Wednesday, November 12, 2008

Spax Trojan

Removing Spax
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Spax Also known as:

[Kaspersky]Trojan.Win32.Dialer.cs,Trojan-Downloader.Win32.Agent.bkd;
[Other]Win32/Spax.AS,Win32/Spax!generic,Win32/Spax.AU,Win32/Spax.AX,Trojan.Secup

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\cthkpcv.dll
[%SYSTEM%]\geplxss.dll
[%SYSTEM%]\pkgvy1g.dll
[%SYSTEM%]\tahxqcj.dll
[%SYSTEM%]\tvomnc.dll
[%SYSTEM%]\xuoce.dll
[%SYSTEM%]\ygjun.dll
[%SYSTEM%]\cthkpcv.dll
[%SYSTEM%]\geplxss.dll
[%SYSTEM%]\pkgvy1g.dll
[%SYSTEM%]\tahxqcj.dll
[%SYSTEM%]\tvomnc.dll
[%SYSTEM%]\xuoce.dll
[%SYSTEM%]\ygjun.dll

How to detect Spax:

Files:
[%SYSTEM%]\cthkpcv.dll
[%SYSTEM%]\geplxss.dll
[%SYSTEM%]\pkgvy1g.dll
[%SYSTEM%]\tahxqcj.dll
[%SYSTEM%]\tvomnc.dll
[%SYSTEM%]\xuoce.dll
[%SYSTEM%]\ygjun.dll
[%SYSTEM%]\cthkpcv.dll
[%SYSTEM%]\geplxss.dll
[%SYSTEM%]\pkgvy1g.dll
[%SYSTEM%]\tahxqcj.dll
[%SYSTEM%]\tvomnc.dll
[%SYSTEM%]\xuoce.dll
[%SYSTEM%]\ygjun.dll

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{634be415-da12-496b-b89e-329b73c4807f}
HKEY_CLASSES_ROOT\CLSID\{da3b49f6-8c54-4429-a275-21a86dcca413}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert
HKEY_CLASSES_ROOT\clsid\{634be415-da12-496b-b89e-329b73c4807f}
HKEY_CLASSES_ROOT\clsid\{da3b49f6-8c54-4429-a275-21a86dcca413}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\system alert popup
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\windows safety alert

Registry Values:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler

Removing Spax:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

No comments: