Remove W32.Spamuzle.E
Posted on: February 27th, 2009
| Discovered: | February 24, 2009 |
| Updated: |
February 25, 2009 6:21:40 AM |
| Type: |
Trojan |
| Systems Affected: |
Windows XP, Windows Server 2003, Windows 2000 |
| Recommended Action: |
|
You will see the download link on their website, once installed it will perform a full system scan on your machine for free.
|
| Technical Details: |
|
When the Trojan executes, it infects the following files: * %Windir%\explorer.exe Note: The above files are detected as W32.Spamuzle.E!inf. The infected explorer.exe files drop the following file when executed: %System%\[RANDOM CHARACTERS].dll Note: Multiple files with random file names will be created. The Trojan then creates a backup copy of %System%\sfc_os.dll in the following location: It then deletes the following files: * %System%\dllcache\sfc.dll It then modifies the following files: * %System%\drivers\tcpip.sys The Trojan then creates the following registry entry so that it runs whenever Windows starts: It also creates the following registry subkey: The Trojan then modifies the following registry entries: * HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"SFCDisable" = "ffffff9d" The Trojan also modifies the following registry entry: The Trojan then attempts to end the following process: The Trojan has rootkit capabilities that enable it to hide its presence. Next, the Trojan deletes the following DNS cache entries: * 63.226.12.96 The Trojan may then perform the following actions on the compromised computer: * Gather email addresses in order to send spam * Check for the presence of certain software by searching the registry The Trojan sends the gathered information to a remote server by connecting to the following URL: |
| Action Steps: |
 FREE SCAN: NoAdware can remove W32.Spamuzle.E. Click the link below for your free download & scan your PC now.
MANUAL REMOVAL: Please click here for manual removal instructions. |
