A malware (delete digital signatures ?)

http://camas.comodo.com/cgi-bin/submit?file=0eab65ec38ad18135611c2347bc110b6de534d6d6cb35aed54011488c47c562d

http://valkyrie.comodo.com/Result.html?sha1=6b270e59c618460f31ca24d0c7e7cfe0eb8ef2b8&&query=1&&filename=4nkmvj2cb1ltvwsnzpoxpa.exe

2. Problem:
   (1) CIS does not protect the registry key

HKLM\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}

(2) The digital signaures of many executables in my PC disappeared after I had run the malware.

(3) comodo can not run (report attached)

3.Environment:
Windows XP Pro SP3 32bit

[attachment deleted by admin]

1. I successfully fixed the PC by the following command-line.

regsvr32.exe “C:\WINDOWS\system32\wintrust.dll”

2. Now, I have added this line to the protected registry keys.

*\Software\Microsoft\Cryptography*

717×646 57.1 KB

How was CIS configured for your tests? Does this bypass all levels of the BB?

1. inject code to the explorer.exe:
   bypass partially limited, limited, restricted and HIPS
   (Maybe it is for XP 32bit only)

1024×768 145 KB

2. delete the registry keys:
   bypass the default HIPS rules

1. The sandbox level was set as “untrusted” (with the default HIPS rules)

2. I double clicked on the malware and it was BBed as untrusted.

3. I restarted the system.

4. comodo can not run and CIS can not be fixed by it. (report attached)

1024×768 705 KB

5. I opend the killswitch.

1024×768 126 KB

[attachment deleted by admin]

What about FV?

1. inject code to the explorer.exe:

“fully virtualized” can block it

2. delete the registry keys:

“fully virtualized” can block it (redirection)

What about BB disabled and Defense+ in Paranoid Mode ?

The problem is that the protected registry keys (default) does not contain this line.

*\Software\Microsoft\Cryptography*

DefenseWall log file

02.23.2013 10:37:36, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Open process memory allocation error (Memory)

02.23.2013 10:37:36, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to open process C:\WINDOWS\explorer.exe (Process)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Message{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Signature{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Certificate{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\FinalPolicy{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Cleanup{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Initialization{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Message{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Signature{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Certificate{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\FinalPolicy{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Cleanup{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Initialization{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Message{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Signature{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Certificate{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\FinalPolicy{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Cleanup{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg{DE351A42-8E59-11D0-8C47-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg{DE351A42-8E59-11D0-8C47-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg{DE351A42-8E59-11D0-8C47-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData{DE351A42-8E59-11D0-8C47-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData{DE351A42-8E59-11D0-8C47-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg{C689AABA-8E78-11D0-8C47-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg{C689AABA-8E78-11D0-8C47-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg{C689AABA-8E78-11D0-8C47-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData{C689AABA-8E78-11D0-8C47-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData{C689AABA-8E78-11D0-8C47-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg{C689AAB9-8E78-11D0-8C47-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg{C689AAB9-8E78-11D0-8C47-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg{C689AAB9-8E78-11D0-8C47-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData{C689AAB9-8E78-11D0-8C47-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData{C689AAB9-8E78-11D0-8C47-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg{DE351A43-8E59-11D0-8C47-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg{DE351A43-8E59-11D0-8C47-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg{DE351A43-8E59-11D0-8C47-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData{DE351A43-8E59-11D0-8C47-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData{DE351A43-8E59-11D0-8C47-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\ (Registry)

02.23.2013 10:37:27, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\ (Registry)

02.23.2013 10:37:26, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15\ (Registry)

02.23.2013 10:37:26, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject#2004\ (Registry)

02.23.2013 10:37:26, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.25\ (Registry)

02.23.2013 10:37:26, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject#2008\ (Registry)

02.23.2013 10:37:26, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.20\ (Registry)

02.23.2013 10:37:26, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject#2009\ (Registry)

02.23.2013 10:37:26, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.28\ (Registry)

02.23.2013 10:37:26, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject#2005\ (Registry)

02.23.2013 10:37:26, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.30\ (Registry)

02.23.2013 10:37:26, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject#2130\ (Registry)

02.23.2013 10:37:26, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.4\ (Registry)

02.23.2013 10:37:26, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject#2003\ (Registry)

02.23.2013 10:37:26, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.10\ (Registry)

02.23.2013 10:37:26, module C:\virus\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa\4nkmvj2cb1ltvwsnzpoxpa.exe, Attempt to delete key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject#2000\ (Registry)

Can you test this in Windows 7 32 and 64 Bit? Thanks.