Service Service load: 0% 100% File: unimed.scr Status: INFECTED/MALWARE MD5 1697a95cfc05a3afff892a9e80321495 Packers detected: PETITE Scanner results AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found Downloader.Delf.11.T BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Dadobra.lw NOD32 Found nothing Norman Virus Control Found Sandbox: W32/Downloader; [ General information ] * File might be compressed. * Decompressing Petite. * Creating several executable files on hard-drive. * File length: 47365 bytes. [ Changes to filesystem ] * Creates file C:\windows\iexplore.exe. * Creates file C:\windows\regcleaner.exe. [ Changes to registry ] * Creates value "Windows Host Process Cleaner"="c:\windows\regcleaner.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run". [ Network services ] * Downloads file from http://trabalharonliner.com.sapo.pt/dados/dados1.dat as c:\windows\iexplore.exe. * Downloads file from http://trabalhaonliner2.com.sapo.pt/dados/dados1.dat as c:\windows\iexplore.exe. * Downloads file from http://trabalhaonliner3.com.sapo.pt/dados/dados1.dat as c:\windows\iexplore.exe. * Downloads file from http://trabalhaonliner4.com.sapo.pt/dados/dados1.dat as c:\windows\iexplore.exe. * Downloads file from http://trabalhaonliner5.com.sapo.pt/dados/dados1.dat as c:\windows\iexplore.exe. * Downloads file from http://trabalharonliner.com.sapo.pt/dados/svdados.dat as c:\windows\regcleaner.exe. * Downloads file from http://trabalhaonliner2.com.sapo.pt/dados/svdados.dat as c:\windows\regcleaner.exe. * Downloads file from http://trabalhaonliner3.com.sapo.pt/dados/svdados.dat as c:\windows\regcleaner.exe. * Downloads file from http://trabalhaonliner4.com.sapo.pt/dados/svdados.dat as c:\windows\regcleaner.exe. * Downloads file from http://trabalhaonliner5.com.sapo.pt/dados/svdados.dat as c:\windows\regcleaner.exe. [ Security issues ] * Starting downloaded file - potential security problem. [ Process/window information ] * Creates an event called . * Will automatically restart after boot (I'll be back...). UNA Found nothing VirusBuster Found nothing VBA32 Found nothing