SoftwareTipsandTricks.com
Home Forums Windows 7 Security Tips
Forums

Windows 7
Windows Vista
Windows XP

Security Tips
Troubleshooting
Keyboard Shortcuts
Encyclopedia


Drivers

Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Articles
Hot Downloads


Privacy Policy
Contact Us







  DirectX.exe

Name DirectX.exe

Description

Added as a result of the BLAXE VIRUS!

W32.HLLW.Blaxe is a worm that attempts to copy itself through the Grokster, KaZaA, and iMesh file-sharing networks.
This virus is written in the Microsoft Visual Basic programming language and is compressed with UPX.

When W32.HLLW.Blaxe runs, it does the following:

1. Copies itself as:
%Windir%\WinBat.exe
%Windir%\DirectX.exe
%Temp%\Messenger Plus! - Setup.exe
C:\Windll32.dll

%Windir% = C:\Windows or C:\Winnt
%Temp% = C:\Windows\Temp

2. Adds the value:
"DirectX"="%Windir%\DirectX.exe" to the registry keys:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

3. Searches for the Winzip.exe and, if found, and then copies itself to the same location as WZExtract.exe.

4. Sets the value:
"[Default]"=""
in the registry key:
HKEY_LOCAL_MACHINE\Software\CLASSES\WinZip\shell\open\command

5. Creates a hidden folder, %Windir%\Kernell, and then copies itself into this folder using random names from a list.
There is some examples:
Adobe Photoshop crack.exe
Adult(hardcore sex movie xxx)movie.exe
Age of Empires 2 crack.exe
anastasia anal.jpg.exe
AOL password stealer.exe
Christina Aguilera movie.exe
Crack XBOX live.exe
Fifa 2004 crack.exe
Hotmail account hacker in 30 minutes.exe
Lord of the rings VCD.exe
MSN banner remover.exe
Windows XP Home to Professional Upgrade.exe
ZoneAlarm Firewall Pro.exe

6. Adds the values:
"dir0"="012345:%Windir%\kernell"
"dir1"="012345:%Windir%\kernell"
"dir2"="012345:%Windir%\kernell"
to the registry keys:
HKEY_CURRENT_USER\Software\Grokster\LocalContent
HKEY_CURRENT_USER\Software\iMesh\Client\LocalContent
HKEY_CURRENT_USER\Software\KaZaA\LocalContent

7. Searches for the .exe files on the A drive. If a floppy disk is loaded in the A drive, the worm may copy itself as A:\*.exe.exe.

8. Creates the file, C:\FTP.bat, and uses this batch file to connect to a predefined FTP server, and then download the file, Update.exe, to the root folder.
(Antivirus products detect the downloaded Update.exe as W32.Spybot.Worm.)

Removal instruction:
1. Disable System Restore (Windows Me/XP).
2. Run a full system scan with your antiviral program and delete all the files detected as W32.HLLW.Blaxe.
3. Delete the values that were added to the registry.

Navigate to the key:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
and delete the value:
"DirectX"="%Windir%\DirectX.exe"

Then navigate to the key:
HKEY_LOCAL_MACHINE\Software\CLASSES\WinZip\shell\open\command
and modify the value to refer to the location of the Winzip32.exe file. (This is usually C:\Program Files\Winzip\Winzip32.exe.)

Navigate to each of the following keys:
HKEY_CURRENT_USER\Software\Grokster\LocalContent
HKEY_CURRENT_USER\Software\iMesh\Client\LocalContent
HKEY_CURRENT_USER\Software\KaZaA\LocalContent
and delete the values:
"dir0"="012345:%Windir%\kernell"
"dir1"="012345:%Windir%\kernell"
"dir2"="012345:%Windir%\kernell"


Still have a problem? Ask for help at our discussion forum.



Search Dangerous Files :
 

: : Recent posts at Forums : :

wfqsvfuxzm

Инкомторг-меж

rwjorpomvt

Mod Protrude

bpdmlsrhuj

rrerphrvga

Super!!!

pnllsonfzn

Новости

Новости

rtzfrxqzrt

lmlodoomiz

werittzhfi

ucdbezvium

zizwtynjvk

kohgfairep

bzzulvzeaa

afvrteeian

edjpfuskze

wlaanvugjt

cgglyxsluu

uudktgxxmf

tioohhsknq

Super!!!

zpqflwgnoj

ksicrbdvgq

zqxexhangu

Charmdate Scam

rgtlanhmsl

zgaagkauuy




SoftwareTipsandTricks, All Rights Reserved.