woensdag 29 april 2009

Haxfix version 5.0.75

Version 5.0.75
2009 04 29

Infection: goldun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dbbin
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dbbin
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dbbin.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dbbin.sys

Files:
system32\dbbin.dll
system32\dbbin.sys


Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.
Gepost door Marc op 20:13 0 reacties
Labels: ,

zaterdag 18 april 2009

HaxFix version 5.0.74

Version 5.0.74
2009 04 18

Infection: Goldun
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Update Machine"


Infection: goldun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ramdmm
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ramdma
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ramdma.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ramdma.sys

Files:
a99k.bin
ramdma.sys
ramdmm.dll


Infection: goldun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ctasys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mmcta
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mmcta.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mmcta.sys

Files:
ctasys.dll
mmcta.sys


Infection Goldun:
Detection updated for the variants that are using the orphaned service registrykeys.


Infection: Goldun
Detection updated for the variants that are using the appinit key.



Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.
Gepost door Marc op 16:26 0 reacties
Labels: ,

zondag 12 april 2009

HaxFix version 5.0.73

Version 5.0.73
2009 04 12

Infection: Goldun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ntpdxt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ntpdxt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ntpdxt.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ntpdxt.sys

Files:
ntpdxt.dll
ntpdxt.sys


Infection: Goldun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sphub
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sphub
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sphub.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sphub.sys

Files:
system32\sphub.dll
system32\sphub.sys


Infection: Troj/Ambler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\browser helper objects\{56BB6D01-7BD5-4458-A4AE-F03DF643D6EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\browser helper objects\{C2C3339C-2559-4b81-B9EF-CBAF906D5DA2}

Files:
bxx.txt
sft.res
system32\smstf.dll
system32\trinf32.dll



Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.
Gepost door Marc op 19:00 0 reacties
Labels: ,
Abonneren op: Posts (Atom)