zaterdag 31 oktober 2009

Haxfix version 5.0.89

Version 5.089
2009 10 31

Infection: Goldun

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\semdpp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\semdpx
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semdpx.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semdpx.sys

Files:
system32\semdpp.dll
system32\semdpx.sys


Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.
Geplaatst door Marc op 9:35 0 reacties
Labels: ,

woensdag 7 oktober 2009

Haxfix version 5.0.88

Version 5.088
2009 10 07

Infection: SpyBanker

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d9ad1747-7b19-4dea-bc02-0ab12c4fc468}
system32\GbpDist.dl

Infection: Goldun

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sebdpp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sebdpx
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sebdpx.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sebdpx.sys
%Windir%\pxysdb.dat
system32\sebdpp.dll
system32\sebdpx.sys



Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.
Geplaatst door Marc op 20:25 0 reacties
Labels: ,

zaterdag 12 september 2009

Haxfix version 5.0.87

Version 5.087
2009 09 12

Infection: Goldun

Updated the appinit detection.


Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.
Geplaatst door Marc op 19:16 0 reacties
Labels: ,

vrijdag 11 september 2009

Haxfix version 5.0.86

Version 5.086
2009 09 11

Infection: Haxdoor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pdx
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pdx32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pdx32.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pdx32.sys
system32\cfgh.ini
system32\pdx.dll
system32\pdx32.sys


Infection: Trojan Ambler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f675c54f-60b6-4fd8-bba0-443c493305eb}

File:
system32\rant32.dll


Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.
Geplaatst door Marc op 21:18 0 reacties
Labels: ,

woensdag 12 augustus 2009

Haxfix version 5.0.85

Version 5.085
2009 08 12

Infection: Trojan Ambler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91704C3F-A675-4e0e-9FB7-B03E005EDDA7}

Files:
system32\systran.dll


Infection: Goldun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rgadtm
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rgadta
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rgadta.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rgadta.sys

Files:
system32\rgadtm.dll
system32\rgadta.sys



Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.
Geplaatst door Marc op 19:07 0 reacties
Labels: ,

zondag 26 juli 2009

Haxfix version 5.0.84

Version 5.084
2009 07 26

Infection: Goldun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rbadmm
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rbadmm
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rbadmm.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rbadmm.sys

Files:
system32\rbadma.sys
system32\rbadmm.dll


Infection: Goldun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rbadzm
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rbadza
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rbadza.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rbadza.sys

Files:
system32\rbadza.sys
system32\rbadzm.dll


Infection: Trojan Ambler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ED78190A-DFB2-4336-A960-979CD88F7A8D}


Infection: Trojan Amble
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61DC85A0-4A32-4c38-92CF-24652B3F416C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{544735C9-AE13-4721-9DE7-D529BE675038}

Files:
system32\locsock32.dll


Infection: Trojan Ambler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFF01325-0FC2-4749-8914-FBF0565AD9CC}

Files:
system32\jbnmcd.dll
system32\jbnmck.dll


Infection: Trojan Ambler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{480FA3BD-A372-4f65-9F8A-15DF38F4E2AB}

Files:
system32\pcmfd3.dll


Infection: Trojan Ambler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{996D4E16-517F-474a-870F-F882C6133C47}

Files:
system32\gacaq32.dll


Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.
Geplaatst door Marc op 19:49 0 reacties
Labels: ,

zaterdag 27 juni 2009

Haxfix version 5.0.83

Version 5.083
2009 06 27

Infection: Trojan Ambler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46B35542-A3CF-4cca-9C0B-259DB2FFF078}



Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.
Geplaatst door Marc op 21:32 0 reacties
Labels: ,
Abonneren op: Berichten (Atom)