lsass.exe – trojan Bumat

March 24, 2011 by NightWatcher · Leave a Comment
Filed under: Malware

The file lsass.exe is identified as the Trojan Program that is used for stealing bank information and users passwords. To delete lsass.exe we recommend you to use UnHackMe: http://www.unhackme.com Malware Analysis of lsass.exe Executed: Sons of anarchy.exe Removed: lsass.exe. Full path: C:\WINDOWS\CIDD_P\lsass.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: configuration Author: Unknown Related File: C:\WINDOWS\CONFIGURATION\CONFIGURATION.EXE Type: [...]

Tags: Bumat, lsass.exe, Trojan

lsass.exe – trojan Tracur

March 4, 2011 by NightWatcher · Leave a Comment
Filed under: Malware

We checked up the file lsass.exe and found it hazardous. The file lsass.exe must be deleted from the system immediately. Kill the process lsass.exe and remove lsass.exe from the Windows startup. Malware Analysis of lsass.exe Executed: NULL.exe Removed: lsass.exe. Full path: C:\Documents and Settings\Administrator\Application Data\SysWin\lsass.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: {CA533202-4521-4847-B3B6-2E97093CBD44} Author: Borland Software [...]

Tags: lsass.exe, Tracur, Trojan

Removed: csrss.exe, lsass.exe, msn11.exe, winpro.exe (trojan VB)

February 5, 2011 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: indir.exe Removed: C:\WINDOWS\csrss.exe C:\WINDOWS\lsass.exe C:\WINDOWS\msn11.exe C:\WINDOWS\winpro.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: csrss Author: 23423423ewere Related File: C:\WINDOWS\CSRSS.EXE Type: Registry Run Item Name: csrss.exe Author: Related File: C:\WINDOWS\CSRSS.EXE Type: Running Processes Item Name: winpro.exe Author: www.hamaci.org Related File: C:\WINDOWS\WINPRO.EXE Type: Running Processes Item Name: lsass.exe Author: mIRC Co. Ltd. Related File: C:\WINDOWS\LSASS.EXE Type: Running [...]

Tags: csrss.exe, lsass.exe, msn11.exe, Trojan, VB, winpro.exe

Removed: C:\Documents and Settings\Administrator\Application Data\Microsoft\lsass.exe (trojan Injector)

January 26, 2011 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: crypted.exe Removed: C:\Documents and Settings\Administrator\Application Data\Microsoft\lsass.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Registry Driver Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MICROSOFT\LSASS.EXE Type: Registry Run Item Name: lsass.exe Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MICROSOFT\LSASS.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: [...]

Tags: Injector, lsass.exe, Trojan

Removed: lsass.exe, msvbvm6032.exe, odbcbcp32.exe, rsaenh32.exe, avicap3232.dll, msvbvm6032.dll (trojan Tracur)

January 13, 2011 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: QuickTime_Update_KB596180.exe Removed: C:\Documents and Settings\Administrator\Application Data\SysWin\lsass.exe C:\WINDOWS\system32\msvbvm6032.exe C:\WINDOWS\system32\odbcbcp32.exe C:\WINDOWS\system32\rsaenh32.exe C:\WINDOWS\system32\avicap3232.dll C:\WINDOWS\system32\msvbvm6032.dll —————————————————————————————————————————- Detected by UnHackMe: Item Name: {59558EC7-1F34-6B59-E88A-C752DCF00C59} Author: Borland Software Corporation Related File: C:\WINDOWS\SYSTEM32\MSVBVM6032.DLL Type: Browser Helper Objects Item Name: {ACEDA6ED-18B6-412C-B3CE-C47FCE9E41Eb} Author: Borland Software Corporation Related File: C:\WINDOWS\SYSTEM32\AVICAP3232.DLL Type: Browser Helper Objects Item Name: RTHDBPL Author: Borland Software Corporation Related File: C:\DOCUMENTS AND [...]

Tags: avicap3232.dll, lsass.exe, msvbvm6032.dll, msvbvm6032.exe, odbcbcp32.exe, rsaenh32.exe, trojan Tracur

Removed: C:\Documents and Settings\Administrator\Application Data\logon.exe, C:\Documents and Settings\Administrator\Application Data\lsass.exe (trojan KDV)

January 13, 2011 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: kl.exe Removed: C:\Documents and Settings\Administrator\Application Data\logon.exe C:\Documents and Settings\Administrator\Application Data\lsass.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe “C:\Documents and Settings\Administrator\Application Data\lsass.exe” Type: System.ini Item Name: System32 Author: Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\LOGON.EXE Type: Registry Run Item Name: MSWUpdate Author: Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\LSASS.EXE Type: Registry Run [...]

Tags: logon.exe, lsass.exe, trojan KDV

Removed: C:\Documents and Settings\Administrator\Application Data\lsass.exe (trojan Agent)

December 23, 2010 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: IMG5643.exe Removed: C:\Documents and Settings\Administrator\Application Data\lsass.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe “C:\Documents and Settings\Administrator\Application Data\lsass.exe” Type: System.ini Item Name: MSWUpdate Author: Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\LSASS.EXE Type: Registry Run Item Name: lsass.exe Author: Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\LSASS.EXE Type: Running Processes Removal Results: Success Number [...]

Tags: lsass.exe, trojan Agent

Removed: setupupdater0002.exe, ohydy.exe, regedit.exe, sdra64.exe, lsass.exe, svc.exe, svw.exe, svx.exe, ope17.exe, opeB.exe, fFollower.exe (multi trojan – TDSS, Zeus, FakeAV – Antimalware Doctor)

August 17, 2010 by NightWatcher · Leave a Comment
Filed under: FakeAV, Malware

Malware: g16b2e.exe Removed: C:\Documents and Settings\Administrator\Application Data\B34B7AF9CB40065433C8C631C37A9A2D\setupupdater0002.exe C:\Documents and Settings\Administrator\Application Data\ohydy.exe C:\WINDOWS\system32\regedit.exe C:\WINDOWS\system32\sdra64.exe C:\WINDOWS\lsass.exe C:\WINDOWS\svc.exe C:\WINDOWS\svw.exe C:\WINDOWS\svx.exe C:\Documents and Settings\Administrator\Local Settings\Temp\ope17.exe C:\Documents and Settings\Administrator\Local Settings\Temp\opeB.exe C:\Documents and Settings\Administrator\Local Settings\Temp\fFollower.exe —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: 1.1 Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, Type: UserInit Value 1.2 Item Name: Follower Author: Related [...]

Tags: Antimalware Doctor, fFollower.exe, lsass.exe, ohydy.exe, ope17.exe, opeB.exe, regedit.exe, sdra64.exe, setupupdater0002.exe, svc.exe, svw.exe, svx.exe, TDSS, Zeus

Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\lsass.exe (trojan Swisyn)

July 28, 2010 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: m4l.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\lsass.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Windows Kernel Host Author: V951227GC594242kBc3313 Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\LSASS.EXE Type: Registry Run Item Name: lsass.exe Author: Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\LSASS.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Windows Kernel Host Value: “C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\lsass.exe” Registry: [...]

Tags: lsass.exe, Swisyn

Removed: lsass.exe, lToRo.exe (trojan Jorik.Lolbot)

July 27, 2010 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: Dervie.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\lsass.exe C:\Documents and Settings\Administrator\Local Settings\Temp\lToRo.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Windows Firewall Author: NRCr Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\LSASS.EXE Type: Registry Run Item Name: lsass.exe Author: Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\LSASS.EXE Type: Running Processes Item Name: {CLVQ0DSR-QSFT-LBKV-FZYX-CVZEGNEMN16E} Author: NRCr Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\LTORO.EXE Type: ActiveSetup Item Name: cHa Author: Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\LTORO.EXE Type: [...]

Tags: Jorik.Lolbot, lsass.exe, lToRo.exe

Removed: ndisrd.sys, 2488.exe, vpe0.exe, mgrls32.exe, msftldr.dll, aect.sys, qgcl.exe, scand.dll, scand.lnk, lsass.exe, srenum.sys (trojan Harnig)

July 17, 2010 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: C:\sand-box\norton_personal_firewall__8.0.2.5-keygen.exe Removed: C:\WINDOWS\system32\drivers\ndisrd.sys C:\Documents and Settings\Administrator\Local Settings\Temp\2488.exe C:\Documents and Settings\Administrator\Local Settings\Temp\vpe0.exe C:\RECYCLER\S-1-5-21-9847229874-5677669606-071316190-4569\mgrls32.exe C:\Documents and Settings\Administrator\Application Data\TeraCopy\msdllvcl72\msftldr.dll C:\WINDOWS\system32\drivers\aect.sys C:\Documents and Settings\Administrator\Local Settings\Temp\qgcl.exe C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\scand.dll C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\scand.lnk C:\lsass.exe C:\WINDOWS\system32\drivers\srenum.sys —————————————————————————————————————————- Detected by UnHackMe: Item Name: ndisrd.sys Author: NT Kernel Resources Related File: C:\WINDOWS\SYSTEM32\DRIVERS\NDISRD.SYS Type: Drivers Item Name: 4cmjc Author: Unknown Related File: [...]

Tags: 2488.exe, aect.sys, Harnig, lsass.exe, mgrls32.exe, msftldr.dll, ndisrd.sys, qgcl.exe, scand.dll, scand.lnk, srenum.sys, vpe0.exe

Removed: C:\WINDOWS\system32\drivers\winyyy.sys C:\WINDOWS\lsass.exe C:\WINDOWS\winhost.exe (trojan Tesefo)

July 9, 2010 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: ie2.exe Removed: C:\WINDOWS\system32\drivers\winyyy.sys C:\WINDOWS\lsass.exe C:\WINDOWS\winhost.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: WinMSS Author: Microsoft Corporation Related File: C:\WINDOWS\winhost.exe Type: Auto Services Item Name: winyyy.sys Author: Windows (R) 2000 DDK provider Related File: C:\WINDOWS\SYSTEM32\DRIVERS\WINYYY.SYS Type: Drivers Item Name: lsass.exe Author: Microsoft Corporation Related File: C:\WINDOWS\LSASS.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 [...]

Tags: lsass.exe, Tesefo, winhost.exe, winyyy.sys

Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\lsass.exe (trojan Injector)

June 26, 2010 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: DSC73467465JPG.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\lsass.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Local Security Authority Process Author: bthgzegy1425gsdbsdgzeg Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\LSASS.EXE Type: Registry Run Item Name: lsass.exe Author: Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\LSASS.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Local Security Authority Process Value: [...]

Tags: Injector, lsass.exe

Removed: sdra64.exe aecq.sys 917ded.exe fFollower.exe lsass.exe (combination trojans: Zbot + Harnig)

June 22, 2010 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: g6064a.exe Removed: C:\WINDOWS\system32\sdra64.exe C:\WINDOWS\system32\drivers\aecq.sys C:\Documents and Settings\Administrator\Local Settings\Temp\917ded.exe C:\Documents and Settings\Administrator\Local Settings\Temp\fFollower.exe C:\lsass.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, Type: UserInit Value Item Name: aecq.sys Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\DRIVERS\AECQ.SYS Type: Drivers Item Name: h612wm Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\917DED.EXE Type: Explorer Run Item Name: Follower Author: [...]

Tags: 917ded.exe, aecq.sys, fFollower.exe, Harnig, lsass.exe, Zbot

Removed: C:\Documents and Settings\%USERNAME%\Application Data\lsass.exe (trojan Malex)

June 6, 2010 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: vfqy.exe Removed: C:\Documents and Settings\Administrator\Application Data\lsass.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Local Security Auth. Server Author: Company A Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\LSASS.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Local Security Auth. Server Value: “C:\Documents and Settings\%USERNAME%\Application Data\lsass.exe” Files: C:\Documents [...]

Tags: lsass.exe, Malex

Removed: servicelayer.exe, svw.exe, C:\WINDOWS\lsass.exe, svc.exe, svchosty.exe, C:\WINDOWS\ctfmon.exe (trojan Microjoin)

May 4, 2010 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: Removed: C:\WINDOWS\servicelayer.exe C:\WINDOWS\svw.exe C:\WINDOWS\lsass.exe C:\WINDOWS\svc.exe C:\Documents and Settings\Administrator\Local Settings\Temp\ope6.exe C:\Documents and Settings\Administrator\Local Settings\Temp\svchosty.exe C:\WINDOWS\ctfmon.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: servicelayer Author: Unknown Related File: C:\WINDOWS\SERVICELAYER.EXE Type: Registry Run Item Name: netw Author: Unknown Related File: C:\WINDOWS\SVW.EXE Type: Registry Run Item Name: lsass Author: Unknown Related File: C:\WINDOWS\LSASS.EXE Type: Registry Run Item Name: netc [...]

Tags: ctfmon.exe, lsass.exe, Microjoin, servicelayer.exe, svc.exe, svchosty.exe, svw.exe

Removed: ..\SystemProc\lsass.exe (trojan Dursg)

April 29, 2010 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: C:\sand-box\blacko_DpAnOrOlBEnGo.exe Removed: C:\Documents and Settings\Administrator\Application Data\SystemProc\lsass.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: RTHDBPL Author: QJwQtGUCTFJj Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\SYSTEMPROC\LSASS.EXE Type: Explorer Run Item Name: lsass.exe Author: Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\SYSTEMPROC\LSASS.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.04.26 [...]

Tags: lsass.exe, SystemProc

Removed: PROGRAMS\STARTUP\lsass.exe (trojan Clicker)

April 26, 2010 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: C:\sand-box\lsass.exe Removed: C:\sand-box\lsass.exe C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\lsass.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: lsass.exe Author: ahhaa Related File: C:\SAND-BOX\LSASS.EXE Type: Registry Run Item Name: lsass.exe Author: ahhaa Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\START MENU\PROGRAMS\STARTUP\LSASS.EXE Type: Startup Folder Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.04.26 Trojan.Generic.KD.8225 [...]

Tags: lsass.exe

Removed: ope4.exe, svchosty.exe, lsass.exe, svc.exe, svw.exe (trojan Microjoin)

April 19, 2010 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: asd23434ff.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\ope4.exe C:\Documents and Settings\Administrator\Local Settings\Temp\svchosty.exe C:\WINDOWS\lsass.exe C:\WINDOWS\svc.exe C:\WINDOWS\svw.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: netw Author: Unknown Related File: C:\WINDOWS\SVW.EXE Type: Registry Run Item Name: lsass Author: Unknown Related File: C:\WINDOWS\LSASS.EXE Type: Registry Run Item Name: netc Author: Unknown Related File: C:\WINDOWS\SVC.EXE Type: Registry Run Item Name: svw.exe Author: [...]

Tags: lsass.exe, ope4.exe, svc.exe, svchosty.exe, svw.exe, Win32.Katusha

Removed: ..\Local Settings\Application Data\LSASS.EXE

April 17, 2010 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: nopic.jpg.EXE —————————————————————————————————————————- Removed: C:\Documents and Settings\Administrator\ Local Settings\Application Data\LSASS.EXE —————————————————————————————————————————- Detected by UnHackMe: Item Name: AASSKK2 Author: JPEG Image Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\LSASS.EXE Type: Registry Run Item Name: LSASS.EXE Author: Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\LSASS.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version [...]

Tags: AASSKK2, JPEG Image, lsass.exe

Removed: ..application data\systemproc\lsass.exe

April 12, 2010 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: load.exe —————————————————————————————————————————- Removed: c:\documents and settings\administrator\application data\systemproc\lsass.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.04.12 Suspicious:W32/Malware!Gemini Kaspersky 7.0.0.125 2010.04.12 P2P-Worm.Win32.Agent.aam Microsoft 1.5605 2010.04.12 VirTool:Win32/VBInject.FB NOD32 5021 2010.04.12 probably a variant of Win32/Injector.BHD —————————————————————————————————————————- Additional information File size: 299008 bytes MD5 : d11d76c6ecf6a9a87dcd510294104a66 SHA1 : ed147998d1435ac667fd05165013d11a5e24b846 SHA256: a5a9100a3a614de13b8a660714f499bebca125b2dbb21e9d40072aa13b887f77 —————————————————————————————————————————- Detected by UnHackMe: Item Name: RTHDBPL Author: [...]

Tags: lsass.exe

Removed: C:\Win\lsass.exe

April 9, 2010 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: 1544e334965af8becf6c767059890997.exe Removed: C:\Win\lsass.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.01.06 Gen:Trojan.Heur.HmNfrbUYmYkib Kaspersky 7.0.0.125 2010.01.06 Trojan-Spy.Win32.KeyLogger.cor McAfee 5852 2010.01.05 W32/YahLover.worm.gen Microsoft 1.5302 2010.01.06 – NOD32 4747 2010.01.06 Win32/Autoit.FL —————————————————————————————————————————- Additional information File size: 551669 bytes MD5 : d01ef1cc38f805230942d2bb55bfd976 SHA1 : 775bec567155d2ab5ac1d830ba801a243e68312e SHA256: aee6121605f8266079ae0919bbc7ba2b46311c903334d4e8eddb628e9934c515 —————————————————————————————————————————- Installation When the program is executed, it creates [...]

Tags: lsass.exe, run32

Removed: lsass.exe, odbnsy.exe, sms.exe, svc.exe, svw.exe

March 24, 2010 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: 55ttr.exe Removed: C:\WINDOWS\lsass.exe C:\WINDOWS\odbnsy.exe C:\WINDOWS\sms.exe C:\WINDOWS\svc.exe C:\WINDOWS\svw.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.03.24 – Kaspersky 7.0.0.125 2010.03.24 – McAfee 5930 2010.03.24 – Microsoft 1.5605 2010.03.24 TrojanDropper:Win32/Microjoin.gen!B NOD32 4971 2010.03.24 a variant of Win32/Kryptik.DFO —————————————————————————————————————————- Additional information File size: 2015744 bytes MD5 : 769c38d76e3e99a0fbf4ea58b071b371 SHA1 : 5e9c127892ccfc6df9aabd0e739749382fdc2dc5 SHA256: b6472da2cc868ec09c472acec226d95ac04e0a322db4b9b3ea61c38e5768435b —————————————————————————————————————————- Installation [...]

Tags: lsass, lsass.exe, netc, netw, odbnsy.exe, sms, sms.exe, svc.exe, svw.exe

Removed: ihaupd32.exe, vhg32.exe, vqovnpnr.exe, lsass.exe

March 23, 2010 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: C:\sand-box\n2ivc.exe Removed: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ihaupd32.exe C:\RECYCLER\S-1-5-21-6794555250-5983174292-887858100-2781\vhg32.exe C:\Documents and Settings\Administrator\Local Settings\Temp\vqovnpnr.exe C:\lsass.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.03.22 – Kaspersky 7.0.0.125 2010.03.22 – McAfee 5927 2010.03.21 – Microsoft 1.5605 2010.03.21 – NOD32 4963 2010.03.21 – —————————————————————————————————————————- Additional information File size: 21504 bytes MD5 : 383cfe21b73c13fc44a30d4d4d6b9809 SHA1 : dd44f1a533dcd5d1359f404948ec8ef36d56d99d SHA256: 4c29fbe3a7b17c89d16457a91d2fbde481dcbdff89b7ff6d47ab38286b71ce7a [...]

Tags: ihaupd32.exe, lsass.exe, vhg32.exe, vqovnpnr.exe

Removed: ctfmon.exe, lsass.exe, odbnsy.exe, sms.exe, svc.exe, svw.exe

March 18, 2010 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: 50.exe Removed: C:\WINDOWS\ctfmon.exe C:\WINDOWS\lsass.exe C:\WINDOWS\odbnsy.exe C:\WINDOWS\sms.exe C:\WINDOWS\svc.exe C:\WINDOWS\svw.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.03.17 Trojan-Dropper:W32/Mudrop.D Kaspersky 7.0.0.125 2010.03.17 Trojan-Dropper.Win32.Mudrop.hch McAfee 5922 2010.03.16 – Microsoft 1.5605 2010.03.17 TrojanDropper:Win32/Microjoin.gen!B NOD32 4950 2010.03.16 a variant of Win32/Kryptik.CZA —————————————————————————————————————————- Additional information File size: 2384384 bytes MD5 : a8edb5fae8980dcfd4bfa83c415dd761 SHA1 : df248d95560bb7c03c70fcfa053f9f2f52a4e306 SHA256: b6b1a7af5229f62e4cbd538102cadb79416334ca87d3b1a7962a9a50c269c48e —————————————————————————————————————————- Installation When the [...]

Tags: ctfmon.exe, lsass.exe, netc, netw, odbnsy.exe, sms.exe, svc.exe, svw.exe

Removed: ihaupd32.exe, ihxql.exe, lsass.exe

February 28, 2010 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: your_exe.exe Removed: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ihaupd32.exe C:\Documents and Settings\Administrator\Local Settings\Temp\ihxql.exe C:\lsass.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.02.26 Trojan.Generic.3235063 Kaspersky 7.0.0.125 2010.02.26 Backdoor.Win32.Small.iyl McAfee 5904 2010.02.26 Generic Dropper.qo Microsoft 1.5502 2010.02.26 TrojanDownloader:Win32/Harnig.gen!P NOD32 4899 2010.02.26 a variant of Win32/Kryptik.CNF Symantec 20091.2.0.41 2010.02.26 Trojan.Zbot —————————————————————————————————————————- Additional information File size: 20480 bytes MD5 [...]

Tags: ihaupd32.exe, ihxql.exe, lsass.exe, utaigom

Removed: lsass.exe

February 26, 2010 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: load.exe Removed: C:\Documents and Settings\Administrator\Application Data\SystemProc\lsass.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.02.24 – Kaspersky 7.0.0.125 2010.02.25 Trojan.Win32.VBKrypt.fc McAfee 5902 2010.02.24 – Microsoft 1.5406 2010.02.25 – NOD32 4893 2010.02.24 a variant of Win32/Injector.AXX Symantec 20091.2.0.41 2010.02.25 Trojan Horse —————————————————————————————————————————- Additional information File size: 274432 bytes MD5 : 4d8d328375ed3dcbb324ce0bb642c5b1 SHA1 : d937fe97c03d36f54314fb33a5c816e77553b20e [...]

Tags: lsass.exe, RTHDBPL, SystemProc

Removed: wnzip32.exe, scoamk.exe, lsass.exe, kbdsock.dll, mshlps.dll

February 13, 2010 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: C:\sand-box\4u.exe Removed: C:\RECYCLER\S-1-5-21-2130249521-2072838755-887256846-1386\wnzip32.exe C:\scoamk.exe C:\lsass.exe C:\WINDOWS\system32\kbdsock.dll C:\WINDOWS\system32\mshlps.dll —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.02.13 Trojan.CryptRedol.Gen.5 Kaspersky 7.0.0.125 2010.02.13 Trojan-Downloader.Win32.Genome.aimt McAfee 5890 2010.02.12 – Microsoft 1.5406 2010.02.13 TrojanDownloader:Win32/Harnig NOD32 4862 2010.02.12 a variant of Win32/Kryptik.CIW Symantec 20091.2.0.41 2010.02.13 Packed.Generic.265 —————————————————————————————————————————- Additional information File size: 20480 bytes MD5 : 3237e5f140abe69a0d76e822a4b7bc12 SHA1 : 9027cb047c51683e7e96619f5bd060ee97e41520 [...]

Tags: kbdsock.dll, lsass.exe, mshlps.dll, scoamk.exe, wnzip32.exe

Removed: shell.exe, PPlayer.2.1.58130.251.(508).dll, finks32.exe, bbb.exe, winhelp.exe, winhelp32.exe, xcmab.sys, appmgmts.dll, mtlrd.sys, LSASS.EXE

February 9, 2010 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: C:\sand-box\011.exe Removed: C:\WINDOWS\system32\shell.exe C:\WINDOWS\PPlayer.2.1.58130.251.(508).dll C:\WINDOWS\system32\finks32.exe C:\WINDOWS\system32\bbb.exe C:\WINDOWS\system32\winhelp.exe C:\WINDOWS\system32\winhelp32.exe C:\WINDOWS\system32\DRIVERS\xcmab.sys C:\WINDOWS\system32\appmgmts.dll C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\wmp\mtlrd.sys You must restore the original files are changed virus: C:\WINDOWS\system32\LSASS.EXE —————————————————————————————————————————- Classification: Antivirus Version Last Update Result Kaspersky 7.0.0.125 2010.02.07 Trojan.Win32.VB.aart McAfee 5884 2010.02.06 Generic VB.z Microsoft 1.5406 2010.02.07 – NOD32 4842 2010.02.06 a variant of Win32/TrojanDownloader.VB.ODS —————————————————————————————————————————- [...]

Tags: appmgmts.dll, bbb.exe, finks32.exe, lsass.exe, mtlrd.sys, PPlayer.2.1.58130.251.(508).dll, shell.exe, winhelp.exe, winhelp32.exe, xcmab.sys

Removed: d3dx10_3732.dll, d3dx10_3532.dll, lsass.exe

February 9, 2010 by NightWatcher · Leave a Comment
Filed under: Malware

Malware: update_for_media_player_(KB972036).exe Removed: C:\WINDOWS\System32\d3dx10_3732.dll C:\WINDOWS\System32\d3dx10_3532.dll C:\Documents and Settings\Administrator\Application Data\SystemProc\lsass.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.02.08 Suspicious:W32/Riskware!Online Kaspersky 7.0.0.125 2010.02.08 Trojan.Win32.Agent.dgxh McAfee 5886 2010.02.08 – Microsoft 1.5406 2010.02.08 – NOD32 4849 2010.02.08 Win32/TrojanDownloader.Agent.PSH —————————————————————————————————————————- Additional information File size: 562176 bytes MD5 : cdba7ebcd7ef6810d8df3feca09fc624 SHA1 : 3c47a59eda98cd6da84503e7e14c458c89bb51bc SHA256: 5221f828ded4834f43a62510ecca2b8925194c2201691d82e5e96861b020fff7 —————————————————————————————————————————- Installation When the [...]

Tags: ac332ff6777, d3dx10_3532.dll, d3dx10_3732.dll, lsass.exe, RTHDBPL

Greatis Software
- Free Download
- Send a file
AverScanner

AverScaner- EveryDay Malware Scan
Testimonials

People say

Greg
I spent over 10 hours trying to manually hunt down and remove a rootkit and browser hijacker from my computer. That was a mistake!
This virus/malware could not be removed by Norton, ZoneLabs, MS Essentials; etc.
In about 1 hour, I was able to download your software, create the CD-ROM, watch the instruction video and kill 3 ROOKITS from my PC. (Your software hunted down the rootkits and killed them like Spetsnaz going after the enemy!) Get it!
Joseph
Your product is the only one on the market that has found and removed rootkits from my system, three rootkits to be precise. I have used other products but they don't measure up to UnHackMe.
Bob
The UnHackMe is a real program, no spyware or phish and works great and is easy to use. Enjoy!

Click Here to Update All your PC's Outdated drivers
Categories
- Adware
- Backdoor
- Fake Driver-Codec
- Fake System Tool
- FakeAV
- Malware
- Malware Domain
- Not-a-Virus
- Ransomware
- Rootkit
- Troyan]>
- unknown
- Virus
- Worm
Recent Posts

Remember: the best way to remove rootkits is from the outside!
Blogroll
Popular
Tags

3308c706 Adware Agent Ainslot ATAPI.SYS AutoRun autorun.inf Backdoor Bancos Banker Banload BHO Bifrose Buzus Darkbot Delf Fake AntiVirus FakeAV Farfli Injector IRCBot Jorik KeyLogger Kraddare lsass.exe Malware Domain Oficla OnLineGames Palevo Rebhip Rootkit Scar services.exe SpyEye svchost.exe Taterf TDSS Trojan VB VBKrypt Virus Votwup winlogon.exe Worm ZeroAccess

Greatis Software

AverScanner

Testimonials

People say

Categories

Recent Posts

Blogroll

Popular

Tags