Version 5.015
2008 09 07
Added:
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\spndt.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\spndt.sys]
Fixed a bug with some of the newer goldunvariants that use the notifykey.
Sometimes this notifykey is hidden.
Added detection for these browser helper objects:
{92617934-9abc-def0-0fed-fad682644311}
{68397934-9abc-def0-0fed-fad682644311}
{61468245-A343-CF27-3452-44DF4679BDF1}
{56262124-6251-5625-3072-548536364311}
{46278903-5678-2464-3452-545679092D31}
{68363724-9ABC-DEF0-0FED-FAD682644311}
{92617934-9ABC-DEF0-0FED-FAD48C654321}
{5240864B-FDFE-4563-3514-463926792311}
{13146842-6251-5625-3072-548536364311}
{62457936-6381-6170-3572-468926792311}
{5FCA4D4F-CBDD-4263-3814-463926792311}
{65194BCE-CBDD-4263-3814-463926792311}
{BCD2AF6E-4271-6572-6429-A63F26792311}
{80523A67-ABCD-CF37-3352-54DF4479BDF1}
{4A26217C-5521-3459-2345-AB36721975AF}
{78934132-3451-67A2-8919-678931572311}
{7548953E-4371-6552-6419-A43F26792311}
{73468251-2534-8760-3685-423479197575}
{81463526-1357-4638-2418-538263794561}
{0033669F-AADD-AA59-AA7D-AA4B78888000}
{00534B55-3155-CA4F-B41D-0E922121D03C}
{92617934-9ABC-DEF0-0FED-FAD48C654321}
{00534B55-3155-CA4F-B41D-0E922121D03C}
{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}
{DABCE839-3831-3818-AF3A-3837BCD324D2}
{DABCE839-3831-3818-AF3A-47D47A738D32}
{DABFC839-F831-3D1A-A33A-A7D4BA7C8D3D}
{0000AC13-3487-1583-C4BE-BE6A839DB000}
{AE1AA4FA-C3A2-4c33-90CD-69DD021A35C8}
Haxfix deletes the clsid and the file.
Added detection for goldunvariants that use the appinitkey.
Detection is done by MD5 check: 21 different MD5's at this moment.
Matching files that are not detected by MD5 check, will be enumerated.
May I ask you to upload these file in my bleeping channel: http://www.bleepingcomputer.com/submit-malware.php?channel=11
Use haxfix to remove this infection.
Removalinstructions for this infection, you can find
here or
here.