tümü

rundll hatası panpalar yardımmmm

  1. 1.
    0
    Technical Information
    Virus Name : BackDoor.Tdss.8317
    Named By : Dr.Web

    TO ENSURE AUTORUN AND DISTRIBUTION:
    Modifies the following registry keys:
    [<HKCU>SoftwareMicrosoftWindowsCurrentVersionRun] 'MSIDLL' = 'rundll32.exe msitdv32.dll,pLLxKMLOXLdo'
    MALICIOUS FUNCTIONS:
    To bypass firewall, removes or modifies the following registry keys:
    [<HKLM>SYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList] '<Full path to virus>' = '<Full path to virus>:*:Enabled:<Virus name>'
    Executes the following:
    <SYSTEM32>rundll32.exe msitdv32.dll,pLLxKMLOXLdo
    Searches for registry branches where third party applications store passwords:
    [<HKLM>SoftwareGhislerWindows Commander]
    [<HKCU>SoftwareGhislerTotal Commander]
    [<HKCU>SOFTWAREFarPluginsFTPHosts]
    [<HKLM>SoftwareGhislerTotal Commander]
    [<HKCU>SoftwareGhislerWindows Commander]
    [<HKCU>SOFTWAREMirabilisICQNewOwners]
    [<HKCU>SoftwareCoffeeCup SoftwareInternetProfiles]
    [<HKLM>SOFTWAREMicrosoftWindowsCurrentVersionUninstallTrillian]
    [<HKLM>SOFTWAREMiranda]
    MODIFIES FILE SYSTEM :
    Creates the following files:
    <SYSTEM32>msitdv32.dll
    NETWORK ACTIVITY:
    Connects to:
    ' http://www.bt#.#rainz.cz':80
    'wo###.person.dk':80
    'ma#####hotoworks.com':80
    TCP:
    HTTP POST requests:
    http://www.bt#.#rainz.cz/admin/index.php
    wo###.person.dk/admin/index.php
    ma#####hotoworks.com/admin/index.php
    UDP:
    DNS ASK http://www.bt#.#rainz.cz
    DNS ASK wo###.person.dk
    DNS ASK ma#####hotoworks.com
    MISCELLANEOUS:
    Searches for the following windows:
    ClassName: 'MozillaUIWindowClass' WindowName: ''
    ClassName: 'Chrome_WidgetWin_0' WindowName: ''
    ClassName: 'IEFrame' WindowName: ''
    ClassName: 'Indicator' WindowName: ''
    Please note : some of the characters are replaced with symbols in order to prevent improper access to malwares.

    Steps to remove "BackDoor.Tdss.8317" automatically

    Download Dr.Web CureIt! and save it in desktop.
    Download Security Space Pro 7.0 (32/64-bit), save it in desktop.
    Reboot computer to Safe Mode (press F8 before any Microsoft logo appears).
    Double click "cureit.exe" on desktop, follow on screen instructions to scan hard disk.
    (Wait patiently, it may take 20-60 minutes to perform an express scan.)
    After scanning is done, select all viruses found and choose "Cure".
    (If some files are not suitable to be cured, choose "Quarantine" or "Delete".)
    When all viruses found are cured, quarantined, or deleted, reboot to Normal Mode.
    Uninstall existing anti-virus software which cannot kill the viruses, and then reboot again.
    Locate the setup file of Security Space Pro on desktop, double click to run it.
    (For step-by-step procedures, please refer to installation video guide.)
    During setup, choose to obtain a demo key.
    After first time update, the scanner will be launched again, quit the scanner at this point.
    Complete the setup by rebooting computer.
    When time is allowed (may need several hours), perform a full scan in Dr.Web Scanner.
    Note :
    If it is unable to start Windows due to virus infection, try Dr.Web LiveCD or Dr.Web LiveUSB instead of Dr.Web CureIt!
    Time needed for express scan or full scan relies on many factors, such as system performance, available memory, running processes, number of drives and files, etc.
    Tümünü Göster
    ···
    #95614054 şikayet
   tümünü göster