Saturday, November 29, 2008

CWS.LoadAdv Hijacker

Removing CWS.LoadAdv
Categories: Hijacker
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.
CWS.LoadAdv Also known as:

[Kaspersky]Trojan-Downloader.Win32.Tibs.h,Backdoor.Win32.Haxdoor.gen
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\fltr.a3d
[%SYSTEM%]\p2.ini
[%SYSTEM%]\tmpf00.exe
[%SYSTEM%]\fltr.a3d
[%SYSTEM%]\p2.ini
[%SYSTEM%]\tmpf00.exe

How to detect CWS.LoadAdv:

Files:
[%SYSTEM%]\fltr.a3d
[%SYSTEM%]\p2.ini
[%SYSTEM%]\tmpf00.exe
[%SYSTEM%]\fltr.a3d
[%SYSTEM%]\p2.ini
[%SYSTEM%]\tmpf00.exe

Registry Keys:
HKEY_CLASSES_ROOT\interface\{5e2121ed-0300-11d4-8d3b-444553540000}
HKEY_CLASSES_ROOT\typelib\{5e2121e1-0300-11d4-8d3b-444553540000}
HKEY_CURRENT_USER\software\mzs
HKEY_CLASSES_ROOT\appid\{78364d99-a640-4ddf-b91a-67eff8373045}
HKEY_CLASSES_ROOT\clsid\{1ffc1674-165f-ee91-3167-507e895020ae}
HKEY_CLASSES_ROOT\clsid\{78364d99-a640-4ddf-b91a-67eff8373045}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{78364d99-a640-4ddf-b91a-67eff8373045}
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\msudp4
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winlow

Registry Values:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing CWS.LoadAdv:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Exe2Win Trojan
Remove Adware.Pribi Adware
WinxDefender Ransomware Cleaner
Mersting Trojan Removal
Remove VB.el Backdoor

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)