zaterdag 30 augustus 2008

Haxfix Version 5.0.14

Version 5.014
2008 08 30

Files:
berzk.dll
core3.sys
irptp.sys
meth.bin
meth.plg
powerxt.dll
spndt.sys
xatcore.dll

Notifykeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\powerxt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xatcore

Services:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\core3
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\irptp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spndt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\core3.sys


Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.

dinsdag 26 augustus 2008

Haxfix version 5.0.13

Version 5.013
2008 08 26

Files:
windows\servicez.exe
windows\nvchost.exe
windows\winlogon.exe
system32\alog.txt
system32\crypto64.dll
system32\csrcli32.dll
system32\dpl.txt
%System%\info.txt
system32\NGIX.bin
system32\ntld.bin
system32\preved.bat
system32\ps1.dat
system32\rc.dat
system32\rdata.bin
system32\rhs.bin
system32\scrcwi32.dll
system32\sms.bat
system32\sys32time.dll
system32\winsms.bat
system32\winsms.dll
system32\cryptmd5.dll
system32\datcom.dll
system32\datmps.dll
system32\droute.dll
system32\dwave.sys
system32\dx9sr.sys
system32\emulx86.sys
system32\hdtvu6.dll
system32\hooka.sys
system32\ke64boot.dll
system32\kteproc.sys
system32\mcrwave.dll
system32\necsopp.sys
system32\nkudpn1.sys
system32\pcixm.sys
system32\pcixmm.dll
system32\pemulx86.dll
system32\routew.dll
system32\rotw.sys
system32\stfilter.dll
system32\syncm.sys
system32\syslink.dll
system32\tehlink0.dll
system32\tehlink5.sys
system32\wlite.sys

Notifykeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptmd5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\datcom
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\datmps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\droute
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hdtvu6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ke64boot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mcrwave
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pcixmm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pemulx86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\routew
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\stfilter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\syslink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tehlink0

Services:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dwave
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dx9sr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\emulx86
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hooka
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kteproc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\necsopp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nkudpn1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pcixm
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rotr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rotw
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\syncm
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tehlink5
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wlite


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kteproc.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\kteproc.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\syncm.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\syncm.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wlite.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wlite.sys

Runkeys:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nvchost"
"winlogon"
"Windows Services"
"KIT3"


Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.