mmx19g.sys
|
mmx19g.sys, xmm13g.dll, scsiusr4.dll
HijackThis
O20 - Winlogon Notify: scsiusr4 - scsiusr4.dll O20 - Winlogon Notify: xmm13g - C:\WINDOWS\SYSTEM32\xmm13g.dll
F-Secure BlackLight
datfindbat
Verzeichnis von C:\WINDOWS\system32 24.09.2006 21:17 256 ps.a3d 24.09.2006 21:09 152 ilxphmgy.txt 09.09.2006 17:17 0 ksl48.bin 26.08.2006 14:36 0 scsipsrvc.sys ** klick Start -> Ausführen>> schreibe rein: Services.msc und Klick OK! "Eigenschaften" >> klick "Stop" >> Starttyp "deaktiviert" MMX2 virtualization service
Avenger (Beispiel)
Regsearch
und doppelklicken, um zu starten. in: "Enter search strings" reinkopieren) MMX19G.SYS scsipsrvc.sys xmm13g.sys in edit und klicke "Ok". Notepad wird sich öffnen Silentrunner HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! xmm13g\DLLName = "xmm13g.dll" [** WMI GetObject error **]
Download haxfix.exe und anwenden
* Save it to your desktop. * Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix) * Checkmark "Create a desktop icon". * Click "Next". * When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed. Click "Finish". * A red "dos window" (dos box) will open. * Select option 1. Make logfile by typing 1 and then pressing Enter. Haxfix will start scanning the computer. When it is finished a logfile will open. Copy the contents of that logfile and paste it into this thread. checking for haxdoor -------------------- checking for a3d files.... a3d files found ps.a3d checking for matching notify keys.... matching notify keys found xmm13g checking for matching services.... matching services found xmm13g mmx19g checking for matching safeboot services.... matching safeboot services found xmm13g.sys mmx19g.sys -------------------------- Run Haxfix choose option 2 autofix searching for services.... service xmm13g found [SWSC] DeleteService SUCCESS service mmx19g found [SWSC] DeleteService SUCCESS 
|
