Removed: 000003B067D98636.exe, driver0001.sys, driver0002.sys, driver0003.sys (trojan Bancos)

Dmitry Sokolov recommends UnHackMe!


UnHackMe quickly removes pop-up ads, search redirecting, browser hijack, spyware, keyloggers, PC slowdown issues. Download Now!

Download free e-book [PDF]: "How to Easily Remove Malware with UnHackMe"

Join us on Facebook
Click to Download
Solved! The issue has been fixed!
5 Stars (5 / 5)


Share This:

Malware: folha-de-pagamento.doc.www.denuncia.com.exe

Removed: C:\Documents and Settings\Administrator\Local Settings\Application Data\000003B067D98636.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\driver0001.sys
C:\Documents and Settings\Administrator\Local Settings\Application Data\driver0002.sys
C:\Documents and Settings\Administrator\Local Settings\Application Data\driver0003.sys

—————————————————————————————————————————-
Detected by RegRun Warrior:

1. RegRun Reanimator:


Your Vote?
0 0

Item Name: driver1
Author:
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\DRIVER0001.SYS
Type: Drivers

Item Name: driver2
Author:
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\DRIVER0002.SYS
Type: Drivers

Item Name: driver3
Author:
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\DRIVER0003.SYS
Type: Drivers

Item Name: SusClientIdId
Author: Microsoft Corporation
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\000003B067D98636.EXE
Type: Registry Run

2. Multi AntiVirus scan:

- none -

Removal Results: Success
Number of reboot: 1

—————————————————————————————————————————-
How to quickly detect malware presence?

Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\SusClientIdId
Value: “C:\Documents and Settings\Administrator\Local Settings\Application Data\000003B067D98636.exe”

Files:
C:\Documents and Settings\Administrator\Local Settings\Application Data\000003B067D98636.cfg
C:\Documents and Settings\Administrator\Local Settings\Application Data\000003B067D98636.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\driver0001.sys
C:\Documents and Settings\Administrator\Local Settings\Application Data\driver0002.sys
C:\Documents and Settings\Administrator\Local Settings\Application Data\driver0003.sys
C:\Documents and Settings\Administrator\Local Settings\Application Data\NOVAINFECCAO-WELL.log
C:\WINDOWS\system32\midas.dll
—————————————————————————————————————————-
Classification:

Antivirus Version Last Update Result
F-Secure 9.0.16160.0 2011.01.18 Dropped:Trojan.Generic.5391852
Kaspersky 7.0.0.125 2011.01.18 Trojan-Downloader.Win32.Agent.fqyw
Microsoft 1.6402 2011.01.18 TrojanSpy:Win32/Bancos
NOD32 5797 2011.01.18 probably unknown NewHeur_PE

—————————————————————————————————————————-

MD5 99ac0c2f53b89ea55671f411c6b32937

SHA1 14c8566743bc867072b6dede05e39fa4fa237cc4

SHA256 0b3120a72e44f981c10c0c3070a1c859f63f542230e8a0574a6d10b7b00e8d9b

—————————————————————————————————————————-


Installation
When the program is executed, it creates the following registry subkeys and values:

———————————-
Keys added:19
———————————-
HKLM\Software\Microsoft\Security Center\Svc
HKLM\Software\Microsoft\DownloadManager
HKLM\Software\Policies\Microsoft\MRT
HKLM\Software\Policies\Microsoft\Windows Defender
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DRIVER1
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DRIVER1\0000
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DRIVER2
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DRIVER2\0000
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DRIVER3
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DRIVER3\0000
HKLM\System\CurrentControlSet\Services\driver1
HKLM\System\CurrentControlSet\Services\driver1\Security
HKLM\System\CurrentControlSet\Services\driver2
HKLM\System\CurrentControlSet\Services\driver2\Security
HKLM\System\CurrentControlSet\Services\driver3
HKLM\System\CurrentControlSet\Services\driver3\Security
HKCU\Software\Microsoft\Internet Explorer\Download
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments

———————————-
Values added:60
———————————-
HKLM\Software\Microsoft\Security Center\UACDisableNotify: 0×00000001
HKLM\Software\Microsoft\Security Center\AutoUpdateDisableNotify: 0×00000001
HKLM\Software\Microsoft\Security Center\InternetSettingsDisableNotify: 0×00000001
HKLM\Software\Microsoft\Security Center\UpdatesOverride: 0×00000001
HKLM\Software\Microsoft\Security Center\Svc\UACDisableNotify: 0×00000001
HKLM\Software\Microsoft\Security Center\Svc\AntiVirusDisableNotify: 0×00000001
HKLM\Software\Microsoft\Security Center\Svc\AntiVirusOverride: 0×00000001
HKLM\Software\Microsoft\Security Center\Svc\FirewallDisableNotify: 0×00000001
HKLM\Software\Microsoft\Security Center\Svc\FirewallOverride: 0×00000001
HKLM\Software\Microsoft\Security Center\Svc\UpdatesDisableNotify: 0×00000001
HKLM\Software\Microsoft\Security Center\Svc\UpdatesOverride: 0×00000001
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA: 0×00000000
HKLM\Software\Policies\Microsoft\MRT\DontReportInfectionInformation: 0×00000001
HKLM\Software\Policies\Microsoft\Windows Defender\DisableAntiSpyware: 0×00000001
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DRIVER1\0000\Service: “driver1″
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DRIVER1\0000\Legacy: 0×00000001
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DRIVER1\0000\ConfigFlags: 0×00000000
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DRIVER1\0000\Class: “LegacyDriver”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DRIVER1\0000\ClassGUID: “{8ECC055D-047F-11D1-A537-0000F8753ED1}”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DRIVER1\0000\DeviceDesc: “b1 Service”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DRIVER1\NextInstance: 0×00000001
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DRIVER2\0000\Service: “driver2″
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DRIVER2\0000\Legacy: 0×00000001
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DRIVER2\0000\ConfigFlags: 0×00000000
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DRIVER2\0000\Class: “LegacyDriver”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DRIVER2\0000\ClassGUID: “{8ECC055D-047F-11D1-A537-0000F8753ED1}”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DRIVER2\0000\DeviceDesc: “b2 Service”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DRIVER2\NextInstance: 0×00000001
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DRIVER3\0000\Service: “driver3″
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DRIVER3\0000\Legacy: 0×00000001
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DRIVER3\0000\ConfigFlags: 0×00000000
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DRIVER3\0000\Class: “LegacyDriver”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DRIVER3\0000\ClassGUID: “{8ECC055D-047F-11D1-A537-0000F8753ED1}”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DRIVER3\0000\DeviceDesc: “b3 Service”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DRIVER3\NextInstance: 0×00000001
HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Documents and Settings\Administrator\Local Settings\Application Data\000003B067D98636.exe: “C:\Documents and Settings\Administrator\Local Settings\Application Data\000003B067D98636.exe:*:Enabled:000003B067D98636″
HKLM\System\CurrentControlSet\Services\driver1\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\System\CurrentControlSet\Services\driver1\Type: 0×00000001
HKLM\System\CurrentControlSet\Services\driver1\Start: 0×00000001
HKLM\System\CurrentControlSet\Services\driver1\ErrorControl: 0×00000001
HKLM\System\CurrentControlSet\Services\driver1\ImagePath: “\??\C:\Documents and Settings\Administrator\Local Settings\Application Data\driver0001.sys”
HKLM\System\CurrentControlSet\Services\driver1\DisplayName: “b1 Service”
HKLM\System\CurrentControlSet\Services\driver2\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\System\CurrentControlSet\Services\driver2\Type: 0×00000001
HKLM\System\CurrentControlSet\Services\driver2\Start: 0×00000001
HKLM\System\CurrentControlSet\Services\driver2\ErrorControl: 0×00000001
HKLM\System\CurrentControlSet\Services\driver2\ImagePath: “\??\C:\Documents and Settings\Administrator\Local Settings\Application Data\driver0002.sys”
HKLM\System\CurrentControlSet\Services\driver2\DisplayName: “b2 Service”
HKLM\System\CurrentControlSet\Services\driver3\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\System\CurrentControlSet\Services\driver3\Type: 0×00000001
HKLM\System\CurrentControlSet\Services\driver3\Start: 0×00000001
HKLM\System\CurrentControlSet\Services\driver3\ErrorControl: 0×00000001
HKLM\System\CurrentControlSet\Services\driver3\ImagePath: “\??\C:\Documents and Settings\Administrator\Local Settings\Application Data\driver0003.sys”
HKLM\System\CurrentControlSet\Services\driver3\DisplayName: “b3 Service”
HKCU\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures: “no”
HKCU\Software\Microsoft\Internet Explorer\Download\RunInvalidSignatures: 0×00000001
HKCU\Software\Microsoft\Windows\CurrentVersion\SusClientIdId: “000003B067D98636″
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes: “.exe;.bat;.com;.cmd;”
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\SaveZoneInformation: 0×00000001
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\SusClientIdId: “C:\Documents and Settings\Administrator\Local Settings\Application Data\000003B067D98636.exe”

———————————-
Values modified:4
———————————-
(-) HKLM\Software\Microsoft\Security Center\AntiVirusOverride: 0×00000000
(+) HKLM\Software\Microsoft\Security Center\AntiVirusOverride: 0×00000001
(-) HKLM\Software\Microsoft\Security Center\FirewallOverride: 0×00000000
(+) HKLM\Software\Microsoft\Security Center\FirewallOverride: 0×00000001

———————————-
Files added:7
———————————-
C:\Documents and Settings\Administrator\Local Settings\Application Data\000003B067D98636.cfg
C:\Documents and Settings\Administrator\Local Settings\Application Data\000003B067D98636.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\driver0001.sys
C:\Documents and Settings\Administrator\Local Settings\Application Data\driver0002.sys
C:\Documents and Settings\Administrator\Local Settings\Application Data\driver0003.sys
C:\Documents and Settings\Administrator\Local Settings\Application Data\NOVAINFECCAO-WELL.log
C:\WINDOWS\system32\midas.dll

———————————-
Total changes:90
———————————-

—————————————————————————————————————————-
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com

1. Download UnHackMe free 30-day version

UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily.

Free Download

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10 32 or 64-bit. UnHackMe uses minimum of computer resources.

2. Double click on UnHackMe_setup.exe

You will see a confirmation screen with verified publisher: Greatis Software. Verified Publisher Greatis Software

Once UnHackMe has installed has installed the first Scan will start automatically

Review the detected threats

3. Carefully review the detected threats!

Click Remove button or False Positive.

What to do if you are unable to solve a problem?

UnHackMe Remote Assistant
  1. Open UnHackMe main screen.
  2. Click on a Remote Assistant button.
  3. Follow instructions on a screen.
  4. We will contact you and send a solution of your problem.
  5. Remote assistance is free during trial period.

Enjoy!

Dmitry Sokolov - author of UnHackMe