Malware Info: 11/08/08

Saturday, November 8, 2008

Bancos.IKW Trojan

Removing Bancos.IKW
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Bancos.IKW Also known as:


[Kaspersky]Trojan-Downloader.Win32.Banload.fgq

How to detect Bancos.IKW:

Folders: [%SYSTEM%]\code\fotos

Registry Keys: HKEY_CURRENT_USER\dark

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Bancos.IKW:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Removing SupremeSpy
Categories: Spyware
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

Visible Symptoms:
Files in system folders:

 
[%DESKTOP%]\supreme spy demo.lnk
[%DESKTOP%]\supreme spy demo.lnk

How to detect SupremeSpy:

Files: [%DESKTOP%]\supreme spy demo.lnk [%DESKTOP%]\supreme spy demo.lnk

Folders: [%PROGRAMS%]\supremespy.com software [%PROGRAM_FILES%]\ss demo

Registry Keys: HKEY_LOCAL_MACHINE\software\supremespy.com

Removing SupremeSpy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Zlob.Fam.Gold Codec Trojan

Removing Zlob.Fam.Gold Codec
Categories: Trojan,Popups
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
The pop-ups generally will not be stopped by pop-up stoppers, and often are
not dependent on your having Internet Explorer open.

Visible Symptoms:
Files in system folders:

 
[%PROGRAM_FILES%]\Gold Codec\iesplugin.dll
[%PROGRAM_FILES%]\Gold Codec\iesuninst.exe
[%PROGRAM_FILES%]\Gold Codec\isamini.exe
[%PROGRAM_FILES%]\Gold Codec\isamonitor.exe
[%PROGRAM_FILES%]\Gold Codec\ot.ico
[%PROGRAM_FILES%]\Gold Codec\pmmon.exe
[%PROGRAM_FILES%]\Gold Codec\pmuninst.exe
[%PROGRAM_FILES%]\Gold Codec\ts.ico
[%PROGRAM_FILES%]\Gold Codec\uninst.exe
[%PROGRAM_FILES%]\Gold Codec\iesplugin.dll
[%PROGRAM_FILES%]\Gold Codec\iesuninst.exe
[%PROGRAM_FILES%]\Gold Codec\isamini.exe
[%PROGRAM_FILES%]\Gold Codec\isamonitor.exe
[%PROGRAM_FILES%]\Gold Codec\ot.ico
[%PROGRAM_FILES%]\Gold Codec\pmmon.exe
[%PROGRAM_FILES%]\Gold Codec\pmuninst.exe
[%PROGRAM_FILES%]\Gold Codec\ts.ico
[%PROGRAM_FILES%]\Gold Codec\uninst.exe

How to detect Zlob.Fam.Gold Codec:

Files: [%PROGRAM_FILES%]\Gold Codec\iesplugin.dll [%PROGRAM_FILES%]\Gold Codec\iesuninst.exe [%PROGRAM_FILES%]\Gold Codec\isamini.exe [%PROGRAM_FILES%]\Gold Codec\isamonitor.exe [%PROGRAM_FILES%]\Gold Codec\ot.ico [%PROGRAM_FILES%]\Gold Codec\pmmon.exe [%PROGRAM_FILES%]\Gold Codec\pmuninst.exe [%PROGRAM_FILES%]\Gold Codec\ts.ico [%PROGRAM_FILES%]\Gold Codec\uninst.exe [%PROGRAM_FILES%]\Gold Codec\iesplugin.dll [%PROGRAM_FILES%]\Gold Codec\iesuninst.exe [%PROGRAM_FILES%]\Gold Codec\isamini.exe [%PROGRAM_FILES%]\Gold Codec\isamonitor.exe [%PROGRAM_FILES%]\Gold Codec\ot.ico [%PROGRAM_FILES%]\Gold Codec\pmmon.exe [%PROGRAM_FILES%]\Gold Codec\pmuninst.exe [%PROGRAM_FILES%]\Gold Codec\ts.ico [%PROGRAM_FILES%]\Gold Codec\uninst.exe

Folders: [%PROGRAM_FILES%]\Gold Codec

Registry Keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gold Codec

Removing Zlob.Fam.Gold Codec:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

IRCBun Trojan

Removing IRCBun
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

How to detect IRCBun:

Registry Keys: HKEY_CLASSES_ROOT\CLSID\{9896231A-C487-43A5-8369-6EC9B0A96CC0}

Removing IRCBun:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Spy.Agent.cf Trojan

Removing Spy.Agent.cf
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Spy.Agent.cf Also known as:


[McAfee]Spy-Agent.cf;
[Other]Win32/Banbot.Q,Trojan:Win32/Rundis.A,Troj/Small-EKE

How to detect Spy.Agent.cf:

Registry Keys: HKEY_CLASSES_ROOT\clsid\{1e0abea7-7385-4b5e-a23a-6e97bd9f3412} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1e0abea7-7385-4b5e-a23a-6e97bd9f3412}

Registry Values: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8db1b67a-e3cb-44a8-afa6-ece6d1e7d028} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing Spy.Agent.cf:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

TargetSoft.winhost32 Adware

Removing TargetSoft.winhost32
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\system\winhost32.exe
[%WINDOWS%]\system\winhost32.exe

How to detect TargetSoft.winhost32:

Files: [%WINDOWS%]\system\winhost32.exe [%WINDOWS%]\system\winhost32.exe

Removing TargetSoft.winhost32:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

ScreenNameHackerV1 Trojan

Removing ScreenNameHackerV1
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Visible Symptoms:
Files in system folders:

 
[%COMMON_DESKTOPDIRECTORY%]\Shortcut to ScreenNameHacker.exe.LNK
[%COMMON_PROGRAMS%]\Inersoft\Screem Name HACKER\Shortcut to ScreenNameHacker.exe.LNK
[%COMMON_PROGRAMS%]\Inersoft\Screem Name HACKER\Uninstall Screem Name HACKER.LNK
[%COMMON_STARTUP%]\Shortcut to WINDOWXP.exe.LNK
[%WINDOWS%]\ScreenNameHacker.exe
[%WINDOWS%]\Uninstall Screem Name HACKER.LNK
[%COMMON_DESKTOPDIRECTORY%]\Shortcut to ScreenNameHacker.exe.LNK
[%COMMON_PROGRAMS%]\Inersoft\Screem Name HACKER\Shortcut to ScreenNameHacker.exe.LNK
[%COMMON_PROGRAMS%]\Inersoft\Screem Name HACKER\Uninstall Screem Name HACKER.LNK
[%COMMON_STARTUP%]\Shortcut to WINDOWXP.exe.LNK
[%WINDOWS%]\ScreenNameHacker.exe
[%WINDOWS%]\Uninstall Screem Name HACKER.LNK

How to detect ScreenNameHackerV1:

Files: [%COMMON_DESKTOPDIRECTORY%]\Shortcut to ScreenNameHacker.exe.LNK [%COMMON_PROGRAMS%]\Inersoft\Screem Name HACKER\Shortcut to ScreenNameHacker.exe.LNK [%COMMON_PROGRAMS%]\Inersoft\Screem Name HACKER\Uninstall Screem Name HACKER.LNK [%COMMON_STARTUP%]\Shortcut to WINDOWXP.exe.LNK [%WINDOWS%]\ScreenNameHacker.exe [%WINDOWS%]\Uninstall Screem Name HACKER.LNK [%COMMON_DESKTOPDIRECTORY%]\Shortcut to ScreenNameHacker.exe.LNK [%COMMON_PROGRAMS%]\Inersoft\Screem Name HACKER\Shortcut to ScreenNameHacker.exe.LNK [%COMMON_PROGRAMS%]\Inersoft\Screem Name HACKER\Uninstall Screem Name HACKER.LNK [%COMMON_STARTUP%]\Shortcut to WINDOWXP.exe.LNK [%WINDOWS%]\ScreenNameHacker.exe [%WINDOWS%]\Uninstall Screem Name HACKER.LNK

Registry Keys: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\screem name hacker

Removing ScreenNameHackerV1:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

ezPorn Trojan

Removing ezPorn
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

How to detect ezPorn:

Folders: [%PROGRAMS%]\ezPorn [%PROGRAM_FILES%]\ezPorn

Registry Keys: HKEY_CLASSES_ROOT\ezporn HKEY_CURRENT_USER\software\ezporn HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ezporn

Removing ezPorn:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Ping.Door Backdoor

Removing Ping.Door
Categories: Backdoor,RAT
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

Ping.Door Also known as:


[Kaspersky]Backdoor.Liondoor.04,Backdoor.Pingdoor.041;
[McAfee]BackDoor-AOG;
[F-Prot]security risk or a "backdoor" program;
[Panda]Backdoor Program,Bck/Pingdoor.041;
[Computer Associates]Backdoor/Liondoor.04!Server,Backdoor/Pingdoor.041!Server

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\exul2.exe
[%SYSTEM%]\icsxml\mset_bbi8010.dll
[%SYSTEM%]\icsxml\mset_bbi80101.dll
[%SYSTEM%]\mset_bbi8010.dll
[%SYSTEM%]\mset_bbi80101.dll
[%WINDOWS%]\bargain3.exe
[%SYSTEM%]\exul2.exe
[%SYSTEM%]\icsxml\mset_bbi8010.dll
[%SYSTEM%]\icsxml\mset_bbi80101.dll
[%SYSTEM%]\mset_bbi8010.dll
[%SYSTEM%]\mset_bbi80101.dll
[%WINDOWS%]\bargain3.exe

How to detect Ping.Door:

Files: [%SYSTEM%]\exul2.exe [%SYSTEM%]\icsxml\mset_bbi8010.dll [%SYSTEM%]\icsxml\mset_bbi80101.dll [%SYSTEM%]\mset_bbi8010.dll [%SYSTEM%]\mset_bbi80101.dll [%WINDOWS%]\bargain3.exe [%SYSTEM%]\exul2.exe [%SYSTEM%]\icsxml\mset_bbi8010.dll [%SYSTEM%]\icsxml\mset_bbi80101.dll [%SYSTEM%]\mset_bbi8010.dll [%SYSTEM%]\mset_bbi80101.dll [%WINDOWS%]\bargain3.exe

Folders: [%PROGRAM_FILES%]\bargain buddy

Registry Keys: HKEY_CLASSES_ROOT\interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678} HKEY_CLASSES_ROOT\interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678} HKEY_CLASSES_ROOT\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3} HKEY_CLASSES_ROOT\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516e2a3}

Registry Values: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Removing Ping.Door:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

DSSAgent Adware

Removing DSSAgent
Categories: Adware,Spyware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\bbstore\dss\dssagent.exe
[%WINDOWS%]\bbstore\dss\dssagent.exe

How to detect DSSAgent:

Files: [%WINDOWS%]\bbstore\dss\dssagent.exe [%WINDOWS%]\bbstore\dss\dssagent.exe

Registry Values: HKEY_LOCAL_MACHINE\software\broderbund software\dss HKEY_LOCAL_MACHINE\software\broderbund software\dss HKEY_LOCAL_MACHINE\software\broderbund software\dss HKEY_LOCAL_MACHINE\software\broderbund software\dss HKEY_LOCAL_MACHINE\software\broderbund software\dss HKEY_LOCAL_MACHINE\software\broderbund software\dss HKEY_LOCAL_MACHINE\software\broderbund software\dss HKEY_LOCAL_MACHINE\software\broderbund software\dss HKEY_LOCAL_MACHINE\software\broderbund software\dss HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\software\broderbund software\dss HKEY_LOCAL_MACHINE\software\broderbund software\dss HKEY_LOCAL_MACHINE\software\broderbund software\dss HKEY_LOCAL_MACHINE\software\broderbund software\dss HKEY_LOCAL_MACHINE\software\broderbund software\dss HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls

Removing DSSAgent:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

DeluxeCommunications Adware

Removing DeluxeCommunications
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

DeluxeCommunications Also known as:


[Kaspersky]AdWare.Win32.SurfSide.ay

Visible Symptoms:
Files in system folders:

 
[%APPDATA%]\Dxcknwrd.dll
[%PROFILE_TEMP%]\DxcUpdater3.exe
[%PROGRAM_FILES%]\DeluxeCommunications\DxcBho.dll
[%PROGRAM_FILES%]\DeluxeCommunications\DxcCore.dll
[%PROGRAM_FILES_COMMON%]\misc002\DXC.exe
[%SYSTEM%]\abc.exe
[%SYSTEM%]\bkd.exe
[%SYSTEM%]\dxclib303562752.dll
[%WINDOWS%]\DXCecho.exe
[%PROFILE_TEMP%]\DXC8.x.exe
[%APPDATA%]\Dxcknwrd.dll
[%PROFILE_TEMP%]\DxcUpdater3.exe
[%PROGRAM_FILES%]\DeluxeCommunications\DxcBho.dll
[%PROGRAM_FILES%]\DeluxeCommunications\DxcCore.dll
[%PROGRAM_FILES_COMMON%]\misc002\DXC.exe
[%SYSTEM%]\abc.exe
[%SYSTEM%]\bkd.exe
[%SYSTEM%]\dxclib303562752.dll
[%WINDOWS%]\DXCecho.exe
[%PROFILE_TEMP%]\DXC8.x.exe

How to detect DeluxeCommunications:

Files: [%APPDATA%]\Dxcknwrd.dll [%PROFILE_TEMP%]\DxcUpdater3.exe [%PROGRAM_FILES%]\DeluxeCommunications\DxcBho.dll [%PROGRAM_FILES%]\DeluxeCommunications\DxcCore.dll [%PROGRAM_FILES_COMMON%]\misc002\DXC.exe [%SYSTEM%]\abc.exe [%SYSTEM%]\bkd.exe [%SYSTEM%]\dxclib303562752.dll [%WINDOWS%]\DXCecho.exe [%PROFILE_TEMP%]\DXC8.x.exe [%APPDATA%]\Dxcknwrd.dll [%PROFILE_TEMP%]\DxcUpdater3.exe [%PROGRAM_FILES%]\DeluxeCommunications\DxcBho.dll [%PROGRAM_FILES%]\DeluxeCommunications\DxcCore.dll [%PROGRAM_FILES_COMMON%]\misc002\DXC.exe [%SYSTEM%]\abc.exe [%SYSTEM%]\bkd.exe [%SYSTEM%]\dxclib303562752.dll [%WINDOWS%]\DXCecho.exe [%PROFILE_TEMP%]\DXC8.x.exe

Folders: [%PROGRAM_FILES%]\DeluxeCommunications [%PROGRAM_FILES%]\InetGet2

Registry Keys: HKEY_CLASSES_ROOT\clsid\{a8bd6820-6ed7-423e-9558-2d1486b0feea} HKEY_CURRENT_USER\software\deluxecommunications HKEY_LOCAL_MACHINE\software\deluxecommunications HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\deluxecommunications

Registry Values: HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing DeluxeCommunications:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

ErrorSafe Trojan

Removing ErrorSafe
Categories: Trojan,Adware,Downloader,Ransomware
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.

If the victim opens/executes the attachment, the program encrypts
a number of files on the victim's computer. A ransom note is then left behind for the victim.

The victim will be unable to open the encrypted files without the correct decryption key.
Once the ransom demanded in the ransom note is paid, the cracker may (or may not)
send the decryption key, enabling decryption of the "kidnapped" files.

Visible Symptoms:
Files in system folders:

 
[%APPDATA%]\errorsafenewreleaseinstall[1].exe
[%APPDATA%]\errorsafenewreleaseinstall[2].exe
[%APPDATA%]\errsafer.exe
[%INTERNET_CACHE%]\Content.IE5\B86RQ4HE\ErrorSafeNewReleaseInstall[1].cab
[%INTERNET_CACHE%]\Content.IE5\E9MZUDEF\ErrorSafeNewReleaseInstall[1].exe
[%INTERNET_CACHE%]\Content.IE5\K1YR4LMR\ErrorSafeNewReleaseInstall[1].exe
[%INTERNET_CACHE%]\Content.IE5\QJYRILAJ\ErrorSafeNewReleaseInstall[1].cab
[%PROFILE%]\trace.log
[%PROFILE_TEMP%]\ErrorSafeScannerSetup.exe
[%PROFILE_TEMP%]\ICD1.tmp\UERSY_0001_N68M0602NetInstaller.exe
[%PROFILE_TEMP%]\ICD1.tmp\UERS_9999_N91S2507NetInstaller.exe
[%PROFILE_TEMP%]\ICD1.tmp\UERS_9999_N91S2507NetInstaller.inf
[%PROFILE_TEMP%]\ICD2.tmp\UERSY_0001_N68M0602NetInstaller.exe
[%PROFILE_TEMP%]\ICD2.tmp\UERS_9999_N91S2507NetInstaller.exe
[%PROFILE_TEMP%]\ICD2.tmp\UERS_9999_N91S2507NetInstaller.inf
[%PROFILE_TEMP%]\ICD20.tmp\UERS_9999_N91S2507NetInstaller.inf
[%PROFILE_TEMP%]\ICD28.tmp\UERS_9999_N91S2507NetInstaller.inf
[%PROFILE_TEMP%]\ICD3.tmp\UERS_9999_N91S2507NetInstaller.exe
[%PROFILE_TEMP%]\ICD3.tmp\UERS_9999_N91S2507NetInstaller.inf
[%PROFILE_TEMP%]\ICD37.tmp\UERS_9999_N91S2507NetInstaller.inf
[%PROFILE_TEMP%]\ICD4.tmp\UERS_9999_N91S2507NetInstaller.inf
[%PROFILE_TEMP%]\ICD40.tmp\UERS_9999_N91S2507NetInstaller.inf
[%PROFILE_TEMP%]\ICD45.tmp\UERS_9999_N91S2507NetInstaller.inf
[%PROFILE_TEMP%]\ICD7.tmp\UERS_9999_N91S2507NetInstaller.exe
[%PROFILE_TEMP%]\ICD7.tmp\UERS_9999_N91S2507NetInstaller.inf
[%PROFILE_TEMP%]\ICD9.tmp\UERS_9999_N91S2507NetInstaller.inf
[%PROFILE_TEMP%]\NI.UERS_9999_N91S2507\setup.exe
[%PROGRAM_FILES%]\Error Safe Free\uerscw.exe
[%PROGRAM_FILES%]\ErrorSafe Free\EmtERSF.exe
[%PROGRAM_FILES%]\ErrorSafe Free\UERScw.exe
[%PROGRAM_FILES%]\ErrorSafe Free\Updater.exe
[%PROGRAM_FILES_COMMON%]\ers_startupmon.exe
[%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2006\ers_startupmon.exe
[%WINDOWS%]\Downloaded Program Files\UERS_9999_N91S2507NetInstaller.exe
[%WINDOWS%]\Temp\ErrorSafeScannerSetup.exe
[%DESKTOP%]\Error Safe.lnk
[%SYSTEM%]\ERROR
[%WINDOWS%]\Downloaded Program Files\UPRP_0001_D21M1501NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UPRP_0001_D21M2103NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS7_0001_N99M3108NetInstaller.exe
[%DESKTOP%]\errorsafe.lnk
[%DESKTOP%]\install errorsafe .lnk
[%PROGRAMS%]\errorsafe\contact customer support.lnk
[%PROGRAMS%]\errorsafe\errorsafe deinstallieren.lnk
[%PROGRAMS%]\errorsafe\errorsafe im netz.lnk
[%PROGRAMS%]\errorsafe\errorsafe on the web.lnk
[%PROGRAMS%]\errorsafe\errorsafe.lnk
[%PROGRAMS%]\errorsafe\kundendienst kontaktieren.lnk
[%PROGRAMS%]\errorsafe\uninstall errorsafe.lnk
[%APPDATA%]\errorsafenewreleaseinstall[1].exe
[%APPDATA%]\errorsafenewreleaseinstall[2].exe
[%APPDATA%]\errsafer.exe
[%INTERNET_CACHE%]\Content.IE5\B86RQ4HE\ErrorSafeNewReleaseInstall[1].cab
[%INTERNET_CACHE%]\Content.IE5\E9MZUDEF\ErrorSafeNewReleaseInstall[1].exe
[%INTERNET_CACHE%]\Content.IE5\K1YR4LMR\ErrorSafeNewReleaseInstall[1].exe
[%INTERNET_CACHE%]\Content.IE5\QJYRILAJ\ErrorSafeNewReleaseInstall[1].cab
[%PROFILE%]\trace.log
[%PROFILE_TEMP%]\ErrorSafeScannerSetup.exe
[%PROFILE_TEMP%]\ICD1.tmp\UERSY_0001_N68M0602NetInstaller.exe
[%PROFILE_TEMP%]\ICD1.tmp\UERS_9999_N91S2507NetInstaller.exe
[%PROFILE_TEMP%]\ICD1.tmp\UERS_9999_N91S2507NetInstaller.inf
[%PROFILE_TEMP%]\ICD2.tmp\UERSY_0001_N68M0602NetInstaller.exe
[%PROFILE_TEMP%]\ICD2.tmp\UERS_9999_N91S2507NetInstaller.exe
[%PROFILE_TEMP%]\ICD2.tmp\UERS_9999_N91S2507NetInstaller.inf
[%PROFILE_TEMP%]\ICD20.tmp\UERS_9999_N91S2507NetInstaller.inf
[%PROFILE_TEMP%]\ICD28.tmp\UERS_9999_N91S2507NetInstaller.inf
[%PROFILE_TEMP%]\ICD3.tmp\UERS_9999_N91S2507NetInstaller.exe
[%PROFILE_TEMP%]\ICD3.tmp\UERS_9999_N91S2507NetInstaller.inf
[%PROFILE_TEMP%]\ICD37.tmp\UERS_9999_N91S2507NetInstaller.inf
[%PROFILE_TEMP%]\ICD4.tmp\UERS_9999_N91S2507NetInstaller.inf
[%PROFILE_TEMP%]\ICD40.tmp\UERS_9999_N91S2507NetInstaller.inf
[%PROFILE_TEMP%]\ICD45.tmp\UERS_9999_N91S2507NetInstaller.inf
[%PROFILE_TEMP%]\ICD7.tmp\UERS_9999_N91S2507NetInstaller.exe
[%PROFILE_TEMP%]\ICD7.tmp\UERS_9999_N91S2507NetInstaller.inf
[%PROFILE_TEMP%]\ICD9.tmp\UERS_9999_N91S2507NetInstaller.inf
[%PROFILE_TEMP%]\NI.UERS_9999_N91S2507\setup.exe
[%PROGRAM_FILES%]\Error Safe Free\uerscw.exe
[%PROGRAM_FILES%]\ErrorSafe Free\EmtERSF.exe
[%PROGRAM_FILES%]\ErrorSafe Free\UERScw.exe
[%PROGRAM_FILES%]\ErrorSafe Free\Updater.exe
[%PROGRAM_FILES_COMMON%]\ers_startupmon.exe
[%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2006\ers_startupmon.exe
[%WINDOWS%]\Downloaded Program Files\UERS_9999_N91S2507NetInstaller.exe
[%WINDOWS%]\Temp\ErrorSafeScannerSetup.exe
[%DESKTOP%]\Error Safe.lnk
[%SYSTEM%]\ERROR
[%WINDOWS%]\Downloaded Program Files\UPRP_0001_D21M1501NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UPRP_0001_D21M2103NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS7_0001_N99M3108NetInstaller.exe
[%DESKTOP%]\errorsafe.lnk
[%DESKTOP%]\install errorsafe .lnk
[%PROGRAMS%]\errorsafe\contact customer support.lnk
[%PROGRAMS%]\errorsafe\errorsafe deinstallieren.lnk
[%PROGRAMS%]\errorsafe\errorsafe im netz.lnk
[%PROGRAMS%]\errorsafe\errorsafe on the web.lnk
[%PROGRAMS%]\errorsafe\errorsafe.lnk
[%PROGRAMS%]\errorsafe\kundendienst kontaktieren.lnk
[%PROGRAMS%]\errorsafe\uninstall errorsafe.lnk

How to detect ErrorSafe:

Files: [%APPDATA%]\errorsafenewreleaseinstall[1].exe [%APPDATA%]\errorsafenewreleaseinstall[2].exe [%APPDATA%]\errsafer.exe [%INTERNET_CACHE%]\Content.IE5\B86RQ4HE\ErrorSafeNewReleaseInstall[1].cab [%INTERNET_CACHE%]\Content.IE5\E9MZUDEF\ErrorSafeNewReleaseInstall[1].exe [%INTERNET_CACHE%]\Content.IE5\K1YR4LMR\ErrorSafeNewReleaseInstall[1].exe [%INTERNET_CACHE%]\Content.IE5\QJYRILAJ\ErrorSafeNewReleaseInstall[1].cab [%PROFILE%]\trace.log [%PROFILE_TEMP%]\ErrorSafeScannerSetup.exe [%PROFILE_TEMP%]\ICD1.tmp\UERSY_0001_N68M0602NetInstaller.exe [%PROFILE_TEMP%]\ICD1.tmp\UERS_9999_N91S2507NetInstaller.exe [%PROFILE_TEMP%]\ICD1.tmp\UERS_9999_N91S2507NetInstaller.inf [%PROFILE_TEMP%]\ICD2.tmp\UERSY_0001_N68M0602NetInstaller.exe [%PROFILE_TEMP%]\ICD2.tmp\UERS_9999_N91S2507NetInstaller.exe [%PROFILE_TEMP%]\ICD2.tmp\UERS_9999_N91S2507NetInstaller.inf [%PROFILE_TEMP%]\ICD20.tmp\UERS_9999_N91S2507NetInstaller.inf [%PROFILE_TEMP%]\ICD28.tmp\UERS_9999_N91S2507NetInstaller.inf [%PROFILE_TEMP%]\ICD3.tmp\UERS_9999_N91S2507NetInstaller.exe [%PROFILE_TEMP%]\ICD3.tmp\UERS_9999_N91S2507NetInstaller.inf [%PROFILE_TEMP%]\ICD37.tmp\UERS_9999_N91S2507NetInstaller.inf [%PROFILE_TEMP%]\ICD4.tmp\UERS_9999_N91S2507NetInstaller.inf [%PROFILE_TEMP%]\ICD40.tmp\UERS_9999_N91S2507NetInstaller.inf [%PROFILE_TEMP%]\ICD45.tmp\UERS_9999_N91S2507NetInstaller.inf [%PROFILE_TEMP%]\ICD7.tmp\UERS_9999_N91S2507NetInstaller.exe [%PROFILE_TEMP%]\ICD7.tmp\UERS_9999_N91S2507NetInstaller.inf [%PROFILE_TEMP%]\ICD9.tmp\UERS_9999_N91S2507NetInstaller.inf [%PROFILE_TEMP%]\NI.UERS_9999_N91S2507\setup.exe [%PROGRAM_FILES%]\Error Safe Free\uerscw.exe [%PROGRAM_FILES%]\ErrorSafe Free\EmtERSF.exe [%PROGRAM_FILES%]\ErrorSafe Free\UERScw.exe [%PROGRAM_FILES%]\ErrorSafe Free\Updater.exe [%PROGRAM_FILES_COMMON%]\ers_startupmon.exe [%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2006\ers_startupmon.exe [%WINDOWS%]\Downloaded Program Files\UERS_9999_N91S2507NetInstaller.exe [%WINDOWS%]\Temp\ErrorSafeScannerSetup.exe [%DESKTOP%]\Error Safe.lnk [%SYSTEM%]\ERROR [%WINDOWS%]\Downloaded Program Files\UPRP_0001_D21M1501NetInstaller.exe [%WINDOWS%]\Downloaded Program Files\UPRP_0001_D21M2103NetInstaller.exe [%WINDOWS%]\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe [%WINDOWS%]\Downloaded Program Files\UWAS7_0001_N99M3108NetInstaller.exe [%DESKTOP%]\errorsafe.lnk [%DESKTOP%]\install errorsafe .lnk [%PROGRAMS%]\errorsafe\contact customer support.lnk [%PROGRAMS%]\errorsafe\errorsafe deinstallieren.lnk [%PROGRAMS%]\errorsafe\errorsafe im netz.lnk [%PROGRAMS%]\errorsafe\errorsafe on the web.lnk [%PROGRAMS%]\errorsafe\errorsafe.lnk [%PROGRAMS%]\errorsafe\kundendienst kontaktieren.lnk [%PROGRAMS%]\errorsafe\uninstall errorsafe.lnk [%APPDATA%]\errorsafenewreleaseinstall[1].exe [%APPDATA%]\errorsafenewreleaseinstall[2].exe [%APPDATA%]\errsafer.exe [%INTERNET_CACHE%]\Content.IE5\B86RQ4HE\ErrorSafeNewReleaseInstall[1].cab [%INTERNET_CACHE%]\Content.IE5\E9MZUDEF\ErrorSafeNewReleaseInstall[1].exe [%INTERNET_CACHE%]\Content.IE5\K1YR4LMR\ErrorSafeNewReleaseInstall[1].exe [%INTERNET_CACHE%]\Content.IE5\QJYRILAJ\ErrorSafeNewReleaseInstall[1].cab [%PROFILE%]\trace.log [%PROFILE_TEMP%]\ErrorSafeScannerSetup.exe [%PROFILE_TEMP%]\ICD1.tmp\UERSY_0001_N68M0602NetInstaller.exe [%PROFILE_TEMP%]\ICD1.tmp\UERS_9999_N91S2507NetInstaller.exe [%PROFILE_TEMP%]\ICD1.tmp\UERS_9999_N91S2507NetInstaller.inf [%PROFILE_TEMP%]\ICD2.tmp\UERSY_0001_N68M0602NetInstaller.exe [%PROFILE_TEMP%]\ICD2.tmp\UERS_9999_N91S2507NetInstaller.exe [%PROFILE_TEMP%]\ICD2.tmp\UERS_9999_N91S2507NetInstaller.inf [%PROFILE_TEMP%]\ICD20.tmp\UERS_9999_N91S2507NetInstaller.inf [%PROFILE_TEMP%]\ICD28.tmp\UERS_9999_N91S2507NetInstaller.inf [%PROFILE_TEMP%]\ICD3.tmp\UERS_9999_N91S2507NetInstaller.exe [%PROFILE_TEMP%]\ICD3.tmp\UERS_9999_N91S2507NetInstaller.inf [%PROFILE_TEMP%]\ICD37.tmp\UERS_9999_N91S2507NetInstaller.inf [%PROFILE_TEMP%]\ICD4.tmp\UERS_9999_N91S2507NetInstaller.inf [%PROFILE_TEMP%]\ICD40.tmp\UERS_9999_N91S2507NetInstaller.inf [%PROFILE_TEMP%]\ICD45.tmp\UERS_9999_N91S2507NetInstaller.inf [%PROFILE_TEMP%]\ICD7.tmp\UERS_9999_N91S2507NetInstaller.exe [%PROFILE_TEMP%]\ICD7.tmp\UERS_9999_N91S2507NetInstaller.inf [%PROFILE_TEMP%]\ICD9.tmp\UERS_9999_N91S2507NetInstaller.inf [%PROFILE_TEMP%]\NI.UERS_9999_N91S2507\setup.exe [%PROGRAM_FILES%]\Error Safe Free\uerscw.exe [%PROGRAM_FILES%]\ErrorSafe Free\EmtERSF.exe [%PROGRAM_FILES%]\ErrorSafe Free\UERScw.exe [%PROGRAM_FILES%]\ErrorSafe Free\Updater.exe [%PROGRAM_FILES_COMMON%]\ers_startupmon.exe [%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2006\ers_startupmon.exe [%WINDOWS%]\Downloaded Program Files\UERS_9999_N91S2507NetInstaller.exe [%WINDOWS%]\Temp\ErrorSafeScannerSetup.exe [%DESKTOP%]\Error Safe.lnk [%SYSTEM%]\ERROR [%WINDOWS%]\Downloaded Program Files\UPRP_0001_D21M1501NetInstaller.exe [%WINDOWS%]\Downloaded Program Files\UPRP_0001_D21M2103NetInstaller.exe [%WINDOWS%]\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe [%WINDOWS%]\Downloaded Program Files\UWAS7_0001_N99M3108NetInstaller.exe [%DESKTOP%]\errorsafe.lnk [%DESKTOP%]\install errorsafe .lnk [%PROGRAMS%]\errorsafe\contact customer support.lnk [%PROGRAMS%]\errorsafe\errorsafe deinstallieren.lnk [%PROGRAMS%]\errorsafe\errorsafe im netz.lnk [%PROGRAMS%]\errorsafe\errorsafe on the web.lnk [%PROGRAMS%]\errorsafe\errorsafe.lnk [%PROGRAMS%]\errorsafe\kundendienst kontaktieren.lnk [%PROGRAMS%]\errorsafe\uninstall errorsafe.lnk

Folders: [%COMMON_PROGRAMS%]\Error Safe Unregistered Version [%PROGRAM_FILES%]\errorsafe [%PROGRAM_FILES%]\ErrorSafe Free [%APPDATA%]\Error Safe [%APPDATA%]\Error Safe Free [%APPDATA%]\ErrorSafe [%COMMON_PROGRAMS%]\Error Safe [%PROFILE_TEMP%]\NI.UERS [%PROFILE_TEMP%]\NI.UERSD_0001_N91M2407 [%PROFILE_TEMP%]\NI.UERSF_0001_N91M2607 [%PROFILE_TEMP%]\NI.UERSG_0001_N91M2908 [%PROFILE_TEMP%]\NI.UERSH_9999_N91S1212 [%PROFILE_TEMP%]\NI.UERSI_0001_LP [%PROFILE_TEMP%]\NI.UERSJ_0001_N86M0707 [%PROFILE_TEMP%]\NI.UERSL_0001_N91M2407 [%PROFILE_TEMP%]\NI.UERSL_9999_N91S2209 [%PROFILE_TEMP%]\NI.UERSM_0001_N68M1602 [%PROFILE_TEMP%]\NI.UERSM_9999_N91S2009 [%PROFILE_TEMP%]\NI.UERSR_0001_N91M2407 [%PROFILE_TEMP%]\NI.UERSV_0001_N91S2108 [%PROFILE_TEMP%]\NI.UERSV_9999_N91S1912 [%PROFILE_TEMP%]\NI.UERSW_0001_N93M2102 [%PROFILE_TEMP%]\NI.UERS_0001_N68M1801 [%PROFILE_TEMP%]\NI.UERS_0001_N91M1807 [%PROFILE_TEMP%]\NI.UERS_0001_N91M2007 [%PROFILE_TEMP%]\NI.UERS_0001_NI57M1124 [%PROFILE_TEMP%]\NI.UERS_9999_N91S1502 [%PROFILE_TEMP%]\NI.UERS_9999_N91S2507 [%PROFILE_TEMP%]\NI.UERS_9999_N94S0501 [%PROGRAM_FILES%]\Error Safe [%PROGRAM_FILES%]\Error Safe Free [%PROGRAM_FILES_COMMON%]\Error Safe [%PROGRAM_FILES_COMMON%]\ErrorSafe [%PROGRAM_FILES_COMMON%]\ErrorSafe Free [%DESKTOP%]\Error Safe.lnk

Registry Keys: HKEY_CLASSES_ROOT\clsid\{5284ac2a-ef00-4750-9b82-b5b907d26536} HKEY_CLASSES_ROOT\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d} HKEY_CLASSES_ROOT\esspchck.esspchck HKEY_CLASSES_ROOT\esspchck.esspchck.1 HKEY_CLASSES_ROOT\esspcheck.esspcheck HKEY_CLASSES_ROOT\esspcheck.esspcheck.1 HKEY_CLASSES_ROOT\interface\{94dbdb63-5f05-4c51-8b14-de0ca12ef4ca} HKEY_CLASSES_ROOT\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f} HKEY_CLASSES_ROOT\typelib\{68bc55e9-4d3e-4c89-89ac-7559763c98b8} HKEY_CLASSES_ROOT\TypeLib\{F585CB1F-F17D-4007-A573-B663197EF500} HKEY_CURRENT_USER\software\error safe free HKEY_CURRENT_USER\software\errorsafe HKEY_LOCAL_MACHINE\software\error safe free HKEY_LOCAL_MACHINE\software\errorsafe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ers_is1 HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_erssdd HKEY_CLASSES_ROOT\CLSID\{06170642-FA65-4FB6-AC79-5F235CB99BC2} HKEY_CLASSES_ROOT\CLSID\{1640DE0E-75E4-4a83-B5D1-2492BC7EBA8F} HKEY_CLASSES_ROOT\CLSID\{6EF91405-4FCB-4633-BAB3-FA5B3DC40C3B} HKEY_CLASSES_ROOT\CLSID\{703BDF83-2C12-4d20-8BB0-106DDAB01B59} HKEY_CLASSES_ROOT\CLSID\{9E87077C-380C-407d-8DAB-EEDAD95C0A5D} HKEY_CLASSES_ROOT\CLSID\{B0F4BC0F-EAEA-43B5-8CE6-DAD3CC9B29A2} HKEY_CLASSES_ROOT\CLSID\{C5531D07-22C2-418B-85B9-D829AF1498B0} HKEY_CLASSES_ROOT\CLSID\{CCAABCDD-7C16-4215-B12E-150BFB994CF0} HKEY_CLASSES_ROOT\CLSID\{E0767047-9D25-4a3a-B905-852CDA087E86} HKEY_CLASSES_ROOT\CLSID\{E7296F98-6668-419c-AE1D-04ED641E7C3E} HKEY_CLASSES_ROOT\clsid\{f63e3b76-f82f-46eb-851c-8c0a221686bb} HKEY_CLASSES_ROOT\flfxr15.flfixer15 HKEY_CLASSES_ROOT\FWraper.FFEnginWraper HKEY_CLASSES_ROOT\FWraper.FFEnginWraper.1 HKEY_CLASSES_ROOT\FxCore.MMFixCore HKEY_CLASSES_ROOT\FxCore.MMFixCore.1 HKEY_CLASSES_ROOT\Interface\{06170642-FA65-4FB6-AC79-5F235CB99BC2} HKEY_CLASSES_ROOT\Interface\{06F1503A-4EC3-4F9A-B5FC-366616C9F700} HKEY_CLASSES_ROOT\Interface\{489B338E-E4AB-489A-91D4-69970A541CF9} HKEY_CLASSES_ROOT\Interface\{5EED48AA-F20F-4085-B8F8-57724B7C5B08} HKEY_CLASSES_ROOT\Interface\{610D5C4B-D550-4DC2-AAFA-45C1A8E670CA} HKEY_CLASSES_ROOT\Interface\{66F7F931-5A11-44AA-B991-E9A9662D4841} HKEY_CLASSES_ROOT\Interface\{6EF91405-4FCB-4633-BAB3-FA5B3DC40C3B} HKEY_CLASSES_ROOT\interface\{7f4e63c9-f30c-4424-9baf-b6896f5f56c4} HKEY_CLASSES_ROOT\Interface\{9607A902-A6A2-43FF-BB1F-01509DEB7110} HKEY_CLASSES_ROOT\Interface\{AE4026CC-B7BA-48E8-8FB3-2C35099670A1} HKEY_CLASSES_ROOT\Interface\{B0F4BC0F-EAEA-43B5-8CE6-DAD3CC9B29A2} HKEY_CLASSES_ROOT\Interface\{C5531D07-22C2-418B-85B9-D829AF1498B0} HKEY_CLASSES_ROOT\Interface\{C7EFDCDE-A181-41D0-A551-16F73B398040} HKEY_CLASSES_ROOT\interface\{f5ac8b35-5b15-4e8f-8046-43858973b495} HKEY_CLASSES_ROOT\MMFxCtrl.CoFixEngine HKEY_CLASSES_ROOT\MMFxCtrl.CoFixEngine.1 HKEY_CLASSES_ROOT\P.EChecker.111 HKEY_CLASSES_ROOT\TypeLib\{25F43076-32B8-4828-A88C-8288EEE53396} HKEY_CLASSES_ROOT\TypeLib\{3EB15ED2-15A6-4E1A-B84A-ACFAE64583E1} HKEY_CLASSES_ROOT\TypeLib\{7300F6AF-78E6-4167-845A-6089879F1DB0} HKEY_CLASSES_ROOT\TypeLib\{7FA4EC26-6A28-4474-857D-BB05B001C84A} HKEY_CLASSES_ROOT\TypeLib\{96D58666-8F00-4A9D-9389-C17AAA2407C9} HKEY_CLASSES_ROOT\TypeLib\{E79D5E54-81C9-41AE-9D7B-03F1E5A7733D} HKEY_CURRENT_USER\SOFTWARE\Error Safe HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06170642-FA65-4FB6-AC79-5F235CB99BC2} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1640DE0E-75E4-4a83-B5D1-2492BC7EBA8F} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{647B8364-79E0-48e2-A4CA-233ABADA0C2D} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EF91405-4FCB-4633-BAB3-FA5B3DC40C3B} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{703BDF83-2C12-4d20-8BB0-106DDAB01B59} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E87077C-380C-407d-8DAB-EEDAD95C0A5D} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0F4BC0F-EAEA-43B5-8CE6-DAD3CC9B29A2} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5531D07-22C2-418B-85B9-D829AF1498B0} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCAABCDD-7C16-4215-B12E-150BFB994CF0} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0767047-9D25-4a3a-B905-852CDA087E86} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7296F98-6668-419c-AE1D-04ED641E7C3E} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F63E3B76-F82F-46EB-851C-8C0A221686BB} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FlFxr15.FlFixer15 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FWraper.FFEnginWraper HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FxCore.MMFixCore HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06F1503A-4EC3-4F9A-B5FC-366616C9F700} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{610D5C4B-D550-4DC2-AAFA-45C1A8E670CA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66F7F931-5A11-44AA-B991-E9A9662D4841} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6EF91405-4FCB-4633-BAB3-FA5B3DC40C3B} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7F4E63C9-F30C-4424-9BAF-B6896F5F56C4} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9607A902-A6A2-43FF-BB1F-01509DEB7110} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C5531D07-22C2-418B-85B9-D829AF1498B0} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F5AC8B35-5B15-4E8F-8046-43858973B495} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MMFxCtrl.CoFixEngine HKEY_LOCAL_MACHINE\SOFTWARE\Classes\P.EChecker.111 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{25F43076-32B8-4828-A88C-8288EEE53396} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3EB15ED2-15A6-4E1A-B84A-ACFAE64583E1} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7300F6AF-78E6-4167-845A-6089879F1DB0} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F585CB1F-F17D-4007-A573-B663197EF500} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UERS_is1 HKEY_CLASSES_ROOT\clsid\{0ba379c6-0efd-4a28-932c-d20469052fd9} HKEY_CLASSES_ROOT\clsid\{0bc09fc7-473d-4f9c-b49b-f4e3e244b47a} HKEY_CLASSES_ROOT\clsid\{196c80cb-20a7-4cf9-9c98-9322fb1e35fb} HKEY_CLASSES_ROOT\clsid\{356af2e9-8874-4c60-a3d8-0cb516c9e747} HKEY_CLASSES_ROOT\clsid\{5e19dee2-8d2f-4a9c-a66d-76bbeedd15cb} HKEY_CLASSES_ROOT\clsid\{77ca442a-0c72-492b-804a-82611e558142} HKEY_CLASSES_ROOT\clsid\{7e73c9db-69fb-4580-8e8e-194b34a2306c} HKEY_CLASSES_ROOT\clsid\{965a8d33-ae18-4c17-8011-fe42d81e0758} HKEY_CLASSES_ROOT\clsid\{c033567c-68fe-419b-bcc4-135db7faf8eb} HKEY_CLASSES_ROOT\clsid\{c85a4afd-ff76-4661-b76a-3e9bb2ce2dab} HKEY_CLASSES_ROOT\clsid\{e73e3959-fb15-44d7-acb9-3a75377006fc} HKEY_CLASSES_ROOT\escompcleancore.esappcleaner HKEY_CLASSES_ROOT\escompcleancore.esappcleaner.1 HKEY_CLASSES_ROOT\escompcleancore.esccquickscan HKEY_CLASSES_ROOT\escompcleancore.esccquickscan.1 HKEY_CLASSES_ROOT\escompcleancore.esfilecleaner HKEY_CLASSES_ROOT\escompcleancore.esfilecleaner.1 HKEY_CLASSES_ROOT\escompcleancore.esinetcleaner HKEY_CLASSES_ROOT\escompcleancore.esinetcleaner.1 HKEY_CLASSES_ROOT\escompcleancore.esregcleaner HKEY_CLASSES_ROOT\escompcleancore.esregcleaner.1 HKEY_CLASSES_ROOT\escompcleancore.essystemcleaner HKEY_CLASSES_ROOT\escompcleancore.essystemcleaner.1 HKEY_CLASSES_ROOT\esdf_fixer.esfixer HKEY_CLASSES_ROOT\esdf_fixer.esfixer.1 HKEY_CLASSES_ROOT\esdf_proxy.esdrivermanipulate HKEY_CLASSES_ROOT\esdf_proxy.esdrivermanipulate.1 HKEY_CLASSES_ROOT\esffwraper.esffenginwraper HKEY_CLASSES_ROOT\esffwraper.esffenginwraper.1 HKEY_CLASSES_ROOT\esfixcore.esmmfixcore HKEY_CLASSES_ROOT\esfixcore.esmmfixcore.1 HKEY_CLASSES_ROOT\esmmfixctrl.escofixengine HKEY_CLASSES_ROOT\esmmfixctrl.escofixengine.1 HKEY_CLASSES_ROOT\flfxr5.flfixer5 HKEY_CLASSES_ROOT\typelib\{04392304-5221-4022-9300-be4128fb25b2} HKEY_CLASSES_ROOT\typelib\{49f9ffb5-514d-4b69-b31d-2ae5a7d30ae6} HKEY_CLASSES_ROOT\typelib\{692ca430-32c8-470d-ba1f-7e15e21e7043} HKEY_CLASSES_ROOT\typelib\{6bd7e052-306e-497a-ad23-601bc6bfc305} HKEY_CLASSES_ROOT\typelib\{77dc6558-60e0-4644-a3df-b31f29d113bd} HKEY_CLASSES_ROOT\typelib\{9dd86cf2-8ac0-4fe0-b55a-601a302b5fd8} HKEY_CLASSES_ROOT\typelib\{a73973ab-95a6-4abe-a046-de3bab2be448} HKEY_CLASSES_ROOT\typelib\{f585cb1f-f17d-4007-a573-b663197ef500} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ersu_is1 HKEY_LOCAL_MACHINE\system\currentcontrolset\services\erssdd

Registry Values: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\uers_is1 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\uers_is1 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\uers_is1 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\uers_is1 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs HKEY_CLASSES_ROOT\clsid\{6ef91405-4fcb-4633-bab3-fa5b3dc40c3b}\inprocserver32 HKEY_CLASSES_ROOT\clsid\{703bdf83-2c12-4d20-8bb0-106ddab01b59}\inprocserver32 HKEY_CLASSES_ROOT\clsid\{beb81c03-24d8-4eef-81dc-475c6389cb1b}\inprocserver32 HKEY_CLASSES_ROOT\clsid\{c5531d07-22c2-418b-85b9-d829af1498b0}\inprocserver32 HKEY_CLASSES_ROOT\clsid\{e0767047-9d25-4a3a-b905-852cda087e86}\inprocserver32 HKEY_CLASSES_ROOT\clsid\{e7296f98-6668-419c-ae1d-04ed641e7c3e}\inprocserver32 HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\uers_is1 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\uers_is1 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\uers_is1 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\uers_is1 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\uers_is1 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\uers_is1 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\uers_is1 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\uers_is1 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\uers_is1 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\uers_is1 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\uers_is1 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\uers_is1 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\uers_is1 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\uers_is1

Removing ErrorSafe:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

CrocoPop Adware

Removing CrocoPop
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\crocopop32.exe
[%WINDOWS%]\crocopop32.exe

How to detect CrocoPop:

Files: [%WINDOWS%]\crocopop32.exe [%WINDOWS%]\crocopop32.exe

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing CrocoPop:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

W32.MSNBancos Trojan

Removing W32.MSNBancos
Categories: Trojan,BHO
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\service.dll
[%WINDOWS%]\service.dll

How to detect W32.MSNBancos:

Files: [%WINDOWS%]\service.dll [%WINDOWS%]\service.dll

Registry Keys: HKEY_CLASSES_ROOT\CLSID\{5574E139-F59C-4bee-9A61-150B0D3A16C7} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5574E139-F59C-4bee-9A61-150B0D3A16C7}

Removing W32.MSNBancos:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Femac Trojan

Removing Femac
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Femac Also known as:


[Kaspersky]trojan-Clicker.Win32.Femac.m;
[Other]Win32/Femac.A,Trojan.StartPage

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\fxiegwfr.exe
[%SYSTEM%]\fxiegwfr.exe

How to detect Femac:

Files: [%SYSTEM%]\fxiegwfr.exe [%SYSTEM%]\fxiegwfr.exe

Removing Femac:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

MyBHOSpy Adware

Removing MyBHOSpy
Categories: Adware,Spyware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

How to detect MyBHOSpy:

Registry Keys: HKEY_CLASSES_ROOT\clsid\{c52cbaec-d969-4635-9f50-426cc15ce463} HKEY_CLASSES_ROOT\interface\{1756f55d-5c4e-4721-8b0e-4b3958281b67} HKEY_CLASSES_ROOT\typelib\{725869c2-85c2-488e-9828-6b9c6ca121d3} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c52cbaec-d969-4635-9f50-426cc15ce463}

Removing MyBHOSpy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

IEMonit BHO

Removing IEMonit
Categories: BHO,Toolbar
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\iemonit.dll
[%WINDOWS%]\system\iemonit.dll
[%SYSTEM%]\iemonit.dll
[%WINDOWS%]\system\iemonit.dll

How to detect IEMonit:

Files: [%SYSTEM%]\iemonit.dll [%WINDOWS%]\system\iemonit.dll [%SYSTEM%]\iemonit.dll [%WINDOWS%]\system\iemonit.dll

Registry Keys: HKEY_CLASSES_ROOT\clsid\{ce7c3cf0-4b15-11d1-abed-709549c10001} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{ce7c3cf0-4b15-11d1-abed-709549c10001} HKEY_LOCAL_MACHINE\software\classes\clsid\{ce7c3cf0-4b15-11d1-abed-709549c10001} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ce7c3cf0-4b15-11d1-abed-709549c10001}

Removing IEMonit:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

SearchCentrix Trojan

Removing SearchCentrix
Categories: Trojan,BHO,Hijacker,Toolbar
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
A Search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

SearchCentrix Also known as:


[Kaspersky]Trojan.Win32.Revop.c,Trojan-Downloader.Win32.Stubby.d;
[Eset]Win32/Revop.C trojan;
[Panda]Spyware/Searchcentrix,Trj/Revop.F;
[Computer Associates]Win32.BettInet.D,Win32.SillyDl.DB,Win32/SillyDL.DB!Trojan

Visible Symptoms:
Files in system folders:

 
[%PROFILE_TEMP%]\satmat.inf
[%SYSTEM%]\ifhelper.dll
[%WINDOWS%]\satmat.exe
[%SYSTEM%]\
[%SYSTEM%]\spoolsvv.exe
[%PROGRAM_FILES%]\ieshnv.ini
[%SYSTEM%]\gssomatic.dll
[%SYSTEM%]\ifsomatic.dll
[%SYSTEM%]\pqhelper.dll
[%SYSTEM%]\s4helper.dll
[%SYSTEM%]\seantb.dll
[%WINDOWS%]\system\barbho.dll
[%WINDOWS%]\system\ifsomatic.dll
[%WINDOWS%]\system\wzhelper.dll
[%PROFILE_TEMP%]\satmat.inf
[%SYSTEM%]\ifhelper.dll
[%WINDOWS%]\satmat.exe
[%SYSTEM%]\
[%SYSTEM%]\spoolsvv.exe
[%PROGRAM_FILES%]\ieshnv.ini
[%SYSTEM%]\gssomatic.dll
[%SYSTEM%]\ifsomatic.dll
[%SYSTEM%]\pqhelper.dll
[%SYSTEM%]\s4helper.dll
[%SYSTEM%]\seantb.dll
[%WINDOWS%]\system\barbho.dll
[%WINDOWS%]\system\ifsomatic.dll
[%WINDOWS%]\system\wzhelper.dll

How to detect SearchCentrix:

Files: [%PROFILE_TEMP%]\satmat.inf [%SYSTEM%]\ifhelper.dll [%WINDOWS%]\satmat.exe [%SYSTEM%]\ [%SYSTEM%]\spoolsvv.exe [%PROGRAM_FILES%]\ieshnv.ini [%SYSTEM%]\gssomatic.dll [%SYSTEM%]\ifsomatic.dll [%SYSTEM%]\pqhelper.dll [%SYSTEM%]\s4helper.dll [%SYSTEM%]\seantb.dll [%WINDOWS%]\system\barbho.dll [%WINDOWS%]\system\ifsomatic.dll [%WINDOWS%]\system\wzhelper.dll [%PROFILE_TEMP%]\satmat.inf [%SYSTEM%]\ifhelper.dll [%WINDOWS%]\satmat.exe [%SYSTEM%]\ [%SYSTEM%]\spoolsvv.exe [%PROGRAM_FILES%]\ieshnv.ini [%SYSTEM%]\gssomatic.dll [%SYSTEM%]\ifsomatic.dll [%SYSTEM%]\pqhelper.dll [%SYSTEM%]\s4helper.dll [%SYSTEM%]\seantb.dll [%WINDOWS%]\system\barbho.dll [%WINDOWS%]\system\ifsomatic.dll [%WINDOWS%]\system\wzhelper.dll

Folders: [%PROGRAM_FILES%]\dynamic toolbar\wzhelper\cache

Registry Keys: HKEY_CLASSES_ROOT\clsid\{3646c2bd-3554-49ca-8125-44deefb881de} HKEY_CLASSES_ROOT\clsid\{3f4d4f88-0198-4921-b630-957f3eb814e0} HKEY_LOCAL_MACHINE\software\classes\clsid\{3646c2bd-3554-49ca-8125-44deefb881de} HKEY_LOCAL_MACHINE\software\classes\clsid\{3f4d4f88-0198-4921-b630-957f3eb814e0} HKEY_CLASSES_ROOT\barbho.class1 HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-96f7-eb6db99aa92e} HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-98f7-eb6db99aa93b} HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-c0fb-ef60b19da02a} HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-c0fb-ef60b19dab2d} HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-c0fb-ef60b19dbc34} HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-c0fb-ef60b19dce2e} HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-d0ea-f16db186fa7d} HKEY_CLASSES_ROOT\clsid\{c258eaa1-f9fe-491e-b8ff-ce9af7a7aff5} HKEY_CLASSES_ROOT\clsid\{c431bf1e-9e71-4bb6-9c4e-8496d158db1f} HKEY_CLASSES_ROOT\clsid\{cd2a865b-6c0f-44f9-baa1-7cdb31e04bc8} HKEY_CLASSES_ROOT\interface\{7bd45240-7166-4768-a845-8ce375c5e096} HKEY_CLASSES_ROOT\interface\{831975b3-13a0-4da4-aa6f-6c427175c30e} HKEY_CLASSES_ROOT\interface\{9f9d3d1f-e697-4a86-90c7-58cecf6a2634} HKEY_CLASSES_ROOT\interface\{c} HKEY_CLASSES_ROOT\mygeek.com HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{4e7bd74f-2b8d-469e-98f7-eb6db99aa93b} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{4e7bd74f-2b8d-469e-c0fb-ef60b19da02a} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{4e7bd74f-2b8d-469e-c0fb-ef60b19dbc34} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{cd2a865b-6c0f-44f9-baa1-7cdb31e04bc8} HKEY_CLASSES_ROOT\typelib\{47d616a1-b588-45d1-ad71-33ac15fb6940} HKEY_CLASSES_ROOT\typelib\{48977f6e-4120-4f88-8c4b-a6399bd0dd08} HKEY_CLASSES_ROOT\typelib\{d1020ad1-3754-4c54-bf4d-ea01652ec4be} HKEY_CURRENT_USER\software\microsoft\internet explorer\explorer bars\{c431bf1e-9e71-4bb6-9c4e-8496d158db1f} HKEY_LOCAL_MACHINE\software\classes\clsid\{4e7bd74f-2b8d-469e-96f7-eb6db99aa92e} HKEY_LOCAL_MACHINE\software\classes\clsid\{4e7bd74f-2b8d-469e-98f7-eb6db99aa93b} HKEY_LOCAL_MACHINE\software\classes\clsid\{4e7bd74f-2b8d-469e-c0fb-ef60b19dab2d} HKEY_LOCAL_MACHINE\software\classes\clsid\{4e7bd74f-2b8d-469e-c0fb-ef60b19dbc34} HKEY_LOCAL_MACHINE\software\classes\clsid\{4e7bd74f-2b8d-469e-c0fb-ef60b19dce2e} HKEY_LOCAL_MACHINE\software\classes\clsid\{4e7bd74f-2b8d-469e-d0ea-f16db186fa7d} HKEY_LOCAL_MACHINE\software\classes\clsid\{c258eaa1-f9fe-491e-b8ff-ce9af7a7aff5} HKEY_LOCAL_MACHINE\software\classes\gssomatic.gssomatic HKEY_LOCAL_MACHINE\software\classes\interface\{831975b3-13a0-4da4-aa6f-6c427175c30e} HKEY_LOCAL_MACHINE\software\classes\pqhelper.pqhelper HKEY_LOCAL_MACHINE\software\classes\s4helper.s4helper HKEY_LOCAL_MACHINE\software\classes\seantb.seantb HKEY_LOCAL_MACHINE\software\classes\somatic.somatic HKEY_LOCAL_MACHINE\software\classes\spoolsvv.class1 HKEY_LOCAL_MACHINE\software\classes\typelib\{d1020ad1-3754-4c54-bf4d-ea01652ec4be} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4e7bd74f-2b8d-469e-98f7-eb6db99aa93b} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4e7bd74f-2b8d-469e-c0fb-ef60b19da02a} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4e7bd74f-2b8d-469e-c0fb-ef60b19dbc34} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{cd2a865b-6c0f-44f9-baa1-7cdb31e04bc8} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\expand search_is1

Registry Values: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\software\dynamic toolbar\gssomatic HKEY_CURRENT_USER\software\dynamic toolbar\pqhelper\reports\38209 HKEY_CURRENT_USER\software\dynamic toolbar\pqhelper\reports\38209 HKEY_CURRENT_USER\software\dynamic toolbar\wzhelper HKEY_CURRENT_USER\software\dynamic toolbar\wzhelper HKEY_CURRENT_USER\software\dynamic toolbar\wzhelper\reports\38209 HKEY_CURRENT_USER\software\dynamic toolbar\wzhelper\reports\38209 HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\streams\145 HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\vb and vba program settings\mygeek\engines HKEY_CURRENT_USER\software\vb and vba program settings\mygeek\engines HKEY_CURRENT_USER\software\vb and vba program settings\mygeek\engines HKEY_CURRENT_USER\software\vb and vba program settings\mygeek\engines HKEY_CURRENT_USER\software\vb and vba program settings\mygeek\engines HKEY_CURRENT_USER\software\vb and vba program settings\mygeek\engines HKEY_CURRENT_USER\software\vb and vba program settings\mygeek\engines HKEY_CURRENT_USER\software\vb and vba program settings\mygeek\engines HKEY_CURRENT_USER\software\vb and vba program settings\mygeek\engines HKEY_CURRENT_USER\software\vb and vba program settings\mygeek\settings HKEY_CURRENT_USER\software\vb and vba program settings\mygeek\settings HKEY_CURRENT_USER\software\vb and vba program settings\mygeek\settings HKEY_CURRENT_USER\software\vb and vba program settings\mygeek\settings HKEY_CURRENT_USER\software\vb and vba program settings\s_girl\thread HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\shnv HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\st6unst #2 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\st6unst #3

Removing SearchCentrix:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Java.ByteVerify Trojan

Removing Java.ByteVerify
Categories: Trojan,Spyware,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Java.ByteVerify Also known as:


[Kaspersky]Trojan.Java.ClassLoader.b,Trojan.Java.ClassLoader.Dummy.c,Trojan.Java.Femad,Trojan.Java.ClassLoader.f,Exploit.Java.Bytverify;
[Eset]Java/ClassLoader.B trojan,Java/Exploit.Bytverify trojan;
[Panda]Exploit/ByteVerify,Trojan Horse;
[Computer Associates]Java.ByteVerify.exploit,Java/ByteVerify.exploit.Trojan,Java/ByteVerify.Trojan,Java.ByteVerify!exploit,Java/Shinwow.F.Blackbox!Trojan,Java/ByteVerify!Trojan,Java/Shinwow!Trojan,Java/Bytverify.Exploit.Trojan,Java/ByteVerify.Exploit.20179.Tr,Java/ByteVerify.Exploit.896.Troj

Visible Symptoms:
Files in system folders:

 
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\17\6c688091-4029c4a1
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\17\6c688091-68368c30
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\18\7a2fc192-44552dfa
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\19\7ff5add3-50d16da7
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-195a7e7d
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-1adc3069
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-28ecaa19
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-37696139
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-3eee4aa8
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-51e9a22b
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-63913601
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-74afa23f
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\2\3df0cc2-46c27611
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\32\41c552e0-62d60dc8
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\32\41c552e0-70a8bce5
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\34\15477462-21ba03a0
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\34\15477462-52cc156c
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\37\3e36ace5-2d1a9cec
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\37\3e36ace5-365c026d
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\37\3e36ace5-6b1ad49a
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\37\3e36ace5-78385e8b
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\37\3e36ace5-79b0af69
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\39\7713e8e7-69b2e52c
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\39\7713e8e7-6c466354
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\39\7713e8e7-6d7b2a6f
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\39\7713e8e7-71e7dc34
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\39\7713e8e7-7d919662
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\43\5b640a6b-74cde975
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\43\5b640a6b-7c2202a4
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\45\2cce776d-15678737
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\45\2cce776d-16ec7062
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\49\66d293b1-2ff3c172
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\49\66d293b1-584e4d90
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\7\430606c7-41f90d3e
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\8\722f6fc8-12358970
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\8\722f6fc8-3126afeb
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Animap.class-7f30df82-16de0484.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Animap.class-7f30df82-2b659f0e.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Animap.class-7f30df82-30998daf.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-6b558204-1ab9ab3a.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-7fe6e43c-7c25578c.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Counter.class-6408bc76-3e1b6a5d.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-124b39f0-25e98dbb.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-124b39f0-3f3b9e71.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-2b0dbb2e-233665f5.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-3006fde7-23e873a0.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-393d648-6984bce2.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-3c78e1fc-6c0ddbe2.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-4ae9b430-469865ce.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-4af8e275-3acf01b4.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-4af8e2d9-42f7e1f8.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-4e92308d-4dbb4fcb.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-51d3f209-5ad93661.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-531c338a-11d74337.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-531c338a-6d556d46.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-5983f703-348c146e.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-5eb858e2-463a66a0.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-63644d4e-1ea38acd.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-6ea11818-6a07f2e6.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-70dda463-11aeb5b2.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-7e4442f4-37a60315.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-109b2d52-579c68e8.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-169aa89-6c3c35a2.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-2102bc25-6646c797.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-221c7c99-701a35a1.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-421ef8d3-2179cb0f.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-421ef8d3-2a3e47ee.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-483b2a59-55d243bb.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-65afd8eb-3a632a1e.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-6ce3c96a-1cc37d3d.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-6f79d8e6-54b23d02.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-308b7938-1ee37f57.class
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\17\6c688091-4029c4a1
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\17\6c688091-68368c30
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\18\7a2fc192-44552dfa
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\19\7ff5add3-50d16da7
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-195a7e7d
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-1adc3069
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-28ecaa19
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-37696139
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-3eee4aa8
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-51e9a22b
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-63913601
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-74afa23f
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\2\3df0cc2-46c27611
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\32\41c552e0-62d60dc8
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\32\41c552e0-70a8bce5
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\34\15477462-21ba03a0
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\34\15477462-52cc156c
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\37\3e36ace5-2d1a9cec
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\37\3e36ace5-365c026d
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\37\3e36ace5-6b1ad49a
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\37\3e36ace5-78385e8b
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\37\3e36ace5-79b0af69
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\39\7713e8e7-69b2e52c
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\39\7713e8e7-6c466354
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\39\7713e8e7-6d7b2a6f
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\39\7713e8e7-71e7dc34
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\39\7713e8e7-7d919662
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\43\5b640a6b-74cde975
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\43\5b640a6b-7c2202a4
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\45\2cce776d-15678737
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\45\2cce776d-16ec7062
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\49\66d293b1-2ff3c172
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\49\66d293b1-584e4d90
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\7\430606c7-41f90d3e
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\8\722f6fc8-12358970
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\8\722f6fc8-3126afeb
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Animap.class-7f30df82-16de0484.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Animap.class-7f30df82-2b659f0e.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Animap.class-7f30df82-30998daf.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-6b558204-1ab9ab3a.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-7fe6e43c-7c25578c.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Counter.class-6408bc76-3e1b6a5d.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-124b39f0-25e98dbb.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-124b39f0-3f3b9e71.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-2b0dbb2e-233665f5.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-3006fde7-23e873a0.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-393d648-6984bce2.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-3c78e1fc-6c0ddbe2.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-4ae9b430-469865ce.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-4af8e275-3acf01b4.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-4af8e2d9-42f7e1f8.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-4e92308d-4dbb4fcb.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-51d3f209-5ad93661.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-531c338a-11d74337.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-531c338a-6d556d46.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-5983f703-348c146e.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-5eb858e2-463a66a0.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-63644d4e-1ea38acd.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-6ea11818-6a07f2e6.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-70dda463-11aeb5b2.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-7e4442f4-37a60315.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-109b2d52-579c68e8.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-169aa89-6c3c35a2.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-2102bc25-6646c797.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-221c7c99-701a35a1.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-421ef8d3-2179cb0f.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-421ef8d3-2a3e47ee.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-483b2a59-55d243bb.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-65afd8eb-3a632a1e.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-6ce3c96a-1cc37d3d.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-6f79d8e6-54b23d02.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-308b7938-1ee37f57.class

How to detect Java.ByteVerify:

Files: [%APPDATA%]\Sun\Java\Deployment\cache\6.0\17\6c688091-4029c4a1 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\17\6c688091-68368c30 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\18\7a2fc192-44552dfa [%APPDATA%]\Sun\Java\Deployment\cache\6.0\19\7ff5add3-50d16da7 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-195a7e7d [%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-1adc3069 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-28ecaa19 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-37696139 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-3eee4aa8 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-51e9a22b [%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-63913601 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-74afa23f [%APPDATA%]\Sun\Java\Deployment\cache\6.0\2\3df0cc2-46c27611 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\32\41c552e0-62d60dc8 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\32\41c552e0-70a8bce5 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\34\15477462-21ba03a0 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\34\15477462-52cc156c [%APPDATA%]\Sun\Java\Deployment\cache\6.0\37\3e36ace5-2d1a9cec [%APPDATA%]\Sun\Java\Deployment\cache\6.0\37\3e36ace5-365c026d [%APPDATA%]\Sun\Java\Deployment\cache\6.0\37\3e36ace5-6b1ad49a [%APPDATA%]\Sun\Java\Deployment\cache\6.0\37\3e36ace5-78385e8b [%APPDATA%]\Sun\Java\Deployment\cache\6.0\37\3e36ace5-79b0af69 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\39\7713e8e7-69b2e52c [%APPDATA%]\Sun\Java\Deployment\cache\6.0\39\7713e8e7-6c466354 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\39\7713e8e7-6d7b2a6f [%APPDATA%]\Sun\Java\Deployment\cache\6.0\39\7713e8e7-71e7dc34 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\39\7713e8e7-7d919662 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\43\5b640a6b-74cde975 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\43\5b640a6b-7c2202a4 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\45\2cce776d-15678737 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\45\2cce776d-16ec7062 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\49\66d293b1-2ff3c172 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\49\66d293b1-584e4d90 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\7\430606c7-41f90d3e [%APPDATA%]\Sun\Java\Deployment\cache\6.0\8\722f6fc8-12358970 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\8\722f6fc8-3126afeb [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Animap.class-7f30df82-16de0484.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Animap.class-7f30df82-2b659f0e.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Animap.class-7f30df82-30998daf.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-6b558204-1ab9ab3a.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-7fe6e43c-7c25578c.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Counter.class-6408bc76-3e1b6a5d.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-124b39f0-25e98dbb.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-124b39f0-3f3b9e71.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-2b0dbb2e-233665f5.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-3006fde7-23e873a0.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-393d648-6984bce2.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-3c78e1fc-6c0ddbe2.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-4ae9b430-469865ce.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-4af8e275-3acf01b4.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-4af8e2d9-42f7e1f8.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-4e92308d-4dbb4fcb.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-51d3f209-5ad93661.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-531c338a-11d74337.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-531c338a-6d556d46.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-5983f703-348c146e.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-5eb858e2-463a66a0.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-63644d4e-1ea38acd.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-6ea11818-6a07f2e6.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-70dda463-11aeb5b2.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-7e4442f4-37a60315.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-109b2d52-579c68e8.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-169aa89-6c3c35a2.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-2102bc25-6646c797.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-221c7c99-701a35a1.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-421ef8d3-2179cb0f.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-421ef8d3-2a3e47ee.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-483b2a59-55d243bb.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-65afd8eb-3a632a1e.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-6ce3c96a-1cc37d3d.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-6f79d8e6-54b23d02.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-308b7938-1ee37f57.class [%APPDATA%]\Sun\Java\Deployment\cache\6.0\17\6c688091-4029c4a1 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\17\6c688091-68368c30 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\18\7a2fc192-44552dfa [%APPDATA%]\Sun\Java\Deployment\cache\6.0\19\7ff5add3-50d16da7 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-195a7e7d [%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-1adc3069 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-28ecaa19 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-37696139 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-3eee4aa8 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-51e9a22b [%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-63913601 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\21\5ac853d5-74afa23f [%APPDATA%]\Sun\Java\Deployment\cache\6.0\2\3df0cc2-46c27611 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\32\41c552e0-62d60dc8 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\32\41c552e0-70a8bce5 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\34\15477462-21ba03a0 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\34\15477462-52cc156c [%APPDATA%]\Sun\Java\Deployment\cache\6.0\37\3e36ace5-2d1a9cec [%APPDATA%]\Sun\Java\Deployment\cache\6.0\37\3e36ace5-365c026d [%APPDATA%]\Sun\Java\Deployment\cache\6.0\37\3e36ace5-6b1ad49a [%APPDATA%]\Sun\Java\Deployment\cache\6.0\37\3e36ace5-78385e8b [%APPDATA%]\Sun\Java\Deployment\cache\6.0\37\3e36ace5-79b0af69 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\39\7713e8e7-69b2e52c [%APPDATA%]\Sun\Java\Deployment\cache\6.0\39\7713e8e7-6c466354 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\39\7713e8e7-6d7b2a6f [%APPDATA%]\Sun\Java\Deployment\cache\6.0\39\7713e8e7-71e7dc34 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\39\7713e8e7-7d919662 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\43\5b640a6b-74cde975 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\43\5b640a6b-7c2202a4 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\45\2cce776d-15678737 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\45\2cce776d-16ec7062 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\49\66d293b1-2ff3c172 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\49\66d293b1-584e4d90 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\7\430606c7-41f90d3e [%APPDATA%]\Sun\Java\Deployment\cache\6.0\8\722f6fc8-12358970 [%APPDATA%]\Sun\Java\Deployment\cache\6.0\8\722f6fc8-3126afeb [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Animap.class-7f30df82-16de0484.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Animap.class-7f30df82-2b659f0e.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Animap.class-7f30df82-30998daf.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-6b558204-1ab9ab3a.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-7fe6e43c-7c25578c.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Counter.class-6408bc76-3e1b6a5d.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-124b39f0-25e98dbb.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-124b39f0-3f3b9e71.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-2b0dbb2e-233665f5.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-3006fde7-23e873a0.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-393d648-6984bce2.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-3c78e1fc-6c0ddbe2.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-4ae9b430-469865ce.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-4af8e275-3acf01b4.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-4af8e2d9-42f7e1f8.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-4e92308d-4dbb4fcb.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-51d3f209-5ad93661.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-531c338a-11d74337.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-531c338a-6d556d46.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-5983f703-348c146e.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-5eb858e2-463a66a0.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-63644d4e-1ea38acd.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-6ea11818-6a07f2e6.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-70dda463-11aeb5b2.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-7e4442f4-37a60315.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-109b2d52-579c68e8.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-169aa89-6c3c35a2.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-2102bc25-6646c797.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-221c7c99-701a35a1.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-421ef8d3-2179cb0f.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-421ef8d3-2a3e47ee.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-483b2a59-55d243bb.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-65afd8eb-3a632a1e.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-6ce3c96a-1cc37d3d.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-6f79d8e6-54b23d02.class [%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-308b7938-1ee37f57.class

Removing Java.ByteVerify:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

NOSecure Backdoor

Removing NOSecure
Categories: Backdoor,RAT
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

NOSecure Also known as:


[Kaspersky]Backdoor.VB.ap,Backdoor.VB.dg,Backdoor.VB.dh;
[McAfee]BackDoor-AEX,BackDoor-AOA.gen,BackDoor-AOA;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/VB,Backdoor Program;
[Computer Associates]Win32.NoSec.12,Win32/NoSec.12!Trojan

Visible Symptoms:
Files in system folders:

 
[%PROFILE_TEMP%]\DrTemp\MMaker4b.exe
[%PROFILE_TEMP%]\THI1523.tmp\MMaker4b.exe
[%PROFILE_TEMP%]\THI1FD8.tmp\MMaker4b.exe
[%PROFILE_TEMP%]\THI7277.tmp\MMaker4b.exe
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\Applications\cmpck.dls
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\ebates_README2.txt
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\a.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\bf.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\bq.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\bs.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\dc.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\du.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\i.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\j.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\k.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\p.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\q.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\s.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\t.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\u.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\v.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\w.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\x.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\y.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Html\ebates_autorediroffer0.htm
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Html\ebates_disable0.htm
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Html\ebates_memoffer0.htm
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Html\ebates_nonmemoffer0.htm
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Html\ebates_preferences0.htm
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Html\topmoxie_conflicts2.htm
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Html\topmoxie_proxy.htm
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\System\browsers.dls
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\System\system.dls
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Temp\ebates_script0_wo.htm
[%PROFILE_TEMP%]\DrTemp\MMaker4b.exe
[%PROFILE_TEMP%]\THI1523.tmp\MMaker4b.exe
[%PROFILE_TEMP%]\THI1FD8.tmp\MMaker4b.exe
[%PROFILE_TEMP%]\THI7277.tmp\MMaker4b.exe
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\Applications\cmpck.dls
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\ebates_README2.txt
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\a.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\bf.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\bq.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\bs.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\dc.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\du.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\i.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\j.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\k.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\p.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\q.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\s.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\t.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\u.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\v.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\w.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\x.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\y.class
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Html\ebates_autorediroffer0.htm
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Html\ebates_disable0.htm
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Html\ebates_memoffer0.htm
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Html\ebates_nonmemoffer0.htm
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Html\ebates_preferences0.htm
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Html\topmoxie_conflicts2.htm
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Html\topmoxie_proxy.htm
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\System\browsers.dls
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\System\system.dls
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm
[%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Temp\ebates_script0_wo.htm

How to detect NOSecure:

Files: [%PROFILE_TEMP%]\DrTemp\MMaker4b.exe [%PROFILE_TEMP%]\THI1523.tmp\MMaker4b.exe [%PROFILE_TEMP%]\THI1FD8.tmp\MMaker4b.exe [%PROFILE_TEMP%]\THI7277.tmp\MMaker4b.exe [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\Applications\cmpck.dls [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\ebates_README2.txt [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\a.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\bf.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\bq.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\bs.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\dc.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\du.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\i.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\j.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\k.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\p.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\q.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\s.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\t.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\u.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\v.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\w.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\x.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\y.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Html\ebates_autorediroffer0.htm [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Html\ebates_disable0.htm [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Html\ebates_memoffer0.htm [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Html\ebates_nonmemoffer0.htm [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Html\ebates_preferences0.htm [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Html\topmoxie_conflicts2.htm [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Html\topmoxie_proxy.htm [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\System\browsers.dls [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\System\system.dls [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Temp\ebates_script0_wo.htm [%PROFILE_TEMP%]\DrTemp\MMaker4b.exe [%PROFILE_TEMP%]\THI1523.tmp\MMaker4b.exe [%PROFILE_TEMP%]\THI1FD8.tmp\MMaker4b.exe [%PROFILE_TEMP%]\THI7277.tmp\MMaker4b.exe [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\Applications\cmpck.dls [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\ebates_README2.txt [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\a.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\bf.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\bq.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\bs.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\dc.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\du.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\i.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\j.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\k.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\p.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\q.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\s.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\t.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\u.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\v.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\w.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\x.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Code\y.class [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Html\ebates_autorediroffer0.htm [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Html\ebates_disable0.htm [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Html\ebates_memoffer0.htm [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Html\ebates_nonmemoffer0.htm [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Html\ebates_preferences0.htm [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Html\topmoxie_conflicts2.htm [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Html\topmoxie_proxy.htm [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\System\browsers.dls [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\System\system.dls [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm [%PROGRAM_FILES%]\EbatesMoeMoneyMaker\System\Temp\ebates_script0_wo.htm

Folders: [%PROGRAM_FILES%]\ebatesmoemoneymaker [%PROGRAM_FILES%]\websearch

Registry Keys: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{6685509E-B47B-4f47-8E16-9A5F3A62F683} HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{6685509e-b47b-4f47-8e16-9a5f3a62f683}

Removing NOSecure:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Blog Archive

About Me

Saturday, November 8, 2008

How to detect Bancos.IKW:

Removing Bancos.IKW:

How to detect SupremeSpy:

Removing SupremeSpy:

How to detect Zlob.Fam.Gold Codec:

Removing Zlob.Fam.Gold Codec:

How to detect IRCBun:

Removing IRCBun:

How to detect Spy.Agent.cf:

Removing Spy.Agent.cf:

How to detect TargetSoft.winhost32:

Removing TargetSoft.winhost32:

How to detect ScreenNameHackerV1:

Removing ScreenNameHackerV1:

How to detect ezPorn:

Removing ezPorn:

How to detect Ping.Door:

Removing Ping.Door:

How to detect DSSAgent:

Removing DSSAgent:

How to detect DeluxeCommunications:

Removing DeluxeCommunications:

How to detect ErrorSafe:

Removing ErrorSafe:

How to detect CrocoPop:

Removing CrocoPop:

How to detect W32.MSNBancos:

Removing W32.MSNBancos:

How to detect Femac:

Removing Femac:

How to detect MyBHOSpy:

Removing MyBHOSpy:

How to detect IEMonit:

Removing IEMonit:

How to detect SearchCentrix:

Removing SearchCentrix:

How to detect Java.ByteVerify:

Removing Java.ByteVerify:

How to detect NOSecure:

Removing NOSecure: