vrijdag 24 oktober 2008

Haxfix Version 5.0.29

Version 5.0.29
2008 10 24

Infection Goldun.

O2 - BHO: (no name) - {7ACB5731-5839-13AB-EABC-124791194525} - C:\WINDOWS\ system32\msindeo.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7ACB5731-5839-13AB-EABC-124791194525}]

O21 - SSODL: msindeo.dll - {7ACB5731-5839-13AB-EABC-124791194525} - C:\WINDOWS\ system32\msindeo.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"msindeo.dll" = "{7ACB5731-5839-13AB-EABC-124791194525}"

File:
system32\msindeo.dll


Infection Haxdoor / Goldun.

O20 - Winlogon Notify: acpiz - C:\WINDOWS\SYSTEM32\acpiz.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acpiz]
O20 - Winlogon Notify: hpstp - C:\WINDOWS\SYSTEM32\hpstp.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hpstp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmram]

Files:
system32\acpiz.dll
system32\acup.sys
system32\dmram.sys
system32\hpstp.dll


Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.

Geen opmerkingen: