Removed: C:\WINDOWS\system32:services.exe
Malware: html.exe
Removed: C:\WINDOWS\system32:services.exe
—————————————————————————————————————————-
Classification:
| Antivirus | Version | Last Update | Result |
|---|---|---|---|
| F-Secure | 9.0.15370.0 | 2009.12.29 | Backdoor.Generic.214994 |
| Kaspersky | 7.0.0.125 | 2009.12.29 | Trojan.Win32.Buzus.cerz |
| McAfee | 5845 | 2009.12.28 | Generic BackDoor!bdv |
| Microsoft | 1.5302 | 2009.12.29 | Backdoor:Win32/Poison.M |
| NOD32 | 4723 | 2009.12.28 | probably a variant of Win32/Injector.ACF |
| Symantec | 1.4.4.12 | 2009.12.29 | Backdoor.Trojan |
—————————————————————————————————————————-
Additional information
File size: 42496 bytes
MD5 : 09b5eb057775660b7ee9ccb5c8242f1d
SHA1 : c85c81c2465943cd9646b8ab7f4f263402a0c021
SHA256: f8b89c4025577760b313555149b59ef781e94ade1ca17efd0b71ef4298c650ed
—————————————————————————————————————————-
Installation
When the program is executed, it creates the following registry subkeys and values:
———————————-
Keys added:1
———————————-
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{A5573F65-6294-4AB3-1E2C-90E6C09AC243}
———————————-
Values added:1
———————————-
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{A5573F65-6294-4AB3-1E2C-90E6C09AC243}\StubPath: 43 3A 5C 57 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 3A 73 65 72 76 69 63 65 73 2E 65 78 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
———————————-
Folders attributes changed:1
———————————-
C:\WINDOWS\system32
———————————-
Total changes:3
———————————-
—————————————————————————————————————————-
Detected by UnHackMe:
Item Name: {A5573F65-6294-4AB3-1E2C-90E6C09AC243}
Author: Unknown
Related File: C:\WINDOWS\system32:services.exe
Type: ActiveSetup
Removal Results: Success
Number of reboot: 1
—————————————————————————————————————————-
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
