Thursday, December 4, 2008

Xupiter.Orbitexplorer Adware

Removing Xupiter.Orbitexplorer
Categories: Adware,BHO,Hijacker,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.
Xupiter.Orbitexplorer Also known as:

[Kaspersky]TrojanDownloader.Win32.Comet;
[Panda]Adware/Comet
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\bobsaver.exe
[%WINDOWS%]\bobsaver.scr
[%SYSTEM%]\redirector.dll
[%WINDOWS%]\downloaded program files\conflict.1\oeloader.dll
[%WINDOWS%]\downloaded program files\conflict.1\oeloader.exe
[%WINDOWS%]\Downloaded Program Files\OELoader.dll
[%WINDOWS%]\downloaded program files\oeloader.exe
[%WINDOWS%]\downloaded program files\oeloader.inf
[%WINDOWS%]\system\redirector.dll
[%WINDOWS%]\bobsaver.exe
[%WINDOWS%]\bobsaver.scr
[%SYSTEM%]\redirector.dll
[%WINDOWS%]\downloaded program files\conflict.1\oeloader.dll
[%WINDOWS%]\downloaded program files\conflict.1\oeloader.exe
[%WINDOWS%]\Downloaded Program Files\OELoader.dll
[%WINDOWS%]\downloaded program files\oeloader.exe
[%WINDOWS%]\downloaded program files\oeloader.inf
[%WINDOWS%]\system\redirector.dll

How to detect Xupiter.Orbitexplorer:

Files:
[%WINDOWS%]\bobsaver.exe
[%WINDOWS%]\bobsaver.scr
[%SYSTEM%]\redirector.dll
[%WINDOWS%]\downloaded program files\conflict.1\oeloader.dll
[%WINDOWS%]\downloaded program files\conflict.1\oeloader.exe
[%WINDOWS%]\Downloaded Program Files\OELoader.dll
[%WINDOWS%]\downloaded program files\oeloader.exe
[%WINDOWS%]\downloaded program files\oeloader.inf
[%WINDOWS%]\system\redirector.dll
[%WINDOWS%]\bobsaver.exe
[%WINDOWS%]\bobsaver.scr
[%SYSTEM%]\redirector.dll
[%WINDOWS%]\downloaded program files\conflict.1\oeloader.dll
[%WINDOWS%]\downloaded program files\conflict.1\oeloader.exe
[%WINDOWS%]\Downloaded Program Files\OELoader.dll
[%WINDOWS%]\downloaded program files\oeloader.exe
[%WINDOWS%]\downloaded program files\oeloader.inf
[%WINDOWS%]\system\redirector.dll

Folders:
[%PROGRAM_FILES%]\oe
[%PROGRAM_FILES%]\orbit
[%PROGRAM_FILES_COMMON%]\oe

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{341fb59f-3507-443b-8147-423b4e3b2b15}
HKEY_CLASSES_ROOT\interface\{030a8576-686b-479a-af79-94b9fea79bc5}
HKEY_CLASSES_ROOT\interface\{1d22a25e-b181-4aee-88ff-2209f7c24fcb}
HKEY_CLASSES_ROOT\interface\{ec99cbb3-6275-4923-bc54-8f27ac45f577}
HKEY_CLASSES_ROOT\oesearch.oesearchhook
HKEY_CLASSES_ROOT\oesearch.oesearchhook.1
HKEY_CLASSES_ROOT\toolbar.band.1
HKEY_CLASSES_ROOT\typelib\{8594cb7b-5a4b-414c-b40f-6c42152b4d2b}
HKEY_CLASSES_ROOT\typelib\{92a0bfef-d370-4d4f-ba70-f0c0afb19b9f}
HKEY_CLASSES_ROOT\typelib\{ecc4ab37-565f-4424-8802-e4bc7766ba58}
HKEY_CLASSES_ROOT\update.redirector
HKEY_CLASSES_ROOT\update.redirector.1
HKEY_LOCAL_MACHINE\software\classes\appid\{bac984c9-78c8-4105-9e97-1675a4052686}
HKEY_LOCAL_MACHINE\software\classes\bho.csbho
HKEY_LOCAL_MACHINE\software\classes\bho.csbho.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{062efa85-8bbb-11d3-80d0-00500487b1c5}
HKEY_LOCAL_MACHINE\software\classes\clsid\{0922ec1a-9ec7-11d3-80b9-00500487bdba}
HKEY_LOCAL_MACHINE\software\classes\clsid\{0e42926e-96d8-11d3-80d5-00500487b1c5}
