Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\36296.txt (trojan OnLineGames)
Malware: DrDamage.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\36296.txt —————————————————————————————————————————- Detected by UnHackMe: Item Name: Configuring Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\36296.TXT Type: Registry Run After first reboot detected by UnHackMe: Item Name: Configuring Author: Related File: rundll32.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\36296.txt,M Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Configuring [...]
Removal Tool
Removed: C:\Documents and Settings\Administrator\Application Data\Bitrix Security\podzce.dll (trojan Ambler)
Malware: C:\sand-box\usa.exe Removed: C:\Documents and Settings\Administrator\Application Data\Bitrix Security\podzce.dll —————————————————————————————————————————- Detected by UnHackMe: PODZCE.DLL Default location: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\BITRIX SECURITY\PODZCE.DLL MD5: A0708A303EB62BBC274EE01577036CF1 SHA1: 5B0A4F48 60301DF0 AB860EE8 1F7A99BF D0A32A34 File Size: 50 688 Version Info: FileDescription: Silverlight InternalName: Silverlight CompanyName: Silverlight LLC FileVersion: 9,4,3,2 LegalCopyright: Silverlight LLC LegalTrademarks: Silverlight LLC ProductName: Silverlight ProductVersion: 9,4,3,2 Removal Results: [...]
Removal Tool
Removed: cc27e340.exe, cc27e340.job (rootkit TDSS)
Malware: C:\sand-box\setu3p.exe Removed: C:\Documents and Settings\Administrator\Application Data\cc27e340.exe C:\WINDOWS\Tasks\cc27e340.job —————————————————————————————————————————- Detected by UnHackMe: Item Name: DNS Author: This may cause redirects to the malicious sites. Current Setting: 93.188.162.241,93.188.160.51 93.188.162.241,93.188.160.51 Type: DNS Changer Item Name: cc27e340 Author: Blog do Birungueta Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\CC27E340.EXE Type: Scheduled Tasks Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- [...]
Removal Tool
Removed: C:\WINDOWS\svchost.exe (backdoor Turkojan)
Malware: system32.exe Removed: C:\WINDOWS\svchost.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: DarkCometRAT Author: BCN Related File: C:\WINDOWS\SVCHOST.EXE Type: Registry Run Item Name: svchost.exe Author: BCN Related File: C:\WINDOWS\SVCHOST.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\DarkCometRAT Value: “C:\WINDOWS\svchost.exe” Files: C:\WINDOWS\svchost.exe —————————————————————————————————————————- Classification: Antivirus Version Last [...]
Removal Tool
Removed: C:\WINDOWS\down\fiefox.exe, C:\WINDOWS\up\svchost.exe (trojan puZ@ay312Jli)
Malware: service.exe Removed: C:\WINDOWS\down\fiefox.exe C:\WINDOWS\up\svchost.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: ipsock Author: Related File: c:\windows\up\svchost.exe Type: Auto Services Item Name: winap Author: Unknown Related File: C:\WINDOWS\DOWN\FIEFOX.EXE Type: Registry Run Item Name: svchost.exe Author: Unknown Related File: C:\WINDOWS\UP\SVCHOST.EXE Type: Running Processes Item Name: fiefox.exe Author: Unknown Related File: C:\WINDOWS\DOWN\FIEFOX.EXE Type: Running Processes Removal Results: Success [...]
Removal Tool
Removed: C:\WINDOWS\Help\winiogln.exe (trojan Cosmu)
Malware: main.exe Removed: C:\WINDOWS\Help\winiogln.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: winiogln Author: Unknown Related File: C:\WINDOWS\HELP\WINIOGLN.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\winiogln Value: “C:\WINDOWS\Help\winiogln.exe” Folders: C:\WINDOWS\cache\ Files: C:\WINDOWS\Help\egqi.exe C:\WINDOWS\Help\winiogln.exe C:\WINDOWS\cache\mgr.vbs —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.10.29 Trojan.Generic.5014966 Microsoft [...]
Removal Tool
Removed: drweb.exe (trojan Ertfor)
Malware: C:\sand-box\drweb.exe Removed: C:\sand-box\drweb.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: TYpsb Author: Microsoft Corporation Related File: C:\SAND-BOX\DRWEB.EXE Type: Registry Run Item Name: drweb.exe Author: Microsoft Corporation Related File: C:\SAND-BOX\DRWEB.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\TYpsb HKCU\Software\Microsoft\Windows\CurrentVersion\Run\TYpsb —————————————————————————————————————————- Classification: Antivirus Version Last Update [...]
Removal Tool
Removed: C:\Documents and Settings\Administrator\Application Data\ltzqai.exe (trojan Bflient)
Malware: ltzqai.exe Removed: C:\Documents and Settings\Administrator\Application Data\ltzqai.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: taskman Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\LTZQAI.EXE Type: Winlogon System Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman Value: “C:\Documents and Settings\Administrator\Application Data\ltzqai.exe” Files: C:\Documents and Settings\Administrator\Application Data\ltzqai.exe —————————————————————————————————————————- Classification: Antivirus [...]
Removal Tool
Malware: My-Guests.exe (change Windows HOSTS file)
Malware: My-Guests.exe —————————————————————————————————————————- How to quickly detect malware presence? Files modified: C:\WINDOWS\system32\drivers\etc\hosts —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.10.29 – Kaspersky 7.0.0.125 2010.10.29 – Microsoft 1.6301 2010.10.29 – NOD32 5573 2010.10.29 – —————————————————————————————————————————- MD5 a03c895522d1ee6ace5fe1d538766a5b SHA1 842825abf44526cf21386cf8bdfbac9517d17e70 SHA256 3e4b0e1fc1d2ae2c1a915187c3391c71deb5cd479f7c7f68a443231bdc32ac67 —————————————————————————————————————————- Remove it now!
Removal Tool
Removed: C:\WINDOWS\system32\drivers\fwqzdr.sys (trojan Rustock)
Malware: DATEA0B.tmp.exe Removed: C:\WINDOWS\system32\drivers\fwqzdr.sys —————————————————————————————————————————- Detected by UnHackMe: – none – After first reboot detected by UnHackMe: Item Name: rfjpujuqic Author: Related File: C:\WINDOWS\SYSTEM32\DRIVERS\FWQZDR.SYS Type: Services detected by Partizan Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\System\CurrentControlSet\Services\rfjpujuqic\ImagePath Value: “system32\drivers\fwqzdr.sys” Files: C:\WINDOWS\system32\drivers\fwqzdr.sys C:\WINDOWS\system32\drivers\str.sys —————————————————————————————————————————- Classification: Antivirus Version Last [...]
Removal Tool
Removed: shell.exe, svchost.exe, dwm.exe (backdoor Cycbot)
Malware: pm2.exe Removed: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\shell.exe C:\Documents and Settings\Administrator\Application Data\Microsoft\svchost.exe C:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell.exe Author: Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MICROSOFT\WINDOWS\SHELL.EXE Type: Running Processes Item Name: shell Author: Unknown Related File: explorer.exe,C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\shell.exe Type: User Shell Item Name: svchost Author: Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION [...]
Removal Tool
Removed: C:\Program Files\Adware Professional\Adware Professional.exe (FakeAV – Adware Professional)
Malware: setup.exe Removed: C:\Program Files\Adware Professional\Adware Professional.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Adware Professional Author: Related File: C:\PROGRAM FILES\ADWARE PROFESSIONAL\ADWARE PROFESSIONAL.EXE Type: Registry Run Item Name: Adware Professional.exe Author: Related File: C:\PROGRAM FILES\ADWARE PROFESSIONAL\ADWARE PROFESSIONAL.EXE Type: Running Processes After first reboot detected by UnHackMe: Item Name: mchInjDrv Author: Related File: \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp Type: Services detected [...]
Removal Tool
Removed: f2ddll.dll, f2dupdater.exe, f2dux.exe (adware Kraddare)
Malware: f2dins.exe Removed: C:\Program Files\F2Day\f2ddll.dll C:\Program Files\F2Day\f2dupdater.exe C:\Program Files\F2Day\f2dux.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: {91C1AE56-D2C9-4017-8BF1-75EA182CEB38} Author: Related File: C:\PROGRA~1\F2DAY\F2DDLL.DLL Type: Browser Helper Objects Item Name: F2Day Author: Related File: C:\PROGRAM FILES\F2DAY\F2DUPDATER.EXE Type: Registry Run Item Name: F2DayUpdate Author: Related File: C:\PROGRAM FILES\F2DAY\F2DUX.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How [...]
Removal Tool
Removed: C:\WINDOWS\system32\Backdoor.exe (backdoor Poison)
Malware: spy.exe Removed: C:\WINDOWS\system32\Backdoor.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Backdoor Author: Unknown Related File: C:\WINDOWS\SYSTEM32\BACKDOOR.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Backdoor Value: 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 [...]
Removal Tool
Removed: ppackhelper.dll, PLUSPACKNT.EXE (trojan NewHeur_PE)
Malware: c:\sand-box\pluspackat.exe Removed: C:\Program Files\PlusPackNT\update\ppackhelper.dll C:\PROGRAM FILES\PLUSPACKNT\PLUSPACKNT.EXE —————————————————————————————————————————- Detected by UnHackMe: Item Name: {EA74F018-6EB0-473D-B44D-E5905DC8E760} Author: Unknown Related File: C:\PROGRA~1\PLUSPA~1\PPACKH~1.DLL Type: Browser Helper Objects Item Name: PlusPackNT Author: Unknown Related File: C:\SAND-BOX\PLUSPACKAT.EXE Type: Registry Run Item Name: pluspacknt.exe Author: Unknown Related File: C:\PROGRAM FILES\PLUSPACKNT\PLUSPACKNT.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How [...]
Removal Tool
Removed: cdaudiex.sys, fdc2k.sys, gameennt.sys, eapcache.dll, ras32.dll (KeyLogger EliteKeylogger)
Malware: elikl.exe Removed: C:\WINDOWS\system32\drivers\cdaudiex.sys C:\WINDOWS\system32\drivers\fdc2k.sys C:\WINDOWS\system32\drivers\gameennt.sys C:\WINDOWS\system32\eapcache.dll C:\WINDOWS\system32\ras32.dll —————————————————————————————————————————- Detected by UnHackMe: – none – Detected by RegRun Warrior: 1. RegRun Examiner: CDAUDIEX.SYS Default location: C:\WINDOWS\SYSTEM32\DRIVERS\CDAUDIEX.SYS MD5: 29910F2232AAE1DB510BB737E835E4D6 SHA1: BCB89497 DF004161 183AC80B 4F8786DC C9B1C2BB File Size: 25 088 FDC2K.SYS Default location: C:\WINDOWS\SYSTEM32\DRIVERS\FDC2K.SYS MD5: 50F4FAEAF5C537859CD69C94A8588855 SHA1: F558371B 86A2DBCD 6B991561 0C6668A4 17B1C565 File Size: 507 904 GAMEENNT.SYS [...]
Removal Tool
Removed: C:\Program Files\Hotspot_Shield\tbHots.dll (adware HotSpotShield)
Malware: HSS-1.52-install-anchorfree-76-conduit.exe Removed: C:\Program Files\Hotspot_Shield\tbHots.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: {c95a4e8e-816d-4655-8c79-d736da1adb6d} Author: Conduit Ltd. Related File: C:\PROGRAM FILES\HOTSPOT_SHIELD\TBHOTS.DLL Type: Browser Helper Objects Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Classes\CLSID\{7EBD33D8-42BF-4F4B-AB3C-C2006B4593E2}\InprocServer32\ Value: “C:\Program Files\Hotspot_Shield\tbHots.dll” Registry: HKLM\Software\Classes\CLSID\{B7B22493-6C6A-43F8-B409-E8F1CBC7764C}\InprocServer32\ Value: “C:\Program Files\Hotspot_Shield\tbHots.dll” Registry: HKLM\Software\Classes\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}\InprocServer32\ Value: “C:\Program Files\Hotspot_Shield\tbHots.dll” Folders: C:\Program Files\Hotspot [...]
Removal Tool
Removed: \wiselink\sgwt.dll, sgwt.exe (adware – KwSearchGuide)
Malware: duo.exe Removed: C:\Program Files\wiselink\sgwt.dll C:\Program Files\wiselink\sgwt.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: sgwt_5027 Author: Related File: C:\PROGRAM FILES\WISELINK\SGWT.EXE Type: Registry Run Item Name: sgwt.exe Author: Related File: C:\PROGRAM FILES\WISELINK\SGWT.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\sgwt_5027 Value: “C:\Program Files\wiselink\sgwt.exe” Files: C:\Program Files\wiselink\sgwt.dll [...]
