Tuesday, December 9, 2008

123bar BHO

Removing 123bar
Categories: BHO
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\Ahead\Nero\uninstall.exe
[%PROGRAM_FILES%]\CoD Builder 0.77 Beta\uninstall.exe
[%PROGRAM_FILES%]\NETEagle\uninstall.exe
[%PROGRAM_FILES%]\YouTUBE (TM) movie downloader\uninstall.exe
[%PROGRAM_FILES%]\Ahead\Nero\uninstall.exe
[%PROGRAM_FILES%]\CoD Builder 0.77 Beta\uninstall.exe
[%PROGRAM_FILES%]\NETEagle\uninstall.exe
[%PROGRAM_FILES%]\YouTUBE (TM) movie downloader\uninstall.exe

How to detect 123bar:

Files:
[%PROGRAM_FILES%]\Ahead\Nero\uninstall.exe
[%PROGRAM_FILES%]\CoD Builder 0.77 Beta\uninstall.exe
[%PROGRAM_FILES%]\NETEagle\uninstall.exe
[%PROGRAM_FILES%]\YouTUBE (TM) movie downloader\uninstall.exe
[%PROGRAM_FILES%]\Ahead\Nero\uninstall.exe
[%PROGRAM_FILES%]\CoD Builder 0.77 Beta\uninstall.exe
[%PROGRAM_FILES%]\NETEagle\uninstall.exe
[%PROGRAM_FILES%]\YouTUBE (TM) movie downloader\uninstall.exe

Folders:
[%PROGRAM_FILES%]\jilysoft

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{b225b89d-5e95-4194-98e8-149993071b31}
HKEY_CLASSES_ROOT\ie123band.123 toolbar
HKEY_CLASSES_ROOT\installer\products\d65dea5ae36e13240a2a3c7cf0d459f5
HKEY_CURRENT_USER\software\jily soft
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{a5aed56d-e63e-4231-a0a2-c3c70f4d955f}

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{b225b89d-5e95-4194-98e8-149993071b31}\iexplore
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{b225b89d-5e95-4194-98e8-149993071b31}\iexplore
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{b225b89d-5e95-4194-98e8-149993071b31}\iexplore
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\approved

Removing 123bar:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Vxidl.AUB Trojan
Removing TurboDownload Adware
Icelandic Trojan Information

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)