dragonage.exe, Win32.IRCBot, starwin32.exe, grand.exe, redworld.exe, mswincom32.exe, warcraft.exe

startseite Gastbuch Kontakt
Win32.IRCBot
dragonage.exe, Win32.IRCBot, starwin32.exe, grand.exe

dragonage.exe, Win32.IRCBot, starwin32.exe, grand.exe, redworld.exe, mswincom32.exe, warcraft.exe


dragonage.exe,grand.exe,starwin32.exe,
warcraft.exe,redworld.exe,mswincom32.exe -> remove




HijackThis

O23 - Service: Dragon Age - Bioware - Unknown owner - C:\WINDOWS\System32\dllcache\dragonage.exe
O23 - Service: Microsoft Star Window Service - Unknown owner - C:\WINDOWS\System32\dllcache\starwin32.exe
O23 - Service: Italian Grand Prix - Unknown owner - C:\WINNT\system32\dllcache\grand.exe
O23 - Service: MSCommmand - Unknown owner - C:\WINDOWS\System32\dllcache\mswincom32.exe
O23 - Service: World Of Warcraft - Unknown owner - C:\WINDOWS\System32\dllcache\warcraft.exe


Kaspersky - Onlinescan

C:\WINDOWS\system32\27031_redworld.exe
C:\WINDOWS\system32\dllcache\mswincom32.exe Infected: Backdoor.Win32.VanBot.e
C:\WINDOWS\system32\dllcache\warcraft.exe Infected: Backdoor.Win32.SdBot.avz

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AF4PQF65\84785_redworld[10].exe Infected: Backdoor.Win32.VanBot.e
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AF4PQF65\84785_redworld[11].exe Infected: Backdoor.Win32.VanBot.e
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AF4PQF65\84785_redworld[12].exe Infected: Backdoor.Win32.VanBot.e
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AF4PQF65\84785_redworld[13].exe Infected: Backdoor.Win32.VanBot.e
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AF4PQF65\84785_redworld[14].exe Infected: Backdoor.Win32.VanBot.e
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AF4PQF65\84785_redworld[15].exe Infected: Backdoor.Win32.VanBot.e
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AF4PQF65\84785_redworld[16].exe Infected: Backdoor.Win32.VanBot.e



C:\WINDOWS\System32\dllcache

datcache.bat laden, entpacken (auf dem Desktop) - doppeltklicken - scan abwarten - der Texteditor wird sich oeffnet - Text mit der rechten Maustaste abkopieren
http://virus-protect.org/bat/datcache.zip


Start > Ausführen --> reinschreiben --> cmd.exe
und ok. kopiere rein und poste alles, was im Texteditor erscheint


dir /s /a "c:\redworld*.*" > c:\find.txt & start notepad c:\find.txt



HKLM\SYSTEM\CurrentControlSet\Services\DragonAge - Bioware\
HKLM\SYSTEM\CurrentControlSet\Services\Microsoft Star Window Service
HKLM\SYSTEM\CurrentControlSet\Services\Italian Grand Prix


HKLM\SYSTEM\CurrentControlSet\Services\wuauserv
Start
4

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
Start
4

Note: disabling autostart for the SharedAccess
service deactivates the Microsoft Internet
Connection Firewall (ICF).

HKLM\SOFTWARE\Microsoft\Ole
EnableDCOM
N

HKLM\SYSTEM\CurrentControlSet\Control\Lsa
lmcompatibilitylevel
1

HKLM\SYSTEM\CurrentControlSet\Control\Lsa
restrictanonymous
1

Win32.IRCBot.wo attempts to terminate a number of processes related to security and anti-virus applications



Avenger


registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Italian Grand Prix
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Italian Grand Prix
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_Italian Grand Prix
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Active Italian Grand Prix
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_Italian Grand Prix
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Italian Grand Prix
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_Italian Grand Prix
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Italian Grand Prix

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Dragon Age
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dragon Age
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_Dragon Age
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dragon Age
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_Dragon Age
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Dragon Age
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_Dragon Age
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Dragon Age

Files to delete:
C:\WINDOWS\System32\dllcache\dragonage.exe
C:\WINDOWS\System32\dllcache\starwin32.exe
C:\WINDOWS\system32\dllcache\grand.exe
C:\WINDOWS\system32\dllcache\warcraft.exe
C:\WINDOWS\System32\dllcache\mswincom32.exe
C:\WINDOWS\system32\27031_redworld.exe






Valid HTML 4.01 Ranking-Hits