Sex.Niche.Guide Toolbar

Removing Sex.Niche.Guide
Categories: Toolbar
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest. It replaces your start page, continuosly open a number of pop up windows and so on.

How to detect Sex.Niche.Guide:

Folders:
[%PROGRAM_FILES%]\Sex_Niche_Guide

Registry Keys:
HKEY_CURRENT_USER\software\sex_niche_guide
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6230e1cb-3c21-4491-b0af-cfcb5dfa3a3d}
HKEY_LOCAL_MACHINE\software\sex_niche_guide

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\sex niche guide toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\sex niche guide toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\sex niche guide toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\sex niche guide toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\sex niche guide toolbar

Removing Sex.Niche.Guide:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Small.B Trojan Removal
Small.ct Backdoor Removal instruction
TrojanClicker.Win32.Delf.ab Trojan Symptoms
Bancos.INK Trojan Cleaner
small.awd Downloader Removal

ZSearch BHO

Removing ZSearch
Categories: BHO,Toolbar
BHO (Browser Helper Object) Trojan. The BHO waits for the user to post personal information to a monitored website. As this information is entered by the user, it is captured by the BHO and sent back to the attacker. The method of network transport used by the attacker makes this Trojan unique. Typically, keyloggers of this type will send the stolen information back to the attacker via email or HTTP POST, which can appear suspicious. Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into the data section of an ICMP ping packet." explained the company.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest. It replaces your start page, continuosly open a number of pop up windows and so on.

---

ZSearch Also known as:

[Panda]Adware/zSearch

How to detect ZSearch:

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zsearch_is1

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\zsearch_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\zsearch_is1

Removing ZSearch:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
All.in.One Spyware Cleaner
Chimo Backdoor Removal
Zlob.Fam.Internet Explorer Secure Plug-in Trojan Removal
CWS.LoadBAT Hijacker Removal
IGetNet.Keywords BHO Removal instruction

Push Trojan

Removing Push
Categories: Trojan,BHO,Backdoor,Toolbar,Downloader,DoS
This loose category includes a variety of Trojans that damage victim machines or threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers create multi-functional Trojans rather than Trojan packs.
BHO (Browser Helper Object) Trojan. The BHO waits for the user to post personal information to a monitored website. As this information is entered by the user, it is captured by the BHO and sent back to the attacker. The method of network transport used by the attacker makes this Trojan unique. Typically, keyloggers of this type will send the stolen information back to the attacker via email or HTTP POST, which can appear suspicious. Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into the data section of an ICMP ping packet." explained the company.
Backdoors are the most dangerous type of Trojans and the most popular. Backdoors open infected machines to external control via Internet. They function in the same way as legal remote administration programs used by system administrators. This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer. Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open. Backdoor functions can include:

• Launching/ deleting files


• Sending/ receiving files


• Deleting data


• Displaying notification


• Rebooting the machine


• Executing files

Backdoors are used by virus writers to detect and download confidential information, execute malicious code, destroy data, include the machine in bot networks and so forth. Backdoors combine the functionality of most other types of in one package.


Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest. It replaces your start page, continuosly open a number of pop up windows and so on.
This family of Trojans downloads and installs new malware or adware on the computer. The downloader then either launches the new malware or registers it to enable autorun according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the Trojan or downloaded from a specified website.
These programs attack web servers by sending numerous requests to the specified server, often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.

---

Push Also known as:

[Kaspersky]Trojan.Win32.Icqpush.b,Trojan.Push,Pusher.374;
[McAfee]PUSH;
[F-Prot]destructive program;
[Panda]Trj/Spider,Pusher.739.Drp;
[Computer Associates]Optimizer!Trojan

---

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\searchv2.dll
[%WINDOWS%]\system\searchv2.dll
[%SYSTEM%]\searchv2.dll
[%WINDOWS%]\system\searchv2.dll

How to detect Push:

Files:
[%SYSTEM%]\searchv2.dll
[%WINDOWS%]\system\searchv2.dll
[%SYSTEM%]\searchv2.dll
[%WINDOWS%]\system\searchv2.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-a0e8-f76fa694bf2e}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{4e7bd74f-2b8d-469e-a0e8-f76fa694bf2e}
HKEY_LOCAL_MACHINE\software\classes\clsid\{4e7bd74f-2b8d-469e-a0e8-f76fa694bf2e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4e7bd74f-2b8d-469e-a0e8-f76fa694bf2e}

Removing Push:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Removing Meplex Adware
Klemfor Trojan Symptoms
Zlob.Fam.Protection Tools Trojan Cleaner
Remove VividKeyLogger Spyware
Bancos.INK Trojan Removal

Malum.ANBG Trojan

Removing Malum.ANBG
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers create multi-functional Trojans rather than Trojan packs.

---

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\IE\MD1.exe
[%WINDOWS%]\IE\MD1.exe

How to detect Malum.ANBG:

Files:
[%WINDOWS%]\IE\MD1.exe
[%WINDOWS%]\IE\MD1.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Malum.ANBG:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Nauj Adware Information
small.awd Downloader Cleaner
Removing Bitch.Controller Trojan
Downloader.ACV Adware Removal instruction
EvilLife Trojan Removal instruction

SpySnipe Ransomware

Removing SpySnipe
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of malware that encrypts the data belonging to an individual on a computer, demanding a ransom for its restoration.

The term ransomware is commonly used to describe such software, although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching a specially crafted file/program to an e-mail message and sending this to the victim.

If the victim opens/executes the attachment, the program encrypts a number of files on the victim's computer. A ransom note is then left behind for the victim.

The victim will be unable to open the encrypted files without the correct decryption key. Once the ransom demanded in the ransom note is paid, the cracker may (or may not) send the decryption key, enabling decryption of the "kidnapped" files.

---

Visible Symptoms:
Files in system folders:
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpySnipe 1.0.lnk
[%PROFILE%]\Desktop\SpySnipe 1.0.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpySnipe 1.0.lnk
[%PROFILE%]\Desktop\SpySnipe 1.0.lnk

How to detect SpySnipe:

Files:
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpySnipe 1.0.lnk
[%PROFILE%]\Desktop\SpySnipe 1.0.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpySnipe 1.0.lnk
[%PROFILE%]\Desktop\SpySnipe 1.0.lnk

Folders:
[%PROFILE%]\Start Menu\Programs\SpySnipe
[%PROGRAM_FILES%]\SpySnipe

Registry Keys:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\spysnipe
HKEY_CURRENT_USER\software\spysnipe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spysnipe 1.0_is1

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing SpySnipe:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
soft.stop Trojan Symptoms
Meplex Adware Removal
Reztuto Trojan Symptoms
Remove Downloader.ACV Adware
All.in.One Spyware Symptoms

Fenster Trojan

Removing Fenster
Categories: Trojan,Backdoor
This loose category includes a variety of Trojans that damage victim machines or threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers create multi-functional Trojans rather than Trojan packs.
Backdoors are the most dangerous type of Trojans and the most popular. Backdoors open infected machines to external control via Internet. They function in the same way as legal remote administration programs used by system administrators. This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer. Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open. Backdoor functions can include:

• Launching/ deleting files


• Sending/ receiving files


• Deleting data


• Displaying notification


• Rebooting the machine


• Executing files

Backdoors are used by virus writers to detect and download confidential information, execute malicious code, destroy data, include the machine in bot networks and so forth. Backdoors combine the functionality of most other types of in one package.


Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

---

Fenster Also known as:

[Kaspersky]Backdoor.Fenster.21;
[Eset]Win32/Fenster.22 trojan;
[McAfee]Backdoor-SL;
[F-Prot]security risk or a "backdoor" program;
[Panda]Backdoor Program;
[Computer Associates]Backdoor/Fenster.21!Server,Win32.Fenster.21,Backdoor/Fenster.2.2

---

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\opengl8.dll
[%WINDOWS%]\system\rundli32.exe
[%WINDOWS%]\system\opengl8.dll
[%WINDOWS%]\system\rundli32.exe

How to detect Fenster:

Files:
[%WINDOWS%]\system\opengl8.dll
[%WINDOWS%]\system\rundli32.exe
[%WINDOWS%]\system\opengl8.dll
[%WINDOWS%]\system\rundli32.exe

Removing Fenster:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Removing Small.ct Backdoor
Removing Removal.Wizard Adware
Excel.Yohimbe Trojan Removal
Bancos.INK Trojan Removal
Corkye Trojan Symptoms

Klemfor Trojan

Removing Klemfor
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers create multi-functional Trojans rather than Trojan packs.

---

Klemfor Also known as:

[Kaspersky]Trojan.Win32.Agent.cw;
[Other]Win32/Klemfor.A,Win32/Klemfor.B,Adware.Adpopup

---

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\e404d.dll
[%SYSTEM%]\e404d.dll

How to detect Klemfor:

Files:
[%SYSTEM%]\e404d.dll
[%SYSTEM%]\e404d.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{d235c04e-c282-4983-8ad1-aa77aa763d08}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload

Removing Klemfor:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Removing Zlob.Fam.VideoCompressionCodec Trojan
Caiijing Trojan Information
Meplex Adware Cleaner
small.awd Downloader Information
Antivirus.Protection Ransomware Cleaner

Chimo Backdoor

Removing Chimo
Categories: Backdoor
Backdoors are the most dangerous type of Trojans and the most popular. Backdoors open infected machines to external control via Internet. They function in the same way as legal remote administration programs used by system administrators. This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer. Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open. Backdoor functions can include:

• Launching/ deleting files


• Sending/ receiving files


• Deleting data


• Displaying notification


• Rebooting the machine


• Executing files

Backdoors are used by virus writers to detect and download confidential information, execute malicious code, destroy data, include the machine in bot networks and so forth. Backdoors combine the functionality of most other types of in one package.


Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

---

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\combo.exe
[%SYSTEM%]\combo.exe

How to detect Chimo:

Files:
[%SYSTEM%]\combo.exe
[%SYSTEM%]\combo.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Chimo:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Remove Nauj Adware
Small.B Trojan Information
Zlob.Fam.VideoCompressionCodec Trojan Cleaner
Badmin Trojan Removal instruction
Meplex Adware Cleaner

Corkye Trojan

Removing Corkye
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers create multi-functional Trojans rather than Trojan packs.

---

Corkye Also known as:

[Other]Win32/Corkye,Win32/Corkye.A

---

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\infusms.exe
[%SYSTEM%]\svcbs.sys
[%SYSTEM%]\svctcpip1.sys
[%SYSTEM%]\infusms.exe
[%SYSTEM%]\svcbs.sys
[%SYSTEM%]\svctcpip1.sys

How to detect Corkye:

Files:
[%SYSTEM%]\infusms.exe
[%SYSTEM%]\svcbs.sys
[%SYSTEM%]\svctcpip1.sys
[%SYSTEM%]\infusms.exe
[%SYSTEM%]\svcbs.sys
[%SYSTEM%]\svctcpip1.sys

Registry Keys:
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_remote_administration_service
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\remote administration service

Removing Corkye:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
DlToon Trojan Cleaner
Nauj Adware Information
Zlob.Fam.Internet Explorer Secure Plug-in Trojan Information
ClickTheButton Adware Symptoms
Meplex Adware Symptoms

small.awd Downloader

Removing small.awd
Categories: Downloader
This family of Trojans downloads and installs new malware or adware on the computer. The downloader then either launches the new malware or registers it to enable autorun according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the Trojan or downloaded from a specified website.

How to detect small.awd:

Folders:
[%PROGRAMS%]\erroguard
[%PROGRAMS%]\errorguard
[%PROGRAM_FILES%]\errorguard

Registry Keys:
HKEY_CURRENT_USER\software\errorguard
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\errorguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\error guard

Removing small.awd:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Bancos.INK Trojan Information
GhostKeyLogger Spyware Removal instruction
SillyDl.DBN Trojan Removal instruction
Removing Win32.Qoologic Trojan
Antivirus.Protection Ransomware Cleaner

CWS.LoadBAT Hijacker

Removing CWS.LoadBAT
Categories: Hijacker
Hijackers are software programs that modify users' default browser home page, search settings, error page settings, or desktop wallpaper without adequate notice, disclosure, or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker instead of the user's designated home page. In some cases, the hijacker may block users from restoring their desired home page.

A search hijacker redirects search results to other pages and may transmit search and browsing data to unknown servers. An error page hijacker directs the browser to another page, usually an advertising page, instead of the usual error page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page, search pages, and search bar. They may also redirect you to certain sites should you mistype an address or prevent you from going to a website they would rather you not, such as sites that combat malware. Some will even redirect you to their own search engine when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.

How to detect CWS.LoadBAT:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing CWS.LoadBAT:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
TrojanClicker.Win32.Delf.ab Trojan Removal instruction
Bitch.Controller Trojan Removal
Remove GhostKeyLogger Spyware
IBar.cn Toolbar Symptoms
Balloon.Pop.Word.Game Trojan Cleaner

Surila Trojan

Removing Surila
Categories: Trojan,Backdoor
This loose category includes a variety of Trojans that damage victim machines or threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers create multi-functional Trojans rather than Trojan packs.
Backdoors are the most dangerous type of Trojans and the most popular. Backdoors open infected machines to external control via Internet. They function in the same way as legal remote administration programs used by system administrators. This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer. Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open. Backdoor functions can include:

• Launching/ deleting files


• Sending/ receiving files


• Deleting data


• Displaying notification


• Rebooting the machine


• Executing files

Backdoors are used by virus writers to detect and download confidential information, execute malicious code, destroy data, include the machine in bot networks and so forth. Backdoors combine the functionality of most other types of in one package.


Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

---

Visible Symptoms:
Files in system folders:
[%COMMON_STARTUP%]\tcp32shlp.exe
[%SYSTEM%]\tcp32sec.sys
[%SYSTEM%]\tcp32sflt.dll
[%SYSTEM%]\tcp32shlp.exe
[%WINDOWS%]\tcp32ss.exe
[%COMMON_STARTUP%]\tcp32shlp.exe
[%SYSTEM%]\tcp32sec.sys
[%SYSTEM%]\tcp32sflt.dll
[%SYSTEM%]\tcp32shlp.exe
[%WINDOWS%]\tcp32ss.exe

How to detect Surila:

Files:
[%COMMON_STARTUP%]\tcp32shlp.exe
[%SYSTEM%]\tcp32sec.sys
[%SYSTEM%]\tcp32sflt.dll
[%SYSTEM%]\tcp32shlp.exe
[%WINDOWS%]\tcp32ss.exe
[%COMMON_STARTUP%]\tcp32shlp.exe
[%SYSTEM%]\tcp32sec.sys
[%SYSTEM%]\tcp32sflt.dll
[%SYSTEM%]\tcp32shlp.exe
[%WINDOWS%]\tcp32ss.exe

Registry Keys:
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_tcp32sec
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcp32sec

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Surila:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
soft.stop Trojan Information
Win32.Qoologic Trojan Symptoms
Excel.Yohimbe Trojan Information
Nauj Adware Removal instruction
ClickTheButton Adware Information

IGetNet.Keywords BHO

Removing IGetNet.Keywords
Categories: BHO,Hijacker
BHO (Browser Helper Object) Trojan. The BHO waits for the user to post personal information to a monitored website. As this information is entered by the user, it is captured by the BHO and sent back to the attacker. The method of network transport used by the attacker makes this Trojan unique. Typically, keyloggers of this type will send the stolen information back to the attacker via email or HTTP POST, which can appear suspicious. Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into the data section of an ICMP ping packet." explained the company.
Hijackers are software programs that modify users' default browser home page, search settings, error page settings, or desktop wallpaper without adequate notice, disclosure, or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker instead of the user's designated home page. In some cases, the hijacker may block users from restoring their desired home page.

A search hijacker redirects search results to other pages and may transmit search and browsing data to unknown servers. An error page hijacker directs the browser to another page, usually an advertising page, instead of the usual error page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page, search pages, and search bar. They may also redirect you to certain sites should you mistype an address or prevent you from going to a website they would rather you not, such as sites that combat malware. Some will even redirect you to their own search engine when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.

How to detect IGetNet.Keywords:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{730f2451-a3fe-4a72-938c-fc8a74f15978}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{730f2451-a3fe-4a72-938c-fc8a74f15978}
HKEY_LOCAL_MACHINE\software\classes\clsid\{730f2451-a3fe-4a72-938c-fc8a74f15978}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{730f2451-a3fe-4a72-938c-fc8a74f15978}

Removing IGetNet.Keywords:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Removing InCommand Trojan
Badmin Trojan Information
Nauj Adware Cleaner
VividKeyLogger Spyware Cleaner
Remove DomainHelper Adware

Caiijing Trojan

Removing Caiijing
Categories: Trojan,Backdoor
This loose category includes a variety of Trojans that damage victim machines or threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers create multi-functional Trojans rather than Trojan packs.
Backdoors are the most dangerous type of Trojans and the most popular. Backdoors open infected machines to external control via Internet. They function in the same way as legal remote administration programs used by system administrators. This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer. Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open. Backdoor functions can include:

• Launching/ deleting files


• Sending/ receiving files


• Deleting data


• Displaying notification


• Rebooting the machine


• Executing files

Backdoors are used by virus writers to detect and download confidential information, execute malicious code, destroy data, include the machine in bot networks and so forth. Backdoors combine the functionality of most other types of in one package.


Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

---

Caiijing Also known as:

[Kaspersky]Backdoor.Win32.Agent.ahj;
[McAfee]Backdoor-DKA;
[Other]Trojan.Caiijing,Win32/Caiijing.1hy!Trojan

---

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\958AB320.DLL
[%SYSTEM%]\958AB320.EXE
[%SYSTEM%]\958AB320T.EXE
[%SYSTEM%]\C69B4280.DLL
[%SYSTEM%]\C69B4280.EXE
[%SYSTEM%]\C69B4280T.EXE
[%SYSTEM%]\Media\winlogon.exe
[%SYSTEM%]\958AB320.DLL
[%SYSTEM%]\958AB320.EXE
[%SYSTEM%]\958AB320T.EXE
[%SYSTEM%]\C69B4280.DLL
[%SYSTEM%]\C69B4280.EXE
[%SYSTEM%]\C69B4280T.EXE
[%SYSTEM%]\Media\winlogon.exe

How to detect Caiijing:

Files:
[%SYSTEM%]\958AB320.DLL
[%SYSTEM%]\958AB320.EXE
[%SYSTEM%]\958AB320T.EXE
[%SYSTEM%]\C69B4280.DLL
[%SYSTEM%]\C69B4280.EXE
[%SYSTEM%]\C69B4280T.EXE
[%SYSTEM%]\Media\winlogon.exe
[%SYSTEM%]\958AB320.DLL
[%SYSTEM%]\958AB320.EXE
[%SYSTEM%]\958AB320T.EXE
[%SYSTEM%]\C69B4280.DLL
[%SYSTEM%]\C69B4280.EXE
[%SYSTEM%]\C69B4280T.EXE
[%SYSTEM%]\Media\winlogon.exe

Registry Keys:
HKEY_CURRENT_USER\system\currentcontrolset\services\c69b4280
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\c69b4280

Registry Values:
HKEY_CURRENT_USER\system\currentcontrolset\services\958ab320
HKEY_CURRENT_USER\system\currentcontrolset\services\958ab320
HKEY_CURRENT_USER\system\currentcontrolset\services\958ab320
HKEY_CURRENT_USER\system\currentcontrolset\services\958ab320
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_c69b4280
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_c69b4280\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_c69b4280\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_c69b4280\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_c69b4280\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_c69b4280\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_c69b4280\0000\control
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_c69b4280\0000\control
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\958ab320
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\958ab320
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\958ab320
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\958ab320
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\958ab320
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\958ab320
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\958ab320
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\958ab320\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\958ab320\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\958ab320\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\958ab320\security

Removing Caiijing:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
InCommand Trojan Symptoms
Zlob.Fam.Protection Tools Trojan Information
Removing Nauj Adware
Bopninja Trojan Cleaner
Remove TrojanClicker.Win32.Delf.ab Trojan

soft.stop Trojan

Removing soft.stop
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers create multi-functional Trojans rather than Trojan packs.

---

Visible Symptoms:
Files in system folders:
[%PROFILE%]\dfgaert.dll
[%PROFILE%]\krnl32.dll
[%PROFILE%]\mssvmdll.dll
[%PROFILE%]\mstsk32.dll
[%PROFILE%]\mxcrtp.dll
[%PROFILE%]\param32.ocx
[%PROFILE%]\regdll32.exe
[%PROFILE%]\sthbdm32.dll
[%PROFILE%]\stubext.dll
[%PROFILE%]\svhc32.dll
[%PROFILE%]\systerm.exe
[%PROFILE%]\uncwqs.dll
[%PROFILE%]\winhid64.dll
[%PROFILE%]\winsys32.exe
[%PROFILE%]\wintst.dll
[%PROFILE_TEMP%]\dfgaert.dll
[%PROFILE_TEMP%]\krnl32.dll
[%PROFILE_TEMP%]\mssvmdll.dll
[%PROFILE_TEMP%]\mstsk32.dll
[%PROFILE_TEMP%]\mxcrtp.dll
[%PROFILE_TEMP%]\param32.ocx
[%PROFILE_TEMP%]\posterm.dll
[%PROFILE_TEMP%]\regdll32.exe
[%PROFILE_TEMP%]\sthbdm32.dll
[%PROFILE_TEMP%]\stubext.dll
[%PROFILE_TEMP%]\svhc32.dll
[%PROFILE_TEMP%]\systerm.exe
[%PROFILE_TEMP%]\uncwqs.dll
[%PROFILE_TEMP%]\winhid64.dll
[%PROFILE_TEMP%]\wintst.dll
[%SYSTEM%]\dfgaert.dll
[%SYSTEM%]\krnl32.dll
[%SYSTEM%]\mssvmdll.dll
[%SYSTEM%]\mstsk32.dll
[%SYSTEM%]\mxcrtp.dll
[%SYSTEM%]\param32.ocx
[%SYSTEM%]\posterm.dll
[%SYSTEM%]\regdll32.exe
[%SYSTEM%]\sthbdm32.dll
[%SYSTEM%]\stubext.dll
[%SYSTEM%]\svhc32.dll
[%SYSTEM%]\systerm.exe
[%SYSTEM%]\uncwqs.dll
[%SYSTEM%]\winhid64.dll
[%SYSTEM%]\winsys32.exe
[%SYSTEM%]\wintst.dll
[%DESKTOP%]\Spyware Soft Stop.lnk
[%PROFILE%]\posterm.dll
[%PROFILE_TEMP%]\winsys32.exe
[%SYSTEM%]\drivers\FG.SYS
[%SYSTEM%]\logon032.dll
[%SYSTEM%]\pinch.exe
[%WINDOWS%]\mydriver64.sys
[%WINDOWS%]\sss_main.ini
[%PROFILE%]\dfgaert.dll
[%PROFILE%]\krnl32.dll
[%PROFILE%]\mssvmdll.dll
[%PROFILE%]\mstsk32.dll
[%PROFILE%]\mxcrtp.dll
[%PROFILE%]\param32.ocx
[%PROFILE%]\regdll32.exe
[%PROFILE%]\sthbdm32.dll
[%PROFILE%]\stubext.dll
[%PROFILE%]\svhc32.dll
[%PROFILE%]\systerm.exe
[%PROFILE%]\uncwqs.dll
[%PROFILE%]\winhid64.dll
[%PROFILE%]\winsys32.exe
[%PROFILE%]\wintst.dll
[%PROFILE_TEMP%]\dfgaert.dll
[%PROFILE_TEMP%]\krnl32.dll
[%PROFILE_TEMP%]\mssvmdll.dll
[%PROFILE_TEMP%]\mstsk32.dll
[%PROFILE_TEMP%]\mxcrtp.dll
[%PROFILE_TEMP%]\param32.ocx
[%PROFILE_TEMP%]\posterm.dll
[%PROFILE_TEMP%]\regdll32.exe
[%PROFILE_TEMP%]\sthbdm32.dll
[%PROFILE_TEMP%]\stubext.dll
[%PROFILE_TEMP%]\svhc32.dll
[%PROFILE_TEMP%]\systerm.exe
[%PROFILE_TEMP%]\uncwqs.dll
[%PROFILE_TEMP%]\winhid64.dll
[%PROFILE_TEMP%]\wintst.dll
[%SYSTEM%]\dfgaert.dll
[%SYSTEM%]\krnl32.dll
[%SYSTEM%]\mssvmdll.dll
[%SYSTEM%]\mstsk32.dll
[%SYSTEM%]\mxcrtp.dll
[%SYSTEM%]\param32.ocx
[%SYSTEM%]\posterm.dll
[%SYSTEM%]\regdll32.exe
[%SYSTEM%]\sthbdm32.dll
[%SYSTEM%]\stubext.dll
[%SYSTEM%]\svhc32.dll
[%SYSTEM%]\systerm.exe
[%SYSTEM%]\uncwqs.dll
[%SYSTEM%]\winhid64.dll
[%SYSTEM%]\winsys32.exe
[%SYSTEM%]\wintst.dll
[%DESKTOP%]\Spyware Soft Stop.lnk
[%PROFILE%]\posterm.dll
[%PROFILE_TEMP%]\winsys32.exe
[%SYSTEM%]\drivers\FG.SYS
[%SYSTEM%]\logon032.dll
[%SYSTEM%]\pinch.exe
[%WINDOWS%]\mydriver64.sys
[%WINDOWS%]\sss_main.ini

How to detect soft.stop:

Files:
[%PROFILE%]\dfgaert.dll
[%PROFILE%]\krnl32.dll
[%PROFILE%]\mssvmdll.dll
[%PROFILE%]\mstsk32.dll
[%PROFILE%]\mxcrtp.dll
[%PROFILE%]\param32.ocx
[%PROFILE%]\regdll32.exe
[%PROFILE%]\sthbdm32.dll
[%PROFILE%]\stubext.dll
[%PROFILE%]\svhc32.dll
[%PROFILE%]\systerm.exe
[%PROFILE%]\uncwqs.dll
[%PROFILE%]\winhid64.dll
[%PROFILE%]\winsys32.exe
[%PROFILE%]\wintst.dll
[%PROFILE_TEMP%]\dfgaert.dll
[%PROFILE_TEMP%]\krnl32.dll
[%PROFILE_TEMP%]\mssvmdll.dll
[%PROFILE_TEMP%]\mstsk32.dll
[%PROFILE_TEMP%]\mxcrtp.dll
[%PROFILE_TEMP%]\param32.ocx
[%PROFILE_TEMP%]\posterm.dll
[%PROFILE_TEMP%]\regdll32.exe
[%PROFILE_TEMP%]\sthbdm32.dll
[%PROFILE_TEMP%]\stubext.dll
[%PROFILE_TEMP%]\svhc32.dll
[%PROFILE_TEMP%]\systerm.exe
[%PROFILE_TEMP%]\uncwqs.dll
[%PROFILE_TEMP%]\winhid64.dll
[%PROFILE_TEMP%]\wintst.dll
[%SYSTEM%]\dfgaert.dll
[%SYSTEM%]\krnl32.dll
[%SYSTEM%]\mssvmdll.dll
[%SYSTEM%]\mstsk32.dll
[%SYSTEM%]\mxcrtp.dll
[%SYSTEM%]\param32.ocx
[%SYSTEM%]\posterm.dll
[%SYSTEM%]\regdll32.exe
[%SYSTEM%]\sthbdm32.dll
[%SYSTEM%]\stubext.dll
[%SYSTEM%]\svhc32.dll
[%SYSTEM%]\systerm.exe
[%SYSTEM%]\uncwqs.dll
[%SYSTEM%]\winhid64.dll
[%SYSTEM%]\winsys32.exe
[%SYSTEM%]\wintst.dll
[%DESKTOP%]\Spyware Soft Stop.lnk
[%PROFILE%]\posterm.dll
[%PROFILE_TEMP%]\winsys32.exe
[%SYSTEM%]\drivers\FG.SYS
[%SYSTEM%]\logon032.dll
[%SYSTEM%]\pinch.exe
[%WINDOWS%]\mydriver64.sys
[%WINDOWS%]\sss_main.ini
[%PROFILE%]\dfgaert.dll
[%PROFILE%]\krnl32.dll
[%PROFILE%]\mssvmdll.dll
[%PROFILE%]\mstsk32.dll
[%PROFILE%]\mxcrtp.dll
[%PROFILE%]\param32.ocx
[%PROFILE%]\regdll32.exe
[%PROFILE%]\sthbdm32.dll
[%PROFILE%]\stubext.dll
[%PROFILE%]\svhc32.dll
[%PROFILE%]\systerm.exe
[%PROFILE%]\uncwqs.dll
[%PROFILE%]\winhid64.dll
[%PROFILE%]\winsys32.exe
[%PROFILE%]\wintst.dll
[%PROFILE_TEMP%]\dfgaert.dll
[%PROFILE_TEMP%]\krnl32.dll
[%PROFILE_TEMP%]\mssvmdll.dll
[%PROFILE_TEMP%]\mstsk32.dll
[%PROFILE_TEMP%]\mxcrtp.dll
[%PROFILE_TEMP%]\param32.ocx
[%PROFILE_TEMP%]\posterm.dll
[%PROFILE_TEMP%]\regdll32.exe
[%PROFILE_TEMP%]\sthbdm32.dll
[%PROFILE_TEMP%]\stubext.dll
[%PROFILE_TEMP%]\svhc32.dll
[%PROFILE_TEMP%]\systerm.exe
[%PROFILE_TEMP%]\uncwqs.dll
[%PROFILE_TEMP%]\winhid64.dll
[%PROFILE_TEMP%]\wintst.dll
[%SYSTEM%]\dfgaert.dll
[%SYSTEM%]\krnl32.dll
[%SYSTEM%]\mssvmdll.dll
[%SYSTEM%]\mstsk32.dll
[%SYSTEM%]\mxcrtp.dll
[%SYSTEM%]\param32.ocx
[%SYSTEM%]\posterm.dll
[%SYSTEM%]\regdll32.exe
[%SYSTEM%]\sthbdm32.dll
[%SYSTEM%]\stubext.dll
[%SYSTEM%]\svhc32.dll
[%SYSTEM%]\systerm.exe
[%SYSTEM%]\uncwqs.dll
[%SYSTEM%]\winhid64.dll
[%SYSTEM%]\winsys32.exe
[%SYSTEM%]\wintst.dll
[%DESKTOP%]\Spyware Soft Stop.lnk
[%PROFILE%]\posterm.dll
[%PROFILE_TEMP%]\winsys32.exe
[%SYSTEM%]\drivers\FG.SYS
[%SYSTEM%]\logon032.dll
[%SYSTEM%]\pinch.exe
[%WINDOWS%]\mydriver64.sys
[%WINDOWS%]\sss_main.ini

Folders:
[%PROGRAM_FILES%]\SpywareSoftStop
[%COMMON_PROGRAMS%]\Spyware Soft Stop
[%COMMON_PROGRAMS%]\SpywareSoftStop
[%PROGRAM_FILES%]\Spyware Soft Stop

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{5AA06644-BC46-4220-A460-47A6EB47C96D}
HKEY_CLASSES_ROOT\CLSID\{6C6B8C69-9285-4D94-8492-9E920C8C2B65}
HKEY_CLASSES_ROOT\CLSID\{74F25A2C-22B3-4023-8F1A-CA616C30A8B5}
HKEY_CURRENT_USER\software\spywaresoftstop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C6B8C69-9285-4D94-8492-9E920C8C2B65}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74F25A2C-22B3-4023-8F1A-CA616C30A8B5}
HKEY_CLASSES_ROOT\clsid\{5aa06644-bc46-4220-a460-47a6eb47c96d}
HKEY_CLASSES_ROOT\clsid\{6c6b8c69-9285-4d94-8492-9e920c8c2b65}
HKEY_CLASSES_ROOT\clsid\{74f25a2c-22b3-4023-8f1a-ca616c30a8b5}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{12ee7a5e-0674-42f9-a76b-000000004d00}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5aa06644-bc46-4220-a460-47a6eb47c96d}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{669695bc-a811-4a9d-8cdf-ba8c795f261c}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6c6b8c69-9285-4d94-8492-9e920c8c2b65}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{74f25a2c-22b3-4023-8f1a-ca616c30a8b5}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spyware soft stop_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spywaresoftstop_is1
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_fg
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\fg

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing soft.stop:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Remove InCommand Trojan
Excel.Yohimbe Trojan Removal
ClickTheButton Adware Symptoms
Badmin Trojan Removal
SillyDl.DIB Downloader Information

Win32.Qoologic Trojan

Removing Win32.Qoologic
Categories: Trojan,Downloader
This loose category includes a variety of Trojans that damage victim machines or threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers create multi-functional Trojans rather than Trojan packs.
This family of Trojans downloads and installs new malware or adware on the computer. The downloader then either launches the new malware or registers it to enable autorun according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the Trojan or downloaded from a specified website.

---

Win32.Qoologic Also known as:

[Kaspersky]Trojan-Downloader.Win32.Qoologic.c

---

Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\tp7543.exe
[%SYSTEM%]\paquk.dat
[%WINDOWS%]\installer_251.exe
[%WINDOWS%]\unwn.exe
[%WINDOWS%]\adolib32.dll
[%PROFILE_TEMP%]\tp7543.exe
[%SYSTEM%]\paquk.dat
[%WINDOWS%]\installer_251.exe
[%WINDOWS%]\unwn.exe
[%WINDOWS%]\adolib32.dll

How to detect Win32.Qoologic:

Files:
[%PROFILE_TEMP%]\tp7543.exe
[%SYSTEM%]\paquk.dat
[%WINDOWS%]\installer_251.exe
[%WINDOWS%]\unwn.exe
[%WINDOWS%]\adolib32.dll
[%PROFILE_TEMP%]\tp7543.exe
[%SYSTEM%]\paquk.dat
[%WINDOWS%]\installer_251.exe
[%WINDOWS%]\unwn.exe
[%WINDOWS%]\adolib32.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{ce3a44d8-bc88-4d62-a890-42d96245f8d6}
HKEY_CLASSES_ROOT\folder\shellex\columnhandlers\{ce3a44d8-bc88-4d62-a890-42d96245f8d6}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{4ABF810A-F11D-4169-9D5F-7D274F2270A1}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{4abf810a-f11d-4169-9d5f-7d274f2270a1}

Removing Win32.Qoologic:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Remove Bancos.INK Trojan
Zlob.Fam.VideoCompressionCodec Trojan Information
IBar.cn Toolbar Symptoms
Removing PViever Trojan
Zlob.Fam.Protection Tools Trojan Information

GhostKeyLogger Spyware

Removing GhostKeyLogger
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer to intercept or take partial control over the user's interaction with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior, the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information, such as Internet surfing habit, sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software, redirecting Web browser activity, accessing websites blindly that will cause more harmful viruses, or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds, different home pages, and loss of Internet or other programs. In an attempt to increase the understanding of spyware, a more formal classification of its included software types is captured under the term privacy-invasive software.

How to detect GhostKeyLogger:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing GhostKeyLogger:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Remove Downloader.ACV Adware
Small.B Trojan Cleaner
IBar.cn Toolbar Removal
Removing DomainHelper Adware
SillyDl.DBN Trojan Symptoms

Zlob.Fam.Protection Tools Trojan

Removing Zlob.Fam.Protection Tools
Categories: Trojan,Popups
This loose category includes a variety of Trojans that damage victim machines or threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers create multi-functional Trojans rather than Trojan packs.
Adware is the class of programs that place advertisements on your screen. These may be in the form of pop-ups, pop-unders, advertisements embedded in programs, advertisements placed on top of ads in web sites, or any other way the authors can think of showing you an ad.

The pop-ups generally will not be stopped by pop-up stoppers, and often are not dependent on your having Internet Explorer open. They may show up when you are playing a game, writing a document, listening to music, or anything else. Should you be surfing, the advertisements will often be related to the web page you are viewing.

How to detect Zlob.Fam.Protection Tools:

Folders:
[%PROGRAM_FILES%]\Protection Tools

Removing Zlob.Fam.Protection Tools:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
PViever Trojan Removal instruction
Small.B Trojan Information
SillyDl.DBN Trojan Symptoms
Downloader.ACV Adware Removal instruction
Small.ct Backdoor Symptoms

EvilLife Trojan

Removing EvilLife
Categories: Trojan,Worm,Backdoor,DoS
This loose category includes a variety of Trojans that damage victim machines or threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers create multi-functional Trojans rather than Trojan packs.
Worms can be classified according to the propagation method they use, i.e. how they deliver copies of themselves to new victim machines. Worms can also be classified by installation method, launch method and finally according to characteristics standard to all malware: polymorphism, stealth etc.

Many of the worms which managed to cause significant outbreaks use more then one propagation method as well as more than one infection technique. The methods are listed separately below.
Backdoors are the most dangerous type of Trojans and the most popular. Backdoors open infected machines to external control via Internet. They function in the same way as legal remote administration programs used by system administrators. This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer. Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open. Backdoor functions can include:

• Launching/ deleting files


• Sending/ receiving files


• Deleting data


• Displaying notification


• Rebooting the machine


• Executing files

Backdoors are used by virus writers to detect and download confidential information, execute malicious code, destroy data, include the machine in bot networks and so forth. Backdoors combine the functionality of most other types of in one package.


Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
These programs attack web servers by sending numerous requests to the specified server, often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.

---

EvilLife Also known as:

[Eset]IRC/LameBot.A trojan,IRC/mIRC-based trojan,Win32/IRC.A trojan,Win32/Mirchack.UPX trojan,Win32/Randon.BF worm,Win32/Tkbot.A trojan;
[Panda]Backdoor Program,Bck/IRC.Mirc.Based,Bck/Kuzey.A,Bck/mIRCBased.L,Bck/Ratsou.A,W32/Tzet.A.worm;
[Computer Associates]Backdoor/EvilLife,Backdoor/Tkbot,Win32.IRCFlood,Win32.Tzet.A,Win32/IRC.Flood!Trojan,Win32/IRC.Flood.APD.mIRC32!Troja,Win32/IRC.Flood.Config,Win32/IRC.Flood.F.mIRC32!Trojan,Win32/IRC.Flood.Reg3.Trojan,Win32/IRC.Flood.Trojan,Win32/IRCFlood.mIRC32!Trojan,Win32/mIRC32.Hider.Trojan,Win32/Pif.Trojan,Win32/Tzet.A!Worm

---

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\fonts\fonts\snak.exe
[%WINDOWS%]\fonts\fonts\windows.exe
[%WINDOWS%]\fonts\fonts\snak.exe
[%WINDOWS%]\fonts\fonts\windows.exe

How to detect EvilLife:

Files:
[%WINDOWS%]\fonts\fonts\snak.exe
[%WINDOWS%]\fonts\fonts\windows.exe
[%WINDOWS%]\fonts\fonts\snak.exe
[%WINDOWS%]\fonts\fonts\windows.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing EvilLife:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Removing ForBot Trojan
Downloader.ACV Adware Removal
DlToon Trojan Cleaner
InCommand Trojan Information
Remove IBar.cn Toolbar

Bancos.INK Trojan

Removing Bancos.INK
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers create multi-functional Trojans rather than Trojan packs.

---

Bancos.INK Also known as:

[Kaspersky]Backdoor.Win32.Delf.cdd;
[McAfee]PWS-Banker

---

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\lnk_dados_2.dll
[%WINDOWS%]\lnk_dados_2.dll

How to detect Bancos.INK:

Files:
[%WINDOWS%]\lnk_dados_2.dll
[%WINDOWS%]\lnk_dados_2.dll

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Bancos.INK:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Remove Meplex Adware
Downloader.ACV Adware Information
SillyDl.DIB Downloader Cleaner
Removing DlToon Trojan
DomainHelper Adware Removal instruction

ForBot Trojan

Removing ForBot
Categories: Trojan,Worm,Backdoor
This loose category includes a variety of Trojans that damage victim machines or threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers create multi-functional Trojans rather than Trojan packs.
Worms can be classified according to the propagation method they use, i.e. how they deliver copies of themselves to new victim machines. Worms can also be classified by installation method, launch method and finally according to characteristics standard to all malware: polymorphism, stealth etc.

Many of the worms which managed to cause significant outbreaks use more then one propagation method as well as more than one infection technique. The methods are listed separately below.
Backdoors are the most dangerous type of Trojans and the most popular. Backdoors open infected machines to external control via Internet. They function in the same way as legal remote administration programs used by system administrators. This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer. Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open. Backdoor functions can include:

• Launching/ deleting files


• Sending/ receiving files


• Deleting data


• Displaying notification


• Rebooting the machine


• Executing files

Backdoors are used by virus writers to detect and download confidential information, execute malicious code, destroy data, include the machine in bot networks and so forth. Backdoors combine the functionality of most other types of in one package.


Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

---

ForBot Also known as:

[Eset]Win32/Forbot.H trojan;
[Computer Associates]Win32.ForBot.J,Win32/ForBot.J.Worm

---

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\svchosting.exe
[%SYSTEM%]\svchosting.exe

How to detect ForBot:

Files:
[%SYSTEM%]\svchosting.exe
[%SYSTEM%]\svchosting.exe

Removing ForBot:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
DomainHelper Adware Symptoms
Removing IBar.cn Toolbar
Zlob.Fam.Internet Explorer Secure Plug-in Trojan Cleaner
ClickTheButton Adware Cleaner
Balloon.Pop.Word.Game Trojan Symptoms

PViever Trojan

Removing PViever
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers create multi-functional Trojans rather than Trojan packs.

---

PViever Also known as:

[Kaspersky]Backdoor.Win32.Delf.co;
[McAfee]Ptop

How to detect PViever:

Folders:
[%PROGRAM_FILES%]\PViever

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing PViever:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Remove DomainHelper Adware
Removing Badmin Trojan
Removing Zlob.Fam.Internet Explorer Secure Plug-in Trojan
ClickTheButton Adware Removal
SillyDl.DIB Downloader Removal

Zlob.Fam.VideoCompressionCodec Trojan

Removing Zlob.Fam.VideoCompressionCodec
Categories: Trojan,Popups
This loose category includes a variety of Trojans that damage victim machines or threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers create multi-functional Trojans rather than Trojan packs.
Adware is the class of programs that place advertisements on your screen. These may be in the form of pop-ups, pop-unders, advertisements embedded in programs, advertisements placed on top of ads in web sites, or any other way the authors can think of showing you an ad.

The pop-ups generally will not be stopped by pop-up stoppers, and often are not dependent on your having Internet Explorer open. They may show up when you are playing a game, writing a document, listening to music, or anything else. Should you be surfing, the advertisements will often be related to the web page you are viewing.

---

Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\VideoCompressionCodec\iesplugin.dll
[%PROGRAM_FILES%]\VideoCompressionCodec\iesuninst.exe
[%PROGRAM_FILES%]\VideoCompressionCodec\isaddon.dll
[%PROGRAM_FILES%]\VideoCompressionCodec\isamini.exe
[%PROGRAM_FILES%]\VideoCompressionCodec\isamonitor.exe
[%PROGRAM_FILES%]\VideoCompressionCodec\isauninst.exe
[%PROGRAM_FILES%]\VideoCompressionCodec\ot.ico
[%PROGRAM_FILES%]\VideoCompressionCodec\pmmon.exe
[%PROGRAM_FILES%]\VideoCompressionCodec\pmsngr.exe
[%PROGRAM_FILES%]\VideoCompressionCodec\pmuninst.exe
[%PROGRAM_FILES%]\VideoCompressionCodec\Thumbs.db
[%PROGRAM_FILES%]\VideoCompressionCodec\ts.ico
[%PROGRAM_FILES%]\VideoCompressionCodec\uninst.exe
[%PROGRAM_FILES%]\VideoCompressionCodec\iesplugin.dll
[%PROGRAM_FILES%]\VideoCompressionCodec\iesuninst.exe
[%PROGRAM_FILES%]\VideoCompressionCodec\isaddon.dll
[%PROGRAM_FILES%]\VideoCompressionCodec\isamini.exe
[%PROGRAM_FILES%]\VideoCompressionCodec\isamonitor.exe
[%PROGRAM_FILES%]\VideoCompressionCodec\isauninst.exe
[%PROGRAM_FILES%]\VideoCompressionCodec\ot.ico
[%PROGRAM_FILES%]\VideoCompressionCodec\pmmon.exe
[%PROGRAM_FILES%]\VideoCompressionCodec\pmsngr.exe
[%PROGRAM_FILES%]\VideoCompressionCodec\pmuninst.exe
[%PROGRAM_FILES%]\VideoCompressionCodec\Thumbs.db
[%PROGRAM_FILES%]\VideoCompressionCodec\ts.ico
[%PROGRAM_FILES%]\VideoCompressionCodec\uninst.exe

How to detect Zlob.Fam.VideoCompressionCodec:

Files:
[%PROGRAM_FILES%]\VideoCompressionCodec\iesplugin.dll
[%PROGRAM_FILES%]\VideoCompressionCodec\iesuninst.exe
[%PROGRAM_FILES%]\VideoCompressionCodec\isaddon.dll
[%PROGRAM_FILES%]\VideoCompressionCodec\isamini.exe
[%PROGRAM_FILES%]\VideoCompressionCodec\isamonitor.exe
[%PROGRAM_FILES%]\VideoCompressionCodec\isauninst.exe
[%PROGRAM_FILES%]\VideoCompressionCodec\ot.ico
[%PROGRAM_FILES%]\VideoCompressionCodec\pmmon.exe
[%PROGRAM_FILES%]\VideoCompressionCodec\pmsngr.exe
[%PROGRAM_FILES%]\VideoCompressionCodec\pmuninst.exe
[%PROGRAM_FILES%]\VideoCompressionCodec\Thumbs.db
[%PROGRAM_FILES%]\VideoCompressionCodec\ts.ico
[%PROGRAM_FILES%]\VideoCompressionCodec\uninst.exe
[%PROGRAM_FILES%]\VideoCompressionCodec\iesplugin.dll
[%PROGRAM_FILES%]\VideoCompressionCodec\iesuninst.exe
[%PROGRAM_FILES%]\VideoCompressionCodec\isaddon.dll
[%PROGRAM_FILES%]\VideoCompressionCodec\isamini.exe
[%PROGRAM_FILES%]\VideoCompressionCodec\isamonitor.exe
[%PROGRAM_FILES%]\VideoCompressionCodec\isauninst.exe
[%PROGRAM_FILES%]\VideoCompressionCodec\ot.ico
[%PROGRAM_FILES%]\VideoCompressionCodec\pmmon.exe
[%PROGRAM_FILES%]\VideoCompressionCodec\pmsngr.exe
[%PROGRAM_FILES%]\VideoCompressionCodec\pmuninst.exe
[%PROGRAM_FILES%]\VideoCompressionCodec\Thumbs.db
[%PROGRAM_FILES%]\VideoCompressionCodec\ts.ico
[%PROGRAM_FILES%]\VideoCompressionCodec\uninst.exe

Folders:
[%PROGRAM_FILES%]\VideoCompressionCodec

Registry Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{134F7664-943D-3BB9-65F5-70B91DF46C86}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoCompressionCodec

Removing Zlob.Fam.VideoCompressionCodec:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Remove Zlob.Fam.Internet Explorer Secure Plug-in Trojan
InCommand Trojan Cleaner
Excel.Yohimbe Trojan Removal
Removal.Wizard Adware Cleaner
Remove Nauj Adware

ClickTheButton Adware

Removing ClickTheButton
Categories: Adware
Adware are programs that facilitate delivery for advertising content to the user and in some cases gather information from the user's computer, including information related to Internet browser usage or other computer habits

How to detect ClickTheButton:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{ab4dd0f0-38da-4f48-aafe-7de7323bb6b2}
HKEY_LOCAL_MACHINE\software\ctb_brandedclient

Removing ClickTheButton:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Removing DomainHelper Adware
DlToon Trojan Cleaner
Reztuto Trojan Cleaner
Meplex Adware Removal
AntiSpyware.Soldier Adware Cleaner

SillyDl.DIB Downloader

Removing SillyDl.DIB
Categories: Downloader
This family of Trojans downloads and installs new malware or adware on the computer. The downloader then either launches the new malware or registers it to enable autorun according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the Trojan or downloaded from a specified website.

---

SillyDl.DIB Also known as:

[Kaspersky]Trojan-Downloader.Win32.Agent.ebx;
[McAfee]Generic.ca;
[Other]Win32/SillyDl.DIB,Downloader,TROJ_AGENT.ABAE,Mal/Generic-A

---

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\RavHelp.exe
[%SYSTEM%]\RavHelp.exe

How to detect SillyDl.DIB:

Files:
[%SYSTEM%]\RavHelp.exe
[%SYSTEM%]\RavHelp.exe

Registry Keys:
HKEY_CURRENT_USER\software\rirsing

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run

Removing SillyDl.DIB:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Remove Small.B Trojan
DlToon Trojan Removal instruction
Balloon.Pop.Word.Game Trojan Removal
Bitch.Controller Trojan Information
Badmin Trojan Cleaner

Reztuto Trojan

Removing Reztuto
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers create multi-functional Trojans rather than Trojan packs.

---

Reztuto Also known as:

[Kaspersky]Trojan.Win32.Small.kt;
[Other]Win32/Reztuto.A,Trojan.Goldun

---

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\swmclip.dll
[%SYSTEM%]\swmclip.dll

How to detect Reztuto:

Files:
[%SYSTEM%]\swmclip.dll
[%SYSTEM%]\swmclip.dll

Removing Reztuto:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Meplex Adware Removal
Remove Nauj Adware
Excel.Yohimbe Trojan Removal instruction
Removing Downloader.ACV Adware
Antivirus.Protection Ransomware Information

Antivirus.Protection Ransomware

Removing Antivirus.Protection
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of malware that encrypts the data belonging to an individual on a computer, demanding a ransom for its restoration.

The term ransomware is commonly used to describe such software, although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching a specially crafted file/program to an e-mail message and sending this to the victim.

If the victim opens/executes the attachment, the program encrypts a number of files on the victim's computer. A ransom note is then left behind for the victim.

The victim will be unable to open the encrypted files without the correct decryption key. Once the ransom demanded in the ransom note is paid, the cracker may (or may not) send the decryption key, enabling decryption of the "kidnapped" files.

---

Visible Symptoms:
Files in system folders:
[%DESKTOP%]\Antivirus Protection.lnk
[%SYSTEM%]\filekiller.dll
[%DESKTOP%]\Antivirus Protection.lnk
[%SYSTEM%]\filekiller.dll

How to detect Antivirus.Protection:

Files:
[%DESKTOP%]\Antivirus Protection.lnk
[%SYSTEM%]\filekiller.dll
[%DESKTOP%]\Antivirus Protection.lnk
[%SYSTEM%]\filekiller.dll

Folders:
[%PROGRAMS%]\Antivirus Protection
[%PROGRAM_FILES%]\Antivirus Protection

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\antivirusprotection.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\antivirus protection
HKEY_LOCAL_MACHINE\software\telecom advance\antivirus protection

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Antivirus.Protection:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
IBar.cn Toolbar Removal
VividKeyLogger Spyware Cleaner
Small.ct Backdoor Cleaner
Bopninja Trojan Symptoms
Removing Small.B Trojan

Meplex Adware

Removing Meplex
Categories: Adware
Adware are programs that facilitate delivery for advertising content to the user and in some cases gather information from the user's computer, including information related to Internet browser usage or other computer habits

---

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\appmgmt\msser.exe
[%SYSTEM%]\cba\task.exe
[%SYSTEM%]\dllcache\mstunint.dll
[%SYSTEM%]\dllcache\mstunmsk.dll
[%SYSTEM%]\dllcache\mstunmsr.dll
[%SYSTEM%]\icon\ebay.ico
[%SYSTEM%]\icon\ebay1.ico
[%SYSTEM%]\inetsrv\inet.exe
[%SYSTEM%]\appmgmt\msser.exe
[%SYSTEM%]\cba\task.exe
[%SYSTEM%]\dllcache\mstunint.dll
[%SYSTEM%]\dllcache\mstunmsk.dll
[%SYSTEM%]\dllcache\mstunmsr.dll
[%SYSTEM%]\icon\ebay.ico
[%SYSTEM%]\icon\ebay1.ico
[%SYSTEM%]\inetsrv\inet.exe

How to detect Meplex:

Files:
[%SYSTEM%]\appmgmt\msser.exe
[%SYSTEM%]\cba\task.exe
[%SYSTEM%]\dllcache\mstunint.dll
[%SYSTEM%]\dllcache\mstunmsk.dll
[%SYSTEM%]\dllcache\mstunmsr.dll
[%SYSTEM%]\icon\ebay.ico
[%SYSTEM%]\icon\ebay1.ico
[%SYSTEM%]\inetsrv\inet.exe
[%SYSTEM%]\appmgmt\msser.exe
[%SYSTEM%]\cba\task.exe
[%SYSTEM%]\dllcache\mstunint.dll
[%SYSTEM%]\dllcache\mstunmsk.dll
[%SYSTEM%]\dllcache\mstunmsr.dll
[%SYSTEM%]\icon\ebay.ico
[%SYSTEM%]\icon\ebay1.ico
[%SYSTEM%]\inetsrv\inet.exe

Registry Keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{DE60714F-AC17-427E-861A-FD60CBDF119A}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{de60714f-ac17-427e-861a-fd60cbdf119a}
HKEY_LOCAL_MACHINE\software\microsoft\tunl

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Meplex:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
SillyDl.DBN Trojan Cleaner
Removing Bitch.Controller Trojan
Badmin Trojan Information
TrojanClicker.Win32.Delf.ab Trojan Cleaner
DomainHelper Adware Information