How to remove arking.exe

arking.exe
MD5: 75A6D3A8F00DBC7A9D9939D3BBEC3345
SHA-1: 105CFAC1B1ADE1AC1F4EB2648FF3A92C4FD15B78
...
Antivirus Version Last Update Result
AhnLab-V3 2010.11.28.00 2010.11.27 Trojan/Win32.OnlineGameHack
AntiVir 7.10.14.127 2010.11.28 TR/Crypt.ASPM.Gen
Antiy-AVL 2.0.3.7 2010.11.28 -
Avast 4.8.1351.0 2010.11.28 -
Avast5 5.0.594.0 2010.11.28 -
AVG 9.0.0.851 2010.11.28 -
BitDefender 7.2 2010.11.28 -
CAT-QuickHeal 11.00 2010.11.27 -
ClamAV 0.96.4.0 2010.11.28 PUA.Packed.ASPack
Command 5.2.11.5 2010.11.28 -
Comodo 6881 2010.11.28 -
DrWeb 5.0.2.03300 2010.11.28 -
Emsisoft 5.0.0.50 2010.11.28 Packed.Win32.Klone!IK
eSafe 7.0.17.0 2010.11.28 -
eTrust-Vet 36.1.8003 2010.11.26 -
F-Prot 4.6.2.117 2010.11.28 -
F-Secure 9.0.16160.0 2010.11.28 -
Fortinet 4.2.254.0 2010.11.28 -
GData 21 2010.11.28 -
Ikarus T3.1.1.90.0 2010.11.28 Packed.Win32.Klone
Jiangmin 13.0.900 2010.11.28 -
K7AntiVirus 9.69.3103 2010.11.27 -
Kaspersky 7.0.0.125 2010.11.28 -
McAfee 5.400.0.1158 2010.11.28 -
McAfee-GW-Edition 2010.1C 2010.11.28 -
Microsoft 1.6402 2010.11.28 -
NOD32 5656 2010.11.28 -
Norman 6.06.10 2010.11.28 -
nProtect 2010-11-28.01 2010.11.28 -
Panda 10.0.2.7 2010.11.28 Suspicious file
PeeTechFix 2.0.7.134 2010.11.28 Win32.PSW.OnlineGame.ark
Prevx 3.0 2010.11.28 -
Rising 22.75.05.00 2010.11.28 -
Sophos 4.60.0 2010.11.28 -
SUPERAntiSpyware 4.40.0.1006 2010.11.28 -
Symantec 20101.2.0.161 2010.11.28 -
TheHacker 6.7.0.1.092 2010.11.28 -
TrendMicro 9.120.0.1004 2010.11.28 Cryp_OLGM-41
TrendMicro-HouseCall 9.120.0.1004 2010.11.28 Cryp_OLGM-41
VBA32 3.12.14.2 2010.11.26 -
VIPRE 7437 2010.11.28 BehavesLike.Win32.Malware.bse (vs)
ViRobot 2010.11.19.4158 2010.11.28 -
VirusBuster 13.6.64.0 2010.11.28 -
...
Files Added
%System%\mgking.exe
%System%\arking.exe
%System%\mgking0.dll (0-9)
%System%\arking0.dll (0-9)
X:\cbbw88s.exe
X:\autorun.inf

%System%= C:\Windows\System32 , C:\Winnt\System32\
X:\ = C:\- Z:\

Registry Modifications
Keys added
HKLM\SOFTWARE\Classes\CLSID\MADOWN

Values added
HKLM\SOFTWARE\Classes\CLSID\MADOWN\urlinfo: "dfrswq.j"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
king_mg = "%System%\mgking.exe"
king_ar = "%System%\arking.exe"

Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ Folder\Hidden\SHOWALL\CheckedValue = 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Hidden = 0x00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ShowSuperHidden = 0x00000000

Related Posts Plugin for WordPress, Blogger...

Labels:

Disclaimer
All the contents posted here are found from various Search Engines blogs and forums. The Webmaster of this blog takes no responsibility what so ever for any of the content (image/audio/video). If you find some content inappropriate or if there is any violation of copyright, kindly contact the host of the content (image/audio/video) to remove it from their server.
 
✖ SedutMediaLink ✖ - Templates Novo Blogger 2008
This template is brought to you by : allblogtools.com Blogger Templates