Thursday, November 27, 2008

Xmonf Downloader

Removing Xmonf
Categories: Downloader
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES_COMMON%]\vcclient\clientupdater.bat
[%PROGRAM_FILES_COMMON%]\vcclient\vcclient.exe
[%PROGRAM_FILES_COMMON%]\vcclient\vcclient.exe.config
[%PROGRAM_FILES_COMMON%]\vcclient\vcmain.exe
[%PROGRAM_FILES_COMMON%]\vcclient\vcupdate.exe
[%PROGRAM_FILES_COMMON%]\vcclient\vcupdate.exe.config
[%PROGRAM_FILES_COMMON%]\svchostsys\svchostsys.exe.config
[%PROGRAM_FILES_COMMON%]\svchostsys\svchostupdate.exe.config
[%PROGRAM_FILES_COMMON%]\VCClient\ClientUpdater.bat
[%PROGRAM_FILES_COMMON%]\VCClient\VCClient.exe
[%PROGRAM_FILES_COMMON%]\VCClient\VCClient.exe.config
[%PROGRAM_FILES_COMMON%]\VCClient\VCMain.exe
[%PROGRAM_FILES_COMMON%]\VCClient\VCUpdate.exe
[%PROGRAM_FILES_COMMON%]\VCClient\VCUpdate.exe.config
[%PROGRAM_FILES%]\common files\vcclient\clientupdater.bat
[%PROGRAM_FILES%]\common files\vcclient\vcclient.exe
[%PROGRAM_FILES%]\common files\vcclient\vcclient.exe.config
[%PROGRAM_FILES%]\common files\vcclient\vcmain.exe
[%PROGRAM_FILES%]\common files\vcclient\vcupdate.exe
[%PROGRAM_FILES%]\common files\vcclient\vcupdate.exe.config
[%PROGRAM_FILES_COMMON%]\vcclient\clientupdater.bat
[%PROGRAM_FILES_COMMON%]\vcclient\vcclient.exe
[%PROGRAM_FILES_COMMON%]\vcclient\vcclient.exe.config
[%PROGRAM_FILES_COMMON%]\vcclient\vcmain.exe
[%PROGRAM_FILES_COMMON%]\vcclient\vcupdate.exe
[%PROGRAM_FILES_COMMON%]\vcclient\vcupdate.exe.config
[%PROGRAM_FILES_COMMON%]\svchostsys\svchostsys.exe.config
[%PROGRAM_FILES_COMMON%]\svchostsys\svchostupdate.exe.config
[%PROGRAM_FILES_COMMON%]\VCClient\ClientUpdater.bat
[%PROGRAM_FILES_COMMON%]\VCClient\VCClient.exe
[%PROGRAM_FILES_COMMON%]\VCClient\VCClient.exe.config
[%PROGRAM_FILES_COMMON%]\VCClient\VCMain.exe
[%PROGRAM_FILES_COMMON%]\VCClient\VCUpdate.exe
[%PROGRAM_FILES_COMMON%]\VCClient\VCUpdate.exe.config
[%PROGRAM_FILES%]\common files\vcclient\clientupdater.bat
[%PROGRAM_FILES%]\common files\vcclient\vcclient.exe
[%PROGRAM_FILES%]\common files\vcclient\vcclient.exe.config
[%PROGRAM_FILES%]\common files\vcclient\vcmain.exe
[%PROGRAM_FILES%]\common files\vcclient\vcupdate.exe
[%PROGRAM_FILES%]\common files\vcclient\vcupdate.exe.config

How to detect Xmonf:

Files:
[%PROGRAM_FILES_COMMON%]\vcclient\clientupdater.bat
[%PROGRAM_FILES_COMMON%]\vcclient\vcclient.exe
[%PROGRAM_FILES_COMMON%]\vcclient\vcclient.exe.config
[%PROGRAM_FILES_COMMON%]\vcclient\vcmain.exe
[%PROGRAM_FILES_COMMON%]\vcclient\vcupdate.exe
[%PROGRAM_FILES_COMMON%]\vcclient\vcupdate.exe.config
[%PROGRAM_FILES_COMMON%]\svchostsys\svchostsys.exe.config
[%PROGRAM_FILES_COMMON%]\svchostsys\svchostupdate.exe.config
[%PROGRAM_FILES_COMMON%]\VCClient\ClientUpdater.bat
[%PROGRAM_FILES_COMMON%]\VCClient\VCClient.exe
[%PROGRAM_FILES_COMMON%]\VCClient\VCClient.exe.config
[%PROGRAM_FILES_COMMON%]\VCClient\VCMain.exe
[%PROGRAM_FILES_COMMON%]\VCClient\VCUpdate.exe
[%PROGRAM_FILES_COMMON%]\VCClient\VCUpdate.exe.config
[%PROGRAM_FILES%]\common files\vcclient\clientupdater.bat
[%PROGRAM_FILES%]\common files\vcclient\vcclient.exe
[%PROGRAM_FILES%]\common files\vcclient\vcclient.exe.config
[%PROGRAM_FILES%]\common files\vcclient\vcmain.exe
[%PROGRAM_FILES%]\common files\vcclient\vcupdate.exe
[%PROGRAM_FILES%]\common files\vcclient\vcupdate.exe.config
[%PROGRAM_FILES_COMMON%]\vcclient\clientupdater.bat
[%PROGRAM_FILES_COMMON%]\vcclient\vcclient.exe
[%PROGRAM_FILES_COMMON%]\vcclient\vcclient.exe.config
[%PROGRAM_FILES_COMMON%]\vcclient\vcmain.exe
[%PROGRAM_FILES_COMMON%]\vcclient\vcupdate.exe
[%PROGRAM_FILES_COMMON%]\vcclient\vcupdate.exe.config
[%PROGRAM_FILES_COMMON%]\svchostsys\svchostsys.exe.config
[%PROGRAM_FILES_COMMON%]\svchostsys\svchostupdate.exe.config
[%PROGRAM_FILES_COMMON%]\VCClient\ClientUpdater.bat
[%PROGRAM_FILES_COMMON%]\VCClient\VCClient.exe
[%PROGRAM_FILES_COMMON%]\VCClient\VCClient.exe.config
[%PROGRAM_FILES_COMMON%]\VCClient\VCMain.exe
[%PROGRAM_FILES_COMMON%]\VCClient\VCUpdate.exe
[%PROGRAM_FILES_COMMON%]\VCClient\VCUpdate.exe.config
[%PROGRAM_FILES%]\common files\vcclient\clientupdater.bat
[%PROGRAM_FILES%]\common files\vcclient\vcclient.exe
[%PROGRAM_FILES%]\common files\vcclient\vcclient.exe.config
[%PROGRAM_FILES%]\common files\vcclient\vcmain.exe
[%PROGRAM_FILES%]\common files\vcclient\vcupdate.exe
[%PROGRAM_FILES%]\common files\vcclient\vcupdate.exe.config

Folders:
[%PROGRAM_FILES_COMMON%]\svchostsys
[%PROGRAM_FILES%]\Common Files\svchostsys

Registry Keys:
HKEY_CURRENT_USER\software\sys_up1

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing Xmonf:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
ExeBundle Trojan Removal instruction
IWantSearch Adware Information
Dark.Omen Spyware Information

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)