Hi tam wei lun,
Here some additional info on kadaj,exe:
AUTOMATED SOFTWARE PROFILE, ANALYSIS, REMOVAL AND SIGNATURE INFORMATION:
DEFINITION OF: PATCHHACK(KAJAD)[1].EXE
* Safety Rating: Safe
* First seen: Feb 22 2006 (GMT)
* Last seen: Feb 22 2006 (GMT)
* File Size: 5,934,535 bytes
*
SOFTWARE ASSESSMENT: PREVX 4 AXES OF EVIL METHODOLOGY
1. COVERT ANALYSIS OF: PATCHHACK(KAJAD)[1].EXE
* File Names Used: 37
* Paths Used: 95
* Common File Name: PATCHHACK(KAJAD)[1].EXE
* Common Path: %DESKTOP%\
* Vendor Information: No Vendor details specified
* Product Information: Setup Application
* Version Information: 6.0.1.4
* PATCHHACK(KAJAD)[1].EXE may use 37 or more path and file names, these are the most common:
* 1 :%CACHE%\CONTENT.IE5\
??\HYD[1].192.PATCH.EXE
* 2 :%CACHE%\CONTENT.IE5\
??\KADAJ-CLIENT-PATCH-1.9.2D[1].EXE
* 3 :%CACHE%\CONTENT.IE5\
??\KADAJ-CLIENT-PATCH-1[1].9.2D.EXE
* 4 :%CACHE%\CONTENT.IE5\
??\PATCHHACK(KAJAD)[1].EXE
* 5 :%DESKTOP%\NUEVA CARPETA (6)\HYD.192.PATCH.EXE
* 6 :%profiles%\mlithium\confi...\rar$ex02.188\1.10 hax\KADAJ.1.9.X.EXE
* 7 :%PROGRAMFILES%\WORLD OF WARCRAFT\HYD.192.PATCH.EXE
* 8 :%programfiles%\world of warcraft\iconewow\1.EXE
* 9 :%TEMP%\HYD[1].192.PATCH.EXE
* 10:%TEMP%\RAR$EX00.156\PATCH_1.10_HACK.EXE
* 11:%TEMP%\RAR$EX00.547\PATCH_1.10_HACK.EXE
* 12:?:\A00000000
* 13:?:\achi d1 lama\master software\software lagi\PATCHWOW-AMPM.EXE
* 14:?:\downloads\1.10 hax\KADAJ.1.9.X.EXE
* 15:?:\HACK CLIENT.EXE
* File Name Structure: Highly Irregular
* File and Path Structure: Suspicious, code execution from unusual location
2. RELATIONSHIP ANALYSIS OF: PATCHHACK(KAJAD)[1].EXE
* No relationship details available for this object
3. ACTIVITY ANALYSIS OF: PATCHHACK(KAJAD)[1].EXE
* The following behaviors have been observed for this object:
* Installs programs.
* Deletes programs.
* Runs temporary programs.
* Runs other programs.
* Hijacks running processes.
4. PROPAGATION ANALYSIS OF: PATCHHACK(KAJAD)[1].EXE
* Object Propagation Rate: Very Low (minimal spread)
* Copyright Prevx Limited 2005, 2006
polonus