When lauder.c infects the files...the infection is "buggy" and the infected files can't run. They are "running" but they can't do their job. They just run the cpu @ 100% and freeze up the system. Each reboot runs wservice again and infects more files.
Of course any copies in dllcache, i386 folder are infected too. So trying to replace ones in system32 from dllcache not possible.
Pretty much all exes and scr files infected.
Files to delete:
C:\Documents and Settings\Suresh Senathirajah\mpajee4.exe
C:\WINDOWS\SYSTEM32\ApI4Lj7.exe
C:\WINDOWS\SYSTEM32\wservice.exe
C:\Documents and Settings\Suresh Senathirajah\x7e42bK.exe
C:\WINDOWS\SYSTEM32\cANncA3.exe
C:\Documents and Settings\Suresh Senathirajah\j4UAtiv.exe
C:\Documents and Settings\Suresh Senathirajah\xE5Rd5V.exe
C:\Documents and Settings\Suresh Senathirajah\wVBaF1V.exe
C:\Documents and Settings\Suresh Senathirajah\p821SnA.exe
C:\WINDOWS\SYSTEM32\l10Ji50.exe
C:\WINDOWS\SYSTEM32\enTe075.exe
C:\WINDOWS\SYSTEM32\x0Ebuh7.exe
C:\WINDOWS\SYSTEM32\tuo2jxP.exe
C:\WINDOWS\SYSTEM32\s0p3bJ2.exe
C:\Documents and Settings\Suresh Senathirajah\o2fT.exe
C:\WINDOWS\SYSTEM32\mI63sFj.exe
C:\WINDOWS\SYSTEM32\pk@4e68.exe
C:\Documents and Settings\Suresh Senathirajah\wlxM8g5.exe
C:\Documents and Settings\Suresh Senathirajah\MJ2ux0a.exe
C:\Documents and Settings\Suresh Senathirajah\FNKGgr8.exe
C:\Documents and Settings\Suresh Senathirajah\DOFo356.exe
C:\Documents and Settings\Suresh Senathirajah\dHQ5ud3.exe
C:\Documents and Settings\Suresh Senathirajah\AO6657j.exe
C:\Documents and Settings\Suresh Senathirajah\v460Pb6.exe
C:\WINDOWS\SYSTEM32\RfK3666.exe
C:\Documents and Settings\Suresh Senathirajah\eI07684.exe
C:\Documents and Settings\Suresh Senathirajah\kCehMIy.exe
C:\WINDOWS\SYSTEM32\WtPSfW4.exe
C:\Documents and Settings\Suresh Senathirajah\X1c4JV0.exe
C:\Documents and Settings\Suresh Senathirajah\u5X06rm.exe
C:\Documents and Settings\Suresh Senathirajah\r6Tix88.exe
C:\Documents and Settings\Suresh Senathirajah\aUDevp7.exe
C:\Documents and Settings\Suresh Senathirajah\bR2tPrp.exe
C:\WINDOWS\SYSTEM32\OtPt3F0.exe
C:\WINDOWS\SYSTEM32\DvppDbw.exe
C:\Documents and Settings\Suresh Senathirajah\nKuH8a2.exe
C:\WINDOWS\SYSTEM32\qSki12i.exe
C:\WINDOWS\SYSTEM32\tmp.reg
C:\WINDOWS\SYSTEM32\nAk41wF.exe
C:\WINDOWS\SYSTEM32\Jif567n.exe
C:\WINDOWS\SYSTEM32\u2EEBii.exe
C:\WINDOWS\soso333.exe
C:\Documents and Settings\Suresh Senathirajah\KAUm4f7.exe
C:\WINDOWS\SYSTEM32\win_3.exe
C:\Documents and Settings\Suresh Senathirajah\oodfoDe.exe
C:\Documents and Settings\Suresh Senathirajah\u4tMtvp.exe
C:\Documents and Settings\Suresh Senathirajah\RkFoEF6.exe
C:\Documents and Settings\Suresh Senathirajah\mbgEr52.exe
C:\Documents and Settings\Suresh Senathirajah\HgE8Wa8.exe
C:\Documents and Settings\Suresh Senathirajah\fD5QPru.exe
C:\WINDOWS\SYSTEM32\jN3JR3C.exe
C:\WINDOWS\SYSTEM32\win_4el.exe
C:\Documents and Settings\Suresh Senathirajah\rl7a6G7.exe
C:\WINDOWS\SYSTEM32\xuw122U.exe
C:\WINDOWS\SYSTEM32\suchost.exe
C:\WINDOWS\SYSTEM32\pneuxdn.dll
C:\WINDOWS\SYSTEM32\qizmquf.dll
C:\WINDOWS\SYSTEM32\aspi6611.exe
C:\WINDOWS\SYSTEM32\adirss.exe
C:\WINDOWS\SYSTEM32\se.exe.exe
C:\WINDOWS\SYSTEM32\emO81d5.exe
C:\WINDOWS\SYSTEM32\w.exe.exe
C:\WINDOWS\SYSTEM32\tmp_tg.exe
C:\tmmjcov.exe
C:\knrw.exe
C:\usddru.exe
C:\gseudw.exe
C:\hdeybmen.exe
C:\oxta.exe
C:\jtwcyl.exe
C:\bleobw.exe
C:\WINDOWS\SYSTEM32\ipv6monl.dll
C:\WINDOWS\SYSTEM32\syst7s8.exe
C:\explorer1.exe
C:\WINDOWS\\System32\taskdir.exe
Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs
Return to Infected? Virus, malware, adware, ransomware, oh my!
Users browsing this forum: No registered users and 245 guests
Contact us:
Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.
Member site: UNITE Against Malware