Removed: C:\WINDOWS\system32\csncui.dll (trojan PinkBlocker)
Malware: C:\sand-box\exe.exe Removed: C:\WINDOWS\system32\csncui.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: Offline Files Author: Unknown Related File: C:\WINDOWS\SYSTEM32\CSNCUI.DLL Type: Shell Icon Overlay Handlers Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Classes\CLSID\{750fdf0e-2a26-11d1-a3ea-080036587f03}\InProcServer32\ Value: “C:\WINDOWS\system32\csncui.dll” Files: C:\WINDOWS\system32\2843344071 C:\WINDOWS\system32\csncui.dll —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.09.29 Trojan:W32/Agent.DOOV Kaspersky [...]
Removal Tool
Removed: C:\WINDOWS\system32\nwcwks.dll (trojan Malf)
Malware: C:\sand-box\gggg.exe Removed: C:\WINDOWS\system32\nwcwks.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: NWCWorkstation Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\NWCWKS.DLL Type: Svchost DLLs Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\System\CurrentControlSet\Services\NWCWorkstation\Parameters\ServiceDll Value: “%SystemRoot%\system32\nwcwks.dll” Files: C:\WINDOWS\system32\nwcwks.dll —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.09.29 Dropped:Trojan.Generic.4830925 Kaspersky 7.0.0.125 2010.09.29 Trojan.Win32.Vilsel.aqnk [...]
Removal Tool
Removed: 1.exe, 44166.js, hotfix.exe, jsdfgs.bat (FakeAV – MSE)
Malware: exe.exe Removed: C:\Documents and Settings\Administrator\Application Data\1.exe C:\Documents and Settings\Administrator\Application Data\44166.js – random filename C:\Documents and Settings\Administrator\Application Data\hotfix.exe C:\Documents and Settings\Administrator\Application Data\jsdfgs.bat —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: C:\Documents and Settings\Administrator\Application Data\hotfix.exe Type: User Shell Item Name: hotfix.exe Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\HOTFIX.EXE Type: Running Processes Removal [...]
Removal Tool
Removed: C:\Program Files\Search Toolbar\SearchToolbarUpdater.exe (adware Search Toolbar)
Malware: SearchToolbarSetup_v1_1_0_4.exe Removed: C:\Program Files\Search Toolbar\SearchToolbarUpdater.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: {9D425283-D487-4337-BAB6-AB8354A81457} Author: Related File: C:\PROGRAM FILES\SEARCH TOOLBAR\SEARCHTOOLBAR.DLL Type: Browser Helper Objects Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\InprocServer32\ Value: “C:\Program Files\Search Toolbar\SearchToolbar.dll” Folders: C:\Program Files\Search Toolbar\ Files: C:\Program Files\Search Toolbar\SearchToolbar.dll C:\Program Files\Search Toolbar\SearchToolbarUpdater.exe C:\Program [...]
Removal Tool
Removed: C:\Documents and Settings\All Users\Application Data\Twitter\Twitter.exe (trojan Banker)
Malware: mobile7.exe Removed: C:\Documents and Settings\All Users\Application Data\Twitter\Twitter.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Twitter.exe Espanha Author: Twitter Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\TWITTER\TWITTER.EXE Type: Registry Run Item Name: Twitter.exe Author: Twitter Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\TWITTER\TWITTER.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect [...]
Removal Tool
Removed: C:\Documents and Settings\Administrator\Server\srv32.exe (trojan BrowHost)
Malware: exe.exe Removed: C:\Documents and Settings\Administrator\Server\srv32.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: httpd Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\SERVER\SRV32.EXE Type: Registry Run Item Name: srv32.exe Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\SERVER\SRV32.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\httpd Value: “”C:\Documents and [...]
Removal Tool
Removed: C:\Documents and Settings\Administrator\Application Data\Microsoft\svchost.exe (trojan Swisyn)
Malware: exe.exe Removed: C:\Documents and Settings\Administrator\Application Data\Microsoft\svchost.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: svchost Author: Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MICROSOFT\SVCHOST.EXE Type: Registry Run Item Name: svchost.exe Author: Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MICROSOFT\SVCHOST.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\svchost Value: “C:\Documents [...]
