Today we came across another Trojan.Agent according to Malwarebytes Anti-Malware.
Filename: kb00045929.exe
The filename and entry were located in the following of a Windows 7 computer.
Hard drive: C:\Users\%username%\AppData\Roaming\
Registry: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Please note that although we are posting these by filename, the filename may be merely variants and randomly generated by the actual Virus/Malware. For this reason, when you do detect Virus/Malware on your computer, you should also take a moment to look in the same locations for other oddly named files/folders such as those named with only a few numbers or mixed numbers/characters.
While you are viewing the C:\Users\%username%\AppData\Roaming\ you should also check:
· C:\Users\%username%\AppData\Local\
· C:\Users\%username%\AppData\Local\Temp (delete items you can in here)
· C:\Users\%username%\AppData\Roaming\LocalLow
** %username% ** replace with the actual username(s) folders within the C:\Users directory on the specific computer you are working on, as this will change with each computer by user.
To do the above, you must first enable the option to view hidden files, if not already enabled. Click here to see how to do that.
Here are the similar folders to check in Windows XP.
· C:\Documents and Settings\%username%\Application Data
· C:\Documents and Settings\%username%\Local Settings
· C:\Documents and Settings\%username%\Local Settings\Temp (delete items you can in here)
Filename: kb00045929.exe
The filename and entry were located in the following of a Windows 7 computer.
Hard drive: C:\Users\%username%\AppData\Roaming\
Registry: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Please note that although we are posting these by filename, the filename may be merely variants and randomly generated by the actual Virus/Malware. For this reason, when you do detect Virus/Malware on your computer, you should also take a moment to look in the same locations for other oddly named files/folders such as those named with only a few numbers or mixed numbers/characters.
While you are viewing the C:\Users\%username%\AppData\Roaming\ you should also check:
· C:\Users\%username%\AppData\Local\
· C:\Users\%username%\AppData\Local\Temp (delete items you can in here)
· C:\Users\%username%\AppData\Roaming\LocalLow
** %username% ** replace with the actual username(s) folders within the C:\Users directory on the specific computer you are working on, as this will change with each computer by user.
To do the above, you must first enable the option to view hidden files, if not already enabled. Click here to see how to do that.
Here are the similar folders to check in Windows XP.
· C:\Documents and Settings\%username%\Application Data
· C:\Documents and Settings\%username%\Local Settings
· C:\Documents and Settings\%username%\Local Settings\Temp (delete items you can in here)
No comments:
Post a Comment