soft.exe - Dangerous
%sysdir%\soft.exe
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
Disables Widnows security settings.
Download additional adware components.
Adds "run" = "%System%\soft.exe" to Windows startup registry keys.
Adds the value:
"Web Service" = "%System%\[random file name].exe"
to Active Setup registry keys.
Adds the value:
"DisableSR" = "0x00000001"
to the registry subkeys:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
SystemRestore
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
SystemRestore
to disable System Restore.
Adds the value:
"EnableFirewall" = "0x00000001"
to the registry subkeys:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\WindowsFirewall\
DomainProfile
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\
DomainProfile
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\WindowsFirewall\
StandardProfile
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\
StandardProfile
to disable Windows security features.
"NoAutoUpdate" = "0x00000001"
"AUOptions" = "0x00000001"
to the registry subkeys:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\
WindowsUpdate\AU
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\
WindowsUpdate\AU
to disable Windows Auto Update.
Adds the values:
"FirewallDisableNotify" = "0x00000001"
"UpdatesDisableNotify" = "0x00000001"
"AntiVirusDisableNotify" = "0x00000001"
to the registry subkeys:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
to disable notification of disabled firewall.
Creates the following files:
* %Windir%\explorer.new
* %Windir%\wininit.ini
Infects Explorer.exe at next reboot.
Download adware and dialer programs
Removal:
Restore explorer.exe using System File Checker in the Safe mode.
Remove Trojan from Windows startup.