PAGES : 1

ChangeLog FakeAlert (Depuis le 09/11/2008)

NOTE : Ce changelog liste seulement les lignes malwares qui sont détectées par Zeb Help Process lors de l'analyse de rapports de sécurité. Ces informations proviennent en partie des feedbacks de helpers francophones.

SmitfraudFix est un outil développé par S!ri. Il permet de corriger les infections de détournement du bureau. Il permet la détection certains rootkits comme pe386, lzx32 et autres infections chinoises. Il détecte et supprime toute une liste de rogues qui sont de faux programmes anti-malwares.

MalwareByte's AntiMalware est un antivirus qui permet de traquer et de supprimer ce type d'infection.

February,2010

%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.exe
O4 - Startup: system.exe
O4 - HKCU\..\Run: [uishf9wuifwuh387fh3wufinhjfdwefe] %USERPROFILE%\AppData\Local\Temp\ol3zbd.exe

January,2010

O4 - HKCU\..\Run: [B1RQJ7YJ0U] %USERPROFILE%\LOCALS~1\Temp\n.exe
O4 - HKCU\..\Run: [PUT2VIDQLG] %USERPROFILE%\LOCALS~1\Temp\d.exe

December,2009

%PROGRAMFILES%\Registry_Doktor 4.1\definitions\200901.cab
O4 - HKCU\..\Run: [RegDokFRT] E:\RegistryDoktor 4.1\RegistryDoktor.exe

April,2009

%WINDOWS%\pp06.exe
O4 - HKLM\..\Run: [pp] %WINDOWS%\pp06.exe

February,2009

Rogue.MalwareDefender2009
O21 - SSODL: HardwareDrivers - {4B331511-5626-4771-BF3D-06B7D8DAF55A} - %ALLUSERS%\Application Data\Microsoft\Media Index\Drivers\hdddriver.dll
O21 - SSODL: DriversLoad - {D8280C00-F8B2-43DD-8014-3C7BE02C63C1} - %ALLUSERS%\Application Data\Microsoft\Media Index\Drivers\bwblzpofff.dll

FakeAlert.Troj
O2 - BHO: WinSafe Class - {b6b571fb-b71d-449c-ad70-82e966328795} - %WINDOWS%\iehost.dll

Favorit-->"%USERPROFILE%\application data\eeauwie.exe" -uninstall

FakeAlert.Troj
O4 - HKCU\..\Run: [Cognac] %USERPROFILE%\ADMINI~1\LOCALS~1\Temp\perce.jpg.exe

 

January,2009

O20 - AppInit_DLLs: %SYSTEM32%\igldev3232.dll
O20 - Winlogon Notify: 70763b4d517 - %SYSTEM32%\igldev3232.dll (file missing)

Rogue System Guard 2009
C:\Program Files\System Guard 2009\systemguard.exe
O4 - HKLM\..\Run: [systemguard] %PROGRAMFILES%\System Guard 2009\systemguard.exe

Troj/FakeVir-GL
O20 - AppInit_DLLs: karna.dat?,avgrsstx.dll

Trojan FakeAlert
O2 - BHO: C:\WINNT\system32\rwhbfb873unjdfdg.dll - {C5BF49A2-94F3-42BD-F434-3604812C8955} - %SYSTEM32%\rwhbfb873unjdfdg.dll

Trojan FakeAlert
O21 - SSODL: CmdMsg - {2E5A65BB-B055-C0DD-0118-09975F2EE086} - %PROGRAMFILES%\uqbjlwd\CmdMsg.dll

Trojan FakeAlert
%USERPROFILE%\AppData\Local\Temp\~tmpa.exe

Trojan FakeAlert
%PROGRAMFILES%\Fr Codec\FFDShow\svcodecs.exe
O4 - HKCU\..\Run: [codecs] %PROGRAMFILES%\Fr Codec\FFDShow\svcodecs.exe

Rogue Intelinet
%PROGRAMFILES%\Intelinet\intelin2.exe
O23 - Service: IntelinetSecure - Unknown owner - %PROGRAMFILES%\Intelinet\intelin2.exe

Trojan FakeAlert
O21 - SSODL: utilsrvsys - {63397320-E2E5-2180-D571-01E9F87169CF} - C:\Program Files\yjfcjyb\utilsrvsys.dll (file missing)

 

December,2008

Trojan Zlob
O21 - SSODL: dgksvbpn - {22D7D7FE-243F-4177-8BC5-F13AD3D1ACC9} - (no file)
O21 - SSODL: dgksvbpn - {random CLSID} - %WINDOWS%\dgksvbpn.dll

Trojan FakeAlert
%USERPROFILE%\AppData\Local\Temp\~tmpc.exe

Rogue MS AntiSpyware 2009
%PROGRAMFILES%\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe
O4 - HKCU\..\Run: [MS AntiSpyware 2009] "%PROGRAMFILES%\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe" /autorun

O21 - SSODL: InternetConnection - {DEDC76AD-B2C4-4939-821C-764991921B73} - %ALLUSERS%\Application Data\Microsoft\Internet Explorer\DLLs\xdziagemmq.dll

O21 - SSODL: InternetConnection - {16DEAADF-2D65-4FC5-919E-9986B153392E} - %ALLUSERS%\Application Data\Microsoft\Internet Explorer\DLLs\ltomvybwwx.dll

Rogue Antivirus 2008
%SYSTEM32%\winscenter.exe

Trojan FakeAlert
O4 - HKUS\S-1-5-21-1343024091-796845957-1801674531-1003\..\Run: [Cognac] %TEMP%\~tmpb.exe (User '?')
O4 - HKUS\S-1-5-21-1343024091-796845957-1801674531-1003\..\Run: [MSFox] %TEMP%\a.exe (User '?')
O4 - HKUS\S-1-5-21-1343024091-796845957-1801674531-1003\..\Run: [ieupdate] "%SYSTEM32%\explorer32.exe" (User '?')

Trojan.Dropper
O4 - HKLM\..\Run: [NI.GSCNS] "%USERPROFILE%\Temp\winvsnet.exe"

O4 - HKLM\..\Run: [{90BF8224-CD63-4081-A4C7-EF9A2CF6596F}] "%PROGRAMFILES%\D88FC961.exe"

Worm PPCBooster
O4 - Startup: ppcb_32.lnk = %PROGRAMFILES%\ppcbooster\ppcb_32.exe

Rogue Perfect Defender 2009
2008-12-11 11:40:29 ----D---- %PROGRAMFILES%\Perfect Defender 2009

Trojan FakeAlert
%USERPROFILE%\AppData\Local\Temp\~tmpc.exe

Trojan Zlob
O22 - SharedTaskScheduler: Register LogWare - {35a88e51-b53d-43e9-b8a7-75d4c31b4676} - (no file)

Trojan Zlob
O22 - SharedTaskScheduler: achromatic - {61d70260-527c-44e8-bb23-2243e93808d3} - %SYSTEM32%\gtckad.dll (file missing)

Rogue Repair Registry Pro
%PROGRAMFILES%\Repair Registry Pro\RepairRegistryPro.exe
O4 - HKLM\..\Run: [Repair Registry Pro] %PROGRAMFILES%\Repair Registry Pro\RepairRegistryPro.exe -s

O2 - BHO: Almsms - {E9B5BA28-C732-49DC-94CE-9079F7F75F4E} - %SYSTEM32%\{Random}.dll

%PROGRAMFILES%\RealAV\RealAV.exe
O4 - HKCU\..\Run: [RealAV.exe] %PROGRAMFILES%\RealAV\RealAV.exe

%SYSTEM32%\SpywareRemover.exe
O4 - HKLM\..\Run: [SpywareCleaner] %SYSTEM32%\SpywareRemover.exe

 

November,2008

O4 - HKCU\..\Run: [WinSpywareProtect] "%USERPROFILE%\Application Data\ADSL Software Ltd\WinSpywareProtect\winspywareprotect.exe" /autorun

O22 - SharedTaskScheduler: demobilisation - {dfb3c1dc-1212-4235-88fd-98539540f423} - %SYSTEM32%\umhzwl.dll (file missing)
O22 - SharedTaskScheduler: disaffiliation - {854b8525-c907-4258-bc2e-7b118037419c} - %SYSTEM32%\eebpj.dll (file missing)

O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\Michael\LOCALS~1\Temp\~{Random}.exe

%USERPROFILE%\AppData\Local\Temp\a.exe
O4 - HKCU\..\Run: [MSFox] %USERPROFILE%\AppData\Local\Temp\a.exe

%PROGRAMFILES%\AvirTrsoftware\AvirTr.exe
O4 - HKCU\..\Run: [AvirTr] "%PROGRAMFILES%\AvirTrsoftware\AvirTr.exe"

%PROGRAMFILES%\AvirTrsoftware\AvirTrWarning.dll
O2 - BHO: AvirTrWarningBHO Class - {3A267370-076E-4af4-B986-77626B8E89DF} - %PROGRAMFILES%\AvirTrsoftware\AvirTrWarning.dll (file missing)

%WINDOWS%\temp\F97.tmp
O4 - HKLM\..\Run: [F97.tmp] %WINDOWS%\temp\F97.tmp

%SYSTEM32%\sjrggq.dll
O22 - SharedTaskScheduler: babblement - {d3b82107-f8fa-4ef3-8066-136e22872d4e} - %SYSTEM32%\sjrggq.dll

%PROGRAMFILES%\360safe
%ROOT%\360

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com

%PROGRAMFILES%\WebMediaViewer\qttask.exe
O4 - HKLM\..\Policies\Explorer\Run: [QuickTime Task] %USERPROFILE%\WebMediaViewer\qttask.exe
%PROGRAMFILES%\WebMediaViewer\qttaskm.exe

%PROGRAMFILES%\WebMediaViewer\qttasku.exe

%PROGRAMFILES%\WebMediaViewer\hpmom.exe
%PROGRAMFILES%\WebMediaViewer\hpmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [VMware hptray] %USERPROFILE%\WebMediaViewer\hpmon.exe

%PROGRAMFILES%\WebMediaViewer\hpmun.dll
O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - %PROGRAMFILES%\WebMediaViewer\hpmun.dll

%PROGRAMFILES%\WebMediaViewer\browseul.dll
O3 - Toolbar: Browser Toolbar - {2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E} -
%PROGRAMFILES%\WebMediaViewer\browseul.dll

%PROGRAMFILES%\WebMediaViewer\browseu.exe

O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php

%USERPROFILE%\Application Data\Solt Lake Software
%USERPROFILE%\Application Data\Solt Lake Software\Pro Antispyware 2009

%SYSTEM32%\karna.dat
O20 - AppInit_DLLs: karna.dat
O20 - AppInit_DLLs: karna.dat fggopx.dll

O22 - SharedTaskScheduler: cypselomorphae - {6b9a461b-893f-45ee-8c59-06d3a2223b24} - %SYSTEM32%\ebmkdz.dll (file missing)

O4 - HKCU\..\Run: [ViRsLab] "%PROGRAMFILES%\ViRsLab\ViRsLab.exe"
%PROGRAMFILES%\ViRsLab\ViRsLab.exe

%PROGRAMFILES%\MICROS~1\Windows\STARTM~1\Programs\Spyware-Secure

O4 - HKLM\..\Run: [DelayLoad] %TEMP%\atmadm2.exe

 

PAGES : 1

 

  

© Copyright's 2008-2009 Nicolas Coolman e-mail - Tous droits réservés -