Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
[Kaspersky]AdWare.Win32.WSearch.I,AdWare.Win32.Dm.y,Trojan.Win32.BHO.aw,AdWare.Win32.Dm.ba;
[McAfee]Adware.BDSearch,Adware-BDSearch;
[Other]Trojan.Adclicker,Adware.Roogoo,Adware.Rugo
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\_BHO.dll
[%PROFILE_TEMP%]\_Inst.dll
[%PROFILE_TEMP%]\_play.dll
[%PROFILE_TEMP%]\_ser.exe
[%SYSTEM%]\-65-4876-30
[%SYSTEM%]\-81-4876-30
[%SYSTEM%]\1b1.dll
[%SYSTEM%]\37a
[%SYSTEM%]\60e41.exe
[%SYSTEM%]\b601.dll
[%WINDOWS%]\-106-4876-30
[%WINDOWS%]\031.bmp
[%WINDOWS%]\3fa1.exe
[%WINDOWS%]\96d04ce2
[%WINDOWS%]\fa7c1.txt
[%WINDOWS%]\xxxx.bat
[%PROFILE_TEMP%]\_BHO.dll
[%PROFILE_TEMP%]\_Inst.dll
[%PROFILE_TEMP%]\_play.dll
[%PROFILE_TEMP%]\_ser.exe
[%SYSTEM%]\-65-4876-30
[%SYSTEM%]\-81-4876-30
[%SYSTEM%]\1b1.dll
[%SYSTEM%]\37a
[%SYSTEM%]\60e41.exe
[%SYSTEM%]\b601.dll
[%WINDOWS%]\-106-4876-30
[%WINDOWS%]\031.bmp
[%WINDOWS%]\3fa1.exe
[%WINDOWS%]\96d04ce2
[%WINDOWS%]\fa7c1.txt
[%WINDOWS%]\xxxx.bat
How to detect Tudprie:
Files:
[%PROFILE_TEMP%]\_BHO.dll
[%PROFILE_TEMP%]\_Inst.dll
[%PROFILE_TEMP%]\_play.dll
[%PROFILE_TEMP%]\_ser.exe
[%SYSTEM%]\-65-4876-30
[%SYSTEM%]\-81-4876-30
[%SYSTEM%]\1b1.dll
[%SYSTEM%]\37a
[%SYSTEM%]\60e41.exe
[%SYSTEM%]\b601.dll
[%WINDOWS%]\-106-4876-30
[%WINDOWS%]\031.bmp
[%WINDOWS%]\3fa1.exe
[%WINDOWS%]\96d04ce2
[%WINDOWS%]\fa7c1.txt
[%WINDOWS%]\xxxx.bat
[%PROFILE_TEMP%]\_BHO.dll
[%PROFILE_TEMP%]\_Inst.dll
[%PROFILE_TEMP%]\_play.dll
[%PROFILE_TEMP%]\_ser.exe
[%SYSTEM%]\-65-4876-30
[%SYSTEM%]\-81-4876-30
[%SYSTEM%]\1b1.dll
[%SYSTEM%]\37a
[%SYSTEM%]\60e41.exe
[%SYSTEM%]\b601.dll
[%WINDOWS%]\-106-4876-30
[%WINDOWS%]\031.bmp
[%WINDOWS%]\3fa1.exe
[%WINDOWS%]\96d04ce2
[%WINDOWS%]\fa7c1.txt
[%WINDOWS%]\xxxx.bat
Folders:
[%APPDATA%]\t
Registry Keys:
HKEY_CLASSES_ROOT\appid\{ccf11a98-dc8c-40a9-abaa-df9c4d6dd923}
HKEY_CLASSES_ROOT\CLSID\{FAAAC0F6-94BE-4466-934B-7C53666A2F41}
HKEY_CLASSES_ROOT\dbho.ff
HKEY_CLASSES_ROOT\dbho.ff.1
HKEY_CLASSES_ROOT\interface\{90c84f29-48af-4822-80aa-c959808a210b}
HKEY_CLASSES_ROOT\typelib\{0fecb569-7e71-4adb-ac44-f3c1c0e8ef2d}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FAAAC0F6-94BE-4466-934B-7C53666A2F41}
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_ms_2fax
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\ms_2fax
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ms_2fax
HKEY_CLASSES_ROOT\appid\{1f8f0995-f170-4793-a812-d3cd5cacc3e1}
HKEY_CLASSES_ROOT\clsid\{3aa0903b-1e13-4865-b114-15792d413c41}
HKEY_CLASSES_ROOT\clsid\{5fb8c5d4-929f-4870-89e2-7e3ee26ee701}
HKEY_CLASSES_ROOT\clsid\{faaac0f6-94be-4466-934b-7c53666a2f41}
HKEY_CLASSES_ROOT\iehpr.invoke
HKEY_CLASSES_ROOT\iehpr.invoke.1
HKEY_CLASSES_ROOT\interface\{27ff85bc-ff68-40b9-bb0d-e92d065c0370}
HKEY_CLASSES_ROOT\interface\{c8eb3e47-64a2-4b1d-bda7-2f6b1b100ece}
HKEY_CLASSES_ROOT\typelib\{1c605e21-c217-41cd-99bf-347f09f122a3}
HKEY_CLASSES_ROOT\typelib\{abbf3e09-6453-43cc-bc46-879c5dc5cb07}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3aa0903b-1e13-4865-b114-15792d413c41}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5fb8c5d4-929f-4870-89e2-7e3ee26ee701}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{faaac0f6-94be-4466-934b-7c53666a2f41}
Registry Values:
HKEY_CLASSES_ROOT\appid\dbho.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
Removing Tudprie:
You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.
Or buy it to remove ALL viruses from your computer.Also Be Aware of the Following Threats:
WWW.grab.itsolutions.com Tracking Cookie Removal
Arcv.More Trojan Symptoms
Veslorn Trojan Information
No comments:
Post a Comment