zondag 22 maart 2009

HaxFix version 5.0.70

Version 5.0.70
2009 03 22

Infection: Goldun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\browser helper objects\{36DBC179-A19F-48F2-B16A-6A3E19B42A87}


Infection: Goldun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pptpr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pptpr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pptpr.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pptpr.sys
Detection updated for the variants that are using the orphaned service registrykeys.

Files:
system32\a9k.bin
system32\pptpr.dll
system32\pptpr.sys



Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.

Geen opmerkingen: