local.ds - Dangerous

local.ds

Manual removal instructions:

Antivirus Report of local.ds:
local.ds Malware
local.dsDangerous
local.dsHigh Risk
local.ds
We suggest you to remove twex.exe from your computer as soon as possible.
Twex.exe is Trojan/Backdoor.
Kill the process twex.exe and remove twex.exe from Windows startup.

File: archive.js.exe

Classification:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.05.06 Win32:Zbot-BDT
AVG 8.5.0.327 2009.05.06 Win32/Cryptor
BitDefender 7.2 2009.05.07 Trojan.Spy.Zeus.T
F-Secure 8.0.14470.0 2009.05.07 Trojan-Spy.Win32.Zbot.rpq
Kaspersky 7.0.0.125 2009.05.07 Trojan-Spy.Win32.Zbot.rpq
Microsoft 1.4602 2009.05.06 PWS:Win32/Zbot.G
NOD32 4057 2009.05.06 probably a variant of Win32/Spy.Zbot.JF
Symantec 1.4.4.12 2009.05.07 Infostealer.Banker.C

Additional information
File size: 62976 bytes
MD5 : 8d29622f9319874603a58b6c32cc636c
SHA1 : 7ed4540f9c78b371c0ebe4ad9a2e825a7b0a4803

Installation
When the program is executed, it creates the following registry subkeys and values:

----------------------------------
Values deleted:0
----------------------------------

----------------------------------
Values added:1
----------------------------------
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID: "7600-A9041E6B18_00015A9E"

----------------------------------
Values modified:2
----------------------------------
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: "C:\WINDOWS\system32\userinit.exe,"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: "C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,"

----------------------------------
Files added:4
----------------------------------
C:\WINDOWS\system32\twain32\local.ds
C:\WINDOWS\system32\twain32\user.ds
C:\WINDOWS\system32\twain32\user.ds.lll
C:\WINDOWS\system32\twex.exe

----------------------------------
Files [attributes?] modified:0
----------------------------------

----------------------------------
Folders added:1
----------------------------------
C:\WINDOWS\system32\twain32

----------------------------------
Folders deleted:0
----------------------------------

----------------------------------
Total changes:8
----------------------------------

-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:

Item Name: UserInit
Author: Unknown
Related File: C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,
Type: UserInit Value

Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------

Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)

Remove local.ds now!

Reviewed by:

by

local.ds Dangerous Rating: 5 out of 5

Jeff's Story:

My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.

I sought a solution on the Internet and discovered your product and tried out the trial of UnHackMe.

You quickly found the rootkit and SAVED my PC!

I haven't had any problems since, and I'm extremely grateful.