Removed: C:\Documents and Settings\Administrator\Application Data\winnsvc.exe
Malware: PIC0737830249202010.JPG.exe Removed: C:\Documents and Settings\Administrator\Application Data\winnsvc.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Windows System Manager Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WINNSVC.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Windows System Manager Files: C:\Documents and Settings\Administrator\Application Data\winnsvc.exe —————————————————————————————————————————- Classification: Antivirus Version Last [...]
Removal Tool
Removed: ..\Local Settings\Temp\hmacrokicbi.sys (trojan Rustock)
Malware: un1uox4ts.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\hmacrokicbi.sys —————————————————————————————————————————- Features of the malware: Unique keys: krnl_sleepfreq, krnl_servers_list Unique files: C:\WINDOWS\system32\drivers\str.sys —————————————————————————————————————————- After first reboot detected by UnHackMe: Item Name: mgkvgpf (random item name) Author: Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\HMACROKICBI.SYS (random filename) Type: Services detected by Partizan File version: 6.0.2600.1 Description: IIS 4.0 Metadata Synchronizer Copyright: © Microsoft Corporation. [...]
Removal Tool
Removed: knqd.exe
Malware: media.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\knqd.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: ol1s Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\KNQD.EXE Type: Explorer Run Item Name: knqd.exe Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\KNQD.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.27 – Kaspersky 7.0.0.125 2010.05.27 – [...]
Removal Tool
Removed: Hare.exe, javawsdp.exe (trojan Parkchicers)
Malware: Hare.exe Removed: C:\Program Files\Hare\Hare.exe C:\Program Files\JAVA\javawsdp.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Hare Author: Related File: C:\PROGRAM FILES\HARE\HARE.EXE Type: Registry Run Item Name: javawsdp Author: Related File: C:\PROGRAM FILES\JAVA\JAVAWSDP.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.27 Trojan.Generic.4000369 Kaspersky 7.0.0.125 2010.05.27 Trojan.Win32.Scar.cgez [...]
Removal Tool
Removed: C:\Program Files\Common Files\PushWare\cpush.dll (adware Sogou)
Malware: ad10535.exe Removed: C:\Program Files\Common Files\PushWare\cpush.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: {11F09AFD-75AD-4E51-AB43-E09E9351CE16} Author: Related File: C:\PROGRAM FILES\COMMON FILES\PUSHWARE\CPUSH.DLL Type: Browser Helper Objects Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.28 Dropped:Adware.Sogou.Gen Kaspersky 7.0.0.125 2010.05.28 Trojan.Win32.BHO.agsb Microsoft 1.5802 2010.05.28 Program:Win32/Sogou NOD32 5154 2010.05.28 a variant of [...]
Removal Tool
Removed: C:\WINDOWS\nodkrm.exe (backdor Poison)
Malware: C:\sand-box\Ident.exe Removed: C:\WINDOWS\nodkrm.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: nodkrm.exe Author: Biohazard Crew Related File: C:\WINDOWS\NODKRM.EXE Type: Detected using Heuristic Algorithm Item Name: Microsoft Svchost local services Author: Related File: C:\WINDOWS\NODKRM.EXE Type: Registry Run After first reboot detected by UnHackMe: Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result [...]
Removal Tool
Removed: C:\WINDOWS\system32\wrdr.kuo (trojan Oficla/Sasfis)
Malware: C:\sand-box\delta1_1.exe Removed: C:\WINDOWS\system32\wrdr.kuo —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe wrdr.kuo gxsad Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.27 Trojan.Generic.3310239 Kaspersky 7.0.0.125 2010.05.27 Trojan.Win32.Sasfis.ahqj Microsoft 1.5802 2010.05.27 TrojanDropper:Win32/Oficla.G NOD32 5149 2010.05.27 a variant of Win32/Kryptik.DBO —————————————————————————————————————————- [...]
Removal Tool
Removed: wmsetup.exe, C:\Program Files\WindowsUpdate\svohcst.exe
Malware: ppsvip.exe Removed: C:\Program Files\WindowsUpdate\wmsetup.exe C:\Program Files\WindowsUpdate\svohcst.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe C:\progra~1\WindowsUpdate\wmsetup.exe Type: System.ini Item Name: svohcst.exe Author: Related File: C:\PROGRA~1\WINDOWSUPDATE\SVOHCST.EXE Type: Running Processes After first reboot detected by UnHackMe: Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.27 [...]
Removal Tool
Removed: C:\WINDOWS\system32\Storm2.exe (trojan Scar)
Malware: C:\sand-box\player.exe Removed: C:\WINDOWS\system32\Storm2.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: .txt Author: Unknown Related File: d:\Browsers.exe %1 Type: Main File Extensions Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\Storm2.exe Type: UserInit Value Item Name: WBOpen Author: Related File: C:\WINDOWS\SYSTEM32\STORM2.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update [...]
Removal Tool
Restored: WS2IFSL.SYS (trojan TDSS/Alureon/Olmarik)
Malware: C:\sand-box\Ultimate Codes.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS —————————————————————————————————————————- Detected by RegRun Warrior: Item Name: WS2IFSL.SYS Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS Type: Detected using Heuristic Algorithm The original WS2IFSL.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 [...]
Removal Tool
Removed: popguide_joy1004.dll, lineguide.dll, popguide_joy1004_update.exe, lineguideup.exe (trojan Troxen/BHO)
Malware: C:\sand-box\joy1004_20080610.exe Removed: C:\Program Files\popguide\popguide_joy1004.dll C:\Program Files\ lineguide\lineguide.dll C:\Program Files\ popguide\popguide_joy1004_update.exe C:\Program Files\ lineguide\lineguideup.exe ————————————————————————————————————————— Detected by UnHackMe: Item Name: {4CD223EC-0998-4925-BF86-A3FAB13C58EB} Author: TODO: Related File: C:\PROGRAM FILES\POPGUIDE\POPGUIDE_JOY1004.DLL Type: Browser Helper Objects Item Name: {AD12AEF1-4348-4055-9DEF-4E5738E3F163} Author: Unknown Related File: C:\PROGRAM FILES\LINEGUIDE\LINEGUIDE.DLL Type: Browser Helper Objects Item Name: popguide Author: TODO: Related File: C:\PROGRAM FILES\POPGUIDE\POPGUIDE_JOY1004_UPDATE.EXE Type: Registry [...]
Removal Tool
Removed: Cmoney.dll, Cmoney.exe korinstll.exe (trojan BHO)
Malware: C:\sand-box\cmoney_03_update20090423.exe Removed: C:\Program Files\Cmoney\Cmoney.dll C:\Program Files\Cmoney\Cmoney.exe C:\Program Files\Cmoney\korinstll.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: {1DBB2DF6-98E2-4433-8FA6-BB00ACD39458} Author: TODO: Related File: C:\PROGRAM FILES\CMONEY\CMONEY.DLL Type: Browser Helper Objects Item Name: korinstll Author: TODO: Related File: C:\PROGRAM FILES\CMONEY\KORINSTLL.EXE Type: Registry Run Item Name: Cmoney Author: TODO: Related File: C:\PROGRAM FILES\CMONEY\CMONEY.EXE Type: Registry Run Removal Results: Success Number of [...]
Removal Tool
Removed: moreinfoup.exe, swisher.exe, futureweb_futureweb_20100128.exe (trojan Troxen)
Malware: C:\sand-box\moreinfo_20090206_re.exe Removed: C:\Program Files\moreinfo\moreinfoup.exe C:\Program Files\swisher\swisher.exe C:\Windows\Temp\futureweb_futureweb_20100128.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: {EABB6254-5CE9-44FA-BA27-5B0D2A4D360D} Author: Related File: C:\PROGRAM FILES\FUTUREWEB\FUTUREWEB.DLL Type: Browser Helper Objects Item Name: moreinfo Author: Unknown Related File: C:\PROGRAM FILES\MOREINFO\MOREINFOUP.EXE Type: Registry Run Item Name: {4C8E314F-7D10-4380-AC6C-B7D6EDA82F74} Author: Related File: C:\PROGRAM FILES\FUTUREWEB\FUTUREWEB.DLL Type: Browser Helper Objects Item Name: swisher Author: Unknown Related File: [...]
Removal Tool
Removed: pointmania.exe
Malware: pointmania.exe Removed: C:\Program Files\pointmania\pointmania.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: pointmania Author: Related File: C:\Program Files\pointmania\pointmania.exe Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.27 – Kaspersky 7.0.0.125 2010.05.27 – Microsoft 1.5802 2010.05.27 TrojanSpy:Win32/Mafod!rts NOD32 5149 2010.05.27 probably unknown NewHeur_PE —————————————————————————————————————————- Additional information [...]
Removal Tool
Removed: C:\WINDOWS\system32\wloqv.exe (add key \Internet Explorer\Main\TabProcGrowth)
Malware: C:\sand-box\521.exe Removed: C:\WINDOWS\system32\wloqv.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,wloqv.exe (random filename) Type: UserInit Value Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.27 Trojan.Peed.Gen Kaspersky 7.0.0.125 2010.05.27 Trojan.Win32.Pincav.aamj Microsoft 1.5802 2010.05.27 Trojan:Win32/Malagent NOD32 5148 2010.05.26 a variant of Win32/Kryptik.DXI —————————————————————————————————————————- [...]
Removal Tool
Removed: Desktop Security 2010.exe, securitycenter.exe, security.exe (FakeAV – Desktop Security 2010)
Malware: C:\sand-box\security.exe Removed: C:\Documents and Settings\Administrator\Application Data\Desktop Security 2010\Desktop Security 2010.exe C:\Documents and Settings\Administrator\Application Data\Desktop Security 2010\securitycenter.exe C:\sand-box\security.exe Scan system… —————————————————————————————————————————- Detected by UnHackMe: Item Name: Desktop Security 2010 Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\DESKTOP SECURITY 2010\DESKTOP SECURITY 2010.EXE Type: Registry Run Item Name: SecurityCenter Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\DESKTOP [...]
Removal Tool
Removed: PRAGMAd.sys, wsdkrlxp.exe (variant of TDSS trojan)
Malware: C:\sand-box\ad.exe Removed: C:\WINDOWS\PRAGMAnlpcbvtkpy\PRAGMAd.sys C:\Documents and Settings\Administrator\Local Settings\Temp\wsdkrlxp.exe —————————————————————————————————————————- After first reboot detected by UnHackMe: Item Name: PRAGMAnlpcbvtkpy Author: Related File: C:\WINDOWS\PRAGMANLPCBVTKPY\PRAGMAD.SYS Type: Services detected by Partizan Item Name: wsdkrlxp.exe Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WSDKRLXP.EXE Type: Registry Run Removal Results: Success Number of reboot: 2 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.26 [...]
Removal Tool
Removed: ..\Local Settings\Temp\explorer.exe (worm VBNA)
Malware: z.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\explorer.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Microsoft Windows Hosting Service Login Author: BCN Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\EXPLORER.EXE Type: Registry Run Item Name: explorer.exe Author: Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\EXPLORER.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.25 Trojan.Generic.3866640 Kaspersky [...]
Removal Tool
Removed: C:\WINDOWS\system32\0041.DLL (trojan Witkinat)
Malware: Browser_Update.exe Removed: C:\WINDOWS\system32\0041.DLL —————————————————————————————————————————- Detected by UnHackMe: Item Name: AppInit_DLLs Author: Unknown Related File: C:\WINDOWS\system32\0041.DLL Type: List of Injected DLLs Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.24 Trojan.Generic.KD.10557 Kaspersky 7.0.0.125 2010.05.24 Trojan-Spy.Win32.Insain.wz Microsoft 1.5802 2010.05.24 Trojan:Win32/Sisproc NOD32 5142 2010.05.24 Win32/Witkinat.A —————————————————————————————————————————- Additional information File [...]
Removal Tool
Removed: C:\cleansweep.exe\cleansweep.exe (trojan SpyEyes)
Malware: load.exe Removed: C:\cleansweep.exe\cleansweep.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: cleansweep.exe Author: Related File: C:\CLEANSWEEP.EXE\CLEANSWEEP.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.25 Trojan.Generic.KD.13526 Kaspersky 7.0.0.125 2010.05.25 Trojan-Spy.Win32.SpyEyes.if Microsoft 1.5802 2010.05.24 – NOD32 5142 2010.05.24 – —————————————————————————————————————————- Additional information File size: 150016 bytes [...]
Removal Tool
Removed: alggui.exe, adc_w32.dll C:\Program Files\svchost.exe (FakeAV – XJR Antivirus aka AKM Antivirus 2010 Pro)
Malware: C:\sand-box\Windows_Protector.exe Removed: C:\Program Files\alggui.exe C:\Program Files\adc_w32.dll C:\Program Files\svchost.exe —————————————————————————————————————————- Detected by RegRun Warrior: Item Name: .exe Author: Unknown Related File: C:\Program Files\alggui.exe “%1″ %* Type: Main File Extensions Item Name: {149256D5-E103-4523-BB43-2CFB066839D6} Author: ADC – AntiSpyware Related File: C:\PROGRAM FILES\ADC_W32.DLL Type: Browser Helper Objects Item Name: AdbUpd Author: Related File: C:\PROGRAM FILES\SVCHOST.EXE Type: Drivers Removal [...]
Removal Tool
Removed: C:\WINDOWS\system32\drivers\lefed9b.sys (trojan Otlard)
Malware: C:\sand-box\agressive.exe Removed: C:\WINDOWS\system32\drivers\lefed9b.sys —————————————————————————————————————————- After first reboot detected by UnHackMe: Item Name: lefed9b Author: Related File: C:\WINDOWS\SYSTEM32\DRIVERS\LEFED9B.SYS (random filename) Type: Services detected by Partizan Removal Results: Success Number of reboot: 2 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.24 Trojan.Generic.3733323 Kaspersky 7.0.0.125 2010.05.24 Trojan-Dropper.Win32.Agent.btzb Microsoft 1.5802 2010.05.24 TrojanDropper:Win32/Otlard.A NOD32 5141 2010.05.24 a [...]
Removal Tool
Removed: ..\Application Data\Windows Server\fgwckv.dll
Malware: C:\sand-box\setup113.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Application Data\Windows Server\fgwckv.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: AppSecDll Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\WINDOWS SERVER\FGWCKV.DLL Type: Application Security DLLs Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.24 Suspicious:W32/Malware!Gemini Kaspersky 7.0.0.125 2010.05.23 – Microsoft 1.5802 2010.05.24 [...]
Removal Tool
Removed: 24531.dll (trojan OnLineGames)
Malware: C:\sand-box\abc.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\24531.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: AppInit_DLLs Author: Unknown Related File: ,C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\24531.dll (random filename) Type: List of Injected DLLs Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.24 Trojan.Generic.3950428 Kaspersky 7.0.0.125 2010.05.24 Trojan-GameThief.Win32.OnLineGames.wtyd Microsoft 1.5802 2010.05.24 PWS:Win32/OnLineGames.HQ NOD32 5141 2010.05.24 [...]
Removal Tool
Removed: C:\WINDOWS\system32\aspimgr.exe (worm Aspxor)
Malware: C:\sand-box\v103.exe Removed: C:\WINDOWS\system32\aspimgr.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: aspimgr Author: Microsoft Corporation Related File: C:\WINDOWS\system32\aspimgr.exe Type: Auto Services Item Name: aspimgr.exe Author: Related File: C:\WINDOWS\SYSTEM32\ASPIMGR.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.24 Trojan.PWS.Agent.RWD Kaspersky 7.0.0.125 2010.05.24 Net-Worm.Win32.Aspxor.he Microsoft 1.5802 2010.05.24 [...]
Removal Tool
Removed: MS29f.exe (FakeAV – My Security Engine)
Malware: C:\sand-box\MS6ad1.exe Removed: C:\Documents and Settings\All Users\Application Data\9b01d\MS29f.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: My Security Engine Author: Live PC. Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\9B01D\MS29F.EXE Type: Registry Run Item Name: MS29f.exe Author: Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\9B01D\MS29F.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version [...]
Removal Tool
Restored: I8042PRT.SYS (trojan TDSS)
Malware: C:\sand-box\win.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS —————————————————————————————————————————- The original I8042PRT.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Item Name: I8042PRT.SYS Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS Type: Detected using Examiner mode Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.21 Trojan.TDss.ADV Kaspersky 7.0.0.125 2010.05.21 [...]
Removal Tool
Removed: C:\Documents and Settings\Administrator\ctfmon.exe (worm Rimecud)
Removed: C:\Documents and Settings\Administrator\ctfmon.exe —————————————————————————————————————————- Detected by UnHackMe in “Malti AV scan”: CTFMON.EXE Default location: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\CTFMON.EXE MD5: 26CD08E868F9FDE5F28A6634B3E42F13 SHA1: 2CAFF9A7 B11C67DC 1943A74B ADB6C90E A7637E78 File Size: 159 744 Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.22 Gen:Variant.Rimecud.2 Kaspersky 7.0.0.125 2010.05.23 – Microsoft 1.5802 2010.05.23 [...]
Removal Tool
Removed: C:\WINDOWS\svchost.exe (trojan VBInject)
Malware: IOIzo4rkW5V3SseNqcRE1OZu.exe Removed: C:\WINDOWS\svchost.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: svchost.exe Author: Rundll32 Related File: C:\WINDOWS\SVCHOST.EXE Type: Detected using Heuristic Algorithm Item Name: Microsoft© Operating System: Author: Related File: C:\WINDOWS\SVCHOST.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.22 – Kaspersky 7.0.0.125 2010.05.22 – [...]
Removal Tool
Removed: upcssc.exe (trojan EggDrop)
Removed: C:\RECYCLER\S-1-5-21-3230530296-2333085751-349345971-1378\upcssc.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: taskman Author: Unknown Related File: C:\RECYCLER\S-1-5-21-3230530296-2333085751-349345971-1378\UPCSSC.EXE Type: Winlogon System Item Name: upcssc.exe Author: Unknown Related File: C:\RECYCLER\S-1-5-21-3230530296-2333085751-349345971-1378\UPCSSC.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.11 Trojan.Generic.3672926 Kaspersky 7.0.0.125 2010.05.11 Backdoor.Win32.EggDrop.atl Microsoft 1.5703 2010.05.11 VirTool:Win32/DelfInject.gen!BI NOD32 [...]
Removal Tool
- Remember: the best way to remove rootkits is from the outside!
