Thursday, November 6, 2008

DoctorAdwarePro Ransomware

Removing DoctorAdwarePro
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.

If the victim opens/executes the attachment, the program encrypts
a number of files on the victim's computer. A ransom note is then left behind for the victim.

The victim will be unable to open the encrypted files without the correct decryption key.
Once the ransom demanded in the ransom note is paid, the cracker may (or may not)
send the decryption key, enabling decryption of the "kidnapped" files.
DoctorAdwarePro Also known as:

[Other]DoctorAdwarePro
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\Doctor Adware Pro.lnk
[%SYSTEM%]\fk.dll
[%DESKTOP%]\Doctor Adware Pro.lnk
[%SYSTEM%]\fk.dll

How to detect DoctorAdwarePro:

Files:
[%DESKTOP%]\Doctor Adware Pro.lnk
[%SYSTEM%]\fk.dll
[%DESKTOP%]\Doctor Adware Pro.lnk
[%SYSTEM%]\fk.dll

Folders:
[%PROGRAMS%]\Doctor Adware Pro
[%PROGRAM_FILES%]\Doctor Adware Pro

Registry Keys:
HKEY_LOCAL_MACHINE\software\mandel enterprise\doctor adware pro
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\dradpro.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\doctor adware pro

Removing DoctorAdwarePro:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Ambler Trojan

Removing Ambler
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Ambler Also known as:

[Kaspersky]Trojan-Spy.Win32.Banker.cew,Trojan-Spy.Win32.Banker.cji,Trojan-Downloader.Win32.Agent.avk,Trojan-Dropper.Win32.Agent.bxk;
[McAfee]PWS-Banker,PWS-Banker.gen.bs,Downloader.gen.a,Generic Downloader.ab;
[F-Prot]W32/Banker.AGVO,W32/Trojan.CCRC;
[Other]Trojan.Nethell,Troj/Nethell-G,Win32/Ambler.N,Infostealer.Bancos,TSPY_BANKER.HTV,Mal/NetHelDl-A,Win32/Ambler.U,Win32/Ambler.V,Trojan.Dropper,Troj/Dropper-RK
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\helper.xml
[%SYSTEM%]\down.dll
[%SYSTEM%]\nethelper.dll
[%SYSTEM%]\nethelper.xml
[%SYSTEM%]\helper.xml
[%SYSTEM%]\down.dll
[%SYSTEM%]\nethelper.dll
[%SYSTEM%]\nethelper.xml

How to detect Ambler:

Files:
[%SYSTEM%]\helper.xml
[%SYSTEM%]\down.dll
[%SYSTEM%]\nethelper.dll
[%SYSTEM%]\nethelper.xml
[%SYSTEM%]\helper.xml
[%SYSTEM%]\down.dll
[%SYSTEM%]\nethelper.dll
[%SYSTEM%]\nethelper.xml

Registry Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3F6D54BB-34EE-4469-B094-86B09E53BCF8}
HKEY_CLASSES_ROOT\clsid\{2ea061b2-11b5-4c4b-b385-f378b4b48648}
HKEY_CLASSES_ROOT\clsid\{30edd4cb-8bc1-4f9f-99a6-a6938e9aace0}
HKEY_CLASSES_ROOT\clsid\{3f6d54bb-34ee-4469-b094-86b09e53bcf8}
HKEY_CLASSES_ROOT\clsid\{850c7964-9320-4055-be11-7d7b562a6417}
HKEY_CLASSES_ROOT\clsid\{890c7964-9320-4055-be11-7d7b562a6417}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2ea061b2-11b5-4c4b-b385-f378b4b48648}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{30edd4cb-8bc1-4f9f-99a6-a6938e9aace0}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3f6d54bb-34ee-4469-b094-86b09e53bcf8}

Removing Ambler:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

SAHAgent Spyware

Removing SAHAgent
Categories: Spyware
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\notes\upl13816\WINDOWS\system32\3v0ib0la.exe
[%DESKTOP%]\upl13816\WINDOWS\system32\3v0ib0la.exe
[%PROFILE_TEMP%]\bundle.exe
[%SYSTEM%]\2b3fsk0h.dll
[%SYSTEM%]\4e0cf0kg.dat
[%SYSTEM%]\4rgg6omf.dat
[%SYSTEM%]\93kiqepe.dat
[%SYSTEM%]\a88fr03j.dat
[%SYSTEM%]\b572vajc.exe
[%SYSTEM%]\baur5s9q.dat
[%SYSTEM%]\bks.dll
[%SYSTEM%]\bln02nqv.exe
[%SYSTEM%]\dpcqeavj.dat
[%SYSTEM%]\fqjb7rrm.dat
[%SYSTEM%]\hcobukhe.dat
[%SYSTEM%]\iadfo3rm.dat
[%SYSTEM%]\ihtguhio.dat
[%SYSTEM%]\k9vd3d11.exe
[%SYSTEM%]\lsp.dll_tobedeleted
[%SYSTEM%]\pu34v44c.dat
[%SYSTEM%]\s9pldhhr.dat
[%SYSTEM%]\sahagent1018.exe
[%SYSTEM%]\sahagent1019.exe
[%SYSTEM%]\sahhtml.exe
[%SYSTEM%]\SahImages\gr_1reg.gif
[%SYSTEM%]\SahImages\gr_2shop.gif
[%SYSTEM%]\SahImages\gr_3cash.gif
[%SYSTEM%]\SahImages\gr_reg_header.gif
[%SYSTEM%]\SahImages\gr_sahs_logo.gif
[%SYSTEM%]\SahImages\submit_pop.gif
[%SYSTEM%]\SHAgentNew.dll
[%SYSTEM%]\tq16v8t0.dat
[%SYSTEM%]\v.dat
[%SYSTEM%]\v2mb99ao.dat
[%SYSTEM%]\vg.dat
[%WINDOWS%]\70tovmto.exe
[%WINDOWS%]\bundle_mediamotor1004.exe
[%WINDOWS%]\downloaded program files\lsp_.dll
[%WINDOWS%]\downloaded program files\sahagent_.exe
[%WINDOWS%]\downloaded program files\sahhtml_.exe
[%WINDOWS%]\downloaded program files\sahuninstall_.exe
[%WINDOWS%]\downloaded program files\xmlparse_.dll
[%WINDOWS%]\k1c2fip0.exe
[%WINDOWS%]\SAHUninstall.exe
[%PROFILE%]\administrator\recent\goldenretrievereula.txt.lnk
[%PROFILE%]\administrator\recent\shopathome.lnk
[%PROFILE%]\administrator\recent\shopathomememberagreement.txt.lnk
[%PROFILE%]\administrator\recent\shopathomeprivacy.txt.lnk
[%PROFILE%]\locals~1\temp\bundle.exe
[%PROFILE_TEMP%]\520J0TG5.dll
[%PROFILE_TEMP%]\binsttmp.tmp
[%PROFILE_TEMP%]\mindset1013.sah
[%PROFILE_TEMP%]\sahupdate\sahdownloader_.exe
[%PROFILE_TEMP%]\umqltg4cl_.exe
[%SYSTEM%]\gah95on6.exe
[%SYSTEM%]\h0033snv.dll
[%SYSTEM%]\lsp.xx
[%SYSTEM%]\sahagent.exe
[%SYSTEM%]\sahagent1013.exe
[%SYSTEM%]\sahdownloader.exe
[%SYSTEM%]\ti4bg5f3.exe
[%WINDOWS%]\downloaded program files\sahdownloader_.exe
[%WINDOWS%]\downloaded program files\xmltok_.dll
[%WINDOWS%]\lgu4a0mt.exe
[%WINDOWS%]\poh.exe
[%WINDOWS%]\sahuninstall.exe
[%WINDOWS%]\system\sahdownloader.exe
[%WINDOWS%]\temp\bundle.exe
[%DESKTOP%]\notes\upl13816\WINDOWS\system32\3v0ib0la.exe
[%DESKTOP%]\upl13816\WINDOWS\system32\3v0ib0la.exe
[%PROFILE_TEMP%]\bundle.exe
[%SYSTEM%]\2b3fsk0h.dll
[%SYSTEM%]\4e0cf0kg.dat
[%SYSTEM%]\4rgg6omf.dat
[%SYSTEM%]\93kiqepe.dat
[%SYSTEM%]\a88fr03j.dat
[%SYSTEM%]\b572vajc.exe
[%SYSTEM%]\baur5s9q.dat
[%SYSTEM%]\bks.dll
[%SYSTEM%]\bln02nqv.exe
[%SYSTEM%]\dpcqeavj.dat
[%SYSTEM%]\fqjb7rrm.dat
[%SYSTEM%]\hcobukhe.dat
[%SYSTEM%]\iadfo3rm.dat
[%SYSTEM%]\ihtguhio.dat
[%SYSTEM%]\k9vd3d11.exe
[%SYSTEM%]\lsp.dll_tobedeleted
[%SYSTEM%]\pu34v44c.dat
[%SYSTEM%]\s9pldhhr.dat
[%SYSTEM%]\sahagent1018.exe
[%SYSTEM%]\sahagent1019.exe
[%SYSTEM%]\sahhtml.exe
[%SYSTEM%]\SahImages\gr_1reg.gif
[%SYSTEM%]\SahImages\gr_2shop.gif
[%SYSTEM%]\SahImages\gr_3cash.gif
[%SYSTEM%]\SahImages\gr_reg_header.gif
[%SYSTEM%]\SahImages\gr_sahs_logo.gif
[%SYSTEM%]\SahImages\submit_pop.gif
[%SYSTEM%]\SHAgentNew.dll
[%SYSTEM%]\tq16v8t0.dat
[%SYSTEM%]\v.dat
[%SYSTEM%]\v2mb99ao.dat
[%SYSTEM%]\vg.dat
[%WINDOWS%]\70tovmto.exe
[%WINDOWS%]\bundle_mediamotor1004.exe
[%WINDOWS%]\downloaded program files\lsp_.dll
[%WINDOWS%]\downloaded program files\sahagent_.exe
[%WINDOWS%]\downloaded program files\sahhtml_.exe
[%WINDOWS%]\downloaded program files\sahuninstall_.exe
[%WINDOWS%]\downloaded program files\xmlparse_.dll
[%WINDOWS%]\k1c2fip0.exe
[%WINDOWS%]\SAHUninstall.exe
[%PROFILE%]\administrator\recent\goldenretrievereula.txt.lnk
[%PROFILE%]\administrator\recent\shopathome.lnk
[%PROFILE%]\administrator\recent\shopathomememberagreement.txt.lnk
[%PROFILE%]\administrator\recent\shopathomeprivacy.txt.lnk
[%PROFILE%]\locals~1\temp\bundle.exe
[%PROFILE_TEMP%]\520J0TG5.dll
[%PROFILE_TEMP%]\binsttmp.tmp
[%PROFILE_TEMP%]\mindset1013.sah
[%PROFILE_TEMP%]\sahupdate\sahdownloader_.exe
[%PROFILE_TEMP%]\umqltg4cl_.exe
[%SYSTEM%]\gah95on6.exe
[%SYSTEM%]\h0033snv.dll
[%SYSTEM%]\lsp.xx
[%SYSTEM%]\sahagent.exe
[%SYSTEM%]\sahagent1013.exe
[%SYSTEM%]\sahdownloader.exe
[%SYSTEM%]\ti4bg5f3.exe
[%WINDOWS%]\downloaded program files\sahdownloader_.exe
[%WINDOWS%]\downloaded program files\xmltok_.dll
[%WINDOWS%]\lgu4a0mt.exe
[%WINDOWS%]\poh.exe
[%WINDOWS%]\sahuninstall.exe
[%WINDOWS%]\system\sahdownloader.exe
[%WINDOWS%]\temp\bundle.exe

How to detect SAHAgent:

Files:
[%DESKTOP%]\notes\upl13816\WINDOWS\system32\3v0ib0la.exe
[%DESKTOP%]\upl13816\WINDOWS\system32\3v0ib0la.exe
[%PROFILE_TEMP%]\bundle.exe
[%SYSTEM%]\2b3fsk0h.dll
[%SYSTEM%]\4e0cf0kg.dat
[%SYSTEM%]\4rgg6omf.dat
[%SYSTEM%]\93kiqepe.dat
[%SYSTEM%]\a88fr03j.dat
[%SYSTEM%]\b572vajc.exe
[%SYSTEM%]\baur5s9q.dat
[%SYSTEM%]\bks.dll
[%SYSTEM%]\bln02nqv.exe
[%SYSTEM%]\dpcqeavj.dat
[%SYSTEM%]\fqjb7rrm.dat
[%SYSTEM%]\hcobukhe.dat
[%SYSTEM%]\iadfo3rm.dat
[%SYSTEM%]\ihtguhio.dat
[%SYSTEM%]\k9vd3d11.exe
[%SYSTEM%]\lsp.dll_tobedeleted
[%SYSTEM%]\pu34v44c.dat
[%SYSTEM%]\s9pldhhr.dat
[%SYSTEM%]\sahagent1018.exe
[%SYSTEM%]\sahagent1019.exe
[%SYSTEM%]\sahhtml.exe
[%SYSTEM%]\SahImages\gr_1reg.gif
[%SYSTEM%]\SahImages\gr_2shop.gif
[%SYSTEM%]\SahImages\gr_3cash.gif
[%SYSTEM%]\SahImages\gr_reg_header.gif
[%SYSTEM%]\SahImages\gr_sahs_logo.gif
[%SYSTEM%]\SahImages\submit_pop.gif
[%SYSTEM%]\SHAgentNew.dll
[%SYSTEM%]\tq16v8t0.dat
[%SYSTEM%]\v.dat
[%SYSTEM%]\v2mb99ao.dat
[%SYSTEM%]\vg.dat
[%WINDOWS%]\70tovmto.exe
[%WINDOWS%]\bundle_mediamotor1004.exe
[%WINDOWS%]\downloaded program files\lsp_.dll
[%WINDOWS%]\downloaded program files\sahagent_.exe
[%WINDOWS%]\downloaded program files\sahhtml_.exe
[%WINDOWS%]\downloaded program files\sahuninstall_.exe
[%WINDOWS%]\downloaded program files\xmlparse_.dll
[%WINDOWS%]\k1c2fip0.exe
[%WINDOWS%]\SAHUninstall.exe
[%PROFILE%]\administrator\recent\goldenretrievereula.txt.lnk
[%PROFILE%]\administrator\recent\shopathome.lnk
[%PROFILE%]\administrator\recent\shopathomememberagreement.txt.lnk
[%PROFILE%]\administrator\recent\shopathomeprivacy.txt.lnk
[%PROFILE%]\locals~1\temp\bundle.exe
[%PROFILE_TEMP%]\520J0TG5.dll
[%PROFILE_TEMP%]\binsttmp.tmp
[%PROFILE_TEMP%]\mindset1013.sah
[%PROFILE_TEMP%]\sahupdate\sahdownloader_.exe
[%PROFILE_TEMP%]\umqltg4cl_.exe
[%SYSTEM%]\gah95on6.exe
[%SYSTEM%]\h0033snv.dll
[%SYSTEM%]\lsp.xx
[%SYSTEM%]\sahagent.exe
[%SYSTEM%]\sahagent1013.exe
[%SYSTEM%]\sahdownloader.exe
[%SYSTEM%]\ti4bg5f3.exe
[%WINDOWS%]\downloaded program files\sahdownloader_.exe
[%WINDOWS%]\downloaded program files\xmltok_.dll
[%WINDOWS%]\lgu4a0mt.exe
[%WINDOWS%]\poh.exe
[%WINDOWS%]\sahuninstall.exe
[%WINDOWS%]\system\sahdownloader.exe
[%WINDOWS%]\temp\bundle.exe
[%DESKTOP%]\notes\upl13816\WINDOWS\system32\3v0ib0la.exe
[%DESKTOP%]\upl13816\WINDOWS\system32\3v0ib0la.exe
[%PROFILE_TEMP%]\bundle.exe
[%SYSTEM%]\2b3fsk0h.dll
[%SYSTEM%]\4e0cf0kg.dat
[%SYSTEM%]\4rgg6omf.dat
[%SYSTEM%]\93kiqepe.dat
[%SYSTEM%]\a88fr03j.dat
[%SYSTEM%]\b572vajc.exe
[%SYSTEM%]\baur5s9q.dat
[%SYSTEM%]\bks.dll
[%SYSTEM%]\bln02nqv.exe
[%SYSTEM%]\dpcqeavj.dat
[%SYSTEM%]\fqjb7rrm.dat
[%SYSTEM%]\hcobukhe.dat
[%SYSTEM%]\iadfo3rm.dat
[%SYSTEM%]\ihtguhio.dat
[%SYSTEM%]\k9vd3d11.exe
[%SYSTEM%]\lsp.dll_tobedeleted
[%SYSTEM%]\pu34v44c.dat
[%SYSTEM%]\s9pldhhr.dat
[%SYSTEM%]\sahagent1018.exe
[%SYSTEM%]\sahagent1019.exe
[%SYSTEM%]\sahhtml.exe
[%SYSTEM%]\SahImages\gr_1reg.gif
[%SYSTEM%]\SahImages\gr_2shop.gif
[%SYSTEM%]\SahImages\gr_3cash.gif
[%SYSTEM%]\SahImages\gr_reg_header.gif
[%SYSTEM%]\SahImages\gr_sahs_logo.gif
[%SYSTEM%]\SahImages\submit_pop.gif
[%SYSTEM%]\SHAgentNew.dll
[%SYSTEM%]\tq16v8t0.dat
[%SYSTEM%]\v.dat
[%SYSTEM%]\v2mb99ao.dat
[%SYSTEM%]\vg.dat
[%WINDOWS%]\70tovmto.exe
[%WINDOWS%]\bundle_mediamotor1004.exe
[%WINDOWS%]\downloaded program files\lsp_.dll
[%WINDOWS%]\downloaded program files\sahagent_.exe
[%WINDOWS%]\downloaded program files\sahhtml_.exe
[%WINDOWS%]\downloaded program files\sahuninstall_.exe
[%WINDOWS%]\downloaded program files\xmlparse_.dll
[%WINDOWS%]\k1c2fip0.exe
[%WINDOWS%]\SAHUninstall.exe
[%PROFILE%]\administrator\recent\goldenretrievereula.txt.lnk
[%PROFILE%]\administrator\recent\shopathome.lnk
[%PROFILE%]\administrator\recent\shopathomememberagreement.txt.lnk
[%PROFILE%]\administrator\recent\shopathomeprivacy.txt.lnk
[%PROFILE%]\locals~1\temp\bundle.exe
[%PROFILE_TEMP%]\520J0TG5.dll
[%PROFILE_TEMP%]\binsttmp.tmp
[%PROFILE_TEMP%]\mindset1013.sah
[%PROFILE_TEMP%]\sahupdate\sahdownloader_.exe
[%PROFILE_TEMP%]\umqltg4cl_.exe
[%SYSTEM%]\gah95on6.exe
[%SYSTEM%]\h0033snv.dll
[%SYSTEM%]\lsp.xx
[%SYSTEM%]\sahagent.exe
[%SYSTEM%]\sahagent1013.exe
[%SYSTEM%]\sahdownloader.exe
[%SYSTEM%]\ti4bg5f3.exe
[%WINDOWS%]\downloaded program files\sahdownloader_.exe
[%WINDOWS%]\downloaded program files\xmltok_.dll
[%WINDOWS%]\lgu4a0mt.exe
[%WINDOWS%]\poh.exe
[%WINDOWS%]\sahuninstall.exe
[%WINDOWS%]\system\sahdownloader.exe
[%WINDOWS%]\temp\bundle.exe

Folders:
[%SYSTEM%]\sahimages

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{30402ff4-3e71-4a1c-9b4b-1cd3486a9fb2}
HKEY_CLASSES_ROOT\interface\{4828c95f-c5db-4ab6-a945-8d8ec44b98a8}
HKEY_CLASSES_ROOT\interface\{4e570f74-deee-4fcf-b960-feefa4b8c6fc}
HKEY_CLASSES_ROOT\webinstaller.execute
HKEY_CLASSES_ROOT\webinstaller.execute.1
HKEY_LOCAL_MACHINE\software\vgroup
HKEY_LOCAL_MACHINE\software\winsock2\layered provider sample
HKEY_CLASSES_ROOT\typelib\{cde442a3-dc2c-467e-a311-b4bc775d86c5}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\m3mtlgp
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\shopathomeselect agent

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\mo
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\mo
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/sahdownloader_.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\un
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\hc13cfvo
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\hc13cfvo

Removing SAHAgent:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Proxy.Daemonize Trojan

Removing Proxy.Daemonize
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Proxy.Daemonize Also known as:

[McAfee]Proxy-Daemonize;
[F-Prot]W32/Daemonize.I,W32/Daemonize.E
[;
[Other]Win32/TrojanProzy.Daemonize.Y,Troj/Daemonize-G,Backdoor.Daemonize,Win32/TrojanProxy.Daemonize.T,W32/Daemonize.T
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\VVSNInst.exe
[%PROGRAM_FILES%]\Save\ACM.dll
[%PROGRAM_FILES%]\themexp\Themexp.org File\VVSNInst.exe
[%PROGRAM_FILES%]\WhenUSearch\Content~\splash.html
[%PROFILE_TEMP%]\VVSNInst.exe
[%PROGRAM_FILES%]\Save\ACM.dll
[%PROGRAM_FILES%]\themexp\Themexp.org File\VVSNInst.exe
[%PROGRAM_FILES%]\WhenUSearch\Content~\splash.html

How to detect Proxy.Daemonize:

Files:
[%PROFILE_TEMP%]\VVSNInst.exe
[%PROGRAM_FILES%]\Save\ACM.dll
[%PROGRAM_FILES%]\themexp\Themexp.org File\VVSNInst.exe
[%PROGRAM_FILES%]\WhenUSearch\Content~\splash.html
[%PROFILE_TEMP%]\VVSNInst.exe
[%PROGRAM_FILES%]\Save\ACM.dll
[%PROGRAM_FILES%]\themexp\Themexp.org File\VVSNInst.exe
[%PROGRAM_FILES%]\WhenUSearch\Content~\splash.html

Folders:
[%PROGRAMS%]\whenusearch
[%PROGRAM_FILES%]\whenusearch

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{763bd795-24ae-44d7-82d8-f9a1ee799729}
HKEY_CLASSES_ROOT\CLSID\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B}
HKEY_CLASSES_ROOT\interface\{beae14db-a12a-442d-bf77-4644e3661211}
HKEY_CLASSES_ROOT\typelib\{5b061650-38ae-49b4-9f5d-35396b2ceff5}
HKEY_CLASSES_ROOT\typelib\{df901432-1b9f-4f5b-9e56-301c553f9095}
HKEY_CLASSES_ROOT\wuse.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B}
HKEY_LOCAL_MACHINE\software\whenusearch

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Removing Proxy.Daemonize:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

WinLogonEXE Trojan

Removing WinLogonEXE
Categories: Trojan,Adware,Hijacker
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.
WinLogonEXE Also known as:

[Kaspersky]TrojanClicker.Win32.XMedia.b;
[Panda]Trj/W32.Rslocal;
[Computer Associates]Win32/Rslocal!Trojan
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\cntrs.dll
[%WINDOWS%]\csynth.dll
[%WINDOWS%]\csyntht.dll
[%WINDOWS%]\vlrs.dll
[%WINDOWS%]\cntrs.dll
[%WINDOWS%]\csynth.dll
[%WINDOWS%]\csyntht.dll
[%WINDOWS%]\vlrs.dll

How to detect WinLogonEXE:

Files:
[%WINDOWS%]\cntrs.dll
[%WINDOWS%]\csynth.dll
[%WINDOWS%]\csyntht.dll
[%WINDOWS%]\vlrs.dll
[%WINDOWS%]\cntrs.dll
[%WINDOWS%]\csynth.dll
[%WINDOWS%]\csyntht.dll
[%WINDOWS%]\vlrs.dll

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing WinLogonEXE:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Vxidl Trojan

Removing Vxidl
Categories: Trojan,Adware,Downloader
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
Vxidl Also known as:

[Kaspersky]Trojan-Downloader.Win32.Tibs.cu,Trojan-Downloader.Win32.Small.dkt,Packed.Win32.Tibs,Trojan-Downlaoder.Win32.Tibs.ew,Trojan-Proxy.Win32.Lager.az,Trojan-Downloader.Win32.Small.ctf,Trojan-Downloader.Win32.Small.awa,Trojan-Proxy.Win32.Agent.ji,Trojan-Downloader.Win32.Tibs.iw,Trojan-Downloader.WIn32.Small.dgk,Trojan-Downloader.Win32.Small.cds,Trojan-Downloader.Win32.Tibs.bi,Trojan-Downloader.Win32.Tibs.jj,Trojan-Downloader.Win32.Small.cpt,Trojan.Win32.Pakes,Trojan-Downloader.Win32.Small.cwj,Email-Worm.Win32.Zhelatin.eb,Packed.Win32.Tibs.aj,Trojan-Downloader.Win32.Agent.bil,Trojan-Downloader.Win32.Small.feh,Trojan-Downloader.Win32.Tibs.my,Trojan-Downloader.Win32.Tibs.ns;
[McAfee]Downloader-SRL,Generic Downloader.bl,Generic AdClicker.e,Generic Downloader.f,New malware.br,W32/Generic.abx!worm,Downloader-ASH.gen,Tibs-Packed;
[F-Prot]W32/Downloader.MAN,W32/Downloader.MBX;
[Other]Win32/Vxidl,Trojan.Downloader.Tibs.DK,Win32/Vxidl!generic,Trojan.Galapoper.A,Win32.Vxidl.DW,Win32.Vxidl.DT,Trojan.Galpoper.A,Win32/Vxidl.EK,Infostealer,Dialer.Sfonditalia,Troj/Vixup-Gen,members area dialer,Win32/Vxidl.EM,Win32/Vxidl.EL,Downloader,W32/DLoader.NWZ,Troj/Vixup-W,Trojan-Downloader.Win32.Small.cds,troj-downloader.evko.biz,W32/Tibs.AAC,Troj/Tibs-Gen,Win32/Vxidl.EN,Win32/Vxidl.gen!B,Win32/Vxidl.Variant!Trojan,Trojan.Packed.13,Trojan:Win32/Vxidl.gen!B,Win32/Vxidl.FJ,Worm:Win32/Nuwar.gen,TROJ_MULP.BY,Tibs.gen107,Mal/Dorf-A,Win32/Vxidl.FT,Win32/Vxidl.IB,Win32/Vxidl.IC,Win32/Vxidl.ID,Win32/Vxidl.OG,Win32/Vxidl.OF,Win32/Vxidl.RU,Trojan:Win32/Tibs.DV,Tibs.gen136,TROJ_TIBS.AMX,Mal/Dorf-E,Win32/Vxidl.UB,Win32/Vxidl.UD,Win32/Vxidl.UE
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\zipitfast pro.lnk
[%PROFILE_TEMP%]\5.dllb
[%PROFILE_TEMP%]\ma1x1dd1.game
[%PROFILE_TEMP%]\polmx.inf
[%SYSTEM%]\dllh8jkd1q1.exe
[%SYSTEM%]\dllh8jkd1q2.exe
[%SYSTEM%]\dllh8jkd1q5.exe
[%SYSTEM%]\dllh8jkd1q6.exe
[%SYSTEM%]\dllh8jkd1q7.exe
[%SYSTEM%]\dllh8jkd1q8.exe
[%SYSTEM%]\image.gif.exe
[%SYSTEM%]\kernels1118.exe
[%SYSTEM%]\kernels64.exe
[%SYSTEM%]\kernels88.exe
[%SYSTEM%]\kernelw.sys
[%SYSTEM%]\kernelwind32.exe
[%SYSTEM%]\quscy.dat
[%SYSTEM%]\svcp.csv
[%SYSTEM%]\sysmon.exe
[%SYSTEM%]\uninst.exe
[%SYSTEM%]\vx.tll
[%SYSTEM%]\winsub.xml
[%WINDOWS%]\Installer.exe
[%WINDOWS%]\sachostx.exe
[%WINDOWS%]\Temp\THI3FCB.tmp\farmmext.inf
[%WINDOWS%]\Temp\THI3FCB.tmp\farmmext.ini
[%WINDOWS%]\temp\\adware\instafinderk_inst.exe
[%WINDOWS%]\wfwma.dat
[%SYSTEM%]\max1d1641.exe
[%SYSTEM%]\testtestt.exe
[%DESKTOP%]\zipitfast pro.lnk
[%PROFILE_TEMP%]\5.dllb
[%PROFILE_TEMP%]\ma1x1dd1.game
[%PROFILE_TEMP%]\polmx.inf
[%SYSTEM%]\dllh8jkd1q1.exe
[%SYSTEM%]\dllh8jkd1q2.exe
[%SYSTEM%]\dllh8jkd1q5.exe
[%SYSTEM%]\dllh8jkd1q6.exe
[%SYSTEM%]\dllh8jkd1q7.exe
[%SYSTEM%]\dllh8jkd1q8.exe
[%SYSTEM%]\image.gif.exe
[%SYSTEM%]\kernels1118.exe
[%SYSTEM%]\kernels64.exe
[%SYSTEM%]\kernels88.exe
[%SYSTEM%]\kernelw.sys
[%SYSTEM%]\kernelwind32.exe
[%SYSTEM%]\quscy.dat
[%SYSTEM%]\svcp.csv
[%SYSTEM%]\sysmon.exe
[%SYSTEM%]\uninst.exe
[%SYSTEM%]\vx.tll
[%SYSTEM%]\winsub.xml
[%WINDOWS%]\Installer.exe
[%WINDOWS%]\sachostx.exe
[%WINDOWS%]\Temp\THI3FCB.tmp\farmmext.inf
[%WINDOWS%]\Temp\THI3FCB.tmp\farmmext.ini
[%WINDOWS%]\temp\\adware\instafinderk_inst.exe
[%WINDOWS%]\wfwma.dat
[%SYSTEM%]\max1d1641.exe
[%SYSTEM%]\testtestt.exe

How to detect Vxidl:

Files:
[%DESKTOP%]\zipitfast pro.lnk
[%PROFILE_TEMP%]\5.dllb
[%PROFILE_TEMP%]\ma1x1dd1.game
[%PROFILE_TEMP%]\polmx.inf
[%SYSTEM%]\dllh8jkd1q1.exe
[%SYSTEM%]\dllh8jkd1q2.exe
[%SYSTEM%]\dllh8jkd1q5.exe
[%SYSTEM%]\dllh8jkd1q6.exe
[%SYSTEM%]\dllh8jkd1q7.exe
[%SYSTEM%]\dllh8jkd1q8.exe
[%SYSTEM%]\image.gif.exe
[%SYSTEM%]\kernels1118.exe
[%SYSTEM%]\kernels64.exe
[%SYSTEM%]\kernels88.exe
[%SYSTEM%]\kernelw.sys
[%SYSTEM%]\kernelwind32.exe
[%SYSTEM%]\quscy.dat
[%SYSTEM%]\svcp.csv
[%SYSTEM%]\sysmon.exe
[%SYSTEM%]\uninst.exe
[%SYSTEM%]\vx.tll
[%SYSTEM%]\winsub.xml
[%WINDOWS%]\Installer.exe
[%WINDOWS%]\sachostx.exe
[%WINDOWS%]\Temp\THI3FCB.tmp\farmmext.inf
[%WINDOWS%]\Temp\THI3FCB.tmp\farmmext.ini
[%WINDOWS%]\temp\\adware\instafinderk_inst.exe
[%WINDOWS%]\wfwma.dat
[%SYSTEM%]\max1d1641.exe
[%SYSTEM%]\testtestt.exe
[%DESKTOP%]\zipitfast pro.lnk
[%PROFILE_TEMP%]\5.dllb
[%PROFILE_TEMP%]\ma1x1dd1.game
[%PROFILE_TEMP%]\polmx.inf
[%SYSTEM%]\dllh8jkd1q1.exe
[%SYSTEM%]\dllh8jkd1q2.exe
[%SYSTEM%]\dllh8jkd1q5.exe
[%SYSTEM%]\dllh8jkd1q6.exe
[%SYSTEM%]\dllh8jkd1q7.exe
[%SYSTEM%]\dllh8jkd1q8.exe
[%SYSTEM%]\image.gif.exe
[%SYSTEM%]\kernels1118.exe
[%SYSTEM%]\kernels64.exe
[%SYSTEM%]\kernels88.exe
[%SYSTEM%]\kernelw.sys
[%SYSTEM%]\kernelwind32.exe
[%SYSTEM%]\quscy.dat
[%SYSTEM%]\svcp.csv
[%SYSTEM%]\sysmon.exe
[%SYSTEM%]\uninst.exe
[%SYSTEM%]\vx.tll
[%SYSTEM%]\winsub.xml
[%WINDOWS%]\Installer.exe
[%WINDOWS%]\sachostx.exe
[%WINDOWS%]\Temp\THI3FCB.tmp\farmmext.inf
[%WINDOWS%]\Temp\THI3FCB.tmp\farmmext.ini
[%WINDOWS%]\temp\\adware\instafinderk_inst.exe
[%WINDOWS%]\wfwma.dat
[%SYSTEM%]\max1d1641.exe
[%SYSTEM%]\testtestt.exe

Folders:
[%PROGRAM_FILES%]\instafink
[%PROGRAM_FILES%]\sidefind
[%PROGRAM_FILES%]\webspecials
[%WINDOWS%]\isrvs

Registry Keys:
HKEY_CLASSES_ROOT\catalyst.httpclientctrl.1
HKEY_CLASSES_ROOT\clsid\{01fc5803-8644-45d7-877b-5a3924d8ecc4}
HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-90F0-F66AB581A933}
HKEY_CLASSES_ROOT\clsid\{aa8c93e1-7e5f-497e-b67c-cc8fe2a40d3b}
HKEY_CLASSES_ROOT\clsid\{edd6ba26-9ebb-11d2-b89c-00104b30757b}
HKEY_CLASSES_ROOT\clsid\{edd6ba27-9ebb-11d2-b89c-00104b30757b}
HKEY_CLASSES_ROOT\imgconv.clsimgconv
HKEY_CLASSES_ROOT\instafink.instafink
HKEY_CLASSES_ROOT\interface\{2ddd90d6-f153-4ea7-a324-4b2d83d1027e}
HKEY_CLASSES_ROOT\Interface\{339D8AFF-0B42-4260-AD82-78CE605A9543}
HKEY_CLASSES_ROOT\interface\{68831d00-169e-4feb-89b9-e099df439321}
HKEY_CLASSES_ROOT\interface\{9ce15eb5-6b39-4656-9e1f-2d219ee42e0e}
HKEY_CLASSES_ROOT\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F}
HKEY_CLASSES_ROOT\interface\{edd6ba24-9ebb-11d2-b89c-00104b30757b}
HKEY_CLASSES_ROOT\interface\{edd6ba25-9ebb-11d2-b89c-00104b30757b}
HKEY_CLASSES_ROOT\mfiltis
HKEY_CLASSES_ROOT\searchbartoolbar.isubclass
HKEY_CLASSES_ROOT\searchbartoolbar.searchbar
HKEY_CLASSES_ROOT\Typelib\{58634367-D62B-4C2C-86BE-5AAC45CDB671}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-90F0-F66AB581A933}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\instafink

Registry Values:
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink\reports
HKEY_CURRENT_USER\software\instafink\stat
HKEY_CURRENT_USER\software\instafink\stat
HKEY_CURRENT_USER\software\instafink\stat
HKEY_CURRENT_USER\software\instafink\stat
HKEY_CURRENT_USER\software\instafink\stat
HKEY_CURRENT_USER\software\instafink\stat
HKEY_CURRENT_USER\software\instafink\stat
HKEY_CURRENT_USER\software\instafink\stat
HKEY_CURRENT_USER\software\instafink\stat
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink\reports
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\1987324.com\www

Removing Vxidl:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

DAE BHO

Removing DAE
Categories: BHO
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\dae.dll
[%SYSTEM%]\dae.dll

How to detect DAE:

Files:
[%SYSTEM%]\dae.dll
[%SYSTEM%]\dae.dll

Removing DAE:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Tiny.Spy.Agent Spyware

Removing Tiny.Spy.Agent
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\TinyStone\Tiny Spy Agent\help.htm
[%PROGRAM_FILES%]\TinyStone\Tiny Spy Agent\keymap.dll
[%PROGRAM_FILES%]\TinyStone\Tiny Spy Agent\sagent.exe
[%PROGRAM_FILES%]\TinyStone\Tiny Spy Agent\help.htm
[%PROGRAM_FILES%]\TinyStone\Tiny Spy Agent\keymap.dll
[%PROGRAM_FILES%]\TinyStone\Tiny Spy Agent\sagent.exe

How to detect Tiny.Spy.Agent:

Files:
[%PROGRAM_FILES%]\TinyStone\Tiny Spy Agent\help.htm
[%PROGRAM_FILES%]\TinyStone\Tiny Spy Agent\keymap.dll
[%PROGRAM_FILES%]\TinyStone\Tiny Spy Agent\sagent.exe
[%PROGRAM_FILES%]\TinyStone\Tiny Spy Agent\help.htm
[%PROGRAM_FILES%]\TinyStone\Tiny Spy Agent\keymap.dll
[%PROGRAM_FILES%]\TinyStone\Tiny Spy Agent\sagent.exe

Registry Keys:
HKEY_LOCAL_MACHINE\software\tinystone\tiny spy agent

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Tiny.Spy.Agent:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

KnightSeven Backdoor

Removing KnightSeven
Categories: Backdoor,RAT
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

KnightSeven Also known as:

[Kaspersky]Backdoor.Knightseven.10;
[Panda]Backdoor Program;
[Computer Associates]Backdoor/Knightseven.1_0
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\sndctl32.cfg
[%WINDOWS%]\sndctl32.exe
[%WINDOWS%]\sndctl32.cfg
[%WINDOWS%]\sndctl32.exe

How to detect KnightSeven:

Files:
[%WINDOWS%]\sndctl32.cfg
[%WINDOWS%]\sndctl32.exe
[%WINDOWS%]\sndctl32.cfg
[%WINDOWS%]\sndctl32.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing KnightSeven:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Computer.System Spyware

Removing Computer.System
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

How to detect Computer.System:

Folders:
[%SYSTEM%]\PAL\CSS
[%PROGRAM_FILES%]\IE Protector

Registry Keys:
HKEY_CLASSES_ROOT\appid\{2eaf3815-55f5-11d1-b9c5-00c04fbd6229}
HKEY_CLASSES_ROOT\clsid\{1b77d30a-81c9-497a-8647-142f7511b1fb}
HKEY_CLASSES_ROOT\typelib\{2eaf3814-55f5-11d1-b9c5-00c04fbd6229}
HKEY_LOCAL_MACHINE\software\klp
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1b77d30a-81c9-497a-8647-142f7511b1fb}
HKEY_CLASSES_ROOT\charp.iewebguard
HKEY_CLASSES_ROOT\charp.iewebguard.1
HKEY_CLASSES_ROOT\ieguard.iewebguard
HKEY_CLASSES_ROOT\ieguard.iewebguard.1
HKEY_CLASSES_ROOT\interface\{267b1ed2-2c9e-4a3f-be15-7afc79403073}
HKEY_CLASSES_ROOT\interface\{80cc88fe-2567-42ed-a3ae-e397d2a12c52}
HKEY_CLASSES_ROOT\typelib\{5ab0d266-dd2b-4006-b9d6-a9145291bdd6}

Removing Computer.System:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Coulomb Adware

Removing Coulomb
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\comload.dll
[%SYSTEM%]\comload.dll

How to detect Coulomb:

Files:
[%SYSTEM%]\comload.dll
[%SYSTEM%]\comload.dll

Registry Keys:
HKEY_CURRENT_USER\software\coulomb
HKEY_LOCAL_MACHINE\software\classes\clsid\{9e1089bc-1ae8-4685-8d77-6721e5c318a8}
HKEY_LOCAL_MACHINE\software\classes\clsid\{ad7fafb0-16d6-40c3-af27-585d6e6453fd}
HKEY_USERS\.default\software\coulomb
HKEY_CURRENT_USER\software\coulomb location
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\deborah

Removing Coulomb:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Roastcurd Trojan

Removing Roastcurd
Categories: Trojan,Downloader
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
Roastcurd Also known as:

[Kaspersky]Trojan-Downloader.Win32.Small.ehu,Trojan-Downlaoder.Win32.Tiny.iw,Trojan-Downloader.Win32.Tiny.zb;
[McAfee]Generic Downloader;
[Other]Win32/Roastcurd.A,Win32/Roastcurd.X,Win32/Roastcurd.AK,Win32/RoastCurd.AN,TrojanDownloader:Win32/Agent.WX,Harnig.gen1,Mal/Packer,Downloader
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\YMagic.dll
[%WINDOWS%]\YMagic.dll
[%SYSTEM%]\YMagic.dll
[%WINDOWS%]\YMagic.dll

How to detect Roastcurd:

Files:
[%SYSTEM%]\YMagic.dll
[%WINDOWS%]\YMagic.dll
[%SYSTEM%]\YMagic.dll
[%WINDOWS%]\YMagic.dll

Removing Roastcurd:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Agent.hz Trojan

Removing Agent.hz
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

How to detect Agent.hz:

Registry Keys:
HKEY_CLASSES_ROOT\bho_html.edit_html.1

Removing Agent.hz:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Ribdew Trojan

Removing Ribdew
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Ribdew Also known as:

[Kaspersky]AdWare.Win32.Webdir.b;
[Other]Win32/Ribdew.E,Adware.WebDir,Win32/Ribdew.F
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\IECodecPlg.dll
[%WINDOWS%]\VirtualDNS.dll
[%WINDOWS%]\VirtualDNS.dll.bak
[%WINDOWS%]\IECodecPlg.dll
[%WINDOWS%]\VirtualDNS.dll
[%WINDOWS%]\VirtualDNS.dll.bak

How to detect Ribdew:

Files:
[%WINDOWS%]\IECodecPlg.dll
[%WINDOWS%]\VirtualDNS.dll
[%WINDOWS%]\VirtualDNS.dll.bak
[%WINDOWS%]\IECodecPlg.dll
[%WINDOWS%]\VirtualDNS.dll
[%WINDOWS%]\VirtualDNS.dll.bak

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{86C510E9-97EF-4749-914F-0280247BE3A6}
HKEY_CLASSES_ROOT\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86C510E9-97EF-4749-914F-0280247BE3A6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}
HKEY_CLASSES_ROOT\clsid\{86c510e9-97ef-4749-914f-0280247be3a6}
HKEY_CLASSES_ROOT\clsid\{ca13d72f-2dac-4d99-b08d-c5ea1c920e89}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{86c510e9-97ef-4749-914f-0280247be3a6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ca13d72f-2dac-4d99-b08d-c5ea1c920e89}

Removing Ribdew:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Yeam Trojan

Removing Yeam
Categories: Trojan,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\SecureWin31.dll
[%WINDOWS%]\SecureWin32.exe
[%WINDOWS%]\SecureWin33.exe
[%WINDOWS%]\Win33SecurityUpdates.exe
[%WINDOWS%]\WindowsUpdates.exe
[%WINDOWS%]\SecureWin31.dll
[%WINDOWS%]\SecureWin32.exe
[%WINDOWS%]\SecureWin33.exe
[%WINDOWS%]\Win33SecurityUpdates.exe
[%WINDOWS%]\WindowsUpdates.exe

How to detect Yeam:

Files:
[%WINDOWS%]\SecureWin31.dll
[%WINDOWS%]\SecureWin32.exe
[%WINDOWS%]\SecureWin33.exe
[%WINDOWS%]\Win33SecurityUpdates.exe
[%WINDOWS%]\WindowsUpdates.exe
[%WINDOWS%]\SecureWin31.dll
[%WINDOWS%]\SecureWin32.exe
[%WINDOWS%]\SecureWin33.exe
[%WINDOWS%]\Win33SecurityUpdates.exe
[%WINDOWS%]\WindowsUpdates.exe

Removing Yeam:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:
Subscribe to: Posts (Atom)