Removal tool for Sus/Delf-J, Trojan.Heur.GZ.kGX@bKStsDeG (Foto_253.com, javahr.exe, javahr2.exe, javahu.exe) Trojan
April 4, 2010 by admin
Filed under Removal Tips,Tools and Videos
1,770 views 11 Comments
Severity Level : 7/10
Alias:
- Sus/Delf-J [Sophos]
- NOT Detected [McAfee]
- NOT Detected [Kaspersky Lab]
- NOT Detected [Microsoft]
Foto_253.com VirusTotal Report : (Click Here)
File System Modifications
The following files were created in the system:
- %systemdrive%\path\ javahr.exe
- %systemdrive%\path\ javahr2.exe
- %systemdrive%\path\ javahn.dll
- %systemdrive%\uacpath\javahu.exe
Note:
- %system% is a variable that refers to the System folder. By default, this is “C:\Windows\System” (Windows 95/98/Me), “C:\Winnt\System32″ (Windows NT/2000), or “C:\Windows\System32″ (Windows XP).
- ? = Random file name.
Memory Modifications
There were new processes created in the system:
Process Name |
Process Filename |
| javahr.exe | %systemdrive%\path\ javahr.exe |
| javahr2.exe | %systemdrive%\path\ javahr2.exe |
The following Internet action was started (the retrieved bits are saved into the local file):
URL to be downloaded |
Filename for the downloaded bits |
| http://www.gay24×01.hpg.ig.com.br/ |
- |
| http://freetimes.boxvirtual.info/LOYDE/in.php | - |
| http://www.sanx04.hpg.ig.com.br | - |
| - |
Registry Modifications
The newly created or modified Registry Value is:
[HKEY_CLASSES_ROOT\CLSID\{F89CEB6F-335E-43EC-BD6B-7F72D7801158}]
[HKEY_CLASSES_ROOT\CLSID\{F89CEB6F-335E-43EC-BD6B-7F72D7801158}]
@=”"
[HKEY_CLASSES_ROOT\CLSID\{F89CEB6F-335E-43EC-BD6B-7F72D7801158}\InprocServer32]
[HKEY_CLASSES_ROOT\CLSID\{F89CEB6F-335E-43EC-BD6B-7F72D7801158}\InprocServer32]
@=”c:\\path\\javahn.dll”
[HKEY_CLASSES_ROOT\CLSID\{F89CEB6F-335E-43EC-BD6B-7F72D7801158}\InprocServer32]
“ThreadingModel”=”Apartment”
[HKEY_CURRENT_USER\rhavaj]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count]
“HRZR_EHACNGU:P:\\Qbphzragf naq Frggvatf\\Nqzvavfgengbe\\Qrfxgbc\\Sbgb_253(2).pbz”=hex:01,00,00,00,06,00,00,00,10,79,2b,41,0a,d4,ca,01,
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
“C:\\Documents and Settings\\Administrator\\Desktop\\Foto_253(2).com”=”Foto_253(2)”
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
“C:\\WINDOWS\\system32\\taskmgr.exe”=”Windows TaskManager”
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
“c:\\path\\javahr.exe”=”javahr”
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
“c:\\path\\javahr2.exe”=”javahr2″
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F89CEB6F-335E-43EC-BD6B-7F72D7801158}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F89CEB6F-335E-43EC-BD6B-7F72D7801158}]
@=”"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F89CEB6F-335E-43EC-BD6B-7F72D7801158}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F89CEB6F-335E-43EC-BD6B-7F72D7801158}\InprocServer32]
@=”c:\\path\\javahn.dll”
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F89CEB6F-335E-43EC-BD6B-7F72D7801158}\InprocServer32]
“ThreadingModel”=”Apartment”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F89CEB6F-335E-43EC-BD6B-7F72D7801158}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“javahr”=”c:\\path\\javahr.exe”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“javahr2″=”c:\\path\\javahr2.exe”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
@=”"
[HKEY_LOCAL_MACHINE\SYSTEM\Select]
“teste”=”0″
Removal Tools :
Download Sus/Delf-J, Trojan.Heur.GZ.kGX@bKStsDeG Trojan removal tool that provided by VirusExperts.org from Here.
%Temp%\cvasds1.dll
%Temp%\cvasds2.dll
Related posts:
- Removal tool for Win32.Genome.aocx (outlook.exe, brazilian.exe, sysinternals.exe) Trojan-Downloader
- Removal tool for Troj/DwnLdr-ICI, Win32.Genome.aodo (windowsupdate.exe, updt.exe) Trojan
- Removal tool for Mal/FakeAV-CO, Downloader-CEW (Vvavia.exe, Vdl.exe, Vdk.exe, Vdj.exe) Malware
- Removal tool for W32/VBSAuto-C, VBS/Slogod.X (Startup.scr, winxp.exe, winjpg.jpg, M.p.jpg) WORM
- Removal tool for Oficla.H!dll, Win32.Fregee.av (reader_s.exe, file1.exe) Trojan
estou com o virus javahu.exe eu coloquei no site de voces como faço para ele sair da memória ram do meu PC
It is great to have the opportunity to read a good quality article with useful information on topics that plenty are interested on. I concur with your conclusions and will eagerly look forward to your future updates. Thanks a lot and keep on posting more valuable information.
Thanks for your info.
The next time I read a weblog, I hope that it doesnt disappoint me as a lot as this one. I mean, I know it was my choice to read, but I really thought youd have one thing fascinating to say. All I hear is a bunch of whining about one thing that you could fix in the event you werent too busy on the lookout for attention.King Regards petrus