Thursday, October 16, 2008

BackDoor.BAC.gen Backdoor

Removing BackDoor.BAC.gen
Categories: Backdoor
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
BackDoor.BAC.gen Also known as:

[McAfee]BackDoor-BAC.gen.e;
[Other]Troj/Haxdor-Gen,Trojan-Win32/HideDrv.gen!sys
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\00aaqwxz.dat
[%SYSTEM%]\88st.init
[%SYSTEM%]\lannui.sys
[%SYSTEM%]\muilan.dll
[%SYSTEM%]\00aaqwxz.dat
[%SYSTEM%]\88st.init
[%SYSTEM%]\lannui.sys
[%SYSTEM%]\muilan.dll

How to detect BackDoor.BAC.gen:

Files:
[%SYSTEM%]\00aaqwxz.dat
[%SYSTEM%]\88st.init
[%SYSTEM%]\lannui.sys
[%SYSTEM%]\muilan.dll
[%SYSTEM%]\00aaqwxz.dat
[%SYSTEM%]\88st.init
[%SYSTEM%]\lannui.sys
[%SYSTEM%]\muilan.dll

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\muilan
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\lannui.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\muilan.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network\lannui.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network\muilan.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_lannui
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\lannui
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\muilan

Removing BackDoor.BAC.gen:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
BT Trojan Symptoms
Spabot.x Trojan Removal instruction
BullsEye.Network Adware Information
Remove Zlob.Fam.VideoCompressionCodec Trojan
SillyDl.DBN Trojan Symptoms

Posted by at No comments:

Bifrost Trojan

Removing Bifrost
Categories: Trojan,Backdoor
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Bifrost Also known as:

[Kaspersky]Trojan.Win32.Pakes,Backdoor.Win32.Bifrose.bk,Backdoor.Win32.Bifrose.ri,Backdoor.Win32.Bifrose.aba,Backdoor.Win32.Bifrose.axe,Trojan-Dropper.Win32.Delf.wj,Backdoor.Win32.Bifrose.adr,Backdoor.Win32.Bifrose.yg;
[McAfee]Backdoor-CEP.svr,BackDoor-CEP,BackDoor-CEP.svr,BackDoor-CWT.dr;
[F-Prot]W32/BifrostX.DKP,W32/Trojan.CTU;
[Other]Bifrose.D,Win32/Bifrost!generic,Backdoor.Bifrose,Win32/Bifrost.BN,Troj/Delf-EXC,Win32/Bifrost.BS,VirTool:Win32/Obfuscator.C,BKDR_BIFROSE.QV,Troj/Bckdr-PQZ,Win32/Bifrost.CG,W32/Bifrose.JGK,Win32/Bifrost.CM,W32/Delf.ATGM,Trojan:Win32/Meredrop,Trojan Horse,Win32/Bifrose.ACI,Backdoor.Bifrose.E
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\plugin1.dat
[%SYSTEM%]\SysPr.prx
[%WINDOWS%]\plugin1.dat
[%WINDOWS%]\SysPr.prx
[%PROFILE%]\Local Settings\otynb.exe
[%PROFILE_TEMP%]\vndoe.exe
[%SYSTEM%]\Movesearch.exe
[%SYSTEM%]\msconf.exe
[%SYSTEM%]\serier.exe
[%SYSTEM%]\vndoe.exe
[%SYSTEM%]\Wintemp.exe
[%WINDOWS%]\msnmess79.exe
[%SYSTEM%]\plugin1.dat
[%SYSTEM%]\SysPr.prx
[%WINDOWS%]\plugin1.dat
[%WINDOWS%]\SysPr.prx
[%PROFILE%]\Local Settings\otynb.exe
[%PROFILE_TEMP%]\vndoe.exe
[%SYSTEM%]\Movesearch.exe
[%SYSTEM%]\msconf.exe
[%SYSTEM%]\serier.exe
[%SYSTEM%]\vndoe.exe
[%SYSTEM%]\Wintemp.exe
[%WINDOWS%]\msnmess79.exe

How to detect Bifrost:

Files:
[%SYSTEM%]\plugin1.dat
[%SYSTEM%]\SysPr.prx
[%WINDOWS%]\plugin1.dat
[%WINDOWS%]\SysPr.prx
[%PROFILE%]\Local Settings\otynb.exe
[%PROFILE_TEMP%]\vndoe.exe
[%SYSTEM%]\Movesearch.exe
[%SYSTEM%]\msconf.exe
[%SYSTEM%]\serier.exe
[%SYSTEM%]\vndoe.exe
[%SYSTEM%]\Wintemp.exe
[%WINDOWS%]\msnmess79.exe
[%SYSTEM%]\plugin1.dat
[%SYSTEM%]\SysPr.prx
[%WINDOWS%]\plugin1.dat
[%WINDOWS%]\SysPr.prx
[%PROFILE%]\Local Settings\otynb.exe
[%PROFILE_TEMP%]\vndoe.exe
[%SYSTEM%]\Movesearch.exe
[%SYSTEM%]\msconf.exe
[%SYSTEM%]\serier.exe
[%SYSTEM%]\vndoe.exe
[%SYSTEM%]\Wintemp.exe
[%WINDOWS%]\msnmess79.exe

Folders:
[%PROGRAM_FILES%]\Bifrost
[%PROGRAM_FILES%]\Nvidia Mgr

Registry Keys:
HKEY_CURRENT_USER\software\wget
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9b71d88c-c598-4935-c5d1-43aa4db90836}
HKEY_LOCAL_MACHINE\software\wget
HKEY_LOCAL_MACHINE\software\xvid
HKEY_CURRENT_USER\software\bifrost
HKEY_CURRENT_USER\software\nvidia manager
HKEY_CURRENT_USER\software\skav
HKEY_CURRENT_USER\software\skavx
HKEY_LOCAL_MACHINE\software\bifrost
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4535f32f-d292-b784-7926-7419ade0a94b}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{df709a68-7856-4acf-2b73-8e9a4693507c}
HKEY_LOCAL_MACHINE\software\mscrop
HKEY_LOCAL_MACHINE\software\skav
HKEY_LOCAL_MACHINE\software\skavx

Registry Values:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\mscrop
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{a5cdf7ec-751b-46aa-ad69-4005fe080de8}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{a5cdf7ec-751b-46aa-ad69-4005fe080de9}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\nvidia manager

Removing Bifrost:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
BBot Trojan Cleaner
Removing TrojanDownloader.Win32.Rameh Trojan
Removing Delf.cw Trojan
DomainHelper Adware Removal instruction
Zlob.Fam.Protection Tools Trojan Symptoms

Posted by at No comments:

Ciadoor Trojan

Removing Ciadoor
Categories: Trojan,Backdoor,RAT
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.
Ciadoor Also known as:

[Kaspersky]Backdoor.Win32.Ciadoor.12.a,Backdoor.Win32.Ciadoor.13;
[Panda]Bck/Ciadoor.A,Bck/Ciadoor.C,Backdoor Program;
[Computer Associates]Win32.Ciadoor.121.B,Win32/Ciadoor.121.B!Backdoor!Ser,Win32/Ciadoor.122!Backdoor!Serve,Win32.Ciadoor.121.C,Win32/Ciadoor.12.A!Backdoor!Serv;
[Other]Win32/Ciadoor.M,Backdoor.Ciadoor
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\wsock32.sys
[%SYSTEM%]\wsock32.sys

How to detect Ciadoor:

Files:
[%SYSTEM%]\wsock32.sys
[%SYSTEM%]\wsock32.sys

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list

Removing Ciadoor:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
TrojanDownloader.Win32.Rameh Trojan Cleaner
Immunizr Ransomware Information
IBar.cn Toolbar Cleaner
Removing MyTool Adware
BT Trojan Cleaner

Posted by at No comments:

CommonName.Zenet Hijacker

Removing CommonName.Zenet
Categories: Hijacker
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

How to detect CommonName.Zenet:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing CommonName.Zenet:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Klemfor Trojan
Balloon.Pop.Word.Game Trojan Cleaner
MyTool Adware Removal
Essgol Trojan Information
Caiijing Trojan Symptoms

Posted by at No comments:

Security Toolbar

Removing Security
Categories: Toolbar
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
Security Also known as:

[Kaspersky]AdWare.Win32.Agent.nt;
[McAfee]Puper;
[Other]Win32/Boarim.AK,Downloader.MisleadApp,TrojanDownloader:Win32/Zlob.gen!Z,Troj/Zlobie-Gen
Visible Symptoms:
Files in system folders:
[%COMMON_STARTMENU%]\Live Safety Center.lnk
[%COMMON_STARTMENU%]\Online Security Guide.lnk
[%DESKTOP%]\Live Safety Center.lnk
[%DESKTOP%]\Online Security Guide.lnk
[%FAVORITES%]\Online Security Guide.lnk
[%PROGRAM_FILES%]\Hammer.dll
[%COMMON_STARTMENU%]\Live Safety Center.lnk
[%COMMON_STARTMENU%]\Online Security Guide.lnk
[%DESKTOP%]\Live Safety Center.lnk
[%DESKTOP%]\Online Security Guide.lnk
[%FAVORITES%]\Online Security Guide.lnk
[%PROGRAM_FILES%]\Hammer.dll

