Version 5.0.61
2009 02 05
Infection: Goldun
O20 - Winlogon Notify: tomto - C:\WINDOWS\system32\tomto.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tomto
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tomto
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tomto.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tomto.sys
Files:
system32\a9k.bin
system32\tomto.dll
system32\tomto.sys
Infection: Goldun
O20 - Winlogon Notify: iokey - C:\WINDOWS\system32\iokey.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iokey
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iokey
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iokey.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\iokey.sys
Files:
system32\a9k.bin
system32\iokey.dll
system32\iokey.sys
Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.
How to remove Security Suite
2 jaar geleden
Posts
Geen opmerkingen:
Een reactie posten