SoftwareTipsandTricks.com
Home Forums Windows 7 Security Tips
Forums

Windows 7
Windows Vista
Windows XP

Security Tips
Troubleshooting
Keyboard Shortcuts
Encyclopedia


Drivers

Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Articles
Hot Downloads


Privacy Policy
Contact Us







  DirectX.exe

Name DirectX.exe

Description

Added as a result of the BLAXE VIRUS!

W32.HLLW.Blaxe is a worm that attempts to copy itself through the Grokster, KaZaA, and iMesh file-sharing networks.
This virus is written in the Microsoft Visual Basic programming language and is compressed with UPX.

When W32.HLLW.Blaxe runs, it does the following:

1. Copies itself as:
%Windir%\WinBat.exe
%Windir%\DirectX.exe
%Temp%\Messenger Plus! - Setup.exe
C:\Windll32.dll

%Windir% = C:\Windows or C:\Winnt
%Temp% = C:\Windows\Temp

2. Adds the value:
"DirectX"="%Windir%\DirectX.exe" to the registry keys:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

3. Searches for the Winzip.exe and, if found, and then copies itself to the same location as WZExtract.exe.

4. Sets the value:
"[Default]"=""
in the registry key:
HKEY_LOCAL_MACHINE\Software\CLASSES\WinZip\shell\open\command

5. Creates a hidden folder, %Windir%\Kernell, and then copies itself into this folder using random names from a list.
There is some examples:
Adobe Photoshop crack.exe
Adult(hardcore sex movie xxx)movie.exe
Age of Empires 2 crack.exe
anastasia anal.jpg.exe
AOL password stealer.exe
Christina Aguilera movie.exe
Crack XBOX live.exe
Fifa 2004 crack.exe
Hotmail account hacker in 30 minutes.exe
Lord of the rings VCD.exe
MSN banner remover.exe
Windows XP Home to Professional Upgrade.exe
ZoneAlarm Firewall Pro.exe

6. Adds the values:
"dir0"="012345:%Windir%\kernell"
"dir1"="012345:%Windir%\kernell"
"dir2"="012345:%Windir%\kernell"
to the registry keys:
HKEY_CURRENT_USER\Software\Grokster\LocalContent
HKEY_CURRENT_USER\Software\iMesh\Client\LocalContent
HKEY_CURRENT_USER\Software\KaZaA\LocalContent

7. Searches for the .exe files on the A drive. If a floppy disk is loaded in the A drive, the worm may copy itself as A:\*.exe.exe.

8. Creates the file, C:\FTP.bat, and uses this batch file to connect to a predefined FTP server, and then download the file, Update.exe, to the root folder.
(Antivirus products detect the downloaded Update.exe as W32.Spybot.Worm.)

Removal instruction:
1. Disable System Restore (Windows Me/XP).
2. Run a full system scan with your antiviral program and delete all the files detected as W32.HLLW.Blaxe.
3. Delete the values that were added to the registry.

Navigate to the key:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
and delete the value:
"DirectX"="%Windir%\DirectX.exe"

Then navigate to the key:
HKEY_LOCAL_MACHINE\Software\CLASSES\WinZip\shell\open\command
and modify the value to refer to the location of the Winzip32.exe file. (This is usually C:\Program Files\Winzip\Winzip32.exe.)

Navigate to each of the following keys:
HKEY_CURRENT_USER\Software\Grokster\LocalContent
HKEY_CURRENT_USER\Software\iMesh\Client\LocalContent
HKEY_CURRENT_USER\Software\KaZaA\LocalContent
and delete the values:
"dir0"="012345:%Windir%\kernell"
"dir1"="012345:%Windir%\kernell"
"dir2"="012345:%Windir%\kernell"


Still have a problem? Ask for help at our discussion forum.



Search Dangerous Files :
 

: : Recent posts at Forums : :

smart information on personalized a bankruptcy proceeding you should employ

Experimental Protrude

Huismix 6 2008

Black Fat - Ebony moms boobs# 5603368

Fat Pussy BBW!Black Girls photo!# 7670049

Протестируй н

Cheap NHL Jerseys Online

Fantastic Arcade 2016 Bundle - 2016 (MacAPPS)

Stared unusual contract

Delivered full-grown galleries

Cities in Blue 2of8 New York HDTV x264 720p AC3 MVGroup org mkv

Протестируй н

headline examples for dating websites

детские легин

Wholesale NFL Jerseys China Free Shipping

Cheap Soccer Jerseys Free Shipping

Порно фото. Безмездно смотреть секс порно

Sexual pictures

Unencumbered galleries

от застройщи&

Pictures from collective networks

New site

Free galleries

Callow Job

Public pictures

Stooday

Updated contrive page

Daily updated photo blog with intense men

Reminder

Порно фото галереи, более 500 тысяч фотограф&#




SoftwareTipsandTricks, All Rights Reserved.