My ugly virus

Salut:) Long time since my last post, dar revin cu o postare, mai informatica. Recent, am avut o batalie cu niste virusi, niste executabile care tot apareau, prin registry si foldere ascunse. Anyway, daca aveti unu din urmatoarele fisiere, DELETE THEM QUICK, si eventual, opriti procesele din Task Manager (Ctrl+Alt+Delete - > click pe process - End process ) . Postez fisierele, cu warning-urile de pe Google:



-MINI.EXE (Trojan.Agent/Gen) has been the subject of the following behavior:

• Added as a Registry auto start to load Program on Boot up
• Executed as a Process
• Registered as a Dynamic Link Library File
• Copied to multiple locations on the system
• Created as a process on disk
• Has code inserted into its Virtual Memory space by other programs

-Ccdrive32.exe (Trojan.Dropper/Win-NV)

• is a dangerous file which creates activities on a user’s computer which may be highly undesirable. This file is unsafe.

-Logon.exe

• If logon.exe is located in the folder C:\Windows then the security rating is 66% dangerous. File size is 69,632 bytes. File logon.exe is not a Windows system file. The program is not visible. logon.exe is an unknown file in the Windows folder.
• If logon.exe is located in a subfolder of "C:\Program Files" then the security rating is 17% dangerous. File size is 82,944 bytes. The program has a visible window. The file is not a Windows core file.

-81.EXE has been the subject of the following behavior:

• Created as a process on disk
• Added as a Registry auto start to load Program on Boot up
• Executed as a Process
• Executed from Temporary Folders
• Has code inserted into its Virtual Memory space by other programs
• Terminated as a Process
• Created as a new Background Service on the machine
• Deleted as a process from disk
• de aici fac parte mai multe executabile de forma "nr.exe" : 25.EXE, 45.exe, 71.exe, 64.exe etc

-03.EXE , si probabil agen1.03.exe known as Explet.a Worm agen1.03

-IEXPLORE.EXE has been the subject of the following behavior:

• Added as a Registry auto start to load Program on Boot up
• Executed as a Process
• This Process may have been infected by a file infecting virus
• Registered as a Dynamic Link Library File
• Created as a process on disk
• Has code inserted into its Virtual Memory space by other programs
• Terminated as a Process
• Deleted as a process from disk
• Created as a new Background Service on the machine
• Changes to the file command map within the registry
• Copied to multiple locations on the system
• - eu l-am gasit tot hidden, in C:\windows\system32
  

Msdrive32.exe

• is a dangerous file which creates activities on a user’s computer which may be highly undesirable. This file is unsafe.
• Type: Trojan Virus
  Location: C:\WINDOWS\msdrive32.exe
  Risk Level: Moderate
  
• - eu l-am gasit in Recycler (fisier ascuns in Windows, pe C:\)
  

Ar mai fi, dar momentan nu le mai tin minte:) Am folosit un program Prevx care le tot detecta.

Enjoy :)