Removed: C:\WINDOWS\system32\iexplorer.exe (trojan Buzus)
Malware: eno.exe Removed: C:\WINDOWS\system32\iexplorer.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: iexplorer.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\IEXPLORER.EXE Type: Detected using Heuristic Algorithm Item Name: Windows Service Agent Author: Unknown Related File: C:\WINDOWS\system32\IEXPLORER.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Windows Service Agent Value: “iexplorer.exe” Registry: [...]
Removal Tool
Removed: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\wwwrfd32.exe (trojan Bredolab)
Malware: C:\sand-box\exe.exe Removed: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\wwwrfd32.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: wwwrfd32.exe Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\START MENU\PROGRAMS\STARTUP\WWWRFD32.EXE Type: Startup Folder Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Files: C:\Documents and Settings\Administrator\Application Data\avdrn.dat C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\wwwrfd32.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result [...]
Removal Tool
Removed: ahnoo0.dll, AhnRpta.exe (trojan Taworm)
Malware: C:\sand-box\f.exe Removed: C:\WINDOWS\system32\ahnoo0.dll C:\WINDOWS\AhnRpta.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: {B03A4BE6-5E5A-483E-B9B3-C484D4B20B72} Author: Unknown Related File: C:\WINDOWS\SYSTEM32\AHNOO0.DLL Type: Shell Execute Hooks After first reboot detected by UnHackMe: Item Name: {B03A4BE6-5E5A-483E-B9B3-C484D4B20B72} Author: Related File: C:\WINDOWS\system32\ahnoo0.dll Type: Shell Execute Hooks Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Classes\CLSID\{B03A4BE6-5E5A-483E-B9B3-C484D4B20B72}\InprocServer32\ Value: [...]
Removal Tool
Removed: C:\Documents and Settings\Administrator\Application Data\Kernel32.exe (Fake Internet Download Manager – backdoor Binder)
Malware: bot.exe Removed: C:\Documents and Settings\Administrator\Application Data\Kernel32.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: 1IDM Version 5.18 Build 5 Patch Author: Team Blacklist Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\KERNEL32.EXE Type: Registry Run Item Name: Kernel32.exe Author: Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\KERNEL32.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly [...]
Removal Tool
Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\svchost.exe (trojan Jorik.IRCbot)
Malware: upxbunnn.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\svchost.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Windows Firewall Author: WI7u9BjP9Qjs0r Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\SVCHOST.EXE Type: Registry Run Item Name: svchost.exe Author: Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\SVCHOST.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Windows Firewall Value: “C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchost.exe” Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Windows Firewall [...]
Removal Tool
Removed: C:\Documents and Settings\Administrator\Application Data\e17ef422-72d0-4843-9f36-93d1c74df894_46.avi (trojan Scar)
Malware: l_acc0042.1280338767.exe Removed: C:\Documents and Settings\Administrator\Application Data\e17ef422-72d0-4843-9f36-93d1c74df894_46.avi —————————————————————————————————————————- Detected by UnHackMe: Item Name: e17ef422-72d0-4843-9f36-93d1c74df894_46 Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\E17EF422-72D0-4843-9F36-93D1C74DF894_46.AVI Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\e17ef422-72d0-4843-9f36-93d1c74df894_46 – random key name Value: “rundll32.exe “C:\Documents and Settings\Administrator\Application Data\e17ef422-72d0-4843-9f36-93d1c74df894_46.avi”, start” – random file [...]
Removal Tool
Removed: C:\windows\bill117.exe (trojan Jorik.Koobface)
Malware: C:\sand-box\setup72330.exe Removed: C:\windows\bill117.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: sysfbtray Author: Yrlqcz Sfpswqg Related File: C:\WINDOWS\BILL117.EXE Type: Registry Run Item Name: bill117.exe Author: Related File: C:\WINDOWS\BILL117.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sysfbtray Value: “C:\windows\bill117.exe” Files: C:\windows\bill117.exe —————————————————————————————————————————- Classification: Antivirus Version Last [...]
Removal Tool
Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\lsass.exe (trojan Swisyn)
Malware: m4l.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\lsass.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Windows Kernel Host Author: V951227GC594242kBc3313 Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\LSASS.EXE Type: Registry Run Item Name: lsass.exe Author: Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\LSASS.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Windows Kernel Host Value: “C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\lsass.exe” Registry: [...]
Removal Tool
Removed: C:\WINDOWS\MSVCR.DLL C:\WINDOWS\system32\402077.IME C:\WINDOWS\system32\2722702.IME Restored: C:\WINDOWS\SYSTEM32\USERINIT.EXE (Fake QvodPlayer, trojan Murlo)
Malware: qvodsetupuls9.exe Removed: C:\WINDOWS\MSVCR.DLL C:\WINDOWS\system32\402077.IME C:\WINDOWS\system32\2722702.IME Restored: C:\WINDOWS\SYSTEM32\USERINIT.EXE —————————————————————————————————————————- Detected by UnHackMe: Item Name: E0200804 Author: Related File: C:\WINDOWS\system32\402077.IME Type: Keyboard Listeners Item Name: E0210804 Author: Related File: C:\WINDOWS\system32\2722702.IME Type: Keyboard Listeners After first reboot detected by UnHackMe: Item Name: CDBurn Author: Unknown Related File: C:\WINDOWS\MSVCR.DLL Type: Shell Services DelayLoad Item Name: E0220804 Author: Related [...]
Removal Tool
Removed: C:\WINDOWS\system32\ljkkki.dll (trojan Heur)
Malware: exe.exe Removed: C:\WINDOWS\system32\ljkkki.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: hgdaaysys Author: $t@t!c_V()1D Related File: LJKKKI.DLL Type: Registry Run LJKKKI.DLL – random filename Default location: C:\WINDOWS\system32\LJKKKI.DLL MD5: 906F7C834825006250E551F9758309E8 SHA1: D0793231 E6FD555E 91A2A328 F35AA710 91D1FBBF File Size: 69 120 Version Info: OriginalFilename: Phx_Default.dll FileDescription: Phoenix Default plugin DLL InternalName: Phx_Default CompanyName: $t@t!c_V()1D FileVersion: 1.0.2.4 LegalCopyright: LegalTrademarks: [...]
Removal Tool
Removed: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\syscron.exe (trojan Agent)
Malware: C:\sand-box\exe.exe Removed: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\syscron.exe —————————————————————————————————————————- Detected by UnHackMe: – none – After first reboot detected by UnHackMe: Item Name: syscron.exe Author: Nero AG Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\START MENU\PROGRAMS\STARTUP\SYSCRON.EXE Type: Startup Folder Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Files: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\syscron.exe —————————————————————————————————————————- [...]
Removal Tool
Removed: C:\NetworkControl\nc.exe (FakeAV – NetworkControl)
Malware: C:\sand-box\exe(262).exe Removed: C:\NetworkControl\nc.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: NetworkControl Author: Integrio Systems Related File: C:\NETWORKCONTROL\NC.EXE Type: Registry Run Item Name: nc.exe Author: Integrio Systems Related File: C:\NETWORKCONTROL\NC.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\NetworkControl Value: “C:\NetworkControl\nc.exe” Folders: C:\NetworkControl Files: C:\NetworkControl\nc.exe —————————————————————————————————————————- [...]
Removal Tool
Removed: ..\$.azjyumnddfj\azjyumnddfj.exe (trojan NewHeur_PE)
Malware: index.dat.exe Removed: C:\WINDOWS\system32\$.azjyumnddfj\azjyumnddfj.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: $.azjyumnddfj Author: Microsoft Cooperation Related File: C:\WINDOWS\SYSTEM32\$.AZJYUMNDDFJ\AZJYUMNDDFJ.EXE Type: Registry Run Item Name: azjyumnddfj.exe Author: Microsoft Cooperation Related File: C:\WINDOWS\SYSTEM32\$.AZJYUMNDDFJ\AZJYUMNDDFJ.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\$.[random name] Value: “”C:\WINDOWS\system32\$.[random name]\[random name].exe”” Files: C:\RECYCLER\KB.DLL [...]
Removal Tool
Removed: dl1.exe (trojan VBInject)
Malware: opapa.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\dl1.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: DriverLoad Author: Uobgd Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\DL1.EXE Type: Explorer Run Item Name: DriverCheck Author: Uobgd Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\DL1.EXE Type: Explorer Run Item Name: dl1.exe Author: Uobgd Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\DL1.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly [...]
Removal Tool
Removed: lsass.exe, lToRo.exe (trojan Jorik.Lolbot)
Malware: Dervie.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\lsass.exe C:\Documents and Settings\Administrator\Local Settings\Temp\lToRo.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Windows Firewall Author: NRCr Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\LSASS.EXE Type: Registry Run Item Name: lsass.exe Author: Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\LSASS.EXE Type: Running Processes Item Name: {CLVQ0DSR-QSFT-LBKV-FZYX-CVZEGNEMN16E} Author: NRCr Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\LTORO.EXE Type: ActiveSetup Item Name: cHa Author: Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\LTORO.EXE Type: [...]
Removal Tool
Removed: C:\WINDOWS\system32\sqxr.mio (trojan Jorik.Oficla)
Malware: ifvs63m.exe Removed: C:\WINDOWS\system32\sqxr.mio —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe sqxr.mio lwnjxq Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe sqxr.mio lwnjxq” Files: C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\VB11.pip C:\Documents and Settings\Administrator\Local Settings\Temp\1.tmp C:\WINDOWS\system32\sqxr.mio —————————————————————————————————————————- Classification: [...]
Removal Tool
Removed: 2010726095451.dll, msalzg32.dll (trojan Pixoliz)
Malware: C:\sand-box\lzg.exe Removed: C:\WINDOWS\system32\2010726095451.dll C:\WINDOWS\system32\msalzg32.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: 2010726095451.dll Author: Unknown Related File: C:\WINDOWS\SYSTEM32\2010726095451.DLL Type: WinSock2 Components After first reboot detected by UnHackMe: Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Files: C:\WINDOWS\system32\2010726095451.dll C:\WINDOWS\system32\msalzg32.dll —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.07.26 Trojan.Generic.4541493 Kaspersky [...]
Removal Tool
Removed: C:\WINDOWS\system32\vtttrr.dll (trojan Malagent)
Malware: C:\sand-box\exe(243).exe Removed: C:\WINDOWS\system32\vtttrr.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: hgddedsys Author: Related File: VTTTRR.DLL Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\hgddedsys Value: “rundll32.exe “vtttrr.dll”,DllRegisterServer” Registry: HKLM\System\CurrentControlSet\Control\Lsa\Authentication Packages Value: ‘msv1_0 vtttrr.dll’ Files: C:\WINDOWS\system32\vtttrr.dll —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.07.24 [...]
Removal Tool
Removed: C:\WINDOWS\system32\rqvh.qvo (trojan Jorik.Oficla)
Malware: C:\sand-box\24157_1214724752622_n.jpg-facebook.exe Removed: C:\WINDOWS\system32\rqvh.qvo —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe rqvh.qvo khcsv Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe rqvh.qvo khcsv” Files: C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\VB11.pip C:\WINDOWS\system32\rqvh.qvo —————————————————————————————————————————- Classification: Antivirus Version Last Update [...]
Removal Tool
Removed: C:\UPWIN\MRCARD.EXE (trojan Banker/Mafod)
Malware: LKWebComponent.exe Removed: C:\UPWIN\MRCARD.EXE —————————————————————————————————————————- Detected by UnHackMe: Item Name: MrCard Author: Upwin Corp. Related File: C:\UPWIN\MRCARD.EXE Type: Registry Run Item Name: MRCARD.EXE Author: Upwin Corp. Related File: C:\WINDOWS\SYSTEM32\MRCARD.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MrCard Value: “C:\UPWIN\MRCARD.EXE” Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\MrCard Value: “C:\UPWIN\MRCARD.EXE” Folders: [...]
Removal Tool
Removed: C:\Program Files\Anticare\AntiCare.exe (FakeAV Anticare)
Malware: anticare_setup.exe Removed: C:\Program Files\Anticare\AntiCare.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: AntiCareMain Author: Related File: C:\PROGRAM FILES\ANTICARE\ANTICARE.EXE Type: Registry Run Item Name: AntiCare.exe Author: Related File: C:\PROGRAM FILES\ANTICARE\ANTICARE.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\AntiCareMain Value: “”C:\Program Files\Anticare\AntiCare.exe” /Scan” Folders: C:\Program Files\Anticare Files: [...]
Removal Tool
Removed: defcnt.exe, wscsvc32.exe, MSDERUN.EXE, defext.dll (FakeAV – Defense Center)
Malware: C:\sand-box\ad(1).exe Removed: C:\Program Files\Defense Center\defcnt.exe C:\Documents and Settings\Administrator\Local Settings\Temp\wscsvc32.exe C:\Documents and Settings\Administrator\Local Settings\Temp\MSDERUN.EXE C:\Program Files\Defense Center\defext.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: Defense Center Author: Unknown Related File: C:\PROGRAM FILES\DEFENSE CENTER\DEFCNT.EXE Type: Registry Run Item Name: defcnt.exe Author: Unknown Related File: C:\PROGRAM FILES\DEFENSE CENTER\DEFCNT.EXE Type: Running Processes Item Name: wscsvc32.exe Author: Unknown Related File: [...]
Removal Tool
Removed: C:\Documents and Settings\All Users\Application Data\PoMobile\xupa.exe (trojan Banker)
Malware: multimedia.exe Removed: C:\Documents and Settings\All Users\Application Data\PoMobile\xupa.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: xupa.exe internacional Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\POMOBILE\XUPA.EXE Type: Registry Run Item Name: xupa.exe Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\POMOBILE\XUPA.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect [...]
Removal Tool
Removed: winyyy.sys, lsasys.exe, winhost.exe (trojan Tesefo)
Malware: ie2.exe Removed: C:\WINDOWS\system32\drivers\winyyy.sys C:\WINDOWS\system32\lsasys.exe C:\WINDOWS\system32\winhost.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: WinMSS Author: Microsoft Corporation Related File: C:\WINDOWS\system32\winhost.exe Type: Auto Services Item Name: lsasys.exe Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\LSASYS.EXE Type: Running Processes After first reboot detected by UnHackMe: Item Name: MyProt Author: Windows (R) 2000 DDK provider Related File: C:\WINDOWS\SYSTEM32\DRIVERS\WINYYY.SYS Type: Services detected [...]
Removal Tool
Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\sWx.exe (worm Pushbot)
Malware: sweetswx.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\sWx.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Windows DriversUpdate Author: QePj7FmJE Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\SWX.EXE Type: Registry Run Item Name: sWx.exe Author: Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\SWX.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Windows DriversUpdate Value: “C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sWx.exe” Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Windows DriversUpdate [...]
Removal Tool
Removed: C:\WINDOWS\skype\skype.exe (trojan Buzus/Bifrost)
Malware: skype.exe Removed: C:\WINDOWS\skype\skype.exe —————————————————————————————————————————- Detected by UnHackMe in “Multi AntiVirus scan” mode: SKYPE.EXE Default location: C:\WINDOWS\SKYPE\SKYPE.EXE MD5: 5D84A4E0E04E6474BA367570BDE72BA6 SHA1: F58BF565 D9E7BCF9 8A4E8BBF 87ABFCEF ECD6ACF6 File Size: 180 805 Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry key: HKCU\Software\Bifrost Registry key: HKLM\Software\Microsoft\Active Setup\Installed Components\{9D71D88C-C598-4935-C5D1-43AA4DB90836}\stubpath Value: “C:\WINDOWS\skype\skype.exe s” Folders: [...]
Removal Tool
Removed: Loader.exe, ATPartners.dll, didduid.ini, iOneEighty\msbb.exe (Adware.180Solutions)
Malware: RealMadrid1.exe Removed: C:\Program Files\ClearSearch\Loader.exe C:\WINDOWS\system32\ATPartners.dll C:\WINDOWS\didduid.ini C:\WINDOWS\iOneEighty\msbb.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: msbb Author: 180Solutions, Inc. Related File: C:\WINDOWS\IONEEI~1\MSBB.EXE Type: Registry Run Item Name: msbb.exe Author: 180Solutions, Inc. Related File: C:\WINDOWS\IONEEI~1\MSBB.EXE Type: Running Processes Item Name: {00000EF1-0786-4633-87C6-1AA7A44296DA} Author: Addictive Technologies Related File: C:\WINDOWS\SYSTEM32\ATPART~1.DLL Type: Browser Helper Objects Item Name: didduid.ini Author: Unknown Related [...]
Removal Tool
Removed: 360.EXE (trojan NewHeur_PE)
Removed: C:\SAND-BOX\360.EXE —————————————————————————————————————————- Detected by UnHackMe: Item Name: 360?????????? Author: 360?? Related File: C:\SAND-BOX\360.EXE Type: Registry Run 360.EXE Default location: C:\SAND-BOX\360.EXE MD5: A38FC1336C5FE071E4112C6AA0EA423F SHA1: 7E0070E2 4AF5F226 97F8D492 7DAAC6A0 E83BC160 File Size: 40 960 Version Info: OriginalFilename: 360.exe FileDescription: 360?? InternalName: 360 CompanyName: 360?? FileVersion: 1.00 LegalCopyright: 360?? ProductName: 360?? ProductVersion: 1.00 Removal Results: Success Number [...]
Removal Tool
Removed: C:\WINDOWS\system32\kevuie.exe (backdoor Xyligan)
Malware: C:\sand-box\Allusers.exe Removed: C:\WINDOWS\system32\kevuie.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: zdadfcvbtlzxkg.dll Author: Related File: C:\WINDOWS\system32\kevuie.exe Type: Auto Services Item Name: kevuie.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\KEVUIE.EXE Type: Running Processes KEVUIE.EXE – random file name Default location: C:\WINDOWS\SYSTEM32\KEVUIE.EXE MD5: 5D34D9D29C234ED6E439B305F7620990 SHA1: 5C5CEF33 57107049 3F070E46 F0B2F603 5A511FC7 File Size: 360 448 Removal Results: Success Number of reboot: [...]
Removal Tool
Removed: C:\Documents and Settings\Administrator\connect32.dll (trojan VBInject)
Malware: uploading-3(1).exe Removed: C:\Documents and Settings\Administrator\connect32.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: Network Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\CONNECT32.DLL Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Network Value: “rundll32.exe “C:\Documents and Settings\Administrator\connect32.dll”,connect” Files: C:\Documents and Settings\Administrator\connect32.dll —————————————————————————————————————————- Classification: Antivirus Version Last Update Result [...]
Removal Tool
- Remember: the best way to remove rootkits is from the outside!
