Tag Archives: Oficla

illr.qyo – trojan Oficla

Is the file illr.qyo located on your computer? Then your computer is infected. We do suggest you should remove illr.qyo from your computer as soon as possible. illr.qyo is Trojan/Backdoor. Kill the process illr.qyo and remove illr.qyo from the Windows startup. Malware Analysis of illr.qyo Executed: 21.exe Removed: illr.qyo. Full path: C:\Documents and Settings\Administrator\Local Settings\Temp\illr.qyo […]
More…

vvdq.tto – trojan Oficla

We checked up the file vvdq.tto and found it hazardous. The file vvdq.tto must be deleted from the system immediately. Kill the process vvdq.tto and remove vvdq.tto from the Windows startup. Malware Analysis of vvdq.tto Executed: invoice.exe Removed: vvdq.tto. Full path: C:\Documents and Settings\Administrator\Local Settings\Temp\vvdq.tto —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related […]
More…

engs.tio – trojan Oficla

Is the file engs.tio located on your computer? Then your computer is infected. We highly recommend you to remove engs.tio from your computer as soon as possible. engs.tio is Trojan/Backdoor. Kill the process engs.tio and remove engs.tio from the Windows startup. Malware Analysis of engs.tio Executed: file.exe Removed: engs.tio. Full path: C:\Documents and Settings\Administrator\Local Settings\Temp\engs.tio […]
More…

Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\goqw.tco (trojan Oficla)

Malware: clone_001.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\goqw.tco —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe “C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\goqw.tco” vnbyln Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe “C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\goqw.tco” vnbyln” Files: C:\Documents and Settings\Administrator\Local Settings\Temp\goqw.tco —————————————————————————————————————————- Classification: Antivirus Version […]
More…

Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\ibee.dwo (trojan Oficla)

Malware: C:\sand-box\tube872367.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\ibee.dwo —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe “C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ibee.dwo” bibltn Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe “C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ibee.dwo” bibltn” Folders: C:\Documents and Settings\Administrator\Application Data\Microsoft\Proof C:\Documents and Settings\Administrator\Local Settings\Temp\VBE […]
More…

Removed: C:\WINDOWS\system32\dbbk.lio (trojan Oficla)

Malware: C:\sand-box\HD32632.JPG.exe Removed: C:\WINDOWS\system32\dbbk.lio —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe dbbk.lio eyyvs Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe dbbk.lio eyyvs” Files: C:\WINDOWS\system32\dbbk.lio —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.11.25 […]
More…

Removed: C:\WINDOWS\system32\bsfj.oso (trojan Oficla)

Malware: C:\sand-box\DHL_Information.exe Removed: C:\WINDOWS\system32\bsfj.oso —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe bsfj.oso uutfj Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe bsfj.oso uutfj” Files: C:\WINDOWS\system32\bsfj.oso —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2010.11.16 […]
More…

Removed: C:\WINDOWS\system32\jxvy.dio (trojan Oficla)

Malware: C:\sand-box\activex.exe Removed: C:\WINDOWS\system32\jxvy.dio —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe jxvy.dio cymucrx Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe jxvy.dio cymucrx” Files: C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\VB11.pip C:\Documents and Settings\Administrator\Local Settings\Temp\1.tmp C:\WINDOWS\system32\jxvy.dio —————————————————————————————————————————- Classification: […]
More…

Removed: C:\WINDOWS\system32\cdbu.euo (trojan Oficla)

Malware: C:\sand-box\UPS_Document.exe Removed: C:\WINDOWS\system32\cdbu.euo —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe cdbu.euo axgcd Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe cdbu.euo axgcd” Files: C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\VB11.pip C:\Documents and Settings\Administrator\Local Settings\Temp\1.tmp C:\WINDOWS\system32\cdbu.euo —————————————————————————————————————————- Classification: […]
More…

Removed: C:\Documents and Settings\Administrator\Application Data\netprotocol.exe (trojan Oficla)

Malware: netprotocol.exe Removed: C:\Documents and Settings\Administrator\Application Data\netprotocol.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: Netprotocol Author: Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\NETPROTOCOL.EXE Type: Registry Run Item Name: netprotocol.exe Author: Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\NETPROTOCOL.EXE Type: Running Processes Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Netprotocol Value: “C:\Documents […]
More…

Removed: C:\WINDOWS\system32\gepn.fyo (trojan Oficla)

Malware: C:\sand-box\exe.exe Removed: C:\WINDOWS\system32\gepn.fyo —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe gepn.fyo errpmn Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe gepn.fyo errpmn” Folders: C:\Documents and Settings\Administrator\Local Settings\Temp\VBE Files: C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\VB11.pip C:\Documents and […]
More…

