Tuesday, November 11, 2008

Pigeon Trojan

How To Remove Pigeon?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Pigeon is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.



Pigeon It also known as:

[Kaspersky]Backdoor.GrayBird.g,Backdoor.Win32.GrayBird.gw,Backdoor.Win32.Hupigon.gs,Backdoor.Win32.Hupigon.bsw,Backdoor.win32.Pigeon.gen,Backdoor.win32.Hupigon.bmq,Backdoor.Win32.Hupigon.akq,Backdoor.Win32.Hupigon.aei,Backdoor.Win32.Hupigon.bca,Backdoor.Win32.Hupigon.ui,Packed.Win32.PePatch.ba,Backdoor.Win32.Hupigon.akm,Backdoor.Win32.Hupigeon.ih,Backdoor.Win32.Hupigon.aj,Backdoor.Win32.Hupigon.cpb,Backdoor.Win32.Hupigon.dfl,Backdoor.Win32.Hupigon.si,Backdoor.Win32.Hupigon.dsj,Backdoor.Win32.Hupigon.cts,Backdoor.Win32.Hupigon.dhs,Backdoor.Win32.Hupigeon.bld,Backdoor.Win32.Hupigon.cwd,Backdoor.Win32.Hupigeon.apx,Backdoor.Win32.Hupigon.cda,Backdoor.Win32.Hupigon.brc,Backdoor.Grayburd,Backdoor.Win32.Hupigon.adt,Backdoor.Win32.Hupigon.dsx,Backdoor.Win32.Hupigon.afx,Trojan-Downloader.Win32.Delf.apy,Backdoor.Win32.Hupigon.dtp,Backdoor.Win32.Hupigon.cir,Trojan-PSW.Win32.OnLineGames.bm,Backdoor.Win32.Hupigeon.ich;
[Eset]Win32/GreyBird.G trojan;
[McAfee]Backdoor-SO,Backdoor-AVW,Backdoor-AWQ.b,Backdoor-AWQ,BackDoor-AWQ.b,BackDoor-AWQ.b.dldr,BackDoor-AWQ.dll,Backdoor-ARR,BackDoor-ALC;
[F-Prot]W32/Hupigon.EG,W32/Trojan-Hupigon-based!Maximus;
[Computer Associates]Backdoor/Pigeon,Win32.Pigeon.2003.b2;
[Other]BKDR_HUPIGON.GP,Troj/Feutel-I,Backdoor.Graybird.Q,Win32/Pigeon.EE,Win32/Pigeon.EK,Backdoor.Win32.Hupigon.brw,Backdoor.Graybird,Win32/Pigeon.EG,Win32/Pigeon.EB,Win32/Pigeon.EC,Backdoor.Hupigeon,Win32/Pigeon.EA,Win32/Pigeon.EM,Win32/Pigeon.EN,Backdoor.Graybird.K,Win32/Pigeon.DZ,Backdoor.Win32.Hupigeon.rf,Backdoor.Greybird,Win32/Malum.EKI,Win32/Pigeon.FJ,Win32/Pigeon.X!plugin,Win32/Pigeon.ED,Win32/Pigeon.GB,Win32/Pigeon.GD,W32/Hupigon.SOW,Win32/Pigeon.GK,Win32/Pigeon.GZ,W32/Hupigon.AUG,Troj/Hupigon-BT,Win32/Pigeon.GV,Backdoor.Trojan,W32/Hupigon.ABUS,Win32/Pigeon.HA,W32/Hupigon.ZDN,Win32/Pigeon.HG,Win32/Pigeon.IK,Win32/Pigeon.KH,Win32/Pigeon.KI,Win32/Pigeon.KY,Trojan.Dropper,Win32/Pigeon.LA,Win32/Pigeon.KV,Win32/Pigeon.KW,Win32/Pigeon.LJ,Win32/Pigeon.LK,Win32/Pigeon.NN,Win32/Pigeon.PP,TrojanDropper:Win32/Hupigon.gen!A,W32/Smalldoor.KXR,Win32/Pigeon.PU,Troj/Agent-FPZ,Win32/Pigeon.RY,Troj/Hupigon-SM,BKDR_HUPIGON.BTZ,Win32/Pigeon.SQ,Win32/Pigeon.SP,Win32/Pigeon.SN,Hupigon.gen110,Trojan.Graybird,Hupigon.gen.101,Backdoor:Win32/Hupigon!2AED,Infostealer.Gampass,Win32/Pigeon.YL,Win32/Pigeon.ZP

Pigeon Symptoms:

Files:
[%COMMON_PROGRAMS%]\GAIN Publishing\GAIN Publishing Web Site.URL
[%COMMON_PROGRAMS%]\GAIN(2)\GAIN Website.URL
[%PROGRAM_FILES%]\Messenger\svchost.exe
[%PROGRAM_FILES_COMMON%]\CMEII\CMESys.exe
[%PROGRAM_FILES_COMMON%]\CMEII\CMEUpd.exe
[%PROGRAM_FILES_COMMON%]\CMEII\GFormCTM.dll
[%PROGRAM_FILES_COMMON%]\CMEII\GSvcMgr.dll
[%PROGRAM_FILES_COMMON%]\CMEII\GSvcSAP.dll
[%PROGRAM_FILES_COMMON%]\GMT\2od6npa984\ga\1151.ga
[%PROGRAM_FILES_COMMON%]\GMT\2od6npa984\ga\446.ga
[%PROGRAM_FILES_COMMON%]\GMT\2od6npa984\ga\613.ga
[%PROGRAM_FILES_COMMON%]\GMT\2od6npa984\ga\779.ga
[%PROGRAM_FILES_COMMON%]\GMT\2od6npa984\ga\886.ga
[%PROGRAM_FILES_COMMON%]\GMT\EGGCEngine.dll
[%PROGRAM_FILES_COMMON%]\GMT\GMT.exe
[%PROGRAM_FILES_COMMON%]\GMT\GMT.exe.manifest
[%PROGRAM_FILES_COMMON%]\GMT\scripts\msn.com.esp
[%SYSTEM%]\icsxml\pcs\License.txt
[%SYSTEM%]\pcs\License.txt
[%SYSTEM%]\SVKP.sys
[%SYSTEM%]\system.exe
[%SYSTEM%]\wintems.exe
[%WINDOWS%]\gatorgaininstaller.log
[%WINDOWS%]\gatorhdplugin.log
[%WINDOWS%]\gatorpatch.log
[%WINDOWS%]\gatorpdpsetup.log
[%WINDOWS%]\G_Server2006.exe
[%WINDOWS%]\igator\trickler3103_pic_fs_dmpt_3103.exe
[%WINDOWS%]\winhlep.exe
[%PROGRAM_FILES%]\intel\svch0st.dll
[%PROGRAM_FILES%]\intel\svch0st.exe
[%PROGRAM_FILES%]\intel\svch0stkey.dll
[%PROGRAM_FILES%]\System\svchost.exe
[%SYSTEM%]\G_Server1.23.exe
[%SYSTEM%]\Loginc
[%SYSTEM%]\lyysys.dat
[%SYSTEM%]\rpc.exe
[%SYSTEM%]\ssme.txt
[%SYSTEM%]\sysligin.exe
[%SYSTEM%]\sysliginKey.DLL
[%WINDOWS%]\G_Server.dll
[%WINDOWS%]\G_Server.exe
[%WINDOWS%]\G_Server1.2.exe
[%WINDOWS%]\G_Server_Hook.dll
[%WINDOWS%]\Hacker.com.cn.exe
[%WINDOWS%]\Hacker.com.cn.ini
[%WINDOWS%]\system3.exe
[%WINDOWS%]\twintemp.exe
[%WINDOWS%]\vagaa.exe
[%WINDOWS%]\win32.dll
[%WINDOWS%]\windos.DLL
[%WINDOWS%]\windos.exe
[%WINDOWS%]\windos_HOOk.DLL
[%WINDOWS%]\windows_system32.exe
[%COMMON_PROGRAMS%]\GAIN Publishing\GAIN Publishing Web Site.URL
[%COMMON_PROGRAMS%]\GAIN(2)\GAIN Website.URL
[%PROGRAM_FILES%]\Messenger\svchost.exe
[%PROGRAM_FILES_COMMON%]\CMEII\CMESys.exe
[%PROGRAM_FILES_COMMON%]\CMEII\CMEUpd.exe
[%PROGRAM_FILES_COMMON%]\CMEII\GFormCTM.dll
[%PROGRAM_FILES_COMMON%]\CMEII\GSvcMgr.dll
[%PROGRAM_FILES_COMMON%]\CMEII\GSvcSAP.dll
[%PROGRAM_FILES_COMMON%]\GMT\2od6npa984\ga\1151.ga
[%PROGRAM_FILES_COMMON%]\GMT\2od6npa984\ga\446.ga
[%PROGRAM_FILES_COMMON%]\GMT\2od6npa984\ga\613.ga
[%PROGRAM_FILES_COMMON%]\GMT\2od6npa984\ga\779.ga
[%PROGRAM_FILES_COMMON%]\GMT\2od6npa984\ga\886.ga
[%PROGRAM_FILES_COMMON%]\GMT\EGGCEngine.dll
[%PROGRAM_FILES_COMMON%]\GMT\GMT.exe
[%PROGRAM_FILES_COMMON%]\GMT\GMT.exe.manifest
[%PROGRAM_FILES_COMMON%]\GMT\scripts\msn.com.esp
[%SYSTEM%]\icsxml\pcs\License.txt
[%SYSTEM%]\pcs\License.txt
[%SYSTEM%]\SVKP.sys
[%SYSTEM%]\system.exe
[%SYSTEM%]\wintems.exe
[%WINDOWS%]\gatorgaininstaller.log
[%WINDOWS%]\gatorhdplugin.log
[%WINDOWS%]\gatorpatch.log
[%WINDOWS%]\gatorpdpsetup.log
[%WINDOWS%]\G_Server2006.exe
[%WINDOWS%]\igator\trickler3103_pic_fs_dmpt_3103.exe
[%WINDOWS%]\winhlep.exe
[%PROGRAM_FILES%]\intel\svch0st.dll
[%PROGRAM_FILES%]\intel\svch0st.exe
[%PROGRAM_FILES%]\intel\svch0stkey.dll
[%PROGRAM_FILES%]\System\svchost.exe
[%SYSTEM%]\G_Server1.23.exe
[%SYSTEM%]\Loginc
[%SYSTEM%]\lyysys.dat
[%SYSTEM%]\rpc.exe
[%SYSTEM%]\ssme.txt
[%SYSTEM%]\sysligin.exe
[%SYSTEM%]\sysliginKey.DLL
[%WINDOWS%]\G_Server.dll
[%WINDOWS%]\G_Server.exe
[%WINDOWS%]\G_Server1.2.exe
[%WINDOWS%]\G_Server_Hook.dll
[%WINDOWS%]\Hacker.com.cn.exe
[%WINDOWS%]\Hacker.com.cn.ini
[%WINDOWS%]\system3.exe
[%WINDOWS%]\twintemp.exe
[%WINDOWS%]\vagaa.exe
[%WINDOWS%]\win32.dll
[%WINDOWS%]\windos.DLL
[%WINDOWS%]\windos.exe
[%WINDOWS%]\windos_HOOk.DLL
[%WINDOWS%]\windows_system32.exe

Folders:
[%COMMON_PROGRAMS%]\gain
[%PROFILE_TEMP%]\fsg_tmp
[%PROGRAM_FILES_COMMON%]\cmeii
[%PROGRAM_FILES_COMMON%]\gmt
[%PROGRAM_FILES%]\popup blockade
[%WINDOWS%]\temp\adware
[%PROGRAM_FILES%]\common files\cmeii
[%PROGRAM_FILES%]\common files\gmt
[%PROGRAM_FILES%]\HllServer

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
HKEY_LOCAL_MACHINE\software\classes\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
HKEY_LOCAL_MACHINE\software\gator.com
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_svkp
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_windows
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_winhelp
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\svkp
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\windows
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winhelp
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_computer_browsercn
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_dbifsi
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_distributd_link_traking_cie
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_graypigeonserver1.23
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_graypigeon_hacker.com.cn
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_rising_auto_updating
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_system_ipsec_services
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_vista_xp___
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_windows*00c6*00f4*00b6*00af*00b7*00fe*00ce*00f1
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_windows_xp_vagaa____
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_windows_xp_vista________
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_winsysloginservise
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\computer browsercn
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dbifsi
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\distributd link traking cie
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\graypigeonserver1.23
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\graypigeon_hacker.com.cn
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\portable media serial.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\rapg
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\remote (rpc)
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\rising auto updating
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\system ipsec services
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\windows xp vagaa
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\windows xp vista
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\windowsÆô¶¯·þÎñ
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsysloginservise

Registry Values:
HKEY_CLASSES_ROOT\mime\database\content type\application/aquatica
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\fileexts\.te\openwithlist
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\popup blockade
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\popup blockade
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\popup blockade
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gbserver
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gbserver\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gbserver\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gbserver\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gbserver\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gbserver\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gbserver\0000\control
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gbserver\0000\control
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gbserver
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gbserver
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gbserver
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gbserver
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gbserver
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gbserver
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gbserver\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gbserver\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gbserver\enum


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

No comments: