Friday, November 7, 2008

Covesmer Trojan

How To Remove Remove Covesmer?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Covesmer is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Trojans-downloaders downloads and installs new malware or adware on the computer.



Covesmer It also known as:

[Kaspersky]Backdoor.Win32.SdBot.ate,Trojan-Downloader.Win32.Delf.ayr,Trojan.Win32.Agent.pk,Trojan.Win32.Qhost.it;
[McAfee]Generic Downloader.c,Spam-DComServ;
[F-Prot]W32/Trojan.GMV;
[Other]Win32/Covesmer.M,Win32/Covesmer.V,Win32/Covesmer.AK,Backdoor.Win32.Agent.adr,trojan-backdoor-msdcom32,Win32/Covesmer.F,Win32/Covesmer!generic

Covesmer Symptoms:

Files:
[%SYSTEM%]\drivers\etc\hosts
[%SYSTEM%]\drivers\etc\hosts.tim
[%PROFILE_TEMP%]\hwfjzklv.exe
[%SYSTEM%]\2236_26.dll
[%SYSTEM%]\drivers\etc\hosts
[%SYSTEM%]\drivers\etc\hosts.tim
[%PROFILE_TEMP%]\hwfjzklv.exe
[%SYSTEM%]\2236_26.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{2c1cd3d7-86ac-4068-93bc-a02304b25319}
HKEY_CLASSES_ROOT\clsid\{2c1cd3d7-86ac-4068-93bc-a02304bb2236}

Registry Values:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

No comments: