Search:  In

 W32.Spybot.AQGF - Description


 Browse by name

  
 | misc | a | b | c | d | e | f | g | h | i | j | k | l | m | n | o | p | q | r | s | t | u | v | w | x | y | z |

Description:
W32.Spybot.AQGF is a worm that spreads through mIRC and to network shares protected by weak passwords. It also spreads by exploiting system vulnerabilities. The worm opens a back door on the compromised computer.


Alias:

Category:
Worm

Automatic Removal: Most effective removal tool is: Easy SpyRemover

Manual Removal:



Stop Runnin Processes:
C:\a.bat


Unregister DLLs:



Clean Registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Microsoftt Windows Update" = "[FIVE RANDOM CHARACTERS].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\"Microsoftt Windows Update" = "[FIVE RANDOM CHARACTERS].exe"
HKEY_USERS\S-1-5-21-854245398-1645522239-682003330-500\Software\Microsoft\Windows\CurrentVersion\Run\"Microsoftt Windows Update" = "[FIVE RANDOM CHARACTERS].exe"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"Default" = ":*:Enabled:Microsoftt Windows Update"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"Default" = ":*:Enabled:Microsoftt Windows Update"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\"TransportBindName" = ""
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\"Start" = "4"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\"Start" = "4"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvc\"Start" = "4"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\"EnableDCOM" = "N"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\"EnableRemoteConnect" = "N"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\"restrictanonymous" = "1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT1.0\Server\"Enabled" = "0x00"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\"AutoShareWks" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\"AutoShareServer" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"NameServer" = ""
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"ForwardBroadcasts" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"IPEnableRouter" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"Domain" = ""
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"SearchList" = ""
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"UseDomainNameDevolution" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"EnableICMPRedirect" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"DeadGWDetectDefault" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"DontAddDefaultGatewayDefault" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"EnableSecurityFilters" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"AllowUnqualifiedQuery" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"PrioritizeRecordData" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"TCP1320Opts" = "3"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"KeepAliveTime" = "23280"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"BcastQueryTimeout" = "0x000002ee"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"BcastNameQueryCount" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"CacheTimeout" = "0x0000ea60"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"Size/Small/Medium/Large" = "3"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"LargeBufferSize" = "1000"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"SynAckProtect" = "2"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"PerformRouterDiscovery" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"EnablePMTUBHDetect" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"FastSendDatagramThreshold " = "400"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"StandardAddressLength " = "18"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"DefaultReceiveWindow " = "4000"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"DefaultSendWindow" = "4000"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"BufferMultiplier" = "200"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"PriorityBoost" = "2"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"IrpStackSize" = "4"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"IgnorePushBitOnReceives" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"DisableAddressSharing" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"AllowUserRawAccess" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"DisableRawSecurity" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"DynamicBacklogGrowthDelta" = "32"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"FastCopyReceiveThreshold" = "400"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"LargeBufferListDepth" = "0x0000000a"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"MaxActiveTransmitFileCount" = "2"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"MaxFastTransmit" = "40"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"OverheadChargeGranularity" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"SmallBufferListDepth" = "20"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"SmallerBufferSize" = "80"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"TransmitWorker" = "20"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"DNSQueryTimeouts" ="hex(7):31,00,00,00,32,00,00,00,32,00,00,00,34,00,00,00,38,00,00,00,30,00,00,00,00,00"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"DefaultRegistrationTTL" = "14"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"DisableReplaceAddressesInConflicts" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"DisableReverseAddressRegistrations" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"UpdateSecurityLevel " = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"DisjointNameSpace" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"QueryIpMatching" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"NoNameReleaseOnDemand" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"EnableDeadGWDetect" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"EnableFastRouteLookup" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"MaxFreeTcbs" = "0x000007d0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"MaxHashTableSize" = "800"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"SackOpts" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"Tcp1323Opts" = "3"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"TcpMaxDupAcks" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"TcpRecvSegmentSize" = "585"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"TcpSendSegmentSize" = "585"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"TcpWindowSize" = "0x0007d200"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"DefaultTTL" = "30"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"TcpMaxHalfOpen" = "0x0000004b"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"TcpMaxHalfOpenRetried" = "50"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"TcpTimedWaitDelay" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"MaxNormLookupMemory" = "0x00030d40"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"FFPControlFlags" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"FFPFastForwardingCacheSize" = "0x00030d40"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"MaxForwardBufferMemory" = "0x00019df7"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"MaxFreeTWTcbs" = "0x000007d0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"GlobalMaxTcpWindowSize" = "0x0007d200"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"EnablePMTUDiscovery" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"ForwardBufferMemory" = "0x00019df7"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\"MaxConnectionsPer1_0Server" = "50"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\"MaxConnectionsPerServer" = "50"


Remove Files:
C:\a.bat
C:\WINDOWS\system32\[FIVE RANDOM CHARACTERS].exe
   


Latest Spyware Threats
    Comodo Trust Toolbar
    XP Antispyware 2009
    Antivirus 2010
    Freview
    RegistryGreat
    XPAntivirus
    Windows Antivirus 2008
    IE AntiVirus
    SpywareQuake 4
    Antivirus XP
    SecurePCCleaner
    Trojan.FakeAlert
More...



Contact Us | Spyware | Startup List | Removal Tools | Dll | Ocx |Inf |Links
Copyright © PcRepairCentral, 2005.