Zero day attack and 991.exe - Easily eliminate this problem

Let our support team solve your problem with Zero day attack and repair 991.exe right now!

Leave the detailed description of your problem in the form below. Our support team will contact you in several minutes and give a step-by-step instruction on how to solve your problem. Please be specific. Do your best describing the problem. This will help us recommend right and complete solution.

Describe your problem here and we'll contact you in several minutes:

	* Name:
	* Email:
	* Problem summary:
	* Detailed problem description:
		(result of arithmetic expression at left)

We'll contact you in 10 minutes or less after you click on this button! Individual solution guaranteed!

Warning:

1) We hate spam as much as you do. We will not share your email with any third party or publish it anywhere. Your email is used only to contact you and give you the solution of your problem.
2) All fields of this form are obligatory.

Guaranteed Problem Solution	Threat's description and solution are developed by Security Stronghold security team. Let professionals make your problems solved now!
What is Zero day attack? Technical details of Zero day attack problem and 991.exe file Manual solution methods Free download of a program that will solve your problem automatically Free instant professional support in solving Zero day attack and 991.exe error from our Security Support Team

Threat's profile

	Name of the threat: Zero day attack
	Command or file name: 991.exe
	Threat type: Spyware\trojan
	Affected OS: Win32 (Windows 9x, Windows XP, Windows Vista)

Intrusion method

This threat copies its file(s) to your hard disk. Its typical file name is Zero day attack. Then it creates new startup key with name Zero day attack and value 991.exe. You can also find it in your processes list with name 991.exe or Zero day attack.

If you have further questions about this threat, please fill in the form below and we'll contact you shortly.

» Download program for 991.exe removal (True Sword Threat Remover)

Recommended Solution

If you are not sure what to delete, use our award winning program - True Sword. True Sword will find and fully remove Zero day attack and 316 214 other dangerous threats including trojans, spyware, adware, riskware, problemware, keyloggers, dialers, viruses and other kinds of malicious programs in several seconds. Fast, easy, and handy, True Sword protects your computer against malicious programs that do harm to your computer and break your privacy. True Sword scans your hard disks and registry and destroys any manifestation of such malicious programs. Standard anti-virus software can do nothing against privacy breakers and malicious programs like that. Get rid of trojans, spyware, adware, trackware, dialers and keyloggers in one click now!

» Download True Sword now for free

How to fix Zero day attack

This problem can be solved manually by deleting all registry keys and files connected with this software, removing it from starup list and unregistering all corresponding DLLs. Additionally missing DLL's should be restored from distribution in case they are corrupted by Zero day attack. To fix this threat, you should:

1. Kill the following processes and delete the appropriate files:

• 10.bat
• 18930.dll
• 18ej8937i49.tmp
• 1a41bd.dll
• 1c86b.dll
• 3b7f7.dll
• 8.tmp
• 991.exe
• adir.dll
• aspi221709.exe
• aspi221719.exe
• aspi223599.exe
• aspi225159.exe
• aspi226099.exe
• aspi226409.exe
• aspi228909.exe
• bpnqxsf.dll
• cdegfr
• csddriver.sys
• dgrgesrgfdgf.tmp
• dial[1].exe
• dminupnp.dll
• dpmomspr.dll
• fdsf
• g32.txt
• her.pt
• iktzetd.dll
• image.gif.exe
• jkt8949kir.tmp
• kbgtpzb.dll
• lt[1].exe
• lzx32.sys
• msimnpwm.exe
• ocmawsnm.exe
• p2hhr.bat
• patch[1].exe
• privcash.exe
• privcash[1].exe
• rdpwiasn.dll
• scane[1].exe
• sdfff
• soc[1].exe
• spmk[1].exe
• ss[1].exe
• swprodte.dll
• swprodte.exe
• topinst.exe
• upperhost.dll
• wdcsadsad
• winmad[1].exe
• winmaz.bat
• winmaz.exe
• winmaz[1].bat
• winmaz[1].exe
• winudu[1].exe
• www.uniblue[1].com
• yaudri.dll
• yes.exe
• yes[1].exe
• zxczxc
• _td10.tmp
• _td11.tmp
• _td12.tmp
• _td13.tmp
• _td14.tmp
• _td15.tmp
• _td16.tmp
• _td17.tmp
• _td18.tmp
• _td19.tmp
• _td1a.tmp
• _td1b.tmp
• _td1c.tmp
• _td1d.tmp
• _td1e.tmp
• _td1f.tmp
• _td23.tmp
• _td29.tmp
• _td3.tmp
• _td4.tmp
• _td5.tmp
• _td6.tmp
• _td7.tmp
• _td8.tmp
• _td9.tmp
• _tda.tmp
• _tdb.tmp
• _tdc.tmp
• _tdd.tmp
• _tde.tmp
• _tdf.tmp
• ~21.tmp
• ~22.tmp
• ~28.tmp
• ~3.tmp
• ~4.tmp

Warning: you should delete only those files which checksums are listed as malicious. There may be valid files with the same names in your system. We recommend you to use True Sword for safe problem solution.

2. Delete the following malicious folders:

no information

3. Delete the following malicious registry entries and\or values:

• Key: SYSTEM\CurrentControlSet\Control\InitRegKey\mod
  Value: jpeg

• Key: CLSID\{855875B5-93F3-429D-FF34-660B206D897C}
  Value: ThreadingModel

• Key: SOFTWARE\Classes\CLSID\{855875B5-93F3-429D-FF34-660B206D897C}\InProcServer32
  Value: ThreadingModel

• Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dcdf22a6.exe

• Key: Software\Microsoft\Sft

• Key: CLSID\{31909793-B14A-18FA-1007-0265051CFC2B}\InprocServer32
  Value: ThreadingModel

• Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Run\708adabe.exe

• Key: CLSID\{297A111E-5C7F-2744-37B7-08F8EEF35CC6}\InprocServer32

• Key: CLSID\{523455E4-ABCD-ABCD-1114-D709ADD3DDAB}\InProcServer32

• Key: System\CurrentControlSet\Services\hide_evr2
  Value: Type

• Key: System\CurrentControlSet\Services\hide_evr2
  Value: Start

• Key: System\CurrentControlSet\Services\hide_evr2
  Value: ErrorControl

• Key: System\CurrentControlSet\Services\hide_evr2
  Value: ImagePath

• Key: System\CurrentControlSet\Services\hide_evr2
  Value: DisplayName

• Key: System\CurrentControlSet\Services\hide_evr2\Security
  Value: Security

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2
  Value: NextInstance

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2\0000\Control
  Value: *NewlyCreated*

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2\0000
  Value: Service

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2\0000
  Value: Legacy

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2\0000
  Value: ConfigFlags

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2\0000
  Value: Class

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2\0000
  Value: ClassGUID

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2\0000
  Value: DeviceDesc

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\hide_evr2\Enum
  Value: 0

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\hide_evr2\Enum
  Value: Count

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\hide_evr2\Enum
  Value: NextInstance

• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
  Value: AppInit_DLLs

• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acac
  Value: Startup

• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acac
  Value: Shutdown

• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acac
  Value: Impersonate

• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acac
  Value: Asynchronous

• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acac
  Value: Image

• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
  Value: AppInit_DLLs

• Key: System\CurrentControlSet\Services\aspi113210
  Value: Type

• Key: System\CurrentControlSet\Services\aspi113210
  Value: Start

• Key: System\CurrentControlSet\Services\aspi113210
  Value: ErrorControl

• Key: System\CurrentControlSet\Services\aspi113210
  Value: ImagePath

• Key: System\CurrentControlSet\Services\aspi113210
  Value: DisplayName

• Key: System\CurrentControlSet\Services\aspi113210\Security
  Value: Security

• Key: System\CurrentControlSet\Services\aspi113210
  Value: ObjectName

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210
  Value: NextInstance

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210\0000\Control
  Value: *NewlyCreated*

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210\0000
  Value: Service

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210\0000
  Value: Legacy

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210\0000
  Value: ConfigFlags

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210\0000
  Value: Class

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210\0000
  Value: ClassGUID

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210\0000
  Value: DeviceDesc

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\aspi113210\Enum
  Value: 0

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\aspi113210\Enum
  Value: Count

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\aspi113210\Enum
  Value: NextInstance

• Key: System\CurrentControlSet\Enum\Root\LEGACY_ASPI113210\0000\Control
  Value: ActiveService

• Key: Software\Microsoft\swprodte
  Value: RepB

• Key: System\CurrentControlSet\Services\aspi113210
  Value: ImagePath

• Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
  Value: {855875B5-93F3-429D-FF34-660B206D897C}

• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\swprodte
  Value: DllName

• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\swprodte
  Value: Startup

• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\swprodte
  Value: Shutdown

• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\swprodte
  Value: Impersonate

• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\swprodte
  Value: Asynchronous

• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
  Value: AppInit_DLLs

• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
  Value: AppInit_DLLs

• Key: SYSTEM\CurrentControlSet\Control\InitRegKey\mod
  Value: fake

• Key: SYSTEM\CurrentControlSet\Control\InitRegKey\mod
  Value: inject

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\Root\LEGACY_HIDE_EVR2\0000\Control
  Value: ActiveService

• Key: System\CurrentControlSet\Services\CsdDriver
  Value: ImagePath

• Key: System\CurrentControlSet\Services\CsdDriver
  Value: DisplayName

• Key: System\CurrentControlSet\Services\CsdDriver\Security
  Value: Security

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER
  Value: NextInstance

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER\0000\Control
  Value: *NewlyCreated*

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER\0000
  Value: Service

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER\0000
  Value: Legacy

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER\0000
  Value: ConfigFlags

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER\0000
  Value: Class

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER\0000
  Value: ClassGUID

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER\0000
  Value: DeviceDesc

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\CsdDriver\Enum
  Value: 0

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\CsdDriver\Enum
  Value: Count

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\CsdDriver\Enum
  Value: NextInstance

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\Root\LEGACY_CSDDRIVER\0000\Control
  Value: ActiveService

• Key: System\CurrentControlSet\Services\CsdDriver
  Value: Type

• Key: System\CurrentControlSet\Services\CsdDriver
  Value: Start

• Key: System\CurrentControlSet\Services\CsdDriver
  Value: ErrorControl

Warning: If value is listed for some registry entries, you should only clear these values and leave keys with such values untouched. We recommend you to use True Sword for safe problem solution.

Here are the descriptions of problems connected with Zero day attack and 991.exe we received earlier:

Next threat: Zero Day Attack 2 »

« Back to catalog