SALMAN
09-20-2010, 06:51 AM
Description of trojan Win_Updater
This malware installs a service in your computer and configure it to start automatically at Windows startup, Once the malware is active, it will hijack your browser, monitor your internet activities and send out encrypted data to remote computer.
Objects of trojan Win_Updater
Registry Key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Win_Updater
File:
C:\Windows\System32\system\svchost.exe
last night my internet was connected.. & i did not download anything.. but I saw that something was downloading.. then I search in Process.. I found a file "safesurf.exe" & a service also..name Win_Updater (win32 updater).. I was surprised .. what was that..
then very first I Disable "Win_Updater" service
then went to command prompt
then I typed
sc delete Win_Updater
after then.. I scanned c:\windows\system32 by Stinger..
see what it found there
McAfee® Stinger Version 10.1.0.995 built on Aug 5 2010
Copyright © 2010 McAfee, Inc. All Rights Reserved.
Virus data file v1000 created on Aug 5 2010.
Ready to scan for 4342 viruses, trojans and variants.
Scan initiated on Mon Sep 20 06:58:11 2010
C:\WINDOWS\system32\ICH.exe
Found the Artemis!9E4DB8CEE901 trojan !!!
C:\WINDOWS\system32\ICH.exe has been deleted.
C:\WINDOWS\system32\tuv\Upder.exe
Found the Artemis!DC94C295B9CB trojan !!!
C:\WINDOWS\system32\tuv\Upder.exe has been deleted.
Number of clean files: 3370
Number of Trojans: 2
Number of files deleted: 2
Please check daily in C:\Documents and Settings\USER\Application Data
NOW A DAYS VIRUS R MORE INTELLGENT..
IT DOES NOT HOOK AT NORMAL STARTUP IN "RUN"
BUT NOW IT HOOKS IN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Explorer
SO BEWARE ABOUT TODAYS VIRUSES/ TROJANS
:sword:
This malware installs a service in your computer and configure it to start automatically at Windows startup, Once the malware is active, it will hijack your browser, monitor your internet activities and send out encrypted data to remote computer.
Objects of trojan Win_Updater
Registry Key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Win_Updater
File:
C:\Windows\System32\system\svchost.exe
last night my internet was connected.. & i did not download anything.. but I saw that something was downloading.. then I search in Process.. I found a file "safesurf.exe" & a service also..name Win_Updater (win32 updater).. I was surprised .. what was that..
then very first I Disable "Win_Updater" service
then went to command prompt
then I typed
sc delete Win_Updater
after then.. I scanned c:\windows\system32 by Stinger..
see what it found there
McAfee® Stinger Version 10.1.0.995 built on Aug 5 2010
Copyright © 2010 McAfee, Inc. All Rights Reserved.
Virus data file v1000 created on Aug 5 2010.
Ready to scan for 4342 viruses, trojans and variants.
Scan initiated on Mon Sep 20 06:58:11 2010
C:\WINDOWS\system32\ICH.exe
Found the Artemis!9E4DB8CEE901 trojan !!!
C:\WINDOWS\system32\ICH.exe has been deleted.
C:\WINDOWS\system32\tuv\Upder.exe
Found the Artemis!DC94C295B9CB trojan !!!
C:\WINDOWS\system32\tuv\Upder.exe has been deleted.
Number of clean files: 3370
Number of Trojans: 2
Number of files deleted: 2
Please check daily in C:\Documents and Settings\USER\Application Data
NOW A DAYS VIRUS R MORE INTELLGENT..
IT DOES NOT HOOK AT NORMAL STARTUP IN "RUN"
BUT NOW IT HOOKS IN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Explorer
SO BEWARE ABOUT TODAYS VIRUSES/ TROJANS
:sword: