woensdag 21 januari 2009

Haxfix version 5.0.59

Verion 5.0.59
2009 01 21

Infection: Goldun

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rssync
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdsync
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rdsync.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsync.sys

Files:
system32\a9k.bin
system32\hrpdcf.bin
system32\rdsync.sys
system32\rssync.dll


Infection: Banker Trojan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6458C00E-EF7F-4f06-9E06-49EA923386FD}
HKEY_LOCAL_MACHINE\SOFTWARE\AmSoft

File:
system32\kj32.dll


Infection: Trojan/Ambler

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{89F2C12A-027A-4de3-88F6-9F31A1C0F17C}

Files:
system32\alog.txt
system32\bb1.dat
system32\cs.dat
system32\ps1.dat
system32\rc.dat
system32\rs
system32\tb.dr
system32\xlk.dll
system32\xwa.dll



Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.

Geen opmerkingen: