Removed: C:\windllxxxx.exe\windllxxxx.exe (trojan SpyEye)

Malware: tcp.exe Removed: C:\windllxxxx.exe\windllxxxx.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: windllxxxx.exe Author: Sysinternals – www.sysinternals.com Related File: C:\WINDLLXXXX.EXE\WINDLLXXXX.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\windllxxxx.exe Value: “C:\windllxxxx.exe\windllxxxx.exe” Folders: C:\windllxxxx.exe\ Files: C:\windllxxxx.exe\config.bin C:\windllxxxx.exe\windllxxxx.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.12.08 Trojan.Generic.KDV.83497 […]
More…

Removed: C:\Documents and Settings\All Users\Application Data\Sys32c.exe (worm Rebhip)

Malware: Run first.exe Removed: C:\Documents and Settings\All Users\Application Data\Sys32c.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: DefaultSystem Author: Microsoft Corporation Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYS32C.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\DefaultSystem Value: “C:\Documents and Settings\All Users\Application Data\Sys32c.exe” Files: C:\Documents and Settings\All […]
More…

Removed: C:\WINDOWS\system32\msnmsg\msnmsg.exe (backdoor Fynloski)

Malware: C:\sand-box\dc7.exe Removed: C:\WINDOWS\system32\msnmsg\msnmsg.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: msnmsg Author: Related File: C:\WINDOWS\SYSTEM32\MSNMSG\MSNMSG.EXE Type: Registry Run Item Name: msnmsg.exe Author: Related File: C:\WINDOWS\SYSTEM32\MSNMSG\MSNMSG.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\msnmsg Value: “C:\WINDOWS\system32\msnmsg\msnmsg.exe” Folders: C:\WINDOWS\system32\msnmsg\ Files: C:\WINDOWS\system32\msnmsg\msnmsg.exe —————————————————————————————————————————- Classification: Antivirus Version Last […]
More…

Removed: C:\Documents and Settings\Administrator\Application Data\bdepdf.exe (worm Palevo)

Malware: bdepdf.exe Removed: C:\Documents and Settings\Administrator\Application Data\bdepdf.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: taskman Author: ttsoft Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\BDEPDF.EXE Type: Winlogon System Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman Value: “C:\Documents and Settings\Administrator\Application Data\bdepdf.exe” Files: C:\Documents and Settings\Administrator\Application Data\bdepdf.exe —————————————————————————————————————————- Classification: Antivirus […]
More…

Removed: 360vbs.jse, einnls.vbs, hihotrun.jse, smss.exe (trojan VB)

Malware: dianxin.exe Removed: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\360vbs.jse C:\Documents and Settings\All Users\Start Menu\Programs\Startup\einnls.vbs C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hihotrun.jse c:\windows\201012071945\smss.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: micrososot Author: Unknown Related File: C:\WINDOWS\201012071945\SMSS.EXE Type: Registry Run Item Name: 360vbs.jse Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\STARTUP\360VBS.JSE Type: Common Startup Folder Item Name: einnls.vbs Author: Unknown […]
More…

Removed: winntlsmss.exe (trojan SpyEyes)

Malware: out.exe Removed: C:\winntlsmss.exe\winntlsmss.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: winntlsmss.exe Author: Hr3EMCPju8rM2sSQ Related File: C:\WINNTLSMSS.EXE\WINNTLSMSS.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\winntlsmss.exe Value: “C:\winntlsmss.exe\winntlsmss.exe” Folders: C:\winntlsmss.exe\ Files: C:\winntlsmss.exe\config.bin C:\winntlsmss.exe\winntlsmss.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.12.04 Trojan.Generic.KD.77282 Kaspersky 7.0.0.125 […]
More…

Removed: C:\Documents and Settings\Administrator\ywr.exe (backdoor Cetorp)

Malware: C:\sand-box\ces.exe Removed: C:\Documents and Settings\Administrator\ywr.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: MSConfig Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\YWR.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\MSConfig Value: “C:\Documents and Settings\Administrator\ywr.exe \u” Files: C:\Documents and Settings\Administrator\secupdat.dat C:\Documents and Settings\Administrator\ywr.exe C:\WINDOWS\system32\secupdat.dat —————————————————————————————————————————- Classification: Antivirus […]
More…

Removed: C:\WINDOWS\system32\ttqrm.exe (trojan VBKrypt)

Malware: tt.exe Removed: C:\WINDOWS\system32\ttqrm.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Microsoft Driver Setup Author: VvoS Related File: C:\WINDOWS\SYSTEM32\TTQRM.EXE Type: Explorer Run Item Name: ttqrm.exe Author: VvoS Related File: C:\WINDOWS\SYSTEM32\TTQRM.EXE Type: Detected using Heuristic Algorithm Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Driver Setup Value: “C:\WINDOWS\system32\ttqrm.exe” Files: […]
More…

Removed: WFV3smx4pnp.dll (trojan OnLineGames)

Malware: s.exe Removed: C:\Documents and Settings\Administrator\Microsoft\WFV3smx4pnp.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: WFV3smx4pnp Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\MICROSOFT\WFV3SMX4PNP.DLL Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\WFV3smx4pnp Value: “rundll32.exe “C:\Documents and Settings\Administrator\Microsoft\WFV3smx4pnp.dll”, Launch” Files: C:\Documents and Settings\Administrator\Microsoft\WFV3smx4pnp.dll —————————————————————————————————————————- Classification: Antivirus Version Last Update […]
More…

Removed: winsrvn.exe (trojan Boberog)

Malware: lala.exe Removed: C:\Documents and Settings\Administrator\Application Data\S-3685-5437-5687\winsrvn.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: MSNUpdateServices Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\S-3685-5437-5687\WINSRVN.EXE Type: Registry Run Item Name: winsrvn.exe Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\S-3685-5437-5687\WINSRVN.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\MSNUpdateServices […]
More…

Removed: binnfixdata700.exe (FakeAV – Antimalware Doctor)

Malware: C:\sand-box\binnfixdata700.exe Removed: C:\sand-box\binnfixdata700.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: binnfixdata700.exe Author: It Systems Related File: C:\SAND-BOX\BINNFIXDATA700.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Antimalware Doctor Inc HKCU\Software\Antimalware Doctor Inc\Antimalware Doctor Files: enemies-names.txt local.ini —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.12.06 […]
More…

Removed: updater.exe, 138843_xeex.exe, 77968_xeex.exe, ABFMOKF.DLL, SOSO.DLL, pcidump.sys; Restored: DSOUND.DLL, MSHTML.DLL, USERINIT.EXE (trojan Bulilit)

Malware: P44.exe Removed: C:\WINDOWS\system32\updater.exe C:\Documents and Settings\Administrator\Local Settings\Temp\138843_xeex.exe C:\Documents and Settings\Administrator\Local Settings\Temp\77968_xeex.exe C:\WINDOWS\SYSTEM32\ABFMOKF.DLL C:\PROGRAM FILES\TENCENT\SOSO.DLL C:\WINDOWS\SYSTEM32\DRIVERS\pcidump.sys Restored: C:\WINDOWS\SYSTEM32\DSOUND.DLL C:\WINDOWS\SYSTEM32\MSHTML.DLL C:\WINDOWS\SYSTEM32\USERINIT.EXE —————————————————————————————————————————- Detected by UnHackMe: Item Name: updater Author: Related File: C:\WINDOWS\system32\updater.exe Type: Registry Run After first reboot detected by UnHackMe: Item Name: 36703_xeex.exe Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\36703_XEEX.EXE Type: Running Processes Item Name: 40515_xeex.exe Author: […]
More…

Removed: geurge.exe; Restored: ATAPI.SYS (worm VBNA + rootkit TDSS)

Malware: ren.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\geurge.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS —————————————————————————————————————————- Detected by UnHackMe: Item Name: ewrgetuj Author: Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\GEURGE.EXE Type: Registry Run Item Name: geurge.exe Author: Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\GEURGE.EXE Type: Running Processes Item Name: Rootkit: TDL3++Device:\\msuooeqx Author: Unknown Related File: Type: Devices in Memory Detected by RegRun Warrior: 1. RegRun Reanimator: Item Name: atapi.sys […]
More…

Removed: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\oweeaxce.exe, C:\Program Files\UcAgWjev\oweeaxce.exe; Restored: C:\WINDOWS\SYSTEM32\WINLOGON.EXE (trojan Ramnit)

Malware: all-zahlung.exe Removed: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\oweeaxce.exe C:\Program Files\UcAgWjev\oweeaxce.exe Restored: C:\WINDOWS\SYSTEM32\WINLOGON.EXE —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,,C:\Program Files\UcAgWjev\oweeaxce.exe Type: UserInit Value Item Name: oweeaxce.exe Author: Macromedia, Inc. Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\START MENU\PROGRAMS\STARTUP\OWEEAXCE.EXE Type: Startup Folder 2. Multi AntiVirus scan: WINLOGON.EXE Default location: C:\WINDOWS\SYSTEM32\WINLOGON.EXE MD5: […]
More…

Removed: C:\WINDOWS\system32\taskeng.exe (backdoor Poisonivy)

Malware: taskeng.exe Removed: C:\WINDOWS\system32\taskeng.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: {3C65BAA2-8F50-716F-4A7F-B87ADCC65E0E} Author: Unknown Related File: C:\WINDOWS\SYSTEM32\TASKENG.EXE Type: ActiveSetup Item Name: taskeng.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\TASKENG.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\taskeng.exe Files: C:\Documents and Settings\Administrator\Local Settings\Temp\adz.txt C:\Documents and Settings\Administrator\Local Settings\Temp\~DFD602.tmp C:\Documents […]
More…

Removed: C:\RestorData.exe\RestorData.exe (trojan SpyEye)

Malware: C:\sand-box\RestorData.exe Removed: C:\RestorData.exe\RestorData.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: RestorData.exe Author: Scwm2 Related File: C:\RESTORDATA.EXE\RESTORDATA.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\RestorData.exe Value: “C:\RestorData.exe\RestorData.exe” Folders: C:\RestorData.exe\ Files: C:\RestorData.exe\config.bin C:\RestorData.exe\RestorData.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.12.03 Trojan.Generic.KDV.78200 Kaspersky 7.0.0.125 […]
More…

Removed: UNrcJcrVSu.exe, crmslig.dll; Restored: VOLSNAP.SYS (trojan Hiloti)

Malware: file_001.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\UNrcJcrVSu.exe C:\WINDOWS\crmslig.dll Restored: VOLSNAP.SYS —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: Item Name: Pvesodurexur Author: ArcSoft Inc. Related File: C:\WINDOWS\CRMSLIG.DLL Type: Registry Run Item Name: UNrcJcrVSu.exe Author: Microsoft Corporation Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\UNRCJCRVSU.EXE Type: Registry Run 2. Multi AntiVirus scan: VOLSNAP.SYS Default location: C:\WINDOWS\SYSTEM32\DRIVERS\VOLSNAP.SYS MD5: 31EDA41F98868B92EEED6E16D7424A86 SHA1: E9424835 A052802A […]
More…

Removed: shell.exe, conhost.exe, svchost.exe, dwm.exe, csrss.exe (trojan Cycbot)

Malware: gsoft.exe Removed: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\shell.exe C:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe C:\Documents and Settings\Administrator\Application Data\Microsoft\svchost.exe C:\Documents and Settings\Administrator\Local Settings\Temp\dwm.exe C:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: svchost Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MICROSOFT\CONHOST.EXE Type: Registry Run Item Name: load Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\csrss.exe Type: Win.ini Item Name: shell.exe Author: […]
More…

Removed: BEV3szxc10.dll, BEV3szxc20.dll, BEV3zxc.exe (worm Taterf)

Malware: C:\sand-box\dauterbing.exe Removed: C:\WINDOWS\system32\BEV3szxc10.dll C:\WINDOWS\system32\BEV3szxc20.dll C:\WINDOWS\system32\BEV3zxc.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: {94AC7942-7BE1-4FB9-A7CA-67CD88362758} Author: Related File: C:\WINDOWS\SYSTEM32\BEV3SZXC20.DLL Type: Browser Helper Objects Item Name: BEV3szxc10.dll Author: Unknown Related File: C:\WINDOWS\SYSTEM32\BEV3SZXC10.DLL Type: Detected using Heuristic Algorithm Item Name: BEV3zxc.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\BEV3ZXC.EXE Type: Detected using Heuristic Algorithm Item Name: BEV3sos Author: Unknown Related File: C:\WINDOWS\SYSTEM32\BEV3ZXC.EXE […]
More…

Removed: C:\WINDOWS\winrvs\winrsv.exe (trojan Refroso)

Malware: 8303.exe Removed: C:\WINDOWS\winrvs\winrsv.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: {933BDABB-4B27-ECF3-6EB4-F3E68821E933} Author: ZwRq Related File: C:\WINDOWS\WINRVS\WINRSV.EXE Type: ActiveSetup Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Active Setup\Installed Components\{933BDABB-4B27-ECF3-6EB4-F3E68821E933}\stubpath Value: “C:\WINDOWS\winrvs\winrsv.exe s” Files: C:\Documents and Settings\Administrator\Application Data\addon.dat C:\WINDOWS\winrvs\klog.dat C:\WINDOWS\winrvs\winrsv.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 […]
More…

Removed: C:\WINDOWS\system32\drivers\sst3.sys; Restored: C:\WINDOWS\SYSTEM32\DRIVERS\VOLSNAP.SYS (Probably a new version of the Trojan PGARMA.SYS)

Malware: C:\sand-box\442-direct.exe Removed: C:\WINDOWS\system32\drivers\sst3.sys Restored: C:\WINDOWS\SYSTEM32\DRIVERS\VOLSNAP.SYS —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: – none – 2. Multi AntiVirus scan: SST3.SYS Default location: C:\WINDOWS\SYSTEM32\DRIVERS\SST3.SYS MD5: EEE31720E570C5889071EF56F53D60E6 SHA1: 31C9EA30 C2B7A8FD B0834D64 680E8581 2CE724DC File Size: 53 248 Version Info: OriginalFilename: volsnap.sys FileDescription: Volume Shadow Copy Driver InternalName: volsnap.sys CompanyName: Microsoft Corporation FileVersion: 5.1.2600.5512 (xpsp.080413-2108) LegalCopyright: […]
More…

Removed: iTunes.exe (trojan Injector)

Malware: 346401121.exe Removed: C:\Documents and Settings\Administrator\Application Data\iTunes.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Apple iPod Service Author: AyWJsmwnUEai Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\ITUNES.EXE Type: Registry Run Item Name: iTunes.exe Author: AyWJsmwnUEai Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\ITUNES.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? […]
More…

Removed: sesdessepetak.exe, ATi.exe (worm VBNA)

Malware: a496cf8022e5439e6656094f26fc6720.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\sesdessepetak.exe C:\RECYCLER\S-6-5-21-1482476501-1644491937-1282847265-1013\ATi.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: {SI43Y8I7-1GRQ-7YK-OOL9-091237AAA56} Author: BXTuguwhrBCwP Related File: C:\RECYCLER\S-6-5-21-1482476501-1644491937-1282847265-1013\ATI.EXE Type: ActiveSetup Item Name: Driver Control Manager v8.3 Author: PcoYdtEoVTdmNQyi Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\SESDESSEPETAK.EXE Type: Registry Run Item Name: sesdessepetak.exe Author: PcoYdtEoVTdmNQyi Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\SESDESSEPETAK.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- […]
More…

Removed: msftldr.dll, c53z.exe (trojan Vundo)

Malware: C:\sand-box\amzliewfhds.exe Removed: C:\Documents and Settings\Administrator\Application Data\Mozilla\vclupldll10\msftldr.dll C:\Documents and Settings\Administrator\Local Settings\Temp\c53z.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: AppInit_DLLs Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla\VCLUPL~1\msftldr.dll Type: List of Injected DLLs Item Name: 8f0ge3w Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\C53Z.EXE Type: Explorer Run Item Name: c53z.exe Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\C53Z.EXE Type: Running Processes Item Name: 3j8fjgo0.exe Author: Unknown […]
More…

Removed: C:\WINDOWS\system32\rescue32.exe (trojan Ranbyus)

Malware: 1.exe Removed: C:\WINDOWS\system32\rescue32.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: System Rescue Author: Unknown Related File: C:\WINDOWS\SYSTEM32\RESCUE32.EXE Type: Explorer Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\System Rescue Value: “C:\WINDOWS\system32\rescue32.exe” Files: C:\WINDOWS\system32\rescue32.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.11.27 Trojan.Generic.5122445 Kaspersky 7.0.0.125 2010.11.27 […]
More…

Removed: C:\WINDOWS\LINKINFO.DLL (trojan KeyLogger)

Malware: 0_fish.exe Removed: C:\WINDOWS\LINKINFO.DLL —————————————————————————————————————————- Detected by UnHackMe: Item Name: linkinfo.dll Author: Unknown Related File: C:\WINDOWS\LINKINFO.DLL Type: Redirected DLLs Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Files: C:\WINDOWS\LINKINFO.DLL C:\WINDOWS\olinkinfo.dll C:\WINDOWS\SFDLL.DLL —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.11.27 Trojan.Spy.Keylogger.BJ Kaspersky 7.0.0.125 2010.11.27 Trojan-Spy.Win32.KeyLogger.ng Microsoft 1.6402 2010.11.27 […]
More…

Removed: C:\WINDOWS\system32\drivers\passthru.sys, C:\WINDOWS\system32\ipsechlp.exe (trojan Agent)

Malware: sniffer_26nov_denis.exe Removed: C:\WINDOWS\system32\drivers\passthru.sys C:\WINDOWS\system32\ipsechlp.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: passthru.sys Author: Windows (R) 2000 DDK provider Related File: C:\WINDOWS\SYSTEM32\DRIVERS\PASSTHRU.SYS Type: Drivers Item Name: IpSync Author: Of an unthrifty knave and presently Related File: C:\WINDOWS\SYSTEM32\IPSECHLP.EXE Type: Registry Run Item Name: ipsechlp.exe Author: Of an unthrifty knave and presently Related File: C:\WINDOWS\SYSTEM32\IPSECHLP.EXE Type: Running Processes […]
More…

Removed: C:\Program Files\Common Files\LABEL.lnk, C:\WINDOWS\system32\syslog.vbs (trojan Malf)

Malware: setup_free_ha.exe Removed: C:\Program Files\Common Files\LABEL.lnk C:\WINDOWS\system32\syslog.vbs —————————————————————————————————————————- Detected by UnHackMe: Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,wscript.exe c:\windows\system32\syslog.vbs, Type: UserInit Value Item Name: UUSEE Author: Related File: C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe Type: Registry Run Item Name: Default Action Author: Unknown Related File: C:\PROGRAM FILES\COMMON FILES\LABEL.LNK Type: Registry Run Removal Results: Success Number of reboot: […]
More…

Removed: rghlcreaxi.exe, smss.exe, explorer.exe (trojan Swisyn)

Malware: C:\sand-box\baoma.exe Removed: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rghlcreaxi.exe C:\WINDOWS\system32\lkkwnhgtuq\smss.exe C:\WINDOWS\system32\pctewdlfsw\explorer.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: lkkwnhgtuq Author: Unknown Related File: C:\WINDOWS\SYSTEM32\LKKWNHGTUQ\SMSS.EXE Type: Explorer Run Item Name: pctewdlfsw Author: Unknown Related File: C:\WINDOWS\SYSTEM32\PCTEWDLFSW\EXPLORER.EXE Type: Explorer Run Item Name: rghlcreaxi.exe Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\STARTUP\RGHLCREAXI.EXE Type: Common Startup Folder Item Name: smss.exe […]
More…

Removed: WinUpdate.lnk, msftstp.exe, 9fn177p.exe (trojan Sisron)

Malware: C:\sand-box\opr5.exe Removed: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\WinUpdate.lnk C:\Documents and Settings\Administrator\Application Data\Microsoft\msuplvcl13\msftstp.exe C:\Documents and Settings\Administrator\Local Settings\Temp\9fn177p.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: WinUpdate.lnk Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MICROSOFT\MSUPLVCL13\MSFTSTP.EXE Type: Startup Folder Item Name: bn1cv Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\9FN177P.EXE Type: Explorer Run Item Name: 9fn177p.exe Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\9FN177P.EXE Type: Running Processes […]
More…

Removed: C:\WINDOWS\system32\wb.dll (Perflogger)

Malware: svchost_3.exe Removed: C:\WINDOWS\system32\wb.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} Author: Unknown Related File: C:\WINDOWS\SYSTEM32\WB.DLL Type: Browser Helper Objects Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\0\win32\ Value: “C:\WINDOWS\system32\wb.dll” Files: C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\UniKey.exe C:\WINDOWS\system32\.exe C:\WINDOWS\system32\hk.dll C:\WINDOWS\system32\inst.dat C:\WINDOWS\system32\pk.bin C:\WINDOWS\system32\r.exe C:\WINDOWS\system32\wb.dll —————————————————————————————————————————- Classification: Antivirus Version Last Update […]
More…

Removed: C:\Documents and Settings\Administrator\118022963\118022963.exe (virus CeeInject – Locker)

Malware: C:\sand-box\pornoplayer.exe Removed: C:\Documents and Settings\Administrator\118022963\118022963.exe —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Administrator\118022963\118022963.exe Type: UserInit Value 2. Multi AntiVirus scan: – none – Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit Value: “C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Administrator\118022963\118022963.exe” […]
More…

Removed: C:\WINDOWS\Tasks\svchost\svchost.exe (trojan Malex)

Malware: C:\sand-box\d.exe Removed: C:\WINDOWS\Tasks\svchost\svchost.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\Tasks\svchost\svchost.exe Type: UserInit Value After first reboot detected by UnHackMe: Item Name: nvsac.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\NVSAC.EXE Type: Registry Run Removal Results: Success Number of reboot: 2 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit Value: 43 […]
More…

Removed: C:\WINDOWS\system32\ip_qos.sys, C:\WINDOWS\system32\PnPSvc.exe (trojan Scar)

Malware: bot_26nov_zeusbotnet.exe Removed: C:\WINDOWS\system32\ip_qos.sys C:\WINDOWS\system32\PnPSvc.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: PnP Service Author: Your worth is very dear in Related File: C:\WINDOWS\system32\PnPSvc.exe Type: Auto Services Item Name: PnPSvc.exe Author: Your worth is very dear in Related File: C:\WINDOWS\SYSTEM32\PNPSVC.EXE Type: Running Processes After first reboot detected by UnHackMe: Item Name: NDnet Author: Related File: C:\WINDOWS\SYSTEM32\IP_QOS.SYS […]
More…

Removed: appdim706techmode.exe (FakeAV – Antimalware Doctor)

Malware: C:\sand-box\appdim706techmode.exe Removed: C:\sand-box\appdim706techmode.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: appdim706techmode.exe Author: It Systems Related File: C:\SAND-BOX\APPDIM706TECHMODE.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor HKCU\Software\Antimalware Doctor Inc\Antimalware Doctor —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.11.30 Gen:Variant.Kazy.4115 Kaspersky 7.0.0.125 2010.11.30 […]
More…

Removed: C:\Documents and Settings\Administrator\Application Data\cc.exe (trojan Bumat)

Malware: coukou.exe Removed: C:\Documents and Settings\Administrator\Application Data\cc.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: system32 Author: Microsoft Corporation Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\CC.EXE Type: Explorer Run Item Name: {6D68DBCD-BC08-FBDB-EBAA-AD500BDBBA6C} Author: Microsoft Corporation Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\CC.EXE Type: ActiveSetup Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: […]
More…

Removed: C:\Program Files\PlusTab\PlusTab.exe (adware PlusTab)

Malware: PlusTab_PT21.exe Removed: C:\Program Files\PlusTab\PlusTab.exe —————————————————————————————————————————- Detected manually: PLUSTAB.EXE Default location: C:\PROGRAM FILES\PLUSTAB\PLUSTAB.EXE MD5: 92ACFA372790684090E634177B2CC2A8 SHA1: FC9B8657 5F928DAA 3283139F 701E93E7 8222F32B File Size: 310 952 Version Info: OriginalFilename: Agent.exe FileDescription: PlusTab InternalName: Updater CompanyName: NBZ FileVersion: 1.0.0.1 LegalCopyright: (c) NBIZ. All rights reserved. ProductName: PlusTab ProductVersion: 1.0.0.1 Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- […]
More…

Removed: launcher.exe, SpyCare.exe, SpyCareBlk.dll (FakeAV – SpyCare)

Malware: SpyCareSetupS3.exe Removed: C:\Program Files\SpyCare\launcher.exe C:\Program Files\SpyCare\SpyCare.exe C:\Program Files\SpyCare\SpyCareBlk.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: {0A133B55-83C4-4e7e-B070-B87EC9BEAF67} Author: Related File: C:\PROGRAM FILES\SPYCARE\SPYCAREBLK.DLL Type: Browser Helper Objects Item Name: SpyCare.exe Author: Unknown Related File: C:\PROGRAM FILES\SPYCARE\SPYCARE.EXE Type: Running Processes Detected by UnHackMe in “Multi AntiVirus scan” mode: LAUNCHER.EXE Default location: C:\PROGRAM FILES\SPYCARE\LAUNCHER.EXE MD5: 4A3AE4BA1BCE27FEA5B1431578BE7B7B SHA1: A63C92FE AC20572C […]
More…

Removed: C:\WINDOWS\system32\wow.exe (trojan VB)

Malware: wo.exe Removed: C:\WINDOWS\system32\wow.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: wow.exe Author: Microsoft(R) Windows(R) Operating System Related File: C:\WINDOWS\SYSTEM32\WOW.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\wow.exe Value: “C:\WINDOWS\system32\wow.exe” Files: C:\WINDOWS\system32\wow.exe C:\wow.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.11.29 – Kaspersky […]
More…

Removed: C:\Program Files\dxsystem\dxsystem.exe (trojan Agent)

Malware: dxsystem.exe Removed: C:\Program Files\dxsystem\dxsystem.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: dxsystem Author: Unknown Related File: C:\PROGRAM FILES\DXSYSTEM\DXSYSTEM.EXE Type: Registry Run Item Name: dxsystem.exe Author: Unknown Related File: C:\PROGRAM FILES\DXSYSTEM\DXSYSTEM.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\dxsystem Value: “C:\Program Files\dxsystem\dxsystem.exe” Folders: C:\Program Files\dxsystem\ […]
More…

Removed: c:\program files\microsoft\watermark.exe (backdoor IRCNite)

Malware: cr_ALL.exe Removed: c:\program files\microsoft\watermark.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: UserInit Author: Unknown Related File: c:\windows\system32\userinit.exe,,c:\program files\microsoft\watermark.exe Type: UserInit Value Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit Value: “c:\windows\system32\userinit.exe,,c:\program files\microsoft\watermark.exe” Folders: C:\Program Files\Microsoft\ Files: C:\Program Files\Microsoft\WaterMark.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure […]
More…

Removed: smx4pnp.dll, EV3szxc10.dll, EV3szxc20.dll, EV3zxc.exe (trojan Magania)

Malware: C:\sand-box\s_001.exe Removed: C:\Documents and Settings\Administrator\Microsoft\smx4pnp.dll C:\WINDOWS\system32\EV3szxc10.dll C:\WINDOWS\system32\EV3szxc20.dll C:\WINDOWS\system32\EV3zxc.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: smx4pnp Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\MICROSOFT\SMX4PNP.DLL Type: Registry Run Item Name: {94AC7942-7BE1-4FB9-A7CA-67CD88362758} Author: Related File: C:\WINDOWS\SYSTEM32\EV3SZXC20.DLL Type: Browser Helper Objects Item Name: EV3szxc10.dll Author: Unknown Related File: C:\WINDOWS\SYSTEM32\EV3SZXC10.DLL Type: Detected using Heuristic Algorithm Item Name: EV3zxc.exe Author: Unknown […]
More…

Removed: cryptedstealerserver.exe, cybergatecrypted.exe (trojan Meredrop)

Malware: ExploitPack.exe Removed: C:\Documents and Settings\Administrator\Application Data\cryptedstealerserver.exe C:\Documents and Settings\Administrator\Application Data\cybergatecrypted.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: 1WKTqlPRxSXfVBKK Author: Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\CYBERGATECRYPTED.EXE Type: Registry Run Item Name: 1ELbCCSIKCbEigOD Author: Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\CRYPTEDSTEALERSERVER.EXE Type: Registry Run Item Name: cybergatecrypted.exe Author: Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\CYBERGATECRYPTED.EXE Type: Running Processes Item […]
More…

Removed: C:\WINDOWS\system32\install\Svchost.exe (trojan VBKrypt)

Malware: Pirates Facebook Hack v 1.2.exe Removed: C:\WINDOWS\system32\install\Svchost.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Policies Author: Microsoft Related File: C:\WINDOWS\SYSTEM32\INSTALL\SVCHOST.EXE Type: Explorer Run Item Name: {68R70T72-41QB-3TU0-P322-4PCVS437L2Y6} Author: Related File: C:\WINDOWS\SYSTEM32\INSTALL\SVCHOST.EXE Type: ActiveSetup Item Name: HKCU Author: Microsoft Related File: C:\WINDOWS\SYSTEM32\INSTALL\SVCHOST.EXE Type: Registry Run Item Name: HKLM Author: Microsoft Related File: C:\WINDOWS\SYSTEM32\INSTALL\SVCHOST.EXE Type: Registry Run Removal […]
More…

Removed: C:\Documents and Settings\All Users\Application Data\Ameba22\Defender.exe (trojan MultiBanker)

Malware: strings.exe Removed: C:\Documents and Settings\All Users\Application Data\Ameba22\Defender.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Defender.exe Peru Author: Ameba Defender Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AMEBA22\DEFENDER.EXE Type: Registry Run Item Name: Defender.exe Author: Ameba Defender Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AMEBA22\DEFENDER.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to […]
More…

Removed: C:\WINDOWS\hunter.exe, C:\WINDOWS\ieplorer.exe (trojan Banker)

Malware: C:\sand-box\ver.exe Removed: C:\WINDOWS\hunter.exe C:\WINDOWS\ieplorer.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: hunter.exe Author: Unknown Related File: C:\WINDOWS\HUNTER.EXE Type: Registry Run Item Name: ieplorer.exe Author: microsoft Related File: C:\WINDOWS\IEPLORER.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\hunter.exe Value: “C:\WINDOWS\hunter.exe” Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ieplorer.exe Value: “C:\WINDOWS\ieplorer.exe” Files: C:\WINDOWS\system32\inff.txt […]
More…

Removed: DCM.exe, mtfsyx32.exe, peq.exe (backdoor Agent)

Malware: U7600-W0402610DCM.exe Removed: C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\DCM.exe C:\Documents and Settings\Administrator\Local Settings\Temp\mtfsyx32.exe C:\Documents and Settings\Administrator\peq.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: {51H3Y8I7-1GRQ-45DK-OOL9-09001D765456} Author: DMmdNDhgCLooa Related File: C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\DCM.EXE Type: ActiveSetup Item Name: Microsoft UneXpected Author: E83yL Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\MTFSYX32.EXE Type: Registry Run Item Name: MSConfig Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\PEQ.EXE Type: Registry Run Item Name: mtfsyx32.exe Author: E83yL […]
More…

Removed: C:\Documents and Settings\Administrator\2509819211\2509819211.exe (trojan HomoBlocker)

Malware: C:\sand-box\xpiofrbtkzhr.exe Removed: C:\Documents and Settings\Administrator\2509819211\2509819211.exe —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Administrator\2509819211\2509819211.exe Type: UserInit Value 2. Multi AntiVirus scan: – none – Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit Value: “C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Administrator\2509819211\2509819211.exe” […]
More…

Malware: votes.exe (trojan DelFiles – changed Windows HOSTS file)

Malware: votes.exe —————————————————————————————————————————- How to quickly detect malware presence? Files modified: C:\WINDOWS\system32\drivers\etc\hosts —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.11.07 Backdoor.Generic.504331 Kaspersky 7.0.0.125 2010.11.07 Trojan.Win32.DelFiles.abs Microsoft 1.6301 2010.11.07 Trojan:Win32/Meredrop NOD32 5598 2010.11.07 – —————————————————————————————————————————- MD5 e3713c940a44d8d59ba31b24f0d3d5f9 SHA1 e76f4ca3f4cb328045fa83d98deaefbd83f1af24 SHA256 8e049061718e441530b9992d372b935e43a52742cabbec724d93e45b327d3f90 —————————————————————————————————————————- I use UnHackMe for cleaning ads and viruses from my friend’s computers, […]
More…

Removed: C:\WINDOWS\Vcajua.exe (trojan Renos)

Malware: Ilk.exe Removed: C:\WINDOWS\Vcajua.exe —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: Item Name: {62C40AA6-4406-467a-A5A5-DFDF1B559B7A} Author: Opera Software Related File: C:\WINDOWS\VCAJUA.EXE Type: Scheduled Tasks 2. Multi AntiVirus scan: – none – Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Files: C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job C:\WINDOWS\Vcajua.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result […]
More…

Removed: C:\ugsoacgsco.exe\ugsoacgsco.exe (trojan Spy.Eyes)

Malware: C:\sand-box\ugsoacgsco.exe Removed: C:\ugsoacgsco.exe\ugsoacgsco.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: ugsoacgsco.exe Author: Unknown Related File: C:\UGSOACGSCO.EXE\UGSOACGSCO.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ugsoacgsco.exe Value: “C:\ugsoacgsco.exe\ugsoacgsco.exe” Folders: C:\ugsoacgsco.exe\ Files: C:\ugsoacgsco.exe\config.bin C:\ugsoacgsco.exe\ugsoacgsco.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.11.20 – Kaspersky 7.0.0.125 […]
More…

Removed: C:\WINDOWS\instt\svchos.exe (backdoor IRCBot)

Malware: 55(2).exe Removed: C:\WINDOWS\instt\svchos.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Xtreme Author: Unknown Related File: C:\WINDOWS\INSTT\SVCHOS.EXE Type: Explorer Run Item Name: {08C9E5JF-4KJB-16CP-AAA5-00401C6FV500} Author: Unknown Related File: C:\WINDOWS\INSTT\SVCHOS.EXE Type: ActiveSetup Item Name: svchos.exe Author: Unknown Related File: C:\WINDOWS\INSTT\SVCHOS.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: […]
More…

Removed: C:\WINDOWS\system32\WindowsUpdate\winupdate.exe.exe (trojan Injector)

Malware: exe_2.exe Removed: C:\WINDOWS\system32\WindowsUpdate\winupdate.exe.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: {IJBP402M-25M8-SI3F-RD4K-NC85473BS27U} Author: Departament Related File: C:\WINDOWS\SYSTEM32\WINDOWSUPDATE\WINUPDATE.EXE.EXE Type: ActiveSetup Item Name: Cerberus Author: Related File: C:\WINDOWS\SYSTEM32\WINDOWSUPDATE\WINUPDATE.EXE.EXE Type: Registry Run Item Name: winupdate.exe.exe Author: Related File: C:\WINDOWS\SYSTEM32\WINDOWSUPDATE\WINUPDATE.EXE.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Cerberus Value: […]
More…

Removed: C:\WINDOWS\system32\svchost\svchost.exe (trojan Injector)

Malware: client_2.exe Removed: C:\WINDOWS\system32\svchost\svchost.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Policies Author: Related File: C:\WINDOWS\SYSTEM32\SVCHOST\SVCHOST.EXE Type: Explorer Run Item Name: {3K0AUO52-SM0T-UFIO-F6E5-MF5508TIXO50} Author: Related File: C:\WINDOWS\SYSTEM32\SVCHOST\SVCHOST.EXE Type: ActiveSetup Item Name: HKCU Author: Related File: C:\WINDOWS\SYSTEM32\SVCHOST\SVCHOST.EXE Type: Registry Run Item Name: HKLM Author: Related File: C:\WINDOWS\SYSTEM32\SVCHOST\SVCHOST.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- […]
More…

Removed: C:\Documents and Settings\Administrator\27F6471627473796E696D64614\winlogon.exe, C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe, C:\Documents and Settings\NetworkService\winlogon.exe, C:\winlogon.exe (worm AutoTsifiri)

Malware: 76.exe Removed: C:\Documents and Settings\Administrator\27F6471627473796E696D64614\winlogon.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe C:\Documents and Settings\NetworkService\winlogon.exe C:\winlogon.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: 132.96.17.184 drweb.com Author: Unknown Related File: Type: Hosts File Contents Item Name: 88.227.68.221 f-secure.com Author: Unknown Related File: Type: Hosts File Contents Item Name: 40.47.94.210 kaspersky.com Author: Unknown Related File: Type: Hosts File Contents […]
More…

Removed: C:\Documents and Settings\Administrator\Application Data\WHelp\juzched.exe (trojan Spy.Banker)

Malware: ADOBEREADER90.exe Removed: C:\Documents and Settings\Administrator\Application Data\WHelp\juzched.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: juzched Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WHELP\JUZCHED.EXE Type: Registry Run Item Name: juzched.exe Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WHELP\JUZCHED.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\juzched […]
More…

Removed: ohydy.exe, roqyxd.exe, skifr.exe, vsbntlo.exe, cfdrive32.exe (p2p-worm Palevo)

Malware: ex1113.exe Removed: C:\Documents and Settings\Administrator\Application Data\ohydy.exe C:\Documents and Settings\Administrator\Local Settings\Temp\roqyxd.exe C:\RECYCLER\S-1-5-21-0060473126-6837249116-403821433-0792\skifr.exe C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe C:\WINDOWS\cfdrive32.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: cfdrive32.exe Author: NVIDIA Related File: C:\WINDOWS\CFDRIVE32.EXE Type: Detected using Heuristic Algorithm Item Name: 12CFG214-K641-12SF-N85P Author: NVIDIA Related File: C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\VSBNTLO.EXE Type: Registry Run Item Name: shell Author: Unknown Related File: explorer.exe,C:\Documents and Settings\Administrator\Application Data\ohydy.exe Type: User […]
More…

Removed: C:\WINDOWS\system32\dbbk.lio (trojan Oficla)

Malware: C:\sand-box\HD32632.JPG.exe Removed: C:\WINDOWS\system32\dbbk.lio —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe dbbk.lio eyyvs Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe dbbk.lio eyyvs” Files: C:\WINDOWS\system32\dbbk.lio —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.11.25 […]
More…

Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\mb9a.exe, C:\WINDOWS\Fonts\services.exe (trojan VB)

Malware: kp.jpg.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\mb9a.exe C:\WINDOWS\Fonts\services.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: apps Author: Related File: C:\WINDOWS\FONTS\SERVICES.EXE Type: Explorer Run Item Name: services.exe Author: Related File: C:\WINDOWS\FONTS\SERVICES.EXE Type: Running Processes Item Name: q9jp Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\MB9A.EXE Type: Explorer Run Item Name: mb9a.exe Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\MB9A.EXE Type: Running Processes Removal […]
More…

Removed: lucro.exe (trojan Bancos)

Malware: C:\sand-box\lucro.exe Removed: C:\sand-box\lucro.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: FirstRunn Author: Unknown Related File: C:\SAND-BOX\LUCRO.EXE Type: Registry Run Item Name: lucro.exe Author: Unknown Related File: C:\SAND-BOX\LUCRO.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\FirstRunn Files: C:\ZQ561401.rar —————————————————————————————————————————- Classification: Antivirus Version Last Update Result […]
More…

Removed: C:\WINDOWS\system32\appconf32.exe (trojan MultiBanker)

Malware: C:\sand-box\gqgwetbvjrewxux2.exe Removed: C:\WINDOWS\system32\appconf32.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\appconf32.exe, Type: UserInit Value Item Name: appconf32.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\APPCONF32.EXE Type: Detected using Heuristic Algorithm Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit Value: “C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\appconf32.exe,” Folders: C:\WINDOWS\system32\cock C:\WINDOWS\system32\xmldm Files: […]
More…

Removed: C:\WINDOWS\jspbbplugin.dll (trojan VB)

Malware: amor_estranho_amor.mpg.exe Removed: C:\WINDOWS\jspbbplugin.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: {331B2978-88FF-11D2-8D96-E7ACAC95951F} Author: Unknown Related File: C:\WINDOWS\JSPBBPLUGIN.DLL Type: Browser Helper Objects Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Classes\CLSID\{331B2978-88FF-11D2-8D96-E7ACAC95951F}\InprocServer32\ Value: “c:\WINDOWS\jspbbplugin.dll” Files: C:\WINDOWS\jspbbplugin.dll —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.11.07 Gen:Trojan.Heur.VP.bm0@aye7Npni Kaspersky 7.0.0.125 2010.11.07 Trojan-Downloader.Win32.VB.abka […]
More…

Removed: C:\Documents and Settings\Administrator\Application Data\C-76947-8457-2745\winmsnliv.exe (trojan Hamweq)

Malware: zib.exe Removed: C:\Documents and Settings\Administrator\Application Data\C-76947-8457-2745\winmsnliv.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: WindowsDriverControl Author: UW0wAtGNWAMa4vJQm Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\C-76947-8457-2745\WINMSNLIV.EXE Type: Registry Run Item Name: winmsnliv.exe Author: UW0wAtGNWAMa4vJQm Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\C-76947-8457-2745\WINMSNLIV.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\WindowsDriverControl […]
More…

Removed: FV3szxc10.dll, FV3szxc20.dll, FV3zxc.exe (trojan Taterf)

Malware: C:\sand-box\mtlat.exe Removed: C:\WINDOWS\system32\FV3szxc10.dll C:\WINDOWS\system32\FV3szxc20.dll C:\WINDOWS\system32\FV3zxc.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: FV3szxc10.dll Author: Unknown Related File: C:\WINDOWS\SYSTEM32\FV3SZXC10.DLL Type: Detected using Heuristic Algorithm Item Name: FV3zxc.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\FV3ZXC.EXE Type: Detected using Heuristic Algorithm Item Name: FV3sos Author: Unknown Related File: C:\WINDOWS\SYSTEM32\FV3ZXC.EXE Type: Registry Run Item Name: {94AC7942-7BE1-4FB9-A7CA-67CD88362758} Author: Related File: C:\WINDOWS\SYSTEM32\FV3SZXC20.DLL Type: […]
More…

Removed: C:\Hellomotoo.exe\Hellomotoo.exe (trojan Jorik.SpyEyes)

Malware: C:\sand-box\crypted.exe Removed: C:\Hellomotoo.exe\Hellomotoo.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Hellomotoo.exe Author: Related File: C:\HELLOMOTOO.EXE\HELLOMOTOO.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Hellomotoo.exe Value: “C:\Hellomotoo.exe\Hellomotoo.exe” Folders: C:\Hellomotoo.exe\ Files: C:\Documents and Settings\Administrator\Local Settings\Temp\upd1.tmp C:\Hellomotoo.exe\config.bin C:\Hellomotoo.exe\Hellomotoo.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.11.24 […]
More…

Removed: C:\siodfjisod.exe\siodfjisod.exe (trojan Spy.Eyes)

Malware: siodfjisod.exe Removed: C:\siodfjisod.exe\siodfjisod.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: siodfjisod.exe Author: Unknown Related File: C:\SIODFJISOD.EXE\SIODFJISOD.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\siodfjisod.exe Value: “C:\siodfjisod.exe\siodfjisod.exe” Folders: C:\siodfjisod.exe\ Files: C:\siodfjisod.exe\siodfjisod.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.11.22 Trojan.Tdss.4618 Kaspersky 7.0.0.125 2010.11.22 […]
More…

Removed: C:\WINDOWS\system32\sshnas21.dll (trojan Kazy)

Malware: Tcf.exe Removed: C:\WINDOWS\system32\sshnas21.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: SSHNAS Author: Opera Software Related File: C:\WINDOWS\SYSTEM32\SSHNAS21.DLL Type: Svchost DLLs Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\System\CurrentControlSet\Services\SSHNAS\Parameters\ServiceDll Value: “C:\WINDOWS\system32\sshnas21.dll” Files: C:\WINDOWS\system32\sshnas21.dll —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.11.22 Gen:Variant.Kazy.2879 Kaspersky 7.0.0.125 2010.11.22 Trojan.Win32.FraudPack.cirf […]
More…

Malware: Fotos=0304.exe (trojan Banker – change Windows HOSTS file)

Malware: Fotos=0304.exe —————————————————————————————————————————- How to quickly detect malware presence? Files modified: C:\WINDOWS\system32\drivers\etc\hosts —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.11.22 DeepScan:Generic.Banker.Delf.68E482B8 Kaspersky 7.0.0.125 2010.11.22 Trojan-Downloader.Win32.Agent.exvn Microsoft 1.6402 2010.11.22 – NOD32 5637 2010.11.21 – —————————————————————————————————————————- MD5 dd2f0a89df480e052bd5dee528bf770c SHA1 5d2cab1d88dd92d10c0c333328d1d9ff453aac62 SHA256 6f64c5c6af1052804562fb39fdbdf63412adacb37139b5fd313d1c4df4a12eba —————————————————————————————————————————- I use UnHackMe for cleaning ads and viruses from my friend’s computers, […]
More…

Removed: AvProtector.exe, rundlll.exe, scvhost.exe, win32Runtime.exe (worm Autorun)

Malware: ICW.exe Removed: C:\Documents and Settings\Administrator\Application Data\AvProtector.exe C:\Documents and Settings\Administrator\Application Data\rundlll.exe C:\Documents and Settings\Administrator\Application Data\scvhost.exe C:\Documents and Settings\Administrator\Application Data\win32Runtime.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: win32Runtime Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WIN32RUNTIME.EXE Type: Registry Run Item Name: *win32Runtime Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WIN32RUNTIME.EXE Type: Registry Run Item Name: win32Runtime.exe Author: […]
More…

Removed: C:\Program Files\InfoTab\InfoTab.dll, C:\Program Files\InfoTab\InfoTab.exe (adware InfoTab)

Malware: InfoTab__IF96.exe Removed: C:\Program Files\InfoTab\InfoTab.dll C:\Program Files\InfoTab\InfoTab.exe —————————————————————————————————————————- Detected manualy: INFOTAB.DLL Default location: C:\PROGRAM FILES\INFOTAB\INFOTAB.DLL MD5: 5FE758B826C07EAEB3BDE12AB2943E55 SHA1: 4BA0D3C5 C2BEFC48 3D0D4D79 1192C04F 10E1E54D File Size: 99 496 Version Info: OriginalFilename: InfoTab.DLL FileDescription: InfoTab Module InternalName: InfoTab FileVersion: 1, 0, 0, 7 LegalCopyright: Copyright 2010 ProductName: InfoTab Module ProductVersion: 1, 0, 0, 7 INFOTAB.EXE Default location: […]
More…

Removed: C:\Documents and Settings\Administrator\Microsoft\V3smx4pnp.dll (trojan PSW.OnLineGames)

Malware: C:\sand-box\s.exe Removed: C:\Documents and Settings\Administrator\Microsoft\V3smx4pnp.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: V3smx4pnp Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\MICROSOFT\V3SMX4PNP.DLL Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\V3smx4pnp Value: “rundll32.exe “C:\Documents and Settings\Administrator\Microsoft\V3smx4pnp.dll”, Launch” Folders: C:\Documents and Settings\Administrator\Microsoft\ Files: C:\Documents and Settings\Administrator\Microsoft\V3smx4pnp.dll C:\Documents and […]
More…

Removed: WIN32.exe,UAC.exe (trojan Meredrop)

Malware: quot.exe Removed: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows Firewall\WIN32.exe C:\Documents and Settings\Administrator\Application Data\Local\Microsoft\CurrentVersion\UAC.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: {i806OqhG-6kt6-4BTp-20gW-CNVT4MpiK5At} Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MICROSOFT\WINDOWS FIREWALL\WIN32.EXE Type: ActiveSetup Item Name: HKCU Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\LOCAL\MICROSOFT\CURRENTVERSION\UAC.EXE Type: Registry Run Item Name: HKLM Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\LOCAL\MICROSOFT\CURRENTVERSION\UAC.EXE […]
More…

Removed: C:\WINDOWS\system32\scvhost.exe, C:\WINDOWS\system32\SvcHostDLL.dll; Restored: C:\WINDOWS\system32\imm32.dll (trojan Egapel)

Malware: C:\sand-box\haha.exe Removed: C:\WINDOWS\system32\scvhost.exe C:\WINDOWS\system32\SvcHostDLL.dll Restored: C:\WINDOWS\system32\imm32.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: Allows to capture traffic on this machine from a rRemote Packet Capture Protocol v.0 Author: Related File: C:\WINDOWS\system32\scvhost.exe Type: Auto Services Item Name: Iprip Author: Unknown Related File: C:\WINDOWS\SYSTEM32\SVCHOSTDLL.DLL Type: Svchost DLLs Detected by UnHackMe in “Multi AntiVirus scan” mode: IMM32.DLL Default […]
More…

Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\3.64\svckost.exe (trojan VB)

Malware: guncel-video.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\3.64\svckost.exe —————————————————————————————————————————- Removing Trojan is causing BSOD error. RegRun Warrior solved the problem. Detected by RegRun Warrior: 1. RegRun Reanimator: Item Name: winlogon Author: Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\3.64\SVCKOST.EXE Type: Registry Run 2. Multi AntiVirus scan: – none – Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect […]
More…

Removed: C:\WINDOWS\conmysys.exe, C:\WINDOWS\oldbi.exe (trojan AutoRun.IRCBot)

Malware: csmx.exe Removed: C:\WINDOWS\conmysys.exe C:\WINDOWS\oldbi.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: oldbi.exe Author: tt Related File: C:\WINDOWS\OLDBI.EXE Type: Detected using Heuristic Algorithm Item Name: conmysys.exe Author: tt Related File: C:\WINDOWS\CONMYSYS.EXE Type: Detected using Heuristic Algorithm Item Name: Service ares Author: tt Related File: C:\WINDOWS\CONMYSYS.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- […]
More…

Removed: C:\Documents and Settings\Administrator\Application Data\porx.exe (trojan Rimecud)

Malware: 32.exe Removed: C:\Documents and Settings\Administrator\Application Data\porx.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: taskman Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\PORX.EXE Type: Winlogon System Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman Value: “C:\Documents and Settings\Administrator\Application Data\porx.exe” Files: C:\Documents and Settings\Administrator\Application Data\porx.exe —————————————————————————————————————————- Classification: Antivirus […]
More…

Removed: oreans32.sys, qtask.exe (backdoor Hupigon)

Malware: C:\sand-box\4e7b29311318dcb3fb295384c4ce318d(1).exe Removed: C:\WINDOWS\system32\drivers\oreans32.sys C:\WINDOWS\system32\qtask.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: oreans32.sys Author: Unknown Related File: C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS Type: Drivers Item Name: qtask.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\QTASK.EXE Type: Detected using Heuristic Algorithm Item Name: Microsoft Author: Unknown Related File: C:\WINDOWS\system32\QTASK.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect […]
More…

Removed: SVKP.sys, xp.com (backdoor GrayBird)

Malware: 03c12d23b702160fd82c1fcaad04cc96(1).exe Removed: C:\WINDOWS\system32\SVKP.sys C:\WINDOWS\xp.com —————————————————————————————————————————- Detected by UnHackMe: Item Name: Universal Plug and Play Devicr Author: Related File: C:\WINDOWS\xp.com Type: Auto Services Item Name: xp.com Author: Unknown Related File: C:\WINDOWS\XP.COM Type: Detected using Heuristic Algorithm Detected manualy: SVKP.SYS Default location: C:\WINDOWS\system32\SVKP.sys MD5: F05028B163B92C302A74409D683AC9B0 SHA1: 74A943B9 F3BF63F8 DE5C3175 F96366B2 4A661067 File Size: 2 368 Version […]
More…

Removed: C:\WINDOWS\system32\Setup\svchost.exe (trojan Kazy)

Malware: 1_2.exe Removed: C:\WINDOWS\system32\Setup\svchost.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: svchost32 Author: Related File: C:\WINDOWS\system32\Setup\svchost.exe /service Type: Auto Services Item Name: svchost.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\SETUP\SVCHOST.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\System\CurrentControlSet\Services\svchost32\ImagePath Value: “C:\WINDOWS\system32\Setup\svchost.exe /service” Files: C:\WINDOWS\system32\Setup\svchost.exe C:\WINDOWS\system32\Setup\svchost.jxe —————————————————————————————————————————- Classification: Antivirus […]
More…

Removed: C:\Program Files\Microsoft\svchost.exe (trojan Swisyn)

Malware: C:\sand-box\0.exe Removed: C:\Program Files\Microsoft\svchost.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Alerter Author: Whole Tomato Software, Inc. Related File: “C:\Program Files\Microsoft\svchost.exe” Type: Auto Services Item Name: svchost.exe Author: Whole Tomato Software, Inc. Related File: C:\PROGRAM FILES\MICROSOFT\SVCHOST.EXE Type: Running Processes After first reboot detected by UnHackMe: Item Name: Alerter Author: Related File: “C:\Program Files\Microsoft\svchost.exe” Type: Services […]
More…

Removed: V3szxc10.dll, V3szxc20.dll, V3zxc.exe (worm Taterf)

Malware: C:\sand-box\atidljskdfina.exe Removed: C:\WINDOWS\system32\V3szxc10.dll C:\WINDOWS\system32\V3szxc20.dll C:\WINDOWS\system32\V3zxc.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: {94AC7942-7BE1-4FB9-A7CA-67CD88362758} Author: Related File: C:\WINDOWS\SYSTEM32\V3SZXC20.DLL Type: Browser Helper Objects Item Name: V3szxc10.dll Author: Unknown Related File: C:\WINDOWS\SYSTEM32\V3SZXC10.DLL Type: Detected using Heuristic Algorithm Item Name: V3zxc.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\V3ZXC.EXE Type: Detected using Heuristic Algorithm Item Name: V3sos Author: Unknown Related File: C:\WINDOWS\SYSTEM32\V3ZXC.EXE […]
More…

Removed: C:\Documents and Settings\Administrator\wlock\wlock.exe (Porn Locker)

Malware: C:\sand-box\esjzcrfv_2.exe Removed: C:\Documents and Settings\Administrator\wlock\wlock.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Administrator\wlock\wlock.exe Type: UserInit Value Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit Value: “C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Administrator\wlock\wlock.exe” Folders: C:\Documents and Settings\Administrator\wlock\ Files: C:\Documents and Settings\Administrator\wlock\wlock.exe —————————————————————————————————————————- Classification: Antivirus […]
More…

Removed: C:\asdfjnkads.exe\asdfjnkads.exe (trojan SpyEye)

Malware: C:\sand-box\roci.exe Removed: C:\asdfjnkads.exe\asdfjnkads.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: asdfjnkads.exe Author: Unknown Related File: C:\ASDFJNKADS.EXE\ASDFJNKADS.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\asdfjnkads.exe Value: “C:\asdfjnkads.exe\asdfjnkads.exe” Folders: C:\asdfjnkads.exe\ Files: C:\asdfjnkads.exe\asdfjnkads.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.11.17 – Kaspersky 7.0.0.125 2010.11.17 […]
More…

Removed: C:\troooxxxxx.exe\troooxxxxx.exe (trojan SpyEye)

Malware: C:\sand-box\build.exe Removed: C:\troooxxxxx.exe\troooxxxxx.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: troooxxxxx.exe Author: Unknown Related File: C:\TROOOXXXXX.EXE\TROOOXXXXX.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\troooxxxxx.exe Value: “C:\troooxxxxx.exe\troooxxxxx.exe” Folders: C:\troooxxxxx.exe\ Files: C:\troooxxxxx.exe\config.bin C:\troooxxxxx.exe\troooxxxxx.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.11.17 Trojan.Generic.5090373 Kaspersky 7.0.0.125 […]
More…

Removed: C:\WINDOWS\system32\system\dll.exe (trojan VBInject)

Malware: ATF Cleaner.exe Removed: C:\WINDOWS\system32\system\dll.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: {D1F7877F-7368-B92A-227D-789852D992D4} Author: gqBFlie9 Related File: C:\WINDOWS\SYSTEM32\SYSTEM\DLL.EXE Type: ActiveSetup Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Active Setup\Installed Components\{D1F7877F-7368-B92A-227D-789852D992D4}\stubpath Value: “C:\WINDOWS\system32\system\dll.exe s” Files: C:\Documents and Settings\Administrator\Local Settings\Temp\ATF Cleaner.exe C:\Documents and Settings\Administrator\Local Settings\Temp\server.exe C:\Documents and Settings\Administrator\Local Settings\Temp\~DFDFB3.tmp C:\WINDOWS\system32\system\dll.exe […]
More…

Removed: DokterWatson.exe (trojan Deeterohms)

Malware: C:\sand-box\DokterWatson.exe Removed: C:\sand-box\DokterWatson.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: DokterWatson.exe Author: Unknown Related File: C:\SAND-BOX\DOKTERWATSON.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\DokterWatson.exe Value: “..\DokterWatson.exe” Files: C:\Documents and Settings\Administrator\Local Settings\Temp\instLM_24423.exe C:\Documents and Settings\Administrator\Local Settings\Temp\instLM_24975.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 […]
More…

Removed: C:\setupbsdfd.exe\setupbsdfd.exe (trojan SpyEyes)

Malware: C:\sand-box\elio.exe Removed: C:\setupbsdfd.exe\setupbsdfd.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: setupbsdfd.exe Author: Unknown Related File: C:\SETUPBSDFD.EXE\SETUPBSDFD.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\setupbsdfd.exe Value: “C:\setupbsdfd.exe\setupbsdfd.exe” Folders: C:\setupbsdfd.exe\ Files: C:\setupbsdfd.exe\setupbsdfd.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.11.17 Gen:Trojan.Heur.RP.fmGfauuWt2e Kaspersky 7.0.0.125 2010.11.17 […]
More…

Removed: C:\Documents and Settings\Administrator\Templates\SonPw.exe.exe (Porn Locker)

Malware: xxx_video.exe Removed: C:\Documents and Settings\Administrator\Templates\SonPw.exe.exe —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: Item Name: Windows boot Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\TEMPLATES\SONPW.EXE.EXE Type: Registry Run 2. Multi AntiVirus scan: – none – Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Windows boot Value: “C:\Documents and […]
More…

Removed: Paypal_Hack_V4.1.exe (trojan – PSW.MSIL.Agent)

Malware: C:\sand-box\Paypal_Hack_V4.1.exe Removed: C:\sand-box\Paypal_Hack_V4.1.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: hijack Author: Trend Micro Inc Related File: C:\SAND-BOX\PAYPAL_HACK_V4.1.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\hijack Files: C:\Documents and Settings\Administrator\Local Settings\Temp\ChromePass.exe C:\Documents and Settings\Administrator\Local Settings\Temp\ChromePass.txt C:\Documents and Settings\Administrator\Local Settings\Temp\firefox.txt C:\Documents and Settings\Administrator\Local Settings\Temp\iepv.exe C:\Documents […]
More…

Removed: 0066.DLL, cfg.exe, wexe.exe (trojan Witkinat)

Malware: wexe.exe Removed: C:\WINDOWS\system32\0066.DLL C:\WINDOWS\system32\cfg.exe C:\WINDOWS\system32\wexe.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: wexe.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\WEXE.EXE Type: Running Processes Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\system32\cfg.exe Type: UserInit Value Item Name: AppInit_DLLs Author: Unknown Related File: C:\WINDOWS\system32\0066.DLL Type: List of Injected DLLs Item Name: cfg.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\CFG.EXE Type: Running […]
More…

Removed: C:\Documents and Settings\Administrator\wuaucldt.exe, C:\WINDOWS\system32\dllcache\cdrom.sys, C:\WINDOWS\system32\wuaucldt.exe; Restored: C:\WINDOWS\system32\drivers\cdrom.sys (trojan Cutwail)

Malware: C:\sand-box\atmo.exe Removed: C:\Documents and Settings\Administrator\wuaucldt.exe C:\WINDOWS\system32\dllcache\cdrom.sys C:\WINDOWS\system32\wuaucldt.exe Restored: C:\WINDOWS\system32\drivers\cdrom.sys —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: Item Name: wuaucldt Author: Unknown Related File: C:\WINDOWS\SYSTEM32\WUAUCLDT.EXE Type: Registry Run Item Name: Regedit32 Author: Related File: C:\WINDOWS\system32\regedit.exe Type: Registry Run Item Name: wuaucldt Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\WUAUCLDT.EXE Type: Registry Run 2. Multi AntiVirus […]
More…

Removed: C:\WINDOWS\system32\bsfj.oso (trojan Oficla)

Malware: C:\sand-box\DHL_Information.exe Removed: C:\WINDOWS\system32\bsfj.oso —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe bsfj.oso uutfj Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe bsfj.oso uutfj” Files: C:\WINDOWS\system32\bsfj.oso —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.11.16 […]
More…

Removed: C:\Documents and Settings\Administrator\Application Data\juzjf.exe (trojan Bflient)

Malware: new.exe Removed: C:\Documents and Settings\Administrator\Application Data\juzjf.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: taskman Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\JUZJF.EXE Type: Winlogon System Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman Value: “C:\Documents and Settings\Administrator\Application Data\juzjf.exe” Files: C:\Documents and Settings\Administrator\Application Data\juzjf.exe —————————————————————————————————————————- Classification: Antivirus […]
More…

Removed: C:\WINDOWS\system32\PECompact2.dll (trojan PcClient)

Malware: yk.exe Removed: C:\WINDOWS\system32\PECompact2.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: PECompact2 Author: Unknown Related File: C:\WINDOWS\SYSTEM32\PECOMPACT2.DLL Type: Svchost DLLs Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\System\CurrentControlSet\Services\PECompact2\ImagePath Value: “C:\WINDOWS\system32\svchost.exe -k PECompact2″ Files: C:\WINDOWS\system32\PECompact2.dll C:\gr.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.11.15 – Kaspersky 7.0.0.125 […]
More…

Removed: C:\WINDOWS\system32\Docume111.dll (trojan PcClient)

Malware: C:\sand-box\stup.exe Removed: C:\WINDOWS\system32\Docume111.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: Docume111 Author: Unknown Related File: C:\WINDOWS\SYSTEM32\DOCUME111.DLL Type: Svchost DLLs Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\System\CurrentControlSet\Services\Docume111\ImagePath Value: “C:\WINDOWS\system32\svchost.exe -k Docume111″ Files: C:\WINDOWS\system32\Docume111.dll —————————————————————————————————————————- Classification: Antivirus Version Last Update Result Kaspersky 7.0.0.125 2010.11.15 – Microsoft 1.6301 2010.11.15 […]
More…

Removed: C:\WINDOWS\system32\nmklo.dll, C:\WINDOWS\system32\dllcache\user32.dll, C:\WINDOWS\system32\cooper.mine (trojan Mariofev)

Malware: marzm.exe Removed: C:\WINDOWS\system32\nmklo.dll C:\WINDOWS\system32\dllcache\user32.dll C:\WINDOWS\system32\cooper.mine —————————————————————————————————————————- Detected manualy: NMKLO.DLL Default location: C:\WINDOWS\system32\nmklo.dll MD5: 3F7529FE29D61EA2C465B56E1AE618AF SHA1: 80859DB2 5FDADED7 57347C46 B156DB45 7196A846 File Size: 167 936 USER32.DLL Default location: C:\WINDOWS\system32\dllcache\user32.dll MD5: BBC70B9BE4BB80D2BA108B2EBABFF7EE SHA1: 254A2A8B FCD4D909 111920FC 89304032 CF7E8FD6 File Size: 578 560 Version Info: OriginalFilename: user32 FileDescription: Windows XP USER API Client DLL InternalName: user32 CompanyName: […]
More…

Removed: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\AdbUpd.lnk, C:\Documents and Settings\Administrator\Application Data\Adobe\AdobeUpdate.exe (trojan Karagany – fake Adobe Updater)

Malware: C:\sand-box\file(2).exe Removed: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\AdbUpd.lnk C:\Documents and Settings\Administrator\Application Data\Adobe\AdobeUpdate.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: AdbUpd.lnk Author: Adobe Systems Incorporated Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\ADOBE\ADOBEUPDATE.EXE Type: Startup Folder Item Name: AdobeUpdate.exe Author: Adobe Systems Incorporated Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\ADOBE\ADOBEUPDATE.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- […]
More…

Removed: nkrltr.exe, lxhdh.exe (trojan Meredrop)

Malware: dldr.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Application Data\nkrltr.exe C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\lxhdh.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: jusched.exe Author: Unknown Related File: C:\WINDOWS\JUSCHED.EXE Type: Detected using Heuristic Algorithm Item Name: Java developer Script Browse Author: Unknown Related File: C:\WINDOWS\JUSCHED.EXE Type: Registry Run Item Name: owfuliqb Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\NKRLTR.EXE […]
More…

Removed: C:\WINDOWS\nvsvc32.exe (trojan Injector)

Malware: C:\sand-box\g.exe Removed: C:\WINDOWS\nvsvc32.exe —————————————————————————————————————————- Detected by UnHackMe: NVSVC32.EXE Default location: C:\WINDOWS\NVSVC32.EXE MD5: 31C024D357DF65CE750BC985B328A0A6 SHA1: 79D06751 C82FED72 13D74DEB E7F27930 50ED359F File Size: 163 840 Version Info: OriginalFilename: write FileDescription: Windows Write InternalName: write CompanyName: Microsoft Corporation FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255) LegalCopyright: c Microsoft Corporation. All rights reserved. ProductName: Microsoftr Windowsr Operating System ProductVersion: 6.1.7600.16385 Removal Results: […]
More…

Removed: C:\Documents and Settings\Administrator\Application Data\taskeng.exe (trojan Genome)

Malware: load.exe Removed: C:\Documents and Settings\Administrator\Application Data\taskeng.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Windows Update System Author: Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\TASKENG.EXE Type: Registry Run Item Name: taskeng.exe Author: Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\TASKENG.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Windows […]
More…