winuser
2008-05-22, 05:33
I am posting here to clarify a doubt: I was checking my system startup with Spybot S&D and found an entry (powrprof.dll etc.) which is described in two ways at the same time:
Database status: Not required - virus, spyware, malware or other resource hog
Value: LoadPowerProfile
Filename: ASDAPI.EXE
Description
Added by the _CABRO_ TROJAN!
and
Database status: Necessity depends on users preferences
Value: LoadPowerProfile
Filename: Rundll32.exe powrprof.dll
Description
Power management specifics such as monitor shut-off, system standby, etc.
A little worried, I run a full scan with Spybot without detecting the trojan. Thus, I searched for ASDAPI.EXE in the "Search Files and Folders" Windows tool, and then in the register through regedit.
For my concern, I found "ASDAPI.EXE" in the following register keys:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU
I then tried to search more info about backdoor.Cabro on Google, finding that the trojan modifies other keys of the register. I checked those and luckily the trojan values aren't there.
Then I looked for MRU and found that it simply means "Most Recently Used". :lip: A page from the Microsoft.com website explained that it only means that I searched for that earlier (which is true) through "Find Files and Folders". :oops:
Can I then consider myself safe?
If the answer is yes, :lip: then please consider this post as an information for all newbies that may find themselves in this situation.
Database status: Not required - virus, spyware, malware or other resource hog
Value: LoadPowerProfile
Filename: ASDAPI.EXE
Description
Added by the _CABRO_ TROJAN!
and
Database status: Necessity depends on users preferences
Value: LoadPowerProfile
Filename: Rundll32.exe powrprof.dll
Description
Power management specifics such as monitor shut-off, system standby, etc.
A little worried, I run a full scan with Spybot without detecting the trojan. Thus, I searched for ASDAPI.EXE in the "Search Files and Folders" Windows tool, and then in the register through regedit.
For my concern, I found "ASDAPI.EXE" in the following register keys:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU
I then tried to search more info about backdoor.Cabro on Google, finding that the trojan modifies other keys of the register. I checked those and luckily the trojan values aren't there.
Then I looked for MRU and found that it simply means "Most Recently Used". :lip: A page from the Microsoft.com website explained that it only means that I searched for that earlier (which is true) through "Find Files and Folders". :oops:
Can I then consider myself safe?
If the answer is yes, :lip: then please consider this post as an information for all newbies that may find themselves in this situation.