Version 5.0.51
2008 12 28
Infection: TrojanSpy:Win32/Ambler.D - Trojan Nethell
O2 - BHO: Microsoft copyright - {0DDD155F-B89C-4f34-90F0-53D7BD21A37C} - mscont32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0DDD155F-B89C-4f34-90F0-53D7BD21A37C}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5EB96953-7D02-4594-AC15-F55FC9AACFCB}]
"StubPath"= "rundll32 mscont32.dll,InitModule"
Files:
system32\mscont32.dll
system32\sft.res
Infection: Troj/Ambler-G
O2 - BHO: Microsoft copyright - {32C620D6-CC10-4e6a-9715-BACACD5B0E61} - sxmg4.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32C620D6-CC10-4e6a-9715-BACACD5B0E61}
O21 - SSODL: WebProxy - {A744F16C-B2D5-4138-81A2-085CDFCDE83A} - sxmg4.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebProxy"="{A744F16C-B2D5-4138-81A2-085CDFCDE83A}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A744F16C-B2D5-4138-81A2-085CDFCDE83A}]
"StubPath"="rundll32 sxmg4.dll,InitModule"
Files:
system32\lt.res
system32\sft.res
system32\sn.txt
system32\sxmg4.dll
Infection: Troj/Ambler-G
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebProxy"="{66186F05-BBBB-4a39-864F-72D84615C679}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{66186F05-BBBB-4a39-864F-72D84615C679}]
"StubPath"="rundll32 sockins32.dll,InitModule"
Files:
system32\lt.res
system32\sft.res
system32\sn.txt
system32\sockins32.dll
Infection: SpyBanker - Trojan Nethell
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{01BE3276-1420-45b5-9762-172C5C184EB7}]
"StubPath"= "rundll32 svchstb.dll,InitO
File:
system32\svchstb.dll
Infection: Spybanker - Trojan Nethell
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67525E1B-5B8E-41d4-AFCC-03CC04F141FA}]
"StubPath"="rundll32 rbsgam.dll,InitO"
Files:
system32\log.txt
system32\bb1.dat
system32\kaxs.dat
system32\ps1.dat
system32\rbsgam.dll
system32\rc.dat
%Windir%\inform.dat
Other files:
system32\kaxs.dat
system32\Spool\hpprintqueue.exe
Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.
How to remove Security Suite
2 jaar geleden
Geen opmerkingen:
Een reactie posten