Jump to content

Malware


Recommended Posts

  • Staff

Hi,

* Open notepad - don't use any other texteditor than notepad or the script will fail.

Copy/paste the text in the quotebox below into notepad:

File::

c:\windows\system32\fosajugu.dll

c:\windows\system32\jimarofi.dll

c:\windows\system32\kodatewe.exe

c:\windows\system32\legadaza.dll

c:\windows\system32\ravebavi.dll

c:\windows\system32\yoharaje.dll

c:\windows\system32\yowokifo.dll

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8bc215be-cbbe-4e12-aa9a-bbf00b9e63be}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=-

"AppInit_DLLs"=""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\lsass.exe"=-

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.