Removed: C:\WINDOWS\system32\rivt.ydo (trojan Oficla)

Malware: C:\sand-box\Build.exe Removed: C:\WINDOWS\system32\rivt.ydo —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe rivt.ydo hhbsv Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: KLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe rivt.ydo hhbsv” Files: C:\WINDOWS\system32\rivt.ydo —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.06.07 […]
More…

Removed: cbss.dll, ccl9ke.exe, nrktcvy.exe, absj.jjo, w13p1bp.exe, C:\WINDOWS\system\dwm.exe Restored: C:\WINDOWS\SYSTEM32\USER32.DLL (trojan downloader Harnig)

Malware: loaderadv600.exe Removed: C:\Documents and Settings\All Users\Documents\Settings\cbss.dll C:\Documents and Settings\Administrator\Local Settings\Temp\ccl9ke.exe C:\Documents and Settings\Administrator\Local Settings\Temp\nrktcvy.exe C:\WINDOWS\system32\absj.jjo C:\Documents and Settings\Administrator\Local Settings\Temp\w13p1bp.exe C:\WINDOWS\system\dwm.exe Restored: C:\WINDOWS\SYSTEM32\USER32.DLL —————————————————————————————————————————- Detected by UnHackMe: Item Name: cbssreg Author: Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\SETTINGS\CBSS.DLL Type: Winlogon Notification Item Name: khfy2n Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\CCL9KE.EXE Type: Explorer Run Item Name: 12370 Author: […]
More…

Restored: C:\WINDOWS\system32\rundll32.exe (trojan Buzus)

Malware: ss.exe Restored: C:\WINDOWS\system32\rundll32.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: {3G4L2686-J4L1-X5MV-12RE-JFH5V38F5030} Author: Related File: C:\WINDOWS\system32\rundll32.exe Restart Type: ActiveSetup Removal Results: Success Number of reboot: 1 The original rundll32.exe has been successfully restore using RegRun Warrior from the Windows installation CD. —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Coffin Of Evil Registry: HKCU\Software\Coffin Of Evil […]
More…

Removed: C:\Documents and Settings\%USERNAME%\Application Data\winsvrcn.exe (trojan Injector)

Malware: o.exe Removed: C:\Documents and Settings\Administrator\Application Data\winsvrcn.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Windows Firewall Updates Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WINSVRCN.EXE Type: Registry Run Item Name: winsvrcn.exe Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WINSVRCN.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? […]
More…

Removed: C:\WINDOWS\system32\rootsvc.exe (trojan IRCBrute)

Malware: C:\sand-box\gbot2.exe Removed: C:\WINDOWS\system32\rootsvc.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Root System Service Author: Unknown Related File: C:\WINDOWS\SYSTEM32\ROOTSVC.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Deleted registry key: HKLM\System\CurrentControlSet\Control\SafeBoot Value: Minimal Value: Network Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Root System Service Value: “C:\WINDOWS\system32\rootsvc.exe” Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\App\new Value: “yes” Files: C:\WINDOWS\system32\rootsvc.exe […]
More…

Removed: C:\WINDOWS\system32\wcpm.eso (trojan Oficla)

Malware: C:\sand-box\loadx1.exe Removed: C:\WINDOWS\system32\wcpm.eso —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe wcpm.eso kpcovkl Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry key: HKLM\Software\Classes\idid Registry key: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe wcpm.eso kpcovkl” Files: C:\WINDOWS\system32\wcpm.eso —————————————————————————————————————————- Classification: Antivirus Version Last Update […]
More…

Removed: C:\Documents and Settings\%USERNAME%\Application Data\lsass.exe (trojan Malex)

Malware: vfqy.exe Removed: C:\Documents and Settings\Administrator\Application Data\lsass.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Local Security Auth. Server Author: Company A Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\LSASS.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Local Security Auth. Server Value: “C:\Documents and Settings\%USERNAME%\Application Data\lsass.exe” Files: C:\Documents […]
More…

Removed: %USERPROFILE%\Application Data\Services.exe (trojan AutoRun)

Malware: wkqv.exe Removed: C:\Documents and Settings\Administrator\Application Data\Services.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Windows Services Author: Company A Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\SERVICES.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Windows Services Value: “C:\Documents and Settings\Administrator\Application Data\Services.exe” Files: C:\Documents and Settings\Administrator\Application Data\Services.exe —————————————————————————————————————————- […]
More…

Removed: C:\WINDOWS\system32\regedit.exe, ws.exe, ccl9ke.exe, C:\RECYCLER\S-1-5-21-7616925526-8384343833-780153681-2809\mgrls32.exe, aqjunaynp.exe Restored: C:\WINDOWS\SYSTEM32\USERINIT.EXE (trojan Harnig)

Malware: ppi.exe Removed: C:\WINDOWS\system32\regedit.exe C:\sand-box\ws.exe C:\Documents and Settings\Administrator\Local Settings\Temp\ccl9ke.exe C:\RECYCLER\S-1-5-21-7616925526-8384343833-780153681-2809\mgrls32.exe C:\Documents and Settings\Administrator\aqjunaynp.exe C:\WINDOWS\system32\aqjunaynp.exe Restored: C:\WINDOWS\SYSTEM32\USERINIT.EXE —————————————————————————————————————————- Detected by UnHackMe: Item Name: Regedit32 Author: Unknown Related File: C:\WINDOWS\SYSTEM32\REGEDIT.EXE Type: Registry Run Item Name: Aux Service Updater Author: Unknown Related File: C:\SAND-BOX\WS.EXE Type: Registry Run Item Name: regedit.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\REGEDIT.EXE Type: Running Processes […]
More…

Removed: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\file.exe

Malware: file.exe Removed: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\file.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: file.exe Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\STARTUP\FILE.EXE Type: Common Startup Folder Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Files: C:\Documents and Settings\Administrator\Local Settings\Temp\U&P.txt C:\Documents and Settings\All Users\Application Data\Etwo.io C:\Documents and Settings\All […]
More…

Removed: IUSBLU.FDF (trojan Mudrop)

Malware: C:\sand-box\3.exe Removed: C:\WINDOWS\SYSTEM32\IUSBLU.FDF —————————————————————————————————————————- Detected by UnHackMe: Item Name: aaaaaaaaaaaaaaaa Author: Unknown Related File: C:\WINDOWS\SYSTEM32\IUSBLU.FDF (random filename) Type: Svchost DLLs Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\System\CurrentControlSet\Services\aaaaaaaaaaaaaaaa\Parameters\ServiceDll Value: “%SystemRoot%\System32\iusblu.fdf” Registry: HKLM\System\CurrentControlSet\Services\aaaaaaaaaaaaaaaa\Parameters\ImagePath Value: “C:\WINDOWS\system32\SVCHOST.EXE -k aaaaaaaaaaaaaaaa” Files:C:\WINDOWS\system32\05c10f.imk C:\WINDOWS\system32\[radnom filename].fdf —————————————————————————————————————————- Classification: Antivirus Version Last Update Result […]
More…

Removed: C:\Windows\System\services.exe (trojan Comame)

Malware: wm.exe Removed: C:\Windows\System\services.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Services Manager Author: Related File: C:\Windows\System\services.exe Type: Auto Services Item Name: services.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM\SERVICES.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\System\CurrentControlSet\Services\Services Manager Value: ImagePath: “C:\Windows\System\services.exe” Value: DisplayName: “Microsoft Services Manager” […]
More…

Removed: scvhost.exe, autorun.inf, extext64750t.exe Restored: C:\WINDOWS\system32\drivers\asyncmac.sys C:\WINDOWS\SYSTEM32\USERINIT.EXE (trojan AntiAV)

Malware: C:\sand-box\p.exe Removed: C:\WINDOWS\system32\scvhost.exe C:\autorun.inf C:\WINDOWS\extext64750t.exe Restored: C:\WINDOWS\system32\drivers\asyncmac.sys C:\WINDOWS\SYSTEM32\USERINIT.EXE —————————————————————————————————————————- Detected by UnHackMe: Item Name: scvhost.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\SCVHOST.EXE Type: Running Processes Item Name: C:\autorun.inf Author: Unknown Related File: C:\autorun.inf Type: Autorun.inf Item Name: extext64234t.exe Author: Unknown Related File: C:\WINDOWS\EXTEXT64234T.EXE Type: Running Processes After first reboot detected by UnHackMe: Item Name: pcidump Author: […]
More…

Removed: mdl12pa.exe

Malware: video.exe Removed: C:\Documents and Settings\All Users\Application Data\mdl12pa.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: mdl12pa.exe Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MDL12PA.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform Value: Embedded Web Browser from http://bsalsa.com/: “” Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\mdl12pa.exe […]
More…

Restored: C:\WINDOWS\SYSTEM32\RPCSS.DLL (trojan Vilsel)

Malware: C:\sand-box\162ew.exe Restored: C:\WINDOWS\SYSTEM32\RPCSS.DLL —————————————————————————————————————————- Detected by UnHackMe in “Multi AV scan” mode: RPCSS.DLL Default location: C:\WINDOWS\SYSTEM32\RPCSS.DLL MD5: 4B4E9358F85B3902494C1FD8999558F2 SHA1: 2B567418 25628E7F 0C6567AC 1FD0CCB3 6ECA2F7D File Size: 1 105 920 The original RPCSS.DLL has been successfully restore using RegRun Warrior from the Windows installation CD. Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to […]
More…

Removed: WMocib.dll (trojan Cimag)

Malware: tulbap.exe Removed: C:\WINDOWS\WMocib.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: Pvesodurexur Author: Vicarious Visions, Inc. Related File: C:\WINDOWS\WMOCIB.DLL (random filename) Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Nwati Value: Qxatovuz, Fqoxode, wabufodizire, Khebax Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Pvesodurexur File: C:\WINDOWS\[ranom filename].DLL (author: Vicarious Visions, Inc.) —————————————————————————————————————————- Classification: […]
More…

Removed: C:\Documents and Settings\Administrator\Application Data\winnsvc.exe

Malware: PIC0737830249202010.JPG.exe Removed: C:\Documents and Settings\Administrator\Application Data\winnsvc.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Windows System Manager Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WINNSVC.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Windows System Manager Files: C:\Documents and Settings\Administrator\Application Data\winnsvc.exe —————————————————————————————————————————- Classification: Antivirus Version Last […]
More…

Removed: ..\Local Settings\Temp\hmacrokicbi.sys (trojan Rustock)

Malware: un1uox4ts.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\hmacrokicbi.sys —————————————————————————————————————————- Features of the malware: Unique keys: krnl_sleepfreq, krnl_servers_list Unique files: C:\WINDOWS\system32\drivers\str.sys —————————————————————————————————————————- After first reboot detected by UnHackMe: Item Name: mgkvgpf (random item name) Author: Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\HMACROKICBI.SYS (random filename) Type: Services detected by Partizan File version: 6.0.2600.1 Description: IIS 4.0 Metadata Synchronizer Copyright: © Microsoft Corporation. […]
More…

Removed: knqd.exe

Malware: media.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\knqd.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: ol1s Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\KNQD.EXE Type: Explorer Run Item Name: knqd.exe Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\KNQD.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.27 – Kaspersky 7.0.0.125 2010.05.27 – […]
More…

Removed: Hare.exe, javawsdp.exe (trojan Parkchicers)

Malware: Hare.exe Removed: C:\Program Files\Hare\Hare.exe C:\Program Files\JAVA\javawsdp.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Hare Author: Related File: C:\PROGRAM FILES\HARE\HARE.EXE Type: Registry Run Item Name: javawsdp Author: Related File: C:\PROGRAM FILES\JAVA\JAVAWSDP.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.27 Trojan.Generic.4000369 Kaspersky 7.0.0.125 2010.05.27 Trojan.Win32.Scar.cgez […]
More…

Removed: C:\Program Files\Common Files\PushWare\cpush.dll (adware Sogou)

Malware: ad10535.exe Removed: C:\Program Files\Common Files\PushWare\cpush.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: {11F09AFD-75AD-4E51-AB43-E09E9351CE16} Author: Related File: C:\PROGRAM FILES\COMMON FILES\PUSHWARE\CPUSH.DLL Type: Browser Helper Objects Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.28 Dropped:Adware.Sogou.Gen Kaspersky 7.0.0.125 2010.05.28 Trojan.Win32.BHO.agsb Microsoft 1.5802 2010.05.28 Program:Win32/Sogou NOD32 5154 2010.05.28 a variant of […]
More…

Removed: C:\WINDOWS\nodkrm.exe (backdor Poison)

Malware: C:\sand-box\Ident.exe Removed: C:\WINDOWS\nodkrm.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: nodkrm.exe Author: Biohazard Crew Related File: C:\WINDOWS\NODKRM.EXE Type: Detected using Heuristic Algorithm Item Name: Microsoft Svchost local services Author: Related File: C:\WINDOWS\NODKRM.EXE Type: Registry Run After first reboot detected by UnHackMe: Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result […]
More…

Removed: C:\WINDOWS\system32\wrdr.kuo (trojan Oficla/Sasfis)

Malware: C:\sand-box\delta1_1.exe Removed: C:\WINDOWS\system32\wrdr.kuo —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe wrdr.kuo gxsad Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.27 Trojan.Generic.3310239 Kaspersky 7.0.0.125 2010.05.27 Trojan.Win32.Sasfis.ahqj Microsoft 1.5802 2010.05.27 TrojanDropper:Win32/Oficla.G NOD32 5149 2010.05.27 a variant of Win32/Kryptik.DBO —————————————————————————————————————————- […]
More…

Removed: wmsetup.exe, C:\Program Files\WindowsUpdate\svohcst.exe

Malware: ppsvip.exe Removed: C:\Program Files\WindowsUpdate\wmsetup.exe C:\Program Files\WindowsUpdate\svohcst.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe C:\progra~1\WindowsUpdate\wmsetup.exe Type: System.ini Item Name: svohcst.exe Author: Related File: C:\PROGRA~1\WINDOWSUPDATE\SVOHCST.EXE Type: Running Processes After first reboot detected by UnHackMe: Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.27 […]
More…

Removed: C:\WINDOWS\system32\Storm2.exe (trojan Scar)

Malware: C:\sand-box\player.exe Removed: C:\WINDOWS\system32\Storm2.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: .txt Author: Unknown Related File: d:\Browsers.exe %1 Type: Main File Extensions Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\Storm2.exe Type: UserInit Value Item Name: WBOpen Author: Related File: C:\WINDOWS\SYSTEM32\STORM2.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update […]
More…

Restored: WS2IFSL.SYS (trojan TDSS/Alureon/Olmarik)

Malware: C:\sand-box\Ultimate Codes.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS —————————————————————————————————————————- Detected by RegRun Warrior: Item Name: WS2IFSL.SYS Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS Type: Detected using Heuristic Algorithm The original WS2IFSL.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 […]
More…

Removed: popguide_joy1004.dll, lineguide.dll, popguide_joy1004_update.exe, lineguideup.exe (trojan Troxen/BHO)

Malware: C:\sand-box\joy1004_20080610.exe Removed: C:\Program Files\popguide\popguide_joy1004.dll C:\Program Files\ lineguide\lineguide.dll C:\Program Files\ popguide\popguide_joy1004_update.exe C:\Program Files\ lineguide\lineguideup.exe ————————————————————————————————————————— Detected by UnHackMe: Item Name: {4CD223EC-0998-4925-BF86-A3FAB13C58EB} Author: TODO: Related File: C:\PROGRAM FILES\POPGUIDE\POPGUIDE_JOY1004.DLL Type: Browser Helper Objects Item Name: {AD12AEF1-4348-4055-9DEF-4E5738E3F163} Author: Unknown Related File: C:\PROGRAM FILES\LINEGUIDE\LINEGUIDE.DLL Type: Browser Helper Objects Item Name: popguide Author: TODO: Related File: C:\PROGRAM FILES\POPGUIDE\POPGUIDE_JOY1004_UPDATE.EXE Type: Registry […]
More…

Removed: Cmoney.dll, Cmoney.exe korinstll.exe (trojan BHO)

Malware: C:\sand-box\cmoney_03_update20090423.exe Removed: C:\Program Files\Cmoney\Cmoney.dll C:\Program Files\Cmoney\Cmoney.exe C:\Program Files\Cmoney\korinstll.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: {1DBB2DF6-98E2-4433-8FA6-BB00ACD39458} Author: TODO: Related File: C:\PROGRAM FILES\CMONEY\CMONEY.DLL Type: Browser Helper Objects Item Name: korinstll Author: TODO: Related File: C:\PROGRAM FILES\CMONEY\KORINSTLL.EXE Type: Registry Run Item Name: Cmoney Author: TODO: Related File: C:\PROGRAM FILES\CMONEY\CMONEY.EXE Type: Registry Run Removal Results: Success Number of […]
More…

Removed: moreinfoup.exe, swisher.exe, futureweb_futureweb_20100128.exe (trojan Troxen)

Malware: C:\sand-box\moreinfo_20090206_re.exe Removed: C:\Program Files\moreinfo\moreinfoup.exe C:\Program Files\swisher\swisher.exe C:\Windows\Temp\futureweb_futureweb_20100128.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: {EABB6254-5CE9-44FA-BA27-5B0D2A4D360D} Author: Related File: C:\PROGRAM FILES\FUTUREWEB\FUTUREWEB.DLL Type: Browser Helper Objects Item Name: moreinfo Author: Unknown Related File: C:\PROGRAM FILES\MOREINFO\MOREINFOUP.EXE Type: Registry Run Item Name: {4C8E314F-7D10-4380-AC6C-B7D6EDA82F74} Author: Related File: C:\PROGRAM FILES\FUTUREWEB\FUTUREWEB.DLL Type: Browser Helper Objects Item Name: swisher Author: Unknown Related File: […]
More…

Removed: pointmania.exe

Malware: pointmania.exe Removed: C:\Program Files\pointmania\pointmania.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: pointmania Author: Related File: C:\Program Files\pointmania\pointmania.exe Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.27 – Kaspersky 7.0.0.125 2010.05.27 – Microsoft 1.5802 2010.05.27 TrojanSpy:Win32/Mafod!rts NOD32 5149 2010.05.27 probably unknown NewHeur_PE —————————————————————————————————————————- Additional information […]
More…

Removed: C:\WINDOWS\system32\wloqv.exe (add key \Internet Explorer\Main\TabProcGrowth)

Malware: C:\sand-box\521.exe Removed: C:\WINDOWS\system32\wloqv.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,wloqv.exe (random filename) Type: UserInit Value Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.27 Trojan.Peed.Gen Kaspersky 7.0.0.125 2010.05.27 Trojan.Win32.Pincav.aamj Microsoft 1.5802 2010.05.27 Trojan:Win32/Malagent NOD32 5148 2010.05.26 a variant of Win32/Kryptik.DXI —————————————————————————————————————————- […]
More…

Removed: Desktop Security 2010.exe, securitycenter.exe, security.exe (FakeAV – Desktop Security 2010)

Malware: C:\sand-box\security.exe Removed: C:\Documents and Settings\Administrator\Application Data\Desktop Security 2010\Desktop Security 2010.exe C:\Documents and Settings\Administrator\Application Data\Desktop Security 2010\securitycenter.exe C:\sand-box\security.exe Scan system… —————————————————————————————————————————- Detected by UnHackMe: Item Name: Desktop Security 2010 Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\DESKTOP SECURITY 2010\DESKTOP SECURITY 2010.EXE Type: Registry Run Item Name: SecurityCenter Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\DESKTOP […]
More…

Removed: PRAGMAd.sys, wsdkrlxp.exe (variant of TDSS trojan)

Malware: C:\sand-box\ad.exe Removed: C:\WINDOWS\PRAGMAnlpcbvtkpy\PRAGMAd.sys C:\Documents and Settings\Administrator\Local Settings\Temp\wsdkrlxp.exe —————————————————————————————————————————- After first reboot detected by UnHackMe: Item Name: PRAGMAnlpcbvtkpy Author: Related File: C:\WINDOWS\PRAGMANLPCBVTKPY\PRAGMAD.SYS Type: Services detected by Partizan Item Name: wsdkrlxp.exe Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WSDKRLXP.EXE Type: Registry Run Removal Results: Success Number of reboot: 2 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.26 […]
More…

Removed: ..\Local Settings\Temp\explorer.exe (worm VBNA)

Malware: z.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\explorer.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Microsoft Windows Hosting Service Login Author: BCN Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\EXPLORER.EXE Type: Registry Run Item Name: explorer.exe Author: Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\EXPLORER.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.25 Trojan.Generic.3866640 Kaspersky […]
More…

Removed: C:\WINDOWS\system32\0041.DLL (trojan Witkinat)

Malware: Browser_Update.exe Removed: C:\WINDOWS\system32\0041.DLL —————————————————————————————————————————- Detected by UnHackMe: Item Name: AppInit_DLLs Author: Unknown Related File: C:\WINDOWS\system32\0041.DLL Type: List of Injected DLLs Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.24 Trojan.Generic.KD.10557 Kaspersky 7.0.0.125 2010.05.24 Trojan-Spy.Win32.Insain.wz Microsoft 1.5802 2010.05.24 Trojan:Win32/Sisproc NOD32 5142 2010.05.24 Win32/Witkinat.A —————————————————————————————————————————- Additional information File […]
More…

Removed: C:\cleansweep.exe\cleansweep.exe (trojan SpyEyes)

Malware: load.exe Removed: C:\cleansweep.exe\cleansweep.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: cleansweep.exe Author: Related File: C:\CLEANSWEEP.EXE\CLEANSWEEP.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.25 Trojan.Generic.KD.13526 Kaspersky 7.0.0.125 2010.05.25 Trojan-Spy.Win32.SpyEyes.if Microsoft 1.5802 2010.05.24 – NOD32 5142 2010.05.24 – —————————————————————————————————————————- Additional information File size: 150016 bytes […]
More…

Removed: alggui.exe, adc_w32.dll C:\Program Files\svchost.exe (FakeAV – XJR Antivirus aka AKM Antivirus 2010 Pro)

Malware: C:\sand-box\Windows_Protector.exe Removed: C:\Program Files\alggui.exe C:\Program Files\adc_w32.dll C:\Program Files\svchost.exe —————————————————————————————————————————- Detected by RegRun Warrior: Item Name: .exe Author: Unknown Related File: C:\Program Files\alggui.exe “%1″ %* Type: Main File Extensions Item Name: {149256D5-E103-4523-BB43-2CFB066839D6} Author: ADC – AntiSpyware Related File: C:\PROGRAM FILES\ADC_W32.DLL Type: Browser Helper Objects Item Name: AdbUpd Author: Related File: C:\PROGRAM FILES\SVCHOST.EXE Type: Drivers Removal […]
More…

