svkvpn.dll, svkvpn.sys, lps.dat, svjvpn.sys

startseite Gastbuch Kontakt
svkvpn.dll svkvpn.sys lps.dat svjvpn.sys
svkvpn.dll, svkvpn.sys, lps.dat, svjvpn.sys

svkvpn.dll, svkvpn.sys, lps.dat, svjvpn.sys

HijackThis

O20 - Winlogon Notify: svkvpn - C:\WINDOWS\SYSTEM32\svkvpn.dll


Registry Search
und doppelklicken, um zu starten. in: "Enter search strings" ( reinkopieren)

svjvpn
svkvpn
TestService
ER03Sb5fex
svkvpn.dll



hackfix update: haxfix
Icon klicken --> in "deutsch" einstellen --> installieren --> irgendeine Taste klicken

1. Make logfile
2. Run auto fix -> 2 eingeben
3. Run manual fix
4. Run goldun fix -> 4 eingeben
E. Exit Haxfix


Avenger


registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svjvpn.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\svjvpn.sys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\svkvpn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Enum\Root\LEGACY_SVJVPN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Services\svjvpn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Enum\Root\LEGACY_SVJVPN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Services\svjvpn
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVJVPN
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svjvpn

Files to delete:
C:\WINDOWS\system32\lps.dat
C:\WINDOWS\system32\svkvpn.sys
C:\WINDOWS\system32\svkvpn.dll
C:\WINDOWS\system32\svjvpn.sys
C:\WINDOWS\system32\qo.dll
C:\WINDOWS\system32\qo.sys



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\svkvpn]
"Startup"="ER03Sb5fex"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Enum\Root\LEGACY_SVJVPN]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Enum\Root\LEGACY_SVJVPN\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Enum\Root\LEGACY_SVJVPN\0000]
"Service"="svjvpn"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Services\svjvpn]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Services\svjvpn]
; Contents of value:
; system32\svjvpn.sys
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,73,76,6a,76,70,6e,2e,73,79,73,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Services\svjvpn\Security]



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Enum\Root\LEGACY_SVJVPN]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Enum\Root\LEGACY_SVJVPN\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Enum\Root\LEGACY_SVJVPN\0000]
"Service"="svjvpn"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Enum\Root\LEGACY_SVJVPN\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Enum\Root\LEGACY_SVJVPN\0000\Control]
"ActiveService"="svjvpn"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Services\svjvpn]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Services\svjvpn]
; Contents of value:
; system32\svjvpn.sys
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,73,76,6a,76,70,6e,2e,73,79,73,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Services\svjvpn\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Services\svjvpn\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Services\svjvpn\Enum]
"0"="Root\\LEGACY_SVJVPN\\0000"



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVJVPN]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVJVPN\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVJVPN\0000]
"Service"="svjvpn"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVJVPN\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVJVPN\0000\Control]
"ActiveService"="svjvpn"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svjvpn]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svjvpn]
; Contents of value:
; system32\svjvpn.sys
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,73,76,6a,76,70,6e,2e,73,79,73,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svjvpn\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svjvpn\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svjvpn\Enum]
"0"="Root\\LEGACY_SVJVPN\\0000"



RootkitRevealer

C:\WINDOWS\SYSTEM32\lps.dat 29.08.2006 18:06 320 bytes Hidden from Windows API.
C:\WINDOWS\SYSTEM32\qo.dll 29.08.2006 18:06 39.20 KB Hidden from Windows API.
C:\WINDOWS\SYSTEM32\qo.sys 29.08.2006 18:06 20.31 KB Hidden from Windows API.
C:\WINDOWS\SYSTEM32\svjvpn.sys 29.08.2006 18:06 20.31 KB Hidden from Windows API.
C:\WINDOWS\SYSTEM32\svkvpn.dll 29.08.2006 18:06 39.20 KB Hidden from Windows API.
C:\WINDOWS\SYSTEM32\svkvpn.sys 29.08.2006 18:06 20.31 KB Hidden from Windows API.


F-Secure BlaclLight

08/31/06 15:34:36 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\lps.dat
08/31/06 15:34:42 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\svjvpn.sys
08/31/06 15:34:44 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\svkvpn.dll
08/31/06 15:34:46 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\svkvpn.sys
08/31/06 15:34:52 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\qo.dll
08/31/06 15:34:53 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\qo.sys









Valid HTML 4.01 Ranking-Hits