Latest Virus



pragmaserf.dll has been detected as a malicious backdoor trojan that runs in the background and allows remote access to the compromised system. pragmaserf.dll sample submitted on 2010-07-06 and identified as a threat.
Alias:
Threat File:pragmaserf.dll
systemroot\PRAGMAerenpxcrif\pragmaserf.dll
Submit time:2010-07-06
Excute time:5 min 24 sec
Level of Spread:2
Level of Threat:4
type:Win32:Bifrose
Filesize:39K Bytes
Files type
pragmaserf.dll is a A dynamic-link library,which acts as a shared library of functions.
MD5:iUtH2CiEm380K7FRJ1Uoo3J1MpxC4wn8

SHA1..:qd0POK3m7QY1sWNaRED873rNu82kT17B8l1xWsS7
Path:
C:\Documents and Settings\All Users\Application Data\pragmaserf.dll
Report Countries:
United Kingdom
Canada
Created following register key and value:
HKEY_LOCAL_MACHINE\SOFTWARE\Program Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PRAGMABADSTBDRBR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PRAGMABADSTBDRBR\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PRAGMABADSTBDRBR\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PRAGMABADSTBDRBR
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PRAGMABADSTBDRBR\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PRAGMABADSTBDRBR\0000\Control
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\feature_enable_ie_compression
HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA
HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA\injector
HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA\versions
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PRAGMAbadstbdrbr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PRAGMAbadstbdrbr\modules
HKEY_USERS\.DEFAULT\Software\pragma

[HKEY_LOCAL_MACHINE\SOFTWARE\Program Groups]
ConvertedToLinks = 0×00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PRAGMABADSTBDRBR\0000\Control]
*NewlyCreated* = 0×00000000
ActiveService = “PRAGMAbadstbdrbr”
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PRAGMABADSTBDRBR\0000]
Service = “PRAGMAbadstbdrbr”
Legacy = 0×00000001
ConfigFlags = 0×00000000
Class = “LegacyDriver”
ClassGUID = “{8ECC055D-047F-11D1-A537-0000F8753ED1}”
DeviceDesc = “PRAGMAbadstbdrbr”
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PRAGMABADSTBDRBR]
NextInstance = 0×00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PRAGMABADSTBDRBR\0000\Control]
*NewlyCreated* = 0×00000000
ActiveService = “PRAGMAbadstbdrbr”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PRAGMABADSTBDRBR\0000]
Service = “PRAGMAbadstbdrbr”
Legacy = 0×00000001
ConfigFlags = 0×00000000
Class = “LegacyDriver”
ClassGUID = “{8ECC055D-047F-11D1-A537-0000F8753ED1}”
DeviceDesc = “PRAGMAbadstbdrbr”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PRAGMABADSTBDRBR]
NextInstance = 0×00000001
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
TabProcGrowth = 0×00000001
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\feature_enable_ie_compression]
svchost.exe = 0×00000001
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0×00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA\versions]
/css/pragma/crcmds/install = “1.0″
[HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA\injector]
explorer.exe = “pragmaserf”
iexplore.exe = “pragmaserf;pragmabbr”
firefox.exe = “pragmabbr”
safari.exe = “pragmabbr”
chrome.exe = “pragmabbr”
opera.exe = “pragmabbr”
[HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA]
affid = “traf”
subid = “pragma”
type = “no”
build = “bbr”
cmddelay = 0×00015180
plrd = 0×0000001A
plrm = 0×00000004
slrd = 0×0000001A
slrm = 0×00000004
pcs = 0×00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PRAGMAbadstbdrbr\modules]
PRAGMAd = “\systemroot\PRAGMAbadstbdrbr\PRAGMAd.sys”
PRAGMAc = “\systemroot\PRAGMAbadstbdrbr\PRAGMAc.dll”
PRAGMAsrcr = “\\?\globalroot%System%\PRAGMAsrcr.dat”
pragmaserf = “\\?\globalroot%System%\pragmaserf.dll”
pragmabbr = “\\?\globalroot%System%\pragmabbr.dll”
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PRAGMAbadstbdrbr]
start = 0×00000001
type = 0×00000001
imagepath = “\systemroot\PRAGMAbadstbdrbr\PRAGMAd.sys”
[HKEY_USERS\.DEFAULT\Software\pragma]
dae91b54-7265-4dac-b01e-e4787b4ccaea = “”
48a10810-b8c6-442e-b021-2f1a5deb810c = “”

Tags: pragmaserf.dll, pragmaserf.dll removal, pragmaserf.dll virus, virus file pragmaserf.dll, what is pragmaserf.dll

Related Viruses:

• Latest Virus Files Detected On 20101113 (0)

Need help? Post you problem on Free Malware Remove Help forum

pragmaserf.dll Summary

Virus Name:pragmaserf.dll

Detected By:Microsoft, QuickHeal antivirus program

Virus pragmaserf.dll Detected times:2323541times

pragmaserf.dll Overall Risk:Medium 7323542

pragmaserf.dll file size:36235420 bytes

pragmaserf.dllwas first Detected by Microsoft, QuickHeal on Tuesday, July 6th, 2010 , 1:02 pm,pragmaserf.dll is a new threats of Hacking,Malware,Spam,worm.

Remove pragmaserf.dll instruction:

1.Temporarily Disable System Restore;2.Reboot computer in SafeMode;3.delte pragmaserf.dll virus files and kill pragmaserf.dll file task process(if have);4.Delete/Modify any values added to the registry by pragmaserf.dll ;5.delete IE temp files,restart the computer and run a whole scan with Microsoft, QuickHeal. pragmaserf.dll virus files as following: