HaxFix version 5.0.66

Version 5.0.66
2009 02 24

Infection: Goldun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\utsync
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uvsync
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uvsync.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uvsync.sys

Files:
system32\a9k.bin
system32\hrpdcf.bin
system32\utsync.dll
system32\uvsync.sys


Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.

HaxFix version 5.0.65

Version 5.0.65
2009 02 22

Infection Goldun:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\i975gl
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mjva
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mjva.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mjva.sys

Files:
system32\a9k.bin
system32\i975gl.dll
system32\mjva.sys
system32\z98.bin

Infection Goldun:
Detection updated for the variants that are using the orphaned service registrykeys



Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.

HaxFix version 5.0.64

Version 5.0.64
2009 02 16

Infection: Goldun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\eeekp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eeekp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\eeekp.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\eeekp.sys

Files:
system32\a9k.bin
system32\eeekp.sll
system32\eeekp.sys
system32\wdh.bin


Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.

HaxFix version 5.0.63

Version 5.0.63
2009 02 08

Infection: Troj/Ambler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CC2F638-99FF-45d2-97C7-E30E83CF04D2}

Files:
system32\ak
system32\alog.txt
system32\bb1.dat
system32\cs.dat
system32\ps1.dat
system32\rc.dat
system32\tb.dr
system32\ipv6sp.dll



Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.

Haxfix version 5.0.62

Version 5.0.62
2009 02

Infection: Troj/Ambler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6607E676-1BDE-4cb3-9913-4DC5EBCAE35E}

Files:
system32\alog.txt
system32\conf.dat
system32\cs.dat
system32\ps1.dat
system32\rc.dat
system32\unifff.dll



Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.

Haxfix version 5.0.61

Version 5.0.61
2009 02 05

Infection: Goldun
O20 - Winlogon Notify: tomto - C:\WINDOWS\system32\tomto.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tomto
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tomto
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tomto.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tomto.sys

Files:
system32\a9k.bin
system32\tomto.dll
system32\tomto.sys


Infection: Goldun
O20 - Winlogon Notify: iokey - C:\WINDOWS\system32\iokey.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iokey
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iokey
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iokey.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\iokey.sys

Files:
system32\a9k.bin
system32\iokey.dll
system32\iokey.sys



Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.

HaxFix version 5.0.60

Version 5.0.60
2009 02 04

Infection: Goldun

Detection updated for the variants that are using the orphaned service registrykeys and the appinit key.