ph.com Trojan.Downloader-Gen/Kavo

ph.com Trojan.Downloader-Gen/Kavo

[kamsoft] C: \ WINDOWS \ SYSTEM32 \ CKVO.EXE
C:\WINDOWS\SYSTEM32\CKVO.EXE C: \ WINDOWS \ SYSTEM32 \ CKVO.EXE

Oluşturur c: \ windows \ system32 \ drivers \ klif.sys
c:\windows\system32\drivers\klif.sys Siler c: \ windows \ system32 \ drivers \ klif.sys
c:\windows\system32\ckvo.exe Siler c: \ windows \ system32 \ ckvo.exe
c:\windows\system32\ckvo0.dll Siler c: \ windows \ system32 \ ckvo0.dll
c:\windows\system32\ckvo0.dll Oluşturur c: \ windows \ system32 \ ckvo0.dll
c:\ph.com Siler c: \ ph.com
c:\windows\system32\ckvo.exe to c:\ph.co
c: \ windows \ system32 \ c ckvo.exe: \ ph.com
c:\autorun.in Siler c: \ autorun.in
c:\autorun.in
C: \ autorun.in
d:\ph.co
d: \ ph.co
c:\windows\system32\ckvo.exe
d:\ph.co
c: \ windows \ system32 \
D ckvo.exe: \ ph.co
d:\autorun.in
d: \ autorun.in
d:\autorun.in
D : \ autorun.inf
c:\docume~1\user\locals~1\temp\help1.rar
C: \ DOCUME ~ 1 \ kullanıcı \ LOCALS ~ 1 \ Temp \ help1.rar

c:\docume~1\user\locals~1\temp\help1.rar
C: \ DOCUME ~ 1 \ kullanıcı \ LOCALS ~ 1 \ Temp \ help1.rar
c:\docume~1\user\locals~1\temp\help.exe
C: \ DOCUME ~ 1 \ kullanıcı \ LOCALS ~ 1 \ Temp \ help.exe
Creates c:\docume~1\user\locals~1\temp\help.exe
 C: \ DOCUME ~ 1 \ kullanıcı \ LOCALS ~ 1 \ Temp \ help.exe
c:\docume~1\user\locals~1\temp\help.exe to c:\windows\system32\ckvo.exe
c: \ DOCUME ~ 1 \ kullanıcı \ LOCALS ~ 1 \ Temp \ c: \ windows \ system32 help.exe \ ckvo.exe
c:\windows\system32\ckvo1.dll Siler c: \ windows \ system32 \ ckvo1.dll
c:\windows\system32\ckvo1.dll Oluşturur c: \ windows \ system32 \ ckvo1.dll
kamsoft.exe kavo.exe amvo.exe ckvo.exe
çözümü

hijackthis  ve combofix

önce hijackthis daha sonra combofix programını çalıştırın..