Packed.Win32.Krap.hm
Packed.Win32.Krap.hm is a harmful Trojan downloader that stealthily remains undetected on an infected computer or network. Packed.Win32.Krap.hm spreads via computer vulnerabilities or contaminated email attachments. Packed.Win32.Krap.hm will download other harmful Trojans onto the system once active and then urge the purchase of rogue software to remove these new threats. Packed.Win32.Krap.hm also changes the settings of windows for the active desktop to show malicious web content. Packed.Win32.Krap.hm should be removed immediately once detected.
Aliases
Packed.Win32.Krap (Ikarus)
Win-Trojan/Zbot.130048.AS (AhnLab)
PE_Patch.UPX (Kaspersky Lab)
Win-Trojan/Zbot.130048.AS (AhnLab)
PE_Patch.UPX (Kaspersky Lab)
File System Modifications
- The following files were created in the system:
# File Name 1 %AppData%\Roqo\suwo.exe 2 %AppData%\Ykfe\viyka.iva 3 %AppData%\Ykfe\viyka.tmp 4 %Temp%\tmpb3575bed.bat
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
I was able to do a system restore and it seemed to solve the problem. I looked in my registry for all the entries you listed and found none. I also searched for every other file you listed and found none as well. I guess I just wanted assurance that what I did solved my problem. Thanks