Technical details:
Categories: Adware,BHO,Hijacker,Downloader
[Kaspersky]Backdoor.Bionet.405,Backdoor.IRC.Zapchast,Backdoor.IRC.Zcrew,DoS.Win32.Nenet,Flooder.Win32.WarPing,TrojanDownloader.Win32.Femad.b;
[Eset]Win32/Femad.B trojan;
[McAfee]RemoteProcessLaunch;
[Panda]Adware/MSView,Application/HideWindow.A,Application/Psexec.A,Application/ToolWget.A,Backdoor Program,Bck/IRC.Mirc.Based,Bck/Multi.I,Bck/Zcrew.B,Bck/Zcrew.G,Flooder/Nenet. A,Spyware/BetterInet,Trj/Femad.A,Trj/Flood.BI,Trj/Passer.C,Trojan Horse;
[Computer Associates]Backdoor/Bionet.405!Server,Backdoor/IRC.Zcrew,Backdoor/ZCrew.B,Backdoor/ZCrew.B.IRC,Backdoor/Zcrew.G,BAT.IRCFlood,BAT.Noshare.B,Bat/Flood.C!Trojan,IRC.Flood,mIRC/Flood.I!Trojan,mIRC/Flood.RmtCfg!Trojan,Win32.BettInet.C,Win32.Bionet.405,Win32.Femad.A,Win32.IRCFlood,Win32.Startpage.KF!downloader,Win32/Rslocal.B!Downloader,Win32/SillyDL.70656!Trojan,Win32/Spybot.FR!Worm,Win32/Startpage.KF!Downloader;
[Other]Trojan VX2 Folders:
[%PROGRAM_FILES%]\clean get-away
[%PROGRAM_FILES%]\my panicbutton
VX2 Files:
[%PROFILE_TEMP%]\tm1180.exe
[%SYSTEM%]\TPS108.dll
[%WINDOWS%]\Help\nocontnt.GID
[%WINDOWS%]\TEMP\upd209.exe
[%PROFILE%]\desktop\clean get-away.lnk
[%PROFILE%]\desktop\my panicbutton.lnk
[%SYSTEM%]\3lviewer.dll
[%SYSTEM%]\3vviewer.dll
[%SYSTEM%]\3zviewer.dll
[%SYSTEM%]\6eo4svc.dll
[%SYSTEM%]\6fo4svc.dll
[%SYSTEM%]\6uo4svc.dll
[%SYSTEM%]\host.dll
[%SYSTEM%]\lyiclp.dll
[%SYSTEM%]\msview.dll
[%SYSTEM%]\sitehlpr.dll
[%SYSTEM%]\tps108.dll
[%SYSTEM%]\vx2.dll
[%WINDOWS%]\system\ehelper.dll
[%WINDOWS%]\system\host.dll
[%WINDOWS%]\system\kernellos.dll
[%WINDOWS%]\system\msview.dll
[%WINDOWS%]\system\sitehlpr.dll
[%WINDOWS%]\system\tps108.dll
[%WINDOWS%]\system\vx2.dll
[%PROFILE_TEMP%]\tm1180.exe
[%SYSTEM%]\TPS108.dll
[%WINDOWS%]\Help\nocontnt.GID
[%WINDOWS%]\TEMP\upd209.exe
[%PROFILE%]\desktop\clean get-away.lnk
[%PROFILE%]\desktop\my panicbutton.lnk
[%SYSTEM%]\3lviewer.dll
[%SYSTEM%]\3vviewer.dll
[%SYSTEM%]\3zviewer.dll
[%SYSTEM%]\6eo4svc.dll
[%SYSTEM%]\6fo4svc.dll
[%SYSTEM%]\6uo4svc.dll
[%SYSTEM%]\host.dll
[%SYSTEM%]\lyiclp.dll
[%SYSTEM%]\msview.dll
[%SYSTEM%]\sitehlpr.dll
[%SYSTEM%]\tps108.dll
[%SYSTEM%]\vx2.dll
[%WINDOWS%]\system\ehelper.dll
[%WINDOWS%]\system\host.dll
[%WINDOWS%]\system\kernellos.dll
[%WINDOWS%]\system\msview.dll
[%WINDOWS%]\system\sitehlpr.dll
[%WINDOWS%]\system\tps108.dll
[%WINDOWS%]\system\vx2.dll
VX2 Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{0000026A-8230-4DD4-BE4F-6889D1E74167}
HKEY_CLASSES_ROOT\clsid\{00000580-c637-11d5-831c-00105ad6acf0}
HKEY_CLASSES_ROOT\clsid\{3bfadce2-1141-4b81-8878-49af625f0fdc}
HKEY_CLASSES_ROOT\clsid\{4208fb4d-4e53-4f5a-bf7a-3e047ddb5281}
HKEY_CLASSES_ROOT\folder\shellex\columnhandlers\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}
HKEY_CLASSES_ROOT\interface\{50f646b1-1c3e-4b01-b818-437e1276e5be}
HKEY_CLASSES_ROOT\typelib\{690bccb4-6b83-4203-ae77-038c116594ec}
HKEY_CLASSES_ROOT\typelib\{7efe1256-ab56-44b3-a63a-eb1a2208a490}
HKEY_CLASSES_ROOT\vx2.vx2obj
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11111111-1111-1111-1111-111111111111}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0000026A-8230-4DD4-BE4F-6889D1E74167}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffd2825e-0785-40c5-9a41-518f53a8261f}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\adbehavior
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\system monitor for windows 98\nt\xp\2000\2003_is1
HKEY_LOCAL_MACHINE\SOFTWARE\RespondMiter
HKEY_LOCAL_MACHINE\SOFTWARE\Transponder
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\print\monitors\zepmon
HKEY_CLASSES_ROOT\*\shellex\contextmenuhandlers\ffqnkgtx
HKEY_CLASSES_ROOT\clsid\{00000000-5eb9-11d5-9d45-009027c14662}
HKEY_CLASSES_ROOT\clsid\{0000026a-8230-4dd4-be4f-6889d1e74167}
HKEY_CLASSES_ROOT\clsid\{00000273-8230-4dd4-be4f-6889d1e74167}
HKEY_CLASSES_ROOT\clsid\{002eb272-2590-4693-b166-fbd5d9b6fea6}
HKEY_CLASSES_ROOT\clsid\{0ef3e768-48d4-40d2-91a6-7d2b816a6e55}
HKEY_CLASSES_ROOT\clsid\{1000026a-8230-4dd4-be4f-6889d1e74167}
HKEY_CLASSES_ROOT\clsid\{11111111-1111-1111-1111-111111111111}
HKEY_CLASSES_ROOT\clsid\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}
HKEY_CLASSES_ROOT\clsid\{daeacd99-d7c4-4b98-9fd1-8077f69310ea}
HKEY_CLASSES_ROOT\clsid\{eee2ecb9-eac0-4d02-8360-4c0de4d23abc}
HKEY_CLASSES_ROOT\clsid\{ef100607-f409-426a-9e7c-cb211f2a9030}
HKEY_CLASSES_ROOT\clsid\{ffd2825e-0785-40c5-9a41-518f53a8261f}
HKEY_CLASSES_ROOT\dlexpertclick
HKEY_CLASSES_ROOT\multimppdll.multimppdllobj
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-5eb9-11d5-9d45-009027c14662}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{0000026a-8230-4dd4-be4f-6889d1e74167}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000273-8230-4dd4-be4f-6889d1e74167}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000580-c637-11d5-831c-00105ad6acf0}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{ffd2825e-0785-40c5-9a41-518f53a8261f}
HKEY_CLASSES_ROOT\typelib\{11cc62b2-65f2-4a82-b332-5de4e8384422}
HKEY_CLASSES_ROOT\\multimppdll.multimppdllobj.1
HKEY_CURRENT_USER\software\multimpp
HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-5eb9-11d5-9d45-009027c14662}
HKEY_LOCAL_MACHINE\software\classes\clsid\{ffd2825e-0785-40c5-9a41-518f53a8261f}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\f1e45b94-76ba-4e62-9fe8-a72a04ec35a9
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{11111111-1111-1111-1111-111111111111}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{20000273-8230-4dd4-be4f-6889d1e74167}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-5eb9-11d5-9d45-009027c14662}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0000026a-8230-4dd4-be4f-6889d1e74167}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000273-8230-4dd4-be4f-6889d1e74167}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000580-c637-11d5-831c-00105ad6acf0}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{002eb272-2590-4693-b166-fbd5d9b6fea6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ffd2825e-0785-40c5-9a41-518f53a8261f}
HKEY_LOCAL_MACHINE\software\respondmiter
HKEY_LOCAL_MACHINE\software\transponder
VX2 Registry Values:
HKEY_CURRENT_USER\software\bundles
HKEY_CLASSES_ROOT\activexctrl\clsid
HKEY_CURRENT_USER\software\bundles
HKEY_CURRENT_USER\software\microsoft\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\topconverting
VX2 indications of infection
This symptoms of VX2 detection are the files, registry, and network communication referenced in the technical details section.Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial.Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.
Buy Exterminate-It antivirus software and perform a full scan of the computer.
You can also Download Free Trial Version of ExterminateIt! to check your your computer just NOW.
Also Be Aware of the Following Threats:
Dynamic.Desktop.Media Trojan Symptoms
Lunii Downloader Cleaner
Posts
No comments:
Post a Comment