Yep, don't use the download provided by the TS as it contains the well-known malware called Hidrag (aka Jeefo). Info:
Method of propagation:
• Mapped network drives
Platforms / OS:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
Side effects:
• Drops a malicious file
• Registry modification
Description
W32/Hidrag.a is a non-dangerous memory resident virus that infects Win32 PE EXE files.
The virus searches for files to infect and upon infection it encrypts part of the file.
When an infected file is executed, it drops the first-generation infector in the Windows directory as svchost.exe, which is registered as "Power Manager" service (on Windows NT/2000/XP). The virus then executes the original file without manifesting itself in any way.
Files The following file is created:
– %WINDIR%\svchost.exe Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too. Detected as: W32/Hidrag.a
Registry The following registry keys are added in order to load the service after reboot:
– [HKLM\SYSTEM\CurrentControlSet\Services\PowerManage r]
• "Type"=dword:00000010
• "Start"=dword:00000002
• "ErrorControl"=dword:00000000
• "ImagePath"="%WINDIR%\svchost.exe"
• "DisplayName"="Power Manager"
• "ObjectName"="LocalSystem"
• "Description"="Manages the power save features of the computer."
– [HKLM\SYSTEM\CurrentControlSet\Services\PowerManage r]
• "Security"=%hex values%
– [HKLM\SYSTEM\CurrentControlSet\Services\PowerManage r\Enum]
• "0"="Root\\LEGACY_POWERMANAGER\\0000"
• "Count"=dword:00000001
• "NextInstance"=dword:00000001
Miscellaneous Mutex:
It creates the following Mutex:
• PowerManagerMutant
String:
Furthermore it contains the following string:
• Hidden Dragon virus. Born in a tropical swamp.
So u can better use the one CoCa has provided