
37 %ProgramFiles%\Yahoo!\Assistant\Assist\Images\search.bmp 780 bytes MD5: 0x265E385AD39145D442FBE6C28DECCDE7
SHA-1: 0x6797F4EF3990A78B403A23D5FBE3C55548EDFA8C		 (not available)
38 %ProgramFiles%\Yahoo!\Assistant\Assist\Images\searchtop.bmp 828 bytes MD5: 0x9130F706E4CB2A4C57CD3B5E1290ABB2
SHA-1: 0xF5E1C0B3936C9A8DD27922099BB08E051C75BD04		 (not available)
39 %ProgramFiles%\Yahoo!\Assistant\Assist\Images\settings.bmp 1,020 bytes MD5: 0x71EEF2D862E69BFA0CBC289D5AEF5ABF
SHA-1: 0x145A73546766B0199CB1C0ADCFEFE9F450F3569C		 (not available)
40 %ProgramFiles%\Yahoo!\Assistant\Assist\Images\Thumbs.db 25,600 bytes MD5: 0x0F250A3B7759FBB614590B6340FB9316
SHA-1: 0x40F1D04B0FC66029C579B511ED03709D8F16432D		 (not available)
41 %ProgramFiles%\Yahoo!\Assistant\Assist\Images\yphtb.bmp 1,064 bytes MD5: 0x3A4CB8405E47DF8D607F4BC1413672D3
SHA-1: 0x91B140FCB3980125CD831921076C942E80E2FBF4		 (not available)
42 %ProgramFiles%\Yahoo!\Assistant\Assist\myrss.xml 23,002 bytes MD5: 0x8515CB0485166E988A8BEBDC89E7A393
SHA-1: 0x8AA4A8268850C588E190635DC7AF8755D9C3DE7A		 (not available)
43 %ProgramFiles%\Yahoo!\Assistant\Assist\SearchBar\prodef.ini
%ProgramFiles%\Yahoo!\Assistant\Assist\SearchBar\profile.ini 		5,083 bytes MD5: 0xDE7CBAC920766E9AD5A8F8D718A68C13
SHA-1: 0x4EED31DC839CB76B6593F0C831ADD2D85F2F0371		 (not available)
44 %ProgramFiles%\Yahoo!\Assistant\Assist\SecurityBar\prodef.ini
%ProgramFiles%\Yahoo!\Assistant\Assist\SecurityBar\profile.ini 		5,083 bytes MD5: 0xFE98F5A3DD66B21564A0291FC383BC2D
SHA-1: 0xD05100D850CE80DDE8D1090B542A9E0CC7A9B36E		 (not available)
45 %ProgramFiles%\Yahoo!\Assistant\Assist\sound.wav 2,162 bytes MD5: 0x313C8E4EFFF0B17C61C48AEC65D88D6A
SHA-1: 0xEB173998121443714C993E21CDCD5513DE2F93C6		 (not available)
46 %ProgramFiles%\Yahoo!\Assistant\Assist\Update\filter.ini 7,974 bytes MD5: 0xD35BEE361AE5E676B98F0DA4D879E03D
SHA-1: 0x3E2F75F2CC91D5C77DC332BB5850C118CB079FEB		 (not available)
47 %ProgramFiles%\Yahoo!\Assistant\Assist\Update\notify.wav 17,132 bytes MD5: 0x9A99222106590E258E430686765BAADB
SHA-1: 0x7A233DB0B1963580B6C73D4AFBF17BD987BA5AA1		 (not available)
48 %ProgramFiles%\Yahoo!\Assistant\Assist\Update\yadfilter.dll
%ProgramFiles%\Yahoo!\Assistant\Assist\yadfilter.dll 		53,248 bytes MD5: 0xB8D9CCC4ECF467939816259648DF8F48
SHA-1: 0xBFEFA325B7B511910C7CBA4FBAD9A94E582F7FEE		 (not available)
49 %ProgramFiles%\Yahoo!\Assistant\Assist\Update\yasbar.dll 221,184 bytes MD5: 0x8399A59C4AF41950CABACAF31C5315E5
SHA-1: 0xE7DB844828E644B4B5C0C8A883CA7FF68C15B4C4		 AdWare.YASS [Ikarus]
50 %ProgramFiles%\Yahoo!\Assistant\Assist\Update\yasmenu.dll
%ProgramFiles%\Yahoo!\Assistant\Shell\yAsMenu.dll 		49,152 bytes MD5: 0x07B979C15F9A34E0EE45DA9EBF3589F4
SHA-1: 0x7F2F04C1F7592FC841A8E839D5AEED0781528A6A		 (not available)
51 %ProgramFiles%\Yahoo!\Assistant\Assist\Update\yassistex.dll
%ProgramFiles%\Yahoo!\Assistant\Assist\yassistex.dll 		28,672 bytes MD5: 0x7467631429E9CD90515F267AC9E33D2F
SHA-1: 0x829A66085233369CD25623E43B48BD425082BBDA		 (not available)
52 %ProgramFiles%\Yahoo!\Assistant\Assist\Update\yassistse.exe
%ProgramFiles%\Yahoo!\Assistant\yassistse.exe 		65,536 bytes MD5: 0x945188EF5AAF2293BA121C809E826E48
SHA-1: 0x0D9DC9401EBB7978074980E907AC1B3ECA6A29C5		 (not available)
53 %ProgramFiles%\Yahoo!\Assistant\Assist\Update\yieangel.dll
%ProgramFiles%\Yahoo!\Assistant\Shell\yIEAngel.dll 		24,576 bytes MD5: 0xDD2B007A2F0EECD06DADA5E068C85B29
SHA-1: 0x4ED2FD488E2D2F9ECC248760258D1B62735153B7		 (not available)
54 %ProgramFiles%\Yahoo!\Assistant\Assist\Update\ymenuinfo.dll
%ProgramFiles%\Yahoo!\Assistant\Shell\yMenuInfo.dll 		36,864 bytes MD5: 0x7A018A07AF5FFE730806C9E05E3768A5
SHA-1: 0xD1941CE6C2768E276BDE84A79CE3B5486FC069A8		 (not available)
55 %ProgramFiles%\Yahoo!\Assistant\Assist\Update\yphishbrule.dat 7,813 bytes MD5: 0x506D01D1046418945C29E1ADA444DF4F
SHA-1: 0x3F6F36BFD2B528781F2410BFA511625618F74EA2		 (not available)
56 %ProgramFiles%\Yahoo!\Assistant\Assist\Update\yphishrule.dat
%ProgramFiles%\Yahoo!\Assistant\Assist\yphishrule.dat 		14,186 bytes MD5: 0xA24495C4CBA3DAB699268A2D09F9342F
SHA-1: 0x33E1DB1F3E1512B0A6435DA9515576A844BCFFF2		 (not available)
57 %ProgramFiles%\Yahoo!\Assistant\Assist\Update\yrepair.dll
%ProgramFiles%\Yahoo!\Assistant\Assist\yrepair.dll 		262,144 bytes MD5: 0x56A2C58318E577AC801F67C79DD40DE4
SHA-1: 0x386566F2C096499DD51D24031CD49774F1D8DD4C		 Virus.Win32.Zskiller [Ikarus]
Win-Trojan/Zskiller.262144 [AhnLab]
58 %ProgramFiles%\Yahoo!\Assistant\Assist\Update\ywiper.dll
%ProgramFiles%\Yahoo!\Assistant\Assist\ywiper.dll 		245,760 bytes MD5: 0xF86FC6A3993D8BC7FB7CD11CD6EC340D
SHA-1: 0x495EE35FC55C4C4AC944084B528DD255F3DCC62C		 (not available)
59 %ProgramFiles%\Yahoo!\Assistant\Assist\yadwreg.dll 24,576 bytes MD5: 0x40BCB9971BB16B3EA7669B816DCE2047
SHA-1: 0x7BA2D687855D66C04CE5AD4D367BB94729DD22EC		 (not available)
60 %ProgramFiles%\Yahoo!\Assistant\Assist\yalive.dll
%ProgramFiles%\Yahoo!\Assistant\YAlive.dll 		266,240 bytes MD5: 0x15C25C7FD3042735B09604EAB988BE26
SHA-1: 0x4FD747B62BA170F24AA89F192B19A0119A36A42C		 Adware.Gen [Symantec]
AdWare.YASS [Ikarus]
61 %ProgramFiles%\Yahoo!\Assistant\Assist\yangling.dll 176,128 bytes MD5: 0x762D12DD436673F73D2E70C30FD1DC3A
SHA-1: 0x41BCAEBBC9073907495C10946376C6F9CA179027		 (not available)
62 %ProgramFiles%\Yahoo!\Assistant\Assist\yasbar.dll 229,376 bytes MD5: 0xF3B9B277D39CB44D5EAF54E7B6E8BC05
SHA-1: 0xC3250AF3643EE325D40660B3BDC56753CA0A8F26		 AdWare.YASS [Ikarus]
63 %ProgramFiles%\Yahoo!\Assistant\Assist\yasbar.dll.1.log 63 bytes MD5: 0xA889DFF08183279F4DD5AD570D539C98
SHA-1: 0xA0FA08A467C1FFD89E842FF16B329F86C6B9B06E		 (not available)
64 %ProgramFiles%\Yahoo!\Assistant\Assist\yascenter.exe 86,016 bytes MD5: 0x4D81CB846092CB61EE43CF6DA24A8C86
SHA-1: 0xE9B27BF0F6C9154042EB31F3A3C3FEEBF972477D		 (not available)
65 %ProgramFiles%\Yahoo!\Assistant\Assist\yasierres.dll 258,048 bytes MD5: 0x3C065217B6B26EF4A952C9545A35DD41
SHA-1: 0xFF5B9384831AA9E5E43B2DD8D1D520AA3D4B606D		 (not available)
66 %ProgramFiles%\Yahoo!\Assistant\Assist\yasiesec.dll 217,088 bytes MD5: 0x1BF164AD9FEB0F839793884B1FCC9BDF
SHA-1: 0xBDA8DD70CD8608051D8989F048B676BE434B1C22		 (not available)
67 %ProgramFiles%\Yahoo!\Assistant\Assist\yaskpsec.dat 217 bytes MD5: 0x56560CD2A4BD09C9DB0C1F3981CBB2DE
SHA-1: 0xB4360DA1F44C8EC717C952D971B4C2A783EC156F		 (not available)
68 %ProgramFiles%\Yahoo!\Assistant\Assist\yasnoad.dll 122,880 bytes MD5: 0x03335A9453324628C67DBD8632805056
SHA-1: 0x678BFD091080DB59C244988194B54CD37F1CF3FD		 (not available)
69 %ProgramFiles%\Yahoo!\Assistant\Assist\yassecblk.dll
%ProgramFiles%\Yahoo!\Assistant\Shell\yAssecblk.dll 		49,152 bytes MD5: 0xF871C46035FEC59BA2BD0A944B1368A9
SHA-1: 0xD8470FD005A95791E8DAF168765B9FA78D5F6028		 (not available)
70 %ProgramFiles%\Yahoo!\Assistant\Assist\yassisres.dll 45,056 bytes MD5: 0x8D961952E67D9BA9AB2623A42247A456
SHA-1: 0xDB8FCF894F58CDD9EDD1AF95ECCDC59DCEFC3FBA		 (not available)
71 %ProgramFiles%\Yahoo!\Assistant\Assist\yassist.dll 65,536 bytes MD5: 0x06D747DBBE6F8F22752E515D9A9CA8B1
SHA-1: 0xF7C63B5B04FDC35FA0D3F1168370774208379304		 (not available)
72 %ProgramFiles%\Yahoo!\Assistant\Assist\yassistn.ini 2,449 bytes MD5: 0x3E82B55650304CF9C3A708FA452B019F
SHA-1: 0xCEF3EC9B4464964B7B25A231CF96265658D74357		 (not available)
73 %ProgramFiles%\Yahoo!\Assistant\Assist\yassistnsw.ini 7,024 bytes MD5: 0x3646506AEC3F01852A7F5F4DEDE41F2E
SHA-1: 0xBE6E2E5CB4EC1F6199840B887954E2A0E6CA4226		 (not available)
74 %ProgramFiles%\Yahoo!\Assistant\Assist\yaswiper.dll 131,072 bytes MD5: 0x631F5C1E5F7F4A864798EB606B2D4549
SHA-1: 0x4AFDE3F421E187CDE6CFA5E20A7663330CFE1BF5		 (not available)
75 %ProgramFiles%\Yahoo!\Assistant\Assist\ycnsdtu.dll 24,576 bytes MD5: 0x680675149FF48EE4C724F3C51ACCF51D
SHA-1: 0x9E18BC1626F4EB83D4B8FEA2622F417FCF382C11		 Generic.dx!bdgf [McAfee]
not-a-virus:AdWare.Win32.Agent [Ikarus]
Win-Trojan/Xema.variant [AhnLab]
76 %ProgramFiles%\Yahoo!\Assistant\Assist\ydragsearch.dll 49,152 bytes MD5: 0x4FE1D699A4F256F3D359E3E93268F592
SHA-1: 0x4651662E172E38F3EDD9327FB0DF67188E7D9AF9		 (not available)
77 %ProgramFiles%\Yahoo!\Assistant\Assist\yeheocx.dll 102,400 bytes MD5: 0x577A843DCAF3FEAC68B8C364775582F8
SHA-1: 0xE459265BD01024577F3FC9ACE8A9F3A9C8E5B367		 (not available)
78 %ProgramFiles%\Yahoo!\Assistant\Assist\ykeepmain.dll 36,864 bytes MD5: 0x4C708BF950C7CF594727442DF25BAD53
SHA-1: 0x3A68A47C865084DABFAFE3869D8D5B44C89B746E		 Trojan-Spy.Cnsmin [Ikarus]
79 %ProgramFiles%\Yahoo!\Assistant\Assist\yoptimum.dll 53,248 bytes MD5: 0xAF281CDB575E4CD6661A4E5008604C5A
SHA-1: 0x84DDC6207F51A6E099A0631C22C0F4E12591C36F		 (not available)
80 %ProgramFiles%\Yahoo!\Assistant\Assist\yphishbrule.dat 7,471 bytes MD5: 0xF90C99AB20C455629D6CAE48A1F59CA6
SHA-1: 0x8F1556351E07C33A2546DDCC0C52AEBBA70C985E		 (not available)
81 %ProgramFiles%\Yahoo!\Assistant\Assist\yphotoseasy.dll 94,208 bytes MD5: 0xFC23A295E9551D09548D85F7A11EDA96
SHA-1: 0x0CAD23F2A04683861FA6416CC30F1468872C8C98		 (not available)
82 %ProgramFiles%\Yahoo!\Assistant\Assist\yphtb.dll 114,688 bytes MD5: 0xDCD6D3B9E6D433DB94AD0B0737252280
SHA-1: 0x1797E7675A4275C1AA7AAAEFD1D3618036496B7F		 (not available)
83 %ProgramFiles%\Yahoo!\Assistant\Assist\yrss.dll 188,416 bytes MD5: 0xEA99A1BC4948C55C35784A1EC61FDFF2
SHA-1: 0xBADFF63937115E04F9E694367AEEFCB35664078C		 (not available)
84 %ProgramFiles%\Yahoo!\Assistant\Assist\ysettings.dll 147,456 bytes MD5: 0xF1843BA52FC3ECE631E070119FE45089
SHA-1: 0xBEEDDF5D55A6904C893995DCB021B88C9650291A		 (not available)
85 %ProgramFiles%\Yahoo!\Assistant\Assist\yuninst.dll 143,360 bytes MD5: 0x20E25648B9D678BD8252C4B45F9CEF68
SHA-1: 0x56EDAD507E4441056278D24DAA24C308921B5973		 (not available)
86 %ProgramFiles%\Yahoo!\Assistant\Assist\yxpstyle.dll 28,672 bytes MD5: 0x5301C2D2C21BB18B03358984631440D0
SHA-1: 0x3AE40C514193016ECA3465BF6CB2DCB8C45002E5		 (not available)
87 %ProgramFiles%\Yahoo!\Assistant\Assist\yzsnetproto.dll 98,304 bytes MD5: 0x01C79FE9AD500A29EB3359ADA5451771
SHA-1: 0xD594C20545BD600204C6D7A53BB4C5F0D07F9D25		 (not available)
88 %ProgramFiles%\Yahoo!\Assistant\Update\yalfix.dll 114,688 bytes MD5: 0x3B5BDE82A44FFE10917369FB0A961FE0
SHA-1: 0x417F9176EDADEA802416B03DA480AC49E21B51C1		 (not available)
89 %ProgramFiles%\Yahoo!\Assistant\Update\yalive.dll 118,784 bytes MD5: 0x5CA134CECCC734228C4E838630D2E044
SHA-1: 0xA010A0A5767934AF06DB29062AEB18B82C2863A2		 AdWare.YASS [Ikarus]
90 %ProgramFiles%\Yahoo!\Assistant\Update\yhelper.dll 36,864 bytes MD5: 0xA49BF3C3A8F63FB56BDA473F5BE17810
SHA-1: 0x47BC62E7F5AA5991FEE59A8EFA952F291D77B288		 (not available)
91 %ProgramFiles%\Yahoo!\Assistant\Update\ylive.exe 20,480 bytes MD5: 0x434963640E18A2DAA41B7BEB8DF5CF92
SHA-1: 0xD0A6E89AE754B40BD4761616F925918074D64FA6		 (not available)
92 %ProgramFiles%\Yahoo!\Assistant\Update\yscrblock.dll
%ProgramFiles%\Yahoo!\Assistant\yscrblock.dll 		40,960 bytes MD5: 0xCA3BE5A33BA3579DD704524624357E1C
SHA-1: 0xEE80748F4DB1F53582EB068750EE6D491A31CCC2		 (not available)
93 %ProgramFiles%\Yahoo!\Assistant\YAlive.dll.1.log 7,335 bytes MD5: 0xBE05C63AECA1B0AE22535CBB9835B5F8
SHA-1: 0x293F0F98B9C2D8E513D596B060682B58EFA988AF		 (not available)
94 %ProgramFiles%\Yahoo!\Assistant\YAlive.dll.2.log 8,196 bytes MD5: 0x5A1E25C97E45EBC94067F231364A31B4
SHA-1: 0xB145C680A6BEB99C44ABD090A01D452B5BBAFB6F		 (not available)
95 %ProgramFiles%\Yahoo!\Assistant\yalive.ini 845 bytes MD5: 0xBFB7E98AF40394AE8E7E83B3E32C21AD
SHA-1: 0x311589F9FD4B1AF50020FE75759007961A46BEA3		 (not available)
96 %ProgramFiles%\Yahoo!\Assistant\yalliveex.dll 126,976 bytes MD5: 0xE591953005A7755BB61A60FA75F8CBEF
SHA-1: 0x9BE44B0D475416C05DDE82DF7419019080D2FC52		 (not available)
97 %ProgramFiles%\Yahoo!\Assistant\yalvsw.ini 816 bytes MD5: 0xF8A529096FE6E856528FF20A6684DBFD
SHA-1: 0xE85B8A07B141D3BF977916245596FEE0FEE87D31		 (not available)
98 %ProgramFiles%\Yahoo!\Assistant\yhelper.dll 32,768 bytes MD5: 0x41F7272AAF8478ADFCA404735682A42D
SHA-1: 0x3F45A35C9136DD7AE2EFA2FBCCBB8C72C75496F5		 Generic PUP.z!ir [McAfee]
99 %ProgramFiles%\Yahoo!\Assistant\ylive.exe 20,480 bytes MD5: 0xE681DDADAA9496E70084BDA343AD5EFE
SHA-1: 0xB92BBC9AD0D683C2D2BEB3A75A5A8A64540F2D69		 Adware.Gen [Symantec]
Generic.mfr!ba [McAfee]
Win32.AdWare.RT [Ikarus]
100 %ProgramFiles%\Yahoo!\Assistant\ynotifier.dll 94,208 bytes MD5: 0x4E398123AD8FD890DAB2E618A8A8177E
SHA-1: 0x6F45DA115045CAA71935DE017EF21A6E0948DBB2		 (not available)

 

Registry Modifications

 

Other details

Remote HostPort Number
202.165.100.10380
202.165.100.10580
202.165.100.10680
202.165.100.10780
202.165.102.20580
203.209.234.23780
203.209.234.24580
216.34.207.17680
216.34.207.17780

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2013 ThreatExpert. All rights reserved.