February 17, 2008

Remove these values from System Registry




HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\camp.exe\"Debugger" = "C:\WINDOWS\Resources\2.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\eksplorasi.exe\"Debugger" = "C:\WINDOWS\Resources\2.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intel.exe\"Debugger" = "C:\WINDOWS\Resources\2.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\"Debugger" = "C:\WINDOWS\Resources\2.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmsgs.exe\"Debugger" = "C:\WINDOWS\Resources\2.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nemesis.exe\"Debugger" = "C:\WINDOWS\Resources\2.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\new folder.exe\"Debugger" = "C:\WINDOWS\Resources\2.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntde1ect.com\"Debugger" = "C:\WINDOWS\Resources\2.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\open.exe\"Debugger" = "C:\WINDOWS\Resources\2.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe\"Debugger" = "C:\WINDOWS\Resources\2.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe\"Debugger" = "C:\WINDOWS\Resources\2.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prtwebvw.exe\"Debugger" = "C:\WINDOWS\Resources\2.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\"Debugger" = "C:\WINDOWS\Resources\2.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scvvhsot.exe\"Debugger" = "C:\WINDOWS\Resources\2.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sempalong.exe\"Debugger" = "C:\WINDOWS\Resources\2.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\"Debugger" = "C:\WINDOWS\Resources\2.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vass.exe\"Debugger" = "C:\WINDOWS\Resources\2.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Shares\"C" = "'CSCFlags=0 MaxUses=4294967295 Path=C:\ Permissions=0 Remark=Hackers for Raila Type=0&#'"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Shares\"D" = "'CSCFlags=0 MaxUses=4294967295 Path=D:\ Permissions=0 Remark=Hackers for Raila Type=0&#'"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\"139:TCP" = "139:TCP::Enabled:@xpsp2res.dll,-22004"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\"445:TCP" = "445:TCP::Enabled:@xpsp2res.dll,-22005"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\"137:UDP" = "137:UDP::Enabled:@xpsp2res.dll,-22001"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\"138:UDP" = "138:UDP::Enabled:@xpsp2res.dll,-22002"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\"139:TCP" = "139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\"445:TCP" = "445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\"137:UDP" = "137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\"138:UDP" = "138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"

No comments: