Saturday, December 13, 2008

PPGou Worm

Removing PPGou
Categories: Worm
Worms can be classified according to the propagation method they use,
i.e. how they deliver copies of themselves to new victim machines.
Worms can also be classified by installation method, launch method and finally according
to characteristics standard to all malware: polymorphism, stealth etc.

Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.
The methods are listed separately below.

Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\PPGou\CatchUrlUser.txt
[%PROGRAM_FILES%]\PPGou\ClientNoKey.txt
[%PROGRAM_FILES%]\PPGou\FrdInfo.dll
[%PROGRAM_FILES%]\PPGou\geturl.htm
[%PROGRAM_FILES%]\PPGou\LoGo\16X16_1.bmp
[%PROGRAM_FILES%]\PPGou\LoGo\16X16_2.bmp
[%PROGRAM_FILES%]\PPGou\LoGo\ICO.ico
[%PROGRAM_FILES%]\PPGou\LoGo\Load.gif
[%PROGRAM_FILES%]\PPGou\LoGo\LoGo.gif
[%PROGRAM_FILES%]\PPGou\NewVer.ini
[%PROGRAM_FILES%]\PPGou\PlanWeb.txt
[%PROGRAM_FILES%]\PPGou\Plug\50040013.exe
[%PROGRAM_FILES%]\PPGou\Plug\bind_8414.exe
[%PROGRAM_FILES%]\PPGou\Plug\DIYNETSetupUni.exe
[%PROGRAM_FILES%]\PPGou\Plug\ppgou0610_cns_yassist.exe
[%PROGRAM_FILES%]\PPGou\Plug\ppgou_233.exe
[%PROGRAM_FILES%]\PPGou\PPAutoDown4.ocx
[%PROGRAM_FILES%]\PPGou\PPGIECom6.dll
[%PROGRAM_FILES%]\PPGou\PPGou.exe
[%PROGRAM_FILES%]\PPGou\UNPPGou.EXE.lnk
[%PROGRAM_FILES%]\PPGou\CatchUrlUser.txt
[%PROGRAM_FILES%]\PPGou\ClientNoKey.txt
[%PROGRAM_FILES%]\PPGou\FrdInfo.dll
[%PROGRAM_FILES%]\PPGou\geturl.htm
[%PROGRAM_FILES%]\PPGou\LoGo\16X16_1.bmp
[%PROGRAM_FILES%]\PPGou\LoGo\16X16_2.bmp
[%PROGRAM_FILES%]\PPGou\LoGo\ICO.ico
[%PROGRAM_FILES%]\PPGou\LoGo\Load.gif
[%PROGRAM_FILES%]\PPGou\LoGo\LoGo.gif
[%PROGRAM_FILES%]\PPGou\NewVer.ini
[%PROGRAM_FILES%]\PPGou\PlanWeb.txt
[%PROGRAM_FILES%]\PPGou\Plug\50040013.exe
[%PROGRAM_FILES%]\PPGou\Plug\bind_8414.exe
[%PROGRAM_FILES%]\PPGou\Plug\DIYNETSetupUni.exe
[%PROGRAM_FILES%]\PPGou\Plug\ppgou0610_cns_yassist.exe
[%PROGRAM_FILES%]\PPGou\Plug\ppgou_233.exe
[%PROGRAM_FILES%]\PPGou\PPAutoDown4.ocx
[%PROGRAM_FILES%]\PPGou\PPGIECom6.dll
[%PROGRAM_FILES%]\PPGou\PPGou.exe
[%PROGRAM_FILES%]\PPGou\UNPPGou.EXE.lnk

How to detect PPGou:

Files:
[%PROGRAM_FILES%]\PPGou\CatchUrlUser.txt
[%PROGRAM_FILES%]\PPGou\ClientNoKey.txt
[%PROGRAM_FILES%]\PPGou\FrdInfo.dll
[%PROGRAM_FILES%]\PPGou\geturl.htm
[%PROGRAM_FILES%]\PPGou\LoGo\16X16_1.bmp
[%PROGRAM_FILES%]\PPGou\LoGo\16X16_2.bmp
[%PROGRAM_FILES%]\PPGou\LoGo\ICO.ico
[%PROGRAM_FILES%]\PPGou\LoGo\Load.gif
[%PROGRAM_FILES%]\PPGou\LoGo\LoGo.gif
[%PROGRAM_FILES%]\PPGou\NewVer.ini
[%PROGRAM_FILES%]\PPGou\PlanWeb.txt
[%PROGRAM_FILES%]\PPGou\Plug\50040013.exe
[%PROGRAM_FILES%]\PPGou\Plug\bind_8414.exe
[%PROGRAM_FILES%]\PPGou\Plug\DIYNETSetupUni.exe
[%PROGRAM_FILES%]\PPGou\Plug\ppgou0610_cns_yassist.exe
[%PROGRAM_FILES%]\PPGou\Plug\ppgou_233.exe
[%PROGRAM_FILES%]\PPGou\PPAutoDown4.ocx
[%PROGRAM_FILES%]\PPGou\PPGIECom6.dll
[%PROGRAM_FILES%]\PPGou\PPGou.exe
[%PROGRAM_FILES%]\PPGou\UNPPGou.EXE.lnk
[%PROGRAM_FILES%]\PPGou\CatchUrlUser.txt
[%PROGRAM_FILES%]\PPGou\ClientNoKey.txt
[%PROGRAM_FILES%]\PPGou\FrdInfo.dll
[%PROGRAM_FILES%]\PPGou\geturl.htm
[%PROGRAM_FILES%]\PPGou\LoGo\16X16_1.bmp
[%PROGRAM_FILES%]\PPGou\LoGo\16X16_2.bmp
[%PROGRAM_FILES%]\PPGou\LoGo\ICO.ico
[%PROGRAM_FILES%]\PPGou\LoGo\Load.gif
[%PROGRAM_FILES%]\PPGou\LoGo\LoGo.gif
[%PROGRAM_FILES%]\PPGou\NewVer.ini
[%PROGRAM_FILES%]\PPGou\PlanWeb.txt
[%PROGRAM_FILES%]\PPGou\Plug\50040013.exe
[%PROGRAM_FILES%]\PPGou\Plug\bind_8414.exe
[%PROGRAM_FILES%]\PPGou\Plug\DIYNETSetupUni.exe
[%PROGRAM_FILES%]\PPGou\Plug\ppgou0610_cns_yassist.exe
[%PROGRAM_FILES%]\PPGou\Plug\ppgou_233.exe
[%PROGRAM_FILES%]\PPGou\PPAutoDown4.ocx
[%PROGRAM_FILES%]\PPGou\PPGIECom6.dll
[%PROGRAM_FILES%]\PPGou\PPGou.exe
[%PROGRAM_FILES%]\PPGou\UNPPGou.EXE.lnk

Removing PPGou:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
PowerPoint.ShapeMaster Trojan Symptoms
ServU.based Backdoor Information
IBar.cn Toolbar Symptoms
Remove BackSocket Backdoor

No comments: