Virus W32/Hakaglan.worm.gen

meghana · #1 09-25-2007, 01:26 AM

Hi All,

My pc has affected by virus W32/Hakaglan.worm.gen.
It has disabled the Task Manager and Registries.

Upon execution the worm drops the following files:
%WINDIR%\SSVICHOSST.exe -> Worm Component
%SYSDIR%\SKCVHOSThk.dll -> Keylogger Component
%SYSDIR%\SKCVHOST.exe -> Keylogger Component
%SYSDIR%\SKCVHOSTr.exe -> Keylogger Component

Creates the following registry keys to hook at system startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
“Shell” =” Explorer.exe SSVICHOSST.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\
“Yahoo Messengger” = “%SYSDIR%\ SSVICHOSST.exe”

The worm creates a job file (At1.job) which schedules to execute itself everyday at 09:00 hrs.

It is not allowing me to install updated antivirus.
Anybody has the solution of this virus.

Thanks,
Meghana

*Mobo* · #2 09-25-2007, 01:27 PM

First thing to do would be start / run / regedit
Navigate to
HKCU\Software\Microsoft\Windows\CurrentVersion\Run \Yahoo Messengger\
Delete
SCVHSOT.exe

Step 2
Then Navigate to
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

Delete
SCVHSOT.exe

Step 3
HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System
DisableTaskMgr
Double click and set to 0

HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System
DisableRegistryTools
Double click and set to 0

The following registry entry is set:

HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer
NofolderOptions
Double click and set to 0

Step 4
Navigate to here and run a full system scan. Then remove all infections when the scan is complete.

*Mobo* · #3 09-26-2007, 09:45 AM

Great news.

For anyone wanting the script i'll attach it here. Visitors please note that free registration and one post are nessecary to see the download link.

Hidden Block (you must be registered and have 1 posts):

You do not have sufficient rights to see the hidden data contained here.

virsee · #4 09-26-2007, 03:48 PM

even i got same error.............. please give me the scripts .....n tell me what to do,....

samsarkissa · #5 10-04-2007, 01:44 AM

Thanks for this information. Saved my network!

jaydz · #6 10-06-2007, 01:08 AM

thanks a lot! i needed this!

botching · #7 10-06-2007, 04:32 PM

thanks

learning · #8 10-08-2007, 12:00 AM

thanks babeh!

sued · #9 10-08-2007, 05:02 AM

Quote:

Originally Posted by Mobo

Great news.

For anyone wanting the script i'll attach it below.

*** hidden content ***

hi i have this w32/hakaglan virus. it has disabled my task manager, command prompt and registry editor. where can i get this script, and how do ni run it? thx a batch!!!

sued · #10 10-08-2007, 05:06 AM

Mobbo i don't seem to be able to download the script please help

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)