When the program is executed, it displays the following interface:
It then creates the following files:
- C:\Documents and Settings\All Users\Start Menu\Programs\WinZix\Uninstall WinZix.lnk
- %ProgramFiles%\WinZix\Flexi.skf
- %ProgramFiles%\WinZix\SkinCrafterDll.dll
- %ProgramFiles%\WinZix\unins000.dat
- %ProgramFiles%\WinZix\unins000.exe
- %UserProfile%\Desktop\WinZix-2.0-setup-0514.exe
- C:\Documents and Settings\All Users\Start Menu\Programs\WinZix\WinZix.lnk
- %ProgramFiles%\WinZix\minime.exe
- %ProgramFiles%\WinZix\WinZix.exe
- %ProgramFiles%\WinZix\WinZixManager.dll
- %UserProfile%\Desktop\WinZix.lnk
Next, the program creates the following registry subkeys:
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZixManager
HKEY_CLASSES_ROOT\.zix
HKEY_CLASSES_ROOT\CLSID\{EE91F4CC-6BA2-424C-A1FE-64910CCB6A42}
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\WinZixManager
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\WinZixManager
HKEY_CLASSES_ROOT\Interface\{41CA7D4D-AE77-4B13-9459-E9AB7EFECAAD}
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-zix
HKEY_CLASSES_ROOT\TypeLib\{10954590-2B3A-41EC-97BB-C95A5E646DA9}
HKEY_CLASSES_ROOT\WinZixManager.WinZixShell
HKEY_CLASSES_ROOT\winzix
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZix_is1
The program also creates the following registry entries:
HKEY_CLASSES_ROOT\WinZixManager.WinZixShell.1\"Default" = "WinZixShell Class"
HKEY_CLASSES_ROOT\WinZixManager.WinZixShell.1\CLSID\"Default" = "{EE91F4CC-6BA2-424C-A1FE-64910CCB6A42}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{EE91F4CC-6BA2-424C-A1FE-64910CCB6A42}" = "WinZixShell extension"
The program may then download a copy of
Adware.Lop on to the computer.
