01.01.10 -- Happy New Year!















Friday, January 1, 2010 -- New Year’s Day 











Across: 1. Part of a horse between the shoulder blades, WITHERS; 8. Xanax maker, PFIZER; 14. Quaint game with a giver and a striker, ONE O’CAT; 15. Valerie of “The Electric Horseman”, PERRINE; 16. Like broken things, OF NO USE; 17. Pros at projecting, ORATORS; 18. Ready to be fired, LOAD; 19. Pot cover, TEFLON; 21. Basketball Hall-of-Famer Holman, NAT; 22. Resistance leader in Woody Allen’s “Sleeper”, ERNO; 23. Eldest of a trio of comic brothers in 1930s-’40s films, AL RITZ; 24. Neil Sedaka’s “I GO Ape”; 25. Williamson who played Hamlet and Macbeth on Broadway, NICOL; 27. Its chapel was designed by Eero Saarinen, briefly, MIT; 28. Processing time unit: Abbr., MSEC; 29. Foul territory?, STY; 30. Pas de deux part, ADAGIO; 33. Dostoyevsky’s exile city, OMSK; 34. Coarse, as stucco, ROUGH CAST; 36. Plantation creation, BALE; 39. Dieter’s concern, INTAKE; 4. Org. whose emblem features an eagle and a crown, RAF; 43. She’s a paradigm of patience, ENID; 44. Notable head-turner, OWL; 45. Bouillabaisse go-with, AIOLI; 47. I, EGO; 48. Like some love, FILIAL; 51. Time of Obama’s swearing-in, MMIX; 52. First Across word in the world’s first crossword, FUN; 53. Einstein, notably, ÉMIGRÉ; 54. Elk’s enemy, PUMA; 55. His opening statement is famous, ALI BABA; 57. Uniform adornment, EPAULET; 59. New Testament miracle recipient, LAZARUS; 60. Great Dark Spot locale, NEPTUNE; 61. Blackmailer’s words, OR ELSE; 62. Record producers, ARRESTS.










Down: 1. Some winter wear, WOOLENS; 2. Sure to be grounded, say, IN FOR IT; 3. Matter of lease concern?, TENANCY; 4. Bring bad luck to, HOODOO; 5. Coin depicting Louis XVI, ECU; 6. One with a dreaded style?, RASTA; 7. Play set entirely in a beauty parlor, STEEL MAGNOLIAS; 8. Choat ran with him in 1996, PEROT; 9. Half of a recurring “Saturday Night Live” duo, FRANZ; 10. N.Y.C. transportation debut of 1904, IRT; 11. Movement Herman Wouk called “a single long action of lifesaving”, ZIONISM; 12. Sets off, ENRAGES; 13. Do a store chore, RESTOCK; 15. City hall, often, POLITICAL ARENA; 20. Clown’s over-the-top topper, FRIGHT WIG; 26. Mekong River native, LAO; 28. Zinger, MOT; 31. Police blotter abbr., DUI; 32. One of Iowa’s state symbols, OAK; 34. With 35-Down, Mocha is on it, RED; 35. See 34-Down, SEA; 36. Mix on the range, BEEFALO; 37. Far from Rubenesque, ANGULAR; 38. Put on a pedestal, LIONIZE; 40. Abductor of the Sabine women, ROMULUS; 41. Sustaining stuff, ALIMENT; 42. Obsesses, FIXATES; 46. Ascribe, IMPUTE; 48. Psychotherapy topics FEARS; 49. Suffuse, IMBUE; 50. New Testament miracle recipient, LEPER; 56. Credit card statement abbr., BAL; 58. Credit card statement abbr., APR.










-----------------







Today‘s cartoon -- HERE.












Click on image to enlarge.



Puzzle available on the internet at



THE NEW YORK TIMES -- Crossword Puzzles and Games.



If you subscribe to home delivery of The New York Times you are eligible to access the daily crossword via The New York Times - Times Reader, without additional charge, as part of your home delivery.








at 10:17 PM 0 comments

12.31.09 -- Roast and Toast











Thursday, December 31, 2009 -- New Year’s Eve 







Puzzle by Frank Longo, edited by Will Shortz





THREE LITTLE PIGS (60A. Storybook group residing in this puzzle?), along with BOAR, SOW and HOG each appearing in a single square of the across entries of CHAIRMAN OF THE [BOAR]D (17. Person making firm decisions), TO EACH HI[S OW]N (22. “Different strokes for different folks” and [HOG]AN’S HEROES (55. 1960s sitcom set at a camp) are the interrelated entries of this last-day-of-the-year Thursday crossword, along with the corresponding down entries of CO[BO AR]ENA (12. Detroit venue for sporting events and concerts), [SO W]HAT (25. “Big deal”) and QUA[HOG] (37. Thick-shelled seafood selection) -- squealingly squeezed into small crossword squares… three little pigs, literally little.










EVE (56D. Brink) is the sole possible reference to this New Year’s Eve, most likely having escaped from the crossword puzzle appearing this past Christmas Eve which featured nine squares with the word EVE crammed into one square each -- HERE. Today, we get PIGS...







Other across: 5. Vice president after Breckinridge, HAMLIN; 15A. Dreadful, old-style, UGSOME; 20. Wasn’t up, SLEPT; 21. Bobby-SOXER; 29. Vujacic of the Los Angeles Lakes, who’s nicknamed “The Machine”, SASHA; 31. Alternatives to cups, in dessert orders, CONES; 33. Something to throw on the BBQ, PATTY; 43. It’s nothing new, with “the”, USUAL; 45. Not worthless, OF USE; 50. Country statistics, AREAS; 57. Chew out, SCOLD; 59. Place to escape to, HAVEN; 67. "Niagara" star, 1953, MONROE; 70. Pachacuti’s people, INCANS.










Down: 3. Multistep process starter, PHASE ONE; 4. Green crops cultivated for fodder, SOILAGE; 5. Snorts of disdain, HUMPHS; 6. She created Hercule, AGATHA; 11. Limb bender, FLEXOR; 13. Training groups, CADRES; 19. It’s done for fun, HOBBY; 43. Cry when you’ve had enough, UNCLE; 40. Shelve for a while, PUT ON ICE; 46. What Fido “shakes hands” with, FOREPAW; 47. To a T, JUST SO; 48. Abstain from, ESCHEW; 49. Unconcerned with scruples, AMORAL; 51. “Punk’d” host, Kutcher, ASHTON; 52. Some are bituminous, SHALES.