Removed: C:\WINDOWS\system32\drivers\lefed9b.sys (trojan Otlard)

Malware: C:\sand-box\agressive.exe Removed: C:\WINDOWS\system32\drivers\lefed9b.sys —————————————————————————————————————————- After first reboot detected by UnHackMe: Item Name: lefed9b Author: Related File: C:\WINDOWS\SYSTEM32\DRIVERS\LEFED9B.SYS (random filename) Type: Services detected by Partizan Removal Results: Success Number of reboot: 2 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.24 Trojan.Generic.3733323 Kaspersky 7.0.0.125 2010.05.24 Trojan-Dropper.Win32.Agent.btzb Microsoft 1.5802 2010.05.24 TrojanDropper:Win32/Otlard.A NOD32 5141 2010.05.24 a […]
More…

Removed: ..\Application Data\Windows Server\fgwckv.dll

Malware: C:\sand-box\setup113.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Application Data\Windows Server\fgwckv.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: AppSecDll Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\WINDOWS SERVER\FGWCKV.DLL Type: Application Security DLLs Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.24 Suspicious:W32/Malware!Gemini Kaspersky 7.0.0.125 2010.05.23 – Microsoft 1.5802 2010.05.24 […]
More…

Removed: 24531.dll (trojan OnLineGames)

Malware: C:\sand-box\abc.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\24531.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: AppInit_DLLs Author: Unknown Related File: ,C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\24531.dll (random filename) Type: List of Injected DLLs Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.24 Trojan.Generic.3950428 Kaspersky 7.0.0.125 2010.05.24 Trojan-GameThief.Win32.OnLineGames.wtyd Microsoft 1.5802 2010.05.24 PWS:Win32/OnLineGames.HQ NOD32 5141 2010.05.24 […]
More…

Removed: C:\WINDOWS\system32\aspimgr.exe (worm Aspxor)

Malware: C:\sand-box\v103.exe Removed: C:\WINDOWS\system32\aspimgr.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: aspimgr Author: Microsoft Corporation Related File: C:\WINDOWS\system32\aspimgr.exe Type: Auto Services Item Name: aspimgr.exe Author: Related File: C:\WINDOWS\SYSTEM32\ASPIMGR.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.24 Trojan.PWS.Agent.RWD Kaspersky 7.0.0.125 2010.05.24 Net-Worm.Win32.Aspxor.he Microsoft 1.5802 2010.05.24 […]
More…

Removed: MS29f.exe (FakeAV – My Security Engine)

Malware: C:\sand-box\MS6ad1.exe Removed: C:\Documents and Settings\All Users\Application Data\9b01d\MS29f.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: My Security Engine Author: Live PC. Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\9B01D\MS29F.EXE Type: Registry Run Item Name: MS29f.exe Author: Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\9B01D\MS29F.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version […]
More…

Restored: I8042PRT.SYS (trojan TDSS)

Malware: C:\sand-box\win.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS —————————————————————————————————————————- The original I8042PRT.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Item Name: I8042PRT.SYS Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS Type: Detected using Examiner mode Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.21 Trojan.TDss.ADV Kaspersky 7.0.0.125 2010.05.21 […]
More…

Removed: C:\Documents and Settings\Administrator\ctfmon.exe (worm Rimecud)

Removed: C:\Documents and Settings\Administrator\ctfmon.exe —————————————————————————————————————————- Detected by UnHackMe in “Malti AV scan”: CTFMON.EXE Default location: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\CTFMON.EXE MD5: 26CD08E868F9FDE5F28A6634B3E42F13 SHA1: 2CAFF9A7 B11C67DC 1943A74B ADB6C90E A7637E78 File Size: 159 744 Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.22 Gen:Variant.Rimecud.2 Kaspersky 7.0.0.125 2010.05.23 – Microsoft 1.5802 2010.05.23 […]
More…

Removed: C:\WINDOWS\svchost.exe (trojan VBInject)

Malware: IOIzo4rkW5V3SseNqcRE1OZu.exe Removed: C:\WINDOWS\svchost.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: svchost.exe Author: Rundll32 Related File: C:\WINDOWS\SVCHOST.EXE Type: Detected using Heuristic Algorithm Item Name: Microsoft© Operating System: Author: Related File: C:\WINDOWS\SVCHOST.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.22 – Kaspersky 7.0.0.125 2010.05.22 – […]
More…

Removed: upcssc.exe (trojan EggDrop)

Removed: C:\RECYCLER\S-1-5-21-3230530296-2333085751-349345971-1378\upcssc.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: taskman Author: Unknown Related File: C:\RECYCLER\S-1-5-21-3230530296-2333085751-349345971-1378\UPCSSC.EXE Type: Winlogon System Item Name: upcssc.exe Author: Unknown Related File: C:\RECYCLER\S-1-5-21-3230530296-2333085751-349345971-1378\UPCSSC.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.11 Trojan.Generic.3672926 Kaspersky 7.0.0.125 2010.05.11 Backdoor.Win32.EggDrop.atl Microsoft 1.5703 2010.05.11 VirTool:Win32/DelfInject.gen!BI NOD32 […]
More…

Removed: scdll.exe (DNS Changer – trojan blocking addresses many antivirus sites)

Malware: Load.exe Removed: C:\WINDOWS\system32\scdll.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Load Author: Related File: C:\WINDOWS\SYSTEM32\SCDLL.EXE Type: Registry Run Item Name: scdll.exe Author: Related File: C:\WINDOWS\SYSTEM32\SCDLL.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.15 – Kaspersky 7.0.0.125 2010.05.15 – Microsoft 1.5703 2010.05.14 – NOD32 […]
More…

Removed: test.exe (trojan Sasfis)

Malware: C:\sand-box\test.exe Removed: C:\sand-box\test.exe (Live Messenger) —————————————————————————————————————————- Detected by UnHackMe: Item Name: Live Messenger Author: H761134cB953024RJO6961831618 Related File: C:\SAND-BOX\TEST.EXE Type: Registry Run Item Name: test.exe Author: Related File: C:\SAND-BOX\TEST.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.22 Worm:W32/Autorun.NQ Kaspersky 7.0.0.125 2010.05.22 Trojan.Win32.Sasfis.anku Microsoft […]
More…

Removed: C:\WINDOWS\linkinfo.dll (virus Alman/Almanah)

Malware: C:\sand-box\xwmt.exe Removed: C:\WINDOWS\linkinfo.dll —————————————————————————————————————————- Detected by RegRun Warrior: Item Name: linkinfo.dll Author: Microsoft Corporation Related File: C:\WINDOWS\LINKINFO.DLL Type: Redirected DLLs Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.14 Win32.Almanahe.D Kaspersky 7.0.0.125 2010.05.14 Virus.Win32.Alman.b Microsoft 1.5703 2010.05.14 Virus:Win32/Almanahe.B NOD32 5115 2010.05.14 Win32/Alman.NAB —————————————————————————————————————————- Additional information File […]
More…

Removed: myztdv.exe (trojan Small.D)

Malware: server1.exe Removed: C:\WINDOWS\system32\myztdv.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: vcmdsvc (“vemote Command Service”/”vindows Resource Kit”) Author: Related File: C:\WINDOWS\system32\myztdv.exe (random filename) Type: Auto Services Item Name: myztdv.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\MYZTDV.EXE (random filename) Type: Running Processes After first reboot detected by UnHackMe: Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version […]
More…

Removed: C:\WINDOWS\WinLogon.exe (trojan Meredrop)

Malware: pics.exe Removed: C:\WINDOWS\WinLogon.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: WinLogon.exe Author: Microsoft Related File: C:\WINDOWS\WINLOGON.EXE Type: Running Processes After first reboot detected by UnHackMe: Item Name: WinLogon Author: Related File: C:\WINDOWS\WinLogon.exe Type: Registry Run Removal Results: Success Number of reboot: 2 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.21 Trojan.Generic.3817833 Kaspersky 7.0.0.125 […]
More…

Removed: ..\ACD Systems\ACDSee\Imagefw.ddf (backdoor Zegost)

Malware: C:\sand-box\web.exe Removed: C:\Documents and Settings\Administrator\Application Data\ACD Systems\ACDSee\Imagefw.ddf —————————————————————————————————————————- Detected by UnHackMe: Item Name: HidServ Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\APPLIC~1\ACDSYS~1\ACDSEE\IMAGEFW.DDF Type: Svchost DLLs Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result Kaspersky 7.0.0.125 2010.05.21 Trojan-PSW.Win32.Bjlog.hgx Microsoft 1.5802 2010.05.21 Backdoor:Win32/Zegost.B NOD32 5136 2010.05.21 a variant of Win32/Redosdru.ED —————————————————————————————————————————- Additional information […]
More…

Removed: 799d.exe, 977o.dll, tmp.exe, 9bee.dll, ms.job (trojan Adload)

Malware: qd.exe Removed: C:\WINDOWS\system32\799d.exe C:\WINDOWS\system32\977o.dll C:\WINDOWS\Temp\tmp.exe C:\WINDOWS\Tasks\ms.job C:\WINDOWS\system32\9bee.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: {C15134ED-31C1-4b17-B04E-FFFAB993EFA2} Author: Beijing Angels Technology ltd. Related File: C:\WINDOWS\SYSTEM32\977O.DLL Type: Browser Helper Objects Item Name: OSS Author: Related File: C:\WINDOWS\system32\799d.exe Type: Auto Services Item Name: home.lnk Author: Unknown Related File: C:\WINDOWS\TEMP\TMP.EXE Type: Common Startup Folder Item Name: 799d.exe Author: Unknown Related […]
More…

Removed: C:\WINDOWS\Help\wacult.exe (trojan Beastdoor)

Malware: video.exe Removed: C:\WINDOWS\Help\wacult.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: WinXPService Author: mIRC Co. Ltd. Related File: C:\WINDOWS\HELP\WACULT.EXE Type: Registry Run Item Name: wacult.exe Author: Related File: C:\WINDOWS\HELP\WACULT.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.18 Trojan.Dropper.Delf.AIN Kaspersky 7.0.0.125 2010.05.18 Backdoor.Win32.Beastdoor.206.p Microsoft 1.5802 […]
More…

Removed: C:\WINDOWS\system\winlogon.exe (trojan for users vkontakte.ru)

Malware: new.exe Removed: C:\WINDOWS\system\winlogon.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system\winlogon.exe Type: UserInit Value Item Name: winlogon.exe Author: Related File: C:\WINDOWS\SYSTEM\WINLOGON.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.21 Trojan.Generic.KD.12015 Kaspersky 7.0.0.125 2010.05.21 – Microsoft 1.5802 2010.05.20 – […]
More…

Restored: C:\WINDOWS\system32\midimap.dll (trojan OnLineGames)

Malware: jx3bigfoot.exe Restored: C:\WINDOWS\system32\midimap.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: MIDIMAP.DLL Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\MIDIMAP.DLL Type: Infected System Files Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.21 Dropped:Trojan.Generic.3947112 Kaspersky 7.0.0.125 2010.05.21 – Microsoft 1.5802 2010.05.20 – NOD32 5134 2010.05.21 a variant of Win32/PSW.OnLineGames.OVO —————————————————————————————————————————- […]
More…

Removed: C:\Arquivos de programas\jusched.exe (trojan Banker – variant of the virus from Portugal or Brazil)

Malware: fotos.jpg.exe Removed: C:\Arquivos de programas\jusched.exe —————————————————————————————————————————- Detected by UnHackMe in “Multi AV scan” mode: JUSCHED.EXE Default location: C:\ARQUIVOS DE PROGRAMAS\JUSCHED.EXE MD5: 2982CBD80F72D5EFE1EAA18E7AD9CDAE SHA1: 692D0B29 9E25B5E8 E54F85F1 23663E3C D4B13F9E File Size: 17 925 120 Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.21 Gen:Trojan.Heur.@R0@t5ZbEmhOh Kaspersky 7.0.0.125 2010.05.21 […]
More…

Removed: Xss.exe (trojan Sisron)

Malware: C:\sand-box\xssi.exe Removed: C:\Program Files\Common Files\System\Xss.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Xss Author: Related File: C:\PROGRA~1\COMMON~1\SYSTEM\XSS.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.04.06 Trojan.Generic.3566495 Kaspersky 7.0.0.125 2010.04.06 Trojan-Downloader.Win32.Genome.andy Microsoft 1.5605 2010.04.06 Trojan:Win32/Sisron NOD32 5004 2010.04.06 probably a variant of Win32/TrojanDownloader.Delf.PCX —————————————————————————————————————————- […]
More…

Removed: 5f37.dll (trojan Redosdru – hotmail.mail.service)

Malware: C:\sand-box\3322.exe Removed: C:\WINDOWS\system32\5f37.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: .hotmail.mail.service Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\5F37.DLL (random filename) Type: Svchost DLLs Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.21 – Kaspersky 7.0.0.125 2010.05.21 – Microsoft 1.5802 2010.05.20 Trojan:Win32/Redosdru.E NOD32 5133 2010.05.20 Win32/Redosdru.AA —————————————————————————————————————————- Additional information […]
More…

Removed: systems.exe (SMS Locker for Russian users – the virus replaces the browsers)

Malware: C:\sand-box\fewb.exe Removed: C:\Documents and Settings\All Users\systems.exe   —————————————————————————————————————————- Detected by RegRun Warrior: Item Name: Shell Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\SYSTEMS.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.19 Suspicious:W32/Malware!Gemini Kaspersky 7.0.0.125 2010.05.19 Trojan-Ransom.Win32.PinkBlocker.bhm Microsoft 1.5802 2010.05.18 Trojan:Win32/Ransom.AJ NOD32 5127 […]
More…

Removed: srnh.lto (trojan Oficla)

Malware: C:\sand-box\file.exe Removed: C:\WINDOWS\system32\srnh.lto —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe srnh.lto iqfnr Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.19 Gen:Variant.Oficla.2 Kaspersky 7.0.0.125 2010.05.19 Trojan.Win32.Agent2.cqzi Microsoft 1.5802 2010.05.18 Trojan:Win32/Oficla.M NOD32 5129 2010.05.19 Win32/Oficla.GQ —————————————————————————————————————————- I use UnHackMe […]
More…

Removed: AutoRun.inf, re008.exe (backdoor Hupigon)

Malware: C:\sand-box\13cmd.exe Removed: C:\AutoRun.inf C:\WINDOWS\system32\re008.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: C:\autorun.inf Author: Unknown Related File: C:\autorun.inf Type: Autorun.inf Item Name: windows Author: Related File: C:\WINDOWS\system32\re008.exe Type: Auto Services Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.04.16 Backdoor.Hupigon.AYYX Kaspersky 7.0.0.125 2010.04.17 Trojan.Win32.Inject.abzf Microsoft 1.5605 2010.04.17 VirTool:Win32/DelfInject.gen!L […]
More…

Removed: xpupdate.exe (trojan Zmunik)

Malware: marihuana.exe Removed: C:\RECYCLER\S-1-5-21-8045356290-6121975054-165933445-1941\xpupdate.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: taskman Author: IM Related File: C:\RECYCLER\S-1-5-21-8045356290-6121975054-165933445-1941\XPUPDATE.EXE Type: Winlogon System Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.04.25 Trojan.Generic.2518861 Kaspersky 7.0.0.125 2010.04.25 Trojan.Win32.Zmunik.rb Microsoft 1.5703 2010.04.24 VirTool:Win32/VBInject.DA NOD32 5057 2010.04.24 Win32/Injector.AAH —————————————————————————————————————————- Additional information File size: 234944 […]
More…

Removed: msbb.exe (adware 180Solutions)

Malware: c:\sand-box\msbb.exe Removed: c:\sand-box\msbb.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: msbb Author: 180solutions, Inc. Related File: C:\SAND-BOX\MSBB.EXE Type: Registry Run Item Name: msbb.exe Author: Related File: C:\SAND-BOX\MSBB.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.19 Adware:W32/180Solutions Kaspersky 7.0.0.125 2010.05.19 not-a-virus:AdWare.Win32.180Solutions Microsoft 1.5802 2010.05.18 […]
More…

Removed: 6TO4EX.DLL, iejore.exe, autorun.inf, SNOWFALL.EXE, F00030562K.CMD, TencentQQ.exe (trojan Obfuscator)

Malware: css.exe Removed: C:\WINDOWS\SYSTEM32\6TO4EX.DLL C:\Program Files\Common Files\Microsoft Shared\MSINFO\iejore.exe C:\autorun.inf C:\WINDOWS\SYSTEM32\SNOWFALL.EXE C:\WINDOWS\SYSTEM32\F00030562K.CMD C:\WINDOWS\TencentQQ.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: 6to4 Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\6TO4EX.DLL Type: Svchost DLLs Item Name: shell Author: Unknown Related File: Explorer.exe C:\Program Files\Common Files\Microsoft Shared\MSINFO\iejore.exe Type: System.ini Item Name: C:\autorun.inf Author: Unknown Related File: C:\autorun.inf Type: Autorun.inf Item Name: 360rpt.exe […]
More…

Restored: COMRES.DLL (trojan OnLineGames)

Malware: C:\sand-box\1.exe Restored: C:\WINDOWS\SYSTEM32\COMRES.DLL —————————————————————————————————————————- Detected by UnHackMe: Item Name: COMRES.DLL Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\COMRES.DLL Type: Infected System Files The original COMRES.DLL has been successfully restore using RegRun Warrior from the Windows installation CD. Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.04.27 Suspicious:W32/Malware!Gemini Kaspersky […]
More…

Removed: ctfmoon.exe, lsess.com, iexplor.bat, ruixing.exe (trojan Genome)

Malware: aaa.exe Removed: C:\WINDOWS\ctfmoon.exe C:\Program Files\Common Files\Microsoft Shared\lsess.com C:\iexplor.bat C:\WINDOWS\system32\ruixing.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: ctfmoon.exe Author: Unknown Related File: C:\WINDOWS\CTFMOON.EXE Type: Detected using Heuristic Algorithm Item Name: 0\0 Author: Unknown Related File: C:\WINDOWS\System32\GroupPolicy\Machine\C:\Program Files\Common Files\Microsoft Shared\lsess.com Type: All Users – Scripts at Logon Item Name: 0\1 Author: Unknown Related File: C:\WINDOWS\System32\GroupPolicy\Machine\C:\windows\ctfmoon.exe Type: All […]
More…

Restored: INTELIDE.SYS (trojan TDSS/Alureon/Olmarik)

Malware: C:\sand-box\1.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\INTELIDE.SYS —————————————————————————————————————————- Detected by UnHackMe: Item Name: INTELIDE.SYS Related File: C:\WINDOWS\SYSTEM32\DRIVERS\INTELIDE.SYS Type: Detected using Heuristic Algorithm The original INTELIDE.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.20 Trojan.TDss.ADZ Kaspersky 7.0.0.125 2010.05.20 […]
More…

Removed: packupdate_build107_2045.exe (FakeAV – My Security Engine)

Malware: packupdate_build107_2045.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\packupdate_build107_2045.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: MSE Author: Related File: “C:\Documents and Settings\All Users\Application Data\9015c56\MySecurityEngine.exe” /s Type: Registry Run Item Name: MSE Author: Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\packupdate_build107_2045.exe /cs:1 Type: Registry RunOnce Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.18 Gen:Variant.Ursnif.8 […]
More…

Removed: ggnxxjbtssd.exe (trojan Malagent)

Malware: n0.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Application Data\gmlorjaqs\ggnxxjbtssd.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: ggnxxjbtssd.exe Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GMLORJAQS\GGNXXJBTSSD.EXE ([random]TSSD.EXE) Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.19 Trojan.Generic.KD.12290 Kaspersky 7.0.0.125 2010.05.19 Trojan.Win32.FraudPack.awme Microsoft 1.5802 2010.05.18 Trojan:Win32/Malagent NOD32 […]
More…

Removed: nuxmuhj85.dll (worm Ambler)

Malware: C:\sand-box\Dr.exe Removed: C:\WINDOWS\system32\nuxmuhj85.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: {F6A486E1-BEE6-4CE1-93BA-E5647F452050} Author: RoverSoft LLC Related File: C:\WINDOWS\system32\NUXMUHJ85.DLL Type: Browser Helper Objects Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.06 – Kaspersky 7.0.0.125 2010.05.06 – Microsoft 1.5703 2010.05.06 Worm:Win32/Ambler.A NOD32 5092 2010.05.06 – —————————————————————————————————————————- Additional information File […]
More…

Removed: gotnewupdate000.exe (FakeAV – Antimalware Doctor)

Malware: C:\sand-box\gotnewupdate000.exe Removed: C:\sand-box\gotnewupdate000.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: gotnewupdate000.exe Author: MS Related File: C:\SAND-BOX\GOTNEWUPDATE000.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.19 Trojan.Generic.KD.12628 Kaspersky 7.0.0.125 2010.05.19 – Microsoft 1.5802 2010.05.18 – NOD32 5126 2010.05.19 – —————————————————————————————————————————- Additional information File size: 724992 […]
More…

Removed: seupd.exe, Updater.job (change search plug-in)

Malware: inst1018wse.exe Removed: C:\Documents and Settings\All Users\Application Data\Update\seupd.exe C:\WINDOWS\Tasks\Updater.job —————————————————————————————————————————- Detected by UnHackMe: Item Name: Updater Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\UPDATE\SEUPD.EXE Type: Scheduled Tasks Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.19 – Kaspersky 7.0.0.125 2010.05.19 – Microsoft 1.5802 2010.05.18 – NOD32 […]
More…

Removed: thxr.wgo (trojan Oficla)

Malware: C:\sand-box\file.exe Removed: C:\WINDOWS\system32\thxr.wgo —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe thxr.wgo nwfdtx Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.19 Trojan.Generic.3790833 Kaspersky 7.0.0.125 2010.05.19 Trojan.Win32.Agent.dvrt Microsoft 1.5802 2010.05.18 TrojanDropper:Win32/Oficla.G NOD32 5128 2010.05.19 Win32/Oficla.GN —————————————————————————————————————————- Additional information File […]
More…

Removed: nmklo.dll Restored: user32.DLL (trojan Pinit)

Malware: mic.exe Removed: C:\WINDOWS\system32\nmklo.dll Restored: C:\WINDOWS\system32\user32.DLL —————————————————————————————————————————- Detected by UnHackMe: NMKLO.DLL Default location: C:\sand-box\files_added\nmklo.dll MD5: 4C3FE9D49B49097D8BE58A94BB140BC5 SHA1: CDCF4F72 84A95DF8 EDE8EEEF 1A142DB7 4FBDC123 File Size: 98 304 USER32.DLL Default location: C:\sand-box\files_added\user32.dll MD5: D8C58E94A30C552FE17BA86B56F9E9E8 SHA1: ED429EB0 9BE1CE20 60E0BFE2 BE0FFA17 F943E7FD File Size: 578 560 Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update […]
More…

Removed: C:\WINDOWS\System32\aqjunayn.exe, C:\Documents and Settings\Administrator\aqjunayn.exe (trojan Wigon)

Malware: Pdoom.exe Removed: C:\WINDOWS\System32\aqjunayn.exe C:\Documents and Settings\Administrator\aqjunayn.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: aqjunayn (random item name) Author: Related File: C:\Documents and Settings\Administrator\aqjunayn.exe (random filname) Type: Registry Run Item Name: aqjunayn‚ Author: eSXi Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\AQJUNAYN‚.EXE (random filname) Type: Registry Run Item Name: aqjunayn (random item name) Author: Related File: C:\WINDOWS\System32\aqjunayn.exe (random filname) […]
More…

Removed: F_Server.bat (trojan GreyBird)

Malware: C:\sand-box\z_server.exe Removed: C:\WINDOWS\F_Server.bat —————————————————————————————————————————- Detected by UnHackMe: Item Name: Zsvipbanykcx_Service Author: Related File: C:\WINDOWS\F_Server.bat Type: Auto Services Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.17 Trojan.Generic.2326097 Kaspersky 7.0.0.125 2010.05.17 Backdoor.Win32.Hupigon.hqjh Microsoft 1.5703 2010.05.17 Backdoor:Win32/Hupigon.DD NOD32 5122 2010.05.17 probably a variant of Win32/GreyBird —————————————————————————————————————————- Additional information […]
More…

Removed: C:\NORTON\U-34543ANTI-9998887776-23234532-565\nav.exe (trojan VBInject)

Malware: nav.exe Removed: C:\NORTON\U-34543ANTI-9998887776-23234532-565\nav.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: {64KLC5K0-4OPM-00WE-AAX8-27EF1D183366} Author: C5afcFtYExLj Related File: C:\NORTON\U-34543ANTI-9998887776-23234532-565\NAV.EXE Type: ActiveSetup Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.04.26 Trojan.Generic.3453869 Kaspersky 7.0.0.125 2010.04.27 Worm.Win32.AutoRun.hci Microsoft 1.5703 2010.04.27 VirTool:Win32/VBInject.gen!DA NOD32 5063 2010.04.26 Win32/AutoRun.KS —————————————————————————————————————————- Additional information File size: 61441 bytes […]
More…

Removed: kzxshb.exe (trojan Xyligan)

Malware: C:\sand-box\system.exe Removed: C:\WINDOWS\system32\kzxshb.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: kcmdsvc (random item name) Author: Related File: C:\WINDOWS\system32\kzxshb.exe (random filename) Type: Auto Services (DisplayName: “Kemote Command Service”/Description: “kindows Resource Kit”) Item Name: kzxshb.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\KZXSHB.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result […]
More…

Removed: RbmctnC.dll (backdoor Venik)

Malware: C:\sand-box\nb.exe Removed: C:\WINDOWS\system32\RbmctnC.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: MediaCenter Author: @ Microsoft Corporation. All rights reserved. Related File: C:\WINDOWS\SYSTEM32\RBMCTNC.DLL (random filename) Type: Svchost DLLs Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.17 Backdoor.Generic.126999 Kaspersky 7.0.0.125 2010.05.17 Backdoor.Win32.Agent.tnr Microsoft 1.5703 2010.05.17 Backdoor:Win32/Venik.C NOD32 5122 2010.05.17 […]
More…

Removed: ntos.exe (trojan Zbot/Zeus)

Malware: ldr.exe Removed: C:\WINDOWS\system32\ntos.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe, Type: UserInit Value Item Name: userinit Author: Unknown Related File: C:\WINDOWS\SYSTEM32\NTOS.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.15 Trojan-Spy:W32/Bancos.AAM Kaspersky 7.0.0.125 2010.05.15 Trojan-Spy.Win32.Zbot.vb Microsoft 1.5703 2010.05.14 […]
More…

Removed: knagent.exe (trojan Bumat)

Malware: knagent.exe Removed: C:\Program Files\knagent\knagent.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: knagent.exe Author: Unknown Related File: C:\PROGRAM FILES\KNAGENT\KNAGENT.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.17 Trojan.Generic.2788110 Kaspersky 7.0.0.125 2010.05.17 Trojan.Win32.Scar.yrj Microsoft 1.5703 2010.05.17 Trojan:Win32/Bumat!rts NOD32 5122 2010.05.17 Win32/TrojanDownloader.Delf.PHA —————————————————————————————————————————- Additional information File […]
More…

Removed: EX9.EXE (trojan KillAV)

Malware: C:\SAND-BOX\EX9.EXE Removed: C:\SAND-BOX\EX9.EXE —————————————————————————————————————————- Detected by UnHackMe: Item Name: RunmeAtStartup Author: Related File: C:\SAND-BOX\EX9.EXE Type: Registry Run Item Name: ex9.exe Author: Related File: C:\SAND-BOX\EX9.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.17 – Kaspersky 7.0.0.125 2010.05.17 Trojan-Downloader.Win32.Small.arbp Microsoft 1.5703 2010.05.17 – NOD32 […]
More…

Removed: NsUpdate.exe (Porn-Dialer)

Malware: depucelage_virginie.exe Removed: C:\WINDOWS\NsUpdate.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: NsUpdate Author: Unknown Related File: C:\WINDOWS\NSUPDATE.EXE Type: Registry Run Item Name: NsUpdate.exe Author: Unknown Related File: C:\WINDOWS\NSUPDATE.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.14 Dialer:W32/Generic Kaspersky 7.0.0.125 2010.05.15 not-a-virus:Porn-Dialer.Win32.Generic Microsoft 1.5703 2010.05.14 […]
More…

Removed: C:\WINDOWS\system\svchost.exe (trojan-spy Agent)

Malware: killaa.exe Removed: C:\WINDOWS\system\svchost.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: svchost Author: Related File: C:\WINDOWS\system\svchost.exe Type: Auto Services Item Name: svchost.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM\SVCHOST.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.17 – Kaspersky 7.0.0.125 2010.05.17 Trojan-Spy.Win32.Agent.bfqs Microsoft 1.5703 2010.05.17 – […]
More…

Removed: ymywu.exe (trojan Zbot/Zeus)

Malware: bot.exe Removed: C:\Documents and Settings\Administrator\Application Data\Suaw\ymywu.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: {3AC771A2-FEE4-C5CD-6947-59E3EC7D2384} Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\SUAW\YMYWU.EXE (random filename) Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.17 Gen:Variant.Zbot.10 Kaspersky 7.0.0.125 2010.05.17 Packed.Win32.Krap.gx Microsoft 1.5703 2010.05.17 PWS:Win32/Zbot.gen!Y NOD32 5122 […]
More…

Removed: FamilyKeyLogger SAXP32

SAXP32 Keylogger: c:\sand-box\malware.exe Removed: c:\sand-box\malware.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Sys32V2Contoller Author: Unknown Related File: C:\SAND-BOX\MALWARE.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.16 MemScan:Application.Spyarsenal.Familykeylogger.B Kaspersky 7.0.0.125 2010.05.16 not-a-virus:Monitor.Win32.FamilyKeyLogger.a Microsoft 1.5703 2010.05.16 – NOD32 5118 2010.05.16 a variant of Win32/KeyLogger.FamilyKeyLogger.C —————————————————————————————————————————- Additional […]
More…

Removed: diedioh.exe (worm Vobfus)

Malware: malware.exe Removed: C:\Documents and Settings\Administrator\diedioh.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: diedioh Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DIEDIOH.EXE (random filename) Type: Registry Run Item Name: diedioh.exe Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DIEDIOH.EXE (random filename) Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure […]
More…

Removed: C:\WINDOWS\system\msnmsgrr.exe (Trojan Banload)

Malware: visualizar.exe Removed: C:\WINDOWS\system\msnmsgrr.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Messenger Author: Microsoft Corporation @ Related File: C:\WINDOWS\SYSTEM\MSNMSGRR.EXE Type: Registry Run Item Name: msnmsgrr.exe Author: Related File: C:\WINDOWS\SYSTEM\MSNMSGRR.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.14 Trojan.Generic.KD.11494 Kaspersky 7.0.0.125 2010.05.15 Trojan-Downloader.Win32.Genome.atcx Microsoft 1.5703 […]
More…

Removed: C:\Program Files\Wintows Publtnx\services.exe (trojan Sisron)

Malware: steup.exe Removed: C:\Program Files\Wintows Publtnx\services.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: windt32_ttnx Author: FREE Related File: C:\PROGRAM FILES\WINTOWS PUBLTNX\SERVICES.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.12 Trojan.Generic.3772243 Kaspersky 7.0.0.125 2010.05.12 Backdoor.Win32.Agent.arso Microsoft 1.5703 2010.05.12 Trojan:Win32/Sisron NOD32 5110 2010.05.12 a variant of […]
More…

Not a Virus: C:\Program Files\MacroVirus\MacroVirus.exe C:\WINDOWS\Tasks\MacroVirus Scheduled Scan.job

Malware: setup.exe Not a Virus: C:\Program Files\MacroVirus\MacroVirus.exe C:\WINDOWS\Tasks\MacroVirus Scheduled Scan.job —————————————————————————————————————————- Detected by UnHackMe: Item Name: MacroVirus Author: E-NextMedia Related File: C:\PROGRAM FILES\MACROVIRUS\MACROVIRUS.EXE Type: Registry Run Item Name: MacroVirus Scheduled Scan Author: Related File: C:\PROGRAM FILES\MACROVIRUS\MACROVIRUS.EXE Type: Scheduled Tasks Item Name: MacroVirus.exe Author: Related File: C:\PROGRAM FILES\MACROVIRUS\MACROVIRUS.EXE Type: Running Processes Removal Results: Success Number of […]
More…

Removed: C:\WINDOWS\system32\helpers32.dll, C:\WINDOWS\system32\winlogon32.exe, C:\WINDOWS\system32\smss32.exe, C:\Program Files\Securityessentials2010\SE2010.exe (Fake AV – Security Essentials 2010)

Malware: smss32.exe Removed: C:\WINDOWS\system32\helpers32.dll C:\WINDOWS\system32\winlogon32.exe C:\WINDOWS\system32\smss32.exe C:\Program Files\Securityessentials2010\SE2010.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: helpers32.dll Author: Unknown Related File: C:\WINDOWS\SYSTEM32\HELPERS32.DLL Type: WinSock2 Components Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\winlogon32.exe Type: UserInit Value Item Name: smss32.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\SMSS32.EXE Type: Registry Run Item Name: Security essentials 2010 Author: Unknown Related File: C:\PROGRAM […]
More…

Removed: 2tgfsddaew4refdsd.ime, tinlater.exe, CCTest.sys (trojan Dogrobot)

Malware: C:\sand-box\x8.exe Removed: C:\WINDOWS\system32\2tgfsddaew4refdsd.ime C:\WINDOWS\tinlater.exe C:\WINDOWS\system32\drivers\CCTest.sys —————————————————————————————————————————- Detected by UnHackMe: Item Name: E0200804 Author: Tencent Related File: C:\WINDOWS\system32\2TGFSDDAEW4REFDSD.IME (random filename) Type: Keyboard Listeners Item Name: Ms-tl_Srv Author: Related File: C:\WINDOWS\tinlater.exe Type: Auto Services After first reboot detected by UnHackMe: Item Name: CCTest Author: Microsoft Related File: C:\WINDOWS\SYSTEM32\DRIVERS\CCTEST.SYS Type: Services detected by Partizan Removal Results: Success […]
More…

Restored: C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS (trojan TDSS/Alureon)

Malware: C:\sand-box\setup.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS —————————————————————————————————————————- Detected by UnHackMe: Item Name: ATAPI.SYS Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS Type: Detected using Heuristic Algorithm The original ATAPI.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.13 – […]
More…

Removed: gjno.exe (trojan Pincav)

Malware: Adobe.exe Removed: C:\Documents and Settings\Administrator\Application Data\gjno.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: taskman Author: Adobe Systems Incorporated Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\GJNO.EXE Type: Winlogon System Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.14 Trojan.Generic.KD.11084 Kaspersky 7.0.0.125 2010.05.14 Trojan.Win32.Pincav.zqh Microsoft 1.5703 2010.05.14 VirTool:Win32/VBInject.DW NOD32 5115 […]
More…

Removed: C:\WINDOWS\Fonts\services.exe (trojan Swisyn)

Malware: C:\sand-box\banner.exe Removed: C:\WINDOWS\Fonts\services.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: exec Author: Related File: C:\WINDOWS\FONTS\SERVICES.EXE Type: Explorer Run Item Name: load Author: Unknown Related File: C:\WINDOWS\fonts\services.exe Type: Win.ini Item Name: run Author: Unknown Related File: C:\WINDOWS\fonts\services.exe Type: Win.ini Item Name: services.exe Author: Related File: C:\WINDOWS\FONTS\SERVICES.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 […]
More…

Removed: msorcsvp.dll (trojan Frethog)

Malware: C:\sand-box\w.exe Removed: C:\WINDOWS\system32\msorcsvp.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: iqvxzd Author: Unknown Related File: C:\WINDOWS\SYSTEM32\MSORCSVP.DLL Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.12 Dropped:Trojan.PWS.Onlinegames.KDDP Kaspersky 7.0.0.125 2010.05.12 Trojan-Dropper.Win32.Agent.cagb Microsoft 1.5703 2010.05.12 PWS:Win32/Frethog.MK NOD32 5106 2010.05.11 Win32/PSW.WOW.NOW —————————————————————————————————————————- Additional information File size: 47616 […]
More…

Removed: sysservice.exe (trojan Kolbot)

Malware: rqerr8.exe Removed: C:\WINDOWS\system32\sysservice.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Microsoft Startup Manager Author: Unknown Related File: C:\WINDOWS\SYSTEM32\SYSSERVICE.EXE Type: Registry Run Item Name: sysservice.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\SYSSERVICE.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.12 Trojan.Generic.KD.11082 Kaspersky 7.0.0.125 2010.05.12 Trojan.Win32.Scar.cdzv Microsoft […]
More…

Removed: setups.exe (trojan IRC/Xperti)

Malware: 1mai.JPG.exe Removed: C:\WINDOWS\system32\PreInstallBackups\setups.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: run Author: Unknown Related File: c:\windows\system32\preinstallbackups\setups.exe Type: Win.ini Item Name: setups.exe Author: Related File: C:\WINDOWS\SYSTEM32\PREINSTALLBACKUPS\SETUPS.EXE Type: Running Processes After first reboot detected by UnHackMe: Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.13 Backdoor.IRC.ZFJ Kaspersky 7.0.0.125 2010.05.13 […]
More…

Removed: 5ce5.dll (trojan Redosdru)

Malware: C:\sand-box\1800.exe Removed: C:\WINDOWS\system32\5ce5.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: .Net Naver com Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\5CE5.DLL (random filename) Type: Svchost DLLs Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.13 – Kaspersky 7.0.0.125 2010.05.13 – Microsoft 1.5703 2010.05.12 Trojan:Win32/Redosdru.E NOD32 5110 2010.05.12 Win32/Redosdru.DT —————————————————————————————————————————- […]
More…