http://net-studio.org >> Patch>
    logininscription
 

Noooh Fix (Sys.exe, ComSys.dll)

   
Google
 
  Patchs for virus
  Tutorials
  Tips
  Forum
  Windows Optimum
USB FireWall
Boost Google Search

 

 
Information

Amendment to the parameters of the system which could impact negatively on the functioning of the system.
Amendment parameters in the Registry preventing you:

  • Using standard tools for editing registry
  • To restore the system
  • Use the Task Manager
  • Use cmd.exe

The virus displays the following information : Please Try to open - TaskManager - now

Alias :

  • Trojan.VB.DRRX [PCTools]
  • Trojan.BAT.Killfiles.OZ [PCTools]
  • Virus.Win32.AutoRun.cb [Kaspersky Lab]
  • W32.SillyFDC [Symantec]
  • W32/Hooon.worm [McAfee]
  • TROJ_AGENT.SCD [Trend Micro]
File
  • <Windows>\Web\Sys.exe
  • <System>\ComSys.dll
  • <System>\KillAll.bat
  • <All Root Partition>:\autorun.inf
  • <All Root Partition>:\Sys.exe

 
Registry

Keys Created:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System

Values created:

  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    NoooH = <Windows>\Web\Sys.exe
    Ce qui entraine le lancement de ce programme à chaque démarrage de Windows
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
    DisableSR = 0x00000001
    Désactive la restauration système

  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    DisableTaskMgr = 0x00000001
    DisableRegistryTools = 0x00000002
    Désactive le gestionnaire des tâches et les outils d'édition de la base de registre

  • [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System]
    DisableCMD = 0x00000001
    Désactive cmd.exe

 
ATTENTION
This virus runs automatically each time you open or explore a partition, it is preferable to download the patch and unpack it on the desktop, reboot your machine in Safe Mode and run the patch, always in safe mode.
 
 
  Link  
 

Télécharger

  
 

Latest fixs:

  • cftmonn.exe (ksven, Autorun.dhl)
  • sbsm.exe, softhomepage.com (sbsm.dll,sbmdl.dll)
  • Virtual Made (Virtual Maid.dll, http://www.searchmaid.com)
  • VirusHeat (VirusHeat 4.3.exe, VirusHeat.exe)
  • MonaRonaDona (srvspool.exe, registrycleaner2008.exe)
  • Noooh (Sys.exe, ComSys.dll)
  • NetSky (FVProtect.exe,FirewallSvr.exe,netstats.exe) and all its variants
  • Tavo.exe (tavo0.dll, tavo1.dll) and all its variants
  • Patty.exe (S0UNDMANS.EXE,1sasrv.dll,adsldps.dll,twain.dll,realsched.exe)
  • Kxvo.exe and all its variants
  • Kavo.exe and all its variants
  • VirtuMonde (VirtuMondo, Vundo, TROJ_VUNDO, TROJ_MEREDROP,DL.Small.ADIB)
  • Sohanad fix (SCVVHSOT.exe, svchost.exe) (W32.Imaut.A, TROJ_AUTORUN.AH, Worm.Sohanad)
  • SdBot fix (ctfmonn.exe) (Backdoor.SdBot, Sdbot.worm.gen.a)
  • Amvo.exe (3o.exe, y82td3td.com, i.cmd, fppg1.exe, ekugb3.bat...) and its variants other than already proposed here
Top  
 
 
COPYRIGHT (C) 2008 NET STUDIO, ALL RIGHT RESERVED