[clamav-win32] Marica/Kukuriba -- Win Malware?

william bezerra williambez at yahoo.com.br
Sat Nov 19 19:39:44 CET 2011





________________________________
 Sorry for the delay, my friend.
EXE is MARICA Backdoor virus type.

Performance data: the script uses Anti-TricksDissasembly monitoring system to avoid antivirus.
Copy files to disk, is run from Temporary folders, injected or attached.
MARICA.EXE remove instruction

1. Temporarily Disable System Restore, Reboot computer in Safe Mode.

2. Locate the virus files and uninstall program filesMARICA.EXE MARICA.EXE. Follow the onscreen instructions step by step on screen to finish uninstalling the MARICA.EXE.

3. Restart the computer in Safe Mode. Clean /delete all files MARICA.EXEinfected (s):MARICA.EXE and related, or rename files for viruses MARICA.EXE, if the file refused to bedeleted, use the tool revouninstaller

4. Delete / Modify any values ​​added to the registryrelated MARICA.EXE, Exit registry editor and restart the computer

5. delete all your IE temp files with MARICA.EXEmanually, run a whole scan with antivirus program;

MARICA.EXE File type: PE135334

1069tcppcbvw.exe
1068tcppcbvw.exe
1067tcppcbvw.exe
1066tcppcbvw.exe
1055udppcbvw.exe
1052tcpurwqyi.exe
KAKAKO5.EXE
ZIRONET.EXE
YOR90ZU7.EXE
XXZQZN.EXE
WSORAC.EXE
WNP7QXT6.EXE
PROTO.EXE
WEB2NET.EXE
TYZQZJ.EXE
TIMELISS.EXE
THUR.EXE
SERVERLOLTEST1.EXE
QQHH06EYB.EXE
IOYAGIHGT.EXE
MD_98.DLL
LINEAD.EXE
ZUR.EXE
IHNO.EXE
GT1TRN0YD.EXE
G3XP7550.EXE
WEATHERPLUGIN.DLL
EY8XXLPJ.EXE
EX-TRACK.EXE
CRYPTESERVER.EXE
CHECKSOM.EXE
BCONCC.EXE
AUTHOT.EXE
WINDRLTR.EXE
TUM1.EXE
HEAP.EXE
POSTER10.EXE
PAYPAL MULTIHACK.EXE
CHOOSENAME.EXE
SFX7.DLL

By : william .bezerra
Cientista da computação


More information about the clamav-win32 mailing list