nspass4.sys - Dangerous
nspass4.sys
Manual removal instructions:
Antivirus Report of nspass4.sys:
nspass4.sys
We suggest you to remove 203Fuck.dll from your computer as soon as possible.
203Fuck.dll is Trojan/Backdoor.
Kill the file 203Fuck.dll and remove 203Fuck.dll from Windows startup.
File: 1.exe(C:\sand-box\1.exe)
Classification:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.07.13 -
AVG 8.5.0.387 2009.07.13 Win32/Heur
BitDefender 7.2 2009.07.14 Dropped:Generic.Malware.PVPk!g.F5FF8B1A
Comodo 1602 2009.07.14 -
DrWeb 5.0.0.12182 2009.07.14 -
F-Secure 8.0.14470.0 2009.07.14 Suspicious:W32/Malware!Gemini
K7AntiVirus 7.10.791 2009.07.13 -
NOD32 4240 2009.07.13 -
Symantec 1.4.4.12 2009.07.14 Trojan.Dropper
Additional information
File size: 29408 bytes
MD5 : 69aeef4efadec666811f20eb6d37e88e
SHA1 : 7b811da5e7379ae511b723651a0c8435d26c17c9
Installation
When the program is executed, it creates the following registry subkeys and values:
----------------------------------
Keys added:205
----------------------------------
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360SAFE.EXE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360SAFEBOX.EXE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360TRAY.EXE
...
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSCANX.EXE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WFINDV32.EXE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE
HKLM\SOFTWARE\Microsoft\DownloadManager
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_6TO4
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_6TO4\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MY260
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MY260\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK00
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK00\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK01
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK01\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK02
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK02\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK03
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK03\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK04
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK04\0000
HKLM\SYSTEM\CurrentControlSet\Services\6to4
HKLM\SYSTEM\CurrentControlSet\Services\6to4\Parameters
HKLM\SYSTEM\CurrentControlSet\Services\6to4\Security
HKLM\SYSTEM\CurrentControlSet\Services\MY260
HKLM\SYSTEM\CurrentControlSet\Services\MY260\Security
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk00
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk00\Security
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk01
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk01\Security
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk02
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk02\Security
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk03
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk03\Security
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk04
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk04\Security
----------------------------------
Values added:268
----------------------------------
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360SAFE.EXE\Debugger: "svchost.exe"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360SAFEBOX.EXE\Debugger: "svchost.exe"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360TRAY.EXE\Debugger: "svchost.exe"
...
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSCANX.EXE\Debugger: "svchost.exe"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WFINDV32.EXE\Debugger: "svchost.exe"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE\Debugger: "svchost.exe"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_6TO4\0000\Service: "6to4"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_6TO4\0000\Legacy: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_6TO4\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_6TO4\0000\Class: "LegacyDriver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_6TO4\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_6TO4\0000\DeviceDesc: "Microsoft Kernel 6to4 Service"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_6TO4\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MY260\0000\Service: "MY260"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MY260\0000\Legacy: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MY260\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MY260\0000\Class: "LegacyDriver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MY260\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MY260\0000\DeviceDesc: "MY260"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MY260\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK00\0000\Service: "MyMyDk00"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK00\0000\Legacy: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK00\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK00\0000\Class: "LegacyDriver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK00\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK00\0000\DeviceDesc: "MyMyDk00"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK00\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK01\0000\Service: "MyMyDk01"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK01\0000\Legacy: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK01\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK01\0000\Class: "LegacyDriver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK01\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK01\0000\DeviceDesc: "MyMyDk01"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK01\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK02\0000\Service: "MyMyDk02"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK02\0000\Legacy: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK02\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK02\0000\Class: "LegacyDriver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK02\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK02\0000\DeviceDesc: "MyMyDk02"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK02\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK03\0000\Service: "MyMyDk03"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK03\0000\Legacy: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK03\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK03\0000\Class: "LegacyDriver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK03\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK03\0000\DeviceDesc: "MyMyDk03"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK03\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK04\0000\Service: "MyMyDk04"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK04\0000\Legacy: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK04\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK04\0000\Class: "LegacyDriver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK04\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK04\0000\DeviceDesc: "MyMyDk04"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK04\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\6to4\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\6to4\Parameters\ServiceDll: "C:\WINDOWS\system32\92109.dll"
HKLM\SYSTEM\CurrentControlSet\Services\6to4\Type: 0x00000020
HKLM\SYSTEM\CurrentControlSet\Services\6to4\Start: 0x00000002
HKLM\SYSTEM\CurrentControlSet\Services\6to4\ErrorControl: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\6to4\ImagePath: "%SystemRoot%\system32\svchost.exe -k netsvcs"
HKLM\SYSTEM\CurrentControlSet\Services\6to4\DisplayName: "Microsoft Kernel 6to4 Service"
HKLM\SYSTEM\CurrentControlSet\Services\6to4\ObjectName: "LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Services\MY260\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\MY260\Type: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\MY260\Start: 0x00000003
HKLM\SYSTEM\CurrentControlSet\Services\MY260\ErrorControl: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\MY260\ImagePath: "\??\C:\WINDOWS\system32\Drivers\NsDnldr3.sys"
HKLM\SYSTEM\CurrentControlSet\Services\MY260\DisplayName: "MY260"
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk00\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk00\Type: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk00\Start: 0x00000003
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk00\ErrorControl: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk00\ImagePath: "\??\C:\WINDOWS\system32\Drivers\NsPass0.sys"
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk00\DisplayName: "MyMyDk00"
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk01\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk01\Type: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk01\Start: 0x00000003
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk01\ErrorControl: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk01\ImagePath: "\??\C:\WINDOWS\system32\Drivers\NsPass1.sys"
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk01\DisplayName: "MyMyDk01"
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk02\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk02\Type: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk02\Start: 0x00000003
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk02\ErrorControl: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk02\ImagePath: "\??\C:\WINDOWS\system32\Drivers\NsPass2.sys"
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk02\DisplayName: "MyMyDk02"
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk03\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk03\Type: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk03\Start: 0x00000003
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk03\ErrorControl: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk03\ImagePath: "\??\C:\WINDOWS\system32\Drivers\NsPass3.sys"
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk03\DisplayName: "MyMyDk03"
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk04\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk04\Type: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk04\Start: 0x00000003
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk04\ErrorControl: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk04\ImagePath: "\??\C:\WINDOWS\system32\Drivers\NsPass4.sys"
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk04\DisplayName: "MyMyDk04"
----------------------------------
Values modified:0
----------------------------------
----------------------------------
Files added:10
----------------------------------
C:\Documents and Settings\Administrator\Local Settings\Temp\203Fuck.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\97140.bat
C:\WINDOWS\system32\drivers\NsDnldr3.sys
C:\WINDOWS\system32\drivers\NsPass0.sys
C:\WINDOWS\system32\drivers\NsPass1.sys
C:\WINDOWS\system32\drivers\NsPass2.sys
C:\WINDOWS\system32\drivers\NsPass3.sys
C:\WINDOWS\system32\drivers\NsPass4.sys
C:\WINDOWS\system32\92109.dll
C:\WINDOWS\system32\winavproc.dll
----------------------------------
Files deleted:1
----------------------------------
C:\sand-box\1.exe
----------------------------------
Files [attributes?] modified:4
----------------------------------
C:\Documents and Settings\NetworkService\Cookies\index.dat
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
C:\WINDOWS\system32\drivers\etc\hosts
----------------------------------
Folders added:0
----------------------------------
----------------------------------
Folders deleted:0
----------------------------------
----------------------------------
Folders attributes changed:2
----------------------------------
C:\Documents and Settings\NetworkService\Local Settings\History
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files
----------------------------------
Total changes:490
----------------------------------
-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:
Item Name: 6to4
Author: Unknown
Related File: C:\WINDOWS\system32\92109.dll
Type: Svchost DLLs
After first reboot detected by RegRun Reanimator:
Item Name: MY260
Author:
Related File: \??\C:\WINDOWS\system32\Drivers\NsDnldr3.sys
Type: Services detected by Partizan
Item Name: MyMyDk00
Author:
Related File: \??\C:\WINDOWS\system32\Drivers\NsPass0.sys
Type: Services detected by Partizan
Item Name: MyMyDk01
Author:
Related File: \??\C:\WINDOWS\system32\Drivers\NsPass1.sys
Type: Services detected by Partizan
Item Name: MyMyDk02
Author:
Related File: \??\C:\WINDOWS\system32\Drivers\NsPass2.sys
Type: Services detected by Partizan
Item Name: MyMyDk03
Author:
Related File: \??\C:\WINDOWS\system32\Drivers\NsPass3.sys
Type: Services detected by Partizan
Item Name: MyMyDk04
Author:
Related File: \??\C:\WINDOWS\system32\Drivers\NsPass4.sys
Type: Services detected by Partizan
Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
nspass4.sys | Malware |
nspass4.sys | Dangerous |
nspass4.sys | High Risk |
203Fuck.dll is Trojan/Backdoor.
Kill the file 203Fuck.dll and remove 203Fuck.dll from Windows startup.
File: 1.exe(C:\sand-box\1.exe)
Classification:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.07.13 -
AVG 8.5.0.387 2009.07.13 Win32/Heur
BitDefender 7.2 2009.07.14 Dropped:Generic.Malware.PVPk!g.F5FF8B1A
Comodo 1602 2009.07.14 -
DrWeb 5.0.0.12182 2009.07.14 -
F-Secure 8.0.14470.0 2009.07.14 Suspicious:W32/Malware!Gemini
K7AntiVirus 7.10.791 2009.07.13 -
NOD32 4240 2009.07.13 -
Symantec 1.4.4.12 2009.07.14 Trojan.Dropper
Additional information
File size: 29408 bytes
MD5 : 69aeef4efadec666811f20eb6d37e88e
SHA1 : 7b811da5e7379ae511b723651a0c8435d26c17c9
Installation
When the program is executed, it creates the following registry subkeys and values:
----------------------------------
Keys added:205
----------------------------------
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360SAFE.EXE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360SAFEBOX.EXE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360TRAY.EXE
...
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSCANX.EXE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WFINDV32.EXE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE
HKLM\SOFTWARE\Microsoft\DownloadManager
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_6TO4
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_6TO4\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MY260
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MY260\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK00
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK00\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK01
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK01\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK02
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK02\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK03
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK03\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK04
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK04\0000
HKLM\SYSTEM\CurrentControlSet\Services\6to4
HKLM\SYSTEM\CurrentControlSet\Services\6to4\Parameters
HKLM\SYSTEM\CurrentControlSet\Services\6to4\Security
HKLM\SYSTEM\CurrentControlSet\Services\MY260
HKLM\SYSTEM\CurrentControlSet\Services\MY260\Security
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk00
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk00\Security
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk01
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk01\Security
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk02
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk02\Security
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk03
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk03\Security
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk04
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk04\Security
----------------------------------
Values added:268
----------------------------------
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360SAFE.EXE\Debugger: "svchost.exe"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360SAFEBOX.EXE\Debugger: "svchost.exe"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360TRAY.EXE\Debugger: "svchost.exe"
...
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSCANX.EXE\Debugger: "svchost.exe"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WFINDV32.EXE\Debugger: "svchost.exe"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE\Debugger: "svchost.exe"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_6TO4\0000\Service: "6to4"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_6TO4\0000\Legacy: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_6TO4\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_6TO4\0000\Class: "LegacyDriver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_6TO4\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_6TO4\0000\DeviceDesc: "Microsoft Kernel 6to4 Service"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_6TO4\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MY260\0000\Service: "MY260"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MY260\0000\Legacy: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MY260\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MY260\0000\Class: "LegacyDriver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MY260\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MY260\0000\DeviceDesc: "MY260"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MY260\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK00\0000\Service: "MyMyDk00"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK00\0000\Legacy: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK00\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK00\0000\Class: "LegacyDriver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK00\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK00\0000\DeviceDesc: "MyMyDk00"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK00\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK01\0000\Service: "MyMyDk01"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK01\0000\Legacy: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK01\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK01\0000\Class: "LegacyDriver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK01\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK01\0000\DeviceDesc: "MyMyDk01"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK01\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK02\0000\Service: "MyMyDk02"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK02\0000\Legacy: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK02\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK02\0000\Class: "LegacyDriver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK02\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK02\0000\DeviceDesc: "MyMyDk02"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK02\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK03\0000\Service: "MyMyDk03"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK03\0000\Legacy: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK03\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK03\0000\Class: "LegacyDriver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK03\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK03\0000\DeviceDesc: "MyMyDk03"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK03\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK04\0000\Service: "MyMyDk04"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK04\0000\Legacy: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK04\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK04\0000\Class: "LegacyDriver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK04\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK04\0000\DeviceDesc: "MyMyDk04"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYMYDK04\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\6to4\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\6to4\Parameters\ServiceDll: "C:\WINDOWS\system32\92109.dll"
HKLM\SYSTEM\CurrentControlSet\Services\6to4\Type: 0x00000020
HKLM\SYSTEM\CurrentControlSet\Services\6to4\Start: 0x00000002
HKLM\SYSTEM\CurrentControlSet\Services\6to4\ErrorControl: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\6to4\ImagePath: "%SystemRoot%\system32\svchost.exe -k netsvcs"
HKLM\SYSTEM\CurrentControlSet\Services\6to4\DisplayName: "Microsoft Kernel 6to4 Service"
HKLM\SYSTEM\CurrentControlSet\Services\6to4\ObjectName: "LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Services\MY260\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\MY260\Type: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\MY260\Start: 0x00000003
HKLM\SYSTEM\CurrentControlSet\Services\MY260\ErrorControl: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\MY260\ImagePath: "\??\C:\WINDOWS\system32\Drivers\NsDnldr3.sys"
HKLM\SYSTEM\CurrentControlSet\Services\MY260\DisplayName: "MY260"
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk00\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk00\Type: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk00\Start: 0x00000003
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk00\ErrorControl: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk00\ImagePath: "\??\C:\WINDOWS\system32\Drivers\NsPass0.sys"
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk00\DisplayName: "MyMyDk00"
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk01\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk01\Type: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk01\Start: 0x00000003
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk01\ErrorControl: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk01\ImagePath: "\??\C:\WINDOWS\system32\Drivers\NsPass1.sys"
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk01\DisplayName: "MyMyDk01"
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk02\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk02\Type: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk02\Start: 0x00000003
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk02\ErrorControl: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk02\ImagePath: "\??\C:\WINDOWS\system32\Drivers\NsPass2.sys"
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk02\DisplayName: "MyMyDk02"
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk03\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk03\Type: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk03\Start: 0x00000003
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk03\ErrorControl: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk03\ImagePath: "\??\C:\WINDOWS\system32\Drivers\NsPass3.sys"
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk03\DisplayName: "MyMyDk03"
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk04\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk04\Type: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk04\Start: 0x00000003
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk04\ErrorControl: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk04\ImagePath: "\??\C:\WINDOWS\system32\Drivers\NsPass4.sys"
HKLM\SYSTEM\CurrentControlSet\Services\MyMyDk04\DisplayName: "MyMyDk04"
----------------------------------
Values modified:0
----------------------------------
----------------------------------
Files added:10
----------------------------------
C:\Documents and Settings\Administrator\Local Settings\Temp\203Fuck.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\97140.bat
C:\WINDOWS\system32\drivers\NsDnldr3.sys
C:\WINDOWS\system32\drivers\NsPass0.sys
C:\WINDOWS\system32\drivers\NsPass1.sys
C:\WINDOWS\system32\drivers\NsPass2.sys
C:\WINDOWS\system32\drivers\NsPass3.sys
C:\WINDOWS\system32\drivers\NsPass4.sys
C:\WINDOWS\system32\92109.dll
C:\WINDOWS\system32\winavproc.dll
----------------------------------
Files deleted:1
----------------------------------
C:\sand-box\1.exe
----------------------------------
Files [attributes?] modified:4
----------------------------------
C:\Documents and Settings\NetworkService\Cookies\index.dat
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
C:\WINDOWS\system32\drivers\etc\hosts
----------------------------------
Folders added:0
----------------------------------
----------------------------------
Folders deleted:0
----------------------------------
----------------------------------
Folders attributes changed:2
----------------------------------
C:\Documents and Settings\NetworkService\Local Settings\History
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files
----------------------------------
Total changes:490
----------------------------------
-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:
Item Name: 6to4
Author: Unknown
Related File: C:\WINDOWS\system32\92109.dll
Type: Svchost DLLs
After first reboot detected by RegRun Reanimator:
Item Name: MY260
Author:
Related File: \??\C:\WINDOWS\system32\Drivers\NsDnldr3.sys
Type: Services detected by Partizan
Item Name: MyMyDk00
Author:
Related File: \??\C:\WINDOWS\system32\Drivers\NsPass0.sys
Type: Services detected by Partizan
Item Name: MyMyDk01
Author:
Related File: \??\C:\WINDOWS\system32\Drivers\NsPass1.sys
Type: Services detected by Partizan
Item Name: MyMyDk02
Author:
Related File: \??\C:\WINDOWS\system32\Drivers\NsPass2.sys
Type: Services detected by Partizan
Item Name: MyMyDk03
Author:
Related File: \??\C:\WINDOWS\system32\Drivers\NsPass3.sys
Type: Services detected by Partizan
Item Name: MyMyDk04
Author:
Related File: \??\C:\WINDOWS\system32\Drivers\NsPass4.sys
Type: Services detected by Partizan
Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.