zondag 26 oktober 2008

Haxfix version 5.0.31

Version 5.0.31:
2008 10 26

Infection: Goldun.

O21 - SSODL: oledll - {12345B67-1234-1234-D123-7F84D123BC7D} - C:\WINDOWS\System32\wmldap.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"oledll" = "{12345B67-1234-1234-D123-7F84D123BC7D}"

File:
System32\wmldap.dll


Infection: Goldun.

O18 - Filter hijack: text/html - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\urikon.dll
O18 - Filter: text/plain - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\urikon.dll

O18 - Filter hijack: text/html - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\urinon.dll
O18 - Filter: text/plain - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\urinon.dll

O18 - Filter hijack: text/html - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\ursnon.dll
O18 - Filter: text/plain - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\ursnon.dll

O18 - Filter hijack: text/html - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\urunon.dll
O18 - Filter: text/plain - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\urunon.dll

O18 - Filter hijack: text/html - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\urwnon.dll
O18 - Filter: text/plain - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\urwnon.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html]
"CLSID = "{DC186800-657F-11D4-B0B5-0050BABFC904}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/plain]
"CLSID" = "{DC186800-657F-11D4-B0B5-0050BABFC904}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC186800-657F-11D4-B0B5-0050BABFC904}]

Files:
urikon.dll
urinon.dll
ursnon.dll
urunon.dll
urwnon.dll


Infection: Goldun.

scrcki32.dll

If scrcki32.dll or scrcwi32.dll is present in the system32 folder, the default path for this registrykey will be modified:
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

HaxFix will restore the default value: %systemroot%\system32\shell32.dll


Other related files:
%System%\spool\c.ini
%System%\spool\desktops.ini
%System%\spool\dr.ini


Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.
Gepost door Marc op 16:39
Labels: ,

Geen opmerkingen:

Een reactie posten

Abonneren op: Reacties posten (Atom)