Removed: bfky.ojo, tkopqn.exe, ybao.exe, wuaucldt.exe, mssrv32.exe, wuaucldt.exe (trojan downloader Harnig, trojan Oficla)

Malware: C:\sand-box\ispcoms.exe Removed: C:\WINDOWS\system32\bfky.ojo C:\Documents and Settings\Administrator\Local Settings\Temp\tkopqn.exe C:\Documents and Settings\Administrator\Local Settings\Temp\ybao.exe C:\Documents and Settings\Administrator\wuaucldt.exe C:\WINDOWS\system32\mssrv32.exe C:\WINDOWS\system32\wuaucldt.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: taskman Author: Related File: C:\Documents and Settings\Administrator\Application Data\ohydy.exe Type: Winlogon System Item Name: msupdate Author: Related File: c:\windows\system32\mssrv32.exe Type: Auto Services Item Name: wuaucldt Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\WUAUCLDT.EXE Type: […]
More…

Removed: C:\WINDOWS\system32\ubwi.wlo (trojan Oficla)

Malware: C:\sand-box\exe.exe Removed: C:\WINDOWS\system32\ubwi.wlo —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe ubwi.wlo qetwxqy Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe ubwi.wlo qetwxqy” Files: C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\VB11.pip C:\Documents and Settings\Administrator\Local Settings\Temp\1.tmp C:\WINDOWS\system32\ubwi.wlo —————————————————————————————————————————- Antivirus […]
More…

Removed: C:\WINDOWS\system32\nbai.amo (trojan Oficla)

Malware: exe.exe Removed: C:\WINDOWS\system32\nbai.amo —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe nbai.amo pbjnukb Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe nbai.amo pbjnukb” Files: C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\VB11.pip C:\Documents and Settings\Administrator\Local Settings\Temp\1.tmp C:\WINDOWS\system32\nbai.amo —————————————————————————————————————————- Antivirus […]
More…

Removed: C:\WINDOWS\system32\bqtj.xco (trojan Oficla)

Malware: load(121).exe Removed: C:\WINDOWS\system32\bqtj.xco —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe bqtj.xco rfheww Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe bqtj.xco rfheww” Files: C:\WINDOWS\system32\bqtj.xco —————————————————————————————————————————- Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.08.13 Gen:Trojan.Heur.RP.cmKfa8ln!clc […]
More…

Removed: C:\WINDOWS\system32\jrnh.aso (trojan Oficla)

Malware: C:\sand-box\decc.exe Removed: C:\WINDOWS\system32\jrnh.aso —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe jrnh.aso ldsgtn Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe jrnh.aso ldsgtn” Files: C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\VB11.pip C:\WINDOWS\system32\jrnh.aso —————————————————————————————————————————- Classification: Antivirus Version Last Update […]
More…

Removed: C:\WINDOWS\system32\augy.vko (trojan Oficla)

Malware: C:\sand-box\load.exe Removed: C:\WINDOWS\system32\augy.vko —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe augy.vko fxhfnku Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe augy.vko fxhfnku” Files: C:\WINDOWS\system32\augy.vko —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.07.11 […]
More…

Removed: C:\WINDOWS\system32\spwr.bjo (trojan Oficla)

Malware: load.exe Removed: C:\WINDOWS\system32\spwr.bjo —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe spwr.bjo gwgvj Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe spwr.bjo gwgvj” Files: C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\VB11.pip C:\Documents and Settings\Administrator\Local Settings\Temp\1.tmp C:\WINDOWS\system32\spwr.bjo —————————————————————————————————————————- Classification: […]
More…

Removed: C:\WINDOWS\system32\hpyu.mso (trojan Oficla)

Malware: file.exe Removed: C:\WINDOWS\system32\hpyu.mso —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe hpyu.mso yoqak Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe hpyu.mso yoqak” Files: C:\Documents and Settings\%USERNAME%\Application Data\Microsoft\Office\VB11.pip C:\Documents and Settings\%USERNAME%\Local Settings\Temp\1.tmp C:\WINDOWS\system32\hpyu.mso —————————————————————————————————————————- Classification: […]
More…

Removed: C:\WINDOWS\system32\dmnv.pro (trojan Oficla)

Malware: out.exe Removed: C:\WINDOWS\system32\dmnv.pro —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe dmnv.pro mgvxnxy Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe dmnv.pro mgvxnxy” Files: C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\VB11.pip C:\Documents and Settings\Administrator\Local Settings\Temp\1.tmp C:\WINDOWS\system32\dmnv.pro —————————————————————————————————————————- Classification: […]
More…

Removed: C:\WINDOWS\system32\vaqx.sco (trojan Oficla)

Malware: C:\sand-box\loadx1.exe Removed: C:\WINDOWS\system32\vaqx.sco —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe vaqx.sco wkvme Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe vaqx.sco wkvme” Files: C:\WINDOWS\system32\vaqx.sco —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.06.11 […]
More…

Removed: C:\WINDOWS\system32\rivt.ydo (trojan Oficla)

Malware: C:\sand-box\Build.exe Removed: C:\WINDOWS\system32\rivt.ydo —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe rivt.ydo hhbsv Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: KLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe rivt.ydo hhbsv” Files: C:\WINDOWS\system32\rivt.ydo —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.06.07 […]
More…

Removed: C:\WINDOWS\system32\wcpm.eso (trojan Oficla)

Malware: C:\sand-box\loadx1.exe Removed: C:\WINDOWS\system32\wcpm.eso —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe wcpm.eso kpcovkl Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry key: HKLM\Software\Classes\idid Registry key: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Value: “Explorer.exe rundll32.exe wcpm.eso kpcovkl” Files: C:\WINDOWS\system32\wcpm.eso —————————————————————————————————————————- Classification: Antivirus Version Last Update […]
More…

Removed: C:\WINDOWS\system32\wrdr.kuo (trojan Oficla/Sasfis)

Malware: C:\sand-box\delta1_1.exe Removed: C:\WINDOWS\system32\wrdr.kuo —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe wrdr.kuo gxsad Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.27 Trojan.Generic.3310239 Kaspersky 7.0.0.125 2010.05.27 Trojan.Win32.Sasfis.ahqj Microsoft 1.5802 2010.05.27 TrojanDropper:Win32/Oficla.G NOD32 5149 2010.05.27 a variant of Win32/Kryptik.DBO —————————————————————————————————————————- […]
More…

Removed: srnh.lto (trojan Oficla)

Malware: C:\sand-box\file.exe Removed: C:\WINDOWS\system32\srnh.lto —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe srnh.lto iqfnr Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.19 Gen:Variant.Oficla.2 Kaspersky 7.0.0.125 2010.05.19 Trojan.Win32.Agent2.cqzi Microsoft 1.5802 2010.05.18 Trojan:Win32/Oficla.M NOD32 5129 2010.05.19 Win32/Oficla.GQ —————————————————————————————————————————- I use UnHackMe […]
More…

Removed: thxr.wgo (trojan Oficla)

Malware: C:\sand-box\file.exe Removed: C:\WINDOWS\system32\thxr.wgo —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe thxr.wgo nwfdtx Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.19 Trojan.Generic.3790833 Kaspersky 7.0.0.125 2010.05.19 Trojan.Win32.Agent.dvrt Microsoft 1.5802 2010.05.18 TrojanDropper:Win32/Oficla.G NOD32 5128 2010.05.19 Win32/Oficla.GN —————————————————————————————————————————- Additional information File […]
More…

Removed: fimp.elo (trojan Oficla/Sasfis)

Malware: C:\sand-box\grblka.exe Removed: C:\WINDOWS\system32\fimp.elo —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe fimp.elo pufxcp Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.06 Trojan.Generic.2918062 Kaspersky 7.0.0.125 2010.05.06 Trojan.Win32.Sasfis.xnv Microsoft 1.5703 2010.05.05 Trojan:Win32/Oficla.E NOD32 5090 2010.05.06 Win32/Oficla.AP —————————————————————————————————————————- Additional information File […]
More…

Removed: oycg.bmo (trojan Oficla)

Malware: C:\sand-box\Build.exe Removed: C:\WINDOWS\system32\oycg.bmo —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe oycg.bmo gprmsvl Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.06 Gen:Variant.Oficla.1 Kaspersky 7.0.0.125 2010.05.06 Trojan.Win32.Oficla.y Microsoft 1.5703 2010.05.05 TrojanDropper:Win32/Oficla.G NOD32 5090 2010.05.06 a variant of Win32/Oficla.EF —————————————————————————————————————————- […]
More…

Removed: rihd.pno (Trojan Oficla)

Malware: C:\sand-box\g2ccbc.exe Removed: C:\WINDOWS\system32\rihd.pno (Trojan Oficla) —————————————————————————————————————————- Detected by UnHackMe: Item Name: shell Author: Unknown Related File: Explorer.exe rundll32.exe rihd.pno eaoydsi (Trojan Oficla) Type: System.ini Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.04.16 Trojan:W32/Oficla.N Kaspersky 7.0.0.125 2010.04.16 Trojan.Win32.Oficla.m McAfee 5.400.0.1158 2010.04.16 Generic.dx!qyk Microsoft 1.5605 2010.04.16 Trojan:Win32/Oficla.M […]
More…