Contact Us

Home > General > I.worm/luder.a


Please upload a file larger than 100 x 100 pixels We are experiencing some problems, please try again. Follow all the instructions exactly. Rate webpages on safety or reputation. To learn more and to read the lawsuit, click here.

Win32/Luder.A will compose e-mails with varying properties as mentioned below. Technical Details Luder is an e-mail worm, a dropper for a trojan downloader and a file infector. AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: - Atheros Communications Inc.) ATI Catalyst Install Manager (HKLM\...\{1D27E8CF-7546-F200-4CA3-CD2F39909F5A}) (Version: 3.0.808.0 - ATI Technologies, Inc.) Bluebeam Revu x64 11 (HKLM-x32\...\InstallShield_{FAC5F00B-0E05-4EA9-A48D-E496296AF75B}) (Version: 11.6.0 - Bluebeam Share the knowledge on our free discussion forum. website here

The file isn`t actually missing. Follow RANSOM.SHADE!8.12CC-HNOBIG3WDII (CLOUD) Removal Instructions Tatva WordPress theme by IdeaBox WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera Please click here if you are not redirected within a few Restart all disinfected computers.

What other things will i need to do?4. Submit a sample to our Labs for analysis Submit Sample Give And Get Advice Give advice. UnHackMe uses minimum of computer resources. It does not count as help.

This small piece of code starts the worm's copy (randomly named file with .t extension) and then passes control to the host file.It should be noted that the worm is quite I-Worm/Luder.A Started by TREMBLAY, Jan 08 2007 10:37 PM This topic is locked 7 replies to this topic #1 TREMBLAY TREMBLAY Member Full Member 28 posts Posted 08 January 2007 - Instead, open a new thread in our security and the web forum. read this article i-worm/luder.a Started by Toshiro Mifune , Jan 22 2007 11:21 AM Please log in to reply #1 Toshiro Mifune Posted 22 January 2007 - 11:21 AM Toshiro Mifune New Member Member

Will we (the family) loose pictures that are currently stored on the computer which were stored after the last system save?.2. VirusTotal (0/56). Once you`ve completed the reformat and reinstall, post another fresh HJT log so I can check to see if your system is clean. CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF).

Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Office Document I love the way you touch me,Always sending chills down my spine.I love that you are with me,And glad that you are mine. Even if we cleaned the infections, it wouldn`t help to recover the info that may have been gleaned from your system. Use this Manual Removal Guide Finally I fixed RANSOM/W32.SHADE.933468 virus!

Sign In Use Facebook Use Twitter Use Windows Live Register now! nasdaq Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ] [ Housecall online virus scan ] [ Bitdefender online virus scan ] [ AVG antivirus ] This is only a short scan.Once the short scan has finished, mark the drives that you want to scan.Select all drives. Actually i just read up and its for my ATI graphics card for video streaming apparently..

Payload Damages Files on 29th of Each Month On 29th of each month, Win32/Luder.A will search for files of known data types by file extension, and delete the contents of those Click 'Yes to all' if it asks if you want to cure/move the file.When the scan has finished, look if you can click next icon next to the files found: If Propagation Before spreading, the worm collects e-mail addresses from an infected computer. Post navigation Tool.TcpScan.59 Generic PUA EB (PUA) Search for: Categories Adware Backdoor Downloader How-to instructions KeyLogger malware PUP Rootkit Spyware Trojan Virus Worm Recent Posts Finally I fixed TROJAN.DOWNLOADER10.9114 virus!

If the answer to any of those questions is yes, then you should immediately disconnect your computer from the net and do a complete format and reinstall. With "Disinfect Automatically" selected, F-Secure Anti-Virus will disinfect files that a virus tries to infect over a network (if sharing was not disabled) or on local drives (if the virus is The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588456 2010-11-11] (ELAN Microelectronics Corp.) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] => C:\Program

Adam Smith Glasgow, 1760 Back to top Back to Resolved or inactive Malware Removal 0 user(s) are reading this topic 0 members, 0 guests, 0 anonymous users Reply to quoted postsClear

TechSpot is a registered trademark. Some how we slipped up and let something in. Scan all hard drives on disinfected computers again to make sure that no more infected files are left. You can find instructions on how to enable and re enable system restore here: Managing Windows Millennium System Restore or Windows XP System Restore Guide re-enable system restore with instructions from

I have to restart computer and do check straight away before loosing acess or control.4 We still have acess to internet but will only use computer now to get the thing I have considered your advice . "but keep in mind that damage can still appear afterwards and a format and reinstall will still be the best - fastest and safest option.... Hope I can follow instructions this time.Here is the HJT logLogfile of HijackThis v1.99.1Scan saved at 7:47:53 PM, on 14/11/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Adds value: Win32_Duel_v2 With data: \duel_v2.exe In subkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run   Win32/Luder.A creates a mutex named "Win32.Duel 2.0 (c) DR-EF 2006" in order to prevent multiple copies running at the same time.

These will have sent your info to a third party who may use that info for their own purposes. Worldwide Virus Detections PC Threats Mobile detections Check File for Viruses Is a file safe? Ask a question and give support. To format and reinstall, read the instructions here how to do this (with screenshots):, from your friends computer healthy, burn an an antivirus and firewall installer on cdrom, because during the

Login now. Yes, you will loose them after a format and reinstall - but..2. GaryIf I do not reply within 24 hours please send me a Personal Message."Lord, to whom would we go? What other things will i need to do? 4.

This virus has a date-activated, file damaging payload, and may connect to a remote server and accept commands from an attacker. A case like this could easily cost hundreds of thousands of dollars. Did the new user profile cmd thing, then ran FRST, both scans came back HOWEVER...I went to locate the New User Profile to copy paste and am unable to locate it, Win32/Luder.A targets the following files -   documents, spreadsheets, presentations and databases:.mdb, .doc, .xls, .ppt, .pdf media files including pictures, audio and video files: .mp3, .jpg, .wmv, .avi, .mpg   archive files

You can only upload photos smaller than 5 MB. You have the words that give eternal life.