How to Remove 8rcahp.exe

File size: 108006 bytes
CRC32: 28996E5E
MD5: 899C79C241BF406B89670AB0939B38B8
SHA-1: EC4E0042795DCCB9AA4B619F05FEAB807B6703DC
===================================================
Aliases:

• a-squared 4.5.0.24 2009.09.05 Trojan-GameThief.Win32.Magania!IK
• AhnLab-V3 5.0.0.2 2009.09.04 Win-Trojan/NsAnti.108006
• AntiVir 7.9.1.8 2009.09.04 TR/PSW.Magania.bgyc
• Antiy-AVL 2.0.3.7 2009.09.04 Trojan/Win32.Magania.gen
• Authentium 5.1.2.4 2009.09.05 W32/Onlinegames.BYE
• Avast 4.8.1351.0 2009.09.04 Win32:Kavos
• AVG 8.5.0.409 2009.09.04 Worm/AutoRun.GL
• BitDefender 7.2 2009.09.05 Trojan.PWS.OnlineGames.KCNS
• CAT-QuickHeal 10.00 2009.09.04 TrojanGameThief.Magania.bgyc
• ClamAV 0.94.1 2009.09.05 -
• Comodo 2204 2009.09.05 TrojWare.Win32.Trojan.Agent.Gen
• DrWeb 5.0.0.12182 2009.09.05 Trojan.MulDrop.31605
• eSafe 7.0.17.0 2009.09.03 Win32.GenericPWS.Ak
• eTrust-Vet 31.6.6721 2009.09.04 Win32/Frethog.EVQ
• F-Prot 4.5.1.85 2009.09.04 W32/Onlinegames.BYE
• F-Secure 8.0.14470.0 2009.09.04 Trojan-GameThief.Win32.Magania.bgyc
• Fortinet 3.120.0.0 2009.09.05 W32/Pws.AK!tr
• GData 19 2009.09.05 Trojan.PWS.OnlineGames.KCNS
• Ikarus T3.1.1.72.0 2009.09.04 Trojan-GameThief.Win32.Magania
• Jiangmin 11.0.800 2009.09.04 Trojan/PSW.Magania.uxj
• K7AntiVirus 7.10.836 2009.09.04 Trojan-PSW.Win32.Magania.bgyc
• Kaspersky 7.0.0.125 2009.09.05 Trojan-GameThief.Win32.Magania.bgyc
• McAfee 5731 2009.09.04 Generic PWS.ak
• McAfee+Artemis 5731 2009.09.04 Generic PWS.ak
• McAfee-GW-Edition 6.8.5 2009.09.05 Heuristic.LooksLike.Trojan.Dropper.Zlob.B
• Microsoft 1.5005 2009.09.04 Worm:Win32/Taterf.B
• NOD32 4397 2009.09.05 Win32/PSW.OnLineGames.NNU
• Norman 6.01.09 2009.09.04 W32/OnLineGames.dam
• nProtect 2009.1.8.0 2009.09.05 Trojan-PWS/W32.WebGame_Packed.108006
• Panda 10.0.2.2 2009.09.04 W32/Lineage.KWX
• PCTools 4.4.2.0 2009.09.04 Trojan-GameThief.Magania.bgyc
• Prevx 3.0 2009.09.05 High Risk Cloaked Malware
• Rising 21.45.14.00 2009.09.01 Trojan.PSW.Win32.GameOLx.dn
• Sophos 4.45.0 2009.09.05 Mal/EncPk-JS
• Sunbelt 3.2.1858.2 2009.09.05 Worm.Win32.AutoRun
• Symantec 1.4.4.12 2009.09.05 W32.Gammima.AG
• TheHacker 6.3.4.3.396 2009.09.04 Trojan/OnLineGame.gen
• TrendMicro 8.950.0.1094 2009.09.04 TROJ_GAMETHI.GHN
• VBA32 3.12.10.10 2009.09.04 Trojan-GameThief.Win32.Magania.bgyc
• ViRobot 2009.9.4.1919 2009.09.04 Spyware.PSW.Magania.108006
• VirusBuster 4.6.5.0 2009.09.04 Trojan.PWS.OnLineGames.AJHQ

------------------------------------------------------------------------

Create file
C:\WINDOWS\system32\olhrwef.exe
C:\WINDOWS\system32\nmdfgds0.dll (0-9)
X:\8rcahp.exe
X:\autorun.inf

Registry Added
HKLM\SOFTWARE\Classes\CLSID\MADOWN

Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Folder\Hidden\SHOWALL\CheckedValue: 0x00000000
HKU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden: 0x00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0x00000000