Trang 1 trong tổng số 1 trang • Share •
How to remove COLD Folder and auTORUN.inf" on usb drive root
Delete the Raidhost.exe
Browse to C:\Windows\Raidhost.exe - Rename this to Raidhost.old (may be necessary to do this from safe mode. Reboot the computer and you should be done. I would recommend formatting the infected thumb drive before you do the above steps and pull it out before it has time to recreate the cold/Hott folder.
I have developed an antivirus tool to remove this idiot virus program at my lab. Please remove it as soon as possiblel because it steals and send your details to a server located in US and it downloads another trojans from above server. use following link to see more details on that virus and download free removal tool for it
Link : http://it.web44.net/VirusDetails/raidhost.exe_Recover_Report.html
more details from our labs.
raidhost.exe (CRC32 : D8AB4DA6) is a backdoor virus. It supports to create a bot net. raidhost.exe is the parent virus. when it is executed it downloads other viruses from its master servers. In Imago labs we detected the servers are 22.214.171.124 on port 80 and 126.96.36.199 on port 51987. It downloads a malcious file dl.exe from above servers and executes it. Then dl.exe download another malcious file update.exe .
"Raidhost" use autorun.inf to propagate himself. It creates a system folder called cold. Inside cold directory it creates a system folder hott which appears as a recycle bin.then it copies its clone (¥¶¾³¿¸¤£ù²¯².exe and ¥¶¾³¿¸¤£ù²¯² ) into hott directory.
raidhost.exe resides in %system drive% \ Windows. dl.exe and update.exe resides on the root of the system drive.
Imago Labs(Sri Lanka)
Let's share to be shared.
Hãy chia sẻ để được sẻ chia.
PostReply to see hidden links.
- Tổng số bài gửi : 2887
Points : 5567
Reputation : 83
Join date : 12/09/2008
Age : 35
Đến từ : http://diendan.phamduyminh.com
- Tổng số bài gửi : 121
Points : 177
Reputation : 53
Join date : 29/09/2009
Permissions in this forum:Bạn không có quyền trả lời bài viết