Removal Tool
Removed: C:\Documents and Settings\All Users\Application Data\QueryBrowser\querybrowser110.exe, C:\Program Files\QueryBrowser\querybrowser.dll (BrowserModifier – Zwangi)
Malware: querybrowser-setup.exe Removed: C:\Documents and Settings\All Users\Application Data\QueryBrowser\querybrowser110.exe C:\Program Files\QueryBrowser\querybrowser.dll —————————————————————————————————————————- Detected by UnHackMe: QUERYBROWSER.DLL Default location: C:\PROGRAM FILES\QUERYBROWSER\QUERYBROWSER.DLL MD5: 7D4F7AAD592530C3857864574EA0C687 SHA1: 310F5816 5FEA4263 B8059E25 5D016175 935ABA14 File Size: 577 536 Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\System\CurrentControlSet\Services\QueryBrowser Service\ImagePath Value: “”C:\Documents and Settings\All Users\Application Data\QueryBrowser\querybrowser110.exe” “C:\Program [...]
Removal Tool
Removed: ohydy.exe, wminit.exe, dlo1.dll, At1.job (trojan Kazy)
Malware: C:\sand-box\Play_Video38901_Click_Run.exe Removed: C:\Documents and Settings\Administrator\Application Data\ohydy.exe C:\Program Files\Common Files\System\wminit.exe C:\WINDOWS\system32\dlo1.dll C:\WINDOWS\Tasks\At1.job —————————————————————————————————————————- Detected by UnHackMe: Item Name: taskman Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\OHYDY.EXE Type: Winlogon System Item Name: {CD028965-4654-4D8D-A0E9-16915787E3A2} Author: evroyydgov Corporation Related File: C:\WINDOWS\SYSTEM32\DLO1.DLL Type: Browser Helper Objects Item Name: Enhanced Storage Author: evroyydgov Corporation Related File: C:\WINDOWS\SYSTEM32\DLO1.DLL Type: Shell [...]
Removal Tool
Removed: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows Firewall\WIN32.exe (trojan Agent)
Malware: explorer.exe Removed: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows Firewall\WIN32.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Network Connection ID:{78YRY8vh-9mm2-76M6-giPg-078j77mIgugA} Author: Microsoft Windows Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MICROSOFT\WINDOWS FIREWALL\WIN32.EXE Type: ActiveSetup After first reboot detected by UnHackMe: Item Name: Network Connection ID:{78YRY8vh-9mm2-76M6-giPg-078j77mIgugA} Author: Related File: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows Firewall\WIN32.exe Type: ActiveSetup Removal Results: Success Number of [...]
Removal Tool
Removed: C:\Documents and Settings\Administrator\Application Data\Bitrix Security\tuduewai.dll (worm Ambler)
Malware: C:\sand-box\h1.exe Removed: C:\Documents and Settings\Administrator\Application Data\Bitrix Security\tuduewai.dll —————————————————————————————————————————- Detected by UnHackMe: TUDUEWAI.DLL Default location: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\BITRIX SECURITY\TUDUEWAI.DLL MD5: 37E099201679B362B56CB3239B7AEE62 SHA1: 8623BD46 A3965559 DD18455B 9BB23B61 0A1F5D1B File Size: 54 784 Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Active Setup\Installed Components\{BCA4BCBE-EB6E-406B-B990-3BEBF3024B3B}\StubPath Value: “rundll32.exe “C:\Documents and Settings\Administrator\Application [...]
Removal Tool
Removed: C:\WINDOWS\system32\9283\VSMY.exe (trojan Ardamax)
Malware: Install.exe Removed: C:\WINDOWS\system32\9283\VSMY.exe —————————————————————————————————————————- Detected by UnHackMe: – none – After first reboot detected by UnHackMe: Item Name: VSMY Agent Author: Unknown Related File: C:\WINDOWS\SYSTEM32\9283\VSMY.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\VSMY Agent Value: “C:\WINDOWS\system32\9283\VSMY.exe” Files: C:\WINDOWS\system32\9283\AKV.exe C:\WINDOWS\system32\9283\VSMY.001 C:\WINDOWS\system32\9283\VSMY.006 C:\WINDOWS\system32\9283\VSMY.007 C:\WINDOWS\system32\9283\VSMY.exe —————————————————————————————————————————- [...]
Removal Tool
Removed: C:\Windows\temp\spoolsv\spoolsv.exe (backdoor Zapchast)
Malware: postcard2.JPEG.exe Removed: C:\Windows\temp\spoolsv\spoolsv.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: spoolsv Author: mIRC Co. Ltd. Related File: C:\WINDOWS\TEMP\SPOOLSV\SPOOLSV.EXE Type: Registry Run Item Name: spoolsv.exe Author: mIRC Co. Ltd. Related File: C:\WINDOWS\TEMP\SPOOLSV\SPOOLSV.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\spoolsv Value: “”C:\Windows\temp\spoolsv\spoolsv.exe”” Folders: C:\WINDOWS\Temp\spoolsv\ Files: [...]
Removal Tool
Removed: C:\WINDOWS\system32\sys32.exe (trojan Banker)
Malware: sysv.exe Removed: C:\WINDOWS\system32\sys32.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Windows Movie Maker Author: Unknown Related File: C:\WINDOWS\SYSTEM32\SYS32.EXE Type: Registry Run Item Name: sys32.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\SYS32.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Windows Movie Maker Value: “C:\WINDOWS\system32\sys32.exe” Files: C:\WINDOWS\system32\reg_0055.txt C:\WINDOWS\system32\sys32.exe [...]
Removal Tool
Removed: himax7070610000intense.exe (FakeAV – Antimalware Doctor)
Malware: himax7070610000intense.exe Removed: himax7070610000intense.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: himax7070610000intense.exe Author: ?????????? ?????????? Related File: C:\SAND-BOX\HIMAX7070610000INTENSE.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\himax7070610000intense.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.10.25 Gen:Variant.Kazy.2114 Kaspersky 7.0.0.125 2010.10.25 – Microsoft 1.6301 2010.10.25 Rogue:Win32/FakeYak [...]
Removal Tool
Removed: C:\WINDOWS\msvcp8.dll (trojan OnLineGames)
Malware: C:\sand-box\05.exe Removed: C:\WINDOWS\msvcp8.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: CDBurn Author: Unknown Related File: C:\WINDOWS\MSVCP8.DLL Type: Shell Services DelayLoad Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32\ Value: “C:\WINDOWS\msvcp8.dll” Files: C:\WINDOWS\java\trustlib\ae94d5b7.dll “C:\WINDOWS\msvcp8.dll” —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.10.19 – Kaspersky 7.0.0.125 2010.10.19 [...]
Removal Tool
Removed: inertno.exe, SonndMan.exe (trojan VB)
Malware: C:\sand-box\26.exe Removed: C:\WINDOWS\system32\inertno.exe C:\WINDOWS\SonndMan.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: helpsvc Author: 1 Related File: C:\WINDOWS\system32\inertno.exe Type: Auto Services Item Name: SonndMan.exe Author: 1 Related File: C:\WINDOWS\SONNDMAN.EXE Type: Running Processes After first reboot detected by UnHackMe: Item Name: SoundMan Author: Related File: SonndMan.exe Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- [...]
Removal Tool
Removed: msimg42.dll, sfcos.dll Restored: msimg32.dll (trojan OnLineGames)
Malware: C:\sand-box\12.exe Removed: C:\WINDOWS\system32\msimg42.dll C:\WINDOWS\system32\sfcos.dll Restored: C:\WINDOWS\system32\msimg32.dll —————————————————————————————————————————- Detected by UnHackMe: MSIMG32.DLL Default location: C:\WINDOWS\system32\MSIMG32.DLL MD5: A3D367EA47388086005AAD44A13AC33C SHA1: 89946D64 0D14A7E7 86F92F72 DB3C7BBA EDE75941 File Size: 4 610 Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Files: C:\Program Files\Common Files\fszww.dat C:\Program Files\Common Files\ImeUtil.exe C:\Program Files\Common Files\Tenparty.dat C:\Program Files\Common Files\TenSLX.dll C:\Program [...]
Removal Tool
Removed: C:\Documents and Settings\Administrator\.COMMgr\complmgr.exe (trojan Delf)
Malware: complmgr.exe Removed: C:\Documents and Settings\Administrator\.COMMgr\complmgr.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: COM+ Manager Author: EPX-Service Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\.COMMGR\COMPLMGR.EXE Type: Registry Run Item Name: complmgr.exe Author: EPX-Service Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\.COMMGR\COMPLMGR.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\COM+ Manager Value: [...]
Removal Tool
- Remember: the best way to remove rootkits is from the outside!
