Wednesday, October 15, 2008

MyTool Adware

Removing MyTool
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:
[%DESKTOP%]\mytoolbar7.dll
[%WINDOWS%]\comdlg66.dll
[%WINDOWS%]\comdlj32.dll
[%DESKTOP%]\mytoolbar7.dll
[%WINDOWS%]\comdlg66.dll
[%WINDOWS%]\comdlj32.dll

How to detect MyTool:

Files:
[%DESKTOP%]\mytoolbar7.dll
[%WINDOWS%]\comdlg66.dll
[%WINDOWS%]\comdlj32.dll
[%DESKTOP%]\mytoolbar7.dll
[%WINDOWS%]\comdlg66.dll
[%WINDOWS%]\comdlj32.dll

Removing MyTool:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
InCommand Trojan Removal instruction
SpySnipe Ransomware Cleaner
All.in.One Spyware Symptoms
Removing Qoologic Trojan
Remove Klemfor Trojan

Posted by at No comments:

Little.Pink.Prank Trojan

Removing Little.Pink.Prank
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Visible Symptoms:
Files in system folders:
[%COMMON_DOCUMENTS%]\vnc\vnc_x86_win32\winvnc\SETUP.INI
[%COMMON_DOCUMENTS%]\vnc\vnc_x86_win32\winvnc\setup.ins
[%COMMON_DOCUMENTS%]\vnc\vnc_x86_win32\winvnc\SETUP.INI
[%COMMON_DOCUMENTS%]\vnc\vnc_x86_win32\winvnc\setup.ins

How to detect Little.Pink.Prank:

Files:
[%COMMON_DOCUMENTS%]\vnc\vnc_x86_win32\winvnc\SETUP.INI
[%COMMON_DOCUMENTS%]\vnc\vnc_x86_win32\winvnc\setup.ins
[%COMMON_DOCUMENTS%]\vnc\vnc_x86_win32\winvnc\SETUP.INI
[%COMMON_DOCUMENTS%]\vnc\vnc_x86_win32\winvnc\setup.ins

Folders:
[%PROGRAM_FILES%]\realvnc

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\realvnc_is1
HKEY_LOCAL_MACHINE\software\realvnc
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\winvnc4
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winvnc4

Removing Little.Pink.Prank:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Chimo Backdoor
IBar.cn Toolbar Removal instruction
ClickTheButton Adware Removal
Remove DomainHelper Adware
Removing Renmog Trojan

Posted by at No comments:

Shareaza Worm

Removing Shareaza
Categories: Worm
Worms can be classified according to the propagation method they use,
i.e. how they deliver copies of themselves to new victim machines.
Worms can also be classified by installation method, launch method and finally according
to characteristics standard to all malware: polymorphism, stealth etc.

Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.
The methods are listed separately below.

How to detect Shareaza:

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing Shareaza:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
ShareAll Trojan Information
Sex.Niche.Guide Toolbar Cleaner
PViever Trojan Information
Remove Nauj Adware
Removal.Wizard Adware Removal instruction

Posted by at No comments:

Galorion Trojan

Removing Galorion
Categories: Trojan,Downloader
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
Galorion Also known as:

[Panda]Trojan Horse;
[Computer Associates]Win32.Galorion,Win32/Galaxer!Downloader;
[Other]Win32/Galorion.I
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\rsysinit.exe
[%PROFILE_TEMP%]\rsysinit.exe

How to detect Galorion:

Files:
[%PROFILE_TEMP%]\rsysinit.exe
[%PROFILE_TEMP%]\rsysinit.exe

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{50f2ff80-fa58-552a-8254-9700720f8292}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload

Removing Galorion:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Small.ct Backdoor
Sex.Niche.Guide Toolbar Information
TrojanDownloader.Win32.Small.nu Trojan Information
Removing IBar.cn Toolbar
Reztuto Trojan Removal

Posted by at No comments:

Renmog Trojan

Removing Renmog
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Renmog Also known as:

[Kaspersky]Trojan.Win32.Agent.ws,Trojan-Proxy.Win32.Agent.mu,Trojan.Win32.Agent.ayq;
[McAfee]Spy-Agent.ca!proxy;
[Other]Win32/Renmog.A,Trojan Horse,Win32/Renmog.B,Win32/Renmog,TrojanDownloader:Win32/Agent.AAA

How to detect Renmog:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Renmog:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Meplex Adware Removal instruction
Helpud Trojan Removal instruction
Agent.cv Trojan Symptoms
PViever Trojan Removal instruction
Removing SpySnipe Ransomware

Posted by at No comments:

Nagem Trojan

Removing Nagem
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Nagem Also known as:

[Other]Win32/Nagem.B
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\Systems.exe
[%SYSTEM%]\Systemdll.dll
[%SYSTEM%]\winsys\vgabits.vxd
[%SYSTEM%]\Systems.exe
[%SYSTEM%]\Systemdll.dll
[%SYSTEM%]\winsys\vgabits.vxd

How to detect Nagem:

Files:
[%SYSTEM%]\Systems.exe
[%SYSTEM%]\Systemdll.dll
[%SYSTEM%]\winsys\vgabits.vxd
[%SYSTEM%]\Systems.exe
[%SYSTEM%]\Systemdll.dll
[%SYSTEM%]\winsys\vgabits.vxd

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Nagem:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing ShareAll Trojan
ForBot Trojan Cleaner
Bancos.IOC Trojan Symptoms
Badmin Trojan Symptoms
Remove soft.stop Trojan

Posted by at No comments:

Immunizr Ransomware

Removing Immunizr
Categories: Ransomware
The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.
Immunizr Also known as:

[Kaspersky]Downloader.Win32.Agent.u;
[Panda]Application/Immunizr
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\Immunizr.lnk
[%DESKTOP%]\Immunizr.lnk

How to detect Immunizr:

Files:
[%DESKTOP%]\Immunizr.lnk
[%DESKTOP%]\Immunizr.lnk

Folders:
[%PROGRAMS%]\Immunizr
[%PROGRAM_FILES%]\Immunizr

Registry Keys:
HKEY_CURRENT_USER\software\immunizr
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\immunizr

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\shellnoroam\muicache

Removing Immunizr:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Caiijing Trojan
TrojanDownloader.Win32.Small.fi Trojan Symptoms
Remove Webdir.b Adware
Removing AntiSpyCheck Ransomware
Bancos.IOC Trojan Removal

Posted by at No comments:

Webdir.b Adware

Removing Webdir.b
Categories: Adware,BHO
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\VirtualDNS.dll
[%WINDOWS%]\VirtualDNS.dll

How to detect Webdir.b:

Files:
[%WINDOWS%]\VirtualDNS.dll
[%WINDOWS%]\VirtualDNS.dll

Removing Webdir.b:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove IGetNet.Keywords BHO
Removing Bancos.IOC Trojan
ShopNav BHO Symptoms
EvilLife Trojan Information
Remove ZSearch BHO

Posted by at No comments:

AntiSpyCheck Ransomware

Removing AntiSpyCheck
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of malware that encrypts the data belonging to an individual on a computer, demanding a ransom for its restoration.

The term ransomware is commonly used to describe such software, although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching a specially crafted file/program to an e-mail message and sending this to the victim.

If the victim opens/executes the attachment, the program encrypts a number of files on the victim's computer. A ransom note is then left behind for the victim.

The victim will be unable to open the encrypted files without the correct decryption key. Once the ransom demanded in the ransom note is paid, the cracker may (or may not) send the decryption key, enabling decryption of the "kidnapped" files.
AntiSpyCheck Also known as:

[Other]Win32/SpyAxe
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\AntiSpyCheck v2.4.lnk
[%STARTMENU%]\AntiSpyCheck v2.4.lnk
[%DESKTOP%]\AntiSpyCheck v2.4.lnk
[%STARTMENU%]\AntiSpyCheck v2.4.lnk

How to detect AntiSpyCheck:

Files:
[%DESKTOP%]\AntiSpyCheck v2.4.lnk
[%STARTMENU%]\AntiSpyCheck v2.4.lnk
[%DESKTOP%]\AntiSpyCheck v2.4.lnk
[%STARTMENU%]\AntiSpyCheck v2.4.lnk

Folders:
[%PROGRAMS%]\AntiSpyCheck
[%PROGRAM_FILES%]\AntiSpyCheck

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{d2608046-dd09-a225-01bf-70c1edd8b2e8}
HKEY_CLASSES_ROOT\clsid\{f3210e86-46a8-5973-963f-0ef4cf226a0c}
HKEY_CLASSES_ROOT\interface\{cf231820-9904-4a37-b5b0-c87ef6f6cc82}
HKEY_CLASSES_ROOT\typelib\{5aa883db-7cfd-4737-b3c3-c671595ecce5}
HKEY_LOCAL_MACHINE\software\antispycheck
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\antispycheck.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\antispycheck

Registry Values:
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing AntiSpyCheck:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
IGetNet.Keywords BHO Removal instruction
Remove IBar.cn Toolbar
Remove Delf.cw Trojan
AntiSpyware.Soldier Adware Symptoms
Meplex Adware Information

Posted by at No comments:

Bancos.IOC Trojan

Removing Bancos.IOC
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers create multi-functional Trojans rather than Trojan packs.

How to detect Bancos.IOC:

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\user agent\post platform

Removing Bancos.IOC:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
All.in.One Spyware Cleaner
Qoologic Trojan Symptoms
Removing VBS.Startpage Trojan
Removing Corkye Trojan
Remove InCommand Trojan

Posted by at No comments:

VBS.Startpage Trojan

Removing VBS.Startpage
Categories: Trojan,Adware,BHO,Backdoor,Hijacker,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content to the user and in some cases gather information from the user's computer, including information related to Internet browser usage or other computer habits
BHO (Browser Helper Object) Trojan. The BHO waits for the user to post personal information to a monitored website. As this information is entered by the user, it is captured by the BHO and sent back to the attacker. The method of network transport used by the attacker makes this Trojan unique. Typically, keyloggers of this type will send the stolen information back to the attacker via email or HTTP POST, which can appear suspicious. Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into the data section of an ICMP ping packet." explained the company.
Backdoors are the most dangerous type of Trojans and the most popular. Backdoors open infected machines to external control via Internet. They function in the same way as legal remote administration programs used by system administrators. This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer. Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open. Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information, execute malicious code, destroy data, include the machine in bot networks and so forth. Backdoors combine the functionality of most other types of in one package.


Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Hijackers are software programs that modify users' default browser home page, search settings, error page settings, or desktop wallpaper without adequate notice, disclosure, or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker instead of the user's designated home page. In some cases, the hijacker may block users from restoring their desired home page.

A search hijacker redirects search results to other pages and may transmit search and browsing data to unknown servers. An error page hijacker directs the browser to another page, usually an advertising page, instead of the usual error page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page, search pages, and search bar. They may also redirect you to certain sites should you mistype an address or prevent you from going to a website they would rather you not, such as sites that combat malware. Some will even redirect you to their own search engine when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.
These utilities are designed to penetrate remote computers in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.
VBS.Startpage Also known as:

[Kaspersky]Trojan.VBS.StartPage.e,Trojan.VBS.StartPage.ax;
[Eset]VBS/StartPage.U.gen trojan;
[Panda]Trj/StartPage.AH,Trojan Horse;
[Computer Associates]VBS.Startpage.BZ,VBS/IEStart!Worm,VBS/Startpage!Trojan,VBS.Startpage.AP;
[Other]VBS/Startpage.UI,VBS/Startpage.UJ
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\divx.exe
[%SYSTEM%]\rundll32.vbe
[%WINDOWS%]\system\divx.exe
[%WINDOWS%]\system\rundll32.vbe
[%SYSTEM%]\divx.exe
[%SYSTEM%]\rundll32.vbe
[%WINDOWS%]\system\divx.exe
[%WINDOWS%]\system\rundll32.vbe

How to detect VBS.Startpage:

Files:
[%SYSTEM%]\divx.exe
[%SYSTEM%]\rundll32.vbe
[%WINDOWS%]\system\divx.exe
[%WINDOWS%]\system\rundll32.vbe
[%SYSTEM%]\divx.exe
[%SYSTEM%]\rundll32.vbe
[%WINDOWS%]\system\divx.exe
[%WINDOWS%]\system\rundll32.vbe

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing VBS.Startpage:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
soft.stop Trojan Cleaner
TrojanDownloader.Win32.Small.fi Trojan Information
Chimo Backdoor Symptoms
Remove BullsEye.Network Adware
Win32.Qoologic Trojan Information

Posted by at No comments:
Subscribe to: Posts (Atom)