Removed: C:\WINDOWS\system32\iickie.exe (QQ Music – trojan ServStart)

Malware: C:\sand-box\2.exe Removed: C:\WINDOWS\system32\iickie.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: QQ Music update2 Author: Related File: C:\WINDOWS\system32\iickie.exe Type: Auto Services Item Name: iickie.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\IICKIE.EXE Type: Running Processes IICKIE.EXE – random filename Default location: C:\WINDOWS\SYSTEM32\IICKIE.EXE MD5: 8E118ED5F074457F731624104D78F491 SHA1: 87314726 349EBCDF 6C314693 4A82FBC5 0C0C5A61 File Size: 45 568 Removal Results: Success Number of […]
More…

Removed: C:\WINDOWS\system32\lytrym.exe (QQ Music – trojan ServStart)

Malware: C:\sand-box\1.exe Removed: C:\WINDOWS\system32\lytrym.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: QQ Music updates Author: Related File: C:\WINDOWS\system32\lytrym.exe Type: Auto Services Item Name: lytrym.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\LYTRYM.EXE Type: Running Processes After first reboot detected by UnHackMe: Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\System\CurrentControlSet\Enum\Root\LEGACY_QQ_MUSIC_UPDATES\0000\Service Value: “QQ […]
More…

Removed: C:\WINDOWS\PRAGMAetynemqxim\PRAGMAd.sys C:\Documents and Settings\Administrator\Local Settings\Temp\AUTMGR32.EXE C:\Program Files\Defense Center\defcnt.exe (FakeAV – Defense Center aka Paladin Antivirus)

Malware: C:\sand-box\ad.exe Removed: C:\WINDOWS\PRAGMAetynemqxim\PRAGMAd.sys C:\Documents and Settings\Administrator\Local Settings\Temp\AUTMGR32.EXE C:\Program Files\Defense Center\defcnt.exe —————————————————————————————————————————- Detected by RegRun Warrior: 1. Examiner: – none – 2. RegRun Reanimator: Item Name: PRAGMAetynemqxim Author: Related File: C:\WINDOWS\PRAGMAETYNEMQXIM\PRAGMAD.SYS Type: Drivers Item Name: .exe Author: Unknown Related File: “C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AUTMGR32.EXE” /START “%1″ %* Type: Main File Extensions Item Name: Defense Center Author: Unknown Related […]
More…

Removed: C:\WINDOWS\system32\msncxmjw.dll (trojan Frethog)

Malware: C:\sand-box\w.exe Removed: C:\WINDOWS\system32\msncxmjw.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: xlqtjd Author: Unknown Related File: C:\WINDOWS\SYSTEM32\MSNCXMJW.DLL Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\xlqtjd Value: “RUNDLL32.EXE C:\WINDOWS\system32\msncxmjw.dll,w” Files: C:\WINDOWS\system32\msncxmjw.dll —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.06.19 Dropped:Trojan.PWS.Onlinegames.KDDP Kaspersky 7.0.0.125 2010.06.19 Trojan-Dropper.Win32.Agent.cfrh […]
More…

Removed: C:\Documents and Settings\%USERNAME%\Application Data\Microsoft\Internet Explorer\ccsmm.exe (spammer EmailBomb)

Malware: wm.exe Removed: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\ccsmm.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: novavapp Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\CCSMM.EXE Type: Registry Run Item Name: ccsmm.exe Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\CCSMM.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware […]
More…

Removed: C:\WINDOWS\system32\office woid.exe (trojan Sisron)

Malware: C:\sand-box\ck.exe Removed: C:\WINDOWS\system32\office woid.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: office word Author: Related File: C:\WINDOWS\SYSTEM32\OFFICE WOID.EXE Type: Registry Run Item Name: office woid.exe Author: Related File: C:\WINDOWS\SYSTEM32\OFFICE WOID.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\office word Value: 22 63 3A 5C […]
More…

Removed: C:\Documents and Settings\%USERNAME%\Local Settings\Temp\bldjad.exe (Porn Blocker)

Malware: bldjad.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\bldjad.exe —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bldjad.exe Type: UserInit Value 2. Multi AntiVirus scan: – none – Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit Value: “C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\%USERNAME%\LOCALS~1\Temp\bldjad.exe” Files: C:\Documents and […]
More…

Removed: C:\Documents and Settings\%USERNAME%\Application Data\winscrsn.exe

Malware: o.exe Removed: C:\Documents and Settings\Administrator\Application Data\winscrsn.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Windows System Updates Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WINSCRSN.EXE Type: Registry Run Item Name: winscrsn.exe Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WINSCRSN.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? […]
More…

Removed: C:\Documents and Settings\%USERNAME%\Local Settings\Application Data\browseaviruntime\browseaviruntime.dll (trojan Sefnit)

Malware: load1.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Application Data\browseaviruntime\browseaviruntime.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: browseaviruntime Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\BROWSEAVIRUNTIME\BROWSEAVIRUNTIME.DLL Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\browseaviruntime Value: “rundll32.exe “C:\Documents and Settings\%USERNAME%\Local Settings\Application Data\browseaviruntime\browseaviruntime.dll”, DllInit” Folders: C:\Documents and Settings\%USERNAME%\Local […]
More…

Removed: C:\Documents and Settings\%USERNAME%\Local Settings\Temp\svchots.exe (trojan VBKrypt)

Malware: here.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\svchots.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Windows Update Author: SharkI Development Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\SVCHOTS.EXE Type: Registry Run Item Name: Windows Services Author: Related File: svchots.exe Type: Registry Run Item Name: svchots.exe Author: SharkI Development Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\SVCHOTS.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- […]
More…

Removed: mmindsrv.exe (trojan Injector)

Malware: C:\sand-box\mmindsrv.exe Removed: C:\sand-box\mmindsrv.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: System Security Enhancements Service Author: AceSoft Corp all rights reserved Related File: C:\SAND-BOX\MMINDSRV.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\System Security Enhancements Service File: MMINDSRV.EXE MD5: 355387F0B5D1C92FD51C59F7E479FB7B SHA1: 65B808E5 66B6175A F3D71143 7DED7D6C 2FFF53CB […]
More…

Removed: C:\Documents and Settings\%USERNAME%\Local Settings\Application Data\Windows Server\tqueka.dll

Malware: svchost.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Application Data\Windows Server\tqueka.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: AppSecDll Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\WINDOWS SERVER\TQUEKA.DLL Type: Application Security DLLs After first reboot detected by UnHackMe: Item Name: AppSecDll Author: Related File: C:\Documents and Settings\Administrator\Local Settings\Application Data\Windows Server\tqueka.dll Type: Application Security DLLs Removal Results: Success […]
More…

Removed: C:\WINDOWS\SYSTEM32\DRIVERS\581249CD.SYS Restored: C:\WINDOWS\SYSTEM32\APPMGMTS.DLL (Fake QVOD player)

Malware: C:\sand-box\hx.exe Removed: C:\WINDOWS\SYSTEM32\DRIVERS\581249CD.SYS Restored: C:\WINDOWS\SYSTEM32\APPMGMTS.DLL —————————————————————————————————————————- Detected by RegRun Warrior: 1. Examiner: – none – 2. RegRun Reanimator: Item Name: 581249CD Author: Related File: C:\WINDOWS\SYSTEM32\DRIVERS\581249CD.SYS Type: Drivers 3. Multi AntiVirus scan: APPMGMTS.DLL Default location: C:\WINDOWS\SYSTEM32\APPMGMTS.DLL MD5: 157F14BE41E4F9E168AACD6ADB91579F SHA1: 2666D962 C1FBA206 968F9EA8 C0CD50E6 1DAB0CFA File Size: 89 904 Version Info: OriginalFilename: QvodInstall.exe FileDescription: QvodInstall Module […]
More…

Removed: C:\WINDOWS\system32\spwr.bjo (trojan Oficla)

Malware: load.exe Removed: C:\WINDOWS\system32\spwr.bjo —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe spwr.bjo gwgvj Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe spwr.bjo gwgvj” Files: C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\VB11.pip C:\Documents and Settings\Administrator\Local Settings\Temp\1.tmp C:\WINDOWS\system32\spwr.bjo —————————————————————————————————————————- Classification: […]
More…

Removed: C:\WINDOWS\system32\hpyu.mso (trojan Oficla)

Malware: file.exe Removed: C:\WINDOWS\system32\hpyu.mso —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe hpyu.mso yoqak Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe hpyu.mso yoqak” Files: C:\Documents and Settings\%USERNAME%\Application Data\Microsoft\Office\VB11.pip C:\Documents and Settings\%USERNAME%\Local Settings\Temp\1.tmp C:\WINDOWS\system32\hpyu.mso —————————————————————————————————————————- Classification: […]
More…

Removed: C:\WINDOWS\system32\dmnv.pro (trojan Oficla)

Malware: out.exe Removed: C:\WINDOWS\system32\dmnv.pro —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe dmnv.pro mgvxnxy Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe dmnv.pro mgvxnxy” Files: C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\VB11.pip C:\Documents and Settings\Administrator\Local Settings\Temp\1.tmp C:\WINDOWS\system32\dmnv.pro —————————————————————————————————————————- Classification: […]
More…

LightLogger.sys – Monitoring software

Lightloggersetup.exe – Monitoring software that allows you to keep track of what is happening on your computer. Not a virus, not a malware. C:\WINDOWS\system32\drivers\LightLogger.sys Item Name: LightLogger.sys Author: HeavenWard Related File: C:\WINDOWS\SYSTEM32\DRIVERS\LIGHTLOGGER.SYS Type: Drivers Registry: HKLM\System\CurrentControlSet\Enum\Root\LEGACY_LIGHTLOGGER Registry: HKLM\System\CurrentControlSet\Services\LightLogger Registry: HKLM\System\CurrentControlSet\Enum\Root\LEGACY_LIGHTLOGGER\0000\Service Value: “LightLogger” Registry: HKLM\System\CurrentControlSet\Services\LightLogger\ImagePath Value: “\??\C:\WINDOWS\system32\Drivers\LightLogger.sys” Registry: HKLM\System\CurrentControlSet\Services\LightLogger\DisplayName Value: “LightLogger driver” Folders: C:\Documents and Settings\Administrator\Start […]
More…

Removed: C:\WINDOWS\system32\devon.exe (trojan Injector)

Malware: out.exe Removed: C:\WINDOWS\system32\devon.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Developer Operations Network Author: T0aCL9R4vaOZXX Related File: C:\WINDOWS\SYSTEM32\DEVON.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Developer Operations Network Value: “C:\WINDOWS\system32\devon.exe” Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Developer Operations Network Value: “C:\WINDOWS\system32\devon.exe” Files: C:\WINDOWS\system32\devon.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update […]
More…

Fake QVOD player installs large number of Trojans

Fake QVOD player installs large number of Trojans.  Be careful! The fake QVOD player is spread from dangerous web sites: qvod.16tn.com:8080/qvodsetup.exe QVodSetup.exe MD5:  520d07f454f0d659ba5a6cf4c50c888e Size: 227097 VirusTotal Info: Antivirus Version Last Update Result a-squared 4.5.0.50 2010.05.10 Trojan-Dropper.Win32.Microjoin!IK AhnLab-V3 2010.05.23.00 2010.05.22 Malware/Win32.Generic AntiVir 8.2.1.242 2010.05.24 DR/MicroJoiner.Gen Antiy-AVL 2.0.3.7 2010.05.24 – Authentium 5.2.0.5 2010.05.24 W32/Joiner.D.gen!Eldorado Avast 4.8.1351.0 […]
More…

Removed: C:\Program Files\Common Files\dtmp.crt

Malware: C:\sand-box\loadx1.exe Removed: C:\Program Files\Common Files\dtmp.crt —————————————————————————————————————————- Detected by UnHackMe: Item Name: LanmanServer Author: Unknown Related File: C:\PROGRAM FILES\COMMON FILES\DTMP.CRT Type: Svchost DLLs Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters\ServiceDll Value: “%CommonProgramFiles%\dtmp.crt” Files: C:\Program Files\Common Files\dtmp.crt —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.06.16 […]
More…

Removed: C:\WINDOWS\system32\drivers\TvPlus.sys (trojan Dogrobot)

Malware: kiss.mdb.exe Removed: C:\WINDOWS\system32\drivers\TvPlus.sys —————————————————————————————————————————- Detected by UnHackMe: Item Name: TvPlus.sys Author: CCTV Related File: C:\WINDOWS\SYSTEM32\DRIVERS\TVPLUS.SYS Type: Drivers Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\System\CurrentControlSet\Services\TvPlus\ImagePath Value: “system32\DRIVERS\TvPlus.sys” Registry: HKLM\System\CurrentControlSet\Services\TvPlus\DisplayName Value: “Driver for TvPlus Device” Folders: C:\Program Files\KAV Files: C:\Program Files\KAV\TvPlus.inf C:\Program Files\KAV\TvPlus.sys C:\WINDOWS\system32\drivers\TvPlus.sys —————————————————————————————————————————- Classification: Antivirus […]
More…

Removed: C:\WINDOWS\system32\wfsintwq.sys C:\Documents and Settings\%USERNAME%\Application Data\drivers\winupgro.exe (trojan Bagle)

Malware: 3dba3336c2b17523208568e778cf6ec0.exe Removed: C:\WINDOWS\system32\wfsintwq.sys C:\Documents and Settings\%USERNAME%\Application Data\drivers\winupgro.exe —————————————————————————————————————————- UnHackme not starting, we used RegRun Warrior CD. Detected by RegRun Warrior: 1. RegRun Reanimator: Item Name: srosa Author: Related File: C:\WINDOWS\SYSTEM32\WFSINTWQ.SYS Type: Drivers Item Name: drvsyskit Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\DRIVERS\WINUPGRO.EXE Type: Registry Run 2. Multi AV scan: – none – Then […]
More…

Removed: SM29f.exe (Fake AV – Security Master AV aka My Security Engine)

Malware: SM6ad1.exe Removed: C:\Documents and Settings\All Users\Application Data\9b01d\SM29f.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Security Master AV Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\9B01D\SM29F.EXE Type: Registry Run Item Name: SM29f.exe Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\9B01D\SM29F.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly […]
More…

Removed: C:\Documents and Settings\%USERNAME%\Application Data\msdn.exe (trojan Buzus)

Malware: m.exe Removed: C:\Documents and Settings\Administrator\Application Data\msdn.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Windows System Guard Author: AceSoft Corp all rights reserved Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MSDN.EXE Type: Registry Run Item Name: msdn.exe Author: Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MSDN.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly […]
More…

Removed: atualizada.sys, Atualizada.exe (trojan Bancos)

Malware: Removed: C:\WINDOWS\system32\drivers\atualizada.sys C:\WINDOWS\Atualizada.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: atualizada.sys Author: Unknown Related File: C:\WINDOWS\SYSTEM32\DRIVERS\ATUALIZADA.SYS Type: Drivers Item Name: Author: Unknown Related File: C:\WINDOWS\ATUALIZADA.EXE Type: Registry Run Item Name: Atualizada.exe Author: Unknown Related File: C:\WINDOWS\ATUALIZADA.EXE Type: Running Processes After first reboot detected by UnHackMe: Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to […]
More…

Removed: C:\Documents and Settings\%USERNAME%\Local Settings\Temp\917ded.exe (trojan VB)

Malware: C:\sand-box\err4.txt.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\917ded.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: h612wm Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\917DED.EXE Type: Explorer Run Item Name: 917ded.exe Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\917DED.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\h612wm Value: “C:\DOCUME~1\%USERNAME%\LOCALS~1\Temp\917ded.exe” Files: C:\Documents and Settings\%USERNAME%\Local […]
More…

Removed: C:\WINDOWS\Fonts\services.exe, msmbhdru.dll, office woid.exe (trojan Genome)

Malware: C:\sand-box\WINC.exe Removed: C:\WINDOWS\Fonts\services.exe C:\WINDOWS\system32\msmbhdru.dll C:\WINDOWS\system32\office woid.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: exec Author: Related File: C:\WINDOWS\FONTS\SERVICES.EXE Type: Explorer Run Item Name: load Author: Unknown Related File: C:\WINDOWS\fonts\services.exe Type: Win.ini Item Name: run Author: Unknown Related File: C:\WINDOWS\fonts\services.exe Type: Win.ini Item Name: services.exe Author: Related File: C:\WINDOWS\FONTS\SERVICES.EXE Type: Running Processes Item Name: pgoxhe Author: […]
More…

Removed: C:\Program Files\NewBack App\NewBackUpdate.exe (trojan Comame)

Malware: NewBack_install.exe Removed: C:\Program Files\NewBack App\NewBackUpdate.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: {81E99201-2B0E-4405-8D74-21FDC6C1BAAD} Author: Related File: C:\PROGRAM FILES\NEWBACK APP\NEWBACK.DLL – false positive (not a virus) Type: Browser Helper Objects Item Name: NewBack Author: Unknown Related File: C:\PROGRAM FILES\NEWBACK APP\NEWBACKUPDATE.EXE – (file infected) Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to […]
More…

Removed: C:\WINDOWS\SYSTEM\WINAMP.EXE (worm Randon)

Malware: porno.exe Removed: C:\WINDOWS\SYSTEM\WINAMP.EXE —————————————————————————————————————————- Detected by UnHackMe: Item Name: Windows Scan Author: mIRC Co. Ltd. Related File: C:\WINDOWS\system\WINAMP.EXE Type: Registry Run Item Name: Winamp.exe Author: Related File: C:\WINDOWS\SYSTEM\WINAMP.EXE Type: Running Processes After first reboot detected by UnHackMe: Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Classes\ChatFile\Shell\open\command Value: […]
More…

Removed: C:\Program Files\Common Files\Opera\opera.exe (porn Locker)

Malware: C:\sand-box\malware.exe Removed: C:\Program Files\Common Files\Opera\opera.exe —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: Item Name: shell Author: Unknown Related File: Explorer.exe, C:\Program Files\Common Files\Opera\opera.exe Type: System.ini 2. Multi AV scan: – none – Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe, C:\Program Files\Common […]
More…

Removed: ..\Application Data\vdolew.exe (trojan VBInject)

Malware: Proj1.exe Removed: C:\Documents and Settings\Administrator\Application Data\vdolew.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: taskman Author: mGjoByhuUUvEQsMrPhHh Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\VDOLEW.EXE Type: Winlogon System Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman Value: “C:\Documents and Settings\%USERNAME%\Application Data\vdolew.exe” Files: C:\Documents and Settings\%USERNAME%\Application Data\vdolew.exe —————————————————————————————————————————- Classification: Antivirus […]
More…

Removed: C:\WINDOWS\system32\xiaosos.exe (trojan Frethog)

Malware: C:\sand-box\ma.exe Removed: C:\WINDOWS\system32\xiaosos.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: xiaodll0.dll Author: Unknown Related File: C:\WINDOWS\SYSTEM32\XIAODLL0.DLL Type: Detected using Heuristic Algorithm Item Name: xiaosos.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\XIAOSOS.EXE Type: Detected using Heuristic Algorithm Item Name: loopsos Author: Unknown Related File: C:\WINDOWS\SYSTEM32\XIAOSOS.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to […]
More…

Removed: adc_w32.dll, alggui.exe, svchost.exe (FakeAV – Sysinternals Antivirus aka Your PC Protector)

Malware: C:\sand-box\Windows_Protector.exe Removed: C:\Program Files\adc_w32.dll C:\Program Files\alggui.exe C:\Program Files\svchost.exe —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: 1.1 Item Name: {149256D5-E103-4523-BB43-2CFB066839D6} Author: Sysint ltd. Related File: C:\PROGRAM FILES\ADC_W32.DLL Type: Browser Helper Objects 1.2 Item Name: .exe Author: Unknown Related File: C:\Program Files\alggui.exe “%1″ %* Type: Main File Extensions 1.3 Item Name: AdbUpd Author: Related File: […]
More…

Removed: C:\netmedia\netmedia.exe

Malware: netmedia.exe Removed: C:\netmedia\netmedia.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: netmedia Author: Unknown Related File: C:\NETMEDIA\NETMEDIA.EXE Type: Registry Run Item Name: netmedia.exe Author: Unknown Related File: C:\NETMEDIA\NETMEDIA.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\netmedia Value: “C:\netmedia\netmedia.exe” Folders: C:\netmedia Files: C:\netmedia\netmedia.exe —————————————————————————————————————————- Classification: Antivirus […]
More…

Removed: C:\WINDOWS\system32\vaqx.sco (trojan Oficla)

Malware: C:\sand-box\loadx1.exe Removed: C:\WINDOWS\system32\vaqx.sco —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe vaqx.sco wkvme Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe vaqx.sco wkvme” Files: C:\WINDOWS\system32\vaqx.sco —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.06.11 […]
More…

Removed: e17ef422-72d0-4843-9f36-93d1c74df894_35.avi (DNS Changer)

Malware: installer.0022.exe Removed: C:\Documents and Settings\Administrator\Application Data\e17ef422-72d0-4843-9f36-93d1c74df894_35.avi —————————————————————————————————————————- Detected by UnHackMe: Item Name: e17ef422-72d0-4843-9f36-93d1c74df894_35 Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\E17EF422-72D0-4843-9F36-93D1C74DF894_35.AVI Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\e17ef422-72d0-4843-9f36-93d1c74df894_35 Value: “rundll32.exe “C:\Documents and Settings\%USERNAME%\Application Data\e17ef422-72d0-4843-9f36-93d1c74df894_35.avi”, start” Folders: C:\Documents and Settings\%USERNAME%\Local Settings\Temp\44467d57-14c9-4dd6-ac86-de798488d6e3 Files: C:\Documents […]
More…

Removed: atnr.sys (fake web browser for users in China – a home page about the FIFA World Cup 2010)

Malware: xunjie.exe Removed: C:\WINDOWS\SYSTEM32\DRIVERS\atnr.sys —————————————————————————————————————————- Detected by UnHackMe in “Multi AV scan” mode: ATNR.SYS Default location: C:\WINDOWS\SYSTEM32\DRIVERS\atnr.sys (random filename) MD5: 343E7EA0223A4EEE6CAC15650B4F17CA SHA1: B5B5E086 782BEA41 422D5974 064C7C9D B85FA602 File Size: 34 688 After first reboot detected by UnHackMe: Item Name: wveh Author: Related File: system32\drivers\wveh.sys Type: Services detected by Partizan Removal Results: Success Number of reboot: […]
More…

Removed: C:\WINDOWS\system32\drivers\pnpmem.sys (trojan Cinmus)

Malware: 118f61af8846bdc33c85b67a7a7f2fa8.gif.exe Removed: C:\WINDOWS\system32\drivers\pnpmem.sys —————————————————————————————————————————- Detected by RegRun Warrior: 1. Examiner: – none – 2. RegRun: – none – 3. Multi AV scan: PNPMEM.SYS Default location: C:\WINDOWS\SYSTEM32\DRIVERS\PNPMEM.SYS MD5: A3C29CA5DF4CDDF1BE8BD866F3C24D82 SHA1: B5AF119E 441A245C 4FB886CD 9420314F 6FF057FF File Size: 150 020 Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\IDSCNP […]
More…

Removed: TabIt.exe, ITss.lnk, ITss.exe

Malware: C:\sand-box\ie3.exe Removed: C:\Program Files\Common Files\TabIt.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ITss.lnk C:\RECYCLER\ITss.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: TabIt.exe Author: Unknown Related File: C:\PROGRAM FILES\COMMON FILES\TABIT.EXE Type: Running Processes After first reboot detected by UnHackMe: Item Name: ITss.lnk Author: Unknown Related File: C:\RECYCLER\ITSS.EXE Type: Common Startup Folder Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- […]
More…

Removed: C:\WINDOWS\system32\msvmiode.exe (trojan Vbcrypt)

Malware: VRGaRHVg.exe Removed: C:\WINDOWS\system32\msvmiode.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: MSODESNV7 Author: Related File: C:\WINDOWS\SYSTEM32\MSVMIODE.EXE Type: Registry Run Item Name: msvmiode.exe Author: Related File: C:\WINDOWS\SYSTEM32\MSVMIODE.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MSODESNV7 Value: “C:\WINDOWS\system32\msvmiode.exe” Files: C:\WINDOWS\system32\msvmiode.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result […]
More…

Removed: MSWD-cc27e340.job, cc27e340.exe

Malware: C:\sand-box\setup.exe Removed: C:\WINDOWS\Tasks\MSWD-cc27e340.job C:\Documents and Settings\%USERNAME%\Application Data\cc27e340.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: MSWD-cc27e340 Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\CC27E340.EXE Type: Scheduled Tasks Item Name: cc27e340.exe Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\CC27E340.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Files: […]
More…

Removed: C:\WINDOWS\help\dbs7154 (HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Avast – trojan Scar)

Malware: foto2.jpg.exe Removed: C:\WINDOWS\help\dbs7154 —————————————————————————————————————————- Detected by UnHackMe: Item Name: Avast Author: Developement Related File: C:\WINDOWS\HELP\MLB711.EXE Type: Registry Run Item Name: dbs7154.exe Author: Developement Related File: C:\WINDOWS\HELP\DBS7154.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Avast Value: “C:\WINDOWS\help\[dbs7154 – 3 letters + 4 numbers – […]
More…

Removed: PRAGMAd.sys, cntprot.exe, wscsvc32.exe, mscdexnt.exe (FakeAV – Protection Center aka Paladin Antivirus)

Malware: C:\sand-box\ad.exe Removed: C:\WINDOWS\PRAGMAmbitqfwbxt\PRAGMAd.sys C:\Program Files\Protection Center\cntprot.exe C:\Documents and Settings\Administrator\Local Settings\Temp\wscsvc32.exe C:\Documents and Settings\Administrator\Local Settings\Temp\mscdexnt.exe —————————————————————————————————————————- After first reboot detected by UnHackMe: Item Name: PRAGMAmbitqfwbxt Author: Related File: C:\WINDOWS\PRAGMAMBITQFWBXT\PRAGMAD.SYS Type: Services detected by Partizan Item Name: Protection Center Author: Unknown Related File: C:\PROGRAM FILES\PROTECTION CENTER\CNTPROT.EXE Type: Registry Run Item Name: wscsvc32.exe Author: Microsoft Corporation Related […]
More…

Removed: 4DW4R3.SYS, 4DW4R3C.DLL, 4DW4R3NVGMVSROER.SYS, 4DW4R3RIEYBBXFBI.DLL (trojan Cosmu/Alureon)

Malware: C:\sand-box\lsassc.exe Removed: C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3.SYS C:\WINDOWS\SYSTEM32\4DW4R3C.DLL C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3NVGMVSROER.SYS C:\WINDOWS\SYSTEM32\4DW4R3RIEYBBXFBI.DLL —————————————————————————————————————————- Detected by RegRun Warrior: 1. Examiner: 1.1 4DW4R3.SYS Default location: C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3.SYS MD5: EC196B8CB70705090480E76A6D3FABF4 SHA1: 84BBDAD7 7FDB17F8 1E008F70 C820C43A C150933A File Size: 46 592 1.2 4DW4R3C.DLL Default location: C:\WINDOWS\SYSTEM32\4DW4R3C.DLL MD5: 53B2EEBB1A2D91A861CA7A242AED11A1 SHA1: 56121B5B CF30DC03 8490FC03 60CB0953 5D35EB56 File Size: 28 160 1.3 4DW4R3NVGMVSROER.SYS Default location: C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3NVGMVSROER.SYS MD5: EC196B8CB70705090480E76A6D3FABF4 […]
More…

Removed: C:\WINDOWS\system32\rivt.ydo (trojan Oficla)

Malware: C:\sand-box\Build.exe Removed: C:\WINDOWS\system32\rivt.ydo —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe rivt.ydo hhbsv Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: KLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe rivt.ydo hhbsv” Files: C:\WINDOWS\system32\rivt.ydo —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.06.07 […]
More…

Removed: cbss.dll, ccl9ke.exe, nrktcvy.exe, absj.jjo, w13p1bp.exe, C:\WINDOWS\system\dwm.exe Restored: C:\WINDOWS\SYSTEM32\USER32.DLL (trojan downloader Harnig)

Malware: loaderadv600.exe Removed: C:\Documents and Settings\All Users\Documents\Settings\cbss.dll C:\Documents and Settings\Administrator\Local Settings\Temp\ccl9ke.exe C:\Documents and Settings\Administrator\Local Settings\Temp\nrktcvy.exe C:\WINDOWS\system32\absj.jjo C:\Documents and Settings\Administrator\Local Settings\Temp\w13p1bp.exe C:\WINDOWS\system\dwm.exe Restored: C:\WINDOWS\SYSTEM32\USER32.DLL —————————————————————————————————————————- Detected by UnHackMe: Item Name: cbssreg Author: Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\SETTINGS\CBSS.DLL Type: Winlogon Notification Item Name: khfy2n Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\CCL9KE.EXE Type: Explorer Run Item Name: 12370 Author: […]
More…

Restored: C:\WINDOWS\system32\rundll32.exe (trojan Buzus)

Malware: ss.exe Restored: C:\WINDOWS\system32\rundll32.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: {3G4L2686-J4L1-X5MV-12RE-JFH5V38F5030} Author: Related File: C:\WINDOWS\system32\rundll32.exe Restart Type: ActiveSetup Removal Results: Success Number of reboot: 1 The original rundll32.exe has been successfully restore using RegRun Warrior from the Windows installation CD. —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Coffin Of Evil Registry: HKCU\Software\Coffin Of Evil […]
More…

Removed: C:\Documents and Settings\%USERNAME%\Application Data\winsvrcn.exe (trojan Injector)

Malware: o.exe Removed: C:\Documents and Settings\Administrator\Application Data\winsvrcn.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Windows Firewall Updates Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WINSVRCN.EXE Type: Registry Run Item Name: winsvrcn.exe Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WINSVRCN.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? […]
More…

Removed: C:\WINDOWS\system32\rootsvc.exe (trojan IRCBrute)

Malware: C:\sand-box\gbot2.exe Removed: C:\WINDOWS\system32\rootsvc.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Root System Service Author: Unknown Related File: C:\WINDOWS\SYSTEM32\ROOTSVC.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Deleted registry key: HKLM\System\CurrentControlSet\Control\SafeBoot Value: Minimal Value: Network Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Root System Service Value: “C:\WINDOWS\system32\rootsvc.exe” Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\App\new Value: “yes” Files: C:\WINDOWS\system32\rootsvc.exe […]
More…

Removed: C:\WINDOWS\system32\wcpm.eso (trojan Oficla)

Malware: C:\sand-box\loadx1.exe Removed: C:\WINDOWS\system32\wcpm.eso —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe wcpm.eso kpcovkl Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry key: HKLM\Software\Classes\idid Registry key: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe wcpm.eso kpcovkl” Files: C:\WINDOWS\system32\wcpm.eso —————————————————————————————————————————- Classification: Antivirus Version Last Update […]
More…

Removed: C:\Documents and Settings\%USERNAME%\Application Data\lsass.exe (trojan Malex)

Malware: vfqy.exe Removed: C:\Documents and Settings\Administrator\Application Data\lsass.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Local Security Auth. Server Author: Company A Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\LSASS.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Local Security Auth. Server Value: “C:\Documents and Settings\%USERNAME%\Application Data\lsass.exe” Files: C:\Documents […]
More…

Removed: %USERPROFILE%\Application Data\Services.exe (trojan AutoRun)

Malware: wkqv.exe Removed: C:\Documents and Settings\Administrator\Application Data\Services.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Windows Services Author: Company A Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\SERVICES.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Windows Services Value: “C:\Documents and Settings\Administrator\Application Data\Services.exe” Files: C:\Documents and Settings\Administrator\Application Data\Services.exe —————————————————————————————————————————- […]
More…

Removed: C:\WINDOWS\system32\regedit.exe, ws.exe, ccl9ke.exe, C:\RECYCLER\S-1-5-21-7616925526-8384343833-780153681-2809\mgrls32.exe, aqjunaynp.exe Restored: C:\WINDOWS\SYSTEM32\USERINIT.EXE (trojan Harnig)

Malware: ppi.exe Removed: C:\WINDOWS\system32\regedit.exe C:\sand-box\ws.exe C:\Documents and Settings\Administrator\Local Settings\Temp\ccl9ke.exe C:\RECYCLER\S-1-5-21-7616925526-8384343833-780153681-2809\mgrls32.exe C:\Documents and Settings\Administrator\aqjunaynp.exe C:\WINDOWS\system32\aqjunaynp.exe Restored: C:\WINDOWS\SYSTEM32\USERINIT.EXE —————————————————————————————————————————- Detected by UnHackMe: Item Name: Regedit32 Author: Unknown Related File: C:\WINDOWS\SYSTEM32\REGEDIT.EXE Type: Registry Run Item Name: Aux Service Updater Author: Unknown Related File: C:\SAND-BOX\WS.EXE Type: Registry Run Item Name: regedit.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\REGEDIT.EXE Type: Running Processes […]
More…

Removed: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\file.exe

Malware: file.exe Removed: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\file.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: file.exe Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\STARTUP\FILE.EXE Type: Common Startup Folder Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Files: C:\Documents and Settings\Administrator\Local Settings\Temp\U&P.txt C:\Documents and Settings\All Users\Application Data\Etwo.io C:\Documents and Settings\All […]
More…

Removed: IUSBLU.FDF (trojan Mudrop)

Malware: C:\sand-box\3.exe Removed: C:\WINDOWS\SYSTEM32\IUSBLU.FDF —————————————————————————————————————————- Detected by UnHackMe: Item Name: aaaaaaaaaaaaaaaa Author: Unknown Related File: C:\WINDOWS\SYSTEM32\IUSBLU.FDF (random filename) Type: Svchost DLLs Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\System\CurrentControlSet\Services\aaaaaaaaaaaaaaaa\Parameters\ServiceDll Value: “%SystemRoot%\System32\iusblu.fdf” Registry: HKLM\System\CurrentControlSet\Services\aaaaaaaaaaaaaaaa\Parameters\ImagePath Value: “C:\WINDOWS\system32\SVCHOST.EXE -k aaaaaaaaaaaaaaaa” Files:C:\WINDOWS\system32\05c10f.imk C:\WINDOWS\system32\[radnom filename].fdf —————————————————————————————————————————- Classification: Antivirus Version Last Update Result […]
More…

Removed: C:\Windows\System\services.exe (trojan Comame)

Malware: wm.exe Removed: C:\Windows\System\services.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Services Manager Author: Related File: C:\Windows\System\services.exe Type: Auto Services Item Name: services.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM\SERVICES.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\System\CurrentControlSet\Services\Services Manager Value: ImagePath: “C:\Windows\System\services.exe” Value: DisplayName: “Microsoft Services Manager” […]
More…

Removed: scvhost.exe, autorun.inf, extext64750t.exe Restored: C:\WINDOWS\system32\drivers\asyncmac.sys C:\WINDOWS\SYSTEM32\USERINIT.EXE (trojan AntiAV)

Malware: C:\sand-box\p.exe Removed: C:\WINDOWS\system32\scvhost.exe C:\autorun.inf C:\WINDOWS\extext64750t.exe Restored: C:\WINDOWS\system32\drivers\asyncmac.sys C:\WINDOWS\SYSTEM32\USERINIT.EXE —————————————————————————————————————————- Detected by UnHackMe: Item Name: scvhost.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\SCVHOST.EXE Type: Running Processes Item Name: C:\autorun.inf Author: Unknown Related File: C:\autorun.inf Type: Autorun.inf Item Name: extext64234t.exe Author: Unknown Related File: C:\WINDOWS\EXTEXT64234T.EXE Type: Running Processes After first reboot detected by UnHackMe: Item Name: pcidump Author: […]
More…

Removed: mdl12pa.exe

Malware: video.exe Removed: C:\Documents and Settings\All Users\Application Data\mdl12pa.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: mdl12pa.exe Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MDL12PA.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform Value: Embedded Web Browser from http://bsalsa.com/: “” Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\mdl12pa.exe […]
More…

Restored: C:\WINDOWS\SYSTEM32\RPCSS.DLL (trojan Vilsel)

Malware: C:\sand-box\162ew.exe Restored: C:\WINDOWS\SYSTEM32\RPCSS.DLL —————————————————————————————————————————- Detected by UnHackMe in “Multi AV scan” mode: RPCSS.DLL Default location: C:\WINDOWS\SYSTEM32\RPCSS.DLL MD5: 4B4E9358F85B3902494C1FD8999558F2 SHA1: 2B567418 25628E7F 0C6567AC 1FD0CCB3 6ECA2F7D File Size: 1 105 920 The original RPCSS.DLL has been successfully restore using RegRun Warrior from the Windows installation CD. Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to […]
More…

Removed: WMocib.dll (trojan Cimag)

Malware: tulbap.exe Removed: C:\WINDOWS\WMocib.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: Pvesodurexur Author: Vicarious Visions, Inc. Related File: C:\WINDOWS\WMOCIB.DLL (random filename) Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Nwati Value: Qxatovuz, Fqoxode, wabufodizire, Khebax Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Pvesodurexur File: C:\WINDOWS\[ranom filename].DLL (author: Vicarious Visions, Inc.) —————————————————————————————————————————- Classification: […]
More…

Removed: C:\Documents and Settings\Administrator\Application Data\winnsvc.exe

Malware: PIC0737830249202010.JPG.exe Removed: C:\Documents and Settings\Administrator\Application Data\winnsvc.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Windows System Manager Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WINNSVC.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Windows System Manager Files: C:\Documents and Settings\Administrator\Application Data\winnsvc.exe —————————————————————————————————————————- Classification: Antivirus Version Last […]
More…

Removed: ..\Local Settings\Temp\hmacrokicbi.sys (trojan Rustock)

Malware: un1uox4ts.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\hmacrokicbi.sys —————————————————————————————————————————- Features of the malware: Unique keys: krnl_sleepfreq, krnl_servers_list Unique files: C:\WINDOWS\system32\drivers\str.sys —————————————————————————————————————————- After first reboot detected by UnHackMe: Item Name: mgkvgpf (random item name) Author: Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\HMACROKICBI.SYS (random filename) Type: Services detected by Partizan File version: 6.0.2600.1 Description: IIS 4.0 Metadata Synchronizer Copyright: © Microsoft Corporation. […]
More…

Removed: knqd.exe

Malware: media.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\knqd.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: ol1s Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\KNQD.EXE Type: Explorer Run Item Name: knqd.exe Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\KNQD.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.27 – Kaspersky 7.0.0.125 2010.05.27 – […]
More…

Removed: Hare.exe, javawsdp.exe (trojan Parkchicers)

Malware: Hare.exe Removed: C:\Program Files\Hare\Hare.exe C:\Program Files\JAVA\javawsdp.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Hare Author: Related File: C:\PROGRAM FILES\HARE\HARE.EXE Type: Registry Run Item Name: javawsdp Author: Related File: C:\PROGRAM FILES\JAVA\JAVAWSDP.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.27 Trojan.Generic.4000369 Kaspersky 7.0.0.125 2010.05.27 Trojan.Win32.Scar.cgez […]
More…

Removed: C:\Program Files\Common Files\PushWare\cpush.dll (adware Sogou)

Malware: ad10535.exe Removed: C:\Program Files\Common Files\PushWare\cpush.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: {11F09AFD-75AD-4E51-AB43-E09E9351CE16} Author: Related File: C:\PROGRAM FILES\COMMON FILES\PUSHWARE\CPUSH.DLL Type: Browser Helper Objects Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.28 Dropped:Adware.Sogou.Gen Kaspersky 7.0.0.125 2010.05.28 Trojan.Win32.BHO.agsb Microsoft 1.5802 2010.05.28 Program:Win32/Sogou NOD32 5154 2010.05.28 a variant of […]
More…

Removed: C:\WINDOWS\nodkrm.exe (backdor Poison)

Malware: C:\sand-box\Ident.exe Removed: C:\WINDOWS\nodkrm.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: nodkrm.exe Author: Biohazard Crew Related File: C:\WINDOWS\NODKRM.EXE Type: Detected using Heuristic Algorithm Item Name: Microsoft Svchost local services Author: Related File: C:\WINDOWS\NODKRM.EXE Type: Registry Run After first reboot detected by UnHackMe: Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result […]
More…

Removed: C:\WINDOWS\system32\wrdr.kuo (trojan Oficla/Sasfis)

Malware: C:\sand-box\delta1_1.exe Removed: C:\WINDOWS\system32\wrdr.kuo —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe wrdr.kuo gxsad Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.27 Trojan.Generic.3310239 Kaspersky 7.0.0.125 2010.05.27 Trojan.Win32.Sasfis.ahqj Microsoft 1.5802 2010.05.27 TrojanDropper:Win32/Oficla.G NOD32 5149 2010.05.27 a variant of Win32/Kryptik.DBO —————————————————————————————————————————- […]
More…

Removed: wmsetup.exe, C:\Program Files\WindowsUpdate\svohcst.exe

Malware: ppsvip.exe Removed: C:\Program Files\WindowsUpdate\wmsetup.exe C:\Program Files\WindowsUpdate\svohcst.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe C:\progra~1\WindowsUpdate\wmsetup.exe Type: System.ini Item Name: svohcst.exe Author: Related File: C:\PROGRA~1\WINDOWSUPDATE\SVOHCST.EXE Type: Running Processes After first reboot detected by UnHackMe: Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.27 […]
More…

Removed: C:\WINDOWS\system32\Storm2.exe (trojan Scar)

Malware: C:\sand-box\player.exe Removed: C:\WINDOWS\system32\Storm2.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: .txt Author: Unknown Related File: d:\Browsers.exe %1 Type: Main File Extensions Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\Storm2.exe Type: UserInit Value Item Name: WBOpen Author: Related File: C:\WINDOWS\SYSTEM32\STORM2.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update […]
More…

Restored: WS2IFSL.SYS (trojan TDSS/Alureon/Olmarik)

Malware: C:\sand-box\Ultimate Codes.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS —————————————————————————————————————————- Detected by RegRun Warrior: Item Name: WS2IFSL.SYS Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS Type: Detected using Heuristic Algorithm The original WS2IFSL.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 […]
More…

Removed: popguide_joy1004.dll, lineguide.dll, popguide_joy1004_update.exe, lineguideup.exe (trojan Troxen/BHO)

Malware: C:\sand-box\joy1004_20080610.exe Removed: C:\Program Files\popguide\popguide_joy1004.dll C:\Program Files\ lineguide\lineguide.dll C:\Program Files\ popguide\popguide_joy1004_update.exe C:\Program Files\ lineguide\lineguideup.exe ————————————————————————————————————————— Detected by UnHackMe: Item Name: {4CD223EC-0998-4925-BF86-A3FAB13C58EB} Author: TODO: Related File: C:\PROGRAM FILES\POPGUIDE\POPGUIDE_JOY1004.DLL Type: Browser Helper Objects Item Name: {AD12AEF1-4348-4055-9DEF-4E5738E3F163} Author: Unknown Related File: C:\PROGRAM FILES\LINEGUIDE\LINEGUIDE.DLL Type: Browser Helper Objects Item Name: popguide Author: TODO: Related File: C:\PROGRAM FILES\POPGUIDE\POPGUIDE_JOY1004_UPDATE.EXE Type: Registry […]
More…

Removed: Cmoney.dll, Cmoney.exe korinstll.exe (trojan BHO)

Malware: C:\sand-box\cmoney_03_update20090423.exe Removed: C:\Program Files\Cmoney\Cmoney.dll C:\Program Files\Cmoney\Cmoney.exe C:\Program Files\Cmoney\korinstll.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: {1DBB2DF6-98E2-4433-8FA6-BB00ACD39458} Author: TODO: Related File: C:\PROGRAM FILES\CMONEY\CMONEY.DLL Type: Browser Helper Objects Item Name: korinstll Author: TODO: Related File: C:\PROGRAM FILES\CMONEY\KORINSTLL.EXE Type: Registry Run Item Name: Cmoney Author: TODO: Related File: C:\PROGRAM FILES\CMONEY\CMONEY.EXE Type: Registry Run Removal Results: Success Number of […]
More…

Removed: moreinfoup.exe, swisher.exe, futureweb_futureweb_20100128.exe (trojan Troxen)

Malware: C:\sand-box\moreinfo_20090206_re.exe Removed: C:\Program Files\moreinfo\moreinfoup.exe C:\Program Files\swisher\swisher.exe C:\Windows\Temp\futureweb_futureweb_20100128.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: {EABB6254-5CE9-44FA-BA27-5B0D2A4D360D} Author: Related File: C:\PROGRAM FILES\FUTUREWEB\FUTUREWEB.DLL Type: Browser Helper Objects Item Name: moreinfo Author: Unknown Related File: C:\PROGRAM FILES\MOREINFO\MOREINFOUP.EXE Type: Registry Run Item Name: {4C8E314F-7D10-4380-AC6C-B7D6EDA82F74} Author: Related File: C:\PROGRAM FILES\FUTUREWEB\FUTUREWEB.DLL Type: Browser Helper Objects Item Name: swisher Author: Unknown Related File: […]
More…

Removed: pointmania.exe

Malware: pointmania.exe Removed: C:\Program Files\pointmania\pointmania.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: pointmania Author: Related File: C:\Program Files\pointmania\pointmania.exe Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.27 – Kaspersky 7.0.0.125 2010.05.27 – Microsoft 1.5802 2010.05.27 TrojanSpy:Win32/Mafod!rts NOD32 5149 2010.05.27 probably unknown NewHeur_PE —————————————————————————————————————————- Additional information […]
More…

Removed: C:\WINDOWS\system32\wloqv.exe (add key \Internet Explorer\Main\TabProcGrowth)

Malware: C:\sand-box\521.exe Removed: C:\WINDOWS\system32\wloqv.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,wloqv.exe (random filename) Type: UserInit Value Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.27 Trojan.Peed.Gen Kaspersky 7.0.0.125 2010.05.27 Trojan.Win32.Pincav.aamj Microsoft 1.5802 2010.05.27 Trojan:Win32/Malagent NOD32 5148 2010.05.26 a variant of Win32/Kryptik.DXI —————————————————————————————————————————- […]
More…

Removed: Desktop Security 2010.exe, securitycenter.exe, security.exe (FakeAV – Desktop Security 2010)

Malware: C:\sand-box\security.exe Removed: C:\Documents and Settings\Administrator\Application Data\Desktop Security 2010\Desktop Security 2010.exe C:\Documents and Settings\Administrator\Application Data\Desktop Security 2010\securitycenter.exe C:\sand-box\security.exe Scan system… —————————————————————————————————————————- Detected by UnHackMe: Item Name: Desktop Security 2010 Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\DESKTOP SECURITY 2010\DESKTOP SECURITY 2010.EXE Type: Registry Run Item Name: SecurityCenter Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\DESKTOP […]
More…

Removed: PRAGMAd.sys, wsdkrlxp.exe (variant of TDSS trojan)

Malware: C:\sand-box\ad.exe Removed: C:\WINDOWS\PRAGMAnlpcbvtkpy\PRAGMAd.sys C:\Documents and Settings\Administrator\Local Settings\Temp\wsdkrlxp.exe —————————————————————————————————————————- After first reboot detected by UnHackMe: Item Name: PRAGMAnlpcbvtkpy Author: Related File: C:\WINDOWS\PRAGMANLPCBVTKPY\PRAGMAD.SYS Type: Services detected by Partizan Item Name: wsdkrlxp.exe Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WSDKRLXP.EXE Type: Registry Run Removal Results: Success Number of reboot: 2 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.26 […]
More…

Removed: ..\Local Settings\Temp\explorer.exe (worm VBNA)

Malware: z.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\explorer.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Microsoft Windows Hosting Service Login Author: BCN Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\EXPLORER.EXE Type: Registry Run Item Name: explorer.exe Author: Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\EXPLORER.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.25 Trojan.Generic.3866640 Kaspersky […]
More…

Removed: C:\WINDOWS\system32\0041.DLL (trojan Witkinat)

Malware: Browser_Update.exe Removed: C:\WINDOWS\system32\0041.DLL —————————————————————————————————————————- Detected by UnHackMe: Item Name: AppInit_DLLs Author: Unknown Related File: C:\WINDOWS\system32\0041.DLL Type: List of Injected DLLs Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.24 Trojan.Generic.KD.10557 Kaspersky 7.0.0.125 2010.05.24 Trojan-Spy.Win32.Insain.wz Microsoft 1.5802 2010.05.24 Trojan:Win32/Sisproc NOD32 5142 2010.05.24 Win32/Witkinat.A —————————————————————————————————————————- Additional information File […]
More…

Removed: C:\cleansweep.exe\cleansweep.exe (trojan SpyEyes)

Malware: load.exe Removed: C:\cleansweep.exe\cleansweep.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: cleansweep.exe Author: Related File: C:\CLEANSWEEP.EXE\CLEANSWEEP.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.25 Trojan.Generic.KD.13526 Kaspersky 7.0.0.125 2010.05.25 Trojan-Spy.Win32.SpyEyes.if Microsoft 1.5802 2010.05.24 – NOD32 5142 2010.05.24 – —————————————————————————————————————————- Additional information File size: 150016 bytes […]
More…

Removed: alggui.exe, adc_w32.dll C:\Program Files\svchost.exe (FakeAV – XJR Antivirus aka AKM Antivirus 2010 Pro)

Malware: C:\sand-box\Windows_Protector.exe Removed: C:\Program Files\alggui.exe C:\Program Files\adc_w32.dll C:\Program Files\svchost.exe —————————————————————————————————————————- Detected by RegRun Warrior: Item Name: .exe Author: Unknown Related File: C:\Program Files\alggui.exe “%1″ %* Type: Main File Extensions Item Name: {149256D5-E103-4523-BB43-2CFB066839D6} Author: ADC – AntiSpyware Related File: C:\PROGRAM FILES\ADC_W32.DLL Type: Browser Helper Objects Item Name: AdbUpd Author: Related File: C:\PROGRAM FILES\SVCHOST.EXE Type: Drivers Removal […]
More…

Removed: C:\WINDOWS\system32\drivers\lefed9b.sys (trojan Otlard)

Malware: C:\sand-box\agressive.exe Removed: C:\WINDOWS\system32\drivers\lefed9b.sys —————————————————————————————————————————- After first reboot detected by UnHackMe: Item Name: lefed9b Author: Related File: C:\WINDOWS\SYSTEM32\DRIVERS\LEFED9B.SYS (random filename) Type: Services detected by Partizan Removal Results: Success Number of reboot: 2 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.24 Trojan.Generic.3733323 Kaspersky 7.0.0.125 2010.05.24 Trojan-Dropper.Win32.Agent.btzb Microsoft 1.5802 2010.05.24 TrojanDropper:Win32/Otlard.A NOD32 5141 2010.05.24 a […]
More…

Removed: ..\Application Data\Windows Server\fgwckv.dll

Malware: C:\sand-box\setup113.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Application Data\Windows Server\fgwckv.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: AppSecDll Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\WINDOWS SERVER\FGWCKV.DLL Type: Application Security DLLs Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.24 Suspicious:W32/Malware!Gemini Kaspersky 7.0.0.125 2010.05.23 – Microsoft 1.5802 2010.05.24 […]
More…

Removed: 24531.dll (trojan OnLineGames)

Malware: C:\sand-box\abc.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\24531.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: AppInit_DLLs Author: Unknown Related File: ,C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\24531.dll (random filename) Type: List of Injected DLLs Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.24 Trojan.Generic.3950428 Kaspersky 7.0.0.125 2010.05.24 Trojan-GameThief.Win32.OnLineGames.wtyd Microsoft 1.5802 2010.05.24 PWS:Win32/OnLineGames.HQ NOD32 5141 2010.05.24 […]
More…

Removed: C:\WINDOWS\system32\aspimgr.exe (worm Aspxor)

Malware: C:\sand-box\v103.exe Removed: C:\WINDOWS\system32\aspimgr.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: aspimgr Author: Microsoft Corporation Related File: C:\WINDOWS\system32\aspimgr.exe Type: Auto Services Item Name: aspimgr.exe Author: Related File: C:\WINDOWS\SYSTEM32\ASPIMGR.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.24 Trojan.PWS.Agent.RWD Kaspersky 7.0.0.125 2010.05.24 Net-Worm.Win32.Aspxor.he Microsoft 1.5802 2010.05.24 […]
More…

Removed: MS29f.exe (FakeAV – My Security Engine)

Malware: C:\sand-box\MS6ad1.exe Removed: C:\Documents and Settings\All Users\Application Data\9b01d\MS29f.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: My Security Engine Author: Live PC. Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\9B01D\MS29F.EXE Type: Registry Run Item Name: MS29f.exe Author: Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\9B01D\MS29F.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version […]
More…

Restored: I8042PRT.SYS (trojan TDSS)

Malware: C:\sand-box\win.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS —————————————————————————————————————————- The original I8042PRT.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Item Name: I8042PRT.SYS Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS Type: Detected using Examiner mode Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.21 Trojan.TDss.ADV Kaspersky 7.0.0.125 2010.05.21 […]
More…

Removed: C:\Documents and Settings\Administrator\ctfmon.exe (worm Rimecud)

Removed: C:\Documents and Settings\Administrator\ctfmon.exe —————————————————————————————————————————- Detected by UnHackMe in “Malti AV scan”: CTFMON.EXE Default location: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\CTFMON.EXE MD5: 26CD08E868F9FDE5F28A6634B3E42F13 SHA1: 2CAFF9A7 B11C67DC 1943A74B ADB6C90E A7637E78 File Size: 159 744 Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.22 Gen:Variant.Rimecud.2 Kaspersky 7.0.0.125 2010.05.23 – Microsoft 1.5802 2010.05.23 […]
More…

Removed: C:\WINDOWS\svchost.exe (trojan VBInject)

Malware: IOIzo4rkW5V3SseNqcRE1OZu.exe Removed: C:\WINDOWS\svchost.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: svchost.exe Author: Rundll32 Related File: C:\WINDOWS\SVCHOST.EXE Type: Detected using Heuristic Algorithm Item Name: Microsoft© Operating System: Author: Related File: C:\WINDOWS\SVCHOST.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.22 – Kaspersky 7.0.0.125 2010.05.22 – […]
More…

Removed: upcssc.exe (trojan EggDrop)

Removed: C:\RECYCLER\S-1-5-21-3230530296-2333085751-349345971-1378\upcssc.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: taskman Author: Unknown Related File: C:\RECYCLER\S-1-5-21-3230530296-2333085751-349345971-1378\UPCSSC.EXE Type: Winlogon System Item Name: upcssc.exe Author: Unknown Related File: C:\RECYCLER\S-1-5-21-3230530296-2333085751-349345971-1378\UPCSSC.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.11 Trojan.Generic.3672926 Kaspersky 7.0.0.125 2010.05.11 Backdoor.Win32.EggDrop.atl Microsoft 1.5703 2010.05.11 VirTool:Win32/DelfInject.gen!BI NOD32 […]
More…

Removed: scdll.exe (DNS Changer – trojan blocking addresses many antivirus sites)

Malware: Load.exe Removed: C:\WINDOWS\system32\scdll.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Load Author: Related File: C:\WINDOWS\SYSTEM32\SCDLL.EXE Type: Registry Run Item Name: scdll.exe Author: Related File: C:\WINDOWS\SYSTEM32\SCDLL.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.15 – Kaspersky 7.0.0.125 2010.05.15 – Microsoft 1.5703 2010.05.14 – NOD32 […]
More…

Removed: test.exe (trojan Sasfis)

Malware: C:\sand-box\test.exe Removed: C:\sand-box\test.exe (Live Messenger) —————————————————————————————————————————- Detected by UnHackMe: Item Name: Live Messenger Author: H761134cB953024RJO6961831618 Related File: C:\SAND-BOX\TEST.EXE Type: Registry Run Item Name: test.exe Author: Related File: C:\SAND-BOX\TEST.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.22 Worm:W32/Autorun.NQ Kaspersky 7.0.0.125 2010.05.22 Trojan.Win32.Sasfis.anku Microsoft […]
More…

Removed: C:\WINDOWS\linkinfo.dll (virus Alman/Almanah)

Malware: C:\sand-box\xwmt.exe Removed: C:\WINDOWS\linkinfo.dll —————————————————————————————————————————- Detected by RegRun Warrior: Item Name: linkinfo.dll Author: Microsoft Corporation Related File: C:\WINDOWS\LINKINFO.DLL Type: Redirected DLLs Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.14 Win32.Almanahe.D Kaspersky 7.0.0.125 2010.05.14 Virus.Win32.Alman.b Microsoft 1.5703 2010.05.14 Virus:Win32/Almanahe.B NOD32 5115 2010.05.14 Win32/Alman.NAB —————————————————————————————————————————- Additional information File […]
More…

Removed: myztdv.exe (trojan Small.D)

Malware: server1.exe Removed: C:\WINDOWS\system32\myztdv.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: vcmdsvc (“vemote Command Service”/”vindows Resource Kit”) Author: Related File: C:\WINDOWS\system32\myztdv.exe (random filename) Type: Auto Services Item Name: myztdv.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\MYZTDV.EXE (random filename) Type: Running Processes After first reboot detected by UnHackMe: Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version […]
More…

Removed: C:\WINDOWS\WinLogon.exe (trojan Meredrop)

Malware: pics.exe Removed: C:\WINDOWS\WinLogon.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: WinLogon.exe Author: Microsoft Related File: C:\WINDOWS\WINLOGON.EXE Type: Running Processes After first reboot detected by UnHackMe: Item Name: WinLogon Author: Related File: C:\WINDOWS\WinLogon.exe Type: Registry Run Removal Results: Success Number of reboot: 2 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.21 Trojan.Generic.3817833 Kaspersky 7.0.0.125 […]
More…

Removed: ..\ACD Systems\ACDSee\Imagefw.ddf (backdoor Zegost)

Malware: C:\sand-box\web.exe Removed: C:\Documents and Settings\Administrator\Application Data\ACD Systems\ACDSee\Imagefw.ddf —————————————————————————————————————————- Detected by UnHackMe: Item Name: HidServ Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\APPLIC~1\ACDSYS~1\ACDSEE\IMAGEFW.DDF Type: Svchost DLLs Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result Kaspersky 7.0.0.125 2010.05.21 Trojan-PSW.Win32.Bjlog.hgx Microsoft 1.5802 2010.05.21 Backdoor:Win32/Zegost.B NOD32 5136 2010.05.21 a variant of Win32/Redosdru.ED —————————————————————————————————————————- Additional information […]
More…

Removed: 799d.exe, 977o.dll, tmp.exe, 9bee.dll, ms.job (trojan Adload)

Malware: qd.exe Removed: C:\WINDOWS\system32\799d.exe C:\WINDOWS\system32\977o.dll C:\WINDOWS\Temp\tmp.exe C:\WINDOWS\Tasks\ms.job C:\WINDOWS\system32\9bee.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: {C15134ED-31C1-4b17-B04E-FFFAB993EFA2} Author: Beijing Angels Technology ltd. Related File: C:\WINDOWS\SYSTEM32\977O.DLL Type: Browser Helper Objects Item Name: OSS Author: Related File: C:\WINDOWS\system32\799d.exe Type: Auto Services Item Name: home.lnk Author: Unknown Related File: C:\WINDOWS\TEMP\TMP.EXE Type: Common Startup Folder Item Name: 799d.exe Author: Unknown Related […]
More…

Removed: C:\WINDOWS\Help\wacult.exe (trojan Beastdoor)

Malware: video.exe Removed: C:\WINDOWS\Help\wacult.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: WinXPService Author: mIRC Co. Ltd. Related File: C:\WINDOWS\HELP\WACULT.EXE Type: Registry Run Item Name: wacult.exe Author: Related File: C:\WINDOWS\HELP\WACULT.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.18 Trojan.Dropper.Delf.AIN Kaspersky 7.0.0.125 2010.05.18 Backdoor.Win32.Beastdoor.206.p Microsoft 1.5802 […]
More…

Removed: C:\WINDOWS\system\winlogon.exe (trojan for users vkontakte.ru)

Malware: new.exe Removed: C:\WINDOWS\system\winlogon.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system\winlogon.exe Type: UserInit Value Item Name: winlogon.exe Author: Related File: C:\WINDOWS\SYSTEM\WINLOGON.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.21 Trojan.Generic.KD.12015 Kaspersky 7.0.0.125 2010.05.21 – Microsoft 1.5802 2010.05.20 – […]
More…

Restored: C:\WINDOWS\system32\midimap.dll (trojan OnLineGames)

Malware: jx3bigfoot.exe Restored: C:\WINDOWS\system32\midimap.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: MIDIMAP.DLL Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\MIDIMAP.DLL Type: Infected System Files Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.21 Dropped:Trojan.Generic.3947112 Kaspersky 7.0.0.125 2010.05.21 – Microsoft 1.5802 2010.05.20 – NOD32 5134 2010.05.21 a variant of Win32/PSW.OnLineGames.OVO —————————————————————————————————————————- […]
More…