Removed: PRAGMAd.sys (variant of TDSS trojan – Alureon/Olmarik)

I will tell you in this post how to fix the issue manually and how to clean it automatically using a special powerful removal tool. You can download the removal program for free here:

Malware: C:\sand-box\install01.exe

Removed: C:\WINDOWS\PRAGMAqipfvcxnqq\PRAGMAd.sys

—————————————————————————————————————————-
After first reboot detected by UnHackMe:


Will you remove it?
0 0

Download Removal Tool for Free

Item Name: PRAGMAqipfvcxnqq
Author:
Related File: C:\WINDOWS\PRAGMAQIPFVCXNQQ\PRAGMAD.SYS
Type: Services detected by Partizan

Removal Results: Success
Number of reboot: 2
—————————————————————————————————————————-
Classification:

Antivirus Version Last Update Result
F-Secure 9.0.15370.0 2010.05.11 Gen:Variant.TDss.20
Kaspersky 7.0.0.125 2010.05.11 Trojan-Downloader.Win32.FraudLoad.xcxu
Microsoft 1.5703 2010.05.11 Trojan:Win32/Alureon.gen!J
NOD32 5105 2010.05.11 Win32/Olmarik.YX

—————————————————————————————————————————-
Additional information
File size: 88576 bytes
MD5 : 92f841a030057e645e71d0817cca0b8a
SHA1 : b7273df7d70b60dfcbc8fe6b3e1f0ac8679cd0fa
SHA256: a58cc1595d9e5b90b1f5f0fc53cb6ba7ed808c3aeea077d7c09f7c2d8c9c66cb
—————————————————————————————————————————-
Installation
When the program is executed, it creates the following registry subkeys and values:

———————————-
Keys added:6
———————————-
HKLM\Software\PRAGMA
HKLM\Software\PRAGMA\versions
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_PRAGMAQIPFVCXNQQ
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_PRAGMAQIPFVCXNQQ\0000
HKLM\System\CurrentControlSet\Services\PRAGMAqipfvcxnqq
HKLM\System\CurrentControlSet\Services\PRAGMAqipfvcxnqq\modules

———————————-
Values added:17
———————————-
HKLM\Software\PRAGMA\affid: “traf”
HKLM\Software\PRAGMA\subid: “pragma”
HKLM\Software\PRAGMA\type: “no”
HKLM\Software\PRAGMA\build: “bbr”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_PRAGMAQIPFVCXNQQ\0000\Service: “PRAGMAqipfvcxnqq”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_PRAGMAQIPFVCXNQQ\0000\Legacy: 0×00000001
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_PRAGMAQIPFVCXNQQ\0000\ConfigFlags: 0×00000000
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_PRAGMAQIPFVCXNQQ\0000\Class: “LegacyDriver”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_PRAGMAQIPFVCXNQQ\0000\ClassGUID: “{8ECC055D-047F-11D1-A537-0000F8753ED1}”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_PRAGMAQIPFVCXNQQ\0000\DeviceDesc: “PRAGMAqipfvcxnqq”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_PRAGMAQIPFVCXNQQ\0000\Capabilities: 0×00000000
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_PRAGMAQIPFVCXNQQ\NextInstance: 0×00000001
HKLM\System\CurrentControlSet\Services\PRAGMAqipfvcxnqq\modules\PRAGMAd: “\systemroot\PRAGMAqipfvcxnqq\PRAGMAd.sys”
HKLM\System\CurrentControlSet\Services\PRAGMAqipfvcxnqq\modules\PRAGMAc: “\systemroot\PRAGMAqipfvcxnqq\PRAGMAc.dll”
HKLM\System\CurrentControlSet\Services\PRAGMAqipfvcxnqq\start: 0×00000001
HKLM\System\CurrentControlSet\Services\PRAGMAqipfvcxnqq\type: 0×00000001
HKLM\System\CurrentControlSet\Services\PRAGMAqipfvcxnqq\imagepath: “\systemroot\PRAGMAqipfvcxnqq\PRAGMAd.sys”

———————————-
Values modified:2
———————————-
(-) HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable: 0×00000001
(+) HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable: 0×00000000
(-) HKLM\System\CurrentControlSet\Services\wscsvc\Start: 0×00000002
(+) HKLM\System\CurrentControlSet\Services\wscsvc\Start: 0×00000004

———————————-
Files added:5
———————————-
C:\Documents and Settings\Administrator\Local Settings\Temp\PRAGMA7d1f.tmp
C:\WINDOWS\PRAGMAqipfvcxnqq\PRAGMAc.dll
C:\WINDOWS\PRAGMAqipfvcxnqq\PRAGMAcfg.ini
C:\WINDOWS\PRAGMAqipfvcxnqq\PRAGMAd.sys
C:\WINDOWS\PRAGMAqipfvcxnqq\PRAGMAsrcr.dat

———————————-
Files deleted:1
———————————-
C:\sand-box\install01.exe

———————————-
Files [attributes?] modified:3
———————————-
C:\Documents and Settings\NetworkService\Cookies\index.dat
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat

———————————-
Folders added:1
———————————-
C:\WINDOWS\PRAGMAqipfvcxnqq

———————————-
Folders attributes changed:2
———————————-
C:\Documents and Settings\NetworkService\Local Settings\History
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files

———————————-
Total changes:37
———————————-

—————————————————————————————————————————-
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com


I use UnHackMe for cleaning ads and viruses from my friend's computers, because it is extremely fast and effective.




STEP 1: Download UnHackMe for free

UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily.

Free Download

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10 32 or 64-bit. UnHackMe uses minimum of computer resources.

STEP 2: Double click on UnHackMe_setup.exe

You will see a confirmation screen with verified publisher: Greatis Software. Verified Publisher Greatis Software

Once UnHackMe has installed the first Scan will start automatically

Review the detected threats

STEP 3: Carefully review the detected threats!

Click Remove button or False Positive.

Enjoy!

8 votes, average: 5.00 out of 58 votes, average: 5.00 out of 58 votes, average: 5.00 out of 58 votes, average: 5.00 out of 58 votes, average: 5.00 out of 5 (8 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...