Wednesday, November 12, 2008

Win32.Lioten Trojan

Removing Win32.Lioten
Categories: Trojan,Worm,Backdoor,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Worms can be classified according to the propagation method they use,
i.e. how they deliver copies of themselves to new victim machines.
Worms can also be classified by installation method, launch method and finally according
to characteristics standard to all malware: polymorphism, stealth etc.

Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.
The methods are listed separately below.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

DoS trojans conduct attacks from a single computer with the consent of the user.
Win32.Lioten Also known as:

[Kaspersky]Backdoor.Win32.SdBot.gen,Backdoor.SdBot.jt,Backdoor.IRCBot.gen;
[Eset]IRC/SdBot.IE trojan,Win32/SdBot.ER worm,IRC/SdBot.LD trojan,IRC/SdBot.KV trojan,IRC/SdBot.FA trojan,Win32/IRCBot.B trojan,Win32/SpyBot.MF worm,Win32/SdBot.EI worm,IRC/SdBot.FB trojan,Win32/IRCBot.A trojan,Win32/IRCBot.D trojan,Win32/Lolol.I worm,IRC/SdBot.BLI trojan,Win32/SdBot.FJ worm,IRC/SdBot.LF trojan;
[Panda]W32/Gaobot.NR.worm;
[Computer Associates]Win32.Lioten.AB,Win32.Lioten.AO,Win32.Lioten.CD,Win32.Lioten.BV,Win32.Lioten.AA,Win32.Lioten.BH,Win32.Lioten.V,Win32.Slinbot.FK,Win32.Lioten.AK,Win32.Lioten.X,Win32.Lioten.R,Win32.Lioten.AC,Win32.Sdbot.26144,Win32.Lioten.CH,Win32.Lioten.AR,Win32.Lioten.CF
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\musirc4.72.exe
[%SYSTEM%]\musirc4.72.exe

How to detect Win32.Lioten:

Files:
[%SYSTEM%]\musirc4.72.exe
[%SYSTEM%]\musirc4.72.exe

Removing Win32.Lioten:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

LittleHelper Adware

Removing LittleHelper
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Visible Symptoms:
Files in system folders:
[%STARTUP%]\little_helper2.lnk
[%STARTUP%]\little_helper2.lnk

How to detect LittleHelper:

Files:
[%STARTUP%]\little_helper2.lnk
[%STARTUP%]\little_helper2.lnk

Folders:
[%PROGRAM_FILES%]\little_helper2

Registry Keys:
HKEY_CURRENT_USER\software\local appwizard-generated applications\easytool
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\little_helper2_is1

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\main

Removing LittleHelper:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Sojfuse Trojan

Removing Sojfuse
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\d2mf.exe
[%PROFILE_TEMP%]\d2mf.exe

How to detect Sojfuse:

Files:
[%PROFILE_TEMP%]\d2mf.exe
[%PROFILE_TEMP%]\d2mf.exe

Removing Sojfuse:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Get.Admin Trojan

Removing Get.Admin
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\PROGRAMS\25,000+ Ebooks\MORE_REPORTS\FORBIDDENKNOWLEDGE\FILES\010.TXT
[%DESKTOP%]\PROGRAMS\25,000+ Ebooks\MORE_REPORTS\FORBIDDENKNOWLEDGE\FILES\010.TXT

How to detect Get.Admin:

Files:
[%DESKTOP%]\PROGRAMS\25,000+ Ebooks\MORE_REPORTS\FORBIDDENKNOWLEDGE\FILES\010.TXT
[%DESKTOP%]\PROGRAMS\25,000+ Ebooks\MORE_REPORTS\FORBIDDENKNOWLEDGE\FILES\010.TXT

Removing Get.Admin:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Magania Trojan

Removing Magania
Categories: Trojan,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.
Magania Also known as:

[Kaspersky]Trojan.Win32.Pakes;
[Other]Win32/Magania.B!Trojan,Win32/NSAnti,Trojan Horse

How to detect Magania:

Registry Keys:
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_aa1king

Removing Magania:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

ProSiteFinder Adware

Removing ProSiteFinder
Categories: Adware,BHO
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.

How to detect ProSiteFinder:

Folders:
[%PROFILE_TEMP%]\prositefinder
[%PROGRAM_FILES%]\prositefinder

Registry Keys:
HKEY_LOCAL_MACHINE\software\prositefinder
HKEY_CLASSES_ROOT\clsid\{00000000-0000-4dd9-aefe-46afa2dd76d1}
HKEY_CLASSES_ROOT\clsid\{00000000-0000-4f17-9f37-3829d6a8b1c9}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0000-4dd9-aefe-46afa2dd76d1}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0000-4f17-9f37-3829d6a8b1c9}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\prositefinder-uninstall.exe
HKEY_LOCAL_MACHINE\software\prositefinder1

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing ProSiteFinder:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

MasterBar BHO

Removing MasterBar
Categories: BHO,Hijacker
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.

How to detect MasterBar:

Registry Keys:
HKEY_CLASSES_ROOT\typelib\{6c0c5390-a963-4d98-94ad-a78f8236841e}
HKEY_CURRENT_USER\software\masterbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\masterbarhallmedia.net

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser

Removing MasterBar:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Beenut Trojan

Removing Beenut
Categories: Trojan,Downloader
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
Beenut Also known as:

[Kaspersky]Trojan-Downloader.Win32.Obfuscated.n,Trojan-Downlaoder.Win32.Obfuscated.n;
[Other]Win32/Beenut.AD,Trojan.Zlob,Win32/Beenut.U,Win32.Beenut.V,Win32.Beenut.X,Win32/Beenut!generic
Visible Symptoms:
Files in system folders:
[%PROFILE%]\loaded.exe
[%PROFILE_TEMP%]\h91746.exe
[%LOCAL_APPDATA%]\613d6c0a.exe
[%LOCAL_APPDATA%]\f40dadcb.exe
[%SYSTEM%]\613d6c0a.exe
[%SYSTEM%]\f40dadcb.exe
[%PROFILE%]\loaded.exe
[%PROFILE_TEMP%]\h91746.exe
[%LOCAL_APPDATA%]\613d6c0a.exe
[%LOCAL_APPDATA%]\f40dadcb.exe
[%SYSTEM%]\613d6c0a.exe
[%SYSTEM%]\f40dadcb.exe

How to detect Beenut:

Files:
[%PROFILE%]\loaded.exe
[%PROFILE_TEMP%]\h91746.exe
[%LOCAL_APPDATA%]\613d6c0a.exe
[%LOCAL_APPDATA%]\f40dadcb.exe
[%SYSTEM%]\613d6c0a.exe
[%SYSTEM%]\f40dadcb.exe
[%PROFILE%]\loaded.exe
[%PROFILE_TEMP%]\h91746.exe
[%LOCAL_APPDATA%]\613d6c0a.exe
[%LOCAL_APPDATA%]\f40dadcb.exe
[%SYSTEM%]\613d6c0a.exe
[%SYSTEM%]\f40dadcb.exe

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Beenut:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Windows.NT.2K.Privilege.Breaker Trojan

Removing Windows.NT.2K.Privilege.Breaker
Categories: Trojan,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.
Windows.NT.2K.Privilege.Breaker Also known as:

[Kaspersky]Exploit.WinNT.GetAdmin,Exploit.WinNT.GetAdmin.a;
[McAfee]Exploit-GetAdmin;
[F-Prot]security risk or a "backdoor" program;
[Panda]Trojan Horse

How to detect Windows.NT.2K.Privilege.Breaker:

Folders:
[%PROGRAM_FILES%]\nav\logon

Removing Windows.NT.2K.Privilege.Breaker:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

ZCom Downloader

Removing ZCom
Categories: Downloader
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

How to detect ZCom:

Registry Values:
HKEY_CURRENT_USER\software\zcomclient\zcomclient\options
HKEY_CURRENT_USER\software\zcom\zcom
HKEY_CURRENT_USER\software\zcom\zcom
HKEY_CURRENT_USER\software\zcom\zcom
HKEY_CURRENT_USER\software\zcom\zcom
HKEY_CURRENT_USER\software\zcom\zcom
HKEY_CURRENT_USER\software\zcom\zcom
HKEY_CURRENT_USER\software\zcom\zcom\user
HKEY_CURRENT_USER\software\zcom\zcom\user\44520787

Removing ZCom:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Search.Explorer Adware

Removing Search.Explorer
Categories: Adware,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.
Search.Explorer Also known as:

[Other]chExplorerBar

How to detect Search.Explorer:

Registry Keys:
HKEY_CLASSES_ROOT\interface\{1c5c8d85-5cdf-4908-9631-b32aa4724044}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\search-explorerietoolbar

Removing Search.Explorer:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Bancos Trojan

Removing Bancos
Categories: Trojan,Spyware,Downloader,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.
Bancos Also known as:

[Kaspersky]Trojan-Spy.Win32.Banker.axc,Trojan-Spy.Win32.Bancos.to,Trojan-Spy.Win32.Banker.anv,Trojan-Spy.Win32.Banker.bdn,Trojan-Spy.Win32.Banker.yy,Trojan-spy.Win32.Banker.bfb,Trojan-Spy.Win32.Bancos.ha,Trojan-Spy.win32.Bancos.ha,Trojan-Spy.Win32.Banker.aww,Trojan-Spy.Win32.Banker.bfv,Trojan-Spy.Win32.Banker.bnz,Trojan-Spy.Win32.Banker.bot,Trojan-Clicker.Win32.Agent.gg,Trojan.Win32.Bancos.ab,Backdoor.Win32.VB.awd,Trojan-Spy.Win32.Banbra.hn,Trojan-Downloader.Win32.Banload.ayg,Trojan-Spy.Win32.Bancos.ro,Trojan-Spy.Win32.Banker.alv,Trojan-spy.Win32.Bancos.yt,Trojan-Spy.Win32.Banker.buc,Trojan-Spy.Win32.Bancos.mi,Trojan-Spy.Win32.Bancos.rx,Trojan-Spy.Win32.Bancos.yz,Trojan-Spy.Win32.Banbra.bq,Trojan-Spy.Win32.Bancos.n,Trojan.Win32.Bancos.c,Trojan-Spy.Win32.Bancos.u,Trojan-Spy.Win32.Banbra.dq,Trojan-Spy.Win32.Bancos.cr,Trojan-Spy.Win32.Delf.cp,Trojan-Spy.Win32.Banker.dv,Trojan-Downloader.Win32.Banload.bqz,Trojan-Spy.Win32.Banker.bkl,Trojan-Spy.Win32.KeyLogger.lj,AdWare.Win32.Beginto.f,Trojan-Spy.Win32.Banker.qu,Trojan-Spy.Win32.Banker.ark,Trojan-Spy.Win32.Banker.ciy;
[McAfee]PWS-Banker.gen.b,PWS-Banker.gen.i,PWS-Banker.gen.aa,PWS-Baker.gen.i,Generic AdClicker.d,PWS-Banker.gen.bc,PWS-Banker.gen.t,PWS-Banker.gen.ac,PWS-Banker.gen.bb,PWS-Banker.gen.j,PWS-Bancker.gen.i,PWS-Banker.gen.I;
[F-Prot]W32/Banker.XF,W32/Bancos.JYT;
[Panda]Trojan Horse;
[Computer Associates]Win32/Bancos!PWS!Trojan,Win32/Bancos.2027520!PWS!Trojan,Win32.PSW.Bancos.K;
[Other]Win32/Bancos.EUF,Win32/Bancos.ETC,Infostealer.Bancos!gen,Win32/Bancos.EPL,Win32/Bancos.EWV,Infostealer.Banpaes,Win32/Bancos.EWW,Win32/Bancos.EWX,Infostealer.Bancos,Win32/Bancos.EWU,Win32/Bancos.EXV,Win32/.EOV,Win32/Bancos.EOW,Win32/Bancos.EOZ,Win32.Bancos.EOP,Trojan-Spy.Win32.Banker.bpf,Win32/Bancos.EPF,Win32/Bancos.EPG,Win32/Bancos.EPA,Win32/Bancos.EPC,Downloader.Bancos,Win32/Bancos.ENZ,Win32/Bancos.EON,Downloader.Bancos!gen,Win32/Bancos.EOS,Win32/Bancos.EOT,Win32/Bancos.EOL,Win32/Bancos.FRL,Win32/Bancos.FRM,Win32/PSW.Bancos.FTT,Win32/PSW.Bancos.V,Infostealer.Bancos.gen,Win32/Bancos.FYD,Win32/Bancos.IC,Win32/Bancos.PG,Win32/Bancos.CD,Troj/Baoncos-N,Win32/Bancos.AQ,Win32/Bancos.PH,Win32/Bancos.RD,Win32/Bancos.TL,Win32/Bancos.W,Troj/Bancos-BY,Win32/Bancos.GKE,Win32/Bancos.RW,W32/Bancos.KM,Troj/Bancos-BQ,Win32/Bancos.MQ,Trojan Horse,Bancos.AON,Win32/Bancos.FD,Win32/Bancos.TP,Win32/Bancos.UP,Win32/Bancos.AW,Win32/Bancos.BE,WIn32/Bancos.OT
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\ins4.exe
[%PROFILE_TEMP%]\ins7.exe
[%PROFILE_TEMP%]\insE2.exe
[%STARTUP%]\Reboot.exe
[%SYSTEM%]\imgrt.txt
[%SYSTEM%]\network.exe
[%SYSTEM%]\system32.exe
[%SYSTEM%]\vhosts2
[%SYSTEM%]\wab.exe
[%WINDOWS%]\4-efb7bab6499fc415ee93f4097033deae.exe
[%WINDOWS%]\foxdll.vxd
[%WINDOWS%]\lsass.exe
[%WINDOWS%]\msnmsgr.exe
[%WINDOWS%]\svhs.ocx
[%WINDOWS%]\system\taskmgr.exe
[%WINDOWS%]\winhlp13.dat
[%WINDOWS%]\winhlp32.dat
[%WINDOWS%]\wink1r.dat
[%DESKTOP%]\aindateamo.exe
[%DESKTOP%]\cartao.exe
[%DESKTOP%]\cartaozinho.exe
[%DESKTOP%]\Mensagem__Amor.exe
[%DESKTOP%]\photo.exe
[%DESKTOP%]\portal.exe
[%DESKTOP%]\Software\aindateamo.udd
[%SYSTEM%]\Central de Segurança\csrss.exe
[%SYSTEM%]\clds.scr
[%SYSTEM%]\crss1.ocx
[%SYSTEM%]\csrs.scr
[%SYSTEM%]\csvclhosts.exe
[%SYSTEM%]\drivers\System.exe
[%SYSTEM%]\first.dll
[%SYSTEM%]\HDLL.DLL
[%SYSTEM%]\iexplore.scr
[%SYSTEM%]\imgrt.scr
[%SYSTEM%]\intertrat.exe
[%SYSTEM%]\Isass.scr
[%SYSTEM%]\ItaKbaço
[%SYSTEM%]\kerlupa.exe
[%SYSTEM%]\lsass32.exe
[%SYSTEM%]\n0tepad.exe
[%SYSTEM%]\netburn.scr
[%SYSTEM%]\NETNV66.EXE
[%SYSTEM%]\nsnmsgr.exe
[%SYSTEM%]\nspackk.exe
[%SYSTEM%]\NTX5BMWEXALL.EXE
[%SYSTEM%]\orisys.inf
[%SYSTEM%]\rededint.exe
[%SYSTEM%]\sms32.exe
[%SYSTEM%]\sms32.ini
[%SYSTEM%]\systens32.exe
[%SYSTEM%]\task.scr
[%SYSTEM%]\tasklist32.exe
[%SYSTEM%]\taskmgr.scr
[%SYSTEM%]\tonto.exe
[%SYSTEM%]\WINCTRG.SYS
[%WINDOWS%]\help\unicox.exe
[%WINDOWS%]\ieupdate.dat
[%WINDOWS%]\imgrt.scr
[%WINDOWS%]\jdbgmgrnt.exe
[%WINDOWS%]\kernels32.exe
[%WINDOWS%]\mnsys.exe
[%WINDOWS%]\n0tepad.exe
[%WINDOWS%]\NETVID.EXE
[%WINDOWS%]\regcleaner.exe
[%WINDOWS%]\reterx.exe
[%WINDOWS%]\runlog.dat
[%WINDOWS%]\sampaerio.exe
[%WINDOWS%]\setdebugnt.exe
[%WINDOWS%]\softdwind.exe
[%WINDOWS%]\system\cartao.htm
[%WINDOWS%]\system\lsass.html
[%WINDOWS%]\system\n0tepad.exe
[%WINDOWS%]\system\smsc.exe
[%WINDOWS%]\system\windll.dll
[%WINDOWS%]\windows.exe
[%WINDOWS%]\winx.log
[%PROFILE_TEMP%]\ins4.exe
[%PROFILE_TEMP%]\ins7.exe
[%PROFILE_TEMP%]\insE2.exe
[%STARTUP%]\Reboot.exe
[%SYSTEM%]\imgrt.txt
[%SYSTEM%]\network.exe
[%SYSTEM%]\system32.exe
[%SYSTEM%]\vhosts2
[%SYSTEM%]\wab.exe
[%WINDOWS%]\4-efb7bab6499fc415ee93f4097033deae.exe
[%WINDOWS%]\foxdll.vxd
[%WINDOWS%]\lsass.exe
[%WINDOWS%]\msnmsgr.exe
[%WINDOWS%]\svhs.ocx
[%WINDOWS%]\system\taskmgr.exe
[%WINDOWS%]\winhlp13.dat
[%WINDOWS%]\winhlp32.dat
[%WINDOWS%]\wink1r.dat
[%DESKTOP%]\aindateamo.exe
[%DESKTOP%]\cartao.exe
[%DESKTOP%]\cartaozinho.exe
[%DESKTOP%]\Mensagem__Amor.exe
[%DESKTOP%]\photo.exe
[%DESKTOP%]\portal.exe
[%DESKTOP%]\Software\aindateamo.udd
[%SYSTEM%]\Central de Segurança\csrss.exe
[%SYSTEM%]\clds.scr
[%SYSTEM%]\crss1.ocx
[%SYSTEM%]\csrs.scr
[%SYSTEM%]\csvclhosts.exe
[%SYSTEM%]\drivers\System.exe
[%SYSTEM%]\first.dll
[%SYSTEM%]\HDLL.DLL
[%SYSTEM%]\iexplore.scr
[%SYSTEM%]\imgrt.scr
[%SYSTEM%]\intertrat.exe
[%SYSTEM%]\Isass.scr
[%SYSTEM%]\ItaKbaço
[%SYSTEM%]\kerlupa.exe
[%SYSTEM%]\lsass32.exe
[%SYSTEM%]\n0tepad.exe
[%SYSTEM%]\netburn.scr
[%SYSTEM%]\NETNV66.EXE
[%SYSTEM%]\nsnmsgr.exe
[%SYSTEM%]\nspackk.exe
[%SYSTEM%]\NTX5BMWEXALL.EXE
[%SYSTEM%]\orisys.inf
[%SYSTEM%]\rededint.exe
[%SYSTEM%]\sms32.exe
[%SYSTEM%]\sms32.ini
[%SYSTEM%]\systens32.exe
[%SYSTEM%]\task.scr
[%SYSTEM%]\tasklist32.exe
[%SYSTEM%]\taskmgr.scr
[%SYSTEM%]\tonto.exe
[%SYSTEM%]\WINCTRG.SYS
[%WINDOWS%]\help\unicox.exe
[%WINDOWS%]\ieupdate.dat
[%WINDOWS%]\imgrt.scr
[%WINDOWS%]\jdbgmgrnt.exe
[%WINDOWS%]\kernels32.exe
[%WINDOWS%]\mnsys.exe
[%WINDOWS%]\n0tepad.exe
[%WINDOWS%]\NETVID.EXE
[%WINDOWS%]\regcleaner.exe
[%WINDOWS%]\reterx.exe
[%WINDOWS%]\runlog.dat
[%WINDOWS%]\sampaerio.exe
[%WINDOWS%]\setdebugnt.exe
[%WINDOWS%]\softdwind.exe
[%WINDOWS%]\system\cartao.htm
[%WINDOWS%]\system\lsass.html
[%WINDOWS%]\system\n0tepad.exe
[%WINDOWS%]\system\smsc.exe
[%WINDOWS%]\system\windll.dll
[%WINDOWS%]\windows.exe
[%WINDOWS%]\winx.log

How to detect Bancos:

Files:
[%PROFILE_TEMP%]\ins4.exe
[%PROFILE_TEMP%]\ins7.exe
[%PROFILE_TEMP%]\insE2.exe
[%STARTUP%]\Reboot.exe
[%SYSTEM%]\imgrt.txt
[%SYSTEM%]\network.exe
[%SYSTEM%]\system32.exe
[%SYSTEM%]\vhosts2
[%SYSTEM%]\wab.exe
[%WINDOWS%]\4-efb7bab6499fc415ee93f4097033deae.exe
[%WINDOWS%]\foxdll.vxd
[%WINDOWS%]\lsass.exe
[%WINDOWS%]\msnmsgr.exe
[%WINDOWS%]\svhs.ocx
[%WINDOWS%]\system\taskmgr.exe
[%WINDOWS%]\winhlp13.dat
[%WINDOWS%]\winhlp32.dat
[%WINDOWS%]\wink1r.dat
[%DESKTOP%]\aindateamo.exe
[%DESKTOP%]\cartao.exe
[%DESKTOP%]\cartaozinho.exe
[%DESKTOP%]\Mensagem__Amor.exe
[%DESKTOP%]\photo.exe
[%DESKTOP%]\portal.exe
[%DESKTOP%]\Software\aindateamo.udd
[%SYSTEM%]\Central de Segurança\csrss.exe
[%SYSTEM%]\clds.scr
[%SYSTEM%]\crss1.ocx
[%SYSTEM%]\csrs.scr
[%SYSTEM%]\csvclhosts.exe
[%SYSTEM%]\drivers\System.exe
[%SYSTEM%]\first.dll
[%SYSTEM%]\HDLL.DLL
[%SYSTEM%]\iexplore.scr
[%SYSTEM%]\imgrt.scr
[%SYSTEM%]\intertrat.exe
[%SYSTEM%]\Isass.scr
[%SYSTEM%]\ItaKbaço
[%SYSTEM%]\kerlupa.exe
[%SYSTEM%]\lsass32.exe
[%SYSTEM%]\n0tepad.exe
[%SYSTEM%]\netburn.scr
[%SYSTEM%]\NETNV66.EXE
[%SYSTEM%]\nsnmsgr.exe
[%SYSTEM%]\nspackk.exe
[%SYSTEM%]\NTX5BMWEXALL.EXE
[%SYSTEM%]\orisys.inf
[%SYSTEM%]\rededint.exe
[%SYSTEM%]\sms32.exe
[%SYSTEM%]\sms32.ini
[%SYSTEM%]\systens32.exe
[%SYSTEM%]\task.scr
[%SYSTEM%]\tasklist32.exe
[%SYSTEM%]\taskmgr.scr
[%SYSTEM%]\tonto.exe
[%SYSTEM%]\WINCTRG.SYS
[%WINDOWS%]\help\unicox.exe
[%WINDOWS%]\ieupdate.dat
[%WINDOWS%]\imgrt.scr
[%WINDOWS%]\jdbgmgrnt.exe
[%WINDOWS%]\kernels32.exe
[%WINDOWS%]\mnsys.exe
[%WINDOWS%]\n0tepad.exe
[%WINDOWS%]\NETVID.EXE
[%WINDOWS%]\regcleaner.exe
[%WINDOWS%]\reterx.exe
[%WINDOWS%]\runlog.dat
[%WINDOWS%]\sampaerio.exe
[%WINDOWS%]\setdebugnt.exe
[%WINDOWS%]\softdwind.exe
[%WINDOWS%]\system\cartao.htm
[%WINDOWS%]\system\lsass.html
[%WINDOWS%]\system\n0tepad.exe
[%WINDOWS%]\system\smsc.exe
[%WINDOWS%]\system\windll.dll
[%WINDOWS%]\windows.exe
[%WINDOWS%]\winx.log
[%PROFILE_TEMP%]\ins4.exe
[%PROFILE_TEMP%]\ins7.exe
[%PROFILE_TEMP%]\insE2.exe
[%STARTUP%]\Reboot.exe
[%SYSTEM%]\imgrt.txt
[%SYSTEM%]\network.exe
[%SYSTEM%]\system32.exe
[%SYSTEM%]\vhosts2
[%SYSTEM%]\wab.exe
[%WINDOWS%]\4-efb7bab6499fc415ee93f4097033deae.exe
[%WINDOWS%]\foxdll.vxd
[%WINDOWS%]\lsass.exe
[%WINDOWS%]\msnmsgr.exe
[%WINDOWS%]\svhs.ocx
[%WINDOWS%]\system\taskmgr.exe
[%WINDOWS%]\winhlp13.dat
[%WINDOWS%]\winhlp32.dat
[%WINDOWS%]\wink1r.dat
[%DESKTOP%]\aindateamo.exe
[%DESKTOP%]\cartao.exe
[%DESKTOP%]\cartaozinho.exe
[%DESKTOP%]\Mensagem__Amor.exe
[%DESKTOP%]\photo.exe
[%DESKTOP%]\portal.exe
[%DESKTOP%]\Software\aindateamo.udd
[%SYSTEM%]\Central de Segurança\csrss.exe
[%SYSTEM%]\clds.scr
[%SYSTEM%]\crss1.ocx
[%SYSTEM%]\csrs.scr
[%SYSTEM%]\csvclhosts.exe
[%SYSTEM%]\drivers\System.exe
[%SYSTEM%]\first.dll
[%SYSTEM%]\HDLL.DLL
[%SYSTEM%]\iexplore.scr
[%SYSTEM%]\imgrt.scr
[%SYSTEM%]\intertrat.exe
[%SYSTEM%]\Isass.scr
[%SYSTEM%]\ItaKbaço
[%SYSTEM%]\kerlupa.exe
[%SYSTEM%]\lsass32.exe
[%SYSTEM%]\n0tepad.exe
[%SYSTEM%]\netburn.scr
[%SYSTEM%]\NETNV66.EXE
[%SYSTEM%]\nsnmsgr.exe
[%SYSTEM%]\nspackk.exe
[%SYSTEM%]\NTX5BMWEXALL.EXE
[%SYSTEM%]\orisys.inf
[%SYSTEM%]\rededint.exe
[%SYSTEM%]\sms32.exe
[%SYSTEM%]\sms32.ini
[%SYSTEM%]\systens32.exe
[%SYSTEM%]\task.scr
[%SYSTEM%]\tasklist32.exe
[%SYSTEM%]\taskmgr.scr
[%SYSTEM%]\tonto.exe
[%SYSTEM%]\WINCTRG.SYS
[%WINDOWS%]\help\unicox.exe
[%WINDOWS%]\ieupdate.dat
[%WINDOWS%]\imgrt.scr
[%WINDOWS%]\jdbgmgrnt.exe
[%WINDOWS%]\kernels32.exe
[%WINDOWS%]\mnsys.exe
[%WINDOWS%]\n0tepad.exe
[%WINDOWS%]\NETVID.EXE
[%WINDOWS%]\regcleaner.exe
[%WINDOWS%]\reterx.exe
[%WINDOWS%]\runlog.dat
[%WINDOWS%]\sampaerio.exe
[%WINDOWS%]\setdebugnt.exe
[%WINDOWS%]\softdwind.exe
[%WINDOWS%]\system\cartao.htm
[%WINDOWS%]\system\lsass.html
[%WINDOWS%]\system\n0tepad.exe
[%WINDOWS%]\system\smsc.exe
[%WINDOWS%]\system\windll.dll
[%WINDOWS%]\windows.exe
[%WINDOWS%]\winx.log

Folders:
[%PROGRAM_FILES%]\Microsoft Studio Files

Registry Keys:
HKEY_CLASSES_ROOT\typelib\{14a5f3e7-b235-4d98-9264-5c67d2657bc4}
HKEY_CURRENT_USER\dark
HKEY_LOCAL_MACHINE\software\sos
HKEY_CLASSES_ROOT\ib.cbrowserhelper
HKEY_CLASSES_ROOT\ib1dll6.cbrowserhelper
HKEY_CLASSES_ROOT\interface\{1c9f6e80-19b7-4b6c-a992-eb7809fc6be6}
HKEY_CLASSES_ROOT\interface\{8c691f25-c565-4fb7-8bcc-e85169bd7c47}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\javavm
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\service system
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\system32
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\winupd
HKEY_LOCAL_MACHINE\software\microsoft\windows\huhu549

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices\microsoft service manager
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\dark
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\microsoft service manager

Removing Bancos:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Win32Info BHO

Removing Win32Info
Categories: BHO,Downloader
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Trojans-downloaders downloads and installs new malware or adware on the computer.

How to detect Win32Info:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Win32Info:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Harvester Trojan

Removing Harvester
Categories: Trojan,Backdoor,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.
Harvester Also known as:

[Kaspersky]Backdoor.Harvester.10,Backdoor.Harvester.50,Backdoor.Harvester.43,Backdoor.Harvester.23.a;
[McAfee]PWS-Harvester;
[F-Prot]security risk or a "backdoor" program;
[Panda]Backdoor Program,Backdoor Program.LC,Trojan Horse;
[Computer Associates]Backdoor/Harvester.5.0,Win32/Harverster.23!Trojan

How to detect Harvester:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Harvester:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Fearless.KeySpy Trojan

Removing Fearless.KeySpy
Categories: Trojan,Spyware
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
Fearless.KeySpy Also known as:

[Kaspersky]TrojanSpy.Win32.Fearless.20;
[Panda]Trj/Fearless.C,Trojan Horse.LC;
[Computer Associates]Win32.FearlessKeySpy.20.A,Win32/Fearless.20!Spy!Trojan,Win32/FearlessKeySpy.20.A!Trojan
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\fks2.0_server.exe
[%WINDOWS%]\system\fks2.0_server.exe

How to detect Fearless.KeySpy:

Files:
[%WINDOWS%]\system\fks2.0_server.exe
[%WINDOWS%]\system\fks2.0_server.exe

Removing Fearless.KeySpy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

XT.Spy Spyware

Removing XT.Spy
Categories: Spyware
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\XTS Run.lnk
[%DESKTOP%]\XTS Run.lnk

How to detect XT.Spy:

Files:
[%DESKTOP%]\XTS Run.lnk
[%DESKTOP%]\XTS Run.lnk

Folders:
[%PROGRAMS%]\XTS
[%PROGRAM_FILES%]\XTS

Removing XT.Spy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

AntiSpyware2007 Adware

Removing AntiSpyware2007
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:
[%DESKTOP%]\AntiSpyware.lnk
[%DESKTOP%]\AntiSpyware.lnk

How to detect AntiSpyware2007:

Files:
[%DESKTOP%]\AntiSpyware.lnk
[%DESKTOP%]\AntiSpyware.lnk

Folders:
[%COMMON_PROGRAMS%]\AntiSpyware
[%PROGRAM_FILES%]\AntiSpyware

Registry Keys:
HKEY_CURRENT_USER\software\antispyware\antispyware
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\antispyware_is1

Registry Values:
HKEY_CURRENT_USER\software\antispyware
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing AntiSpyware2007:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Bedrill Trojan

Removing Bedrill
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\msntb.dll
[%PROFILE_TEMP%]\mtbs.exe
[%PROFILE_TEMP%]\msntb.dll
[%PROFILE_TEMP%]\mtbs.exe

How to detect Bedrill:

Files:
[%PROFILE_TEMP%]\msntb.dll
[%PROFILE_TEMP%]\mtbs.exe
[%PROFILE_TEMP%]\msntb.dll
[%PROFILE_TEMP%]\mtbs.exe

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{1dbab667-a486-421e-afe4-cf07dd0088e5}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar

Removing Bedrill:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

RazeSpyware Trojan

Removing RazeSpyware
Categories: Trojan,Adware,Downloader,Ransomware
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe software that encrypts the data
belonging to an individual on a computer, demanding a ransom for its restoration.
Although the field known as cryptovirology predates the term "ransomware".
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\mswinb32.dll
[%SYSTEM%]\mswinb32.exe
[%SYSTEM%]\mswinup32.dll
[%SYSTEM%]\mswinxml.dll
[%SYSTEM%]\shell386.exe
[%SYSTEM%]\winapi32.dll
[%SYSTEM%]\winlfl32.dll
[%SYSTEM%]\{052D02B8-3386-4C0A-ACEA-59902248CC52}.exe
[%COMMON_APPDATA%]\Microsoft\Internet Explorer\Quick Launch\cmd.exe
[%DESKTOP%]\m00.exe
[%DESKTOP%]\razespyware.lnk
[%DESKTOP%]\razespywareinstaller.exe
[%SYSTEM%]\intxt.exe
[%WINDOWS%]\adw.htm
[%WINDOWS%]\silent.exe
[%SYSTEM%]\mswinb32.dll
[%SYSTEM%]\mswinb32.exe
[%SYSTEM%]\mswinup32.dll
[%SYSTEM%]\mswinxml.dll
[%SYSTEM%]\shell386.exe
[%SYSTEM%]\winapi32.dll
[%SYSTEM%]\winlfl32.dll
[%SYSTEM%]\{052D02B8-3386-4C0A-ACEA-59902248CC52}.exe
[%COMMON_APPDATA%]\Microsoft\Internet Explorer\Quick Launch\cmd.exe
[%DESKTOP%]\m00.exe
[%DESKTOP%]\razespyware.lnk
[%DESKTOP%]\razespywareinstaller.exe
[%SYSTEM%]\intxt.exe
[%WINDOWS%]\adw.htm
[%WINDOWS%]\silent.exe

How to detect RazeSpyware:

Files:
[%SYSTEM%]\mswinb32.dll
[%SYSTEM%]\mswinb32.exe
[%SYSTEM%]\mswinup32.dll
[%SYSTEM%]\mswinxml.dll
[%SYSTEM%]\shell386.exe
[%SYSTEM%]\winapi32.dll
[%SYSTEM%]\winlfl32.dll
[%SYSTEM%]\{052D02B8-3386-4C0A-ACEA-59902248CC52}.exe
[%COMMON_APPDATA%]\Microsoft\Internet Explorer\Quick Launch\cmd.exe
[%DESKTOP%]\m00.exe
[%DESKTOP%]\razespyware.lnk
[%DESKTOP%]\razespywareinstaller.exe
[%SYSTEM%]\intxt.exe
[%WINDOWS%]\adw.htm
[%WINDOWS%]\silent.exe
[%SYSTEM%]\mswinb32.dll
[%SYSTEM%]\mswinb32.exe
[%SYSTEM%]\mswinup32.dll
[%SYSTEM%]\mswinxml.dll
[%SYSTEM%]\shell386.exe
[%SYSTEM%]\winapi32.dll
[%SYSTEM%]\winlfl32.dll
[%SYSTEM%]\{052D02B8-3386-4C0A-ACEA-59902248CC52}.exe
[%COMMON_APPDATA%]\Microsoft\Internet Explorer\Quick Launch\cmd.exe
[%DESKTOP%]\m00.exe
[%DESKTOP%]\razespyware.lnk
[%DESKTOP%]\razespywareinstaller.exe
[%SYSTEM%]\intxt.exe
[%WINDOWS%]\adw.htm
[%WINDOWS%]\silent.exe

Folders:
[%PROGRAM_FILES%]\RazeSpyware
[%PROGRAM_FILES%]\xsremover.com
[%PROGRAMS%]\razespyware
[%PROGRAM_FILES%]\razespyware

Registry Keys:
HKEY_CLASSES_ROOT\winapi32.mybho
HKEY_CURRENT_USER\Software\XXI
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\securedisk
HKEY_CLASSES_ROOT\clsid\{7a533235-a128-434b-9f8a-9300a544d191}
HKEY_CLASSES_ROOT\clsid\{a94fd42a-e405-4cd9-9486-3a341310ee2f}
HKEY_CLASSES_ROOT\clsid\{ff71228a-0d58-4e50-b592-36551f1acc01}
HKEY_CLASSES_ROOT\interface\{018080b0-d90d-46f8-86d1-4cf8ce6e8686}
HKEY_CLASSES_ROOT\interface\{9bd2b2bc-d289-4fce-b734-e4d6acbbab7d}
HKEY_CLASSES_ROOT\interface\{ade60563-5ad0-4832-a1e7-0e3a428c43c4}
HKEY_CLASSES_ROOT\typelib\{b7dfabbf-f985-4a67-8d72-ea0d9fc7c429}
HKEY_CLASSES_ROOT\winapi32.intelinks
HKEY_CLASSES_ROOT\winapi32.mybaner
HKEY_CURRENT_USER\software\razespyware
HKEY_CURRENT_USER\software\xxi\razespyware\updates
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7a533235-a128-434b-9f8a-9300a544d191}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\razespyware

Registry Values:
HKEY_CURRENT_USER\software\borland\locales
HKEY_CURRENT_USER\software\borland\locales
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\shellnoroam\muicache
HKEY_CURRENT_USER\software\microsoft\windows\shellnoroam\muicache
HKEY_CURRENT_USER\software\xxi\razespyware
HKEY_CURRENT_USER\software\xxi\razespyware\scripts\variables
HKEY_CURRENT_USER\software\xxi\razespyware\scripts\variables
HKEY_CURRENT_USER\software\xxi\razespyware\scripts\variables
HKEY_CURRENT_USER\software\xxi\razespyware\scripts\variables
HKEY_CURRENT_USER\software\xxi\razespyware\scripts\variables
HKEY_CURRENT_USER\software\xxi\razespyware\scripts\variables

Removing RazeSpyware:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Downloader.ACA Trojan

Removing Downloader.ACA
Categories: Trojan,Hijacker,Downloader
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
Downloader.ACA Also known as:

[McAfee]Downloader-ACA;
[Other]TROJ_VB.DT,W32/Agent.NBJ
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\d11host.exe
[%SYSTEM%]\windll.dll
[%SYSTEM%]\d11host.exe
[%SYSTEM%]\windll.dll

How to detect Downloader.ACA:

Files:
[%SYSTEM%]\d11host.exe
[%SYSTEM%]\windll.dll
[%SYSTEM%]\d11host.exe
[%SYSTEM%]\windll.dll

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Downloader.ACA:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

BrowserAid.Featured.Results BHO

Removing BrowserAid.Featured.Results
Categories: BHO
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
BrowserAid.Featured.Results Also known as:

[Panda]Adware/BrowserAid
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\msiefr40.dll
[%WINDOWS%]\system\msiefr40.dll
[%SYSTEM%]\msiefr40.dll
[%WINDOWS%]\system\msiefr40.dll

How to detect BrowserAid.Featured.Results:

Files:
[%SYSTEM%]\msiefr40.dll
[%WINDOWS%]\system\msiefr40.dll
[%SYSTEM%]\msiefr40.dll
[%WINDOWS%]\system\msiefr40.dll

Registry Keys:
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{0ddbb570-0396-44c9-986a-8f6f61a51c2f}
HKEY_LOCAL_MACHINE\software\classes\clsid\{0ddbb570-0396-44c9-986a-8f6f61a51c2f}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0ddbb570-0396-44c9-986a-8f6f61a51c2f}

Removing BrowserAid.Featured.Results:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

BrowserToolbar Adware

Removing BrowserToolbar
Categories: Adware,Downloader
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Trojans-downloaders downloads and installs new malware or adware on the computer.

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\absr.exe
[%WINDOWS%]\abstr.exe
[%WINDOWS%]\ausvc.exe
[%WINDOWS%]\auupg.exe
[%WINDOWS%]\bvt.exe
[%WINDOWS%]\coolstuff.ocx
[%WINDOWS%]\ea.bin
[%WINDOWS%]\mnsvc.exe
[%WINDOWS%]\mtbcd.bak
[%WINDOWS%]\undo.exe
[%WINDOWS%]\absr.exe
[%WINDOWS%]\abstr.exe
[%WINDOWS%]\ausvc.exe
[%WINDOWS%]\auupg.exe
[%WINDOWS%]\bvt.exe
[%WINDOWS%]\coolstuff.ocx
[%WINDOWS%]\ea.bin
[%WINDOWS%]\mnsvc.exe
[%WINDOWS%]\mtbcd.bak
[%WINDOWS%]\undo.exe

How to detect BrowserToolbar:

Files:
[%WINDOWS%]\absr.exe
[%WINDOWS%]\abstr.exe
[%WINDOWS%]\ausvc.exe
[%WINDOWS%]\auupg.exe
[%WINDOWS%]\bvt.exe
[%WINDOWS%]\coolstuff.ocx
[%WINDOWS%]\ea.bin
[%WINDOWS%]\mnsvc.exe
[%WINDOWS%]\mtbcd.bak
[%WINDOWS%]\undo.exe
[%WINDOWS%]\absr.exe
[%WINDOWS%]\abstr.exe
[%WINDOWS%]\ausvc.exe
[%WINDOWS%]\auupg.exe
[%WINDOWS%]\bvt.exe
[%WINDOWS%]\coolstuff.ocx
[%WINDOWS%]\ea.bin
[%WINDOWS%]\mnsvc.exe
[%WINDOWS%]\mtbcd.bak
[%WINDOWS%]\undo.exe

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{6541b981-2e27-46b1-a2cc-8264a75b74fe}
HKEY_CLASSES_ROOT\clsid\{6d8b1b74-4ab8-473b-b479-253fa1936802}
HKEY_CLASSES_ROOT\clsid\{868b015f-3515-44db-b0ad-182cd058985e}
HKEY_CLASSES_ROOT\clsid\{9a05fe9b-5b52-4d13-a77d-fa7c38557a8e}
HKEY_CLASSES_ROOT\clsid\{bae85c97-2cd4-45c3-a1ed-e4cef7c6aa52}
HKEY_CLASSES_ROOT\clsid\{c76be992-2bc3-41a4-8b87-a8c01fe419a7}
HKEY_CLASSES_ROOT\clsid\{f53c844a-d9c8-4e92-b923-c05b46c4a7e3}
HKEY_LOCAL_MACHINE\software\classes\appid\{8b034058-08b0-4cb3-b2e8-60238b4967f2}
HKEY_LOCAL_MACHINE\software\classes\clsid\{6541b981-2e27-46b1-a2cc-8264a75b74fe}
HKEY_LOCAL_MACHINE\software\classes\clsid\{868b015f-3515-44db-b0ad-182cd058985e}
HKEY_LOCAL_MACHINE\software\classes\clsid\{9a05fe9b-5b52-4d13-a77d-fa7c38557a8e}
HKEY_LOCAL_MACHINE\software\classes\clsid\{bae85c97-2cd4-45c3-a1ed-e4cef7c6aa52}
HKEY_LOCAL_MACHINE\software\classes\clsid\{c76be992-2bc3-41a4-8b87-a8c01fe419a7}
HKEY_LOCAL_MACHINE\software\classes\clsid\{f53c844a-d9c8-4e92-b923-c05b46c4a7e3}
HKEY_LOCAL_MACHINE\software\classes\clsid\{fbe091e5-df43-4ffb-aecc-7e3a3bc7b0d9}
HKEY_LOCAL_MACHINE\software\classes\typelib\{6d8b1b74-4ab8-473b-b479-253fa1936802}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing BrowserToolbar:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

TinyKeyLogger Spyware

Removing TinyKeyLogger
Categories: Spyware
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\tiny keylogger v2.0.lnk
[%PROFILE%]\recent\tkey-setup.lnk
[%WINDOWS%]\tkey.lnk
[%DESKTOP%]\tiny keylogger v2.0.lnk
[%PROFILE%]\recent\tkey-setup.lnk
[%WINDOWS%]\tkey.lnk

How to detect TinyKeyLogger:

Files:
[%DESKTOP%]\tiny keylogger v2.0.lnk
[%PROFILE%]\recent\tkey-setup.lnk
[%WINDOWS%]\tkey.lnk
[%DESKTOP%]\tiny keylogger v2.0.lnk
[%PROFILE%]\recent\tkey-setup.lnk
[%WINDOWS%]\tkey.lnk

Folders:
[%PROGRAMS%]\tiny keylogger v2.0
[%PROGRAM_FILES%]\tiny keylogger v2.0

Registry Keys:
HKEY_CLASSES_ROOT\installer\products\b768291be0263b3468b3b62b5a09a1e2
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{b192867b-620e-43b3-863b-6bb2a5901a2e}

Registry Values:
HKEY_CLASSES_ROOT\installer\assemblies\c:|program files|tiny keylogger v2.0|axinterop.shdocvw.dll
HKEY_CLASSES_ROOT\installer\assemblies\c:|program files|tiny keylogger v2.0|interop.shdocvw.dll
HKEY_CLASSES_ROOT\installer\assemblies\c:|program files|tiny keylogger v2.0|tkey.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders

Removing TinyKeyLogger:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Spax Trojan

Removing Spax
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Spax Also known as:

[Kaspersky]Trojan.Win32.Dialer.cs,Trojan-Downloader.Win32.Agent.bkd;
[Other]Win32/Spax.AS,Win32/Spax!generic,Win32/Spax.AU,Win32/Spax.AX,Trojan.Secup
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\cthkpcv.dll
[%SYSTEM%]\geplxss.dll
[%SYSTEM%]\pkgvy1g.dll
[%SYSTEM%]\tahxqcj.dll
[%SYSTEM%]\tvomnc.dll
[%SYSTEM%]\xuoce.dll
[%SYSTEM%]\ygjun.dll
[%SYSTEM%]\cthkpcv.dll
[%SYSTEM%]\geplxss.dll
[%SYSTEM%]\pkgvy1g.dll
[%SYSTEM%]\tahxqcj.dll
[%SYSTEM%]\tvomnc.dll
[%SYSTEM%]\xuoce.dll
[%SYSTEM%]\ygjun.dll

How to detect Spax:

Files:
[%SYSTEM%]\cthkpcv.dll
[%SYSTEM%]\geplxss.dll
[%SYSTEM%]\pkgvy1g.dll
[%SYSTEM%]\tahxqcj.dll
[%SYSTEM%]\tvomnc.dll
[%SYSTEM%]\xuoce.dll
[%SYSTEM%]\ygjun.dll
[%SYSTEM%]\cthkpcv.dll
[%SYSTEM%]\geplxss.dll
[%SYSTEM%]\pkgvy1g.dll
[%SYSTEM%]\tahxqcj.dll
[%SYSTEM%]\tvomnc.dll
[%SYSTEM%]\xuoce.dll
[%SYSTEM%]\ygjun.dll

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{634be415-da12-496b-b89e-329b73c4807f}
HKEY_CLASSES_ROOT\CLSID\{da3b49f6-8c54-4429-a275-21a86dcca413}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert
HKEY_CLASSES_ROOT\clsid\{634be415-da12-496b-b89e-329b73c4807f}
HKEY_CLASSES_ROOT\clsid\{da3b49f6-8c54-4429-a275-21a86dcca413}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\system alert popup
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\windows safety alert

Registry Values:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler

Removing Spax:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Gema Trojan

Removing Gema
Categories: Trojan,Downloader
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Trojans-downloaders downloads and installs new malware or adware on the computer.

Gema Also known as:

[Panda]Trojan Horse,Trj/Datei.A;
[Computer Associates]Win32.Gema.B,Win32/Gema.A!Trojan,Win32.Gema.D,Win32/Gema.14336!Trojan
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\Click Here.url
[%SYSTEM%]\cdcompat.exe
[%SYSTEM%]\cpusave32.exe
[%SYSTEM%]\DLuxjp-uninstall.exe
[%SYSTEM%]\mdmdll.exe
[%SYSTEM%]\nvidex32.exe
[%SYSTEM%]\syscenter.exe
[%DESKTOP%]\Click Here.url
[%SYSTEM%]\cdcompat.exe
[%SYSTEM%]\cpusave32.exe
[%SYSTEM%]\DLuxjp-uninstall.exe
[%SYSTEM%]\mdmdll.exe
[%SYSTEM%]\nvidex32.exe
[%SYSTEM%]\syscenter.exe

How to detect Gema:

Files:
[%DESKTOP%]\Click Here.url
[%SYSTEM%]\cdcompat.exe
[%SYSTEM%]\cpusave32.exe
[%SYSTEM%]\DLuxjp-uninstall.exe
[%SYSTEM%]\mdmdll.exe
[%SYSTEM%]\nvidex32.exe
[%SYSTEM%]\syscenter.exe
[%DESKTOP%]\Click Here.url
[%SYSTEM%]\cdcompat.exe
[%SYSTEM%]\cpusave32.exe
[%SYSTEM%]\DLuxjp-uninstall.exe
[%SYSTEM%]\mdmdll.exe
[%SYSTEM%]\nvidex32.exe
[%SYSTEM%]\syscenter.exe

Folders:
[%PROGRAM_FILES%]\dialers
[%PROGRAM_FILES%]\siteicons

Registry Keys:
HKEY_CURRENT_USER\software\siteicons
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\dluxjp

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\netscape\netscape navigator\user trusted external applications
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Gema:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Alibaba Toolbar

Removing Alibaba
Categories: Toolbar
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

How to detect Alibaba:

Registry Keys:
HKEY_CLASSES_ROOT\alibabaietoolbar.alibababutton
HKEY_CLASSES_ROOT\alibabaietoolbar.alibababutton.1
HKEY_CLASSES_ROOT\alibabaietoolbar.alibabasearchbar
HKEY_CLASSES_ROOT\alibabaietoolbar.alibabasearchbar.1
HKEY_CLASSES_ROOT\alibabaietoolbar.showbarobject
HKEY_CLASSES_ROOT\alibabaietoolbar.showbarobject.1
HKEY_CLASSES_ROOT\clsid\{09f59435-7814-48ed-a73a-96ff861a91eb}
HKEY_CLASSES_ROOT\clsid\{0c588f7d-a2b3-4001-b59b-d856c1bf3ad7}
HKEY_CLASSES_ROOT\clsid\{850b69e4-90db-4f45-8621-891bf35a5b53}
HKEY_CLASSES_ROOT\interface\{42cb709c-a1d6-4c3a-9f9c-b077ff86a760}
HKEY_CLASSES_ROOT\interface\{63c8af31-ad6e-417c-bf8b-48b96e95dc25}
HKEY_CLASSES_ROOT\interface\{ab44756f-fce0-454d-af29-930b89bb44d2}
HKEY_CLASSES_ROOT\typelib\{448f1bd5-c41a-4551-83cf-8cd2309abc66}
HKEY_LOCAL_MACHINE\software\ablibaba\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{09f59435-7814-48ed-a73a-96ff861a91eb}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{13b0c05c-ef05-4bf6-b0ea-f6111af25544}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\alibaba toolbar

Removing Alibaba:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Musdie Trojan

Removing Musdie
Categories: Trojan,Backdoor
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Musdie Also known as:

[Kaspersky]Backdoor.Musdie.11;
[McAfee]BackDoor-VZ;
[F-Prot]security risk or a "backdoor" program;
[Panda]Backdoor Program;
[Computer Associates]Backdoor/Musdie.11!Server

How to detect Musdie:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Musdie:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

XPCSpy Spyware

Removing XPCSpy
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\rx.exe
[%SYSTEM%]\SysDll32.dll
[%SYSTEM%]\systemout.exe
[%SYSTEM%]\rx.exe
[%SYSTEM%]\SysDll32.dll
[%SYSTEM%]\systemout.exe

How to detect XPCSpy:

Files:
[%SYSTEM%]\rx.exe
[%SYSTEM%]\SysDll32.dll
[%SYSTEM%]\systemout.exe
[%SYSTEM%]\rx.exe
[%SYSTEM%]\SysDll32.dll
[%SYSTEM%]\systemout.exe

Folders:
[%PROGRAM_FILES%]\xsoftware
[%PROGRAMS%]\123 xpcspy
[%PROGRAM_FILES%]\xpcspy

Registry Keys:
HKEY_CLASSES_ROOT\appmon.tshellexecutehook
HKEY_CLASSES_ROOT\clsid\{17a54bfc-8214-4f5c-b1a7-a161bfa5fdcc}
HKEY_CLASSES_ROOT\clsid\{ba41ee62-b36a-4344-850c-9221073cf6b9}
HKEY_CLASSES_ROOT\clsid\{e3e1dc8e-0ce1-4d96-8d49-e5b2b7b51ada}
HKEY_CLASSES_ROOT\iemon.iespy
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{17a54bfc-8214-4f5c-b1a7-a161bfa5fdcc}
HKEY_CLASSES_ROOT\appspy.tshellexecutehook
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\systemoutservice

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellpath
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellpath
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall

Removing XPCSpy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

SCN Toolbar

Removing SCN
Categories: Toolbar
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\custtlb.dll
[%WINDOWS%]\system\custtlb.dll
[%SYSTEM%]\custtlb.dll
[%WINDOWS%]\system\custtlb.dll

How to detect SCN:

Files:
[%SYSTEM%]\custtlb.dll
[%WINDOWS%]\system\custtlb.dll
[%SYSTEM%]\custtlb.dll
[%WINDOWS%]\system\custtlb.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{96bbdfe1-2951-4f81-811e-31df6436a329}
HKEY_LOCAL_MACHINE\software\classes\clsid\{96bbdfe1-2951-4f81-811e-31df6436a329}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar

Removing SCN:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

IRC.ZCrew Trojan

Removing IRC.ZCrew
Categories: Trojan,Backdoor
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\clbcatex.exe
[%SYSTEM%]\clbcatex.exe

How to detect IRC.ZCrew:

Files:
[%SYSTEM%]\clbcatex.exe
[%SYSTEM%]\clbcatex.exe

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing IRC.ZCrew:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Givoree Trojan

Removing Givoree
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Givoree Also known as:

[Other]Win32.Givoree.C
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\BHO Plugin\lw.ext
[%PROFILE_TEMP%]\rsi.exe
[%PROGRAM_FILES%]\BHO Plugin\lw.ext
[%PROFILE_TEMP%]\rsi.exe

How to detect Givoree:

Files:
[%PROGRAM_FILES%]\BHO Plugin\lw.ext
[%PROFILE_TEMP%]\rsi.exe
[%PROGRAM_FILES%]\BHO Plugin\lw.ext
[%PROFILE_TEMP%]\rsi.exe

Removing Givoree:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:
Subscribe to: Posts (Atom)