How to Remove t.exe, ahnsbsb.exe

t.exe , ahnsbsb.exe (ahnsoft)
MD5 : BB288ECFD30503EB627FA8EC570D6FEA
SHA1 : 0AC8358F00F20FB0038258BE7C8A4CBDEB2F1B35
CRC32 : A5D3C150

ahnfgss0.dll
MD5 : CD4481D5037A6F063728DEBECA97C985
SHA1 : 3460D1FC90A190947117D9E21D11EF8BF12D0074
CRC32 : C0CB7BBC
------------------------------------------------------------------------
Aliases:
a-squared 4.5.0.24 2009.09.11 Trojan.Win32.Inhoo!IK
AhnLab-V3 5.0.0.2 2009.09.11 Win-Trojan/Taterf.160567
AntiVir 7.9.1.14 2009.09.10 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.7 2009.09.11 -
Authentium 5.1.2.4 2009.09.11 W32/SuspPack.AG.gen!Eldorado
Avast 4.8.1351.0 2009.09.10 Win32:Kamso
AVG 8.5.0.412 2009.09.10 SHeur2.AUSY
BitDefender 7.2 2009.09.11 Trojan.Generic.2257438
CAT-QuickHeal 10.00 2009.09.11 Worm.AutoRun.gen
ClamAV 0.94.1 2009.09.11 -
Comodo 2279 2009.09.11 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.0.12182 2009.09.10 Trojan.PWS.Wsgame.10150
eSafe 7.0.17.0 2009.09.10 Suspicious File
eTrust-Vet 31.6.6731 2009.09.11 -
F-Prot 4.5.1.85 2009.09.10 W32/SuspPack.AG.gen!Eldorado
F-Secure 8.0.14470.0 2009.09.11 Trojan-Dropper.Win32.Agent.azgp
Fortinet 3.120.0.0 2009.09.11 W32/Generic
GData 19 2009.09.11 Trojan.Generic.2257438
Ikarus T3.1.1.72.0 2009.09.11 Trojan.Win32.Inhoo
Jiangmin 11.0.800 2009.09.10 -
K7AntiVirus 7.10.841 2009.09.10 Trojan-Dropper.Win32.Agent.azgp
Kaspersky 7.0.0.125 2009.09.11 Trojan-Dropper.Win32.Agent.azgp
McAfee 5737 2009.09.10 Generic PWS.ak
McAfee+Artemis 5737 2009.09.10 Generic PWS.ak
McAfee-GW-Edition 6.8.5 2009.09.11 Heuristic.BehavesLike.Win32.Packed.C
Microsoft 1.5005 2009.09.10 Worm:Win32/Taterf.B
NOD32 4415 2009.09.10 a variant of Win32/Pacex.Gen
Norman 6.01.09 2009.09.10 W32/Agent.dam
nProtect 2009.1.8.0 2009.09.10 Trojan/W32.Agent.160567
Panda 10.0.2.2 2009.09.10 Trj/Downloader.MDW
PCTools 4.4.2.0 2009.09.10 -
Prevx 3.0 2009.09.11 High Risk Fraudulent Security Program
Rising 21.46.40.00 2009.09.11 -
Sophos 4.45.0 2009.09.11 Mal/EncPk-JS
Sunbelt 3.2.1858.2 2009.09.10 Worm.Win32.AutoRun
Symantec 1.4.4.12 2009.09.11 W32.Gammima
TheHacker 6.3.4.4.400 2009.09.10 Trojan/Dropper.Agent.azgp
TrendMicro 8.950.0.1094 2009.09.11 WORM_ONLINEG.LLY
VBA32 3.12.10.10 2009.09.11 Trojan-Dropper.Win32.Agent.azgp
ViRobot 2009.9.11.1929 2009.09.11 -
VirusBuster 4.6.5.0 2009.09.10 Trojan.DR.Agent.NTIS
-----------------------------------------------------------------------

C:\WINDOWS\system32\ahnsbsb.exe
C:\WINDOWS\system32\ahnfgss0.dll ( number 0 - 9)
C:\WINDOWS\inf\LAYOUT.PNF
C:\WINDOWS\inf\drvindex.PNF
สร้างไฟล์ Autorun.inf และ t.exe ทุก root drive ( C:\....... Z:\)
x:\autorun.inf
x:\t.exe

Registry
HKLM\SOFTWARE\Classes\CLSID\{AF4DA69B-E1D6-469A-855B-6445294857D4}
HKLM\SOFTWARE\Classes\Interface\{AF4DA69C-E1D6-469A-855B-6445294857D4}
HKLM\SOFTWARE\Classes\TypeLib\{AF4DA692-E1D6-469A-855B-6445294857D4}
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF4DA69B-E1D6-469A-855B-6445294857D4}
HKLM\SYSTEM\ControlSet001\Services\AVPsys
HKLM\SYSTEM\CurrentControlSet\Services\AVPsys
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue: 0x00000000

Related Posts Plugin for WordPress, Blogger...

Labels:

Disclaimer
All the contents posted here are found from various Search Engines blogs and forums. The Webmaster of this blog takes no responsibility what so ever for any of the content (image/audio/video). If you find some content inappropriate or if there is any violation of copyright, kindly contact the host of the content (image/audio/video) to remove it from their server.
 
✖ SedutMediaLink ✖ - Templates Novo Blogger 2008
This template is brought to you by : allblogtools.com Blogger Templates