Monday, February 2, 2009

Pcclient Trojan

Removing Pcclient
Categories: Trojan,Backdoor
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Pcclient Also known as:

[Kaspersky]Trojan.Win32.Pakes,Backdoor.Win32.PcClient.gg,Backdoor.Win32.Pcclient.ty,Backdoor.Win32.PCClient.vr,Backdoor.Win32.Pcclient.ii,Backdoor.Win32.PcClient.fc,Backdoor.Win32.PcClient.wi,Backdoor.Win32.PcClient.aai;
[Eset]Win32/PcClient.B trojan;
[McAfee]BackDoor-CKB,Backdoor-CKB.gen;
[Computer Associates]Win32.Pcclient.B,Win32/PcClient.Trojan;
[Other]Win32/Pcclient.BA,Win32/PcClient.GG!Trojan,Backdoor.Formador,Troj/Bckdr-HRX,Win32/Pcclient.BD,win32/Pcclient.BC,Win32/Pcclient!generic,Win32/Pcclient.BJ,Backdoor.Pcclient.B,Win32/Pcclient.BH,Win32/Pcclient.BO,Win32.Pcclient.CD
Visible Symptoms:
Files in system folders:
[%RECYCLER%]\autorun.exe
[%SYSTEM%]\autorun3.exe
[%SYSTEM%]\KOfcpfwSvcs.exe
[%SYSTEM%]\OfcpfwSvcs.exe
[%DESKTOP%]\My Lockbox.lnk
[%PROGRAM_FILES%]\xerox\folderlockbox.exe
[%SYSTEM%]\drivers\mprifl.sys
[%SYSTEM%]\drivers\Yrfzvmec.sys
[%SYSTEM%]\Xubkmwau.d1l
[%SYSTEM%]\Xubkmwau.sys
[%SYSTEM%]\Yrfzvmec.d1l
[%RECYCLER%]\autorun.exe
[%SYSTEM%]\autorun3.exe
[%SYSTEM%]\KOfcpfwSvcs.exe
[%SYSTEM%]\OfcpfwSvcs.exe
[%DESKTOP%]\My Lockbox.lnk
[%PROGRAM_FILES%]\xerox\folderlockbox.exe
[%SYSTEM%]\drivers\mprifl.sys
[%SYSTEM%]\drivers\Yrfzvmec.sys
[%SYSTEM%]\Xubkmwau.d1l
[%SYSTEM%]\Xubkmwau.sys
[%SYSTEM%]\Yrfzvmec.d1l

How to detect Pcclient:

Files:
[%RECYCLER%]\autorun.exe
[%SYSTEM%]\autorun3.exe
[%SYSTEM%]\KOfcpfwSvcs.exe
[%SYSTEM%]\OfcpfwSvcs.exe
[%DESKTOP%]\My Lockbox.lnk
[%PROGRAM_FILES%]\xerox\folderlockbox.exe
[%SYSTEM%]\drivers\mprifl.sys
[%SYSTEM%]\drivers\Yrfzvmec.sys
[%SYSTEM%]\Xubkmwau.d1l
[%SYSTEM%]\Xubkmwau.sys
[%SYSTEM%]\Yrfzvmec.d1l
[%RECYCLER%]\autorun.exe
[%SYSTEM%]\autorun3.exe
[%SYSTEM%]\KOfcpfwSvcs.exe
[%SYSTEM%]\OfcpfwSvcs.exe
[%DESKTOP%]\My Lockbox.lnk
[%PROGRAM_FILES%]\xerox\folderlockbox.exe
[%SYSTEM%]\drivers\mprifl.sys
[%SYSTEM%]\drivers\Yrfzvmec.sys
[%SYSTEM%]\Xubkmwau.d1l
[%SYSTEM%]\Xubkmwau.sys
[%SYSTEM%]\Yrfzvmec.d1l

Folders:
[%PROGRAMS%]\Folder Lockbox
[%PROGRAMS%]\My Lockbox
[%PROGRAM_FILES%]\Folder Lockbox
[%PROGRAM_FILES%]\My Lockbox

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{1627e1fe-69fa-4943-9d87-2a40de9075bf}
HKEY_CLASSES_ROOT\flockbox.dochostuihandler
HKEY_CURRENT_USER\software\fspro labs\folder lockbox
HKEY_LOCAL_MACHINE\software\fspro labs\folder lockbox
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\folder lockbox_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\my lockbox_is1
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_mprifl
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_yrfzvmec
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\mprifl
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\xubkmwau
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\yrfzvmec

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Pcclient:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Exit.Win.Predator Trojan Information
Remove Pigeon.AVFM Trojan

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)