VCatch

Posted: March 28, 2006

This malware claims to be an anti-virus application, but don't believe it! It installs a bunch of malware applications instead and secretly monitors all your activity.

File System Modifications

The following files were created in the system:

# File Name

1 adp.exe

2 anticipator.dll

3 install.log

4 iucmore.dll

5 mcact.dll

6 ucmtsaie.dll

7 vcatch.exe

8 vcsetupnew.reg

9 vctadpi7099.exe

#	File Name
1	adp.exe
2	anticipator.dll
3	install.log
4	iucmore.dll
5	mcact.dll
6	ucmtsaie.dll
7	vcatch.exe
8	vcsetupnew.reg
9	vctadpi7099.exe

Registry Modifications

The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USERsoftwarecommonsearchHKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionHKEY_LOCAL_MACHINEsoftwareargainsinaryHKEY_LOCAL_MACHINEsoftwareargainsuildnumberHKEY_LOCAL_MACHINEsoftwareargainsaddataupdatequeryurlHKEY_LOCAL_MACHINEsoftwareargainsaddataversionHKEY_LOCAL_MACHINEsoftwareargainscbsearchengineflagHKEY_LOCAL_MACHINEsoftwareargainsconfigupdatequeryurlHKEY_LOCAL_MACHINEsoftwareargainsconfigversionHKEY_LOCAL_MACHINEsoftwareargainsfirsthitHKEY_LOCAL_MACHINEsoftwareargainsfirsthiturlHKEY_LOCAL_MACHINEsoftwareargainsidleminutesthresholdHKEY_LOCAL_MACHINEsoftwareargainslastcbtimeHKEY_LOCAL_MACHINEsoftwareargainslastquerytimeHKEY_LOCAL_MACHINEsoftwareargainsmaindirHKEY_LOCAL_MACHINEsoftwareargainsmaxdailycapperuserHKEY_LOCAL_MACHINEsoftwareargainsmaxdomaincapHKEY_LOCAL_MACHINEsoftwareargainsmincountofurlsbetweentwoadsHKEY_LOCAL_MACHINEsoftwareargainsminminutesbetweentwoadsHKEY_LOCAL_MACHINEsoftwareargainspartneridHKEY_LOCAL_MACHINEsoftwareargainspartnernameHKEY_LOCAL_MACHINEsoftwareargainsraceHKEY_LOCAL_MACHINEsoftwareargainsracepathHKEY_LOCAL_MACHINEsoftwareargainsservernameHKEY_LOCAL_MACHINEsoftwareargainsserverpathHKEY_LOCAL_MACHINEsoftwareargainsserverportHKEY_LOCAL_MACHINEsoftwareargainsuninstallHKEY_LOCAL_MACHINEsoftwareargainsuninstallurlHKEY_LOCAL_MACHINEsoftwareargainsuniquekeyHKEY_LOCAL_MACHINEsoftwareargainsuniquekeyurlHKEY_LOCAL_MACHINEsoftwareargainsupdatequerydurationHKEY_LOCAL_MACHINEsoftwareargainsupdatequeryfaileddurationHKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionappmanagementarpcachevcatch-thepersonalviruscatcherHKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstallvcatch-thepersonalviruscatcherHKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstallvcatch-theviruscatcherdisplaynameHKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstallvcatch-theviruscatcheruninstallstringHKEY_USERSs-1-5-21-1409082233-1390067357-1801674531-500softwarecommonsearchunvcatch

CommonSearchVCatch

VCatch

File System Modifications

Registry Modifications

Related Posts

Leave a Reply