Ok guy's I just came on recently and noticed people talking about the hack Se4n hacks released, Well I looked at the Virus scan and noticed 2 thing's that caught my eye immediatly, For those who are german, Spike from ******(VIP Support) said to look at this.
HijackThis - bebilderte Anleitung
1)Backdoor.Win32.IRCBot:is a backdoor computer worm , Once installed on a PC, the worm copies itself into a Windows system folder, creates a new file displayed as "Windows Genuine Advantage Validation Notification" and becomes part of the computer's automatic startup.[2] It provides a backdoor server and allows a remote intruder to gain access and control over the computer via an Internet Relay Chat channel.[1] This allows for confidential information to be transmitted to a hacker.[3]
2)This worm drops copies of itself.
It creates a registry entry to enable its automatic execution at every system startup.
It disables the DCOM protocol and restricts anonymous access to the affected system.
It propagates via network shares by dropping copies of itself in a certain network shared folder.
It steals information by presenting a fake login page. It does its information theft routine by monitoring the Internet Explorer title bar.
There the same thing but under different aliases,here are some thing's I suggest using to try and remove it.
1)Scan with your current Anti-Virus do a Full System Scan, Note the path and file name of all files detected as WORM_SDBOT.GAV.
2)This procedure terminates the running malware process.
* You will need the name(s) of the file(s) detected earlier.
* In the list of running programs*, locate the malware file(s) detected earlier.
* Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your computer.
* Do the same for all detected malware files in the list of running processes.
* To check if the malware process has been terminated, close Task Manager, and then open it again.
* Close Task Manager.
Removing Autostart Entries from the Registry
This solution deletes the registry entry added by this malware. Before performing the steps below, make sure you know how to back up the registry and how to restore it if a problem occurs. Refer to this Microsoft article for more information about modifying your computer's registry.
* Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
* HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>
Windows>CurrentVersion>Run
* In the right panel, locate and delete the entry or entries whose data value is the malware path and file name of the file(s) detected earlier.
* In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>
Services
* Still in the left panel, locate and delete the following key:
Removendo Tudo...
Restoring EnableDCOM and RestrictAnonymous Registry Entries
This malware modifies EnableDCOM and RestrictAnonymous registry entries to a certain value. To restore these entries to their original values, perform the steps below:
To restore this entry to its default value, please perform the following instructions:
* Still in the Registry Editor, in the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Ole
* In the right panel, locate the entry:
EnableDCOM = "N"
* Right-click on the value name and choose Modify. Change the value data of this entry to:
Y
* In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>System>CurrentControlSet>
Control>Lsa
* In the right panel, locate the entry:
Restrictanonymous = "1"
* Right-click on the value name and choose Modify. Change the value data of this entry according to your preference. Note that this entry does not exist in the registry by default. Refer to the following Microsoft articles as guides in editing the RestrictAnonymous registry:
* RestrictAnonymous Registry
* Restricting information available to anonymous logon users
* Close Registry Editor.
Deleting the Malware File(s)
* Right-click Start then click Search... or Find..., depending on the version of Windows you are running.
* In the Named input box, type:
%System%\MEGATROM.ini
(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.)
* In the Look In drop-down list, select My Computer, then press Enter.
* Once located, select the file then press SHIFT+DELETE.
* Repeat steps 2 to 4 to delete the following file:
* %Windows%\ponto.dll
* %System%\PLUG.SYS
* %Windows%\Gbuster
(Note: %Windows% is the Windows folder, which is usually C:\Windows or C:\WINNT.)
Important Windows Cleaning Instructions
Users running Windows ME and XP must disable System Restore to allow full scanning of infected computers.
Users running other Windows versions can proceed with the succeeding solution set(s).
Scan computer again with you'r current Anti-Virus and use malwarebytes
You can get malwarebytes here:
Malwarebytes.org