MNL6ON3.COM (data courtesy of Prevx.com)
1. COVERT ANALYSIS OF: MNL6ON3.COM
File Names Used: 4
Paths Used: 3
Common File Name: MNL6ON3.COM
Common Path: %TEMP%\
Vendor Information: No Vendor details specified
MNL6ON3.COM may use 4 or more path and file names, these are the most common:
File Name Structure: Normal
File and Path Structure: Suspicious, code execution from unusual location
2. RELATIONSHIP ANALYSIS OF: MNL6ON3.COM
Malicious Objects Created: None
Malicious Creators: 1
Malware Run Keys: None
Antivirus Detection: No third party antivirus detection observed
Anti-Spyware Detection: No third party anti-spyware detection observed
3. ACTIVITY ANALYSIS OF: MNL6ON3.COM
The following behaviors have been observed for this object:
- Installs programs.
- Deletes programs. (no wonder my YM got deleted)
- Runs other programs.
- Creates copies of itself.
1. Copy the filenames and its location.
2. Reboot the pc into safe mode.
3. Run regedit and delete the registry entries of those files.
4. Locate the actual files in system32 and delete them. I used Filezilla to locate the hidden files as windows explorer can’t see them.
5. To make sure autorun.inf (a component of the malware that I’ve found in my local drives) is turned off, open msconfig, go to the startup tab and disable any programs that aren’t needed.
6. Reboot your pc as normal and run another scan to make sure it is removed. I suggest you run scans from different AV.
I hope this helps for those who have already and will encounter this virus in the future. Just a tip though, act immediately once you suspect that your pc is acting strange (like slow startup, etc.) and your AV has detected any files that needs to be fixed manually.