Home | Spyware List | Search Spyware | Bookmark | Link to us
spyware removal instructions
> Spyware Encyclopedia Page 38 > Cold Fusion

Cold Fusion removal

Spyware Cold Fusion Information
Name: Cold Fusion
Category: RAT
Author: Trade Mark
Coded in: Compressed with: UPX Delphi
Dangerous: Yes
Cold Fusion is RAT - spyware.
Restart method is similar to KBL Uploader. You should remove it from your system as soon as possible.
Cold Fusion description by Trade Mark:
Vendor: ´ COLD FUSION v1.00 Features: ======== -FWB (injects to browser.exe) -invisible in taskmanager -Victim info -Reboot/shutdown -Webcam capture(plugin) -Screen Capture(plugin) -Mouse clicks (right & left) -Process Manager -FileManager -Melt server -AV/FW killer at at startup (plugin) -ICQ & CGI notification CODERS: ====== Satan_addict, Flippmode, Read101, Trade Mark Any file: *Client.exe *Editor.exe *installer.exe *sysk.dll *syscpt.dll *readmefirst.txt (all any file binded with upx) PLUGINS INSTRUCTIONS: send all plugins to windows folder. The syscpt.dll allows you yo capture both screen & webcam pictures. The sysk.dll will be injected into browser.exe & will kill all FWs & AVs. It´ll repeat the killing process every 2 minutes (It also kills windows services). BINDING THE SYSK.DLL: You can bind the sysk.dll plugin but remember allways to unpack it to the windows folder! The server sees if the dll is there & if it´s, it runs it. Have fun, -Satan_addict Cold Fusion v1.1 Beta 2 (Public version) try it & report bugs, enjoy it ;) Beta testers of Beta1: Lucifer0000 Evil-eye Chrozer
This RAT is also known as:
Backdoor.Coldfusion.10.
Backdoor.Coldfusion.11.a.
Backdoor.Coldfusion.11.d.

>> Delete Cold Fusion automatically - Download Spyware Doctor

Cold Fusion Removal Instructions
Kill the following processes
client.exe, editor.exe, f636792a.exe, installer.exe, server.exe, navapw16.exe
Unregister the following DLLs and reboot
34d178c0.dll, compressor.dll, dos.dll, icon.dll, join.dll, sysbot.dll, syscomp.dll, syscpt.dll, sysdos.dll, sysk.dll.
Delete these registry entries
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\navapw16.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\winupde
Remove the following files
34d178c0.dll, client.exe, compressor.dll, dos.dll, editor.exe, f636792a.exe, icon.dll, installer.exe, join.dll, log.php, readme.html, readme1st.txt, server.exe, sysbot.dll, syscomp.dll, syscpt.dll, sysdos.dll, sysk.dll.
navapw16.exe in Windows\

Bookmark Cold Fusion page

 Previous Spyware: Remove Cold Client Server Next Spyware: Remove Cold Fusion 1.00
© 2005-2008 www.spywaredb.com All rights reserved. webmaster@spywaredb.com