TROJ_VUNDO.FKS
Worm:MSIL/Roxin.A (Microsoft)
Windows 2000, Windows XP, Windows Server 2003
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It deletes itself after execution.
TECHNICAL DETAILS
394,240 bytes
EXE
Yes
07 Dec 2012
Arrival Details
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Autostart Technique
This Trojan registers as a system service to ensure its automatic execution at every system startup by adding the following registry keys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaieSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynaSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynbSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsyncSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsyndSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsyneSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsyngSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynhSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsyniSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynjSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynkSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynlSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynmSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynnSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynoSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynqSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynrSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynsSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsyntSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynuSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynvSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynwSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynxSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynySvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynzSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynaSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynbSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsyncSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsyndSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsyneSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsyngSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynhSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsyniSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynjSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynkSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynlSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynmSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynnSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynoSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakaSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakbSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakcSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakdSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakeSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakgSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakhSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakiSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakjSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakkSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaklSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakmSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaknSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakoSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakqSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakrSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaksSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaktSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakuSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakvSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakwSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakxSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakySvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakzSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalaSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalbSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalcSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaldSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaleSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalgSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalhSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaliSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaljSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalkSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WallSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalmSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalnSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaloSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalqSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalrSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalsSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaltSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaluSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalvSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalwSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalxSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalySvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalzSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamaSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WambSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamcSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamdSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WameSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamhSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamiSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamjSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamkSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamlSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WammSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamnSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamoSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WampSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamqSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamrSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamsSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamtSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamuSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamvSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamwSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamxSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamySvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamzSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanaSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanbSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WancSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WandSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaneSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WangSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanhSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaniSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanjSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WankSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanlSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanmSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WannSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanoSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanqSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanrSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WansSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WantSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanuSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanvSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanwSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanxSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanySvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanzSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaoaSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaobSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaocSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaodSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaoeSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaofSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaogSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaohSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaoiSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaojSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaokSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaolSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaomSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaonSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaooSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaopSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaoqSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaorSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaosSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaotSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaouSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaovSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaowSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaoxSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaoySvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaozSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WapaSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WapbSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WapcSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WapdSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WapeSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WapfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WapgSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaphSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WapiSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WapjSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WapkSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaplSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WapmSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WapnSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WapoSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WappSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WapqSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaprSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WapsSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaptSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WapuSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WapvSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WapwSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WapxSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WapySvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WapzSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaqaSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaqbSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaqcSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaqdSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaqeSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaqfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaqgSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaqhSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaqiSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaqjSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaqkSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaqlSvc
Other System Modifications
This Trojan deletes the following files:
- %Windows%\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.248.39468
- %Windows%\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch.248.39468
- %User Profile%\v2.0.50727.42\security.config.cch.248.39593
(Note: %Windows% is the Windows folder, which is usually C:\Windows.. %User Profile% is the current user's profile folder, which is usually C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003, or C:\Users\{user name} on Windows Vista and 7.)
It adds the following registry keys:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\Eventlog\Application\
Service1
It adds the following registry entries:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\WaqmSvc
Description = "{random characters}"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\WaqmSvc
FailureActions = "{random values}"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\Eventlog\Application\
Service1
EventMessageFile = "%Windows%\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"
It modifies the following registry entries:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\Windows
ErrorMode = "2"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\Eventlog\Application
Sources = "{random characters}"
(Note: The default value data of the said registry entry is {random values}.)
Other Details
This Trojan deletes itself after execution.
This report is generated via an automated analysis system.
SOLUTION
9.300
Step 1
Before doing any scans, Windows XP, Windows Vista, and Windows 7 users must disable System Restore to allow full scanning of their computers.
Step 2
Restart in Safe Mode
Step 3
Delete this registry key
Important: Editing the Windows Registry incorrectly can lead to irreversible system malfunction. Please do this step only if you know how or you can ask assistance from your system administrator. Else, check this Microsoft article first before modifying your computer's registry.
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaieSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynaSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynbSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsyncSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsyndSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsyneSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynfSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsyngSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynhSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsyniSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynjSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynkSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynlSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynmSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynnSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynoSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynpSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynqSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynrSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynsSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsyntSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynuSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynvSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynwSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynxSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynySvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynzSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsynaSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsynbSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsyncSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsyndSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsyneSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsynfSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsyngSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsynhSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsyniSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsynjSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsynkSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsynlSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsynmSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsynnSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsynoSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsynpSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakaSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakbSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakcSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakdSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakeSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakfSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakgSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakhSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakiSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakjSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakkSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaklSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakmSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaknSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakoSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakpSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakqSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakrSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaksSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaktSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakuSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakvSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakwSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakxSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakySvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakzSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalaSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalbSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalcSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaldSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaleSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalfSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalgSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalhSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaliSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaljSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalkSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WallSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalmSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalnSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaloSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalpSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalqSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalrSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalsSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaltSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaluSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalvSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalwSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalxSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalySvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalzSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamaSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WambSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamcSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamdSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WameSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamfSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamhSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamiSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamjSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamkSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamlSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WammSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamnSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamoSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WampSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamqSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamrSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamsSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamtSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamuSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamvSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamwSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamxSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamySvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamzSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WanaSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WanbSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WancSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WandSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaneSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WanfSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WangSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WanhSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaniSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WanjSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WankSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WanlSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WanmSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WannSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WanoSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WanpSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WanqSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WanrSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WansSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WantSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WanuSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WanvSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WanwSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WanxSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WanySvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WanzSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaoaSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaobSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaocSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaodSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaoeSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaofSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaogSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaohSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaoiSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaojSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaokSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaolSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaomSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaonSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaooSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaopSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaoqSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaorSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaosSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaotSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaouSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaovSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaowSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaoxSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaoySvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaozSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WapaSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WapbSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WapcSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WapdSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WapeSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WapfSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WapgSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaphSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WapiSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WapjSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WapkSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaplSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WapmSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WapnSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WapoSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WappSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WapqSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaprSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WapsSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaptSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WapuSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WapvSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WapwSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WapxSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WapySvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WapzSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaqaSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaqbSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaqcSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaqdSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaqeSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaqfSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaqgSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaqhSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaqiSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaqjSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaqkSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaqlSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application
- Service1
Step 4
Delete this registry value
Important: Editing the Windows Registry incorrectly can lead to irreversible system malfunction. Please do this step only if you know how or you can ask assistance from your system administrator. Else, check this Microsoft article first before modifying your computer's registry.
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaqmSvc
- Description = "{random characters}"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaqmSvc
- FailureActions = "{random values}"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Service1
- EventMessageFile = "%Windows%\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"
Step 5
Restore these modified registry values
Important:Editing the Windows Registry incorrectly can lead to irreversible system malfunction. Please do this only if you know how to or you can seek your system administrator's help. You may also check out this Microsoft article first before modifying your computer's registry.
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Windows
- ErrorMode = "2"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application
- From: Sources = "{random characters}"
To: Sources = ""{random values}""
- From: Sources = "{random characters}"
Step 6
Restart in normal mode and scan your computer with your Trend Micro product for files detected as TROJ_VUNDO.FKS. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.
Step 7
Restore this file from backup only Microsoft-related files will be restored. If this malware/grayware also deleted files related to programs that are not from Microsoft, please reinstall those programs on you computer again.
- %Windows%\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.248.39468
- %Windows%\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch.248.39468
- %User Profile%\v2.0.50727.42\security.config.cch.248.39593
Did this description help? Tell us how we did.