Hijack This Analyzer

[tangomouse]

i had a problem few days ago with a pc infested with malware ,and by accident i came across this web site http://www.2-spyware.com/ which has a nice little analyzer for hijack this, all u to is run hijack this, do a system scan and save a log ,copy paste this log into the analyzer and bingo! saves sifting through the hijack this log or posting it to a forum .

[Raymond]

Nice addition to http://www.raymond.cc/blog/archives/2008/02/25/5-ways-to-automatically-analyze-hijackthis-log-file/

[Jowin]

Wow nice site for analysis:)

[trinidude]

thumbs up @ tangomouse nice one :)

[tangomouse]

lol cheers :)

[ahashmi06]

Thanks tangomouse. Knew 5 of them, now they are six.

[Jowin]

The analyser didn't tell anything suspicious about this process
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\sembako-ckzjlli.exe

[ahashmi06]

This is what I found about sembako-ckzjlli.exe

Its a W32/Brontok-M worm.
Category: Viruses and Spyware
Type: Worm
Affected operating systems: Windows
Characteristics: Installs itself in the registry
Command: C:\Windows\sembako-cfzjkmg.exe
Startup Type: If you are running Windows 95/98/ME, this startup entry is being started via the Shell= line in the Windows\system.ini file.
If you are running Windows NT/XP/Vista/2000/2003, this startup entry is being started via the Shell= line in the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

Here's how to clean it.
Looks like Sophos is best in removing it but its shareware.

How to Clean brontok virus by Raymond: http://www.raymond.cc/blog/archives/2006/12/08/how-to-clean-brontok-virus/


OR Try scanning with Kaspersky AVP Tool
http://dnl-eu14.kaspersky-labs.com/devbuilds/AVPTool/setup_7.0.0.223_02.07.2008_17-46.exe