Monday, December 1, 2008

123Mania Adware

Removing 123Mania
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Visible Symptoms:
Files in system folders:
[%APPDATA%]\DownloadLegalMusic\DownloadLegalMusic.ico
[%APPDATA%]\DownloadLegalMusic\DownloadLegalMusicTMP.ico
[%APPDATA%]\MATRIX\FotosSexys\App.ico
[%APPDATA%]\MATRIX\FotosSexys\Conectado.ico
[%APPDATA%]\MATRIX\FotosSexys\Conectando.ico
[%APPDATA%]\MATRIX\FotosSexys\Desconectado.ico
[%PROFILE_TEMP%]\aplicacion.ico
[%PROFILE_TEMP%]\licencia.txt
[%PROFILE_TEMP%]\telefonos.txt
[%PROFILE_TEMP%]\textos.txt
[%DESKTOP%]\123downloadsuk.lnk
[%FAVORITES%]\123downloadsuk.lnk
[%PROFILE%]\start menu\123downloadsuk.lnk
[%PROFILE_TEMP%]\123downloadsuk.cab
[%PROFILE_TEMP%]\123downloadsuk.per
[%SYSTEM%]\123downloadsuk.lnk
[%SYSTEM%]\de42s.ico
[%SYSTEM%]\gidcai32.dll
[%SYSTEM%]\sipspi32.dll
[%APPDATA%]\DownloadLegalMusic\DownloadLegalMusic.ico
[%APPDATA%]\DownloadLegalMusic\DownloadLegalMusicTMP.ico
[%APPDATA%]\MATRIX\FotosSexys\App.ico
[%APPDATA%]\MATRIX\FotosSexys\Conectado.ico
[%APPDATA%]\MATRIX\FotosSexys\Conectando.ico
[%APPDATA%]\MATRIX\FotosSexys\Desconectado.ico
[%PROFILE_TEMP%]\aplicacion.ico
[%PROFILE_TEMP%]\licencia.txt
[%PROFILE_TEMP%]\telefonos.txt
[%PROFILE_TEMP%]\textos.txt
[%DESKTOP%]\123downloadsuk.lnk
[%FAVORITES%]\123downloadsuk.lnk
[%PROFILE%]\start menu\123downloadsuk.lnk
[%PROFILE_TEMP%]\123downloadsuk.cab
[%PROFILE_TEMP%]\123downloadsuk.per
[%SYSTEM%]\123downloadsuk.lnk
[%SYSTEM%]\de42s.ico
[%SYSTEM%]\gidcai32.dll
[%SYSTEM%]\sipspi32.dll

How to detect 123Mania:

Files:
[%APPDATA%]\DownloadLegalMusic\DownloadLegalMusic.ico
[%APPDATA%]\DownloadLegalMusic\DownloadLegalMusicTMP.ico
[%APPDATA%]\MATRIX\FotosSexys\App.ico
[%APPDATA%]\MATRIX\FotosSexys\Conectado.ico
[%APPDATA%]\MATRIX\FotosSexys\Conectando.ico
[%APPDATA%]\MATRIX\FotosSexys\Desconectado.ico
[%PROFILE_TEMP%]\aplicacion.ico
[%PROFILE_TEMP%]\licencia.txt
[%PROFILE_TEMP%]\telefonos.txt
[%PROFILE_TEMP%]\textos.txt
[%DESKTOP%]\123downloadsuk.lnk
[%FAVORITES%]\123downloadsuk.lnk
[%PROFILE%]\start menu\123downloadsuk.lnk
[%PROFILE_TEMP%]\123downloadsuk.cab
[%PROFILE_TEMP%]\123downloadsuk.per
[%SYSTEM%]\123downloadsuk.lnk
[%SYSTEM%]\de42s.ico
[%SYSTEM%]\gidcai32.dll
[%SYSTEM%]\sipspi32.dll
[%APPDATA%]\DownloadLegalMusic\DownloadLegalMusic.ico
[%APPDATA%]\DownloadLegalMusic\DownloadLegalMusicTMP.ico
[%APPDATA%]\MATRIX\FotosSexys\App.ico
[%APPDATA%]\MATRIX\FotosSexys\Conectado.ico
[%APPDATA%]\MATRIX\FotosSexys\Conectando.ico
[%APPDATA%]\MATRIX\FotosSexys\Desconectado.ico
[%PROFILE_TEMP%]\aplicacion.ico
[%PROFILE_TEMP%]\licencia.txt
[%PROFILE_TEMP%]\telefonos.txt
[%PROFILE_TEMP%]\textos.txt
[%DESKTOP%]\123downloadsuk.lnk
[%FAVORITES%]\123downloadsuk.lnk
[%PROFILE%]\start menu\123downloadsuk.lnk
[%PROFILE_TEMP%]\123downloadsuk.cab
[%PROFILE_TEMP%]\123downloadsuk.per
[%SYSTEM%]\123downloadsuk.lnk
[%SYSTEM%]\de42s.ico
[%SYSTEM%]\gidcai32.dll
[%SYSTEM%]\sipspi32.dll

