Removed: vccFD.exe

Malware: vccFD.exe
Removed: C:\Program Files\vaccf\vccFD.exe
—————————————————————————————————————————-
Classification:

Antivirus	Version	Last Update	Result
F-Secure	9.0.15370.0	2009.12.15	Trojan.Generic.2212168
Kaspersky	7.0.0.125	2009.12.16	-
McAfee	5833	2009.12.15	Generic Downloader.x!blm
Microsoft	1.5302	2009.12.15	TrojanDownloader:Win32/Small.AO
NOD32	4691	2009.12.15	-
Symantec	1.4.4.12	2009.12.16	Downloader

—————————————————————————————————————————-
Additional information
File size: 40448 bytes
MD5   : 8fc444cd9325ec9e8fbd5aff7ddb5b6d
SHA1  : a28182185454de08fe5e6a0335dec862b9b5d7f8
SHA256: 204809e89cab5312e837d6e06da12181a11d2475b692e6058325168a4b816067
—————————————————————————————————————————-
Installation
When the program is executed, it creates the following registry subkeys and values:

———————————-
Keys added:2
———————————-
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vaccf
HKCU\Software\vaccf

———————————-
Values added:8
———————————-
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\vcfe: “00:0C:29:82:06:4B”
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\ntick45: “34609″
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vaccf: “C:\Program Files\vaccf\vccFD.exe”
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vaccf\UninstallString: “C:\WINDOWS\system32\uninst_vcfu.exe”
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vaccf\DisplayName: “?e?ACA?®”
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vaccf\HelpLink: “http://vaccine-free.co.kr”
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vaccf\DisplayVersion: “”
HKCU\Software\vaccf\updaterVersion: “1.6″

———————————-
Files added:1
———————————-
C:\Program Files\vaccf\vccFU.exe

———————————-
Folders added:1
———————————-
C:\Program Files\vaccf

———————————-
Total changes:12
———————————-

—————————————————————————————————————————-
Internet activity:

- none -
—————————————————————————————————————————-
Detected by UnHackMe:

Item Name: vaccf
Author:
Related File: C:\Program Files\vaccf\vccFD.exe
Type: Registry Run

Removal Results: Success
Number of reboot: 1
—————————————————————————————————————————-
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com

Popularity: 1% [?]

Comments

• Greatis Software

  • Send file

•  

  September 2010

  M	T	W	T	F	S	S
  « Aug
  		1	2	3	4	5
  6	7	8	9	10	11	12
  13	14	15	16	17	18	19
  20	21	22	23	24	25	26
  27	28	29	30

• Archives

  • September 2010 (10)
  • August 2010 (93)
  • July 2010 (133)
  • June 2010 (92)
  • May 2010 (135)
  • April 2010 (163)
  • March 2010 (154)
  • February 2010 (93)
  • January 2010 (102)
  • December 2009 (36)
  • November 2009 (12)

• Tags

  4DW4R3.sys Agent Alureon Antivirus XP 2010 ATAPI.SYS autorun.inf ave.exe Banker cleansweep.exe ctfmon.exe helper32.dll Injector lsass.exe Meredrop Oficla OnLineGames Paladin Antivirus PRAGMAD.SYS Scar sdra64.exe Security Tool services.exe ServStart Sisron smss.exe smss32.exe Spy.Banker svc.exe svchost.exe svw.exe TDSS user32.DLL userinit.exe VB VBInject winhlp64.exe winlogon.exe winlogon32.exe Winlogon\Shell Winlogon\Userinit wnzip32.exe wscsvc32.exe Zbot Zeus _VOIDd.sys

• Blogroll

  • RegRun Security Suite. Detects and removes rootkits/malware/adware that your antivirus could not.
  • RegRun Warrior – Removing rootkits is best done from the outside!
  • UnHackMe – rootkit & malware killer

• Popular

  1. 100% Removed: REGSRV.EXE, STDRT.EXE
  2. 38% Removed: C:\WINDOWS\system32\msvmiode.exe (trojan Vbcrypt)
  3. 38% Removed: winlogon32.exe, smss32.exe
  4. 35% Removed: svchost.exe:exe.exe, ihaupd32.exe, av_md.exe
  5. 25% Removed: syre32.exe
  6. 25% Removed: cleansweep.exe, nynw.wmo
  7. 23% Removed: qtplugin.exe, incognito.exe
  8. 22% Removed: richtx64.exe, wscsvc32.exe
  9. 18% Removed: winhelper86.dll, winupdate86.exe, winlogon86.exe
  10. 17% Removed: C:\WINDOWS\system32\augy.vko (trojan Oficla)
  11. 17% Removed: vsbntlo.exe
  12. 15% Removed: ccmain.exe, ccagent.exe
  13. 13% Removed: umdmgr.exe
  14. 13% Removed: raidhost.exe
  15. 12% Removed: nynw.wmo
  16. 11% Removed: {8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (trojan Gemini)
  17. 11% Removed: winlogon32.exe, smss32.exe, helper32.dll
  18. 11% Removed: syscr.exe (worm Palevo/Rimecud)
  19. 11% Removed: autorun.inf, herss.exe
  20. 11% Removed: apmanager.exe (Fake Alert APManager)

• Recent Posts

  • Removed: C:\Documents and Settings\All Users\Application Data\BrEaK\Break.exe (trojan Bancos)
  • Removed: C:\drixxxxxxx.exe\drixxxxxxx.exe (trojan SpyEyes)
  • Removed: C:\WINDOWS\system32\msapps\comsrvr.exe (trojan Heur)
  • Removed: asectool.exe, scan.dll (FakeAV – Advanced Security Tool 2010)
  • Removed: C:\WINDOWS\mstwain32.exe (trojan Turkojan)
  • Removed: dev.sys, dev.dll (trojan Tinxy)
  • Removed: C:\Program Files\PinSearch\PinSearch.exe, C:\Program Files\PinSearch\PSHelper.dll (Adware.BonusCash)
  • Removed: antispy.exe (FakeAV – Pest Detector aka Red Cross Antivirus, AntiSpy Safeguard, Peak Protection 2010, Major Defense Kit)
  • Removed: clspackagemd.exe, clspackagemdx.dll (trojan Induc)
  • Removed: C:\Program Files\favoclick\favoclick.dll, C:\Program Files\favoclick\favoclickup.exe (trojan BHO)

• UnHackMe kills rootkits!

  

• RegRun Warrior

  Removing rootkits is best done from the outside!