Haxfix version 5.0.40

Version 5.0.40
2008 11 17

Infection: SpyBanker - Trojan Nethell

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2FDA60DF-6D94-4f16-A48C-3C4EC57FEF58}

File:
system32\nokia32.dll


Infection: Spy.Banker - Infostealer.Bancos

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{890C7964-9320-4055-BE11-7D7B562A6417}

Files:
system32\mstrans.dll
system32\mstrans1.dll


Infection: Goldun
O20 - Winlogon Notify: netwrp - C:\WINDOWS\SYSTEM32\netwrp.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\netwrp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netwp

Files:
system32\netwrp.dll
system32\netwp.sys
system32\a9k.bin


Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.