Wednesday, December 10, 2008

Frethog Trojan

How To Remove Frethog?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Frethog is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.


Frethog It also known as:

[Kaspersky]Trojan-PSW.Win32.Agent.iu,Trojan-PWS.Win32.Agent.iu,Trojan-PSW.Win32.OnLineGames.bs,Trojan-PSW.Win32.OnLineGame.bs,Trojan-PSW.Win32.OnLineGames.es,Trojan-PSW.Win32.OnLineGames.gs,Trojan-PWS.Win32.WOW.qf,Trojan-PSW.Win32.OnLineGame.gs,Trojan-PSW.Win32.WOW.qr,Trojan-PSW.Win32.OnLineGames.qp,Trojan-PSW.Win32.OnLineGames.tz,Trojan-PSW.Win32.OnLineGames.uf,Trojan-PSW.Win32.OnLineGames.mp,Trojan.Win32.Qhost.Ip,Trojan-PSW.Win32.OnLineGames.tk,Trojan-PSW.Win32.Nilage.bju,Trojan-Downloader.Win32.Agent.bna,Trojan-PSW.Win32.OnLinesGames.es,Trojan-PSW.Win32.OnLineGames.te,Trojan-PSW.Win32.WOW.qo,Trojan-PSW.WIn32.OnLineGames.xg,Trojan-PSW.Win32.OnLineGames.sc,Trojan-PSW.Win32.OnLineGames.sy,Trojan-PSW.Win32.OnLineGames.ry,Trojan-PSW.Win32.OnLineGames.ox,Trojan-PSW.Win32.OnlineGames.wz,Trojan-PSW.Win32.OnLineGames.tl,Trojan-PSW.Win32.OnLineGames.yn,Trojan-PSW.Win32.Small.cf,Worm.Win32.Agent.aj,Trojan-PSW.Win32.OnLineGames.kw,Trojan-PWS.OnLineGames.aci,Trojan-Downloader.Win32.Agent.bek,Trojan-Downloader.Win32.Agent.dey,Trojan-PSW.Win32.OnLineGames.edt,Trojan-PSW.Win32.Nilage.bty;
[McAfee]PWS-Legmir.dll,PWS-Lineage,New Malware.w,PWS-LegMir.gen.b,PWS-WoW,PWS-Mmorpg.gen,PWS-LegMir,New malware.aj,Generic.PWS;
[F-Prot]W32/PWStealer.AIN,W32/PWStealer,W32/PWStealer.gen1,W32/PWStealer.JBY,W32/PWStealer.GQS,W32/PWStealer.JTI,W32/PWStealer2!Generic;
[Other]Win32/Frethog,win32/Frethog.B,Infostealer,Infostealer.Menghuan,TSPY_AGENT.FUY,Win32/Frethog.H,W32/OnLineGames.FX,Infostealer.Gampass,Win32/Frethog.BT,Win32/Frethog.BH,Win32/Frethog.BI,Win32/Frethog.BD,Win32/Frethog.AX,Win32/Frethog.BU,Infostealer.Perfwo,W32/Blackhole.LN,Mal/Packer,Win32/Frethog.AG,Win32/Frethog.BF,Win32/Frethog.DB,Win32/Frethog.DC,Win32/Frethog.DU,Win32/Frethog.IJ,Win32/Frethog.IG,Win32/Frethog.IM,Win32/Frethog.IO,Win32/Frethog.JG,Win32/Frethog!generic,Win32/Frethog.KQ,Win32/Frethog.KR,Win32/Frethog.KS,Win32/Frethog.KT,Win32/Frethog.KU,Win32/Frethog.KV,Win32/Frethog.JU,Win32/Frethog.OB,Win32/Frethog.OX,Win32/Frethog.ND,VirTool:Win32/Obfuscator.A,OnlineGames.dam,TSPY_ONLINEG.BLG,Trojan.Win32.NSAnti.b,PWS:Win32/Frethog.E,W32/OnLineGames.DDZ,TSPY_ONLINEG.BIF,Troja/PSW-Gen,Trojan-PWS.7BE35CC9,Win32/Frethog.QR,PWS:Win32/Frethog.C,W32/Horst.gen31,Win32/Frethog.QO,TSPY_ONLINEG.AXS,Win32/Frethog.QV,W32/OnLineGames.GJP,Win32/Frethog.SL,Win32/Frethog.SG,Win32/Frethog.SF,Win32/Frethog.SE,Win32/Frethog.SD,Win32/Frethog.SC,Win32/Frethog.SI,Win32/Frethog.SR,Virus:Win32/Detnat.F,W32/Viking.gen4,TROJ_Generic,Mal/EncPk-F,INfostealer.Gampass,Win32/Frethog.TI,Win32/Frethog.TH,Win32/Frethog.SS,Trojan.Packed.NsAnti,Mal/EncPk-I,Infostealer.Wowcraft,Infostealer.Gamepass,Win32/Frethog.UF,Win32/Frethog.UG,Win32/Frethog.UH,Win32/Frethog.VB,PWS:Win32/Frethog.D,W32/Suspicious_U.gen.dropper,TPSY_LEGMIR.AWY,TSPY_FRETHOG.PU,Win32/Frethog WT,Win32/Frethog.WS,Win32/Frethog.XD,Win32/Frethog.WR,PWS:Win32/Frethog.F,PWS:Win32/Frethog.gen!E,TSPY_ONLINEG.HVZ,Mal/Gampass-A,W32/Hupigon.gen67,W32/Lineage.AXZP,TSPY_NILAGE.PY

Frethog Symptoms:

Files:
[%PROFILE_TEMP%]\woso.exe
[%PROFILE_TEMP%]\woso0.dll
[%PROFILE_TEMP%]\ztso.exe
[%PROFILE_TEMP%]\ztso0.dll
[%SYSTEM%]\dllhost32.exe
[%SYSTEM%]\mppds.dll
[%SYSTEM%]\NVDispDrv.dll
[%WINDOWS%]\mppds.exe
[%WINDOWS%]\NVDispDrv.exe
[%PROFILE%]\Temp\zts0.dll
[%PROFILE_TEMP%]\mhs0.dll
[%PROFILE_TEMP%]\mhs2.dll
[%PROFILE_TEMP%]\mhs2.exe
[%PROFILE_TEMP%]\mhso.exe
[%PROFILE_TEMP%]\mhso0.dll
[%PROFILE_TEMP%]\RavMonD.exe
[%PROFILE_TEMP%]\wgso.exe
[%PROFILE_TEMP%]\wgso0.dll
[%PROFILE_TEMP%]\wlzs.dll
[%PROFILE_TEMP%]\wlzs.exe
[%PROFILE_TEMP%]\zts2.dll
[%PROFILE_TEMP%]\zts2.exe
[%PROGRAM_FILES%]\Internet Explorer\RAVDHMON.DAT
[%PROGRAM_FILES%]\Internet Explorer\RAVDHMON.exe
[%PROGRAM_FILES%]\Internet Explorer\RAVTLMON.DAT
[%PROGRAM_FILES%]\Internet Explorer\RAVTLMON.exe
[%SYSTEM%]\cmdbcs.dll
[%SYSTEM%]\dh2103.dll
[%SYSTEM%]\DiskMan32.dll
[%SYSTEM%]\Kvsc3.dll
[%SYSTEM%]\mh104.dll
[%SYSTEM%]\MOSOU.dll
[%SYSTEM%]\mosou.exe
[%SYSTEM%]\nmhxy.dll
[%SYSTEM%]\nmhxy.exe
[%SYSTEM%]\nwizdh.exe
[%SYSTEM%]\nwiztlbb.dll
[%SYSTEM%]\nwiztlbu.exe
[%SYSTEM%]\nwizwmgjs.dll
[%SYSTEM%]\nwizwmgjs.exe
[%SYSTEM%]\nwizzhuxians.dll
[%SYSTEM%]\nwizzhuxians.exe
[%SYSTEM%]\RAV00AE.DAT
[%SYSTEM%]\RAV00AE.exe
[%SYSTEM%]\RAVMY623.dll
[%SYSTEM%]\upxdnd.dll
[%SYSTEM%]\vbsdaas2.exe
[%SYSTEM%]\WSVBRS.dll
[%SYSTEM%]\wsvbs.dll
[%SYSTEM%]\wsvbs.exe
[%SYSTEM%]\xk1s0.dll
[%WINDOWS%]\cmdbcs.exe
[%WINDOWS%]\DiskMan32.exe
[%WINDOWS%]\Kvsc3.exe
[%WINDOWS%]\mhs3.exe
[%WINDOWS%]\upxdnd.exe
[%WINDOWS%]\wsvbs.exe
[%WINDOWS%]\zts3.exe
[%PROFILE_TEMP%]\woso.exe
[%PROFILE_TEMP%]\woso0.dll
[%PROFILE_TEMP%]\ztso.exe
[%PROFILE_TEMP%]\ztso0.dll
[%SYSTEM%]\dllhost32.exe
[%SYSTEM%]\mppds.dll
[%SYSTEM%]\NVDispDrv.dll
[%WINDOWS%]\mppds.exe
[%WINDOWS%]\NVDispDrv.exe
[%PROFILE%]\Temp\zts0.dll
[%PROFILE_TEMP%]\mhs0.dll
[%PROFILE_TEMP%]\mhs2.dll
[%PROFILE_TEMP%]\mhs2.exe
[%PROFILE_TEMP%]\mhso.exe
[%PROFILE_TEMP%]\mhso0.dll
[%PROFILE_TEMP%]\RavMonD.exe
[%PROFILE_TEMP%]\wgso.exe
[%PROFILE_TEMP%]\wgso0.dll
[%PROFILE_TEMP%]\wlzs.dll
[%PROFILE_TEMP%]\wlzs.exe
[%PROFILE_TEMP%]\zts2.dll
[%PROFILE_TEMP%]\zts2.exe
[%PROGRAM_FILES%]\Internet Explorer\RAVDHMON.DAT
[%PROGRAM_FILES%]\Internet Explorer\RAVDHMON.exe
[%PROGRAM_FILES%]\Internet Explorer\RAVTLMON.DAT
[%PROGRAM_FILES%]\Internet Explorer\RAVTLMON.exe
[%SYSTEM%]\cmdbcs.dll
[%SYSTEM%]\dh2103.dll
[%SYSTEM%]\DiskMan32.dll
[%SYSTEM%]\Kvsc3.dll
[%SYSTEM%]\mh104.dll
[%SYSTEM%]\MOSOU.dll
[%SYSTEM%]\mosou.exe
[%SYSTEM%]\nmhxy.dll
[%SYSTEM%]\nmhxy.exe
[%SYSTEM%]\nwizdh.exe
[%SYSTEM%]\nwiztlbb.dll
[%SYSTEM%]\nwiztlbu.exe
[%SYSTEM%]\nwizwmgjs.dll
[%SYSTEM%]\nwizwmgjs.exe
[%SYSTEM%]\nwizzhuxians.dll
[%SYSTEM%]\nwizzhuxians.exe
[%SYSTEM%]\RAV00AE.DAT
[%SYSTEM%]\RAV00AE.exe
[%SYSTEM%]\RAVMY623.dll
[%SYSTEM%]\upxdnd.dll
[%SYSTEM%]\vbsdaas2.exe
[%SYSTEM%]\WSVBRS.dll
[%SYSTEM%]\wsvbs.dll
[%SYSTEM%]\wsvbs.exe
[%SYSTEM%]\xk1s0.dll
[%WINDOWS%]\cmdbcs.exe
[%WINDOWS%]\DiskMan32.exe
[%WINDOWS%]\Kvsc3.exe
[%WINDOWS%]\mhs3.exe
[%WINDOWS%]\upxdnd.exe
[%WINDOWS%]\wsvbs.exe
[%WINDOWS%]\zts3.exe

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5ff01121-f04d-30cf-64cd-74ff5fe1cf1c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6a202101-f04d-11cf-64cd-31ff5fe1cf20}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{77709117-a10d-41cf-64cd-51ff5fe1cf41}
HKEY_LOCAL_MACHINE\software\microsoft\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove Download Plugin Trojan
Snmpsniff Trojan Removal instruction
SillyDl.CJO Trojan Cleaner

No comments: