ha.cmd , xvassdf.exe
File Size 114,379 bytes
MD5: 8C5D924E909E85418D002F03E5E12C54
SHA-1: B736B2181E3A445471AFE45F1BDF332677478384
===================================================
Files created
C:\Documents and Settings\[UserName]\Local Settings\Temp\xvassdf.exe
C:\Documents and Settings\[UserName]\Local Settings\Temp\4tddfwq0.dll
X:\ha.cmd
X:\autorun.inf
Registry Modifications
Keys Added
HKLM\SOFTWARE\Classes\CLSID\MADOWN
Values Added:
HKLM\SOFTWARE\Classes\CLSID\MADOWN\urlinfo = "qaswee.e"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
54dfsger = "%Temp%\xvassdf.exe"
Remote Host 221.1.204.245 Port 80
http://ngytrd.com/xrbv/uu1.rar
http://sfdght.com/xrbv/uu.rar
Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\Hidden\SHOWALL\CheckedValue: 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Hidden: 0x00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ShowSuperHidden: 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDriveTypeAutoRun: 0x00000091
-------------------------------------------------------------------------
วิธีกำจัด ha.cmd , xvassdf.exe
-------------------------------------------------------------------------
Download Fix Tool : PeeTechFix-Win32/PSW.OnlineGames 2.0.5
Hijack This
1. Run PeeTechFix-Win32/PSW.OnlineGames 2.0.5
2. Run Hijack This fix checked บรรทัดนี้
O4 - HKCU\..\Run: [54dfsger] "%Temp%\xvassdf.exe"
ไม่มีความคิดเห็น:
แสดงความคิดเห็น