Malware Fighting: How to remove hc3hvi0.exe

hc3hvi0.exe , nodqq.exe

File size: 128512 bytes

MD5 : a501540de6e9c6c8e8b5aa7c830cac49
SHA1 : 83109e9872151578a607e27701663e9c31429c64

=======================================================

Antivirus	Version	Last Update	Result
a-squared	4.5.0.50	2010.04.25	Worm.Win32.Taterf!IK
AhnLab-V3	5.0.0.2	2010.04.24	-
AntiVir	8.2.1.224	2010.04.23	-
Antiy-AVL	2.0.3.7	2010.04.23	-
Authentium	5.2.0.5	2010.04.25	W32/Taterf.B!Generic
Avast	4.8.1351.0	2010.04.24	-
Avast5	5.0.332.0	2010.04.24	-
AVG	9.0.0.787	2010.04.25	-
BitDefender	7.2	2010.04.25	-
CAT-QuickHeal	10.00	2010.04.23	Trojan.Agent.WD
ClamAV	0.96.0.3-git	2010.04.25	PUA.Packed.ASPack
Comodo	4678	2010.04.25	Worm.Win32.Tarterf.KB
DrWeb	5.0.2.03300	2010.04.25	-
eSafe	7.0.17.0	2010.04.22	-
eTrust-Vet	35.2.7448	2010.04.24	-
F-Prot	4.5.1.85	2010.04.25	W32/Taterf.B!Generic
F-Secure	9.0.15370.0	2010.04.25	-
Fortinet	4.0.14.0	2010.04.25	-
GData	21	2010.04.25	-
Ikarus	T3.1.1.80.0	2010.04.25	Worm.Win32.Taterf
Jiangmin	13.0.900	2010.04.25	-
Kaspersky	7.0.0.125	2010.04.25	-
McAfee	5.400.0.1158	2010.04.25	-
McAfee-GW-Edition	6.8.5	2010.04.23	Heuristic.LooksLike.Win32.Suspicious.B
Microsoft	1.5703	2010.04.25	-
NOD32	5058	2010.04.25	-
Norman	6.04.11	2010.04.25	-
nProtect	2010-04-25.01	2010.04.25	-
Panda	10.0.2.7	2010.04.24	-
PCTools	7.0.3.5	2010.04.25	-
Rising	22.44.06.04	2010.04.25	-
Sophos	4.53.0	2010.04.25	-
Sunbelt	6218	2010.04.25	-
Symantec	20091.2.0.41	2010.04.25	-
TheHacker	6.5.2.0.268	2010.04.25	-
TrendMicro	9.120.0.1004	2010.04.25	-
TrendMicro-HouseCall	9.120.0.1004	2010.04.25	-
VBA32	3.12.12.4	2010.04.23	-
ViRobot	2010.4.24.2293	2010.04.25	-
VirusBuster	5.0.27.0	2010.04.24	Trojan.Magania.Gen!Pac.3

-------------------------------------------------------------------------------

Files Added

%Temp%\nodqq.exe

%Temp%\herss.exe

%Temp%\nodqq0.dll (0-9)

%Temp%\cvasds0.dll (0-9)

X:\hc3hvi0.exe

X:\[filename].exe (herss.exe families)

X:\autorun.inf

%Temp% = C:\Documents and Settings\[UserName]\Local Settings\Temp\

X:\ = C:\- Z:\

Registry Modifications

Keys added

HKLM\SOFTWARE\Classes\CLSID\MADOWN

Values added

HKLM\SOFTWARE\Classes\CLSID\MADOWN\urlinfo: "dsenmjq.f"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\

nod32 = %Temp%\nodqq.exe"

cdoosoft = %Temp%\herss.exe"

Values modified

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\

Advanced\ Folder\Hidden\SHOWALL\CheckedValue = 0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\

Advanced\Hidden = 0x00000002

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\

Advanced\ShowSuperHidden = 0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDriveTypeAutoRun: 0x00000091

=======================================================

วิธีกำจัด/แก้ virus : hc3hvi0.exe , nodqq.exe

=======================================================

Download Fix Tool : PeeTechFix-Win32.PSW.OnlineGames

------------------------------------------------------------------------------

หลังจากกำจัด virus ได้แล้ว แนะนำให้ติดตั้งโปรแกรมเพิ่มเติม เพื่อป้องกันการเรียกใช้ autorun

เช่น

Program Advice (Stop AutoRun)

NoAutoRun (.REG)

http://www.mediafire.com/?ammmxwhqmnm

Panda USB Vaccine

http://www.mediafire.com/download.php?qig0nmnm4ld

KB971029, KB967715

http://hotzone-it.blogspot.com/2009/08/kb971029-fix-autorun-microsoft.html

CPE17 AutoRun Killer

http://www.mediafire.com/download.php?hxoyjj0hyfh

3 ความคิดเห็น:

Anonymous26 เมษายน 2553 เวลา 16:54
Fix Tool PeeTeccFix-Win32.PSW.OnlineGames works great!
Thanxs a lot.

Oscar from Chile.
ตอบลบ
คำตอบ
Viraj29 เมษายน 2553 เวลา 21:44
This is Excellent,... I'm Using McAfee Enterprise 8.5i but couldn't detect,... this workaround is great and now the my mc is free from this hassle.

Viraj from Sri Lanka
ตอบลบ
คำตอบ
Anonymous12 พฤษภาคม 2553 เวลา 05:57
Thanks , it's working like a dream
Aria from Iran
ตอบลบ
คำตอบ

เพิ่มความคิดเห็น

4/25/2553

How to remove hc3hvi0.exe

3 ความคิดเห็น: