Service
Service load: 	
0% 	  	  	100%
File: 	unimed.scr
Status: 	
INFECTED/MALWARE
MD5 	1697a95cfc05a3afff892a9e80321495
Packers detected: 	
PETITE
Scanner results
AntiVir 	Found nothing
ArcaVir 	Found nothing
Avast 	Found nothing
AVG Antivirus 	Found Downloader.Delf.11.T
BitDefender 	Found nothing
ClamAV 	Found nothing
Dr.Web 	Found nothing
F-Prot Antivirus 	Found nothing
Fortinet 	Found nothing
Kaspersky Anti-Virus 	Found Trojan-Downloader.Win32.Dadobra.lw
NOD32 	Found nothing
Norman Virus Control 	Found Sandbox: W32/Downloader; [ General information ]

* File might be compressed.
* Decompressing Petite.
* Creating several executable files on hard-drive.
* File length: 47365 bytes.

[ Changes to filesystem ]
* Creates file C:\windows\iexplore.exe.
* Creates file C:\windows\regcleaner.exe.

[ Changes to registry ]
* Creates value "Windows Host Process Cleaner"="c:\windows\regcleaner.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

[ Network services ]
* Downloads file from http://trabalharonliner.com.sapo.pt/dados/dados1.dat as c:\windows\iexplore.exe.
* Downloads file from http://trabalhaonliner2.com.sapo.pt/dados/dados1.dat as c:\windows\iexplore.exe.
* Downloads file from http://trabalhaonliner3.com.sapo.pt/dados/dados1.dat as c:\windows\iexplore.exe.
* Downloads file from http://trabalhaonliner4.com.sapo.pt/dados/dados1.dat as c:\windows\iexplore.exe.
* Downloads file from http://trabalhaonliner5.com.sapo.pt/dados/dados1.dat as c:\windows\iexplore.exe.
* Downloads file from http://trabalharonliner.com.sapo.pt/dados/svdados.dat as c:\windows\regcleaner.exe.
* Downloads file from http://trabalhaonliner2.com.sapo.pt/dados/svdados.dat as c:\windows\regcleaner.exe.
* Downloads file from http://trabalhaonliner3.com.sapo.pt/dados/svdados.dat as c:\windows\regcleaner.exe.
* Downloads file from http://trabalhaonliner4.com.sapo.pt/dados/svdados.dat as c:\windows\regcleaner.exe.
* Downloads file from http://trabalhaonliner5.com.sapo.pt/dados/svdados.dat as c:\windows\regcleaner.exe.

[ Security issues ]
* Starting downloaded file - potential security problem.

[ Process/window information ]
* Creates an event called .
* Will automatically restart after boot (I'll be back...).
UNA 	Found nothing
VirusBuster 	Found nothing
VBA32 	Found nothing