Expert Virus Removal Services and Technical advice.

We are Providing Computer users with Expert Virus Removal Services and Technical Advice.

Threats and their Removal.

Do you need a quick solution to a technical problem? With our live remote-assistance tool, a member of our support team can view your desktop and share control of your mouse and keyboard to get you on your way to a solution.

Spywares and their Removal.

Are you worried that your computer might be nfected with Spywares? Then this is were you can find Support.

Advices for Protecting the Computer.

Expert Advices for Protecting your computer from attacks from all threats

Different Anti Virus Software and Tools.

Familiarizing different Anti Virus Software and removal Tools.

January 24, 2011

Virus that infects Executable Files

8:00 PM  Microsoft Office Expert  No comments

This is a virus that will spread  through computers. This file infector may be downloaded by other malware/grayware/spyware from remote sites. This comes with HTML_SHELLCOD.SM exploit that will allow 6more infections along with this. It drops a file that contains the main malicious code and is detected as PE_PARITE.A-O.

Read More
Read more »

TROJ_GAMETHI.FMS

7:30 PM  Microsoft Office Expert  No comments

This is a Trojan Horse that will come in disguise of the users. Trojans are usually downloaded from the Internet and installed by unsuspecting users with or without their consent.Trojans typically carry payloads or other malicious actions that can range from the mildly annoying to the irreparably destructive. They may also modify system settings to automatically start. Restoring affected systems may require procedures other than scanning with an anti-virus program.

This comes in a combination of malware when there is an exploit HTML_SHELLCOD.SM. It brings 8 infections out of which Troj_GAMETHI.FMS is one of them. 


Effects:
This trojan drops copies of itself in system32 folder with a name
  • fqtkz.exe
It creates the following registry keys 
  • HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\Internet Explorer\Main
    TabProcGrowth = "0"
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\URL
    SystemMgr = "Del"
Removal:

1) Disable system restore.
2) Use Process explorer tool to find the processes that are related to the Trojan.
3) If the detected file is displayed in either Windows Task Manager or Process Explorer but you cannot delete it, restart your computer in safe mode.
Search and delete the registry keys

  • In HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\
    Internet Explorer\Main
    • TabProcGrowth = "0"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\
    Windows\CURRENTVERSION\URL
    • SystemMgr = "Del"
     
Delete the files that are dropped by the trojan in the system 32 folder. Uncheck Hide protected operating system files in Folders Option>View tab, and then check the Search Hidden Files and Folders checkbox in the "More advanced options" option to include all hidden files and folders in the search result as the trojan may apply the hidden attributes to the files it dropped.

Read More
Related Posts Plugin for WordPress, Blogger...

Search This Blog

Followers

Categories

Twitter Delicious Facebook Digg Stumbleupon Favorites More