zondag 28 december 2008

Haxfix version 5.0.51

Version 5.0.51
2008 12 28

Infection: TrojanSpy:Win32/Ambler.D - Trojan Nethell

O2 - BHO: Microsoft copyright - {0DDD155F-B89C-4f34-90F0-53D7BD21A37C} - mscont32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0DDD155F-B89C-4f34-90F0-53D7BD21A37C}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5EB96953-7D02-4594-AC15-F55FC9AACFCB}]
"StubPath"= "rundll32 mscont32.dll,InitModule"

Files:
system32\mscont32.dll
system32\sft.res


Infection: Troj/Ambler-G

O2 - BHO: Microsoft copyright - {32C620D6-CC10-4e6a-9715-BACACD5B0E61} - sxmg4.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32C620D6-CC10-4e6a-9715-BACACD5B0E61}

O21 - SSODL: WebProxy - {A744F16C-B2D5-4138-81A2-085CDFCDE83A} - sxmg4.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebProxy"="{A744F16C-B2D5-4138-81A2-085CDFCDE83A}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A744F16C-B2D5-4138-81A2-085CDFCDE83A}]
"StubPath"="rundll32 sxmg4.dll,InitModule"

Files:
system32\lt.res
system32\sft.res
system32\sn.txt
system32\sxmg4.dll


Infection: Troj/Ambler-G

O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}

O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebProxy"="{66186F05-BBBB-4a39-864F-72D84615C679}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{66186F05-BBBB-4a39-864F-72D84615C679}]
"StubPath"="rundll32 sockins32.dll,InitModule"

Files:
system32\lt.res
system32\sft.res
system32\sn.txt
system32\sockins32.dll



Infection: SpyBanker - Trojan Nethell

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{01BE3276-1420-45b5-9762-172C5C184EB7}]
"StubPath"= "rundll32 svchstb.dll,InitO

File:
system32\svchstb.dll


Infection: Spybanker - Trojan Nethell

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67525E1B-5B8E-41d4-AFCC-03CC04F141FA}]
"StubPath"="rundll32 rbsgam.dll,InitO"

Files:
system32\log.txt
system32\bb1.dat
system32\kaxs.dat
system32\ps1.dat
system32\rbsgam.dll
system32\rc.dat
%Windir%\inform.dat


Other files:
system32\kaxs.dat
system32\Spool\hpprintqueue.exe



Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.
Gepost door Marc op 10:30
Labels: ,

Geen opmerkingen:

Een reactie posten

Abonneren op: Reacties posten (Atom)