Thursday, November 13, 2008

Murphy Trojan

Murphy malware description and removal detail
Categories:Trojan,Backdoor,RAT,Downloader,Hacker Tool,DoS
Also known as:

[Kaspersky]Murphy.Lock,Murphy.Nuke,Murphy.Migram.1221.a,Murphy.1951,Murphy.Delirium.1778,Murphy.Pest,Brothers.2045,Murphy.Badtaste,Murphy.Amilia,Murphy.1008.b,Murphy.Tormentor,Murphy.1008.a,Murphy.1417,Murphy.1477,Murphy.Migram.1219,Murphy.Bhak,Murphy.Delirium.1638,Murphy.1521.b,Murphy.1480,Virus.DOS.Murphy.1417,Murphy.Grog;
[Eset]Murphy.Locker virus,Murphy.Kamasya virus,Murphy.Tormntr.1072.A virus,Murphy.Smack.1835 virus,Murphy.Diabolik virus,probably unknown TSR.COM.EXE virus,Murphy.Goblin virus,Murphy.Migram.1221.A virus,Murphy.Delyrium.1778 virus,Murphy.Pest.A virus,Murphy.Brothers virus,Murphy.Badtaste virus,Murphy.Amilia.A virus,Murphy.Tormntr.1024 virus,Murphy.Antichrs virus,Murphy.Tormntr.1040 virus,Murphy.Swami.A virus,Murphy.Finger virus,Murphy.Erasmus virus,Murphy.Delyrium.1638 virus,modified Murphy.1521.A virus,Murphy.1521.A virus,Murphy.1480 virus,Murphy.1284 virus,Murphy.Cemetery virus,Murphy.1277.A virus,Murphy.Hiv-1.A virus,Murphy.Hiv-1.E virus;
[McAfee]Murphy;
[F-Prot]contains Murphy.1098 (non-working),->GRAPHICS.NUM,contains Murphy.1221.A (non-working),Murphy.1910.A,Murphy.1188,Murphy.1614.F,Murphy.1008.A,Murphy.1417,security risk or a "backdoor" program,Murphy.1284.A,Grog.1417;
[Panda]Italian Pest B,Murphy.1219.A,Tormentor.1072,Diabolik,Murphy.Badtaste,Murphy Family,Delyrium.1778,Murphy.1951.Drp,Italian Pest,Murphy.1910.A,Brothers,HIV 1.0,Antichrist,Tormentor.1024,Cementery,Migram,Tormentor.1040,Bhaktivedanta,Finger,Erasmus,Murphy 2.1521,Murphy 4.1480,Murphy 3.1284,Murphy.Cementery,Murphy 1.1277,Grog.1417;
[Computer Associates]Murphy family,Murphy.1638,HIV,Murphy,Necropolis,Murphy.1221,Swami,Murphy.Delyrium.1778,Murphy variant,Bad_Taste,PS-MPC
Visible Symptoms:
Files in system folders:
[%PROGRAMS%]\UCmore - The Search Accelerator\UCmore Tour.lnk
[%PROGRAM_FILES%]\TheSearchAccelerator\IUCmore.dll
[%PROGRAM_FILES%]\TheSearchAccelerator\UCMTSAIE.dll
[%PROGRAMS%]\UCmore - The Search Accelerator\UCmore Tour.lnk
[%PROGRAM_FILES%]\TheSearchAccelerator\IUCmore.dll
[%PROGRAM_FILES%]\TheSearchAccelerator\UCMTSAIE.dll

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Detecting Murphy:

Files:
[%PROGRAMS%]\UCmore - The Search Accelerator\UCmore Tour.lnk
[%PROGRAM_FILES%]\TheSearchAccelerator\IUCmore.dll
[%PROGRAM_FILES%]\TheSearchAccelerator\UCMTSAIE.dll
[%PROGRAMS%]\UCmore - The Search Accelerator\UCmore Tour.lnk
[%PROGRAM_FILES%]\TheSearchAccelerator\IUCmore.dll
[%PROGRAM_FILES%]\TheSearchAccelerator\UCMTSAIE.dll

Folders:
[%PROGRAMS%]\ucmore - the search accelerator
[%PROGRAM_FILES%]\thesearchaccelerator

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{44BE0690-5429-47f0-85BB-3FFD8020233E}
HKEY_CURRENT_USER\software\effective-i\thesearchaccelerator
HKEY_CURRENT_USER\software\maxthon\plugin\toolbar\{44be0690-5429-47f0-85bb-3ffd8020233e}
HKEY_LOCAL_MACHINE\software\classes\clsid\{44be0690-5429-47f0-85bb-3ffd8020233e}
HKEY_LOCAL_MACHINE\software\effective-i\thesearchaccelerator
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar

Removing Murphy:

An up-to-date copy of ExterminateIt should detect and prevent infection from Murphy.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Murphy manually.

To completely manually remove Murphy malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Murphy.

  1. Use Task Manager to terminate the Murphy process.
  2. Delete the original Murphy file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.

ExterminateIt effectively and automatically removes Murphy from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Murphy!

Also Be Aware of the Following Threats:
Small.ek Downloader Symptoms
Dowque.AEX Trojan Removal instruction
Key.Captor Spyware Information
Lucie Trojan Cleaner
GotoBar Hijacker Information

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)