Tuesday, October 28, 2008

Cadux Trojan

Removing Cadux
Categories: Trojan,Downloader
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
Cadux Also known as:

[Kaspersky]Trojan-Downloader.Win32.VB.aan,Hoax.Win32.Renos.dk,Trojan-downloader.Win32.Vb.avf,Hoax.Win32.Renos.fn,Trojan-Downloader.Win32.VB.att,Trojan.Win32.VB.azo,Trojan.Win32.BHO.he,Hoax.Win32.Renos.kj,Trojan-Downloader.Win32.VB.asx;
[McAfee]TFactory,FakeAlert-J,Generic AdClciker.h,Puper;
[Other]Trojan-Downloader.Win32.VB.aeq,cashdeluxe,DesktopScam,Win32/Cadux.BA,Win32/Cadux.AR,Win32/Cadux.BI,Win32/Cadux.BL,Win32/Cadux.BM,Win32/Cadux.BO,WIn32/Cadux.BN,Win32/Cadux.BS,TROJ_VB.FFB,W32/DLoader.CYBX
Visible Symptoms:
Files in system folders:
[%LOCAL_APPDATA%]\Temp\laf4.exe
[%PROFILE_TEMP%]\laf1.exe
[%PROFILE_TEMP%]\laf2.exe
[%SYSTEM%]\TMRSRV32.EXE
[%SYSTEM%]\adobepnl.dll
[%SYSTEM%]\ctqkqitc.exe
[%SYSTEM%]\ftxshflh.exe
[%SYSTEM%]\glhzhftb.exe
[%SYSTEM%]\hlydrdsd.exe
[%SYSTEM%]\ieffse32.dll
[%SYSTEM%]\iucnkhpw.exe
[%SYSTEM%]\kvpaibjs.exe
[%SYSTEM%]\lnfdacmb.exe
[%SYSTEM%]\miszjogw.exe
[%SYSTEM%]\orthihug.exe
[%SYSTEM%]\qjrkvy.exe
[%SYSTEM%]\questmod.dll
[%SYSTEM%]\rduawmpi.exe
[%SYSTEM%]\regmod.exe
[%SYSTEM%]\repigsp.exe
[%SYSTEM%]\runsrv32.dll
[%SYSTEM%]\runsrv32.exe
[%SYSTEM%]\tmrsrv32.exe
[%SYSTEM%]\udpmod.dll
[%SYSTEM%]\users32.exe
[%SYSTEM%]\wbycpxwc.exe
[%SYSTEM%]\winapi32.dll
[%SYSTEM%]\winbl32.dll
[%SYSTEM%]\winflash.dll
[%SYSTEM%]\wqjbaztr.exe
[%SYSTEM%]\ymjepyzw.exe
[%SYSTEM%]\ythrdjut.exe
[%SYSTEM%]\zddipbsu.exe
[%SYSTEM%]\zdphsuuy.exe
[%WINDOWS%]\about_spyware_bg.gif
[%WINDOWS%]\about_spyware_bottom.gif
[%WINDOWS%]\alexaie.dll
[%WINDOWS%]\alxie328.dll
[%WINDOWS%]\alxtb1.dll
[%WINDOWS%]\as.gif
[%WINDOWS%]\as_header.gif
[%WINDOWS%]\bg.gif
[%WINDOWS%]\box_1.gif
[%WINDOWS%]\box_2.gif
[%WINDOWS%]\box_3.gif
[%WINDOWS%]\button_buynow.gif
[%WINDOWS%]\button_freescan.gif
[%WINDOWS%]\close-bar.gif
[%WINDOWS%]\dlmax.dll
[%WINDOWS%]\download_box.gif
[%WINDOWS%]\features.gif
[%WINDOWS%]\fkwggshm.exe
[%WINDOWS%]\footer_back.gif
[%WINDOWS%]\footer_back.jpg
[%WINDOWS%]\header_1.gif
[%WINDOWS%]\header_2.gif
[%WINDOWS%]\header_3.gif
[%WINDOWS%]\header_4.gif
[%WINDOWS%]\infected.gif
[%WINDOWS%]\main_back.gif
[%WINDOWS%]\rf.gif
[%WINDOWS%]\rf_header.gif
[%WINDOWS%]\scan_btn.gif
[%WINDOWS%]\security-center-bg.gif
[%WINDOWS%]\security-center-logo.gif
[%WINDOWS%]\security_center_caption.gif
[%WINDOWS%]\sep_hor.gif
[%WINDOWS%]\sep_vert.gif
[%WINDOWS%]\spacer.gif'
[%WINDOWS%]\spyware-detected.gif
[%WINDOWS%]\star.gif
[%WINDOWS%]\star_gray.gif
[%WINDOWS%]\star_gray_small.gif
[%WINDOWS%]\star_small.gif
[%WINDOWS%]\susp.exe
