Tag Archives: TDSS

BOOT.COM is Rootkit TDSS

Rootkit C:\resycled\boot.com is software that enables continued privileged access to a computer while actively hiding its presence. Detection and removal of C:\resycled\boot.com may be a very difficult process. You should use anti-rootkit software to fix the C:\resycled\boot.com problem. Malware Analysis of BOOT.COM Full path on a computer: C:\resycled\boot.com Detected by UnHackMe: Item Name: C:\autorun.inf Author: […]
More…

EZANGMGR.EXE is Trojan TDSS

Is the file EZANGMGR.EXE located on your computer? Then your computer is infected. We do suggest you should remove EZANGMGR.EXE from your computer as soon as possible. EZANGMGR.EXE is Trojan/Backdoor. Kill the process EZANGMGR.EXE and remove EZANGMGR.EXE from the Windows startup. Malware Analysis of EZANGMGR.EXE Full path on a computer: %SysDir%\ezangmgr.exe Detected by UnHackMe: Item […]
More…

TEMP:WINUPD.EXE is BackDoor TDSS

The program TEMP:WINUPD.EXE is used for hidden penetration into PC and its remote administration. UnHackMe is recommended as a reliable program for solving the problem with TEMP:WINUPD.EXE. Download for free: http://www.unhackme.com Malware Analysis of TEMP:WINUPD.EXE Full path on a computer: %LocalSettings%\Temp-winupd.exe Detected by RegRun Warrior: TEMP:WINUPD.EXE Default location: %LocalSettings%\Temp:winupd.exe Removal Results: Success Number of reboot: […]
More…

GG44.EXE is rootkit TDSS

Rootkit GG44.EXE is software that enables continued privileged access to a computer while actively hiding its presence. Detection and removal of GG44.EXE may be a very difficult process. You should use anti-rootkit software to fix the GG44.EXE problem. Malware Analysis of GG44.EXE Full path on a computer: c:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3467\gg44.exe Detected by UnHackMe: GG44.EXE Default location: c:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3467\gg44.exe […]
More…

ESQULSERV.SYS is rootkit TDSS

Rootkit ESQULSERV.SYS is software that enables continued privileged access to a computer while actively hiding its presence. Detection and removal of ESQULSERV.SYS may be a very difficult process. You should use anti-rootkit software to fix the ESQULSERV.SYS problem. Malware Analysis of ESQULSERV.SYS Full path on a computer: %System%\drivers\ESQULserv.sys Detected by UnHackMe: ESQULSERV.SYS Default location: %System%\drivers\ESQULfvnsvnyymbcioriuwibiteoomywbspux.sys […]
More…

SCVVHSOT.exe – trojan TDSS

Is the file dgfew8.exe located on your computer? Then your computer is infected. We do suggest you should remove dgfew8.exe from your computer as soon as possible. dgfew8.exe is Trojan/Backdoor. Kill the process dgfew8.exe and remove dgfew8.exe from the Windows startup. Malware Analysis of “SCVVHSOT.exe” Executed: e20219e1.exe Removed: SCVVHSOT.exe. Full path: C:\WINDOWS\system32\SCVVHSOT.exe —————————————————————————————————————————- Detected by […]
More…

VOLSNAP.SYS – rootkit TDSS

The system file VOLSNAP.SYS is infected with a virus. We recommend you to replace the VOLSNAP.SYS file with its backup copy. Malware Analysis of Fake System Tools “Windows Fix Disk”. Executed: C:\sand-box\496-new2.exe Removed: 18407220.exe. Full path: C:\Documents and Settings\All Users\Application Data\18407220.exe Restored: VOLSNAP.SYS —————————————————————————————————————————- Detected by UnHackMe: Item Name: sAaAVcAvvOACS Author: WinSCP Related File: C:\DOCUMENTS […]
More…

Master Boot Record – infected rootkit TDL3+

Executed: 1gpresulta.exe Restored: Master Boot Record —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: Item Name: TDL MBR Rootkit Author: Unknown Related File: TDL MBR Rootkit Type: MBR 2. Multi AntiVirus scan: – none – Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Check MBR Files: C:\Documents and Settings\Administrator\Local […]
More…

geurge.exe – rootkit TDSS

The file geurge.exe is identified as the Trojan Program that is used for stealing bank information and users passwords. To delete geurge.exe we recommend you to use UnHackMe: http://www.unhackme.com Malware: keygen.exe Removed: C:\Documents and Settings\Administrator\Application Data\updates\updates.exe C:\Documents and Settings\Administrator\Local Settings\Temp\geurge.exe C:\Documents and Settings\Administrator\Local Settings\Temp\tf9je.exe C:\Documents and Settings\Administrator\Local Settings\Temp\y78m4.exe C:\WINDOWS\system32\wbem\grpconv.exe Restored: Master Boot Record (MBR) C:\WINDOWS\system32\winlogon.exe […]
More…

Removed: RclDriver64.exe, qaiakem.exe; Restored: Master Boot Record (trojan VBKrypt, rootkit TDL4)

Malware: C:\sand-box\nsaf.exe Removed: C:\Documents and Settings\Administrator\Application Data\RclDriver64.exe C:\Documents and Settings\Administrator\qaiakem.exe Restored: Master Boot Record —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: Item Name: TDL MBR Rootkit Author: Unknown Related File: TDL MBR Rootkit Type: MBR Item Name: Realtek Sound Driver Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\RCLDRIVER64.EXE Type: Registry Run Item Name: qaiakem […]
More…

Restored: Master Boot Record (rootkit TDL4)

Malware: C:\sand-box\custom.exe Restored: Master Boot Record —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: Item Name: TDL MBR Rootkit Author: Unknown Related File: TDL MBR Rootkit Type: MBR 2. Multi AntiVirus scan: – none – Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2011.01.13 Gen:Variant.Kazy.7569 Microsoft 1.6402 […]
More…

Removed: setupupdater0002.exe, ohydy.exe, regedit.exe, sdra64.exe, lsass.exe, svc.exe, svw.exe, svx.exe, ope17.exe, opeB.exe, fFollower.exe (multi trojan – TDSS, Zeus, FakeAV – Antimalware Doctor)

Malware: g16b2e.exe Removed: C:\Documents and Settings\Administrator\Application Data\B34B7AF9CB40065433C8C631C37A9A2D\setupupdater0002.exe C:\Documents and Settings\Administrator\Application Data\ohydy.exe C:\WINDOWS\system32\regedit.exe C:\WINDOWS\system32\sdra64.exe C:\WINDOWS\lsass.exe C:\WINDOWS\svc.exe C:\WINDOWS\svw.exe C:\WINDOWS\svx.exe C:\Documents and Settings\Administrator\Local Settings\Temp\ope17.exe C:\Documents and Settings\Administrator\Local Settings\Temp\opeB.exe C:\Documents and Settings\Administrator\Local Settings\Temp\fFollower.exe —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: 1.1 Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, Type: UserInit Value 1.2 Item Name: Follower Author: Related […]
More…

Removed: wmsdk64_32.exe, wscsvc32.exe, asd1.tmp.exe, asd2.tmp.exe (FakeAV – Antivirus :), trojan TDSS)

Malware: C:\sand-box\p3.bin Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\wmsdk64_32.exe C:\Documents and Settings\Administrator\Local Settings\Temp\wscsvc32.exe C:\Documents and Settings\Administrator\Local Settings\Temp\asd1.tmp.exe C:\Documents and Settings\Administrator\Local Settings\Temp\asd2.tmp.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: wmsdk64_32.exe Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WMSDK64_32.EXE Type: Registry Run Item Name: wscsvc32.exe Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WSCSVC32.EXE Type: Running Processes Item Name: asd2.tmp.exe Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\ASD2.TMP.EXE Type: Running […]
More…

Removed: winlogon32.exe, SMSS32.EXE, ES15.EXE, HELPERS32.DLL, SE2010.EXE Restored: MOUCLASS.SYS (FakeAV – updated Security Essentials 2010 and TDL3+)

Malware: SetupFlashPlayerPatch.exe Removed: C:\WINDOWS\system32\winlogon32.exe C:\WINDOWS\SYSTEM32\SMSS32.EXE C:\WINDOWS\SYSTEM32\ES15.EXE C:\WINDOWS\SYSTEM32\HELPERS32.DLL C:\PROGRAM FILES\SECURITYESSENTIALS2010\SE2010.EXE Restored: C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS —————————————————————————————————————————- Some files were downloaded during testing. Detected by UnHackMe: Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\winlogon32.exe Type: UserInit Value Item Name: smss32.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\SMSS32.EXE Type: Registry Run Item Name: ES15.exe Author: Related File: C:\WINDOWS\SYSTEM32\ES15.EXE Type: Running Processes After first […]
More…

Removed: xvsfym.exe, mgrls32.exe, ndisrd.sys, srenum.sys, msrun.exe, ntos.exe, sdra64.exe, Restored: C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS (trojan Meredrop combination of trojans Zeus (Zbot) and TDSS (TDL3 +)

Malware: 2f073.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\xvsfym.exe C:\RECYCLER\S-1-5-21-2353754676-5851395935-421277404-3452\mgrls32.exe C:\WINDOWS\system32\drivers\ndisrd.sys C:\WINDOWS\system32\drivers\srenum.sys C:\WINDOWS\system32\msrun.exe C:\WINDOWS\system32\ntos.exe C:\WINDOWS\system32\sdra64.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS —————————————————————————————————————————- Detected by UnHackMe: Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,C:\WINDOWS\system32\ntos.exe, Type: UserInit Value Item Name: Follower Author: Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fFollower.exe Type: Auto Services Item Name: ndisrd.sys Author: NT Kernel Resources Related File: C:\WINDOWS\SYSTEM32\DRIVERS\NDISRD.SYS Type: Drivers Item Name: 14598 […]
More…

Removed: AUTMGR32.EXE, wscsvc32.exe, defcnt.exe, defext.dll, PRAGMAd.sys (FakeAV – Defense Center, one of the options TDSS – PRAGMA)

Malware: C:\sand-box\WinSecurityInstaller.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\AUTMGR32.EXE C:\Documents and Settings\Administrator\Local Settings\Temp\wscsvc32.exe C:\Program Files\Defense Center\defcnt.exe C:\Program Files\Defense Center\defext.dll C:\WINDOWS\PRAGMAmbadmsbfni\PRAGMAd.sys —————————————————————————————————————————- Detected by UnHackMe: Item Name: wscsvc32.exe Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WSCSVC32.EXE Type: Running Processes Item Name: .exe Author: Unknown Related File: “C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AUTMGR32.EXE” /START “%1″ %* Type: Main File Extensions Item Name: SimpleShlExt Author: Unknown Related File: […]
More…

Restored: WS2IFSL.SYS (trojan TDSS/Alureon/Olmarik)

Malware: C:\sand-box\Ultimate Codes.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS —————————————————————————————————————————- Detected by RegRun Warrior: Item Name: WS2IFSL.SYS Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS Type: Detected using Heuristic Algorithm The original WS2IFSL.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 […]
More…

Removed: PRAGMAd.sys, wsdkrlxp.exe (variant of TDSS trojan)

Malware: C:\sand-box\ad.exe Removed: C:\WINDOWS\PRAGMAnlpcbvtkpy\PRAGMAd.sys C:\Documents and Settings\Administrator\Local Settings\Temp\wsdkrlxp.exe —————————————————————————————————————————- After first reboot detected by UnHackMe: Item Name: PRAGMAnlpcbvtkpy Author: Related File: C:\WINDOWS\PRAGMANLPCBVTKPY\PRAGMAD.SYS Type: Services detected by Partizan Item Name: wsdkrlxp.exe Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WSDKRLXP.EXE Type: Registry Run Removal Results: Success Number of reboot: 2 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.26 […]
More…

Restored: I8042PRT.SYS (trojan TDSS)

Malware: C:\sand-box\win.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS —————————————————————————————————————————- The original I8042PRT.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Item Name: I8042PRT.SYS Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS Type: Detected using Examiner mode Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.21 Trojan.TDss.ADV Kaspersky 7.0.0.125 2010.05.21 […]
More…

Restored: INTELIDE.SYS (trojan TDSS/Alureon/Olmarik)

Malware: C:\sand-box\1.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\INTELIDE.SYS —————————————————————————————————————————- Detected by UnHackMe: Item Name: INTELIDE.SYS Related File: C:\WINDOWS\SYSTEM32\DRIVERS\INTELIDE.SYS Type: Detected using Heuristic Algorithm The original INTELIDE.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.20 Trojan.TDss.ADZ Kaspersky 7.0.0.125 2010.05.20 […]
More…

Restored: C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS (trojan TDSS/Alureon)

Malware: C:\sand-box\setup.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS —————————————————————————————————————————- Detected by UnHackMe: Item Name: ATAPI.SYS Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS Type: Detected using Heuristic Algorithm The original ATAPI.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.13 – […]
More…

Restored: DISK.SYS (infected by Alureon/TDSS/Olmarik)

Malware: C:\sand-box\in.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS —————————————————————————————————————————- Detected by RegRun Warrior: Item Name: DISK.SYS Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS Type: Detected using Heuristic Algorithm The original DISK.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.12 […]
More…

Removed: PRAGMAd.sys (variant of TDSS trojan – Alureon/Olmarik)

Malware: C:\sand-box\install01.exe Removed: C:\WINDOWS\PRAGMAqipfvcxnqq\PRAGMAd.sys —————————————————————————————————————————- After first reboot detected by UnHackMe: Item Name: PRAGMAqipfvcxnqq Author: Related File: C:\WINDOWS\PRAGMAQIPFVCXNQQ\PRAGMAD.SYS Type: Services detected by Partizan Removal Results: Success Number of reboot: 2 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.11 Gen:Variant.TDss.20 Kaspersky 7.0.0.125 2010.05.11 Trojan-Downloader.Win32.FraudLoad.xcxu Microsoft 1.5703 2010.05.11 Trojan:Win32/Alureon.gen!J NOD32 5105 2010.05.11 Win32/Olmarik.YX —————————————————————————————————————————- Additional […]
More…

Removed: PRAGMAd.sys (variant of TDSS trojan – Alureon)

Malware: C:\sand-box\install01.txt.exe Removed: C:\WINDOWS\PRAGMApoffyabwwk\PRAGMAd.sys —————————————————————————————————————————- After first reboot detected by UnHackMe: Item Name: PRAGMApoffyabwwk Author: Related File: C:\WINDOWS\PRAGMAPOFFYABWWK\PRAGMAD.SYS Type: Services detected by Partizan Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.03 Trojan.Generic.KD.9928 Kaspersky 7.0.0.125 2010.05.03 Trojan-Downloader.Win32.FraudLoad.xbiw Microsoft 1.5703 2010.05.03 Trojan:Win32/Alureon.gen!J NOD32 5083 2010.05.03 Win32/Olmarik.YA —————————————————————————————————————————- Additional […]
More…

Removed: PRAGMAD.SYS (variant of TDSS trojan – Olmarik)

Malware: C:\sand-box\install01.txt.exe Removed: C:\WINDOWS\PRAGMAKBFTIVFPJU\PRAGMAD.SYS —————————————————————————————————————————- After first reboot detected by UnHackMe: Item Name: PRAGMAkbftivfpju Author: Related File: C:\WINDOWS\PRAGMAKBFTIVFPJU\PRAGMAD.SYS Type: Services detected by Partizan Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.04.27 Trojan.Generic.KD.9045 Kaspersky 7.0.0.125 2010.04.27 Trojan.Win32.FraudPack.atiq Microsoft 1.5703 2010.04.27 – NOD32 5065 2010.04.27 Win32/Olmarik.YA —————————————————————————————————————————- Additional […]
More…

Removed: PRAGMAD.SYS (variant of TDSS trojan)

Malware: C:\sand-box\install01.txt.exe Removed: C:\WINDOWS\PRAGMANVSTYLPRXV\PRAGMAD.SYS C:\WINDOWS\PRAGMAnvstylprxv\PRAGMAc.dll —————————————————————————————————————————- After first reboot detected by UnHackMe: Item Name: PRAGMAnvstylprxv Author: Related File: C:\WINDOWS\PRAGMANVSTYLPRXV\PRAGMAD.SYS Type: Services detected by Partizan Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.04.26 Trojan.Generic.KD.8772 Kaspersky 7.0.0.125 2010.04.26 Trojan-Downloader.Win32.FraudLoad.xazh Microsoft 1.5703 2010.04.26 – NOD32 5061 2010.04.26 – —————————————————————————————————————————- […]
More…

Restored: RASACD.SYS (infected by Alureon/TDSS)

Malware: C:\sand-box\dog.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS —————————————————————————————————————————- Detected by RegRun Warrior: Item Name: RASACD.SYS Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS Type: Detected using Heuristic Algorithm The original RASACD.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.04.19 […]
More…

Restored: DMLOAD.SYS (infected by Alureon/TDSS)

Malware: C:\sand-box\Browser_UpDate_For_Free.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS —————————————————————————————————————————- Detected by RegRun Warrior: Item Name: DMLOAD.SYS Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS Type: Detected using Heuristic Algorithm The original DMLOAD.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.04.20 […]
More…

Restored: ..\SYSTEM32\DRIVERS\ATAPI.SYS

Malware: C:\sand-box\setup.exe —————————————————————————————————————————- Restored: C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS —————————————————————————————————————————- Detected by UnHackMe: Item Name: ATAPI.SYS Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS Type: Detected using Heuristic Algorithm The original ATAPI.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.04.16 […]
More…

Removed: _VOIDd.sys

Malware: C:\sand-box\install01.exe —————————————————————————————————————————- Removed: C:\WINDOWS\_VOIDtpdwqienbv\_VOIDd.sys —————————————————————————————————————————- After first reboot detected by UnHackMe: Item Name: _VOIDtpdwqienbv Author: Related File: C:\WINDOWS\_VOIDTPDWQIENBV\_VOIDD.SYS Type: Services detected by Partizan Item Name: _VOIDd.sys Author: Related File: \systemroot\system32\drivers\_VOIDbfjpaypdiv.sys Type: Services detected by Partizan Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result Kaspersky 7.0.0.125 2010.04.02 Trojan.Win32.Tdss.azxa McAfee […]
More…

Restored: PCI.SYS (The virus chooses a random driver for each infection)

Malware: C:\sand-box\1270595271.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.04.08 Trojan.Generic.3596524 Kaspersky 7.0.0.125 2010.04.08 Trojan.Win32.Tdss.baam Microsoft 1.5605 2010.04.08 Trojan:Win32/Alureon.CT NOD32 5009 2010.04.08 a variant of Win32/Kryptik.DNA —————————————————————————————————————————- Additional information File size: 83456 bytes MD5 : da805b061708e572d4c0af275549349d SHA1 : 3fc52e6bfb54f8d766066ba00ceb6a5499f2d527 SHA256: d95e1afacd03f36b74d3601aa3ce109f73bd9a3fc9bfe6822f41d88675c29311 —————————————————————————————————————————- Installation When the program is executed, it creates the […]
More…

Malware: 73_TDL3_24.02.2010_TDL3.27.exe

Malware: C:\sand-box\73_TDL3_24.02.2010_TDL3.27.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.03.02 Gen:Heur.Krypt.8 Kaspersky 7.0.0.125 2010.03.02 Trojan-GameThief.Win32.Magania.cwgq McAfee 5907 2010.03.01 DNSChanger.at Microsoft 1.5502 2010.03.02 Trojan:Win32/Alureon.CT NOD32 4909 2010.03.02 a variant of Win32/Kryptik.CPZ —————————————————————————————————————————- Additional information File size: 80896 bytes MD5   : 11f1560e6f0d5f85a18dfe99b4be1174 SHA1  : 71e071761c37d94647083508d6c6c413b0ba9246 SHA256: 8115dac8ce2f5e6edf66632c1a47b7e562359838db416079a02efe7abd5e6947 —————————————————————————————————————————- Installation When the program is executed, it creates the following […]
More…

Removed: setup_1904.exe

Malware: C:\sand-box\setup_1904.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\setup_1904.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.03.31 Rogue:W32/SecurityGuard.A Kaspersky 7.0.0.125 2010.03.31 Trojan.Win32.Tdss.azpf McAfee 5936 2010.03.30 DNSChanger.bf Microsoft 1.5605 2010.03.31 TrojanDownloader:Win32/FakeVimes NOD32 4986 2010.03.30 a variant of Win32/Kryptik.DHT —————————————————————————————————————————- Additional information File size: 201728 bytes MD5 : 6cb447d416e868f5840af78bb2d9fd30 SHA1 : 1167d155ffbb455353659f4fc30e162c876c0685 SHA256: d9ce036f6b25d812c16c3653a6b80d539491bfc30415e265e0f7f3d4752cba82 —————————————————————————————————————————- Installation When […]
More…

Removed: AtapiDrv.sys

Malware: C:\sand-box\load.exe Removed: C:\WINDOWS\system32\drivers\AtapiDrv.sys —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.04.01 Suspicious:W32/Malware!Gemini Kaspersky 7.0.0.125 2010.04.01 Trojan.Win32.Tdss.azvo McAfee 5937 2010.03.31 – Microsoft 1.5605 2010.03.31 – NOD32 4992 2010.04.01 a variant of Win32/Kryptik.DLH —————————————————————————————————————————- Additional information File size: 69120 bytes MD5 : 33157597db16fdfb9e5b47455bdd7a79 SHA1 : 5094366b2b31e81a0669148aa6df71d64beda573 SHA256: ab980e74feb1eb4ca9c60d7b4a7781f6e4c4cbfe0ab45124aaa479634a5042a9 —————————————————————————————————————————- Installation When the program is […]
More…

Restored: ATAPI.SYS

Malware: C:\sand-box\browser-player.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.03.26 Trojan.TDss.ABP Kaspersky 7.0.0.125 2010.03.26 Trojan.Win32.Tdss.ayhi McAfee 5931 2010.03.25 DNSChanger.as Microsoft 1.5605 2010.03.26 Trojan:Win32/Alureon.CT NOD32 4975 2010.03.25 a variant of Win32/Kryptik.DDG —————————————————————————————————————————- Additional information File size: 82432 bytes MD5   : c5d16aa2b08f1cc67df20011fc37d19f SHA1  : d1313bb9c67688bd093daf2d6a6160a35dd289eb SHA256: 5cd8b34b1dc1d486b9a31193aff9a209d7f91863a39312ea59e738d13715a90c —————————————————————————————————————————- Installation When the program is executed, it creates […]
More…

Restored: ATAPI.SYS

Malware: C:\sand-box\setup.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.03.30 – Kaspersky 7.0.0.125 2010.03.30 Trojan-Dropper.Win32.TDSS.ah McAfee 5935 2010.03.29 – Microsoft 1.5605 2010.03.30 – NOD32 4983 2010.03.29 – —————————————————————————————————————————- Additional information File size: 158208 bytes MD5 : 97924335f34b0e8a0a1ffe4f00db5398 SHA1 : 33e2d222f55750d5c7c8649c7a3754df2b8db433 SHA256: 8733c2b617f23c4ef829521af3300a7f8d330ef86c11d5eb0041cfeee320b18d —————————————————————————————————————————- Installation When the program is executed, it creates […]
More…

Restored: atapi.sys

Malware: C:\sand-box\setup.exe Restored: C:\WINDOWS\system32\drivers\atapi.sys —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.03.18 Trojan.Generic.KD.4129 Kaspersky 7.0.0.125 2010.03.18 Packed.Win32.Krap.aq McAfee 5923 2010.03.17 – Microsoft 1.5605 2010.03.17 – NOD32 4953 2010.03.17 Win32/Olmarik.VE —————————————————————————————————————————- Additional information File size: 97792 bytes MD5 : d0e968377723f43aefafb39c7170d081 SHA1 : c503c38b0a1afe92750dda76cadaaaf16cefa297 SHA256: 5964a315894ed349c8a01844c33519023109c6ba477c9490e7518f8f38cdd5b2 —————————————————————————————————————————- Installation When the program is executed, it creates […]
More…

Malware: dm.exe

Malware: C:\sand-box\dm.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.03.15 Backdoor:W32/TDSS.EN Kaspersky 7.0.0.125 2010.03.15 Trojan.Win32.Tdss.ayec McAfee 5921 2010.03.15 – Microsoft 1.5502 2010.03.12 – NOD32 4946 2010.03.15 a variant of Win32/Kryptik.DAS —————————————————————————————————————————- Additional information File size: 78336 bytes MD5 : fc3b03ce1ff40076415e072dde8b66d0 SHA1 : 906b7ed6bc3377ca433d6e1c987f91e5a831be24 SHA256: e1f92c5f89f9d9be8e04a39605dfc126c922fb26207981301d6ddb3955d867c5 —————————————————————————————————————————- Installation When the program is executed, it […]
More…

Malware: file.exe

Malware: file.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.03.15 Suspicious:W32/Malware!Gemini Kaspersky 7.0.0.125 2010.03.15 – McAfee 5920 2010.03.14 – Microsoft 1.5502 2010.03.12 – NOD32 4945 2010.03.15 a variant of Win32/Injector.BBG —————————————————————————————————————————- Additional information File size: 9728 bytes MD5 : 5910e59d592781cec3234abf57f8d000 SHA1 : 797a5b08ce2d5d8119d51d44ff16e14eaf2cba51 SHA256: 5c803a729fc41b2394209ab9e2d8d91113d0d543aeef74583d0868eb39fcd216 —————————————————————————————————————————- Installation When the program is executed, it […]
More…

Malware: update.exe

Malware: C:\sand-box\update.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.03.10 Gen:Heur.Krypt.8 Kaspersky 7.0.0.125 2010.03.10 – McAfee 5915 2010.03.09 DNSChanger.as Microsoft 1.5502 2010.03.10 Trojan:Win32/Alureon.CT NOD32 4930 2010.03.09 a variant of Win32/Kryptik.CVQ —————————————————————————————————————————- Additional information File size: 81920 bytes MD5 : e599256bb0c5860e946b206195895c94 SHA1 : 9ed4479945fda02d4f2e1c1a060ee50064d5d3bc SHA256: 9fe4eadee402faa21e3f8e4e33ea7a468c79307a83a21e2381a8955709d541c1 —————————————————————————————————————————- Installation When the program is executed, it […]
More…

Malware: setup.exe

Malware: C:\sand-box\setup.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.03.09 – Kaspersky 7.0.0.125 2010.03.09 – McAfee 5914 2010.03.08 DNSChanger.bb Microsoft 1.5502 2010.03.09 – NOD32 4927 2010.03.09 – —————————————————————————————————————————- Additional information File size: 133632 bytes MD5 : fb2bcd1211478df55a03a5fec5ba8906 SHA1 : 6c8ff5065c4be4e77abf7561cf731214a2d2c9b2 SHA256: a724fe0ef88064af7dbe26b29efd758aaccf21227275b3f91f7063b8c2f9b9a7 —————————————————————————————————————————- Installation When the program is executed, it creates the following […]
More…

Malware: auto.exe

Malware: C:\sand-box\auto.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.03.04 Gen:Heur.Krypt.8 Kaspersky 7.0.0.125 2010.03.04 – McAfee 5909 2010.03.03 DNSChanger.as Microsoft 1.5502 2010.03.04 Trojan:Win32/Alureon.CT NOD32 4913 2010.03.03 a variant of Win32/Kryptik.CPZ —————————————————————————————————————————- Additional information File size: 81408 bytes MD5 : 090d524dbae314bee4d7db36b26b0f66 SHA1 : 402dddc09ce824dc433de7b9b39762ee4ebca855 SHA256: c78064c4704ef5400b2c5b0a2d4a9ea2873b41ff880089381a6923fd2433df7d —————————————————————————————————————————- Installation When the program is executed, it […]
More…

Malware: ssl.exe

Malware: C:\sand-box\ssl.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.03.05 Gen:Heur.Krypt.8 Kaspersky 7.0.0.125 2010.03.05 Trojan.Win32.Tdss.awwo McAfee 5910 2010.03.04 DNSChanger.as Microsoft 1.5502 2010.03.05 Trojan:Win32/Alureon.CT NOD32 4917 2010.03.05 a variant of Win32/Kryptik.CPZ —————————————————————————————————————————- Additional information File size: 81920 bytes MD5 : 31f17b209815a3aa8a952f24baf33c16 SHA1 : 6bfdd317b6e46cc3b7146e76eacbb8e69e0ba452 SHA256: 89a1ca7d3d9d73bd4607ef658e52ac5d30460f819a7fc5a8500fd4bdeeb7cfde —————————————————————————————————————————- Installation When the program is executed, it […]
More…