Wednesday, November 12, 2008

RazeSpyware Trojan

Removing RazeSpyware
Categories: Trojan,Adware,Downloader,Ransomware
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe software that encrypts the data
belonging to an individual on a computer, demanding a ransom for its restoration.
Although the field known as cryptovirology predates the term "ransomware".

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\mswinb32.dll
[%SYSTEM%]\mswinb32.exe
[%SYSTEM%]\mswinup32.dll
[%SYSTEM%]\mswinxml.dll
[%SYSTEM%]\shell386.exe
[%SYSTEM%]\winapi32.dll
[%SYSTEM%]\winlfl32.dll
[%SYSTEM%]\{052D02B8-3386-4C0A-ACEA-59902248CC52}.exe
[%COMMON_APPDATA%]\Microsoft\Internet Explorer\Quick Launch\cmd.exe
[%DESKTOP%]\m00.exe
[%DESKTOP%]\razespyware.lnk
[%DESKTOP%]\razespywareinstaller.exe
[%SYSTEM%]\intxt.exe
[%WINDOWS%]\adw.htm
[%WINDOWS%]\silent.exe
[%SYSTEM%]\mswinb32.dll
[%SYSTEM%]\mswinb32.exe
[%SYSTEM%]\mswinup32.dll
[%SYSTEM%]\mswinxml.dll
[%SYSTEM%]\shell386.exe
[%SYSTEM%]\winapi32.dll
[%SYSTEM%]\winlfl32.dll
[%SYSTEM%]\{052D02B8-3386-4C0A-ACEA-59902248CC52}.exe
[%COMMON_APPDATA%]\Microsoft\Internet Explorer\Quick Launch\cmd.exe
[%DESKTOP%]\m00.exe
[%DESKTOP%]\razespyware.lnk
[%DESKTOP%]\razespywareinstaller.exe
[%SYSTEM%]\intxt.exe
[%WINDOWS%]\adw.htm
[%WINDOWS%]\silent.exe

How to detect RazeSpyware:

Files:
[%SYSTEM%]\mswinb32.dll
[%SYSTEM%]\mswinb32.exe
[%SYSTEM%]\mswinup32.dll
[%SYSTEM%]\mswinxml.dll
[%SYSTEM%]\shell386.exe
[%SYSTEM%]\winapi32.dll
[%SYSTEM%]\winlfl32.dll
[%SYSTEM%]\{052D02B8-3386-4C0A-ACEA-59902248CC52}.exe
[%COMMON_APPDATA%]\Microsoft\Internet Explorer\Quick Launch\cmd.exe
[%DESKTOP%]\m00.exe
[%DESKTOP%]\razespyware.lnk
[%DESKTOP%]\razespywareinstaller.exe
[%SYSTEM%]\intxt.exe
[%WINDOWS%]\adw.htm
[%WINDOWS%]\silent.exe
[%SYSTEM%]\mswinb32.dll
[%SYSTEM%]\mswinb32.exe
[%SYSTEM%]\mswinup32.dll
[%SYSTEM%]\mswinxml.dll
[%SYSTEM%]\shell386.exe
[%SYSTEM%]\winapi32.dll
[%SYSTEM%]\winlfl32.dll
[%SYSTEM%]\{052D02B8-3386-4C0A-ACEA-59902248CC52}.exe
[%COMMON_APPDATA%]\Microsoft\Internet Explorer\Quick Launch\cmd.exe
[%DESKTOP%]\m00.exe
[%DESKTOP%]\razespyware.lnk
[%DESKTOP%]\razespywareinstaller.exe
[%SYSTEM%]\intxt.exe
[%WINDOWS%]\adw.htm
[%WINDOWS%]\silent.exe

Folders:
[%PROGRAM_FILES%]\RazeSpyware
[%PROGRAM_FILES%]\xsremover.com
[%PROGRAMS%]\razespyware
[%PROGRAM_FILES%]\razespyware

Registry Keys:
HKEY_CLASSES_ROOT\winapi32.mybho
HKEY_CURRENT_USER\Software\XXI
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\securedisk
HKEY_CLASSES_ROOT\clsid\{7a533235-a128-434b-9f8a-9300a544d191}
HKEY_CLASSES_ROOT\clsid\{a94fd42a-e405-4cd9-9486-3a341310ee2f}
HKEY_CLASSES_ROOT\clsid\{ff71228a-0d58-4e50-b592-36551f1acc01}
HKEY_CLASSES_ROOT\interface\{018080b0-d90d-46f8-86d1-4cf8ce6e8686}
HKEY_CLASSES_ROOT\interface\{9bd2b2bc-d289-4fce-b734-e4d6acbbab7d}
HKEY_CLASSES_ROOT\interface\{ade60563-5ad0-4832-a1e7-0e3a428c43c4}
HKEY_CLASSES_ROOT\typelib\{b7dfabbf-f985-4a67-8d72-ea0d9fc7c429}
HKEY_CLASSES_ROOT\winapi32.intelinks
HKEY_CLASSES_ROOT\winapi32.mybaner
HKEY_CURRENT_USER\software\razespyware
HKEY_CURRENT_USER\software\xxi\razespyware\updates
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7a533235-a128-434b-9f8a-9300a544d191}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\razespyware

Registry Values:
HKEY_CURRENT_USER\software\borland\locales
HKEY_CURRENT_USER\software\borland\locales
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\shellnoroam\muicache
HKEY_CURRENT_USER\software\microsoft\windows\shellnoroam\muicache
HKEY_CURRENT_USER\software\xxi\razespyware
HKEY_CURRENT_USER\software\xxi\razespyware\scripts\variables
HKEY_CURRENT_USER\software\xxi\razespyware\scripts\variables
HKEY_CURRENT_USER\software\xxi\razespyware\scripts\variables
HKEY_CURRENT_USER\software\xxi\razespyware\scripts\variables
HKEY_CURRENT_USER\software\xxi\razespyware\scripts\variables
HKEY_CURRENT_USER\software\xxi\razespyware\scripts\variables

Removing RazeSpyware:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

No comments: