0 Members and 1 Guest are viewing this topic.
One of the malicious registry entries contains the phrase "don't steal our software"
:OTLO4 - HKU\S-1-5-21-682003330-764733703-1177238915-1004..\Run: [7d7e7] C:\Documents and Settings\Bronwyn and Kym\Application Data\6b6\7d7e7.js ()O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\2a2a.js ()O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\2a2a.js ()O4 - Startup: C:\Documents and Settings\Bronwyn and Kym\Start Menu\Programs\Startup\2a2a.js ()O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\2a2a.js ()[2013/03/05 14:35:47 | 000,000,000 | -HSD | C] -- C:\Program Files\74607[2013/03/05 14:35:47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bronwyn and Kym\Application Data\6b6[2013/03/05 14:35:46 | 000,000,000 | -HSD | C] -- C:\6a4[2013/03/06 07:00:03 | 000,047,405 | ---- | C] () -- C:\Documents and Settings\Bronwyn and Kym\Start Menu\Programs\Startup\2a2a.js[2013/03/06 07:00:03 | 000,047,405 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\2a2a.js:Commands[resethosts][emptytemp][CREATERESTOREPOINT][Reboot]
Hi i am facing the same issue.I addition there are multiple windows update icon in system tray and disappearing with mouse roll on