EZANGMGR.EXE is Trojan TDSS

March 2, 2012 by NightWatcher · Leave a Comment
Filed under: Malware 

Is the file EZANGMGR.EXE located on your computer? Then your computer is infected. We do suggest you should remove EZANGMGR.EXE from your computer as soon as possible. EZANGMGR.EXE is Trojan/Backdoor. Kill the process EZANGMGR.EXE and remove EZANGMGR.EXE from the Windows startup. Malware Analysis of EZANGMGR.EXE Full path on a computer: %SysDir%\ezangmgr.exe Detected by UnHackMe: Item [...]

Tags: EZANGMGR.EXE, TDSS, Trojan

TEMP:WINUPD.EXE is BackDoor TDSS

January 18, 2012 by NightWatcher · Leave a Comment
Filed under: Backdoor 

The program TEMP:WINUPD.EXE is used for hidden penetration into PC and its remote administration. UnHackMe is recommended as a reliable program for solving the problem with TEMP:WINUPD.EXE. Download for free: http://www.unhackme.com Malware Analysis of TEMP:WINUPD.EXE Full path on a computer: %LocalSettings%\Temp-winupd.exe Detected by RegRun Warrior: TEMP:WINUPD.EXE Default location: %LocalSettings%\Temp:winupd.exe Removal Results: Success Number of reboot: [...]

Tags: Backdoor, TDSS, TEMP:WINUPD.EXE

GG44.EXE is rootkit TDSS

October 30, 2011 by NightWatcher · Leave a Comment
Filed under: Rootkit 

Rootkit GG44.EXE is software that enables continued privileged access to a computer while actively hiding its presence. Detection and removal of GG44.EXE may be a very difficult process. You should use anti-rootkit software to fix the GG44.EXE problem. Malware Analysis of GG44.EXE Full path on a computer: c:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3467\gg44.exe Detected by UnHackMe: GG44.EXE Default location: c:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3467\gg44.exe [...]

Tags: GG44.EXE, Rootkit, TDSS

ESQULSERV.SYS is rootkit TDSS

October 15, 2011 by NightWatcher · Leave a Comment
Filed under: Rootkit 

Rootkit ESQULSERV.SYS is software that enables continued privileged access to a computer while actively hiding its presence. Detection and removal of ESQULSERV.SYS may be a very difficult process. You should use anti-rootkit software to fix the ESQULSERV.SYS problem. Malware Analysis of ESQULSERV.SYS Full path on a computer: %System%\drivers\ESQULserv.sys Detected by UnHackMe: ESQULSERV.SYS Default location: %System%\drivers\ESQULfvnsvnyymbcioriuwibiteoomywbspux.sys [...]

Tags: ESQULSERV.SYS, Rootkit, TDSS

SCVVHSOT.exe – trojan TDSS

June 25, 2011 by NightWatcher · Leave a Comment
Filed under: Malware 

Is the file dgfew8.exe located on your computer? Then your computer is infected. We do suggest you should remove dgfew8.exe from your computer as soon as possible. dgfew8.exe is Trojan/Backdoor. Kill the process dgfew8.exe and remove dgfew8.exe from the Windows startup. Malware Analysis of “SCVVHSOT.exe” Executed: e20219e1.exe Removed: SCVVHSOT.exe. Full path: C:\WINDOWS\system32\SCVVHSOT.exe —————————————————————————————————————————- Detected by [...]

Tags: SCVVHSOT.exe, TDSS, Trojan

VOLSNAP.SYS – rootkit TDSS

April 22, 2011 by NightWatcher · Leave a Comment
Filed under: Rootkit 

The system file VOLSNAP.SYS is infected with a virus. We recommend you to replace the VOLSNAP.SYS file with its backup copy. Malware Analysis of Fake System Tools “Windows Fix Disk”. Executed: C:\sand-box\496-new2.exe Removed: 18407220.exe. Full path: C:\Documents and Settings\All Users\Application Data\18407220.exe Restored: VOLSNAP.SYS —————————————————————————————————————————- Detected by UnHackMe: Item Name: sAaAVcAvvOACS Author: WinSCP Related File: C:\DOCUMENTS [...]

Tags: Rootkit, TDSS, VOLSNAP.SYS

Master Boot Record – infected rootkit TDL3+

March 18, 2011 by NightWatcher · Leave a Comment
Filed under: Rootkit 

Executed: 1gpresulta.exe Restored: Master Boot Record —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: Item Name: TDL MBR Rootkit Author: Unknown Related File: TDL MBR Rootkit Type: MBR 2. Multi AntiVirus scan: – none – Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- How to quickly detect malware presence? Check MBR Files: C:\Documents and Settings\Administrator\Local [...]

Tags: Master Boot Record, Rootkit, TDL3, TDSS

geurge.exe – rootkit TDSS

February 23, 2011 by NightWatcher · Leave a Comment
Filed under: Rootkit 

The file geurge.exe is identified as the Trojan Program that is used for stealing bank information and users passwords. To delete geurge.exe we recommend you to use UnHackMe: http://www.unhackme.com Malware: keygen.exe Removed: C:\Documents and Settings\Administrator\Application Data\updates\updates.exe C:\Documents and Settings\Administrator\Local Settings\Temp\geurge.exe C:\Documents and Settings\Administrator\Local Settings\Temp\tf9je.exe C:\Documents and Settings\Administrator\Local Settings\Temp\y78m4.exe C:\WINDOWS\system32\wbem\grpconv.exe Restored: Master Boot Record (MBR) C:\WINDOWS\system32\winlogon.exe [...]

Tags: Agent, geurge.exe, grpconv.exe, Master Boot Record, Rootkit, TDL3, TDSS, tf9je.exe, Trojan, updates.exe, y78m4.exe

Removed: RclDriver64.exe, qaiakem.exe; Restored: Master Boot Record (trojan VBKrypt, rootkit TDL4)

January 27, 2011 by NightWatcher · Leave a Comment
Filed under: Malware, Rootkit 

Malware: C:\sand-box\nsaf.exe Removed: C:\Documents and Settings\Administrator\Application Data\RclDriver64.exe C:\Documents and Settings\Administrator\qaiakem.exe Restored: Master Boot Record —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: Item Name: TDL MBR Rootkit Author: Unknown Related File: TDL MBR Rootkit Type: MBR Item Name: Realtek Sound Driver Author: Unknown Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\RCLDRIVER64.EXE Type: Registry Run Item Name: qaiakem [...]

Tags: cwsap.exe, ewsap.exe, Master Boot Record, RclDriver64.exe, Rootkit, TDL3, TDL4, TDSS, Trojan, VBKrypt

Restored: Master Boot Record (rootkit TDL4)

January 20, 2011 by NightWatcher · Leave a Comment
Filed under: Malware, Rootkit 

Malware: C:\sand-box\custom.exe Restored: Master Boot Record —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: Item Name: TDL MBR Rootkit Author: Unknown Related File: TDL MBR Rootkit Type: MBR 2. Multi AntiVirus scan: – none – Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.16160.0 2011.01.13 Gen:Variant.Kazy.7569 Microsoft 1.6402 [...]

Tags: Master Boot Record, Rootkit, TDL3, TDL4, TDSS

Removed: setupupdater0002.exe, ohydy.exe, regedit.exe, sdra64.exe, lsass.exe, svc.exe, svw.exe, svx.exe, ope17.exe, opeB.exe, fFollower.exe (multi trojan – TDSS, Zeus, FakeAV – Antimalware Doctor)

August 17, 2010 by NightWatcher · Leave a Comment
Filed under: FakeAV, Malware 

Malware: g16b2e.exe Removed: C:\Documents and Settings\Administrator\Application Data\B34B7AF9CB40065433C8C631C37A9A2D\setupupdater0002.exe C:\Documents and Settings\Administrator\Application Data\ohydy.exe C:\WINDOWS\system32\regedit.exe C:\WINDOWS\system32\sdra64.exe C:\WINDOWS\lsass.exe C:\WINDOWS\svc.exe C:\WINDOWS\svw.exe C:\WINDOWS\svx.exe C:\Documents and Settings\Administrator\Local Settings\Temp\ope17.exe C:\Documents and Settings\Administrator\Local Settings\Temp\opeB.exe C:\Documents and Settings\Administrator\Local Settings\Temp\fFollower.exe —————————————————————————————————————————- Detected by RegRun Warrior: 1. RegRun Reanimator: 1.1 Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, Type: UserInit Value 1.2 Item Name: Follower Author: Related [...]

Tags: Antimalware Doctor, fFollower.exe, lsass.exe, ohydy.exe, ope17.exe, opeB.exe, regedit.exe, sdra64.exe, setupupdater0002.exe, svc.exe, svw.exe, svx.exe, TDSS, Zeus

Removed: wmsdk64_32.exe, wscsvc32.exe, asd1.tmp.exe, asd2.tmp.exe (FakeAV – Antivirus :), trojan TDSS)

August 11, 2010 by NightWatcher · Leave a Comment
Filed under: FakeAV, Malware 

Malware: C:\sand-box\p3.bin Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\wmsdk64_32.exe C:\Documents and Settings\Administrator\Local Settings\Temp\wscsvc32.exe C:\Documents and Settings\Administrator\Local Settings\Temp\asd1.tmp.exe C:\Documents and Settings\Administrator\Local Settings\Temp\asd2.tmp.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: wmsdk64_32.exe Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WMSDK64_32.EXE Type: Registry Run Item Name: wscsvc32.exe Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WSCSVC32.EXE Type: Running Processes Item Name: asd2.tmp.exe Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\ASD2.TMP.EXE Type: Running [...]

Tags: ASD1.TMP.EXE, asd2.tmp.exe, TDSS, wmsdk64_32.exe, wscsvc32.exe

Removed: winlogon32.exe, SMSS32.EXE, ES15.EXE, HELPERS32.DLL, SE2010.EXE Restored: MOUCLASS.SYS (FakeAV – updated Security Essentials 2010 and TDL3+)

August 1, 2010 by NightWatcher · Leave a Comment
Filed under: FakeAV, Malware 

Malware: SetupFlashPlayerPatch.exe Removed: C:\WINDOWS\system32\winlogon32.exe C:\WINDOWS\SYSTEM32\SMSS32.EXE C:\WINDOWS\SYSTEM32\ES15.EXE C:\WINDOWS\SYSTEM32\HELPERS32.DLL C:\PROGRAM FILES\SECURITYESSENTIALS2010\SE2010.EXE Restored: C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS —————————————————————————————————————————- Some files were downloaded during testing. Detected by UnHackMe: Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\winlogon32.exe Type: UserInit Value Item Name: smss32.exe Author: Unknown Related File: C:\WINDOWS\SYSTEM32\SMSS32.EXE Type: Registry Run Item Name: ES15.exe Author: Related File: C:\WINDOWS\SYSTEM32\ES15.EXE Type: Running Processes After first [...]

Tags: ES15.EXE, helpers32.dll, MOUCLASS.SYS, SE2010.exe, Security Essentials 2010, smss32.exe, TDL3, TDSS, winlogon32.exe

Removed: xvsfym.exe, mgrls32.exe, ndisrd.sys, srenum.sys, msrun.exe, ntos.exe, sdra64.exe, Restored: C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS (trojan Meredrop combination of trojans Zeus (Zbot) and TDSS (TDL3 +)

July 11, 2010 by NightWatcher · Leave a Comment
Filed under: Malware 

Malware: 2f073.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\xvsfym.exe C:\RECYCLER\S-1-5-21-2353754676-5851395935-421277404-3452\mgrls32.exe C:\WINDOWS\system32\drivers\ndisrd.sys C:\WINDOWS\system32\drivers\srenum.sys C:\WINDOWS\system32\msrun.exe C:\WINDOWS\system32\ntos.exe C:\WINDOWS\system32\sdra64.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS —————————————————————————————————————————- Detected by UnHackMe: Item Name: UserInit Author: Unknown Related File: C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,C:\WINDOWS\system32\ntos.exe, Type: UserInit Value Item Name: Follower Author: Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fFollower.exe Type: Auto Services Item Name: ndisrd.sys Author: NT Kernel Resources Related File: C:\WINDOWS\SYSTEM32\DRIVERS\NDISRD.SYS Type: Drivers Item Name: 14598 [...]

Tags: Meredrop, mgrls32.exe, msrun.exe, ndisrd.sys, ntos.exe, PCI.SYS, sdra64.exe, srenum.sys, TDL3, TDSS, xvsfym.exe, Zbot, Zeus

Restored: C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS (trojan TDSS)

July 7, 2010 by NightWatcher · Leave a Comment
Filed under: Malware 

Malware: C:\sand-box\dm.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS —————————————————————————————————————————- Detected by UnHackMe: Item Name: Rootkit: TDL3+Mutant: 3006345f-6baf-4669-a7e1-aaa310564be9 Author: Unknown Related File: Type: Devices in Memory Item Name: TCPIP.SYS Author: Unknown Related File: C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS Type: System Drivers Infected by Rootkit The original TCPIP.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. How to quickly detect malware [...]

Tags: tcpip.sys, TDSS

Removed: AUTMGR32.EXE, wscsvc32.exe, defcnt.exe, defext.dll, PRAGMAd.sys (FakeAV – Defense Center, one of the options TDSS – PRAGMA)

July 5, 2010 by NightWatcher · Leave a Comment
Filed under: FakeAV, Malware 

Malware: C:\sand-box\WinSecurityInstaller.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\AUTMGR32.EXE C:\Documents and Settings\Administrator\Local Settings\Temp\wscsvc32.exe C:\Program Files\Defense Center\defcnt.exe C:\Program Files\Defense Center\defext.dll C:\WINDOWS\PRAGMAmbadmsbfni\PRAGMAd.sys —————————————————————————————————————————- Detected by UnHackMe: Item Name: wscsvc32.exe Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WSCSVC32.EXE Type: Running Processes Item Name: .exe Author: Unknown Related File: “C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AUTMGR32.EXE” /START “%1″ %* Type: Main File Extensions Item Name: SimpleShlExt Author: Unknown Related File: [...]

Tags: AUTMGR32.EXE, defcnt.exe, Defense Center, defext.dll, PRAGMA, PRAGMAD.SYS, TDSS, wscsvc32.exe

Restored: WS2IFSL.SYS (trojan TDSS/Alureon/Olmarik)

May 27, 2010 by NightWatcher · Leave a Comment
Filed under: Malware 

Malware: C:\sand-box\Ultimate Codes.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS —————————————————————————————————————————- Detected by RegRun Warrior: Item Name: WS2IFSL.SYS Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS Type: Detected using Heuristic Algorithm The original WS2IFSL.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 [...]

Tags: Alureon, Olmarik, TDSS, WS2IFSL.SYS

Removed: PRAGMAd.sys, wsdkrlxp.exe (variant of TDSS trojan)

May 26, 2010 by NightWatcher · Leave a Comment
Filed under: FakeAV, Malware 

Malware: C:\sand-box\ad.exe Removed: C:\WINDOWS\PRAGMAnlpcbvtkpy\PRAGMAd.sys C:\Documents and Settings\Administrator\Local Settings\Temp\wsdkrlxp.exe —————————————————————————————————————————- After first reboot detected by UnHackMe: Item Name: PRAGMAnlpcbvtkpy Author: Related File: C:\WINDOWS\PRAGMANLPCBVTKPY\PRAGMAD.SYS Type: Services detected by Partizan Item Name: wsdkrlxp.exe Author: Unknown Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WSDKRLXP.EXE Type: Registry Run Removal Results: Success Number of reboot: 2 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.26 [...]

Tags: PRAGMAD.SYS, TDSS, wsdkrlxp.exe

Restored: I8042PRT.SYS (trojan TDSS)

May 24, 2010 by NightWatcher · Leave a Comment
Filed under: Malware 

Malware: C:\sand-box\win.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS —————————————————————————————————————————- The original I8042PRT.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Item Name: I8042PRT.SYS Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS Type: Detected using Examiner mode Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.21 Trojan.TDss.ADV Kaspersky 7.0.0.125 2010.05.21 [...]

Tags: TDSS

Restored: INTELIDE.SYS (trojan TDSS/Alureon/Olmarik)

May 20, 2010 by NightWatcher · Leave a Comment
Filed under: Malware 

Malware: C:\sand-box\1.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\INTELIDE.SYS —————————————————————————————————————————- Detected by UnHackMe: Item Name: INTELIDE.SYS Related File: C:\WINDOWS\SYSTEM32\DRIVERS\INTELIDE.SYS Type: Detected using Heuristic Algorithm The original INTELIDE.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.20 Trojan.TDss.ADZ Kaspersky 7.0.0.125 2010.05.20 [...]

Tags: Alureon, INTELIDE.SYS, Olmarik, TDSS

Restored: C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS (trojan TDSS/Alureon)

May 14, 2010 by NightWatcher · Leave a Comment
Filed under: Malware 

Malware: C:\sand-box\setup.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS —————————————————————————————————————————- Detected by UnHackMe: Item Name: ATAPI.SYS Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS Type: Detected using Heuristic Algorithm The original ATAPI.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.13 – [...]

Tags: Alureon, ATAPI.SYS, TDSS

Restored: DISK.SYS (infected by Alureon/TDSS/Olmarik)

May 13, 2010 by NightWatcher · 3 Comments
Filed under: Malware 

Malware: C:\sand-box\in.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS —————————————————————————————————————————- Detected by RegRun Warrior: Item Name: DISK.SYS Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS Type: Detected using Heuristic Algorithm The original DISK.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.12 [...]

Tags: Alureon, DISK.SYS, Olmarik, TDSS

Removed: PRAGMAd.sys (variant of TDSS trojan – Alureon/Olmarik)

May 11, 2010 by NightWatcher · Leave a Comment
Filed under: Malware 

Malware: C:\sand-box\install01.exe Removed: C:\WINDOWS\PRAGMAqipfvcxnqq\PRAGMAd.sys —————————————————————————————————————————- After first reboot detected by UnHackMe: Item Name: PRAGMAqipfvcxnqq Author: Related File: C:\WINDOWS\PRAGMAQIPFVCXNQQ\PRAGMAD.SYS Type: Services detected by Partizan Removal Results: Success Number of reboot: 2 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.11 Gen:Variant.TDss.20 Kaspersky 7.0.0.125 2010.05.11 Trojan-Downloader.Win32.FraudLoad.xcxu Microsoft 1.5703 2010.05.11 Trojan:Win32/Alureon.gen!J NOD32 5105 2010.05.11 Win32/Olmarik.YX —————————————————————————————————————————- Additional [...]

Tags: Alureon, Olmarik, PRAGMAD.SYS, TDSS

Removed: PRAGMAd.sys (variant of TDSS trojan – Alureon)

May 4, 2010 by NightWatcher · Leave a Comment
Filed under: Malware 

Malware: C:\sand-box\install01.txt.exe Removed: C:\WINDOWS\PRAGMApoffyabwwk\PRAGMAd.sys —————————————————————————————————————————- After first reboot detected by UnHackMe: Item Name: PRAGMApoffyabwwk Author: Related File: C:\WINDOWS\PRAGMAPOFFYABWWK\PRAGMAD.SYS Type: Services detected by Partizan Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.05.03 Trojan.Generic.KD.9928 Kaspersky 7.0.0.125 2010.05.03 Trojan-Downloader.Win32.FraudLoad.xbiw Microsoft 1.5703 2010.05.03 Trojan:Win32/Alureon.gen!J NOD32 5083 2010.05.03 Win32/Olmarik.YA —————————————————————————————————————————- Additional [...]

Tags: PRAGMAc.dll, PRAGMAD.SYS, TDSS

Removed: PRAGMAD.SYS (variant of TDSS trojan – Olmarik)

April 28, 2010 by NightWatcher · Leave a Comment
Filed under: Malware 

Malware: C:\sand-box\install01.txt.exe Removed: C:\WINDOWS\PRAGMAKBFTIVFPJU\PRAGMAD.SYS —————————————————————————————————————————- After first reboot detected by UnHackMe: Item Name: PRAGMAkbftivfpju Author: Related File: C:\WINDOWS\PRAGMAKBFTIVFPJU\PRAGMAD.SYS Type: Services detected by Partizan Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.04.27 Trojan.Generic.KD.9045 Kaspersky 7.0.0.125 2010.04.27 Trojan.Win32.FraudPack.atiq Microsoft 1.5703 2010.04.27 – NOD32 5065 2010.04.27 Win32/Olmarik.YA —————————————————————————————————————————- Additional [...]

Tags: PRAGMAc.dll, PRAGMAD.SYS, TDSS

Removed: PRAGMAD.SYS (variant of TDSS trojan)

April 26, 2010 by NightWatcher · Leave a Comment
Filed under: Malware 

Malware: C:\sand-box\install01.txt.exe Removed: C:\WINDOWS\PRAGMANVSTYLPRXV\PRAGMAD.SYS C:\WINDOWS\PRAGMAnvstylprxv\PRAGMAc.dll —————————————————————————————————————————- After first reboot detected by UnHackMe: Item Name: PRAGMAnvstylprxv Author: Related File: C:\WINDOWS\PRAGMANVSTYLPRXV\PRAGMAD.SYS Type: Services detected by Partizan Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.04.26 Trojan.Generic.KD.8772 Kaspersky 7.0.0.125 2010.04.26 Trojan-Downloader.Win32.FraudLoad.xazh Microsoft 1.5703 2010.04.26 – NOD32 5061 2010.04.26 – —————————————————————————————————————————- [...]

Tags: PRAGMAc.dll, PRAGMAD.SYS, TDSS

Restored: RASACD.SYS (infected by Alureon/TDSS)

April 20, 2010 by NightWatcher · 1 Comment
Filed under: Malware 

Malware: C:\sand-box\dog.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS —————————————————————————————————————————- Detected by RegRun Warrior: Item Name: RASACD.SYS Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS Type: Detected using Heuristic Algorithm The original RASACD.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.04.19 [...]

Tags: Alureon, RASACD.SYS, TDSS

Restored: DMLOAD.SYS (infected by Alureon/TDSS)

April 20, 2010 by NightWatcher · 1 Comment
Filed under: Malware 

Malware: C:\sand-box\Browser_UpDate_For_Free.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS —————————————————————————————————————————- Detected by RegRun Warrior: Item Name: DMLOAD.SYS Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS Type: Detected using Heuristic Algorithm The original DMLOAD.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.04.20 [...]

Tags: Alureon, DMLOAD.SYS, TDSS

Restored: ..\SYSTEM32\DRIVERS\ATAPI.SYS

April 16, 2010 by NightWatcher · Leave a Comment
Filed under: Malware 

Malware: C:\sand-box\setup.exe —————————————————————————————————————————- Restored: C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS —————————————————————————————————————————- Detected by UnHackMe: Item Name: ATAPI.SYS Author: Microsoft Corporation Related File: C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS Type: Detected using Heuristic Algorithm The original ATAPI.SYS has been successfully restore using RegRun Warrior from the Windows installation CD. Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.04.16 [...]

Tags: ATAPI.SYS, TDSS

Removed: _VOIDd.sys

April 15, 2010 by NightWatcher · Leave a Comment
Filed under: Malware 

Malware: C:\sand-box\install01.exe —————————————————————————————————————————- Removed: C:\WINDOWS\_VOIDtpdwqienbv\_VOIDd.sys —————————————————————————————————————————- After first reboot detected by UnHackMe: Item Name: _VOIDtpdwqienbv Author: Related File: C:\WINDOWS\_VOIDTPDWQIENBV\_VOIDD.SYS Type: Services detected by Partizan Item Name: _VOIDd.sys Author: Related File: \systemroot\system32\drivers\_VOIDbfjpaypdiv.sys Type: Services detected by Partizan Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result Kaspersky 7.0.0.125 2010.04.02 Trojan.Win32.Tdss.azxa McAfee [...]

Tags: TDSS, _VOIDd.sys

Next Page »