Tag Archive

Tag Archives for " 01detecttrojan "

Remove Trojan:Win32/Startpage.XI

Other payload of Trojan:Win32/Startpage.XI includes the following:

It will drop the following files onto compromised system:

  • %programfiles%\softair\uninst.exe
  • c:\documents and settings\administrator\local settings\temp\ly1.jpg
  • c:\documents and settings\administrator\local settings\temp\setup_001.exe
  • c:\documents and settings\administrator\local settings\temp\nsif.tmp\base64.dll
  • c:\documents and settings\administrator\local settings\temp\nsif.tmp\inetc.dll
  • c:\documents and settings\administrator\local settings\temp\nsif.tmp\nsprocess.dll
  • c:\documents and settings\administrator\start menu\programs\softair\uninstall.lnk
1

Remove W32/Vulcanbot

What are the Symptoms of W32/Vulcanbot Infection?

It will modify Windows Registry and add the following entries:

  • HKLM\SOFTWARE\Microsoft\Windows NT\Current Version\Winlogon\Userinit: “%SystemDirectory%\userinit.exe,[Path to executable]\[executable name].exe”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\Current Version\Winlogon “Userinit”: “%SysDir%\userinit.exe, %RootDir%\Program Files\Adobe\AdobeUpdateManager.exe”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run “Windows Update “C:\Program Files\Windows NT\Windows Update\wuauclt.exe”

The threat will drop the following malicious files:

  • %UserDir%\Application Data\Java\jre6\bin\jucheck.exe
  • %UserDir%\Application Data\Java\jre6\bin\zf32.dll
  • %UserDir%\Application Data\Microsoft\Internet Explorer\Quick Launch\VPSKEYS 4.3.lnk
  • %RootDir%\Program Files\Adobe\AdobeUpdateManager.exe
  • %RootDir%\Program Files\Java\jre6\bin\jucheck.exe
  • %RootDir%\Program Files\Microsoft Office\Office11\OSA.exe
  • %SysDir%\mscommon.inf
  • %SysDir%\msconfig32.sys
  • %SysDir%\zf32.dll
  • %SysDir%\Setup\AdobeUpdateManager.exe
  • %SysDir%\Setup\jucheck.exe
  • %SysDir%\Setup\MPClient.exe
  • %SysDir%\Setup\MPSvc.exe
  • %SysDir%\Setup\OSA.exe
  • %SysDir%\Setup\wuauclt.exe
  • %SysDir%\Setup\zf32.dll