Sunday, November 23, 2008

180Solutions Trojan

Removing 180Solutions
Categories: Trojan,Adware,Downloader
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Trojans-downloaders downloads and installs new malware or adware on the computer.

180Solutions Also known as:

[Kaspersky]TrojanDownloader.Win32.IstBar.j,TrojanDownloader.Win32.Small.wj,TrojanDropper.Win32.Small.mr;
[Panda]Adware/AdLogix,Adware/nCase,Spyware/ISTbar
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\msbb_gdf.dat
[%PROFILE_TEMP%]\temp.fr????\zango_gdf.dat
[%PROFILE_TEMP%]\temp.fr????\zango_kyf.dat
[%PROGRAM_FILES%]\180search Assistant Programs\180search Toolbar\180STUninstaller.exe
[%SYSTEM%]\ihquhtcl.exe
[%SYSTEM%]\irkkpury.exe
[%SYSTEM%]\saie_gdf.dat
[%SYSTEM%]\sain_gdf.dat
[%WINDOWS%]\180ax_gdf.dat
[%WINDOWS%]\didduid.ini
[%WINDOWS%]\msbb_gdf.dat
[%WINDOWS%]\saap_gdf.dat
[%WINDOWS%]\salm_gdf.dat
[%DESKTOP%]\installres.dll
[%PROFILE%]\Recent\installres.dll.lnk
[%PROFILE%]\recent\salm.log.lnk
[%PROFILE_TEMP%]\msbb.exe
[%WINDOWS%]\adg.exe
[%WINDOWS%]\avghalsb.exe
[%WINDOWS%]\cjqxe.exe
[%WINDOWS%]\downloaded program files\conflict.1\ncaseinstaller.dll
[%WINDOWS%]\downloaded program files\conflict.1\ncaselib.dll
[%WINDOWS%]\downloaded program files\ncaselib.dll
[%WINDOWS%]\knuzql.exe
[%WINDOWS%]\qhutst.exe
[%WINDOWS%]\vabctqp.exe
[%PROFILE_TEMP%]\msbb_gdf.dat
[%PROFILE_TEMP%]\temp.fr????\zango_gdf.dat
[%PROFILE_TEMP%]\temp.fr????\zango_kyf.dat
[%PROGRAM_FILES%]\180search Assistant Programs\180search Toolbar\180STUninstaller.exe
[%SYSTEM%]\ihquhtcl.exe
[%SYSTEM%]\irkkpury.exe
[%SYSTEM%]\saie_gdf.dat
[%SYSTEM%]\sain_gdf.dat
[%WINDOWS%]\180ax_gdf.dat
[%WINDOWS%]\didduid.ini
[%WINDOWS%]\msbb_gdf.dat
[%WINDOWS%]\saap_gdf.dat
[%WINDOWS%]\salm_gdf.dat
[%DESKTOP%]\installres.dll
[%PROFILE%]\Recent\installres.dll.lnk
[%PROFILE%]\recent\salm.log.lnk
[%PROFILE_TEMP%]\msbb.exe
[%WINDOWS%]\adg.exe
[%WINDOWS%]\avghalsb.exe
[%WINDOWS%]\cjqxe.exe
[%WINDOWS%]\downloaded program files\conflict.1\ncaseinstaller.dll
[%WINDOWS%]\downloaded program files\conflict.1\ncaselib.dll
[%WINDOWS%]\downloaded program files\ncaselib.dll
[%WINDOWS%]\knuzql.exe
[%WINDOWS%]\qhutst.exe
[%WINDOWS%]\vabctqp.exe

How to detect 180Solutions:

Files:
[%PROFILE_TEMP%]\msbb_gdf.dat
[%PROFILE_TEMP%]\temp.fr????\zango_gdf.dat
[%PROFILE_TEMP%]\temp.fr????\zango_kyf.dat
[%PROGRAM_FILES%]\180search Assistant Programs\180search Toolbar\180STUninstaller.exe
[%SYSTEM%]\ihquhtcl.exe
[%SYSTEM%]\irkkpury.exe
[%SYSTEM%]\saie_gdf.dat
[%SYSTEM%]\sain_gdf.dat
[%WINDOWS%]\180ax_gdf.dat
[%WINDOWS%]\didduid.ini
[%WINDOWS%]\msbb_gdf.dat
[%WINDOWS%]\saap_gdf.dat
[%WINDOWS%]\salm_gdf.dat
[%DESKTOP%]\installres.dll
[%PROFILE%]\Recent\installres.dll.lnk
[%PROFILE%]\recent\salm.log.lnk
[%PROFILE_TEMP%]\msbb.exe
[%WINDOWS%]\adg.exe
[%WINDOWS%]\avghalsb.exe
[%WINDOWS%]\cjqxe.exe
[%WINDOWS%]\downloaded program files\conflict.1\ncaseinstaller.dll
[%WINDOWS%]\downloaded program files\conflict.1\ncaselib.dll
[%WINDOWS%]\downloaded program files\ncaselib.dll
[%WINDOWS%]\knuzql.exe
[%WINDOWS%]\qhutst.exe
[%WINDOWS%]\vabctqp.exe
[%PROFILE_TEMP%]\msbb_gdf.dat
[%PROFILE_TEMP%]\temp.fr????\zango_gdf.dat
[%PROFILE_TEMP%]\temp.fr????\zango_kyf.dat
[%PROGRAM_FILES%]\180search Assistant Programs\180search Toolbar\180STUninstaller.exe
[%SYSTEM%]\ihquhtcl.exe
[%SYSTEM%]\irkkpury.exe
[%SYSTEM%]\saie_gdf.dat
[%SYSTEM%]\sain_gdf.dat
[%WINDOWS%]\180ax_gdf.dat
[%WINDOWS%]\didduid.ini
[%WINDOWS%]\msbb_gdf.dat
[%WINDOWS%]\saap_gdf.dat
[%WINDOWS%]\salm_gdf.dat
[%DESKTOP%]\installres.dll
[%PROFILE%]\Recent\installres.dll.lnk
[%PROFILE%]\recent\salm.log.lnk
[%PROFILE_TEMP%]\msbb.exe
[%WINDOWS%]\adg.exe
[%WINDOWS%]\avghalsb.exe
[%WINDOWS%]\cjqxe.exe
[%WINDOWS%]\downloaded program files\conflict.1\ncaseinstaller.dll
[%WINDOWS%]\downloaded program files\conflict.1\ncaselib.dll
[%WINDOWS%]\downloaded program files\ncaselib.dll
[%WINDOWS%]\knuzql.exe
[%WINDOWS%]\qhutst.exe
[%WINDOWS%]\vabctqp.exe

Folders:
[%PROGRAM_FILES%]\180search assistant programs

Registry Keys:
HKEY_CURRENT_USER\software\180solutions
HKEY_CURRENT_USER\software\saie
HKEY_CURRENT_USER\software\salm
HKEY_LOCAL_MACHINE\software\180solutions
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\ncase
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:\windows\downloaded program files\ncaselib.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\180search toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\salm
HKEY_LOCAL_MACHINE\software\salm
HKEY_CLASSES_ROOT\interface\{8dd50c56-8a07-40b9-98c4-3f169e3ae28e}
HKEY_LOCAL_MACHINE\software\iefeatures
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\conflict.1\ncaseinstaller.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\conflict.1\ncaselib.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\ncaselib.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\msbb
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ncase

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\motoin
HKEY_LOCAL_MACHINE\software\motoin

Removing 180Solutions:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Glieder Trojan Removal
Vxidl.ASS Trojan Information
Banbra.bh Spyware Removal

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)