Thursday, November 20, 2008

WhenU.WeatherCast Adware

Removing WhenU.WeatherCast
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

WhenU.WeatherCast Also known as:

[Panda]Adware/SaveNow,Adware/WeatherCast
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\DAEMON Tools SearchBar\search.htm
[%PROGRAM_FILES%]\weathe~1\weather.exe
[%PROGRAM_FILES%]\WhenUSearch\search.htm
[%WINDOWS%]\downloaded program files\saveinst.inf
[%WINDOWS%]\downloaded program files\sndbmark.dll
[%PROGRAM_FILES%]\aws\weathercast\lfcmp10n.dll
[%PROGRAM_FILES%]\aws\weathercast\lfimg10n.dll
[%PROGRAM_FILES%]\aws\weathercast\ltdis10n.dll
[%PROGRAM_FILES%]\aws\weathercast\ltfil10n.dll
[%PROGRAM_FILES%]\aws\weathercast\ltkrn10n.dll
[%WINDOWS%]\downloaded program files\conflict.1\sndbmark.dll
[%WINDOWS%]\downloaded program files\conflict.2\sndbmark.dll
[%WINDOWS%]\dowssnloaded program files\sndbmark.dll
[%WINDOWS%]\temp\icd1.tmp\sndbmark.dll
[%PROGRAM_FILES%]\DAEMON Tools SearchBar\search.htm
[%PROGRAM_FILES%]\weathe~1\weather.exe
[%PROGRAM_FILES%]\WhenUSearch\search.htm
[%WINDOWS%]\downloaded program files\saveinst.inf
[%WINDOWS%]\downloaded program files\sndbmark.dll
[%PROGRAM_FILES%]\aws\weathercast\lfcmp10n.dll
[%PROGRAM_FILES%]\aws\weathercast\lfimg10n.dll
[%PROGRAM_FILES%]\aws\weathercast\ltdis10n.dll
[%PROGRAM_FILES%]\aws\weathercast\ltfil10n.dll
[%PROGRAM_FILES%]\aws\weathercast\ltkrn10n.dll
[%WINDOWS%]\downloaded program files\conflict.1\sndbmark.dll
[%WINDOWS%]\downloaded program files\conflict.2\sndbmark.dll
[%WINDOWS%]\dowssnloaded program files\sndbmark.dll
[%WINDOWS%]\temp\icd1.tmp\sndbmark.dll

How to detect WhenU.WeatherCast:

Files:
[%PROGRAM_FILES%]\DAEMON Tools SearchBar\search.htm
[%PROGRAM_FILES%]\weathe~1\weather.exe
[%PROGRAM_FILES%]\WhenUSearch\search.htm
[%WINDOWS%]\downloaded program files\saveinst.inf
[%WINDOWS%]\downloaded program files\sndbmark.dll
[%PROGRAM_FILES%]\aws\weathercast\lfcmp10n.dll
[%PROGRAM_FILES%]\aws\weathercast\lfimg10n.dll
[%PROGRAM_FILES%]\aws\weathercast\ltdis10n.dll
[%PROGRAM_FILES%]\aws\weathercast\ltfil10n.dll
[%PROGRAM_FILES%]\aws\weathercast\ltkrn10n.dll
[%WINDOWS%]\downloaded program files\conflict.1\sndbmark.dll
[%WINDOWS%]\downloaded program files\conflict.2\sndbmark.dll
[%WINDOWS%]\dowssnloaded program files\sndbmark.dll
[%WINDOWS%]\temp\icd1.tmp\sndbmark.dll
[%PROGRAM_FILES%]\DAEMON Tools SearchBar\search.htm
[%PROGRAM_FILES%]\weathe~1\weather.exe
[%PROGRAM_FILES%]\WhenUSearch\search.htm
[%WINDOWS%]\downloaded program files\saveinst.inf
[%WINDOWS%]\downloaded program files\sndbmark.dll
[%PROGRAM_FILES%]\aws\weathercast\lfcmp10n.dll
[%PROGRAM_FILES%]\aws\weathercast\lfimg10n.dll
[%PROGRAM_FILES%]\aws\weathercast\ltdis10n.dll
[%PROGRAM_FILES%]\aws\weathercast\ltfil10n.dll
[%PROGRAM_FILES%]\aws\weathercast\ltkrn10n.dll
[%WINDOWS%]\downloaded program files\conflict.1\sndbmark.dll
[%WINDOWS%]\downloaded program files\conflict.2\sndbmark.dll
[%WINDOWS%]\dowssnloaded program files\sndbmark.dll
[%WINDOWS%]\temp\icd1.tmp\sndbmark.dll

Folders:
[%PROGRAMS%]\weathercast
[%PROGRAM_FILES_COMMON%]\whenu
[%PROGRAM_FILES%]\vvsn
[%PROGRAM_FILES%]\weathercast
[%STARTMENU%]\programs\weathercast
[%PROFILE%]\start menu\programs\weathercast
[%PROGRAMS%]\start menu\programs\weathercast
[%PROGRAM_FILES%]\common files\whenu
[%PROGRAM_FILES%]\start menu\programs\weathercast
[%WINDOWS%]\start menu\programs\weathercast

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{389a5a59-1306-4389-a779-2eb9d0bc1ffb}
HKEY_CLASSES_ROOT\interface\{711648f0-5ff5-4c81-805e-a1aedbab4951}
HKEY_CLASSES_ROOT\typelib\{20752c25-2d97-4e6f-9ee2-94b74d202875}\1.0
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\weathercast
HKEY_CLASSES_ROOT\clsid\{fc327b3f-377b-4cb7-8b61-27cd69816bc3}
HKEY_CLASSES_ROOT\clsid\{fc327b3f-377b-4cb7-8b61-27cd69816bc}
HKEY_CLASSES_ROOT\whenu.embedse
HKEY_CLASSES_ROOT\whenu.embedse.1
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{fc327b3f-377b-4cb7-8b61-27cd69816bc3}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\sndbmark.dll

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_USERS\.default\software\microsoft\windows\currentversion\run

Removing WhenU.WeatherCast:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SpySpotter Ransomware Cleaner
Maxifiles Adware Cleaner
Removing Sys.Detective+ Spyware
Banich Trojan Removal instruction
AntivirusGolden Ransomware Removal instruction

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)