USB-Stick autorun virus
in [Viruses]
|
Prev: Another link that doesn't work (sort of - this is example of "wierd html")
Next: Had to clean up a PC with zbot infection
From: Kanishka on 26 Nov 2009 08:46 I have developed a removal tool for the virus (¾ôóü¨÷Ïo-ýîý ) original name raidhost.exe . use following link to see virus report and download removal tool !. http://it.web44.net/VirusDetails/raidhost.exe_Recover_Report.html More info: raidhost.exe (CRC32 : D8AB4DA6) is a backdoor virus. It supports to create a bot net. raidhost.exe is the parent virus. when it is executed it downloads other viruses from its master servers. In Imago labs we detected the servers are 64.131.83.170 on port 80 and 216.17.104.155 on port 51987. It downloads a malcious file dl.exe from above servers and executes it. Then dl.exe download another malcious file update.exe . "Raidhost" use autorun.inf to propagate himself. It creates a system folder called cold. Inside cold directory it creates a system folder hott which appears as a recycle bin.then it copies its clone (¥¶¾³¿¸¤ £ù²¯².exe and ¥¶¾³¿¸¤£ù²¯² ) into hott directory. raidhost.exe resides in %system drive% \ Windows. dl.exe and update.exe resides on the root of the system drive.
From: David H. Lipman on 26 Nov 2009 12:13
From: "Kanishka" <kdkanishka(a)gmail.com> | I have developed a removal tool for the virus (������o-��� ) original | name raidhost.exe . use following link to see virus report and | download removal tool !. | h**p://it.web44.net/VirusDetails/raidhost.exe_Recover_Report.html | More info: | raidhost.exe (CRC32 : D8AB4DA6) is a backdoor virus. It supports to | create a bot net. raidhost.exe is the parent virus. when it is | executed it downloads other viruses from its master servers. In Imago | labs we detected the servers are 64.131.83.170 on port 80 and | 216.17.104.155 on port 51987. It downloads a malcious file dl.exe from | above servers and executes it. Then dl.exe download another malcious | file update.exe . | "Raidhost" use autorun.inf to propagate himself. It creates a system | folder called cold. Inside cold directory it creates a system folder | hott which appears as a recycle bin.then it copies its clone (������� | ��.exe and ��������� ) into hott directory. | raidhost.exe resides in %system drive% \ Windows. dl.exe and | update.exe resides on the root of the system drive. As already noted, the OP used the McAfee module of my Multi-AV Scanning Tool. The advantage it is a broad-spectrum removal tol, capable of the autoRun Worm and "others". -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |