Thursday, November 20, 2008

Sears.com Spyware

Removing Sears.com
Categories: Spyware
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\srhc.exe
[%SYSTEM%]\srls.dll
[%SYSTEM%]\srls.dl_
[%SYSTEM%]\srph.dll
[%SYSTEM%]\srhc.exe
[%SYSTEM%]\srls.dll
[%SYSTEM%]\srls.dl_
[%SYSTEM%]\srph.dll

How to detect Sears.com:

Files:
[%SYSTEM%]\srhc.exe
[%SYSTEM%]\srls.dll
[%SYSTEM%]\srls.dl_
[%SYSTEM%]\srph.dll
[%SYSTEM%]\srhc.exe
[%SYSTEM%]\srls.dll
[%SYSTEM%]\srls.dl_
[%SYSTEM%]\srph.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{2e4a92ab-f2c0-456a-9935-b715439790d7}
HKEY_CLASSES_ROOT\typelib\{0156ca3c-89c4-4d1d-8eb1-aaf4588b929b}
HKEY_CURRENT_USER\software\netsetterconfig
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{2e4a92ab-f2c0-456a-9935-b715439790d7}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{a1edb681-9002-4e83-9074-98848f56baaf}

Registry Values:
HKEY_CLASSES_ROOT\appid\csetup.dll
HKEY_CLASSES_ROOT\interface\{1e24e145-d17c-4343-bb61-83b515f3cf53}\typelib
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-21-1659004503-2077806209-839522115-500\components\87654321432143212143214365870921
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]/cinstaller_xp.msi
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]/cinstaller_xp.msi
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/csetup.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/csetup.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls

Removing Sears.com:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Wollf Trojan Cleaner
Snap Toolbar Cleaner

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)