tag:blogger.com,1999:blog-65256301191683647932024-03-13T11:23:17.289+01:00Moment of SurrenderMarchttp://www.blogger.com/profile/08903414120157522970noreply@blogger.comBlogger102125tag:blogger.com,1999:blog-6525630119168364793.post-52159420469762204842012-03-24T18:36:00.002+01:002012-03-24T18:40:05.922+01:00fileless malware - malware without file installation functionI think we will see this more and more in the future:<br /><a href="https://www.securelist.com/en/blog/687/A_unique_fileless_bot_attacks_news_site_visitors#page_top">A unique ‘fileless’ bot attacks news site visitors</a>.<br /><a href="http://www.spamfighter.com/News-17558-Kaspersky-finds-Malware-Sans-File-Installation-Function.htm">Kaspersky finds Malware Sans File Installation Function</a>.Marchttp://www.blogger.com/profile/08903414120157522970noreply@blogger.com0tag:blogger.com,1999:blog-6525630119168364793.post-25973275647664936182012-02-08T20:35:00.002+01:002012-02-08T20:38:30.641+01:00Financial malwareMooie reportage van de BBC ivm Financial malware: <br /><a href="http://www.youtube.com/watch?feature=player_embedded&v=EUGTlVSefeo#!">Financial malware</a>Marchttp://www.blogger.com/profile/08903414120157522970noreply@blogger.com0tag:blogger.com,1999:blog-6525630119168364793.post-53529375739038254542011-11-20T12:07:00.002+01:002011-11-20T12:09:56.758+01:00ReglooksNew version up: 0.993<br />Download <a href="http://users.telenet.be/marcvn/tools/reglooks.exe">reglooks</a>.Marchttp://www.blogger.com/profile/08903414120157522970noreply@blogger.com0tag:blogger.com,1999:blog-6525630119168364793.post-7859102719945064582011-10-29T22:05:00.000+02:002011-10-29T22:06:42.272+02:00ReglooksNew version up: 0992<br /><a href="http://users.telenet.be/marcvn/spyware/1022467.htm"><br />Download reglooks.</a>Marchttp://www.blogger.com/profile/08903414120157522970noreply@blogger.com0tag:blogger.com,1999:blog-6525630119168364793.post-1846877531300247002011-10-29T17:19:00.001+02:002011-10-29T17:21:36.805+02:00ReglooksNew version up: 0.991.<br /><br /><a href="http://users.telenet.be/marcvn/spyware/1022467.htm">Download reglooks.exe </a>Marchttp://www.blogger.com/profile/08903414120157522970noreply@blogger.com0tag:blogger.com,1999:blog-6525630119168364793.post-45413231235883306092011-10-21T17:29:00.001+02:002011-10-21T17:34:26.282+02:00ReglooksReglooks version 0.990.<br /><br />I added a few new things to the tool.<br /><a href="http://users.telenet.be/marcvn/spyware/1022467.htm">http://users.telenet.be/marcvn/spyware/1022467.htm</a><br /><br />Download: <a href="http://users.telenet.be/marcvn/tools/reglooks.exe">reglooks.exe</a>Marchttp://www.blogger.com/profile/08903414120157522970noreply@blogger.com0tag:blogger.com,1999:blog-6525630119168364793.post-35686325595556002332011-04-23T19:57:00.002+02:002011-04-23T19:59:22.607+02:00HaxFix Version 5.097<span style="font-weight: bold;"></span><span style="font-weight: bold;">5.097</span><br /><span style="font-weight: bold;">2011 04 23<br /><br /></span><span>Bugfix.<br />Ready for windows 7 SP1.</span><span style="font-weight: bold;"><br /></span>Marchttp://www.blogger.com/profile/08903414120157522970noreply@blogger.com0tag:blogger.com,1999:blog-6525630119168364793.post-71630410666591451732011-01-09T13:26:00.002+01:002011-01-09T13:31:00.692+01:00HaxFix version 5.096<!--[if gte mso 9]><xml> <o:officedocumentsettings> <o:targetscreensize>800x600</o:TargetScreenSize> </o:OfficeDocumentSettings> </xml><![endif]--><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:trackmoves/> <w:trackformatting/> <w:hyphenationzone>21</w:HyphenationZone> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:donotpromoteqf/> <w:lidthemeother>NL-BE</w:LidThemeOther> <w:lidthemeasian>X-NONE</w:LidThemeAsian> <w:lidthemecomplexscript>X-NONE</w:LidThemeComplexScript> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> <w:splitpgbreakandparamark/> <w:enableopentypekerning/> <w:dontflipmirrorindents/> <w:overridetablestylehps/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> <m:mathpr> <m:mathfont val="Cambria Math"> <m:brkbin val="before"> <m:brkbinsub val="--"> <m:smallfrac val="off"> <m:dispdef/> <m:lmargin val="0"> <m:rmargin val="0"> <m:defjc val="centerGroup"> <m:wrapindent val="1440"> <m:intlim val="subSup"> <m:narylim