HKEY_LOCAL_MACHINE\software\classes\clsid\{0e429272-96d8-11d3-80d5-00500487b1c5}
HKEY_LOCAL_MACHINE\software\classes\clsid\{1678f7e1-c422-11d0-ad7d-00400515caaa}
HKEY_LOCAL_MACHINE\software\classes\clsid\{16bc6464-196a-4bab-a14b-f69f8a0a60f7}
HKEY_LOCAL_MACHINE\software\classes\clsid\{197ab1d7-a7dd-4c86-a938-1fcc0db21b85}
HKEY_LOCAL_MACHINE\software\classes\clsid\{212b99a1-9cf6-11d3-80b7-00500487bdba}
HKEY_LOCAL_MACHINE\software\classes\clsid\{39e01e09-2b45-11d4-810d-00500487b1c5}
HKEY_LOCAL_MACHINE\software\classes\clsid\{941228b3-3ad1-4633-a9f5-59154cb362d4}
HKEY_LOCAL_MACHINE\software\classes\clsid\{a335d52f-d489-472d-9eaa-d72a40aaf7ca}
HKEY_LOCAL_MACHINE\software\classes\clsid\{cbe7d5e7-90a2-11d3-80d1-00500487b1c5}
HKEY_LOCAL_MACHINE\software\classes\clsid\{cd74b159-a1d3-11d3-80bc-00500487bdba}
HKEY_LOCAL_MACHINE\software\classes\clsid\{e28fcb54-8c8e-11d3-80d1-00500487b1c5}
HKEY_LOCAL_MACHINE\software\classes\clsid\{e5c39db9-9dcc-11d3-80d6-00500487b1c5}
HKEY_LOCAL_MACHINE\software\classes\clsid\{edee4ccb-0913-4cc9-8ea9-3ddd87ab8bde}
HKEY_LOCAL_MACHINE\software\classes\clsid\{f59c663d-e891-492c-86e3-0758c71885c2}
HKEY_LOCAL_MACHINE\software\classes\cometietoolbar.comettoolbar
HKEY_LOCAL_MACHINE\software\classes\cometietoolbar.comettoolbar.1
HKEY_LOCAL_MACHINE\software\classes\core.bho1
HKEY_LOCAL_MACHINE\software\classes\core.bho1.1
HKEY_LOCAL_MACHINE\software\classes\core.browserappproxy
HKEY_LOCAL_MACHINE\software\classes\core.browserappproxy.1
HKEY_LOCAL_MACHINE\software\classes\core.cometcursor
HKEY_LOCAL_MACHINE\software\classes\core.cometcursor.1
HKEY_LOCAL_MACHINE\software\classes\core.cometframe
HKEY_LOCAL_MACHINE\software\classes\core.cometframe.1
HKEY_LOCAL_MACHINE\software\classes\core.cometwindow
HKEY_LOCAL_MACHINE\software\classes\core.cometwindow.1
HKEY_LOCAL_MACHINE\software\classes\core.cs15cursor
HKEY_LOCAL_MACHINE\software\classes\core.cs15cursor.1
HKEY_LOCAL_MACHINE\software\classes\core.fileinfo
HKEY_LOCAL_MACHINE\software\classes\core.fileinfo.1
HKEY_LOCAL_MACHINE\software\classes\core.httpcomm
HKEY_LOCAL_MACHINE\software\classes\core.httpcomm.1
HKEY_LOCAL_MACHINE\software\classes\core.mybrowser1
HKEY_LOCAL_MACHINE\software\classes\core.mybrowser1.1
HKEY_LOCAL_MACHINE\software\classes\core.selfupdater
HKEY_LOCAL_MACHINE\software\classes\core.selfupdater.1
HKEY_LOCAL_MACHINE\software\classes\core.system
HKEY_LOCAL_MACHINE\software\classes\core.system.1
HKEY_LOCAL_MACHINE\software\classes\core.windowproxy
HKEY_LOCAL_MACHINE\software\classes\core.windowproxy.1
HKEY_LOCAL_MACHINE\software\classes\csband.horizontalieband
HKEY_LOCAL_MACHINE\software\classes\csband.horizontalieband.1
HKEY_LOCAL_MACHINE\software\classes\csband.verticalieband
HKEY_LOCAL_MACHINE\software\classes\csband.verticalieband.1
HKEY_LOCAL_MACHINE\software\classes\cssecurity.htmlsecurity
HKEY_LOCAL_MACHINE\software\classes\cssecurity.htmlsecurity.1
HKEY_LOCAL_MACHINE\software\classes\dmproxy.dmproxyctl
HKEY_LOCAL_MACHINE\software\classes\dmproxy.dmproxyctl.1
HKEY_LOCAL_MACHINE\software\classes\dmserver.dmnotify
HKEY_LOCAL_MACHINE\software\classes\dmserver.dmnotify.1
HKEY_LOCAL_MACHINE\software\classes\interface\{012b0571-2cd6-11d4-810d-00500487b1c5}
HKEY_LOCAL_MACHINE\software\classes\interface\{062efa84-8bbb-11d3-80d0-00500487b1c5}
HKEY_LOCAL_MACHINE\software\classes\interface\{0922ec19-9ec7-11d3-80b9-00500487bdba}
HKEY_LOCAL_MACHINE\software\classes\interface\{0e42926f-96d8-11d3-80d5-00500487b1c5}
HKEY_LOCAL_MACHINE\software\classes\interface\{0e429271-96d8-11d3-80d5-00500487b1c5}
HKEY_LOCAL_MACHINE\software\classes\interface\{1348e05a-21c7-4134-b4a4-3c12234fca3f}
HKEY_LOCAL_MACHINE\software\classes\interface\{1e587528-41aa-4f19-97e8-bb75acc3035c}
HKEY_LOCAL_MACHINE\software\classes\interface\{212b99a0-9cf6-11d3-80b7-00500487bdba}
HKEY_LOCAL_MACHINE\software\classes\interface\{29089b98-af05-4769-b627-86a745d4b672}
HKEY_LOCAL_MACHINE\software\classes\interface\{2da93e50-9d08-11d3-80d5-00500487b1c5}
HKEY_LOCAL_MACHINE\software\classes\interface\{2fcfb3fd-7184-4c42-aed3-30fff0119964}
HKEY_LOCAL_MACHINE\software\classes\interface\{34fdd882-5530-4a90-89cd-416612c8855e}
HKEY_LOCAL_MACHINE\software\classes\interface\{43f1b4ad-92ef-4db3-bda9-12335b012dd0}
HKEY_LOCAL_MACHINE\software\classes\interface\{4a0f42b7-a61b-4131-bf41-bf05a2635bfd}
HKEY_LOCAL_MACHINE\software\classes\interface\{50d7c4ab-3c82-11d4-8111-00500487b1c5}
HKEY_LOCAL_MACHINE\software\classes\interface\{58c59f56-ca66-4b5d-9132-ecea5193be5a}
HKEY_LOCAL_MACHINE\software\classes\interface\{665abe65-2c16-4341-b4b8-01ff799e8f4c}
HKEY_LOCAL_MACHINE\software\classes\interface\{788e0d0e-caf7-473b-9183-76be6d30dc9a}
HKEY_LOCAL_MACHINE\software\classes\interface\{7aa7d1c3-f0f8-460c-936d-b5886d0928eb}
HKEY_LOCAL_MACHINE\software\classes\interface\{7f0f5da6-84cb-11d4-8137-00500487b1c5}
HKEY_LOCAL_MACHINE\software\classes\interface\{832786ec-9632-4919-8972-59f79d621c87}
HKEY_LOCAL_MACHINE\software\classes\interface\{899be974-d575-48bb-a9c7-1d24e8042be4}
HKEY_LOCAL_MACHINE\software\classes\interface\{8bee173b-c006-4f0e-acd2-84a882bebcff}
HKEY_LOCAL_MACHINE\software\classes\interface\{910e67a6-bd53-46df-8434-41498b7d22f7}
HKEY_LOCAL_MACHINE\software\classes\interface\{9464c98e-b5f1-4c6a-bd3f-9696e3bd081e}
HKEY_LOCAL_MACHINE\software\classes\interface\{97284959-a553-4576-859c-b3b3ff283de0}
HKEY_LOCAL_MACHINE\software\classes\interface\{9dbdd71c-0a7f-48ac-9ffa-e102b3750b9d}
HKEY_LOCAL_MACHINE\software\classes\interface\{a0ca55a0-a112-11d3-80d6-00500487b1c5}
HKEY_LOCAL_MACHINE\software\classes\interface\{a0ca55a1-a112-11d3-80d6-00500487b1c5}
HKEY_LOCAL_MACHINE\software\classes\interface\{a4b977f5-1efc-4da0-b9c2-67c53cba140f}
HKEY_LOCAL_MACHINE\software\classes\interface\{a9e67cbe-7a42-47be-962a-c07e73c34fba}
HKEY_LOCAL_MACHINE\software\classes\interface\{aeb17fc4-2a52-4945-9866-81cc343a59e3}
HKEY_LOCAL_MACHINE\software\classes\interface\{b0db6360-8d7f-11d4-8137-00500487b1c5}
HKEY_LOCAL_MACHINE\software\classes\interface\{b0e9399e-fe6f-43b0-98d3-2f47080dde4a}
HKEY_LOCAL_MACHINE\software\classes\interface\{bfcbf73b-6eb2-49c1-adca-cf0cd589b140}
HKEY_LOCAL_MACHINE\software\classes\interface\{c0cad17e-00a3-4f40-9015-d569c3114ba3}
HKEY_LOCAL_MACHINE\software\classes\interface\{c2e56e18-2f04-4ab9-9333-b2db3c350956}
HKEY_LOCAL_MACHINE\software\classes\interface\{c4d86dc8-b73b-4470-9914-3dac14ee6f95}
HKEY_LOCAL_MACHINE\software\classes\interface\{c7291310-3c8c-11d4-8111-00500487b1c5}
HKEY_LOCAL_MACHINE\software\classes\interface\{c81b4b57-b06b-409d-aed0-028051683796}
HKEY_LOCAL_MACHINE\software\classes\interface\{cbe7d5e6-90a2-11d3-80d1-00500487b1c5}
HKEY_LOCAL_MACHINE\software\classes\interface\{cbe7d5e8-90a2-11d3-80d1-00500487b1c5}
HKEY_LOCAL_MACHINE\software\classes\interface\{cd74b15b-a1d3-11d3-80bc-00500487bdba}
HKEY_LOCAL_MACHINE\software\classes\interface\{ce2eab19-e31d-43ca-a860-f95a2ca50040}
HKEY_LOCAL_MACHINE\software\classes\interface\{d14d6792-9b65-11d3-80b6-00500487bdba}
HKEY_LOCAL_MACHINE\software\classes\interface\{dc86768f-5adf-4d84-9de8-fd047b1fe8f5}
HKEY_LOCAL_MACHINE\software\classes\interface\{ddd1e8ca-678d-4c9a-a472-ce9578b14dc5}
HKEY_LOCAL_MACHINE\software\classes\interface\{e28fcb53-8c8e-11d3-80d1-00500487b1c5}
HKEY_LOCAL_MACHINE\software\classes\interface\{e9cbbeed-20b6-456c-8589-cf364d9d2370}
HKEY_LOCAL_MACHINE\software\classes\interface\{ea3b6c62-70a6-11d1-b69e-444553540000}
HKEY_LOCAL_MACHINE\software\classes\interface\{eb07a6d3-8e36-11d4-8138-00500487b1c5}
HKEY_LOCAL_MACHINE\software\classes\interface\{f8c5ea77-7d72-405c-b90a-093655b0f544}
HKEY_LOCAL_MACHINE\software\classes\interface\{ffe56921-248b-4c75-9eee-01706310e371}
HKEY_LOCAL_MACHINE\software\classes\puk.pukbho
HKEY_LOCAL_MACHINE\software\classes\typelib\{062efa78-8bbb-11d3-80d0-00500487b1c5}
HKEY_LOCAL_MACHINE\software\classes\typelib\{07fa131e-2eb2-446f-93d2-9f877320010b}
HKEY_LOCAL_MACHINE\software\classes\typelib\{32ba13af-001c-456e-8825-8d53077460ac}
HKEY_LOCAL_MACHINE\software\classes\typelib\{3f4386e5-2fbe-44a8-81cf-4b792490605f}
HKEY_LOCAL_MACHINE\software\classes\typelib\{5d2d50f6-6be2-41a0-b827-1accd3e2e2f7}
HKEY_LOCAL_MACHINE\software\classes\typelib\{74232635-a013-49f2-b869-1b1ab932d944}
HKEY_LOCAL_MACHINE\software\classes\typelib\{7f0f5d9a-84cb-11d4-8137-00500487b1c5}
HKEY_LOCAL_MACHINE\software\classes\typelib\{844c39ec-7ea4-4f11-bce6-28404fd768e3}
HKEY_LOCAL_MACHINE\software\classes\typelib\{878ace1b-8db0-4d75-9034-504756ad4215}
HKEY_LOCAL_MACHINE\software\classes\typelib\{8fcd3b3f-6f3e-4bb2-9c37-b03b27f71857}
HKEY_LOCAL_MACHINE\software\classes\typelib\{bf986691-7f7b-4f94-85e0-20e75350701f}
HKEY_LOCAL_MACHINE\software\classes\typelib\{bfa2c963-fc24-4770-8c19-0d5a1cd58df9}
HKEY_LOCAL_MACHINE\software\classes\typelib\{c09fb84d-b9ed-43eb-afed-f145c26cb839}
HKEY_LOCAL_MACHINE\software\classes\typelib\{d14d6786-9b65-11d3-80b6-00500487bdba}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:\windows\downloaded program files\oeloader.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:\windows\downloaded program files\oeloader.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\orbit
HKEY_CLASSES_ROOT\clsid\{702ad576-fddb-4d0f-9811-a43252064684}
HKEY_CLASSES_ROOT\clsid\{d48f2e28-68e2-4920-9848-d6e6c7ab3eb7}
HKEY_CLASSES_ROOT\interface\{229b6742-97c5-4fa1-89d0-0117be82fc39}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{702ad576-fddb-4d0f-9811-a43252064684}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{d48f2e28-68e2-4920-9848-d6e6c7ab3eb7}
HKEY_CLASSES_ROOT\sqloader.loader
HKEY_CLASSES_ROOT\sqloader.loader.1
HKEY_CLASSES_ROOT\toolbar.band
HKEY_CLASSES_ROOT\typelib\{c3e17d0d-593a-457b-a1da-6d082e29323a}
HKEY_CURRENT_USER\clsid\{0fda4d2b-7975-405d-8d7c-f5e2247eae80}
HKEY_LOCAL_MACHINE\software\classes\clsid\{04fc63f8-ee34-4283-8941-4a11bf17c447}
HKEY_LOCAL_MACHINE\software\classes\clsid\{15940f5d-d8bd-49bc-851d-29dcfb166950}
HKEY_LOCAL_MACHINE\software\classes\clsid\{37d026c3-84d7-4ac5-a026-c08b7907cacf}
HKEY_LOCAL_MACHINE\software\classes\clsid\{4320aeeb-2f2a-4f97-b573-232c6576aa3a}
HKEY_LOCAL_MACHINE\software\classes\clsid\{4aa5d526-44d5-4af6-ac53-5ce1534cc40b}
HKEY_LOCAL_MACHINE\software\classes\clsid\{64726b8a-0cbe-4f80-90b7-1ca1bc69fcfb}
HKEY_LOCAL_MACHINE\software\classes\clsid\{6f2d6a5e-e3e7-4f18-887c-c777650def57}
HKEY_LOCAL_MACHINE\software\classes\clsid\{702ad576-fddb-4d0f-9811-a43252064684}
HKEY_LOCAL_MACHINE\software\classes\clsid\{7be4e188-dd04-47e4-8c1b-4aa330b18d9f}
HKEY_LOCAL_MACHINE\software\classes\clsid\{7f0f5da7-84cb-11d4-8137-00500487b1c5}
HKEY_LOCAL_MACHINE\software\classes\clsid\{827a2ece-d76f-4bcc-82ed-d6a287c11211}
HKEY_LOCAL_MACHINE\software\classes\clsid\{8ae68b04-d492-4474-a6e2-fd5fe884f4b1}
HKEY_LOCAL_MACHINE\software\classes\clsid\{90c61707-c8f8-43db-a25c-c1f4b18ee41e}
HKEY_LOCAL_MACHINE\software\classes\clsid\{a5ea242a-442e-4ecb-9cac-97037ccd6ec6}
HKEY_LOCAL_MACHINE\software\classes\clsid\{c38fc998-3b1b-4f59-a710-5a6c9cf8bd92}
HKEY_LOCAL_MACHINE\software\classes\clsid\{d14d6793-9b65-11d3-80b6-00500487bdba}
HKEY_LOCAL_MACHINE\software\classes\clsid\{d48f2e28-68e2-4920-9848-d6e6c7ab3eb7}
HKEY_LOCAL_MACHINE\software\classes\clsid\{da0882fb-49a3-4a9e-bb09-5e15347b5647}
HKEY_LOCAL_MACHINE\software\classes\clsid\{dfa771a5-2138-48ee-a58e-f782c879af8e}
HKEY_LOCAL_MACHINE\software\classes\clsid\{e3a6e4b2-16b4-4f56-a98a-5f4de04ca2be}
HKEY_LOCAL_MACHINE\software\classes\clsid\{ea5bb125-a227-40a7-bcaa-652d497c2f65}
HKEY_LOCAL_MACHINE\software\classes\clsid\{eb07a6d4-8e36-11d4-8138-00500487b1c5}
HKEY_LOCAL_MACHINE\software\classes\clsid\{edc4193f-34ad-4d07-aa87-e3fdb89e3e76}
HKEY_LOCAL_MACHINE\software\classes\clsid\{f147ae85-1855-4182-be3a-174160995a40}
HKEY_LOCAL_MACHINE\software\classes\clsid\{fe6bc4ef-5676-484b-88ae-883323913256}
HKEY_LOCAL_MACHINE\software\classes\cometapputil.cometuievents
HKEY_LOCAL_MACHINE\software\classes\cometapputil.cometuievents.1
HKEY_LOCAL_MACHINE\software\classes\comutil.fcparam
HKEY_LOCAL_MACHINE\software\classes\comutil.fcparam.1
HKEY_LOCAL_MACHINE\software\classes\comutil.fctcall
HKEY_LOCAL_MACHINE\software\classes\comutil.fctcall.1
HKEY_LOCAL_MACHINE\software\classes\contextparser.contextproxy
HKEY_LOCAL_MACHINE\software\classes\contextparser.contextproxy.1
HKEY_LOCAL_MACHINE\software\classes\contextparser.contextproxymgr
HKEY_LOCAL_MACHINE\software\classes\contextparser.contextproxymgr.1
HKEY_LOCAL_MACHINE\software\classes\contextparser.csregexp
HKEY_LOCAL_MACHINE\software\classes\contextparser.csregexp.1
HKEY_LOCAL_MACHINE\software\classes\contextparser.urlcontextparser
HKEY_LOCAL_MACHINE\software\classes\contextparser.urlcontextparser.1
HKEY_LOCAL_MACHINE\software\classes\csbrange.byterange
HKEY_LOCAL_MACHINE\software\classes\csbrange.byterange.1
HKEY_LOCAL_MACHINE\software\classes\cseng.csengine
HKEY_LOCAL_MACHINE\software\classes\cseng.csengine.1
HKEY_LOCAL_MACHINE\software\classes\cseng.cshost
HKEY_LOCAL_MACHINE\software\classes\cseng.cshost.1
HKEY_LOCAL_MACHINE\software\classes\cseng.evhandler
HKEY_LOCAL_MACHINE\software\classes\cseng.evhandler.1
HKEY_LOCAL_MACHINE\software\classes\csip.cscollection
HKEY_LOCAL_MACHINE\software\classes\csip.cscollection.1
HKEY_LOCAL_MACHINE\software\classes\csip.csipdispatch
HKEY_LOCAL_MACHINE\software\classes\csip.csipdispatch.1
HKEY_LOCAL_MACHINE\software\classes\csip.csippacket
HKEY_LOCAL_MACHINE\software\classes\csip.csippacket.1
HKEY_LOCAL_MACHINE\software\classes\puk.pukbho.1
HKEY_LOCAL_MACHINE\software\classes\skinui.activewindow
HKEY_LOCAL_MACHINE\software\classes\skinui.activewindow.1
HKEY_LOCAL_MACHINE\software\classes\skinui.cskinui
HKEY_LOCAL_MACHINE\software\classes\skinui.cskinui.1
HKEY_LOCAL_MACHINE\software\classes\skinui.webbrowsersink
HKEY_LOCAL_MACHINE\software\classes\skinui.webbrowsersink.1
HKEY_LOCAL_MACHINE\software\classes\skinui.windowshelper
HKEY_LOCAL_MACHINE\software\classes\skinui.windowshelper.1
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{d7b3e460-9968-4191-bd6f-beed1bc18482}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{702ad576-fddb-4d0f-9811-a43252064684}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{702ad576-fddb-4d0f-9811-a43252064684}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d48f2e28-68e2-4920-9848-d6e6c7ab3eb7}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\conflict.1\oeloader.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\oeloader.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\oeloader.exe

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\shellbrowser
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_LOCAL_MACHINE\software\classes\appid\dmserver.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\cc2k
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\cc2k
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\shellbrowser
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\shellbrowser
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks
HKEY_LOCAL_MACHINE\software\classes\appid\dmserver.exe
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\cc2k
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\cc2k

Removing Xupiter.Orbitexplorer:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Mini.Oblivion Backdoor Removal
QQPass Trojan Removal instruction
Ultimate Defender Ransomware Symptoms

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)