Archive for the 'Trojan' Category
Monday, February 2nd, 2009
This is an harmful program.
Name: java2
Filename: java2.sys
Registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\java2.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\java2.sys
Command: C:\Windows\System32\java2.sys
Startup Type: SafeBoot registry key
Description: Backdoor:Win32/Haxdoor [Microsoft], Trojan-Spy.Win32.Goldun [Ikarus]
Posted in SafeBoot, Trojan | No Comments »
Sunday, February 1st, 2009
This is an harmful program.
Name: boot
Filename: boot.exe
Registry key:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c7ee12a-fe37-11d5-b0e8-00804854041f}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3df1eea0-fe4d-11d5-b0ea-00804854041f}
Command: J:\boot.exe
CLSID: 1c7ee12a-fe37-11d5-b0e8-00804854041f
Startup Type: autorun.inf
Description: autorun.inf trojan component, WORM_OPASERV.T [TrendMicro]
How to remove: How to remove trojans that uses autorun.inf file
Posted in autorun.inf, Trojan | No Comments »
Sunday, February 1st, 2009
This is an harmful program.
Name: Setup
Filename: Setup.pif
Registry key:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{acd4847d-9849-11dc-b2f6-9d22d1eb4b51}
Command: C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.pif
CLSID: acd4847d-9849-11dc-b2f6-9d22d1eb4b51
Startup Type: autorun.inf
Description: autorun.inf trojan component, Troj/DownLd-AAP Trojan [sophos]
How to remove: How to remove trojans that uses autorun.inf file
Posted in autorun.inf, Trojan | No Comments »
Sunday, February 1st, 2009
This is an harmful program.
Name: cmcfg3n
Filename: cmcfg3n.dll
Registry key:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91754c08-fbce-11dc-b351-00c09fa32033}
Command: rundll32.exe .\\cmcfg3n.dll,InstallM
CLSID: 91754c08-fbce-11dc-b351-00c09fa32033
Startup Type: autorun.inf
Description: unknown autorun.inf trojan component
How to remove: How to remove trojans that uses autorun.inf file
Posted in autorun.inf, Trojan | No Comments »
Sunday, February 1st, 2009
This is an harmful program.
Name: kbdyl
Filename: kbdyl.dll
Registry key:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89e65cc6-517d-11dd-b402-00c09fa32033}
Command: rundll32.exe .\\kbdyl.dll,InstallM
CLSID: 89e65cc6-517d-11dd-b402-00c09fa32033
Startup Type: autorun.inf
Description: autorun.inf trojan component, Backdoor.Darkmoon.C [Symantec]
How to remove: How to remove trojans that uses autorun.inf file
Posted in autorun.inf, Trojan | No Comments »
Saturday, January 31st, 2009
This is an harmful program.
Name: MS32DLL.dll
Filename: MS32DLL.dll.vbs
Registry key:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{665e2d89-b71e-11dc-b303-a1d3c996a05f}
Command: C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .MS32DLL.dll.vbs
CLSID: 665e2d89-b71e-11dc-b303-a1d3c996a05f
Startup Type: autorun.inf
Description: autorun.inf trojan, VBS.Zodgila [Symantec]
How to remove: How to remove trojans that uses autorun.inf file
Posted in autorun.inf, Trojan | No Comments »
Saturday, January 31st, 2009
This is an harmful program.
Name: tel.xls
Filename: tel.xls.exe
Registry key:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f4d33b2-3b87-11dc-a66c-db09a7dc4b52}
Command: C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe
CLSID: 4f4d33b2-3b87-11dc-a66c-db09a7dc4b52
Startup Type: autorun.inf
Description: autorun.inf trojan component
Threat Alias:
Backdoor.VB.ESE [PC Tools]
W32/USBAgent [McAfee]
W32.SillyFDC [Symantec]
WORM_VB.ERF [Trend Micro]
Trojan.Win32.VB.atg [Kaspersky Lab]
How to remove: How to remove trojans that uses autorun.inf file
Posted in autorun.inf, Trojan | No Comments »
Saturday, January 31st, 2009
This is an harmful program.
Name: d
Filename: d.com
Registry key:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10219a1d-d86f-11dc-b316-a69dd264945f}
Command: F:\d.com
Startup Type: autorun.inf
Description: autorun.inf trojan component
How to remove: How to remove trojans that uses autorun.inf file
Posted in autorun.inf, Trojan | No Comments »
Saturday, January 31st, 2009
This is an harmful program.
Name: QW2010i
Filename: QW2010i.exe
HijackThis line:
O4 – HKLM\..\Run: [Monitor calibrator] %CommonAppData%\QW2010\QW2010i.exe
Command: %CommonAppData%\QW2010\QW2010i.exe
Startup Type: HKLM->run
HijackThis Category: O4
Description: trojan fakealert, Antivirus 2010 component
How to remove: Use Malwarebytes Anti-malware
Posted in O4, Trojan | No Comments »
Saturday, January 31st, 2009
This is an harmful program.
Name: winsystems
Filename: winsystems.dll
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B014B81-4E12-46F9-806F-55867AF8FD3C}
Command: C:\WINDOWS\system32\winsystems.dll
CLSID: 0B014B81-4E12-46F9-806F-55867AF8FD3C
Startup Type: BHO
HijackThis Category: O2
Description: trojan FakeAlert, component of Antivirus 360
How to remove: Manually remove the file + use the instructions How to remove Antivirus 360
Posted in O2, Trojan | No Comments »
