Trojan.StartPage1.8607

Technical Information

Malicious functions:

Creates and executes the following:

'%TEMP%\GLB3.tmp' /s -silent -DefaultSearch=TRUE -StartPage=TRUE4736 %PROGRAM_FILES%\Webteh\BSplayer\bsptb.exe
'%PROGRAM_FILES%\Webteh\BSplayer\codecmanager.exe' /STARTCHKF
'%PROGRAM_FILES%\Webteh\BSplayer\bsplayer.exe'
'%PROGRAM_FILES%\Webteh\BSplayer\bsptb.exe' /s -silent -DefaultSearch=TRUE -StartPage=TRUE
'%TEMP%\RarSFX0\WinborgXP-App-Installer.exe'
'%TEMP%\RarSFX0\BSplayer_setup.exe' /S
'%PROGRAM_FILES%\Webteh\BSplayer\bsplayer.exe' "-SLNG" "English" "S" "4" "V"

Executes the following:

'<SYSTEM32>\wbem\wmiadap.exe' /R /T

Sets a new unauthorized home page for Windows Internet Explorer.

Modifies file system :

Creates the following files:

%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\busy.mng
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\ctrlsimg.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\dvdsec.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btnrestu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btnshufa.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btnshufn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\img_bar1.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\ltbm.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\ml_video_defaultbg.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\dvdsec_big.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\edb.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\ede.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btnplayn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btnplayu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btnprevd.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btnpausen.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btnpauseu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btnplayd.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btnrepn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btnrestd.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btnrestn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btnprevn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btnprevu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btnrepa.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\main.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\othersec.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\pic_place.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\podsec.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\ml_playu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\ml_refrn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\ml_refru.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\searchbtn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\seek.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\seekbg.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\podsec_big.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\radiosec.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\radiosec_big.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\ml_addfln.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\ml_addflu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\ml_addfn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\media_tv_sep_top.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\ml_adddn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\ml_adddu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\ml_pausen.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\ml_pauseu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\ml_playn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\ml_addfu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\ml_addln.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\ml_addlu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btnpaused.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\sm_closed.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\sm_closeu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\sm_closen.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\volume.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\volun.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\voluu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\sm_mind.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\sm_minu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\sm_minn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\sm_maxd.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\sm_maxu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\sm_maxn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\skin.ini
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\skinfs.ini
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\stopd.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\rgnfs.dat
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\seek.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\seeku.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\voldn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\voldu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\volud.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\stopn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\stopu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\voldd.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\smenud.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btnmaxd.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btnmaxn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btnmaxu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btnclosed.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btnclosen.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btncloseu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btnnextd.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btnnextn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btnnextu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btnmind.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btnminn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btnminu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\arr2u.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\arrn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\arru.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\smenuu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\smenun.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\arr2n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\bottomsec.ini
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btnaddn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btnaddpln.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\audiosec.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\audiosec_big.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\bgmedia.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\seekbtnd.bmp
%PROGRAM_FILES%\Webteh\BSplayer\lang\Turkish.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Serbian (Latin).lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Serbian (Cyrillic).lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Breton.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Croatian.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Uzbek.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Catalan.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Esperanto.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Belarusian.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Macedonian.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Lithuanian.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Hebrew.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Bulgarian.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Chinese_Simplified.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Chinese_Traditional.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Ukrainian.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Portuguese_Brazilian.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Dutch.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Russian.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Portuguese.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Estonian.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Galician.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Slovak.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\French.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Bosnian.lng
%TEMP%\~GLH0000.TMP
%TEMP%\GLI9.tmp
%TEMP%\~GLH0001.TMP
%TEMP%\GLC4.tmp
%TEMP%\GLM5.tmp
%TEMP%\GLG7.tmp
%PROGRAM_FILES%\BS_Player\~GLH0005.TMP
%PROGRAM_FILES%\Conduit\Community Alerts\~GLH0006.TMP
%PROGRAM_FILES%\BS_Player\INSTALL.LOG
%PROGRAM_FILES%\BS_Player\~GLH0002.TMP
%PROGRAM_FILES%\BS_Player\~GLH0003.TMP
%PROGRAM_FILES%\BS_Player\~GLH0004.TMP
%PROGRAM_FILES%\Webteh\BSplayer\lang\Arabic.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Arabic2.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Valenciа.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Danish.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Norwegian.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Latvian.lng
%PROGRAM_FILES%\Webteh\BSplayer\uninstall.EXE
%APPDATA%\BSplayer\BSplayer.xml
%TEMP%\GLB3.tmp
%PROGRAM_FILES%\Webteh\BSplayer\lang\Swedish.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\lang_changes.txt
%PROGRAM_FILES%\Webteh\BSplayer\Media\Umek - Posing As Me clip.mp3
%PROGRAM_FILES%\Webteh\BSplayer\lang\Italian.lng
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\install.rdf
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\version.txt
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\chrome\bs_player.jar
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btnrefresha.bmp
%TEMP%\nso2.tmp\exdll.dll
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\chrome.manifest
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\ConduitToolbar.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\ConduitToolbar.xpt
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\ConduitAutoCompleteSearch.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\ConduitAutoCompleteSearch.xpt
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\ConduitToolbar.idl
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\thumbaudio.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\thumbbg.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\thumbbga.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\seekbtnn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\seekbtnu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\skin.ini
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\videosec_big.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\volume.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\btnrefreshn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\tvsec.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\tvsec_big.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\medialib\videosec.bmp
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.xpt
%PROGRAM_FILES%\Webteh\BSplayer\lang\English.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Finnish.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Greek.lng
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\searchplugin\conduit.xml
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\setup.ini
%PROGRAM_FILES%\Webteh\BSplayer\lang\German.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Slovenian.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Spanish.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Czech.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Hungarian.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Polish.lng
%PROGRAM_FILES%\Webteh\BSplayer\lang\Romanian.lng
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\defaults\fbAlert.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\lib\xpcom.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\META-INF\manifest.mf
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.xpt
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\defaults\default_radio_skin.xml
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\searchplugin\conduit.ico
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\searchplugin\conduit.PNG
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\searchplugin\conduit.src
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\META-INF\zigbert.rsa
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\META-INF\zigbert.sf
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\searchplugin\conduit.gif
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\rgn.dat
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\b5u.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\b6n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\b7n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\b5a.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\b5d.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\b5n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\btncolorn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\btngrp1bg.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\btnmenun.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\b8.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\b8n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\balbtnn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\b2u.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\b3a.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\b3d.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\b1n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\b1u.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\b2n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\b4d.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\b4n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\b4u.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\b3n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\b3u.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\b4a.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\btnmenuu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exabtn3n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exabtn3u.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exabtn4n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exabtn1u.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exabtn2n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exabtn2u.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exaudiou.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exdbtn1n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exdbtn1u.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exabtn4u.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exaudioa.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exaudion.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\btn_un.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\eq.ini
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\eqbtn1a.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\btn_dn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\btn_ln.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\btn_rn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\eqbtnn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\eqmain.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exabtn1n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\eqbtn1n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\eqbtn2n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\eqbtn2u.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\actvolbg.bmp
%PROGRAM_FILES%\Webteh\BSplayer\mmkeybsupp.dll
%PROGRAM_FILES%\Webteh\BSplayer\bspfilters.sam
%PROGRAM_FILES%\Webteh\BSplayer\bsptb.exe
%PROGRAM_FILES%\Webteh\BSplayer\bspadmin.exe
%PROGRAM_FILES%\Webteh\BSplayer\changes.txt
%PROGRAM_FILES%\Webteh\BSplayer\bsrendv2.dll
%PROGRAM_FILES%\Webteh\BSplayer\sdk\plugins\bspplg.pas
%PROGRAM_FILES%\Webteh\BSplayer\sdk\plugins\C\Sample\sampleplugin.c
%PROGRAM_FILES%\Webteh\BSplayer\sdk\plugins\C\Sample\sample_plugin.def
%PROGRAM_FILES%\Webteh\BSplayer\sdk\bsp.pas
%PROGRAM_FILES%\Webteh\BSplayer\sdk\bsp.h
%PROGRAM_FILES%\Webteh\BSplayer\sdk\plugins\bspplg.h
%TEMP%\RarSFX0\icon.ico
%TEMP%\nso2.tmp\cbar_logo.bmp
%TEMP%\nso2.tmp\otheropt.ini
%TEMP%\RarSFX0\BSplayer_setup.exe
%TEMP%\RarSFX0\WinborgXP-App-Installer.exe
%TEMP%\RarSFX0\WinborgXP-App-Installer.au3
%PROGRAM_FILES%\Webteh\BSplayer\bsplay.exe
%PROGRAM_FILES%\Webteh\BSplayer\bplay.exe
%PROGRAM_FILES%\Webteh\BSplayer\codecmanager.exe
%TEMP%\nso2.tmp\plg.ini
%TEMP%\nso2.tmp\dlg2.ini
%PROGRAM_FILES%\Webteh\BSplayer\bsplayer.exe
%PROGRAM_FILES%\Webteh\BSplayer\sdk\plugins\C\Sample\sample_plugin.dsp
%PROGRAM_FILES%\Webteh\BSplayer\insfiles\BSPMLIB2.DAT
%PROGRAM_FILES%\Webteh\BSplayer\insfiles\EQ.xml
%APPDATA%\BSplayer\bslib\BSPMLIB.DAT
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Bat lite.bsz
%PROGRAM_FILES%\Webteh\BSplayer\Skins\BSplayer.v1.bsz
%PROGRAM_FILES%\Webteh\BSplayer\insfiles\BSPMLIB.DAT
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\actaspbg.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\actsubbg.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\actsubpbg.bmp
%APPDATA%\BSplayer\bslib\BSPMLIB2.DAT
%APPDATA%\BSplayer Pro\EQ.xml
%PROGRAM_FILES%\Webteh\BSplayer\bslib\bslib.dll
%PROGRAM_FILES%\Webteh\BSplayer\sdk\plugins\C\sample_subtitles\sample_subtitles.dsp
%PROGRAM_FILES%\Webteh\BSplayer\sdk\plugins\C\sample_subtitles\sample_subtitles.dsw
%PROGRAM_FILES%\Webteh\BSplayer\sdk\plugins\Delphi\sample\sample_plugin.dpr
%PROGRAM_FILES%\Webteh\BSplayer\sdk\plugins\C\Sample\sample_plugin.dsw
%PROGRAM_FILES%\Webteh\BSplayer\sdk\plugins\C\sample_subtitles\sample_sub.c
%PROGRAM_FILES%\Webteh\BSplayer\sdk\plugins\C\sample_subtitles\sample_sub.def
%PROGRAM_FILES%\Webteh\BSplayer\plugins\oldskin.dll
%PROGRAM_FILES%\Webteh\BSplayer\Skins\MediaBOX V-2.bsz
%PROGRAM_FILES%\Webteh\BSplayer\Skins\mediaBOX v-1.bsz
%PROGRAM_FILES%\Webteh\BSplayer\sdk\plugins\Delphi\sample_subtitles\sample_sub.dpr
%PROGRAM_FILES%\Webteh\BSplayer\doc\ini_files.html
%PROGRAM_FILES%\Webteh\BSplayer\doc\cmdline.txt
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exdbtn2n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsplayu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsprevd.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsprevn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fspauseu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsplayd.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsplayn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsstopd.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsstopn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsstopu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsprevu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsseek.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsseeku.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsn.BMP
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsnextd.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsnextn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsb5n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsb5u.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsmain.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsopenu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fspaused.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fspausen.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsnextu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsopend.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsopenn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\pausen.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\pauseu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\playd.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\openn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\openu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\paused.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\prevd.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\prevn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\prevu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\playn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\playu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\plist.ini
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\minimizeu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\mutea.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\muted.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\grp2.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\main.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\minimizen.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\nextn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\nextu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\opend.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\muten.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\muteu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\nextd.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsb5d.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\extvn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\extvu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exvbtn1a.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exradiou.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\extbg.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\extva.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exvbtn3n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exvbtn3u.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exvbtn4n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exvbtn1n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exvbtn2n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exvbtn2u.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exdbtn4n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exdbtn4u.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exdvda.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exdbtn2u.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exdbtn3n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exdbtn3u.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exitu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exradioa.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exradion.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exdvdn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exdvdu.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exitn.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exvbtn4u.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsb2d.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsb2n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsb2u.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsb1d.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsb1n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsb1u.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsb4d.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsb4n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsb4u.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsb3d.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsb3n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsb3u.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exvbtn6u.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exvbtn7n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exvbtn7u.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exvbtn5n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exvbtn5u.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exvbtn6n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exvideon.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exvideou.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\fsactbg.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exvbtn8n.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exvbtn8u.bmp
%PROGRAM_FILES%\Webteh\BSplayer\Skins\Base\exvideoa.bmp

