Version 5.0.74
2009 04 18
Infection: Goldun
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Update Machine"
Infection: goldun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ramdmm
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ramdma
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ramdma.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ramdma.sys
Files:
a99k.bin
ramdma.sys
ramdmm.dll
Infection: goldun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ctasys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mmcta
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mmcta.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mmcta.sys
Files:
ctasys.dll
mmcta.sys
Infection Goldun:
Detection updated for the variants that are using the orphaned service registrykeys.
Infection: Goldun
Detection updated for the variants that are using the appinit key.
Use haxfix to remove this infection.
Removalinstructions for this infection, you can find here or here.
How to remove Security Suite
2 jaar geleden
Posts
Geen opmerkingen:
Een reactie posten