Monday, October 27, 2008

Wussoe Trojan

Removing Wussoe
Categories: Trojan,Downloader
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
Wussoe Also known as:

[Kaspersky]Trojan-Downloader.Win32.Delf.arx,Trojan-Downloader.Win32.Delf.apo,Trojan-Downloader.Win32.Delf.app;
[McAfee]Downloader-AWZ;
[Other]Win32/Wussoe.E,Win32/Wussoe.B,Win32/Wussoe.C
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\avt.exe
[%SYSTEM%]\firelogs.exe
[%SYSTEM%]\lockvirs.exe
[%SYSTEM%]\msantis.exe
[%SYSTEM%]\vdmmss.exe
[%SYSTEM%]\vmonts.exe
[%SYSTEM%]\winsdrv.exe
[%SYSTEM%]\avt.exe
[%SYSTEM%]\firelogs.exe
[%SYSTEM%]\lockvirs.exe
[%SYSTEM%]\msantis.exe
[%SYSTEM%]\vdmmss.exe
[%SYSTEM%]\vmonts.exe
[%SYSTEM%]\winsdrv.exe

How to detect Wussoe:

Files:
[%SYSTEM%]\avt.exe
[%SYSTEM%]\firelogs.exe
[%SYSTEM%]\lockvirs.exe
[%SYSTEM%]\msantis.exe
[%SYSTEM%]\vdmmss.exe
[%SYSTEM%]\vmonts.exe
[%SYSTEM%]\winsdrv.exe
[%SYSTEM%]\avt.exe
[%SYSTEM%]\firelogs.exe
[%SYSTEM%]\lockvirs.exe
[%SYSTEM%]\msantis.exe
[%SYSTEM%]\vdmmss.exe
[%SYSTEM%]\vmonts.exe
[%SYSTEM%]\winsdrv.exe

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing Wussoe:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bitch.Controller Trojan Information
VirusRay Ransomware Information
Agent.cv Trojan Symptoms
Removing Emusaffil Trojan
Essgol Trojan Removal

Posted by at No comments:

Tabela Trojan

Removing Tabela
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Tabela Also known as:

[McAfee]Tabela
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\tuttonudo.wke
[%SYSTEM%]\tuttonudo.wke

How to detect Tabela:

Files:
[%SYSTEM%]\tuttonudo.wke
[%SYSTEM%]\tuttonudo.wke

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing Tabela:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
TrojanDownloader.Win32.Envolo Downloader Removal instruction
Qidion Adware Information
Meplex Adware Removal
DomainHelper Adware Symptoms
Druvil Trojan Information

Posted by at No comments:

RelevantKnowledge Spyware

Removing RelevantKnowledge
Categories: Spyware
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
RelevantKnowledge Also known as:

[Kaspersky]AdWare.Win32.RK.j,Adware.Win32.RK.k,Trojan-PSW.Win32.LdPinch.atp,AdWare.Win32.RK.I,AdWare.Win32.RK.m,AdWare.Win32.RK.k;
[McAfee]Proxy-OSS;
[Other]Spyware.Marketscore,Win32/Crulket.A,Program:Win32/Marketscore.gen
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\temp.fr????
[%SYSTEM%]\ldpackage.dll
[%SYSTEM%]\mkls.dll
[%SYSTEM%]\mrkscr.exe
[%SYSTEM%]\rk.bin
[%SYSTEM%]\rkinstaller.exe
[%SYSTEM%]\rkupginstaller.exe
[%SYSTEM%]\rlls.dll
[%SYSTEM%]\rlvknlg.exe
[%SYSTEM%]\silc_dll.dll
[%SYSTEM%]\__delete_on_reboot__r_l_l_s_._d_l_l_
[%SYSTEM%]\__delete_on_reboot__r_l_v_k_n_l_g_._e_x_e_
[%WINDOWS%]\rk.exe
[%SYSTEM%]\TInject.dll
[%PROFILE_TEMP%]\temp.fr????
[%SYSTEM%]\ldpackage.dll
[%SYSTEM%]\mkls.dll
[%SYSTEM%]\mrkscr.exe
[%SYSTEM%]\rk.bin
[%SYSTEM%]\rkinstaller.exe
[%SYSTEM%]\rkupginstaller.exe
[%SYSTEM%]\rlls.dll
[%SYSTEM%]\rlvknlg.exe
[%SYSTEM%]\silc_dll.dll
[%SYSTEM%]\__delete_on_reboot__r_l_l_s_._d_l_l_
[%SYSTEM%]\__delete_on_reboot__r_l_v_k_n_l_g_._e_x_e_
[%WINDOWS%]\rk.exe
[%SYSTEM%]\TInject.dll

How to detect RelevantKnowledge:

Files:
[%PROFILE_TEMP%]\temp.fr????
[%SYSTEM%]\ldpackage.dll
[%SYSTEM%]\mkls.dll
[%SYSTEM%]\mrkscr.exe
[%SYSTEM%]\rk.bin
[%SYSTEM%]\rkinstaller.exe
[%SYSTEM%]\rkupginstaller.exe
[%SYSTEM%]\rlls.dll
[%SYSTEM%]\rlvknlg.exe
[%SYSTEM%]\silc_dll.dll
[%SYSTEM%]\__delete_on_reboot__r_l_l_s_._d_l_l_
[%SYSTEM%]\__delete_on_reboot__r_l_v_k_n_l_g_._e_x_e_
[%WINDOWS%]\rk.exe
[%SYSTEM%]\TInject.dll
[%PROFILE_TEMP%]\temp.fr????
[%SYSTEM%]\ldpackage.dll
[%SYSTEM%]\mkls.dll
[%SYSTEM%]\mrkscr.exe
[%SYSTEM%]\rk.bin
[%SYSTEM%]\rkinstaller.exe
[%SYSTEM%]\rkupginstaller.exe
[%SYSTEM%]\rlls.dll
[%SYSTEM%]\rlvknlg.exe
[%SYSTEM%]\silc_dll.dll
[%SYSTEM%]\__delete_on_reboot__r_l_l_s_._d_l_l_
[%SYSTEM%]\__delete_on_reboot__r_l_v_k_n_l_g_._e_x_e_
[%WINDOWS%]\rk.exe
[%SYSTEM%]\TInject.dll

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\wineggdropshell
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{6a347828-bbc8-4344-b2a3-37b3b920dc62}
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_regsnthelp
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\regsnthelp

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\relevantknowledge
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\relevantknowledge
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\relevantknowledge
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\relevantknowledge
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\relevantknowledge
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce
HKEY_CURRENT_USER\software\microsoft\windows\shellnoroam\muicache
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\relevantknowledge
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\relevantknowledge
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\relevantknowledge
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\relevantknowledge
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\relevantknowledge
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{5eafdf74-1830-41e8-8aaa-6babd746c193}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{5eafdf74-1830-41e8-8aaa-6babd746c193}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{5eafdf74-1830-41e8-8aaa-6babd746c193}\config
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{5eafdf74-1830-41e8-8aaa-6babd746c193}\config
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{5eafdf74-1830-41e8-8aaa-6babd746c193}\config
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{5eafdf74-1830-41e8-8aaa-6babd746c193}\config\ossproxy\settings
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{5eafdf74-1830-41e8-8aaa-6babd746c193}\config\ossproxy\settings
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{5eafdf74-1830-41e8-8aaa-6babd746c193}\config\ossproxy\settings
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{5eafdf74-1830-41e8-8aaa-6babd746c193}\config\ossproxy\settings
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{5eafdf74-1830-41e8-8aaa-6babd746c193}\config\ossproxy\settings
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{5eafdf74-1830-41e8-8aaa-6babd746c193}\config\ossproxy\settings
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{5eafdf74-1830-41e8-8aaa-6babd746c193}\config\ossproxy\settings
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{5eafdf74-1830-41e8-8aaa-6babd746c193}\config\ossproxy\settings
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{8aa55f28-ed54-4de4-8954-30cf1b0be72c}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{8aa55f28-ed54-4de4-8954-30cf1b0be72c}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{8aa55f28-ed54-4de4-8954-30cf1b0be72c}\config
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{8aa55f28-ed54-4de4-8954-30cf1b0be72c}\config
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{8aa55f28-ed54-4de4-8954-30cf1b0be72c}\config
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{b58783bc-ea15-4926-aa30-61e4a4cf458a}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{b58783bc-ea15-4926-aa30-61e4a4cf458a}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{b58783bc-ea15-4926-aa30-61e4a4cf458a}\config
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{b58783bc-ea15-4926-aa30-61e4a4cf458a}\config
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{b58783bc-ea15-4926-aa30-61e4a4cf458a}\config

Removing RelevantKnowledge:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Spabot.x Trojan Information
TrojanDownloader.Win32.Small.fi Trojan Removal instruction
Chimo Backdoor Removal
Renmog Trojan Removal instruction
Zlob.br Downloader Information

Posted by at No comments:

SpyGuardPro Ransomware

Removing SpyGuardPro
Categories: Ransomware
The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.
SpyGuardPro Also known as:

[Kaspersky]Downloader.Win32.WinFixer.au;
[Other]TrojanDownloader:Win32/Renos
Visible Symptoms:
Files in system folders:
[%APPDATA%]\SpyGuardPro\avtasks.dat
[%APPDATA%]\SpyGuardPro\Logs\av.log
[%APPDATA%]\SpyGuardPro\Logs\ga6Support.log
[%APPDATA%]\SpyGuardPro\Logs\update.log
[%COMMON_DESKTOPDIRECTORY%]\SpyGuardPro.lnk
[%COMMON_PROGRAMS%]\SpyGuardPro\Contact Customer Support.lnk
[%COMMON_PROGRAMS%]\SpyGuardPro\SpyGuardPro.lnk
[%COMMON_PROGRAMS%]\SpyGuardPro\Uninstall SpyGuardPro.lnk
[%PROGRAM_FILES_COMMON%]\SpyGuardPro\bm.exe
[%PROGRAM_FILES_COMMON%]\SpyGuardPro\ugcw.exe
[%APPDATA%]\SpyGuardPro\avtasks.dat
[%APPDATA%]\SpyGuardPro\Logs\av.log
[%APPDATA%]\SpyGuardPro\Logs\ga6Support.log
[%APPDATA%]\SpyGuardPro\Logs\update.log
[%COMMON_DESKTOPDIRECTORY%]\SpyGuardPro.lnk
[%COMMON_PROGRAMS%]\SpyGuardPro\Contact Customer Support.lnk
[%COMMON_PROGRAMS%]\SpyGuardPro\SpyGuardPro.lnk
[%COMMON_PROGRAMS%]\SpyGuardPro\Uninstall SpyGuardPro.lnk
[%PROGRAM_FILES_COMMON%]\SpyGuardPro\bm.exe
[%PROGRAM_FILES_COMMON%]\SpyGuardPro\ugcw.exe

How to detect SpyGuardPro:

Files:
[%APPDATA%]\SpyGuardPro\avtasks.dat
[%APPDATA%]\SpyGuardPro\Logs\av.log
[%APPDATA%]\SpyGuardPro\Logs\ga6Support.log
[%APPDATA%]\SpyGuardPro\Logs\update.log
[%COMMON_DESKTOPDIRECTORY%]\SpyGuardPro.lnk
[%COMMON_PROGRAMS%]\SpyGuardPro\Contact Customer Support.lnk
[%COMMON_PROGRAMS%]\SpyGuardPro\SpyGuardPro.lnk
[%COMMON_PROGRAMS%]\SpyGuardPro\Uninstall SpyGuardPro.lnk
[%PROGRAM_FILES_COMMON%]\SpyGuardPro\bm.exe
[%PROGRAM_FILES_COMMON%]\SpyGuardPro\ugcw.exe
[%APPDATA%]\SpyGuardPro\avtasks.dat
[%APPDATA%]\SpyGuardPro\Logs\av.log
[%APPDATA%]\SpyGuardPro\Logs\ga6Support.log
[%APPDATA%]\SpyGuardPro\Logs\update.log
[%COMMON_DESKTOPDIRECTORY%]\SpyGuardPro.lnk
[%COMMON_PROGRAMS%]\SpyGuardPro\Contact Customer Support.lnk
[%COMMON_PROGRAMS%]\SpyGuardPro\SpyGuardPro.lnk
[%COMMON_PROGRAMS%]\SpyGuardPro\Uninstall SpyGuardPro.lnk
[%PROGRAM_FILES_COMMON%]\SpyGuardPro\bm.exe
[%PROGRAM_FILES_COMMON%]\SpyGuardPro\ugcw.exe

Folders:
[%PROGRAM_FILES%]\SpyGuardPro

Registry Keys:
HKEY_CURRENT_USER\software\spyguardpro
HKEY_LOCAL_MACHINE\software\spyguardpro

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\products
HKEY_LOCAL_MACHINE\software\products

Removing SpyGuardPro:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Zlob.Fam.VideoCompressionCodec Trojan Symptoms
Renmog Trojan Cleaner
Remove Bancos.INK Trojan
Delf.cw Trojan Removal
Surila Trojan Symptoms

Posted by at No comments:
Subscribe to: Posts (Atom)