Sunday, November 30, 2008

USBroot Trojan

Removing USBroot
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
USBroot Also known as:

[Kaspersky]Trojan.Win32.Kolweb.q,Rootkit.Win32.Agent.io;
[McAfee]Generic RootKit.a,Generic Rootkit.a;
[F-Prot]W32/TrojanX.ACFM,W32/Rootkit.ACR,W32/RootkitX.LA;
[Other]Hacktool.Rootkit,VirTool:WinNT/Smallrk.G,W32/Agent.CWZW,TROJ_KOLWEB.Q,W32/Malware.ANFC,Possible_Strat-6,W32/Rootkit.AMV,TROJ_ROOTKIT.ZPP
Visible Symptoms:
Files in system folders:
[%STARTUP%]\.lnk
[%STARTUP%]\_.lnk
[%SYSTEM%]\drivers\ohciusb.sys
[%SYSTEM%]\drivers\ohciusb.syt
[%SYSTEM%]\drivers\ohctusb.sys
[%SYSTEM%]\drivers\ohctusb.syt
[%SYSTEM%]\drivers\ohdusb.sys
[%SYSTEM%]\msmapibx32.exe
[%STARTUP%]\.lnk
[%STARTUP%]\_.lnk
[%SYSTEM%]\drivers\ohciusb.sys
[%SYSTEM%]\drivers\ohciusb.syt
[%SYSTEM%]\drivers\ohctusb.sys
[%SYSTEM%]\drivers\ohctusb.syt
[%SYSTEM%]\drivers\ohdusb.sys
[%SYSTEM%]\msmapibx32.exe

How to detect USBroot:

Files:
[%STARTUP%]\.lnk
[%STARTUP%]\_.lnk
[%SYSTEM%]\drivers\ohciusb.sys
[%SYSTEM%]\drivers\ohciusb.syt
[%SYSTEM%]\drivers\ohctusb.sys
[%SYSTEM%]\drivers\ohctusb.syt
[%SYSTEM%]\drivers\ohdusb.sys
[%SYSTEM%]\msmapibx32.exe
[%STARTUP%]\.lnk
[%STARTUP%]\_.lnk
[%SYSTEM%]\drivers\ohciusb.sys
[%SYSTEM%]\drivers\ohciusb.syt
[%SYSTEM%]\drivers\ohctusb.sys
[%SYSTEM%]\drivers\ohctusb.syt
[%SYSTEM%]\drivers\ohdusb.sys
[%SYSTEM%]\msmapibx32.exe

Registry Keys:
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_ohciusb
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_ohctusb
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_ohdusb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ohciusb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ohctusb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ohdusb

Removing USBroot:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Flyswat Adware Symptoms
SillyDl.DDQ Trojan Removal instruction
Removing Win32.RemoteSOB Trojan
Wussoe Trojan Symptoms

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)