Spam : Scandal: Obama Resignation Letter
The political onslaught continues. We are seeing lots of users in our diagnostic systems infected with the payload from these threats.
McCain Lawyer Impeach Obama!
McCain has reached an agreement with the Obama lawyers that makes Obama resignation effective November 11.
Barack Obama can lost President’s Chair.
McCain video report 10 November:
Clicking the link to view the story yields a news looking site where you are required to install the latest “Adobe Flash Player” to watch the movie - of course this leads to the infection.
Registry Modifications
HKCR\CLSID\{32C620D6-CC10-4e6a-9715-BACACD5B0E61}
InprocServer32#sxmg4.dll
ProgID#MS
TypeLib#{C8691316-2034-4350-9A66-6AE2FD9EE257}
HKCR\CLSID\{A744F16C-B2D5-4138-81A2-085CDFCDE83A}
InProcServer32#sxmg4.dll
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NEW_DRV
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PSYCHE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PSYCHEENQUEUE
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#WebProxy
HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc
HKLM\SYSTEM\CurrentControlSet\Services\new_drv
HKLM\SYSTEM\CurrentControlSet\Services\psyche
HKLM\SYSTEM\CurrentControlSet\Services\PsycheEnqueue
File System Additions
%SYSTEMROOT%\system32\adult.txt [MD5:204481C0F1DF8BFB088549A9853E9A2C]
%SYSTEMROOT%\system32\CbEvtSvc.exe [MD5:BC86CD17838D88329CD44115C7546B1A]
%SYSTEMROOT%\system32\finance.txt [MD5:72504008E24620145E6139396C3FF2DA]
%SYSTEMROOT%\system32\lt.res [MD5:22AFC809719809C75A7C024878857B30]
%SYSTEMROOT%\system32\other.txt [MD5:62F6BE80059453CC5315AFCD3050E7F2]
%SYSTEMROOT%\system32\pharma.txt [MD5:4919CBEBB282FA70CB5D87CD8879CE7F]
%SYSTEMROOT%\system32\sft.res [MD5:D56D080C00DFA0E49411559F020AD7A5]
%SYSTEMROOT%\system32\sxmg4.dll [MD5:D6FDC0F17947E9D78E9AEA2DBC3C9E81]
Click here to download SUPERAntiSpyware to Remove this infection.