HELP infected msconfig

Archive
1

Filename: msconfig.exe
Threat name: W32.Virut.CF
Full Path: c:\windows\system32\msconfig.exe

____________________________

 

Details
Very Few Users,  Very New,  Risk High

 

 

Origin
Downloaded from
 Unknown

 

 

Activity
Actions performed: 23

 

____________________________

 

On computers as of 
10/10/2013 at 8:54:01 AM


Last Used 
10/10/2013 at 8:57:34 AM


Startup Item 
No


Launched 
Yes


____________________________


Very Few Users
Fewer than 5 users in the Norton Community have used this file.

Very New
This file was released less than 1 week  ago.

High
This file risk is high.

Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.

 

____________________________

 

Source: External Media

 

Source File:
msconfig.exe

 


____________________________

File Actions

File: c:\windows\system32\ msconfig.exe Removed
File: c:\Windows\System32\ wuapp.exe Removed
File: c:\Windows\System32\ WFS.exe Removed
File: c:\Windows\System32\ iscsicpl.exe Removed
File: c:\Windows\System32\ odbcad32.exe Removed
File: c:\Windows\System32\ xpsrchvw.exe Removed
Event: Running process: c:\windows\system32\ msconfig.exe Terminated
____________________________

Registry Actions

Registry change: HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->Hidden:1 Repaired
Registry change: HKEY_USERS\S-1-5-21-2328014022-3908943955-1739727671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->Hidden:1 Repaired
Registry change: HKEY_USERS\S-1-5-21-2328014022-3908943955-1739727671-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->Hidden:1 Repaired
Registry change: HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->Hidden:1 Repaired
Registry change: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->Hidden:1 Repaired
Registry change: HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->ShowSuperHidden:1 Repaired
Registry change: HKEY_USERS\S-1-5-21-2328014022-3908943955-1739727671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->ShowSuperHidden:1 Repaired
Registry change: HKEY_USERS\S-1-5-21-2328014022-3908943955-1739727671-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->ShowSuperHidden:1 Repaired
Registry change: HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->ShowSuperHidden:1 Repaired
Registry change: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->ShowSuperHidden:1 Repaired
Registry change: HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->HideFileExt:0 Repaired
Registry change: HKEY_USERS\S-1-5-21-2328014022-3908943955-1739727671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->HideFileExt:0 Repaired
Registry change: HKEY_USERS\S-1-5-21-2328014022-3908943955-1739727671-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->HideFileExt:0 Repaired
Registry change: HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->HideFileExt:0 Repaired
Registry change: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ->HideFileExt:0 Repaired
Registry change: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {67KLN5J0-4OPM-01WE-AAX5-314CCA322142} No Action Required
____________________________


File Thumbprint - SHA:
61476d36c9adee4b604c6318f904b368280b12fb465541874764060820c80e34
File Thumbprint - MD5:
Not available