[%WINDOWS%]\sysrlb32.exe
[%WINDOWS%]\ts.gif
[%WINDOWS%]\ts_header.gif
[%WINDOWS%]\v.gif
[%WINDOWS%]\warning-bar-ico.gif
[%WINDOWS%]\warning_icon.gif
[%WINDOWS%]\winh32.exe
[%WINDOWS%]\win_logo.gif
[%WINDOWS%]\x.gif
[%SYSTEM%]\kjdylhup.exe
[%SYSTEM%]\msdn_lib.dll
[%SYSTEM%]\SCCVHOST.exe
[%SYSTEM%]\SCCVHOSThk.dll
[%SYSTEM%]\SCCVHOSTr.exe
[%SYSTEM%]\SCCVHOSTwb.dll
[%LOCAL_APPDATA%]\Temp\laf4.exe
[%PROFILE_TEMP%]\laf1.exe
[%PROFILE_TEMP%]\laf2.exe
[%SYSTEM%]\TMRSRV32.EXE
[%SYSTEM%]\adobepnl.dll
[%SYSTEM%]\ctqkqitc.exe
[%SYSTEM%]\ftxshflh.exe
[%SYSTEM%]\glhzhftb.exe
[%SYSTEM%]\hlydrdsd.exe
[%SYSTEM%]\ieffse32.dll
[%SYSTEM%]\iucnkhpw.exe
[%SYSTEM%]\kvpaibjs.exe
[%SYSTEM%]\lnfdacmb.exe
[%SYSTEM%]\miszjogw.exe
[%SYSTEM%]\orthihug.exe
[%SYSTEM%]\qjrkvy.exe
[%SYSTEM%]\questmod.dll
[%SYSTEM%]\rduawmpi.exe
[%SYSTEM%]\regmod.exe
[%SYSTEM%]\repigsp.exe
[%SYSTEM%]\runsrv32.dll
[%SYSTEM%]\runsrv32.exe
[%SYSTEM%]\tmrsrv32.exe
[%SYSTEM%]\udpmod.dll
[%SYSTEM%]\users32.exe
[%SYSTEM%]\wbycpxwc.exe
[%SYSTEM%]\winapi32.dll
[%SYSTEM%]\winbl32.dll
[%SYSTEM%]\winflash.dll
[%SYSTEM%]\wqjbaztr.exe
[%SYSTEM%]\ymjepyzw.exe
[%SYSTEM%]\ythrdjut.exe
[%SYSTEM%]\zddipbsu.exe
[%SYSTEM%]\zdphsuuy.exe
[%WINDOWS%]\about_spyware_bg.gif
[%WINDOWS%]\about_spyware_bottom.gif
[%WINDOWS%]\alexaie.dll
[%WINDOWS%]\alxie328.dll
[%WINDOWS%]\alxtb1.dll
[%WINDOWS%]\as.gif
[%WINDOWS%]\as_header.gif
[%WINDOWS%]\bg.gif
[%WINDOWS%]\box_1.gif
[%WINDOWS%]\box_2.gif
[%WINDOWS%]\box_3.gif
[%WINDOWS%]\button_buynow.gif
[%WINDOWS%]\button_freescan.gif
[%WINDOWS%]\close-bar.gif
[%WINDOWS%]\dlmax.dll
[%WINDOWS%]\download_box.gif
[%WINDOWS%]\features.gif
[%WINDOWS%]\fkwggshm.exe
[%WINDOWS%]\footer_back.gif
[%WINDOWS%]\footer_back.jpg
[%WINDOWS%]\header_1.gif
[%WINDOWS%]\header_2.gif
[%WINDOWS%]\header_3.gif
[%WINDOWS%]\header_4.gif
[%WINDOWS%]\infected.gif
[%WINDOWS%]\main_back.gif
[%WINDOWS%]\rf.gif
[%WINDOWS%]\rf_header.gif
[%WINDOWS%]\scan_btn.gif
[%WINDOWS%]\security-center-bg.gif
[%WINDOWS%]\security-center-logo.gif
[%WINDOWS%]\security_center_caption.gif
[%WINDOWS%]\sep_hor.gif
[%WINDOWS%]\sep_vert.gif
[%WINDOWS%]\spacer.gif'
[%WINDOWS%]\spyware-detected.gif
[%WINDOWS%]\star.gif
[%WINDOWS%]\star_gray.gif
[%WINDOWS%]\star_gray_small.gif
[%WINDOWS%]\star_small.gif
[%WINDOWS%]\susp.exe
[%WINDOWS%]\sysrlb32.exe
[%WINDOWS%]\ts.gif
[%WINDOWS%]\ts_header.gif
[%WINDOWS%]\v.gif
[%WINDOWS%]\warning-bar-ico.gif
[%WINDOWS%]\warning_icon.gif
[%WINDOWS%]\winh32.exe
[%WINDOWS%]\win_logo.gif
[%WINDOWS%]\x.gif
[%SYSTEM%]\kjdylhup.exe
[%SYSTEM%]\msdn_lib.dll
[%SYSTEM%]\SCCVHOST.exe
[%SYSTEM%]\SCCVHOSThk.dll
[%SYSTEM%]\SCCVHOSTr.exe
[%SYSTEM%]\SCCVHOSTwb.dll

How to detect Cadux:

Files:
[%LOCAL_APPDATA%]\Temp\laf4.exe
[%PROFILE_TEMP%]\laf1.exe
[%PROFILE_TEMP%]\laf2.exe
[%SYSTEM%]\TMRSRV32.EXE
[%SYSTEM%]\adobepnl.dll
[%SYSTEM%]\ctqkqitc.exe
[%SYSTEM%]\ftxshflh.exe
[%SYSTEM%]\glhzhftb.exe
[%SYSTEM%]\hlydrdsd.exe
[%SYSTEM%]\ieffse32.dll
[%SYSTEM%]\iucnkhpw.exe
[%SYSTEM%]\kvpaibjs.exe
[%SYSTEM%]\lnfdacmb.exe
[%SYSTEM%]\miszjogw.exe
[%SYSTEM%]\orthihug.exe
[%SYSTEM%]\qjrkvy.exe
[%SYSTEM%]\questmod.dll
[%SYSTEM%]\rduawmpi.exe
[%SYSTEM%]\regmod.exe
[%SYSTEM%]\repigsp.exe
[%SYSTEM%]\runsrv32.dll
[%SYSTEM%]\runsrv32.exe
[%SYSTEM%]\tmrsrv32.exe
[%SYSTEM%]\udpmod.dll
[%SYSTEM%]\users32.exe
[%SYSTEM%]\wbycpxwc.exe
[%SYSTEM%]\winapi32.dll
[%SYSTEM%]\winbl32.dll
[%SYSTEM%]\winflash.dll
[%SYSTEM%]\wqjbaztr.exe
[%SYSTEM%]\ymjepyzw.exe
[%SYSTEM%]\ythrdjut.exe
[%SYSTEM%]\zddipbsu.exe
[%SYSTEM%]\zdphsuuy.exe
[%WINDOWS%]\about_spyware_bg.gif
[%WINDOWS%]\about_spyware_bottom.gif
[%WINDOWS%]\alexaie.dll
[%WINDOWS%]\alxie328.dll
[%WINDOWS%]\alxtb1.dll
[%WINDOWS%]\as.gif
[%WINDOWS%]\as_header.gif
[%WINDOWS%]\bg.gif
[%WINDOWS%]\box_1.gif
[%WINDOWS%]\box_2.gif
[%WINDOWS%]\box_3.gif
[%WINDOWS%]\button_buynow.gif
[%WINDOWS%]\button_freescan.gif
[%WINDOWS%]\close-bar.gif
[%WINDOWS%]\dlmax.dll
[%WINDOWS%]\download_box.gif
[%WINDOWS%]\features.gif
[%WINDOWS%]\fkwggshm.exe
[%WINDOWS%]\footer_back.gif
[%WINDOWS%]\footer_back.jpg
[%WINDOWS%]\header_1.gif
[%WINDOWS%]\header_2.gif
[%WINDOWS%]\header_3.gif
[%WINDOWS%]\header_4.gif
[%WINDOWS%]\infected.gif
[%WINDOWS%]\main_back.gif
[%WINDOWS%]\rf.gif
[%WINDOWS%]\rf_header.gif
[%WINDOWS%]\scan_btn.gif
[%WINDOWS%]\security-center-bg.gif
[%WINDOWS%]\security-center-logo.gif
[%WINDOWS%]\security_center_caption.gif
[%WINDOWS%]\sep_hor.gif
[%WINDOWS%]\sep_vert.gif
[%WINDOWS%]\spacer.gif'
[%WINDOWS%]\spyware-detected.gif
[%WINDOWS%]\star.gif
[%WINDOWS%]\star_gray.gif
[%WINDOWS%]\star_gray_small.gif
[%WINDOWS%]\star_small.gif
[%WINDOWS%]\susp.exe
[%WINDOWS%]\sysrlb32.exe
[%WINDOWS%]\ts.gif
[%WINDOWS%]\ts_header.gif
[%WINDOWS%]\v.gif
[%WINDOWS%]\warning-bar-ico.gif
[%WINDOWS%]\warning_icon.gif
[%WINDOWS%]\winh32.exe
[%WINDOWS%]\win_logo.gif
[%WINDOWS%]\x.gif
[%SYSTEM%]\kjdylhup.exe
[%SYSTEM%]\msdn_lib.dll
[%SYSTEM%]\SCCVHOST.exe
[%SYSTEM%]\SCCVHOSThk.dll
[%SYSTEM%]\SCCVHOSTr.exe
