Friday, November 28, 2008

PeopleOnPage.AproposMedia BHO

Removing PeopleOnPage.AproposMedia
Categories: BHO,Backdoor,Hijacker,Downloader
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

A Search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
PeopleOnPage.AproposMedia Also known as:

[Kaspersky]Backdoor.Agent.ag,TrojanDownloader.Win32.Apropo.b,TrojanDownloader.Win32.Apropo.g;
[Eset]Win32/Agent.AG trojan,Win32/TrojanDownloader.Apropo.B trojan,Win32/TrojanDownloader.Apropo.G trojan;
[Panda]Adware/Apropos,Adware/SideSearch,Adware/WinTools,Trj/Upseter.A
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\acsdir.dll
[%PROFILE_TEMP%]\acsver.ini
[%PROFILE_TEMP%]\AutoUpdate0\auto_update_install.exe
[%PROFILE_TEMP%]\datacache.ini
[%PROFILE_TEMP%]\delcuwiz.ini
[%PROFILE_TEMP%]\delreg.ini
[%PROFILE_TEMP%]\QTInstallerHelper.dll
[%PROFILE_TEMP%]\update_1.exe
[%PROFILE_TEMP%]\write_ph.dll
[%PROFILE_TEMP%]\_istmp1.dir\_istmp0.dir\dsetup.dll
[%PROFILE_TEMP%]\_istmp1.dir\_istmp0.dir\dsetup16.dll
[%PROFILE_TEMP%]\_istmp1.dir\_istmp0.dir\dsetup32.dll
[%PROFILE_TEMP%]\_ISTMP10.DIR\_ISTMP0.DIR\DirectXVerCheck.dll
[%PROFILE_TEMP%]\_ISTMP12.DIR\_ISTMP0.DIR\DirectXVerCheck.dll
[%PROFILE_TEMP%]\_ISTMP2.DIR\_ISTMP0.DIR\45c4b9e.DLL
[%PROFILE_TEMP%]\_ISTMP2.DIR\_ISTMP0.DIR\DirectXVerCheck.dll
[%PROFILE_TEMP%]\_ISTMP2.DIR\_ISTMP0.DIR\TrueTypeFontInfo.dll
[%PROFILE_TEMP%]\~apropos0\atl.dll
[%PROFILE_TEMP%]\~apropos0\atla.dll
[%PROFILE_TEMP%]\~apropos0\atlw.dll
[%PROFILE_TEMP%]\~apropos0\setup.inf
[%PROGRAM_FILES%]\Aprps\ace.dll
[%PROGRAM_FILES%]\Aprps\ATL.DLL
[%PROGRAM_FILES%]\Aprps\CxtPls.dll
[%PROGRAM_FILES%]\Aprps\CxtPls.exe
[%PROGRAM_FILES%]\Aprps\proxystub.dll
[%PROGRAM_FILES%]\Aprps\WinGenerics.dll
[%PROGRAM_FILES%]\AutoUpdate\AutoUpdate.exe
[%SYSTEM%]\auto_update_uninstall.exe
[%SYSTEM%]\auto_update_uninstall.log
[%SYSTEM%]\cnewapi.exe
[%SYSTEM%]\config\systemprofile\Local Settings\Temp\write_ph.dll
[%SYSTEM%]\magrip.exe
[%SYSTEM%]\ntsrage.exe
[%WINDOWS%]\cxtpls_loader.exe
[%WINDOWS%]\cxtpls_loader.exe_
[%WINDOWS%]\TEMP\acsdir.dll
[%WINDOWS%]\temp\autoupdate0\auto_update_install.exe
[%WINDOWS%]\TEMP\write_ph.dll
[%DESKTOP%]\digital detective\tempfiles\wrifo.exe
[%PROFILE_TEMP%]\homhup8fnvn.tmp\hup8fnvn-1.htm
[%PROFILE_TEMP%]\homhup8fnvn.tmp\hup8fnvn-2.htm
[%PROFILE_TEMP%]\homhup8fnvn.tmp\hup8fnvn-3.htm
[%PROFILE_TEMP%]\homhup8fnvn.tmp\hup8fnvn-4.htm
[%PROFILE_TEMP%]\homhup8fnvn.tmp\hup8fnvn.htm
[%PROFILE_TEMP%]\homhup8fnvn.tmp\index.htm
[%PROFILE_TEMP%]\magicinlayinstall.exe
[%PROFILE_TEMP%]\midaddle.exe
[%PROFILE_TEMP%]\mv7dizbww.exe
[%PROFILE_TEMP%]\qnqyiee.dll
[%PROFILE_TEMP%]\qnqyiee.exe
[%PROFILE_TEMP%]\sfl.exe
[%PROFILE_TEMP%]\tribbglk.htm
[%PROFILE_TEMP%]\triijhkm.htm
[%PROFILE_TEMP%]\trimepnm.htm
[%PROFILE_TEMP%]\trinjapb.htm
[%PROFILE_TEMP%]\_istmp1.dir\_istmp0.dir\199e866.dll
[%PROFILE_TEMP%]\_istmp1.dir\_istmp0.dir\directxvercheck.dll
[%PROFILE_TEMP%]\_istmp1.dir\_istmp0.dir\truetypefontinfo.dll
[%SYSTEM%]\aproposplugin.dll
[%SYSTEM%]\dx8iext.exe
[%SYSTEM%]\rcisp.exe
[%SYSTEM%]\shmhupnp.exe
[%SYSTEM%]\sm1ay.exe
[%SYSTEM%]\wrifo.exe
[%WINDOWS%]\ororoxid.exe
[%WINDOWS%]\system\aproposplugin.dll
[%WINDOWS%]\temp\6ktkk.dll
[%WINDOWS%]\temp\7ggoo.dll
[%WINDOWS%]\temp\addit.exe
[%WINDOWS%]\temp\all_files10.exe
[%WINDOWS%]\temp\aut3cde.tmp.htm
[%WINDOWS%]\temp\mw.exe
[%WINDOWS%]\temp\mw_4s_stub.exe
[%WINDOWS%]\temp\sepinst.exe
[%WINDOWS%]\temp\updater.exe
[%WINDOWS%]\temp\update_1.exe
[%WINDOWS%]\temp\wus10e4.bat
[%WINDOWS%]\temp\z.dll
[%WINDOWS%]\temp\z.exe
[%WINDOWS%]\temp\zga.dll
[%WINDOWS%]\temp\zga.exe
[%WINDOWS%]\temp\_ps_inst.exe
[%WINDOWS%]\temp\~apropos0\atla.dll
[%WINDOWS%]\temp\~apropos0\setup.inf
[%PROFILE_TEMP%]\acsdir.dll
[%PROFILE_TEMP%]\acsver.ini
[%PROFILE_TEMP%]\AutoUpdate0\auto_update_install.exe
[%PROFILE_TEMP%]\datacache.ini
[%PROFILE_TEMP%]\delcuwiz.ini
[%PROFILE_TEMP%]\delreg.ini
[%PROFILE_TEMP%]\QTInstallerHelper.dll
[%PROFILE_TEMP%]\update_1.exe
[%PROFILE_TEMP%]\write_ph.dll
[%PROFILE_TEMP%]\_istmp1.dir\_istmp0.dir\dsetup.dll
[%PROFILE_TEMP%]\_istmp1.dir\_istmp0.dir\dsetup16.dll
[%PROFILE_TEMP%]\_istmp1.dir\_istmp0.dir\dsetup32.dll
[%PROFILE_TEMP%]\_ISTMP10.DIR\_ISTMP0.DIR\DirectXVerCheck.dll
[%PROFILE_TEMP%]\_ISTMP12.DIR\_ISTMP0.DIR\DirectXVerCheck.dll
[%PROFILE_TEMP%]\_ISTMP2.DIR\_ISTMP0.DIR\45c4b9e.DLL
[%PROFILE_TEMP%]\_ISTMP2.DIR\_ISTMP0.DIR\DirectXVerCheck.dll
[%PROFILE_TEMP%]\_ISTMP2.DIR\_ISTMP0.DIR\TrueTypeFontInfo.dll
[%PROFILE_TEMP%]\~apropos0\atl.dll
[%PROFILE_TEMP%]\~apropos0\atla.dll
[%PROFILE_TEMP%]\~apropos0\atlw.dll
[%PROFILE_TEMP%]\~apropos0\setup.inf
[%PROGRAM_FILES%]\Aprps\ace.dll
[%PROGRAM_FILES%]\Aprps\ATL.DLL
[%PROGRAM_FILES%]\Aprps\CxtPls.dll
[%PROGRAM_FILES%]\Aprps\CxtPls.exe
[%PROGRAM_FILES%]\Aprps\proxystub.dll
[%PROGRAM_FILES%]\Aprps\WinGenerics.dll
[%PROGRAM_FILES%]\AutoUpdate\AutoUpdate.exe
[%SYSTEM%]\auto_update_uninstall.exe
[%SYSTEM%]\auto_update_uninstall.log
[%SYSTEM%]\cnewapi.exe
[%SYSTEM%]\config\systemprofile\Local Settings\Temp\write_ph.dll
[%SYSTEM%]\magrip.exe
[%SYSTEM%]\ntsrage.exe
[%WINDOWS%]\cxtpls_loader.exe
[%WINDOWS%]\cxtpls_loader.exe_
[%WINDOWS%]\TEMP\acsdir.dll
[%WINDOWS%]\temp\autoupdate0\auto_update_install.exe
[%WINDOWS%]\TEMP\write_ph.dll
[%DESKTOP%]\digital detective\tempfiles\wrifo.exe
[%PROFILE_TEMP%]\homhup8fnvn.tmp\hup8fnvn-1.htm
[%PROFILE_TEMP%]\homhup8fnvn.tmp\hup8fnvn-2.htm
[%PROFILE_TEMP%]\homhup8fnvn.tmp\hup8fnvn-3.htm
[%PROFILE_TEMP%]\homhup8fnvn.tmp\hup8fnvn-4.htm
[%PROFILE_TEMP%]\homhup8fnvn.tmp\hup8fnvn.htm
[%PROFILE_TEMP%]\homhup8fnvn.tmp\index.htm
[%PROFILE_TEMP%]\magicinlayinstall.exe
[%PROFILE_TEMP%]\midaddle.exe
[%PROFILE_TEMP%]\mv7dizbww.exe
[%PROFILE_TEMP%]\qnqyiee.dll
[%PROFILE_TEMP%]\qnqyiee.exe
[%PROFILE_TEMP%]\sfl.exe
[%PROFILE_TEMP%]\tribbglk.htm
[%PROFILE_TEMP%]\triijhkm.htm
[%PROFILE_TEMP%]\trimepnm.htm
[%PROFILE_TEMP%]\trinjapb.htm
[%PROFILE_TEMP%]\_istmp1.dir\_istmp0.dir\199e866.dll
[%PROFILE_TEMP%]\_istmp1.dir\_istmp0.dir\directxvercheck.dll
[%PROFILE_TEMP%]\_istmp1.dir\_istmp0.dir\truetypefontinfo.dll
[%SYSTEM%]\aproposplugin.dll
[%SYSTEM%]\dx8iext.exe
[%SYSTEM%]\rcisp.exe
[%SYSTEM%]\shmhupnp.exe
[%SYSTEM%]\sm1ay.exe
[%SYSTEM%]\wrifo.exe
[%WINDOWS%]\ororoxid.exe
[%WINDOWS%]\system\aproposplugin.dll
[%WINDOWS%]\temp\6ktkk.dll
[%WINDOWS%]\temp\7ggoo.dll
[%WINDOWS%]\temp\addit.exe
[%WINDOWS%]\temp\all_files10.exe
[%WINDOWS%]\temp\aut3cde.tmp.htm
[%WINDOWS%]\temp\mw.exe
[%WINDOWS%]\temp\mw_4s_stub.exe
[%WINDOWS%]\temp\sepinst.exe
[%WINDOWS%]\temp\updater.exe
[%WINDOWS%]\temp\update_1.exe
[%WINDOWS%]\temp\wus10e4.bat
[%WINDOWS%]\temp\z.dll
[%WINDOWS%]\temp\z.exe
[%WINDOWS%]\temp\zga.dll
[%WINDOWS%]\temp\zga.exe
[%WINDOWS%]\temp\_ps_inst.exe
[%WINDOWS%]\temp\~apropos0\atla.dll
[%WINDOWS%]\temp\~apropos0\setup.inf

How to detect PeopleOnPage.AproposMedia:

Files:
[%PROFILE_TEMP%]\acsdir.dll
[%PROFILE_TEMP%]\acsver.ini
[%PROFILE_TEMP%]\AutoUpdate0\auto_update_install.exe
[%PROFILE_TEMP%]\datacache.ini
[%PROFILE_TEMP%]\delcuwiz.ini
[%PROFILE_TEMP%]\delreg.ini
[%PROFILE_TEMP%]\QTInstallerHelper.dll
[%PROFILE_TEMP%]\update_1.exe
[%PROFILE_TEMP%]\write_ph.dll
[%PROFILE_TEMP%]\_istmp1.dir\_istmp0.dir\dsetup.dll
[%PROFILE_TEMP%]\_istmp1.dir\_istmp0.dir\dsetup16.dll
[%PROFILE_TEMP%]\_istmp1.dir\_istmp0.dir\dsetup32.dll
[%PROFILE_TEMP%]\_ISTMP10.DIR\_ISTMP0.DIR\DirectXVerCheck.dll
[%PROFILE_TEMP%]\_ISTMP12.DIR\_ISTMP0.DIR\DirectXVerCheck.dll
[%PROFILE_TEMP%]\_ISTMP2.DIR\_ISTMP0.DIR\45c4b9e.DLL
[%PROFILE_TEMP%]\_ISTMP2.DIR\_ISTMP0.DIR\DirectXVerCheck.dll
[%PROFILE_TEMP%]\_ISTMP2.DIR\_ISTMP0.DIR\TrueTypeFontInfo.dll
[%PROFILE_TEMP%]\~apropos0\atl.dll
[%PROFILE_TEMP%]\~apropos0\atla.dll
[%PROFILE_TEMP%]\~apropos0\atlw.dll
[%PROFILE_TEMP%]\~apropos0\setup.inf
[%PROGRAM_FILES%]\Aprps\ace.dll
[%PROGRAM_FILES%]\Aprps\ATL.DLL
[%PROGRAM_FILES%]\Aprps\CxtPls.dll
[%PROGRAM_FILES%]\Aprps\CxtPls.exe
[%PROGRAM_FILES%]\Aprps\proxystub.dll
[%PROGRAM_FILES%]\Aprps\WinGenerics.dll
[%PROGRAM_FILES%]\AutoUpdate\AutoUpdate.exe
[%SYSTEM%]\auto_update_uninstall.exe
[%SYSTEM%]\auto_update_uninstall.log
[%SYSTEM%]\cnewapi.exe
[%SYSTEM%]\config\systemprofile\Local Settings\Temp\write_ph.dll
[%SYSTEM%]\magrip.exe
[%SYSTEM%]\ntsrage.exe
[%WINDOWS%]\cxtpls_loader.exe
[%WINDOWS%]\cxtpls_loader.exe_
[%WINDOWS%]\TEMP\acsdir.dll
[%WINDOWS%]\temp\autoupdate0\auto_update_install.exe
[%WINDOWS%]\TEMP\write_ph.dll
[%DESKTOP%]\digital detective\tempfiles\wrifo.exe
[%PROFILE_TEMP%]\homhup8fnvn.tmp\hup8fnvn-1.htm
[%PROFILE_TEMP%]\homhup8fnvn.tmp\hup8fnvn-2.htm
[%PROFILE_TEMP%]\homhup8fnvn.tmp\hup8fnvn-3.htm
[%PROFILE_TEMP%]\homhup8fnvn.tmp\hup8fnvn-4.htm
[%PROFILE_TEMP%]\homhup8fnvn.tmp\hup8fnvn.htm
[%PROFILE_TEMP%]\homhup8fnvn.tmp\index.htm
[%PROFILE_TEMP%]\magicinlayinstall.exe
[%PROFILE_TEMP%]\midaddle.exe
[%PROFILE_TEMP%]\mv7dizbww.exe
[%PROFILE_TEMP%]\qnqyiee.dll
[%PROFILE_TEMP%]\qnqyiee.exe
[%PROFILE_TEMP%]\sfl.exe
[%PROFILE_TEMP%]\tribbglk.htm
[%PROFILE_TEMP%]\triijhkm.htm
[%PROFILE_TEMP%]\trimepnm.htm
[%PROFILE_TEMP%]\trinjapb.htm
[%PROFILE_TEMP%]\_istmp1.dir\_istmp0.dir\199e866.dll
[%PROFILE_TEMP%]\_istmp1.dir\_istmp0.dir\directxvercheck.dll
[%PROFILE_TEMP%]\_istmp1.dir\_istmp0.dir\truetypefontinfo.dll
[%SYSTEM%]\aproposplugin.dll
[%SYSTEM%]\dx8iext.exe
[%SYSTEM%]\rcisp.exe
[%SYSTEM%]\shmhupnp.exe
[%SYSTEM%]\sm1ay.exe
[%SYSTEM%]\wrifo.exe
[%WINDOWS%]\ororoxid.exe
[%WINDOWS%]\system\aproposplugin.dll
[%WINDOWS%]\temp\6ktkk.dll
[%WINDOWS%]\temp\7ggoo.dll
[%WINDOWS%]\temp\addit.exe
[%WINDOWS%]\temp\all_files10.exe
[%WINDOWS%]\temp\aut3cde.tmp.htm
[%WINDOWS%]\temp\mw.exe
[%WINDOWS%]\temp\mw_4s_stub.exe
[%WINDOWS%]\temp\sepinst.exe
[%WINDOWS%]\temp\updater.exe
[%WINDOWS%]\temp\update_1.exe
[%WINDOWS%]\temp\wus10e4.bat
[%WINDOWS%]\temp\z.dll
[%WINDOWS%]\temp\z.exe
[%WINDOWS%]\temp\zga.dll
[%WINDOWS%]\temp\zga.exe
[%WINDOWS%]\temp\_ps_inst.exe
[%WINDOWS%]\temp\~apropos0\atla.dll
[%WINDOWS%]\temp\~apropos0\setup.inf
[%PROFILE_TEMP%]\acsdir.dll
[%PROFILE_TEMP%]\acsver.ini
[%PROFILE_TEMP%]\AutoUpdate0\auto_update_install.exe
[%PROFILE_TEMP%]\datacache.ini
[%PROFILE_TEMP%]\delcuwiz.ini
[%PROFILE_TEMP%]\delreg.ini
[%PROFILE_TEMP%]\QTInstallerHelper.dll
[%PROFILE_TEMP%]\update_1.exe
[%PROFILE_TEMP%]\write_ph.dll
[%PROFILE_TEMP%]\_istmp1.dir\_istmp0.dir\dsetup.dll
[%PROFILE_TEMP%]\_istmp1.dir\_istmp0.dir\dsetup16.dll
[%PROFILE_TEMP%]\_istmp1.dir\_istmp0.dir\dsetup32.dll
[%PROFILE_TEMP%]\_ISTMP10.DIR\_ISTMP0.DIR\DirectXVerCheck.dll
[%PROFILE_TEMP%]\_ISTMP12.DIR\_ISTMP0.DIR\DirectXVerCheck.dll
[%PROFILE_TEMP%]\_ISTMP2.DIR\_ISTMP0.DIR\45c4b9e.DLL
[%PROFILE_TEMP%]\_ISTMP2.DIR\_ISTMP0.DIR\DirectXVerCheck.dll
[%PROFILE_TEMP%]\_ISTMP2.DIR\_ISTMP0.DIR\TrueTypeFontInfo.dll
[%PROFILE_TEMP%]\~apropos0\atl.dll
[%PROFILE_TEMP%]\~apropos0\atla.dll
[%PROFILE_TEMP%]\~apropos0\atlw.dll
[%PROFILE_TEMP%]\~apropos0\setup.inf
[%PROGRAM_FILES%]\Aprps\ace.dll
[%PROGRAM_FILES%]\Aprps\ATL.DLL
[%PROGRAM_FILES%]\Aprps\CxtPls.dll
[%PROGRAM_FILES%]\Aprps\CxtPls.exe
[%PROGRAM_FILES%]\Aprps\proxystub.dll
[%PROGRAM_FILES%]\Aprps\WinGenerics.dll
[%PROGRAM_FILES%]\AutoUpdate\AutoUpdate.exe
[%SYSTEM%]\auto_update_uninstall.exe
[%SYSTEM%]\auto_update_uninstall.log
[%SYSTEM%]\cnewapi.exe
[%SYSTEM%]\config\systemprofile\Local Settings\Temp\write_ph.dll
[%SYSTEM%]\magrip.exe
[%SYSTEM%]\ntsrage.exe
[%WINDOWS%]\cxtpls_loader.exe
[%WINDOWS%]\cxtpls_loader.exe_
[%WINDOWS%]\TEMP\acsdir.dll
[%WINDOWS%]\temp\autoupdate0\auto_update_install.exe
[%WINDOWS%]\TEMP\write_ph.dll
[%DESKTOP%]\digital detective\tempfiles\wrifo.exe
[%PROFILE_TEMP%]\homhup8fnvn.tmp\hup8fnvn-1.htm
[%PROFILE_TEMP%]\homhup8fnvn.tmp\hup8fnvn-2.htm
[%PROFILE_TEMP%]\homhup8fnvn.tmp\hup8fnvn-3.htm
[%PROFILE_TEMP%]\homhup8fnvn.tmp\hup8fnvn-4.htm
[%PROFILE_TEMP%]\homhup8fnvn.tmp\hup8fnvn.htm
[%PROFILE_TEMP%]\homhup8fnvn.tmp\index.htm
[%PROFILE_TEMP%]\magicinlayinstall.exe
[%PROFILE_TEMP%]\midaddle.exe
[%PROFILE_TEMP%]\mv7dizbww.exe
[%PROFILE_TEMP%]\qnqyiee.dll
[%PROFILE_TEMP%]\qnqyiee.exe
[%PROFILE_TEMP%]\sfl.exe
[%PROFILE_TEMP%]\tribbglk.htm
[%PROFILE_TEMP%]\triijhkm.htm
[%PROFILE_TEMP%]\trimepnm.htm
[%PROFILE_TEMP%]\trinjapb.htm
[%PROFILE_TEMP%]\_istmp1.dir\_istmp0.dir\199e866.dll
[%PROFILE_TEMP%]\_istmp1.dir\_istmp0.dir\directxvercheck.dll
[%PROFILE_TEMP%]\_istmp1.dir\_istmp0.dir\truetypefontinfo.dll
[%SYSTEM%]\aproposplugin.dll
[%SYSTEM%]\dx8iext.exe
[%SYSTEM%]\rcisp.exe
[%SYSTEM%]\shmhupnp.exe
[%SYSTEM%]\sm1ay.exe
[%SYSTEM%]\wrifo.exe
[%WINDOWS%]\ororoxid.exe
[%WINDOWS%]\system\aproposplugin.dll
[%WINDOWS%]\temp\6ktkk.dll
[%WINDOWS%]\temp\7ggoo.dll
[%WINDOWS%]\temp\addit.exe
[%WINDOWS%]\temp\all_files10.exe
[%WINDOWS%]\temp\aut3cde.tmp.htm
[%WINDOWS%]\temp\mw.exe
[%WINDOWS%]\temp\mw_4s_stub.exe
[%WINDOWS%]\temp\sepinst.exe
[%WINDOWS%]\temp\updater.exe
[%WINDOWS%]\temp\update_1.exe
[%WINDOWS%]\temp\wus10e4.bat
[%WINDOWS%]\temp\z.dll
[%WINDOWS%]\temp\z.exe
[%WINDOWS%]\temp\zga.dll
[%WINDOWS%]\temp\zga.exe
[%WINDOWS%]\temp\_ps_inst.exe
[%WINDOWS%]\temp\~apropos0\atla.dll
[%WINDOWS%]\temp\~apropos0\setup.inf

Folders:
[%PROGRAM_FILES%]\sysai

Registry Keys:
HKEY_CLASSES_ROOT\Interface\{B548B7D8-3D03-4AED-A6A1-4251FAD00C10}
HKEY_CLASSES_ROOT\Interface\{B99A727F-0782-4A71-BCC2-6E1E66414904}
HKEY_CLASSES_ROOT\clsid\{01c5bf6c-e699-4cd7-bea1-786fa05c83ab}
HKEY_CLASSES_ROOT\interface\{b548b7d8-3d03-4aed-a6a1-4251fad00c10}
HKEY_CLASSES_ROOT\interface\{b99a727f-0782-4a71-bcc2-6e1e66414904}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{01c5bf6c-e699-4cd7-bea1-786fa05c83ab}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{65c8c1f5-230e-4dc9-9a0d-f3159a5e7778}
HKEY_LOCAL_MACHINE\software\classes\clsid\{645fd3bc-c314-4f7a-9d2e-64d62a0fdd78}
HKEY_LOCAL_MACHINE\software\classes\clsid\{65c8c1f5-230e-4dc9-9a0d-f3159a5e7778}
HKEY_LOCAL_MACHINE\software\classes\clsid\{8023a3e7-ab95-4c23-8313-0be9842cc70e}
HKEY_LOCAL_MACHINE\software\classes\clsid\{976c4e11-b9c5-4b2b-97ef-f7d06ba4242f}
HKEY_LOCAL_MACHINE\software\classes\clsid\{d5580d6f-0e5f-4bdb-9cdf-f8ee68beb008}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{01c5bf6c-e699-4cd7-bea1-786fa05c83ab}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{65c8c1f5-230e-4dc9-9a0d-f3159a5e7778}

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing PeopleOnPage.AproposMedia:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SillyDl.CBP Trojan Removal instruction
Genertic.BackDoor RAT Symptoms
Remove Pigeon.AHN Trojan

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)