Removed: C:\WINDOWS\system32\sdra64.exe, C:\foundxxxxx.exe\foundxxxxx.exe (trojan Zeus, trojan SpyEye)

Malware: C:\sand-box\ext.exe Removed: C:\WINDOWS\system32\sdra64.exe C:\foundxxxxx.exe\foundxxxxx.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, Type: UserInit Value Item Name: foundxxxxx.exe Author: Related File: C:\FOUNDXXXXX.EXE\FOUNDXXXXX.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\foundxxxxx.exe Value: “C:\foundxxxxx.exe\foundxxxxx.exe” Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit Value: “C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,” Folders: C:\WINDOWS\system32\lowsec [...]

Removed: sdra64.exe, SVC.EXE, winamnc.dll, WINBUDUMP.EXE, opeF.exe, BINFIX7080010000.EXE, DSKCLNWIZ.DLL, ssqpqp.dll Restored: TERMDD.SYS (multi trojan – Zbot and TDSS)

Malware: g9aaf1.exe Removed: C:\WINDOWS\system32\sdra64.exe C:\WINDOWS\SVC.EXE C:\WINDOWS\system32\winamnc.dll C:\WINDOWS\SYSTEM32\WINBUDUMP.EXE C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\opeF.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\BINFIX7080010000.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\DESKTOP CLEANUP WIZARD\DSKCLNWIZ.DLL C:\WINDOWS\system32\ssqpqp.dll Restored: C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, Type: UserInit Value Item Name: termdd.sys – restored Author: Unknown Related File: C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS Type: System Drivers Infected by Rootkit Item [...]

Removed: setupupdater0002.exe, ohydy.exe, regedit.exe, sdra64.exe, lsass.exe, svc.exe, svw.exe, svx.exe, ope17.exe, opeB.exe, fFollower.exe (multi trojan – TDSS, Zeus, FakeAV – Antimalware Doctor)

Malware: g16b2e.exe Removed: C:\Documents and Settings\Administrator\Application Data\B34B7AF9CB40065433C8C631C37A9A2D\setupupdater0002.exe C:\Documents and Settings\Administrator\Application Data\ohydy.exe C:\WINDOWS\system32\regedit.exe C:\WINDOWS\system32\sdra64.exe C:\WINDOWS\lsass.exe C:\WINDOWS\svc.exe C:\WINDOWS\svw.exe C:\WINDOWS\svx.exe C:\Documents and Settings\Administrator\Local Settings\Temp\ope17.exe C:\Documents and Settings\Administrator\Local Settings\Temp\opeB.exe C:\Documents and Settings\Administrator\Local Settings\Temp\fFollower.exe —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: 1.1 Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, Type: UserInit Value 1.2 Item Name: Follower Author: Related [...]

Removed: xvsfym.exe, mgrls32.exe, ndisrd.sys, srenum.sys, msrun.exe, ntos.exe, sdra64.exe, Restored: C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS (trojan Meredrop combination of trojans Zeus (Zbot) and TDSS (TDL3 +)

Malware: 2f073.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\xvsfym.exe C:\RECYCLER\S-1-5-21-2353754676-5851395935-421277404-3452\mgrls32.exe C:\WINDOWS\system32\drivers\ndisrd.sys C:\WINDOWS\system32\drivers\srenum.sys C:\WINDOWS\system32\msrun.exe C:\WINDOWS\system32\ntos.exe C:\WINDOWS\system32\sdra64.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS —————————————————————————————————————————- Detected by UnHackMe: Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,C:\WINDOWS\system32\ntos.exe, Type: UserInit Value Item Name: Follower Author: Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fFollower.exe Type: Auto Services Item Name: ndisrd.sys Author: NT Kernel Resources Related File: C:\WINDOWS\SYSTEM32\DRIVERS\NDISRD.SYS Type: Drivers Item Name: 14598 [...]

Removed: sdra64.exe (trojan Zeus/Zbot)

Malware: ldr.exe Removed: C:\WINDOWS\system32\sdra64.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, Type: UserInit Value Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.04.27 Trojan.Generic.KD.8732 Kaspersky 7.0.0.125 2010.04.27 Trojan.Win32.VBKrypt.ke Microsoft 1.5703 2010.04.27 – NOD32 5063 2010.04.26 Win32/Spy.Zbot.JF —————————————————————————————————————————- Additional information File size: 147456 [...]

Removed: sdra64.exe, SVSHOST.DLL, WININET.EXE, LMSXSLTSSO.DLL, MSXSLTSSO.DLL, gtk4.tmp

Malware: C:\sand-box\load.exe —————————————————————————————————————————- Removed: C:\WINDOWS\system32\sdra64.exe C:\WINDOWS\SYSTEM32\SVSHOST.DLL C:\WINDOWS\SYSTEM32\WININET.EXE C:\WINDOWS\SYSTEM32\LMSXSLTSSO.DLL C:\WINDOWS\SYSTEM32\MSXSLTSSO.DLL C:\Documents and Settings\Administrator\Local Settings\Temp\gtk4.tmp —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.04.12 Trojan.Peed.Gen Kaspersky 7.0.0.125 2010.04.12 – Microsoft 1.5605 2010.04.12 TrojanDownloader:Win32/Otlard.B NOD32 5020 2010.04.12 – —————————————————————————————————————————- Additional information File size: 24064 bytes MD5 : a8569f1595bda19abcbbb47f68af59b4 SHA1 : 18c5cd37315f0044c1ae11d89abcf8618ca1d378 SHA256: c638ca420ec0b43b688f428a278564f42d15ddb124b15f6a1b56f0ed8988fd02 —————————————————————————————————————————- Detected by UnHackMe: [...]

Removed: sdra64.exe, wnzip32.exe, gjetk.exe, lsass.exe

Malware: C:\sand-box\700.exe Removed: C:\WINDOWS\system32\sdra64.exe C:\RECYCLER\S-1-5-21-7295788371-6219362898-216113940-7089\wnzip32.exe C:\gjetk.exe C:\lsass.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.01.25 Backdoor:W32/Sohif.gen!A Kaspersky 7.0.0.125 2010.01.25 Packed.Win32.Krap.x McAfee 5871 2010.01.24 Generic Dropper.lr Microsoft 1.5405 2010.01.25 – NOD32 4803 2010.01.25 a variant of Win32/Kryptik.BXO Symantec 20091.2.0.41 2010.01.25 Trojan Horse —————————————————————————————————————————- Additional information File size: 18944 bytes MD5 : 9ab36d270d7c9aed4486c2ee2fd7c48d SHA1 : [...]

Removed: winlogon32.exe, sdra64.exe, lsass.exe, svc.exe, smss32.exe, odbn0.exe

Malware: load.exe Removed: C:\WINDOWS\system32\winlogon32.exe C:\WINDOWS\system32\sdra64.exe C:\WINDOWS\lsass.exe C:\WINDOWS\svc.exe C:\WINDOWS\system32\smss32.exe C:\WINDOWS\odbn0.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.01.23 Trojan.Generic.CJ.AJYK Kaspersky 7.0.0.125 2010.01.23 Trojan-Dropper.Win32.Mudrop.fty McAfee 5870 2010.01.23 – Microsoft 1.5405 2010.01.23 TrojanDropper:Win32/Microjoin.gen!B NOD32 4800 2010.01.23 a variant of Win32/Kryptik.BCR Symantec 20091.2.0.41 2010.01.23 Trojan Horse —————————————————————————————————————————- Additional information File size: 1915904 bytes MD5 : b0cf55e2028f6b3dde658c3b9c4fc60a SHA1 [...]

Removed: sdra64.exe

Malware: file.exe Removed: C:\WINDOWS\system32\sdra64.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.01.16 – Kaspersky 7.0.0.125 2010.01.17 Trojan.Win32.Small.abpb McAfee 5863 2010.01.16 – Microsoft 1.5302 2010.01.16 – NOD32 4778 2010.01.16 – Symantec 20091.2.0.41 2010.01.17 – —————————————————————————————————————————- Additional information File size: 14848 bytes MD5 : edd5620b87e9b957508bfa4281e36750 SHA1 : ce4ec41889e501943f4eb016e414c134eacbb308 SHA256: 3819e83360a95f553249d520ae2e57cc3a3aa1b2e6a86fa796f1338316a3b9e0 —————————————————————————————————————————- Installation When the program [...]

Removed: sdra64.exe

Malware: 5oclock.exe Removed: C:\WINDOWS\system32\sdra64.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.01.06 Trojan.Spy.Zbot.EJY Kaspersky 7.0.0.125 2010.01.07 Packed.Win32.Krap.w McAfee 5853 2010.01.06 – Microsoft 1.5302 2010.01.07 PWS:Win32/Zbot.gen!R NOD32 4749 2010.01.06 a variant of Win32/Kryptik.BOO Symantec 20091.2.0.41 2010.01.07 – —————————————————————————————————————————- Additional information File size: 163840 bytes MD5   : d359a479b8257d6fc3b23a9c11d10849 SHA1  : 6dbc5499b144a926d5bd3f105ba0b7830930218f SHA256: 9b8d8a40e8baa939b8979233c14fb0fc786158daa4eb46b0e80af969ecedcd1d —————————————————————————————————————————- Installation When the program [...]

• Greatis Software

  • Free Download
  • Send a file

• AverScanner

  AverScaner- EveryDay Malware Scan

• Testimonials

  People say

  Greg

  I spent over 10 hours trying to manually hunt down and remove a rootkit and browser hijacker from my computer. That was a mistake!

  This virus/malware could not be removed by Norton, ZoneLabs, MS Essentials; etc.

  In about 1 hour, I was able to download your software, create the CD-ROM, watch the instruction video and kill 3 ROOKITS from my PC. (Your software hunted down the rootkits and killed them like Spetsnaz going after the enemy!) Get it!

  Joseph

  Your product is the only one on the market that has found and removed rootkits from my system, three rootkits to be precise. I have used other products but they don't measure up to UnHackMe.

  Bob

  The UnHackMe is a real program, no spyware or phish and works great and is easy to use. Enjoy!

  Click Here to Update All your PC's Outdated drivers

• Categories

  • Adware
  • Backdoor
  • Fake Driver-Codec
  • Fake System Tool
  • FakeAV
  • Locker
  • Malware
  • Malware Domain
  • Not-a-Virus
  • Rootkit
  • unknown
  • Virus
  • Worm

• Recent Posts

  • STKSCAN.DLL is Trojan Sirefef.BP
  • %Local Appdata%\3308c706\X is Rootkit ZeroAccess
  • PCDRNT.DLL is Rootkit ZeroAccess
  • MAYA70DOCSERVER.DLL is Rootkit ZeroAccess
  • INETACCELERATOR.EXE is Trojan Foreign
  • _EX-68.EXE is Trojan Banload
  • OTYTKF.EXE is Worm Palevo
  • FUNSHIONINSTALL.EXE is Trojan Delf
  • MAXTUDOXDB.EXE is Trojan CFI
  • MSDSCSC.EXE is Backdoor Finlosky

• 
• Remember: the best way to remove rootkits is from the outside!

  

• Blogroll

  • RegRun Security Suite. Detects and removes rootkits/malware/adware that your antivirus could not.
  • RegRun Warrior – Removing rootkits is best done from the outside!
  • UnHackMe – rootkit & malware killer

• Popular

  1. 3%QKM.EXE is Trojan Kryptik
  2. 2%BETTERINSTALLER.EXE is Adware Somoto
  3. 1%U997.EXE is not a virus UltraSurf
  4. 1%MSLOOP.DLL is Rootkit Zero Access
  5. 1%TEMP:WINUPD.EXE is BackDoor TDSS
  6. 1%GREP.3XE is Trojan Tool-NirCmd
  7. 1%MVSCAVAP.EXE is Trojan Banker6
  8. 1%PCOTP.EXE is Trojan Offend
  9. 1%HPDSKFLT.DLL is Rootkit ZeroAccess
  10. 1%XUAT.EXE is Trojan Rimecud
  11. 1%CHINDE.EXE is Trojan Jorik
  12. 1%SYSTEMINSTALLATION.EXE is Trojan Llac
  13. 1%RADCLOCK.DLL is Rootkit ZeroAccess
  14. 1%F16.EXE is Trojan FakeAV
  15. 1%MRTSTUB.EXE is Trojan Banker
  16. 1%DLLHSTS.EXE is Trojan LockScreen
  17. 1%HKAVGLRJ.EXE is Trojan Banker
  18. 1%PROCEXP111.DLL is Rootkit ZeroAccess
  19. 1%QUESTBASIC.EXE is AdWare AdLoad
  20. 1%TOSCOSRV.DLL is Rootkit ZeroAccess

• Tags

  3308c706 Adware Agent Ainslot ATAPI.SYS AutoRun autorun.inf Backdoor Bancos Banker Banload BHO Bifrose Buzus Delf Fake AntiVirus FakeAV Injector IRCBot Jorik KeyLogger Koobface Kraddare Kryptik lsass.exe Malware Domain Oficla OnLineGames Palevo Rebhip Rootkit Scar services.exe SpyEye svchost.exe Taterf TDSS Trojan VB VBInject VBKrypt Virus winlogon.exe Worm ZeroAccess