virus sbl.exe solutions

sbl.exe
filename：dream.exe\sbl.exe
file size：146592 bytes
AV：（Kaspersky 7.0）Trojan.Win32.Delf.adf
MD5：bb2da6dcb865b70fe0754db71cee72d8

Sbl.exe has been seen to perform the following behavior(s):

Executes a Process
%Systemroot%\system32\1.inf
%Systemroot%\system32\dream.exe
%Systemroot%\system32\plmmsbl.dll

download spyware to your computers:

%Systemroot%\system32\gmxe.dll
%Systemroot%\system32\drivers\swmcswozyn.sys
%Systemroot%\system32\drivers\xpg7.sys
C:\Favorites\**.url

Added as a Registry auto start to load Program on Boot up

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
dream = REG_SZ, C:\winnt\system32\dream.exe
melove = REG_SZ, C:\winnt\system32\dream.exe
the two path direct C:\winnt\system32\dream.exe
If your computer system is windows xp ,this path direct to c:\windows\system32\dream.exe

Writes to another disk

Autorun.inf and sbl.exe.

net stop your firewall

try to stop process
avp.exe

EXESPY WXR95 REGMON FILE MONITOR REGMONEX WINDOW DETECTIVE DEBUGVIEW RESSPY ADVANCED REGISTRY TRACER REGSNAP MEMSPY MEMORY DOCTOR PROCDUMP32 MEMORY EDITOR FROGSICE SMU WINSPECTOR MEMORY DUMPER MEMORYMONITOR NUMEGA SOFTICE LOADER URSOFT W32DASM -=CHINA CRACKING GROUP=- OllyDbg TRW2000 DEFAULT IME NDOW- 360 [MAXTHON]


how to remove sbl.exe

chose netlink use Mandatory deleted software
del C:\windows\system32\1.inf
C:\windows\system32\dream.exe
C:\windows\system32\plmmsbl.dll
C:\autorun.inf
C:\sbl.exe
D:\autorun.inf
D:\sbl.exeE:\autorun.inf
E:\sbl.exeF:\autorun.inf
F:\sbl.exe

check regedit and del this:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] [Microsoft Corporation] [Microsoft Corporation]

[xpg7 / xpg7][Stopped/Auto Start]<\??\C:\winnt\system32\drivers\xpg7.sys>[swmcswozyn / swmcswozyn][Stopped/Auto Start]<\??\C:\winnt\system32\drivers\swmcswozyn.sys>

if you have ant question please mail to me ....

how to remove igm.exe viruses.

The filename igm.exe was first seen on Sep 23 2007 in The EUROPEAN UNION.

IGM.EXE has been seen to perform the following behavior(s):

Terminates Processes
This Process Deletes Other Processes From Disk
This Process Creates Other Processes On Disk
Executes a Process
Adds a Registry Key (RUN) to auto start Programs on system start up
Registers a Dynamic Link Library File
Modifies Windows Initialization And System Settings Used On Start up
The process hooks code into all running processes which could allow it to take control of the system or record keyboard input, mouse activity and screen contents
Makes outbound connections to other computers using NETBIOSOUT protocols
The Process is packed and/or encrypted using a software packing process
IGM.EXE has been the subject of the following behavior(s):
Executed as a Process
Created as a process on disk
Deleted as a process from disk
Added as a Registry auto start to load Program on Boot up
Writes to another Process's Virtual Memory (Process Hijacking)
Terminated as a Process

and igm.exe can download many spywarev&virusese by some website.

Created as a process on disk
c:\WINDOWS\IGW.exe
c:\WINDOWS\AVPSrv.exe
c:\WINDOWS\DiskMan32.exe
c:\WINDOWS\IGM.exe
c:\WINDOWS\Kvsc3.exe
c:\WINDOWS\lqvytv.exe
c:\WINDOWS\MsIMMs32.exe
c:\WINDOWS\system32\3CEBCAF.EXE
c:\WINDOWS\system32\a.exe
c:\WINDOWS\upxdnd.exe
c:\WINDOWS\WinForm.exe
c:\WINDOWS\system32\rsjzbpm.dll
c:\WINDOWS\system32\racvsvc.exe
c:\WINDOWS\dbghlp32.exe
c:\WINDOWS\nvdispdrv.exe
c:\WINDOWS\system32\cmdbcs.dll
c:\WINDOWS\system32\dbghlp32.dll
c:\WINDOWS\system32\upxdnd.dll
c:\WINDOWS\system32\yfmtdiouaf.dll