val="undOvr"> </m:mathPr></w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" defunhidewhenused="true" defsemihidden="true" defqformat="false" defpriority="99" latentstylecount="267"> <w:lsdexception locked="false" priority="0" semihidden="false" unhidewhenused="false" qformat="true" name="Normal"> <w:lsdexception locked="false" priority="9" semihidden="false" unhidewhenused="false" qformat="true" name="heading 1"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 2"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 3"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 4"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 5"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 6"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 7"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 8"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 9"> <w:lsdexception locked="false" priority="39" name="toc 1"> <w:lsdexception locked="false" priority="39" name="toc 2"> <w:lsdexception locked="false" priority="39" name="toc 3"> <w:lsdexception locked="false" priority="39" name="toc 4"> <w:lsdexception locked="false" priority="39" name="toc 5"> <w:lsdexception locked="false" priority="39" name="toc 6"> <w:lsdexception locked="false" priority="39" name="toc 7"> <w:lsdexception locked="false" priority="39" name="toc 8"> <w:lsdexception locked="false" priority="39" name="toc 9"> <w:lsdexception locked="false" priority="35" qformat="true" name="caption"> <w:lsdexception locked="false" priority="10" semihidden="false" unhidewhenused="false" qformat="true" name="Title"> <w:lsdexception locked="false" priority="0" name="Default Paragraph Font"> <w:lsdexception locked="false" priority="11" semihidden="false" unhidewhenused="false" qformat="true" name="Subtitle"> <w:lsdexception locked="false" priority="22" semihidden="false" unhidewhenused="false" qformat="true" name="Strong"> <w:lsdexception locked="false" priority="20" semihidden="false" unhidewhenused="false" qformat="true" name="Emphasis"> <w:lsdexception locked="false" priority="59" semihidden="false" unhidewhenused="false" name="Table Grid"> <w:lsdexception locked="false" unhidewhenused="false" name="Placeholder Text"> <w:lsdexception locked="false" priority="1" semihidden="false" unhidewhenused="false" qformat="true" name="No Spacing"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 1"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 1"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 1"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 1"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 1"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 1"> <w:lsdexception locked="false" unhidewhenused="false" name="Revision"> <w:lsdexception locked="false" priority="34" semihidden="false" unhidewhenused="false" qformat="true" name="List Paragraph"> <w:lsdexception locked="false" priority="29" semihidden="false" unhidewhenused="false" qformat="true" name="Quote"> <w:lsdexception locked="false" priority="30" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Quote"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 1"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 1"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 1"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 1"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 1"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 1"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 1"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 1"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 2"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 2"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 2"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 2"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 2"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 2"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 2"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 2"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 2"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 2"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 2"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 2"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 2"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 2"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 3"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 3"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 3"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 3"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 3"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 3"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 3"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 3"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 3"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 3"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 3"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 3"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 3"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 3"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 4"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 4"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 4"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 4"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 4"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 4"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 4"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 4"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 4"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 4"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 4"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 4"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 4"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 4"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 5"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 5"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 5"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 5"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 5"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 5"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 5"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 5"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 5"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 5"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 5"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 5"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 5"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 5"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 6"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 6"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 6"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 6"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 6"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 6"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 6"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 6"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 6"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 6"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 6"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 6"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 6"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 6"> <w:lsdexception locked="false" priority="19" semihidden="false" unhidewhenused="false" qformat="true" name="Subtle Emphasis"> <w:lsdexception locked="false" priority="21" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Emphasis"> <w:lsdexception locked="false" priority="31" semihidden="false" unhidewhenused="false" qformat="true" name="Subtle Reference"> <w:lsdexception locked="false" priority="32" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Reference"> <w:lsdexception locked="false" priority="33" semihidden="false" unhidewhenused="false" qformat="true" name="Book Title"> <w:lsdexception locked="false" priority="37" name="Bibliography"> <w:lsdexception locked="false" priority="39" qformat="true" name="TOC Heading"> </w:LatentStyles> </xml><![endif]--><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:Standaardtabel; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman","serif";} </style> <![endif]--><span style="font-size: 10pt; font-family: "Verdana","sans-serif";" lang="EN-US"><span style="font-weight: bold;">5.096</span><br /><span style="font-weight: bold;">2011 01 09</span><br /><br /><span style="font-weight: bold; color: rgb(255, 255, 51);">Infection: Goldun</span><br /><br />Updated the appinit detection.<br /><br /><br />Use haxfix to remove this infection.<br />Removalinstructions for this infection, you can find <a href="http://marcvn.blogspot.com/2008/10/haxfix-instructions-updated.html">here</a> or <a href="http://users.telenet.be/marcvn/spyware/1970547.htm">here</a>.<br />Haxfix has been updated for Windows Vista (32-bit) en Windows 7 (32-bit).<br /><br /></span>Marchttp://www.blogger.com/profile/08903414120157522970noreply@blogger.com0tag:blogger.com,1999:blog-6525630119168364793.post-35905461898843487062010-10-10T11:08:00.003+02:002011-01-09T13:32:06.078+01:00HaxFix version 5.095<span style="font-weight: bold;">5.095</span><br /><span style="font-weight: bold;">2010 10 10</span><br /><br /><span style="color: rgb(255, 255, 51); font-weight: bold;">Infection: Haxdoor</span><br />HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\boot32<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\boot32.sys<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\boot32.sys<br /><br />Files:<br />system32\boot32.sys<br /><br /><br />Use haxfix to remove this infection.<br />Removalinstructions for this infection, you can find <a href="http://marcvn.blogspot.com/2008/10/haxfix-instructions-updated.html">here</a> or <a href="http://users.telenet.be/marcvn/spyware/1970547.htm">here</a>.<br />Haxfix has been updated for Windows Vista (32-bit) en Windows 7 (32-bit).Marchttp://www.blogger.com/profile/08903414120157522970noreply@blogger.com0tag:blogger.com,1999:blog-6525630119168364793.post-58807689884402743192010-04-04T13:11:00.002+02:002010-04-04T13:15:04.029+02:00HaxFix Version 5.094<span style="font-weight: bold;">5.094</span><br /><span style="font-weight: bold;">2010 04 04<br /><br /><span style="color: rgb(255, 255, 51);">Infection: Goldun<br /></span></span><span style="color: rgb(0, 0, 0);">Updated the detection for random services.<br /></span><span style="font-weight: bold;"><span style="color: rgb(255, 255, 51);"><br /></span></span>Marchttp://www.blogger.com/profile/08903414120157522970noreply@blogger.com0tag:blogger.com,1999:blog-6525630119168364793.post-74130647628727702842010-01-28T12:46:00.001+01:002010-01-28T12:48:28.897+01:00Haxfix version 5.0.93<span style="font-weight: bold;">5.093</span><br /><span style="font-weight: bold;">2010 01 28</span><br /><br /><span style="color: rgb(255, 255, 51); font-weight: bold;">Infection: Goldun</span><br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lixgap<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lixgax<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lixgax.sys<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lixgax.sys<br /><br />Files:<br />system32\a99k.bin<br />system32\lixgax.sys<br />system32\lixgap.dll<br />system32\mod_st.dat<br />windows\pxysdb.dat<br /><br /><br />Use haxfix to remove this infection.<br />Removalinstructions for this infection, you can find <a href="http://marcvn.blogspot.com/2008/10/haxfix-instructions-updated.html">here</a> or <a href="http://users.telenet.be/marcvn/spyware/1970547.htm">here</a>.<br />Haxfix has been updated for Windows Vista (32-bit) en Windows 7 (32-bit).Marchttp://www.blogger.com/profile/08903414120157522970noreply@blogger.com0tag:blogger.com,1999:blog-6525630119168364793.post-88101537936409554332010-01-19T09:21:00.002+01:002010-01-19T09:25:02.634+01:00Haxfix version 5.0.92<span style="font-weight: bold;">5.092</span><br /><span style="font-weight: bold;">2010 01 20</span><br /><br /><span style="font-weight: bold; color: rgb(255, 255, 51);">Infection: Goldun</span><br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxop81<br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lingap<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lingax<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lingax.sys<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lingax.sys<br /><br /><span style="font-weight: bold; color: rgb(255, 255, 51);">Infection: Trojan Ambler</span><br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{209a54af-418a-4b1e-a68d-21fc33494303}<br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E14B6F5F-3F90-4871-AC57-18DFE244EE8F}<br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1E88A88-9B9B-45D8-9CDC-39A934318E46}<br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3063ABBF-1257-4B23-A672-9E29A508A2FA}<br /><br />Files:<br />system32\nnurri9.dll<br />system32\jtaqhghuc47.dll<br />system32\xxupuykyz65.dll<br />system32\ywud.dll<br />system32\ijqwv45.dll<br />system32\lingap.dll<br />system32\lingax.sys<br /><br /><br />Use haxfix to remove this infection.<br />Removalinstructions for this infection, you can find <a href="http://marcvn.blogspot.com/2008/10/haxfix-instructions-updated.html">here</a> or <a href="http://users.telenet.be/marcvn/spyware/1970547.htm">here</a>.<br />Haxfix has been updated for Windows Vista (32-bit) en Windows 7 (32-bit).Marchttp://www.blogger.com/profile/08903414120157522970noreply@blogger.com0tag:blogger.com,1999:blog-6525630119168364793.post-75348508804831548882010-01-09T14:05:00.003+01:002010-01-09T14:10:04.475+01:00Haxfix version 5.0.91<span style="font-weight: bold;"></span><span style="font-weight: bold;">Version 5.091<br />2010 01 09</span><br /><br />Haxfix has been updated for <span style="font-weight: bold;">Windows Vista</span> (32-bit) en <span style="font-weight: bold;">Windows 7</span> (32-bit).<br /><br /><br /><br />Use haxfix to remove this infection.<br />Removalinstructions for this infection, you can find <a href="http://marcvn.blogspot.com/2008/10/haxfix-instructions-updated.html">here</a> or <a href="http://users.telenet.be/marcvn/spyware/1970547.htm">here</a>.Marchttp://www.blogger.com/profile/08903414120157522970noreply@blogger.com0tag:blogger.com,1999:blog-6525630119168364793.post-19369416562507003132009-12-24T14:17:00.003+01:002009-12-24T14:42:50.860+01:00Greetings...<a href="http://www.u2.com/news/title/seasons-greetings?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+U2comNews+%28U2.com+News%29&utm_content=Google+International">They said there'd be snow at Christmas...</a><br /><br />To everybody who occasionally takes a look at this blog.<br />I wish you a merry Christmas and happy New Year.<br /><br /><br /><a href="http://www.u2.com/news/title/seasons-greetings?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+U2comNews+%28U2.com+News%29&utm_content=Google+International"></a>Marchttp://www.blogger.com/profile/08903414120157522970noreply@blogger.com2tag:blogger.com,1999:blog-6525630119168364793.post-18419546988555715612009-12-19T19:37:00.001+01:002009-12-19T19:39:50.215+01:00Haxfix version 5.0.90<span style="font-weight: bold;">Version 5.090</span><br /><span style="font-weight: bold;">2009 12 19</span><br /><br /><span style="font-weight: bold; color: rgb(255, 255, 51);">Infection: Goldun</span><br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\simdpp<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\simdpx<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\simdpx.sys<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\simdpx.sys<br /><br />Files:<br />system32\mod_st.dat<br />system32\simdpx.sys<br />system32\simdpp.dll<br /><br /><br /><span style="font-weight: bold; color: rgb(255, 255, 51);">Infection: Goldun</span><br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\saifx<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sorrd<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sorrd.sys<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sorrd.sys<br /><br />Files:<br />system32\saifx.dll<br />system32\sorrd.sys<br /><br /><br /><span style="color: rgb(255, 255, 51); font-weight: bold;">Infection Goldun:</span><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\linkap<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\linkax<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\linkax.sys<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\linkax.sys<br /><br />Files:<br />system32\linkap.dll<br />system32\linkax.sysMarchttp://www.blogger.com/profile/08903414120157522970noreply@blogger.com0tag:blogger.com,1999:blog-6525630119168364793.post-77435255714230839542009-10-31T09:35:00.001+01:002009-10-31T09:36:44.530+01:00Haxfix version 5.0.89<span style="font-weight: bold;">Version 5.089</span><br /><span style="font-weight: bold;">2009 10 31</span><br /><br /><span style="color: rgb(255, 255, 51); font-weight: bold;">Infection: Goldun</span><br /><br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\semdpp<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\semdpx<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semdpx.sys<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semdpx.sys<br /><br />Files:<br />system32\semdpp.dll<br />system32\semdpx.sys<br /><br /><br />Use haxfix to remove this infection.<br />Removalinstructions for this infection, you can find <a href="http://marcvn.blogspot.com/2008/10/haxfix-instructions-updated.html">here</a> or <a href="http://users.telenet.be/marcvn/spyware/1970547.htm">here</a>.Marchttp://www.blogger.com/profile/08903414120157522970noreply@blogger.com0tag:blogger.com,1999:blog-6525630119168364793.post-11948828947085043262009-10-07T20:25:00.001+02:002009-10-07T20:27:25.411+02:00Haxfix version 5.0.88<span style="font-weight: bold;">Version 5.088</span><br /><span style="font-weight: bold;">2009 10 07 </span><br /><br /><span style="font-weight: bold; color: rgb(255, 255, 51);">Infection: SpyBanker</span><br /><br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d9ad1747-7b19-4dea-bc02-0ab12c4fc468}<br />system32\GbpDist.dl<br /><br /><span style="font-weight: bold; color: rgb(255, 255, 51);">Infection: Goldun</span><br /><br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sebdpp<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sebdpx<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sebdpx.sys<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sebdpx.sys<br />%Windir%\pxysdb.dat<br />system32\sebdpp.dll<br />system32\sebdpx.sys<br /><br /><br /><br />Use haxfix to remove this infection.<br />Removalinstructions for this infection, you can find <a href="http://marcvn.blogspot.com/2008/10/haxfix-instructions-updated.html">here</a> or <a href="http://users.telenet.be/marcvn/spyware/1970547.htm">here</a>.Marchttp://www.blogger.com/profile/08903414120157522970noreply@blogger.com0tag:blogger.com,1999:blog-6525630119168364793.post-63828131655120812132009-09-12T19:16:00.001+02:002009-09-12T19:17:27.907+02:00Haxfix version 5.0.87<span style="font-weight: bold;">Version 5.087</span><br /><span style="font-weight: bold;">2009 09 12</span><br /><br /><span style="font-weight: bold; color: rgb(255, 255, 51);">Infection: Goldun</span><br /><br />Updated the appinit detection.<br /><br /><br />Use haxfix to remove this infection.<br />Removalinstructions for this infection, you can find <a href="http://marcvn.blogspot.com/2008/10/haxfix-instructions-updated.html">here</a> or <a href="http://users.telenet.be/marcvn/spyware/1970547.htm">here</a>.Marchttp://www.blogger.com/profile/08903414120157522970noreply@blogger.com0tag:blogger.com,1999:blog-6525630119168364793.post-13789393536132263782009-09-11T21:18:00.003+02:002009-09-12T19:18:04.054+02:00Haxfix version 5.0.86<span style="font-weight: bold;">Version 5.086</span><br /><span style="font-weight: bold;">2009 09 11</span><br /><br /><span style="font-weight: bold; color: rgb(255, 255, 51);">Infection: Haxdoor</span><br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pdx<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pdx32<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pdx32.sys<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pdx32.sys<br />system32\cfgh.ini<br />system32\pdx.dll<br />system32\pdx32.sys<br /><br /><br /><span style="color: rgb(255, 255, 51); font-weight: bold;">Infection: Trojan Ambler</span><br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f675c54f-60b6-4fd8-bba0-443c493305eb}<br /><br />File:<br />system32\rant32.dll<br /><br /><br />Use haxfix to remove this infection.<br />Removalinstructions for this infection, you can find <a href="http://marcvn.blogspot.com/2008/10/haxfix-instructions-updated.html">here</a> or <a href="http://users.telenet.be/marcvn/spyware/1970547.htm">here</a>.Marchttp://www.blogger.com/profile/08903414120157522970noreply@blogger.com0tag:blogger.com,1999:blog-6525630119168364793.post-63178078146461476272009-08-12T19:07:00.003+02:002009-08-12T19:11:07.958+02:00Haxfix version 5.0.85<span style="font-weight: bold; color: rgb(0, 0, 0);">Version 5.085</span><br /><span style="font-weight: bold; color: rgb(0, 0, 0);">2009 08 12</span><br /><br /><span style="font-weight: bold; color: rgb(255, 255, 51);">Infection: Trojan Ambler</span><br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91704C3F-A675-4e0e-9FB7-B03E005EDDA7}<br /><br />Files:<br />system32\systran.dll<br /><br /><br /><span style="font-weight: bold; color: rgb(255, 255, 51);">Infection: Goldun</span><br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rgadtm<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rgadta<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rgadta.sys<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rgadta.sys<br /><br />Files:<br />system32\rgadtm.dll<br />system32\rgadta.sys<br /><br /><br /><br />Use haxfix to remove this infection.<br />Removalinstructions for this infection, you can find <a href="http://marcvn.blogspot.com/2008/10/haxfix-instructions-updated.html">here</a> or <a href="http://users.telenet.be/marcvn/spyware/1970547.htm">here</a>.Marchttp://www.blogger.com/profile/08903414120157522970noreply@blogger.com0tag:blogger.com,1999:blog-6525630119168364793.post-50164827797046490712009-07-26T19:49:00.002+02:002009-07-26T19:52:18.693+02:00Haxfix version 5.0.84<span style="font-weight: bold;">Version 5.084</span><br /><span style="font-weight: bold;">2009 07 26</span><br /><br /><span style="font-weight: bold; color: rgb(255, 255, 51);">Infection: Goldun</span><br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rbadmm<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rbadmm<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rbadmm.sys<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rbadmm.sys<br /><br />Files:<br />system32\rbadma.sys<br />system32\rbadmm.dll<br /><br /><br /><span style="font-weight: bold; color: rgb(255, 255, 51);">Infection: Goldun</span><br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rbadzm<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rbadza<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rbadza.sys<br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rbadza.sys<br /><br />Files:<br />system32\rbadza.sys<br />system32\rbadzm.dll<br /><br /><br /><span style="font-weight: bold; color: rgb(255, 255, 51);">Infection: Trojan Ambler</span><br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ED78190A-DFB2-4336-A960-979CD88F7A8D}<br /><br /><br /><span style="font-weight: bold; color: rgb(255, 255, 51);">Infection: Trojan Amble</span><br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61DC85A0-4A32-4c38-92CF-24652B3F416C}<br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{544735C9-AE13-4721-9DE7-D529BE675038}<br /><br />Files:<br />system32\locsock32.dll<br /><br /><br /><span style="font-weight: bold; color: rgb(255, 255, 51);">Infection: Trojan Ambler</span><br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFF01325-0FC2-4749-8914-FBF0565AD9CC}<br /><br />Files:<br />system32\jbnmcd.dll<br />system32\jbnmck.dll<br /><br /><br /><span style="font-weight: bold; color: rgb(255, 255, 51);">Infection: Trojan Ambler</span><br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{480FA3BD-A372-4f65-9F8A-15DF38F4E2AB}<br /><br />Files:<br />system32\pcmfd3.dll<br /><br /><br /><span style="font-weight: bold; color: rgb(255, 255, 51);">Infection: Trojan Ambler</span><br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{996D4E16-517F-474a-870F-F882C6133C47}<br /><br />Files:<br />system32\gacaq32.dll<br /><br /><br />Use haxfix to remove this infection.<br />Removalinstructions for this infection, you can find <a href="http://marcvn.blogspot.com/2008/10/haxfix-instructions-updated.html">here</a> or <a href="http://users.telenet.be/marcvn/spyware/1970547.htm">here</a>.Marchttp://www.blogger.com/profile/08903414120157522970noreply@blogger.com0tag:blogger.com,1999:blog-6525630119168364793.post-82771726675130631952009-06-27T21:32:00.000+02:002009-06-27T21:33:07.424+02:00Haxfix version 5.0.83<span style="font-weight: bold;">Version 5.083</span><br /><span style="font-weight: bold;">2009 06 27</span><br /><br /><span style="font-weight: bold; color: rgb(255, 255, 51);">Infection: Trojan Ambler</span><br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46B35542-A3CF-4cca-9C0B-259DB2FFF078}<br /><br /><br /><br />Use haxfix to remove this infection.<br />Removalinstructions for this infection, you can find <a href="http://marcvn.blogspot.com/2008/10/haxfix-instructions-updated.html">here</a> or <a href="http://users.telenet.be/marcvn/spyware/1970547.htm">here</a>.Marchttp://www.blogger.com/profile/08903414120157522970noreply@blogger.com0tag:blogger.com,1999:blog-6525630119168364793.post-79233734255119654322009-06-13T11:21:00.001+02:002009-06-13T11:21:57.617+02:00Haxfix version 5.0.82<span style="font-weight: bold;">Version 5.082.</span><br /><span style="font-weight: bold;">2009 06 13</span><br /><br /><span style="font-weight: bold; color: rgb(255, 255, 51);">Infection Goldun.</span><br />Updated appinit detection<br /><br /><br /><br />Use haxfix to remove this infection.<br />Removalinstructions for this infection, you can find <a href="http://marcvn.blogspot.com/2008/10/haxfix-instructions-updated.html">here</a> or <a href="http://users.telenet.be/marcvn/spyware/1970547.htm">here</a>.Marchttp://www.blogger.com/profile/08903414120157522970noreply@blogger.com0tag:blogger.com,1999:blog-6525630119168364793.post-47501070851486460312009-06-09T20:12:00.001+02:002009-06-13T11:22:19.128+02:00Haxfix version 5.0.81<span style="font-weight: bold;">Version 5.081</span><br /><span style="font-weight: bold;">2009 06 09</span><br /><br /><span style="font-weight: bold; color: rgb(255, 255, 51);">Infection Goldun</span><br />Updated appinit detection.<br /><br /><br /><br />Use haxfix to remove this infection.<br />Removalinstructions for this infection, you can find <a href="http://marcvn.blogspot.com/2008/10/haxfix-instructions-updated.html">here</a> or <a href="http://users.telenet.be/marcvn/spyware/1970547.htm">here</a>.Marchttp://www.blogger.com/profile/08903414120157522970noreply@blogger.com0tag:blogger.com,1999:blog-6525630119168364793.post-89812843693723584372009-06-06T13:28:00.001+02:002009-06-09T20:15:39.681+02:00Haxfix version 5.0.80<span style="font-weight: bold;">Version 5.080</span><br /><span style="font-weight: bold;">2009 06 06</span><br /><br /><span style="color: rgb(255, 255, 51); font-weight: bold;">Infection: Trojan Ambler</span><br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B303E07-7C7D-45ad-8D42-EB41C9CBC908}<br /><br />File:<br />system32\krpod32.dll<br /><br /><br /><span style="font-weight: bold; color: rgb(255, 255, 51);">Infection: Trojan Ambler</span><br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0D75B38F-C5F6-444e-ABB3-FD0F77201602}<br /><br /><br />Files:<br />system32\c2d.dat<br />system32\idm.dat<br />system32\jc.dat<br />system32\q1.dat<br />system32\lpxg<br />system32\nk.dat<br />system32\udinfrm.dll<br /><br /><br /><span style="font-weight: bold; color: rgb(255, 255, 51);">Infection: Trojan Ambler</span><br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F66FC8B-DCF6-4db0-908A-2D566D7EF66D}<br /><br />Files:<br />system32\afha<br />system32\blkernel.dll<br />system32\c2d.dat<br />system32\ck.dat<br />system32\idm.dat<br />system32\jc.dat<br />system32\nk.dat<br />system32\q1.dat<br /><br /><br /><span style="color: rgb(255, 255, 51); font-weight: bold;">Infection: Trojan Ambler</span><br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91673BA2-1DC6-411c-9CD0-150750A2ECB5}<br /><br />Files:<br />system32\armad32.dll<br />system32\c2d.dat<br />system32\ck.dat<br />system32\idm.dat<br />system32\lkjd<br />system32\nk.dat<br />system32\q1.dat<br />system32\xd.dat<br /><br /><br /><span style="font-weight: bold; color: rgb(255, 255, 51);">Infection: Trojan Ambler</span><br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10C0B0C0-FC01-473b-8EBB-4376353F96E4}<br /><br />Files:<br />system32\bekbn.dll<br />system32\ck.dat<br />system32\idm.dat<br />system32\q1.dat<br />system32\xd.dat<br />system32\fkas<br />system32\nk.dat<br /><br /><br /><span style="font-weight: bold; color: rgb(255, 255, 51);">Infection: Trojan Ambler</span><br />KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8AA4410F-A3EE-4279-8F2C-4BFAB8CEB231}<br /><br />Files:<br />system32\c2d.dat<br />system32\ck.dat<br />system32\idm.dat<br />system32\q1.dat<br />system32\xd.dat<br />system32\krmnat.dll<br />system32\pis<br /><br /><br /><span style="font-weight: bold; color: rgb(255, 255, 51);">Infection: Trojan Ambler</span><br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F30B5E7E-CFBB-44fb-A947-226E5A7A4290}<br /><br />Files:<br />system32\jhxm32.dll<br />system32\sft.res<br /><br /><br /><br />Use haxfix to remove this infection.<br />Removalinstructions for this infection, you can find <a href="http://marcvn.blogspot.com/2008/10/haxfix-instructions-updated.html">here</a> or <a href="http://users.telenet.be/marcvn/spyware/1970547.htm">here</a>.Marchttp://www.blogger.com/profile/08903414120157522970noreply@blogger.com0