Removal Tool
Google Redirects to 212.117.178.25
The virus adds a line to the Windows hosts file: 212.117.178.25 www.google.com Removal: Remove Google search redirection line from hosts file. Default hosts files location: C:\WINDOWS\system32\drivers\etc\hosts Remove it now!
Removal Tool
Removed: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\chkntfs.exe (trojan Carberp)
Malware: glebk.exe Removed: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\chkntfs.exe —————————————————————————————————————————- Detected by UnHackMe: – none – After first reboot detected by UnHackMe: Item Name: chkntfs.exe Author: Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\START MENU\PROGRAMS\STARTUP\CHKNTFS.EXE Type: Startup Folder Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Files: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\chkntfs.exe —————————————————————————————————————————- Classification: Antivirus [...]
Removal Tool
Removed: hotfix.exe, jsdfgs.bat, gilavof.dll, hejitav.exe (FakeAV – MSE)
Malware: qoql2uc.exe Removed: C:\Documents and Settings\Administrator\Application Data\hotfix.exe C:\Documents and Settings\Administrator\Application Data\jsdfgs.bat C:\WINDOWS\system32\gilavof.dll C:\WINDOWS\system32\hejitav.exe —————————————————————————————————————————- Related links: http://greatis.com/blog/how-to-remove-malware/hotfix-exe-fakeav-mse.htm http://greatis.com/blog/how-to-remove-malware/antispy-exe-at1-job-at24-job-fakeav-mse.htm http://greatis.com/blog/how-to-remove-malware/removed-antispy-exe-fakeav-pest-detector-aka-red-cross-antivirus-antispy-safeguard-peak-protection-2010-major-defense-kit.htm —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: C:\Documents and Settings\Administrator\Application Data\hotfix.exe Type: User Shell Item Name: AppInit_DLLs Author: Unknown Related File: C:\WINDOWS\system32\gilavof.dll Type: List of Injected DLLs Item Name: risosig Author: Unknown [...]
Removal Tool
Removed: C:\Program Files\howcodec\howcodecband.dll, howcodecopen.exe, HowCodec_Update.exe (adware HowCodec)
Malware: HowCodecSetup_down.exe Removed: C:\Program Files\howcodec\howcodecband.dll C:\Program Files\howcodec\howcodecopen.exe C:\Program Files\howcodec\HowCodec_Update.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: {5D19999A-E977-46A5-BD6A-6E816262F399} Author: Unknown Related File: C:\PROGRA~1\HOWCODEC\HOWCOD~1.DLL Type: Browser Helper Objects HOWCODECOPEN.EXE Default location: C:\PROGRAM FILES\HOWCODEC\HOWCODECOPEN.EXE MD5: C85D708FB7CAC0528814BB9F30714053 SHA1: AF5E2834 7E82D69F CAB9A6CD 2A56F7B5 08F58B67 File Size: 343 208 HOWCODEC_UPDATE.EXE Default location: C:\PROGRAM FILES\HOWCODEC\HOWCODEC_UPDATE.EXE MD5: CB81E8915153BC536E5118A419B52FA1 SHA1: 9235D3DD D646172A 740603CE 60BC3CAA FAE17C32 [...]
Removal Tool
Removed: C:\WINDOWS\system32\svchost32.exe (backdoor Poison)
Malware: java.exe Removed: C:\WINDOWS\system32\svchost32.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: {495BE881-26BE-F19F-8306-F904F4948F27} Author: Unknown Related File: C:\WINDOWS\SYSTEM32\SVCHOST32.EXE Type: ActiveSetup Item Name: svchost32.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\SVCHOST32.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Active Setup\Installed Components\{495BE881-26BE-F19F-8306-F904F4948F27}\StubPath Value: 43 3A 5C 57 49 4E 44 [...]
Removal Tool
Removed: C:\Program Files\DoctorV\DoctorV.exe, DoctorVLaunch.exe, DoctorVUp.exe (adware DoctorV)
Malware: DoctorVSetup.exe Removed: C:\Program Files\DoctorV\DoctorV.exe C:\Program Files\DoctorV\DoctorVLaunch.exe C:\Program Files\DoctorV\DoctorVUp.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: DoctorV Author: Unknown Related File: C:\PROGRAM FILES\DOCTORV\DOCTORVLAUNCH.EXE Type: Registry Run Item Name: DoctorVUp.exe Author: Unknown Related File: C:\PROGRAM FILES\DOCTORV\DOCTORVUP.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\DoctorVUp.exe\ Value: [...]
Removal Tool
Removed: C:\Program Files\FreeAniViewer\freeani.exe, freeaniuc.exe (adware FreeAniViewer)
Malware: update_check.exe Removed: C:\Program Files\FreeAniViewer\freeani.exe C:\Program Files\FreeAniViewer\freeaniuc.exe —————————————————————————————————————————- Detected by UnHackMe: FREEANIUC.EXE Default location: C:\PROGRAM FILES\FREEANIVIEWER\FREEANIUC.EXE MD5: F710688DF86E0AD95C1584CF17032EC9 SHA1: 96F0E5C1 5B7AD16E 40E15C02 F2FC2654 69658636 File Size: 66 304 FREEANI.EXE Default location: C:\PROGRAM FILES\FREEANIVIEWER\FREEANI.EXE MD5: 27A84D7CA382E1FB076719BC686BD720 SHA1: 6FA076F3 B990C242 FFF55A4A 9E33C5F7 3F8B1C80 File Size: 78 592 Version Info: OriginalFilename: freeani.exe FileDescription: ?????? freeani InternalName: ?????? freeani [...]
Removal Tool
Removed: ACCESS.EXE, b478.dll (adware QuestBrowser)
Malware: C:\SAND-BOX\ACCESS.EXE Removed: C:\SAND-BOX\ACCESS.EXE C:\WINDOWS\system32\b478.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: GabPath Author: Related File: C:\Documents and Settings\Administrator\Application Data\GabPath\gabpath.exe Type: Registry Run Item Name: {AA06F25D-BA45-49C1-9878-ACA25C74EFD7} Author: Related File: C:\WINDOWS\SYSTEM32\B478.DLL Type: Browser Helper Objects Item Name: {AA06F25C-BA45-49C1-9878-ACA25C74EFD7} Author: Related File: 0 Type: Toolbars Item Name: Bar Author: Unknown Related File: C:\SAND-BOX\ACCESS.EXE Type: Registry Run Removal Results: [...]
Removal Tool
Removed: C:\inetserver.exe\inetserver.exe (trojan Jorik.SpyEyes)
Malware: C:\sand-box\build1.exe Removed: C:\inetserver.exe\inetserver.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: inetserver.exe Author: Unknown Related File: C:\INETSERVER.EXE\INETSERVER.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\inetserver.exe Value: “C:\inetserver.exe\inetserver.exe” Folders: C:\inetserver.exe\ Files: C:\inetserver.exe\config.bin C:\inetserver.exe\inetserver.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.09.25 Trojan.Injector.EQ Kaspersky 7.0.0.125 [...]
Removal Tool
Removed: C:\Documents and Settings\All Users\Application Data\Microsoft\Network\explorer.exe (worm Rayon)
Malware: C:\sand-box\cw2010.exe Removed: C:\Documents and Settings\All Users\Application Data\Microsoft\Network\explorer.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Policies Author: Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\EXPLORER.EXE Type: Explorer Run Item Name: DCOM Client Launcher Author: Related File: C:\Documents and Settings\All Users\Application Data\Microsoft\Network\explorer.exe /service Type: Auto Services Item Name: explorer.exe Author: Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\EXPLORER.EXE Type: [...]
Removal Tool
Removed: C:\WINDOWS\system32\gepn.fyo (trojan Oficla)
Malware: C:\sand-box\exe.exe Removed: C:\WINDOWS\system32\gepn.fyo —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe gepn.fyo errpmn Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe gepn.fyo errpmn” Folders: C:\Documents and Settings\Administrator\Local Settings\Temp\VBE Files: C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\VB11.pip C:\Documents and [...]
Removal Tool
Removed: C:\WINDOWS\system32\drivers\swe.sys, C:\WINDOWS\system32\swe.dll (trojan Tinxy)
Malware: p.exe Removed: C:\WINDOWS\system32\drivers\swe.sys C:\WINDOWS\system32\swe.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: sswe Author: swe Related File: C:\WINDOWS\SYSTEM32\SWE.DLL Type: Svchost DLLs Item Name: swe.sys Author: swe Related File: C:\WINDOWS\SYSTEM32\DRIVERS\SWE.SYS Type: Drivers Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\System\CurrentControlSet\Services\sswe\parameters\servicedll Value: “C:\WINDOWS\system32\swe.dll” Registry: HKLM\System\CurrentControlSet\Services\sswe\ImagePath Value: “C:\WINDOWS\system32\svchost.exe -k sswe” Registry: [...]
Removal Tool
Removed: hotfix.exe (FakeAV – MSE)
Malware: exe.exe Removed: C:\Documents and Settings\Administrator\Application Data\hotfix.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: C:\Documents and Settings\Administrator\Application Data\hotfix.exe Type: User Shell Item Name: hotfix.exe Author: SoftMosters AG Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\HOTFIX.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: [...]
Removal Tool
Removed: pDsktp.exe, Dotop.lnk (trojan Trufip)
Malware: Par73.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\pDsktp.exe C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dotop.lnk —————————————————————————————————————————- Detected by UnHackMe: Item Name: Dotop.lnk Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\RARSFX0\PDSKTP.EXE Type: Startup Folder Item Name: pDsktp.exe Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\RARSFX0\PDSKTP.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect [...]
Removal Tool
Removed: bfky.ojo, tkopqn.exe, ybao.exe, wuaucldt.exe, mssrv32.exe, wuaucldt.exe (trojan downloader Harnig, trojan Oficla)
Malware: C:\sand-box\ispcoms.exe Removed: C:\WINDOWS\system32\bfky.ojo C:\Documents and Settings\Administrator\Local Settings\Temp\tkopqn.exe C:\Documents and Settings\Administrator\Local Settings\Temp\ybao.exe C:\Documents and Settings\Administrator\wuaucldt.exe C:\WINDOWS\system32\mssrv32.exe C:\WINDOWS\system32\wuaucldt.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: taskman Author: Related File: C:\Documents and Settings\Administrator\Application Data\ohydy.exe Type: Winlogon System Item Name: msupdate Author: Related File: c:\windows\system32\mssrv32.exe Type: Auto Services Item Name: wuaucldt Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\WUAUCLDT.EXE Type: [...]
Removal Tool
Removed: smx4pnp.dll, anhzxc.exe, anszxc10.dll, anszxc20.dll, nvsvc.exe (trojan Obfuscator)
Malware: C:\sand-box\s.exe Removed: C:\Documents and Settings\Administrator\Microsoft\smx4pnp.dll C:\WINDOWS\system32\anhzxc.exe C:\WINDOWS\system32\anszxc10.dll C:\WINDOWS\system32\anszxc20.dll C:\WINDOWS\system32\nvsvc.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: {C8414FA0-BA90-4600-B7EA-0CEFAF5A0636} Author: Related File: C:\WINDOWS\SYSTEM32\ANSZXC20.DLL Type: Browser Helper Objects Item Name: anhzxc.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\ANHZXC.EXE Type: Detected using Heuristic Algorithm Item Name: anszxc10.dll Author: Unknown Related File: C:\WINDOWS\SYSTEM32\ANSZXC10.DLL Type: Detected using Heuristic Algorithm Item Name: smx4pnp Author: [...]
Removal Tool
Removed: SaveNow.exe, sporder.dllmnewdotnet3_36.dll (adware SaveNow)
Malware: ss2r2.exe Removed: C:\Program Files\SaveNow\SaveNow.exe C:\WINDOWS\system32\sporder.dll C:\WINDOWS\newdotnet3_36.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: newdotnet3_36.dll Author: New.net, Inc. Related File: C:\WINDOWS\NEWDOTNET3_36.DLL Type: WinSock2 Components Item Name: NEWDOT~1.DLL Author: New.net, Inc. Related File: C:\WINDOWS\NEWDOT~1.DLL Type: WinSock2 Components Item Name: New.net Startup Author: New.net, Inc. Related File: C:\WINDOWS\NEWDOT~1.DLL Type: Registry Run Item Name: SaveNow Author: WhenU.com, Inc. Related [...]
Removal Tool
Removed: C:\windowsdvd.exe\windowsdvd.exe (trojan Jorik.SpyEyes)
Malware: C:\sand-box\exe.exe Removed: C:\windowsdvd.exe\windowsdvd.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: windowsdvd.exe Author: Unknown Related File: C:\WINDOWSDVD.EXE\WINDOWSDVD.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\windowsdvd.exe Value: “C:\windowsdvd.exe\windowsdvd.exe” Files: C:\windowsdvd.exe\config.bin C:\windowsdvd.exe\windowsdvd.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.09.22 Trojan.Generic.KD.39439 Kaspersky 7.0.0.125 2010.09.22 Trojan.Win32.Jorik.SpyEyes.ck [...]
Removal Tool
Removed: ..\Application Data\WinDoS.exe (backdoor LolBot)
Malware: Audio.exe Removed: C:\Documents and Settings\Administrator\Application Data\WinDoS.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: taskman Author: Microsoft Corporation Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WINDOS.EXE Type: Winlogon System Item Name: WinDoS Author: Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WINDOS.EXE Type: Registry Run Item Name: WinDoS.exe Author: Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WINDOS.EXE Type: Running Processes Removal Results: Success [...]
Removal Tool
Removed: hanruo.exe, hanruo10.dll, hanruo20.dll (worm Taterf)
Malware: C:\sand-box\next.exe Removed: C:\WINDOWS\system32\hanruo.exe C:\WINDOWS\system32\hanruo10.dll C:\WINDOWS\system32\hanruo20.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: {DA7060E6-F54B-42AE-A337-7D26827AA890} Author: Related File: C:\WINDOWS\SYSTEM32\HANRUO20.DLL Type: Browser Helper Objects Item Name: hanruo.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\HANRUO.EXE Type: Detected using Heuristic Algorithm Item Name: hanruo10.dll Author: Unknown Related File: C:\WINDOWS\SYSTEM32\HANRUO10.DLL Type: Detected using Heuristic Algorithm Item Name: hanruo Author: Unknown Related File: C:\WINDOWS\SYSTEM32\HANRUO.EXE [...]
Removal Tool
Removed: C:\Program Files\VaccineLab\VaccineLab.exe (FakeAV – VaccineLab)
Malware: vaccinelab_setup.exe Removed: C:\Program Files\VaccineLab\VaccineLab.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: VaccineLabMain Author: Ebiz Networks Related File: C:\PROGRAM FILES\VACCINELAB\VACCINELAB.EXE Type: Registry Run Item Name: VaccineLab.exe Author: Ebiz Networks Related File: C:\PROGRAM FILES\VACCINELAB\VACCINELAB.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\VaccineLabMain Value: “”C:\Program Files\VaccineLab\VaccineLab.exe” /Scan” [...]
Removal Tool
Removed: idse.exe, comsats.sys, msrcqxbq.dll, szetyj67v.exe, szetyj67vx.exe, svc2.exe Restored: USERINIT.EXE (trojan VB)
Malware: kp.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\idse.exe C:\WINDOWS\system32\comsats.sys C:\WINDOWS\system32\msrcqxbq.dll C:\WINDOWS\system32\szetyj67v.exe C:\WINDOWS\system32\szetyj67vx.exe C:\WINDOWS\svc2.exe Restored: C:\WINDOWS\SYSTEM32\USERINIT.EXE —————————————————————————————————————————- Detected by UnHackMe: Item Name: NetLog2 Author: Related File: C:\WINDOWS\SVC2.EXE Type: Registry Run Item Name: szetyj67v Author: Related File: C:\WINDOWS\SYSTEM32\SZETYJ67V.EXE Type: Registry Run Item Name: szetyj67vx Author: Related File: C:\WINDOWS\SYSTEM32\SZETYJ67VX.EXE Type: Registry Run Item Name: szetyj67v.exe Author: Related File: C:\WINDOWS\SYSTEM32\SZETYJ67V.EXE [...]
Removal Tool
Removed: C:\winsurfxxx.exe\winsurfxxx.exe (trojan SpyEye)
Malware: C:\sand-box\exe.exe Removed: C:\winsurfxxx.exe\winsurfxxx.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: winsurfxxx.exe Author: Unknown Related File: C:\WINSURFXXX.EXE\WINSURFXXX.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\winsurfxxx.exe Value: “C:\winsurfxxx.exe\winsurfxxx.exe” Folders: C:\winsurfxxx.exe\ Files: C:\winsurfxxx.exe\config.bin C:\winsurfxxx.exe\winsurfxxx.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.09.21 Trojan.Generic.KD.39075 Kaspersky 7.0.0.125 [...]
Removal Tool
- Remember: the best way to remove rootkits is from the outside!
