Thursday, November 20, 2008

SpyDldr.J Trojan

Removing SpyDldr.J
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Visible Symptoms:
Files in system folders:
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Antispyware Soldier.lnk
[%DESKTOP%]\Antispyware Soldier.lnk
[%PROFILE%]\cmd.exe
[%PROFILE%]\start
[%PROGRAM_FILES%]\Antispyware Soldier\antispysoldier.url
[%PROGRAM_FILES%]\Antispyware Soldier\unins000.dat
[%STARTUP%]\antispysoldier.lnk
[%SYSTEM%]\a.exe
[%SYSTEM%]\alxres.dll
[%SYSTEM%]\bridge.dll
[%SYSTEM%]\dailytoolbar.dll
[%SYSTEM%]\jao.dll
[%SYSTEM%]\lfd.dat
[%SYSTEM%]\oiso.bin
[%SYSTEM%]\questmod.dll
[%SYSTEM%]\runsrv32.dll
[%SYSTEM%]\runsrv32.exe
[%SYSTEM%]\sumsw32.exe
[%SYSTEM%]\SUSP.exe
[%SYSTEM%]\tcpservice2.exe
[%SYSTEM%]\txfdb32.dll
[%SYSTEM%]\udpmod.dll
[%SYSTEM%]\wstart.dll
[%WINDOWS%]\alexaie.dll
[%WINDOWS%]\alxie328.dll
[%WINDOWS%]\alxtb1.dll
[%WINDOWS%]\bg_bg.gif
[%WINDOWS%]\big_red_x.gif
[%WINDOWS%]\BTGrab.dll
[%WINDOWS%]\buy_now.gif
[%WINDOWS%]\click_for_free_scan.gif
[%WINDOWS%]\close_ico.gif
[%WINDOWS%]\dlmax.dll
[%WINDOWS%]\download.gif
[%WINDOWS%]\download_product.gif
[%WINDOWS%]\free_scan_red_btn.gif
[%WINDOWS%]\icon_warning_big.gif
[%WINDOWS%]\infected_top_bg.gif
[%WINDOWS%]\logo.gif
[%WINDOWS%]\navibar_bg.gif
[%WINDOWS%]\navibar_corner_left.gif
[%WINDOWS%]\navibar_corner_right.gif
[%WINDOWS%]\product_box.gif
[%WINDOWS%]\Pynix.dll
[%WINDOWS%]\red_warning_ico.gif
[%WINDOWS%]\remove_spyware_header.gif
[%WINDOWS%]\safe_and_trusted.gif
[%WINDOWS%]\spyware_detected.gif
[%WINDOWS%]\susp.exe
[%WINDOWS%]\yellow_warning_ico.gif
[%WINDOWS%]\yod.htm
[%WINDOWS%]\ZServ.dll
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Antispyware Soldier.lnk
[%DESKTOP%]\Antispyware Soldier.lnk
[%PROFILE%]\cmd.exe
[%PROFILE%]\start
[%PROGRAM_FILES%]\Antispyware Soldier\antispysoldier.url
[%PROGRAM_FILES%]\Antispyware Soldier\unins000.dat
[%STARTUP%]\antispysoldier.lnk
[%SYSTEM%]\a.exe
[%SYSTEM%]\alxres.dll
[%SYSTEM%]\bridge.dll
[%SYSTEM%]\dailytoolbar.dll
[%SYSTEM%]\jao.dll
[%SYSTEM%]\lfd.dat
[%SYSTEM%]\oiso.bin
[%SYSTEM%]\questmod.dll
[%SYSTEM%]\runsrv32.dll
[%SYSTEM%]\runsrv32.exe
[%SYSTEM%]\sumsw32.exe
[%SYSTEM%]\SUSP.exe
[%SYSTEM%]\tcpservice2.exe
[%SYSTEM%]\txfdb32.dll
[%SYSTEM%]\udpmod.dll
[%SYSTEM%]\wstart.dll
[%WINDOWS%]\alexaie.dll
[%WINDOWS%]\alxie328.dll
[%WINDOWS%]\alxtb1.dll
[%WINDOWS%]\bg_bg.gif
[%WINDOWS%]\big_red_x.gif
[%WINDOWS%]\BTGrab.dll
[%WINDOWS%]\buy_now.gif
[%WINDOWS%]\click_for_free_scan.gif
[%WINDOWS%]\close_ico.gif
[%WINDOWS%]\dlmax.dll
[%WINDOWS%]\download.gif
[%WINDOWS%]\download_product.gif
[%WINDOWS%]\free_scan_red_btn.gif
[%WINDOWS%]\icon_warning_big.gif
[%WINDOWS%]\infected_top_bg.gif
[%WINDOWS%]\logo.gif
[%WINDOWS%]\navibar_bg.gif
[%WINDOWS%]\navibar_corner_left.gif
[%WINDOWS%]\navibar_corner_right.gif
[%WINDOWS%]\product_box.gif
[%WINDOWS%]\Pynix.dll
[%WINDOWS%]\red_warning_ico.gif
[%WINDOWS%]\remove_spyware_header.gif
[%WINDOWS%]\safe_and_trusted.gif
[%WINDOWS%]\spyware_detected.gif
[%WINDOWS%]\susp.exe
[%WINDOWS%]\yellow_warning_ico.gif
[%WINDOWS%]\yod.htm
[%WINDOWS%]\ZServ.dll

How to detect SpyDldr.J:

Files:
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Antispyware Soldier.lnk
[%DESKTOP%]\Antispyware Soldier.lnk
[%PROFILE%]\cmd.exe
[%PROFILE%]\start
[%PROGRAM_FILES%]\Antispyware Soldier\antispysoldier.url
[%PROGRAM_FILES%]\Antispyware Soldier\unins000.dat
[%STARTUP%]\antispysoldier.lnk
[%SYSTEM%]\a.exe
[%SYSTEM%]\alxres.dll
[%SYSTEM%]\bridge.dll
[%SYSTEM%]\dailytoolbar.dll
[%SYSTEM%]\jao.dll
[%SYSTEM%]\lfd.dat
[%SYSTEM%]\oiso.bin
[%SYSTEM%]\questmod.dll
[%SYSTEM%]\runsrv32.dll
[%SYSTEM%]\runsrv32.exe
[%SYSTEM%]\sumsw32.exe
[%SYSTEM%]\SUSP.exe
[%SYSTEM%]\tcpservice2.exe
[%SYSTEM%]\txfdb32.dll
[%SYSTEM%]\udpmod.dll
[%SYSTEM%]\wstart.dll
[%WINDOWS%]\alexaie.dll
[%WINDOWS%]\alxie328.dll
[%WINDOWS%]\alxtb1.dll
[%WINDOWS%]\bg_bg.gif
[%WINDOWS%]\big_red_x.gif
[%WINDOWS%]\BTGrab.dll
[%WINDOWS%]\buy_now.gif
[%WINDOWS%]\click_for_free_scan.gif
[%WINDOWS%]\close_ico.gif
[%WINDOWS%]\dlmax.dll
[%WINDOWS%]\download.gif
[%WINDOWS%]\download_product.gif
[%WINDOWS%]\free_scan_red_btn.gif
[%WINDOWS%]\icon_warning_big.gif
[%WINDOWS%]\infected_top_bg.gif
[%WINDOWS%]\logo.gif
[%WINDOWS%]\navibar_bg.gif
[%WINDOWS%]\navibar_corner_left.gif
[%WINDOWS%]\navibar_corner_right.gif
[%WINDOWS%]\product_box.gif
[%WINDOWS%]\Pynix.dll
[%WINDOWS%]\red_warning_ico.gif
[%WINDOWS%]\remove_spyware_header.gif
[%WINDOWS%]\safe_and_trusted.gif
[%WINDOWS%]\spyware_detected.gif
[%WINDOWS%]\susp.exe
[%WINDOWS%]\yellow_warning_ico.gif
[%WINDOWS%]\yod.htm
[%WINDOWS%]\ZServ.dll
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Antispyware Soldier.lnk
[%DESKTOP%]\Antispyware Soldier.lnk
[%PROFILE%]\cmd.exe
[%PROFILE%]\start
[%PROGRAM_FILES%]\Antispyware Soldier\antispysoldier.url
[%PROGRAM_FILES%]\Antispyware Soldier\unins000.dat
[%STARTUP%]\antispysoldier.lnk
[%SYSTEM%]\a.exe
[%SYSTEM%]\alxres.dll
[%SYSTEM%]\bridge.dll
[%SYSTEM%]\dailytoolbar.dll
[%SYSTEM%]\jao.dll
[%SYSTEM%]\lfd.dat
[%SYSTEM%]\oiso.bin
[%SYSTEM%]\questmod.dll
[%SYSTEM%]\runsrv32.dll
[%SYSTEM%]\runsrv32.exe
[%SYSTEM%]\sumsw32.exe
[%SYSTEM%]\SUSP.exe
[%SYSTEM%]\tcpservice2.exe
[%SYSTEM%]\txfdb32.dll
[%SYSTEM%]\udpmod.dll
[%SYSTEM%]\wstart.dll
[%WINDOWS%]\alexaie.dll
[%WINDOWS%]\alxie328.dll
[%WINDOWS%]\alxtb1.dll
[%WINDOWS%]\bg_bg.gif
[%WINDOWS%]\big_red_x.gif
[%WINDOWS%]\BTGrab.dll
[%WINDOWS%]\buy_now.gif
[%WINDOWS%]\click_for_free_scan.gif
[%WINDOWS%]\close_ico.gif
[%WINDOWS%]\dlmax.dll
[%WINDOWS%]\download.gif
[%WINDOWS%]\download_product.gif
[%WINDOWS%]\free_scan_red_btn.gif
[%WINDOWS%]\icon_warning_big.gif
[%WINDOWS%]\infected_top_bg.gif
[%WINDOWS%]\logo.gif
[%WINDOWS%]\navibar_bg.gif
[%WINDOWS%]\navibar_corner_left.gif
[%WINDOWS%]\navibar_corner_right.gif
[%WINDOWS%]\product_box.gif
[%WINDOWS%]\Pynix.dll
[%WINDOWS%]\red_warning_ico.gif
[%WINDOWS%]\remove_spyware_header.gif
[%WINDOWS%]\safe_and_trusted.gif
[%WINDOWS%]\spyware_detected.gif
[%WINDOWS%]\susp.exe
[%WINDOWS%]\yellow_warning_ico.gif
[%WINDOWS%]\yod.htm
[%WINDOWS%]\ZServ.dll

Folders:
[%COMMON_PROGRAMS%]\Antispyware Soldier
[%PROGRAM_FILES%]\Antispyware Soldier

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{00000000-59D4-4008-9058-080011001200}
HKEY_CLASSES_ROOT\CLSID\{00000000-C1EC-0345-6EC2-4D0300000000}
HKEY_CLASSES_ROOT\CLSID\{00000000-F09C-02B4-6EC2-AD0300000000}
HKEY_CLASSES_ROOT\CLSID\{3ceff6cd-6f08-4e4d-bccd-ff7415288c3b}
HKEY_CLASSES_ROOT\CLSID\{7b55bb05-0b4d-44fd-81a6-b136188f5deb}
HKEY_CLASSES_ROOT\CLSID\{8333C319-0669-4893-A418-F56D9249FCA6}
HKEY_CLASSES_ROOT\CLSID\{E52DEDBB-D168-4BDB-B229-C48160800E81}
HKEY_CURRENT_USER\Software\ADV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-59D4-4008-9058-080011001200}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-C1EC-0345-6EC2-4D0300000000}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-F09C-02B4-6EC2-AD0300000000}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ceff6cd-6f08-4e4d-bccd-ff7415288c3b}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b55bb05-0b4d-44fd-81a6-b136188f5deb}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8333c319-0669-4893-a418-f56d9249fca6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c691a33-7dda-4c2f-be4c-c176083f35cf}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e52dedbb-d168-4bdb-b229-c48160800e81}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffd2825e-0785-40c5-9a41-518f53a8261f}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antispyware Soldier_is1

Registry Values:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Removing SpyDldr.J:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Conistall Trojan Cleaner

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)