Malware Info: 10/26/08

IEDial Adware

Removing IEDial
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

How to detect IEDial:

Registry Keys: HKEY_CLASSES_ROOT\clsid\{946b0485-8f8c-4c35-a6e7-d2115e3b0b4f}

Removing IEDial:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove ANWB BHO
Remove OnFlow Adware
Remove SurfAccuracyUpdater Downloader
Bopninja Trojan Removal
Reztuto Trojan Symptoms

Aniquro Toolbar

Removing Aniquro
Categories: Toolbar
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

Visible Symptoms:
Files in system folders:

 
[%INTERNET_CACHE%]\Content.IE5\0A6SP3NS\popcaploader_v5[1].cab
[%INTERNET_CACHE%]\Content.IE5\QWHVBX0Q\popcaploader_v5[1].cab
[%INTERNET_CACHE%]\Content.IE5\0A6SP3NS\popcaploader_v5[1].cab
[%INTERNET_CACHE%]\Content.IE5\QWHVBX0Q\popcaploader_v5[1].cab

How to detect Aniquro:

Files: [%INTERNET_CACHE%]\Content.IE5\0A6SP3NS\popcaploader_v5[1].cab [%INTERNET_CACHE%]\Content.IE5\QWHVBX0Q\popcaploader_v5[1].cab [%INTERNET_CACHE%]\Content.IE5\0A6SP3NS\popcaploader_v5[1].cab [%INTERNET_CACHE%]\Content.IE5\QWHVBX0Q\popcaploader_v5[1].cab

Folders: [%PROGRAM_FILES%]\aniquro

Removing Aniquro:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove AntiSpyware.Soldier Adware
SmartFixer Ransomware Information
Small.B Trojan Removal instruction
TrojanDownloader.Win32.Small.nu Trojan Cleaner
IncrediFind Hijacker Removal instruction

PStopper Adware

Removing PStopper
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

Visible Symptoms:
Files in system folders:

 
[%PROFILE_TEMP%]\psuninstall.exe
[%PROFILE_TEMP%]\psuninstall.exe

How to detect PStopper:

Files: [%PROFILE_TEMP%]\psuninstall.exe [%PROFILE_TEMP%]\psuninstall.exe

Removing PStopper:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bifrost Trojan Symptoms
ANWB BHO Symptoms
Removing CommonName.Zenet Hijacker
Shareaza Worm Cleaner
NetAdvance Trojan Removal

uTorrent Worm

Removing uTorrent
Categories: Worm
Worms can be classified according to the propagation method they use,
i.e. how they deliver copies of themselves to new victim machines.
Worms can also be classified by installation method, launch method and finally according
to characteristics standard to all malware: polymorphism, stealth etc.

Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.
The methods are listed separately below.

uTorrent Also known as:


[Kaspersky]Trojan-Downloader.NSIS.Agent.ac;
[Panda]Trj/Downloader.OZE;
[Other]Win32.ExplorerHijack,DLoader.CLIF

How to detect uTorrent:

Folders: [%APPDATA%]\uTorrent

Registry Keys: HKEY_CLASSES_ROOT\clsid\{77ae90a3-daf3-429b-9e3f-fa1252467579}

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks

Removing uTorrent:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Desktop.Personal Spyware Removal
Remove PWS.Banker.gen Trojan
Caiijing Trojan Removal
BT Trojan Symptoms
Remove Webdir.b Adware

QQRob Trojan

Removing QQRob
Categories: Trojan,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.

QQRob Also known as:


[Kaspersky]Trojan-PSW.Win32.QQPass.iu,Trojan-PSW.Win32.QQRob.fb,Trojan-PSW.Win32.QQRob.gc,Trojan-PSW.Win32.QQRob.ko,Trojan-PSW.Win32.QQRob.ei,Trojan-PSW.QQPass.qs,Trojan-PSW.Win32.QQRob.lo,Trojan-PSW.Win32.QQRob.hc,Trojan-PSW.Win32.QQRob.is,Trojan-PSW.Win32.QQPass.sy;
[McAfee]Generic PWS.o,PWS-QQRob,PWS-QQPass.gen,PWS-Hook;
[Other]Win32/QQRob.Y,Infostealer,Infostealer.Lemir,Troj/QQRb-Gen,W32/QQRob.SF,Win32/QQRob,Win32/QQRob.X,Infostealer.QQRob.A,trojan legmir,Troj/QQRob-B,TSPY_QQROB.AQ,Win32/QQRob.AM,Win32/QQRob.AL,Win32/QQRob.BA,Win32/QQRob.BN

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\drivers\conime.exe
[%SYSTEM%]\severe.exe
[%SYSTEM%]\cpgppf.dll
[%SYSTEM%]\cpgppf.exe
[%SYSTEM%]\drivers\cwyumh.exe
[%SYSTEM%]\hx1.bat
[%SYSTEM%]\rpcsk.dll
[%SYSTEM%]\rpcsk.exe
[%SYSTEM%]\tgejsy.dll
[%SYSTEM%]\tgejsy.exe
[%WINDOWS%]\Help\ADSAL.CHM
[%WINDOWS%]\system\dai.exe
[%SYSTEM%]\drivers\conime.exe
[%SYSTEM%]\severe.exe
[%SYSTEM%]\cpgppf.dll
[%SYSTEM%]\cpgppf.exe
[%SYSTEM%]\drivers\cwyumh.exe
[%SYSTEM%]\hx1.bat
[%SYSTEM%]\rpcsk.dll
[%SYSTEM%]\rpcsk.exe
[%SYSTEM%]\tgejsy.dll
[%SYSTEM%]\tgejsy.exe
[%WINDOWS%]\Help\ADSAL.CHM
[%WINDOWS%]\system\dai.exe

How to detect QQRob:

Files: [%SYSTEM%]\drivers\conime.exe [%SYSTEM%]\severe.exe [%SYSTEM%]\cpgppf.dll [%SYSTEM%]\cpgppf.exe [%SYSTEM%]\drivers\cwyumh.exe [%SYSTEM%]\hx1.bat [%SYSTEM%]\rpcsk.dll [%SYSTEM%]\rpcsk.exe [%SYSTEM%]\tgejsy.dll [%SYSTEM%]\tgejsy.exe [%WINDOWS%]\Help\ADSAL.CHM [%WINDOWS%]\system\dai.exe [%SYSTEM%]\drivers\conime.exe [%SYSTEM%]\severe.exe [%SYSTEM%]\cpgppf.dll [%SYSTEM%]\cpgppf.exe [%SYSTEM%]\drivers\cwyumh.exe [%SYSTEM%]\hx1.bat [%SYSTEM%]\rpcsk.dll [%SYSTEM%]\rpcsk.exe [%SYSTEM%]\tgejsy.dll [%SYSTEM%]\tgejsy.exe [%WINDOWS%]\Help\ADSAL.CHM [%WINDOWS%]\system\dai.exe

Registry Keys: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\rpcsk

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safe.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\adam.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp.com HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\eghost.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\icesword.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iparmo.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kabaload.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kregex.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvdetect.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvmonxp.kxp HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvxp.kxp HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\magicset.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmsk.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msconfig.com HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msconfig.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfw.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfwliveupdate.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qqdoctor.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ras.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rav.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravmon.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.com HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\runiep.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sreng.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\trojdie.kxp HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wopticlean.exe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing QQRob:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bopninja Trojan Information
CashBar Adware Symptoms
Malum.ANBG Trojan Removal instruction
Removing SmartFixer Ransomware
Insult.Media Backdoor Cleaner

ANWB BHO

Removing ANWB
Categories: BHO,Toolbar
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

How to detect ANWB:

Folders: [%PROGRAM_FILES%]\anwbtoolbar

Registry Values: HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\shellbrowser HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar

Removing ANWB:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Qoologic Trojan
Unknown.Toolbar3 Toolbar Removal
Qidion Adware Removal
Removing Bidpher Trojan
XSRemover Trojan Symptoms

Malware Info

Blog Archive

About Me

Sunday, October 26, 2008

IEDial Adware

How to detect IEDial:

Removing IEDial:

Aniquro Toolbar

How to detect Aniquro:

Removing Aniquro:

PStopper Adware

How to detect PStopper:

Removing PStopper:

uTorrent Worm

How to detect uTorrent:

Removing uTorrent:

QQRob Trojan

How to detect QQRob:

Removing QQRob:

ANWB BHO

How to detect ANWB:

Removing ANWB: