How to remove zaking.exe

zaking.exe
MD5 : 3ca42dce383f331794569ab634f6ddcb
SHA1 : 700c4bee552b5adb7bc88d34eb0356632ebb7716
...
Antivirus Version Last Update Result
AhnLab-V3 2010.11.28.00 2010.11.27 -
AntiVir 7.10.14.127 2010.11.28 TR/Crypt.ASPM.Gen
Antiy-AVL 2.0.3.7 2010.11.29 -
Avast 4.8.1351.0 2010.11.28 -
Avast5 5.0.594.0 2010.11.28 -
AVG 9.0.0.851 2010.11.28 -
BitDefender 7.2 2010.11.29 -
CAT-QuickHeal 11.00 2010.11.27 -
ClamAV 0.96.4.0 2010.11.28 PUA.Packed.ASPack
Command 5.2.11.5 2010.11.28 -
Comodo 6881 2010.11.28 -
DrWeb 5.0.2.03300 2010.11.29 -
eSafe 7.0.17.0 2010.11.28 -
eTrust-Vet 36.1.8003 2010.11.26 -
F-Prot 4.6.2.117 2010.11.28 -
F-Secure 9.0.16160.0 2010.11.28 -
Fortinet 4.2.254.0 2010.11.28 -
GData 21 2010.11.29 -
Ikarus T3.1.1.90.0 2010.11.28 Trojan-GameThief.Win32.Magania
Jiangmin 13.0.900 2010.11.28 -
K7AntiVirus 9.69.3103 2010.11.27 -
Kaspersky 7.0.0.125 2010.11.29 -
McAfee 5.400.0.1158 2010.11.29 -
McAfee-GW-Edition 2010.1C 2010.11.28 -
Microsoft 1.6402 2010.11.28 -
NOD32 5656 2010.11.28 -
Norman 6.06.10 2010.11.28 -
nProtect 2010-11-28.01 2010.11.28 -
Panda 10.0.2.7 2010.11.28 -
PeeTechFix 2.0.7.135 2010.11.29 Win32.PSW.OnlineGame.zak
Prevx 3.0 2010.11.29 -
Rising 22.75.05.00 2010.11.28 -
Sophos 4.60.0 2010.11.29 -
SUPERAntiSpyware 4.40.0.1006 2010.11.28 -
Symantec 20101.2.0.161 2010.11.29 -
TheHacker 6.7.0.1.092 2010.11.28 -
TrendMicro 9.120.0.1004 2010.11.28 Cryp_OLGM-41
TrendMicro-HouseCall 9.120.0.1004 2010.11.29 Cryp_OLGM-41
VBA32 3.12.14.2 2010.11.26 -
VIPRE 7440 2010.11.29 BehavesLike.Win32.Malware.bse (vs)
ViRobot 2010.11.19.4158 2010.11.29 -
VirusBuster 13.6.64.0 2010.11.28 -
...
%System%\twking.exe
%System%\zaking.exe
%System%\twking0.dll (0-9)
%System%\zaking0.dll (0-9)
X:\wehds63.exe
X:\autorun.inf

%System%= C:\Windows\System32 , C:\Winnt\System32\
X:\ = C:\- Z:\

Registry Modifications
Keys added
HKLM\SOFTWARE\Classes\CLSID\MADOWN

Values added
HKLM\SOFTWARE\Classes\CLSID\MADOWN\urlinfo: "aesqf.t"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
king_tw = "%System%\twking.exe"
king_za = "%System%\zaking.exe"

Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ Folder\Hidden\SHOWALL\CheckedValue = 0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Hidden = 0x00000002

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ShowSuperHidden = 0x00000000

Related Posts Plugin for WordPress, Blogger...

Labels:

Disclaimer
All the contents posted here are found from various Search Engines blogs and forums. The Webmaster of this blog takes no responsibility what so ever for any of the content (image/audio/video). If you find some content inappropriate or if there is any violation of copyright, kindly contact the host of the content (image/audio/video) to remove it from their server.
 
✖ SedutMediaLink ✖ - Templates Novo Blogger 2008
This template is brought to you by : allblogtools.com Blogger Templates