|
 |
|
Remove Trojan.Pakes , cutwail
Name: Trojan.Pakes
Threat Level: High
Description: Trojan.Pakes downloads various malware including Internet Optimizer, ISTBar, SideFind and Target Saver, which are all products of Integrated Search Technologies (IST).
Type: TT_Downloader, TT_Trojan
Also known as: Trojan.Win32.Pakes.cij, Trojan.Win32.Pakes.kra, trojan.win32.pakes.ldi, Trojan.Win32.Pakes.bzx, TrojanDropper:Win32/Cutwail.gen!I,
Threat analysis: Search ThreatExpert to view reports
Trojan.Win32.Pakes [Ikarus] is known to be created as:
%FontsDir%\3c7780c0.dll
%ProgramFiles%\internet explorer\ijl105.dll
%ProgramFiles%\internet explorer\ijl15.dll
%System%\a.exe
%System%\com\lsass.exe
%System%\com\smss.exe
%System%\dakwx.exe
%System%\digeste.dll
%System%\drivers\hcsablyr.sys
%System%\drivers\outsevwp.sys
%System%\drivers\sespodzv.sys
%System%\drivers\xaxlzacd.sys
%System%\drivers\xwlhztoo.sys
%System%\explorer32.exe
%System%\foova.exe
%System%\isyst32win.exe
%System%\kdcse.exe
%System%\kdozp.exe
%System%\l33t.exe
%System%\msansspc.dll
%System%\msdoswinsyst32.exe
%System%\msiconf.exe
%System%\msmsgs.exe
%System%\msxml71.dll
%System%\oukdfgr.exe
%System%\reader_s.exe
%System%\scrsys16_061230.scr
%System%\setup_ver1.1550.2.exe
%System%\setup_ver1.1550.21.exe
%System%\setupl.exe
%System%\syst32svchost.exe
%System%\system.exe
%System%\updatevd.exe
%System%\updwin32syst.exe
%System%\winsys16_061230.dll
%Temp%\dhl_id8612.exe
%Temp%\explorer32.exe
%Temp%\ieupdates.exe
%Temp%\loader.exe
%Temp%\ntdll64.dll
%Temp%\pinch.exe
%Temp%\u83724.exe
%Temp%\winlogon.exe
%Temp%\wmvcodec_update.exe
%UserProfile%\reader_s.exe
%Windir%\9129837.exe
%Windir%\aczjaczj.exe
%Windir%\fxstaller.exe
%Windir%\ijl105.dll
%Windir%\jbbjrjjr.exe
%Windir%\ommiglef.exe
%Windir%\regsv32.exe
%Windir%\runsql.exe
%Windir%\services.exe
%Windir%\sv.exe
%Windir%\svchost.exe
%Windir%\winlogon.exe
%Windir%\zjiabxag.exe
Notes:
%FontsDir% is a variable that refers to a virtual folder containing fonts. A typical path is C:\Windows\Fonts.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%UserProfile% is a variable that specifies the current user's profile folder. By default, this is C:\Documents and Settings\[UserName] (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
Manual Removal:
Files To delete
systemroot+\system32\lmqfg.dll
iexplore0.dll
systemroot+\system32\lmqfg.dll
{b53082b8-b49c-4ba6-81ff-7c41da1cd87c}
auf0.exe
cfhxxd.exe
ffcfbbb.exe
iexplore.exe
iexplore0.dll
v1200351p.epe
systemroot+\system32\kaqwyy.exe
systemroot+\system32\lmqfg.dll
iexplore0.dll
iexplore.exe
systemroot+\system32\kaqwyy.exe
ffcfbbb.exe
cfhxxd.exe
auf0.exe
REGISTRY ITEMS:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\
setup\{b53082b8-b49c-4ba6-81ff-7c41da1cd87c}
Removal: This infection can be removed using Spyware Doctor - Downlload it.
|
| | |
 |
|
|
Anti Virus - Spyware Removal - Trojan Removal - Registry Repair