Version 5.0.43
2008 11 30
Infection: Goldun
O20 - Winlogon Notify: mckwave - C:\WINDOWS\system32\mckwave.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mckwave
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kwave
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\kwave.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\kwave.sys
Files:
system32\mckwave.dll
system32\kwave.sys
system32\drivers\mrxdavv.sys
Infection: Haxdoor
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sksdrvr2
File:
system32\sksdrvr2.sys
Infection: Goldun
O20 - Winlogon Notify: wrapkm - C:\WINDOWS\system32\wrapkm.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wrapkm
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wrapk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wrapk.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wrapk.sys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"advap32"=""%Temp%\load2.exe" /r"
Files:
system32\wrapkm.dll
system32\wrapk.sys
windows\wiaserviv.log
Infection: Goldun
O20 - Winlogon Notify: sbrige - C:\WINDOWS\system32\sbrige.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sbrige
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbunit.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sbunit.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sbunit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"rs32net"="%System%\rs32net.exe"
Files:
system32\rs32net.exe
system32\sbrige.dll
system32\sbunit.sys
Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.
How to remove Security Suite
2 jaar geleden
Posts
Geen opmerkingen:
Een reactie posten