orof.exe - Dangerous

orof.exe

Manual removal instructions:

Antivirus Report of orof.exe:
orof.exe Malware
orof.exeDangerous
orof.exeHigh Risk
orof.exe
We suggest you to remove orof.exe from your computer as soon as possible.
Orof.exe is Trojan/Backdoor.
Kill the process orof.exe and remove orof.exe from Windows startup.

Malware dropper:
C:\sand-box\install.exe
Removed:
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\orof.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\services.exe
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MICROSOFT\WINDOWS\WINLOGON.EXE

-------------------------------------------------------------------------------------
Classification:
Code:
Antivirus Version Last Update Result

-------------------------------------------------------------------------------------
Installation
When the program is executed, it creates the following registry subkeys and values:

----------------------------------
Keys deleted:1
----------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew

----------------------------------
Values deleted:0
----------------------------------

----------------------------------
Values added:1
----------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\IAPRO: ""C:\sand-box\install.exe" 0;B;"

----------------------------------
Values modified:0
----------------------------------

----------------------------------
Files added:1
----------------------------------
C:\Program Files\Common Files\InternetAntivirusPro.exe

----------------------------------
Files [attributes?] modified:0
----------------------------------

----------------------------------
Folders added:0
----------------------------------

----------------------------------
Folders deleted:0
----------------------------------

----------------------------------
Total changes:3
----------------------------------

-------------------------------------------------------------------------------------
Internet activity:
Code:
HTTP GET http://in5iv.com/download/InternetAntivi...
HTTP GET http://in5iv.com/download/file.exe
HTTP GET http://in5iv.com/download/file.exe
HTTP HEAD http://ia-pro.com/
HTTP HEAD http://in5sf.com/
HTTP HEAD http://www.ia-pro.com/
HTTP HEAD http://av-payment.com/
HTTP HEAD http://avpayments.com/
HTTP HEAD http://avpayments.com/
HTTP POST http://in5sf.com/reports/install-report....
HTTP HEAD http://avpayments.com/
HTTP HEAD http://xoomer.alice.it/
HTTP HEAD http://xoomer.virgilio.it/
HTTP HEAD http://www.xoom.it/
HTTP HEAD http://xoomer.alice.it/
HTTP HEAD http://windoptimizer.com/
-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:

Item Name: orof
Author: Unknown
Related File: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\orof.exe"
Type: Explorer Run

Item Name: ITGrdEngine
Author:
Related File: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\services.exe
Type: Auto Services

Item Name: winlogon.exe
Author: Unknown
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MICROSOFT\WINDOWS\WINLOGON.EXE
Type: Running Processes

Item Name: services.exe
Author: Unknown
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\SERVICES.EXE
Type: Running Processes

Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------

Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)

Remove orof.exe now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.