Deletes the following files:

%TEMP%\GLF8.tmp
%TEMP%\GLC4.tmp
%TEMP%\GLM5.tmp
%TEMP%\GLG7.tmp
%TEMP%\GLI9.tmp

Moves the following files:

from %PROGRAM_FILES%\BS_Player\~GLH0004.TMP to %PROGRAM_FILES%\BS_Player\BS_PlayerToolbarHelper.exe
from %PROGRAM_FILES%\BS_Player\~GLH0005.TMP to %PROGRAM_FILES%\BS_Player\tbBS_P.dll
from %PROGRAM_FILES%\Conduit\Community Alerts\~GLH0006.TMP to %PROGRAM_FILES%\Conduit\Community Alerts\Alert.dll
from %PROGRAM_FILES%\BS_Player\~GLH0003.TMP to %PROGRAM_FILES%\BS_Player\toolbar.cfg
from %TEMP%\~GLH0000.TMP to %TEMP%\GLF8.tmp
from %TEMP%\~GLH0001.TMP to %TEMP%\GLFA.tmp.tbBS_P.dll
from %PROGRAM_FILES%\BS_Player\~GLH0002.TMP to %PROGRAM_FILES%\BS_Player\UNWISE.EXE

Network activity:

Connects to:

'localhost':1039
'cd#.##player.com':80

TCP:

HTTP GET requests:

cd#.##player.com/xgi/dsfilter.xml?wi################

UDP:

DNS ASK us###.conduit.com
DNS ASK cd#.##player.com

Miscellaneous:

Searches for the following windows:

ClassName: 'STATIC' WindowName: '00000B68_PID_FastMM'
ClassName: 'MS_WINHELP' WindowName: ''
ClassName: 'STATIC' WindowName: '00000B78_PID_FastMM'
ClassName: '' WindowName: ''
ClassName: 'BSCDCDLWINCLASS' WindowName: ''
ClassName: 'Shell_TrayWnd' WindowName: ''
ClassName: 'EDIT' WindowName: ''
ClassName: 'BSPlayer' WindowName: ''
ClassName: 'STATIC' WindowName: '00000B3C_PID_FastMM'
ClassName: 'MozillaUIWindowClass' WindowName: ''

Tecnologías

Términos

Formación y educación

Mitos

Technical Information

Curing recommendations

Free trial