How to detect Security:

Files:
[%COMMON_STARTMENU%]\Live Safety Center.lnk
[%COMMON_STARTMENU%]\Online Security Guide.lnk
[%DESKTOP%]\Live Safety Center.lnk
[%DESKTOP%]\Online Security Guide.lnk
[%FAVORITES%]\Online Security Guide.lnk
[%PROGRAM_FILES%]\Hammer.dll
[%COMMON_STARTMENU%]\Live Safety Center.lnk
[%COMMON_STARTMENU%]\Online Security Guide.lnk
[%DESKTOP%]\Live Safety Center.lnk
[%DESKTOP%]\Online Security Guide.lnk
[%FAVORITES%]\Online Security Guide.lnk
[%PROGRAM_FILES%]\Hammer.dll

Folders:
[%PROGRAM_FILES%]\Security Toolbar

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}
HKEY_CLASSES_ROOT\clsid\{23ed2206-856d-461a-bbcf-1c2466ac5ae3}
HKEY_CLASSES_ROOT\clsid\{736b5468-bdad-41be-92d0-22ae2ddf7bcb}
HKEY_CLASSES_ROOT\clsid\{a95b2816-1d7e-4561-a202-68c0de02353a}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{736b5468-bdad-41be-92d0-22ae2ddf7bcb}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{a95b2816-1d7e-4561-a202-68c0de02353a}

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar

Removing Security:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
AntiSpyCheck Ransomware Removal
BBot Trojan Removal instruction
ClickTheButton Adware Symptoms
Remove Bancos.IOC Trojan
VBS.Startpage Trojan Removal

Posted by at No comments:

IncrediFind Hijacker

Removing IncrediFind
Categories: Hijacker
A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\incredifindbholog.tmp
[%PROFILE_TEMP%]\incredifindbholog.tmp

How to detect IncrediFind:

Files:
[%PROFILE_TEMP%]\incredifindbholog.tmp
[%PROFILE_TEMP%]\incredifindbholog.tmp

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks

Removing IncrediFind:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Shareaza Worm Removal instruction
Meplex Adware Cleaner
Helpud Trojan Symptoms
Remove soft.stop Trojan
Removing Chimo Backdoor

Posted by at No comments:

MetaDirect Adware

Removing MetaDirect
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

How to detect MetaDirect:

Registry Keys:
HKEY_CLASSES_ROOT\interface\{305f57e2-4479-4f5b-a76e-e67babe2355c}

Removing MetaDirect:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Small.ct Backdoor Information
Remove MyTool Adware
Meridian Adware Removal
Removing RelatedLinks Adware
Removing ShopNav BHO

Posted by at No comments:

BBot Trojan

Removing BBot
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
BBot Also known as:

[Kaspersky]Backdoor.Geweb.a;
[Panda]Backdoor Program;
[Computer Associates]Win32/BBot.073!Trojan,Win32.BBot

How to detect BBot:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{965e6b07-6832-4738-bdbe-25f226ba2ab0}
HKEY_CLASSES_ROOT\clsid\{dd1bca06-f674-424d-a08e-42da97c4d5dd}
HKEY_CLASSES_ROOT\typelib\{d02ee3a0-1881-419f-a5ed-737223463292}
HKEY_LOCAL_MACHINE\software\qcbar

Removing BBot:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
IGetNet.Keywords BHO Information
Zlob.br Downloader Cleaner
Remove Shareaza Worm
Bopninja Trojan Symptoms
Spabot.x Trojan Cleaner

Posted by at No comments:

Zlob.br Downloader

Removing Zlob.br
Categories: Downloader
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

How to detect Zlob.br:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{724510c3-f3c8-4fb7-879a-d99f29008a2f}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{724510c3-f3c8-4fb7-879a-d99f29008a2f}

Removing Zlob.br:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Push Trojan Removal instruction
OnFlow Adware Information
Renmog Trojan Removal
Removing Malum.ANBG Trojan
ShopNav BHO Cleaner

Posted by at No comments:
Subscribe to: Posts (Atom)