Windows XP Repair – Fake System Tool

June 23, 2011 by NightWatcher
Filed under: Fake System Tool 
: Solved!

Fix it immediately:

The file GrTa4xSRzsUNFtdK.exe is a part of Fake System software.
You must delete the file GrTa4xSRzsUNFtdK.exe immediately!
Delete the file GrTa4xSRzsUNFtdK.exe without delay!
Kill the process GrTa4xSRzsUNFtdK.exe and remove GrTa4xSRzsUNFtdK.exe from the Windows startup.

Malware Analysis of “Windows XP Repair”
Executed: payload_unpacked_cryptor_upx.exe
Removed: GrTa4xSRzsUNFtdK.exe. Full path: C:\Documents and Settings\All Users\Application Data\GrTa4xSRzsUNFtdK.exe

—————————————————————————————————————————-
Detected by UnHackMe:

Item Name: GrTa4xSRzsUNFtdK.exe
Author: Unknown
Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GRTA4XSRZSUNFTDK.EXE
Type: Running Processes

Removal Results: Success
Number of reboot: 1

—————————————————————————————————————————-
How to quickly detect malware presence?

Files:
C:\Documents and Settings\Administrator\Desktop\Windows XP Repair.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Windows XP Repair\Uninstall Windows XP Repair.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Windows XP Repair\Windows XP Repair.lnk
C:\Documents and Settings\All Users\Application Data\GrTa4xSRzsUNFtdK
C:\Documents and Settings\All Users\Application Data\GrTa4xSRzsUNFtdK.exe
—————————————————————————————————————————-


Installation
When the program is executed, it creates the following registry subkeys and values:

———————————-
Values added:2
———————————-
HKCU\Software\Microsoft\Internet Explorer\Main\Use FormSuggest: “Yes”
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnonBadCertRecving: 0×00000000

———————————-
Values modified:2
———————————-
(-) HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State: 0x00023C00
(+) HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State: 0x00023E00

———————————-
Files added:5
———————————-
C:\Documents and Settings\Administrator\Desktop\Windows XP Repair.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Windows XP Repair\Uninstall Windows XP Repair.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Windows XP Repair\Windows XP Repair.lnk
C:\Documents and Settings\All Users\Application Data\GrTa4xSRzsUNFtdK
C:\Documents and Settings\All Users\Application Data\GrTa4xSRzsUNFtdK.exe

———————————-
Files deleted:1
———————————-
C:\sand-box\payload_unpacked_cryptor_upx.exe

———————————-
Folders added:1
———————————-
C:\Documents and Settings\Administrator\Start Menu\Programs\Windows XP Repair

———————————-
Total changes:11
———————————-

—————————————————————————————————————————-
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

Written by

Malware Hunter.

Tags: Fake System Tool, Windows XP Repair

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.