[Warning] Detected malicious file disguised as a "ALYAC" file

1. Introduction

Emerging malicious file disguised as "ALYAC", free Anti-Virus software, from ESTsoft make user special attention for whom especially using this "ALYAC".
Since this malicious file has similar icon and description, general user can be easily infected.

To prevent from those malicious files, spend some times to maintain about your PC's availability.

In case of being found malicious file disguised as "ALYAC" at 3.3 DDoS, it doesn't have DDoS function, however, lately found malicious file contains DDoS function.

2. Spreading path and symptoms of infection

First of all, recently found malicious file, known as spreading from following URL, can also be spread as an attachment of e-mail.

* Malicious file disguised "ALYAC" spreading path(Currently not available.)

- http://(~~).info/(~~)/100.exe

Actually first distributed URL is found from United Kingdom. But with some reasons including manual written in Korean, we can expect that the developer chose UK as a first distribute place.

After downloading and installation, it removes itself, makes clone to this following path, and configures always running while Internet Explorer is being run.

* Generated file
- C:\Documents and Settings\explorerere.exe (52,224 bytes)

* Registers registry value
- [HKLM\SYSTEM\CurrentControlSet\Services\zvwerqt]
- Name : ImagePath
- Data : "C:\Documents and Settings\explorerere.exe

Generated copy continuously tries to access this following URL, and can download additional malicious file. In addition, we expect that generated malicious file can perform as a Backdoor and Bot on registered service level. Currently additional analysis is on the way.

It forged not only the icon but description of "ALYAC". To inspect it deeply, however, you can distinguish between normal and forged description.

                     <Malicious file>                                                      <Normal file>

You can find this difference between malicious and normal file on looking up that red box above.

* Difference

- Normal file : Describes modules' function in "ALYAC"
- Malicious file : Describes function in "ALYAC"

In addition, it can send GET Packet to certain destination continuously with using "GET Flooding" technique, one of DDoS attacking methods.

3. How to prevent

General user can download without doubt. If infected, it can make a lot of zombie PC. Therefore, to use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Mobile for Android for mobile such as malicious file stated above and runs responding system against various security threats.


  1. Some of the best apps for college you will definitely write the best looking essay in the world or at least in the class. This could save you in the future

  2. I am looking some reviews about ALYAC anyone can tell me how is ALYAC free Anti-Virus software? I have to Do My Dissertation For Me and I have to describe about Anti-Virus which is the best Anti-Virus in 2019.

  3. Excellent information on your blog, thank you for taking the time to share with us. Amazing insight you have on this, it's nice to find a website that details so much information about different artists.
    visit here:- dissertation help service

  4. Was really a great part of information about detected malicious file disguised as a "ALYAC" file but more can be found on ebizzing with much more relevant topics to this are explained in short.

  5. This comment has been removed by the author.

  6. Pretty! This has been a really wonderful article. Thank you for supplying this information.


  7. I’m amazed, I have to admit. Seldom do I come across a blog that’s equally educative and interesting, and without a doubt, you've hit the nail on the head. The problem is something that too few folks are speaking intelligently about. Now i'm very happy that I came across this in my search for something concerning this.

    see more

  8. There is definately a lot to know about this issue. I like all the points you've made.tubidy

  9. I could not resist commenting. Exceptionally well written!

  10. Everything is very open with a precise explanation of the issues. It was truly informative. Your website is very useful. Thanks for sharing!.movieswood

  11. Oh my goodness! Amazing article dude! Many thanks, However I am encountering problems with your RSS. I don’t understand why I can't subscribe to it. Is there anyone else having the same RSS issues? Anyone who knows the solution will you kindly respond? Thanks!!kissanime

  12. I’m impressed, I have to admit. Seldom do I come across a blog that’s equally educative and amusing, and without a doubt, you've hit the nail on the head. The problem is an issue that too few men and women are speaking intelligently about. I'm very happy that I came across this during my hunt for something regarding this.mastihot

  13. Good information. Lucky me I discovered your blog by chance (stumbleupon). I have saved it for later!

  14. Having read this I believed it was extremely enlightening. I appreciate you finding the time and energy to put this content together. I once again find myself personally spending way too much time both reading and posting comments. But so what, it was still worthwhile!coronavirus disinfecting san antonio

  15. Insekten entwickeln verschiedene Probleme im Haushalt, und ein Kammerjäger kann die Schädlinge bequem von der Unterkunft entfernen, indem er mehrere umweltfreundliche Waren verwendet. Ein äußerst erfahrener Kammerjäger kann innerhalb kurzer Zeit positive Ergebnisse liefern. Viel Kammerjäger besser ist es normalerweise, auf diesen Link zu klicken oder unsere eigene anerkannte Seite zu besuchen, um mehr über Kammerjäger zu erfahren.

  16. I have thought so many times of entering the blogging world as I love reading them. I think I finally have the courage to give it a try. Thank you so much for all of the ideas!

  17. All of these responses come from the place where we want to make the child into the best adult possible, not in the ancient Greek sense of virtuous and wise, https://jetwriting.com/term-paper-writing-service/ but in the sense of one who is an efficient part of the machinery of society. But on all these counts, soul is neglected.

  18. wow this is one of the best blog that I have ever seen so far go here for details.

  19. دکوراسیون تجاری در میزان جلب اعتماد مشتریان و همچنین و روحیه کارمندان تاثیر مثبتی داشته و می تواند به کسب و کار شما کمک کند. برای اجرا و مشاوره دکوراسیون تجاری به وبسایت بام سبز مراجعه کنید و از خدمات وسیع ایوان سبز بهره مند شوید.

  20. با پیشرفت در تکنولوژی ساخت سرورها و کوچک شدن ابعاد آنها و معرفی سرورهای Blade، مصرف برق و تولید حرارت آنها به گونه ای چشمگیر افزایش یافته است. پس برای خنک کردن آنها باید تمهیدات دقیق تری را اتخاذ نمود. به طور کلی برای خنک کردن یک اتاق سرور چند راه حل وجود دارد. یکی از مرسوم ترین این روش ها، روش خنک کردن اتاق (In Room Cooling) با استفاده از دستگاه های پکیج مخابراتی می باشد. که برای این کار میتوان از پکیج خنک کننده سیستم های مخابراتی دقیق مربوط به مرکز داده Precision IT Cooling Systems استفاده نمود. برای تهیه پکیج مخابراتی میتوانید به سایت تهویه نوین مراجعه فرمایید