Posted in Uncategorized, tagged Free Stuff, hacking, Hardware Tips, Megaupload, Notice board, Rapidshare, Software, Tech News, Tips And Trick, Tweak And Hacking, Virus And Spyware on March 12, 2007|
Leave a Comment »
This is cloaked malware and malware downloader.
Also use the following names:
- 64439744.EXE
- 71698828.DAT
- VRTA.TMP
- TOP[n].TXT
- 6.TMP
- 8.TMP
- 93511318.DAT
- 92837428.BAD
- 11244301.EXE
- LOADER[n].EXE
- WJQS.EXE
- A.EXE
- SVCHOST.EXE
- FRMWRK32/A.EXE
- FRMWRK32/A0051148.EXE
- FRMWRK32/U-STORE[n].GIF
- FRMWRK32/FRMWRK32.EXE
- RDL4.TMP
- 45049727.EXE
- 22690229.EXE
- 303350.EXE
- 06696265.EXE
- 78935166.EXE
- LOADER.EXE
File activity:
- Deletes c:\windows\system32\frmwrk32.exe
- Copies filec:\windows\system32\frmwrk32.exe to c:\windows\system32\frmwrk32.exe
- Creates c:\windows\system32\ntdll64.exe
- Creates c:\windows\system32\win32hlp.cnf
- Creates c:\windows\system32\warning.gif
- Creates c:\windows\system32\ahtn.htm
- Creates c:\docume~1\user\locals~1\temp\cscript.exe
- Creates c:\windows\cscript.exe
- Deletes c:\docume~1\user\locals~1\temp\ntdll64.dll
- Creates c:\docume~1\user\locals~1\temp\ntdll64.dll
- Deletes c:\docume~1\user\locals~1\temp\mousehook.dll
- Creates c:\docume~1\user\locals~1\temp\mousehook.dll
- Moves c:\windows\system32\userinit.exe to c:\windows\system32\init32.exe
- Copies filec:\windows\system32\ntdll64.exe to c:\windows\system32\userinit.exe
- Copies filec:\windows\system32\ntdll64.exe to c:\windows\system32\dllcache\userinit.exe
- Deletes c:\windows\system32\ntdll64.ex
Registry Activity:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System DisableTaskMgr value:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer NoSetActiveDesktop value:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop NoChangingWallpaper value:
- HKEY_
Read Full Post »
Posted in Uncategorized, tagged Free Stuff, hacking, Hardware Tips, Megaupload, Notice board, Rapidshare, Software, Tech News, Tips And Trick, Tweak And Hacking, Virus And Spyware on March 12, 2007|
Leave a Comment »
Possible name:
- AntiSpyware 2008
- Antivirus XP 2009
Symptoms:
- Wallpaper change into “Warning!“
- Can not change desktop wallpaper
- Can not open Task Manager.
How to remove this trojan:
- Uninstall this files located in “C:\ Program Files\Antispyware 2008\Antispyware-2008.exe“
- Go to “My Computer” or “Computer“. Access your “C:\windows\system32” folder.
- Find this file named “ntdll64.dll“.
- Delete this files.
The name of the trojan may be different. It is Usually named “Antispyware” or “Antivirus“.
Read Full Post »
Posted in Uncategorized, tagged Free Stuff, hacking, Hardware Tips, Megaupload, Notice board, Rapidshare, Software, Tech News, Tips And Trick, Tweak And Hacking, Virus And Spyware on March 12, 2007|
Leave a Comment »
Virus Conficker (aka Downup, Downadup and Kido) disables many system services like computer Automatic Update, reset System Restore Point and etc. One of the main causes of virus infection is careless open of pen drives (USB sticks). Because of its auto run feature, virus can easily get in to your system. Ninja designed to protect computers from virus infection through USB pen disks.
Feature:
LAN Chat box
Available:
- Windows XP
- Windows Vista.
Download here.
Read Full Post »
Preetycasey's Blog 