Hi Honda2010,
The URL is in many blacklists:
md5:7ef605fc8dba5425d6965fbd4c8fbe1f:150
md5:e46a96233bd182bd9f19a6b6f7566fe4:150.41
md5:f60f296d02f0418cd138c4281e22a2e7:150.41.4
md5:549d841c3704e2b6a273a258dd0b6f17:15041
md5:e5d7b391af20ad1ef7e15d786c24cd50:150414
md5:289dff07669d7a23de0ef88d2f7129e7:234
md5:01667efec95fc60fa66343504e558d39:234.150
md5:d5f4891750403a7eb50cf08d9b618cba:234.150.41
md5:f8066e7c89183e40985e52ccf6563445:234.150.41.4
md5:019d2c3f847429fda26536bdb5f5cddf:234150
md5:5d8295478e43ced0a602cb249b4b4fc9:23415041
md5:3c699ed23357907dec423eb1c06ab02c:234150414
md5:a87ff679a2f3e71d9181a67b7542122c:4
md5:3416a75f4cea9109507cacd8e2f2aefc:41
md5:968af66e9319f525fb50f4d12816b20d:41.4
md5:66808e327dc79d135ba18e051673d906:414
In case you have sufficient expertise in dealing with program files, system processes, .dll files and registry entries. Follow instructions here:
http://deletemalware.blogspot.com/2010/04/remove-infiltration-alert-win32nuqele.htmland here:
http://deletemalware.blogspot.com/2010/04/how-to-remove-antivirus-suite-fake.htmlThe associated files to be deleted are listed below:
* %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string].exe
* %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]tssd.exe
%WINDOWS%\sysguard.exe
%WINDOWS%\system32\iehelper.dll
The related registry entries to be removed are as follows:
* HKEY_CURRENT_USER\Software\AvSuite
* HKEY_LOCAL_MACHINE\Software\AvSuite
* HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” =”1″
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = ““
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:5555″
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.exe”
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = “1″
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random string]“
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[random string]“
*HKEY_CURRENT_USER\Software\AvScan
*HKEY_CLASSES_ROOT\CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
*HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
*HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “system tool”
polonus