Jump to content

Christian Mairoll

Emsisoft Employee
  • Posts

    1317
  • Joined

  • Days Won

    118

Everything posted by Christian Mairoll

  1. Please don't attack us for Avira bugs. Fact is, that this is a false alert of Avira that needs to be fixed asap. Please contact them.
  2. Zeus is a bad applications that can steal your important information, like online banking accounts. This is same description from the authors, “Zeus is software to steal personal user data from remote system…”. Zeus is the most popular financial malware on the Net today. a-squared Anti-Malware detects this malware as Trojan-Spy.Win32.Zbot. Zeus is also known as Zbot, Kollah, Pakes, PWSZbot, Banker, or Wsnpoem, as seen from this VirusTotal scan results: Zeus contains the following modules: Zeus Web Control Panel (to control the botnet) Zeus Builder (to create the bot, and to encrypt the configuration file) Zeus BackConnect The screenshot of Zeus builder: Usually, the bot spreads by email. At the infected machine, he will contact the server to request a configuration file that contains a list of sites that are mostly online banking. Bot is written in C++, and its encrypted. From one of our sample, this malware have such as characteristics: The bot file using fake version information: When executed, its try to copy itself to the following location, appends a random of data (junk) at the end of the file, and also its hidden from Explorer, because its hook API NtQueryDirectoryFile: %SystemRoot%System32sdra64.exe The bot may then create some of the following files, and its hidden too: %SystemRoot%System32lowseclocal.ds %SystemRoot%System32lowsecuser.ds %SystemRoot%System32lowsecuser.ds.lll Using IceSword, the hidden files and directory can be seen: It creates one of the following mutexes: _AVIRA_2110 _AVIRA_2101 _AVIRA_2108 _AVIRA_2109 _AVIRA_21099 Then it enumerates process to checks for the presence of the following programs: outpost.exe (Outpost Personal Firewall) zlclient.exe (ZoneLabs Firewall) Inject its own code to the following process: winlogon.exe svchost.exe explorer.exe It also modify the following registry entry, so the bot can run automatically whenever Windows starts: Once decrypted, we seen some interesting strings: And here’s another strings: Asystem Asoftware Awinsta0 ASetErrorMode A*%u.%u.%u.%u* Adefault Agdiplus.dll Aole32.dll Agdi32.dll ADISPLAY AGdiplusStartup AGdiplusShutdown AGdipCreateBitmapFromHBITMAP AGdipDisposeImage AGdipGetImageEncodersSize AGdipGetImageEncoders AGdipSaveImageToStream ACreateStreamOnHGlobal ACreateDCA ACreateCompatibleDC AGetDeviceCaps ACreateCompatibleBitmap ASelectObject ABitBlt ADeleteObject ADeleteDC Areboot Ashutdown Aresetgrab Aupcfg Akbot Arename_bot Agetcerts Agetmff Adelmff Asethomepage Abc_add Abc_del Ablock_url Aunblock_url Ablock_fake Aunblock_fake Akos Arexeci Arexec Alexeci Alexec Aapplication/x-www-form-urlencoded AContent-Type: %s ZCID: %s AKeys: ATYPE AFEAT APASV ASTAT ALIST Aanonymous Ahttps://onlineeast#.bankofamerica.com/cgi-bin/ias/*/GotoWelcome ACustomerServiceMenuEntryPoint?custAction=75 AQ%u: %s A%u: %s AAccept-Encoding: Agetfile Aaddsf Adelsf AGRABBED TAN: ASKIPPED TAN: lowsec user.ds local.ds sdra64.exe SYSTEM winlogon.exe svchost.exe explorer.exe $UID _AVIRA_2110 _AVIRA_2101 _AVIRA_2108 _AVIRA_2109 _AVIRA_21099 userinit softwaremicrosoftwindows ntcurrentversionnetwork softwaremicrosoftwindows ntcurrentversionwinlogon softwaremicrosoftwindowscurrentversionrun csrss.exe %s_%08X %08X%08X%08X%X ntdll.dll outpost.exe zlclient.exe image/jpeg screens%s%04X_%08X.jpg driversetchosts %08X.uf *.uf pass softwaremicrosoftwindowscurrentversionexplorercomdlg32 filesearch%06X_%s certs%s_%02u_%02u_%04u.pfx How to remove the infection of Trojan-Spy.Win32.Zbot? To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine. View the full article
  3. The Emsi Software malware research team has discoverd a new outbreak of the Secure Veteran adware. a-squared Anti-Malware detects this malware as Adware.Win32.SecureVeteran. SecureVeteran is classified as a misleading anti-virus application because it uses false scan results and fake security alerts to convince the user that their computer infected with malware. Once installed, Secure Veteran will be automatically configured to start each time you log on into Windows. It will also create numerous, but harmless files on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it. This malware create several files at: %SystemRoot%zf1spars59549.bin %SystemRoot%ze539ir2391.bin %SystemRoot%zcc3a59ware852.bin %SystemRoot%z9922hackt5ol138.cpl %SystemRoot%z920backdoo95000.bin %SystemRoot%z859b5ck9oor6.cpl %SystemRoot%z7849ac5door2442.exe %SystemRoot%z7489spa5bot26a.dll %SystemRoot%z7219spambot3a5.dll %SystemRoot%z705bac9door51.cpl %SystemRoot%z6715vi9u581.dll %SystemRoot%z66539r5j6b2.dll %SystemRoot%z6275troj69d5.ocx %SystemRoot%z610troj95f.dll %SystemRoot%z5e5ste9l1290.dll %SystemRoot%z5835viru53e59.bin %SystemRoot%z47565orm69d.bin %SystemRoot%z46655o9m4f7.ocx %SystemRoot%z446troj7759.dll %SystemRoot%z335not-a-virusb9.bin %SystemRoot%z064hac5too9590.cpl %SystemRoot%z0645v9rus1f.cpl %SystemRoot%z05859arse1314.bin %SystemRoot%z0132spa9b5t411.bin %SystemRoot%wininit.ini %SystemRoot%system32zff0a5dwar9133.dll %SystemRoot%system32zfc5threa96658.cpl %SystemRoot%system32ze9cthre5t13945.exe %SystemRoot%system32zad9addware32545.ocx %SystemRoot%system32zaa9s5eal853.dll %SystemRoot%system32za55ackdoo91263.bin %SystemRoot%system32z985thief1619.exe %SystemRoot%system32z983sp5mbot565.exe %SystemRoot%system32z9601sp578a.cpl %SystemRoot%system32z9595ddware952.cpl %SystemRoot%system32z9575virus7b1.bin %SystemRoot%system32z8895sp9mbot2b6.cpl %SystemRoot%system32z859troj1d9.dll %SystemRoot%system32z7dc9te5l1595.bin %SystemRoot%system32z7985spamb9585.bin %SystemRoot%system32z794859y1d3.cpl %SystemRoot%system32z7359hi5f379.ocx %SystemRoot%system32z707vi5us3a9.ocx %SystemRoot%system32z70659oj719.exe %SystemRoot%system32z701s5y4e9.cpl %SystemRoot%system32z700w9rm251.dll %SystemRoot%system32z658vir2179.bin %SystemRoot%system32z589spy344.bin %SystemRoot%system32z552spar9e706.dll %SystemRoot%system32z5122t9oj78f.dll %SystemRoot%system32z507th9ef33.exe %SystemRoot%system32z4917spambot425.dll %SystemRoot%system32z4202vi9us554.ocx %SystemRoot%system32z34445ir9s606.dll %SystemRoot%system32z296spyware5547.ocx %SystemRoot%system32z19vi5961.exe %SystemRoot%system32z1243v9r5s3d6.bin %SystemRoot%system32z0955hackto5l418.bin %SystemRoot%system32fb5threat9558z.cpl %SystemRoot%system32ed9sparz52819.cpl %SystemRoot%system32e88s9arse3z57.dll %SystemRoot%system32e31bzckdoor9057.dll %SystemRoot%system32d75spyware35z9.bin %SystemRoot%system329z8395roj506.cpl %SystemRoot%system329z37not-5-virus7119.ocx %SystemRoot%system329f50addzare1461.bin %SystemRoot%system329f0bspywar55z4.cpl %SystemRoot%system329d5dtzie59.bin %SystemRoot%system329d02stea511z.cpl %SystemRoot%system329b4aszyw5re681.exe %SystemRoot%system329ac5ddwarez453.exe %SystemRoot%system329a5fzhief20.bin %SystemRoot%system3299e2t5iez1798.cpl %SystemRoot%system329996hackzo5l5a5.dll %SystemRoot%system329897vzr2485.cpl %SystemRoot%system329774hacktool5z5.bin %SystemRoot%system329754spy5aez.dll %SystemRoot%system32969z5teal571.dll %SystemRoot%system329693tz5ef2069.dll %SystemRoot%system32967not-a5virzs68d.dll %SystemRoot%system3296499s5yz0a.cpl %SystemRoot%system3295z13tro5603.cpl %SystemRoot%system3295c4steaz2552.dll %SystemRoot%system3295b5spyware2z53.dll %SystemRoot%system32958dbac5dzor2350.cpl %SystemRoot%system32953zvirus3f7.cpl %SystemRoot%system329535owzloader2012.cpl %SystemRoot%system3294fsparse584z.exe %SystemRoot%system32935ad9zare1569.dll %SystemRoot%system3292ebthz5at969.dll %SystemRoot%system32929zspywa5e1104.exe %SystemRoot%system32929not-5-viruza0.dll %SystemRoot%system32927a5ackdoor2789z.cpl %SystemRoot%system3291z9hack5ool739.cpl %SystemRoot%system32913085zy23e.cpl %SystemRoot%system3290z68wor595.cpl %SystemRoot%system3290251t5oj68z.cpl %SystemRoot%system328903zp57e09.cpl %SystemRoot%system328786not9a5vzrus345.bin %SystemRoot%system327zd39h5ef709.cpl %SystemRoot%system327z78s9y5b.ocx %SystemRoot%system327fzst9al2059.ocx %SystemRoot%system327ed5azdware9085.bin %SystemRoot%system327e7b5ownloadz9514.bin %SystemRoot%system327dfedownl95der35z.exe %SystemRoot%system327d95tzief287.ocx %SystemRoot%system327d95spzrse2920.ocx %SystemRoot%system327d229ackdzor5118.exe %SystemRoot%system3279z3th95at6760.ocx %SystemRoot%system3279threatz2351.bin %SystemRoot%system3279csp5warez123.ocx %SystemRoot%system3279c0z5eal9822.dll %SystemRoot%system327990a5dwarz731.bin %SystemRoot%system3279739pz15.dll %SystemRoot%system327916hacz5oo99.cpl %SystemRoot%system3278ezvi53978.ocx %SystemRoot%system3277cfback5oorz119.ocx %SystemRoot%system3277adba5kdoo91640z.ocx %SystemRoot%system327755t9ief240z.bin %SystemRoot%system3276e7v9r574z.dll %SystemRoot%system3276a5zware2798.bin %SystemRoot%system327685s5z759.ocx %SystemRoot%system32709bstezl2652.dll %SystemRoot%system327097back9oor195z.cpl %SystemRoot%system326z69sp5mbot971.exe %SystemRoot%system326f5059wnloadzr1009.dll %SystemRoot%system326deezddwa5e9619.dll %SystemRoot%system326cfz5ddware2559.cpl %SystemRoot%system326c95bac5door2287z.exe %SystemRoot%system326c47do9nloadzr255.exe %SystemRoot%system326b6espa95e1z95.bin %SystemRoot%system326b69azdwa5e2864.dll %SystemRoot%system3269e39ac5doorz445.exe %SystemRoot%system3269c8add5a9e34z.cpl %SystemRoot%system326973not-a-vzrus2195.bin %SystemRoot%system326925s5yzare125.cpl %SystemRoot%system3268zdspa9se2057.bin %SystemRoot%system326824th5eat91z65.bin %SystemRoot%system3267a4b5ckdoor9846z.ocx %SystemRoot%system326755a9ktozl3b8.bin %SystemRoot%system32671cthr5zt29186.cpl %SystemRoot%system3266915ackdoz91897.bin %SystemRoot%system32662es9e5l868z.exe %SystemRoot%system3265995ownload9r724z.exe %SystemRoot%system32655wo9mz0.dll %SystemRoot%system32654z5ackdoor559.cpl %SystemRoot%system326546not5a-v9rus2z5.exe %SystemRoot%system326546downlo9de5762z.cpl %SystemRoot%system326544do9nloader14z1.ocx %SystemRoot%system32652fspar9e3z085.cpl %SystemRoot%system326525wz9m3d5.dll %SystemRoot%system3264bz5hr9at14298.cpl %SystemRoot%system3263d3spzr5e991.ocx %SystemRoot%system3263a9spywa5e1z39.exe %SystemRoot%system326282a9dw5rez251.bin %SystemRoot%system326281not-5-viruz79e.exe %SystemRoot%system3262759zrus17a.exe %SystemRoot%system326165s59al3233z.ocx %SystemRoot%system325zc8add9are2546.exe %SystemRoot%system325zc4downl59der304.exe %SystemRoot%system325z9dadd5ar9244.ocx %SystemRoot%system325z815n9t-a-virus504.dll %SystemRoot%system325z496worm15c.dll %SystemRoot%system325z45thre5t237129.exe %SystemRoot%system325fe9sze5l981.bin %SystemRoot%system325f59threat23z99.bin %SystemRoot%system325f359irz52.ocx %SystemRoot%system325c96addware25z5.cpl %SystemRoot%system325c3fzd9ware150.ocx %SystemRoot%system325c3bthizf9610.cpl %SystemRoot%system325b90ad5waze991.dll %SystemRoot%system325b3spyzar92252.ocx %SystemRoot%system325acv9r15z55.ocx %SystemRoot%system3259z3steal915.ocx %SystemRoot%system3259b6zhreat189185.bin %SystemRoot%system3259aavi5319z.ocx %SystemRoot%system32599evir21z55.cpl %SystemRoot%system325998tzojcf5.bin %SystemRoot%system3259902n9t-a-vzrus9a.bin %SystemRoot%system32598szeal465.cpl %SystemRoot%system32597fdownlo5dzr1408.bin %SystemRoot%system325927dowzload5r3098.dll %SystemRoot%system32589azteal1679.ocx %SystemRoot%system325879n9t-a-virus7z5. bin %SystemRoot%system3258771not-a-vzrus79f.ocx %SystemRoot%system325859do9zloader1730.ocx %SystemRoot%system3257d9vi51z60.cpl %SystemRoot%system325754virz739.bin %SystemRoot%system3257281worm972z.dll %SystemRoot%system325706zteal15769.exe %SystemRoot%system32564zs5arse2969.bin %SystemRoot%system3256488zpy1c9.dll %SystemRoot%system325645down9oadzr741.cpl %SystemRoot%system325571dzwn5oader2469.exe %SystemRoot%system3255599vzrus3e.exe %SystemRoot%system3254979spy39z.dll %SystemRoot%system3254935not-a-vzrus6dc.cpl %SystemRoot%system325467zpambot9fe.ocx %SystemRoot%system32544fv5z22109.cpl %SystemRoot%system3253e1th9ef8z5.ocx %SystemRoot%system32538zspy499.cpl %SystemRoot%system32534fad9ware569z.exe %SystemRoot%system3252de9pzrse8205.cpl %SystemRoot%system3252c69zyw5re195.exe %SystemRoot%system3252195ir863z.bin %SystemRoot%system3251zcspa9se385.cpl %SystemRoot%system3250650spyz969.ocx %SystemRoot%system3250442szy494.exe %SystemRoot%system324h45b4f7.exe %SystemRoot%system324fz5st5al2191.dll %SystemRoot%system324ffzbackdoo9595.cpl %SystemRoot%system324ffz9ackdoor245.ocx %SystemRoot%system324fad5hzef9224.ocx %SystemRoot%system324f97azdwar59111.exe %SystemRoot%system324d85threat19365z.bin %SystemRoot%system324a895parse25z6.dll %SystemRoot%system3249d1bzc5door2050.cpl %SystemRoot%system324746addwa5e17z69.exe %SystemRoot%system324731szeal5699.cpl %SystemRoot%system3246839pyze65.dll %SystemRoot%system324664a9d5are19z6.bin %SystemRoot%system324635down5oa9er252z.dll %SystemRoot%system32458bad9wzre2275.bin %SystemRoot%system324554ad5w9re1826z.ocx %SystemRoot%system324552zr9j3e.bin %SystemRoot%system3244fzth5ef949.ocx %SystemRoot%system32445csz9al867.ocx %SystemRoot%system324445troz9b7.ocx %SystemRoot%system32439down5oadez1660.cpl %SystemRoot%system324308no9-a-vi5zs5f3.bin %SystemRoot%system3241b9thzeat21157.cpl %SystemRoot%system324172thre9tz5612.cpl %SystemRoot%system324117zot-9-vir5s21a.exe %SystemRoot%system324109spz45e.cpl %SystemRoot%system323z65worm995.ocx %SystemRoot%system323z35sp5690.dll %SystemRoot%system323z29259y780.cpl %SystemRoot%system323z23spy95f.exe %SystemRoot%system323fezs5yware2936.dll %SystemRoot%system323e97addwa9e25z5.bin %SystemRoot%system323e589hiez3101.bin %SystemRoot%system3239a5sparse2886z.ocx %SystemRoot%system323955virz699.exe %SystemRoot%system3239014t5oj34z.cpl %SystemRoot%system323895threat54z9.ocx %SystemRoot%system323735szambo941.ocx %SystemRoot%system323685tr9jzf8.dll %SystemRoot%system32365dspywar9121z.exe %SystemRoot%system3235z9s9ywa5e1890.cpl %SystemRoot%system3235a4stzal91665.ocx %SystemRoot%system323585stealz6709.dll %SystemRoot%system32350zbackdoor1591.cpl %SystemRoot%system323414not-a-virus795z.cpl %SystemRoot%system323295b5ckdoo91z20.ocx %SystemRoot%system3232559trzj29a.cpl %SystemRoot%system3232424hac5toolz09.exe %SystemRoot%system3232349not5z-virus5f9.cpl %SystemRoot%system3231816zor96e5.exe %SystemRoot%system3231707wor9z5.bin %SystemRoot%system3231621trojz159.dll %SystemRoot%system3231296nzt-a-5ir9s156.cpl %SystemRoot%system3230894trzj735.ocx %SystemRoot%system323074v5ru9zcf.bin %SystemRoot%system32306185izus449.bin %SystemRoot%system322ze95ddwa9e51.dll %SystemRoot%system322z852hacktool3d9.dll %SystemRoot%system322ez2thief35549.exe %SystemRoot%system322eaeth9zf1549.cpl %SystemRoot%system322d89thr95t385z.dll %SystemRoot%system322d5s9arse1581z.cpl %SystemRoot%system322d1zth5ef2959.exe %SystemRoot%system322c99zparse13165.exe %SystemRoot%system3229z86virus215.cpl %SystemRoot%system3229b5steaz2663.dll %SystemRoot%system322994z5ckdoor1640.dll %SystemRoot%system322984sp57z9.dll %SystemRoot%system3229555hackto9l12z.exe %SystemRoot%system32295449roj3ez.bin %SystemRoot%system3229383n9t-z-virus50.bin %SystemRoot%system322919zvi9us2e5.dll %SystemRoot%system322917viruszd59.bin %SystemRoot%system322902zworm9115.cpl %SystemRoot%system3229024vi5us5ddz.cpl %SystemRoot%system3228z79troj6f05.dll %SystemRoot%system32289t9iefz775.cpl %SystemRoot%system3228820spy596z.bin %SystemRoot%system32285445irus9zd.ocx %SystemRoot%system32284z0s9ambo56b1.ocx %SystemRoot%system322839zd5wa9e2457.dll %SystemRoot%system32277369pazbo52f0.exe %SystemRoot%system3227156sp9328z.ocx %SystemRoot%system3226359spa9zo57d7.bin %SystemRoot%system3226289hzckto5l3c9.bin %SystemRoot%system3225cfdown9oaderz63.ocx %SystemRoot%system3225caz9r2641.exe %SystemRoot%system32259z1vi95s1ef.ocx %SystemRoot%system3225975zpa9bot22b5.bin %SystemRoot%system3225711spam9ot548z.cpl %SystemRoot%system3225424zro9551.dll %SystemRoot%system32254169zrm10e.ocx %SystemRoot%system322535zvi9us6d8.ocx %SystemRoot%system322526z9p5370.exe %SystemRoot%system3225259wormz11.cpl %SystemRoot%system3225254zor595b.ocx %SystemRoot%system3225253ha9kto5lz20.dll %SystemRoot%system3225049hackzoo54f9.ocx %SystemRoot%system32249fst5az988.exe %SystemRoot%system322499zspy59.exe %SystemRoot%system3223891hack9o5l185z.ocx %SystemRoot%system3223825sp5m9ot6z8.exe %SystemRoot%system3223555troz195.ocx %SystemRoot%system3222737not-az9irus5e.exe %SystemRoot%system3222603hackto9542z.exe %SystemRoot%system3221959spy2z9.dll %SystemRoot%system3221559zpamb9t755.cpl %SystemRoot%system3221535wozm509.dll %SystemRoot%system32215289roj56z.dll %SystemRoot%system3221307not-a-5irzs4c9.exe %SystemRoot%system32212699irusz52.dll %SystemRoot%system3220z96t5oje8.ocx %SystemRoot%system3220z02troj9665.cpl %SystemRoot%system3220faz9ckdoor2185.exe %SystemRoot%system3220899zi5us40a.dll %SystemRoot%system3220739roj55z.ocx %SystemRoot%system3220601n5t-a-9irus549z.cpl %SystemRoot%system32205z8spy9ad.cpl %SystemRoot%system322016z9py345.cpl %SystemRoot%system3220029vir9sz54.cpl %SystemRoot%system321z916s9a5bot4d3.bin %SystemRoot%system321z893h9ckt5ol6d5.exe %SystemRoot%system321z513worm159.ocx %SystemRoot%system321z170spa5bot967.bin %SystemRoot%system321z065sp96c0.bin %SystemRoot%system321dz7v9565.dll %SystemRoot%system321be7a9zware3265.exe %SystemRoot%system321b9ca5dwaze1490.dll %SystemRoot%system321979195t-a-virzs6d7.dll %SystemRoot%system32195dadzware1575.bin %SystemRoot%system3219296spyz795.bin %SystemRoot%system3218697zroj754.bin %SystemRoot%system3218165w5rm75z9.cpl %SystemRoot%system3217z50spy793.exe %SystemRoot%system321790thze5869.bin %SystemRoot%system3216z3hacktoo54569.ocx %SystemRoot%system32169799r5j6zf.exe %SystemRoot%system3216420no5-a-vir9z35c.cpl %SystemRoot%system32159azt5al1385.bin %SystemRoot%system321587a9zware3014.ocx %SystemRoot%system321569zarse892.cpl %SystemRoot%system3215545ziru59db.dll %SystemRoot%system321537zsp9557.exe %SystemRoot%system3215366not-a-95rzs2a9.dll %SystemRoot%system3215325h9cktoozf.exe %SystemRoot%system32151spyzf9.bin %SystemRoot%system3215104spazbot5589.bin %SystemRoot%system3214945hack5ool6zf.cpl %SystemRoot%system32145zba9kdo5r1499.exe %SystemRoot%system3214579vi5us2z6.bin %SystemRoot%system321424zspa9bot3815.cpl %SystemRoot%system32139zvir1354.exe %SystemRoot%system32138ath95f6z6.exe %SystemRoot%system3213779worz5c5.exe %SystemRoot%system3213739vi5u9z21.bi n %SystemRoot%system3213365not-a-zir9s55a.exe %SystemRoot%system3212edspar9z11235.dll %SystemRoot%system3212942vzrus56f9.ocx %SystemRoot%system3212588spy59ez.bin %SystemRoot%system3212583vzrus4e39.exe %SystemRoot%system3212299not-5-vizus350.exe %SystemRoot%system3211z5spam9ot38f5.ocx %SystemRoot%system3211204zo9m15b5.exe %SystemRoot%system3210944worm5z.bin %SystemRoot%system32106z3not-a-virus965.bin %SystemRoot%system3210599spazbot39b.dll %SystemRoot%e24do5nloadez390.dll %SystemRoot%d9bvir125z.ocx %SystemRoot%ca85zarse2902.exe %SystemRoot%befst9al5357z.bin %SystemRoot%b9b9hief1z57.exe %SystemRoot%ae7spa5ze1590.cpl %SystemRoot%9zathie51794.exe %SystemRoot%9z362spy36c5.exe %SystemRoot%9z308tr5j6e0.bin %SystemRoot%9z02t9o51e1.ocx %SystemRoot%9bc95zdware950.exe %SystemRoot%9b59thief3z05.cpl %SystemRoot%999bac5zoor1076.ocx %SystemRoot%9842h9ckt5ol279z.bin %SystemRoot%9825tro5z99.dll %SystemRoot%97b2backdoor2z95.ocx %SystemRoot%9767z5y49.ocx %SystemRoot%96575spz4b65.dll %SystemRoot%95dbaddwaz51218.dll %SystemRoot%959fvirz855.dll %SystemRoot%9555not-a-viruz635.dll %SystemRoot%95391zpambot756.exe %SystemRoot%950z6troj5e.dll %SystemRoot%9499wozm595.exe %SystemRoot%93fszeal559.exe %SystemRoot%9349no9-azvir5s4a.ocx %SystemRoot%92zsparse532.ocx %SystemRoot%928dowz5oader1624.ocx %SystemRoot%9185zacktoo9306.ocx %SystemRoot%91445spz775.bin %SystemRoot%90495hacktool25z.ocx %SystemRoot%90263n5t-a-virusz89.exe %SystemRoot%8580zroj2079.dll %SystemRoot%82219pzmbot58.dll %SystemRoot%7z6stea52929.dll %SystemRoot%7z54troj2c9.bin %SystemRoot%7z05a9d5are862.cpl %SystemRoot%7f95spywzre495.dll %SystemRoot%7ed9dzwnloader5548.cpl %SystemRoot%7e8zb5ckd9or410.bin %SystemRoot%7d75addwa9z3084.dll %SystemRoot%7bz6thie51937.cpl %SystemRoot%7b59d9wnloadzr2501.dll %SystemRoot%7a45tzreat29698.cpl %SystemRoot%79bat9iez1552.cpl %SystemRoot%7957spazse1822.dll %SystemRoot%7911zr5j3b5.bin %SystemRoot%789th5ef2z97.exe %SystemRoot%7836dz5nl9ader917.bin %SystemRoot%7821s95ware23z4.exe %SystemRoot%77d0tzrea59932.ocx %SystemRoot%7789stezl2605.ocx %SystemRoot%7779th5ef959z.dll %SystemRoot%75cdbackdozr9139.ocx %SystemRoot%75bdthr9at23z5.cpl %SystemRoot%7585thr9a54z06.dll %SystemRoot%7546b9czdoor2622.dll %SystemRoot%7532sp9ware58z.bin %SystemRoot%752backd9zr1090.cpl %SystemRoot%73z69ir26105.bin %SystemRoot%73e5adzware39.bin %SystemRoot%73a6t95zat11641.bin %SystemRoot%7349spywa5e76z.dll %SystemRoot%725895rus594z.bin %SystemRoot%7229ha5ktozl490.cpl %SystemRoot%7159spyware2268z.exe %SystemRoot%714cazdw5re1191.cpl %SystemRoot%6z93h95ktool13e.cpl %SystemRoot%6z13s5ea9379.cpl %SystemRoot%6df9ir55z6.cpl %SystemRoot%6d925iz2599.bin %SystemRoot%6cz3ste9l5179.cpl %SystemRoot%6a98bac5dooz1999.ocx %SystemRoot%6a7fsteal91z05.cpl %SystemRoot%69f0backzo5r1782.ocx %SystemRoot%69aaaddware659z.ocx %SystemRoot%6970nzt5a-vi9us5ef.exe %SystemRoot%6902addw5rez518.dll %SystemRoot%689esparse5003z.cpl %SystemRoot%685659iez1349.dll %SystemRoot%6726stea51199z.bin %SystemRoot%66c25hief190z.dll %SystemRoot%66759iruzc3.ocx %SystemRoot%65c9sparsez5.ocx %SystemRoot%659zp9ware324.cpl %SystemRoot%659hac5tool412z.exe %SystemRoot%656b5zea9159.exe %SystemRoot%6451spywarz29429.exe %SystemRoot%641vizu5779.dll %SystemRoot%636zsp5rse9896.ocx %SystemRoot%6278n9t-5-zirus1af.dll %SystemRoot%625z9hreat17073.cpl %SystemRoot%60a9spz5se534.ocx %SystemRoot%5z7ebackd9or2751.dll %SystemRoot%5z56vir15995.ocx %SystemRoot%5z39pambot15d.ocx %SystemRoot%5f7azpar5e1975.bin %SystemRoot%5e89doznlo5der940.dll %SystemRoot%5e5cvzr918.cpl %SystemRoot%5dzaa59ware1127.exe %SystemRoot%5cz5thre9t1153.exe %SystemRoot%5c67ste59313z.ocx %SystemRoot%5c17zhief2390.dll %SystemRoot%5baddwaze598.dll %SystemRoot%5a8zbackdoor1892.exe %SystemRoot%5a81sz9ware354.cpl %SystemRoot%5a79thzef915.ocx %SystemRoot%59b0zir1173.cpl %SystemRoot%5994v95z015.bin %SystemRoot%59893worm19z.bin %SystemRoot%59853virus5ze.bin %SystemRoot%595f9ddware3z65.ocx %SystemRoot%5959virusz7b.ocx %SystemRoot%595899ot-a-virus6az.exe %SystemRoot%5957s59rze570.dll %SystemRoot%59398hackzool5c8.bin %SystemRoot%5932backdoor2310z.cpl %SystemRoot%5912szam9ot173.bin %SystemRoot%5903wormzb5.dll %SystemRoot%58bf5ddware69z.exe %SystemRoot%5893ad9zare464.cpl %SystemRoot%5787downlozder5948.ocx %SystemRoot%5779stea52z63.cpl %SystemRoot%5758threat1z739.bin %SystemRoot%56fzs5e9l1556.exe %SystemRoot%55eebackdoo9258z.dll %SystemRoot%559athizf1284.ocx %SystemRoot%5574th95fz889.bin %SystemRoot%555ds5eal9970z.bin %SystemRoot%5555szyware9865.bin %SystemRoot%550ad9warz14395.ocx %SystemRoot%54f59ackdo5r105z.dll %SystemRoot%54e9spyz9re852.dll %SystemRoot%54463vizu961e.cpl %SystemRoot%5415v5r97z5.bin %SystemRoot%5378hacktoolz99.cpl %SystemRoot%52fcthzef29525.cpl %SystemRoot%52ce59ief17z8.exe %SystemRoot%5294threat29045z.bin %SystemRoot%52759a5kdoor2087z.bin %SystemRoot%51909szy69a.bin %SystemRoot%51099hacktooz2e9.ocx %SystemRoot%5107z951475.bin %SystemRoot%5036not5a-vi9zs134.ocx %SystemRoot%4d72downloa9er2z54.cpl %SystemRoot%4cza95eal941.cpl %SystemRoot%4bddsz9ware5551.exe %SystemRoot%4bd0bzckdo9r9165.ocx %SystemRoot%4a76t5rzat44159.ocx %SystemRoot%49fevz52668.bin %SystemRoot%4971thief1z59.dll %SystemRoot%4939t5zl1223.exe %SystemRoot%49245pyz65.bin %SystemRoot%47detz9e52158.exe %SystemRoot%475cdoznloader15879.bin %SystemRoot%4598add9zre538.bin %SystemRoot%451bback9ooz192.exe %SystemRoot%44f19ddwarz2556.bin %SystemRoot%4462zteal9759.cpl %SystemRoot%42c9thrzat2257.cpl %SystemRoot%424at9reat51409z.cpl %SystemRoot%3za55par9e1234.ocx %SystemRoot%3z090spambot3825.dll %SystemRoot%3f33sp5rze1919.dll %SystemRoot%3f19s5ywa9z637.exe %SystemRoot%3ez2spy5a9e279.dll %SystemRoot%3d52spywar9z099.cpl %SystemRoot%3czdbackd9or11505.exe %SystemRoot%3ae9szywa5e1939.cpl %SystemRoot%3acds5e9l30z2.ocx %SystemRoot%3ab4addw9re5z39.ocx %SystemRoot%39f9s5zrse31.exe %SystemRoot%394fthr9az5741.cpl %SystemRoot%390c5ir2301z.cpl %SystemRoot%38895ackdooz1393.ocx %SystemRoot%3850st9alz560.bin %SystemRoot%3795t5ief1z12.cpl %SystemRoot%3752downl9adzr1309.bin %SystemRoot%3604not-z-virus4495.dll %SystemRoot%35esparse3941z.ocx %SystemRoot%3579z9orm6bc.exe %SystemRoot%35741spa9boz52d.exe %SystemRoot%35529spamboz308.dll %SystemRoot%35509pam5ot431z.ocx %SystemRoot%35279rzj285.exe %SystemRoot%35192zot-a-virus527.ocx %SystemRoot%3513troj249z.cpl %SystemRoot%34zesparse5956.dll %SystemRoot%32314wor59f7z.exe %SystemRoot%3228659cktool5ez.dll %SystemRoot%31fe9ackdoorz540.ocx %SystemRoot%31ccspars5981z.bin %SystemRoot%319z95pambot5e5.ocx %SystemRoot%319559pambzt64.cpl %SystemRoot%31898t5oz905.cpl %SystemRoot%31627hackto5lz59.exe %SystemRoot%30z1a9dware23195.bin %SystemRoot%309faddwaz5698.cpl %SystemRoot%30655viruz5579.dll %SystemRoot%304z9hief5982.exe %SystemRoot%30401tz5j569.bin %SystemRoot%30395t9alz575.ocx %SystemRoot%2ze4vi59266.exe %SystemRoot%2z996virus75b.ocx %SystemRoot%2z86ba9kdoor35.exe %SystemRoot%2z27a5dware69.cpl %SystemRoot%2z05downl9ader2862.cpl %SystemRoo t%2f6z95ief2389.ocx %SystemRoot%2d9adownlo5der56z.exe %SystemRoot%2d35vir5z29.exe %SystemRoot%2b34s5zal26549.exe %SystemRoot%29e7addzare352.bin %SystemRoot%29bfsz9rse1852.dll %SystemRoot%29b5b9c5dzor1028.dll %SystemRoot%29992viru5z53.cpl %SystemRoot%298n59-a-virzs25f.bin %SystemRoot%297adoznload5r1656.cpl %SystemRoot%29695wo9mz78.bin %SystemRoot%294zvir5s499.bin %SystemRoot%293585pz9fd.bin %SystemRoot%29198hackto9lz5.dll %SystemRoot%29160t5oz9.ocx %SystemRoot%29149zacktool5b35.dll %SystemRoot%288dste9l3058z.cpl %SystemRoot%2866bac5doz9741.exe %SystemRoot%285fvzr9734.ocx %SystemRoot%28094zr5j4f1.cpl %SystemRoot%27f8spa9s5z08.ocx %SystemRoot%279zspy5are728.ocx %SystemRoot%2765zh9eat172655.dll %SystemRoot%27597not-azviru96f5.dll %SystemRoot%27557not-a-9izus1df.cpl %SystemRoot%263z9h9ck5ool99.exe %SystemRoot%260359zy4e2.bin %SystemRoot%25z24troj4039.cpl %SystemRoot%25b9spy5are1919z.ocx %SystemRoot%2594wormz63.cpl %SystemRoot%2593thze51186.ocx %SystemRoot%2591bzckdoor2087.exe %SystemRoot%25884z9y36d.bin %SystemRoot%25839zpambo945f.exe %SystemRoot%25748wo9m4ze.exe %SystemRoot%25704t9z53c8.bin %SystemRoot%255275izus2d89.cpl %SystemRoot%254bsp95are42z.cpl %SystemRoot%25438h5ckzool19e.bin %SystemRoot%2542zteal509.bin %SystemRoot%2539addwzre16915.cpl %SystemRoot%2465zsp9mbot245.exe %SystemRoot%24353szy9b1.bin %SystemRoot%24019tr5j274z.bin %SystemRoot%23zbspywar51159.ocx %SystemRoot%2356s9ambot53z.bin %SystemRoot%2339spambzt3125.bin %SystemRoot%23089w5rmc9z.bin %SystemRoot%226z59ir5s73a.bin %SystemRoot%2265zvirus39f.ocx %SystemRoot%22619ackt5oz615.exe %SystemRoot%225925irus6z0.exe %SystemRoot%22272zorm597.dll %SystemRoot%220z5not-5-viru9306.exe %SystemRoot%21z96hacktool65b5.bin %SystemRoot%21490tzoj5e5.exe %SystemRoot%20z13v5ru9dd.exe %SystemRoot%209zst5a9565.dll %SystemRoot%20762n9t-a5zirus1e5.exe %SystemRoot%206z9worm4c95.dll %SystemRoot%20429sp59bzt7c6.cpl %SystemRoot%203905ackzoo91da.exe %SystemRoot%20249haczto9l645.exe %SystemRoot%20235not-a-9irzs14c5.cpl %SystemRoot%2019znot-a-virus5.exe %SystemRoot%20093spy6zb5.bin %SystemRoot%1z99vi51347.cpl %SystemRoot%1z94threat525.cpl %SystemRoot%1z759v5rus721.ocx %SystemRoot%1z222s9y1ff5.ocx %SystemRoot%1f15d9wnlzader190.dll %SystemRoot%1d5bbzckdoor597.dll %SystemRoot%1c52threat595z4.ocx %SystemRoot%1c4z5hreat61929.bin %SystemRoot%1bz0steal1593.dll %SystemRoot%1ba9th5ez3219.dll %SystemRoot%1ab6sp5w9ze2748.exe %SystemRoot%19f05hief9z54.exe %SystemRoot%19b3thr9at1496z5.bin %SystemRoot%19975not-a-zi5us2a0.bin %SystemRoot%19939vi5uz69f.ocx %SystemRoot%196945pyz5.bin %SystemRoot%19622viruz35c.exe %SystemRoot%19597zorm234.ocx %SystemRoot%19535troj2z25.ocx %SystemRoot%19361w5rmz0.exe %SystemRoot%1928ztr5j3d6.bin %SystemRoot%19030notza-v5rus29b.cpl %SystemRoot%18z9worm5d2.ocx %SystemRoot%18985hacktool5z9.exe %SystemRoot%188659zr534f.ocx %SystemRoot%185z0spambot2d9.dll %SystemRoot%18518hack5ool191z.ocx %SystemRoot%18041no5-9-virus6zb.dll %SystemRoot%1789not-9-virus15fz.ocx %SystemRoot%177785rzj149.ocx %SystemRoot%17725n9t-a-virusz50.bin %SystemRoot%1767zspambot93e5.ocx %SystemRoot%175z9hack5o9l545.cpl %SystemRoot%1741sz9mbot2ae5.bin %SystemRoot%16ffsp9waze2905.dll %SystemRoot%16589spamzot1d8.ocx %SystemRoot%15z9addware2535.cpl %SystemRoot%157st9az3244.bin %SystemRoot%15656trzj95f.exe %SystemRoot%155509roj5ez.dll %SystemRoot%15532h5ck9zol448.ocx %SystemRoot%1550spyz39.bin %SystemRoot%1546z9y529.cpl %SystemRoot%1535zwo9m6f0.exe %SystemRoot%15165hac9tozle.ocx %SystemRoot%14981h5cktoolzb2.ocx %SystemRoot%149005orm28z.cpl %SystemRoot%14661spa9bo5z1.cpl %SystemRoot%145f5ownl9zder2257.cpl %SystemRoot%145449orm4z85.cpl %SystemRoot%14414not-azvi9u567.ocx %SystemRoot%13z9sp5rse1964.exe %SystemRoot%13z79not-59virus35b.ocx %SystemRoot%139z09acktoola35.cpl %SystemRoot%139espar5e44z.cpl %SystemRoot%13925not95-virus330z.cpl %SystemRoot%12z5spambo947e.exe %SystemRoot%12dzad5ware1569.bin %SystemRoot%124z45pambot3e79.exe %SystemRoot%11938s5z598.exe %SystemRoot%116949azktool5d55.ocx %SystemRoot%11685spy4z29.ocx %SystemRoot%11538zo9m18c.cpl %SystemRoot%109bthrzat253435.bin %SystemRoot%109395rezt31798.ocx %ProgramFiles%SecureVeteran SoftwareSecureVeteranuninstall.exe %ProgramFiles%SecureVeteran SoftwareSecureVeteranSecureVeteran.exe %AllUsersProfile%Start MenuProgramsSecureVeteran3 Uninstall.lnk %AllUsersProfile%Start MenuProgramsSecureVeteran2 Homepage.lnk %AllUsersProfile%Start MenuProgramsSecureVeteran1 SecureVeteran.lnk %AllUsersProfile%DesktopSecureVeteran.lnk %UserProfile%Local SettingsTempyoe6mtis.exe %UserProfile%Local SettingsTemp4h45b4f7.exe %UserProfile%Cookies%username%@secureveteran[1].txt And create new registry entries: HKEY_LOCAL_MACHINEsoftwaremicrosoftWindowsCurrentVersionUninstallSecureVeteran HKEY_LOCAL_MACHINEsoftwareSecureVeteran HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSecureVeteranSvc HKEY_CURRENT_USERsoftwareSecureVeteran HKEY_CURRENT_USERsoftwareMicrosoftWindowsCurrentVersionRunSecureVeteran Malware screenshots: How to remove the infection of Adware.Win32.SecureVeteran? To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine. View the full article
  4. Vielen Dank für den Hinweis. Es wurden die Updates durch einen Caching Fehler auf den Servern erst zu spät ausgeliefert. Das Problem sollte nun behoben sein. Bei neuen Updates kann es natürlich zu kleinen Verzögerungen kommen, da es eine gewisse Zeit braucht, um die Updates auf die mittlerweile 10 Update Mirror Server zu verteilen. In der Regel jedoch nur 2 Minuten, maximal 15 Minuten.
