kdxdweli.cmd , amvo.exe
Files size 86,349 bytes
MD5: 5340AEF171D4F363178C277727C81A93
SHA-1: 5E1FCF6B4964706AFE4EF0B691886D38F5C9C678
===============================================
Files Created
%System%\amvo.exe
%Temp%\ker1.tmp
%Temp%\ker2.tmp
%Windir%\mg.exe
%System%\urretnd.exe
%System%\amvo0.dll (0-9)
%System%\optyhww0.dll (0-9)
X:\kdxdweli.cmd
X:\autorun.inf
%Temp% = C:\Documents and Settings\[UserName]\Local Settings\Temp\
%System% = C:\WINDOWS\system32\
%Windir% = C:\Windows , C:\Winnt
X:\ = C:\ - Z:\
Registry Modifications
Key Added
HKLM\SOFTWARE\Classes\CLSID\MADOWN
Values Added
HKLM\SOFTWARE\Classes\CLSID\MADOWN\urlinfo = "afvbgy.m"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
amva = "%System%\amvo.exe"
cbvcs = "%System%\urretnd.exe"
Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ Folder\Hidden\SHOWALL\CheckedValue = "0"
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Hidden = "2"
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ShowSuperHidden = "0"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDriveTypeAutoRun = "91"
Remote Host
221.1.204.243 port 80
221.1.204.245 port 80
URLs to be download/data identified
http://vfgtyp.com/fm4/help.exe
http://www.gdgft76.com/fm4/help.rar
=======================================================
วิธีกำจัด/แก้ virus : kdxdweli.cmd , amvo.exe
=======================================================
Download Fix Tool : PeeTechFix-Win32/PSW.OnlineGame 2.0.5
No comments:
Post a Comment