Monday, November 10, 2008

SearchWords Adware

Removing SearchWords
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\downloaded program files\swbar.dll
[%WINDOWS%]\downloaded program files\swbar.dll

How to detect SearchWords:

Files:
[%WINDOWS%]\downloaded program files\swbar.dll
[%WINDOWS%]\downloaded program files\swbar.dll

Folders:
[%PROGRAM_FILES%]\dynamic toolbar\swbar

Registry Keys:
HKEY_CLASSES_ROOT\clsid\swbar.swbar
HKEY_CURRENT_USER\visicom media\swbar

Registry Values:
HKEY_CURRENT_USER\microsoft\internet explorer\toolbar\webbrowser

Removing SearchWords:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

SiteHistory BHO

Removing SiteHistory
Categories: BHO,Hijacker
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\changeurl_30.dll
[%WINDOWS%]\system\changeurl_30.dll
[%SYSTEM%]\changeurl_30.dll
[%WINDOWS%]\system\changeurl_30.dll

How to detect SiteHistory:

Files:
[%SYSTEM%]\changeurl_30.dll
[%WINDOWS%]\system\changeurl_30.dll
[%SYSTEM%]\changeurl_30.dll
[%WINDOWS%]\system\changeurl_30.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{0345b059-8731-42bc-b7b7-5121014b02c6}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{0345b059-8731-42bc-b7b7-5121014b02c6}
HKEY_LOCAL_MACHINE\software\classes\clsid\{0345b059-8731-42bc-b7b7-5121014b02c6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0345b059-8731-42bc-b7b7-5121014b02c6}

Removing SiteHistory:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

BuddyLinks Adware

Removing BuddyLinks
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

BuddyLinks Also known as:

[Panda]Adware/PurityScan;
[Other]Adware.Buddylinks

How to detect BuddyLinks:

Folders:
[%PROGRAM_FILES%]\buddylinks.net
[%PROGRAM_FILES_COMMON%]\psd tools
[%PROGRAM_FILES%]\common files\psd tools

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing BuddyLinks:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

VB.Big Trojan

Removing VB.Big
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

How to detect VB.Big:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing VB.Big:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Netvq Trojan

Removing Netvq
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Netvq Also known as:

[Kaspersky]SpamTool.Win32.Agent.u,Trojan.Win32.Agent.afg;
[McAfee]PWS-LSP;
[Other]Win32/Netvq!generic,Troj/NetVQ-Gen,Win32/Netvq.A
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\damlwbrcx.dll
[%SYSTEM%]\j.dll
[%SYSTEM%]\ybrqgybdc.dll
[%SYSTEM%]\zqsnxozhgkc.dll
[%SYSTEM%]\damlwbrcx.dll
[%SYSTEM%]\j.dll
[%SYSTEM%]\ybrqgybdc.dll
[%SYSTEM%]\zqsnxozhgkc.dll

How to detect Netvq:

Files:
[%SYSTEM%]\damlwbrcx.dll
[%SYSTEM%]\j.dll
[%SYSTEM%]\ybrqgybdc.dll
[%SYSTEM%]\zqsnxozhgkc.dll
[%SYSTEM%]\damlwbrcx.dll
[%SYSTEM%]\j.dll
[%SYSTEM%]\ybrqgybdc.dll
[%SYSTEM%]\zqsnxozhgkc.dll

Removing Netvq:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

CWS.Svcinit Trojan

Removing CWS.Svcinit
Categories: Trojan,Backdoor,Hijacker
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.
CWS.Svcinit Also known as:

[Kaspersky]Backdoor.Sinit.c,Backdoor.Sinit.f;
[Eset]Win32/Fakesvc.C trojan,Win32/Sinit.A trojan;
[Panda]Bck/Initsvc.B,Bck/Initsvc.C,Bck/Initsvc.D,Bck/Initsvc.E;
[Computer Associates]Backdoor/Sinit,Backdoor/SVC.58880,Win32.Sinit.A,Win32.Sinit.B,Win32.Sinit.C,Win32.Sinit.E,Win32/FakeSvc.C!Trojan,Win32/Sinit.C!Trojan
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\mssys.exe
[%SYSTEM%]\svcinit.exe
[%SYSTEM%]\svcpack.exe
[%WINDOWS%]\system\svcinit.exe
[%WINDOWS%]\system\svcpack.exe
[%WINDOWS%]\mssys.exe
[%SYSTEM%]\svcinit.exe
[%SYSTEM%]\svcpack.exe
[%WINDOWS%]\system\svcinit.exe
[%WINDOWS%]\system\svcpack.exe

How to detect CWS.Svcinit:

Files:
[%WINDOWS%]\mssys.exe
[%SYSTEM%]\svcinit.exe
[%SYSTEM%]\svcpack.exe
[%WINDOWS%]\system\svcinit.exe
[%WINDOWS%]\system\svcpack.exe
[%WINDOWS%]\mssys.exe
[%SYSTEM%]\svcinit.exe
[%SYSTEM%]\svcpack.exe
[%WINDOWS%]\system\svcinit.exe
[%WINDOWS%]\system\svcpack.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing CWS.Svcinit:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Koko Trojan

Removing Koko
Categories: Trojan,Backdoor,RAT
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
Koko Also known as:

[Kaspersky]Backdoor.Kokodoor.20.b,Backdoor.Kokodoor.20.a,Backdoor.Kokodoor.10.b,TrojanDropper.Win32.Juntador.c;
[McAfee]MultiDropper-BN,SennaSpy2001;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/Kokodoor.20,Bck/Oko,Backdoor Program,Bck/MsnPassRipper,Trojan Horse;
[Computer Associates]Backdoor/Kokotero.2.0!Server,Win32.Koko.20.B,Backdoor/Kokodoor.2.0,Backdoor/KokoDoor.2_0,Win32.Koko.20.A,Backdoor/SennaSpy,Win32.Juntador,Win32/Juntador.C!Joiner
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\msn.exe
[%WINDOWS%]\msn.exe

How to detect Koko:

Files:
[%WINDOWS%]\msn.exe
[%WINDOWS%]\msn.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Koko:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

TrojanDropper.Win32.Delf.cy Trojan

Removing TrojanDropper.Win32.Delf.cy
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
TrojanDropper.Win32.Delf.cy Also known as:

[Panda]Trj/Delf.W
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\services\beda.exe
[%SYSTEM%]\services\beda.exe

How to detect TrojanDropper.Win32.Delf.cy:

Files:
[%SYSTEM%]\services\beda.exe
[%SYSTEM%]\services\beda.exe

Removing TrojanDropper.Win32.Delf.cy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Matite Downloader

Removing Matite
Categories: Downloader,Hacker Tool
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\portconfig.exe
[%WINDOWS%]\system\portconfig.exe

How to detect Matite:

Files:
[%WINDOWS%]\system\portconfig.exe
[%WINDOWS%]\system\portconfig.exe

Removing Matite:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

MSView Adware

Removing MSView
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\inf\msview.inf
[%WINDOWS%]\msvprep.exe
[%PROFILE_TEMP%]\msview.dll
[%WINDOWS%]\msview.dll
[%WINDOWS%]\inf\msview.inf
[%WINDOWS%]\msvprep.exe
[%PROFILE_TEMP%]\msview.dll
[%WINDOWS%]\msview.dll

How to detect MSView:

Files:
[%WINDOWS%]\inf\msview.inf
[%WINDOWS%]\msvprep.exe
[%PROFILE_TEMP%]\msview.dll
[%WINDOWS%]\msview.dll
[%WINDOWS%]\inf\msview.inf
[%WINDOWS%]\msvprep.exe
[%PROFILE_TEMP%]\msview.dll
[%WINDOWS%]\msview.dll

Registry Keys:
HKEY_CLASSES_ROOT\msview.msviewobj.1
HKEY_LOCAL_MACHINE\software\msview

Removing MSView:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Qoogler Hijacker

Removing Qoogler
Categories: Hijacker
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.

How to detect Qoogler:

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\qoogler.com\www

Removing Qoogler:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

AxNTService Hostile Code

Removing AxNTService
Categories: Hostile Code
Hostile code is any process running on a system that is
not authorized by the system administrator, such as Trojans, viruses, or spyware.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\ActiveXPersistent.tlb
[%SYSTEM%]\ActiveXPersistent.tlb

How to detect AxNTService:

Files:
[%SYSTEM%]\ActiveXPersistent.tlb
[%SYSTEM%]\ActiveXPersistent.tlb

Removing AxNTService:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Ljjw Trojan

Removing Ljjw
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\ljjw.exe
[%WINDOWS%]\ljjw.exe

How to detect Ljjw:

Files:
[%WINDOWS%]\ljjw.exe
[%WINDOWS%]\ljjw.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Ljjw:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Backdoor.Pigeon Trojan

Removing Backdoor.Pigeon
Categories: Trojan,Backdoor
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Backdoor.Pigeon Also known as:

[Kaspersky]Backdoor.GrayBird.g;
[Eset]Win32/GreyBird.G trojan;
[Computer Associates]Win32.Pigeon.2003.b2
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\windows update.exe
[%SYSTEM%]\cerver.exe
[%SYSTEM%]\windows update.exe
[%SYSTEM%]\cerver.exe

How to detect Backdoor.Pigeon:

Files:
[%SYSTEM%]\windows update.exe
[%SYSTEM%]\cerver.exe
[%SYSTEM%]\windows update.exe
[%SYSTEM%]\cerver.exe

Registry Keys:
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_graypigeonserver
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GrayPigeonServer
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\graypigeonserver
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\systemy
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\windows update

Removing Backdoor.Pigeon:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Msolob Ransomware

Removing Msolob
Categories: Ransomware
The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.
Msolob Also known as:

[Kaspersky]AdWare.Win32.BHO.ax

How to detect Msolob:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{e3db85b5-c559-4894-b474-42e89faa1efd}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{e3db85b5-c559-4894-b474-42e89faa1efd}

Removing Msolob:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

SA Adware

Removing SA
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

SA Also known as:

[Kaspersky]Trojan.Win32.Dialer.bi;
[McAfee]Dialer-RAS.de;
[Other]Spyware.BHO.sasetup
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\sasent.dll
[%WINDOWS%]\sasetup.dll
[%WINDOWS%]\sasent.dll
[%WINDOWS%]\sasetup.dll

How to detect SA:

Files:
[%WINDOWS%]\sasent.dll
[%WINDOWS%]\sasetup.dll
[%WINDOWS%]\sasent.dll
[%WINDOWS%]\sasetup.dll

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{38D4D5D0-423E-4220-B6F9-30918C2AE4A4}
HKEY_CLASSES_ROOT\CLSID\{7b55bb05-0b4d-44fd-81a6-b136188f5deb}
HKEY_CLASSES_ROOT\interface\{18e6c36a-c45f-4b60-a1a4-5c0bb16d4cc2}
HKEY_CLASSES_ROOT\interface\{8a94c367-815a-4d4f-a6b6-d4eb877a126c}
HKEY_CLASSES_ROOT\interface\{d6188a7d-376c-4970-91ad-675bfcf3762e}
HKEY_CLASSES_ROOT\typelib\{00a322e2-7d50-4dba-bea4-5c8078d47269}
HKEY_CLASSES_ROOT\typelib\{8ea362bd-39cb-40f5-9226-73cd40999095}
HKEY_CLASSES_ROOT\typelib\{ced445e2-8c78-4f40-87d7-f7fb6f1b6791}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b55bb05-0b4d-44fd-81a6-b136188f5deb}
HKEY_CLASSES_ROOT\classes\interface\{d6188a7d-376c-4970-91ad-675bfcf3762e}
HKEY_CLASSES_ROOT\clsid\{0191abf4-9421-435e-9ffd-cd827a2a82d8}
HKEY_CLASSES_ROOT\clsid\{38d4d5d0-423e-4220-b6f9-30918c2ae4a4}
HKEY_CLASSES_ROOT\clsid\{4bcf322b-9621-4e90-9678-f1424eb7584e}
HKEY_CLASSES_ROOT\clsid\{7b55bb05-0b4d-44fd-81a6-b136188f5deb}
HKEY_CLASSES_ROOT\clsid\{860ce847-8298-4114-b142-14043c2942b1}
HKEY_CLASSES_ROOT\interface\{3ca4f168-fdc3-425d-8812-bb1379581e85}
HKEY_CLASSES_ROOT\interface\{d47bd4de-b880-4610-8a8b-c173dec4272f}
HKEY_CLASSES_ROOT\sbitax7.sbitax7ctrl
HKEY_CLASSES_ROOT\sbitax7.sbitax7ctrl.1
HKEY_CLASSES_ROOT\typelib\{85a886b2-29bb-4189-8046-a66733b242e9}
HKEY_CLASSES_ROOT\typelib\{d6637f05-74ed-4ccf-80ab-20c8ec66877a}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4bcf322b-9621-4e90-9678-f1424eb7584e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7b55bb05-0b4d-44fd-81a6-b136188f5deb}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{860ce847-8298-4114-b142-14043c2942b1}

Registry Values:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler

Removing SA:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

NetAmine RAT

Removing NetAmine
Categories: RAT
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\sauvejpg.dll
[%WINDOWS%]\system\sauvejpg.dll

How to detect NetAmine:

Files:
[%WINDOWS%]\system\sauvejpg.dll
[%WINDOWS%]\system\sauvejpg.dll

Removing NetAmine:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Wazam Adware

Removing Wazam
Categories: Adware,Hijacker
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

How to detect Wazam:

Folders:
[%PROGRAM_FILES%]\cursorarts\iconforge\wazam.com toolbar

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{b5e60a66-0c51-4894-8df8-cbdf4e478d58}
HKEY_LOCAL_MACHINE\software\sbb

Removing Wazam:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

CPush Adware

Removing CPush
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

How to detect CPush:

Folders:
[%COMMON_PROGRAMS%]\CPUSH

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}
HKEY_CLASSES_ROOT\clsid\{34a12a06-48c0-420d-8f11-73552ee9631a}
HKEY_CLASSES_ROOT\clsid\{cde9eb54-a08e-4570-b748-13f5ddb5781c}
HKEY_CLASSES_ROOT\clsid\{11f09afd-75ad-4e51-ab43-e09e9351ce16}

Removing CPush:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

StartMake.com Toolbar

Removing StartMake.com
Categories: Toolbar
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\startmaketoolbar.ocx
[%WINDOWS%]\system\startmaketoolbar.ocx
[%SYSTEM%]\startmaketoolbar.ocx
[%WINDOWS%]\system\startmaketoolbar.ocx

How to detect StartMake.com:

Files:
[%SYSTEM%]\startmaketoolbar.ocx
[%WINDOWS%]\system\startmaketoolbar.ocx
[%SYSTEM%]\startmaketoolbar.ocx
[%WINDOWS%]\system\startmaketoolbar.ocx

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{79049bcb-7c3a-467b-bfa9-0b8c1cd44463}
HKEY_LOCAL_MACHINE\software\classes\clsid\{79049bcb-7c3a-467b-bfa9-0b8c1cd44463}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar

Removing StartMake.com:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

UpdateLoader Adware

Removing UpdateLoader
Categories: Adware,Downloader
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\downloaded program files\download_ul.dll
[%WINDOWS%]\system\randomiser.exe
[%WINDOWS%]\downloaded program files\download_ul.dll
[%WINDOWS%]\system\randomiser.exe

How to detect UpdateLoader:

Files:
[%WINDOWS%]\downloaded program files\download_ul.dll
[%WINDOWS%]\system\randomiser.exe
[%WINDOWS%]\downloaded program files\download_ul.dll
[%WINDOWS%]\system\randomiser.exe

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{f7adcfe3-aa28-f99e-e665-b13ac332d249}
HKEY_CLASSES_ROOT\download_ul.downloadul
HKEY_CLASSES_ROOT\download_ul.downloadul.1
HKEY_CLASSES_ROOT\interface\{0c1c2c3c-4c5c-6c7c-8c9c-ccbcccdcecfc}
HKEY_CLASSES_ROOT\typelib\{01b8453a-d3bc-479a-8c7a-0e86f3f4ff18}
HKEY_CLASSES_ROOT\typelib\{0b1b2b3b-4b5b-6b7b-8b9b-bbbbcbdbebfb}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{ae6cefa8-1223-4337-8d94-977268ff9aa0}
HKEY_LOCAL_MACHINE\software\microsoft\ms updates
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\download_ul.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ms updates

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls

Removing UpdateLoader:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Iggsey Toolbar

Removing Iggsey
Categories: Toolbar
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

How to detect Iggsey:

Folders:
[%PROGRAM_FILES%]\iggsey toolbar

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f}

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks

Removing Iggsey:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

INetSpeak.Iexplorr Adware

Removing INetSpeak.Iexplorr
Categories: Adware,BHO
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\iexplorr11.dll
[%SYSTEM%]\iexplorr22.dll
[%SYSTEM%]\iexplorr23.dll
[%SYSTEM%]\iexplorr24.dll
[%SYSTEM%]\iexplorr26.dll
[%SYSTEM%]\iexplorr27.dll
[%SYSTEM%]\iexplorr29.dll
[%WINDOWS%]\system\iexplorr11.dll
[%WINDOWS%]\system\iexplorr22.dll
[%WINDOWS%]\system\iexplorr23.dll
[%WINDOWS%]\system\iexplorr24.dll
[%WINDOWS%]\system\iexplorr26.dll
[%WINDOWS%]\system\iexplorr27.dll
[%WINDOWS%]\system\iexplorr29.dll
[%SYSTEM%]\iexplorr11.dll
[%SYSTEM%]\iexplorr22.dll
[%SYSTEM%]\iexplorr23.dll
[%SYSTEM%]\iexplorr24.dll
[%SYSTEM%]\iexplorr26.dll
[%SYSTEM%]\iexplorr27.dll
[%SYSTEM%]\iexplorr29.dll
[%WINDOWS%]\system\iexplorr11.dll
[%WINDOWS%]\system\iexplorr22.dll
[%WINDOWS%]\system\iexplorr23.dll
[%WINDOWS%]\system\iexplorr24.dll
[%WINDOWS%]\system\iexplorr26.dll
[%WINDOWS%]\system\iexplorr27.dll
[%WINDOWS%]\system\iexplorr29.dll

How to detect INetSpeak.Iexplorr:

Files:
[%SYSTEM%]\iexplorr11.dll
[%SYSTEM%]\iexplorr22.dll
[%SYSTEM%]\iexplorr23.dll
[%SYSTEM%]\iexplorr24.dll
[%SYSTEM%]\iexplorr26.dll
[%SYSTEM%]\iexplorr27.dll
[%SYSTEM%]\iexplorr29.dll
[%WINDOWS%]\system\iexplorr11.dll
[%WINDOWS%]\system\iexplorr22.dll
[%WINDOWS%]\system\iexplorr23.dll
[%WINDOWS%]\system\iexplorr24.dll
[%WINDOWS%]\system\iexplorr26.dll
[%WINDOWS%]\system\iexplorr27.dll
[%WINDOWS%]\system\iexplorr29.dll
[%SYSTEM%]\iexplorr11.dll
[%SYSTEM%]\iexplorr22.dll
[%SYSTEM%]\iexplorr23.dll
[%SYSTEM%]\iexplorr24.dll
[%SYSTEM%]\iexplorr26.dll
[%SYSTEM%]\iexplorr27.dll
[%SYSTEM%]\iexplorr29.dll
[%WINDOWS%]\system\iexplorr11.dll
[%WINDOWS%]\system\iexplorr22.dll
[%WINDOWS%]\system\iexplorr23.dll
[%WINDOWS%]\system\iexplorr24.dll
[%WINDOWS%]\system\iexplorr26.dll
[%WINDOWS%]\system\iexplorr27.dll
[%WINDOWS%]\system\iexplorr29.dll

Registry Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39AF31DD-EAFC-45EA-A56C-385B52E25CC0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BC0D2038-2DE5-4A6F-92BC-B18A3E0DE32A}
HKEY_CLASSES_ROOT\clsid\{388d7ebb-cbb9-4126-8db2-86dc6863a206}
HKEY_CLASSES_ROOT\clsid\{39af31dd-eafc-45ea-a56c-385b52e25cc0}
HKEY_CLASSES_ROOT\clsid\{4cebbc6b-5cee-4644-80cf-38980bae93f6}
HKEY_CLASSES_ROOT\clsid\{54ed9b49-81d1-4866-95a6-30f01de0047e}
HKEY_CLASSES_ROOT\clsid\{6b12dabb-0b7c-44fa-b0b3-4baff3790256}
HKEY_CLASSES_ROOT\clsid\{90e34f98-e3e6-4cd7-a592-e964fed8af78}
HKEY_CLASSES_ROOT\clsid\{94326e3f-f51f-4863-a832-4acd0d7d4bc3}
HKEY_CLASSES_ROOT\clsid\{a76066c9-941b-4209-9d96-0ac80501100d}
HKEY_CLASSES_ROOT\clsid\{bc0d2038-2de5-4a6f-92bc-b18a3e0de32a}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{388d7ebb-cbb9-4126-8db2-86dc6863a206}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{39af31dd-eafc-45ea-a56c-385b52e25cc0}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{4cebbc6b-5cee-4644-80cf-38980bae93f6}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{54ed9b49-81d1-4866-95a6-30f01de0047e}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{6b12dabb-0b7c-44fa-b0b3-4baff3790256}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{90e34f98-e3e6-4cd7-a592-e964fed8af78}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{94326e3f-f51f-4863-a832-4acd0d7d4bc3}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{a76066c9-941b-4209-9d96-0ac80501100d}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{bc0d2038-2de5-4a6f-92bc-b18a3e0de32a}
HKEY_LOCAL_MACHINE\software\classes\clsid\{388d7ebb-cbb9-4126-8db2-86dc6863a206}
HKEY_LOCAL_MACHINE\software\classes\clsid\{39af31dd-eafc-45ea-a56c-385b52e25cc0}
HKEY_LOCAL_MACHINE\software\classes\clsid\{4cebbc6b-5cee-4644-80cf-38980bae93f6}
HKEY_LOCAL_MACHINE\software\classes\clsid\{54ed9b49-81d1-4866-95a6-30f01de0047e}
HKEY_LOCAL_MACHINE\software\classes\clsid\{6b12dabb-0b7c-44fa-b0b3-4baff3790256}
HKEY_LOCAL_MACHINE\software\classes\clsid\{90e34f98-e3e6-4cd7-a592-e964fed8af78}
HKEY_LOCAL_MACHINE\software\classes\clsid\{94326e3f-f51f-4863-a832-4acd0d7d4bc3}
HKEY_LOCAL_MACHINE\software\classes\clsid\{a76066c9-941b-4209-9d96-0ac80501100d}
HKEY_LOCAL_MACHINE\software\classes\clsid\{bc0d2038-2de5-4a6f-92bc-b18a3e0de32a}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{388d7ebb-cbb9-4126-8db2-86dc6863a206}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{39af31dd-eafc-45ea-a56c-385b52e25cc0}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4cebbc6b-5cee-4644-80cf-38980bae93f6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{54ed9b49-81d1-4866-95a6-30f01de0047e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6b12dabb-0b7c-44fa-b0b3-4baff3790256}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{90e34f98-e3e6-4cd7-a592-e964fed8af78}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{94326e3f-f51f-4863-a832-4acd0d7d4bc3}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{a76066c9-941b-4209-9d96-0ac80501100d}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{bc0d2038-2de5-4a6f-92bc-b18a3e0de32a}

Removing INetSpeak.Iexplorr:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Chksyn Trojan

Removing Chksyn
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Chksyn Also known as:

[Kaspersky]Trojan-Notifier.Win32.Small.i;
[Other]Win32/Chksyn.A
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\ntsvc32.dll
[%SYSTEM%]\ntsvc32.dll

How to detect Chksyn:

Files:
[%SYSTEM%]\ntsvc32.dll
[%SYSTEM%]\ntsvc32.dll

Removing Chksyn:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Hacker.Wacker Spyware

Removing Hacker.Wacker
Categories: Spyware
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

How to detect Hacker.Wacker:

Folders:
[%DESKTOP%]\freewack
[%PROGRAMS%]\hackerwacker personal edition
[%PROGRAM_FILES%]\freewack
[%PROGRAM_FILES%]\hackerwacker personal edition
[%PROGRAM_FILES%]\hwpe

Registry Keys:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\hackerwacker personal edition
HKEY_LOCAL_MACHINE\software\hwfreewack
HKEY_LOCAL_MACHINE\software\hwpe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\freewack 3.0 build 8.14.0
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\hackerwacker personal edition 2.5.30.01
HKEY_LOCAL_MACHINE\software\streiff information services

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Hacker.Wacker:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Family.Cyber.Alert Spyware

Removing Family.Cyber.Alert
Categories: Spyware
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

How to detect Family.Cyber.Alert:

Folders:
[%SYSTEM%]\FCyberAlert

Registry Keys:
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmctrlkeys

Registry Values:
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmshutdownspyware
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\wizardsetting
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmoptions
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\frmshutdownspyware
HKEY_LOCAL_MACHINE\software\infoworks technology\family cyber alert\wizardsetting
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Family.Cyber.Alert:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

DLSearchBar Hijacker

Removing DLSearchBar
Categories: Hijacker
A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

How to detect DLSearchBar:

Registry Keys:
HKEY_CLASSES_ROOT\catalyst.httpclientctrl.1
HKEY_CLASSES_ROOT\clsid\{01fc5803-8644-45d7-877b-5a3924d8ecc4}
HKEY_CLASSES_ROOT\clsid\{aa8c93e1-7e5f-497e-b67c-cc8fe2a40d3b}
HKEY_CLASSES_ROOT\clsid\{edd6ba26-9ebb-11d2-b89c-00104b30757b}
HKEY_CLASSES_ROOT\clsid\{edd6ba27-9ebb-11d2-b89c-00104b30757b}
HKEY_CLASSES_ROOT\imgconv.clsimgconv
HKEY_CLASSES_ROOT\interface\{2ddd90d6-f153-4ea7-a324-4b2d83d1027e}
HKEY_CLASSES_ROOT\interface\{68831d00-169e-4feb-89b9-e099df439321}
HKEY_CLASSES_ROOT\interface\{9ce15eb5-6b39-4656-9e1f-2d219ee42e0e}
HKEY_CLASSES_ROOT\interface\{edd6ba24-9ebb-11d2-b89c-00104b30757b}
HKEY_CLASSES_ROOT\interface\{edd6ba25-9ebb-11d2-b89c-00104b30757b}
HKEY_CLASSES_ROOT\clsid\{0a8ce102-fa03-4612-9bee-7fe5452f4cb1}\inprocserver32
HKEY_CLASSES_ROOT\clsid\{0a8ce102-fa03-4612-9bee-7fe5452f4cb1}\inprocserver32 threadingmodel apartment
HKEY_CLASSES_ROOT\clsid\{0a8ce102-fa03-4612-9bee-7fe5452f4cb1}\inprocserver32 [%SYSTEM%]\srchbar.dll
HKEY_CLASSES_ROOT\clsid\{0a8ce102-fa03-4612-9bee-7fe5452f4cb1}\progid
HKEY_CLASSES_ROOT\clsid\{0a8ce102-fa03-4612-9bee-7fe5452f4cb1}\progid searchbartoolbar.searchbar
HKEY_CLASSES_ROOT\clsid\{0a8ce102-fa03-4612-9bee-7fe5452f4cb1}\typelib
HKEY_CLASSES_ROOT\clsid\{0a8ce102-fa03-4612-9bee-7fe5452f4cb1}\version
HKEY_CLASSES_ROOT\clsid\{0a8ce102-fa03-4612-9bee-7fe5452f4cb1}\version 2.0
HKEY_CLASSES_ROOT\searchbartoolbar.isubclass
HKEY_CLASSES_ROOT\searchbartoolbar.isubclass searchbartoolbar.isubclass
HKEY_CLASSES_ROOT\searchbartoolbar.searchbar
HKEY_CLASSES_ROOT\searchbartoolbar.searchbar search bar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\search bar displayname search bar

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls

Removing DLSearchBar:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

TheRat Trojan

Removing TheRat
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\32syslib.dll
[%SYSTEM%]\socketme.exe
[%SYSTEM%]\32syslib.dll
[%SYSTEM%]\socketme.exe

How to detect TheRat:

Files:
[%SYSTEM%]\32syslib.dll
[%SYSTEM%]\socketme.exe
[%SYSTEM%]\32syslib.dll
[%SYSTEM%]\socketme.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing TheRat:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

InstaFinder Hijacker

Removing InstaFinder
Categories: Hijacker
A Search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\temp.fr????
[%SYSTEM%]\HyperLinker1.exe
[%SYSTEM%]\lmf32v.dll
[%SYSTEM%]\preuninstall.exe
[%SYSTEM%]\uninst.exe
[%WINDOWS%]\HLInstaller1.exe
[%WINDOWS%]\temp\\adware\instafinderk_inst.exe
[%PROFILE_TEMP%]\temp.fr????
[%SYSTEM%]\HyperLinker1.exe
[%SYSTEM%]\lmf32v.dll
[%SYSTEM%]\preuninstall.exe
[%SYSTEM%]\uninst.exe
[%WINDOWS%]\HLInstaller1.exe
[%WINDOWS%]\temp\\adware\instafinderk_inst.exe

How to detect InstaFinder:

Files:
[%PROFILE_TEMP%]\temp.fr????
[%SYSTEM%]\HyperLinker1.exe
[%SYSTEM%]\lmf32v.dll
[%SYSTEM%]\preuninstall.exe
[%SYSTEM%]\uninst.exe
[%WINDOWS%]\HLInstaller1.exe
[%WINDOWS%]\temp\\adware\instafinderk_inst.exe
[%PROFILE_TEMP%]\temp.fr????
[%SYSTEM%]\HyperLinker1.exe
[%SYSTEM%]\lmf32v.dll
[%SYSTEM%]\preuninstall.exe
[%SYSTEM%]\uninst.exe
[%WINDOWS%]\HLInstaller1.exe
[%WINDOWS%]\temp\\adware\instafinderk_inst.exe

Folders:
[%PROGRAM_FILES%]\instafink

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-90F0-F66AB581A933}
HKEY_CLASSES_ROOT\instafink.instafink
HKEY_CLASSES_ROOT\typelib\{423550e9-2f83-4678-9929-c1774088b180}
HKEY_CURRENT_USER\software\instafin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-90F0-F66AB581A933}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\instafink
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-90f0-f66ab581a933}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4e7bd74f-2b8d-469e-90f0-f66ab581a933}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\instafin

Registry Values:
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink\reports
HKEY_CURRENT_USER\software\instafink\stat
HKEY_CURRENT_USER\software\instafink\stat
HKEY_CURRENT_USER\software\instafink\stat
HKEY_CURRENT_USER\software\instafink\stat
HKEY_CURRENT_USER\software\instafink\stat
HKEY_CURRENT_USER\software\instafink\stat
HKEY_CURRENT_USER\software\instafink\stat
HKEY_CURRENT_USER\software\instafink\stat
HKEY_CURRENT_USER\software\instafink\stat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink
HKEY_CURRENT_USER\software\instafink\reports
HKEY_CURRENT_USER\software\instafink\reports
HKEY_CURRENT_USER\software\instafink\stat
HKEY_CURRENT_USER\software\instafink\stat
HKEY_CURRENT_USER\software\instafink\stat
HKEY_CURRENT_USER\software\instafink\stat
HKEY_CURRENT_USER\software\instafink\stat
HKEY_CURRENT_USER\software\instafink\stat
HKEY_CURRENT_USER\software\instafink\stat
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing InstaFinder:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

TrojanClicker.Win32.VB.ac Trojan

Removing TrojanClicker.Win32.VB.ac
Categories: Trojan,Adware
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

TrojanClicker.Win32.VB.ac Also known as:

[Panda]Trj/VB.C
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\dhcpm.exe
[%SYSTEM%]\dhcpm.exe

How to detect TrojanClicker.Win32.VB.ac:

Files:
[%SYSTEM%]\dhcpm.exe
[%SYSTEM%]\dhcpm.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing TrojanClicker.Win32.VB.ac:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Agent.eo Trojan

Removing Agent.eo
Categories: Trojan,Downloader
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

How to detect Agent.eo:

Registry Keys:
HKEY_LOCAL_MACHINE\software\casiop

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Agent.eo:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

TwistedHumor Adware

Removing TwistedHumor
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:
[%DESKTOP%]\jack schitt cartoon.lnk
[%SYSTEM%]\cvryptdll.dll
[%DESKTOP%]\jack schitt cartoon.lnk
[%SYSTEM%]\cvryptdll.dll

How to detect TwistedHumor:

Files:
[%DESKTOP%]\jack schitt cartoon.lnk
[%SYSTEM%]\cvryptdll.dll
[%DESKTOP%]\jack schitt cartoon.lnk
[%SYSTEM%]\cvryptdll.dll

Folders:
[%PROGRAMS%]\twistedhumor
[%PROGRAM_FILES%]\twistedhumor

Removing TwistedHumor:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Boxed Trojan

Removing Boxed
Categories: Trojan,Backdoor,Downloader
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
Boxed Also known as:

[Kaspersky]Trojan-Downlaoder.Win32.Agent.ajd,Trojan-Proxy.Win32.Horst.av,Backdoor.Win32.Robobot.ay,Trojan-Proxy.Win32.Horst.dt,Trojan-Proxy.win32.Horst.cs,Trojan-Proxy.Win32.Horst.dw,Trojan-Proxy.Win32.Horst.ks,Trojan-Proxy.Win32.Horst.kq,Trojan-Proxy.Win32.Horst.kx,Trojan-Proxy.Win32.Horst.kn,Trojan-Proxy.Win32.Horst.kr,Trojan-Proxy.Win32.horst.kp,Trojan-Proxy.win32.Horst.kq,Trojan-Proxy.Win32.Horst.km,Backdoor.Win32.IRCBot.xq,Trojan-Proxy.Win32.Horst.ky,Trojan-Downloader.Win32.Small.ecs,Trojan-Proxy.Win32.Horst.te,TrojanDownloader.Agent.aii,Trojan-Proxy.Win32.Horst.pj,Trojan-Proxy.Win32.Horst.vw,Trojan-Downloader.Win32.Agent.aii,Trojan-Downloader.Win32.Horst.al,Trojan-Proxy.Win32.Horst.ww;
[McAfee]BackDoor-CMQ,DDoS-Boxed,Proxy-Horst.gen,BackDoor-CMQ.dldr,Spam-Loot,Proxy-Horst;
[F-Prot]W32/Methodbod.gen;
[Other]Win32/Boxed.CC,Trojan.Lootseek.AV,Win32.Boxed.CB,Win32/Boxed.CI,Trojan-Proxy.Win32.Horst.ds,Downloader,Win32/Boxed.CJ,Backdoor.Trojan,Win32/Boxed.BJ,Backdoor.Sdbot,Win32/Boxed.CL,Win32/Boxed.CK,Win32.Boxed.CY,Win32/Boxed.CF,Win32/Boxed.CH,Win32/Boxed.FP,Win32/Boxed.CX,Win32/Boxed.FL,Trojan.Webus,Win32.Boxed.GA,Win32.Boxed.GB,Win32.Boxed.FX,Win32/Boxed.CV,Win32/Boxed.EV,Trojan.Lookseek.AV,Win32/Boxed.FN,Win32/Boxed.FO,Win32.Boxed.EW,Win32.Boxed.FQ,Trojan.Lootseek.av,Win32.Boxed.FS,Win32.Boxed.FU,Win32.Boxed.FV,Win32.Boxed.FY,Win32.Boxed.FZ,Win32.Boxed.GD,Win32/Boxed.GE,W32/DLoader.BKQE,Win32/Boxed.IH,Win32/Boxed!generic,WIn32/Boxed!generic,Win32/Boxed.JV,TrojanProxy:Win32/Horst.gen,W32/Horst.gen27,BKDR_MEDBOT.CK,Troj/Horst-Gen
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\12exhdd.7.exe
[%PROFILE_TEMP%]\12exssd32.5.exe
[%PROFILE_TEMP%]\14exmodul32c.1.exe
[%PROFILE_TEMP%]\15exssd32.5.exe
[%PROFILE_TEMP%]\17exmodul32c.1.exe
[%PROFILE_TEMP%]\18exhdd.7.exe
[%PROFILE_TEMP%]\18exssd32.d.exe
[%PROFILE_TEMP%]\1exhdd.8.exe
[%PROFILE_TEMP%]\2.mhdd.exe
[%PROFILE_TEMP%]\21exhdd.8.exe
[%PROFILE_TEMP%]\27exmodul32c.1.exe
[%PROFILE_TEMP%]\2exmodul32c.1.exe
[%PROFILE_TEMP%]\31exhdd.8.exe
[%PROFILE_TEMP%]\33exssd32.5.exe
[%PROFILE_TEMP%]\33exssd32.d.exe
[%PROFILE_TEMP%]\35exinjs.8.exe
[%PROFILE_TEMP%]\36exinjs.8.exe
[%PROFILE_TEMP%]\39exhdd.8.exe
[%PROFILE_TEMP%]\39exinjs.f.exe
[%PROFILE_TEMP%]\40exhdd.8.exe
[%PROFILE_TEMP%]\42exmodul32c.1.exe
[%PROFILE_TEMP%]\44exssd32.5.exe
[%PROFILE_TEMP%]\46exmodul32c.1.exe
[%PROFILE_TEMP%]\49exmodul32c.1.exe
[%PROFILE_TEMP%]\4exinjs.3.exe
[%PROFILE_TEMP%]\4exssd32.5.exe
[%PROFILE_TEMP%]\50exinjs.8.exe
[%PROFILE_TEMP%]\51exmodul32c.1.exe
[%PROFILE_TEMP%]\53exhdd.8.exe
[%PROFILE_TEMP%]\56exhdd.8.exe
[%PROFILE_TEMP%]\56exhdd.f.exe
[%PROFILE_TEMP%]\56exinjs.8.exe
[%PROFILE_TEMP%]\57exmodul32c.1.exe
[%PROFILE_TEMP%]\57exssd32.5.exe
[%PROFILE_TEMP%]\60exinjs.8.exe
[%PROFILE_TEMP%]\61exhdd.7.exe
[%PROFILE_TEMP%]\62exinjs.8.exe
[%PROFILE_TEMP%]\63exmodul32c.1.exe
[%PROFILE_TEMP%]\64exmodul32c.1.exe
[%PROFILE_TEMP%]\67exhdd.8.exe
[%PROFILE_TEMP%]\68exinjs.8.exe
[%PROFILE_TEMP%]\68exmodul32c.1.exe
[%PROFILE_TEMP%]\6exssd32.5.exe
[%PROFILE_TEMP%]\72exinjs.8.exe
[%PROFILE_TEMP%]\72exmodul32c.1.exe
[%PROFILE_TEMP%]\73exhdd.7.exe
[%PROFILE_TEMP%]\75exssd32.8.exe
[%PROFILE_TEMP%]\76exhdd.8.exe
[%PROFILE_TEMP%]\82exhdd.7.exe
[%PROFILE_TEMP%]\90ex2.mhdd.exe
[%PROFILE_TEMP%]\90exmodul32c.1.exe
[%PROFILE_TEMP%]\93exssd32.5.exe
[%PROFILE_TEMP%]\94exhdd.7.exe
[%PROFILE_TEMP%]\95exhdd.7.exe
[%PROFILE_TEMP%]\95exhdd.8.exe
[%PROFILE_TEMP%]\96exmodul32c.1.exe
[%PROFILE_TEMP%]\97ex2.mhdd.exe
[%PROFILE_TEMP%]\97exinjs.8.exe
[%PROFILE_TEMP%]\98exmodul32c.1.exe
[%PROFILE_TEMP%]\hdd.7.exe
[%PROFILE_TEMP%]\hdd.8.exe
[%PROFILE_TEMP%]\injs5.exe
[%PROFILE_TEMP%]\modul32c.1.exe
[%PROFILE_TEMP%]\ssd32.5.exe
[%PROFILE_TEMP%]\ssd32.d.exe
[%PROFILE_TEMP%]\ssd32b.exe
[%PROFILE_TEMP%]\ssd32c.exe
[%PROFILE_TEMP%]\ssd32e.exe
[%SYSTEM%]\nvsvcd.exe
[%WINDOWS%]\system\smss.exe
[%PROFILE_TEMP%]\12exhdd.7.exe
[%PROFILE_TEMP%]\12exssd32.5.exe
[%PROFILE_TEMP%]\14exmodul32c.1.exe
[%PROFILE_TEMP%]\15exssd32.5.exe
[%PROFILE_TEMP%]\17exmodul32c.1.exe
[%PROFILE_TEMP%]\18exhdd.7.exe
[%PROFILE_TEMP%]\18exssd32.d.exe
[%PROFILE_TEMP%]\1exhdd.8.exe
[%PROFILE_TEMP%]\2.mhdd.exe
[%PROFILE_TEMP%]\21exhdd.8.exe
[%PROFILE_TEMP%]\27exmodul32c.1.exe
[%PROFILE_TEMP%]\2exmodul32c.1.exe
[%PROFILE_TEMP%]\31exhdd.8.exe
[%PROFILE_TEMP%]\33exssd32.5.exe
[%PROFILE_TEMP%]\33exssd32.d.exe
[%PROFILE_TEMP%]\35exinjs.8.exe
[%PROFILE_TEMP%]\36exinjs.8.exe
[%PROFILE_TEMP%]\39exhdd.8.exe
[%PROFILE_TEMP%]\39exinjs.f.exe
[%PROFILE_TEMP%]\40exhdd.8.exe
[%PROFILE_TEMP%]\42exmodul32c.1.exe
[%PROFILE_TEMP%]\44exssd32.5.exe
[%PROFILE_TEMP%]\46exmodul32c.1.exe
[%PROFILE_TEMP%]\49exmodul32c.1.exe
[%PROFILE_TEMP%]\4exinjs.3.exe
[%PROFILE_TEMP%]\4exssd32.5.exe
[%PROFILE_TEMP%]\50exinjs.8.exe
[%PROFILE_TEMP%]\51exmodul32c.1.exe
[%PROFILE_TEMP%]\53exhdd.8.exe
[%PROFILE_TEMP%]\56exhdd.8.exe
[%PROFILE_TEMP%]\56exhdd.f.exe
[%PROFILE_TEMP%]\56exinjs.8.exe
[%PROFILE_TEMP%]\57exmodul32c.1.exe
[%PROFILE_TEMP%]\57exssd32.5.exe
[%PROFILE_TEMP%]\60exinjs.8.exe
[%PROFILE_TEMP%]\61exhdd.7.exe
[%PROFILE_TEMP%]\62exinjs.8.exe
[%PROFILE_TEMP%]\63exmodul32c.1.exe
[%PROFILE_TEMP%]\64exmodul32c.1.exe
[%PROFILE_TEMP%]\67exhdd.8.exe
[%PROFILE_TEMP%]\68exinjs.8.exe
[%PROFILE_TEMP%]\68exmodul32c.1.exe
[%PROFILE_TEMP%]\6exssd32.5.exe
[%PROFILE_TEMP%]\72exinjs.8.exe
[%PROFILE_TEMP%]\72exmodul32c.1.exe
[%PROFILE_TEMP%]\73exhdd.7.exe
[%PROFILE_TEMP%]\75exssd32.8.exe
[%PROFILE_TEMP%]\76exhdd.8.exe
[%PROFILE_TEMP%]\82exhdd.7.exe
[%PROFILE_TEMP%]\90ex2.mhdd.exe
[%PROFILE_TEMP%]\90exmodul32c.1.exe
[%PROFILE_TEMP%]\93exssd32.5.exe
[%PROFILE_TEMP%]\94exhdd.7.exe
[%PROFILE_TEMP%]\95exhdd.7.exe
[%PROFILE_TEMP%]\95exhdd.8.exe
[%PROFILE_TEMP%]\96exmodul32c.1.exe
[%PROFILE_TEMP%]\97ex2.mhdd.exe
[%PROFILE_TEMP%]\97exinjs.8.exe
[%PROFILE_TEMP%]\98exmodul32c.1.exe
[%PROFILE_TEMP%]\hdd.7.exe
[%PROFILE_TEMP%]\hdd.8.exe
[%PROFILE_TEMP%]\injs5.exe
[%PROFILE_TEMP%]\modul32c.1.exe
[%PROFILE_TEMP%]\ssd32.5.exe
[%PROFILE_TEMP%]\ssd32.d.exe
[%PROFILE_TEMP%]\ssd32b.exe
[%PROFILE_TEMP%]\ssd32c.exe
[%PROFILE_TEMP%]\ssd32e.exe
[%SYSTEM%]\nvsvcd.exe
[%WINDOWS%]\system\smss.exe

How to detect Boxed:

Files:
[%PROFILE_TEMP%]\12exhdd.7.exe
[%PROFILE_TEMP%]\12exssd32.5.exe
[%PROFILE_TEMP%]\14exmodul32c.1.exe
[%PROFILE_TEMP%]\15exssd32.5.exe
[%PROFILE_TEMP%]\17exmodul32c.1.exe
[%PROFILE_TEMP%]\18exhdd.7.exe
[%PROFILE_TEMP%]\18exssd32.d.exe
[%PROFILE_TEMP%]\1exhdd.8.exe
[%PROFILE_TEMP%]\2.mhdd.exe
[%PROFILE_TEMP%]\21exhdd.8.exe
[%PROFILE_TEMP%]\27exmodul32c.1.exe
[%PROFILE_TEMP%]\2exmodul32c.1.exe
[%PROFILE_TEMP%]\31exhdd.8.exe
[%PROFILE_TEMP%]\33exssd32.5.exe
[%PROFILE_TEMP%]\33exssd32.d.exe
[%PROFILE_TEMP%]\35exinjs.8.exe
[%PROFILE_TEMP%]\36exinjs.8.exe
[%PROFILE_TEMP%]\39exhdd.8.exe
[%PROFILE_TEMP%]\39exinjs.f.exe
[%PROFILE_TEMP%]\40exhdd.8.exe
[%PROFILE_TEMP%]\42exmodul32c.1.exe
[%PROFILE_TEMP%]\44exssd32.5.exe
[%PROFILE_TEMP%]\46exmodul32c.1.exe
[%PROFILE_TEMP%]\49exmodul32c.1.exe
[%PROFILE_TEMP%]\4exinjs.3.exe
[%PROFILE_TEMP%]\4exssd32.5.exe
[%PROFILE_TEMP%]\50exinjs.8.exe
[%PROFILE_TEMP%]\51exmodul32c.1.exe
[%PROFILE_TEMP%]\53exhdd.8.exe
[%PROFILE_TEMP%]\56exhdd.8.exe
[%PROFILE_TEMP%]\56exhdd.f.exe
[%PROFILE_TEMP%]\56exinjs.8.exe
[%PROFILE_TEMP%]\57exmodul32c.1.exe
[%PROFILE_TEMP%]\57exssd32.5.exe
[%PROFILE_TEMP%]\60exinjs.8.exe
[%PROFILE_TEMP%]\61exhdd.7.exe
[%PROFILE_TEMP%]\62exinjs.8.exe
[%PROFILE_TEMP%]\63exmodul32c.1.exe
[%PROFILE_TEMP%]\64exmodul32c.1.exe
[%PROFILE_TEMP%]\67exhdd.8.exe
[%PROFILE_TEMP%]\68exinjs.8.exe
[%PROFILE_TEMP%]\68exmodul32c.1.exe
[%PROFILE_TEMP%]\6exssd32.5.exe
[%PROFILE_TEMP%]\72exinjs.8.exe
[%PROFILE_TEMP%]\72exmodul32c.1.exe
[%PROFILE_TEMP%]\73exhdd.7.exe
[%PROFILE_TEMP%]\75exssd32.8.exe
[%PROFILE_TEMP%]\76exhdd.8.exe
[%PROFILE_TEMP%]\82exhdd.7.exe
[%PROFILE_TEMP%]\90ex2.mhdd.exe
[%PROFILE_TEMP%]\90exmodul32c.1.exe
[%PROFILE_TEMP%]\93exssd32.5.exe
[%PROFILE_TEMP%]\94exhdd.7.exe
[%PROFILE_TEMP%]\95exhdd.7.exe
[%PROFILE_TEMP%]\95exhdd.8.exe
[%PROFILE_TEMP%]\96exmodul32c.1.exe
[%PROFILE_TEMP%]\97ex2.mhdd.exe
[%PROFILE_TEMP%]\97exinjs.8.exe
[%PROFILE_TEMP%]\98exmodul32c.1.exe
[%PROFILE_TEMP%]\hdd.7.exe
[%PROFILE_TEMP%]\hdd.8.exe
[%PROFILE_TEMP%]\injs5.exe
[%PROFILE_TEMP%]\modul32c.1.exe
[%PROFILE_TEMP%]\ssd32.5.exe
[%PROFILE_TEMP%]\ssd32.d.exe
[%PROFILE_TEMP%]\ssd32b.exe
[%PROFILE_TEMP%]\ssd32c.exe
[%PROFILE_TEMP%]\ssd32e.exe
[%SYSTEM%]\nvsvcd.exe
[%WINDOWS%]\system\smss.exe
[%PROFILE_TEMP%]\12exhdd.7.exe
[%PROFILE_TEMP%]\12exssd32.5.exe
[%PROFILE_TEMP%]\14exmodul32c.1.exe
[%PROFILE_TEMP%]\15exssd32.5.exe
[%PROFILE_TEMP%]\17exmodul32c.1.exe
[%PROFILE_TEMP%]\18exhdd.7.exe
[%PROFILE_TEMP%]\18exssd32.d.exe
[%PROFILE_TEMP%]\1exhdd.8.exe
[%PROFILE_TEMP%]\2.mhdd.exe
[%PROFILE_TEMP%]\21exhdd.8.exe
[%PROFILE_TEMP%]\27exmodul32c.1.exe
[%PROFILE_TEMP%]\2exmodul32c.1.exe
[%PROFILE_TEMP%]\31exhdd.8.exe
[%PROFILE_TEMP%]\33exssd32.5.exe
[%PROFILE_TEMP%]\33exssd32.d.exe
[%PROFILE_TEMP%]\35exinjs.8.exe
[%PROFILE_TEMP%]\36exinjs.8.exe
[%PROFILE_TEMP%]\39exhdd.8.exe
[%PROFILE_TEMP%]\39exinjs.f.exe
[%PROFILE_TEMP%]\40exhdd.8.exe
[%PROFILE_TEMP%]\42exmodul32c.1.exe
[%PROFILE_TEMP%]\44exssd32.5.exe
[%PROFILE_TEMP%]\46exmodul32c.1.exe
[%PROFILE_TEMP%]\49exmodul32c.1.exe
[%PROFILE_TEMP%]\4exinjs.3.exe
[%PROFILE_TEMP%]\4exssd32.5.exe
[%PROFILE_TEMP%]\50exinjs.8.exe
[%PROFILE_TEMP%]\51exmodul32c.1.exe
[%PROFILE_TEMP%]\53exhdd.8.exe
[%PROFILE_TEMP%]\56exhdd.8.exe
[%PROFILE_TEMP%]\56exhdd.f.exe
[%PROFILE_TEMP%]\56exinjs.8.exe
[%PROFILE_TEMP%]\57exmodul32c.1.exe
[%PROFILE_TEMP%]\57exssd32.5.exe
[%PROFILE_TEMP%]\60exinjs.8.exe
[%PROFILE_TEMP%]\61exhdd.7.exe
[%PROFILE_TEMP%]\62exinjs.8.exe
[%PROFILE_TEMP%]\63exmodul32c.1.exe
[%PROFILE_TEMP%]\64exmodul32c.1.exe
[%PROFILE_TEMP%]\67exhdd.8.exe
[%PROFILE_TEMP%]\68exinjs.8.exe
[%PROFILE_TEMP%]\68exmodul32c.1.exe
[%PROFILE_TEMP%]\6exssd32.5.exe
[%PROFILE_TEMP%]\72exinjs.8.exe
[%PROFILE_TEMP%]\72exmodul32c.1.exe
[%PROFILE_TEMP%]\73exhdd.7.exe
[%PROFILE_TEMP%]\75exssd32.8.exe
[%PROFILE_TEMP%]\76exhdd.8.exe
[%PROFILE_TEMP%]\82exhdd.7.exe
[%PROFILE_TEMP%]\90ex2.mhdd.exe
[%PROFILE_TEMP%]\90exmodul32c.1.exe
[%PROFILE_TEMP%]\93exssd32.5.exe
[%PROFILE_TEMP%]\94exhdd.7.exe
[%PROFILE_TEMP%]\95exhdd.7.exe
[%PROFILE_TEMP%]\95exhdd.8.exe
[%PROFILE_TEMP%]\96exmodul32c.1.exe
[%PROFILE_TEMP%]\97ex2.mhdd.exe
[%PROFILE_TEMP%]\97exinjs.8.exe
[%PROFILE_TEMP%]\98exmodul32c.1.exe
[%PROFILE_TEMP%]\hdd.7.exe
[%PROFILE_TEMP%]\hdd.8.exe
[%PROFILE_TEMP%]\injs5.exe
[%PROFILE_TEMP%]\modul32c.1.exe
[%PROFILE_TEMP%]\ssd32.5.exe
[%PROFILE_TEMP%]\ssd32.d.exe
[%PROFILE_TEMP%]\ssd32b.exe
[%PROFILE_TEMP%]\ssd32c.exe
[%PROFILE_TEMP%]\ssd32e.exe
[%SYSTEM%]\nvsvcd.exe
[%WINDOWS%]\system\smss.exe

Folders:
[%PROFILE_TEMP%]\edonkey

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\windows log

Removing Boxed:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

gomyron.com Hijacker

Removing gomyron.com
Categories: Hijacker,Popups
When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.
The pop-ups generally will not be stopped by pop-up stoppers, and often are
not dependent on your having Internet Explorer open.

How to detect gomyron.com:

Registry Values:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

Removing gomyron.com:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Banker.CLI Trojan

Removing Banker.CLI
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Visible Symptoms:
Files in system folders:
[%PROFILE%]\LOCAL.EXE
[%WINDOWS%]\Prefetch\LIVEUPDATE.EXE-18784E3B.pf
[%WINDOWS%]\Prefetch\LIVEUPDATE.EXE-2446A57B.pf
[%WINDOWS%]\Prefetch\LIVEUPDATE.EXE-25E02562.pf
[%WINDOWS%]\Prefetch\LIVEUPDATE.EXE-2C660302.pf
[%WINDOWS%]\Prefetch\LIVEUPDATE.EXE-36641ECB.pf
[%WINDOWS%]\system\svchost.exe
[%PROFILE%]\LOCAL.EXE
[%WINDOWS%]\Prefetch\LIVEUPDATE.EXE-18784E3B.pf
[%WINDOWS%]\Prefetch\LIVEUPDATE.EXE-2446A57B.pf
[%WINDOWS%]\Prefetch\LIVEUPDATE.EXE-25E02562.pf
[%WINDOWS%]\Prefetch\LIVEUPDATE.EXE-2C660302.pf
[%WINDOWS%]\Prefetch\LIVEUPDATE.EXE-36641ECB.pf
[%WINDOWS%]\system\svchost.exe

How to detect Banker.CLI:

Files:
[%PROFILE%]\LOCAL.EXE
[%WINDOWS%]\Prefetch\LIVEUPDATE.EXE-18784E3B.pf
[%WINDOWS%]\Prefetch\LIVEUPDATE.EXE-2446A57B.pf
[%WINDOWS%]\Prefetch\LIVEUPDATE.EXE-25E02562.pf
[%WINDOWS%]\Prefetch\LIVEUPDATE.EXE-2C660302.pf
[%WINDOWS%]\Prefetch\LIVEUPDATE.EXE-36641ECB.pf
[%WINDOWS%]\system\svchost.exe
[%PROFILE%]\LOCAL.EXE
[%WINDOWS%]\Prefetch\LIVEUPDATE.EXE-18784E3B.pf
[%WINDOWS%]\Prefetch\LIVEUPDATE.EXE-2446A57B.pf
[%WINDOWS%]\Prefetch\LIVEUPDATE.EXE-25E02562.pf
[%WINDOWS%]\Prefetch\LIVEUPDATE.EXE-2C660302.pf
[%WINDOWS%]\Prefetch\LIVEUPDATE.EXE-36641ECB.pf
[%WINDOWS%]\system\svchost.exe

Removing Banker.CLI:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

SpyAxe Trojan

Removing SpyAxe
Categories: Trojan,Ransomware
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\SALanguage.ini
[%SYSTEM%]\gtpbx.dll
[%SYSTEM%]\gwquvw.dll
[%SYSTEM%]\1024\ld4BC3.tmp.{693c6e81-eef2-4844-a8d3-08bad6f7ae0c}.QQQ
[%SYSTEM%]\1024\{ALL_FILES}}
[%SYSTEM%]\admparsek.dll
[%SYSTEM%]\appmagr.dll
[%SYSTEM%]\dxmpp.dll
[%SYSTEM%]\hvnwm.dll
[%SYSTEM%]\urroxtl.dll
[%SYSTEM%]\viruxz.dll
[%SYSTEM%]\xyxuic.dll
[%SYSTEM%]\ycfchhu.dll
[%SYSTEM%]\yephk.dll
[%WINDOWS%]\admparsek.dll
[%WINDOWS%]\g588100109.dll
[%WINDOWS%]\Prefetch\SPYAXE.EXE-1E39CDF6.pf
[%DESKTOP%]\spyaxe.lnk
[%DESKTOP%]\SpywareAxe.lnk
[%PROFILE%]\start menu\spyaxe 3.0.lnk
[%STARTMENU%]\SpyAxe 3.0.lnk
[%STARTMENU%]\SpywareAxe 3.0.lnk
[%SYSTEM%]\XENADOT.DLL
[%PROFILE_TEMP%]\SALanguage.ini
[%SYSTEM%]\gtpbx.dll
[%SYSTEM%]\gwquvw.dll
[%SYSTEM%]\1024\ld4BC3.tmp.{693c6e81-eef2-4844-a8d3-08bad6f7ae0c}.QQQ
[%SYSTEM%]\1024\{ALL_FILES}}
[%SYSTEM%]\admparsek.dll
[%SYSTEM%]\appmagr.dll
[%SYSTEM%]\dxmpp.dll
[%SYSTEM%]\hvnwm.dll
[%SYSTEM%]\urroxtl.dll
[%SYSTEM%]\viruxz.dll
[%SYSTEM%]\xyxuic.dll
[%SYSTEM%]\ycfchhu.dll
[%SYSTEM%]\yephk.dll
[%WINDOWS%]\admparsek.dll
[%WINDOWS%]\g588100109.dll
[%WINDOWS%]\Prefetch\SPYAXE.EXE-1E39CDF6.pf
[%DESKTOP%]\spyaxe.lnk
[%DESKTOP%]\SpywareAxe.lnk
[%PROFILE%]\start menu\spyaxe 3.0.lnk
[%STARTMENU%]\SpyAxe 3.0.lnk
[%STARTMENU%]\SpywareAxe 3.0.lnk
[%SYSTEM%]\XENADOT.DLL

How to detect SpyAxe:

Files:
[%PROFILE_TEMP%]\SALanguage.ini
[%SYSTEM%]\gtpbx.dll
[%SYSTEM%]\gwquvw.dll
[%SYSTEM%]\1024\ld4BC3.tmp.{693c6e81-eef2-4844-a8d3-08bad6f7ae0c}.QQQ
[%SYSTEM%]\1024\{ALL_FILES}}
[%SYSTEM%]\admparsek.dll
[%SYSTEM%]\appmagr.dll
[%SYSTEM%]\dxmpp.dll
[%SYSTEM%]\hvnwm.dll
[%SYSTEM%]\urroxtl.dll
[%SYSTEM%]\viruxz.dll
[%SYSTEM%]\xyxuic.dll
[%SYSTEM%]\ycfchhu.dll
[%SYSTEM%]\yephk.dll
[%WINDOWS%]\admparsek.dll
[%WINDOWS%]\g588100109.dll
[%WINDOWS%]\Prefetch\SPYAXE.EXE-1E39CDF6.pf
[%DESKTOP%]\spyaxe.lnk
[%DESKTOP%]\SpywareAxe.lnk
[%PROFILE%]\start menu\spyaxe 3.0.lnk
[%STARTMENU%]\SpyAxe 3.0.lnk
[%STARTMENU%]\SpywareAxe 3.0.lnk
[%SYSTEM%]\XENADOT.DLL
[%PROFILE_TEMP%]\SALanguage.ini
[%SYSTEM%]\gtpbx.dll
[%SYSTEM%]\gwquvw.dll
[%SYSTEM%]\1024\ld4BC3.tmp.{693c6e81-eef2-4844-a8d3-08bad6f7ae0c}.QQQ
[%SYSTEM%]\1024\{ALL_FILES}}
[%SYSTEM%]\admparsek.dll
[%SYSTEM%]\appmagr.dll
[%SYSTEM%]\dxmpp.dll
[%SYSTEM%]\hvnwm.dll
[%SYSTEM%]\urroxtl.dll
[%SYSTEM%]\viruxz.dll
[%SYSTEM%]\xyxuic.dll
[%SYSTEM%]\ycfchhu.dll
[%SYSTEM%]\yephk.dll
[%WINDOWS%]\admparsek.dll
[%WINDOWS%]\g588100109.dll
[%WINDOWS%]\Prefetch\SPYAXE.EXE-1E39CDF6.pf
[%DESKTOP%]\spyaxe.lnk
[%DESKTOP%]\SpywareAxe.lnk
[%PROFILE%]\start menu\spyaxe 3.0.lnk
[%STARTMENU%]\SpyAxe 3.0.lnk
[%STARTMENU%]\SpywareAxe 3.0.lnk
[%SYSTEM%]\XENADOT.DLL

Folders:
[%PROGRAM_FILES%]\SpyAxe
[%SYSTEM%]\1024
[%PROGRAMS%]\spyaxe
[%PROGRAMS%]\SpywareAxe
[%PROGRAM_FILES%]\spyaxe
[%PROGRAM_FILES%]\SpywareAxe

Registry Keys:
HKEY_CLASSES_ROOT\AppID\SpyAxe.EXE
HKEY_CLASSES_ROOT\CLSID\{957bab51-81ff-8195-f273-d7e286ea702f}
HKEY_CLASSES_ROOT\Engine.IgnoreList
HKEY_CLASSES_ROOT\Engine.IgnoreList.1
HKEY_CLASSES_ROOT\Engine.Threat
HKEY_CLASSES_ROOT\Engine.Threat.1
HKEY_CLASSES_ROOT\interface\{0f68a8aa-a9a8-4711-be36-ae363efa6443}
HKEY_CLASSES_ROOT\interface\{28420952-c82b-47d9-a042-fa2217d8a082}
HKEY_CLASSES_ROOT\interface\{3c099c83-8587-4b35-8af0-fc3a169ce14f}
HKEY_CLASSES_ROOT\interface\{3fe13f31-e890-4c37-8213-4b5f9a511c26}
HKEY_CLASSES_ROOT\interface\{4cad27dc-1b60-42f4-820e-316fe0a13512}
HKEY_CLASSES_ROOT\interface\{54874d12-c0c6-44cc-83fb-2c35202f881b}
HKEY_CLASSES_ROOT\interface\{54a3200b-d76e-48d1-b35c-d87eaf6d90bd}
HKEY_CLASSES_ROOT\interface\{663dfe59-032c-46fb-a09a-ffc2dc074f54}
HKEY_CLASSES_ROOT\interface\{69ce4fbc-4861-4206-8211-dd5a9ee79ad3}
HKEY_CLASSES_ROOT\interface\{afa9056f-aa11-4771-ae01-04ecfde18206}
HKEY_CLASSES_ROOT\interface\{b8f2487f-aa6a-4914-9a3f-db84e6868d66}
HKEY_CLASSES_ROOT\interface\{e4645720-e02f-4bb2-8e6d-be7653dd1bf2}
HKEY_CLASSES_ROOT\interface\{fa46b160-c9dd-4040-b9d9-ccf5d3db5438}
HKEY_CLASSES_ROOT\interface\{fc1f0c2c-8117-427d-816c-215b68524f74}
HKEY_CLASSES_ROOT\interface\{fd1eee96-8dc7-478d-be3b-7d06ac67fb66}
HKEY_CLASSES_ROOT\interface\{fd8e5ed7-0091-416f-a55b-1d072d58a24f}
HKEY_CLASSES_ROOT\TypeLib\{2BB3BCBF-411A-4C67-8E69-F4BB301DC333}
HKEY_CURRENT_USER\software\classes\clsid\{cd5e2ac9-25ce-a1c5-d1e2-dc6b28a6ed5a}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\spyaxe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\spyaxe.exe
HKEY_CLASSES_ROOT\AppID\{70F17C8C-1744-41B6-9D07-575DB448DCC5}
HKEY_CLASSES_ROOT\CLSID\{03413bf7-e34c-445b-bfc0-a2b127255871}
HKEY_CLASSES_ROOT\CLSID\{05a91164-3c96-47d6-aa74-2c855791b2d0}
HKEY_CLASSES_ROOT\CLSID\{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}
HKEY_CLASSES_ROOT\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}
HKEY_CLASSES_ROOT\CLSID\{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}
HKEY_CLASSES_ROOT\CLSID\{210b4043-35ca-4aa0-8796-191f9663dfb3}
HKEY_CLASSES_ROOT\CLSID\{24E27EA9-FCF3-444F-BD80-20543BA5D946}
HKEY_CLASSES_ROOT\CLSID\{259BA022-2005-45E9-A965-10EDB9C00618}
HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2236}
HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2238}
HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB8C34}
HKEY_CLASSES_ROOT\CLSID\{35a88e51-b53d-43e9-b8a7-75d4c31b4676}
HKEY_CLASSES_ROOT\CLSID\{55059d4f-a1ac-4837-ae07-4859101f598d}
HKEY_CLASSES_ROOT\CLSID\{553858A7-4922-4e7e-B1C1-97140C1C16EF}
HKEY_CLASSES_ROOT\CLSID\{5839511e-ec1b-4f91-ace3-fb88e52f5239}
HKEY_CLASSES_ROOT\CLSID\{5aaf6542-f4ba-4df4-873d-4902ecbe794c}
HKEY_CLASSES_ROOT\CLSID\{5bc82bdb-bc03-4671-9a78-3ef2b68449de}
HKEY_CLASSES_ROOT\CLSID\{62eb0924-19d2-4226-b4b9-8ad1f70904c1}
HKEY_CLASSES_ROOT\CLSID\{64ba30a2-811a-4597-b0af-d551128be340}
HKEY_CLASSES_ROOT\CLSID\{6AC3806F-8B39-4746-9C38-6B01CB7331FF}
HKEY_CLASSES_ROOT\CLSID\{6af69c4d-420a-4c95-b34f-e4635f84f53b}
HKEY_CLASSES_ROOT\CLSID\{7b1eeccd-0a6d-4ad5-8ac1-4af5722b3885}
HKEY_CLASSES_ROOT\CLSID\{874443fe-aa33-4ebf-a6ac-73208787e62d}
HKEY_CLASSES_ROOT\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}
HKEY_CLASSES_ROOT\CLSID\{89e4aaba-3b21-49b3-b922-8ca35193c68e}
HKEY_CLASSES_ROOT\CLSID\{8dc1f789-e073-4363-b40d-07376bc5ecc5}
HKEY_CLASSES_ROOT\CLSID\{93ac7c30-3878-4eaa-9420-7977285df5b1}
HKEY_CLASSES_ROOT\CLSID\{A1D9D3F0-8C2A-9A1D-A376-2CACFB10AB72}
HKEY_CLASSES_ROOT\CLSID\{A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F}
HKEY_CLASSES_ROOT\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00322}
HKEY_CLASSES_ROOT\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}
HKEY_CLASSES_ROOT\CLSID\{aea3d2df-2b2c-4d7b-81a0-d975c6dc088e}
HKEY_CLASSES_ROOT\CLSID\{af3fd9a8-1287-4159-9212-9a5b4494af70}
HKEY_CLASSES_ROOT\CLSID\{C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D}
HKEY_CLASSES_ROOT\CLSID\{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}
HKEY_CLASSES_ROOT\CLSID\{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}
HKEY_CLASSES_ROOT\CLSID\{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}
HKEY_CLASSES_ROOT\CLSID\{CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A}
HKEY_CLASSES_ROOT\CLSID\{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}
HKEY_CLASSES_ROOT\CLSID\{D81E2FC4-B0A2-11D3-21AC-07C04C21A18A}
HKEY_CLASSES_ROOT\CLSID\{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}
HKEY_CLASSES_ROOT\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}
HKEY_CLASSES_ROOT\CLSID\{e944d14a-03aa-43e3-9d0e-4f50c4d1b005}
HKEY_CLASSES_ROOT\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}
HKEY_CLASSES_ROOT\CLSID\{ee2975b6-e8d5-405e-8448-8fe9590f6cfb}
HKEY_CLASSES_ROOT\CLSID\{f85e05f5-667e-41b0-ab8a-147337a99e65}
HKEY_CLASSES_ROOT\CLSID\{f8d02387-789a-4c0f-a1d8-8a93f33ee4df}
HKEY_CLASSES_ROOT\CLSID\{FB153DCE-822E-47ec-8D00-2706E7864B37}
HKEY_CLASSES_ROOT\CLSID\{}
HKEY_CLASSES_ROOT\appid\spyaxe.exe
HKEY_CLASSES_ROOT\clsid\{06506b3a-857d-431f-be0b-038b1ec386b3}
HKEY_CLASSES_ROOT\clsid\{0bff94f7-9748-43d1-bac4-d963351b63e7}
HKEY_CLASSES_ROOT\clsid\{0c580891-ca9d-4619-bdc9-85378eb65931}
HKEY_CLASSES_ROOT\clsid\{53525a6c-3774-4b47-b317-bc7dfe4fc7ed}
HKEY_CLASSES_ROOT\clsid\{5deb9a24-19e0-49e6-a6b2-110bc3e1062a}
HKEY_CLASSES_ROOT\clsid\{5e1ace2a-8638-4775-8aa9-5c187ad40a82}
HKEY_CLASSES_ROOT\clsid\{629c4fe9-b627-4905-af5b-ad652bb1b5c5}
HKEY_CLASSES_ROOT\clsid\{659f78ea-6ff2-40f8-8ea3-06f7418a209e}
HKEY_CLASSES_ROOT\clsid\{7616a7f7-df99-432f-870d-4afea0d079f4}
HKEY_CLASSES_ROOT\clsid\{7eb22f36-2ccd-4003-89ee-6cf40ebc4282}
HKEY_CLASSES_ROOT\clsid\{957bab51-81ff-8195-f273-d7e286ea702f}
HKEY_CLASSES_ROOT\clsid\{a0d06aa3-499b-4156-9ffd-0be236f0d4e5}
HKEY_CLASSES_ROOT\clsid\{b6610f1d-da77-42c4-8300-721d9da9d70b}
HKEY_CLASSES_ROOT\engine.ignorelist
HKEY_CLASSES_ROOT\engine.ignorelist.1
HKEY_CLASSES_ROOT\engine.threat
HKEY_CLASSES_ROOT\engine.threat.1
HKEY_CLASSES_ROOT\interface\{20fb94dc-67d8-4811-b090-7137d0dd8b9c}
HKEY_CLASSES_ROOT\interface\{250cb705-b9f5-4c77-a8c0-8d9d436fcff4}
HKEY_CLASSES_ROOT\interface\{3bb3ddaf-7867-44b1-90fc-ac425344724d}
HKEY_CLASSES_ROOT\interface\{44b2f61f-7081-4b93-ae50-cd568548e4a7}
HKEY_CLASSES_ROOT\interface\{47fbd835-e417-48f6-a04d-7b702c5052c5}
HKEY_CLASSES_ROOT\interface\{627aeb80-5854-4436-bb57-79e51c7491c1}
HKEY_CLASSES_ROOT\interface\{707b19e6-4207-4d3f-b0a8-319dba2e6b93}
HKEY_CLASSES_ROOT\interface\{78ab494d-026f-43a5-8071-e4411fd7859b}
HKEY_CLASSES_ROOT\interface\{7c987433-cab4-499a-a0ce-a518f3c54e96}
HKEY_CLASSES_ROOT\interface\{9ad637ef-97f0-4f13-aa24-e84aa5c0e1ce}
HKEY_CLASSES_ROOT\interface\{b7f4f12c-aa9d-421a-a9a6-cc5ff952a4a4}
HKEY_CLASSES_ROOT\interface\{bcfd6185-8c88-45db-9a5f-3659b05e8bd5}
HKEY_CLASSES_ROOT\interface\{c74d1fc2-a047-44fd-b1d1-2e7f193f1762}
HKEY_CLASSES_ROOT\interface\{da8da181-7b27-475c-b872-1a77751cc10a}
HKEY_CLASSES_ROOT\interface\{dea859d7-abb8-4239-b454-6731f4891560}
HKEY_CLASSES_ROOT\interface\{fcf0a3dd-9231-4625-84c6-4810bbe5f54b}
HKEY_CLASSES_ROOT\spyaxe.backup
HKEY_CLASSES_ROOT\spyaxe.backup.1
HKEY_CLASSES_ROOT\spyaxe.enginelistener
HKEY_CLASSES_ROOT\spyaxe.enginelistener.1
HKEY_CLASSES_ROOT\spyaxe.log
HKEY_CLASSES_ROOT\spyaxe.log.1
HKEY_CLASSES_ROOT\spyaxe.logrecord
HKEY_CLASSES_ROOT\spyaxe.logrecord.1
HKEY_CLASSES_ROOT\spyaxe.paths
HKEY_CLASSES_ROOT\spyaxe.paths.1
HKEY_CLASSES_ROOT\spyaxe.quarantine
HKEY_CLASSES_ROOT\spyaxe.quarantine.1
HKEY_CLASSES_ROOT\spyaxe.runas
HKEY_CLASSES_ROOT\spyaxe.runas.1
HKEY_CLASSES_ROOT\spyaxe.scanner
HKEY_CLASSES_ROOT\spyaxe.scanner.1
HKEY_CLASSES_ROOT\spyaxe.searchitem
HKEY_CLASSES_ROOT\spyaxe.searchitem.1
HKEY_CLASSES_ROOT\spyaxe.threatcollection
HKEY_CLASSES_ROOT\spyaxe.threatcollection.1
HKEY_CLASSES_ROOT\typelib\{2bb3bcbf-411a-4c67-8e69-f4bb301dc333}
HKEY_CLASSES_ROOT\typelib\{6d42e870-6d15-4c82-8c78-ecd53ff5b6f0}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\spyaxe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\spywareaxe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spyaxe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spywareaxe
HKEY_LOCAL_MACHINE\software\spyaxe
HKEY_LOCAL_MACHINE\software\spywareaxe

Registry Values:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing SpyAxe:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:
Subscribe to: Posts (Atom)