ÓáÇã
ãíÎæÇÓÊã ÑÇå Íá ˜áí ÈÑÇ Çíä ÊÑæÌÇä í˜ã ÒÑä ÇÑÇÆå ÈÏã..
ÝÞØ íå ãÔ˜áí ˜å åÓÊ ÇÓã ÓÑæÑåÇí Çíä ÊÑæÌÇä Ñæ åÑ ÓíÓÊãí ÚæÖ ãíÔå æáí ÈÇ ÏÞÊ Èå ÑÌíÓÊÑí ˜å ÈÑÇÊæä ÇíäÌÇ ãíÏã ãíÔå Èå ÑÇÍÊí åÑ ÇÓãí ˜å ÏÇÔÊå ÈÇÔå ÷íÏÇ ˜ÑÏ æ..
ÓÇíÒ ÝÇíá ÓÑæÑ Ñæ ÏÞÊ ˜äíÏ ÍÏæÏÔ ãíÊæäå ˜ã˜ ˜ääÏå ÈÇÔå..
ÑÇÓÊí Çíäã Èã.. íå ÑæÔ ÌÏíÏ ÈÑÇí ÇÌÑÇí ÓÑæÑ äæíÓäÏÔ ÷íÏÇ ˜ÑÏå.. ÂãæÒäÏÓ
ÔÑãäÏå Çå ÇäáíÓí ÇíÑÇÏ ÏÇÑå
Found New Trojan Beast :
------------------------
Check registery :
----------------
HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Active Setup\Installed Components\{42AC0312-EE51-A3CC-EA32-40AA12E6115C}\
StubPath=D:\WINNT\System32\msspxa.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\Run
COM Service=D:\WINNT\msagent\msvyin.com
To Kill this trojan :
---------------------
1. Found in Task manager program similir svchost or mshost name or .. size ~53985 byte in memory.
2. Kill svchost or mshost or ... Process ..
3. Delete svchost.exe or mshost.exe , or ..exe from SystemPath ..
4. Found msspxa.com and msvyin.com (hiddin) and delete .
5. Restart system.
Note : If this trojan active in memory and set kill AV in servers is TRUE then don't work
any Antivirus or firewall in your system.
thx
bl2k
ãíÎæÇÓÊã ÑÇå Íá ˜áí ÈÑÇ Çíä ÊÑæÌÇä í˜ã ÒÑä ÇÑÇÆå ÈÏã..
ÝÞØ íå ãÔ˜áí ˜å åÓÊ ÇÓã ÓÑæÑåÇí Çíä ÊÑæÌÇä Ñæ åÑ ÓíÓÊãí ÚæÖ ãíÔå æáí ÈÇ ÏÞÊ Èå ÑÌíÓÊÑí ˜å ÈÑÇÊæä ÇíäÌÇ ãíÏã ãíÔå Èå ÑÇÍÊí åÑ ÇÓãí ˜å ÏÇÔÊå ÈÇÔå ÷íÏÇ ˜ÑÏ æ..
ÓÇíÒ ÝÇíá ÓÑæÑ Ñæ ÏÞÊ ˜äíÏ ÍÏæÏÔ ãíÊæäå ˜ã˜ ˜ääÏå ÈÇÔå..
ÑÇÓÊí Çíäã Èã.. íå ÑæÔ ÌÏíÏ ÈÑÇí ÇÌÑÇí ÓÑæÑ äæíÓäÏÔ ÷íÏÇ ˜ÑÏå.. ÂãæÒäÏÓ
ÔÑãäÏå Çå ÇäáíÓí ÇíÑÇÏ ÏÇÑå
Found New Trojan Beast :
------------------------
Check registery :
----------------
HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Active Setup\Installed Components\{42AC0312-EE51-A3CC-EA32-40AA12E6115C}\
StubPath=D:\WINNT\System32\msspxa.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\Run
COM Service=D:\WINNT\msagent\msvyin.com
To Kill this trojan :
---------------------
1. Found in Task manager program similir svchost or mshost name or .. size ~53985 byte in memory.
2. Kill svchost or mshost or ... Process ..
3. Delete svchost.exe or mshost.exe , or ..exe from SystemPath ..
4. Found msspxa.com and msvyin.com (hiddin) and delete .
5. Restart system.
Note : If this trojan active in memory and set kill AV in servers is TRUE then don't work
any Antivirus or firewall in your system.
thx
bl2k