Malware Info: 11/09/08

Sunday, November 9, 2008

CWS.Ctfmon32 Hijacker

Removing CWS.Ctfmon32
Categories: Hijacker
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\ctfmon32.exe
[%WINDOWS%]\system\ctfmon32.exe
[%SYSTEM%]\ctfmon32.exe
[%WINDOWS%]\system\ctfmon32.exe

How to detect CWS.Ctfmon32:

Files: [%SYSTEM%]\ctfmon32.exe [%WINDOWS%]\system\ctfmon32.exe [%SYSTEM%]\ctfmon32.exe [%WINDOWS%]\system\ctfmon32.exe

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing CWS.Ctfmon32:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

InLook.Express Spyware

Removing InLook.Express
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

How to detect InLook.Express:

Registry Keys: HKEY_LOCAL_MACHINE\software\sds

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing InLook.Express:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Satcah Trojan

Removing Satcah
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Satcah Also known as:


[Kaspersky]Trojan-PSW.Win32.OnLineGames.egn;
[Other]Win32/Satcah.A,Infostealer.Gampass,Trojan:Win32/AgentBypass.gen!G,Win32/Satcah.B,TSPY_ONLINEG.INT

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\qdshm.dll
[%SYSTEM%]\qdshm.dll

How to detect Satcah:

Files: [%SYSTEM%]\qdshm.dll [%SYSTEM%]\qdshm.dll

Removing Satcah:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Win32.Agent.dp Rootkit

Removing Win32.Agent.dp
Categories: Rootkit
The hacker installs the rootkit after obtaining user-level access: typically this is done
by cracking a password or by exploiting a vulnerability.
This is then used to gather other user IDs until the hacker gains root, or administrator,
access to the system.

Visible Symptoms:
Files in system folders:

 
[%PROFILE_TEMP%]\cel90xbe.sys
[%PROGRAM_FILES%]\superutilbar\superutilbar.dll
[%WINDOWS%]\Temp\cel90xbe.sys
[%PROFILE_TEMP%]\cel90xbe.sys
[%PROGRAM_FILES%]\superutilbar\superutilbar.dll
[%WINDOWS%]\Temp\cel90xbe.sys

How to detect Win32.Agent.dp:

Files: [%PROFILE_TEMP%]\cel90xbe.sys [%PROGRAM_FILES%]\superutilbar\superutilbar.dll [%WINDOWS%]\Temp\cel90xbe.sys [%PROFILE_TEMP%]\cel90xbe.sys [%PROGRAM_FILES%]\superutilbar\superutilbar.dll [%WINDOWS%]\Temp\cel90xbe.sys

Folders: [%PROGRAM_FILES%]\superutilbar

Removing Win32.Agent.dp:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Netmail Trojan

Removing Netmail
Categories: Trojan,RAT,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.

Netmail Also known as:


[Panda]Trj/Netmail.A;
[Computer Associates]Win32/Netmail.20!PWS!Trojan

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\system\nm.exe
[%WINDOWS%]\system\nm.exe

How to detect Netmail:

Files: [%WINDOWS%]\system\nm.exe [%WINDOWS%]\system\nm.exe

Removing Netmail:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

SubSearch.v22 BHO

Removing SubSearch.v22
Categories: BHO,Hijacker
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search.

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\msvcn.dll
[%SYSTEM%]\sbsrch_v22.dll
[%WINDOWS%]\system\msvcn.dll
[%WINDOWS%]\system\sbsrch_v22.dll
[%SYSTEM%]\msvcn.dll
[%SYSTEM%]\sbsrch_v22.dll
[%WINDOWS%]\system\msvcn.dll
[%WINDOWS%]\system\sbsrch_v22.dll

How to detect SubSearch.v22:

Files: [%SYSTEM%]\msvcn.dll [%SYSTEM%]\sbsrch_v22.dll [%WINDOWS%]\system\msvcn.dll [%WINDOWS%]\system\sbsrch_v22.dll [%SYSTEM%]\msvcn.dll [%SYSTEM%]\sbsrch_v22.dll [%WINDOWS%]\system\msvcn.dll [%WINDOWS%]\system\sbsrch_v22.dll

Registry Keys: HKEY_CLASSES_ROOT\clsid\{1d870c86-aa3c-4451-81e4-71d480a1a652} HKEY_CLASSES_ROOT\clsid\{31995c64-cb4d-483e-82c2-ccffe2f66cab} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{1d870c86-aa3c-4451-81e4-71d480a1a652} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{31995c64-cb4d-483e-82c2-ccffe2f66cab} HKEY_LOCAL_MACHINE\software\classes\clsid\{1d870c86-aa3c-4451-81e4-71d480a1a652} HKEY_LOCAL_MACHINE\software\classes\clsid\{31995c64-cb4d-483e-82c2-ccffe2f66cab} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1d870c86-aa3c-4451-81e4-71d480a1a652} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{31995c64-cb4d-483e-82c2-ccffe2f66cab}

Removing SubSearch.v22:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

SoftEther RAT

Removing SoftEther
Categories: RAT
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\drivers\softlan.sys
[%SYSTEM%]\drivers\softlan.sys

How to detect SoftEther:

Files: [%SYSTEM%]\drivers\softlan.sys [%SYSTEM%]\drivers\softlan.sys

Folders: [%PROGRAMS%]\softether [%PROGRAM_FILES%]\softether

Registry Keys: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\softether.exe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\softhub.exe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\softmgr.exe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\softsetup.exe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\softtel.exe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\softver.exe

Registry Values: HKEY_LOCAL_MACHINE\software\classes\installer\features\fac625fff96d4cb4bae61aab2ef698cd HKEY_LOCAL_MACHINE\software\classes\installer\features\fac625fff96d4cb4bae61aab2ef698cd HKEY_LOCAL_MACHINE\software\classes\installer\products\fac625fff96d4cb4bae61aab2ef698cd HKEY_LOCAL_MACHINE\software\classes\installer\products\fac625fff96d4cb4bae61aab2ef698cd HKEY_LOCAL_MACHINE\software\classes\installer\products\fac625fff96d4cb4bae61aab2ef698cd HKEY_LOCAL_MACHINE\software\classes\installer\products\fac625fff96d4cb4bae61aab2ef698cd HKEY_LOCAL_MACHINE\software\classes\installer\products\fac625fff96d4cb4bae61aab2ef698cd HKEY_LOCAL_MACHINE\software\classes\installer\products\fac625fff96d4cb4bae61aab2ef698cd HKEY_LOCAL_MACHINE\software\classes\installer\products\fac625fff96d4cb4bae61aab2ef698cd HKEY_LOCAL_MACHINE\software\classes\installer\products\fac625fff96d4cb4bae61aab2ef698cd HKEY_LOCAL_MACHINE\software\classes\installer\products\fac625fff96d4cb4bae61aab2ef698cd HKEY_LOCAL_MACHINE\software\classes\installer\products\fac625fff96d4cb4bae61aab2ef698cd\sourcelist HKEY_LOCAL_MACHINE\software\classes\installer\products\fac625fff96d4cb4bae61aab2ef698cd\sourcelist HKEY_LOCAL_MACHINE\software\classes\installer\products\fac625fff96d4cb4bae61aab2ef698cd\sourcelist\media HKEY_LOCAL_MACHINE\software\classes\installer\products\fac625fff96d4cb4bae61aab2ef698cd\sourcelist\media HKEY_LOCAL_MACHINE\software\classes\installer\products\fac625fff96d4cb4bae61aab2ef698cd\sourcelist\media HKEY_LOCAL_MACHINE\software\classes\installer\products\fac625fff96d4cb4bae61aab2ef698cd\sourcelist\net HKEY_LOCAL_MACHINE\software\classes\installer\upgradecodes\62b3ef8d0dbda03489e85fe9de4061fc HKEY_LOCAL_MACHINE\software\daiyuu nobori\softether HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\upgradecodes\62b3ef8d0dbda03489e85fe9de4061fc HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0d7b67490d55c8d45a2fdf279e0e95fa HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0d7b67490d55c8d45a2fdf279e0e95fa HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d3620f421fa737d468cd6f6d4984aade HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\fac625fff96d4cb4bae61aab2ef698cd\features HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\fac625fff96d4cb4bae61aab2ef698cd\features HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\fac625fff96d4cb4bae61aab2ef698cd\installproperties HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\fac625fff96d4cb4bae61aab2ef698cd\installproperties HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\fac625fff96d4cb4bae61aab2ef698cd\installproperties HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\fac625fff96d4cb4bae61aab2ef698cd\installproperties HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\fac625fff96d4cb4bae61aab2ef698cd\installproperties HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\fac625fff96d4cb4bae61aab2ef698cd\installproperties HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\fac625fff96d4cb4bae61aab2ef698cd\installproperties HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\fac625fff96d4cb4bae61aab2ef698cd\installproperties HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\fac625fff96d4cb4bae61aab2ef698cd\installproperties HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\fac625fff96d4cb4bae61aab2ef698cd\installproperties HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\fac625fff96d4cb4bae61aab2ef698cd\installproperties HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\fac625fff96d4cb4bae61aab2ef698cd\installproperties HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\fac625fff96d4cb4bae61aab2ef698cd\installproperties HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\fac625fff96d4cb4bae61aab2ef698cd\installproperties HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\fac625fff96d4cb4bae61aab2ef698cd\installproperties HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\fac625fff96d4cb4bae61aab2ef698cd\installproperties HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\fac625fff96d4cb4bae61aab2ef698cd\installproperties HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\fac625fff96d4cb4bae61aab2ef698cd\installproperties HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\fac625fff96d4cb4bae61aab2ef698cd\installproperties HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\fac625fff96d4cb4bae61aab2ef698cd\installproperties HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\fac625fff96d4cb4bae61aab2ef698cd\installproperties HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\fac625fff96d4cb4bae61aab2ef698cd\installproperties HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\fac625fff96d4cb4bae61aab2ef698cd\installproperties HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\fac625fff96d4cb4bae61aab2ef698cd\installproperties HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\fac625fff96d4cb4bae61aab2ef698cd\installproperties HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\fac625fff96d4cb4bae61aab2ef698cd\installproperties HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\fac625fff96d4cb4bae61aab2ef698cd\installproperties HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\fac625fff96d4cb4bae61aab2ef698cd\installproperties HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\fac625fff96d4cb4bae61aab2ef698cd\installproperties HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff526caf-d69f-4bc4-ab6e-a1bae26f89dc} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff526caf-d69f-4bc4-ab6e-a1bae26f89dc} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff526caf-d69f-4bc4-ab6e-a1bae26f89dc} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff526caf-d69f-4bc4-ab6e-a1bae26f89dc} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff526caf-d69f-4bc4-ab6e-a1bae26f89dc} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff526caf-d69f-4bc4-ab6e-a1bae26f89dc} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff526caf-d69f-4bc4-ab6e-a1bae26f89dc} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff526caf-d69f-4bc4-ab6e-a1bae26f89dc} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff526caf-d69f-4bc4-ab6e-a1bae26f89dc} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff526caf-d69f-4bc4-ab6e-a1bae26f89dc} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff526caf-d69f-4bc4-ab6e-a1bae26f89dc} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff526caf-d69f-4bc4-ab6e-a1bae26f89dc} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff526caf-d69f-4bc4-ab6e-a1bae26f89dc} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff526caf-d69f-4bc4-ab6e-a1bae26f89dc} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff526caf-d69f-4bc4-ab6e-a1bae26f89dc} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff526caf-d69f-4bc4-ab6e-a1bae26f89dc} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff526caf-d69f-4bc4-ab6e-a1bae26f89dc} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff526caf-d69f-4bc4-ab6e-a1bae26f89dc} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff526caf-d69f-4bc4-ab6e-a1bae26f89dc} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff526caf-d69f-4bc4-ab6e-a1bae26f89dc} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff526caf-d69f-4bc4-ab6e-a1bae26f89dc} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff526caf-d69f-4bc4-ab6e-a1bae26f89dc} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff526caf-d69f-4bc4-ab6e-a1bae26f89dc} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff526caf-d69f-4bc4-ab6e-a1bae26f89dc} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff526caf-d69f-4bc4-ab6e-a1bae26f89dc}

Removing SoftEther:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Win32.Scapur Trojan

Removing Win32.Scapur
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Win32.Scapur Also known as:


[Panda]Adware/PurityScan

Visible Symptoms:
Files in system folders:

 
[%PROFILE_TEMP%]\Temporary Directory 1 for PL-GOLD[1].zip\PL-GOLD.exe
[%PROFILE_TEMP%]\Temporary Directory 2 for PL-GOLD[1].zip\PL-GOLD.exe
[%SYSTEM%]\wnscpsu.exe
[%SYSTEM%]\wnstssv.exe
[%PROFILE_TEMP%]\ps_install-mt.exe
[%PROFILE_TEMP%]\Temporary Directory 1 for PL-GOLD[1].zip\PL-GOLD.exe
[%PROFILE_TEMP%]\Temporary Directory 2 for PL-GOLD[1].zip\PL-GOLD.exe
[%SYSTEM%]\wnscpsu.exe
[%SYSTEM%]\wnstssv.exe
[%PROFILE_TEMP%]\ps_install-mt.exe

How to detect Win32.Scapur:

Files: [%PROFILE_TEMP%]\Temporary Directory 1 for PL-GOLD[1].zip\PL-GOLD.exe [%PROFILE_TEMP%]\Temporary Directory 2 for PL-GOLD[1].zip\PL-GOLD.exe [%SYSTEM%]\wnscpsu.exe [%SYSTEM%]\wnstssv.exe [%PROFILE_TEMP%]\ps_install-mt.exe [%PROFILE_TEMP%]\Temporary Directory 1 for PL-GOLD[1].zip\PL-GOLD.exe [%PROFILE_TEMP%]\Temporary Directory 2 for PL-GOLD[1].zip\PL-GOLD.exe [%SYSTEM%]\wnscpsu.exe [%SYSTEM%]\wnstssv.exe [%PROFILE_TEMP%]\ps_install-mt.exe

Registry Values: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing Win32.Scapur:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Marketscore Adware

Removing Marketscore
Categories: Adware,Spyware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Visible Symptoms:
Files in system folders:

 
[%PROFILE_TEMP%]\temp.fr????
[%PROFILE_TEMP%]\~os67.tmp\rk.exe
[%SYSTEM%]\mksc.exe
[%SYSTEM%]\okshook.dll
[%SYSTEM%]\osconfig.dll
[%SYSTEM%]\osmim.dll
[%SYSTEM%]\osmim.dll_tobedeleted
[%SYSTEM%]\osrouter.dll
[%SYSTEM%]\ossproxy.exe
[%SYSTEM%]\rk.bin
[%SYSTEM%]\rk.exe
[%PROFILE%]\Configuraci%F3n local\Temp\temp.fr????
[%SYSTEM%]\csloa.dll
[%WINDOWS%]\system\nscheck.exe
[%WINDOWS%]\system\nscheck.lgc
[%PROFILE_TEMP%]\temp.fr????
[%PROFILE_TEMP%]\~os67.tmp\rk.exe
[%SYSTEM%]\mksc.exe
[%SYSTEM%]\okshook.dll
[%SYSTEM%]\osconfig.dll
[%SYSTEM%]\osmim.dll
[%SYSTEM%]\osmim.dll_tobedeleted
[%SYSTEM%]\osrouter.dll
[%SYSTEM%]\ossproxy.exe
[%SYSTEM%]\rk.bin
[%SYSTEM%]\rk.exe
[%PROFILE%]\Configuraci%F3n local\Temp\temp.fr????
[%SYSTEM%]\csloa.dll
[%WINDOWS%]\system\nscheck.exe
[%WINDOWS%]\system\nscheck.lgc

How to detect Marketscore:

Files: [%PROFILE_TEMP%]\temp.fr???? [%PROFILE_TEMP%]\~os67.tmp\rk.exe [%SYSTEM%]\mksc.exe [%SYSTEM%]\okshook.dll [%SYSTEM%]\osconfig.dll [%SYSTEM%]\osmim.dll [%SYSTEM%]\osmim.dll_tobedeleted [%SYSTEM%]\osrouter.dll [%SYSTEM%]\ossproxy.exe [%SYSTEM%]\rk.bin [%SYSTEM%]\rk.exe [%PROFILE%]\Configuraci%F3n local\Temp\temp.fr???? [%SYSTEM%]\csloa.dll [%WINDOWS%]\system\nscheck.exe [%WINDOWS%]\system\nscheck.lgc [%PROFILE_TEMP%]\temp.fr???? [%PROFILE_TEMP%]\~os67.tmp\rk.exe [%SYSTEM%]\mksc.exe [%SYSTEM%]\okshook.dll [%SYSTEM%]\osconfig.dll [%SYSTEM%]\osmim.dll [%SYSTEM%]\osmim.dll_tobedeleted [%SYSTEM%]\osrouter.dll [%SYSTEM%]\ossproxy.exe [%SYSTEM%]\rk.bin [%SYSTEM%]\rk.exe [%PROFILE%]\Configuraci%F3n local\Temp\temp.fr???? [%SYSTEM%]\csloa.dll [%WINDOWS%]\system\nscheck.exe [%WINDOWS%]\system\nscheck.lgc

Registry Keys: HKEY_CURRENT_USER\software\netsetter HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{35B7E48B-9D81-4C6C-9578-5FD4F620D886} HKEY_LOCAL_MACHINE\software\netsetter\osmim HKEY_CLASSES_ROOT\clsid\{b2c03e2e-2219-4ff9-810a-540aca63f8d9} HKEY_CLASSES_ROOT\interface\{f88527e2-a8a7-4227-8683-05cfa4eec511} HKEY_CLASSES_ROOT\nsconfig.nsbrowserconfig HKEY_CLASSES_ROOT\typelib\{169c7855-c096-4d45-803b-6441552a7e92} HKEY_LOCAL_MACHINE\software\classes\clsid\{2f9bfca0-082b-4aaf-96e5-6dc17ebc8335} HKEY_LOCAL_MACHINE\software\classes\interface\{f88527e2-a8a7-4227-8683-05cfa4eec511} HKEY_LOCAL_MACHINE\software\classes\nsconfig.nsbrowserconfig HKEY_LOCAL_MACHINE\software\classes\nsconfig.nsbrowserconfig.2 HKEY_LOCAL_MACHINE\software\classes\typelib\{169c7855-c096-4d45-803b-6441552a7e92} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{2f9bfca0-082b-4aaf-96e5-6dc17ebc8335} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{35b7e48b-9d81-4c6c-9578-5fd4f620d886}

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\systemcertificates\root\certificates\a32c2b8361ca79fb7dcd14cbda793d0df855991c HKEY_LOCAL_MACHINE\software\microsoft\systemcertificates\root\certificates\f8d953700e84f3945390c81a1a3bf929c8a29eb7 HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\systemcertificates\root\certificates\a32c2b8361ca79fb7dcd14cbda793d0df855991c HKEY_LOCAL_MACHINE\software\microsoft\systemcertificates\root\certificates\a32c2b8361ca79fb7dcd14cbda793d0df855991c HKEY_LOCAL_MACHINE\software\microsoft\systemcertificates\root\certificates\f8d953700e84f3945390c81a1a3bf929c8a29eb7 HKEY_LOCAL_MACHINE\software\microsoft\systemcertificates\root\certificates\f8d953700e84f3945390c81a1a3bf929c8a29eb7 HKEY_LOCAL_MACHINE\software\microsoft\systemcertificates\root\certificates\f8d953700e84f3945390c81a1a3bf929c8a29eb7 HKEY_LOCAL_MACHINE\software\microsoft\systemcertificates\root\certificates\f8d953700e84f3945390c81a1a3bf929c8a29eb7 HKEY_LOCAL_MACHINE\software\microsoft\systemcertificates\root\certificates\f8d953700e84f3945390c81a1a3bf929c8a29eb7 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]/csloa.d__ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]/csloa.d__ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]/okshook.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]/okshook.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]/osconfig.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]/osconfig.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]/osmim.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]/osmim.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]/ossproxy.ex_ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]/ossproxy.ex_

Removing Marketscore:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Computer Key Logger Spyware

Removing Computer Key Logger
Categories: Spyware
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

Visible Symptoms:
Files in system folders:

 
[%PROFILE%]\cmd.exe
[%PROFILE%]\LOCAL.EXE
[%PROFILE%]\start
[%SYSTEM%]\dijpg.dll
[%SYSTEM%]\SkinBoxer43.dll
[%PROFILE%]\cmd.exe
[%PROFILE%]\LOCAL.EXE
[%PROFILE%]\start
[%SYSTEM%]\dijpg.dll
[%SYSTEM%]\SkinBoxer43.dll

How to detect Computer Key Logger:

Files: [%PROFILE%]\cmd.exe [%PROFILE%]\LOCAL.EXE [%PROFILE%]\start [%SYSTEM%]\dijpg.dll [%SYSTEM%]\SkinBoxer43.dll [%PROFILE%]\cmd.exe [%PROFILE%]\LOCAL.EXE [%PROFILE%]\start [%SYSTEM%]\dijpg.dll [%SYSTEM%]\SkinBoxer43.dll

Removing Computer Key Logger:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

DeskAdTop Adware

Removing DeskAdTop
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

DeskAdTop Also known as:


[Kaspersky]AdWare.Win32.Zhongsou.d;
[F-Prot]W32/Zhongsou.A;
[Other]Adware.PigSearch,deskadtop

How to detect DeskAdTop:

Folders: [%PROGRAM_FILES%]\DeskAdTop

Registry Keys: HKEY_CLASSES_ROOT\CLSID\{08A312BB-5409-49FC-9347-54BB7D069AC6} HKEY_CLASSES_ROOT\monitorie.monitorurl HKEY_CLASSES_ROOT\monitorie.monitorurl.1 HKEY_CLASSES_ROOT\typelib\{647bb013-e900-473e-bc10-99cf3ac365ad} HKEY_CLASSES_ROOT\bho.iemonitor HKEY_CLASSES_ROOT\bho.iemonitor.1 HKEY_CLASSES_ROOT\clsid\{08a312bb-5409-49fc-9347-54bb7d069ac6} HKEY_CLASSES_ROOT\interface\{ebb1c15e-017b-4bb9-9b6c-11cdf577e0cc} HKEY_CURRENT_USER\software\deskadtop HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{08a312bb-5409-49fc-9347-54bb7d069ac6} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\×ÀÃæÃ½Ìå

Removing DeskAdTop:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Methodbod.B Trojan

Removing Methodbod.B
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\system\smss.exe
[%WINDOWS%]\system\smss.exe

How to detect Methodbod.B:

Files: [%WINDOWS%]\system\smss.exe [%WINDOWS%]\system\smss.exe

Registry Values: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Removing Methodbod.B:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Free.Keylogger.Common.Components Spyware

Removing Free.Keylogger.Common.Components
Categories: Spyware
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

How to detect Free.Keylogger.Common.Components:

Folders: [%COMMON_PROGRAMS%]\Free Keylogger [%PROGRAM_FILES%]\free keylogger

Registry Keys: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\free keylogger_is1

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Free.Keylogger.Common.Components:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Zlob.Fam.VidCodecs Trojan

Removing Zlob.Fam.VidCodecs
Categories: Trojan,Popups
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware is the class of programs that place advertisements on your screen.
These may be in the form of pop-ups, pop-unders, advertisements embedded in programs,
advertisements placed on top of ads in web sites, or any other way the authors can
think of showing you an ad.

The pop-ups generally will not be stopped by pop-up stoppers, and often are
not dependent on your having Internet Explorer open.
They may show up when you are playing a game, writing a document, listening to music,
or anything else. Should you be surfing, the advertisements will often be related to
the web page you are viewing.

Visible Symptoms:
Files in system folders:

 
[%PROGRAM_FILES%]\VidCodecs\iesplugin.dll
[%PROGRAM_FILES%]\VidCodecs\iesuninst.exe
[%PROGRAM_FILES%]\VidCodecs\isaddon.dll
[%PROGRAM_FILES%]\VidCodecs\isamini.exe
[%PROGRAM_FILES%]\VidCodecs\isamonitor.exe
[%PROGRAM_FILES%]\VidCodecs\isauninst.exe
[%PROGRAM_FILES%]\VidCodecs\ot.ico
[%PROGRAM_FILES%]\VidCodecs\pmmon.exe
[%PROGRAM_FILES%]\VidCodecs\pmsngr.exe
[%PROGRAM_FILES%]\VidCodecs\pmuninst.exe
[%PROGRAM_FILES%]\VidCodecs\ts.ico
[%PROGRAM_FILES%]\VidCodecs\uninst.exe
[%PROGRAM_FILES%]\VidCodecs\iesplugin.dll
[%PROGRAM_FILES%]\VidCodecs\iesuninst.exe
[%PROGRAM_FILES%]\VidCodecs\isaddon.dll
[%PROGRAM_FILES%]\VidCodecs\isamini.exe
[%PROGRAM_FILES%]\VidCodecs\isamonitor.exe
[%PROGRAM_FILES%]\VidCodecs\isauninst.exe
[%PROGRAM_FILES%]\VidCodecs\ot.ico
[%PROGRAM_FILES%]\VidCodecs\pmmon.exe
[%PROGRAM_FILES%]\VidCodecs\pmsngr.exe
[%PROGRAM_FILES%]\VidCodecs\pmuninst.exe
[%PROGRAM_FILES%]\VidCodecs\ts.ico
[%PROGRAM_FILES%]\VidCodecs\uninst.exe

How to detect Zlob.Fam.VidCodecs:

Files: [%PROGRAM_FILES%]\VidCodecs\iesplugin.dll [%PROGRAM_FILES%]\VidCodecs\iesuninst.exe [%PROGRAM_FILES%]\VidCodecs\isaddon.dll [%PROGRAM_FILES%]\VidCodecs\isamini.exe [%PROGRAM_FILES%]\VidCodecs\isamonitor.exe [%PROGRAM_FILES%]\VidCodecs\isauninst.exe [%PROGRAM_FILES%]\VidCodecs\ot.ico [%PROGRAM_FILES%]\VidCodecs\pmmon.exe [%PROGRAM_FILES%]\VidCodecs\pmsngr.exe [%PROGRAM_FILES%]\VidCodecs\pmuninst.exe [%PROGRAM_FILES%]\VidCodecs\ts.ico [%PROGRAM_FILES%]\VidCodecs\uninst.exe [%PROGRAM_FILES%]\VidCodecs\iesplugin.dll [%PROGRAM_FILES%]\VidCodecs\iesuninst.exe [%PROGRAM_FILES%]\VidCodecs\isaddon.dll [%PROGRAM_FILES%]\VidCodecs\isamini.exe [%PROGRAM_FILES%]\VidCodecs\isamonitor.exe [%PROGRAM_FILES%]\VidCodecs\isauninst.exe [%PROGRAM_FILES%]\VidCodecs\ot.ico [%PROGRAM_FILES%]\VidCodecs\pmmon.exe [%PROGRAM_FILES%]\VidCodecs\pmsngr.exe [%PROGRAM_FILES%]\VidCodecs\pmuninst.exe [%PROGRAM_FILES%]\VidCodecs\ts.ico [%PROGRAM_FILES%]\VidCodecs\uninst.exe

Folders: [%PROGRAM_FILES%]\VidCodecs

Registry Keys: HKEY_CLASSES_ROOT\PlayVideoEnchancer.chl HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PlayVideoEnchancer.chl HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VidCodecs

Removing Zlob.Fam.VidCodecs:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Cabronator Backdoor

Removing Cabronator
Categories: Backdoor,RAT,Hacker Tool
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:

Launching/ deleting files

Sending/ receiving files

Deleting data

Displaying notification

Rebooting the machine

Executing files

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.

Cabronator Also known as:


[Kaspersky]Backdoor.Delf.r,Backdoor.Win32.Cabrotor.21,Backdoor.Win32.Delf.r,Backdoor.Win32.Cabrotor.10.d;
[McAfee]BackDoor-WO;
[F-Prot]security risk or a "backdoor" program;
[Panda]Backdoor Program,Backdoor Program.LC;
[Computer Associates]Backdoor/Cabrotor.21,Backdoor/Cabrotor.10.d

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\asdapi.exe
[%WINDOWS%]\asdapi.exe

How to detect Cabronator:

Files: [%WINDOWS%]\asdapi.exe [%WINDOWS%]\asdapi.exe

Removing Cabronator:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Arsd Trojan

Removing Arsd
Categories: Trojan,Backdoor,RAT
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.

Arsd Also known as:


[Kaspersky]Backdoor.Arsd;
[Eset]Win32/Arsd.A trojan;
[McAfee]BackDoor-ZI;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/Arsd;
[Computer Associates]Win32/Bd-arsd.Trojan

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\arsd.exe
[%WINDOWS%]\arsd.exe

How to detect Arsd:

Files: [%WINDOWS%]\arsd.exe [%WINDOWS%]\arsd.exe

Removing Arsd:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Hupigon Trojan

Removing Hupigon
Categories: Trojan,Backdoor,RAT
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Hupigon Also known as:


[Kaspersky]Backdoor.Win32.Hupigon.emm,Backdoor.Win32.Hupigon.emq;
[F-Prot]W32/Backdoor.AKNO;
[Other]Backdoor.Sdbot.VM,Kaspersky

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\comgp32log.dll
[%SYSTEM%]\comgp32log.dll

How to detect Hupigon:

Files: [%SYSTEM%]\comgp32log.dll [%SYSTEM%]\comgp32log.dll

Removing Hupigon:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

CWS.conyc Hijacker

Removing CWS.conyc
Categories: Hijacker
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

How to detect CWS.conyc:

Registry Keys: HKEY_CLASSES_ROOT\clsid\{815a82ae-cdef-11d8-ba48-a6d245798277} HKEY_CLASSES_ROOT\interface\{815a82ad-cdef-11d8-ba48-a6d245798277} HKEY_CLASSES_ROOT\toolband_atl.band_ie HKEY_CLASSES_ROOT\toolband_atl.band_ie.1 HKEY_CLASSES_ROOT\typelib\{28f65fbe-d130-11d8-ba48-8be0c49af370} HKEY_CLASSES_ROOT\typelib\{815a82a1-cdef-11d8-ba48-a6d245798277} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\popup blocker HKEY_LOCAL_MACHINE\software\tim

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar

Removing CWS.conyc:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Superlogy.com BHO

Removing Superlogy.com
Categories: BHO,Hijacker,Toolbar
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\aadl.dll
[%WINDOWS%]\system\aadl.dll
[%SYSTEM%]\aadl.dll
[%WINDOWS%]\system\aadl.dll

How to detect Superlogy.com:

Files: [%SYSTEM%]\aadl.dll [%WINDOWS%]\system\aadl.dll [%SYSTEM%]\aadl.dll [%WINDOWS%]\system\aadl.dll

Registry Keys: HKEY_CLASSES_ROOT\clsid\{95e02c52-05fc-425d-8378-9da70f9cd763} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{95e02c52-05fc-425d-8378-9da70f9cd763} HKEY_LOCAL_MACHINE\software\classes\clsid\{95e02c52-05fc-425d-8378-9da70f9cd763} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{95e02c52-05fc-425d-8378-9da70f9cd763}

Removing Superlogy.com:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

FastWebFinder Adware

Removing FastWebFinder
Categories: Adware,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\ld.exe
[%WINDOWS%]\dnse.dll
[%WINDOWS%]\ld.exe
[%WINDOWS%]\dnse.dll

How to detect FastWebFinder:

Files: [%WINDOWS%]\ld.exe [%WINDOWS%]\dnse.dll [%WINDOWS%]\ld.exe [%WINDOWS%]\dnse.dll

Registry Values: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing FastWebFinder:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Zlob.Fam.Video AX Object Trojan

Removing Zlob.Fam.Video AX Object
Categories: Trojan,Popups
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
The pop-ups generally will not be stopped by pop-up stoppers, and often are
not dependent on your having Internet Explorer open.

How to detect Zlob.Fam.Video AX Object:

Folders: [%PROGRAM_FILES%]\Video AX Object

Registry Keys: HKEY_CLASSES_ROOT\videoaxobject.chl HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video AX Object

Removing Zlob.Fam.Video AX Object:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

AntispywareSuite Ransomware

Removing AntispywareSuite
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.

If the victim opens/executes the attachment, the program encrypts
a number of files on the victim's computer. A ransom note is then left behind for the victim.

The victim will be unable to open the encrypted files without the correct decryption key.
Once the ransom demanded in the ransom note is paid, the cracker may (or may not)
send the decryption key, enabling decryption of the "kidnapped" files.

Visible Symptoms:
Files in system folders:

 
[%COMMON_DESKTOPDIRECTORY%]\AntiSpywareSuite.lnk
[%PROGRAM_FILES%]\AntiSpywareSuite\pgs.exe
[%COMMON_DESKTOPDIRECTORY%]\AntiSpywareSuite.lnk
[%PROGRAM_FILES%]\AntiSpywareSuite\pgs.exe

How to detect AntispywareSuite:

Files: [%COMMON_DESKTOPDIRECTORY%]\AntiSpywareSuite.lnk [%PROGRAM_FILES%]\AntiSpywareSuite\pgs.exe [%COMMON_DESKTOPDIRECTORY%]\AntiSpywareSuite.lnk [%PROGRAM_FILES%]\AntiSpywareSuite\pgs.exe

Folders: [%APPDATA%]\AntiSpywareSuite [%COMMON_PROGRAMS%]\AntiSpywareSuite [%PROGRAM_FILES%]\AntiSpywareSuite [%PROGRAM_FILES_COMMON%]\AntiSpywareSuite

Registry Keys: HKEY_LOCAL_MACHINE\SOFTWARE\AntiSpywareSuite HKEY_CURRENT_USER\software\antispywaresuite HKEY_LOCAL_MACHINE\software\antispywaresuite HKEY_LOCAL_MACHINE\software\ugcw

Registry Values: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\products, compname=locus software HKEY_LOCAL_MACHINE\software\products HKEY_LOCAL_MACHINE\software\products

Removing AntispywareSuite:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

prosearching.com Hijacker

Removing prosearching.com
Categories: Hijacker
A Search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

How to detect prosearching.com:

Registry Values: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

Removing prosearching.com:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Vundo.Variant Spyware

Removing Vundo.Variant
Categories: Spyware,Backdoor
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Vundo.Variant Also known as:


[Eset]Win32/Spy.Agent.P trojan;
[Panda]Bck/Agent.H;
[Computer Associates]Win32/Vundo.Variant!Trojan

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\security\logs\mfcexp.exe
[%WINDOWS%]\system\mui\svcbak.exe
[%WINDOWS%]\security\logs\mfcexp.exe
[%WINDOWS%]\system\mui\svcbak.exe

How to detect Vundo.Variant:

Files: [%WINDOWS%]\security\logs\mfcexp.exe [%WINDOWS%]\system\mui\svcbak.exe [%WINDOWS%]\security\logs\mfcexp.exe [%WINDOWS%]\system\mui\svcbak.exe

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Vundo.Variant:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Vallenza Trojan

Removing Vallenza
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

How to detect Vallenza:

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Vallenza:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Win32.Rbot.gen Backdoor

Removing Win32.Rbot.gen
Categories: Backdoor
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\xpupdate.exe
[%WINDOWS%]\xpupdate.exe

How to detect Win32.Rbot.gen:

Files: [%WINDOWS%]\xpupdate.exe [%WINDOWS%]\xpupdate.exe

Registry Values: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-

Removing Win32.Rbot.gen:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

IKatzu.IE.App Adware

Removing IKatzu.IE.App
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\bkini.dll
[%SYSTEM%]\bkini.dll

How to detect IKatzu.IE.App:

Files: [%SYSTEM%]\bkini.dll [%SYSTEM%]\bkini.dll

Registry Keys: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\brows er helper objects\{ea5159df-e413-4878-8ae2-d921d41bb942}

Removing IKatzu.IE.App:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

DataSpy.Network Trojan

Removing DataSpy.Network
Categories: Trojan,Spyware,Backdoor,RAT,Downloader,DoS
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:

Launching/ deleting files

Sending/ receiving files

Deleting data

Displaying notification

Rebooting the machine

Executing files

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.

DataSpy.Network Also known as:


[Kaspersky]Backdoor.DSNX.04,packed: UPX,Backdoor.DSNX.05.a;
[McAfee]BackDoor-UK.gen,IRC-DSNX,BackDoor-UK;
[F-Prot]destructive program,security risk or a "backdoor" program;
[Panda]Trj/W32.Dsnx,Trj/W32.DSNX.04,Backdoor Program;
[Computer Associates]Backdoor/DSNX.04!Server,Win32.DSNX.C

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\system\winsqli.exe
[%WINDOWS%]\system\winxvfn.exe
[%WINDOWS%]\system\winsqli.exe
[%WINDOWS%]\system\winxvfn.exe

How to detect DataSpy.Network:

Files: [%WINDOWS%]\system\winsqli.exe [%WINDOWS%]\system\winxvfn.exe [%WINDOWS%]\system\winsqli.exe [%WINDOWS%]\system\winxvfn.exe

Removing DataSpy.Network:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Akosch.Keylogger Spyware

Removing Akosch.Keylogger
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\sysedit.exe
[%WINDOWS%]\sysedit.exe

How to detect Akosch.Keylogger:

Files: [%WINDOWS%]\sysedit.exe [%WINDOWS%]\sysedit.exe

Registry Values: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing Akosch.Keylogger:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Interfun Adware

Removing Interfun
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

How to detect Interfun:

Registry Keys: HKEY_CLASSES_ROOT\clsid\{15c3c7a4-9676-11d3-9799-0060087190b9}

Removing Interfun:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Ditul Trojan

Removing Ditul
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Ditul Also known as:


[Kaspersky]Trojan-Dropper.Win32.Small.avj,Trojan.Win32.Agent.abf,Trojan-Proxy.Win32.Small.du,Trojan-Proxy.Win32.Small.fl;
[McAfee]BackDoor-DKH;
[F-Prot]W32/Agent.DLE;
[Other]Win32/Ditul,Win32/Ditul.BA,Win32/Ditul.BC,Win32/Ditul.BD,Win32/Ditul.B,Win32/Ditul.BE,Infostealer,Win32/Ditul.Y,Win32/Ditul.AA,Troj/Agent-EBN,Troj/Agent-DWW,Trojan.Dropper,Win32/Ditul.FL,Win32/Ditul.FW,Win32/Ditul!generic,W32/Smalltroj.BKEU,TROJ_SMALL.ISO

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\msnetax.dll
[%SYSTEM%]\windhcp.ocx
[%SYSTEM%]\Drivers\CelInDriver.sys
[%SYSTEM%]\RemoteDbg.dll
[%SYSTEM%]\windds32.dll
[%SYSTEM%]\msnetax.dll
[%SYSTEM%]\windhcp.ocx
[%SYSTEM%]\Drivers\CelInDriver.sys
[%SYSTEM%]\RemoteDbg.dll
[%SYSTEM%]\windds32.dll

How to detect Ditul:

Files: [%SYSTEM%]\msnetax.dll [%SYSTEM%]\windhcp.ocx [%SYSTEM%]\Drivers\CelInDriver.sys [%SYSTEM%]\RemoteDbg.dll [%SYSTEM%]\windds32.dll [%SYSTEM%]\msnetax.dll [%SYSTEM%]\windhcp.ocx [%SYSTEM%]\Drivers\CelInDriver.sys [%SYSTEM%]\RemoteDbg.dll [%SYSTEM%]\windds32.dll

Registry Keys: HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_celindrv HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_windhcpsvc HKEY_LOCAL_MACHINE\system\currentcontrolset\services\win32dds HKEY_LOCAL_MACHINE\system\currentcontrolset\services\windhcpsvc HKEY_LOCAL_MACHINE\system\currentcontrolset\services\celindrv HKEY_LOCAL_MACHINE\system\currentcontrolset\services\remotedbg

Removing Ditul:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Netscreen RAT

Removing Netscreen
Categories: RAT
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

How to detect Netscreen:

Registry Values: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing Netscreen:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Sprincape Trojan

Removing Sprincape
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Sprincape Also known as:


[Kaspersky]Trojan.Win32.Qhost.oc;
[McAfee]Spy-Agent.cj;
[Other]Win32/Sprincape.B,Trojan Horse,Win32/Sprincape.H,Backdoor:Win32/Stealbot.gen

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\fsdutil.exe
[%SYSTEM%]\lkavs32.exe
[%SYSTEM%]\netstdll2.exe
[%SYSTEM%]\ntvdc.exe
[%SYSTEM%]\nvsvcsb.exe
[%SYSTEM%]\rdatasys2.exe
[%SYSTEM%]\wdtcp.exe
[%SYSTEM%]\wingtsv.exe
[%SYSTEM%]\fsdutil.exe
[%SYSTEM%]\lkavs32.exe
[%SYSTEM%]\netstdll2.exe
[%SYSTEM%]\ntvdc.exe
[%SYSTEM%]\nvsvcsb.exe
[%SYSTEM%]\rdatasys2.exe
[%SYSTEM%]\wdtcp.exe
[%SYSTEM%]\wingtsv.exe

How to detect Sprincape:

Files: [%SYSTEM%]\fsdutil.exe [%SYSTEM%]\lkavs32.exe [%SYSTEM%]\netstdll2.exe [%SYSTEM%]\ntvdc.exe [%SYSTEM%]\nvsvcsb.exe [%SYSTEM%]\rdatasys2.exe [%SYSTEM%]\wdtcp.exe [%SYSTEM%]\wingtsv.exe [%SYSTEM%]\fsdutil.exe [%SYSTEM%]\lkavs32.exe [%SYSTEM%]\netstdll2.exe [%SYSTEM%]\ntvdc.exe [%SYSTEM%]\nvsvcsb.exe [%SYSTEM%]\rdatasys2.exe [%SYSTEM%]\wdtcp.exe [%SYSTEM%]\wingtsv.exe

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce

Removing Sprincape:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Zlob.ad Downloader

Removing Zlob.ad
Categories: Downloader
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

How to detect Zlob.ad:

Registry Keys: HKEY_CLASSES_ROOT\NVideoCodek.Chl HKEY_CLASSES_ROOT\nvideocodek.chl

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Zlob.ad:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

CyberJack Trojan

Removing CyberJack
Categories: Trojan,Backdoor,RAT
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

CyberJack Also known as:


[Kaspersky]Backdoor.CyberJack.101;
[Eset]Win32/CyberJack.101.Client trojan,Win32/CyberJack.101.Server trojan;
[McAfee]Backdoor-RR;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/CyberJack.101;
[Computer Associates]Backdoor/CyberJack!Server,Win32.CyberJack.101

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\system\winmsconfig32.exe
[%WINDOWS%]\temp\gftp.exe
[%WINDOWS%]\system\winmsconfig32.exe
[%WINDOWS%]\temp\gftp.exe

How to detect CyberJack:

Files: [%WINDOWS%]\system\winmsconfig32.exe [%WINDOWS%]\temp\gftp.exe [%WINDOWS%]\system\winmsconfig32.exe [%WINDOWS%]\temp\gftp.exe

Removing CyberJack:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Gambling Popups Adware

Removing Gambling Popups
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:

 
[%PROGRAM_FILES%]\partypoker\IEExtension.dll
[%WINDOWS%]\Downloaded Program Files\Nyoko.dll
[%PROGRAM_FILES%]\partypoker\IEExtension.dll
[%WINDOWS%]\Downloaded Program Files\Nyoko.dll

How to detect Gambling Popups:

Files: [%PROGRAM_FILES%]\partypoker\IEExtension.dll [%WINDOWS%]\Downloaded Program Files\Nyoko.dll [%PROGRAM_FILES%]\partypoker\IEExtension.dll [%WINDOWS%]\Downloaded Program Files\Nyoko.dll

Registry Keys: HKEY_CLASSES_ROOT\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{13C1DBF6-7535-495c-91F6-8C13714ED485} HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{45FD16E0-0BC3-4774-AD53-228976E8C19F} HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{64FA9700-6A17-4bd5-A7D8-D81CF095995F} HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{A18AC347-2CA3-4e5d-AB86-33BFC7EEB931} HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{B723B1B8-9788-4684-ADA7-D1DB02E1D516} HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{EFFF8D47-D060-4108-B761-E8EC86622E56} HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{F4430FE8-2638-42e5-B849-800749B94EED} HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}

Removing Gambling Popups:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

BraveSentry Trojan

Removing BraveSentry
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

BraveSentry Also known as:


[Kaspersky]Downloader.Win32.Agent.x;
[McAfee]BraveSentry;
[F-Prot]W32/Downldr2.ATPC;
[Panda]Spyware/WinSpyKiller;
[Other]Program:Win32/SpySheriff,WinSpyKiller

Visible Symptoms:
Files in system folders:

 
[%PROGRAM_FILES%]\MalwareAlarm\MalwareAlarm0.ma
[%PROGRAM_FILES%]\PestCapture\PestCapture0.dll
[%PROGRAM_FILES%]\PestCapture\PestCapture1.dll
[%PROGRAM_FILES%]\PestCapture\PestCapture2.dll
[%PROGRAM_FILES%]\PestCapture\PestCapture3.dll
[%PROGRAM_FILES%]\PestTrap\heur000.dll
[%PROGRAM_FILES%]\PestTrap\heur001.dll
[%PROGRAM_FILES%]\PestTrap\heur003.dll
[%WINDOWS%]\desktop.html
[%DESKTOP%]\bravesentry.lnk
[%DESKTOP%]\WinSpyKiller.lnk
[%PROGRAM_FILES%]\MalwareAlarm\MalwareAlarm0.ma
[%PROGRAM_FILES%]\PestCapture\PestCapture0.dll
[%PROGRAM_FILES%]\PestCapture\PestCapture1.dll
[%PROGRAM_FILES%]\PestCapture\PestCapture2.dll
[%PROGRAM_FILES%]\PestCapture\PestCapture3.dll
[%PROGRAM_FILES%]\PestTrap\heur000.dll
[%PROGRAM_FILES%]\PestTrap\heur001.dll
[%PROGRAM_FILES%]\PestTrap\heur003.dll
[%WINDOWS%]\desktop.html
[%DESKTOP%]\bravesentry.lnk
[%DESKTOP%]\WinSpyKiller.lnk

How to detect BraveSentry:

Files: [%PROGRAM_FILES%]\MalwareAlarm\MalwareAlarm0.ma [%PROGRAM_FILES%]\PestCapture\PestCapture0.dll [%PROGRAM_FILES%]\PestCapture\PestCapture1.dll [%PROGRAM_FILES%]\PestCapture\PestCapture2.dll [%PROGRAM_FILES%]\PestCapture\PestCapture3.dll [%PROGRAM_FILES%]\PestTrap\heur000.dll [%PROGRAM_FILES%]\PestTrap\heur001.dll [%PROGRAM_FILES%]\PestTrap\heur003.dll [%WINDOWS%]\desktop.html [%DESKTOP%]\bravesentry.lnk [%DESKTOP%]\WinSpyKiller.lnk [%PROGRAM_FILES%]\MalwareAlarm\MalwareAlarm0.ma [%PROGRAM_FILES%]\PestCapture\PestCapture0.dll [%PROGRAM_FILES%]\PestCapture\PestCapture1.dll [%PROGRAM_FILES%]\PestCapture\PestCapture2.dll [%PROGRAM_FILES%]\PestCapture\PestCapture3.dll [%PROGRAM_FILES%]\PestTrap\heur000.dll [%PROGRAM_FILES%]\PestTrap\heur001.dll [%PROGRAM_FILES%]\PestTrap\heur003.dll [%WINDOWS%]\desktop.html [%DESKTOP%]\bravesentry.lnk [%DESKTOP%]\WinSpyKiller.lnk

Folders: [%PROGRAMS%]\Brave-Sentry [%PROGRAM_FILES%]\bravesentry [%PROGRAMS%]\bravesentry [%PROGRAMS%]\WinSpyKiller [%PROGRAM_FILES%]\WinSpyKiller

Registry Keys: HKEY_CURRENT_USER\software\brave-sentry\scan HKEY_CURRENT_USER\software\brave-sentry\updates HKEY_CURRENT_USER\Software\BraveSentry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Brave-Sentry HKEY_CURRENT_USER\software\bravesentry HKEY_CURRENT_USER\software\winspykiller HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\brave-sentry HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bravesentry HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\winspykiller

Registry Values: HKEY_CURRENT_USER\software\brave-sentry HKEY_CURRENT_USER\software\brave-sentry HKEY_CURRENT_USER\software\brave-sentry HKEY_CURRENT_USER\software\brave-sentry HKEY_CURRENT_USER\software\brave-sentry HKEY_CURRENT_USER\software\brave-sentry HKEY_CURRENT_USER\software\brave-sentry HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\software\brave-sentry HKEY_CURRENT_USER\software\brave-sentry HKEY_CURRENT_USER\software\brave-sentry HKEY_CURRENT_USER\software\brave-sentry HKEY_CURRENT_USER\software\brave-sentry HKEY_CURRENT_USER\software\brave-sentry HKEY_CURRENT_USER\software\brave-sentry HKEY_CURRENT_USER\software\brave-sentry HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\microsoft\windows\shellnoroam\muicache HKEY_CURRENT_USER\software\microsoft\windows\shellnoroam\muicache

Removing BraveSentry:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

UrlHen Trojan

Removing UrlHen
Categories: Trojan,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.

UrlHen Also known as:


[Kaspersky]Trojan-Spy.win32.Delf.qo;
[McAfee]Spy-Agent.ex;
[Other]Win32/Urlhen.D

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\wheax.exe
[%SYSTEM%]\zz33.exe
[%WINDOWS%]\wheax.dll
[%SYSTEM%]\wheax.exe
[%SYSTEM%]\zz33.exe
[%WINDOWS%]\wheax.dll

How to detect UrlHen:

Files: [%SYSTEM%]\wheax.exe [%SYSTEM%]\zz33.exe [%WINDOWS%]\wheax.dll [%SYSTEM%]\wheax.exe [%SYSTEM%]\zz33.exe [%WINDOWS%]\wheax.dll

Removing UrlHen:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Iceland Trojan

Removing Iceland
Categories: Trojan,Backdoor,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

Iceland Also known as:


[Kaspersky]Saratoga.656,Saratoga.632.a,Mix.1636;
[Eset]Icelndic.656.A virus,Icelndic.632.A virus,Icelndic.1636 virus;
[McAfee]Iceland;
[F-Prot]Icelandic.1636;
[Panda]Icelandic.650;
[Computer Associates]Icelandic 1,Icelandic-2,Icelandic 2,Icelandic-3,Mix 1b,Mix1-B

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\winsys.exe
[%WINDOWS%]\winsys.exe

How to detect Iceland:

Files: [%WINDOWS%]\winsys.exe [%WINDOWS%]\winsys.exe

Removing Iceland:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Win32.Qoologic.bj Downloader

Removing Win32.Qoologic.bj
Categories: Downloader
Trojans-downloaders downloads and installs new malware or adware on the computer.

Win32.Qoologic.bj Also known as:


[Kaspersky]Trojan-Downloader.Win32.Qoologic.bj;
[McAfee]Qoolaid;
[Other]Adware.QoolAid

Visible Symptoms:
Files in system folders:

 
[%PROFILE_TEMP%]\f219535390.exe
[%PROFILE_TEMP%]\f415187.exe
[%PROFILE_TEMP%]\f518468.exe
[%SYSTEM%]\gsqpw.dat
[%SYSTEM%]\lnrocv.exe
[%SYSTEM%]\lwvbi.dat
[%SYSTEM%]\lxcda.dat
[%SYSTEM%]\ntxut.dat
[%SYSTEM%]\qlhso.dat
[%SYSTEM%]\qtodg.dat
[%SYSTEM%]\rurptef.dll
[%COMMON_STARTUP%]\cpbiw.exe
[%PROFILE_TEMP%]\f1150625.exe
[%SYSTEM%]\arflq.exe
[%SYSTEM%]\kiohqo.exe
[%SYSTEM%]\lmmpbtl.exe
[%SYSTEM%]\pfdkd.dat
[%SYSTEM%]\qpohiww.dll
[%WINDOWS%]\idvnh.dll
[%PROFILE_TEMP%]\f219535390.exe
[%PROFILE_TEMP%]\f415187.exe
[%PROFILE_TEMP%]\f518468.exe
[%SYSTEM%]\gsqpw.dat
[%SYSTEM%]\lnrocv.exe
[%SYSTEM%]\lwvbi.dat
[%SYSTEM%]\lxcda.dat
[%SYSTEM%]\ntxut.dat
[%SYSTEM%]\qlhso.dat
[%SYSTEM%]\qtodg.dat
[%SYSTEM%]\rurptef.dll
[%COMMON_STARTUP%]\cpbiw.exe
[%PROFILE_TEMP%]\f1150625.exe
[%SYSTEM%]\arflq.exe
[%SYSTEM%]\kiohqo.exe
[%SYSTEM%]\lmmpbtl.exe
[%SYSTEM%]\pfdkd.dat
[%SYSTEM%]\qpohiww.dll
[%WINDOWS%]\idvnh.dll

How to detect Win32.Qoologic.bj:

Files: [%PROFILE_TEMP%]\f219535390.exe [%PROFILE_TEMP%]\f415187.exe [%PROFILE_TEMP%]\f518468.exe [%SYSTEM%]\gsqpw.dat [%SYSTEM%]\lnrocv.exe [%SYSTEM%]\lwvbi.dat [%SYSTEM%]\lxcda.dat [%SYSTEM%]\ntxut.dat [%SYSTEM%]\qlhso.dat [%SYSTEM%]\qtodg.dat [%SYSTEM%]\rurptef.dll [%COMMON_STARTUP%]\cpbiw.exe [%PROFILE_TEMP%]\f1150625.exe [%SYSTEM%]\arflq.exe [%SYSTEM%]\kiohqo.exe [%SYSTEM%]\lmmpbtl.exe [%SYSTEM%]\pfdkd.dat [%SYSTEM%]\qpohiww.dll [%WINDOWS%]\idvnh.dll [%PROFILE_TEMP%]\f219535390.exe [%PROFILE_TEMP%]\f415187.exe [%PROFILE_TEMP%]\f518468.exe [%SYSTEM%]\gsqpw.dat [%SYSTEM%]\lnrocv.exe [%SYSTEM%]\lwvbi.dat [%SYSTEM%]\lxcda.dat [%SYSTEM%]\ntxut.dat [%SYSTEM%]\qlhso.dat [%SYSTEM%]\qtodg.dat [%SYSTEM%]\rurptef.dll [%COMMON_STARTUP%]\cpbiw.exe [%PROFILE_TEMP%]\f1150625.exe [%SYSTEM%]\arflq.exe [%SYSTEM%]\kiohqo.exe [%SYSTEM%]\lmmpbtl.exe [%SYSTEM%]\pfdkd.dat [%SYSTEM%]\qpohiww.dll [%WINDOWS%]\idvnh.dll

Registry Values: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing Win32.Qoologic.bj:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Beyond.telecom Adware

Removing Beyond.telecom
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

How to detect Beyond.telecom:

Folders: [%PROGRAM_FILES%]\mpb\dialers

Registry Keys: HKEY_CURRENT_USER\software\mpb\dialers HKEY_CURRENT_USER\software\sym\dialers HKEY_LOCAL_MACHINE\software\mpb\dialers HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\hotsexy_au HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\virgins_au

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Beyond.telecom:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

EZVideo Hijacker

Removing EZVideo
Categories: Hijacker
A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

How to detect EZVideo:

Folders: [%PROGRAMS%]\EZVideo [%PROGRAM_FILES%]\EZVideo

Registry Keys: HKEY_CLASSES_ROOT\ezvideo HKEY_CURRENT_USER\software\ezvideo HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ezvideo

Removing EZVideo:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Tiniloz Trojan

Removing Tiniloz
Categories: Trojan,Downloader
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

Tiniloz Also known as:


[Kaspersky]Trojan-Downloader.Win32.Zlob.cqo,Trojan-Downloader.Win32.Zlob.dcv;
[McAfee]Puper

Visible Symptoms:
Files in system folders:

 
[%COMMON_APPDATA%]\Nuance\NaturallySpeaking9\Users\devil\audioin.dat
[%COMMON_APPDATA%]\Nuance\NaturallySpeaking9\Users\Elizabeth\audioin.dat
[%PROFILE%]\TEMP\sdk\ObjectARX\samples\DblClick\cmd.api
[%PROGRAM_FILES%]\DragonNaturallySpeaking\Users\giuseppe\audioin.dat
[%PROGRAM_FILES%]\Mozilla Firefox\components\npclntax.xpt
[%PROGRAM_FILES%]\Mozilla Firefox\plugins\npclntax.dll
[%PROGRAM_FILES%]\ScanSoft\NaturallySpeaking\Users\dave\audioin.dat
[%PROGRAM_FILES%]\ScanSoft\NaturallySpeaking\Users\dave\backup2\audioin.dat
[%PROGRAM_FILES%]\SpamBlockerUtility\SBTV\sbtv_gdf.dat
[%PROGRAM_FILES%]\Zango\zango_gdf.dat
[%WINDOWS%]\downloaded program files\clientax.dll
[%WINDOWS%]\msbb.exe
[%WINDOWS%]\msbbhook.dll
[%COMMON_APPDATA%]\Nuance\NaturallySpeaking9\Users\devil\audioin.dat
[%COMMON_APPDATA%]\Nuance\NaturallySpeaking9\Users\Elizabeth\audioin.dat
[%PROFILE%]\TEMP\sdk\ObjectARX\samples\DblClick\cmd.api
[%PROGRAM_FILES%]\DragonNaturallySpeaking\Users\giuseppe\audioin.dat
[%PROGRAM_FILES%]\Mozilla Firefox\components\npclntax.xpt
[%PROGRAM_FILES%]\Mozilla Firefox\plugins\npclntax.dll
[%PROGRAM_FILES%]\ScanSoft\NaturallySpeaking\Users\dave\audioin.dat
[%PROGRAM_FILES%]\ScanSoft\NaturallySpeaking\Users\dave\backup2\audioin.dat
[%PROGRAM_FILES%]\SpamBlockerUtility\SBTV\sbtv_gdf.dat
[%PROGRAM_FILES%]\Zango\zango_gdf.dat
[%WINDOWS%]\downloaded program files\clientax.dll
[%WINDOWS%]\msbb.exe
[%WINDOWS%]\msbbhook.dll

How to detect Tiniloz:

Files: [%COMMON_APPDATA%]\Nuance\NaturallySpeaking9\Users\devil\audioin.dat [%COMMON_APPDATA%]\Nuance\NaturallySpeaking9\Users\Elizabeth\audioin.dat [%PROFILE%]\TEMP\sdk\ObjectARX\samples\DblClick\cmd.api [%PROGRAM_FILES%]\DragonNaturallySpeaking\Users\giuseppe\audioin.dat [%PROGRAM_FILES%]\Mozilla Firefox\components\npclntax.xpt [%PROGRAM_FILES%]\Mozilla Firefox\plugins\npclntax.dll [%PROGRAM_FILES%]\ScanSoft\NaturallySpeaking\Users\dave\audioin.dat [%PROGRAM_FILES%]\ScanSoft\NaturallySpeaking\Users\dave\backup2\audioin.dat [%PROGRAM_FILES%]\SpamBlockerUtility\SBTV\sbtv_gdf.dat [%PROGRAM_FILES%]\Zango\zango_gdf.dat [%WINDOWS%]\downloaded program files\clientax.dll [%WINDOWS%]\msbb.exe [%WINDOWS%]\msbbhook.dll [%COMMON_APPDATA%]\Nuance\NaturallySpeaking9\Users\devil\audioin.dat [%COMMON_APPDATA%]\Nuance\NaturallySpeaking9\Users\Elizabeth\audioin.dat [%PROFILE%]\TEMP\sdk\ObjectARX\samples\DblClick\cmd.api [%PROGRAM_FILES%]\DragonNaturallySpeaking\Users\giuseppe\audioin.dat [%PROGRAM_FILES%]\Mozilla Firefox\components\npclntax.xpt [%PROGRAM_FILES%]\Mozilla Firefox\plugins\npclntax.dll [%PROGRAM_FILES%]\ScanSoft\NaturallySpeaking\Users\dave\audioin.dat [%PROGRAM_FILES%]\ScanSoft\NaturallySpeaking\Users\dave\backup2\audioin.dat [%PROGRAM_FILES%]\SpamBlockerUtility\SBTV\sbtv_gdf.dat [%PROGRAM_FILES%]\Zango\zango_gdf.dat [%WINDOWS%]\downloaded program files\clientax.dll [%WINDOWS%]\msbb.exe [%WINDOWS%]\msbbhook.dll

Folders: [%PROGRAM_FILES%]\180searchassistant

Registry Keys: HKEY_CLASSES_ROOT\clientax.clientinstaller HKEY_CLASSES_ROOT\clientax.clientinstaller.1 HKEY_CLASSES_ROOT\clientax.requiredcomponent HKEY_CLASSES_ROOT\clientax.requiredcomponent.1 HKEY_CLASSES_ROOT\clsid\{0ac49246-419b-4ee0-8917-8818daad6a4e} HKEY_CLASSES_ROOT\clsid\{99410cde-6f16-42ce-9d49-3807f78f0287} HKEY_CLASSES_ROOT\clsid\{b10031b2-f184-4803-9a88-d239c0641d70} HKEY_CLASSES_ROOT\clsid\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6} HKEY_CLASSES_ROOT\interface\{2b0eceac-f597-4858-a542-d966b49055b9} HKEY_CLASSES_ROOT\interface\{6c092742-10fe-4db2-988d-fc71948de70c} HKEY_CLASSES_ROOT\interface\{7b178417-3cda-444f-94ff-312c0a3a78a8} HKEY_CLASSES_ROOT\interface\{7fa8976f-d00c-4e98-8729-a66569233fb5} HKEY_CLASSES_ROOT\interface\{a16650a9-b065-40ec-bbd1-f8d370d17fb1} HKEY_CLASSES_ROOT\interface\{a79f8202-e09d-4f0f-ad4d-dcae1dac5994} HKEY_CLASSES_ROOT\interface\{bdddf1a5-51a9-4f51-b38d-4cd0ad831b31} HKEY_CLASSES_ROOT\interface\{ddea2e1d-8555-45e5-af09-ec9aa4ea27ad} HKEY_CLASSES_ROOT\interface\{e43dfaa6-8c16-4519-b022-8792408505a4} HKEY_CLASSES_ROOT\interface\{f1f1e775-1b21-454d-8d38-7c16519969e5} HKEY_CLASSES_ROOT\lmgr180.wmdrmax HKEY_CLASSES_ROOT\lmgr180.wmdrmax.1 HKEY_CLASSES_ROOT\typelib\{5b6689b5-c2d4-4dc7-bfd1-24ac17e5fcda} HKEY_CLASSES_ROOT\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429} HKEY_CLASSES_ROOT\typelib\{8be3faba-7468-4851-b97c-0750af2b908e} HKEY_CLASSES_ROOT\typelib\{f2bf4713-e933-4b66-8694-22ed243709c7} HKEY_CURRENT_USER\software\180ax HKEY_CURRENT_USER\software\sau HKEY_LOCAL_MACHINE\software\180ax HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\180ax HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\sain HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\sau HKEY_LOCAL_MACHINE\software\sain HKEY_LOCAL_MACHINE\software\sau

Removing Tiniloz:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Blog Archive

About Me

Sunday, November 9, 2008

How to detect CWS.Ctfmon32:

Removing CWS.Ctfmon32:

How to detect InLook.Express:

Removing InLook.Express:

How to detect Satcah:

Removing Satcah:

How to detect Win32.Agent.dp:

Removing Win32.Agent.dp:

How to detect Netmail:

Removing Netmail:

How to detect SubSearch.v22:

Removing SubSearch.v22:

How to detect SoftEther:

Removing SoftEther:

How to detect Win32.Scapur:

Removing Win32.Scapur:

How to detect Marketscore:

Removing Marketscore:

How to detect Computer Key Logger:

Removing Computer Key Logger:

How to detect DeskAdTop:

Removing DeskAdTop:

How to detect Methodbod.B:

Removing Methodbod.B:

How to detect Free.Keylogger.Common.Components:

Removing Free.Keylogger.Common.Components:

How to detect Zlob.Fam.VidCodecs:

Removing Zlob.Fam.VidCodecs:

How to detect Cabronator:

Removing Cabronator:

How to detect Arsd:

Removing Arsd:

How to detect Hupigon:

Removing Hupigon:

How to detect CWS.conyc:

Removing CWS.conyc:

How to detect Superlogy.com:

Removing Superlogy.com:

How to detect FastWebFinder:

Removing FastWebFinder:

How to detect Zlob.Fam.Video AX Object:

Removing Zlob.Fam.Video AX Object:

How to detect AntispywareSuite:

Removing AntispywareSuite:

How to detect prosearching.com:

Removing prosearching.com:

How to detect Vundo.Variant:

Removing Vundo.Variant:

How to detect Vallenza:

Removing Vallenza:

How to detect Win32.Rbot.gen:

Removing Win32.Rbot.gen:

How to detect IKatzu.IE.App:

Removing IKatzu.IE.App:

How to detect DataSpy.Network:

Removing DataSpy.Network:

How to detect Akosch.Keylogger:

Removing Akosch.Keylogger:

How to detect Interfun:

Removing Interfun:

How to detect Ditul:

Removing Ditul:

How to detect Netscreen:

Removing Netscreen:

How to detect Sprincape:

Removing Sprincape:

How to detect Zlob.ad:

Removing Zlob.ad:

How to detect CyberJack:

Removing CyberJack:

How to detect Gambling Popups:

Removing Gambling Popups:

How to detect BraveSentry:

Removing BraveSentry:

How to detect UrlHen:

Removing UrlHen:

How to detect Iceland: