Monday, November 17, 2008

DotCom Adware

Removing DotCom
Categories: Adware,Spyware,Hijacker,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.
DotCom Also known as:

[Kaspersky]TrojanClicker.Win32.DotComToolBar.b,TrojanClicker.Win32.DotComToolBar.c,TrojanClicker.Win32.DotComToolBar.d;
[Panda]Spyware/DCToolbar,Trojan Horse
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\data.dll
[%WINDOWS%]\redirect7.exe
[%WINDOWS%]\system\data.dll
[%SYSTEM%]\data.dll
[%WINDOWS%]\redirect7.exe
[%WINDOWS%]\system\data.dll

How to detect DotCom:

Files:
[%SYSTEM%]\data.dll
[%WINDOWS%]\redirect7.exe
[%WINDOWS%]\system\data.dll
[%SYSTEM%]\data.dll
[%WINDOWS%]\redirect7.exe
[%WINDOWS%]\system\data.dll

Registry Keys:
HKEY_LOCAL_MACHINE\software\classes\pugi.pugiobj
HKEY_LOCAL_MACHINE\software\classes\pugi.pugiobj.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{29dd1ea6-1fda-44a4-b083-c9900547bc48}
HKEY_LOCAL_MACHINE\software\classes\clsid\{fc2493d6-a673-49fe-a2ee-efe03e95c27c}
HKEY_LOCAL_MACHINE\software\classes\gorsdn.contextitem
HKEY_LOCAL_MACHINE\software\classes\gorsdn.contextitem.1
HKEY_LOCAL_MACHINE\software\classes\interface\{7c479d09-1280-41d2-945f-2377736b8cf7}
HKEY_LOCAL_MACHINE\software\classes\interface\{eaf2ccee-21a1-4203-9f36-4929fd104d43}
HKEY_LOCAL_MACHINE\software\classes\toolband.hits
HKEY_LOCAL_MACHINE\software\classes\toolband.hits.1
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5f1abcdb-a875-46c1-8345-b72a4567e483}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\dotcomtoolbardotcomtoolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\dotcomtoolbardotcomtoolbar
HKEY_CURRENT_USER\software\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\dotcomtoolbardotcomtoolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\dotcomtoolbardotcomtoolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\dotcomtoolbardotcomtoolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/conflict.1/toolbar_nieuw14.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/conflict.1/toolbar_nieuw14.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/toolbar_nieuw14.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/toolbar_nieuw14.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\dotcomtoolbardotcomtoolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\dotcomtoolbardotcomtoolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\³ª¹µàù2³ª¹µàù2
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\³ª¹µàù2³ª¹µàù2

Removing DotCom:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Easy.Keylogger.Free Spyware Removal
Nuke.Die.Die Trojan Cleaner
Remove TrojanDownloader.Win32.GoldenPalace Trojan

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)