"Malware Fix รวมวิธีแก้ปัญหา virus computer โครงการทำดีเพื่อสังคม" "เนื่องจากภาระหน้าที่ทางการงาน ต้องขออภัยผู้เยี่ยมชมทุกท่านนะครับ ที่เ้ข้ามาแล้ว ไม่มีการ update virus ตัวใหม่ นะครับ"

Information

http://malwarefighting.blogspot.com


Photobucket
แจ้งเตือนภัย ! Crypt0L0cker (Ransomware)
เข้ารหัสข้อมูลใน คอมพิวเตอร์ กำลังระบาดในไทย
และกำลังระบาดหนักในเกาหลี
ThaiCERT , Crytpo Prevention Tool

*ห้ามจ่ายเงินโดยเด็ดขาด เพราะจะเสียทั่้งเงินและกู้ข้อมูลไม่ได้
รบกวนคนที่เข้ามาอ่านช่วยแชร์ด้วยนะครับ
http://hotzone-it.blogspot.com/2015/07/how-to-remove-crypt0l0cker-not.html
==============================================
PeeTechFix >> JupiterFix
==============================================
Photobucket

วิธีใช้งาน : JupiterFix-Win32.PSW.OnlineGames
ท่านสามารถตรวจสอบรายชื่อ Virus ที่โปรแกรม สามารถ Clean ได้ ใน VirusList.txt
-------------------------------------------------------------------------------------
ท่านใดที่ Download PeeTechFix tool ไปใช้แล้วมีปัญหาหรือลบไม่ออก โปรดแจ้งปัญหา ที่ email : MalwareHunter.info@gmail.com ด้วยครับ หรือส่งไฟล์ virus ให้ด้วย จะขอบพระคุณอย่างยิ่ง
-------------------------------------------------------------------------------------
Safemode Recovery (.reg) แก้ปัญหา Virus ลบ Key Safeboot แล้วเข้า safemode ไม่ได้
------------------------------------------------------------------------------------
วิธีแก้ Error message (แก้อาการเปิดไฟล์ .exe ใน USB Drive ไม่ได้)
"Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator"
วิธีแก้ ดูที่ link นี้ครับ
-------------------------------------------------------------------------------------
วิธีแก้ MSN /Windows Live Messenger Disconnect (จาก virus OnlineGames)
-------------------------------------------------------------------------------------
How to start Windows in Safe Mode


Wednesday

How to remove wbj.exe

wbj.exe
CRC32: 4331589F
MD5: DCFEA8DB35C0F234F5A07A3669988629
SHA-1: E7E122E51E97E337B4EC5A5325F18493F2F28BAD
===================================================
วิธีกำจัด Virus : wbj.exe
Download Fix Tool : PeeTechFix-Win32/PSW.OnlineGames 2.0.3
ท่านสามารถตรวจสอบรายชื่อ Virus ที่โปรแกรม สามารถ Clean ได้ ใน VirusList.txt
หมายเหตุ : ถ้าโปรแกรม Clean ไม่หมด ลอง Run ซ้ำอีกรอบ

How to remove w9hw8.exe

w9hw8.exe , olhrwef.exe
CRC32: 17D06B52
MD5: 825E36FBF9E45F7D69E33A9A72CCCAD3
SHA-1: 755416712D20CDF03D852C09A89D5D6DFA699E8A
==================================================
Files Created
%Temp%\olhrwef.exe
%Temp%\nmdfgds0.dll (0-9)
c:\w9hw8.exe
c:\autorun.inf

File deleted
%System%\drivers\cdaudio.sys

%Temp% = C:\Documents and Settings\[UserName]\Local Settings\Temp\
%System% = C:\Winnt\System32\

Registry Modifications
Keys Added
HKLM\SYSTEM\ControlSet001\Services\AVPsys
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Security
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Enum
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Security
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum

Values Added
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Enum\
Count = 0x00000000
NextInstance = 0x00000000
INITSTARTFAILED = 0x00000001

HKLM\SYSTEM\ControlSet001\Services\AVPsys\Security\
Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0

HKLM\SYSTEM\ControlSet001\Services\AVPsys\
Type = 0x00000001
Start = 0x00000003
ErrorControl = 0x00000001
ImagePath = "%System%\drivers\cdaudio.sys"
DisplayName = "AVPsys"

HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum\
Count = 0x00000000
NextInstance = 0x00000000
INITSTARTFAILED = 0x00000001

HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Security\
Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0

HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\
Type = 0x00000001
Start = 0x00000003
ErrorControl = 0x00000001
ImagePath = "%System%\drivers\cdaudio.sys"
DisplayName = "AVPsys"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
cdoosoft = "%Temp%\olhrwef.exe"

Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ Folder\Hidden\SHOWALL\CheckedValue = 0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Hidden = 0x00000002

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ShowSuperHidden = 0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDriveTypeAutoRun = 0x00000091

URL to be download/data identified
http://456229.net/1mg/am1.rar > %Temp%\am1.rar > am1.exe

===================================================
วิธีกำจัด/แก้ virus : w9hw8.exe , olhrwef.exe
===================================================



How to remove uo10sn.cmd

uo10sn.cmd
CRC32: 8DA19388
MD5: C9376E9221878492154F397BEEB5517D
SHA-1: 8D8222AB93C4568D58A73B4879A2EBA69339F6C0
===================================================
วิธีกำจัด Virus : uo10sn.cmd

Download Fix Tool : PeeTechFix-Win32/PSW.OnlineGames 2.0.3
ท่านสามารถตรวจสอบรายชื่อ Virus ที่โปรแกรม สามารถ Clean ได้ ใน VirusList.txt
หมายเหตุ : ถ้าโปรแกรม Clean ไม่หมด ลอง Run ซ้ำอีกรอบ

How to remove s.exe

s.exe , olhrwef.exe
Files size 107,097 bytes
MD5: B8AE98059DEC296134165750303B8B72
SHA-1: 28FB0A1C99CB34E16DC70FFDA3BA1695B6082E68
=================================================
Files Created
%System%\olhrwef.exe
%System%\nmdfgds0.dll (0-9)
X:\s.exe
X:\autorun.inf

File deleted
%System%\drivers\cdaudio.sys

%System% = C:\Windows\System32\
X:\ = C:\-Z:\

Registry Modifications
Keys Added
HKLM\SYSTEM\ControlSet001\Services\AVPsys
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Security
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Enum
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Security
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum

Values Added
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Enum\
Count = 0x00000000
NextInstance = 0x00000000
INITSTARTFAILED = 0x00000001

HKLM\SYSTEM\ControlSet001\Services\AVPsys\Security\
Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0

HKLM\SYSTEM\ControlSet001\Services\AVPsys\
Type = 0x00000001
Start = 0x00000003
ErrorControl = 0x00000001
ImagePath = "%System%\drivers\cdaudio.sys"
DisplayName = "AVPsys"

HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum\
Count = 0x00000000
NextInstance = 0x00000000
INITSTARTFAILED = 0x00000001

HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Security\
Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0

HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\
Type = 0x00000001
Start = 0x00000003
ErrorControl = 0x00000001
ImagePath = "%System%\drivers\cdaudio.sys"
DisplayName = "AVPsys"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
cdoosoft = "%System%\olhrwef.exe"

Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ Folder\Hidden\SHOWALL\CheckedValue = 0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Hidden = 0x00000002

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ShowSuperHidden = 0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDriveTypeAutoRun = 0x00000091

URL to be download/data identified
http://456229.net/1mg/am1.rar %Temp%\am1.rar

==================================================
วิธีกำจัด/แก้ virus : s.exe , olhrwef.exe
==================================================


How to remove rx.exe

rx.exe
CRC32: 92CACC2D
MD5: CE1781764927D640244135E24DFA5F7D
SHA-1: 9A29687D462F97B2B797E0BD6BDF9CB587DF0FF5
===================================================
วิธีกำจัด Virus : rx.exe
Download Fix Tool : PeeTechFix-Win32/PSW.OnlineGames 2.0.3
ท่านสามารถตรวจสอบรายชื่อ Virus ที่โปรแกรม สามารถ Clean ได้ ใน VirusList.txt
หมายเหตุ : ถ้าโปรแกรม Clean ไม่หมด ลอง Run ซ้ำอีกรอบ
*รายละเอียดต่าง จะ update ให้วันหลังนะครับ

How to remove qcod.exe

qcod.exe
CRC32: 2DA8B8B4
MD5: 0BA66F257D3C52D17B62FA7BD546A0EC
SHA-1: 2B5F34A40ABBD8245C1310F59A7C3D445ED87CB8
==================================================
วิธีกำจัด Virus : qcod.exe
Download Fix Tool : PeeTechFix-Win32/PSW.OnlineGames
ท่านสามารถตรวจสอบรายชื่อ Virus ที่โปรแกรม สามารถ Clean ได้ ใน VirusList.txt
หมายเหตุ : ถ้าโปรแกรม Clean ไม่หมด ลอง Run ซ้ำอีกรอบ
*รายละเอียดต่าง จะ update ให้วันหลังนะครับ

How to remove q1alx.exe

q1alx.exe
CRC32: AB30A181
MD5: 2181A1F991DD8DFC468B79292A43E14E
SHA-1: E5FE728591CBF45CE70C3E16C5D49199DC9CD82C
===================================================
วิธีกำจัด q1alx.exe
Download Fix Tool : PeeTechFix-Win32/PSW.OnlineGames 2.0.3
ท่านสามารถตรวจสอบรายชื่อ Virus ที่โปรแกรม สามารถ Clean ได้ ใน VirusList.txt
หมายเหตุ : ถ้าโปรแกรม Clean ไม่หมด ลอง Run ซ้ำอีกรอบ
*รายละเอียดต่าง จะ update ให้วันหลังนะครับ

How to remove pkkwng.exe

pkkwng.exe
CRC32: 5A5368C5
MD5: C0F6EDD8F2C9E4E64A9743E0A1D1EF00
SHA-1: 74BE53755188FEEC50C1041046D2D2D9722AF891

===================================================
วิธีกำจัด virus : pkkwng.exe

Download Fix Tool : PeeTechFix-Win32/PSW.OnlineGames 2.0.3
ท่านสามารถตรวจสอบรายชื่อ Virus ที่โปรแกรม สามารถ Clean ได้ ใน VirusList.txt
หมายเหตุ : ถ้าโปรแกรม Clean ไม่หมด ลอง Run ซ้ำอีกรอบ
*รายละเอียดต่าง จะ update ให้วันหลังนะครับ

How to remove ph.exe

ph.exe
CRC32: F19784D8
MD5: 82078EEF0FD658BDF296D1D644EFEF71
SHA-1: 5A35FD3FFFC0FA3EE3873E46A30A3F6ED289C81E
===================================================
วิธีกำจัด virus : ph.exe
Download Fix Tool : PeeTechFix-Win32/PSW.OnlineGames 2.0.3

How to remove p.exe

p.exe
File size 105,986 bytes

MD5: EF3DB34A02CA6DB8B6C96997BAE22390
SHA-1: F5D928CC33CAD8A5643C817E5DCF06644F26A1DE

MD5: 40BC0E491860AB8D5F70921537B63989
SHA-1: 83562906F38449B2DE213C4F6C6C774C735A585C
=================================================
Files Created
%Temp%\olhrwef.exe
%Temp%\nmdfgds0.dll (0-9)
X:\p.exe
X:\autorun.inf

File deleted
%System%\drivers\cdaudio.sys

%Temp% = C:\Documents and Settings\[UserName]\Local Settings\Temp\
%System% = C:\Windows\System32\
X:\ = C:\- Z:\

Registry Modifications
Keys Added
HKLM\SYSTEM\ControlSet001\Services\AVPsys
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Security
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Enum
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Security
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum

Values Added
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Enum\
Count = 0x00000000
NextInstance = 0x00000000
INITSTARTFAILED = 0x00000001

HKLM\SYSTEM\ControlSet001\Services\AVPsys\Security\
Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0

HKLM\SYSTEM\ControlSet001\Services\AVPsys\
Type = 0x00000001
Start = 0x00000003
ErrorControl = 0x00000001
ImagePath = "%System%\drivers\cdaudio.sys"
DisplayName = "AVPsys"

HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum\
Count = 0x00000000
NextInstance = 0x00000000
INITSTARTFAILED = 0x00000001

HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Security\
Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0

HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\
Type = 0x00000001
Start = 0x00000003
ErrorControl = 0x00000001
ImagePath = "%System%\drivers\cdaudio.sys"
DisplayName = "AVPsys"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
cdoosoft = "%Temp%\olhrwef.exe"

Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ Folder\Hidden\SHOWALL\CheckedValue = 0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Hidden = 0x00000002

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ShowSuperHidden = 0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDriveTypeAutoRun = 0x00000091

URL to be download/data identified
http://456229.net/1mg/am1.rar %Temp%\am1.rar

==================================================
วิธีกำจัด/แก้ virus : p.exe
==================================================


How to remove mjafm.exe

mjafm.exe
CRC32: FF1CB86C
MD5: 2C2BCC51124669D6BF4AF62DC4138716
SHA-1: B5E082AA0052844E1FB7B3C2FA63D94B12EB8308
===================================================
Download Fix Tool : PeeTechFix-Win32/PSW.OnlineGames 2.0.3
ท่านสามารถตรวจสอบรายชื่อ Virus ที่โปรแกรม สามารถ Clean ได้ ใน VirusList.txt
หมายเหตุ : ถ้าโปรแกรม Clean ไม่หมด ลอง Run ซ้ำอีกรอบ
*รายละเอียดต่าง จะ update ให้วันหลังนะครับ

How to remove metdgv.bat

metdgv.bat , olhrwef.exe
Files Size 108,007 bytes
MD5: FA14DD71C565E1BBE537A5570EBC8C18
SHA-1: 59EFAE58C42083CAD76FACA52DE93911DA5451A1

MD5: 92A2A88154AAF2298A6B814287294C08
SHA-1: F0DE11AD545451DB263F798E3FEB402160F96326
===================================================
Files Created
%System%\olhrwef.exe
%System%\nmdfgds0.dll (0-9)
X:\metdgv.bat
X:\autorun.inf

File deleted
%System%\drivers\cdaudio.sys

%System% = C:\Winnt\System32\
X:\ = C:\ - Z:\

Registry Modifications
Keys Added
HKLM\SYSTEM\ControlSet001\Services\AVPsys
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Security
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Enum
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Security
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum

Values Added
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Enum\
Count = 0x00000000
NextInstance = 0x00000000
INITSTARTFAILED = 0x00000001

HKLM\SYSTEM\ControlSet001\Services\AVPsys\Security\
Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0

HKLM\SYSTEM\ControlSet001\Services\AVPsys\
Type = 0x00000001
Start = 0x00000003
ErrorControl = 0x00000001
ImagePath = "%System%\drivers\cdaudio.sys"
DisplayName = "AVPsys"

HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum\
Count = 0x00000000
NextInstance = 0x00000000
INITSTARTFAILED = 0x00000001

HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Security\
Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0

HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\
Type = 0x00000001
Start = 0x00000003
ErrorControl = 0x00000001
ImagePath = "%System%\drivers\cdaudio.sys"
DisplayName = "AVPsys"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
cdoosoft = "%System%\olhrwef.exe"

Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ Folder\Hidden\SHOWALL\CheckedValue = 0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Hidden = 0x00000002

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ShowSuperHidden = 0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDriveTypeAutoRun = 0x00000091

URL to be download/data identified
http://sder44.net/mg/am1.rar %Temp%\am1.rar

=======================================================
วิธีกำจัด/แก้ virus : metdgv.bat , olhrwef.exe
=======================================================


How to remove mb9x.exe

mb9x.exe
CRC32: 6D4BB304
MD5: 5AA3833703DAEE1E14BFFF0307EA2B97
SHA-1: 0CC44E2116863EC0C82878C807770D43F4080099
===================================================

Download Fix Tool : PeeTechFix-Win32/PSW.OnlineGames 2.0.3
ท่านสามารถตรวจสอบรายชื่อ Virus ที่โปรแกรม สามารถ Clean ได้ ใน VirusList.txt
หมายเหตุ : ถ้าโปรแกรม Clean ไม่หมด ลอง Run ซ้ำอีกรอบ
*รายละเอียดต่าง จะ update ให้วันหลังนะครับ

How to remove m.com

m.com
CRC32: 519CA5C7
MD5: E429D7B1E43860A5D311E9141F37AD2D
SHA-1: 2FD71465964DE6066871A45B9E90A7569C3F7747
===================================================

Download Fix Tool : PeeTechFix-Win32/PSW.OnlineGames 2.0.3
ท่านสามารถตรวจสอบรายชื่อ Virus ที่โปรแกรม สามารถ Clean ได้ ใน VirusList.txt
หมายเหตุ : ถ้าโปรแกรม Clean ไม่หมด ลอง Run ซ้ำอีกรอบ

*รายละเอียดต่าง จะ update ให้วันหลังนะครับ

How to remove lcw.exe

lcw.exe
CRC32: 2DE6D56B
MD5: 4C25AF364307D0EC71B407F39CAEC148
SHA-1: 4DB457C6F98411388F5AED04ACF4B47BDAE5B450
===================================================

Download Fix Tool: PeeTechFix-Win32/PSW.OnlineGames 2.0.3

ท่านสามารถตรวจสอบรายชื่อ Virus ที่โปรแกรม สามารถ Clean ได้ ใน VirusList.txt
หมายเหตุ : ถ้าโปรแกรม Clean ไม่หมด ลอง Run ซ้ำอีกรอบ

*รายละเอียดต่างๆขอยกยอดไว้วันหลังนะครับ จะ update ให้

How to remove ix8bmwx.bat

ix8bmwx.bat
CRC32: 622CE154
MD5: 7D1C0B37ED51E7AB7BBEF5C68EBD7568
SHA-1: E1950E3696071191D95F3295767990FA581E0886
===================================================

Download Fix Tool : PeeTechFix-Win32/PSW.OnlineGames

How to remove i0yva6.exe

i0yva6.exe
CRC32: 5E0D26A8
MD5: 52315F3FCA82F32053DCDC64538ECD03
SHA-1: E7B96207C9644DDBCDD3B24B5FB5B89775E093D8

==================================================
Download Fix Tool : PeeTechFix_Win32/PSW.OnlineGame 2.0.3

ท่านสามารถตรวจสอบรายชื่อ Virus ที่โปรแกรม สามารถ Clean ได้ ใน VirusList.txt
หมายเหตุ : ถ้าโปรแกรม Clean ไม่หมด ลอง Run ซ้ำอีกรอบ

How to remove hx.exe

hx.exe
CRC32: A74590B6
MD5: 7B91FD90DCB4C42639AF579B24527F24
SHA-1: E08E332BA86E3EB598988D6BAADFA00E77E21C79
===================================================

Download Fix Tool : PeeTechFix_Win32/PSW.OnlineGame 2.0.3

How to remove hm1bfpuj.exe

hm1bfpuj.exe
CRC32: 5B0537B5
MD5: 0A210F9CFF84C8D597656C8C6DDF32DF
SHA-1: 20590CB817C2EE34CE803A203913BB185928FBB4
===================================================

----------------------------------------------------------------
วิธีกำจัด Virus : hm1bfpuj.exe
----------------------------------------------------------------
Download Tool : PeeTechFix_Win32/PSW.OnlineGame 2.0.3

ท่านสามารถตรวจสอบรายชื่อ Virus ที่โปรแกรม สามารถ Clean ได้ ใน VirusList.txt

How to remove gpcdt.cmd

gpcdt.cmd
CRC32: C6E9F7BA
MD5: 6F948634AB0CBDE9ECF77871A3930660
SHA-1: 193C179F8911BE656DEC05755A46D07FE7525F8A
===================================================

-------------------------------------------------------------------------
วิธีกำจัด Virus : gpcdt.cmd
-------------------------------------------------------------------------
Download Tool : PeeTechFix_Win32/PSW.OnlineGame 2.0.3

ท่านสามารถตรวจสอบรายชื่อ Virus ที่โปรแกรม สามารถ Clean ได้ ใน VirusList.txt

How to remove gbm6n.exe

gbm6n.exe
CRC32: B15670F6
MD5: 1F093A31615901C14916605CD08CDC55
SHA-1: 13A7F7AD52BD982D732A19C27081890BDF5D9350
===================================================
----------------------------------------------------------------
วิธีกำจัด Virus : gbm6n.exe
----------------------------------------------------------------
Download Tool : PeeTechFix_Win32/PSW.OnlineGame 2.0.3

ท่านสามารถตรวจสอบรายชื่อ Virus ที่โปรแกรม สามารถ Clean ได้ ใน VirusList.txt

How to remove g8k.exe

g8k.exe
CRC32: 20F82508
MD5: 84236D9CEE0B23A063CFD7D37F2025A9
SHA-1: 7DC00A8B4A9433D745AE9E73CCC126FB07B20877

==============================================
------------------------------------------------------------------------
วิธีกำจัด virus : g8k.exe
------------------------------------------------------------------------
Download Tool : PeeTechFix_Win32/PSW.OnlineGame 2.0.3

ท่านสามารถตรวจสอบรายชื่อ Virus ที่โปรแกรม สามารถ Clean ได้ ใน VirusList.txt

Tuesday

How to remove fsaht.cmd

fsaht.cmd
File size: 104476 bytes
CRC32: 097C9C97
MD5: 6F7D0987DF91CCD605DD2A5DDD8E2987
SHA-1: C4C3EE8E00568C011A22FE969643DE16A488B994

