Generic.tfr!k!D9296BE​1A117 Trojan Virus and how to clean

Posted on August 25th, 2011 by admin

This Trojan virus is simple to clean but if left untreated, it will enter into your source data applications in windows and corrupted your system.

To clean, simply run your anti virus software, we suggest Microsoft Security Essentials. If your anti-spyware app closes, this means the virus has blocked access to your app. You may either do a system scan online via Panda, or try running your antispyware in safemode.

Other Aliases from other anti virus companies

Company
 Virus Names
AVG (GriSoft) Generic19.BWBB
Microsoft Trojan:Win32/Rodecap.A
norman W32/Malware.TUMA

The following files were analyzed:

3766d83c6754d41c912c87b1f001fe2a1eea6747

The following files have been added to the system:
  • %WINDIR%\cmstp.exe
  • %USERPROFILE%\Local Settings\Application Data\ieudinit.exe
  • %APPDATA%\esentutl.exe
  • %WINDIR%\SYSTEM32\drivers\mqtgsvc.exe
The following registry elements have been created:
  • HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\
  • HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\
The following registry elements have been changed:
  • HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\LOAD = %WINDIR%\SYSTEM32\drivers\mqtgsvc.exe
  • HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\CMSTP = %WINDIR%\cmstp.exe /waitservice
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\IEUDINIT = C:\DOCUME~1\ADMINI~1.VMG\LOCALS~1\APPLIC~1\ieudinit.exe /waitservice
  • HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\ESENT UTL = C:\DOCUME~1\ADMINI~1.VMG\APPLIC~1\esentutl.exe /waitservice
 
Posted in Generic.tfr!k!D9296BE​1A117 Trojan Virus and how to clean | Tags: , , , ,

Comments

No comments so far.

(comments are closed)

 

Blogroll

Tags

anti malware antivirus AVG backdoor fake security software generic infected Internet Explorer IRC virus malwarebytes melwarebytes messaging Microsoft Security Essentials Popup Blocker quicktime removal scareware spyware threat Trojan trojan horse Virus virus removal Vulnerability w32 W32/Autorun windows worm

Resources