BOOT.COM is Rootkit TDSS
Alex NightWatcher: Solved! Fix it immediately: Rootkit C:\resycled\boot.com is software that enables continued privileged access to a computer while actively hiding its presence. Detection and removal of C:\resycled\boot.com may be a very difficult process. You should use anti-rootkit software to fix the C:\resycled\boot.com problem. Malware Analysis of BOOT.COM Full path on a computer: C:\resycled\boot.com Detected [...]
EZANGMGR.EXE is Trojan TDSS
Alex NightWatcher: Solved! Fix it immediately: Is the file EZANGMGR.EXE located on your computer? Then your computer is infected. We do suggest you should remove EZANGMGR.EXE from your computer as soon as possible. EZANGMGR.EXE is Trojan/Backdoor. Kill the process EZANGMGR.EXE and remove EZANGMGR.EXE from the Windows startup. Malware Analysis of EZANGMGR.EXE Full path on a [...]
TEMP:WINUPD.EXE is BackDoor TDSS
Alex NightWatcher: Solved! Fix it immediately: The program TEMP:WINUPD.EXE is used for hidden penetration into PC and its remote administration. UnHackMe is recommended as a reliable program for solving the problem with TEMP:WINUPD.EXE. Download for free: http://www.unhackme.com Malware Analysis of TEMP:WINUPD.EXE Full path on a computer: %LocalSettings%\Temp-winupd.exe Detected by RegRun Warrior: TEMP:WINUPD.EXE Default location: %LocalSettings%\Temp:winupd.exe [...]
GG44.EXE is rootkit TDSS
Alex NightWatcher: Solved! Fix it immediately: Rootkit GG44.EXE is software that enables continued privileged access to a computer while actively hiding its presence. Detection and removal of GG44.EXE may be a very difficult process. You should use anti-rootkit software to fix the GG44.EXE problem. Malware Analysis of GG44.EXE Full path on a computer: c:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3467\gg44.exe Detected [...]
ESQULSERV.SYS is rootkit TDSS
Alex NightWatcher: Solved! Fix it immediately: Rootkit ESQULSERV.SYS is software that enables continued privileged access to a computer while actively hiding its presence. Detection and removal of ESQULSERV.SYS may be a very difficult process. You should use anti-rootkit software to fix the ESQULSERV.SYS problem. Malware Analysis of ESQULSERV.SYS Full path on a computer: %System%\drivers\ESQULserv.sys Detected [...]
SCVVHSOT.exe – trojan TDSS
Alex NightWatcher: Solved! Fix it immediately: Is the file dgfew8.exe located on your computer? Then your computer is infected. We do suggest you should remove dgfew8.exe from your computer as soon as possible. dgfew8.exe is Trojan/Backdoor. Kill the process dgfew8.exe and remove dgfew8.exe from the Windows startup. Malware Analysis of “SCVVHSOT.exe” Executed: e20219e1.exe Removed: SCVVHSOT.exe. [...]
VOLSNAP.SYS – rootkit TDSS
Alex NightWatcher: Solved! Fix it immediately: The system file VOLSNAP.SYS is infected with a virus. We recommend you to replace the VOLSNAP.SYS file with its backup copy. Malware Analysis of Fake System Tools “Windows Fix Disk”. Executed: C:\sand-box\496-new2.exe Removed: 18407220.exe. Full path: C:\Documents and Settings\All Users\Application Data\18407220.exe Restored: VOLSNAP.SYS —————————————————————————————————————————- Detected by UnHackMe: Item Name: [...]
Master Boot Record – infected rootkit TDL3+
Alex NightWatcher: Solved! Fix it immediately: Executed: 1gpresulta.exe Restored: Master Boot Record —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: Item Name: TDL MBR Rootkit Author: Unknown Related File: TDL MBR Rootkit Type: MBR 2. Multi AntiVirus scan: – none – Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? [...]
geurge.exe – rootkit TDSS
Alex NightWatcher: Solved! Fix it immediately: The file geurge.exe is identified as the Trojan Program that is used for stealing bank information and users passwords. To delete geurge.exe we recommend you to use UnHackMe: http://www.unhackme.com Malware: keygen.exe Removed: C:\Documents and Settings\Administrator\Application Data\updates\updates.exe C:\Documents and Settings\Administrator\Local Settings\Temp\geurge.exe C:\Documents and Settings\Administrator\Local Settings\Temp\tf9je.exe C:\Documents and Settings\Administrator\Local Settings\Temp\y78m4.exe C:\WINDOWS\system32\wbem\grpconv.exe [...]
Removed: RclDriver64.exe, qaiakem.exe; Restored: Master Boot Record (trojan VBKrypt, rootkit TDL4)
Alex NightWatcher: Solved! Fix it immediately: Malware: C:\sand-box\nsaf.exe Removed: C:\Documents and Settings\Administrator\Application Data\RclDriver64.exe C:\Documents and Settings\Administrator\qaiakem.exe Restored: Master Boot Record —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: Item Name: TDL MBR Rootkit Author: Unknown Related File: TDL MBR Rootkit Type: MBR Item Name: Realtek Sound Driver Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\RCLDRIVER64.EXE [...]
Restored: Master Boot Record (rootkit TDL4)
Alex NightWatcher: Solved! Fix it immediately: Malware: C:\sand-box\custom.exe Restored: Master Boot Record —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: Item Name: TDL MBR Rootkit Author: Unknown Related File: TDL MBR Rootkit Type: MBR 2. Multi AntiVirus scan: – none – Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result [...]
Removed: setupupdater0002.exe, ohydy.exe, regedit.exe, sdra64.exe, lsass.exe, svc.exe, svw.exe, svx.exe, ope17.exe, opeB.exe, fFollower.exe (multi trojan – TDSS, Zeus, FakeAV – Antimalware Doctor)
Alex NightWatcher: Solved! Fix it immediately: Malware: g16b2e.exe Removed: C:\Documents and Settings\Administrator\Application Data\B34B7AF9CB40065433C8C631C37A9A2D\setupupdater0002.exe C:\Documents and Settings\Administrator\Application Data\ohydy.exe C:\WINDOWS\system32\regedit.exe C:\WINDOWS\system32\sdra64.exe C:\WINDOWS\lsass.exe C:\WINDOWS\svc.exe C:\WINDOWS\svw.exe C:\WINDOWS\svx.exe C:\Documents and Settings\Administrator\Local Settings\Temp\ope17.exe C:\Documents and Settings\Administrator\Local Settings\Temp\opeB.exe C:\Documents and Settings\Administrator\Local Settings\Temp\fFollower.exe —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: 1.1 Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, Type: UserInit Value [...]
Removed: wmsdk64_32.exe, wscsvc32.exe, asd1.tmp.exe, asd2.tmp.exe (FakeAV – Antivirus :), trojan TDSS)
Alex NightWatcher: Solved! Fix it immediately: Malware: C:\sand-box\p3.bin Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\wmsdk64_32.exe C:\Documents and Settings\Administrator\Local Settings\Temp\wscsvc32.exe C:\Documents and Settings\Administrator\Local Settings\Temp\asd1.tmp.exe C:\Documents and Settings\Administrator\Local Settings\Temp\asd2.tmp.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: wmsdk64_32.exe Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WMSDK64_32.EXE Type: Registry Run Item Name: wscsvc32.exe Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WSCSVC32.EXE Type: Running Processes Item Name: asd2.tmp.exe Author: [...]
Removed: winlogon32.exe, SMSS32.EXE, ES15.EXE, HELPERS32.DLL, SE2010.EXE Restored: MOUCLASS.SYS (FakeAV – updated Security Essentials 2010 and TDL3+)
Alex NightWatcher: Solved! Fix it immediately: Malware: SetupFlashPlayerPatch.exe Removed: C:\WINDOWS\system32\winlogon32.exe C:\WINDOWS\SYSTEM32\SMSS32.EXE C:\WINDOWS\SYSTEM32\ES15.EXE C:\WINDOWS\SYSTEM32\HELPERS32.DLL C:\PROGRAM FILES\SECURITYESSENTIALS2010\SE2010.EXE Restored: C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS —————————————————————————————————————————- Some files were downloaded during testing. Detected by UnHackMe: Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\winlogon32.exe Type: UserInit Value Item Name: smss32.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\SMSS32.EXE Type: Registry Run Item Name: ES15.exe Author: Related File: [...]
Removed: xvsfym.exe, mgrls32.exe, ndisrd.sys, srenum.sys, msrun.exe, ntos.exe, sdra64.exe, Restored: C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS (trojan Meredrop combination of trojans Zeus (Zbot) and TDSS (TDL3 +)
Alex NightWatcher: Solved! Fix it immediately: Malware: 2f073.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\xvsfym.exe C:\RECYCLER\S-1-5-21-2353754676-5851395935-421277404-3452\mgrls32.exe C:\WINDOWS\system32\drivers\ndisrd.sys C:\WINDOWS\system32\drivers\srenum.sys C:\WINDOWS\system32\msrun.exe C:\WINDOWS\system32\ntos.exe C:\WINDOWS\system32\sdra64.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS —————————————————————————————————————————- Detected by UnHackMe: Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,C:\WINDOWS\system32\ntos.exe, Type: UserInit Value Item Name: Follower Author: Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fFollower.exe Type: Auto Services Item Name: ndisrd.sys Author: NT Kernel Resources Related File: [...]
Restored: C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS (trojan TDSS)
Alex NightWatcher: Solved! Fix it immediately: Restore TCPIP.SYS If you have missed TCPIP.SYS deleted by a rootkit, use it for free:
Removed: AUTMGR32.EXE, wscsvc32.exe, defcnt.exe, defext.dll, PRAGMAd.sys (FakeAV – Defense Center, one of the options TDSS – PRAGMA)
Alex NightWatcher: Solved! Fix it immediately: Malware: C:\sand-box\WinSecurityInstaller.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\AUTMGR32.EXE C:\Documents and Settings\Administrator\Local Settings\Temp\wscsvc32.exe C:\Program Files\Defense Center\defcnt.exe C:\Program Files\Defense Center\defext.dll C:\WINDOWS\PRAGMAmbadmsbfni\PRAGMAd.sys —————————————————————————————————————————- Detected by UnHackMe: Item Name: wscsvc32.exe Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WSCSVC32.EXE Type: Running Processes Item Name: .exe Author: Unknown Related File: “C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AUTMGR32.EXE” /START “%1″ %* Type: Main File Extensions Item [...]
Restored: WS2IFSL.SYS (trojan TDSS/Alureon/Olmarik)
Alex NightWatcher: Solved! Fix it immediately: Malware: C:\sand-box\Ultimate Codes.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS —————————————————————————————————————————- Detected by RegRun Warrior: Item Name: WS2IFSL.SYS Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS Type: Detected using Heuristic Algorithm The original WS2IFSL.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus [...]
Removed: PRAGMAd.sys, wsdkrlxp.exe (variant of TDSS trojan)
Alex NightWatcher: Solved! Fix it immediately: Malware: C:\sand-box\ad.exe Removed: C:\WINDOWS\PRAGMAnlpcbvtkpy\PRAGMAd.sys C:\Documents and Settings\Administrator\Local Settings\Temp\wsdkrlxp.exe —————————————————————————————————————————- After first reboot detected by UnHackMe: Item Name: PRAGMAnlpcbvtkpy Author: Related File: C:\WINDOWS\PRAGMANLPCBVTKPY\PRAGMAD.SYS Type: Services detected by Partizan Item Name: wsdkrlxp.exe Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WSDKRLXP.EXE Type: Registry Run Removal Results: Success Number of reboot: 2 —————————————————————————————————————————- Classification: Antivirus Version [...]
Restored: I8042PRT.SYS (trojan TDSS)
Alex NightWatcher: Solved! Fix it immediately: Malware: C:\sand-box\win.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS —————————————————————————————————————————- The original I8042PRT.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Item Name: I8042PRT.SYS Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS Type: Detected using Examiner mode Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure [...]
Restored: INTELIDE.SYS (trojan TDSS/Alureon/Olmarik)
Alex NightWatcher: Solved! Fix it immediately: Malware: C:\sand-box\1.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\INTELIDE.SYS —————————————————————————————————————————- Detected by UnHackMe: Item Name: INTELIDE.SYS Related File: C:\WINDOWS\SYSTEM32\DRIVERS\INTELIDE.SYS Type: Detected using Heuristic Algorithm The original INTELIDE.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure [...]
Restored: C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS (trojan TDSS/Alureon)
Alex NightWatcher: Solved! Fix it immediately: Malware: C:\sand-box\setup.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS —————————————————————————————————————————- Detected by UnHackMe: Item Name: ATAPI.SYS Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS Type: Detected using Heuristic Algorithm The original ATAPI.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last [...]
Restored: DISK.SYS (infected by Alureon/TDSS/Olmarik)
Alex NightWatcher: Solved! Fix it immediately: Malware: C:\sand-box\in.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS —————————————————————————————————————————- Detected by RegRun Warrior: Item Name: DISK.SYS Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS Type: Detected using Heuristic Algorithm The original DISK.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version [...]
Removed: PRAGMAd.sys (variant of TDSS trojan – Alureon/Olmarik)
Alex NightWatcher: Solved! Fix it immediately: Malware: C:\sand-box\install01.exe Removed: C:\WINDOWS\PRAGMAqipfvcxnqq\PRAGMAd.sys —————————————————————————————————————————- After first reboot detected by UnHackMe: Item Name: PRAGMAqipfvcxnqq Author: Related File: C:\WINDOWS\PRAGMAQIPFVCXNQQ\PRAGMAD.SYS Type: Services detected by Partizan Removal Results: Success Number of reboot: 2 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.11 Gen:Variant.TDss.20 Kaspersky 7.0.0.125 2010.05.11 Trojan-Downloader.Win32.FraudLoad.xcxu Microsoft 1.5703 2010.05.11 Trojan:Win32/Alureon.gen!J [...]
Removed: PRAGMAd.sys (variant of TDSS trojan – Alureon)
Alex NightWatcher: Solved! Fix it immediately: Malware: C:\sand-box\install01.txt.exe Removed: C:\WINDOWS\PRAGMApoffyabwwk\PRAGMAd.sys —————————————————————————————————————————- After first reboot detected by UnHackMe: Item Name: PRAGMApoffyabwwk Author: Related File: C:\WINDOWS\PRAGMAPOFFYABWWK\PRAGMAD.SYS Type: Services detected by Partizan Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.03 Trojan.Generic.KD.9928 Kaspersky 7.0.0.125 2010.05.03 Trojan-Downloader.Win32.FraudLoad.xbiw Microsoft 1.5703 2010.05.03 Trojan:Win32/Alureon.gen!J [...]
Removed: PRAGMAD.SYS (variant of TDSS trojan – Olmarik)
Alex NightWatcher: Solved! Fix it immediately: Malware: C:\sand-box\install01.txt.exe Removed: C:\WINDOWS\PRAGMAKBFTIVFPJU\PRAGMAD.SYS —————————————————————————————————————————- After first reboot detected by UnHackMe: Item Name: PRAGMAkbftivfpju Author: Related File: C:\WINDOWS\PRAGMAKBFTIVFPJU\PRAGMAD.SYS Type: Services detected by Partizan Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.04.27 Trojan.Generic.KD.9045 Kaspersky 7.0.0.125 2010.04.27 Trojan.Win32.FraudPack.atiq Microsoft 1.5703 2010.04.27 – [...]
Removed: PRAGMAD.SYS (variant of TDSS trojan)
Alex NightWatcher: Solved! Fix it immediately: Malware: C:\sand-box\install01.txt.exe Removed: C:\WINDOWS\PRAGMANVSTYLPRXV\PRAGMAD.SYS C:\WINDOWS\PRAGMAnvstylprxv\PRAGMAc.dll —————————————————————————————————————————- After first reboot detected by UnHackMe: Item Name: PRAGMAnvstylprxv Author: Related File: C:\WINDOWS\PRAGMANVSTYLPRXV\PRAGMAD.SYS Type: Services detected by Partizan Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.04.26 Trojan.Generic.KD.8772 Kaspersky 7.0.0.125 2010.04.26 Trojan-Downloader.Win32.FraudLoad.xazh Microsoft 1.5703 2010.04.26 [...]
Restored: RASACD.SYS (infected by Alureon/TDSS)
Alex NightWatcher: Solved! Fix it immediately: Malware: C:\sand-box\dog.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS —————————————————————————————————————————- Detected by RegRun Warrior: Item Name: RASACD.SYS Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS Type: Detected using Heuristic Algorithm The original RASACD.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version [...]
Restored: DMLOAD.SYS (infected by Alureon/TDSS)
Alex NightWatcher: Solved! Fix it immediately: Malware: C:\sand-box\Browser_UpDate_For_Free.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS —————————————————————————————————————————- Detected by RegRun Warrior: Item Name: DMLOAD.SYS Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS Type: Detected using Heuristic Algorithm The original DMLOAD.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version [...]
Restored: ..\SYSTEM32\DRIVERS\ATAPI.SYS
Alex NightWatcher: Solved! Fix it immediately: Malware: C:\sand-box\setup.exe —————————————————————————————————————————- Restored: C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS —————————————————————————————————————————- Detected by UnHackMe: Item Name: ATAPI.SYS Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS Type: Detected using Heuristic Algorithm The original ATAPI.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version [...]
