Re: Trojan-Spy.HTML.Smitfraud.c
A new version advertising for AntivirusGold
New Startup entries:
O4 - HKLM\..\Run: [WindowsFZ] C:\WINDOWS\System32\LogFiles\A5281300.so
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\System32\winnook.exe
Also comes in the flavor:
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\system32\hookdump.exe
Extra files to be deleted:
Sysdir%\LogFiles\A5281300.so
Sysdir%\winnook.exe
Windir%\desktop.html <= screenshot below
Windir%\screen.html
The annoying message on your desktop is kind of hard to get rid of when you don't know how.
Click on the upper edge of the screen and drag it down untill you notice a cross in the upper right corner. Click it to close the screen and you will have access to your real desktop and can change the settings.
It is a modified explorer screen laid between your desktop and the shortcuts on it. Easy once you know.
__________________
Regards,
Pieter
Itīs nice to be important, but itīs more important to be nice.
Remove & Prevent spyware
It's human to make mistakes. It's even more so to blame the computer for it.
Last edited by Pieter_Arntz : June 3rd, 2005 at 10:43 AM.
Reason: explorer screen on desktop
|