Sunday, November 23, 2008

TargetSaver Downloader

Removing TargetSaver
Categories: Downloader
Trojans-downloaders downloads and installs new malware or adware on the computer.

TargetSaver Also known as:

[Kaspersky]Trojan-Downloader.Win32.TSUpdate.o,Trojan-Downloader.Win32.TSUpdate.e;
[Other]TargetSaver,Adware.TargetSaver
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\GLF10GLF10.EXE
[%PROFILE_TEMP%]\GLF123GLF123.EXE
[%PROFILE_TEMP%]\GLF12EGLF12E.EXE
[%PROFILE_TEMP%]\GLF25GLF25.EXE
[%PROFILE_TEMP%]\GLF266GLF266.EXE
[%PROFILE_TEMP%]\GLF26GLF26.EXE
[%PROFILE_TEMP%]\GLF2AGLF2A.EXE
[%PROFILE_TEMP%]\GLF35GLF35.EXE
[%PROFILE_TEMP%]\GLF3E3GLF3E3.EXE
[%PROFILE_TEMP%]\GLF42GLF42.EXE
[%PROFILE_TEMP%]\GLF6AGLF6A.EXE
[%PROFILE_TEMP%]\GLF7FGLF7F.EXE
[%PROFILE_TEMP%]\GLF82GLF82.EXE
[%PROFILE_TEMP%]\tsinstall_4_0_3_7.exe
[%PROFILE_TEMP%]\tsinstall_4_0_4_0_b4.exe
[%PROFILE_TEMP%]\tsupdate_4_0_4_1_b3.exe
[%PROGRAM_FILES_COMMON%]\imzk\imzkm.exe
[%PROGRAM_FILES_COMMON%]\kirw\kirwm.exe
[%PROGRAM_FILES_COMMON%]\kkom\kkoma.exe
[%PROGRAM_FILES_COMMON%]\kkom\kkomd\kkomc.dll
[%PROGRAM_FILES_COMMON%]\kkom\kkomm.exe
[%PROGRAM_FILES_COMMON%]\kowu\kowua.exe
[%PROGRAM_FILES_COMMON%]\kowu\kowud\kowuc.dll
[%PROGRAM_FILES_COMMON%]\kowu\kowum.exe
[%PROGRAM_FILES_COMMON%]\krrk\krrkd\class-barrel
[%PROGRAM_FILES_COMMON%]\krrk\krrkd\vocabulary
[%PROGRAM_FILES_COMMON%]\kurq\kurqa.exe
[%PROGRAM_FILES_COMMON%]\kurq\kurqd\kurqc.dll
[%PROGRAM_FILES_COMMON%]\kurq\kurqm.exe
[%PROGRAM_FILES_COMMON%]\misc002\141.exe
[%PROGRAM_FILES_COMMON%]\ommi\ommid\class-barrel
[%PROGRAM_FILES_COMMON%]\ommi\ommid\vocabulary
[%PROGRAM_FILES_COMMON%]\oqqr\oqqra.exe
[%PROGRAM_FILES_COMMON%]\oqqr\oqqrd\oqqrc.dll
[%PROGRAM_FILES_COMMON%]\oqqr\oqqrm.exe
[%PROGRAM_FILES_COMMON%]\qmwf\qmwfm.exe
[%PROGRAM_FILES_COMMON%]\rifq\rifqd\class-barrel
[%PROGRAM_FILES_COMMON%]\rifq\rifqd\vocabulary
[%PROGRAM_FILES_COMMON%]\riwz\riwza.exe
[%PROGRAM_FILES_COMMON%]\riwz\riwzm.exe
[%PROGRAM_FILES_COMMON%]\rmwk\rmwkd\class-barrel
[%PROGRAM_FILES_COMMON%]\rmwk\rmwkd\vocabulary
[%PROGRAM_FILES_COMMON%]\rwof\rwofa.exe
[%PROGRAM_FILES_COMMON%]\rwof\rwofd\rwofc.dll
[%PROGRAM_FILES_COMMON%]\rwof\rwofm.exe
[%PROGRAM_FILES_COMMON%]\ukir\ukira.exe
[%PROGRAM_FILES_COMMON%]\ukir\ukird\class-barrel
[%PROGRAM_FILES_COMMON%]\ukir\ukird\ukirc.dll
[%PROGRAM_FILES_COMMON%]\ukir\ukird\vocabulary
[%PROGRAM_FILES_COMMON%]\ukir\ukirl.exe
[%PROGRAM_FILES_COMMON%]\ukir\ukirp.exe
[%PROGRAM_FILES_COMMON%]\umkk\umkkd\class-barrel
[%PROGRAM_FILES_COMMON%]\umkk\umkkd\vocabulary
[%PROGRAM_FILES_COMMON%]\uuuo\uuuoa.exe
[%PROGRAM_FILES_COMMON%]\uuuo\uuuod\uuuoc.dll
[%PROGRAM_FILES_COMMON%]\uuuo\uuuom.exe
[%PROGRAM_FILES_COMMON%]\wizk\wizkd\class-barrel
[%PROGRAM_FILES_COMMON%]\wizk\wizkd\vocabulary
[%PROGRAM_FILES_COMMON%]\wkqm\wkqma.exe
[%PROGRAM_FILES_COMMON%]\wkqm\wkqmd\wkqmc.dll
[%PROGRAM_FILES_COMMON%]\wkqm\wkqmm.exe
[%PROGRAM_FILES_COMMON%]\wufu\wufud\class-barrel
[%PROGRAM_FILES_COMMON%]\wufu\wufud\vocabulary
[%PROGRAM_FILES_COMMON%]\wuru\wurud\class-barrel
[%PROGRAM_FILES_COMMON%]\wuru\wurud\vocabulary
[%PROGRAM_FILES_COMMON%]\wuru\wurud\wuruc.dll
[%PROGRAM_FILES_COMMON%]\wuru\wurup.exe
[%PROGRAM_FILES_COMMON%]\wwro\wwroa.exe
[%PROGRAM_FILES_COMMON%]\wwro\wwrod\wwroc.dll
[%PROGRAM_FILES_COMMON%]\wwro\wwrom.exe
[%PROGRAM_FILES_COMMON%]\zqkk\zqkka.exe
[%PROGRAM_FILES_COMMON%]\zqkk\zqkkm.exe
[%SYSTEM%]\tsuninst.exe
[%SYSTEM%]\tsuninst.exe.ren
[%WINDOWS%]\stub_113_4_0_4_0.exe
[%WINDOWS%]\Temp\tsinstall_4_0_4_0_b4.exe
[%WINDOWS%]\Temp\tsupdate_4_0_4_1_b3.exe
[%PROFILE_TEMP%]\tsinstall_4_0_3_8_b17.exe
[%PROFILE_TEMP%]\tsupdate_4_0_3_9_b2.exe
[%WINDOWS%]\stub_110_4_0_4_0.exe
[%PROFILE_TEMP%]\GLF10GLF10.EXE
[%PROFILE_TEMP%]\GLF123GLF123.EXE
[%PROFILE_TEMP%]\GLF12EGLF12E.EXE
[%PROFILE_TEMP%]\GLF25GLF25.EXE
[%PROFILE_TEMP%]\GLF266GLF266.EXE
[%PROFILE_TEMP%]\GLF26GLF26.EXE
[%PROFILE_TEMP%]\GLF2AGLF2A.EXE
[%PROFILE_TEMP%]\GLF35GLF35.EXE
[%PROFILE_TEMP%]\GLF3E3GLF3E3.EXE
[%PROFILE_TEMP%]\GLF42GLF42.EXE
[%PROFILE_TEMP%]\GLF6AGLF6A.EXE
[%PROFILE_TEMP%]\GLF7FGLF7F.EXE
[%PROFILE_TEMP%]\GLF82GLF82.EXE
[%PROFILE_TEMP%]\tsinstall_4_0_3_7.exe
[%PROFILE_TEMP%]\tsinstall_4_0_4_0_b4.exe
[%PROFILE_TEMP%]\tsupdate_4_0_4_1_b3.exe
[%PROGRAM_FILES_COMMON%]\imzk\imzkm.exe
[%PROGRAM_FILES_COMMON%]\kirw\kirwm.exe
[%PROGRAM_FILES_COMMON%]\kkom\kkoma.exe
[%PROGRAM_FILES_COMMON%]\kkom\kkomd\kkomc.dll
[%PROGRAM_FILES_COMMON%]\kkom\kkomm.exe
[%PROGRAM_FILES_COMMON%]\kowu\kowua.exe
[%PROGRAM_FILES_COMMON%]\kowu\kowud\kowuc.dll
[%PROGRAM_FILES_COMMON%]\kowu\kowum.exe
[%PROGRAM_FILES_COMMON%]\krrk\krrkd\class-barrel
[%PROGRAM_FILES_COMMON%]\krrk\krrkd\vocabulary
[%PROGRAM_FILES_COMMON%]\kurq\kurqa.exe
[%PROGRAM_FILES_COMMON%]\kurq\kurqd\kurqc.dll
[%PROGRAM_FILES_COMMON%]\kurq\kurqm.exe
[%PROGRAM_FILES_COMMON%]\misc002\141.exe
[%PROGRAM_FILES_COMMON%]\ommi\ommid\class-barrel
[%PROGRAM_FILES_COMMON%]\ommi\ommid\vocabulary
[%PROGRAM_FILES_COMMON%]\oqqr\oqqra.exe
[%PROGRAM_FILES_COMMON%]\oqqr\oqqrd\oqqrc.dll
[%PROGRAM_FILES_COMMON%]\oqqr\oqqrm.exe
[%PROGRAM_FILES_COMMON%]\qmwf\qmwfm.exe
[%PROGRAM_FILES_COMMON%]\rifq\rifqd\class-barrel
[%PROGRAM_FILES_COMMON%]\rifq\rifqd\vocabulary
[%PROGRAM_FILES_COMMON%]\riwz\riwza.exe
[%PROGRAM_FILES_COMMON%]\riwz\riwzm.exe
[%PROGRAM_FILES_COMMON%]\rmwk\rmwkd\class-barrel
[%PROGRAM_FILES_COMMON%]\rmwk\rmwkd\vocabulary
[%PROGRAM_FILES_COMMON%]\rwof\rwofa.exe
[%PROGRAM_FILES_COMMON%]\rwof\rwofd\rwofc.dll
[%PROGRAM_FILES_COMMON%]\rwof\rwofm.exe
[%PROGRAM_FILES_COMMON%]\ukir\ukira.exe
[%PROGRAM_FILES_COMMON%]\ukir\ukird\class-barrel
[%PROGRAM_FILES_COMMON%]\ukir\ukird\ukirc.dll
[%PROGRAM_FILES_COMMON%]\ukir\ukird\vocabulary
[%PROGRAM_FILES_COMMON%]\ukir\ukirl.exe
[%PROGRAM_FILES_COMMON%]\ukir\ukirp.exe
[%PROGRAM_FILES_COMMON%]\umkk\umkkd\class-barrel
[%PROGRAM_FILES_COMMON%]\umkk\umkkd\vocabulary
[%PROGRAM_FILES_COMMON%]\uuuo\uuuoa.exe
[%PROGRAM_FILES_COMMON%]\uuuo\uuuod\uuuoc.dll
[%PROGRAM_FILES_COMMON%]\uuuo\uuuom.exe
[%PROGRAM_FILES_COMMON%]\wizk\wizkd\class-barrel
[%PROGRAM_FILES_COMMON%]\wizk\wizkd\vocabulary
[%PROGRAM_FILES_COMMON%]\wkqm\wkqma.exe
[%PROGRAM_FILES_COMMON%]\wkqm\wkqmd\wkqmc.dll
[%PROGRAM_FILES_COMMON%]\wkqm\wkqmm.exe
[%PROGRAM_FILES_COMMON%]\wufu\wufud\class-barrel
[%PROGRAM_FILES_COMMON%]\wufu\wufud\vocabulary
[%PROGRAM_FILES_COMMON%]\wuru\wurud\class-barrel
[%PROGRAM_FILES_COMMON%]\wuru\wurud\vocabulary
[%PROGRAM_FILES_COMMON%]\wuru\wurud\wuruc.dll
[%PROGRAM_FILES_COMMON%]\wuru\wurup.exe
[%PROGRAM_FILES_COMMON%]\wwro\wwroa.exe
[%PROGRAM_FILES_COMMON%]\wwro\wwrod\wwroc.dll
[%PROGRAM_FILES_COMMON%]\wwro\wwrom.exe
[%PROGRAM_FILES_COMMON%]\zqkk\zqkka.exe
[%PROGRAM_FILES_COMMON%]\zqkk\zqkkm.exe
[%SYSTEM%]\tsuninst.exe
[%SYSTEM%]\tsuninst.exe.ren
[%WINDOWS%]\stub_113_4_0_4_0.exe
[%WINDOWS%]\Temp\tsinstall_4_0_4_0_b4.exe
[%WINDOWS%]\Temp\tsupdate_4_0_4_1_b3.exe
[%PROFILE_TEMP%]\tsinstall_4_0_3_8_b17.exe
[%PROFILE_TEMP%]\tsupdate_4_0_3_9_b2.exe
[%WINDOWS%]\stub_110_4_0_4_0.exe

How to detect TargetSaver:

Files:
[%PROFILE_TEMP%]\GLF10GLF10.EXE
[%PROFILE_TEMP%]\GLF123GLF123.EXE
[%PROFILE_TEMP%]\GLF12EGLF12E.EXE
[%PROFILE_TEMP%]\GLF25GLF25.EXE
[%PROFILE_TEMP%]\GLF266GLF266.EXE
[%PROFILE_TEMP%]\GLF26GLF26.EXE
[%PROFILE_TEMP%]\GLF2AGLF2A.EXE
[%PROFILE_TEMP%]\GLF35GLF35.EXE
[%PROFILE_TEMP%]\GLF3E3GLF3E3.EXE
[%PROFILE_TEMP%]\GLF42GLF42.EXE
[%PROFILE_TEMP%]\GLF6AGLF6A.EXE
[%PROFILE_TEMP%]\GLF7FGLF7F.EXE
[%PROFILE_TEMP%]\GLF82GLF82.EXE
[%PROFILE_TEMP%]\tsinstall_4_0_3_7.exe
[%PROFILE_TEMP%]\tsinstall_4_0_4_0_b4.exe
[%PROFILE_TEMP%]\tsupdate_4_0_4_1_b3.exe
[%PROGRAM_FILES_COMMON%]\imzk\imzkm.exe
[%PROGRAM_FILES_COMMON%]\kirw\kirwm.exe
[%PROGRAM_FILES_COMMON%]\kkom\kkoma.exe
[%PROGRAM_FILES_COMMON%]\kkom\kkomd\kkomc.dll
[%PROGRAM_FILES_COMMON%]\kkom\kkomm.exe
[%PROGRAM_FILES_COMMON%]\kowu\kowua.exe
[%PROGRAM_FILES_COMMON%]\kowu\kowud\kowuc.dll
[%PROGRAM_FILES_COMMON%]\kowu\kowum.exe
[%PROGRAM_FILES_COMMON%]\krrk\krrkd\class-barrel
[%PROGRAM_FILES_COMMON%]\krrk\krrkd\vocabulary
[%PROGRAM_FILES_COMMON%]\kurq\kurqa.exe
[%PROGRAM_FILES_COMMON%]\kurq\kurqd\kurqc.dll
[%PROGRAM_FILES_COMMON%]\kurq\kurqm.exe
[%PROGRAM_FILES_COMMON%]\misc002\141.exe
[%PROGRAM_FILES_COMMON%]\ommi\ommid\class-barrel
[%PROGRAM_FILES_COMMON%]\ommi\ommid\vocabulary
[%PROGRAM_FILES_COMMON%]\oqqr\oqqra.exe
[%PROGRAM_FILES_COMMON%]\oqqr\oqqrd\oqqrc.dll
[%PROGRAM_FILES_COMMON%]\oqqr\oqqrm.exe
[%PROGRAM_FILES_COMMON%]\qmwf\qmwfm.exe
[%PROGRAM_FILES_COMMON%]\rifq\rifqd\class-barrel
[%PROGRAM_FILES_COMMON%]\rifq\rifqd\vocabulary
[%PROGRAM_FILES_COMMON%]\riwz\riwza.exe
[%PROGRAM_FILES_COMMON%]\riwz\riwzm.exe
[%PROGRAM_FILES_COMMON%]\rmwk\rmwkd\class-barrel
[%PROGRAM_FILES_COMMON%]\rmwk\rmwkd\vocabulary
[%PROGRAM_FILES_COMMON%]\rwof\rwofa.exe
[%PROGRAM_FILES_COMMON%]\rwof\rwofd\rwofc.dll
[%PROGRAM_FILES_COMMON%]\rwof\rwofm.exe
[%PROGRAM_FILES_COMMON%]\ukir\ukira.exe
[%PROGRAM_FILES_COMMON%]\ukir\ukird\class-barrel
[%PROGRAM_FILES_COMMON%]\ukir\ukird\ukirc.dll
[%PROGRAM_FILES_COMMON%]\ukir\ukird\vocabulary
[%PROGRAM_FILES_COMMON%]\ukir\ukirl.exe
[%PROGRAM_FILES_COMMON%]\ukir\ukirp.exe
[%PROGRAM_FILES_COMMON%]\umkk\umkkd\class-barrel
[%PROGRAM_FILES_COMMON%]\umkk\umkkd\vocabulary
[%PROGRAM_FILES_COMMON%]\uuuo\uuuoa.exe
[%PROGRAM_FILES_COMMON%]\uuuo\uuuod\uuuoc.dll
[%PROGRAM_FILES_COMMON%]\uuuo\uuuom.exe
[%PROGRAM_FILES_COMMON%]\wizk\wizkd\class-barrel
[%PROGRAM_FILES_COMMON%]\wizk\wizkd\vocabulary
[%PROGRAM_FILES_COMMON%]\wkqm\wkqma.exe
[%PROGRAM_FILES_COMMON%]\wkqm\wkqmd\wkqmc.dll
[%PROGRAM_FILES_COMMON%]\wkqm\wkqmm.exe
[%PROGRAM_FILES_COMMON%]\wufu\wufud\class-barrel
[%PROGRAM_FILES_COMMON%]\wufu\wufud\vocabulary
[%PROGRAM_FILES_COMMON%]\wuru\wurud\class-barrel
[%PROGRAM_FILES_COMMON%]\wuru\wurud\vocabulary
[%PROGRAM_FILES_COMMON%]\wuru\wurud\wuruc.dll
[%PROGRAM_FILES_COMMON%]\wuru\wurup.exe
[%PROGRAM_FILES_COMMON%]\wwro\wwroa.exe
[%PROGRAM_FILES_COMMON%]\wwro\wwrod\wwroc.dll
[%PROGRAM_FILES_COMMON%]\wwro\wwrom.exe
[%PROGRAM_FILES_COMMON%]\zqkk\zqkka.exe
[%PROGRAM_FILES_COMMON%]\zqkk\zqkkm.exe
[%SYSTEM%]\tsuninst.exe
[%SYSTEM%]\tsuninst.exe.ren
[%WINDOWS%]\stub_113_4_0_4_0.exe
[%WINDOWS%]\Temp\tsinstall_4_0_4_0_b4.exe
[%WINDOWS%]\Temp\tsupdate_4_0_4_1_b3.exe
[%PROFILE_TEMP%]\tsinstall_4_0_3_8_b17.exe
[%PROFILE_TEMP%]\tsupdate_4_0_3_9_b2.exe
[%WINDOWS%]\stub_110_4_0_4_0.exe
[%PROFILE_TEMP%]\GLF10GLF10.EXE
[%PROFILE_TEMP%]\GLF123GLF123.EXE
[%PROFILE_TEMP%]\GLF12EGLF12E.EXE
[%PROFILE_TEMP%]\GLF25GLF25.EXE
[%PROFILE_TEMP%]\GLF266GLF266.EXE
[%PROFILE_TEMP%]\GLF26GLF26.EXE
[%PROFILE_TEMP%]\GLF2AGLF2A.EXE
[%PROFILE_TEMP%]\GLF35GLF35.EXE
[%PROFILE_TEMP%]\GLF3E3GLF3E3.EXE
[%PROFILE_TEMP%]\GLF42GLF42.EXE
[%PROFILE_TEMP%]\GLF6AGLF6A.EXE
[%PROFILE_TEMP%]\GLF7FGLF7F.EXE
[%PROFILE_TEMP%]\GLF82GLF82.EXE
[%PROFILE_TEMP%]\tsinstall_4_0_3_7.exe
[%PROFILE_TEMP%]\tsinstall_4_0_4_0_b4.exe
[%PROFILE_TEMP%]\tsupdate_4_0_4_1_b3.exe
[%PROGRAM_FILES_COMMON%]\imzk\imzkm.exe
[%PROGRAM_FILES_COMMON%]\kirw\kirwm.exe
[%PROGRAM_FILES_COMMON%]\kkom\kkoma.exe
[%PROGRAM_FILES_COMMON%]\kkom\kkomd\kkomc.dll
[%PROGRAM_FILES_COMMON%]\kkom\kkomm.exe
[%PROGRAM_FILES_COMMON%]\kowu\kowua.exe
[%PROGRAM_FILES_COMMON%]\kowu\kowud\kowuc.dll
[%PROGRAM_FILES_COMMON%]\kowu\kowum.exe
[%PROGRAM_FILES_COMMON%]\krrk\krrkd\class-barrel
[%PROGRAM_FILES_COMMON%]\krrk\krrkd\vocabulary
[%PROGRAM_FILES_COMMON%]\kurq\kurqa.exe
[%PROGRAM_FILES_COMMON%]\kurq\kurqd\kurqc.dll
[%PROGRAM_FILES_COMMON%]\kurq\kurqm.exe
[%PROGRAM_FILES_COMMON%]\misc002\141.exe
[%PROGRAM_FILES_COMMON%]\ommi\ommid\class-barrel
[%PROGRAM_FILES_COMMON%]\ommi\ommid\vocabulary
[%PROGRAM_FILES_COMMON%]\oqqr\oqqra.exe
[%PROGRAM_FILES_COMMON%]\oqqr\oqqrd\oqqrc.dll
[%PROGRAM_FILES_COMMON%]\oqqr\oqqrm.exe
[%PROGRAM_FILES_COMMON%]\qmwf\qmwfm.exe
[%PROGRAM_FILES_COMMON%]\rifq\rifqd\class-barrel
[%PROGRAM_FILES_COMMON%]\rifq\rifqd\vocabulary
[%PROGRAM_FILES_COMMON%]\riwz\riwza.exe
[%PROGRAM_FILES_COMMON%]\riwz\riwzm.exe
[%PROGRAM_FILES_COMMON%]\rmwk\rmwkd\class-barrel
[%PROGRAM_FILES_COMMON%]\rmwk\rmwkd\vocabulary
[%PROGRAM_FILES_COMMON%]\rwof\rwofa.exe
[%PROGRAM_FILES_COMMON%]\rwof\rwofd\rwofc.dll
[%PROGRAM_FILES_COMMON%]\rwof\rwofm.exe
[%PROGRAM_FILES_COMMON%]\ukir\ukira.exe
[%PROGRAM_FILES_COMMON%]\ukir\ukird\class-barrel
[%PROGRAM_FILES_COMMON%]\ukir\ukird\ukirc.dll
[%PROGRAM_FILES_COMMON%]\ukir\ukird\vocabulary
[%PROGRAM_FILES_COMMON%]\ukir\ukirl.exe
[%PROGRAM_FILES_COMMON%]\ukir\ukirp.exe
[%PROGRAM_FILES_COMMON%]\umkk\umkkd\class-barrel
[%PROGRAM_FILES_COMMON%]\umkk\umkkd\vocabulary
[%PROGRAM_FILES_COMMON%]\uuuo\uuuoa.exe
[%PROGRAM_FILES_COMMON%]\uuuo\uuuod\uuuoc.dll
[%PROGRAM_FILES_COMMON%]\uuuo\uuuom.exe
[%PROGRAM_FILES_COMMON%]\wizk\wizkd\class-barrel
[%PROGRAM_FILES_COMMON%]\wizk\wizkd\vocabulary
[%PROGRAM_FILES_COMMON%]\wkqm\wkqma.exe
[%PROGRAM_FILES_COMMON%]\wkqm\wkqmd\wkqmc.dll
[%PROGRAM_FILES_COMMON%]\wkqm\wkqmm.exe
[%PROGRAM_FILES_COMMON%]\wufu\wufud\class-barrel
[%PROGRAM_FILES_COMMON%]\wufu\wufud\vocabulary
[%PROGRAM_FILES_COMMON%]\wuru\wurud\class-barrel
[%PROGRAM_FILES_COMMON%]\wuru\wurud\vocabulary
[%PROGRAM_FILES_COMMON%]\wuru\wurud\wuruc.dll
[%PROGRAM_FILES_COMMON%]\wuru\wurup.exe
[%PROGRAM_FILES_COMMON%]\wwro\wwroa.exe
[%PROGRAM_FILES_COMMON%]\wwro\wwrod\wwroc.dll
[%PROGRAM_FILES_COMMON%]\wwro\wwrom.exe
[%PROGRAM_FILES_COMMON%]\zqkk\zqkka.exe
[%PROGRAM_FILES_COMMON%]\zqkk\zqkkm.exe
[%SYSTEM%]\tsuninst.exe
[%SYSTEM%]\tsuninst.exe.ren
[%WINDOWS%]\stub_113_4_0_4_0.exe
[%WINDOWS%]\Temp\tsinstall_4_0_4_0_b4.exe
[%WINDOWS%]\Temp\tsupdate_4_0_4_1_b3.exe
[%PROFILE_TEMP%]\tsinstall_4_0_3_8_b17.exe
[%PROFILE_TEMP%]\tsupdate_4_0_3_9_b2.exe
[%WINDOWS%]\stub_110_4_0_4_0.exe

Folders:
[%PROGRAM_FILES_COMMON%]\tsa
[%PROGRAM_FILES_COMMON%]\kmwo
[%PROGRAM_FILES_COMMON%]\roii
[%PROGRAM_FILES_COMMON%]\ruku
[%WINDOWS%]\ruku

Registry Keys:
HKEY_CURRENT_USER\software\tsl2
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\tsa
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\tsl installer
HKEY_LOCAL_MACHINE\software\tsa
HKEY_CURRENT_USER\software\kmwo
HKEY_CURRENT_USER\software\roii
HKEY_CURRENT_USER\software\ruku
HKEY_LOCAL_MACHINE\software\roii
HKEY_LOCAL_MACHINE\software\ruku
HKEY_LOCAL_MACHINE\software\wmkz

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\tsa
HKEY_CURRENT_USER\software\tsa
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing TargetSaver:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing CWS.Feads Trojan
VNC.CommonComponents RAT Symptoms

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)