How to remove ha.cmd

File Size 114,379 bytes
MD5: 8C5D924E909E85418D002F03E5E12C54
SHA-1: B736B2181E3A445471AFE45F1BDF332677478384
 ============================================================
Files created
C:\Documents and Settings\[UserName]\Local Settings\Temp\xvassdf.exe
C:\Documents and Settings\[UserName]\Local Settings\Temp\4tddfwq0.dll
X:\ha.cmd
X:\autorun.inf

Registry Modifications
Keys AddedHKLM\SOFTWARE\Classes\CLSID\MADOWN

Values Added:
HKLM\SOFTWARE\Classes\CLSID\MADOWN\urlinfo = "qaswee.e"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
54dfsger = "%Temp%\xvassdf.exe"

Remote Host 221.1.204.245 Port 80
http://ngytrd.com/xrbv/uu1.rar
http://sfdght.com/xrbv/uu.rar

Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\Hidden\SHOWALL\CheckedValue: 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Hidden: 0x00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ShowSuperHidden: 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDriveTypeAutoRun: 0x00000091

Related Posts Plugin for WordPress, Blogger...

Labels:

Disclaimer
All the contents posted here are found from various Search Engines blogs and forums. The Webmaster of this blog takes no responsibility what so ever for any of the content (image/audio/video). If you find some content inappropriate or if there is any violation of copyright, kindly contact the host of the content (image/audio/video) to remove it from their server.
 
✖ SedutMediaLink ✖ - Templates Novo Blogger 2008
This template is brought to you by : allblogtools.com Blogger Templates