How to remove w9.exe

w9.exe , mgking.exe
MD5 : c7cf8f299c6a10700eb735a956bc58be
SHA1 : 7023c9ce2bb6fd72ef51c07fd7572a7ab626f9e3
...
Antivirus Version Last Update Result
AhnLab-V3 2010.11.27.00 2010.11.26 Trojan/Win32.OnlineGameHack
AntiVir 7.10.14.125 2010.11.26 -
Antiy-AVL 2.0.3.7 2010.11.27 -
Avast 4.8.1351.0 2010.11.26 -
Avast5 5.0.594.0 2010.11.26 -
AVG 9.0.0.851 2010.11.27 -
BitDefender 7.2 2010.11.27 -
CAT-QuickHeal 11.00 2010.11.26 -
ClamAV 0.96.4.0 2010.11.27 PUA.Packed.ASPack
Command 5.2.11.5 2010.11.27 -
Comodo 6862 2010.11.27 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.2.03300 2010.11.26 -
Emsisoft 5.0.0.50 2010.11.27 Trojan-GameThief.Win32.Magania!IK
eTrust-Vet 36.1.8003 2010.11.26 -
F-Prot 4.6.2.117 2010.11.26 -
F-Secure 9.0.16160.0 2010.11.26 -
Fortinet 4.2.254.0 2010.11.26 -
GData 21 2010.11.27 -
Ikarus T3.1.1.90.0 2010.11.26 Trojan-GameThief.Win32.Magania
Jiangmin 13.0.900 2010.11.27 -
K7AntiVirus 9.69.3095 2010.11.26 -
Kaspersky 7.0.0.125 2010.11.27 Trojan.Win32.Vaklik.iyx
McAfee 5.400.0.1158 2010.11.27 Artemis!C7CF8F299C6A
McAfee-GW-Edition 2010.1C 2010.11.26 Artemis!C7CF8F299C6A
Microsoft 1.6402 2010.11.26 -
NOD32 5652 2010.11.26 a variant of Win32/PSW.OnLineGames.PPT
Norman 6.06.10 2010.11.26 -
nProtect 2010-11-26.01 2010.11.26 -
Panda 10.0.2.7 2010.11.27 Suspicious file
PeeTechFix 2.0.7.134 2010.11.28 Win32.OnlineGames.mgk
Prevx 3.0 2010.11.27 -
Rising 22.75.04.00 2010.11.27 -
Sophos 4.60.0 2010.11.27 -
SUPERAntiSpyware 4.40.0.1006 2010.11.27 -
Symantec 20101.2.0.161 2010.11.27 -
TheHacker 6.7.0.1.091 2010.11.26 -
TrendMicro 9.120.0.1004 2010.11.27 Cryp_OLGM-41
TrendMicro-HouseCall 9.120.0.1004 2010.11.27 Cryp_OLGM-41
VBA32 3.12.14.2 2010.11.26 -
VIPRE 7424 2010.11.27 BehavesLike.Win32.Malware.bse (vs)
ViRobot 2010.11.19.4158 2010.11.27 -
VirusBuster 13.6.62.0 2010.11.26 -
...
Files Added

%System%\mgking0.dll (0-9)
%System%\mgking.exe
X:\cbbw88s.exe
X:\w9.exe
X:\autorun.inf

%System%= C:\Windows\System32 , C:\Winnt\System32\
X:\ = C:\- Z:\

Registry Modifications
Keys added
HKLM\SOFTWARE\Classes\CLSID\MADOWN

Values added
HKLM\SOFTWARE\Classes\CLSID\MADOWN\urlinfo: "dfrswq.n"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
king_mg = "%System%\mgking.exe"

Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ Folder\Hidden\SHOWALL\CheckedValue = 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Hidden = 0x00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ShowSuperHidden = 0x00000000

Related Posts Plugin for WordPress, Blogger...

Labels:

Disclaimer
All the contents posted here are found from various Search Engines blogs and forums. The Webmaster of this blog takes no responsibility what so ever for any of the content (image/audio/video). If you find some content inappropriate or if there is any violation of copyright, kindly contact the host of the content (image/audio/video) to remove it from their server.
 
✖ SedutMediaLink ✖ - Templates Novo Blogger 2008
This template is brought to you by : allblogtools.com Blogger Templates