Mal/EncPk-ZM Trojan Virus Infection Removal

ThreatDetector — Wed, 01 Feb 2012 01:45:55 +0000

Mal/EncPk-ZM Trojan Virus Infection Removal

The Mal/EncPk-ZM trojan virus is a dangerous trojan virus infection affecting computer users worldwide. It also goes by the name Mal/EncPk-ZM and packed with: UPX. This trojan was discovered on January 31st, 2012, by various trojan detection and prevention sources including Antivirus Help Center.

The Mal/EncPk-ZM trojan is extremely similar to other trojans in its method of operation. It can perform file system changes, memory modifications, registry value changes, and registry key changes. These types of trojan infections cause serious harm to your computer operating system as well as all files saved in your computer.

Trojans are also very popular for computer hackers due to their ability to install key loggers and other programs used for identity theft. A trojan can log the password to your online bank account and then forward it back to the trojan creator. The Mal/EncPk-ZM trojan virus may be capable of performing these malicious actions.

If you have been infected with Mal/EncPk-ZM, or any other trojan virus, it is highly recommended that you scan your computer and remove any infections that are found immediately.

Our recommended virus removal program is called PC Tools Internet Security 2011. We have tested many different virus removal programs and after our testing we put our full 100% confidence with PC Tools for all trojan virus infections on your computer. PC Tools Internet Security 2011 will get rid of the virus on your computer!

Start Virus Removal Download

Did the download not start? Proceed to Step 2.

If you have tried to download the installation file and it will not start to download, keep clicking on the download link. Click on it at least 10 times until the download begins. If you continuously click and try to download the virus removal program, it will over-ride the infections attempt at stopping you.

Start Virus Removal Download

Still having trouble? Proceed to Step 3.

If you have tried both steps and it still hasn’t worked, please visit our Advanced Removal Page for advanced instructions and troubleshooting by clicking the button below.

Start Virus Removal Download

Modified System Files

Trojan-PSW.Win32.Delf.ago Trojan Virus Infection Removal

ThreatDetector — Wed, 01 Feb 2012 01:45:35 +0000

Trojan-PSW.Win32.Delf.ago Trojan Virus Infection Removal

The Trojan-PSW.Win32.Delf.ago trojan virus is a dangerous trojan virus infection affecting computer users worldwide. It also goes by the name Trojan-PSW.Win32.Delf.ago, Trojan-Dropper.Delf and packed with: UPX. This trojan was discovered on January 31st, 2012, by various trojan detection and prevention sources including Antivirus Help Center.

The Trojan-PSW.Win32.Delf.ago trojan is extremely similar to other trojans in its method of operation. It can perform file system changes, memory modifications, registry value changes, and registry key changes. These types of trojan infections cause serious harm to your computer operating system as well as all files saved in your computer.

Trojans are also very popular for computer hackers due to their ability to install key loggers and other programs used for identity theft. A trojan can log the password to your online bank account and then forward it back to the trojan creator. The Trojan-PSW.Win32.Delf.ago trojan virus may be capable of performing these malicious actions.

If you have been infected with Trojan-PSW.Win32.Delf.ago, or any other trojan virus, it is highly recommended that you scan your computer and remove any infections that are found immediately.

Modified System Files

Filename(s): %System%\1.bat
File Size: 181 bytes
MD5: 0x4AC06B732AAEFCEC330074DCFBBFD53C
SHA-1: 0xD5BC5A9DEAC9C16CCC3FE72C876DF04088963F61
Alias: (not available)

Filename(s): %System%\1.exe
File Size: 64,766 bytes
MD5: 0xC4CD1581C22F2B703FDB4EE63B7E0D0B
SHA-1: 0x245F4D39D5D5CAD38418BCE3D572BA2A3C935792
Alias: packed with UPX

Filename(s): %System%\1.reg
File Size: 521 bytes
MD5: 0x00BD65F0B0AC709DC6DEA88CC5C2CF61
SHA-1: 0x94A2B69F9687EE8CE89644843D096F6D73C562AD
Alias: (not available)

Filename(s): %System%\2.reg
File Size: 74,846 bytes
MD5: 0x3D25D7E3C6532F6E87D767EA5B4F25E7
SHA-1: 0x0B360983DB29D9FBDAD1FC107B5B831B61A994B0
Alias: (not available)

Filename(s): %System%\3.bat
File Size: 536 bytes
MD5: 0x62A0634111DC3C51379E245FE8F7A3D0
SHA-1: 0xCF11AB8182E02A1C90D911C6569808DDD089FC69
Alias: (not available)

Filename(s): %System%\35.exe
File Size: 172,933 bytes
MD5: 0x8FD63C3ABB097388861AC7B958C24559
SHA-1: 0xB8CBB50D295EA7E6D81928E3AFC4901A5E69418E
Alias: (not available)

Filename(s): %System%\430ee.kol
File Size: 1 bytes
MD5: 0xCFCD208495D565EF66E7DFF9F98764DA
SHA-1: 0xB6589FC6AB0DC82CF12099D1C2D40AB994E8410C
Alias: (not available)

Filename(s): %System%\djel.dll
File Size: 44,544 bytes
MD5: 0x8F737A8BD5E415D94A880980C81923E4
SHA-1: 0x193D5CFF234F6F14A436D1A13895BC725B2AA1D3
Alias: Infostealer Trojan-PSW.Win32.Delf.ago Generic PWS.y Mal/Generic-L Trojan-Dropper.Delf Win-Trojan/Xema.variant packed with PE_Patch.PECompact

Filename(s): %System%\drivers\saibsg.rxr
File Size: 5,632 bytes
MD5: 0x5D443DC76B4FAA65532D233661719F30
SHA-1: 0xD1B70CB41318A845926FF256F22A4F6715B80740
Alias: Hacktool.Rootkit Trojan-Dropper.Win32.Mudrop.kt BackDoor-CKB.sys Troj/Rootkit-FF VirTool:WinNT/Rootkitdrv.KY Trojan-Dropper.Win32.Mudrop Win-Trojan/PcClient.5632.M

Filename(s): %System%\mima.exe
File Size: 324,412 bytes
MD5: 0xE58752963473CBC07FB7A9BB970D3222
SHA-1: 0xFC209E48B60CB757D7A6B2D90E53221999431FC6
Alias: Trojan-GameThief.Win32.Magania.cypr, Trojan-PSW.Win32.Delf.ago Trojan-Dropper.Delf

Filename(s): %System%\netstat.com
File Size: 176,128 bytes
MD5: 0xFE97E177C733AC3F153004E566A75FBA
SHA-1: 0xE6872CC0CC7E7C07522381609A437E6F4718B4EA
Alias: (not available)

Filename(s): %System%\on.bat
File Size: 250 bytes
MD5: 0x23353D2E88197C9905B1DC0E87AE470E
SHA-1: 0x061A272A71A77E0546D8ED7505F1B2B63EEA4A66
Alias: (not available)

Filename(s): %System%\on.reg
File Size: 245 bytes
MD5: 0x253928690B9E144A0B022CE31F512D5C
SHA-1: 0xA70E590AF3579B752057DF00A10CDF78F4815E3E
Alias: (not available)

Filename(s): %System%\pp.bat
File Size: 519 bytes
MD5: 0x5E4CE5EC11790DD8AE764B94AB50463B
SHA-1: 0x6BA77F59D8201A84AB636EB74F2E9615B33A2BED
Alias: (not available)

Filename(s): %System%\saibsg.hun
File Size: 96,904 bytes
MD5: 0x9E2B80EB2D6F0525BD6280E4057B2ED5
SHA-1: 0x14DBE255E74984F529CFFECED995ED3FD4016B99
Alias: Backdoor.Trojan Backdoor.Win32.PcClient.dnku BackDoor-CKB.dll Mal/PCClient-R Backdoor:Win32/PcClient.BX Backdoor.Win32.PcClient Win-Trojan/PcClient4.Gen

Filename(s):
File Size: 614,856 bytes
MD5: 0x84B1C7D71A077AD454FED978DE560794
SHA-1: 0xF3EB70798AC76F0B482413752D6309BFD151AF52
Alias: Backdoor.Win32.PcClient.elcr, Trojan-PSW.Win32.Delf.ago Trojan-Dropper.Delf packed with UPX

Filename(s): %System%\shift.exe
File Size: 106,932 bytes
MD5: 0xB263488F1E328CBAB09E6A18065BDD3F
SHA-1: 0xC3608A47FFEF29D70BF00A710A1BD4199E89FB2D
Alias: packed with UPX

Filename(s): %System%\stat.exe
File Size: 36,864 bytes
MD5: 0x368314E76FC8C0C05E4BA52A91807C31
SHA-1: 0x1519393638939F583A5EAF9921D1CD9B930A0453
Alias: (not available)

Filename(s): %System%\t.bat
File Size: 71 bytes
MD5: 0xE870E4F863BA7459FB8BFC510C853FD3
SHA-1: 0xAB492853DD7BD6C34E03F150963AEAE3F97FA663
Alias: (not available)

Filename(s): %System%\wminotify.dll
File Size: 253,980 bytes
MD5: 0xB1557DF9593A45881FD84EB3BD50B93B
SHA-1: 0x9758B93DBAF2328F883B21393C7621E052B7FBE1
Alias: Trojan Horse Trojan-GameThief.Win32.Magania.cypr Generic.dx Troj/PWS-BMR VirTool:Win32/HookGina.A Gen.Trojan

Memory Modifications

Process Name: [filename of the sample #1]
Process Filename: [file and pathname of the sample #1]
Main Module Size: 155,648 bytes

Process Name: Module Name
Process Filename: Module Filename
Main Module Size: Address Space Details

Process Name: saibsg.hun
Process Filename: %System%\saibsg.hun
Main Module Size: Process name: explorer.exeProcess filename: %Windir%\explorer.exeAddress space: 0x1E70000 – 0x1E87FB4

Process Name: saibsg.hun
Process Filename: %System%\saibsg.hun
Main Module Size: Process name: msmsgs.exeProcess filename: %ProgramFiles%\messenger\msmsgs.exeAddress space: 0×10000000 – 0x10017FB4

Process Name: saibsg.hun
Process Filename: %System%\saibsg.hun
Main Module Size: Process name: sdnsmain.exeProcess filename: %Windir%\dns\sdnsmain.exeAddress space: 0×1620000 – 0x1637FB4

Process Name: saibsg.hun
Process Filename: %System%\saibsg.hun
Main Module Size: Process name: svchost.exeProcess filename: %System%\svchost.exeAddress space: 0×10000000 – 0x10017FB4

Process Name: Service Name
Process Filename: Display Name
Main Module Size: Status
: Service Filename

Process Name: tapisrvs
Process Filename: Remote Debug Managmer
Main Module Size: “Running”
: %System%\SVCHOST.EXE -k tapisrvs