donderdag 5 februari 2009

Haxfix version 5.0.61

Version 5.0.61
2009 02 05

Infection: Goldun
O20 - Winlogon Notify: tomto - C:\WINDOWS\system32\tomto.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tomto
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tomto
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tomto.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tomto.sys

Files:
system32\a9k.bin
system32\tomto.dll
system32\tomto.sys


Infection: Goldun
O20 - Winlogon Notify: iokey - C:\WINDOWS\system32\iokey.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iokey
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iokey
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iokey.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\iokey.sys

Files:
system32\a9k.bin
system32\iokey.dll
system32\iokey.sys



Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.

Geen opmerkingen: