Tuesday, October 21, 2008

Removing System.exe Trojan

Download And Install
1.) Spybot search and destroy
2.)Avast! Antivirus
3.) Comodo registry Cleaner. -> Delete the 3PMmUpdate entry from the startup..

Fix your HOST file.,Download this http://www.funkytoad.com/download/hoster.zip

Another way to remove the Trojan is ->>
Make Sure Internet Explorer is NOT open when trying this)

Launch HijackThis, click the 'Open'Misc Tools'Section -> 'Open hosts file manager'. Delete every line (select each line and click 'Delete line(s)') except the very first top lines beginning with # and: 127.0.0.1 localhost


Once finished, click the 'Open in Notepad' button. It should look like this:


QUOTE
# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

After the above:

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a checkmark/tick in the box on the left side on these:

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HBService32] System.exe
O4 - HKLM\..\Run: [3PMmUpdate] rundll32 "C:\WINDOWS\Update.dll",Main
O4 - HKLM\..\Run: [WinSysW] C:\WINDOWS\940477L.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

Close ALL windows and browsers except HijackThis and click "Fix checked"



Delete these Files if listed:
C:\WINDOWS\940477L.exe

Reboot

------------------------------------------End of File-----------------------------------------

Worms / Viruses


Date
Title


10/09/2008
Win32/Lolyda Family
Aliases: Infostealer.Lineage (Symantec), PWS:Win32/Lolyda (MS OneCare), Trojan-GameThief.Win32.OnLineGames (Kaspersky)


10/09/2008
Win32/Lolyda.BZ
Aliases: PWS:Win32/Lolyda.K (MS OneCare), Infostealer.Onlinegame (Symantec), Trojan-GameThief.Win32.OnLineGames.thlh (Kaspersky)


10/09/2008
Packed.Generic.190
Aliases: none known


10/09/2008
Packed.Generic.189
Aliases: none known


10/08/2008
Trojan.Hexzone
Aliases: none known


10/07/2008
not-a-virus:NetTool.Win32.Transmit.a
Aliases: SPR/Transmit.A


10/07/2008
Trojan-Downloader.JS.Agent.bxr
Aliases: none known


10/07/2008
Worm.Win32.AutoRun.bnb
Aliases: none known

Good article on a recent "Spear phishing" attack on LinkedIn users

10/07/2008
Trojan.Win32.ConnectionServices.e
Aliases: none known


10/06/2008
Win32/Starimp.AX
Aliases: FakeAlert-AB.dr (McAfee), Troj/Agent-HRF (Sophos), Trojan.Fakeavalert (Symantec)

update new patches friend...

boot your computer on dos scan your memory for viruses...

(Avast and mcafee can clean this)
at

1 comment:

  1. AnonymousJanuary 6, 2010 at 10:06 PM

    Hi writer
    since looking your post could it be the same of related storys in
    [url=http://www.avg-free.us]avg free[/url]

    ReplyDelete

Since we see a lot of users SPAMMING and abusing our comment section. we are now strictly checking new comments before approving it on haktech. of you like to promote your website. you can always contact me so i can do SEO for your website.