The last two months have been rather hectic. In the end of November I started to work for a game developer. So far it has been a great experience, but unfortunately I've had to set the goals for FreeFixer a bit lower than before. Anyway, it's a new year, FreeFixer 0.26 has been released, and the same old spyware is installing through security holes. The infections listed below was extremely nasty since it made the computer crash with a blue screen around 60 seconds after every reboot.
FreeFixer v0.26 log http://www.freefixer.com/ Operating system: Windows XP Service Pack 1 Log dated 2008-02-03 13:02 Winlogon Notify (9 whitelisted) iebvss32 - C:\WINDOWS\System32\iebvss32.dll (Remove) System policies HKCU\..\policies\system, DisableTaskMgr = 1 (Remove) Registry Startups HKLM\..\Run, System = C:\WINDOWS\System32\kernelwind64.exe (Remove) HKLM\..\Run, SystemSv121 = C:\WINDOWS\System32\n2ewma1xxsv234.exe (Remove) HKLM\..\Run, SystemSv12 = C:\WINDOWS\System32\newmaxxsv234.exe (Remove) HKCU\..\Run, MSMSGS = "C:\Program\Messenger\msmsgs.exe" /background HKCU\..\Run, Windows update loader = C:\Windows\xpupdate.exe (Remove) HKCU\..\Run, Service Pack 1 = C:\WINDOWS\System32\vedxg6ame4.exe (Remove) HKCU\..\Run, Brave-Sentry = C:\Program Files\BraveSentry\BraveSentry.exe (Remove) Autostart shortcuts letgo.exe, , C:\Documents and Settings\All Users\Start-meny\Program\Autostart\letgo.exe (Remove) HOSTS file 124.217.252.77 www.bravesentry.com (Remove) 124.217.252.77 bravesentry.com (Remove) 124.217.252.78 secure.isoftpay.com (Remove) 124.217.252.77 www.bravesentry.com (Remove) 124.217.252.77 bravesentry.com (Remove) 124.217.252.78 secure.isoftpay.com (Remove) 124.217.252.77 www.bravesentry.com (Remove) 124.217.252.77 bravesentry.com (Remove) 124.217.252.78 secure.isoftpay.com (Remove) 124.217.252.77 www.bravesentry.com (Remove) 124.217.252.77 bravesentry.com (Remove) 124.217.252.78 secure.isoftpay.com (Remove) Processes (15 whitelisted) C:\WINDOWS\System32\kernelwind64.exe (Remove) C:\WINDOWS\System32\n2ewma1xxsv234.exe (Remove) C:\WINDOWS\System32\newmaxxsv234.exe (Remove) C:\Program\Messenger\msmsgs.exe C:\Windows\xpupdate.exe (Remove) C:\Program\FreeFixer\freefixer.exe C:\WINDOWS\System32\dllgh8jkd1q1.exe (Remove) C:\WINDOWS\System32\dllgh8jkd1q6.exe (Remove) C:\WINDOWS\System32\dllgh8jkd1q7.exe (Remove) C:\WINDOWS\System32\dllgh8jkd1q5.exe (Remove) C:\Program Files\BraveSentry\BraveSentry.exe (Remove) Services (33 whitelisted) mnmsrvcTermService, NetMeeting Remote Desktop Sharing mnmsrvcTermService, c:\windows\system32\algg.exe (Remove) RasManNtmsSvc, Remote Access Connection Manager RasManNtmsSvc, c:\windows\system32\acluim.exe (Remove) Spoolerdmserver, Print Spooler Spoolerdmserver, c:\windows\system32\appmgmtsc.exe (Remove) SpoolerdmserverCOMSysApp, Print Spooler Spoolerdmserver SpoolerdmserverCOMSysApp, c:\windows\system32\apcupss.exe (Remove)
Lyn H writes