weidfsg.exe - Dangerous

weidfsg.exe

Manual removal instructions:

Antivirus Report of weidfsg.exe:
weidfsg.exe Malware
weidfsg.exeDangerous
weidfsg.exeHigh Risk
weidfsg.exe
We suggest you to remove dsewtds0.dll from your computer as soon as possible.
Dsewtds0.dll is Trojan/Backdoor.
Kill the file dsewtds0.dll and remove dsewtds0.dll from Windows startup.

File: uu.exe

Classification:
Code:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.08.10 Win32:Trojan-gen {Other}
AVG 8.5.0.406 2009.08.11 PSW.OnlineGames.2.S.dropper
BitDefender 7.2 2009.08.11 Trojan.Generic.1575632
Comodo 1941 2009.08.11 TrojWare.Win32.GameThief.Magania.awun
DrWeb 5.0.0.12182 2009.08.11 Trojan.MulDrop.31482
F-Secure 8.0.14470.0 2009.08.11 Trojan-GameThief.Win32.Magania.awun
Kaspersky 7.0.0.125 2009.08.11 Trojan-GameThief.Win32.Magania.awun
Microsoft 1.4903 2009.08.11 TrojanDropper:Win32/Small.RZ
NOD32 4325 2009.08.11 Win32/TrojanDropper.Agent.NJV
Symantec 1.4.4.12 2009.08.11 Spyware.Screenspy

Additional information
File size: 121856 bytes
MD5 : b8c3eb8004a1047ce80b4188850c20fb
SHA1 : 9a09c2ddce79ef0ede4bacee2620cb06284ca71c

Installation
When the program is executed, it creates the following registry subkeys and values:

----------------------------------
Keys added:3
----------------------------------
HKLM\SOFTWARE\Microsoft\ESENT\Process\iexplore
HKLM\SOFTWARE\Microsoft\ESENT\Process\iexplore\DEBUG
HKLM\SOFTWARE\Microsoft\DownloadManager

----------------------------------
Values added:3
----------------------------------
HKLM\SOFTWARE\Microsoft\ESENT\Process\iexplore\DEBUG\Trace Level: ""
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden: 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\nhkletd: "C:\WINDOWS\system32\weidfsg.exe"

----------------------------------
Values modified:2
----------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue: 0x00000000

----------------------------------
Files added:5
----------------------------------
C:\Documents and Settings\Administrator\Local Settings\Temp\ker1.tmp
C:\WINDOWS\system32\dsewtds0.dll
C:\WINDOWS\system32\weidfsg.exe
C:\autorun.inf
C:\dk.exe

----------------------------------
Files deleted:2
----------------------------------
C:\sand-box\uu.exe
C:\WINDOWS\Temp\Perflib_Perfdata_5e0.dat

----------------------------------
Files [attributes?] modified:0
----------------------------------

----------------------------------
Folders added:0
----------------------------------

----------------------------------
Folders deleted:0
----------------------------------

----------------------------------
Total changes:15
----------------------------------

-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:

Item Name: C:\autorun.inf
Author: Unknown
Related File: C:\autorun.inf
Type: Autorun.inf

Item Name: dsewtds0.dll
Author: Unknown
Related File: C:\WINDOWS\system32\dsewtds0.dll
Type: Detected using Heuristic Algorithm

Item Name: weidfsg.exe
Author: Unknown
Related File: C:\WINDOWS\system32\weidfsg.exe
Type: Detected using Heuristic Algorithm

Item Name: nhkletd
Author: Unknown
Related File: C:\WINDOWS\system32\weidfsg.exe
Type: Registry Run

Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------
autorun.inf

Code:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.05.07 -
AVG 8.5.0.327 2009.05.07 Worm/AutoRun
BitDefender 7.2 2009.05.08 Trojan.Autorun.AHC
Comodo 1154 2009.05.06 Unclassified Malware
DrWeb 5.0.0.12182 2009.05.08 -
F-Secure 8.0.14470.0 2009.05.08 -
Kaspersky 7.0.0.125 2009.05.08 -
Microsoft 1.4602 2009.05.07 -
NOD32 4061 2009.05.07 Win32/PSW.OnLineGames.NMY
Symantec 1.4.4.12 2009.05.08 -

Additional information
File size: 103 bytes
MD5 : aa64948bf8a2acbf10909387aae4a306
SHA1 : c78b195e8b6a77f3149ea37aa04534d95d2bfe15
-------------------------------------------------------------------------------------
weidfsg.exe

Code:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.06.18 Win32:Kavos
AVG 8.5.0.339 2009.06.18 PSW.OnlineGames.2.S
BitDefender 7.2 2009.06.19 Trojan.PWS.OnlineGames.KBVW
Comodo 1370 2009.06.19 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.0.12182 2009.06.18 Trojan.PWS.Wsgame.4983
F-Secure 8.0.14470.0 2009.06.18 Trojan-GameThief.Win32.Magania.awuv
Kaspersky 7.0.0.125 2009.06.19 Trojan-GameThief.Win32.Magania.awuv
Microsoft 1.4701 2009.06.19 Worm:Win32/Taterf.B
NOD32 4169 2009.06.19 Win32/PSW.OnLineGames.NMY
Symantec 1.4.4.12 2009.06.19 Infostealer.Lineage

Additional information
File size: 107898 bytes
MD5 : db0dca0c7e7719ee555b499c3032e4da
SHA1 : 4d26515ac22b19183580a3dc122f05abf410ed11
-------------------------------------------------------------------------------------
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)

Remove weidfsg.exe now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.