pbyqfn.exe , herss
File size: 116736 bytes
MD5 : 08ff5909325b4c39b8b57185d0d7fe0e
SHA1 : 274c1abe1463208d73c53c55d759119b5dc61c9a
| Antivirus | Version | Last Update | Result |
|---|---|---|---|
| a-squared | 4.5.0.50 | 2010.04.01 | Worm.Win32.Taterf!IK |
| AhnLab-V3 | 5.0.0.2 | 2010.04.01 | - |
| AntiVir | 7.10.6.16 | 2010.04.01 | TR/Crypt.XPACK.Gen |
| Antiy-AVL | 2.0.3.7 | 2010.04.01 | - |
| Authentium | 5.2.0.5 | 2010.04.01 | W32/Taterf.B!Generic |
| Avast | 4.8.1351.0 | 2010.04.01 | - |
| Avast5 | 5.0.332.0 | 2010.04.01 | - |
| AVG | 9.0.0.787 | 2010.04.01 | Win32/NSAnti.J |
| BitDefender | 7.2 | 2010.04.01 | - |
| CAT-QuickHeal | 10.00 | 2010.04.01 | - |
| ClamAV | 0.96.0.0-git | 2010.04.01 | PUA.Packed.ASPack |
| Comodo | 4462 | 2010.04.01 | - |
| DrWeb | 5.0.2.03300 | 2010.04.01 | Trojan.PWS.Wsgame.12661 |
| eSafe | 7.0.17.0 | 2010.04.01 | - |
| eTrust-Vet | 35.2.7402 | 2010.04.01 | - |
| F-Prot | 4.5.1.85 | 2010.04.01 | W32/Taterf.B!Generic |
| F-Secure | 9.0.15370.0 | 2010.04.01 | - |
| Fortinet | 4.0.14.0 | 2010.04.01 | - |
| GData | 19 | 2010.04.01 | - |
| Ikarus | T3.1.1.80.0 | 2010.04.01 | Worm.Win32.Taterf |
| Jiangmin | 13.0.900 | 2010.04.01 | - |
| K7AntiVirus | 7.10.1004 | 2010.03.22 | - |
| Kaspersky | 7.0.0.125 | 2010.04.01 | - |
| McAfee | 5937 | 2010.03.31 | - |
| McAfee+Artemis | 5937 | 2010.03.31 | - |
| McAfee-GW-Edition | 6.8.5 | 2010.04.01 | Heuristic.LooksLike.Win32.Suspicious.B |
| Microsoft | 1.5605 | 2010.03.31 | PWS:Win32/Frethog.gen!H |
| NOD32 | 4993 | 2010.04.01 | - |
| Norman | 6.04.10 | 2010.04.01 | - |
| nProtect | 2009.1.8.0 | 2010.04.01 | - |
| Panda | 10.0.2.2 | 2010.04.01 | Suspicious file |
| PCTools | 7.0.3.5 | 2010.04.01 | - |
| Prevx | 3.0 | 2010.04.01 | Medium Risk Malware |
| Rising | 22.41.03.04 | 2010.04.01 | - |
| Sophos | 4.52.0 | 2010.04.01 | - |
| Sunbelt | 6125 | 2010.04.01 | BehavesLike.Win32.Malware (v) |
| Symantec | 20091.2.0.41 | 2010.04.01 | Suspicious.Insight |
| TheHacker | 6.5.2.0.249 | 2010.04.01 | - |
| TrendMicro | 9.120.0.1004 | 2010.04.01 | - |
| VBA32 | 3.12.12.4 | 2010.04.01 | MalwareScope.Worm.Viking.2 |
| ViRobot | 2010.4.1.2256 | 2010.04.01 | - |
| VirusBuster | 5.0.27.0 | 2010.04.01 | - |
--------------------------------------------------------------------------------
Files Added
%Temp%\herss.exe
%Temp%\cvasds0.dll (0-9)
X:\pbyqfn.exe
X:\autorun.inf
%Temp% = C:\Documents and Settings\[UserName]\Local Settings\Temp\
X:\ = C:\- Z:\
Registry Modifications
Keys added
HKLM\SOFTWARE\Classes\CLSID\MADOWN
Values added
HKLM\SOFTWARE\Classes\CLSID\MADOWN\urlinfo: "dsdgxaq.c"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
cdoosoft = %Temp%\herss.exe"
Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ Folder\Hidden\SHOWALL\CheckedValue = 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Hidden = 0x00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ShowSuperHidden = 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDriveTypeAutoRun: 0x00000091
Remote host
202.111.175.157 port 80
See all so
http://www.robtex.com/ip/202.111.175.157.html
Data identified/URLs to be download
http://www.yahoozsw.com/1mg/am1.rar
http://www.yahoozsw.com/1mg/am.rar
=======================================================
วิธีกำจัด/แก้ virus : pbyqfn.exe , herss.exe
=======================================================
Download Fix Tool : PeeTechFix-Win32/PSW.OnlineGames
------------------------------------------------------------------------------
หลังจากกำจัด virus ได้แล้ว แนะนำให้ติดตั้งโปรแกรมเพิ่มเติม เพื่อป้องกันการเรียกใช้ autorun
เช่น
Program Advice
NoAutoRun (.REG)
http://www.mediafire.com/?ammmxwhqmnm
or
Panda USB Vaccine
http://www.mediafire.com/download.php?qig0nmnm4ld
or
KB971029, KB967715 (Disable AutoRun)
http://hotzone-it.blogspot.com/2009/08/kb971029-fix-autorun-microsoft.html
or
CPE17 AutoRun Killer
http://www.mediafire.com/download.php?hxoyjj0hyfh
...
I can remove it!
ReplyDeleteI boot with UBUNTU CD-Rom and manualy erase each file listed.
%Temp%\herss.exe
%Temp%\cvasds0.dll (0-9)
X:\pbyqfn.exe (each HDD unit)
X:\autorun.inf (each HDD unit)
...and then, restore my registry with CCleaner.
I try to the files using DOS, but don works.
thank you
ReplyDeleteWith havin so much written content do you ever run into any problems of plagorism or copyright violation? My website has a lot of exclusive
ReplyDeletecontent I've either created myself or outsourced but it appears a lot of it is
popping it up all over the internet without my agreement.
Do you know any methods to help stop content from being ripped off?
I'd definitely appreciate it.
What's up colleagues, how is all, and what you want to say
ReplyDeleteabout this article, in my view its in fact remarkable for me.
I love the efforts you have put in this, thank
ReplyDeleteyou for all the great posts.
Hello There. I found your blog using msn. This is an extremely
ReplyDeletewell written article. I'll make sure to bookmark it and
come back to read more of your useful information. Thanks for the post.
I will definitely comeback.
This comment has been removed by a blog administrator.
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDeleteThis is a topic which is near to my heart... Take care! Exactly where are your contact details though?
ReplyDeleteExcellent web site. A lot of helpful information here. I am sending
ReplyDeleteit to a few buddies ans additionally sharing in delicious.
And of course, thank you for your sweat!