donderdag 26 maart 2009

HaxFix version 5.0.72

Version 5.0.72
2009 03 26

Infection: Goldun
Detection updated for the variants that are using the appinit key.



Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.

dinsdag 24 maart 2009

HaxFix version 5.0.71

Version 5.0.71
2009 03 24

Infection: Goldun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jstdrv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\jscript
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jscript.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\jscript.sys

Files:
system32\ak9.bin
system32\jscript.sys
system32\jstdrv.dll


Infection: Goldun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ipfwrd
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ipfwrd
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ipfwrd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipfwrd.sys

Files:
system32\ak9.bin
system32\ipfwrd.dll
system32\ipfwrd.sys



Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.

zondag 22 maart 2009

HaxFix version 5.0.70

Version 5.0.70
2009 03 22

Infection: Goldun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\browser helper objects\{36DBC179-A19F-48F2-B16A-6A3E19B42A87}


Infection: Goldun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pptpr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pptpr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pptpr.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pptpr.sys
Detection updated for the variants that are using the orphaned service registrykeys.

Files:
system32\a9k.bin
system32\pptpr.dll
system32\pptpr.sys



Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.

dinsdag 17 maart 2009

HaxFix version 5.0.69

Version 5.0.69
2009 03 17

Infection: Troj/Ambler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{013DFA9D-4A04-4907-B043-46BDE4B090E6}

Files:
system32\al.txt
system32\dz1.txt
system32\mld
system32\p1.txt
system32\r24.txt
system32\sdd.txt
system32\utrmk.dll



Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.

maandag 16 maart 2009

HaxFix version 5.0.68

Version 5.068
2009 03 16


Infection: Goldun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vmbox2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmbox2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmbox2.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmbox2.sys

Files:
system32\a9k.bin
system32\vmbox2.dll
system32\vmbox2.sys



Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.

zaterdag 14 maart 2009

HaxFix version 5.0.67

Version 5.0.67
2009 03 14

Infection: Troj/Ambler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\684EE1DB-CD52-4ca9-9CCF-93D5F6B419BA

File:
system32\kmsvc32.dll


Infection: Goldun:
Detection updated for the variants that are using the appinit key.



Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.