Thursday, October 23, 2008

HostGuard - Windows Host Protection Utility

HostGuard - Windows Host Protection Utility
HostGuard will protect and guard you against spyware,malware and harmfull website before it gets you.
host guard has an option that will auto fix your host data while you suspect Virus,Spyware,Trojan,malware on your system, you can use HostGuard Auto Fix option while you are on the process of cleaning your system against this virus,trojan, malwares and spywares, hostGuard is a freeware. made by Mark Sheldon Wong.

Update and Definition files will be also available here for
Download as soon as it is available.

Download HostGuard
Download Link1, Download Link2

Note: if you can run or install ost Guard you may need to
download this Complete Installer Package.
Complete Installer Download Click here







Posted by at 1 comment:

How to remove Win32:Murlo-CH [Trj] Removal Instruction

Win32:Murlo-CH [Trj] Removal Instruction

1.) Download This files and removal Tools for Win32:Murlo-CH [Trj]
Download Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Download HostGuard , HostGuard Download Link2 , Host Guard Complete Installer


* Download This Complete OfflineWin32:Murlo-CH [Trj] Removal Guide and tools with CFScript and HostGuard and ATF-Cleaner

*Alternate Download Link

2.) After Downloading - first we will reset Windows host file in order to Remove Win32:Murlo-CH [Trj]
but before doing so.. Unplug your network or your wireless connection, make sure you are not
connected to the network..

Some infections will put malicious lines into your hosts files. We will reset your hosts file with HostGuard.

* Please download HostGuard.zip to your desktop and unzip the contents.
* Install HostGuard
* Run HostGuard and Click Fix Windows Host - this will fix Your Windows Host
* Close or Hide HostGuard

If you or SpyBot-SD have added modifications to your hosts file, they will need to be re-added
Or you can use the HostGuard to Guard your Windows Host this is much better..

3.) Run ATF-Cleaner Clean All Click main and Checll All and click Empty Selected, then if you have
Mozilla Firefox Click FireFox and Select All then Click Empty Selected and also for opera if you have
it in your system.

4.) Running CFScript.txt with ComboFix to remove Win32:Murlo-CH [Trj]
# Close any open browsers before we can start Win32:Murlo-CH [Trj] removal process.
# Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix
if you have downloaded the CFScript then you must have them now in your desktop with COMBOFIX.EXE

CFScript.txt
- you can manualy create CFScript.txt, open notepad and copy the text below.

KILLALL::
File::
C:\WINDOWS\trz742.tmp
C:\WINDOWS\system32\trz740.tmp
C:\WINDOWS\system32\trz73F.tmp
C:\WINDOWS\system32\trz73E.tmp
C:\WINDOWS\system32\trz73D.tmp
C:\WINDOWS\system32\trz73C.tmp
C:\WINDOWS\system32\HBQQFFO.dll.$DIS
C:\WINDOWS\system32\explore.exe
C:\WINDOWS\system32\HBCT.dll
C:\WINDOWS\system32\HB1000Y.dll
C:\WINDOWS\system32\HBSOUL.dll
C:\WINDOWS\system32\HBFY.dll
C:\WINDOWS\system32\HBQQFFO.dll
C:\WINDOWS\system32\kildh3l.dll
C:\WINDOWS\system32\wllame.dll
C:\WINDOWS\system32\catower.dll
C:\WINDOWS\system32\comboaus.dll
C:\WINDOWS\system32\pewire.dll
C:\WINDOWS\system32\aotoppt.dll
C:\WINDOWS\system32\johandy.dll
C:\WINDOWS\system32\jolndyo.dll
C:\WINDOWS\system32\micsus.dll
C:\WINDOWS\system32\cupops.dll
C:\WINDOWS\system32\System.exe
C:\WINDOWS\system32\HBQQSG.dll
C:\WINDOWS\system32\lensch.dll
C:\WINDOWS\system32\yulhodpf.dll
C:\WINDOWS\system32\eskislk.exe
C:\WINDOWS\system32\eskisl.dll
C:\WINDOWS\Update.dll

Registry::
O21 - SSODL: sysocmgr - {DA1DE019-A6A8-ED40-4B87-248B2A93DE99} - C:\WINDOWS\sysocmgr.dll
O21 - SSODL: yulhodpf.dll - {434FA69C-5F0A-42e1-82B8-10AF2C8E53C6} - C:\WINDOWS\system32\apoebqrg.dll
O21 - SSODL: ehhzzeza.dll - {EB9660D8-E1CD-4ff0-B4A9-00CD907F928A} - C:\WINDOWS\system32\ehhzzeza.dll
O21 - SSODL: ljpzxdum.dll - {71A78CD4-E470-4a18-8457-E0E0283DD507} - C:\WINDOWS\system32\ljpzxdum.dll
O21 - SSODL: ssawfayn.dll - {D3112B69-A745-4805-874E-ABD480EA1299} - C:\WINDOWS\system32\ssawfayn.dll
O21 - SSODL: apoebqrg.dll - {434FA69C-5F0A-42e1-82B8-10AF2C8E53C6} - C:\WINDOWS\system32\apoebqrg.dll
O21 - SSODL: lmpsxxfz.dll - {2CB77746-8ECC-40ca-8217-10CA8BE5EFC8} - C:\WINDOWS\system32\lmpsxxfz.dll
O21 - SSODL: ifyshalr.dll - {F0930A2F-D971-4828-8209-B7DFD266ED44} - C:\WINDOWS\system32\ifyshalr.dll
O21 - SSODL: avicapwm.dll - {6B9FEAD7-4319-4312-AB05-D8C9CD255BFE} - C:\WINDOWS\system32\avicapwm.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"3PMmUpdate"=-
"HBService32"=-
"HBService"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{434FA69C-5F0A-42e1-82B8-10AF2C8E53C6}"=-
"{EB9660D8-E1CD-4ff0-B4A9-00CD907F928A}"=-
"{71A78CD4-E470-4a18-8457-E0E0283DD507}"=-
"{D3112B69-A745-4805-874E-ABD480EA1299}"=-
"{2CB77746-8ECC-40ca-8217-10CA8BE5EFC8}"=-
"{F0930A2F-D971-4828-8209-B7DFD266ED44}"=-
"{6B9FEAD7-4319-4312-AB05-D8C9CD255BFE}"=-



*After copying paste and save the file CFScript.txt

* Now Make Sure all windows are close and no browser is open.and also make sure you are unpluged from the network and
if you are using wireless make sure you have turn it off.
* Now we will start to remove Win32:Murlo-CH [Trj] removal process

* Now drag and drop CFScript.txt to COMBOFIX



Restart your computer after completing these steps.
this will remove Win32:Murlo-CH [Trj]


Guide Copyright by Mark Sheldon Wong
Http://haktech.blogspot.com
Area51.Network
Webcargo.Networks
Posted by at No comments:
Labels: , , , , ,

Tuesday, October 21, 2008

Removing System.exe Trojan

Download And Install
1.) Spybot search and destroy
2.)Avast! Antivirus
3.) Comodo registry Cleaner. -> Delete the 3PMmUpdate entry from the startup..

Fix your HOST file.,Download this http://www.funkytoad.com/download/hoster.zip

Another way to remove the Trojan is ->>
Make Sure Internet Explorer is NOT open when trying this)

Launch HijackThis, click the 'Open'Misc Tools'Section -> 'Open hosts file manager'. Delete every line (select each line and click 'Delete line(s)') except the very first top lines beginning with # and: 127.0.0.1 localhost


Once finished, click the 'Open in Notepad' button. It should look like this:


QUOTE
# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

After the above:

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a checkmark/tick in the box on the left side on these:

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HBService32] System.exe
O4 - HKLM\..\Run: [3PMmUpdate] rundll32 "C:\WINDOWS\Update.dll",Main
O4 - HKLM\..\Run: [WinSysW] C:\WINDOWS\940477L.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

Close ALL windows and browsers except HijackThis and click "Fix checked"



Delete these Files if listed:
C:\WINDOWS\940477L.exe

Reboot

------------------------------------------End of File-----------------------------------------

Worms / Viruses


Date
Title


10/09/2008
Win32/Lolyda Family
Aliases: Infostealer.Lineage (Symantec), PWS:Win32/Lolyda (MS OneCare), Trojan-GameThief.Win32.OnLineGames (Kaspersky)


10/09/2008
Win32/Lolyda.BZ
Aliases: PWS:Win32/Lolyda.K (MS OneCare), Infostealer.Onlinegame (Symantec), Trojan-GameThief.Win32.OnLineGames.thlh (Kaspersky)


10/09/2008
Packed.Generic.190
Aliases: none known


10/09/2008
Packed.Generic.189
Aliases: none known


10/08/2008
Trojan.Hexzone
Aliases: none known


10/07/2008
not-a-virus:NetTool.Win32.Transmit.a
Aliases: SPR/Transmit.A


10/07/2008
Trojan-Downloader.JS.Agent.bxr
Aliases: none known


10/07/2008
Worm.Win32.AutoRun.bnb
Aliases: none known

Good article on a recent "Spear phishing" attack on LinkedIn users

10/07/2008
Trojan.Win32.ConnectionServices.e
Aliases: none known


10/06/2008
Win32/Starimp.AX
Aliases: FakeAlert-AB.dr (McAfee), Troj/Agent-HRF (Sophos), Trojan.Fakeavalert (Symantec)

update new patches friend...

boot your computer on dos scan your memory for viruses...

(Avast and mcafee can clean this)
Posted by at 1 comment:
Labels: ,
Subscribe to: Posts (Atom)

tags

Friend Connect