  5. The Emsi Software malware research team has discoverd a new outbreak for the Windows PC Defender adware. a-squared Anti-Malware detect this malware as Adware.Win32.WindowsPCDefender. Windows PC Defender is rogue security software that show false warning messages and show misleading scan results. The advertisement will state that you are infected and then prompt you to download Windows PC Defender to your computer. If you download and install Windows PC Defender, it will start automatically when your computer starts. The installer will also create numerous harmless files on your computer, usually at Recent folder, that are used to impersonate malware files. Once the program is running it will scan your computer and then display these files as infections, but will not allow you to remove them until you purchase the program. The main program will extract several files to (the name of the files and directory for this rogue are random): %CommonAppData%b0cf5WPba6.exe %CommonAppData%WPCDSyswpcd.cfg %AppData%MicrosoftInternet ExplorerQuick LaunchWindows PC Defender.lnk %AppData%Windows PC DefenderInstructions.ini %UserProfile%Cookiesindex.dat %UserProfile%Cookiesvirus [email protected][1].txt %UserProfile%Desktop1587.mof %UserProfile%DesktopWindows PC Defender.lnk %UserProfile%DesktopWPCD.ico %UserProfile%DesktopBackUpHyperSnap-DX.lnk %UserProfile%DesktopWPCDSysvd952342.bd %UserProfile%RecentANTIGEN.tmp %UserProfile%Recentcb.dll %UserProfile%Recentcid.exe %UserProfile%Recentcid.sys %UserProfile%RecentCLSV.drv %UserProfile%Recentexec.drv %UserProfile%Recentfix.sys %UserProfile%Recentgrid.tmp %UserProfile%Recentkernel32.tmp %UserProfile%RecentPE.sys %UserProfile%RecentPE.tmp %UserProfile%Recentppal.drv %UserProfile%RecentSM.tmp %UserProfile%Recenttjd.sys %UserProfile%Recenttjd.tmp %UserProfile%Start MenuWindows PC Defender.lnk %UserProfile%Start MenuProgramsWindows PC Defender.lnk And create new registry entry: HKEY_LOCAL_MACHINEsoftwaremicrosoftWindowsCurrentVersionRunWindows PC Defender This rogue also try to modify hosts file: 74.125.45.100 4-open-davinci.com 74.125.45.100 securitysoftwarepayments.com 74.125.45.100 privatesecuredpayments.com 74.125.45.100 secure.privatesecuredpayments.com 74.125.45.100 getantivirusplusnow.com 74.125.45.100 secure-plus-payments.com 74.125.45.100 www.getantivirusplusnow.com 74.125.45.100 www.secure-plus-payments.com 74.125.45.100 www.getavplusnow.com 74.125.45.100 www.securesoftwarebill.com 74.125.45.100 secure.paysecuresystem.com 74.125.45.100 paysoftbillsolution.com 206.53.61.77 google.ae 206.53.61.77 google.as 206.53.61.77 google.at 206.53.61.77 google.az 206.53.61.77 google.ba 206.53.61.77 google.be 206.53.61.77 google.bg 206.53.61.77 google.bs 206.53.61.77 google.ca 206.53.61.77 google.cd 206.53.61.77 google.com.gh 206.53.61.77 google.com.hk 206.53.61.77 google.com.jm 206.53.61.77 google.com.mx 206.53.61.77 google.com.my 206.53.61.77 google.com.na 206.53.61.77 google.com.nf 206.53.61.77 google.com.ng 206.53.61.77 google.ch 206.53.61.77 google.com.np 206.53.61.77 google.com.pr 206.53.61.77 google.com.qa 206.53.61.77 google.com.sg 206.53.61.77 google.com.tj 206.53.61.77 google.com.tw 206.53.61.77 google.dj 206.53.61.77 google.de 206.53.61.77 google.dk 206.53.61.77 google.dm 206.53.61.77 google.ee 206.53.61.77 google.fi 206.53.61.77 google.fm 206.53.61.77 google.fr 206.53.61.77 google.ge 206.53.61.77 google.gg 206.53.61.77 google.gm 206.53.61.77 google.gr 206.53.61.77 google.ht 206.53.61.77 google.ie 206.53.61.77 google.im 206.53.61.77 google.in 206.53.61.77 google.it 206.53.61.77 google.ki 206.53.61.77 google.la 206.53.61.77 google.li 206.53.61.77 google.lv 206.53.61.77 google.ma 206.53.61.77 google.ms 206.53.61.77 google.mu 206.53.61.77 google.mw 206.53.61.77 google.nl 206.53.61.77 google.no 206.53.61.77 google.nr 206.53.61.77 google.nu 206.53.61.77 google.pl 206.53.61.77 google.pn 206.53.61.77 google.pt 206.53.61.77 google.ro 206.53.61.77 google.ru 206.53.61.77 google.rw 206.53.61.77 google.sc 206.53.61.77 google.se 206.53.61.77 google.sh 206.53.61.77 google.si 206.53.61.77 google.sm 206.53.61.77 google.sn 206.53.61.77 google.st 206.53.61.77 google.tl 206.53.61.77 google.tm 206.53.61.77 google.tt 206.53.61.77 google.us 206.53.61.77 google.vu 206.53.61.77 google.ws 206.53.61.77 google.co.ck 206.53.61.77 google.co.id 206.53.61.77 google.co.il 206.53.61.77 google.co.in 206.53.61.77 google.co.jp 206.53.61.77 google.co.kr 206.53.61.77 google.co.ls 206.53.61.77 google.co.ma 206.53.61.77 google.co.nz 206.53.61.77 google.co.tz 206.53.61.77 google.co.ug 206.53.61.77 google.co.uk 206.53.61.77 google.co.za 206.53.61.77 google.co.zm 206.53.61.77 google.com 206.53.61.77 google.com.af 206.53.61.77 google.com.ag 206.53.61.77 google.com.ar 206.53.61.77 google.com.au 206.53.61.77 google.com.bn 206.53.61.77 google.com.br 206.53.61.77 google.com.by 206.53.61.77 google.com.bz 206.53.61.77 google.com.cu 206.53.61.77 google.com.ec 206.53.61.77 google.com.fj 206.53.61.77 www.google.ae 206.53.61.77 www.google.as 206.53.61.77 www.google.at 206.53.61.77 www.google.az 206.53.61.77 www.google.ba 206.53.61.77 www.google.be 206.53.61.77 www.google.bg 206.53.61.77 www.google.bs 206.53.61.77 www.google.ca 206.53.61.77 www.google.cd 206.53.61.77 www.google.com.gh 206.53.61.77 www.google.com.hk 206.53.61.77 www.google.com.jm 206.53.61.77 www.google.com.mx 206.53.61.77 www.google.com.my 206.53.61.77 www.google.com.na 206.53.61.77 www.google.com.nf 206.53.61.77 www.google.com.ng 206.53.61.77 www.google.ch 206.53.61.77 www.google.com.np 206.53.61.77 www.google.com.pr 206.53.61.77 www.google.com.qa 206.53.61.77 www.google.com.sg 206.53.61.77 www.google.com.tj 206.53.61.77 www.google.com.tw 206.53.61.77 www.google.dj 206.53.61.77 www.google.de 206.53.61.77 www.google.dk 206.53.61.77 www.google.dm 206.53.61.77 www.google.ee 206.53.61.77 www.google.fi 206.53.61.77 www.google.fm 206.53.61.77 www.google.fr 206.53.61.77 www.google.ge 206.53.61.77 www.google.gg 206.53.61.77 www.google.gm 206.53.61.77 www.google.gr 206.53.61.77 www.google.ht 206.53.61.77 www.google.ie 206.53.61.77 www.google.im 206.53.61.77 www.google.in 206.53.61.77 www.google.it 206.53.61.77 www.google.ki 206.53.61.77 www.google.la 206.53.61.77 www.google.li 206.53.61.77 www.google.lv 206.53.61.77 www.google.ma 206.53.61.77 www.google.ms 206.53.61.77 www.google.mu 206.53.61.77 www.google.mw 206.53.61.77 www.google.nl 206.53.61.77 www.google.no 206.53.61.77 www.google.nr 206.53.61.77 www.google.nu 206.53.61.77 www.google.pl 206.53.61.77 www.google.pn 206.53.61.77 www.google.pt 206.53.61.77 www.google.ro 206.53.61.77 www.google.ru 206.53.61.77 www.google.rw 206.53.61.77 www.google.sc 206.53.61.77 www.google.se 206.53.61.77 www.google.sh 206.53.61.77 www.google.si 206.53.61.77 www.google.sm 206.53.61.77 www.google.sn 206.53.61.77 www.google.st 206.53.61.77 www.google.tl 206.53.61.77 www.google.tm 206.53.61.77 www.google.tt 206.53.61.77 www.google.us 206.53.61.77 www.google.vu 206.53.61.77 www.google.ws 206.53.61.77 www.google.co.ck 206.53.61.77 www.google.co.id 206.53.61.77 www.google.co.il 206.53.61.77 www.google.co.in 206.53.61.77 www.google.co.jp 206.53.61.77 www.google.co.kr 206.53.61.77 www.google.co.ls 206.53.61.77 www.google.co.ma 206.53.61.77 www.google.co.nz 206.53.61.77 www.google.co.tz 206.53.61.77 www.google.co.ug 206.53.61.77 www.google.co.uk 206.53.61.77 www.google.co.za 206.53.61.77 www.google.co.zm 206.53.61.77 www.google.com 206.53.61.77 www.google.com.af 206.53.61.77 www.google.com.ag 206.53.61.77 www.google.com.ar 206.53.61.77 www.google.com.au 206.53.61.77 www.google.com.bn 206.53.61.77 www.google.com.br 206.53.61.77 www.google.com.by 206.53.61.77 www.google.com.bz 206.53.61.77 www.google.com.cu 206.53.61.77 www.google.com.ec 206.53.61.77 www.google.com.fj 206.53.61.77 google.com 206.53.61.77 www.google.com 206.53.61.77 bing.com 206.53.61.77 www.bing.com 206.53.61.77 search.yahoo.com 206.53.61.77 www.search.yahoo.com 206.53.61.77 search.live.com 206.53.61.77 search.msn.com Malware screenshots: How to remove the infection of Adware.Win32.WindowsPCDefender? To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine View the full article
  6. The Emsi Software malware research team has discoverd a new outbreak for the Adware.Win32.WindowsPolicePro. WindowsPolicePro is a rogue security program that: Show False warning messages. Show Misleading scan results. Show fake Windows Security Center. Show fake error svchost.exe. And it’s Browser Helper Objects The main installer of this malware seem like packed with EXECryptor, and it extract several files to: %ProgramFiles%Windows Police Promsvcm80.dll %ProgramFiles%Windows Police Promsvcp80.dll %ProgramFiles%Windows Police Promsvcr80.dll %ProgramFiles%Windows Police Prowindows Police Pro.exe %ProgramFiles%Windows Police Protmpdbsinit.exe %ProgramFiles%Windows Police Protmpwispex.html %ProgramFiles%Windows Police Protmpimagesi1.gif %ProgramFiles%Windows Police Protmpimagesi2.gif %ProgramFiles%Windows Police Protmpimagesi3.gif %ProgramFiles%Windows Police Protmpimagesj1.gif %ProgramFiles%Windows Police Protmpimagesj2.gif %ProgramFiles%Windows Police Protmpimagesj3.gif %ProgramFiles%Windows Police Protmpimagesjj1.gif %ProgramFiles%Windows Police Protmpimagesjj2.gif %ProgramFiles%Windows Police Protmpimagesjj3.gif %ProgramFiles%Windows Police Protmpimagesl1.gif %ProgramFiles%Windows Police Protmpimagesl2.gif %ProgramFiles%Windows Police Protmpimagesl3.gif %ProgramFiles%Windows Police Protmpimagespix.gif %ProgramFiles%Windows Police Protmpimagest1.gif %ProgramFiles%Windows Police Protmpimagest2.gif %ProgramFiles%Windows Police Protmpimagesup1.gif %ProgramFiles%Windows Police Protmpimagesup2.gif %ProgramFiles%Windows Police Protmpimagesw1.gif %ProgramFiles%Windows Police Protmpimagesw11.gif %ProgramFiles%Windows Police Protmpimagesw2.gif %ProgramFiles%Windows Police Protmpimagesw3.gif %ProgramFiles%Windows Police Protmpimagesw3.jpg %ProgramFiles%Windows Police Protmpimageswt1.gif %ProgramFiles%Windows Police Protmpimageswt2.gif %ProgramFiles%Windows Police Protmpimageswt3.gif %SystemRoot%ppp3.dat %SystemRoot%ppp4.dat %SystemRoot%svchasts.exe %SystemRoot%system32bennuar.old %SystemRoot%system32dddesot.dll %SystemRoot%system32desote.exe %SystemRoot%system32sysnet.dat %UserProfile%DesktopPC_protect.exe %UserProfile%DesktopWindows Police Pro.lnk %UserProfile%Start MenuProgramsWindows Police ProWindows Police Pro.lnk And create new registry entries: HKEY_CURRENT_USERsoftwareWindows Police Pro HKEY_CURRENT_USERsoftwareWindows Police Prowindows Police Pro HKEY_CURRENT_USERsoftwareWindows Police Prowindows Police ProRegistration HKEY_CURRENT_USERsoftwareWindows Police Prowindows Police Prosetdata HKEY_LOCAL_MACHINEsoftwaremicrosoftWindowsCurrentVersionUninstallWin Police Pro HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesAntipPro2009_100 HKEY_LOCAL_MACHINEsoftwaremicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{76DC0B63-1533-4ba9-8BE8-D59EB676FA02} This malware also try to connect to core2634.newdomainagain.com. How to remove the infection of Adware.Win32.WindowsPolicePro? To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine View the full article
×
×
  • Create New...