Removed: C:\WINDOWS\ggdrive32.exe (worm Kolab)

January 31, 2011 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: n2.exe Removed: C:\WINDOWS\ggdrive32.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Microsoft Driver Setup Author: Unknown Related File: C:\WINDOWS\GGDRIVE32.EXE Type: Explorer Run Item Name: ggdrive32.exe Author: Unknown Related File: C:\WINDOWS\GGDRIVE32.EXE Type: Detected using Heuristic Algorithm Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Driver Setup Value: “C:\WINDOWS\ggdrive32.exe” Files: [...]

Removal Tool

Tags: ggdrive32.exe, Kolab, Worm

Removed: C:\Program Files\Arquivos comuns\InstallShield\Nero\nerocheck.exe (rootkit Banker)

January 31, 2011 by NightWatcher · Leave a Comment
Filed under: Rootkit

Malware: moduloa.exe Removed: C:\Program Files\Arquivos comuns\InstallShield\Nero\nerocheck.exe —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: – none – 2. Multi AntiVirus scan: NEROCHECK.EXE Default location: C:\PROGRAM FILES\ARQUIVOS COMUNS\INSTALLSHIELD\NERO\NEROCHECK.EXE MD5: 03304D5903D50102E47A100C2449F28E SHA1: FC369E30 2659E7BD 516EBA11 CD29BA4F B3E417DA File Size: 61 967 Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Nero [...]

Removal Tool

Tags: Banker, nerocheck.exe, Rootkit

Removed: C:\WINDOWS\system32\install\server.exe (rootkit Rebhip)

January 31, 2011 by NightWatcher · Leave a Comment
Filed under: Rootkit

Malware: outcry.exe Removed: C:\WINDOWS\system32\install\server.exe —————————————————————————————————————————- Detected manually: SERVER.EXE Default location: C:\WINDOWS\SYSTEM32\INSTALL\SERVER.EXE MD5: ED0EF0A136DEC83DF69F04118870003E SHA1: F77A7CD7 88775270 23EBFB35 E83B75EF 59D3DF07 File Size: 507 904 Version Info: OriginalFilename: WINLOGON.EXE FileDescription: Windows NT Logon Application InternalName: winlogon CompanyName: Microsoft Corporation FileVersion: 5.1.2600.5512 (xpsp.080413-2113) LegalCopyright: c Microsoft Corporation. All rights reserved. ProductName: Microsoftr Windowsr Operating System ProductVersion: 5.1.2600.5512 After [...]

Removal Tool

Tags: Rebhip, Rootkit, server.exe

Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\goqw.tco (trojan Oficla)

January 31, 2011 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: clone_001.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\goqw.tco —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe “C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\goqw.tco” vnbyln Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe “C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\goqw.tco” vnbyln” Files: C:\Documents and Settings\Administrator\Local Settings\Temp\goqw.tco —————————————————————————————————————————- Classification: Antivirus Version [...]

Removal Tool

Tags: goqw.tco, Oficla, Trojan, vnbyln

Removed: C:\$Recycle$\$Recycle$.exe (rootkit SpyEye)

January 31, 2011 by NightWatcher · Leave a Comment
Filed under: Rootkit

Malware: C:\sand-box\84659(2).exe Removed: C:\$Recycle$\$Recycle$.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: $Recycle$.exe Author: Related File: C:\$RECYCLE$\$RECYCLE$.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\$Recycle$.exe Value: “C:\$Recycle$\$Recycle$.exe” Folders: C:\$Recycle$\ Files: C:\$Recycle$\$Recycle$.exe C:\$Recycle$\config.bin —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2011.01.27 – Kaspersky 7.0.0.125 2011.01.27 [...]

Removal Tool

Tags: Recycle.exe, Rootkit, SpyEye

Removed: C:\WINDOWS\00Bf.exe (trojan BF)

January 31, 2011 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: setup.33.2.7.exe Removed: C:\WINDOWS\00Bf.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: 00Bf.exe Author: XPHOENIX Related File: C:\WINDOWS\00BF.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\00Bf.exe Value: “C:\WINDOWS\00Bf.exe” Files: C:\WINDOWS\00Bf.exe C:\WINDOWS\logg1.ini —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2011.01.27 Trojan.Generic.KD.117957 Kaspersky 7.0.0.125 2011.01.26 – [...]

Removal Tool

Tags: 00Bf.exe, BF, Trojan

Removed: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\setup.lnk, C:\0000.exe (trojan Agent)

January 30, 2011 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: TibiaBot NG 8.70.exe Removed: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\setup.lnk C:\0000.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: setup.lnk Author: Related File: C:\0000.EXE Type: Common Startup Folder Item Name: 0000.exe Author: Related File: C:\0000.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Files: C:\Documents and Settings\All Users\Start [...]

Removal Tool

Tags: 0000.exe, Agent, setup.lnk, Trojan

Removed: palladium.exe, At1.job /…/ At23.job (FakeAV Palladium)

January 30, 2011 by NightWatcher · Leave a Comment
Filed under: FakeAV, Malware

Malware: Removed: C:\Documents and Settings\Administrator\Application Data\palladium.exe C:\WINDOWS\Tasks\At1.job /…/ C:\WINDOWS\Tasks\At23.job —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: C:\Documents and Settings\Administrator\Application Data\palladium.exe Type: User Shell Item Name: palladium.exe Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\PALLADIUM.EXE Type: Running Processes Item Name: At1 Author: Microsoft Corporation Related File: C:\WINDOWS\system32\MSHTA.EXE Type: Scheduled Tasks /…/ Item [...]

Removal Tool

Tags: At1.job /.../ At23.job, FakeAV, Palladium, palladium.exe

Removed: C:\WINDOWS\jjp153.exe (worm Koobface)

January 30, 2011 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: C:\sand-box\loader.exe Removed: C:\WINDOWS\jjp153.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: dfg49df Author: Fbbb7yI Related File: C:\WINDOWS\JJP153.EXE Type: Registry Run Item Name: jjp153.exe Author: Fbbb7yI Related File: C:\WINDOWS\JJP153.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\dfg49df Value: “C:\windows\jjp153.exe” Folders: Files: C:\WINDOWS\5456456z C:\WINDOWS\bt7.dat C:\WINDOWS\jjp153.exe —————————————————————————————————————————- Classification: [...]

Removal Tool

Tags: jjp153.exe, Koobface, Worm

Removed: C:\WINDOWS\system32\WUpdat\svchost.exe (VirTool VBInject)

January 29, 2011 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: _001.exe Removed: C:\WINDOWS\system32\WUpdat\svchost.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\WUpdat\svchost.exe Type: UserInit Value Item Name: svchost Author: ANT10 Inc. Related File: C:\WINDOWS\SYSTEM32\WUPDAT\SVCHOST.EXE Type: Registry Run Item Name: svchost.exe Author: ANT10 Inc. Related File: C:\WINDOWS\SYSTEM32\WUPDAT\SVCHOST.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect [...]

Removal Tool

Tags: VBInject, VirTool, \WUpdat\svchost.exe

Removed: C:\RECYCLER\S-1-5-21-3323278428-4607264326-716328693-7050\test.exe (worm Rimecud)

January 29, 2011 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: Postal_De_Amor.swf.exe Removed: C:\RECYCLER\S-1-5-21-3323278428-4607264326-716328693-7050\test.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: taskman Author: – Related File: C:\RECYCLER\S-1-5-21-3323278428-4607264326-716328693-7050\TEST.EXE Type: Winlogon System Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman Value: “C:\RECYCLER\S-1-5-21-3323278428-4607264326-716328693-7050\test.exe” Files: C:\RECYCLER\S-1-5-21-3323278428-4607264326-716328693-7050\Desktop.ini C:\RECYCLER\S-1-5-21-3323278428-4607264326-716328693-7050\test.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2011.01.21 Trojan.Generic.5377451 Kaspersky 7.0.0.125 2011.01.21 [...]

Removal Tool

Tags: Rimecud, test.exe, Worm

Removed: C:\WINDOWS\OHC\servemp.exe (trojan Malat)

January 28, 2011 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: servemp_quicksetup.exe Removed: C:\WINDOWS\OHC\servemp.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: HCEmployee Author: Oleanmarketplace Related File: C:\WINDOWS\OHC\SERVEMP.EXE Type: Registry Run Item Name: servemp.exe Author: Oleanmarketplace Related File: C:\WINDOWS\OHC\SERVEMP.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HCEmployee Value: “C:\WINDOWS\OHC\servemp.exe” Folders: C:\WINDOWS\system\OHC C:\WINDOWS\OHC Files: C:\WINDOWS\hce29port.ini C:\WINDOWS\OHC\ijl15.dll C:\WINDOWS\OHC\servemp.exe [...]

Removal Tool

Tags: Malat, servemp.exe, Trojan

Removed: C:\Program Files\RaeaPlayer\Player.exe, C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\TOP1.exe.lnk, C:\Program Files\TOP1.exe (trojan VBInject)

January 28, 2011 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: prt(2).scr.exe Removed: C:\Program Files\RaeaPlayer\Player.exe C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\TOP1.exe.lnk C:\Program Files\TOP1.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: {GE2GBFEA-BBG7-435D-81F9-ABG4AA17G12F} Author: VqWxr Related File: C:\PROGRAM FILES\RAEAPLAYER\PLAYER.EXE Type: ActiveSetup Item Name: TOP1.exe.lnk Author: VqWxr Related File: C:\PROGRAM FILES\TOP1.EXE Type: Startup Folder Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Active Setup\Installed [...]

Removal Tool

Tags: Player.exe, TOP1.exe, TOP1.exe.lnk, Trojan, VBInject

Removed: C:\WINDOWS\GameShell.exe (TROJAN Msposer)

January 28, 2011 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: FPC.exe Removed: C:\WINDOWS\GameShell.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: MyApp Author: Microsoft Corporation Related File: C:\WINDOWS\GAMESHELL.exe Type: Registry Run Item Name: GameShell.exe Author: Microsoft Corporation Related File: C:\WINDOWS\GAMESHELL.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\MyApp Value: “C:\WINDOWS\GameShell” Files: C:\WINDOWS\GameShell.exe —————————————————————————————————————————- Classification: Antivirus [...]

Removal Tool

Tags: GameShell.exe, Msposer, Trojan

Removed: C:\Documents and Settings\Administrator\Application Data\SunKB\juzched.exe (trojan Bancos)

January 28, 2011 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: ADOBEREADER90.exe Removed: C:\Documents and Settings\Administrator\Application Data\SunKB\juzched.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: juzched Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\SUNKB\JUZCHED.EXE Type: Registry Run Item Name: juzched.exe Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\SUNKB\JUZCHED.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\juzched [...]

Removal Tool

Tags: Bancos, juzched.exe, Trojan

Removed: C:\mute\mute.exe (rootkit SpyEye)

January 27, 2011 by NightWatcher · Leave a Comment
Filed under: Rootkit

Malware: C:\sand-box\mute.exe Removed: C:\mute\mute.exe —————————————————————————————————————————- Detected by UnHackMe: – none – After first reboot detected by UnHackMe: Item Name: mute.exe Author: Related File: C:\MUTE\MUTE.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\mute.exe Value: “C:\mute\mute.exe” Folders: C:\mute\ Files: C:\mute\config.bin C:\mute\mute.exe —————————————————————————————————————————- Classification: Antivirus Version Last [...]

Removal Tool

Tags: mute.exe, Rootkit, SpyEye

Removed: eCKfEsOtOABG.exe, GjrXzB6l1LFXg.exe; Restored: C:\WINDOWS\SYSTEM32\DRIVERS\VOLSNAP.SYS (Fake System Tools – Windows Scan, rootkit Pragma)

January 27, 2011 by NightWatcher · Leave a Comment
Filed under: Fake System Tool, Malware, Rootkit

Malware: 9dcaf5646b1a4397363ce703a0ce028e.exe Removed: C:\Documents and Settings\All Users\Application Data\eCKfEsOtOABG.exe C:\Documents and Settings\All Users\Application Data\GjrXzB6l1LFXg.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\VOLSNAP.SYS —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: Item Name: volsnap.sys Author: Unknown Related File: C:\WINDOWS\SYSTEM32\DRIVERS\VOLSNAP.SYS Type: System Drivers Infected by Rootkit Item Name: eCKfEsOtOABG.exe Author: IECorp Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\ECKFESOTOABG.EXE Type: Registry Run Item Name: GjrXzB6l1LFXg [...]

Removal Tool

Tags: eCKfEsOtOABG.exe, Fake System Tools, GjrXzB6l1LFXg.exe, PRAGMA, Rootkit, VOLSNAP.SYS, Windows Scan

Removed: C:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe (trojan Injector)

January 27, 2011 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: ane.exe Removed: C:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: taskman Author: Unknown Related File: C:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ACLEANER.EXE Type: Winlogon System Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman Value: “c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe” Files: C:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe C:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2011.01.24 Trojan.Generic.KD.115940 Microsoft 1.6502 2011.01.24 [...]

Removal Tool

Tags: acleaner.exe, Injector, Trojan

Removed: RclDriver64.exe, qaiakem.exe; Restored: Master Boot Record (trojan VBKrypt, rootkit TDL4)

January 27, 2011 by NightWatcher · Leave a Comment
Filed under: Malware, Rootkit

Malware: C:\sand-box\nsaf.exe Removed: C:\Documents and Settings\Administrator\Application Data\RclDriver64.exe C:\Documents and Settings\Administrator\qaiakem.exe Restored: Master Boot Record —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: Item Name: TDL MBR Rootkit Author: Unknown Related File: TDL MBR Rootkit Type: MBR Item Name: Realtek Sound Driver Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\RCLDRIVER64.EXE Type: Registry Run Item Name: qaiakem [...]

Removal Tool

Tags: cwsap.exe, ewsap.exe, Master Boot Record, RclDriver64.exe, Rootkit, TDL3, TDL4, TDSS, Trojan, VBKrypt

Removed: C:\WINDOWS\system32\January.dll, C:\WINDOWS\system32\svhost32.exe (rootkit PcClient)

January 27, 2011 by NightWatcher · Leave a Comment
Filed under: Rootkit

Malware: twmabinogi.exe Removed: C:\WINDOWS\system32\January.dll C:\WINDOWS\system32\svhost32.exe —————————————————————————————————————————- Detected by RegRun Warrior: 1. Examiner: SVHOST32.EXE Default location: C:\WINDOWS\SYSTEM32\SVHOST32.EXE MD5: 5CF15D26D3413CCF60082323BBA5EF5A SHA1: 42F09852 F74A6A84 C4835C32 7B1657E2 50ECFA30 File Size: 581 632 Version Info: OriginalFilename: 9asd0zioe3z34tsdtfg.exe FileDescription: Gfx InternalName: 9asd0zioe3z34tsdtfg CompanyName: grlDnJtDJ FileVersion: 5.36.0020 LegalCopyright: KTgH LegalTrademarks: gnFNDjef ProductName: YIPQnNNdTVN ProductVersion: 5.36.0020 2. RegRun Reanimator: Item Name: January Author: [...]

Removal Tool

Tags: January.dll, PcClient, Rootkit, svhost32.exe

Removed: C:\iosaoicvsgh\iosaoicvsgh.exe (rootkit SpyEye)

January 26, 2011 by NightWatcher · Leave a Comment
Filed under: Rootkit

Malware: C:\sand-box\scks.exe Removed: C:\iosaoicvsgh\iosaoicvsgh.exe —————————————————————————————————————————- Detected by UnHackMe: – none – After first reboot detected by UnHackMe: Item Name: iosaoicvsgh.exe Author: Unknown Related File: C:\IOSAOICVSGH\IOSAOICVSGH.EXE Type: Registry Run Removal Results: Success Number of reboot: 2 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\iosaoicvsgh.exe Value: “C:\iosaoicvsgh\iosaoicvsgh.exe” Folders: C:\iosaoicvsgh\ Files: C:\iosaoicvsgh\config.bin C:\iosaoicvsgh\iosaoicvsgh.exe —————————————————————————————————————————- Classification: Antivirus Version [...]

Removal Tool

Tags: iosaoicvsgh.exe, Rootkit, SpyEye

Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\fTP.exe (trojan Renos)

January 26, 2011 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: setup.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\fTP.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: GoogleUpdate Author: Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\FTP.EXE Type: Registry Run Item Name: fTP.exe Author: Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\FTP.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\GoogleUpdate Value: “C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fTP.exe” Files: C:\Documents and Settings\Administrator\Application Data\Microsoft\Iso64\l.txt C:\Documents [...]

Removal Tool

Tags: fTP.exe, Renos, Trojan

Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\WinUpdate.exe (worm Rebhip)

January 26, 2011 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: Photoshop.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\WinUpdate.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: WindowsUpdate Author: Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\WINUPDATE.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\WindowsUpdate Value: “C:\Documents and Settings\Administrator\Local Settings\Temp\WinUpdate.exe” Files: C:\Documents and Settings\Administrator\Local Settings\Temp\WinUpdate.exe —————————————————————————————————————————- Classification: Antivirus Version Last [...]

Removal Tool

Tags: Rebhip, winupdate.exe, Worm

Removed: C:\Documents and Settings\All Users\Application Data\T43H12U2.exe (trojan Agent)

January 26, 2011 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: newexe.exe Removed: C:\Documents and Settings\All Users\Application Data\T43H12U2.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: At1 Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\T43H12U2.EXE Type: Scheduled Tasks /…/ Item Name: At24 Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\T43H12U2.EXE Type: Scheduled Tasks Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect [...]

Removal Tool

Tags: Agent, T43H12U2.exe, Trojan

Removed: C:\Documents and Settings\Administrator\Application Data\Microsoft\lsass.exe (trojan Injector)

January 26, 2011 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: crypted.exe Removed: C:\Documents and Settings\Administrator\Application Data\Microsoft\lsass.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Registry Driver Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MICROSOFT\LSASS.EXE Type: Registry Run Item Name: lsass.exe Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MICROSOFT\LSASS.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: [...]

Removal Tool

Tags: Injector, lsass.exe, Trojan

Removed: C:\Documents and Settings\Administrator\Application Data\air\mute\1.0.0.0\updater.exe (trojan AirMute)

January 25, 2011 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: explorer.exe Removed: C:\Documents and Settings\Administrator\Application Data\air\mute\1.0.0.0\updater.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: mute Author: air Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\AIR\MUTE\1.0.0.0\UPDATER.EXE Type: Registry Run Item Name: explorer.exe Author: air Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\AIR\MUTE\1.0.0.0\EXPLORER.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\mute [...]

Removal Tool

Tags: AirMute, Trojan, updater.exe

Removed: C:\extracxxxx.exe\extracxxxx.exe (trojan SpyEye)

January 25, 2011 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: C:\sand-box\85e51eb2fdf9443c09569fc6e2dde0b1.exe Removed: C:\extracxxxx.exe\extracxxxx.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: extracxxxx.exe Author: Trusteer Ltd. Related File: C:\EXTRACXXXX.EXE\EXTRACXXXX.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\extracxxxx.exe Value: “C:\extracxxxx.exe\extracxxxx.exe” Files: C:\Documents and Settings\Administrator\Application Data\BC7L6bnf10.txt C:\Documents and Settings\Administrator\Local Settings\Temp\B77hh118CGb7.txt C:\extracxxxx.exe\config.bin C:\extracxxxx.exe\extracxxxx.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update [...]

Removal Tool

Tags: extracxxxx.exe, SpyEye, Trojan

Removed: C:\Documents and Settings\Administrator\Application Data\Codeclib\treecodec.exe (trojan Injector)

January 25, 2011 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: C:\sand-box\jlkpxzetk3.exe Removed: C:\Documents and Settings\Administrator\Application Data\Codeclib\treecodec.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Padxml Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\CODECLIB\TREECODEC.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Padxml Value: “C:\Documents and Settings\Administrator\Application Data\Codeclib\treecodec.exe” Folders: C:\Documents and Settings\Administrator\Application Data\Codeclib\ Files: C:\Documents and Settings\Administrator\Application [...]

Removal Tool

Tags: Injector, treecodec.exe, Trojan

Removed: C:\Program Files\Internet Explorer\MDM.exe (trojan Scar)

January 25, 2011 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: MDM.exe Removed: C:\Program Files\Internet Explorer\MDM.exe —————————————————————————————————————————- Detected manually: MDM.EXE Default location: C:\PROGRAM FILES\INTERNET EXPLORER\MDM.EXE MD5: CA05CDE90BB408E60064B9D9B6FDDCA3 SHA1: 3C877F1E EC10BFE5 96D56F96 627026DF 6F11F414 File Size: 135 168 Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MDM Value: “”C:\Program Files\Internet Explorer\MDM.exe” init” Files: C:\Program Files\Internet Explorer\MDM.exe —————————————————————————————————————————- Classification: Antivirus [...]

Removal Tool

Tags: mdm.exe, Scar, Trojan

Removed: wmv.dll, rsa.dll (trojan BHO)

January 25, 2011 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: album.scr.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\wmv.dll C:\Documents and Settings\Administrator\Local Settings\Temp\rsa.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: {25B64EE0-E8FD-4507-86D7-571F2CE91FBC} Author: Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\\rsa.dll Type: Browser Helper Objects Item Name: {A9F81D8B-04F9-4054-AEE5-F75DD71F0992} Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WMV.DLL Type: Browser Helper Objects Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Classes\CLSID\{25B64EE0-E8FD-4507-86D7-571F2CE91FBC}\InprocServer32\ Value: [...]

Removal Tool

Tags: BHO, rsa.dll, Trojan, wmv.dll

Greatis Software
- Free Download
- Send a file
AverScanner

AverScaner- EveryDay Malware Scan
Testimonials

People say

Greg
I spent over 10 hours trying to manually hunt down and remove a rootkit and browser hijacker from my computer. That was a mistake!
This virus/malware could not be removed by Norton, ZoneLabs, MS Essentials; etc.
In about 1 hour, I was able to download your software, create the CD-ROM, watch the instruction video and kill 3 ROOKITS from my PC. (Your software hunted down the rootkits and killed them like Spetsnaz going after the enemy!) Get it!
Joseph
Your product is the only one on the market that has found and removed rootkits from my system, three rootkits to be precise. I have used other products but they don't measure up to UnHackMe.
Bob
The UnHackMe is a real program, no spyware or phish and works great and is easy to use. Enjoy!

Click Here to Update All your PC's Outdated drivers
Categories
- Adware
- Backdoor
- Fake Driver-Codec
- Fake System Tool
- FakeAV
- KeyLogger]>
- Locker
- Malware
- Malware Domain
- Not-a-Virus
- Rootkit
- unknown
- Virus
- Worm
Recent Posts

Remember: the best way to remove rootkits is from the outside!
Blogroll
Popular
Tags

3308c706 Adware Agent Ainslot ATAPI.SYS AutoRun autorun.inf Backdoor Bancos Banker Banload BHO Bifrose Buzus Darkbot Delf Fake AntiVirus FakeAV Injector IRCBot Jorik KeyLogger Kraddare lsass.exe Malware Domain Oficla OnLineGames Palevo Rebhip Rootkit Scar services.exe SpyEye svchost.exe Taterf TDSS Trojan VB VBInject VBKrypt Virus Votwup winlogon.exe Worm ZeroAccess

Greatis Software

AverScanner

Testimonials

People say

Categories

Recent Posts

Blogroll

Popular

Tags