|
|
Detect and remove hidden rootkits using
UnHackMe
RegRun Security Suite = 24 system utilities for protecting your computer. Try now! |
 386.exe - Dangerous
Attempts to steal license keys for various games. Allows unauthorized remote access to an infected computer. Attempts to remove the following shares on the local drive: c$; d$; IPC$; admin$ Attempts to connect to the IRC server metal.electrogiant.com on TCP port 5599. Joins a predefined channel, using a random username, and waits for commands from the IRC server. These commands can allow the attacker to: - Managing installation of back door. - Transmitting the back door to designated IRC channels. - Downloading and executing arbitrary files. - Performing DoS attacks against attacker specified targets. - Send out private information. - Terminating arbitrary processes. - Visiting websites. - Start socks proxy service. - Copying itself to shared folders on other machines. - Steal license keys for different games Manual removal: Navigate to each of these keys: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run From each key that is found, delete the value: "Win32 USB2.0 Driver" = "386.exe" Removal: 386.exe is removed by RegRun.
Read more... Removal instructions...
Recommended software: RegRun Security Suite - removal and protection. http://www.regrun.com RegRun Reanimator - free removal tool. greatis.com/reanimator
What is hidden in MSDN? Why software developers prefer Win32.FreeTechSecrets.com? All Unix Manuals in Alphabetical Order C# controls for .NET in 3 simple steps. Constantly updated. Last update: May 12 2008
Interesting information about Vista programs... Need consultation? Would you like to add your opinion?
|
|