[%SYSTEM%]\SCCVHOSTwb.dll
[%LOCAL_APPDATA%]\Temp\laf4.exe
[%PROFILE_TEMP%]\laf1.exe
[%PROFILE_TEMP%]\laf2.exe
[%SYSTEM%]\TMRSRV32.EXE
[%SYSTEM%]\adobepnl.dll
[%SYSTEM%]\ctqkqitc.exe
[%SYSTEM%]\ftxshflh.exe
[%SYSTEM%]\glhzhftb.exe
[%SYSTEM%]\hlydrdsd.exe
[%SYSTEM%]\ieffse32.dll
[%SYSTEM%]\iucnkhpw.exe
[%SYSTEM%]\kvpaibjs.exe
[%SYSTEM%]\lnfdacmb.exe
[%SYSTEM%]\miszjogw.exe
[%SYSTEM%]\orthihug.exe
[%SYSTEM%]\qjrkvy.exe
[%SYSTEM%]\questmod.dll
[%SYSTEM%]\rduawmpi.exe
[%SYSTEM%]\regmod.exe
[%SYSTEM%]\repigsp.exe
[%SYSTEM%]\runsrv32.dll
[%SYSTEM%]\runsrv32.exe
[%SYSTEM%]\tmrsrv32.exe
[%SYSTEM%]\udpmod.dll
[%SYSTEM%]\users32.exe
[%SYSTEM%]\wbycpxwc.exe
[%SYSTEM%]\winapi32.dll
[%SYSTEM%]\winbl32.dll
[%SYSTEM%]\winflash.dll
[%SYSTEM%]\wqjbaztr.exe
[%SYSTEM%]\ymjepyzw.exe
[%SYSTEM%]\ythrdjut.exe
[%SYSTEM%]\zddipbsu.exe
[%SYSTEM%]\zdphsuuy.exe
[%WINDOWS%]\about_spyware_bg.gif
[%WINDOWS%]\about_spyware_bottom.gif
[%WINDOWS%]\alexaie.dll
[%WINDOWS%]\alxie328.dll
[%WINDOWS%]\alxtb1.dll
[%WINDOWS%]\as.gif
[%WINDOWS%]\as_header.gif
[%WINDOWS%]\bg.gif
[%WINDOWS%]\box_1.gif
[%WINDOWS%]\box_2.gif
[%WINDOWS%]\box_3.gif
[%WINDOWS%]\button_buynow.gif
[%WINDOWS%]\button_freescan.gif
[%WINDOWS%]\close-bar.gif
[%WINDOWS%]\dlmax.dll
[%WINDOWS%]\download_box.gif
[%WINDOWS%]\features.gif
[%WINDOWS%]\fkwggshm.exe
[%WINDOWS%]\footer_back.gif
[%WINDOWS%]\footer_back.jpg
[%WINDOWS%]\header_1.gif
[%WINDOWS%]\header_2.gif
[%WINDOWS%]\header_3.gif
[%WINDOWS%]\header_4.gif
[%WINDOWS%]\infected.gif
[%WINDOWS%]\main_back.gif
[%WINDOWS%]\rf.gif
[%WINDOWS%]\rf_header.gif
[%WINDOWS%]\scan_btn.gif
[%WINDOWS%]\security-center-bg.gif
[%WINDOWS%]\security-center-logo.gif
[%WINDOWS%]\security_center_caption.gif
[%WINDOWS%]\sep_hor.gif
[%WINDOWS%]\sep_vert.gif
[%WINDOWS%]\spacer.gif'
[%WINDOWS%]\spyware-detected.gif
[%WINDOWS%]\star.gif
[%WINDOWS%]\star_gray.gif
[%WINDOWS%]\star_gray_small.gif
[%WINDOWS%]\star_small.gif
[%WINDOWS%]\susp.exe
[%WINDOWS%]\sysrlb32.exe
[%WINDOWS%]\ts.gif
[%WINDOWS%]\ts_header.gif
[%WINDOWS%]\v.gif
[%WINDOWS%]\warning-bar-ico.gif
[%WINDOWS%]\warning_icon.gif
[%WINDOWS%]\winh32.exe
[%WINDOWS%]\win_logo.gif
[%WINDOWS%]\x.gif
[%SYSTEM%]\kjdylhup.exe
[%SYSTEM%]\msdn_lib.dll
[%SYSTEM%]\SCCVHOST.exe
[%SYSTEM%]\SCCVHOSThk.dll
[%SYSTEM%]\SCCVHOSTr.exe
[%SYSTEM%]\SCCVHOSTwb.dll

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{38847C4B-1AB1-4A47-9026-9A6CF7B43D31}
HKEY_CLASSES_ROOT\clsid\{cfd25b9c-7441-4dbf-a3c6-2f505a22df55}
HKEY_CLASSES_ROOT\CLSID\{E52DEDBB-D168-4BDB-B229-C48160800E81}
HKEY_CLASSES_ROOT\interface\{74ac67a5-cdb1-4fd2-a30b-47bd59ff28a9}
HKEY_CLASSES_ROOT\popup.htmlevent.
HKEY_CLASSES_ROOT\TypeLib\{31F9B5A7-5B94-445D-922C-E97BF52F5FD7}
HKEY_CLASSES_ROOT\typelib\{be5bad2f-0859-4f5e-9740-73f8bec1cc1d}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3E7E8D3-0B97-4FF3-B1BD-DAB4B04CD697}
HKEY_CLASSES_ROOT\clsid\{2f2a3e91-f546-4df6-b9af-efea782ad495}
HKEY_CLASSES_ROOT\clsid\{38847c4b-1ab1-4a47-9026-9a6cf7b43d31}
HKEY_CLASSES_ROOT\clsid\{62e2e094-f989-48c6-b947-6e79da2294f9}
HKEY_CLASSES_ROOT\clsid\{b52ccf85-726d-471c-b72c-ca9f104c5b98}
HKEY_CLASSES_ROOT\clsid\{c3e7e8d3-0b97-4ff3-b1bd-dab4b04cd697}
HKEY_CLASSES_ROOT\clsid\{e52dedbb-d168-4bdb-b229-c48160800e81}
HKEY_CLASSES_ROOT\interface\{d23ac13d-4545-47cf-b83f-d95454e88b6a}
HKEY_CLASSES_ROOT\typelib\{31f9b5a7-5b94-445d-922c-e97bf52f5fd7}
HKEY_CLASSES_ROOT\typelib\{aa63a2b7-7c87-4c70-b10f-5c3599087378}\1.0
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c3e7e8d3-0b97-4ff3-b1bd-dab4b04cd697}

Registry Values:
HKEY_CLASSES_ROOT\url_relpacer.urlresolver
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\srv32 spool service
HKEY_LOCAL_MACHINE\software\software\tps108
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\software\tps108

Removing Cadux:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Choprox Backdoor
Pest Trap Ransomware Removal instruction
Zlob.Fam.Protection Tools Trojan Removal
Removing Lutefed Downloader
Claria.Screenscenes Adware Removal

Posted by at No comments:

Lutefed Downloader

Removing Lutefed
Categories: Downloader
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
Lutefed Also known as:

[Kaspersky]Trojan-Downlaoder.Win32.Agent,Trojan-Downlaoder.Win32Agent.are;
[McAfee]Generic Downloader,Generic Downloader.u;
[Other]Win32/Lutefed,Win32/Lutefed.A
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\Updateb.exe
[%WINDOWS%]\Updateb.exe

How to detect Lutefed:

Files:
[%WINDOWS%]\Updateb.exe
[%WINDOWS%]\Updateb.exe

Removing Lutefed:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove BBot Trojan
Win32.TrojanDownloader.Qoologic Downloader Information
Wnad Spyware Removal
Starimp Trojan Symptoms
Vanti Trojan Removal

Posted by at No comments:

SearchCentrix.Search.Matic Hijacker

Removing SearchCentrix.Search.Matic
Categories: Hijacker,Toolbar
Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

How to detect SearchCentrix.Search.Matic:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\search-o-matic toolbar_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\search-o-matic toolbar_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\search-o-matic toolbar_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\search-o-matic toolbar_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\search-o-matic toolbar_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\search-o-matic toolbar_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\search-o-matic toolbar_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\search-o-matic_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\search-o-matic_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\search-o-matic_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\search-o-matic_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\search-o-matic_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\search-o-matic_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\search-o-matic_is1

Removing SearchCentrix.Search.Matic:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Other Downloader
Holica Downloader Cleaner
small.awd Downloader Information
IGetNet.Keywords BHO Removal
Rbot.EGV Trojan Symptoms

Posted by at No comments:

Vanti Trojan

Removing Vanti
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Vanti Also known as:

[Kaspersky]Rootkit.Win32.Vanti.e,Rootkit.Win32.Vanti.df,Trojan-PSW.Win32.Nilage.avi,Rootkit.Win32.Vanti.ci,Trojan-PSW.Win32.OnLineGames.eb,Rootkit.Win32.Vanti.ex,Rootkit.Win32.Vanti.eu,Rootkit.Win32.Vanti.ei,Trojan.PSW.Win32.OnLineGames.dt,Trojan-PSW.Win32.Nilage.oz,Trojan-PSW.Win32.Nilage.ayp,Trojan-PSW.Win32.Magania.pf,Rootkit.Win32.Vanti.ew,Rootkit.Win32.Agent.ec;
[McAfee]Backdoor-CTV,PWS-Lineage,Generic PWS.o;
[F-Prot]W32/PWStealer.gen1,W32/PWStealer1!Generic,W32/Rootkit.OT;
[Other]Win32.Vanti.A,Hacktool.Rootkit,TROJ_VANTI.E,Win32/Vanti!generic,Win32/Vanti.AD!DLL!Trojan,Infostealer,Win32/Vanti.AE,Win32/Vanti.J,Win32/Vanti.DR,Win32/Vanti.X!Trojan,Mal/Packer,Win32/Vanti.AR,Win32/Vanti.AY,Win32/Vanti.BY,Win32/Vanti.BW,Win32/Vanti.BV,Win32/Vanti.BX,Win32/Vanti.CV,Win32/Vanti.EJ,Win32/Vanti.EK,Win32/Vanti.DZ,Win32/Vanti.DS,Win32/Vanti.DV,Win32/Vanti.CL,Win32/Vanti.CQ,VirTool:Win32/Obfuscator.A,Win32/Vanti.CT,Win32/Vanti.CU,Bloodhound.NsAnti,Win32/Vanti.CS,Win32/Vanti.CE,Win32/Vanti.CR,Win32/Vanti.BZ,Win32/Vanti.CA,Win32/Vanti.CB,Win32/Vanti.CC,Win32/Vanti.FU,Win32/Vanti.HE,Win32/Vanti.HF,Win32/Vanti.HG,Win32/Vanti.HH,Trojan.Win32.NSAnti,Win32/Vanti.FW,Win32/Vanti.FV,Win32/Vanti.FX,Troj/Agent-ELF
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\b104.exe
[%PROFILE_TEMP%]\cmdinst.exe
[%WINDOWS%]\UHLqZ293c2tp\oJMNtZ6awZQD.vbs
[%LOCAL_SETTINGS%]\temp.gxvr.sys
[%PROFILE_TEMP%]\4fjjtbh.dll
[%PROFILE_TEMP%]\gs5.dll
[%PROFILE_TEMP%]\h7cv.dll
[%PROFILE_TEMP%]\l88kkgkc.dll
[%PROFILE_TEMP%]\ljl.dll
[%PROFILE_TEMP%]\xbrkvewo.dll
[%PROFILE_TEMP%]\xny.dll
[%PROFILE_TEMP%]\ygg4.dll
[%PROFILE_TEMP%]\zgh.dll
[%SYSTEM%]\wincab.sys
[%PROFILE_TEMP%]\b104.exe
[%PROFILE_TEMP%]\cmdinst.exe
[%WINDOWS%]\UHLqZ293c2tp\oJMNtZ6awZQD.vbs
[%LOCAL_SETTINGS%]\temp.gxvr.sys
[%PROFILE_TEMP%]\4fjjtbh.dll
[%PROFILE_TEMP%]\gs5.dll
[%PROFILE_TEMP%]\h7cv.dll
[%PROFILE_TEMP%]\l88kkgkc.dll
[%PROFILE_TEMP%]\ljl.dll
[%PROFILE_TEMP%]\xbrkvewo.dll
[%PROFILE_TEMP%]\xny.dll
[%PROFILE_TEMP%]\ygg4.dll
[%PROFILE_TEMP%]\zgh.dll
[%SYSTEM%]\wincab.sys

How to detect Vanti:

Files:
[%PROFILE_TEMP%]\b104.exe
[%PROFILE_TEMP%]\cmdinst.exe
[%WINDOWS%]\UHLqZ293c2tp\oJMNtZ6awZQD.vbs
[%LOCAL_SETTINGS%]\temp.gxvr.sys
[%PROFILE_TEMP%]\4fjjtbh.dll
[%PROFILE_TEMP%]\gs5.dll
[%PROFILE_TEMP%]\h7cv.dll
[%PROFILE_TEMP%]\l88kkgkc.dll
[%PROFILE_TEMP%]\ljl.dll
[%PROFILE_TEMP%]\xbrkvewo.dll
[%PROFILE_TEMP%]\xny.dll
[%PROFILE_TEMP%]\ygg4.dll
[%PROFILE_TEMP%]\zgh.dll
[%SYSTEM%]\wincab.sys
[%PROFILE_TEMP%]\b104.exe
[%PROFILE_TEMP%]\cmdinst.exe
[%WINDOWS%]\UHLqZ293c2tp\oJMNtZ6awZQD.vbs
[%LOCAL_SETTINGS%]\temp.gxvr.sys
[%PROFILE_TEMP%]\4fjjtbh.dll
[%PROFILE_TEMP%]\gs5.dll
[%PROFILE_TEMP%]\h7cv.dll
[%PROFILE_TEMP%]\l88kkgkc.dll
[%PROFILE_TEMP%]\ljl.dll
[%PROFILE_TEMP%]\xbrkvewo.dll
[%PROFILE_TEMP%]\xny.dll
[%PROFILE_TEMP%]\ygg4.dll
[%PROFILE_TEMP%]\zgh.dll
[%SYSTEM%]\wincab.sys

Folders:
[%SYSTEM%]\cache32_hsrb

Registry Keys:
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_cmdservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_lzq1217
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\cmdservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_squell
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\kingx
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\squella
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\squellab

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar

Removing Vanti:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
NaviSearch Adware Removal
Emusaffil Trojan Information
Helpud Trojan Removal instruction
CWS.LoadBAT Hijacker Cleaner
Zlob.Fam.Video Add-on Setup Trojan Cleaner

Posted by at No comments:

Dealbar Adware

Removing Dealbar
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\TBONAS\BarLcher.dll
[%PROGRAM_FILES%]\TBONAS\CompBar.dll
[%PROGRAM_FILES%]\TBONAS\BarLcher.dll
[%PROGRAM_FILES%]\TBONAS\CompBar.dll

How to detect Dealbar:

Files:
[%PROGRAM_FILES%]\TBONAS\BarLcher.dll
[%PROGRAM_FILES%]\TBONAS\CompBar.dll
[%PROGRAM_FILES%]\TBONAS\BarLcher.dll
[%PROGRAM_FILES%]\TBONAS\CompBar.dll

Folders:
[%PROGRAM_FILES%]\dealbar

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}
HKEY_CLASSES_ROOT\clsid\{3d782bb3-f2a5-11d3-bf4c-000000000000}
HKEY_CLASSES_ROOT\clsid\{3ea5c408-2437-4c40-adac-dfda9aeeea96}
HKEY_CLASSES_ROOT\clsid\{9b666a44-986c-46d4-8702-765509b6712f}
HKEY_CLASSES_ROOT\compbar.getpricebar
HKEY_CLASSES_ROOT\compbar.getpricebar.1
HKEY_CLASSES_ROOT\interface\{3d782bb2-f2a5-11d3-bf4c-000000000000}
HKEY_CLASSES_ROOT\interface\{ca5ed456-9ecb-4734-a64c-0546147a0cc2}
HKEY_CLASSES_ROOT\interface\{db1f5554-582c-4f53-82cc-458d2c04a2f1}
HKEY_CLASSES_ROOT\mynewsbarlauncher.ie5barlauncher
HKEY_CLASSES_ROOT\mynewsbarlauncher.ie5barlauncher.1
HKEY_CURRENT_USER\software\activshopper

Registry Values:
HKEY_LOCAL_MACHINE\software\activshopper
HKEY_LOCAL_MACHINE\software\activshopper
HKEY_LOCAL_MACHINE\software\activshopper
HKEY_LOCAL_MACHINE\software\activshopper
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\explorer bars\{3ea5c408-2437-4c40-adac-dfda9aeeea96}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\explorer bars\{3ea5c408-2437-4c40-adac-dfda9aeeea96}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{bfa03761-5565-41b3-93d9-82b354c0a8ec}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{bfa03761-5565-41b3-93d9-82b354c0a8ec}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{bfa03761-5565-41b3-93d9-82b354c0a8ec}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{bfa03761-5565-41b3-93d9-82b354c0a8ec}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{bfa03761-5565-41b3-93d9-82b354c0a8ec}, hoticon=[%PROGRAM_FILES%]\dealbar\compbar.dll
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{bfa03761-5565-41b3-93d9-82b354c0a8ec}, icon=[%PROGRAM_FILES%]\dealbar\compbar.dll
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{bfa03761-5565-41b3-93d9-82b354c0a8ec}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{bfa03761-5565-41b3-93d9-82b354c0a8ec}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\activshopper
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\activshopper
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\activshopper
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\activshopper

Removing Dealbar:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
ShopNav BHO Cleaner
Removing Reztuto Trojan
Removing Corkye Trojan
Removing PWS.Banker.gen Trojan
Removing EvilLife Trojan

Posted by at No comments:

Destruktor Backdoor

Removing Destruktor
Categories: Backdoor,RAT
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.
Destruktor Also known as:

[Kaspersky]Backdoor.Destrukor.11,Backdoor.Destrukor,Backdoor.Destrukor.13,Backdoor.Destrukor.14;
[McAfee]BackDoor-AQC;
[F-Prot]security risk or a "backdoor" program;
[Panda]Backdoor Program,Bck/Destrukor,Bck/Destrukor.13;
[Computer Associates]Backdoor/Destrukor.11!Server,Backdoor/Destruktor.A,Backdoor/Destrukor,Backdoor/Destrukor.13!Server,Backdoor/Destrukor.14
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\rotkurtsed.exe
[%WINDOWS%]\rotkurtsed.exe

How to detect Destruktor:

Files:
[%WINDOWS%]\rotkurtsed.exe
[%WINDOWS%]\rotkurtsed.exe

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing Destruktor:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Fenster Trojan
Puzzle.Desktop.Sudoku Adware Cleaner
Druvil Trojan Removal
Zlob.Fam.ToolBar888 Trojan Removal
Remove Huplu Trojan

Posted by at No comments:

AVSystemCare Ransomware

Removing AVSystemCare
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe software that encrypts the data
belonging to an individual on a computer, demanding a ransom for its restoration.
Although the field known as cryptovirology predates the term "ransomware".
Visible Symptoms:
Files in system folders:
[%COMMON_DESKTOPDIRECTORY%]\AVSystemCare.lnk
[%COMMON_DESKTOPDIRECTORY%]\AVSystemCare.lnk

How to detect AVSystemCare:

Files:
[%COMMON_DESKTOPDIRECTORY%]\AVSystemCare.lnk
[%COMMON_DESKTOPDIRECTORY%]\AVSystemCare.lnk

Folders:
[%APPDATA%]\AVSystemCare
[%COMMON_PROGRAMS%]\AVSystemCare
[%PROGRAM_FILES%]\AVSystemCare
[%PROGRAM_FILES_COMMON%]\AVSystemCare

Registry Keys:
HKEY_CLASSES_ROOT\appid\popupg.dll
HKEY_CLASSES_ROOT\appid\{314f88d6-80ce-408a-9e8f-b2389b81e8b8}
HKEY_CLASSES_ROOT\aviebho.iefw
HKEY_CLASSES_ROOT\aviebho.iefw.2
HKEY_CLASSES_ROOT\clsid\{7a7f202e-af91-4889-9dd5-2fe241085cc1}
HKEY_CLASSES_ROOT\clsid\{faad2038-c371-473d-86f1-5b11d39c3775}
HKEY_CLASSES_ROOT\gpblocker.iepblocker
HKEY_CLASSES_ROOT\gpblocker.iepblocker.1
HKEY_CURRENT_USER\software\avsystemcare
HKEY_LOCAL_MACHINE\software\avsystemcare
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_fmtr

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\shellnoroam\muicache
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\products
HKEY_LOCAL_MACHINE\software\products

Removing AVSystemCare:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Antivirus.Protection Ransomware Symptoms
Bitch.Controller Trojan Symptoms
Choprox Backdoor Removal instruction
Removing Downloader.ACV Adware
PViever Trojan Removal instruction

Posted by at No comments:
Subscribe to: Posts (Atom)