Hi ma1028.
Last time that suspicious content was found on mentioned site was on 2009-10-12.
Malicious software includes 1 scripting exploit.
This site was hosted on 1 network(s) including AS30099 (SB).
Did mentiond site host malcode. Yes, the software has been infecting 1 domain, c.q. jamirlima.blogspot.com/
and look here at the Norton Safe Web report for this site: itrodip.info
Survey
•Computerthreat:
1
•Identity threats:
0
•Annoyancy factors:
0
Total number of threats on mentioned site: 1
Location of site U.S.A.
Found threats:
Threat found: 1
Name of threat: Trojan.Pidief.F
Locatian: hXtp://aqz.itrodip.info/mqwove/xd/pdf.pdf
Manual removal instruction if one was to be infected by the trojan:
Manual Removal of Trojan.Pidief.F
Kill Spyware Processes
chkzero.exe
Get rid of Files and Folder
%System%\chkzero.exe
%Temp%\filepages.sys
%Temp%\temp.sys
%Temp%\temp.txt
C:\Documents and Settings\All Users\Application Data\SVCH0ST.dll
C:\Documents and Settings\All Users\Application Data\svchost.exe
Delete following folders
— No traces available —
Delete Registry Values
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\”RUN_XY_Zer0″ = “a.exe”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Marks Info\”Mark” = “kkk”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Marks Info\”SystemTime” = “2009-5-21-20″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RUN_XY_Zer0
HKEY_CURRENT_USER\Software\Microsoft\Windows\Marks Info
HKEY_LOCAL_MACHINE\SYSTEM\123
HKEY_LOCAL_MACHINE\SYSTEM\123\SSDT
HKEY_LOCAL_MACHINE\SYSTEM\123\SSDT\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\123\SSDT\Start
HKEY_LOCAL_MACHINE\SYSTEM\123\SSDT\Type
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_REWQREW
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSDT
go to * 6.
1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Update the virus definitions.
3. Reboot computer in SafeMode [how to]
4. Find and stop the service
- Click Start > Run.
- Type services.msc, and then click OK.
- Locate and select the following services that was detected.
Service name: rewqrew
Service name: DETrueTime
- Click Action > Properties.
- Click Stop.
- Change Startup Type to Manual.
- Click OK and close the Services window.
5. Run a full system scan and clean/delete all infected file(s)
*
6. Delete/Modify any values added to the registry. [how to edit registry]
Navigate to and delete the following registry entries:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrent Version”RUN_XY_Zer0″ = “a.exe”
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsMarks Info”Mark” = “kkk”
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsMarks Info”SystemTime” = “2009-5-21-20″
Navigate to and delete the following registry subkeys:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrent VersionRUN_XY_Zer0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsMarks Info
HKEY_LOCAL_MACHINESYSTEM123
HKEY_LOCAL_MACHINESYSTEM123SSDT
HKEY_LOCAL_MACHINESYSTEM123SSDTErrorControl
HKEY_LOCAL_MACHINESYSTEM123SSDTStart
HKEY_LOCAL_MACHINESYSTEM123SSDTType
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRootLEGACY_REWQREW
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRootLEGACY_SSDT
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDETrueTime
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesrewqrew
6. Exit registry editor and restart the computer.
7. In order to make sure that threat is completely eliminated from your computer, carry out a full scan of your computer using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with Online Virus Scanner.
polonus