neutral1979
2009-01-29, 23:21
I got infected by a virus attacking .exe files (word,excel pdf are all corrupted as well).I do have spybot and my tea-timer is alwayz on..So really bothered how it came in...This type of virus is using services of my local system and creating a new registry entries each time I reboot my system.They are many likes this
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\~chiw@nni~
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\~cutvgudn~.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\~dels@lim~
and theirs details are as follow:
ab(par defaut) REG_SZ
ab display name REG_SZ
error control REG_dword
Image path REG_expand_ SZ c:\\windows\\system32\\winword.exe[/B]
objectName REG_SZ localsystem
Start REG_dword 0x00000002(2)
Type REG_dword 0x00000110(172)
each re boot it changes its image path by using instead of winword.exe to mpclaucher.exe or winamp.exe,msmsgs.exe..I tried to delete all these registries but it is still commng back.Spybot cannot detect them neither my symantec.
Thankx
ps: this is my first post so if u didn t undertand anything feel free to tell me..
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\~chiw@nni~
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\~cutvgudn~.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\~dels@lim~
and theirs details are as follow:
ab(par defaut) REG_SZ
ab display name REG_SZ
error control REG_dword
Image path REG_expand_ SZ c:\\windows\\system32\\winword.exe[/B]
objectName REG_SZ localsystem
Start REG_dword 0x00000002(2)
Type REG_dword 0x00000110(172)
each re boot it changes its image path by using instead of winword.exe to mpclaucher.exe or winamp.exe,msmsgs.exe..I tried to delete all these registries but it is still commng back.Spybot cannot detect them neither my symantec.
Thankx
ps: this is my first post so if u didn t undertand anything feel free to tell me..