Home News Best Way To Fix Win32 Hakaglan.b Worm

Best Way To Fix Win32 Hakaglan.b Worm

43
0

 

If you receive an error from the win32 hakaglan.b worm, this guide was written to help you.

 

 

Call DP Tech Group For IT Issues. 630-372-0100

Call us or fill out the contact form to get a quote.

Worm: Win32 / Nhatq is a worm that copies itself to logical and removable media, disables the task manager and changes system settings.

installation

When launched, this worm copies itself to the Windows and Windows system folders as “rvhost.exe”. The worm is then registered to run every time Windows starts.

Additional benefits: Yahoo Messengger

With data: rvhost.exe

To subsection: HKEY_CURRENT_USER Software Microsofot Windows CurrentVersion Run

Change the value: Shell

With data: explorer.exe rvhost.exe

Under subsection: HKEY_LOCAL_MACHINE Software Microsoft Windows NT CurrentVersion Winlogon

In addition, Win32 / Nhatq tries to create a Windows task that launches a worm every day of the week at 9 am by executing the Windows command shell command:

cmd.exe / C AT / delete / yes

cmd.exe / C at 09:00 / interactive / EVERY: m, t, w, th, f, s, su RVHOST.exe

Win32 / Nhatq may be trying to load the config data file and to settings.ini from the nhatquanglan2.0catch.com domain.

Spreads through …

Logical and removable drives

This worm copies itself as a “new.exe folder” to logical and removable media. If the user accidentally opens a new folder, the worm will start and infect the local computer.

payload

Changes system settings

The worm modifies the registry to change Windows system settings, such as B. Disable folder options and disable Windows Task Manager. Win32 / Nhatq modifies the registry as shown below.

Change the value: NofolderOptions

With data: 1

Under subsection: HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Policies Explorer

Change the value: DisableTaskMgr

With data: 1

Under subsection: HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Policies System

Change the value: AtTaskMaxHours

With data: 0

Under subsection: HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services Schedule

Change the value: GlobalUserOffline

With data: 0

In subsection: HKEY_CURRENT_USER SOFTWARE Microsoft Windows CurrentVersion Internet Settings

Finally, the worm can add an additional registry value

win32 hakaglan.b worm

Added value: Â general

With data: new folder.exe

Under subsection: HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion
Explorer WorkgroupCrawler Shares

MD5 Audio / Video
01b3e8f928542a0c7a5ff4963a322416 [W32.Rusand.Worm] [Win32.Worm.Autorun.WI] [IM-Worm.Win32.Sohanad! O] [Worm.Nuqel.A3] [W32 / AutoIt.d] [Trojan.Win32.AutoRun .syqxo] [W32 / Sohanad.D] [W32.Imaut.N] [Autoit.AG] [Win32 / Nuqel.A ] [WORM_IMAUT.E] [Worm.Hakaglan.B] [Worm.Win32.Hakaglan.B] [Win32.HLLW.Cung] [Worm.Sohanad.Win32.1706] [Worm / Sohanad.BM] [W32 / SillyFDC- G] [Worm [IM] / Win32.Sohanad] [Worm.Autoit.E. (Kcloud)] [Worm: Win32 / Nuqel.A] [Wurm.Win32.Autoit.272131] [W32 / Sohanad.LKZG-6311] [W32 / Sohanat.KG] [Win32 / Hakaglan.B] [ PE: [Email protected]! 1.6AA9 ] [Worm.Win32.VB.cj] [W32 / Hakaglan.B! Version] [Worm / Delf.CYB] [Worm.Win32.FakeFolder.BG]
02584a9cd4e3476f0aa17450dca4fc58 [W32.CatchYMD.Worm] [Worm.Sohanad.Win32.3452] [W32.Imaut] [Sohanad.ARR] [Win32 / Nuqel.AE] [Mal_OtorunN] [IM-Worm.Win32.Sohanad.bm] [Worm.Nuqel] [ PE: [secure email]! 1.6AA9 ] [W32 / SillyFDC-G] [Worm.Win32.Hakaglan.AH0] [Trojan.DownLoader9.25778] [BehavesLike.Win32.Sality.hh] [Worm: Win32 / Nuqel.A] [Win32 / Hakaglan.worm.462264] [I-Worm.Hakaglan .AH] [Win32 / Hakaglan.AH] [Worm.Win32.Fakefolder.a] [IM-Worm.Win32.Sohanad] [W32 / Sohanad.BM! Version] [Worm / Autoit.ADEC]
0a53dc3e7cc2b0f9e55b18c8ff447011 [W32.HfsAutoA.5c52] [Worm.AUTOIT.Nuqel.A] [Sohanad.BJT] [Win32 / FakeFLDR_i] [Trojan.Win32.Autoit.zu] [Worm.AutoIT.AL] [TrojWare.Win32. Autoit.djga] [Trojan.Click2.42789] [W32 / Autoit.A] [W32 / Sohana-AM] [Worm [IM] / Win32.Sohanad] [Worm: Win32 / Nuqel.BI] [Wurm / Win32.AutoRun ] [Trojan.Autoit.F] [W32 / Autorun.JHJ] [Win32 / Sohanad.NFN] [PE: Worm.Nuqel! 1.99C0] [Worm.Win32.AutoIt] [W32 / AutoIt.AM! Worm] [Trojan .Win32.Autoit.aRcP] [Worm.Win32.FakeFolder.BB]
0d51fe95e0422dfab83a737ab29c89a0 [W32.CatchYMZ.Worm] [Backdoor.Win32.Shark.axz! O] [Worm.Sohanad.V] [Win32 / FakeFLDR_i] [IM-Worm.Win32.Sohanad.am] [Trojan.Win32.Sohanad .vhbz] [Worm.Win32.Hakaglan.F] [Win32.HLLW.Autoruner1. 57804] [TR / Hakaglan.334212] [Mal_OtorunN] [Heuristic.BehavesLike.Win32.Suspicious-BAY.G] [Worm / Sramota.bis] [Trojan [: HEUR] / Win32.Unknown] [Worm: Win32 / Nuqel. O] [W32 / Trojan.QMZY-4380] [Wurm / Win32.Sohanad] [Trojan.Autoit.F] [Trj / CI.A. ] [Win32 / Hakaglan.F] [ PE: [secure email]! 1.6AA9 ] [Trojan Downloader.Win32.AutoIt] [W32 / Sohanad.T! Worm.im] [Autoit.BW] [Worm.Win32.Sohanad.ay] [Win32 / Trojan.749]
0e3325e5072c4f0c6ccfcc029826912b [W32.Sality.Q-1] [Worm / AutoRun.OM] [W32 / Sality.x] [WORM / Sohanad.BH] [ Virus * Win32 / Sality.R ]
104ae448363b0ea5408b5df7a1231b93 [W32.SalityVB.PE] [Trojan.Autoit.ATO] [Virus / W32.Sality.C] [Trojan.Win32.KillAV! O] [W32.Sality.R] [Trojan.Autoit.ATO] [Trojan.Autoit.ATO] [Win32.Worm.Sohanad.am] [W32.Imaut.A] [Win32 / Sality.NAO] [PE_SALITY.EK ] [Win.Trojan.Sality-1030] [Trojan.Autoit.ATO] [Trojan.Win32.KillAV.ayh] [Virus.Win32.Sality.gcen] [Virus.Win32.TuTu.A.200000] [Trojan.Autoit .ATO] [Trojan.Autoit.ATO] [Win32. Sector.5] [PE_SALITY.EK] [BehavesLike.Win32.YahLover.fc] [W32 / Sality-AM] [W32 / Sality] [Trojan / Win32.KillAV. ayh] [Win32.Sality.v.9728] [Trojan.Autoit.ATO] [W32.W.Sohanad.kYMq] [Worm: Win32 / Nuqel.AJ] [HEUR / Fakon.mwf] [Virus.Win32.Sality. 2] [I-Worm.Hakaglan.G] [Virus.Win32.KillFiles] [W32 / Sality.AA] [Worm / AutoRun.OM] [W32 / Sality.AF] [Virus.Win32.Sality.I]
142d7660cf4480b81fae72621cc58a01 [W32.HfsAutoA.559a] [Win32.Worm.Sohanat.AV] [Worm.AUTOIT.Nuqel.A] [Win32 / FakeFLDR_i] [Worm.AutoIT.AL] [PE: Worm.Nuqel! 1.99C0] [W32 / Sohana-AM] [Win32.HLLW.Autoruner1.58452] [W32 / Autoit.A] [version [IM] / Win32.Sohanad] [version: Win32 / Nuqel.BI] [version / Win32. Autostart] [Trojan.Autoit.F] [Trj / CI.A] [Win32 / Sohanad.NFN] [Trojan.Win32.FakeFolder.dbq] [Worm.Win32.AutoIt] [W32 / AutoIt.AM! Ver] [Luhe.Fikha. A] [Win32 / Virus.8cc]
145426e29a72f263257af1f6f0271ade [Worm / W32.Sohanad.561152] [Worm.AutoRun.uwb] [Worm.AutoRun.LBO] [Win32 / Sohanad.AS] [W32.Blastclan] [Virus.Win32.Heur.c] [Mal_OtorunN] [Worm.Sohanad-155] [IM-Worm.Win32.Sohanad.as] [W32 / Sohana-AS] [Heur.Suspicious] [Win32.HLLW.Autohit.7125] [Worm.Autoit! IK] [Win32 / FakeFLDR_i] [Worm: Win32 / Nuqel.BF] [Win32 / Autorun.worm.561152.B] [Trojan.Autoit.F] [Malware.Blastclan! Rem] [Wurm.Autoit] [W32 / Sohanad.AS! Worm.im]
14db3ea459d572276cca3873c41851f6 [W32.Rusand.Worm] [Win32.Worm.Autorun.WI] [IM-Worm.Win32.Sohanad! O] [Worm.Nuqel.A3] [W32 / AutoIt.d] [Worm.Hakaglan.B] [W32 / Sohanad.D] [W32.Imaut.N] [Autoit.AG] [Win32 / Nuqel.A] [ WORM_IMAUT.E] [Trojan.Win32.AutoRun.syqxo] [Worm.Win32.Autoit.272131] [Worm.Win32.Hakaglan.B] [Win32.HLLW.Cung] [Worm.Sohanad.Win32.1706] [Worm / Sohanad.BM] [W32 / SillyFDC-G] [Worm [IM] /Win32.Sohanad] [Worm.Autoit.E. (Kcloud)] [Worm: Win32 / Nuqel.A] [W32 / Sohanad.LKZG-6311] [W32 / Sohanat.KG] [Win32 / Hakaglan.B] [ PE: [Email protected]! 1.6AA9 ] [Worm.Win32.VB.cj] [W32 / Hakaglan.B! Version] [Worm / Delf.CYB] [Worm.Win32.FakeFolder.BG]
1608d235591a41ba1d315d7d7b9075b1 [W32.Rusand.Worm] [Win32.Worm.Autorun.WI] [IM-Worm.Win32.Sohanad! O] [Worm.Nuqel.A3] [Worm.Sohanad.Win32.1706] [W32 / AutoIt .d] [Trojan.Win32.AutoRun.syqxo] [W32 / Sohanad.D] [W32.Imaut.N] [Autoit .AG] [Win32 / Nuqel.A] [Worm.Hakaglan.B] [Worm.Win32. Autoit.272131] [Worm.Win32.Hakaglan.B] [Win32.HLLW.Cung] [Worm / Sohanad.BM] [WORM_IMAUT.E] [W32 / SillyFDC-G] [Worm [IM] / Win32.Sohanad] [ Worm.Autoit.E. (Kcloud)] [Worm: Win32 / Nuqel.A] [W32 / Sohanad.LKZG-6311] [W32 / Sohanat.KG] [Win32 / Hakaglan.B] [ PE: [Email protected]! 1.6AA9 ] [W.