Removed: C:\WINDOWS\system32\writer.exe (trojan Pirminay)

Malware: 31159.exe Removed: C:\WINDOWS\system32\writer.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Cmjc Author: Unknown Related File: C:\WINDOWS\SYSTEM32\WRITER.EXE Type: Explorer Run Item Name: writer.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\WRITER.EXE Type: Detected using Heuristic Algorithm Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\Cmjc Value: “C:\WINDOWS\system32\writer.exe” Files: C:\WINDOWS\system32\writer.exe —————————————————————————————————————————- Classification: Antivirus [...]

Removal Tool

Removed: C:\WINDOWS\system32\SVCH0SFT.EXE (trojan Wowsteal)

Malware: C:\sand-box\WOW.exe Removed: C:\WINDOWS\system32\SVCH0SFT.EXE —————————————————————————————————————————- Detected by UnHackMe: Item Name: SVCH0SFT Author: Unknown Related File: C:\WINDOWS\SYSTEM32\SVCH0SFT.EXE Type: Registry Run Item Name: SVCH0SFT.EXE Author: Unknown Related File: C:\WINDOWS\SYSTEM32\SVCH0SFT.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SVCH0SFT Value: “C:\WINDOWS\system32\SVCH0SFT.EXE” Files: C:\WINDOWS\system32\caewnt.dll C:\WINDOWS\system32\imewowws.dll C:\WINDOWS\system32\SVCH0SFT.EXE C:\mxdos.sys —————————————————————————————————————————- Classification: [...]

Removal Tool

Removed: game.dll, midimap.dll (trojan Magania)

Malware: ms.exe Removed: C:\Program Files\Internet Explorer\game.dll C:\Program Files\Internet Explorer\midimap.dll —————————————————————————————————————————- Detected manualy: GAME.DLL Default location: C:\PROGRAM FILES\INTERNET EXPLORER\GAME.DLL MD5: 91E96EB3817D3A3D65D6835E269B36FE SHA1: 09FEF08F 9B5A5EB3 01F65544 1DA95E18 F5D974E9 File Size: 13 456 MIDIMAP.DLL Default location: C:\PROGRAM FILES\INTERNET EXPLORER\MIDIMAP.DLL MD5: B1440D744F847343B360024758DECB6B SHA1: FF179665 0A03513F 80291E17 1CA5F784 C6223ED9 File Size: 3 072 Removal Results: Success Number of reboot: 1 [...]

Removal Tool

Removed: C:\setupstart.exe\setupstart.exe (trojan Spy.Eye)

Malware: C:\sand-box\setup(2).exe Removed: C:\setupstart.exe\setupstart.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: setupstart.exe Author: Avira GmbH Related File: C:\SETUPSTART.EXE\SETUPSTART.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\setupstart.exe Value: “C:\setupstart.exe\setupstart.exe” Folders: C:\setupstart.exe\ Files: C:\setupstart.exe\config.bin C:\setupstart.exe\setupstart.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.12.23 – Kaspersky [...]

Removal Tool

Malware: 27239.exe (trojan Qhost – change Windows HOSTS file, )

Malware: 27239.exe —————————————————————————————————————————- How to quickly detect malware presence? Files modified: C:\WINDOWS\system32\drivers\etc\hosts —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.12.24 – Kaspersky 7.0.0.125 2010.12.24 – Microsoft 1.6402 2010.12.24 – NOD32 5730 2010.12.24 Win32/Qhost.Banker.FU —————————————————————————————————————————- MD5 08dd0aafbb17c6a4f7868c2e1462765f SHA1 2636667e33231355ceca44f9693b1cafd8823e14 SHA256 ddba32c07b5c276bd8d030e88e0b65fbee7b3cd60f7de9387c1723ef277a8bc9 —————————————————————————————————————————- Remove it now!

Removal Tool

Removed: C:\Documents and Settings\Administrator\Local Settings\Application Data\vz.exe

Malware: 19098.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Application Data\vz.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: .exe Author: Unknown Related File: “C:\Documents and Settings\Administrator\Local Settings\Application Data\vz.exe” /START “%1″ %* Type: Main File Extensions Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\ Value: “”C:\Documents and Settings\Administrator\Local Settings\Application Data\vz.exe” /START “C:\Program [...]

Removal Tool

Removed: C:\Documents and Settings\Administrator\Application Data\84e.exe (trojan Meredrop)

Malware: Login.exe Removed: C:\Documents and Settings\Administrator\Application Data\84e.exe —————————————————————————————————————————- Detected by UnHackMe: 84E.EXE Default location: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\84E.EXE MD5: ED0EF0A136DEC83DF69F04118870003E SHA1: F77A7CD7 88775270 23EBFB35 E83B75EF 59D3DF07 File Size: 507 904 Version Info: OriginalFilename: WINLOGON.EXE FileDescription: Windows NT Logon Application InternalName: winlogon CompanyName: Microsoft Corporation FileVersion: 5.1.2600.5512 (xpsp.080413-2113) LegalCopyright: c Microsoft Corporation. All rights reserved. ProductName: [...]

Removal Tool

Removed: C:\WINDOWS\mike148.exe (trojan Koobface)

Malware: loader.exe Removed: C:\WINDOWS\mike148.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: dfg49df Author: Macromedia, Inc. Related File: C:\WINDOWS\MIKE148.EXE Type: Registry Run Item Name: mike148.exe Author: Macromedia, Inc. Related File: C:\WINDOWS\MIKE148.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\dfg49df Value: “C:\windows\mike148.exe” Files: C:\Documents and Settings\Administrator\Local Settings\Application [...]

Removal Tool

Removed: C:\cxlacuxatx.exe\cxlacuxatx.exe (trojan Spy.Eye)

Malware: C:\sand-box\tgr_24_12_2010.exe Removed: C:\cxlacuxatx.exe\cxlacuxatx.exe —————————————————————————————————————————- Detected by UnHackMe: – none – After first reboot detected by UnHackMe: Item Name: cxlacuxatx.exe Author: Unknown Related File: C:\CXLACUXATX.EXE\CXLACUXATX.EXE Type: Registry Run Removal Results: Success Number of reboot: 2 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\cxlacuxatx.exe Value: “C:\cxlacuxatx.exe\cxlacuxatx.exe” Files: C:\cxlacuxatx.exe\config.bin C:\cxlacuxatx.exe\cxlacuxatx.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update [...]

Removal Tool

Removed: DriversSystem32.dll, SYO0szxc10.dll, SYO0szxc20.dll, SYO0zxc.exe (trojan Magania)

Malware: C:\sand-box\s.exe Removed: C:\Documents and Settings\Administrator\Microsoft\DriversSystem32.dll C:\WINDOWS\system32\SYO0szxc10.dll C:\WINDOWS\system32\SYO0szxc20.dll C:\WINDOWS\system32\SYO0zxc.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: DriversSystem32 Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\MICROSOFT\DRIVERSSYSTEM32.DLL Type: Registry Run Item Name: {94AC7942-7BE1-4FB9-A7CA-67CD88362758} Author: Related File: C:\WINDOWS\SYSTEM32\SYO0SZXC20.DLL Type: Browser Helper Objects Item Name: SYO0szxc10.dll Author: Unknown Related File: C:\WINDOWS\SYSTEM32\SYO0SZXC10.DLL Type: Detected using Heuristic Algorithm Item Name: SYO0zxc.exe Author: Unknown [...]

Removal Tool

Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\rundll32 .exe (trojan Injector)

Malware: dream.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\rundll32 .exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: 127.0.0.1 kaspersky.com Author: Unknown Related File: Type: Hosts File Contents Item Name: 127.0.0.1 www.kaspersky.com Author: Unknown Related File: Type: Hosts File Contents Item Name: rundll32 Author: Related File: C:\Documents and Settings\Administrator\Local Settings\Temp\rundll32 .exe Type: Registry Run Removal Results: Success Number of [...]

Removal Tool

Removed: printns.exe, rut.exe, nvsvc32.exe (trojan Dynamer)

Malware: PIC78018105629450-JPG-facebook.exe Removed: C:\Documents and Settings\Administrator\Application Data\WIN-0035-7453-6114\printns.exe C:\Documents and Settings\Administrator\Local Settings\Temp\rut.exe C:\WINDOWS\nvsvc32.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: nvsvc32.exe Author: Cushofts Related File: C:\WINDOWS\NVSVC32.EXE Type: Detected using Heuristic Algorithm Item Name: Java Update Manager Author: Cushofts Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WIN-0035-7453-6114\PRINTNS.EXE Type: Registry Run Item Name: NVIDIA driver monitor Author: Cushofts Related File: C:\WINDOWS\NVSVC32.EXE [...]

Removal Tool

Removed: windsys2.exe, winlogon.exe (trojan KD)

Malware: C:\sand-box\exe.exe Removed: C:\Documents and Settings\Administrator\Application Data\windsys2.exe C:\Program Files\winlogon.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: 127.0.0.1 avp.com Author: Unknown Related File: Type: Hosts File Contents Item Name: 127.0.0.1 customer.symantec.com Author: Unknown Related File: Type: Hosts File Contents Item Name: 127.0.0.1 dispatch.mcafee.com Author: Unknown Related File: Type: Hosts File Contents Item Name: iexplorer Author: Cush Related [...]

Removal Tool

Removed: darks.exe, ds.vbs (trojan Black)

Malware: C:\sand-box\dk.exe Removed: C:\WINDOWS\system32\darks.exe C:\WINDOWS\system32\ds.vbs —————————————————————————————————————————- Detected by UnHackMe: Item Name: system Server Author: Related File: C:\WINDOWS\system32\darks.exe Type: Auto Services Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\System\CurrentControlSet\Services\system Server\ImagePath Value: “C:\WINDOWS\system32\darks.exe” Files: C:\WINDOWS\system32\darks.exe C:\WINDOWS\system32\ds.vbs —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.12.26 Trojan.Generic.KD.94183 Kaspersky 7.0.0.125 [...]

Removal Tool

Removed: FCO0szxc10.dll, FCO0szxc20.dll, FCO0zxc.exe (trojan Magania)

Malware: C:\sand-box\alsdfjowflsfjQ3434.exe Removed: C:\WINDOWS\system32\FCO0szxc10.dll C:\WINDOWS\system32\FCO0szxc20.dll C:\WINDOWS\system32\FCO0zxc.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: {94AC7942-7BE1-4FB9-A7CA-67CD88362758} Author: Related File: C:\WINDOWS\SYSTEM32\FCO0SZXC20.DLL Type: Browser Helper Objects Item Name: FCO0szxc10.dll Author: Unknown Related File: C:\WINDOWS\SYSTEM32\FCO0SZXC10.DLL Type: Detected using Heuristic Algorithm Item Name: FCO0zxc.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\FCO0ZXC.EXE Type: Detected using Heuristic Algorithm Item Name: FCO0sos Author: Unknown Related File: C:\WINDOWS\SYSTEM32\FCO0ZXC.EXE [...]

Removal Tool

Removed: C:\RestorPoint\RestorPoint.exe (trojan Spy.Eye – new version)

Malware: RestorPoint.exe Removed: C:\RestorPoint\RestorPoint.exe —————————————————————————————————————————- Detected by UnHackMe: – none – After first reboot detected by UnHackMe: Item Name: RestorPoint.exe Author: Unknown Related File: C:\RESTORPOINT\RESTORPOINT.EXE Type: Registry Run Removal Results: Success Number of reboot: 2 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\RestorPoint.exe Value: “C:\RestorPoint\RestorPoint.exe” Folders: C:\RestorPoint\ Files: C:\RestorPoint\config.bin C:\RestorPoint\RestorPoint.exe —————————————————————————————————————————- Classification: Antivirus Version [...]

Removal Tool

Removed: C:\WINDOWS\system32\usеrinit.exe (FakeAV – Internet Security 2011)

Malware: C:\sand-box\InternetSecurity2011.exe Removed: C:\WINDOWS\system32\usеrinit.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: .exe Author: Unknown Related File: “exefile” /shell <%1> %* Type: Main File Extensions Item Name: userinit Author: Related File: \\.\globalroot\systemroot\system32\us?rinit.exe Type: Auto Services Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\System\CurrentControlSet\Services\userinit\ImagePath Value: “\\.\globalroot\systemroot\system32\usеrinit.exe” Folders: Files: C:\Documents and [...]

Removal Tool

Removed: C:\RECYCLER\S-1-5-21-3105833282-1956216851-201101875-6716\csisd.exe (trojan Peerfrag)

Malware: mobi.exe Removed: C:\RECYCLER\S-1-5-21-3105833282-1956216851-201101875-6716\csisd.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: taskman Author: PFMGR Related File: C:\RECYCLER\S-1-5-21-3105833282-1956216851-201101875-6716\CSISD.EXE Type: Winlogon System Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman Value: “C:\RECYCLER\S-1-5-21-3105833282-1956216851-201101875-6716\csisd.exe” Folders: C:\RECYCLER\S-1-5-21-3105833282-1956216851-201101875-6716\ Files: C:\RECYCLER\S-1-5-21-3105833282-1956216851-201101875-6716\csisd.exe C:\RECYCLER\S-1-5-21-3105833282-1956216851-201101875-6716\Desktop.ini —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.12.27 Trojan.Generic.5266220 Kaspersky [...]

Removal Tool

Removed: 29859.exe, ElkTBhTOiqUEWYN.exe (Fake System Tool – Scanner)

Malware: krezaskpy.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\29859.exe C:\Documents and Settings\Administrator\Local Settings\Temp\ElkTBhTOiqUEWYN.exe —————————————————————————————————————————- Detected by RegRun Reanimator: Item Name: ElkTBhTOiqUEWYN.exe Author: iWin software Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\ELKTBHTOIQUEWYN.EXE Type: Registry Run Item Name: 29859 Author: HDD Corporation Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\29859.EXE Type: Registry Run Item Name: 29859.exe Author: HDD Corporation Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\29859.EXE Type: Running Processes Removal Results: Success [...]

Removal Tool

Removed: C:\WINDOWS\system32\drivers\hny.sys, C:\WINDOWS\system32\hny.dll (trojan Koobface)

Malware: hny32.exe Removed: C:\WINDOWS\system32\drivers\hny.sys C:\WINDOWS\system32\hny.dll —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: Item Name: hhny Author: hny Related File: C:\WINDOWS\SYSTEM32\HNY.DLL Type: Svchost DLLs 2. Multi AntiVirus scan: HNY.SYS Default location: C:\WINDOWS\SYSTEM32\DRIVERS\HNY.SYS MD5: 9B2F8185C40B915F82DD523969B2AD23 SHA1: 5BF6599D 308E15D9 3C601EB6 BFAC36B2 2F8056FC File Size: 28 672 Version Info: OriginalFilename: hny.sys FileDescription: hny InternalName: hny.sys CompanyName: hny FileVersion: [...]

Removal Tool

Removed: C:\Documents and Settings\Administrator\Application Data\hdddoctor.exe, C:\WINDOWS\Tasks\At1.job, … ,C:\WINDOWS\Tasks\At24.job (Fake System Tool HDDDoctor – probably clone hotfix.exe)

Malware: C:\sand-box\setup(3).exe Removed: C:\Documents and Settings\Administrator\Application Data\hdddoctor.exe C:\WINDOWS\Tasks\At1.job /…/ C:\WINDOWS\Tasks\At24.job —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: C:\Documents and Settings\Administrator\Application Data\hdddoctor.exe Type: User Shell Item Name: hdddoctor.exe Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\HDDDOCTOR.EXE Type: Running Processes Item Name: At1 Author: Microsoft Corporation Related File: C:\WINDOWS\system32\MSHTA.EXE Type: Scheduled Tasks /…/ [...]

Removal Tool

Removed: C:\WINDOWS\l1rezerv.exe (trojan Sisron)

Malware: loader10.exe Removed: C:\WINDOWS\l1rezerv.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: l1rezerv.exe Author: Unknown Related File: C:\WINDOWS\L1REZERV.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe Value: “”C:\WINDOWS\l1rezerv.exe”” Files: C:\WINDOWS\l1rezerv.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.12.23 DeepScan:Generic.Malware.SFTkg.11FE184C Kaspersky 7.0.0.125 2010.12.23 Trojan.Win32.Agent.gpze Microsoft [...]

Removal Tool

Removed: ..\inetsrv\svchost.exe (backdoor Agent)

Malware: load.exe Removed: C:\WINDOWS\system32\inetsrv\svchost.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: svchost32 Author: Related File: C:\WINDOWS\system32\inetsrv\svchost.exe /service Type: Auto Services Item Name: svchost.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\INETSRV\SVCHOST.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\System\CurrentControlSet\Services\svchost32\ImagePath Value: “C:\WINDOWS\system32\inetsrv\svchost.exe /service” Files: C:\WINDOWS\system32\inetsrv\svchost.exe C:\WINDOWS\system32\inetsrv\svchost.jxe —————————————————————————————————————————- Classification: Antivirus [...]

Removal Tool

Removed: ..\Sysobjnet\rasCommonhid.dll (trojan Kazy)

Malware: pdmn2.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Application Data\Sysobjnet\rasCommonhid.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: rasCommonhid Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\SYSOBJNET\RASCOMMONHID.DLL Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\rasCommonhid Value: “rundll32.exe “C:\Documents and Settings\Administrator\Local Settings\Application Data\Sysobjnet\rasCommonhid.dll”,confmapARM kbdWIapi” Folders: C:\Documents and Settings\Administrator\Local [...]

Removal Tool

Removed: C:\cleepprogx.exe\cleepprogx.exe (trojan Spay.Eye)

Malware: cleepprogx.exe Removed: C:\cleepprogx.exe\cleepprogx.exe —————————————————————————————————————————- Detected by UnHackMe: – none – After first reboot detected by UnHackMe: Item Name: cleepprogx.exe Author: Macromedia, Inc. Related File: C:\CLEEPPROGX.EXE\CLEEPPROGX.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\cleepprogx.exe Value: “C:\cleepprogx.exe\cleepprogx.exe” Folders: C:\cleepprogx.exe\ Files: C:\cleepprogx.exe\cleepprogx.exe C:\cleepprogx.exe\config.bin —————————————————————————————————————————- Classification: Antivirus [...]

Removal Tool

Removed: C:\portwexexe.exe\portwexexe.exe (trojan Spy.Eye)

Malware: portwexexe.exe Removed: C:\portwexexe.exe\portwexexe.exe —————————————————————————————————————————- Detected by UnHackMe: – none – After first reboot detected by UnHackMe: Item Name: portwexexe.exe Author: Unknown Related File: C:\PORTWEXEXE.EXE\PORTWEXEXE.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\portwexexe.exe Value: “C:\portwexexe.exe\portwexexe.exe” Folders: C:\portwexexe.exe\ Files: C:\portwexexe.exe\config.bin C:\portwexexe.exe\portwexexe.exe —————————————————————————————————————————- Classification: Antivirus Version [...]

Removal Tool

Restored: C:\WINDOWS\SYSTEM32\DRIVERS\VOLSNAP.SYS (probably a variant of rootkit TDSS)

Malware: C:\sand-box\Windows Update.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\VOLSNAP.SYS ————————————————————————————————————————— Detected by RegRun Warrior: 1. RegRun Reanimator: Item Name: volsnap.sys Author: Unknown Related File: C:\WINDOWS\SYSTEM32\DRIVERS\VOLSNAP.SYS Type: System Drivers Infected by Rootkit 2. Multi AntiVirus scan: – none – Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\System\CurrentControlSet\Services\sst2\imagepath Value: “\??\globalroot\systemroot\system32\drivers\sst2.sys” Files: C:\Documents and [...]

Removal Tool

Removed: 35968.exe, CobInVfBVF.exe (Fake System Tool – Win Defragmenter)

Malware: xl.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\35968.exe C:\Documents and Settings\Administrator\Local Settings\Temp\CobInVfBVF.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: CobInVfBVF.exe Author: Microsoft Corporation Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\COBINVFBVF.EXE Type: Registry Run Item Name: 35968 Author: Microsoft Corporation Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\35968.EXE Type: Registry Run Item Name: 35968.exe Author: Microsoft Corporation Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\35968.EXE Type: Running Processes Removal Results: Success Number [...]

Removal Tool

Removed: n26Uq4vlIB.exe, ykAGlpHBmWgv.exe, ad3dpi.dll (Fake System Tool – Win Scanner)

Malware: exe(2).exe Removed: C:\Documents and Settings\All Users\Application Data\n26Uq4vlIB.exe  C:\Documents and Settings\All Users\Application Data\ykAGlpHBmWgv.exe C:\WINDOWS\ad3dpi.dll —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: Item Name: Pvesodurexur Author: Related File: C:\WINDOWS\AD3DPI.DLL Type: Registry Run Item Name: ykAGlpHBmWgv.exe Author: iWin software Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\YKAGLPHBMWGV.EXE Type: Registry Run Item Name: n26Uq4vlIB Author: HDD Corporation Related [...]

Removal Tool

Removed: svchost.exe (trojan VBNA)

Malware: d6ZBj8.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\svchost.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: svchost Author: Application Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\SVCHOST.EXE Type: Registry Run Item Name: svchost.exe Author: Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\SVCHOST.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\svchost Value: “C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchost.exe” Files: C:\Documents and Settings\Administrator\Local Settings\Temp\svchost.exe [...]

Removal Tool

Next Page »

• Greatis Software

  • Free Download
  • Send a file

• AverScanner

  AverScaner- EveryDay Malware Scan

• Testimonials

  People say

  Greg

  I spent over 10 hours trying to manually hunt down and remove a rootkit and browser hijacker from my computer. That was a mistake!

  This virus/malware could not be removed by Norton, ZoneLabs, MS Essentials; etc.

  In about 1 hour, I was able to download your software, create the CD-ROM, watch the instruction video and kill 3 ROOKITS from my PC. (Your software hunted down the rootkits and killed them like Spetsnaz going after the enemy!) Get it!

  Joseph

  Your product is the only one on the market that has found and removed rootkits from my system, three rootkits to be precise. I have used other products but they don't measure up to UnHackMe.

  Bob

  The UnHackMe is a real program, no spyware or phish and works great and is easy to use. Enjoy!

  Click Here to Update All your PC's Outdated drivers

• Categories

  • Adware
  • Backdoor
  • Fake Driver-Codec
  • Fake System Tool
  • FakeAV
  • KeyLogger]>
  • Locker
  • Malware
  • Malware Domain
  • Not-a-Virus
  • Rootkit
  • unknown
  • Virus
  • Worm

• Recent Posts

  • MISOFT.EXE is Adware IEShow
  • LDATA.EXE is Trojan StartPage
  • SYSDIAG.EXE is Trojan Jorik
  • JZKV.EXE is Worm Bflient
  • MIQIHEULP.DLL is Backdoor Cindyc
  • TXP1ATFORM.EXE is Worm Fujack
  • FEELGOOD.EXE is Trojan Wsgame
  • QHIJKLMNO.BMP is Backdoor Dedipros
  • JAVA08_02.EXE is Backdoor DarkHole
  • TGVBGQ.EXE is Trojan ServStart

• 
• Remember: the best way to remove rootkits is from the outside!

  

• Blogroll

  • RegRun Security Suite. Detects and removes rootkits/malware/adware that your antivirus could not.
  • RegRun Warrior – Removing rootkits is best done from the outside!
  • UnHackMe – rootkit & malware killer

• Popular

  1. 1%INETACCELERATOR.EXE is Trojan Foreign
  2. 1%_EX-68.EXE is Trojan Banload
  3. 1%QUESTBASIC.EXE is AdWare AdLoad
  4. 1%MVSCAVAP.EXE is Trojan Banker6
  5. 1%STKSCAN.DLL is Trojan Sirefef.BP
  6. 1%TOSPORTE.DLL is Trojan Sirefef.BP
  7. 1%MRTSTUB.EXE is Trojan Banker
  8. 1%CLISECURERT.DLL is Trojan Reendup
  9. 1%FACEBOOKUPDATE.EXE is Trojan Starter
  10. 1%HDAUDBUS.DLL is Rootkit ZeroAccess
  11. 1%MSDUBMN.BAT is Worm Gamarue
  12. 1%XUAT.EXE is Trojan Rimecud
  13. 1%MTEFQ2.EXE is Trojan Swizzor
  14. 1%SCANEXPLICIT.DLL is Trojan Sirefef
  15. 1%OTYTKF.EXE is Worm Palevo
  16. 1%4EBARSVC.EXE is Adware FunWeb
  17. 1%KNYXI.EXE is Worm Palevo
  18. 1%SVCXDCL32_V.DLL is Trojan ZBot
  19. 1%SVV.DLL is Rootkit ZeroAccess
  20. 1%PCDRNT.DLL is Rootkit ZeroAccess

• Tags

  3308c706 Adware Agent Ainslot ATAPI.SYS AutoRun autorun.inf Backdoor Bancos Banker Banload BHO Bifrose Buzus Darkbot Delf Fake AntiVirus FakeAV Injector IRCBot Jorik KeyLogger Kraddare lsass.exe Malware Domain Oficla OnLineGames Palevo Rebhip Rootkit Scar services.exe SpyEye svchost.exe Taterf TDSS Trojan VB VBInject VBKrypt Virus Votwup winlogon.exe Worm ZeroAccess