Short stuff -- ACRE, AGOG, BONE, BRAS, DEMI, ECHO, ESTE, FCC, GRR, ICH, IMF, INC, IQS, ISP, JEAN, LEN and LON, LOA and LOO, MSN, NATS and NETS, ODE, OGOD, OTTO, OWL, PER, REC and SEC, REOS, SARA, SEA and SEE, SIPS and SIS, TACO, TKO, TRA, TSK, USMC, WERE (71A. Be in a certain mood?).










-----------------







For today’s cartoon, go to The Crossword Puzzle Illustrated.














Click on image to enlarge.



Puzzle available on the internet at



THE NEW YORK TIMES -- Crossword Puzzles and Games.



If you subscribe to home delivery of The New York Times you are eligible to access the daily crossword via The New York Times - Times Reader, without additional charge, as part of your home delivery.



Remaining clues -- ACROSS: 1. Small drafts; 11. Govt. media monitor; 14. Return from a mountain?; 16. Mauna ___; 27. Radius, e.g.; 28. Intensely interested; 30. Cup holders?; 35. Salute in stanzas; 36. Mental figures; 39. Click of condescension; 40. On the authority of; 47. Pirate Lafitte; 53. Maestro Klemperer; 54. Parris Isl. Outfit; 66. It has a very large bed; 68. Plot piece; 69. Athena’s symbol.   DOWN: 1. See 58-Down; 2. Potsdam pronoun; 7. Alternative to AOL or Juno; 8. Bath bathroom; 9. Global lending org.; 10. Cross-court items?; 18. It’s done for fun, for short; 22. ___ Bell; 23. Psalm start; 24. AOL or Juno; 26. D.C. diamond squad; 32. Granny, to a great-aunt; 34. Ref’s call; 38. Tony-winning “Spamalot” actress Ramirez; 41. City in Padua province; 42. Antique autos; 44. “Live Free or Die Hard” directed Wiseman; 58. With 1-Down, moderately sweet, to a vintner; 61. Hoops coach Kruger; 62. Magazine with an annual “500”; 63. La-la lead-in; 64. [Mumble, mumble]; 65. “Comprende?”






at 6:41 AM 0 comments

Fake : GreatDefender

-----------------------------------------------------------------------
Fake Alert : GreatDefender
Photobucket

a-squared 4.5.0.43 2009.12.30 -
AhnLab-V3 5.0.0.2 2009.12.29 -
AntiVir 7.9.1.122 2009.12.30 -
Antiy-AVL 2.0.3.7 2009.12.30 -
Authentium 5.2.0.5 2009.12.30 -
Avast 4.8.1351.0 2009.12.30 -
AVG 8.5.0.430 2009.12.30 -
BitDefender 7.2 2009.12.30 -
CAT-QuickHeal 10.00 2009.12.30 -
ClamAV 0.94.1 2009.12.30 -
Comodo 3414 2009.12.30 -
DrWeb 5.0.1.12222 2009.12.30 -
eSafe 7.0.17.0 2009.12.29 -
eTrust-Vet 35.1.7206 2009.12.30 -
F-Prot 4.5.1.85 2009.12.30 -
F-Secure 9.0.15370.0 2009.12.30 -
Fortinet 4.0.14.0 2009.12.30 -
GData 19 2009.12.30 -
Ikarus T3.1.1.79.0 2009.12.30 -
Jiangmin 13.0.900 2009.12.30 -
K7AntiVirus 7.10.932 2009.12.28 -
Kaspersky 7.0.0.125 2009.12.30 -
McAfee 5846 2009.12.29 FakeAlert-JM
McAfee+Artemis 5846 2009.12.29 FakeAlert-JM
McAfee-GW-Edition 6.8.5 2009.12.30 -
Microsoft 1.5302 2009.12.30 -
NOD32 4728 2009.12.30 -
Norman 6.04.03 2009.12.30 W32/FakeAV.JFW
nProtect 2009.1.8.0 2009.12.30 -
Panda 10.0.2.2 2009.12.30 -
PCTools 7.0.3.5 2009.12.30 -
Prevx 3.0 2009.12.30 -
Rising 22.28.02.04 2009.12.30 -
Sophos 4.49.0 2009.12.30 -
Sunbelt 3.2.1858.2 2009.12.30 -
Symantec 1.4.4.12 2009.12.30 -
TheHacker 6.5.0.3.121 2009.12.30 -
TrendMicro 9.120.0.1004 2009.12.30 -
VBA32 3.12.12.1 2009.12.30 -
ViRobot 2009.12.30.2116 2009.12.30 -
VirusBuster 5.0.21.0 2009.12.29 -
==================================================
Files Created
CommonDesktopDir%\GreatDefender.lnk
%CommonPrograms%\GreatDefender\1 GreatDefender.lnk
%CommonPrograms%\GreatDefender\2 Homepage.lnk
%CommonPrograms%\GreatDefender\3 Uninstall.lnk
%Temp%\nsa3.tmp\nsProcess.dll
%ProgramFiles%\GreatDefender Software\GreatDefender\GreatDefender.exe
%ProgramFiles%\GreatDefender Software\GreatDefender\uninstall.exe
%Windir%\10501sp5mbot2z19.dll
%Windir%\10550zor53ad9.exe
%Windir%\110z0s9y3d5.ocx
%Windir%\11153troj5z89.ocx
%Windir%\114859orm5e4z.exe
%Windir%\115fspzwar92928.ocx
%Windir%\115tzief9853.ocx
%Windir%\1165stealz629.exe
%Windir%\11sza95ot111.bin
%Windir%\122689r5j5zb.ocx
%Windir%\12558ha9ktool4z05.bin
%Windir%\126z1wo5m98f.ocx
%Windir%\130595zef3243.exe
%Windir%\13827tr9jza5.exe
%Windir%\13936sp5zbo9755.ocx
%Windir%\1494not-a-59rzs3c.exe
%Windir%\1503a5dwa9e195z.ocx
%Windir%\15080not5a-vzru969f.dll
%Windir%\15429ir10z.exe
%Windir%\15459z5rus18f.exe
%Windir%\15615vi9uz6aa5.dll
%Windir%\15728z9oj559.bin
%Windir%\15739ir83z.cpl
%Windir%\1594zhackt9ol6655.bin
%Windir%\159z9worm49.exe
%Windir%\15ddsparse2z97.bin
%Windir%\15z065ro95e9.bin
%Windir%\15z48sp9601.exe
%Windir%\15z49virus399.cpl
%Windir%\16982zor595c.ocx
%Windir%\16z64sp95245.bin
%Windir%\174515py917z.dll
%Windir%\17614trojzc95.ocx
%Windir%\17752troj99z.exe
%Windir%\1795vizu5628.ocx
%Windir%\17fzspyware29375.exe
%Windir%\18964spam5ot5az.bin
%Windir%\18ea95zrse2651.ocx
%Windir%\1950not5z-vi9us670.exe
%Windir%\196z1t9oj559.cpl
%Windir%\19865sp5mbot5az.exe
%Windir%\1991059rzs50b.dll
%Windir%\19950tz9j18d.dll
%Windir%\19z53s5am9ot335.bin
%Windir%\19z95h9ck5ool73.bin
%Windir%\1b9thiez1533.cpl
%Windir%\1cb3sparsez295.bin
%Windir%\1d25tzreat29018.bin
%Windir%\1d93addwzr52565.exe
%Windir%\1ez9do5nl9ader2545.exe
%Windir%\20959oz-a-virus1535.exe
%Windir%\20b3baczdo5r14649.dll
%Windir%\21139zp5mbot648.cpl
%Windir%\21815not-9-virus57z.bin
%Windir%\21f5th9eat29945z.dll
%Windir%\21z905ir9s163.cpl
%Windir%\222not-a-z5rus794.ocx
%Windir%\22714hackt9ol5z5.exe
%Windir%\2295ad9war538z.exe
%Windir%\230159py79z.cpl
%Windir%\23199sp5mzot2a2.exe
%Windir%\239105izu93a4.exe
%Windir%\23952spy585z.dll
%Windir%\24291not-a-v5zus2c5.cpl
%Windir%\249765orm5z4.dll
%Windir%\253625pzmbo929e.ocx
%Windir%\25514h5cktool49bz.exe
%Windir%\25531szambot199.ocx
%Windir%\25532spy96z.dll
%Windir%\255faddwz9e31715.ocx
%Windir%\255z0wor931b.dll
%Windir%\25713wo9z5c6.ocx
%Windir%\2594steaz5279.exe
%Windir%\25999no9-a-virusz35.dll
%Windir%\259bdowz9oader1051.cpl
%Windir%\25b9th9eatz9391.exe
%Windir%\25c2do9nloaderz054.bin
%Windir%\25d69hizf1155.exe
%Windir%\25s9yzfa5.cpl
%Windir%\2604addz9re5193.bin
%Windir%\26566h9ck5ool199z.bin
%Windir%\265zpambot109.ocx
%Windir%\269095zrus573.cpl
%Windir%\275679pambotz15.exe
%Windir%\277359pz540.ocx
%Windir%\28235zpy5b9.exe
%Windir%\28522tro975z.cpl
%Windir%\286dzt9al1615.ocx
%Windir%\288865ot-a-vizus2c9.ocx
%Windir%\29154haczt5ol2bd.exe

%CommonDesktopDir% = C:\Documents and Settings\All Users\Desktop
%CommonPrograms% = C:\Documents and Settings\All Users\Start Menu\Programs
%Windir% = C:\Wondows

Registry Modifications
Keys Added
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GreatDefender
HKLM\SOFTWARE\GreatDefender

Values Added
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
cf = ""
tr = ""

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GreatDefender\
DisplayName = "GreatDefender"
UninstallString = ""%ProgramFiles%\GreatDefender Software\GreatDefender\uninstall.exe""
NoModify = 0x00000001
NoRepair = 0x00000001

HKLM\SOFTWARE\GreatDefender\
Lang = "English"
Install_Dir = "%ProgramFiles%\GreatDefender Software\GreatDefender"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
GreatDefender = %ProgramFiles%\GreatDefender Software\GreatDefender\GreatDefender.exe

==================================================
วิธีกำจัด /แก้ : Fake Alert : GreatDefender
==================================================
Download Fix Tool :
at 5:44 AM 0 comments
Labels:

Fake : GreatDefender

-----------------------------------------------------------------------
Fake Alert : GreatDefender
Photobucket

a-squared 4.5.0.43 2009.12.30 -
AhnLab-V3 5.0.0.2 2009.12.29 -
AntiVir 7.9.1.122 2009.12.30 -
Antiy-AVL 2.0.3.7 2009.12.30 -
Authentium 5.2.0.5 2009.12.30 -
Avast 4.8.1351.0 2009.12.30 -
AVG 8.5.0.430 2009.12.30 -
BitDefender 7.2 2009.12.30 -
CAT-QuickHeal 10.00 2009.12.30 -
ClamAV 0.94.1 2009.12.30 -
Comodo 3414 2009.12.30 -
DrWeb 5.0.1.12222 2009.12.30 -
eSafe 7.0.17.0 2009.12.29 -
eTrust-Vet 35.1.7206 2009.12.30 -
F-Prot 4.5.1.85 2009.12.30 -
F-Secure 9.0.15370.0 2009.12.30 -
Fortinet 4.0.14.0 2009.12.30 -
GData 19 2009.12.30 -
Ikarus T3.1.1.79.0 2009.12.30 -
Jiangmin 13.0.900 2009.12.30 -
K7AntiVirus 7.10.932 2009.12.28 -
Kaspersky 7.0.0.125 2009.12.30 -
McAfee 5846 2009.12.29 FakeAlert-JM
McAfee+Artemis 5846 2009.12.29 FakeAlert-JM
McAfee-GW-Edition 6.8.5 2009.12.30 -
Microsoft 1.5302 2009.12.30 -
NOD32 4728 2009.12.30 -
Norman 6.04.03 2009.12.30 W32/FakeAV.JFW
nProtect 2009.1.8.0 2009.12.30 -
Panda 10.0.2.2 2009.12.30 -
PCTools 7.0.3.5 2009.12.30 -
Prevx 3.0 2009.12.30 -
Rising 22.28.02.04 2009.12.30 -
Sophos 4.49.0 2009.12.30 -
Sunbelt 3.2.1858.2 2009.12.30 -
Symantec 1.4.4.12 2009.12.30 -
TheHacker 6.5.0.3.121 2009.12.30 -
TrendMicro 9.120.0.1004 2009.12.30 -
VBA32 3.12.12.1 2009.12.30 -
ViRobot 2009.12.30.2116 2009.12.30 -
VirusBuster 5.0.21.0 2009.12.29 -
==================================================
Files Created
CommonDesktopDir%\GreatDefender.lnk
%CommonPrograms%\GreatDefender\1 GreatDefender.lnk
%CommonPrograms%\GreatDefender\2 Homepage.lnk
%CommonPrograms%\GreatDefender\3 Uninstall.lnk
%Temp%\nsa3.tmp\nsProcess.dll
%ProgramFiles%\GreatDefender Software\GreatDefender\GreatDefender.exe
%ProgramFiles%\GreatDefender Software\GreatDefender\uninstall.exe
%Windir%\10501sp5mbot2z19.dll
%Windir%\10550zor53ad9.exe
%Windir%\110z0s9y3d5.ocx
%Windir%\11153troj5z89.ocx
%Windir%\114859orm5e4z.exe
%Windir%\115fspzwar92928.ocx
%Windir%\115tzief9853.ocx
%Windir%\1165stealz629.exe
%Windir%\11sza95ot111.bin
%Windir%\122689r5j5zb.ocx
%Windir%\12558ha9ktool4z05.bin
%Windir%\126z1wo5m98f.ocx
%Windir%\130595zef3243.exe
%Windir%\13827tr9jza5.exe
%Windir%\13936sp5zbo9755.ocx
%Windir%\1494not-a-59rzs3c.exe
%Windir%\1503a5dwa9e195z.ocx
%Windir%\15080not5a-vzru969f.dll
%Windir%\15429ir10z.exe
%Windir%\15459z5rus18f.exe
%Windir%\15615vi9uz6aa5.dll
%Windir%\15728z9oj559.bin
%Windir%\15739ir83z.cpl
%Windir%\1594zhackt9ol6655.bin
%Windir%\159z9worm49.exe
%Windir%\15ddsparse2z97.bin
%Windir%\15z065ro95e9.bin
%Windir%\15z48sp9601.exe
%Windir%\15z49virus399.cpl
%Windir%\16982zor595c.ocx
%Windir%\16z64sp95245.bin
%Windir%\174515py917z.dll
%Windir%\17614trojzc95.ocx
%Windir%\17752troj99z.exe
%Windir%\1795vizu5628.ocx
%Windir%\17fzspyware29375.exe
%Windir%\18964spam5ot5az.bin
%Windir%\18ea95zrse2651.ocx
%Windir%\1950not5z-vi9us670.exe
%Windir%\196z1t9oj559.cpl
%Windir%\19865sp5mbot5az.exe
%Windir%\1991059rzs50b.dll
%Windir%\19950tz9j18d.dll
%Windir%\19z53s5am9ot335.bin
%Windir%\19z95h9ck5ool73.bin
%Windir%\1b9thiez1533.cpl
%Windir%\1cb3sparsez295.bin
%Windir%\1d25tzreat29018.bin
%Windir%\1d93addwzr52565.exe
%Windir%\1ez9do5nl9ader2545.exe
%Windir%\20959oz-a-virus1535.exe
%Windir%\20b3baczdo5r14649.dll
%Windir%\21139zp5mbot648.cpl
%Windir%\21815not-9-virus57z.bin
%Windir%\21f5th9eat29945z.dll
%Windir%\21z905ir9s163.cpl
%Windir%\222not-a-z5rus794.ocx
%Windir%\22714hackt9ol5z5.exe
%Windir%\2295ad9war538z.exe
%Windir%\230159py79z.cpl
%Windir%\23199sp5mzot2a2.exe
%Windir%\239105izu93a4.exe
%Windir%\23952spy585z.dll
%Windir%\24291not-a-v5zus2c5.cpl
%Windir%\249765orm5z4.dll
%Windir%\253625pzmbo929e.ocx
%Windir%\25514h5cktool49bz.exe
%Windir%\25531szambot199.ocx
%Windir%\25532spy96z.dll
%Windir%\255faddwz9e31715.ocx
%Windir%\255z0wor931b.dll
%Windir%\25713wo9z5c6.ocx
%Windir%\2594steaz5279.exe
%Windir%\25999no9-a-virusz35.dll
%Windir%\259bdowz9oader1051.cpl
%Windir%\25b9th9eatz9391.exe
%Windir%\25c2do9nloaderz054.bin
%Windir%\25d69hizf1155.exe
%Windir%\25s9yzfa5.cpl
%Windir%\2604addz9re5193.bin
%Windir%\26566h9ck5ool199z.bin
%Windir%\265zpambot109.ocx
%Windir%\269095zrus573.cpl
%Windir%\275679pambotz15.exe
%Windir%\277359pz540.ocx
%Windir%\28235zpy5b9.exe
%Windir%\28522tro975z.cpl
%Windir%\286dzt9al1615.ocx
%Windir%\288865ot-a-vizus2c9.ocx
%Windir%\29154haczt5ol2bd.exe

%CommonDesktopDir% = C:\Documents and Settings\All Users\Desktop
%CommonPrograms% = C:\Documents and Settings\All Users\Start Menu\Programs
%Windir% = C:\Wondows

Registry Modifications
Keys Added
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GreatDefender
HKLM\SOFTWARE\GreatDefender

Values Added
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
cf = ""
tr = ""

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GreatDefender\
DisplayName = "GreatDefender"
UninstallString = ""%ProgramFiles%\GreatDefender Software\GreatDefender\uninstall.exe""
NoModify = 0x00000001
NoRepair = 0x00000001

HKLM\SOFTWARE\GreatDefender\
Lang = "English"
Install_Dir = "%ProgramFiles%\GreatDefender Software\GreatDefender"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
GreatDefender = %ProgramFiles%\GreatDefender Software\GreatDefender\GreatDefender.exe

==================================================
วิธีกำจัด /แก้ : Fake Alert : GreatDefender
==================================================
Download Fix Tool :
at 5:44 AM 0 comments
Labels:

How to remove vscie.exe

vscie.exe , bigdoor.exe
Files Size 176,000 bytes
MD5: F97BE1AA4571D641686DE0E321B5BF0C
SHA-1: BE9BE037AC4AA4EC54040684E985480E728E0FB1
=================================================
r2p81t.exe , zoorfat.exe
Files Size 177,300 bytes
MD5: 6EEEF9DF72B8F3A99895E9851F8361E6
SHA-1: D75BA37660E5BED5D53D4A04F885D469C6303995
=================================================
Files Created
%System%\bigdoor.exe
%System%\zoorfat.exe
%System%\bigie0.dll (0-9)
%System%\bigmn0.dll (0-9)
%System%\zorie0.dll (0-9)
%System%\zormn0.dll (0-9)
X:\vscie.exe
X:\r2p81t.exe
X:\autorun.inf

%System% = C:\Windows\System32\
X:\ = C:\-Z:\

Registry Modifications
Key Added
HKLM\SOFTWARE\Classes\CLSID\MNDOWN
HKLM\SOFTWARE\Classes\CLSID\
{238C32AB-955D-4707-AAB9-C9B3AB8D4225}
HKLM\SOFTWARE\Classes\CLSID\
{238C32AB-955D-4707-AAB9-C9B3AB8D4225}\InprocServer32
HKLM\SOFTWARE\Classes\CLSID\
{238C32AB-955D-4707-AAB9-C9B3AB8D4225}\ProgID
HKLM\SOFTWARE\Classes\CLSID\
{238C32AB-955D-4707-AAB9-C9B3AB8D4225}\Programmable
HKLM\SOFTWARE\Classes\CLSID\
{238C32AB-955D-4707-AAB9-C9B3AB8D4225}\VersionIndependentProgID
HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}
HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\InprocServer32
HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\ProgID
HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\Programmable
HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\VersionIndependentProgID
HKLM\SOFTWARE\Classes\Interface\
{238C32AC-955D-4707-AAB9-C9B3AB8D4225}
HKLM\SOFTWARE\Classes\Interface\
{238C32AC-955D-4707-AAB9-C9B3AB8D4225}\ProxyStubClsid
HKLM\SOFTWARE\Classes\Interface\
{238C32AC-955D-4707-AAB9-C9B3AB8D4225}\ProxyStubClsid32
HKLM\SOFTWARE\Classes\Interface\
{238C32AC-955D-4707-AAB9-C9B3AB8D4225}\TypeLib
HKLM\SOFTWARE\Classes\Interface\
{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}
HKLM\SOFTWARE\Classes\Interface\
{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\ProxyStubClsid
HKLM\SOFTWARE\Classes\Interface\
{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\ProxyStubClsid32
HKLM\SOFTWARE\Classes\Interface\
{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\TypeLib
HKLM\SOFTWARE\Classes\TypeLib\
{238C32A2-955D-4707-AAB9-C9B3AB8D4225}
HKLM\SOFTWARE\Classes\TypeLib\
{238C32A2-955D-4707-AAB9-C9B3AB8D4225}\1.0
HKLM\SOFTWARE\Classes\TypeLib\
{238C32A2-955D-4707-AAB9-C9B3AB8D4225}\1.0\0
HKLM\SOFTWARE\Classes\TypeLib\
{238C32A2-955D-4707-AAB9-C9B3AB8D4225}\1.0\0\win32
HKLM\SOFTWARE\Classes\TypeLib\
{238C32A2-955D-4707-AAB9-C9B3AB8D4225}\1.0\FLAGS
HKLM\SOFTWARE\Classes\TypeLib\
{238C32A2-955D-4707-AAB9-C9B3AB8D4225}\1.0\HELPDIR
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\0
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\0\win32
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\FLAGS
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\HELPDIR
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj\CurVer
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj.1
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj.1\CLSID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Browser Helper Objects\{238C32AB-955D-4707-AAB9-C9B3AB8D4225}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Browser Helper Objects\{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}

Values Added
HKLM\SOFTWARE\Classes\CLSID\MNDOWN\urlinfo = "csacdf.r"

HKLM\SOFTWARE\Classes\CLSID\
{238C32AB-955D-4707-AAB9-C9B3AB8D4225}\VersionIndependentProgID\
(Default) = "IEHlprObj.IEHlprObj"

HKLM\SOFTWARE\Classes\CLSID\
{238C32AB-955D-4707-AAB9-C9B3AB8D4225}\ProgID\
(Default) = "IEHlprObj.IEHlprObj.1"

HKLM\SOFTWARE\Classes\CLSID\
{238C32AB-955D-4707-AAB9-C9B3AB8D4225}\InprocServer32\
(Default) = "%System%\bigmn1.dll"
ThreadingModel = "Apartment"

HKLM\SOFTWARE\Classes\CLSID\
{238C32AB-955D-4707-AAB9-C9B3AB8D4225}\
(Default) = "IEHlprObj Class"

HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\VersionIndependentProgID\
(Default) = "IEHlprObj.IEHlprObj"

HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\ProgID\
(Default) = "IEHlprObj.IEHlprObj.1"

HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\InprocServer32\
(Default) = "%System%\zormn0.dll"
ThreadingModel = "Apartment"

HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\
(Default) = "IEHlprObj Class"

HKLM\SOFTWARE\Classes\Interface\
{238C32AC-955D-4707-AAB9-C9B3AB8D4225}\TypeLib\
(Default) = "{238C32A2-955D-4707-AAB9-C9B3AB8D4225}"
Version = "1.0"

HKLM\SOFTWARE\Classes\Interface\
{238C32AC-955D-4707-AAB9-C9B3AB8D4225}\ProxyStubClsid32\
(Default) = "{00020424-0000-0000-C000-000000000046}"

HKLM\SOFTWARE\Classes\Interface\
{238C32AC-955D-4707-AAB9-C9B3AB8D4225}\ProxyStubClsid\
(Default) = "{00020424-0000-0000-C000-000000000046}"

HKLM\SOFTWARE\Classes\Interface\
{238C32AC-955D-4707-AAB9-C9B3AB8D4225}\
(Default) = "IIEHlprObj"
HKLM\SOFTWARE\Classes\Interface\{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\TypeLib\
(Default) = "{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}"
Version = "1.0"

HKLM\SOFTWARE\Classes\Interface\
{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\ProxyStubClsid32\
(Default) = "{00020424-0000-0000-C000-000000000046}"

HKLM\SOFTWARE\Classes\Interface\
{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\ProxyStubClsid\
(Default) = "{00020424-0000-0000-C000-000000000046}"

HKLM\SOFTWARE\Classes\Interface\
{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\
(Default) = "IIEHlprObj"

HKLM\SOFTWARE\Classes\TypeLib\
{238C32A2-955D-4707-AAB9-C9B3AB8D4225}\1.0\0\win32\
(Default) = "%System%\bigmn1.dll"
HKLM\SOFTWARE\Classes\TypeLib\
{238C32A2-955D-4707-AAB9-C9B3AB8D4225}\1.0\HELPDIR\
(Default) = "%System%\"
HKLM\SOFTWARE\Classes\TypeLib\
{238C32A2-955D-4707-AAB9-C9B3AB8D4225}\1.0\FLAGS\
(Default) = "0"
HKLM\SOFTWARE\Classes\TypeLib\
{238C32A2-955D-4707-AAB9-C9B3AB8D4225}\1.0\
(Default) = "IEHelper 1.0 Type Library"
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\0\win32\
(Default) = "%System%\zormn0.dll"
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\HELPDIR\
(Default) = "%System%\"
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\FLAGS\
(Default) = "0"
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\
(Default) = "IEHelper 1.0 Type Library"
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj\CurVer\
(Default) = "IEHlprObj.IEHlprObj.1"
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj\
(Default) = "IEHlprObj Class"
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj.1\CLSID\
(Default) = "{238C32AB-955D-4707-AAB9-C9B3AB8D4225}"
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj.1\
(Default) = "IEHlprObj Class"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
bigsoft = "%System%\bigdoor.exe"
zoorfat = "%System%\zoorfat.exe"


Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ Folder\Hidden\SHOWALL\CheckedValue = 0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Hidden = 0x00000002

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ShowSuperHidden = 0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDriveTypeAutoRun = 0x00000091

Remote Host
218.59.144.138 port 80

URLs to be download/data identified
http://dfsd6.com/1hg/ah1.rar
http://dfsd6.com/1hg/ah.rar

==================================================
วิธีกำจัด/แก้ virus : vscie.exe , bigdoor.exe
==================================================


at 5:34 AM 0 comments
Labels:

How to remove vscie.exe

vscie.exe , bigdoor.exe
Files Size 176,000 bytes
MD5: F97BE1AA4571D641686DE0E321B5BF0C
SHA-1: BE9BE037AC4AA4EC54040684E985480E728E0FB1
=================================================
r2p81t.exe , zoorfat.exe
Files Size 177,300 bytes
MD5: 6EEEF9DF72B8F3A99895E9851F8361E6
SHA-1: D75BA37660E5BED5D53D4A04F885D469C6303995
=================================================
Files Created
%System%\bigdoor.exe
%System%\zoorfat.exe
%System%\bigie0.dll (0-9)
%System%\bigmn0.dll (0-9)
%System%\zorie0.dll (0-9)
%System%\zormn0.dll (0-9)
X:\vscie.exe
X:\r2p81t.exe
X:\autorun.inf

%System% = C:\Windows\System32\
X:\ = C:\-Z:\

Registry Modifications
Key Added
HKLM\SOFTWARE\Classes\CLSID\MNDOWN
HKLM\SOFTWARE\Classes\CLSID\
{238C32AB-955D-4707-AAB9-C9B3AB8D4225}
HKLM\SOFTWARE\Classes\CLSID\
{238C32AB-955D-4707-AAB9-C9B3AB8D4225}\InprocServer32
HKLM\SOFTWARE\Classes\CLSID\
{238C32AB-955D-4707-AAB9-C9B3AB8D4225}\ProgID
HKLM\SOFTWARE\Classes\CLSID\
{238C32AB-955D-4707-AAB9-C9B3AB8D4225}\Programmable
HKLM\SOFTWARE\Classes\CLSID\
{238C32AB-955D-4707-AAB9-C9B3AB8D4225}\VersionIndependentProgID
HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}
HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\InprocServer32
HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\ProgID
HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\Programmable
HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\VersionIndependentProgID
HKLM\SOFTWARE\Classes\Interface\
{238C32AC-955D-4707-AAB9-C9B3AB8D4225}
HKLM\SOFTWARE\Classes\Interface\
{238C32AC-955D-4707-AAB9-C9B3AB8D4225}\ProxyStubClsid
HKLM\SOFTWARE\Classes\Interface\
{238C32AC-955D-4707-AAB9-C9B3AB8D4225}\ProxyStubClsid32
HKLM\SOFTWARE\Classes\Interface\
{238C32AC-955D-4707-AAB9-C9B3AB8D4225}\TypeLib
HKLM\SOFTWARE\Classes\Interface\
{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}
HKLM\SOFTWARE\Classes\Interface\
{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\ProxyStubClsid
HKLM\SOFTWARE\Classes\Interface\
{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\ProxyStubClsid32
HKLM\SOFTWARE\Classes\Interface\
{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\TypeLib
HKLM\SOFTWARE\Classes\TypeLib\
{238C32A2-955D-4707-AAB9-C9B3AB8D4225}
HKLM\SOFTWARE\Classes\TypeLib\
{238C32A2-955D-4707-AAB9-C9B3AB8D4225}\1.0
HKLM\SOFTWARE\Classes\TypeLib\
{238C32A2-955D-4707-AAB9-C9B3AB8D4225}\1.0\0
HKLM\SOFTWARE\Classes\TypeLib\
{238C32A2-955D-4707-AAB9-C9B3AB8D4225}\1.0\0\win32
HKLM\SOFTWARE\Classes\TypeLib\
{238C32A2-955D-4707-AAB9-C9B3AB8D4225}\1.0\FLAGS
HKLM\SOFTWARE\Classes\TypeLib\
{238C32A2-955D-4707-AAB9-C9B3AB8D4225}\1.0\HELPDIR
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\0
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\0\win32
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\FLAGS
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\HELPDIR
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj\CurVer
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj.1
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj.1\CLSID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Browser Helper Objects\{238C32AB-955D-4707-AAB9-C9B3AB8D4225}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Browser Helper Objects\{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}

Values Added
HKLM\SOFTWARE\Classes\CLSID\MNDOWN\urlinfo = "csacdf.r"

HKLM\SOFTWARE\Classes\CLSID\
{238C32AB-955D-4707-AAB9-C9B3AB8D4225}\VersionIndependentProgID\
(Default) = "IEHlprObj.IEHlprObj"

HKLM\SOFTWARE\Classes\CLSID\
{238C32AB-955D-4707-AAB9-C9B3AB8D4225}\ProgID\
(Default) = "IEHlprObj.IEHlprObj.1"

HKLM\SOFTWARE\Classes\CLSID\
{238C32AB-955D-4707-AAB9-C9B3AB8D4225}\InprocServer32\
(Default) = "%System%\bigmn1.dll"
ThreadingModel = "Apartment"

HKLM\SOFTWARE\Classes\CLSID\
{238C32AB-955D-4707-AAB9-C9B3AB8D4225}\
(Default) = "IEHlprObj Class"

HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\VersionIndependentProgID\
(Default) = "IEHlprObj.IEHlprObj"

HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\ProgID\
(Default) = "IEHlprObj.IEHlprObj.1"

HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\InprocServer32\
(Default) = "%System%\zormn0.dll"
ThreadingModel = "Apartment"

HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\
(Default) = "IEHlprObj Class"

HKLM\SOFTWARE\Classes\Interface\
{238C32AC-955D-4707-AAB9-C9B3AB8D4225}\TypeLib\
(Default) = "{238C32A2-955D-4707-AAB9-C9B3AB8D4225}"
Version = "1.0"

HKLM\SOFTWARE\Classes\Interface\
{238C32AC-955D-4707-AAB9-C9B3AB8D4225}\ProxyStubClsid32\
(Default) = "{00020424-0000-0000-C000-000000000046}"

HKLM\SOFTWARE\Classes\Interface\
{238C32AC-955D-4707-AAB9-C9B3AB8D4225}\ProxyStubClsid\
(Default) = "{00020424-0000-0000-C000-000000000046}"

HKLM\SOFTWARE\Classes\Interface\
{238C32AC-955D-4707-AAB9-C9B3AB8D4225}\
(Default) = "IIEHlprObj"
HKLM\SOFTWARE\Classes\Interface\{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\TypeLib\
(Default) = "{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}"
Version = "1.0"

HKLM\SOFTWARE\Classes\Interface\
{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\ProxyStubClsid32\
(Default) = "{00020424-0000-0000-C000-000000000046}"

HKLM\SOFTWARE\Classes\Interface\
{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\ProxyStubClsid\
(Default) = "{00020424-0000-0000-C000-000000000046}"

HKLM\SOFTWARE\Classes\Interface\
{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\
(Default) = "IIEHlprObj"

HKLM\SOFTWARE\Classes\TypeLib\
{238C32A2-955D-4707-AAB9-C9B3AB8D4225}\1.0\0\win32\
(Default) = "%System%\bigmn1.dll"
HKLM\SOFTWARE\Classes\TypeLib\
{238C32A2-955D-4707-AAB9-C9B3AB8D4225}\1.0\HELPDIR\
(Default) = "%System%\"
HKLM\SOFTWARE\Classes\TypeLib\
{238C32A2-955D-4707-AAB9-C9B3AB8D4225}\1.0\FLAGS\
(Default) = "0"
HKLM\SOFTWARE\Classes\TypeLib\
{238C32A2-955D-4707-AAB9-C9B3AB8D4225}\1.0\
(Default) = "IEHelper 1.0 Type Library"
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\0\win32\
(Default) = "%System%\zormn0.dll"
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\HELPDIR\
(Default) = "%System%\"
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\FLAGS\
(Default) = "0"
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\
(Default) = "IEHelper 1.0 Type Library"
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj\CurVer\
(Default) = "IEHlprObj.IEHlprObj.1"
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj\
(Default) = "IEHlprObj Class"
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj.1\CLSID\
(Default) = "{238C32AB-955D-4707-AAB9-C9B3AB8D4225}"
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj.1\
(Default) = "IEHlprObj Class"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
bigsoft = "%System%\bigdoor.exe"
zoorfat = "%System%\zoorfat.exe"


Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ Folder\Hidden\SHOWALL\CheckedValue = 0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Hidden = 0x00000002

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ShowSuperHidden = 0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDriveTypeAutoRun = 0x00000091

Remote Host
218.59.144.138 port 80

URLs to be download/data identified
http://dfsd6.com/1hg/ah1.rar
http://dfsd6.com/1hg/ah.rar

==================================================
วิธีกำจัด/แก้ virus : vscie.exe , bigdoor.exe
==================================================


at 5:34 AM 0 comments
Labels:

How to remove r2p81t.exe

r2p81t.exe , zoorfat.exe
Files size 178,319 bytes
MD5: FB63BE88DB061911A447BA031432B1E1
SHA-1: BC5826FE1BF83C6539F2B53353790BA999A4EC38
=================================================
Files Created

%System%\zoorfat.exe
%System%\zorie0.dll (0-9)
%System%\zormn0.dll (0-9)
X:\r2p81t.exe
X:\autorun.inf

%System% = C:\Windows\System32\
X:\ = C:\-Z:\

Registry Modifications
Keys Added
HKLM\SOFTWARE\Classes\CLSID\MNDOWN
HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}
HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\InprocServer32
HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\ProgID
HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\Programmable
HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\VersionIndependentProgID
HKLM\SOFTWARE\Classes\Interface\
{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}
HKLM\SOFTWARE\Classes\Interface\
{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\ProxyStubClsid
HKLM\SOFTWARE\Classes\Interface\
{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\ProxyStubClsid32
HKLM\SOFTWARE\Classes\Interface\
{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\TypeLib
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\0
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\0\win32
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\FLAGS
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\HELPDIR
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj\CurVer
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj.1
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj.1\CLSID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Browser Helper Objects\{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}

Values Added
HKLM\SOFTWARE\Classes\CLSID\MNDOWN\urlinfo = "csacdf.s"

HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\VersionIndependentProgID\
(Default) = "IEHlprObj.IEHlprObj"

HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\ProgID\
(Default) = "IEHlprObj.IEHlprObj.1"

HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\InprocServer32\
(Default) = "%System%\zormn0.dll"
ThreadingModel = "Apartment"

HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\
(Default) = "IEHlprObj Class"

HKLM\SOFTWARE\Classes\Interface\
{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\TypeLib\
(Default) = "{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}"
Version = "1.0"

HKLM\SOFTWARE\Classes\Interface\
{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\ProxyStubClsid32\
(Default) = "{00020424-0000-0000-C000-000000000046}"

HKLM\SOFTWARE\Classes\Interface\
{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\ProxyStubClsid\
(Default) = "{00020424-0000-0000-C000-000000000046}"

HKLM\SOFTWARE\Classes\Interface\
{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\
(Default) = "IIEHlprObj"

HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\0\win32\
(Default) = "%System%\zormn0.dll"

HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\HELPDIR\
(Default) = "%System%\"

HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\FLAGS\
(Default) = "0"

HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\
(Default) = "IEHelper 1.0 Type Library"

HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj\CurVer\
(Default) = "IEHlprObj.IEHlprObj.1"

HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj\
(Default) = "IEHlprObj Class"

HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj.1\CLSID\
(Default) = "{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}"

HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj.1\
(Default) = "IEHlprObj Class"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
zoorfat = "%System%\zoorfat.exe"

Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ Folder\Hidden\SHOWALL\CheckedValue = 0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Hidden = 0x00000002

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ShowSuperHidden = 0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDriveTypeAutoRun = 0x00000091

Remote Host
218.59.144.138 port80

URL to be download/data identified
http://dfsd6.com/1hg/ah1.rar
http://dfsd6.com/1hg/ah.rar
==================================================
วิธีกำจัด/แก้ virus : r2p81t.exe , zoorfat.exe
==================================================


at 5:14 AM 0 comments
Labels:

How to remove r2p81t.exe

r2p81t.exe , zoorfat.exe
Files size 178,319 bytes
MD5: FB63BE88DB061911A447BA031432B1E1
SHA-1: BC5826FE1BF83C6539F2B53353790BA999A4EC38
=================================================
Files Created

%System%\zoorfat.exe
%System%\zorie0.dll (0-9)
%System%\zormn0.dll (0-9)
X:\r2p81t.exe
X:\autorun.inf

%System% = C:\Windows\System32\
X:\ = C:\-Z:\

Registry Modifications
Keys Added
HKLM\SOFTWARE\Classes\CLSID\MNDOWN
HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}
HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\InprocServer32
HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\ProgID
HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\Programmable
HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\VersionIndependentProgID
HKLM\SOFTWARE\Classes\Interface\
{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}
HKLM\SOFTWARE\Classes\Interface\
{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\ProxyStubClsid
HKLM\SOFTWARE\Classes\Interface\
{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\ProxyStubClsid32
HKLM\SOFTWARE\Classes\Interface\
{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\TypeLib
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\0
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\0\win32
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\FLAGS
HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\HELPDIR
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj\CurVer
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj.1
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj.1\CLSID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Browser Helper Objects\{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}

Values Added
HKLM\SOFTWARE\Classes\CLSID\MNDOWN\urlinfo = "csacdf.s"

HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\VersionIndependentProgID\
(Default) = "IEHlprObj.IEHlprObj"

HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\ProgID\
(Default) = "IEHlprObj.IEHlprObj.1"

HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\InprocServer32\
(Default) = "%System%\zormn0.dll"
ThreadingModel = "Apartment"

HKLM\SOFTWARE\Classes\CLSID\
{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}\
(Default) = "IEHlprObj Class"

HKLM\SOFTWARE\Classes\Interface\
{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\TypeLib\
(Default) = "{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}"
Version = "1.0"

HKLM\SOFTWARE\Classes\Interface\
{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\ProxyStubClsid32\
(Default) = "{00020424-0000-0000-C000-000000000046}"

HKLM\SOFTWARE\Classes\Interface\
{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\ProxyStubClsid\
(Default) = "{00020424-0000-0000-C000-000000000046}"

HKLM\SOFTWARE\Classes\Interface\
{7F23592C-8F2C-4C08-83A8-BBE01BF9CC64}\
(Default) = "IIEHlprObj"

HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\0\win32\
(Default) = "%System%\zormn0.dll"

HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\HELPDIR\
(Default) = "%System%\"

HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\FLAGS\
(Default) = "0"

HKLM\SOFTWARE\Classes\TypeLib\
{7F235922-8F2C-4C08-83A8-BBE01BF9CC64}\1.0\
(Default) = "IEHelper 1.0 Type Library"

HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj\CurVer\
(Default) = "IEHlprObj.IEHlprObj.1"

HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj\
(Default) = "IEHlprObj Class"

HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj.1\CLSID\
(Default) = "{7F23592B-8F2C-4C08-83A8-BBE01BF9CC64}"

HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj.1\
(Default) = "IEHlprObj Class"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
zoorfat = "%System%\zoorfat.exe"

Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ Folder\Hidden\SHOWALL\CheckedValue = 0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Hidden = 0x00000002

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ShowSuperHidden = 0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDriveTypeAutoRun = 0x00000091

Remote Host
218.59.144.138 port80

URL to be download/data identified
http://dfsd6.com/1hg/ah1.rar
http://dfsd6.com/1hg/ah.rar
==================================================
วิธีกำจัด/แก้ virus : r2p81t.exe , zoorfat.exe
==================================================


at 5:14 AM 0 comments
Labels:

How to remove 0qw6vege.exe

0qw6vege.exe , herss.exe
Files size 114,071 bytes
MD5: 012E574DDFADDD5478DD59BBF58112E5
SHA-1: DE81CD67BB8160A3409F5E857D382EDD1A0C5C9B
================================================
Files Created

%Temp%\herss.exe
%Temp%\cvasds0.dll (0-9)
X:\0qw6vege.exe
X:\autorun.inf

%Temp% = C:\Documents and Settings\[UserName]\Local Settings\Temp\
X:\ = C:\-Z:\

Registry Modifications
Value added
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
cdoosoft = "%Temp%\herss.exe"

Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ Folder\Hidden\SHOWALL\CheckedValue = 0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Hidden = 0x00000002

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ShowSuperHidden = 0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDriveTypeAutoRun = 0x00000091

URL to be download/data identified
http://www.yahoo803.com/1mg/am1.rar> %Temp%\am1.rar> am1.exe

==================================================
วิธีกำจัด/แก้ virus : 0qw6vege.exe , herss.exe
==================================================


at 4:57 AM 0 comments
Labels:
Subscribe to: Posts (Atom)