Folders:
[%APPDATA%]\123downloadsuk

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{88c51e90-8e9c-4c96-8a45-574d88b63faf}
HKEY_CLASSES_ROOT\interface\{4fc63700-2093-4ad2-8d37-3b3d86d9c940}
HKEY_CLASSES_ROOT\interface\{5bf0ce3e-61d2-4a7b-baa3-0c4667a9563d}
HKEY_CLASSES_ROOT\ptpsa32.ptpsaweb
HKEY_CLASSES_ROOT\ptpsa32.ptpsaweb.1
HKEY_CLASSES_ROOT\typelib\{095c0db4-fea6-440e-8dfc-00fc53ac827d}
HKEY_CURRENT_USER\software\matrix_html
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{88C51E90-8E9C-4C96-8A45-574D88B63FAF}
HKEY_CLASSES_ROOT\autosearch1.bhosrc
HKEY_CLASSES_ROOT\autosearch1.bhosrc.1
HKEY_CLASSES_ROOT\autosearch1.srchhook
HKEY_CLASSES_ROOT\autosearch1.srchhook.1
HKEY_CLASSES_ROOT\bho.html
HKEY_CLASSES_ROOT\bho.html.1
HKEY_CLASSES_ROOT\bho1.html
HKEY_CLASSES_ROOT\bho1.html.1
HKEY_CLASSES_ROOT\clsid\{15651c7c-e812-44a2-a9ac-b467a2233e7d}
HKEY_CLASSES_ROOT\clsid\{622cc208-b014-4fe0-801b-874a5e5e403a}
HKEY_CLASSES_ROOT\clsid\{9c5b2f29-1f46-4639-a6b4-828942301d3e}
HKEY_CLASSES_ROOT\clsid\{d879a0f1-2b3b-4409-8879-fad6e49e1ea9}
HKEY_CLASSES_ROOT\interface\{16f6a635-09f8-44e6-953e-81d037647255}
HKEY_CLASSES_ROOT\interface\{34dcdbdb-60ef-4281-92c6-68c299aab8e5}
HKEY_CLASSES_ROOT\interface\{722c6699-fdf7-4b4f-bdd0-f84cf5791a80}
HKEY_CLASSES_ROOT\interface\{fc02833e-9fde-4862-974f-828887716a28}
HKEY_CLASSES_ROOT\typelib\{5e6895ea-e919-4331-adbe-827d4d8915ac}
HKEY_CLASSES_ROOT\typelib\{b8f9dd56-4ffa-47b0-b9d7-42f45a752f4e}
HKEY_CLASSES_ROOT\typelib\{e9a45914-275e-4866-bb75-5d65cbc3f311}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{15651c7c-e812-44a2-a9ac-b467a2233e7d}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{88c51e90-8e9c-4c96-8a45-574d88b63faf}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{9c5b2f29-1f46-4639-a6b4-828942301d3e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{622cc208-b014-4fe0-801b-874a5e5e403a}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping
HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\userassist\{75048700-ef1f-11d0-9888-006097deacf9}\count
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\userassist\{75048700-ef1f-11d0-9888-006097deacf9}\count
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\settings
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\wintrust\trust providers\software publishing\trust database\0, goicfboogidikkejccmclpieicihhlpo mmhkbp=futurpago
HKEY_LOCAL_MACHINE\software\microsoft\eventsystem\{26c409cc-ae86-11d1-b616-00805fc79216}\subscriptions\{fce5f4d6-6d1a-4366-bb61-cfaa4a463c94}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\abouturls
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\abouturls
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\abouturls
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\abouturls
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\abouturls
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\abouturls
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\abouturls
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{76dd9e77-f06c-4471-ab6c-cf03c5c6b5b0}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{76dd9e77-f06c-4471-ab6c-cf03c5c6b5b0}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{76dd9e77-f06c-4471-ab6c-cf03c5c6b5b0}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{76dd9e77-f06c-4471-ab6c-cf03c5c6b5b0}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{76dd9e77-f06c-4471-ab6c-cf03c5c6b5b0}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{76dd9e77-f06c-4471-ab6c-cf03c5c6b5b0}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing 123Mania:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
FMSZ Trojan Information

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)