PWSteal.Delf.463
| Aliases: | BHO.202 |
| Date added: | 2007-10-14 |
Details
About 258kb
C:\WINDOWS\Media\CertMgr.dll
TrojanHunter completely eliminates this threat.
Removal
Remove the following in the registry, and delete CertMgr.dll
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C666CF63-767F-4831-94AC-E683D962C63C}
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C777CF73-124F-3562-44AC-E685D962C63C}
- HKEY_CLASSES_ROOT\CLSID\{C777CF73-124F-3562-44AC-E685D962C63C}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C777CF73-124F-3562-44AC-E685D962C63C}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\OleExport = {C777CF73-124F-3562-44AC-E685D962C63C}
Files similar to these would also exist. After any malware infection, clear the temp folders and browser caches as a rule.
- C:\Documents and Settings\Administrator\Local Settings\Temp\FFSAR12FG.tmp
- C:\Documents and Settings\Administrator\Local Settings\Temp\MKJ42FG.tmp
- C:\Documents and Settings\Administrator\Local Settings\Temp\temp.bat