===================================================
Aliases:
a-squared 4.5.0.24 2009.09.19 Worm.Win32.AutoRun!IK
AhnLab-V3 5.0.0.2 2009.09.19 -
AntiVir 7.9.1.19 2009.09.18 TR/PSW.Magania.bgme
Antiy-AVL 2.0.3.7 2009.09.18 -
Authentium 5.1.2.4 2009.09.19 W32/Onlinegames.BYF
Avast 4.8.1351.0 2009.09.18 Win32:Kavos
AVG 8.5.0.412 2009.09.19 Worm/AutoRun.GL
BitDefender 7.2 2009.09.19 Trojan.PWS.OnLineGames.KCMZ
CAT-QuickHeal 10.00 2009.09.19 Worm.AutoRun.gbp
ClamAV 0.94.1 2009.09.19 Worm.Autorun-1938
Comodo 2368 2009.09.19 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.0.12182 2009.09.19 Trojan.MulDrop.31605
eSafe 7.0.17.0 2009.09.17 Win32.GenericPWS.Ak
eTrust-Vet 31.6.6746 2009.09.18 Win32/Taterf.AE
F-Prot 4.5.1.85 2009.09.19 W32/Onlinegames.BYF
F-Secure 8.0.14470.0 2009.09.18 Worm.Win32.AutoRun.gbp
Fortinet 3.120.0.0 2009.09.19 W32/Pws.AK!tr
GData 19 2009.09.19 Trojan.PWS.OnLineGames.KCMZ
Ikarus T3.1.1.72.0 2009.09.19 Worm.Win32.AutoRun
Jiangmin 11.0.800 2009.09.19 Worm/AutoRun.jvk
K7AntiVirus 7.10.849 2009.09.19 Worm.Win32.AutoRun.gbp
Kaspersky 7.0.0.125 2009.09.19 Worm.Win32.AutoRun.gbp
McAfee 5745 2009.09.18 Generic PWS.ak
McAfee+Artemis 5745 2009.09.18 Generic PWS.ak
McAfee-GW-Edition 6.8.5 2009.09.18 Heuristic.LooksLike.Trojan.Dropper.Zlob.B
Microsoft 1.5005 2009.09.19 Worm:Win32/Taterf.B
NOD32 4440 2009.09.19 Win32/PSW.OnLineGames.NNU
Norman 6.01.09 2009.09.18 OnlineGames.dam
nProtect 2009.1.8.0 2009.09.19 -
Panda 10.0.2.2 2009.09.19 W32/Autorun.JCH
PCTools 4.4.2.0 2009.09.19 Worm.AutoRun.gbp
Prevx 3.0 2009.09.19 High Risk Cloaked Malware
Rising 21.47.52.00 2009.09.19 Trojan.PSW.Win32.GameOnline.eri
Sophos 4.45.0 2009.09.19 Mal/EncPk-JS
Sunbelt 3.2.1858.2 2009.09.19 Worm.Win32.AutoRun
Symantec 1.4.4.12 2009.09.19 W32.Gammima.AG
TheHacker 6.5.0.2.012 2009.09.18 W32/AutoRun.gbp
TrendMicro 8.950.0.1094 2009.09.18 WORM_AUTORUN.DUY
VBA32 3.12.10.10 2009.09.18 Worm.Win32.AutoRun.gbp
ViRobot 2009.9.18.1943 2009.09.18 Worm.Win32.Autorun.104476
VirusBuster 4.6.5.0 2009.09.18 Worm.Taterf.ACC
-------------------------------------------------------------------------
Create files
C:\WINDOWS\system32\olhrwef.exe
C:\WINDOWS\system32\nmdfgds0.dll
X:\fsaht.cmd
X:\autorun.inf

Registry Modified
Keys added
HKLM\SYSTEM\ControlSet001\Services\AVPsys
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Security
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Enum
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Security
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum

Values deleted
HKLM\SYSTEM\ControlSet001\Services\kmixer\
Enum\0: "SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\
{9B365890-165F-11D0-A195-0020AFD156E4}"
HKLM\SYSTEM\CurrentControlSet\Services\kmixer\
Enum\0: "SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\
{9B365890-165F-11D0-A195-0020AFD156E4}"

Values added
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Type: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Start: 0x00000003
HKLM\SYSTEM\ControlSet001\Services\AVPsys\ErrorControl: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\AVPsys\ImagePath: "\??\C:\WINDOWS\system32\drivers\cdaudio.sys"
HKLM\SYSTEM\ControlSet001\Services\AVPsys\DisplayName: "AVPsys"
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Type: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Start: 0x00000003
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\ErrorControl: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\ImagePath: "\??\C:\WINDOWS\system32\drivers\cdaudio.sys"
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\DisplayName: "AVPsys"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
cdoosoft: "C:\WINDOWS\system32\olhrwef.exe"

Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Folder\Hidden\SHOWALL\CheckedValue: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\
Count: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\
NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\
Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\
NextInstance: 0x00000000
HKCU\ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden: 0x00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDriveTypeAutoRun: 0x00000091
----------------------------------------------------------------
วิธีกำจัด Virus : fsaht.cmd
----------------------------------------------------------------
Download Tool : PeeTechFix_Win32/PSW.OnlineGame 2.0.3

ท่านสามารถตรวจสอบรายชื่อ Virus ที่โปรแกรม สามารถ Clean ได้ ใน VirusList.txt

Monday

How to remove mranjm.exe

mranjm-exe
File size: 116397 bytes
CRC32: F9646208
MD5: F7DFAC2FE1DC7EEF101094C8C0818DE7
SHA-1: 64AC139344A2594F8AFA55C05AAF86F053060CA5

===================================================
a-squared 4.5.0.24 2009.09.26 Trojan.Win32.Inhoo!IK
AhnLab-V3 5.0.0.2 2009.09.26 -
AntiVir 7.9.1.25 2009.09.25 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.7 2009.09.27 -
Authentium 5.1.2.4 2009.09.26 -
Avast 4.8.1351.0 2009.09.26 -
AVG 8.5.0.412 2009.09.26 PSW.Generic7.ABSZ
BitDefender 7.2 2009.09.27 -
CAT-QuickHeal 10.00 2009.09.26 -
ClamAV 0.94.1 2009.09.27 -
Comodo 2450 2009.09.27 -
DrWeb 5.0.0.12182 2009.09.27 -
eSafe 7.0.17.0 2009.09.24 Suspicious File
eTrust-Vet 31.6.6761 2009.09.25 -
F-Prot 4.5.1.85 2009.09.26 -
F-Secure 8.0.14470.0 2009.09.26 -
Fortinet 3.120.0.0 2009.09.27 -
GData 19 2009.09.27 -
Ikarus T3.1.1.72.0 2009.09.27 Trojan.Win32.Inhoo
Jiangmin 11.0.800 2009.09.26 -
K7AntiVirus 7.10.855 2009.09.26 -
Kaspersky 7.0.0.125 2009.09.27 Trojan-GameThief.Win32.Magania.cdwc
McAfee 5753 2009.09.26 Generic PWS.ak
McAfee+Artemis 5753 2009.09.26 Generic PWS.ak
McAfee-GW-Edition 6.8.5 2009.09.27 Heuristic.LooksLike.Win32.SuspiciousPE.B
Microsoft 1.5005 2009.09.23 Worm:Win32/Taterf.B
NOD32 4460 2009.09.26 -
Norman 6.01.09 2009.09.26 OnLineGames.KGCC
nProtect 2009.1.8.0 2009.09.27 -
Panda 10.0.2.2 2009.09.26 Suspicious file
PCTools 4.4.2.0 2009.09.25 -
Prevx 3.0 2009.09.27 High Risk Worm
Rising 21.48.60.00 2009.09.27 -
Sophos 4.45.0 2009.09.27 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.09.26 Worm.Win32.AutoRun
Symantec 1.4.4.12 2009.09.27 -
TheHacker 6.5.0.2.019 2009.09.26 -
TrendMicro 8.950.0.1094 2009.09.25 -
VBA32 3.12.10.11 2009.09.25 -
ViRobot 2009.9.26.1958 2009.09.26 -
VirusBuster 4.6.5.0 2009.09.26 -
----------------------------------------------------------
ผมได้ไฟล์นี้มาจากการทดสอบ run ไฟล์ ewqij.bat ได้ประมาณ 20 นาที

Create files
C:\Documents and Settings\[User]\Local Settings\temp\herss.exe
C:\Documents and Settings\[User]\\Local Settings\temp\cvasds0.dll (0 – 9)
C:\Documents and Settings\[User]\\Local Settings\temp\am1.rar > am1.exe
X: mranjm-exe
X:\autorun.inf

URL to be download
http://aas52.com/1mg/am1.rar
http://www.googlecai.com/1mg/am.rar

Keys added
HKLM\SOFTWARE\Classes\CLSID\MADOWN

Values added
HKLM\SOFTWARE\Classes\CLSID\MADOWN\urlinfo: "dsa2der.i"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
cdoosoft = "%Temp%\herss.exe"

Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\
Hidden\SHOWALL\CheckedValue: 0x00000000
HKCU\ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden: 0x00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0x00000000
----------------------------------------------------------------
วิธีกำจัด Virus : mranjm.exe
----------------------------------------------------------------
Download Fix Tool : PeeTechFix-Win32/PSW.OnlineGame Version 2.0.4

Sunday

How to remove ewqij.bat

ewqij.bat
File size: 112747 bytes
CRC32: 6BE451EC
MD5: 815584B8AF6854D3A48D76118092BC91
SHA-1: 8A77D50AD305489CE502A4819C2946711FA9EB1B

===================================================
Aliases:
a-squared 4.5.0.24 2009.09.18 Trojan.Win32.Inhoo!IK
AhnLab-V3 5.0.0.2 2009.09.17 Win-Trojan/OnlineGameHack.112747
AntiVir 7.9.1.19 2009.09.17 Worm/Taterf.B.52
Antiy-AVL 2.0.3.7 2009.09.17 Trojan/Win32.Magania.gen
Authentium 5.1.2.4 2009.09.18 W32/Trojan3.BEJ
Avast 4.8.1351.0 2009.09.17 Win32:Kamso
AVG 8.5.0.412 2009.09.17 PSW.Generic7.XPN
BitDefender 7.2 2009.09.18 Trojan.PWS.OnlineGames.KCUM
CAT-QuickHeal 10.00 2009.09.17 TrojanGameThief.Magania.bzxr
ClamAV 0.94.1 2009.09.17 -
Comodo 2353 2009.09.18 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.0.12182 2009.09.17 Trojan.PWS.Wsgame.12661
eSafe 7.0.17.0 2009.09.17 Win32.Gammima.Ag
eTrust-Vet 31.6.6744 2009.09.17 Win32/Frethog.FFR
F-Prot 4.5.1.85 2009.09.18 W32/Trojan3.BEJ
F-Secure 8.0.14470.0 2009.09.18 Trojan-GameThief.Win32.Magania.bzxr
Fortinet 3.120.0.0 2009.09.17 SPY/Magania
GData 19 2009.09.18 Trojan.PWS.OnlineGames.KCUM
Ikarus T3.1.1.72.0 2009.09.18 Trojan.Win32.Inhoo
Jiangmin 11.0.800 2009.09.17 Trojan/PSW.Magania.xya
K7AntiVirus 7.10.847 2009.09.17 Trojan-PSW.Win32.Magania.bzxr
Kaspersky 7.0.0.125 2009.09.18 Trojan-GameThief.Win32.Magania.bzxr
McAfee 5744 2009.09.17 Generic PWS.ak
McAfee+Artemis 5744 2009.09.17 Generic PWS.ak
McAfee-GW-Edition 6.8.5 2009.09.17 Heuristic.LooksLike.Win32.SuspiciousPE.B
Microsoft 1.5005 2009.09.17 Worm:Win32/Taterf.B
NOD32 4435 2009.09.17 Win32/AutoRun.PSW.OnlineGames.AK
Norman 6.01.09 2009.09.17 OnLineGames.KGCC
nProtect 2009.1.8.0 2009.09.17 Trojan/W32.Agent.112747
Panda 10.0.2.2 2009.09.17 Generic Worm
PCTools 4.4.2.0 2009.09.17 -
Prevx 3.0 2009.09.18 High Risk Cloaked Malware
Rising 21.47.34.00 2009.09.17 Packer.Win32.Nodef.c
Sophos 4.45.0 2009.09.18 Mal/EncPk-JS
Sunbelt 3.2.1858.2 2009.09.17 BehavesLike.Win32.Malware (v)
Symantec 1.4.4.12 2009.09.18 W32.Gammima.AG
TheHacker 6.3.4.4.404 2009.09.15 Trojan/Magania.bzxr
TrendMicro 8.950.0.1094 2009.09.17 WORM_TATERF.FA
VBA32 3.12.10.10 2009.09.17 Win32.AutoRun.PSW.OnlineGames.AK
ViRobot 2009.9.17.1941 2009.09.17 Trojan.Win32.PSWMagania.112747
VirusBuster 4.6.5.0 2009.09.17 –
------------------------------------------------------------------------
Create file
C:\Documents and Settings\[User]\Local Settings\temp\herss.exe
C:\Documents and Settings\[User]\\Local Settings\temp\cvasds0.dll (0 – 9)
C:\Documents and Settings\[User]\\Local Settings\temp\am1.rar > am1.exe
X:\ ewqij.bat
X:\autorun.inf
X: mranjm-exe
X: mranjm-exe

Registry modifieds

Keys added
HKLM\SOFTWARE\Classes\CLSID\MADOWN

Values added
HKLM\SOFTWARE\Classes\CLSID\MADOWN\urlinfo: "dsa2der.i"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
cdoosoft = "%Temp%\herss.exe"

Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Folder\Hidden\SHOWALL\ CheckedValue: 0x00000000
HKCU\ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden: 0x00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0x00000000
HKCU\\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDriveTypeAutoRun: 0x00000091

Dolwnload file from URL
http://qer67.com/1mg/am1.rar > %Temp%\am1.rar > am1.exe
------------------------------------------------------------------------
วิธีกำจัด virus : ewqij.bat
------------------------------------------------------------------------
Download Fix Tool : PeeTechFix-Win32/PSW.OnlineGame Version 2.0.3

ท่านสามารถตรวจสอบรายชื่อ virus ที่โปรแกรมสามารถ clean ได้ ใน VirusList.txt

Thursday

How to remove w9uxx92.exe

Update 28/09/2009 : แก้ไขค่า CRC32, MD5, SHA1
w9uxx92.exe ผมได้จากการทดสอบ Run ไฟล์ cahpcg.cmd ไปได้สักพักหนึ่ง
CRC32: 594A2ED4
MD5: 620094AF6DC5D97A0E7AC47519914E63
SHA1: FEC46DAAEBDC3EA4B35ACF59F1D60422126EAB25
==============================================
Aliases:
a-squared 4.5.0.24 2009.09.24 Worm.Win32.Taterf!IK
AhnLab-V3 5.0.0.2 2009.09.24 -
AntiVir 7.9.1.25 2009.09.24 TR/Vundo.Gen
Antiy-AVL 2.0.3.7 2009.09.24 -
Authentium 5.1.2.4 2009.09.24 -
Avast 4.8.1351.0 2009.09.23 -
AVG 8.5.0.412 2009.09.24 Win32/Heur
BitDefender 7.2 2009.09.24 -
CAT-QuickHeal 10.00 2009.09.24 -
ClamAV 0.94.1 2009.09.24 -
Comodo 2424 2009.09.24 -
DrWeb 5.0.0.12182 2009.09.24 -
eSafe 7.0.17.0 2009.09.24 Suspicious File
eTrust-Vet 31.6.6758 2009.09.24 -
F-Prot 4.5.1.85 2009.09.23 -
F-Secure 8.0.14470.0 2009.09.24 -
Fortinet 3.120.0.0 2009.09.24 -
GData 19 2009.09.24 -
Ikarus T3.1.1.72.0 2009.09.24 Worm.Win32.Taterf
Jiangmin 11.0.800 2009.09.24 -
K7AntiVirus 7.10.853 2009.09.24 -
Kaspersky 7.0.0.125 2009.09.24 -
McAfee 5750 2009.09.23 -
McAfee+Artemis 5750 2009.09.23 Suspect-29!E74911601ABE
McAfee-GW-Edition 6.8.5 2009.09.24 Heuristic.LooksLike.Win32.Trojan.B
Microsoft 1.5005 2009.09.23 -
NOD32 4454 2009.09.24 -
Norman 6.01.09 2009.09.24 OnLineGames.KGCC
nProtect 2009.1.8.0 2009.09.24 -
Panda 10.0.2.2 2009.09.23 Suspicious file
PCTools 4.4.2.0 2009.09.24 -
Prevx 3.0 2009.09.24 Medium Risk Malware
Rising 21.48.34.00 2009.09.24 Packer.Win32.Agent.GEN
Sophos 4.45.0 2009.09.24 -
Sunbelt 3.2.1858.2 2009.09.24 Worm.Win32.AutoRun
Symantec 1.4.4.12 2009.09.24 -
TheHacker 6.5.0.2.016 2009.09.24 -
TrendMicro 8.950.0.1094 2009.09.24 -
VBA32 3.12.10.11 2009.09.24 Malware-Cryptor.Win32.Emo.2
ViRobot 2009.9.24.1952 2009.09.24 -
VirusBuster 4.6.5.0 2009.09.23 -
---------------------------------------------------------------------------
Create files
C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\herss.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\cvasds0.dll (0-9)
X:\w9uxx92.exe
X:\autorun.inf

URL to be downloaded
http://aas52.com/1mg/am1.rar > %Temp%\am1.rar > am1.exe

Registy Modified
Keys added
HKLM\SOFTWARE\Classes\CLSID\MADOWN

Values added
HKLM\SOFTWARE\Classes\CLSID\MADOWN\urlinfo: "dsa2der.f"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
cdoosoft: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\herss.exe"

Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Folder\Hidden\SHOWALL\CheckedValue: 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden: 0x00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDriveTypeAutoRun: 0x00000091
-------------------------------------------------------------------------
วิธีกำจัด virus : w9uxx92.exe
-------------------------------------------------------------------------
Download Fix Tool : PeeTechFix-Win32/PSW.OnlineGame Version 2.0.4

Wednesday

How to remove cahpcg.cmd

cahpcg.cmd
File size: 105093 bytes
CRC32: 4847E0D5
MD5: 5AF128BD095490F861A257CB0E89947C
SHA-1: 3AD4CA218633DFC0976C4FD3CFE23F300B625337

sfkn.exe
CRC32: 51305A73
MD5: E617225A4909B95BB7F2DC08046A566C
SHA-1: 769B23C654F06D2687BA95C54FD0C01189F6DF5E


w9uxx92.exe
CRC32: 9C5003CB
MD5: E74911601ABE835B45C20373EE671799
SHA-1: 6FFC75E2534B255DE5CA05D1D3DF2C1BC9B30D0F

ดูผลการทดสอบไฟล์ w9uxx92.exe
http://hotzone-it.blogspot.com/2009/09/how-to-remove-w9uxx92exe.html
==============================================
Aliases:
a-squared 4.5.0.24 2009.09.19 Trojan-GameThief.Win32.Magania!IK
AhnLab-V3 5.0.0.2 2009.09.19 Win-Trojan/Magania.105093
AntiVir 7.9.1.19 2009.09.18 TR/Drop.Agent.ahdz
Antiy-AVL 2.0.3.7 2009.09.18 Trojan/Win32.Magania.gen
Authentium 5.1.2.4 2009.09.19 W32/Onlinegames.CBZ
Avast 4.8.1351.0 2009.09.18 Win32:Kamso
AVG 8.5.0.412 2009.09.19 PSW.OnlineGames3.HGL
BitDefender 7.2 2009.09.19 Worm.Generic.71670
CAT-QuickHeal 10.00 2009.09.19 TrojanGameThief.Magania.biaw
ClamAV 0.94.1 2009.09.19 -
Comodo 2368 2009.09.19 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.0.12182 2009.09.19 Trojan.MulDrop.31605
eSafe 7.0.17.0 2009.09.17 Win32.TRDrop.Agent.A
eTrust-Vet 31.6.6746 2009.09.18 Win32/Frethog.EVO
F-Prot 4.5.1.85 2009.09.19 W32/Onlinegames.CBZ
F-Secure 8.0.14470.0 2009.09.18 Trojan-GameThief.Win32.Magania.biaw
Fortinet 3.120.0.0 2009.09.19 W32/NSAtPack.GL!tr
GData 19 2009.09.19 Worm.Generic.71670
Ikarus T3.1.1.72.0 2009.09.19 Trojan-GameThief.Win32.Magania
Jiangmin 11.0.800 2009.09.19 Trojan/PSW.Magania.vqt
K7AntiVirus 7.10.849 2009.09.19 Trojan-PSW.Win32.Magania.biaw
Kaspersky 7.0.0.125 2009.09.19 Trojan-GameThief.Win32.Magania.biaw
McAfee 5745 2009.09.18 Generic PWS.ak
McAfee+Artemis 5745 2009.09.18 Generic PWS.ak
McAfee-GW-Edition 6.8.5 2009.09.18 Heuristic.LooksLike.Trojan.Dropper.Zlob.B
Microsoft 1.5005 2009.09.19 Worm:Win32/Taterf.B
NOD32 4440 2009.09.19 Win32/PSW.OnLineGames.NNU
Norman 6.01.09 2009.09.18 OnLineGames.IAPV
nProtect 2009.1.8.0 2009.09.19 Trojan/W32.Agent.105093
Panda 10.0.2.2 2009.09.19 W32/Lineage.KEE
PCTools 4.4.2.0 2009.09.19 Trojan-GameThief.Magania.bcah
Prevx 3.0 2009.09.19 High Risk Worm
Rising 21.47.52.00 2009.09.19 Trojan.PSW.Win32.GameOnline.dss
Sophos 4.45.0 2009.09.19 Mal/EncPk-JS
Sunbelt 3.2.1858.2 2009.09.19 Worm.Win32.AutoRun
Symantec 1.4.4.12 2009.09.19 W32.Gammima.AG
TheHacker 6.5.0.2.012 2009.09.18 Trojan/Magania.biaw
TrendMicro 8.950.0.1094 2009.09.18 WORM_GAMETHI.DB
VBA32 3.12.10.10 2009.09.18 Trojan-GameThief.Win32.Magania.biaw
ViRobot 2009.9.18.1943 2009.09.18 Trojan.Win32.PSWMagania.105093
VirusBuster 4.6.5.0 2009.09.18 Trojan.Magania.OID

------------------------------------------------------------------------
Create file
C:\WINDOWS\system32\olhrwef.exe
C:\WINDOWS\system32\nmdfgds0.dll
C:\WINDOWS\system32\e8main0.dll
X:\cahpcg.cmd
X:\autorun.inf
X:\sfkn.exe
X:\w9uxx92.exe

Delete file
C:\WINDOWS\system32\drivers\cdaudio.sys

Download file
C:\DOCUME~1\[User]\LOCALS~1\temp\am1.rar > am.exe

Keys added
HKLM\SYSTEM\ControlSet001\Services\AVPsys
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Security
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Enum
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Security
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum

Values added
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Type: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Start: 0x00000003
HKLM\SYSTEM\ControlSet001\Services\AVPsys\ErrorControl: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\AVPsys\

ImagePath: "\??\C:\WINDOWS\system32\drivers\cdaudio.sys"
HKLM\SYSTEM\ControlSet001\Services\AVPsys\DisplayName: "AVPsys"
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Type: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Start: 0x00000003
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\ErrorControl: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\ImagePath: "\??\C:\WINDOWS\system32\drivers\cdaudio.sys"
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\DisplayName: "AVPsys"
HKU\Software\Microsoft\Windows\CurrentVersion\Run\

cdoosoft: "C:\WINDOWS\system32\olhrwef.exe"

Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\

Folder\Hidden\SHOWALL\CheckedValue: 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden: 0x00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden: 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun: 0x00000091

-------------------------------------------------------------------------

วิธีกำจัด virus : cahpcg.cmd

-------------------------------------------------------------------------

Download Fix Tool : PeeTechFix-Win32/PSW.OnlineGames

ท่านสามารถตรวจสอบรายชื่อ virus ที่โปรแกรมสามารถ clean ได้ ใน VirusList.txt

Tuesday

How to remove aphqg.exe

aphqg.exe
CRC32: DDDE5823
MD5: 1D20848028BB13833F3CE669E9E152D9
SHA-1: DC84C6CA9D9F71A9EEE3A78AB0C1E18B0444D2A0

==================================================
Create file
C:\DOCUME~1\[user]\LOCALS~1\temp\olhrwef.exe
C:\DOCUME~1\[user]\LOCALS~1\temp\nmdfgds0.dll (0-9)
X:\aphqg.exe
X:\autorun.inf

Delete file
C:\WINDOWS\system32\drivers\cdaudio.sys

Download file
C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\am1.rar > am1.exe

Keys added
HKLM\SOFTWARE\Classes\CLSID\MADOWN

HKLM\SYSTEM\ControlSet001\Services\AVPsys
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Security
HKLM\SYSTEM\ControlSet001Services\AVPsys\Enum
HKLM\SYSTEM\CurrentControlSet\Services\AVPsysH
KLM\SYSTEM\CurrentControlSet\Services\AVPsys\Security
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\EnumValues addedHKLM\SYSTEM\ControlSet001\Services\AVPsys\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Type: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Start: 0x00000003
HKLM\SYSTEM\ControlSet001\Services\AVPsys\ErrorControl: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\AVPsys\
ImagePath: "\??\C:\WINDOWS\system32\drivers\cdaudio.sys"
HKLM\SYSTEM\ControlSet001\Services\AVPsys\DisplayName: "AVPsys"
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Type: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Start: 0x00000003
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\ErrorControl: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\ImagePath: "\??\C:\WINDOWS\system32\drivers\cdaudio.sys"
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\DisplayName: "AVPsys"
HKCU\ Software\Microsoft\Windows\CurrentVersion\Run\
cdoosoft: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\olhrwef.exe"

Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Folder\Hidden\SHOWALL\CheckedValue: 0x00000000
HKCU\ \Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden: 0x00000002
HKCU\ \Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0x00000000
-------------------------------------------------------------------------
วิธีกำจัด virus : aphqg.exe
-------------------------------------------------------------------------
Download Fix Tool : PeeTechFix-Win32/PSW.OnlineGames

ท่านสามารถตรวจสอบรายชื่อ virus ที่โปรแกรมสามารถ clean ได้ ใน VirusList.txt

How to remove 22yj2fy1.exe

22yj2fy1.exe
CRC32: 132FE982
MD5: 356B48965D1BFF796DAA5CB3A17C338A
SHA-1: 4645E1B11D8F1D94F046AFA20BF61C5F3D5D0CA0 ===================================================
Aliases:
a-squared 4.5.0.24 2009.09.19 Worm.Win32.Taterf!IK
AhnLab-V3 5.0.0.2 2009.09.19 -
AntiVir 7.9.1.19 2009.09.18 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.7 2009.09.18 Trojan/Win32.Inject.gen
Authentium 5.1.2.4 2009.09.19 W32/SuspPack.AG.gen!Eldorado
Avast 4.8.1351.0 2009.09.18 Win32:Kamso
AVG 8.5.0.412 2009.09.19 SHeur2.AUQP
BitDefender 7.2 2009.09.19 Trojan.Generic.2223378
CAT-QuickHeal 10.00 2009.09.19 Trojan.Inject.ahgd
ClamAV 0.94.1 2009.09.19 -
Comodo 2366 2009.09.19 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.0.12182 2009.09.19 Trojan.PWS.Wsgame.12824
eSafe 7.0.17.0 2009.09.17 Win32.TRCrypt.ZPACK
eTrust-Vet 31.6.6746 2009.09.18 Win32/Frethog.EYQ
F-Prot 4.5.1.85 2009.09.18 W32/SuspPack.AG.gen!Eldorado
F-Secure 8.0.14470.0 2009.09.18 Trojan.Win32.Inject.ahgd
Fortinet 3.120.0.0 2009.09.19 W32/Inject.AHGD!tr
GData 19 2009.09.19 Trojan.Generic.2223378
Ikarus T3.1.1.72.0 2009.09.19 Worm.Win32.Taterf
Jiangmin 11.0.800 2009.09.19 Trojan/Inject.hgq
K7AntiVirus 7.10.848 2009.09.18 Trojan.Win32.Inject.ahgd
Kaspersky 7.0.0.125 2009.09.19 Trojan.Win32.Inject.ahgd
McAfee 5745 2009.09.18 Generic PWS.ak
McAfee+Artemis 5745 2009.09.18 Generic PWS.ak
McAfee-GW-Edition 6.8.5 2009.09.18 Heuristic.LooksLike.Trojan.Dropper.Zlob.B
Microsoft 1.5005 2009.09.19 Worm:Win32/Taterf.B
NOD32 4439 2009.09.19 Win32/PSW.OnLineGames.NNU
Norman 6.01.09 2009.09.18 W32/Inject.dam
nProtect 2009.1.8.0 2009.09.19 Trojan/W32.Inject.106110
Panda 10.0.2.2 2009.09.18 W32/Autorun.JFL
PCTools 4.4.2.0 2009.09.18 -
Prevx 3.0 2009.09.19 High Risk Cloaked Malware
Rising 21.47.51.00 2009.09.19 -
Sophos 4.45.0 2009.09.19 Mal/EncPk-JS
Sunbelt 3.2.1858.2 2009.09.19 Worm.Win32.AutoRun
Symantec 1.4.4.12 2009.09.19 Infostealer.Gampass
TheHacker 6.5.0.2.012 2009.09.18 Trojan/Inject.ahgd
TrendMicro 8.950.0.1094 2009.09.18 WORM_TATERF.CZ
VBA32 3.12.10.10 2009.09.18 Trojan.Win32.Inject.ahgd
ViRobot 2009.9.18.1943 2009.09.18 Worm.Win32.Taterf.106110
VirusBuster 4.6.5.0 2009.09.18 Trojan.Inject.NIP
------------------------------------------------------------------------
Create file
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\herss.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ cvasds0 (0-9)
C:\WINDOWS\system32\drivers\cdaudio.sys (new)
X:\ 22yj2fy1.exe
X:\autorun.inf

Delete file
C:\WINDOWS\system32\drivers\cdaudio.sys

Keys added
HKLM\SYSTEM\ControlSet001\Services\AVPsys
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Security
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Enum
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Security
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum

Values added
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Type: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Start: 0x00000003
HKLM\SYSTEM\ControlSet001\Services\AVPsys\ErrorControl: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\AVPsys\
ImagePath: "\??\C:\WINDOWS\system32\drivers\cdaudio.sys"
HKLM\SYSTEM\ControlSet001\Services\AVPsys\DisplayName: "AVPsys"
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Type: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Start: 0x00000003
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\ErrorControl: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\ImagePath: "\??\C:\WINDOWS\system32\drivers\cdaudio.sys"
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\DisplayName: "AVPsys"
HKCU\S\Software\Microsoft\Windows\CurrentVersion\Run\
cdoosoft: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\herss.exe

Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Folder\Hidden\SHOWALL\CheckedValue: 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden: 0x00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0x00000000
HKCU\ Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDriveTypeAutoRun: 0x00000091
------------------------------------------------------------------------
วิธีกำจัด virus : 22yj2fy1.exe
-------------------------------------------------------------------------
Download Fix Tool : PeeTechFix-Win32/PSW.OnlineGame Version 2.0.3

ท่านสามารถตรวจสอบรายชื่อ virus ที่โปรแกรมสามารถ clean ได้ ใน VirusList.txt

how to remove 9u.cmd

9u.cmd
File size: 104662 bytes
CRC32: A45B8AA1
MD5: 1D499A0371F38CC407946794B0C743B6
SHA-1: BBB7014496F82535DF0253E7C692B4D4BC600C44

===================================================
Aliases:
a-squared 4.5.0.24 2009.09.19 Worm.Win32.Taterf!IK
AhnLab-V3 5.0.0.2 2009.09.19 Win-Trojan/Magania.104662
AntiVir 7.9.1.19 2009.09.18 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.7 2009.09.18 Trojan/Win32.Magania.gen
Authentium 5.1.2.4 2009.09.19 W32/Trojan3.BEG
Avast 4.8.1351.0 2009.09.18 Win32:Kamso
AVG 8.5.0.412 2009.09.19 PSW.Generic7.URR
BitDefender 7.2 2009.09.19 Trojan.Generic.2226899
CAT-QuickHeal 10.00 2009.09.19 Worm.AutoRun.gen
ClamAV 0.94.1 2009.09.19 -
Comodo 2368 2009.09.19 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.0.12182 2009.09.19 Trojan.PWS.Wsgame.12824
eSafe 7.0.17.0 2009.09.17 Win32.TRCrypt.ZPACK
eTrust-Vet 31.6.6746 2009.09.18 Win32/Frethog.FEH
F-Prot 4.5.1.85 2009.09.19 W32/Trojan3.BEG
F-Secure 8.0.14470.0 2009.09.18 Trojan-GameThief.Win32.Magania.buqe
Fortinet 3.120.0.0 2009.09.19 PossibleThreat
GData 19 2009.09.19 Trojan.Generic.2226899
Ikarus T3.1.1.72.0 2009.09.19 Worm.Win32.Taterf
Jiangmin 11.0.800 2009.09.19 Trojan/PSW.Magania.wyx
K7AntiVirus 7.10.849 2009.09.19 Trojan-PSW.Win32.Magania.buqe
Kaspersky 7.0.0.125 2009.09.19 Trojan-GameThief.Win32.Magania.buqe
McAfee 5745 2009.09.18 Generic PWS.ak
McAfee+Artemis 5745 2009.09.18 Generic PWS.ak
McAfee-GW-Edition 6.8.5 2009.09.18 Heuristic.LooksLike.Trojan.Dropper.Zlob.B
Microsoft 1.5005 2009.09.19 Worm:Win32/Taterf.B
NOD32 4440 2009.09.19 Win32/PSW.OnLineGames.NNU
Norman 6.01.09 2009.09.18 W32/Agent.dam
nProtect 2009.1.8.0 2009.09.19 Trojan/W32.Agent.104662
Panda 10.0.2.2 2009.09.19 Trj/Lineage.BZE
PCTools 4.4.2.0 2009.09.19 -
Prevx 3.0 2009.09.19 High Risk Cloaked Malware
Rising 21.47.52.00 2009.09.19 Packer.Win32.Nodef.c
Sophos 4.45.0 2009.09.19 Mal/EncPk-JS
Sunbelt 3.2.1858.2 2009.09.19 Worm.Win32.AutoRun
Symantec 1.4.4.12 2009.09.19 W32.Gammima.AG
TheHacker 6.5.0.2.012 2009.09.18 Trojan/Magania.buqe
TrendMicro 8.950.0.1094 2009.09.18 TSPY_LINEAGE.ECZ
VBA32 3.12.10.10 2009.09.18 Trojan-GameThief.Win32.Magania.buqe
ViRobot 2009.9.18.1943 2009.09.18 Trojan.Win32.PSWMagania.104662
VirusBuster 4.6.5.0 2009.09.18 Trojan.PWS.Magania.RUO
-------------------------------------------------------------------------
Create file
C:\Documents and Settings\[User]\Local Settings\Temp\herss.exe
C:\Documents and Settings\[User]\Local Settings\Temp\ cvasds0 (0-9)
X:\9u.cmd
X:\autorun.inf

Download file
http://gir88e.net/1mg/am1.rar
C:\Documents and Settings\[User]\Local Settings\Temp\am1.rar >am1.exe

Keys added
HKLM\SOFTWARE\Classes\CLSID\MADOWN

Values added
HKLM\SOFTWARE\Classes\CLSID\MADOWN\urlinfo
HKCU\ Software\Microsoft\Windows\CurrentVersion\Run\
cdoosoft: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\herss.exe"

Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Folder\Hidden\SHOWALL\CheckedValue: 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden: 0x00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0x00000000
HKCU\software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDriveTypeAutoRun: 0x00000091
------------------------------------------------------------------------
วิธีกำจัด virus : 9u.cmd
-------------------------------------------------------------------------
Download Fix Tool : PeeTechFix-Win32/PSW.OnlineGame Version 2.0.3

ท่านสามารถตรวจสอบรายชื่อ virus ที่โปรแกรมสามารถ clean ได้ ใน VirusList.txt

How to remove 2nuk.com

2nuk.com
CRC32: 4F24DA1D
MD5: 864D52CB2BEC69289C0462B9EC31CA4D
SHA-1: 27F4A4C75BD8621F1E4E62BC2C2C7EE1BDD4E433

------------------------------------------------------------------------
Aliases:
a-squared 4.5.0.24 2009.09.19 Trojan-Downloader.Win32.Frethog!IK
AhnLab-V3 5.0.0.2 2009.09.19 Win-Trojan/Magania.108386
AntiVir 7.9.1.19 2009.09.18 TR/Drop.Agent.ahdz
Antiy-AVL 2.0.3.7 2009.09.18 Trojan/Win32.Magania.gen
Authentium 5.1.2.4 2009.09.19 W32/Magania.SF
Avast 4.8.1351.0 2009.09.18 Win32:Kamso
AVG 8.5.0.412 2009.09.19 PSW.OnlineGames3.IBS
BitDefender 7.2 2009.09.19 Application.Generic.184966
CAT-QuickHeal 10.00 2009.09.19 TrojanGameThief.Magania.bjij
ClamAV 0.94.1 2009.09.19 Trojan.Magania-10931
Comodo 2368 2009.09.19 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.0.12182 2009.09.19 Trojan.MulDrop.31605
eSafe 7.0.17.0 2009.09.17 Win32.TRDrop.Agent.A
eTrust-Vet 31.6.6746 2009.09.18 Win32/Frethog.EWZ
F-Prot 4.5.1.85 2009.09.19 W32/Magania.SF
F-Secure 8.0.14470.0 2009.09.18 Trojan-GameThief.Win32.Magania.bjij
Fortinet 3.120.0.0 2009.09.19 SPY/Magania
GData 19 2009.09.19 Application.Generic.184966
Ikarus T3.1.1.72.0 2009.09.19 Trojan-Downloader.Win32.Frethog
Jiangmin 11.0.800 2009.09.19 Trojan/PSW.Magania.vfz
K7AntiVirus 7.10.849 2009.09.19 Trojan-PSW.Win32.Magania.bjij
Kaspersky 7.0.0.125 2009.09.19 Trojan-GameThief.Win32.Magania.bjij
McAfee 5745 2009.09.18 Generic PWS.ak
McAfee+Artemis 5745 2009.09.18 Generic PWS.ak
McAfee-GW-Edition 6.8.5 2009.09.18 Heuristic.LooksLike.Trojan.Dropper.Zlob.B
Microsoft 1.5005 2009.09.19 Worm:Win32/Taterf.B
NOD32 4440 2009.09.19 Win32/PSW.OnLineGames.NNU
Norman 6.01.09 2009.09.18 OnLineGames.IAPV
nProtect 2009.1.8.0 2009.09.19 Trojan/W32.Agent.108386
Panda 10.0.2.2 2009.09.19 W32/Lineage.KZQ
PCTools 4.4.2.0 2009.09.19 -
Prevx 3.0 2009.09.19 -
Rising 21.47.52.00 2009.09.19 Trojan.PSW.Win32.GameOnline.eee
Sophos 4.45.0 2009.09.19 Mal/EncPk-JS
Sunbelt 3.2.1858.2 2009.09.19 BehavesLike.Win32.Malware (v)
Symantec 1.4.4.12 2009.09.19 Infostealer.Gampass
TheHacker 6.5.0.2.012 2009.09.18 Trojan/Magania.bjij
TrendMicro 8.950.0.1094 2009.09.18 WORM_ONLINEG.MXZ
VBA32 3.12.10.10 2009.09.18 Trojan-GameThief.Win32.Magania.bjij
ViRobot 2009.9.18.1943 2009.09.18 Trojan.Win32.PSWMagania.108386
VirusBuster 4.6.5.0 2009.09.18 Trojan.Magania.PHP
------------------------------------------------------------------------
Create file
C:\WINDOWS\system32\olhrwef.exe
C:\WINDOWS\system32\nmdfgds0.dll
C:\WINDOWS\system32\drivers\cdaudio.sys (new)
X:\2nuk.com
X:\autorun.inf

Delete file
C:\WINDOWS\system32\drivers\cdaudio.sys (delete)

Keys added
HKLM\SYSTEM\ControlSet001\Services\AVPsys
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Security
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Enum
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Security
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum

Values added
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Type: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Start: 0x00000003
HKLM\SYSTEM\ControlSet001\Services\AVPsys\ErrorControl: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\AVPsys\ImagePath:
"\??\C:\WINDOWS\system32\drivers\cdaudio.sys"
HKLM\SYSTEM\ControlSet001\Services\AVPsys\DisplayName: "AVPsys"
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Type: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Start: 0x00000003
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\ErrorControl: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\ImagePath: "\??\C:\WINDOWS\system32\drivers\cdaudio.sys"
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\DisplayName: "AVPsys"

Values Modifiles
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Folder\Hidden\SHOWALL\CheckedValue: 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden: 0x00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDriveTypeAutoRun: 0x00000091
------------------------------------------------------------------------
วิธีกำจัด virus : 2nuk.com
-------------------------------------------------------------------------
Download Fix Tool : PeeTechFix-Win32/PSW.OnlineGame Version 2.0.3

ท่านสามารถตรวจสอบรายชื่อ virus ที่โปรแกรมสามารถ clean ได้ ใน VirusList.txt

Thursday

How to remove 10nb.exe

Update 21/09/2009
How to remove 10nb.exe (Win32/AutoRun.PSW.OnlineGames.AJ)
Detect by NOD32

10nb.exe
File size: 116142 bytes
CRC32: F65E7109
MD5: 5E1AE637F21056C6385D84468E31588E
SHA-1: 2C7B4A6FB1499906457B0C32A896F192679010EE
===================================================
Aliases:
a-squared 4.5.0.24 2009.09.14 Worm.Win32.Taterf!IK
AhnLab-V3 5.0.0.2 2009.09.14 Win-Trojan/Magania.116142
AntiVir 7.9.1.14 2009.09.14 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.7 2009.09.14 -
Authentium 5.1.2.4 2009.09.14 W32/Trojan3.BEV
Avast 4.8.1351.0 2009.09.14 Win32:Kamso
AVG 8.5.0.412 2009.09.14 SHeur2.BCBB
BitDefender 7.2 2009.09.14 Trojan.PWS.Onlinegames.KCUS
CAT-QuickHeal 10.00 2009.09.14 Worm.Taterf.b
ClamAV 0.94.1 2009.09.14 -
Comodo 2319 2009.09.14 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.0.12182 2009.09.14 Trojan.PWS.Wsgame.12661
eSafe 7.0.17.0 2009.09.14 Suspicious File
eTrust-Vet 31.6.6737 2009.09.14 Win32/Frethog.FGX
F-Prot 4.5.1.85 2009.09.14 W32/Trojan3.BEV
F-Secure 8.0.14470.0 2009.09.13 Trojan-GameThief.Win32.Magania.calm
Fortinet 3.120.0.0 2009.09.14 SPY/Magania
GData 19 2009.09.14 Trojan.PWS.Onlinegames.KCUS
Ikarus T3.1.1.72.0 2009.09.14 Worm.Win32.Taterf
Jiangmin 11.0.800 2009.09.14 Trojan/PSW.Magania.yii
K7AntiVirus 7.10.844 2009.09.14 -
Kaspersky 7.0.0.125 2009.09.14 Trojan-GameThief.Win32.Magania.calm
McAfee 5741 2009.09.14 Generic PWS.ak
McAfee+Artemis 5741 2009.09.14 Generic PWS.ak
McAfee-GW-Edition 6.8.5 2009.09.14 Heuristic.LooksLike.Win32.SuspiciousPE.B
Microsoft 1.5005 2009.09.14 Worm:Win32/Taterf.B
NOD32 4425 2009.09.14 Win32/AutoRun.PSW.OnlineGames.AJ
Norman 6.01.09 2009.09.14 OnLineGames.KGCC
nProtect 2009.1.8.0 2009.09.14 -
Panda 10.0.2.2 2009.09.14 Generic Worm
PCTools 4.4.2.0 2009.09.14 -
Prevx 3.0 2009.09.14 High Risk Cloaked Malware
Rising 21.47.04.00 2009.09.14 Packer.Win32.Nodef.c
Sophos 4.45.0 2009.09.14 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.09.14 BehavesLike.Win32.Malware (v)
Symantec 1.4.4.12 2009.09.14 W32.Gammima.AG
TheHacker 6.3.4.4.403 2009.09.14 Trojan/Magania.calm
TrendMicro 8.950.0.1094 2009.09.14 -
VBA32 3.12.10.10 2009.09.14 Trojan-GameThief.Win32.Magania.calm
ViRobot 2009.9.14.1934 2009.09.14 Worm.Win32.Taterf.116142
VirusBuster 4.6.5.0 2009.09.14 -
------------------------------------------------------------------------
Create file
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\herss.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ cvasds0 (0-9)
X:\ 10nb.exe
X:\2o1ajagt
X:\autorun.inf
Download file
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\am1.rar
Extract file
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\am1.exe

Keys added
HKLM\SOFTWARE\Classes\CLSID\MADOWN

Values added
HKLM\SOFTWARE\Classes\CLSID\MADOWN\urlinfo: "dsa21ss.x"
HKCU\ Software\Microsoft\Windows\CurrentVersion\Run\
cdoosoft: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\herss.exe"

Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Folder\Hidden\SHOWALL\CheckedValue: 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden: 0x00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0x00000000
HKCU\ Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDriveTypeAutoRun: 0x00000091

------------------------------------------------------------------------
วิธีกำจัด virus : 10nb.exe (Win32/PSW.OnlineGames.NNU)
-------------------------------------------------------------------------
Download Fix Tool : PeeTechFix-Win32/PSW.OnlineGame Version 2.0.3
สามารถตรวจสอบรายชื่อ virus ที่โปรแกรมสามารถ clean ได้ ใน VirusList.txt

How to remove 9vlgaqms.cmd

How to remove 9vlgaqms.cmd (Win32/PSW.OnlineGame.NNU)
Detect by NOD32


9vlgaqms.cmd

CRC32: 9015B476
MD5: 0692B8168FC76CF9A8B26CBE1467338F
SHA-1: B149B7A22D4E39882B3E2818209D92BABACDDFBC
===================================================
Create file
C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\olhrwef.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\nmdfgds0.dll (0-9)
X:\9vlgaqms.cmd
X:\autorun.inf

Delete file
C:\WINDOWS\system32\drivers\cdaudio.sys

Download file
C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\am1.rar
Extract file
C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\am1.exe

Keys added
HKLM\SOFTWARE\Classes\CLSID\MADOWN
HKLM\SYSTEM\ControlSet001\Services\AVPsys
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Security
HKLM\SYSTEM\ControlSet001Services\AVPsys\Enum
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Security
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum

Values added
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Type: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\AVPsys\Start: 0x00000003
HKLM\SYSTEM\ControlSet001\Services\AVPsys\ErrorControl: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\AVPsys\ImagePath: "\??\C:\WINDOWS\system32\drivers\cdaudio.sys"
HKLM\SYSTEM\ControlSet001\Services\AVPsys\DisplayName: "AVPsys"
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Type: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\Start: 0x00000003
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\ErrorControl: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\ImagePath: "\??\C:\WINDOWS\system32\drivers\cdaudio.sys"
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys\DisplayName: "AVPsys"
HKCU\ Software\Microsoft\Windows\CurrentVersion\Run\cdoosoft: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\olhrwef.exe"
Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Folder\Hidden\SHOWALL\CheckedValue: 0x00000000
HKCU\ \Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden: 0x00000002HKCU\ \Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0x00000000
------------------------------------------------------------------------
วิธีกำจัด virus : 9vlgaqms.cmd
------------------------------------------------------------------------
Download Fix Tool : PeeTechFix-Win32/PSW.OnlineGame Version 2.0.3
สามารถตรวจสอบรายชื่อ virus ที่โปรแกรมสามารถ clean ได้ ใน VirusList.txt

How to Remove 8rcahp.exe

Update 21/09/2009
How to Remove 8rcahp.exe (Win32/PSW.OnlineGame.NNU)
Detect by NOD32

8rcahp.exe
File size: 108006 bytes
CRC32: 28996E5E
MD5: 899C79C241BF406B89670AB0939B38B8
SHA-1: EC4E0042795DCCB9AA4B619F05FEAB807B6703DC
===================================================
Aliases:
a-squared 4.5.0.24 2009.09.05 Trojan-GameThief.Win32.Magania!IK
AhnLab-V3 5.0.0.2 2009.09.04 Win-Trojan/NsAnti.108006
AntiVir 7.9.1.8 2009.09.04 TR/PSW.Magania.bgyc
Antiy-AVL 2.0.3.7 2009.09.04 Trojan/Win32.Magania.gen
Authentium 5.1.2.4 2009.09.05 W32/Onlinegames.BYE
Avast 4.8.1351.0 2009.09.04 Win32:Kavos
AVG 8.5.0.409 2009.09.04 Worm/AutoRun.GL
BitDefender 7.2 2009.09.05 Trojan.PWS.OnlineGames.KCNS
CAT-QuickHeal 10.00 2009.09.04 TrojanGameThief.Magania.bgyc
ClamAV 0.94.1 2009.09.05 -
Comodo 2204 2009.09.05 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.0.12182 2009.09.05 Trojan.MulDrop.31605
eSafe 7.0.17.0 2009.09.03 Win32.GenericPWS.Ak
eTrust-Vet 31.6.6721 2009.09.04 Win32/Frethog.EVQ
F-Prot 4.5.1.85 2009.09.04 W32/Onlinegames.BYE
F-Secure 8.0.14470.0 2009.09.04 Trojan-GameThief.Win32.Magania.bgyc
Fortinet 3.120.0.0 2009.09.05 W32/Pws.AK!tr
GData 19 2009.09.05 Trojan.PWS.OnlineGames.KCNS
Ikarus T3.1.1.72.0 2009.09.04 Trojan-GameThief.Win32.Magania
Jiangmin 11.0.800 2009.09.04 Trojan/PSW.Magania.uxj
K7AntiVirus 7.10.836 2009.09.04 Trojan-PSW.Win32.Magania.bgyc
Kaspersky 7.0.0.125 2009.09.05 Trojan-GameThief.Win32.Magania.bgyc
McAfee 5731 2009.09.04 Generic PWS.ak
McAfee+Artemis 5731 2009.09.04 Generic PWS.ak
McAfee-GW-Edition 6.8.5 2009.09.05 Heuristic.LooksLike.Trojan.Dropper.Zlob.B
Microsoft 1.5005 2009.09.04 Worm:Win32/Taterf.B
NOD32 4397 2009.09.05 Win32/PSW.OnLineGames.NNU
Norman 6.01.09 2009.09.04 W32/OnLineGames.dam
nProtect 2009.1.8.0 2009.09.05 Trojan-PWS/W32.WebGame_Packed.108006
Panda 10.0.2.2 2009.09.04 W32/Lineage.KWX
PCTools 4.4.2.0 2009.09.04 Trojan-GameThief.Magania.bgyc
Prevx 3.0 2009.09.05 High Risk Cloaked Malware
Rising 21.45.14.00 2009.09.01 Trojan.PSW.Win32.GameOLx.dn
Sophos 4.45.0 2009.09.05 Mal/EncPk-JS
Sunbelt 3.2.1858.2 2009.09.05 Worm.Win32.AutoRun
Symantec 1.4.4.12 2009.09.05 W32.Gammima.AG
TheHacker 6.3.4.3.396 2009.09.04 Trojan/OnLineGame.gen
TrendMicro 8.950.0.1094 2009.09.04 TROJ_GAMETHI.GHN
VBA32 3.12.10.10 2009.09.04 Trojan-GameThief.Win32.Magania.bgyc
ViRobot 2009.9.4.1919 2009.09.04 Spyware.PSW.Magania.108006
VirusBuster 4.6.5.0 2009.09.04 Trojan.PWS.OnLineGames.AJHQ
------------------------------------------------------------------------
Create file
C:\WINDOWS\system32\olhrwef.exe
C:\WINDOWS\system32\nmdfgds0.dll (0-9)
X:\8rcahp.exe
X:\autorun.inf

Registry Added
HKLM\SOFTWARE\Classes\CLSID\MADOWN

Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Folder\Hidden\SHOWALL\CheckedValue: 0x00000000
HKU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden: 0x00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0x00000000
------------------------------------------------------------------------
วิธีกำจัด virus : 8rcahp.exe (Win32/PSW.OnlineGames.NNU)
-------------------------------------------------------------------------
Download Fix Tool : PeeTechFix-Win32/PSW.OnlineGame Version 2.0.3

How to Remove 8dtyjjf.exe

How to Remove 8dtyjjf.exe (Win32/PSW.OnlineGame.NNU)
Detect by NOD32

8dtyjjf.exe
File size: 109631 bytes
CRC32: 5F85935C
MD5: 4EDF0156ECAAAE44830F125DB34045AF
SHA-1: FE8A1E6C906F419FFD5C4A839817FA86C5037143
===================================================
Aliases:
a-squared 4.5.0.24 2009.09.17 Trojan-Downloader.Win32.Frethog!IK
AhnLab-V3 5.0.0.2 2009.09.16 Win-Trojan/Magania.109631
AntiVir 7.9.1.18 2009.09.17 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.7 2009.09.17 Trojan/Win32.Magania.gen
Authentium 5.1.2.4 2009.09.17 W32/SuspPack.AG.gen!Eldorado
Avast 4.8.1351.0 2009.09.16 Win32:Kamso
AVG 8.5.0.412 2009.09.17 Worm/AutoRun.GV
BitDefender 7.2 2009.09.17 Trojan.PWS.Onlinegames.KCOW
CAT-QuickHeal 10.00 2009.09.17 TrojanGameThief.Magania.bpcj
ClamAV 0.94.1 2009.09.17 -
Comodo 2346 2009.09.17 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.0.12182 2009.09.17 Trojan.MulDrop.32563
eSafe 7.0.17.0 2009.09.16 Suspicious File
eTrust-Vet 31.6.6743 2009.09.17 Win32/Frethog.EXG
F-Prot 4.5.1.85 2009.09.16 W32/SuspPack.AG.gen!Eldorado
F-Secure 8.0.14470.0 2009.09.17 Trojan-GameThief.Win32.Magania.bpcj
Fortinet 3.120.0.0 2009.09.17 SPY/Magania
GData 19 2009.09.17 Trojan.PWS.Onlinegames.KCOW
Ikarus T3.1.1.72.0 2009.09.17 Trojan-Downloader.Win32.Frethog
Jiangmin 11.0.800 2009.09.17 Trojan/PSW.Magania.vwm
K7AntiVirus 7.10.846 2009.09.16 Trojan-PSW.Win32.Magania.bpcj
Kaspersky 7.0.0.125 2009.09.17 Trojan-GameThief.Win32.Magania.bpcj
McAfee 5743 2009.09.16 Generic PWS.ak
McAfee+Artemis 5743 2009.09.16 Generic PWS.ak
McAfee-GW-Edition 6.8.5 2009.09.17 Heuristic.LooksLike.Trojan.Dropper.Zlob.B
Microsoft 1.5005 2009.09.17 Worm:Win32/Taterf.B
NOD32 4432 2009.09.17 Win32/PSW.OnLineGames.NNU
Norman 6.01.09 2009.09.16 W32/Smalltroj.dam
nProtect 2009.1.8.0 2009.09.17 Trojan/W32.Agent.109631
Panda 10.0.2.2 2009.09.16 Trj/Lineage.BZE
PCTools 4.4.2.0 2009.09.16 -
Prevx 3.0 2009.09.17 High Risk Worm
Rising 21.47.32.00 2009.09.17 Trojan.PSW.Win32.GameOnline.ega
Sophos 4.45.0 2009.09.17 Mal/EncPk-JS
Sunbelt 3.2.1858.2 2009.09.17 Worm.Win32.AutoRun
Symantec 1.4.4.12 2009.09.17 W32.Gammima.AG
TheHacker 6.3.4.4.404 2009.09.15 Trojan/Magania.bpcj
TrendMicro 8.950.0.1094 2009.09.17 TROJ_GAMETHI.HFO
VBA32 3.12.10.10 2009.09.17 Trojan-GameThief.Win32.Magania.bpcj
ViRobot 2009.9.17.1940 2009.09.17 Trojan.Win32.PSWMagania.109631
VirusBuster 4.6.5.0 2009.09.16 Trojan.PWS.Magania.QRH
------------------------------------------------------------------------
Create file
C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\olhrwef.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\nmdfgds0.dll (0-9)
X:\8dtyjjf.exe
X:\autorun.inf

Download file : am1.rar > am1.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\am1.rar

Keys added

HKLM\SOFTWARE\Classes\CLSID\MADOWN

Values added
HKCU\ \Software\Microsoft\Windows\CurrentVersion\Run\
cdoosoft: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\olhrwef.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden: 0x00000002
------------------------------------------------------------------------
วิธีกำจัด virus : 8dtyjjf.exe (Win32/PSW.OnlineGames.NNU)
-------------------------------------------------------------------------
Download Fix Tool : PeeTechFix-Win32/PSW.OnlineGame Version 2.0.3

How to remove 6rxt26.exe

How to remove 6rxt26.exe (Win32/PSW.OnlineGames.NNU)
Detect by NOD32

6rxt26.exe
File size: 107994 bytes
CRC32: 90B6E631
MD5: 676669456528CA4778B740203C4C8341
SHA-1: D17B9D12D98B13193D50B78AEAA80116DF88EFDE
===================================================
Aliases:
a-squared 4.5.0.24 2009.09.17 Trojan.Win32.Inhoo!IK
AhnLab-V3 5.0.0.2 2009.09.16 Win-Trojan/Magania.107994
AntiVir 7.9.1.18 2009.09.17 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.7 2009.09.17 Trojan/Win32.Magania.gen
Authentium 5.1.2.4 2009.09.17 W32/SuspPack.AG.gen!Eldorado
Avast 4.8.1351.0 2009.09.16 Win32:Kamso
AVG 8.5.0.412 2009.09.16 Generic14.NSU
BitDefender 7.2 2009.09.17 Trojan.Generic.2272530
CAT-QuickHeal 10.00 2009.09.17 TrojanGameThief.Magania.bsib
ClamAV 0.94.1 2009.09.17 -
Comodo 2345 2009.09.17 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.0.12182 2009.09.17 Trojan.PWS.Wsgame.12661
eSafe 7.0.17.0 2009.09.16 Win32.TRCrypt.ZPACK
eTrust-Vet 31.6.6742 2009.09.16 Win32/Frethog.EYZ
F-Prot 4.5.1.85 2009.09.16 W32/SuspPack.AG.gen!Eldorado
Fortinet 3.120.0.0 2009.09.16 SPY/Magania
GData 19 2009.09.17 Trojan.Generic.2272530
Ikarus T3.1.1.72.0 2009.09.17 Trojan.Win32.Inhoo
Jiangmin 11.0.800 2009.09.17 Trojan/PSW.Magania.whn
K7AntiVirus 7.10.846 2009.09.16 Trojan-PSW.Win32.Magania.bsib
Kaspersky 7.0.0.125 2009.09.17 Trojan-GameThief.Win32.Magania.bsib
McAfee 5743 2009.09.16 Generic PWS.ak
McAfee+Artemis 5743 2009.09.16 Generic PWS.ak
McAfee-GW-Edition 6.8.5 2009.09.16 Heuristic.LooksLike.Trojan.Dropper.Zlob.B
Microsoft 1.5005 2009.09.17 Worm:Win32/Taterf.B
NOD32 4432 2009.09.17 Win32/PSW.OnLineGames.NNU
Norman 6.01.09 2009.09.16 W32/Agent.dam
nProtect 2009.1.8.0 2009.09.17 Trojan/W32.Agent.107994
Panda 10.0.2.2 2009.09.16 Trj/Lineage.BZE
PCTools 4.4.2.0 2009.09.16 -
Prevx 3.0 2009.09.17 High Risk Cloaked Malware
Rising 21.47.31.00 2009.09.17 Trojan.PSW.Win32.GameOLx.hy
Sophos 4.45.0 2009.09.17 Mal/EncPk-JS
Sunbelt 3.2.1858.2 2009.09.17 BehavesLike.Win32.Malware (v)
Symantec 1.4.4.12 2009.09.17 Trojan Horse
TheHacker 6.3.4.4.404 2009.09.15 Trojan/Magania.bsib
TrendMicro 8.950.0.1094 2009.09.17 TROJ_GAMETHI.RPF
VBA32 3.12.10.10 2009.09.17 Trojan-GameThief.Win32.Magania.bsib
ViRobot 2009.9.17.1940 2009.09.17 Trojan.Win32.PSWMagania.107994
VirusBuster 4.6.5.0 2009.09.16 Trojan.PWS.Magania.QYH
------------------------------------------------------------------------
Create file
C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\herss.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\cvasds0.dll
X:\6rxt26.exe
X:\autorun.inf

Download file
C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\am1.rar > am1.exe

Keys added
HKLM\SOFTWARE\Classes\CLSID\MADOWN
HKLM\SYSTEM\ControlSet001\Services\AVPsys
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys

Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Folder\Hidden\SHOWALL\CheckedValue: 0x00000000
HKCU\ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden: 0x00000002
HKU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0x00000000
HKU\\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDriveTypeAutoRun: 0x00000091
-----------------------------------------------------------------------
วิธีกำจัด virus : 6rxt26.exe (Win32/PSW.OnlineGames.NNU)
-------------------------------------------------------------------------
Download Fix Tool : PeeTechFix-Win32/PSW.OnlineGame Version 2.0.3

How to remove 3c.exe

How to remove 3c.exe (Win32/PSW.OnlineGames.NNU)
Detect by NOD32

3c.exe
File size: 115578 bytes
CRC32: 03C09852
MD5: 0F8F925C89C1A394D173E9D6697F4C9D
SHA-1: 36D39ED34E83E75327726A3ACA35CEB0C9D4E2F7
==================================================
Aliases:
a-squared 4.5.0.24 2009.09.17 Worm.Win32.Taterf!IK
AhnLab-V3 5.0.0.2 2009.09.16 Win-Trojan/Magania.115578
AntiVir 7.9.1.18 2009.09.17 TR/PSW.Magania.caje
Antiy-AVL 2.0.3.7 2009.09.17 Trojan/Win32.Magania.gen
Authentium 5.1.2.4 2009.09.17 W32/Trojan3.BEX
Avast 4.8.1351.0 2009.09.16 Win32:Kamso
AVG 8.5.0.412 2009.09.16 SHeur2.BBTW
BitDefender 7.2 2009.09.17 Trojan.Autorun.ALG
CAT-QuickHeal 10.00 2009.09.16 Worm.Taterf.b
ClamAV 0.94.1 2009.09.17 -
Comodo 2345 2009.09.17 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.0.12182 2009.09.17 Trojan.PWS.Wsgame.12661
eSafe 7.0.17.0 2009.09.16 Suspicious File
eTrust-Vet 31.6.6742 2009.09.16 Win32/Frethog.FGQ
F-Prot 4.5.1.85 2009.09.16 W32/Trojan3.BEX
F-Secure 8.0.14470.0 2009.09.17 Trojan-GameThief.Win32.Magania.caje
Fortinet 3.120.0.0 2009.09.16 SPY/Magania
GData 19 2009.09.17 Trojan.Autorun.ALG
Ikarus T3.1.1.72.0 2009.09.17 Worm.Win32.Taterf
Jiangmin 11.0.800 2009.09.17 Trojan/PSW.Magania.yhn
K7AntiVirus 7.10.846 2009.09.16 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2009.09.17 Trojan-GameThief.Win32.Magania.caje
McAfee 5743 2009.09.16 Generic PWS.ak
McAfee+Artemis 5743 2009.09.16 Generic PWS.ak
McAfee-GW-Edition 6.8.5 2009.09.16 Heuristic.LooksLike.Win32.SuspiciousPE.B
Microsoft 1.5005 2009.09.17 Worm:Win32/Taterf.B
NOD32 4432 2009.09.17 Win32/PSW.OnLineGames.NNU
Norman 6.01.09 2009.09.16 OnLineGames.KGCC
nProtect 2009.1.8.0 2009.09.17 Trojan/W32.Agent.115578
Panda 10.0.2.2 2009.09.16 Generic Worm
PCTools 4.4.2.0 2009.09.16 -
Prevx 3.0 2009.09.17 High Risk Cloaked Malware
Rising 21.47.31.00 2009.09.17 Packer.Win32.Nodef.c
Sophos 4.45.0 2009.09.17 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.09.17 Worm.Win32.AutoRun
Symantec 1.4.4.12 2009.09.17 W32.Gammima.AG
TheHacker 6.3.4.4.404 2009.09.15 Trojan/Magania.caje
TrendMicro 8.950.0.1094 2009.09.17 WORM_GAMETHI.GCR
VBA32 3.12.10.10 2009.09.17 Trojan-GameThief.Win32.Magania.caje
ViRobot 2009.9.17.1940 2009.09.17 Worm.Win32.Autorun.115578
VirusBuster 4.6.5.0 2009.09.16 Trojan.PWS.Magania.SSB
-------------------------------------------------------------------------
วิธีกำจัด 3c.exe (Win32/PSW.OnlineGames.NNU)
-------------------------------------------------------------------------
Download Fix Tool : PeeTechFix-Win32/PSW.OnlineGame Version 2.0.3

สามารถตรวจสอบรายชื่อ virus ที่โปรแกรมสามารถ clean ได้ ใน VirusList.txt

Exploit-DB updates

Exploits Database by Offensive Security

Metasploit

Metasploit Framework: Activity

iDefense Labs Software Releases