Thursday, November 6, 2008

Ambler Trojan

Removing Ambler
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Ambler Also known as:

[Kaspersky]Trojan-Spy.Win32.Banker.cew,Trojan-Spy.Win32.Banker.cji,Trojan-Downloader.Win32.Agent.avk,Trojan-Dropper.Win32.Agent.bxk;
[McAfee]PWS-Banker,PWS-Banker.gen.bs,Downloader.gen.a,Generic Downloader.ab;
[F-Prot]W32/Banker.AGVO,W32/Trojan.CCRC;
[Other]Trojan.Nethell,Troj/Nethell-G,Win32/Ambler.N,Infostealer.Bancos,TSPY_BANKER.HTV,Mal/NetHelDl-A,Win32/Ambler.U,Win32/Ambler.V,Trojan.Dropper,Troj/Dropper-RK

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\helper.xml
[%SYSTEM%]\down.dll
[%SYSTEM%]\nethelper.dll
[%SYSTEM%]\nethelper.xml
[%SYSTEM%]\helper.xml
[%SYSTEM%]\down.dll
[%SYSTEM%]\nethelper.dll
[%SYSTEM%]\nethelper.xml

How to detect Ambler:

Files:
[%SYSTEM%]\helper.xml
[%SYSTEM%]\down.dll
[%SYSTEM%]\nethelper.dll
[%SYSTEM%]\nethelper.xml
[%SYSTEM%]\helper.xml
[%SYSTEM%]\down.dll
[%SYSTEM%]\nethelper.dll
[%SYSTEM%]\nethelper.xml

Registry Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3F6D54BB-34EE-4469-B094-86B09E53BCF8}
HKEY_CLASSES_ROOT\clsid\{2ea061b2-11b5-4c4b-b385-f378b4b48648}
HKEY_CLASSES_ROOT\clsid\{30edd4cb-8bc1-4f9f-99a6-a6938e9aace0}
HKEY_CLASSES_ROOT\clsid\{3f6d54bb-34ee-4469-b094-86b09e53bcf8}
HKEY_CLASSES_ROOT\clsid\{850c7964-9320-4055-be11-7d7b562a6417}
HKEY_CLASSES_ROOT\clsid\{890c7964-9320-4055-be11-7d7b562a6417}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2ea061b2-11b5-4c4b-b385-f378b4b48648}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{30edd4cb-8bc1-4f9f-99a6-a6938e9aace0}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3f6d54bb-34ee-4469-b094-86b09e53bcf8}

Removing Ambler:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

No comments: