How to remove jj2.com

jj2.com , uret463.exe
File sizes 102,218 bytes
MD5: F39863543C2E4909C08A0896E37783B3
SHA-1: 999CDC3DE17775784A369CC70170385D464CE289
==================================================
Files created
C:\WINDOWS\system32\uret463.exe
C:\WINDOWS\system32\lhgjyit0.dll (0-9)
X:\autorun.inf
X:\jj2.com

File deleted
C:\WINDOWS\system32\drivers\cdaudio.sys

URLs to be download
http://xsderfgbn.com/xjj/cc1.rar
http://iytgfvcxs.com/xjj/cc.rar


Registry Modifications
Keys Added
HKLM\SOFTWARE\Classes\CLSID\MADOWN
HKLM \SYSTEM\ControlSet001\Services\AVPsys
HKLM \SYSTEM\ControlSet001\Services\AVPsys\Security
HKLM \SYSTEM\ControlSet001\Services\AVPsys\Enum
HKLM \SYSTEM\CurrentControlSet\Services\AVPsys
HKLM \SYSTEM\CurrentControlSet\Services\AVPsys\Security
HKLM \SYSTEM\CurrentControlSet\Services\AVPsys\Enum

Values Added
HKLM\SOFTWARE\Classes\CLSID\MADOWN
urlinfo = "eftsdr.h"

HKLM\SYSTEM\ControlSet001\Services\AVPsys\Enum\
Count = 0x00000000
NextInstance = 0x00000000
INITSTARTFAILED = 0x00000001

HKLM\SYSTEM\ControlSet001\Services\AVPsys\Security\
Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0

HKLM\SYSTEM\ControlSet001\Services\AVPsys
Type = 0x00000001
Start = 0x00000003
ErrorControl = 0x00000001
ImagePath = "%System%\drivers\cdaudio.sys"
DisplayName = "AVPsys"

HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum\
Count = 0x00000000
NextInstance = 0x00000000
INITSTARTFAILED = 0x00000001

HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Security\
Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0

HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\
Type = 0x00000001
Start = 0x00000003
ErrorControl = 0x00000001
ImagePath = "%System%\drivers\cdaudio.sys"
DisplayName = "AVPsys"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
dorfgwe = "%System%\uret463.exe"

Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Folder\Hidden\SHOWALL\CheckedValue: 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Hidden: 0x00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ShowSuperHidden: 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDriveTypeAutoRun: 0x00000091
-------------------------------------------------------------------------
วิธีกำจัด Virus : jj2.com
-------------------------------------------------------------------------
Download: PeeTechFix-Win32/PSW.OnlineGames 2.0.5

1. Run PeeTechFix-Win32/PSW.OnlineGames 2.0.5
2. restart 1 ครั้ง