trojan.win32.monder.deuf
trojan.win32.monder.deuf
Threat Name: trojan.win32.monder.deuf
Spread Method:
Instant Message(MSN,Gtalk,QQ etc.)
External Storage Device (USB Device etc.)
Registry Value Creation
Threat type:trojan.win32
trojan.win32.monder.deuf first detected:2010-04-22
Virus file known is PE EXE file written in C++
File Size:122K Bytes.
Behavior:sends a request to IP address
Level of Spread:6
Level of Threat:4
Reported Path:
c:\windows\system32\juhiruma.dll
c:\windows\system32\giyesewu.dll
c:\windows\system32\fatenuva.dll
dalopije.dll
C:\Program Files\adc32.dll
c:\windows\system32\zawibavu.dll
c:\windows\system32\yutegeve.dll
c:\windows\system32\wonupago.dll
‘HKEY_LOCAL_MACHINE’,'Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad’,'hotanaduy
‘HKEY_LOCAL_MACHINE’,'Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad’,'huwokiyud
‘HKEY_LOCAL_MACHINE’,'Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad’,’selurosil
‘HKEY_LOCAL_MACHINE’,'Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad’,’siniyezij
‘HKEY_LOCAL_MACHINE’,'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler’,'{13e72d96-dcf8-4b0c-adf9-bbf18a8a8573}
‘HKEY_LOCAL_MACHINE’,'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler’,'{0a5bb9ce-70d9-4d46-af8d-821b3f343132}
‘HKEY_LOCAL_MACHINE’,'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler’,'{cb8e52d6-b08d-4612-9869-ed3c1fa837c8}
‘HKEY_LOCAL_MACHINE’,'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler’,'{79c589e5-02be-4dfb-a4f8-980f56c78e6b}
‘HKEY_LOCAL_MACHINE’,'Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad’,'hagabeyol
‘HKEY_LOCAL_MACHINE’,'Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad’,'yuhidadil
‘HKEY_LOCAL_MACHINE’,'Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad’,'zuteyinat
‘HKEY_LOCAL_MACHINE’,'Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad’,'rapagoset
‘HKEY_LOCAL_MACHINE’,'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler’,'{fb0397f4-f276-490d-8ab4-88b8b90d3715}
‘HKEY_LOCAL_MACHINE’,'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler’,'{a12a8a8b-68e4-49e0-a5ed-137a9f47c43a}
‘HKEY_LOCAL_MACHINE’,'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler’,'{5613f67d-24f7-4b31-be67-57c1cd82fe22}
c:\windows\system32\hagebuzi.dll
‘HKEY_LOCAL_MACHINE’,'Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad’,'mufijaked
‘HKEY_LOCAL_MACHINE’,'Software\Microsoft\Windows\CurrentVersion\Run’,'bodufoleb
c:\windows\system32\dobafigi.dll
C:\WINDOWS\system32\vuwiyane.dll
C:\Program Files\svchost.exe
c:\windows\system32\gugadobe.dll
MD5:UtH20iEl280K7FR307oniJ1MpxC3vm8p
SHA1..:dcOOJ3m7QY0sWNyQDC773qMu82kS17A8l1wWrR7U
Alias:
Microsoft Malware Protection:Backdoor.Win32.Agent.rbs
Microsoft Malware Protection:Trojan-Downloader.Win32.Agent.vgc
VBA32 :Backdoor.Win32.Agent.lqq
Avast! Antivirus :Email-Worm.Win32.Sober.l
Report Countries:
Australia
trojan.win32.monder.deuf Removal instructions:
Use Task Manager to terminate the program s process.
Use killbox kill the file if the file refuse to be deleted
How to remove trojan.win32.monder.deuf :
1.Download killbox delete trojan.win32.monder.deuf virus files.
2.Update your antivirus database and run a full scan.
Need help? Post you problem on Free Malware Remove Help forum
trojan.win32.monder.deuf Summary
1.Temporarily Disable System Restore;2.Reboot computer in SafeMode;3.delte trojan.win32.monder.deuf virus files and kill trojan.win32.monder.deuf file task process(if have);4.Delete/Modify any values added to the registry by trojan.win32.monder.deuf ;5.delete IE temp files,restart the computer and run a whole scan with F-Prot6, Ikarus. trojan.win32.monder.deuf virus files as following: