Version 5.0.52
2008 12 29
Infection: Trojan Nethell
O2 - BHO: Gamburg provider - {59D94AAD-0A67-417e-969B-8311296E8364} - condw32.dll
O2 - BHO: Gamburg provider - {59D94AAD-0A67-417e-969B-8311296E8364} - contrld.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59D94AAD-0A67-417e-969B-8311296E8364}
Files:
system32\alog.txt
system32\condw32.dll
system32\contrld.dll
system32\msft.txt
system32\ps1.dat
system32\rc.dat
Infection: Goldun
O20 - Winlogon Notify: swapdm - C:\WINDOWS\system32\swapdm.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\swapdm
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swapm
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\swapm.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\swapm.sys
Files:
system32\k86.bin
system32\swapdm.dll
system32\swapm.sys
Other related files:
system32\vkj.bin
Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.
How to remove Security Suite
2 jaar geleden
Posts
Geen opmerkingen:
Een reactie posten