fay2006 - 2006-9-6 16:35:00
Logfile(Search) of Trojan.PWS.Wow(SMSS,WINLOGON,LSASS) - Removal Tool v0.2 Build 0717
Author: Krazaf/tkabc (krazaf@gmail.com)
Searching for the suspicious process(es):
========================================
Searching for the suspicious files:
========================================
Searching for the suspicious registry values:
-HKLM\....Run
========================================
Scanning the registry:
-HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon:
Shell = Explorer.exe
-The (default) value of HKCR\exefile\shell\open\command:
"%1" %*
-The (default) value of HKCR\.exe:
exefile
-The value 'Command' in HKCR\.lnk\ShellNew:
rundll32.exe appwiz.cpl,NewLinkHere %1
-The (default) value of HKCR\scrfile\shell\install\command:
rundll32.exe desk.cpl,InstallScreenSaver %l
-The value 'Command' in HKCR\.bfc\ShellNew:
%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\syncui.dll,Briefcase_Create %2!d! %1
-The (default) value of HKCR\cplfile\shell\cplopen\command:
rundll32.exe shell32.dll,Control_RunDLL "%1",%*
-The (default) value of HKCR\dunfile\shell\open\command:
%SystemRoot%\system32\RUNDLL32.EXE NETSHELL.DLL,InvokeDunFile %1
-The (default) value of HKCR\htmlfile\shell\open\command:
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
-The (default) value of HKCR\inffile\shell\Install\command:
%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
-The (default) value of HKCR\Unknown\shell\openas\command:
%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
-Possible Infection!!!---The (default) value of HKCR\HTTP\shell\open\command:
"C:\Program Files\Internet Explorer\iexplore.exe" "%1"
========================================
Remarks:The files below cannot be removed by this tool.Please submit this logfile to krazaf@gmail.com!
Special Scanning Result:
===========================
Searching for any suspicious autorun.inf:
End of log
© 2000 - 2025 Rising Corp. Ltd.