November 2, 2009

How To Remove convite.exe Win32:Spyware-Gen Infection "convite.exe"

Anti-Virus, Spyware, Adware, Malware, Malicious, Trojan Horse, Botnet, Worm, Hijacker, Scareware, Spam, Rootkit, Registry Entries, Infected, Temporary Files, History, Cookies, Repair, Restore, Security Removal InstructionsDangerous: YES

Associated Files:
convite.exe, downloads_r.com, Download_Imagem.zip. Ifn.ini, Mast.ini, sxmc.ini, diagx3d.dll, smastsj.exe, unchsy.exe

File Behavior:
The Process is packed and/or encrypted using a software packing process.
Creation and Registration of a Browser Helper Object in Internet Explorer.
This process creates other processes on disk.
Writes to another Process's Virtual Memory (Process Hijacking).
Can communicate with other computer systems using HTTP protocols.
Installs a browser helper object (BHO).
Creates or uses a background service to access the Internet using HTTP protocols.

Malware Name:
Win32:Spyware-Gen, Win32:Bancos-BLF

Malware Type:
Trojan Horse, Infection, PHISH

File Location:
 C:\Windows\Ifn.ini
C:\Windows\system32\smastsj.exe C:\Windows\system32\unchsy.exe C:\Windows\System32\Mast.ini
C:\Windows\System32\sxmc.ini
C:\Windows\System32\DirectX\Dinput\diagx3d.dll

Symptoms:
When you open your mail a friend from your contact list will send you an e-mail saying something like - Example:

OIII...!! TUDO BEM?

From:OfflineJohn Doe (JohnDoe@hotmail.com)
Sent:  February 5, 2010 6:54:57 PM
To:

Anexos: fotos 1 anexoImagem1.jpg (2,5 KB)
Oiiii...!! tudo bem?

Pois é eu sumi... mas eu não esqueci
daquela nossa foto.
Pois aqui está a foto que você tanto queria...
Tchauuuu!!!
Segue abaixo a foto.
Imagem1
Visualizar, Baixar ou Imprimir Imagem1.jpg

Then it will open up a file called Downloads_R.com, if this is what you have down and are looking for a solution follow the removal procedure.

Associated Web Sites:

http://mundopumavirtualx02.in
http://x02.mundopumavirtualx02.in
http://propaganda25.dominiotemporario.com/Downloads_R.com
http://dre.direcionex.info/Download_Imagem.zip/Download_Imagem.com
http://biglocationx.blogspot.com/feeds/posts/default
http://tropa123.freehostwebs.com
http://tryppy.freehostwebs.com
http://red88.freehostwebs.com
http://lotismail.freehostia.com


Removal Procedure:

1. Use Prevx 3.0 (Download-PREVXCSIFREE.exe) to try and remove this virus Click Here to select a different language.

2. If Prevx dosen't work for you download ComboFix and save the file to your desktop, rename it from Combofix to Combo-Fix. - It' important you rename it to Combo-Fix during the download and not after or winupgro will corrupte it making it unable to open.

W32.Beagle winupgro.exe wintems.exe Trojan Vundo Bagle Pic 03

Try some online free virus scans:

Kaspersky
ESET Smart Security/ESET NOD32 Antivirus
Trend Micro HouseCall
AVG LinkScanner
F-Secure
BitDefender

4 comments

Write comments
Anonymous
AUTHOR
February 6, 2010 at 12:57 AM delete

thanks for this you gave soom good info here that i needed
i think its removed now i'll see how it go's

Reply
avatar
Anonymous
AUTHOR
February 9, 2010 at 9:06 PM delete

Combo-Fix Worked Thank You!

Reply
avatar
jesse
AUTHOR
February 21, 2010 at 7:17 PM delete

cool gone! thanks alot

Reply
avatar
Unknown
AUTHOR
March 7, 2011 at 6:41 PM delete

Combo-Fix worked, thank you!
However, the ones that I tried but seemed to fail: spyboot, Malwarebyte AntiMalware, cc cleaner, exterminate-it (because you must pay and it may or may not work), Prevx (same as exterminate-it).
Make sure all cookies and history is deleted before using any tool to remove stuff, stop the antivirus before using any tool, or better yet, delete and install again later
Hope this help
C. Francis

Reply
avatar

© Copyright 2015 ESCOFLiP Studios. Designed by Bloggertheme9.
Powered by Blogger.
| Distributed By Blogger Templates20