Home Malware Programs Malware Sus.Behav

Sus.Behav

Posted: June 26, 2009

Sus.Behav exhibits characteristics that are often associated with malware. Officially categorized as a file, Sus.Behav displays suspicious behavior and should definitely not be trusted. Some of the symptoms of being infected by Sus.Behav are corrupt files reopening after being deleted, missing registry files, annoying pop-up ads, changes in Internet settings, unwanted web browser components, and decreased system speeds.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 __c00135A8.dat
    2 alt.exe.exe
    3 av2009.exe
    4 CarbonitePreinstaller.exe
    5 CarboniteSetupLitePBPreInstaller.exe
    6 cbXPiFwT.dll
    7 ccleaner.exe
    8 DWRCS.EXE
    9 EntriqMediaServer.exe
    10 ERCUtil.dll
    11 FGSHEL~1.DLL
    12 fpfstb.dll
    13 opnonkhe.dll
    14 rqRiiHXQ.dll
    15 SpySweeperUI.exe
    16 tbaction.exe
    17 tuvVLcay.dll
    18 xfire.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 29247207685934936530823877733220HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ ccleanerHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINDOWS\APPINIT_DLLS\ AppInit_DLLsHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\NOTIFY\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__c00135A8HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\NOTIFY\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\opnonkheHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\NOTIFY\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\tuvVLcayHKEY..\..\..\..{RegistryKeys}RUNNING PROGRAM\DWRCS.EXERUNNING PROGRAM\EXPLORER.EXERUNNING PROGRAM\EntriqMediaServer.exeRUNNING PROGRAM\winlogon.exeRUNNING PROGRAM\xfire.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ CarboniteSetupLiteHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ PromoRegHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ SpySweeperHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ TBAction
Loading...