Tuesday, October 21, 2008

Bidpher Trojan

Removing Bidpher
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Bidpher Also known as:

[Kaspersky]Backdoor.Win32.Agent.fo,SpamTool.Win32.Agent.s;
[McAfee]Spam-Mailbot;
[Other]Win32/Bidpher.G,Backdoor.Nibu,Win32/Bidpher,Win32/Bidpher.F,Trojan.Abwiz

How to detect Bidpher:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512006}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512007}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512001}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512002}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512003}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512004}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512005}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512008}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512009}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512010}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512011}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512012}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512013}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512014}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512015}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512016}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512017}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512018}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512019}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512020}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512021}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512022}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512023}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512024}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512025}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512026}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512027}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512028}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512029}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512030}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512031}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512032}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512033}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512034}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512035}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512036}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512037}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512038}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512039}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512040}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512041}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512042}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512043}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512044}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512045}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512046}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512047}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512048}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512049}
HKEY_CLASSES_ROOT\clsid\{a3bc5e20-0235-1abf-9ce1-00aa00512050}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload

Removing Bidpher:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
small.awd Downloader Cleaner
Bancos.INK Trojan Cleaner
DomainHelper Adware Removal instruction
MyTool Adware Symptoms
Ieasis Ransomware Information

Posted by at No comments:

Desktop.Personal Spyware

Removing Desktop.Personal
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.

How to detect Desktop.Personal:

Folders:
[%PROGRAM_FILES%]\ODSP

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\odsp 6.0.2
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_odsp_host
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\odsp host

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Desktop.Personal:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing RelatedLinks Adware
Win32.TrojanDownloader.Keenval Trojan Information
CommonName.Zenet Hijacker Symptoms
Remove Win32.Qoologic Trojan
Badmin Trojan Symptoms

Posted by at No comments:

Pest Trap Ransomware

Removing Pest Trap
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe software that encrypts the data
belonging to an individual on a computer, demanding a ransom for its restoration.
Although the field known as cryptovirology predates the term "ransomware".
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\pesttrap.lnk
[%PROGRAM_FILES%]\PestTrap\base.avd
[%PROGRAM_FILES%]\PestTrap\base001.avd
[%PROGRAM_FILES%]\PestTrap\base002.avd
[%PROGRAM_FILES%]\PestTrap\found.wav
[%PROGRAM_FILES%]\PestTrap\heur000.dll
[%PROGRAM_FILES%]\PestTrap\heur001.dll
[%PROGRAM_FILES%]\PestTrap\heur002.dll
[%PROGRAM_FILES%]\PestTrap\heur003.dll
[%PROGRAM_FILES%]\PestTrap\notfound.wav
[%PROGRAM_FILES%]\PestTrap\PestTrap.dvm
[%PROGRAM_FILES%]\PestTrap\PestTrap.exe
[%PROGRAM_FILES%]\PestTrap\removed.wav
[%PROGRAM_FILES%]\PestTrap\Uninstall.exe
[%DESKTOP%]\pesttrap.lnk
[%PROGRAM_FILES%]\PestTrap\base.avd
[%PROGRAM_FILES%]\PestTrap\base001.avd
[%PROGRAM_FILES%]\PestTrap\base002.avd
[%PROGRAM_FILES%]\PestTrap\found.wav
[%PROGRAM_FILES%]\PestTrap\heur000.dll
[%PROGRAM_FILES%]\PestTrap\heur001.dll
[%PROGRAM_FILES%]\PestTrap\heur002.dll
[%PROGRAM_FILES%]\PestTrap\heur003.dll
[%PROGRAM_FILES%]\PestTrap\notfound.wav
[%PROGRAM_FILES%]\PestTrap\PestTrap.dvm
[%PROGRAM_FILES%]\PestTrap\PestTrap.exe
[%PROGRAM_FILES%]\PestTrap\removed.wav
[%PROGRAM_FILES%]\PestTrap\Uninstall.exe

How to detect Pest Trap:

Files:
[%DESKTOP%]\pesttrap.lnk
[%PROGRAM_FILES%]\PestTrap\base.avd
[%PROGRAM_FILES%]\PestTrap\base001.avd
[%PROGRAM_FILES%]\PestTrap\base002.avd
[%PROGRAM_FILES%]\PestTrap\found.wav
[%PROGRAM_FILES%]\PestTrap\heur000.dll
[%PROGRAM_FILES%]\PestTrap\heur001.dll
[%PROGRAM_FILES%]\PestTrap\heur002.dll
[%PROGRAM_FILES%]\PestTrap\heur003.dll
[%PROGRAM_FILES%]\PestTrap\notfound.wav
[%PROGRAM_FILES%]\PestTrap\PestTrap.dvm
[%PROGRAM_FILES%]\PestTrap\PestTrap.exe
[%PROGRAM_FILES%]\PestTrap\removed.wav
[%PROGRAM_FILES%]\PestTrap\Uninstall.exe
[%DESKTOP%]\pesttrap.lnk
[%PROGRAM_FILES%]\PestTrap\base.avd
[%PROGRAM_FILES%]\PestTrap\base001.avd
[%PROGRAM_FILES%]\PestTrap\base002.avd
[%PROGRAM_FILES%]\PestTrap\found.wav
[%PROGRAM_FILES%]\PestTrap\heur000.dll
[%PROGRAM_FILES%]\PestTrap\heur001.dll
[%PROGRAM_FILES%]\PestTrap\heur002.dll
[%PROGRAM_FILES%]\PestTrap\heur003.dll
[%PROGRAM_FILES%]\PestTrap\notfound.wav
[%PROGRAM_FILES%]\PestTrap\PestTrap.dvm
[%PROGRAM_FILES%]\PestTrap\PestTrap.exe
[%PROGRAM_FILES%]\PestTrap\removed.wav
[%PROGRAM_FILES%]\PestTrap\Uninstall.exe

Folders:
[%PROGRAMS%]\pesttrap
[%PROGRAM_FILES%]\pesttrap

Registry Keys:
HKEY_CURRENT_USER\Software\PestTrap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pest Trap

Registry Values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Removing Pest Trap:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Klemfor Trojan
Remove Bitch.Controller Trojan
Remove Corkye Trojan
Malum.ANBG Trojan Removal
Removing BT Trojan

Posted by at No comments:

Dewnuttin Trojan

Removing Dewnuttin
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Dewnuttin Also known as:

[Kaspersky]Trojan-Downloader.Win32.Small.cxx;
[McAfee]Generic Downloader.f;
[F-Prot]W32/Trojan.GNQ;
[Other]Win32/Dewnuttin.A,SecurityRisk.Downldr,TrojanDownloader:Win32/Small.BCD,W32/DLoader.FJG,Troj/Small-BBP,Trojan:Win32/AT,Trojan-Downloader.Win32.Small.cxx,trojan-downloader-evko.biz
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\1.dllb
[%SYSTEM%]\dlh9jkd1q1.exe
[%PROFILE_TEMP%]\1.dllb
[%SYSTEM%]\dlh9jkd1q1.exe

How to detect Dewnuttin:

Files:
[%PROFILE_TEMP%]\1.dllb
[%SYSTEM%]\dlh9jkd1q1.exe
[%PROFILE_TEMP%]\1.dllb
[%SYSTEM%]\dlh9jkd1q1.exe

Removing Dewnuttin:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing IGetNet.Keywords BHO
Keylogger.Spy.Software Spyware Cleaner
Bopninja Trojan Information
OnFlow Adware Cleaner
All.in.One Spyware Removal instruction

Posted by at No comments:

Rbot.EGV Trojan

Removing Rbot.EGV
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Rbot.EGV Also known as:

[Kaspersky]Backdoor.Win32.Rbot.akq;
[F-Prot]W32/Spybot.OBT;
[Other]W32/Rbot.EGV,W32/Rbot-BCD
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\recyclecl.exe
[%SYSTEM%]\aspr_keys.ini
[%SYSTEM%]\recyclecl.exe
[%SYSTEM%]\aspr_keys.ini

How to detect Rbot.EGV:

Files:
[%SYSTEM%]\recyclecl.exe
[%SYSTEM%]\aspr_keys.ini
[%SYSTEM%]\recyclecl.exe
[%SYSTEM%]\aspr_keys.ini

Registry Values:
HKEY_CURRENT_USER\software\microsoft\ole
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices
HKEY_CURRENT_USER\system\currentcontrolset\control\lsa
HKEY_LOCAL_MACHINE\software\microsoft\ole
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

Removing Rbot.EGV:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Push Trojan Information
Fenster Trojan Removal instruction
RegFreeze.net::RegFreeze Adware Cleaner
Small.ct Backdoor Removal instruction
Antivirus.Protection Ransomware Removal

Posted by at No comments:

Choprox Backdoor

Removing Choprox
Categories: Backdoor
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Choprox Also known as:

[Kaspersky]Trojan-Proxy.Win32.Small.bt;
[McAfee]Generic Proxy.c;
[F-Prot]W32/Trojan.DCI;
[Other]Win32/Choprox.F,Trojan Horse,TrojanProxy:Win32/Small,W32/Smalltroj.BOB,TROJ_PROXY.AC,Troj/Stox-E,Krepper,trojan-backdoor-traffstore

How to detect Choprox:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Choprox:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
IconDrop Trojan Symptoms
Caiijing Trojan Information
Other Downloader Information
Druvil Trojan Removal
XSRemover Trojan Information

Posted by at No comments:

PWS.Banker.gen Trojan

Removing PWS.Banker.gen
Categories: Trojan,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.
PWS.Banker.gen Also known as:

[McAfee]PWS-Banker.gen.i,PWS-Banker.gen.I;
[Other]Win32/Bancos.FTX,Win32/Bancos.FYC,Win32/Bancos.GDO,Win32/Bancos.IGW,Mal/DelpBanc-A
Visible Symptoms:
Files in system folders:
[%COMMON_STARTUP%]\lsass.exe
[%SYSTEM%]\WorkFile.exe
[%COMMON_STARTUP%]\lsass.exe
[%SYSTEM%]\WorkFile.exe

How to detect PWS.Banker.gen:

Files:
[%COMMON_STARTUP%]\lsass.exe
[%SYSTEM%]\WorkFile.exe
[%COMMON_STARTUP%]\lsass.exe
[%SYSTEM%]\WorkFile.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing PWS.Banker.gen:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
VBS.Startpage Trojan Removal
Remove Ieasis Ransomware
Wnad Spyware Removal instruction
OnFlow Adware Information
Removing Zlob.Fam.Protection Tools Trojan

Posted by at No comments:

NetSpy.KeyLogger Spyware

Removing NetSpy.KeyLogger
Categories: Spyware
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\captur~1.ocx
[%SYSTEM%]\kbhook.dll
[%SYSTEM%]\capturescreen.ocx
[%SYSTEM%]\nconfig.exe
[%SYSTEM%]\nsutil.exe
[%SYSTEM%]\nsys.exe
[%SYSTEM%]\captur~1.ocx
[%SYSTEM%]\kbhook.dll
[%SYSTEM%]\capturescreen.ocx
[%SYSTEM%]\nconfig.exe
[%SYSTEM%]\nsutil.exe
[%SYSTEM%]\nsys.exe

How to detect NetSpy.KeyLogger:

Files:
[%SYSTEM%]\captur~1.ocx
[%SYSTEM%]\kbhook.dll
[%SYSTEM%]\capturescreen.ocx
[%SYSTEM%]\nconfig.exe
[%SYSTEM%]\nsutil.exe
[%SYSTEM%]\nsys.exe
[%SYSTEM%]\captur~1.ocx
[%SYSTEM%]\kbhook.dll
[%SYSTEM%]\capturescreen.ocx
[%SYSTEM%]\nconfig.exe
[%SYSTEM%]\nsutil.exe
[%SYSTEM%]\nsys.exe

Folders:
[%PROGRAMS%]\netspy configurator.lnk

Registry Keys:
HKEY_CLASSES_ROOT\capturescreens.capturescreen
HKEY_CLASSES_ROOT\clsid\{5508498f-7911-11d4-92d5-00105a1a0059}
HKEY_CLASSES_ROOT\clsid\{55084990-7911-11d4-92d5-00105a1a0059}
HKEY_CLASSES_ROOT\clsid\{55084991-7911-11d4-92d5-00105a1a0059}
HKEY_CLASSES_ROOT\clsid\{55084995-7911-11d4-92d5-00105a1a0059}
HKEY_CLASSES_ROOT\interface\{55084990-7911-11d4-92d5-00105a1a0059}
HKEY_CLASSES_ROOT\interface\{55084995-7911-11d4-92d5-00105a1a0059}
HKEY_CLASSES_ROOT\typelib\{5508498f-7911-11d4-92d5-00105a1a0059}
HKEY_LOCAL_MACHINE\software\classes\capturescreens.capturescreen
HKEY_LOCAL_MACHINE\software\classes\clsid\{55084991-7911-11d4-92d5-00105a1a0059}
HKEY_LOCAL_MACHINE\software\classes\interface\{55084990-7911-11d4-92d5-00105a1a0059}
HKEY_LOCAL_MACHINE\software\classes\interface\{55084995-7911-11d4-92d5-00105a1a0059}
HKEY_LOCAL_MACHINE\software\classes\typelib\{5508498f-7911-11d4-92d5-00105a1a0059}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\nsys.exe
HKEY_LOCAL_MACHINE\software\s7000\string1

Registry Values:
HKEY_CURRENT_USER\software\netspy
HKEY_CURRENT_USER\software\netspy
HKEY_CURRENT_USER\software\netspy
HKEY_CURRENT_USER\software\netspy
HKEY_CURRENT_USER\software\netspy
HKEY_CURRENT_USER\software\netspy
HKEY_CURRENT_USER\software\netspy
HKEY_CURRENT_USER\software\netspy
HKEY_CURRENT_USER\software\netspy
HKEY_CURRENT_USER\software\netspy
HKEY_CURRENT_USER\software\netspy
HKEY_CURRENT_USER\software\netspy
HKEY_CURRENT_USER\software\netspy
HKEY_CURRENT_USER\software\netspy
HKEY_CURRENT_USER\software\netspy
HKEY_CURRENT_USER\software\netspy
HKEY_CURRENT_USER\software\netspy
HKEY_CURRENT_USER\software\netspy
HKEY_CURRENT_USER\software\netspy
HKEY_CURRENT_USER\software\netspy
HKEY_CURRENT_USER\software\netspy
HKEY_CURRENT_USER\software\netspy
HKEY_CURRENT_USER\software\netspy
HKEY_CURRENT_USER\software\netspy
HKEY_CURRENT_USER\software\netspy
HKEY_CURRENT_USER\software\s7000\string1
HKEY_CURRENT_USER\software\s7000\string2
HKEY_LOCAL_MACHINE\hardware\resourcemap\pnp manager\pnpmanager
HKEY_LOCAL_MACHINE\hardware\resourcemap\pnp manager\pnpmanager
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\netspy
HKEY_LOCAL_MACHINE\software\netspy
HKEY_LOCAL_MACHINE\software\netspy
HKEY_LOCAL_MACHINE\software\netspy
HKEY_LOCAL_MACHINE\software\netspy
HKEY_LOCAL_MACHINE\software\netspy
HKEY_LOCAL_MACHINE\software\netspy
HKEY_LOCAL_MACHINE\software\netspy
HKEY_LOCAL_MACHINE\software\netspy
HKEY_LOCAL_MACHINE\software\netspy
HKEY_LOCAL_MACHINE\software\netspy
HKEY_LOCAL_MACHINE\software\netspy
HKEY_LOCAL_MACHINE\software\netspy
HKEY_LOCAL_MACHINE\software\netspy
HKEY_LOCAL_MACHINE\software\netspy
HKEY_LOCAL_MACHINE\software\netspy
HKEY_LOCAL_MACHINE\software\netspy
HKEY_LOCAL_MACHINE\software\netspy
HKEY_LOCAL_MACHINE\software\netspy

Removing NetSpy.KeyLogger:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Zlob.Fam.Internet Explorer Secure Plug-in Trojan Symptoms
ForBot Trojan Removal instruction
Emusaffil Trojan Removal
Essgol Trojan Removal
Agent.kf Trojan Removal instruction

Posted by at No comments:
Subscribe to: Posts (Atom)