Friday, February 22, 2008

To Remove WINZIP_TMP

Blackworm manual removal:
Kill processes:
movies.exe, new winzip file.exe, rundll16.exe, scanregw.exe, update.exe, winzip.exe, winzip_tmp.exe, zipped files.exe, [X].exe
Help: how to kill malicious processes

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ScanRegistry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden=0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView=0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState\FullPath=0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\096EFC40-6ABF-11CF-850C-08002B30345D
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\190B7910-992A-11CF-8AFA-00AA00C00905
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\2C49F800-C2DD-11CF-9AD6-0080C7E7B78D
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\4250E830-6AC2-11CF-8ADB-00AA00C00905
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\4D553650-6ABE-11CF-8ADB-00AA00C00905
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\556C75F1-EFBC-11CF-B9F3-00A0247033C4
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\57CBF9E0-6AA7-11CF-8ADB-00AA00C00905
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\5F54E750-CE26-11CF-8E43-00A0C911005A
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\6FB38640-6AC7-11CF-8ADB-00AA00C00905
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\72E67120-5959-11CF-91F6-C2863C385E30
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\78E1BDD1-9941-11CF-9756-00AA00C00908
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\7C35CA30-D112-11CF-8E72-00A0C90F26F8
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\899B3E80-6AC6-11CF-8ADB-00AA00C00905
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\9E799BF1-8817-11CF-958F-0020AFC28C3B
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\B1EFCCF0-6AC1-11CF-8ADB-00AA00C00905
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\BC96F860-9928-11CF-8AFA-00AA00C00905
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\DC4D7920-6AC8-11CF-8ADB-00AA00C00905
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\E32E2733-1BC5-11D0-B8C3-00A0C90DCA10
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\F4FC596D-DFFE-11CF-9551-00AA00A3DC45
Help: how to remove registry entries

Delete files:
movies.exe, new winzip file.exe, rundll16.exe, scanregw.exe, update.exe, winzip.exe, winzip_tmp.exe, zipped files.exe, [X].exe, sample.zip
Help: how to remove harmful files

Misc:
[X] is a random filename.

Exact file location:
rundll16.exe - C:\Windows or C:\Winnt
new winzip file.exe, scanregw.exe, update.exe, winzip.exe, winzip_tmp.exe, sample.zip - C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32

posted by JSR_Immanuel @ 1:57 AM   1 Comments