Greetings...

They said there'd be snow at Christmas...

To everybody who occasionally takes a look at this blog.
I wish you a merry Christmas and happy New Year.

Haxfix version 5.0.90

Version 5.090
2009 12 19

Infection: Goldun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\simdpp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\simdpx
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\simdpx.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\simdpx.sys

Files:
system32\mod_st.dat
system32\simdpx.sys
system32\simdpp.dll


Infection: Goldun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\saifx
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sorrd
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sorrd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sorrd.sys

Files:
system32\saifx.dll
system32\sorrd.sys


Infection Goldun:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\linkap
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\linkax
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\linkax.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\linkax.sys

Files:
system32\linkap.dll
system32\linkax.sys