mmx19g.sys, xmm13g.dll, scsiusr4.dll

startseite Gastbuch Kontakt
mmx19g.sys xmm13g.dll scsiusr4.dll
mmx19g.sys, xmm13g.dll, scsiusr4.dll

MMX2 virtualization service: \??\C:\WINDOWS\System32\mmx19g.sys (autostart)

HijackThis

O20 - Winlogon Notify: scsiusr4 - scsiusr4.dll
O20 - Winlogon Notify: xmm13g - C:\WINDOWS\SYSTEM32\xmm13g.dll


F-Secure BlackLight

09/24/06 22:14:54 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\QZ.DLL
09/24/06 22:14:54 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\MMX19G.SYS
09/24/06 22:14:55 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\QZ.SYS
09/24/06 22:14:55 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\WA114.INI
09/24/06 22:14:56 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\ASZZXE~1.VB



datfindbat

Verzeichnis von C:\
09.09.2006 17:17 25.499 534697170.exe

Verzeichnis von C:\WINDOWS
26.08.2006 14:35 27.163 1655516857.exe

Verzeichnis von C:\WINDOWS\system32
24.09.2006 21:17 256 ps.a3d
24.09.2006 21:09 152 ilxphmgy.txt
09.09.2006 17:17 0 ksl48.bin
26.08.2006 14:36 0 scsipsrvc.sys


**
klick Start -> Ausführen>> schreibe rein: Services.msc und Klick OK!
"Eigenschaften" >> klick "Stop" >> Starttyp "deaktiviert"
MMX2 virtualization service


Avenger


registry keys to delete:
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\mmx19g.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\xmm13g.sys

Files to delete:
c:\WINDOWS\SYSTEM32\QZ.DLL
C:\WINDOWS\System32\mmx19g.sys
C:\WINDOWS\System32\xmm13g.sys
c:\WINDOWS\SYSTEM32\QZ.SYS
c:\WINDOWS\SYSTEM32\WA114.INI
c:\WINDOWS\SYSTEM32\ASZZXE~1.VB
C:\534697170.exe
C:\WINDOWS\1655516857.exe
C:\WINDOWS\system32\ps.a3d
C:\WINDOWS\system32\ksl48.bin
C:\WINDOWS\system32\scsipsrvc.sys
C:\WINDOWS\SYSTEM32\xmm13g.dll
C:\WINDOWS\System32\scsiusr4.dll



Regsearch
und doppelklicken, um zu starten. in: "Enter search strings" reinkopieren)

MMX19G.SYS
scsipsrvc.sys
xmm13g.sys

in edit und klicke "Ok".
Notepad wird sich oeffnen



Silentrunner

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! xmm13g\DLLName = "xmm13g.dll" [** WMI GetObject error **]


Download haxfix.exe. http://users.telenet.be/marcvn/tools/haxfix.exe
Save it to your desktop.
Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)
Checkmark "Create a desktop icon".
Click "Next".
When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed. Click "Finish".
A red "dos window" (dos box) will open.

Select option 1. Make logfile by typing 1 and then pressing Enter. Haxfix will start scanning the computer. When it is finished a logfile will open. Copy the contents of that logfile and paste it into this thread.

checking for haxdoor
--------------------
checking for a3d files....
a3d files found
ps.a3d

checking for matching notify keys....
matching notify keys found
xmm13g

checking for matching services....
matching services found
xmm13g
mmx19g

checking for matching safeboot services....
matching safeboot services found
xmm13g.sys
mmx19g.sys

--------------------------

Run Haxfix choose option 2 autofix

searching for services....
service xmm13g found
[SWSC] DeleteService SUCCESS
service mmx19g found
[SWSC] DeleteService SUCCESS






Valid HTML 4.01 Ranking-Hits