zaterdag 27 december 2008

Haxfix version 5.0.50

Version 5.0.50
2008 12 27

Infection: Goldun

O20 - Winlogon Notify: modzlib - C:\WINDOWS\system32\modzlib.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\modzlib

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gzvba.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\gzvba.sys

Files:
system32\modzlib.dll
system32\gzvba.sys


Infection: Trojan-Downloader.Win32.BHO.aej - TrojanSpy:Win32/Ambler.D - Trojan-Dropper.Win32.Ambler

O2 - BHO: Google plugin - {18CACF0E-72A4-4be1-AA42-DC2ECDB197F1} - C:\WINDOWS\system32\kcms.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18CACF0E-72A4-4be1-AA42-DC2ECDB197F1}

Files:
system32\alog.txt
system32\bb1.dat
system32\kcms.dll
system32\mx
system32\ps1.dat
system32\rc.dat


Infection: Virus.Neshta - Trojan-Banker.Win32.Banker.ghd - TSPY_BANKER.LJU TrojanSpy:Win32/Ambler.A - Trojan-Spy.Win32.Banker

Files:
system32\accs.txt
system32\cookie.dat
system32\ps.dat



Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.

Geen opmerkingen: