Thursday, November 13, 2008

Surveiller.Common.Components Spyware

Removing Surveiller.Common.Components
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\e-surveiller station.lnk
[%DESKTOP%]\e-surveiller station.lnk

How to detect Surveiller.Common.Components:

Files:
[%DESKTOP%]\e-surveiller station.lnk
[%DESKTOP%]\e-surveiller station.lnk

Folders:
[%APPDATA%]\surveilletech
[%COMMON_PROGRAMS%]\e-Surveiller
[%PROGRAMS%]\e-Surveiller
[%PROGRAM_FILES%]\e-Surveiller

Registry Keys:
HKEY_CLASSES_ROOT\e-surveiller.logfile
HKEY_CURRENT_USER\software\surveilletech
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\e-surveiller
HKEY_LOCAL_MACHINE\software\surveilletech

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce

Removing Surveiller.Common.Components:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Ghost.Keylogger Spyware

Removing Ghost.Keylogger
Categories: Spyware
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
Ghost.Keylogger Also known as:

[Kaspersky]TrojanSpy.Win32.GhostKeyLogger.b,TrojanSpy.Win32.GhostKeyLogger.c;
[Computer Associates]Win32/GhostKeyLogger.b!Spy!Troja
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\klg\agent\syncagent.dll
[%WINDOWS%]\system\klg\agent\syncagent.exe
[%WINDOWS%]\system\klg\agent\syncagent.dll
[%WINDOWS%]\system\klg\agent\syncagent.exe

How to detect Ghost.Keylogger:

Files:
[%WINDOWS%]\system\klg\agent\syncagent.dll
[%WINDOWS%]\system\klg\agent\syncagent.exe
[%WINDOWS%]\system\klg\agent\syncagent.dll
[%WINDOWS%]\system\klg\agent\syncagent.exe

Removing Ghost.Keylogger:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Win32.Messenger Malware

Removing Win32.Messenger
Categories: Malware
Malware includes a range of programs that do not threaten computers directly,
but are used to create viruses or Trojans, or used to carry out illegal activities
such as DoS attacks and breaking into other computers.

How to detect Win32.Messenger:

Folders:
[%PROGRAM_FILES%]\Win32coMessenger

Removing Win32.Messenger:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

PassAlert Trojan

Removing PassAlert
Categories: Trojan,Downloader
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Trojans-downloaders downloads and installs new malware or adware on the computer.

How to detect PassAlert:

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing PassAlert:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

BaciamiStupido Adware

Removing BaciamiStupido
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

BaciamiStupido Also known as:

[Kaspersky]Trojan-Clicker.Win32.Small.hj;
[McAfee]Generic AdClicker.o;
[Other]Dialer.BaciamiStupido
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\ciakaisen.exe
[%SYSTEM%]\smallActive.dll
[%SYSTEM%]\ciakaisen.exe
[%SYSTEM%]\smallActive.dll

How to detect BaciamiStupido:

Files:
[%SYSTEM%]\ciakaisen.exe
[%SYSTEM%]\smallActive.dll
[%SYSTEM%]\ciakaisen.exe
[%SYSTEM%]\smallActive.dll

Registry Keys:
HKEY_CLASSES_ROOT\activexcom.myactivexcom
HKEY_CLASSES_ROOT\activexcom.myactivexcom.1
HKEY_CLASSES_ROOT\clsid\{9f5bb9e1-31ae-4a13-8734-15ced0f60a3d}
HKEY_CLASSES_ROOT\interface\{303bc80e-d805-41c8-9456-566be6bb44c7}
HKEY_CLASSES_ROOT\typelib\{8dab5c8c-c784-4651-84f7-b6c9f4eec53d}
HKEY_CURRENT_USER\software\adwhere component
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{9f5bb9e1-31ae-4a13-8734-15ced0f60a3d}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{9f5bb9e1-31ae-4a13-8734-15ced0f60a3d}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]\ciakaisen.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]\smallactive.dll

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls

Removing BaciamiStupido:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

PCSentinel.CommonComponents Spyware

Removing PCSentinel.CommonComponents
Categories: Spyware
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

How to detect PCSentinel.CommonComponents:

Folders:
[%PROGRAM_FILES%]\PC Sentinel Software
[%PROGRAM_FILES%]\PCS-234
[%PROGRAM_FILES%]\PCS-236
[%PROGRAM_FILES%]\PCS-237

Registry Keys:
HKEY_CURRENT_USER\software\local appwizard-generated applications\clsr
HKEY_CURRENT_USER\software\pc sentinel software
HKEY_CURRENT_USER\software\pcs-234
HKEY_CURRENT_USER\software\pcs-236
HKEY_CURRENT_USER\software\pcs-237
HKEY_LOCAL_MACHINE\software\pc sentinel software
HKEY_LOCAL_MACHINE\software\pcs-234
HKEY_LOCAL_MACHINE\software\pcs-236
HKEY_LOCAL_MACHINE\software\pcs-237

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing PCSentinel.CommonComponents:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Beastdoor.8qb Trojan

Removing Beastdoor.8qb
Categories: Trojan,Backdoor
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

How to detect Beastdoor.8qb:

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{42ce4021-de03-e3cc-ea32-40bb12e6015d}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run

Removing Beastdoor.8qb:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

DialSteal Trojan

Removing DialSteal
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\ctfmgr.exe
[%WINDOWS%]\ctfmgr.exe

How to detect DialSteal:

Files:
[%WINDOWS%]\ctfmgr.exe
[%WINDOWS%]\ctfmgr.exe

Removing DialSteal:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Rich.Video.Codec Trojan

Removing Rich.Video.Codec
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

How to detect Rich.Video.Codec:

Folders:
[%PROGRAM_FILES%]\RichVideoCodec

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{05075a7c-3bda-48a8-b40f-c0f71b039263}
HKEY_CLASSES_ROOT\clsid\{31de3194-c748-48bb-b620-2d0156b5e1ad}
HKEY_CLASSES_ROOT\clsid\{382c8a97-bfef-47b5-9770-87c4de651e37}
HKEY_CLASSES_ROOT\clsid\{4ac96b80-a531-4590-b536-5dddb4d8ba28}
HKEY_CLASSES_ROOT\clsid\{5355303a-2042-4c2a-b86a-3c81184d2401}
HKEY_CLASSES_ROOT\clsid\{6537eff9-5372-40ca-8a1a-04283fb82e35}
HKEY_CLASSES_ROOT\clsid\{8eb24324-3394-4c5f-b69c-744a74797952}
HKEY_CLASSES_ROOT\clsid\{b1afaf0d-825a-4844-a7b0-bbbdbad35486}
HKEY_CLASSES_ROOT\clsid\{b1be4da0-f221-45f2-9f69-a0506030eaf9}
HKEY_CLASSES_ROOT\clsid\{e2abefc9-37a1-4183-90dc-b85184f48310}
HKEY_CLASSES_ROOT\clsid\{f02c37ac-f6dc-4c75-b61a-8f86bc5a9e9a}
HKEY_CLASSES_ROOT\clsid\{fceceb99-47cb-4be6-a79c-fc3e593288ac}
HKEY_CLASSES_ROOT\hdtip.bxdm
HKEY_CLASSES_ROOT\hdtip.toolbar.1
HKEY_CLASSES_ROOT\interface\{2694a3dc-3864-44a4-a100-fdd1e4e8f29c}
HKEY_CLASSES_ROOT\interface\{36009226-067d-47c0-a497-7b2e5d3faf03}
HKEY_CLASSES_ROOT\interface\{56ca185a-095a-4f87-a7ee-2448d112a222}
HKEY_CLASSES_ROOT\interface\{65881147-a683-4919-93fc-29eded378a18}
HKEY_CLASSES_ROOT\interface\{ce58e4d5-e8e1-4f59-ac3f-6315810a7889}
HKEY_CLASSES_ROOT\typelib\{0cf92b33-3032-4bd2-b7e1-5b993d0ab652}
HKEY_CLASSES_ROOT\typelib\{6a930694-495d-4c93-a483-d72fef0ef1ce}
HKEY_CLASSES_ROOT\typelib\{b3db780e-faa5-401b-aa41-fd50a7605c94}
HKEY_CLASSES_ROOT\typelib\{b4069f9d-db70-4166-8fb8-feb68e884876}
HKEY_CLASSES_ROOT\typelib\{e9db7c76-04a0-4f32-8b57-a24eec0f6db9}
HKEY_CLASSES_ROOT\typelib\{f7448446-022e-4d58-a356-038e7e110c6e}\1.0
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{31de3194-c748-48bb-b620-2d0156b5e1ad}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\richvideocodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\webvideo

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload

Removing Rich.Video.Codec:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

NewtonKnows Adware

Removing NewtonKnows
Categories: Adware,BHO,Hijacker,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\bar.dll
[%WINDOWS%]\system\bar.dll
[%WINDOWS%]\system\inetadpt.dll
[%SYSTEM%]\bar.dll
[%WINDOWS%]\system\bar.dll
[%WINDOWS%]\system\inetadpt.dll

How to detect NewtonKnows:

Files:
[%SYSTEM%]\bar.dll
[%WINDOWS%]\system\bar.dll
[%WINDOWS%]\system\inetadpt.dll
[%SYSTEM%]\bar.dll
[%WINDOWS%]\system\bar.dll
[%WINDOWS%]\system\inetadpt.dll

Folders:
[%PROGRAM_FILES%]\newton knows
[%WINDOWS%]\temp\vupd

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{6600d22f-083f-11d6-99de-d172e92ebc2a}
HKEY_CLASSES_ROOT\clsid\{ee392a64-f30b-47c8-a363-cda1cec7dc1b}
HKEY_LOCAL_MACHINE\software\classes\clsid\{ee392a64-f30b-47c8-a363-cda1cec7dc1b}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ee392a64-f30b-47c8-a363-cda1cec7dc1b}
HKEY_CLASSES_ROOT\clsid\{8ae10ee3-84be-4d3c-8106-7020bf3f0142}
HKEY_CLASSES_ROOT\clsid\{e9407738-a996-421a-a309-5c93c699e10a}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{ee392a64-f30b-47c8-a363-cda1cec7dc1b}
HKEY_CLASSES_ROOT\typelib\{6600d22f-083f-11d6-99de-d172e92ebc2a}
HKEY_CLASSES_ROOT\typelib\{8ae10ee3-84be-4d3c-8106-7020bf3f0142}
HKEY_CLASSES_ROOT\typelib\{ee392a64-f30b-47c8-a363-cda1cec7dc1b}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8ae10ee3-84be-4d3c-8106-7020bf3f0142}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\newton knows
HKEY_LOCAL_MACHINE\software\virtumundo\program\newton knows

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\search\searchassistant
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\search\searchassistant
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing NewtonKnows:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Greek.Hackers Backdoor

Removing Greek.Hackers
Categories: Backdoor,RAT
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
Greek.Hackers Also known as:

[Kaspersky]Backdoor.Y3KRat.17.a;
[Panda]Backdoor Program,Bck/Y3KRat;
[Computer Associates]Backdoor/Y3KRat
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\lusrmgr.msc.pif
[%WINDOWS%]\system\lusrmgr.msc.pif

How to detect Greek.Hackers:

Files:
[%WINDOWS%]\system\lusrmgr.msc.pif
[%WINDOWS%]\system\lusrmgr.msc.pif

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices

Removing Greek.Hackers:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

SpecialOffers Adware

Removing SpecialOffers
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\cs_base.html
[%WINDOWS%]\specialoffers.exe
[%WINDOWS%]\specialoffers4.exe
[%WINDOWS%]\cs_base.html
[%WINDOWS%]\specialoffers.exe
[%WINDOWS%]\specialoffers4.exe

How to detect SpecialOffers:

Files:
[%WINDOWS%]\cs_base.html
[%WINDOWS%]\specialoffers.exe
[%WINDOWS%]\specialoffers4.exe
[%WINDOWS%]\cs_base.html
[%WINDOWS%]\specialoffers.exe
[%WINDOWS%]\specialoffers4.exe

Registry Keys:
HKEY_CURRENT_USER\software\specialoffersnetworks\contextserver

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing SpecialOffers:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

OneClickNetSearch Trojan

Removing OneClickNetSearch
Categories: Trojan,Downloader
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\dsr.dll
[%WINDOWS%]\dsr.exe
[%WINDOWS%]\extract.exe
[%WINDOWS%]\pxckdlauninstall.exe
[%WINDOWS%]\rgrt.exe
[%WINDOWS%]\snbho.exe
[%WINDOWS%]\systb.dll
[%WINDOWS%]\systb.exe
[%WINDOWS%]\wdskctl.exe
[%WINDOWS%]\wupdt.exe
[%WINDOWS%]\dsr.dll
[%WINDOWS%]\dsr.exe
[%WINDOWS%]\extract.exe
[%WINDOWS%]\pxckdlauninstall.exe
[%WINDOWS%]\rgrt.exe
[%WINDOWS%]\snbho.exe
[%WINDOWS%]\systb.dll
[%WINDOWS%]\systb.exe
[%WINDOWS%]\wdskctl.exe
[%WINDOWS%]\wupdt.exe

How to detect OneClickNetSearch:

Files:
[%WINDOWS%]\dsr.dll
[%WINDOWS%]\dsr.exe
[%WINDOWS%]\extract.exe
[%WINDOWS%]\pxckdlauninstall.exe
[%WINDOWS%]\rgrt.exe
[%WINDOWS%]\snbho.exe
[%WINDOWS%]\systb.dll
[%WINDOWS%]\systb.exe
[%WINDOWS%]\wdskctl.exe
[%WINDOWS%]\wupdt.exe
[%WINDOWS%]\dsr.dll
[%WINDOWS%]\dsr.exe
[%WINDOWS%]\extract.exe
[%WINDOWS%]\pxckdlauninstall.exe
[%WINDOWS%]\rgrt.exe
[%WINDOWS%]\snbho.exe
[%WINDOWS%]\systb.dll
[%WINDOWS%]\systb.exe
[%WINDOWS%]\wdskctl.exe
[%WINDOWS%]\wupdt.exe

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{00F1D395-4744-40f0-A611-980F61AE2C59}
HKEY_CLASSES_ROOT\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}
HKEY_CLASSES_ROOT\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}
HKEY_CLASSES_ROOT\CLSID\{69135BDE-5FDC-4B61-98AA-82AD2091BCCC}
HKEY_CLASSES_ROOT\CLSID\{8B51FC2F-C687-40A3-B54A-BB9EBF8D407F}
HKEY_CLASSES_ROOT\CLSID\{CE27D4DF-714B-4427-95EB-923FE53ADF8E}
HKEY_CLASSES_ROOT\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}
HKEY_CLASSES_ROOT\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}
HKEY_CLASSES_ROOT\CLSID\{E2D2FE40-5674-4B77-802B-EC86B6C2C41D}
HKEY_CLASSES_ROOT\CLSID\{E311D3A5-4A3B-4E49-9E0A-B40FAE1F0B28}
HKEY_CLASSES_ROOT\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}
HKEY_CLASSES_ROOT\DSrch.Band
HKEY_CLASSES_ROOT\DSrch.Band.1
HKEY_CLASSES_ROOT\DSrch.BottomFrame
HKEY_CLASSES_ROOT\DSrch.BottomFrame.1
HKEY_CLASSES_ROOT\DSrch.LeftFrame
HKEY_CLASSES_ROOT\DSrch.LeftFrame.1
HKEY_CLASSES_ROOT\DSrch.PopupBrowser
HKEY_CLASSES_ROOT\DSrch.PopupBrowser.1
HKEY_CLASSES_ROOT\DSrch.PopupWindow
HKEY_CLASSES_ROOT\DSrch.PopupWindow.1
HKEY_CLASSES_ROOT\IMIToolbar.BottomFrame
HKEY_CLASSES_ROOT\IMIToolbar.BottomFrame.1
HKEY_CLASSES_ROOT\IMIToolbar.imiTool
HKEY_CLASSES_ROOT\IMIToolbar.imiTool.1
HKEY_CLASSES_ROOT\IMIToolbar.LeftFrame
HKEY_CLASSES_ROOT\IMIToolbar.LeftFrame.1
HKEY_CLASSES_ROOT\IMIToolbar.PopupBrowser
HKEY_CLASSES_ROOT\IMIToolbar.PopupBrowser.1
HKEY_CLASSES_ROOT\IMIToolbar.PopupWindow
HKEY_CLASSES_ROOT\IMIToolbar.PopupWindow.1
HKEY_CLASSES_ROOT\Interface\{0667935E-6350-4BF3-9F97-952363D87C1F}
HKEY_CLASSES_ROOT\Interface\{0F72A081-4DCA-4288-970E-2F7DBBF8B54C}
HKEY_CLASSES_ROOT\Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}
HKEY_CLASSES_ROOT\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}
HKEY_CLASSES_ROOT\Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}
HKEY_CLASSES_ROOT\Interface\{7092C637-9298-4ACD-8E4D-E7C8157ABDCC}
HKEY_CLASSES_ROOT\Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}
HKEY_CLASSES_ROOT\Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}
HKEY_CLASSES_ROOT\Interface\{C43CB2BC-DE30-4FDA-B982-9312ED9940F6}
HKEY_CLASSES_ROOT\Interface\{D2378491-228B-4398-A041-8967952E79EF}
HKEY_CLASSES_ROOT\Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}
HKEY_CLASSES_ROOT\Interface\{F8084C00-5E03-4B9F-8846-EFE24334C44A}
HKEY_CLASSES_ROOT\Interface\{F9B9C9A3-9D2D-423D-ABA5-80D83A915023}
HKEY_CLASSES_ROOT\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}
HKEY_CLASSES_ROOT\Typelib\{58D419E8-1321-4DD2-A6FC-7B41C14DCD79}
HKEY_CLASSES_ROOT\TypeLib\{8F73AC0F-5769-4282-8762-B396A3BFF377}
HKEY_CLASSES_ROOT\Wbho.Band
HKEY_CLASSES_ROOT\Wbho.Band.1
HKEY_CURRENT_USER\Software\dsktb
HKEY_CURRENT_USER\Software\dsrch
HKEY_CURRENT_USER\Software\inst
HKEY_CURRENT_USER\Software\intexp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{666E4D35-E955-11D0-A707-000000521958}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00F1D395-4744-40f0-A611-980F61AE2C59}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69135BDE-5FDC-4B61-98AA-82AD2091BCCC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\intexp

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Removing OneClickNetSearch:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

BHOMoneyGainer Adware

Removing BHOMoneyGainer
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\shginasn.xml
[%WINDOWS%]\shginasn.xml

How to detect BHOMoneyGainer:

Files:
[%WINDOWS%]\shginasn.xml
[%WINDOWS%]\shginasn.xml

Registry Keys:
HKEY_CLASSES_ROOT\bookmark.bhomoneygainer
HKEY_CLASSES_ROOT\bookmark.bhomoneygainer.1
HKEY_CLASSES_ROOT\CLSID\{C815ACE8-3DBF-4FFD-8231-AB1D21E8B7EE}
HKEY_CLASSES_ROOT\interface\{feaa3402-e101-4abd-9337-bdeefc6d29ca}
HKEY_CLASSES_ROOT\typelib\{27195441-54b0-4dd3-820c-699ac3ef8d37}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{c815ace8-3dbf-4ffd-8231-ab1d21e8b7ee}
HKEY_LOCAL_MACHINE\software\iasadc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C815ACE8-3DBF-4FFD-8231-AB1D21E8B7EE}
HKEY_CLASSES_ROOT\clsid\{c815ace8-3dbf-4ffd-8231-ab1d21e8b7ee}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c815ace8-3dbf-4ffd-8231-ab1d21e8b7ee}

Removing BHOMoneyGainer:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

CTXPopup Adware

Removing CTXPopup
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\ctxpopup.dll
[%SYSTEM%]\ctxpopup.dll

How to detect CTXPopup:

Files:
[%SYSTEM%]\ctxpopup.dll
[%SYSTEM%]\ctxpopup.dll

Registry Keys:
HKEY_CLASSES_ROOT\appid\ctxpopup.dll
HKEY_CLASSES_ROOT\appid\{3857b9cb-de72-4c97-9125-2dd460fb572a}
HKEY_CLASSES_ROOT\interface\{f461798e-c228-41d4-b6e4-01c3b158584b}
HKEY_CLASSES_ROOT\typelib\{3857b9cb-de72-4c97-9125-2dd460fb572a}
HKEY_CLASSES_ROOT\clsid\{5d647e9c-6b37-4636-9a78-dadb1eb93bdf}
HKEY_CLASSES_ROOT\ctxpopup.ieobject
HKEY_CLASSES_ROOT\ctxpopup.ieobject.1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5d647e9c-6b37-4636-9a78-dadb1eb93bdf}

Removing CTXPopup:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Lineage.ACQ Trojan

Removing Lineage.ACQ
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Lineage.ACQ Also known as:

[Kaspersky]Trojan-PSW.Win32.Hangame.cl
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES_COMMON%]\System\commond.pif
[%PROGRAM_FILES_COMMON%]\System\commond.pif

How to detect Lineage.ACQ:

Files:
[%PROGRAM_FILES_COMMON%]\System\commond.pif
[%PROGRAM_FILES_COMMON%]\System\commond.pif

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Lineage.ACQ:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

PC.Activity.Monitor.Standard Spyware

Removing PC.Activity.Monitor.Standard
Categories: Spyware
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\pc activity monitor standard.lnk
[%PROFILE%]\recent\pc activity monitor standard.lnk
[%DESKTOP%]\pc activity monitor standard.lnk
[%PROFILE%]\recent\pc activity monitor standard.lnk

How to detect PC.Activity.Monitor.Standard:

Files:
[%DESKTOP%]\pc activity monitor standard.lnk
[%PROFILE%]\recent\pc activity monitor standard.lnk
[%DESKTOP%]\pc activity monitor standard.lnk
[%PROFILE%]\recent\pc activity monitor standard.lnk

Folders:
[%PROGRAMS%]\pc activity monitor standard
[%PROGRAM_FILES%]\pc activity monitor standard

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pc activity monitor standard

Removing PC.Activity.Monitor.Standard:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Outerinfo Malware

Removing Outerinfo
Categories: Malware,Popups
Malware includes a range of programs that do not threaten computers directly,
but are used to create viruses or Trojans, or used to carry out illegal activities
such as DoS attacks and breaking into other computers. The pop-ups generally will not be stopped by pop-up stoppers, and often are
not dependent on your having Internet Explorer open.

Visible Symptoms:
Files in system folders:
[%APPDATA%]\%A5%C1dobe\r%AC%D6gsvr32.exe
[%APPDATA%]\??curity\l?gonui.exe
[%APPDATA%]\T?sks\?explore.exe
[%PROGRAM_FILES%]\Outerinfo\Outerinfo.dll
[%SYSTEM%]\%83%AAicrosoft\s%84%82ool32.exe
[%SYSTEM%]\%A5%CCicrosoft\n%AC%D6tdde.exe
[%SYSTEM%]\%AC%B0racle\%A5%F4serinit.exe
[%SYSTEM%]\??crosoft\?hkntfs.exe
[%SYSTEM%]\??crosoft\s?chost.exe
[%SYSTEM%]\??curity\l?ass.exe
[%SYSTEM%]\??mbols\r?gedit.exe
[%SYSTEM%]\?asks\n?pdb.exe
[%SYSTEM%]\?dobe\r?gsvr32.exe
[%SYSTEM%]\?ecurity\?pool32.exe
[%SYSTEM%]\?icrosoft.NET\w?auclt.exe
[%SYSTEM%]\?racle\l?ass.exe
[%SYSTEM%]\?ssembly\w?crtupd.exe
[%SYSTEM%]\?ymbols\?%AC%E2oolsv.exe
[%SYSTEM%]\?ystem\s?ool32.exe
[%SYSTEM%]\chkntfs.exe
[%SYSTEM%]\csrss.exe
[%SYSTEM%]\dvdplay.exe
[%SYSTEM%]\mshta.exe
[%SYSTEM%]\notepad.exe
[%SYSTEM%]\s?mbols\i?xplore.exe
[%SYSTEM%]\s?stem32\userinit.exe
[%SYSTEM%]\s?stem32\w?nspool.exe
[%SYSTEM%]\T?sks\??chost.exe
[%SYSTEM%]\userinit.exe
[%SYSTEM%]\wowexec.exe
[%WINDOWS%]\??crosoft.NET\?explore.exe
[%WINDOWS%]\??mbols\rundll32.exe
[%WINDOWS%]\??sks\n?lookup.exe
[%WINDOWS%]\?dobe\j?vaw.exe
[%WINDOWS%]\?dobe\m?dtc.exe
[%WINDOWS%]\?ecurity\r?ndll.exe
[%WINDOWS%]\?icrosoft.NET\?hkdsk.exe
[%WINDOWS%]\?ymantec\chkntfs.exe
[%WINDOWS%]\?ymantec\n?tepad.exe
[%WINDOWS%]\?ymbols\??anregw.exe
[%WINDOWS%]\?ymbols\l?ass.exe
[%WINDOWS%]\?ystem\w?nword.exe
[%WINDOWS%]\a?sembly\??rss.exe
[%WINDOWS%]\F?nts\?ti2evxx.exe
[%WINDOWS%]\F?nts\t?skmgr.exe
[%WINDOWS%]\M?crosoft.NET\n?tdde.exe
[%WINDOWS%]\s?curity\??ool32.exe
[%WINDOWS%]\S?mantec\??ool32.exe
[%WINDOWS%]\s?mbols\?hkdsk.exe
[%WINDOWS%]\s?stem\??plorer.exe
[%WINDOWS%]\W?nSxS\s?rvices.exe
[%APPDATA%]\%A5%C1dobe\r%AC%D6gsvr32.exe
[%APPDATA%]\??curity\l?gonui.exe
[%APPDATA%]\T?sks\?explore.exe
[%PROGRAM_FILES%]\Outerinfo\Outerinfo.dll
[%SYSTEM%]\%83%AAicrosoft\s%84%82ool32.exe
[%SYSTEM%]\%A5%CCicrosoft\n%AC%D6tdde.exe
[%SYSTEM%]\%AC%B0racle\%A5%F4serinit.exe
[%SYSTEM%]\??crosoft\?hkntfs.exe
[%SYSTEM%]\??crosoft\s?chost.exe
[%SYSTEM%]\??curity\l?ass.exe
[%SYSTEM%]\??mbols\r?gedit.exe
[%SYSTEM%]\?asks\n?pdb.exe
[%SYSTEM%]\?dobe\r?gsvr32.exe
[%SYSTEM%]\?ecurity\?pool32.exe
[%SYSTEM%]\?icrosoft.NET\w?auclt.exe
[%SYSTEM%]\?racle\l?ass.exe
[%SYSTEM%]\?ssembly\w?crtupd.exe
[%SYSTEM%]\?ymbols\?%AC%E2oolsv.exe
[%SYSTEM%]\?ystem\s?ool32.exe
[%SYSTEM%]\chkntfs.exe
[%SYSTEM%]\csrss.exe
[%SYSTEM%]\dvdplay.exe
[%SYSTEM%]\mshta.exe
[%SYSTEM%]\notepad.exe
[%SYSTEM%]\s?mbols\i?xplore.exe
[%SYSTEM%]\s?stem32\userinit.exe
[%SYSTEM%]\s?stem32\w?nspool.exe
[%SYSTEM%]\T?sks\??chost.exe
[%SYSTEM%]\userinit.exe
[%SYSTEM%]\wowexec.exe
[%WINDOWS%]\??crosoft.NET\?explore.exe
[%WINDOWS%]\??mbols\rundll32.exe
[%WINDOWS%]\??sks\n?lookup.exe
[%WINDOWS%]\?dobe\j?vaw.exe
[%WINDOWS%]\?dobe\m?dtc.exe
[%WINDOWS%]\?ecurity\r?ndll.exe
[%WINDOWS%]\?icrosoft.NET\?hkdsk.exe
[%WINDOWS%]\?ymantec\chkntfs.exe
[%WINDOWS%]\?ymantec\n?tepad.exe
[%WINDOWS%]\?ymbols\??anregw.exe
[%WINDOWS%]\?ymbols\l?ass.exe
[%WINDOWS%]\?ystem\w?nword.exe
[%WINDOWS%]\a?sembly\??rss.exe
[%WINDOWS%]\F?nts\?ti2evxx.exe
[%WINDOWS%]\F?nts\t?skmgr.exe
[%WINDOWS%]\M?crosoft.NET\n?tdde.exe
[%WINDOWS%]\s?curity\??ool32.exe
[%WINDOWS%]\S?mantec\??ool32.exe
[%WINDOWS%]\s?mbols\?hkdsk.exe
[%WINDOWS%]\s?stem\??plorer.exe
[%WINDOWS%]\W?nSxS\s?rvices.exe

How to detect Outerinfo:

Files:
[%APPDATA%]\%A5%C1dobe\r%AC%D6gsvr32.exe
[%APPDATA%]\??curity\l?gonui.exe
[%APPDATA%]\T?sks\?explore.exe
[%PROGRAM_FILES%]\Outerinfo\Outerinfo.dll
[%SYSTEM%]\%83%AAicrosoft\s%84%82ool32.exe
[%SYSTEM%]\%A5%CCicrosoft\n%AC%D6tdde.exe
[%SYSTEM%]\%AC%B0racle\%A5%F4serinit.exe
[%SYSTEM%]\??crosoft\?hkntfs.exe
[%SYSTEM%]\??crosoft\s?chost.exe
[%SYSTEM%]\??curity\l?ass.exe
[%SYSTEM%]\??mbols\r?gedit.exe
[%SYSTEM%]\?asks\n?pdb.exe
[%SYSTEM%]\?dobe\r?gsvr32.exe
[%SYSTEM%]\?ecurity\?pool32.exe
[%SYSTEM%]\?icrosoft.NET\w?auclt.exe
[%SYSTEM%]\?racle\l?ass.exe
[%SYSTEM%]\?ssembly\w?crtupd.exe
[%SYSTEM%]\?ymbols\?%AC%E2oolsv.exe
[%SYSTEM%]\?ystem\s?ool32.exe
[%SYSTEM%]\chkntfs.exe
[%SYSTEM%]\csrss.exe
[%SYSTEM%]\dvdplay.exe
[%SYSTEM%]\mshta.exe
[%SYSTEM%]\notepad.exe
[%SYSTEM%]\s?mbols\i?xplore.exe
[%SYSTEM%]\s?stem32\userinit.exe
[%SYSTEM%]\s?stem32\w?nspool.exe
[%SYSTEM%]\T?sks\??chost.exe
[%SYSTEM%]\userinit.exe
[%SYSTEM%]\wowexec.exe
[%WINDOWS%]\??crosoft.NET\?explore.exe
[%WINDOWS%]\??mbols\rundll32.exe
[%WINDOWS%]\??sks\n?lookup.exe
[%WINDOWS%]\?dobe\j?vaw.exe
[%WINDOWS%]\?dobe\m?dtc.exe
[%WINDOWS%]\?ecurity\r?ndll.exe
[%WINDOWS%]\?icrosoft.NET\?hkdsk.exe
[%WINDOWS%]\?ymantec\chkntfs.exe
[%WINDOWS%]\?ymantec\n?tepad.exe
[%WINDOWS%]\?ymbols\??anregw.exe
[%WINDOWS%]\?ymbols\l?ass.exe
[%WINDOWS%]\?ystem\w?nword.exe
[%WINDOWS%]\a?sembly\??rss.exe
[%WINDOWS%]\F?nts\?ti2evxx.exe
[%WINDOWS%]\F?nts\t?skmgr.exe
[%WINDOWS%]\M?crosoft.NET\n?tdde.exe
[%WINDOWS%]\s?curity\??ool32.exe
[%WINDOWS%]\S?mantec\??ool32.exe
[%WINDOWS%]\s?mbols\?hkdsk.exe
[%WINDOWS%]\s?stem\??plorer.exe
[%WINDOWS%]\W?nSxS\s?rvices.exe
[%APPDATA%]\%A5%C1dobe\r%AC%D6gsvr32.exe
[%APPDATA%]\??curity\l?gonui.exe
[%APPDATA%]\T?sks\?explore.exe
[%PROGRAM_FILES%]\Outerinfo\Outerinfo.dll
[%SYSTEM%]\%83%AAicrosoft\s%84%82ool32.exe
[%SYSTEM%]\%A5%CCicrosoft\n%AC%D6tdde.exe
[%SYSTEM%]\%AC%B0racle\%A5%F4serinit.exe
[%SYSTEM%]\??crosoft\?hkntfs.exe
[%SYSTEM%]\??crosoft\s?chost.exe
[%SYSTEM%]\??curity\l?ass.exe
[%SYSTEM%]\??mbols\r?gedit.exe
[%SYSTEM%]\?asks\n?pdb.exe
[%SYSTEM%]\?dobe\r?gsvr32.exe
[%SYSTEM%]\?ecurity\?pool32.exe
[%SYSTEM%]\?icrosoft.NET\w?auclt.exe
[%SYSTEM%]\?racle\l?ass.exe
[%SYSTEM%]\?ssembly\w?crtupd.exe
[%SYSTEM%]\?ymbols\?%AC%E2oolsv.exe
[%SYSTEM%]\?ystem\s?ool32.exe
[%SYSTEM%]\chkntfs.exe
[%SYSTEM%]\csrss.exe
[%SYSTEM%]\dvdplay.exe
[%SYSTEM%]\mshta.exe
[%SYSTEM%]\notepad.exe
[%SYSTEM%]\s?mbols\i?xplore.exe
[%SYSTEM%]\s?stem32\userinit.exe
[%SYSTEM%]\s?stem32\w?nspool.exe
[%SYSTEM%]\T?sks\??chost.exe
[%SYSTEM%]\userinit.exe
[%SYSTEM%]\wowexec.exe
[%WINDOWS%]\??crosoft.NET\?explore.exe
[%WINDOWS%]\??mbols\rundll32.exe
[%WINDOWS%]\??sks\n?lookup.exe
[%WINDOWS%]\?dobe\j?vaw.exe
[%WINDOWS%]\?dobe\m?dtc.exe
[%WINDOWS%]\?ecurity\r?ndll.exe
[%WINDOWS%]\?icrosoft.NET\?hkdsk.exe
[%WINDOWS%]\?ymantec\chkntfs.exe
[%WINDOWS%]\?ymantec\n?tepad.exe
[%WINDOWS%]\?ymbols\??anregw.exe
[%WINDOWS%]\?ymbols\l?ass.exe
[%WINDOWS%]\?ystem\w?nword.exe
[%WINDOWS%]\a?sembly\??rss.exe
[%WINDOWS%]\F?nts\?ti2evxx.exe
[%WINDOWS%]\F?nts\t?skmgr.exe
[%WINDOWS%]\M?crosoft.NET\n?tdde.exe
[%WINDOWS%]\s?curity\??ool32.exe
[%WINDOWS%]\S?mantec\??ool32.exe
[%WINDOWS%]\s?mbols\?hkdsk.exe
[%WINDOWS%]\s?stem\??plorer.exe
[%WINDOWS%]\W?nSxS\s?rvices.exe

Folders:
[%APPDATA%]\??curity
[%APPDATA%]\??mbols
[%APPDATA%]\T?sks
[%PROGRAM_FILES%]\A?pPatch
[%PROGRAM_FILES%]\W?nSxS
[%PROGRAM_FILES_COMMON%]\??mantec
[%SYSTEM%]\%83%AAicrosoft
[%SYSTEM%]\%A5%CCicrosoft
[%SYSTEM%]\%AC%B0racle
[%SYSTEM%]\%BD%F3mantec
[%SYSTEM%]\??crosoft
[%SYSTEM%]\??crosoft.NET
[%SYSTEM%]\??curity
[%SYSTEM%]\??mbols
[%SYSTEM%]\??stem
[%SYSTEM%]\??stem32
[%SYSTEM%]\?asks
[%SYSTEM%]\?dobe
[%SYSTEM%]\?ecurity
[%SYSTEM%]\?icrosoft
[%SYSTEM%]\?icrosoft.NET
[%SYSTEM%]\?racle
[%SYSTEM%]\?ssembly
[%SYSTEM%]\?ymbols
[%SYSTEM%]\?ystem
[%SYSTEM%]\?ystem32
[%SYSTEM%]\F?nts
[%SYSTEM%]\s?mbols
[%SYSTEM%]\s?stem
[%SYSTEM%]\s?stem32
[%SYSTEM%]\T?sks
[%WINDOWS%]\%A5%CCicrosoft
[%WINDOWS%]\??crosoft.NET
[%WINDOWS%]\??mbols
[%WINDOWS%]\??sks
[%WINDOWS%]\?dobe
[%WINDOWS%]\?ecurity
[%WINDOWS%]\?icrosoft.NET
[%WINDOWS%]\?racle
[%WINDOWS%]\?ssembly
[%WINDOWS%]\?ymantec
[%WINDOWS%]\?ymbols
[%WINDOWS%]\?ystem
[%WINDOWS%]\a?sembly
[%WINDOWS%]\F?nts
[%WINDOWS%]\M?crosoft.NET
[%WINDOWS%]\s?curity
[%WINDOWS%]\S?mantec
[%WINDOWS%]\s?mbols
[%WINDOWS%]\s?stem
[%WINDOWS%]\W?nSxS\\msad\root\NA\NY\users\ksingh\s?mbols

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{2E9D4C81-9F27-4C14-B804-7B0F6BC88A4F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E9D4C81-9F27-4C14-B804-7B0F6BC88A4F}

Registry Values:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Removing Outerinfo:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Sfondipert Adware

Removing Sfondipert
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\Dialer\sfondipertutti.exe
[%PROGRAM_FILES%]\Dialer\sfondipertutti.exe

How to detect Sfondipert:

Files:
[%PROGRAM_FILES%]\Dialer\sfondipertutti.exe
[%PROGRAM_FILES%]\Dialer\sfondipertutti.exe

Removing Sfondipert:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

BootMerlin Trojan

Removing BootMerlin
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
BootMerlin Also known as:

[Kaspersky]Trojan.Win32.VB.awo;
[McAfee]W32/BootMerlin;
[Other]Win32/BootMerlin.A
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\System\csrss.exe
[%SYSTEM%]\dllcache\G-Vulcan-III.exe
[%WINDOWS%]\System\csrss.exe
[%SYSTEM%]\dllcache\G-Vulcan-III.exe

How to detect BootMerlin:

Files:
[%WINDOWS%]\System\csrss.exe
[%SYSTEM%]\dllcache\G-Vulcan-III.exe
[%WINDOWS%]\System\csrss.exe
[%SYSTEM%]\dllcache\G-Vulcan-III.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing BootMerlin:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Sdbot Trojan

Removing Sdbot
Categories: Trojan,Worm,Backdoor,RAT,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Worms can be classified by installation method, launch method and finally according
to characteristics standard to all malware: polymorphism, stealth etc.

Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.

Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.


Sdbot Also known as:

[Kaspersky]Backdoor.IRC.Codrag,Backdoor.SdBot.h,Backdoor.IRC.SdBot,Backdoor.Agent.m,Backdoor.Agent.l,Backdoor.Agent.b,Backdoor.Win32.SdBot.gen,Backdoor.Win32.IRCBot.qc,Backdoor.Win32.SdBot.asr;
[Eset]IRC/SdBot.P trojan,IRC/SdBot.GM trojan,Win32/IRC.SdBot.05.H trojan,Win32/IRC.SdBot.H trojan,Win32/IRC.SdBot.D trojan,Win32/IRC.SdBot.C trojan,IRC/SdBot.AQH trojan,Win32/IRC.SdBot.05.D trojan,Win32/IRC.SdBot.04.C trojan,Win32/IRC.SdBot.AH trojan,Win32/Agent.B trojan,IRC/SdBot.AFJ trojan,Win32/Agent.M trojan,Win32/IRC.SdBot.02.A trojan,IRC/SdBot.AHL trojan,Win32/Agent.L trojan,IRC/SdBot.KI trojan;
[McAfee]IRC-Sdbot;
[Panda]Bck/Sdbot.gen,Bck/IRC.Sdbot.Gen,Backdoor Program,Bck/IRC.SdBot,Trojan Horse,Bck/Sdbot.DL,Bck/IRC.Sdbot.05,Bck/SDbot.04,Bck/IRC.Sdbot.c,Backdoor Program.LC,Trj/Multidropper.BL,Bck/SdBot;
[Computer Associates]Win32/SDBot!Backdoor!Server.Vari,Backdoor/SdBot.CF,Bat/AnnexBot!Trojan,IRC.AnnexS,IRC.Flood,mIRC/Annexbot!Trojan,mIRC/SdBot.P!Trojan,Backdoor/SdBot.34816!Server,Win32.Sdbot.EJ,Win32/SDBot.05.A!Backdoor,Backdoor/Sdbot.h,Win32.Sdbot.04,Win32.Sdbot.F,Win32.Sdbot.D,Win32/IRC.13124!Trojan,Backdoor/SdBot.C,Backdoor/SdBot.H,Backdoor/SDBot.05.D,Backdoor/SdBot.04.C,Backdoor/SdBot.Explorera!Server,Win32.Sdbot.04.C,Win32.Sdbot.EU,Win32.Sdbot.38912.C,Win32/Sdbot.38912.C.Trojan,Win32.Sdbot.55204,Win32/IRCBot.Trojan,Win32.Sdbot.36352.A,Win32/SdBot.36352.A.Trojan,Backdoor/Sdbot.02.A,Win32.Sdbot.02.A,Win32/SdBot.NV.Worm,Win32/SdBot.38912.B.Trojan,Win32.Sdbot.38912.B,Win32.Sdbot.M;
[Other]BKDR_SDBOT.B,Troj/Sdbot-B,Win32.SdBot.14176,Win32.Sdbot.JB,Win32/Sdbot.JF,Win32/Sdbot.JH,Win32/Sdbot.JI
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\p2pnetworking.exe
[%PROGRAM_FILES%]\Microsoft Security Adviser\msavsc.exe
[%PROGRAM_FILES%]\Microsoft Security Adviser\msctrl.exe
[%PROGRAM_FILES%]\Microsoft Security Adviser\msfw.exe
[%PROGRAM_FILES%]\Microsoft Security Adviser\msiemon.exe
[%PROGRAM_FILES%]\Microsoft Security Adviser\msscan.exe
[%SYSTEM%]\kernels1118.exe
[%WINDOWS%]\system\svchest.exe
[%WINDOWS%]\winmsgr.exe
[%SYSTEM%]\AIMTRITON.EXE
[%SYSTEM%]\explorer .exe
[%SYSTEM%]\winsvc.exe
[%WINDOWS%]\wlmsngr.exe
[%SYSTEM%]\p2pnetworking.exe
[%PROGRAM_FILES%]\Microsoft Security Adviser\msavsc.exe
[%PROGRAM_FILES%]\Microsoft Security Adviser\msctrl.exe
[%PROGRAM_FILES%]\Microsoft Security Adviser\msfw.exe
[%PROGRAM_FILES%]\Microsoft Security Adviser\msiemon.exe
[%PROGRAM_FILES%]\Microsoft Security Adviser\msscan.exe
[%SYSTEM%]\kernels1118.exe
[%WINDOWS%]\system\svchest.exe
[%WINDOWS%]\winmsgr.exe
[%SYSTEM%]\AIMTRITON.EXE
[%SYSTEM%]\explorer .exe
[%SYSTEM%]\winsvc.exe
[%WINDOWS%]\wlmsngr.exe

How to detect Sdbot:

Files:
[%SYSTEM%]\p2pnetworking.exe
[%PROGRAM_FILES%]\Microsoft Security Adviser\msavsc.exe
[%PROGRAM_FILES%]\Microsoft Security Adviser\msctrl.exe
[%PROGRAM_FILES%]\Microsoft Security Adviser\msfw.exe
[%PROGRAM_FILES%]\Microsoft Security Adviser\msiemon.exe
[%PROGRAM_FILES%]\Microsoft Security Adviser\msscan.exe
[%SYSTEM%]\kernels1118.exe
[%WINDOWS%]\system\svchest.exe
[%WINDOWS%]\winmsgr.exe
[%SYSTEM%]\AIMTRITON.EXE
[%SYSTEM%]\explorer .exe
[%SYSTEM%]\winsvc.exe
[%WINDOWS%]\wlmsngr.exe
[%SYSTEM%]\p2pnetworking.exe
[%PROGRAM_FILES%]\Microsoft Security Adviser\msavsc.exe
[%PROGRAM_FILES%]\Microsoft Security Adviser\msctrl.exe
[%PROGRAM_FILES%]\Microsoft Security Adviser\msfw.exe
[%PROGRAM_FILES%]\Microsoft Security Adviser\msiemon.exe
[%PROGRAM_FILES%]\Microsoft Security Adviser\msscan.exe
[%SYSTEM%]\kernels1118.exe
[%WINDOWS%]\system\svchest.exe
[%WINDOWS%]\winmsgr.exe
[%SYSTEM%]\AIMTRITON.EXE
[%SYSTEM%]\explorer .exe
[%SYSTEM%]\winsvc.exe
[%WINDOWS%]\wlmsngr.exe

Folders:
[%PROGRAM_FILES%]\Microsoft Security Adviser

Registry Keys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Indexingbox
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wlmsngr

Registry Values:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extension

Removing Sdbot:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

System33r.Socks5 Trojan

Removing System33r.Socks5
Categories: Trojan,Backdoor,Downloader,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.
System33r.Socks5 Also known as:

[Kaspersky]Constructor.Win32.SS.11.b;
[McAfee]BackDoor-OR;
[F-Prot]W32/System33.E@bd;
[Other]Win32/SaltSock.A,Backdoor:Win32/Subseven.DA,Constructor.Win32.SS.11.b

How to detect System33r.Socks5:

Registry Keys:
HKEY_CURRENT_USER\software\vb and vba program settings\system33r socks5

Removing System33r.Socks5:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

WinSecureAv Ransomware

Removing WinSecureAv
Categories: Ransomware
The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.
Visible Symptoms:
Files in system folders:
[%COMMON_DESKTOPDIRECTORY%]\WinSecureAv.lnk
[%PROFILE_TEMP%]\is-69GNC.tmp\ga6plicense.ini
[%PROFILE_TEMP%]\is-69GNC.tmp\gfl.exe
[%PROFILE_TEMP%]\is-69GNC.tmp\License_4_1.rtf
[%PROFILE_TEMP%]\is-69GNC.tmp\_isetup\_shfoldr.dll
[%COMMON_DESKTOPDIRECTORY%]\WinSecureAv.lnk
[%PROFILE_TEMP%]\is-69GNC.tmp\ga6plicense.ini
[%PROFILE_TEMP%]\is-69GNC.tmp\gfl.exe
[%PROFILE_TEMP%]\is-69GNC.tmp\License_4_1.rtf
[%PROFILE_TEMP%]\is-69GNC.tmp\_isetup\_shfoldr.dll

How to detect WinSecureAv:

Files:
[%COMMON_DESKTOPDIRECTORY%]\WinSecureAv.lnk
[%PROFILE_TEMP%]\is-69GNC.tmp\ga6plicense.ini
[%PROFILE_TEMP%]\is-69GNC.tmp\gfl.exe
[%PROFILE_TEMP%]\is-69GNC.tmp\License_4_1.rtf
[%PROFILE_TEMP%]\is-69GNC.tmp\_isetup\_shfoldr.dll
[%COMMON_DESKTOPDIRECTORY%]\WinSecureAv.lnk
[%PROFILE_TEMP%]\is-69GNC.tmp\ga6plicense.ini
[%PROFILE_TEMP%]\is-69GNC.tmp\gfl.exe
[%PROFILE_TEMP%]\is-69GNC.tmp\License_4_1.rtf
[%PROFILE_TEMP%]\is-69GNC.tmp\_isetup\_shfoldr.dll

Folders:
[%APPDATA%]\WinSecureAv
[%COMMON_PROGRAMS%]\WinSecureAv
[%PROGRAM_FILES%]\WinSecureAv
[%PROGRAM_FILES_COMMON%]\WinSecureAv

Registry Keys:
HKEY_CURRENT_USER\software\winsecureav
HKEY_LOCAL_MACHINE\software\winsecureav

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\products
HKEY_LOCAL_MACHINE\software\products

Removing WinSecureAv:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

CodeClean2007 Adware

Removing CodeClean2007
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

How to detect CodeClean2007:

Folders:
[%PROGRAM_FILES%]\CodeClean2007

Registry Keys:
HKEY_CLASSES_ROOT\ccexp.siteblock
HKEY_CLASSES_ROOT\ccexp.siteblock.1
HKEY_CLASSES_ROOT\clsid\{e40ace2c-5722-4bff-be3e-7741a211d466}
HKEY_CLASSES_ROOT\interface\{92378c0b-4c11-4f44-8127-256fe2f71319}
HKEY_CLASSES_ROOT\typelib\{92378c0a-4c11-4f44-8127-256fe2f71319}
HKEY_LOCAL_MACHINE\software\codeclean
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\codeclean

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing CodeClean2007:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

SillyDl.ARA Trojan

Removing SillyDl.ARA
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
SillyDl.ARA Also known as:

[Kaspersky]Trojan-Downloader.Win32.Small.cgi
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES_COMMON%]\System\msdc32.dll
[%PROGRAM_FILES_COMMON%]\System\msdc32.dll

How to detect SillyDl.ARA:

Files:
[%PROGRAM_FILES_COMMON%]\System\msdc32.dll
[%PROGRAM_FILES_COMMON%]\System\msdc32.dll

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run

Removing SillyDl.ARA:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Win32.Agent.NGH Trojan

Removing Win32.Agent.NGH
Categories: Trojan,BHO
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\SecureWin31.dll
[%WINDOWS%]\SecureWin31.dll

How to detect Win32.Agent.NGH:

Files:
[%WINDOWS%]\SecureWin31.dll
[%WINDOWS%]\SecureWin31.dll

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{A75E294E-C047-4D29-B07E-37B792881BEF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A75E294E-C047-4D29-B07E-37B792881BEF}

Removing Win32.Agent.NGH:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Express.III Trojan

Removing Express.III
Categories: Trojan,Backdoor
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Express.III Also known as:

[Kaspersky]Backdoor.Express.201;
[McAfee]PWS-Express;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/Express.201;
[Computer Associates]Backdoor/Express.201,Win32.Express.201
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\lwpsm32.dll
[%WINDOWS%]\system\lwpsm32.dll

How to detect Express.III:

Files:
[%WINDOWS%]\system\lwpsm32.dll
[%WINDOWS%]\system\lwpsm32.dll

Removing Express.III:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

CouponsandOffers Adware

Removing CouponsandOffers
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\couponsandoffers\wjview.exe
[%PROGRAM_FILES%]\couponsandoffers\wjview.exe

How to detect CouponsandOffers:

Files:
[%PROGRAM_FILES%]\couponsandoffers\wjview.exe
[%PROGRAM_FILES%]\couponsandoffers\wjview.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing CouponsandOffers:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Shockdown Downloader

Removing Shockdown
Categories: Downloader
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
Shockdown Also known as:

[Kaspersky]Trojan-Downlaoder.Win32.Dadobra.af;
[McAfee]Downloader-ABU

How to detect Shockdown:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Shockdown:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

OpenSite Adware

Removing OpenSite
Categories: Adware,BHO,Hijacker
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.
OpenSite Also known as:

[Kaspersky]TrojanClicker.Win32.VB.br;
[Other]Adware.OpenSite
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\opnste.dll
[%WINDOWS%]\system\opnste.dll
[%SYSTEM%]\opnste.dll
[%WINDOWS%]\system\opnste.dll

How to detect OpenSite:

Files:
[%SYSTEM%]\opnste.dll
[%WINDOWS%]\system\opnste.dll
[%SYSTEM%]\opnste.dll
[%WINDOWS%]\system\opnste.dll

Folders:
[%PROGRAM_FILES%]\open site

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\open site
HKEY_CLASSES_ROOT\clsid\{30a56549-9d5b-4d34-afa7-440a7f0538a9}
HKEY_CLASSES_ROOT\interface\{c9d12be0-1bf5-4748-b416-5cefd8c968a8}
HKEY_CLASSES_ROOT\opensite.cbrowserhelper
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{30a56549-9d5b-4d34-afa7-440a7f0538a9}
HKEY_CLASSES_ROOT\typelib\{b968a45d-3edf-4c5a-a378-a315854d7419}
HKEY_LOCAL_MACHINE\software\classes\clsid\{30a56549-9d5b-4d34-afa7-440a7f0538a9}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{30a56549-9d5b-4d34-afa7-440a7f0538a9}

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing OpenSite:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Winsics Trojan

Removing Winsics
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\Packet1.exe
[%SYSTEM%]\RAVWM526.dll
[%SYSTEM%]\Packet1.exe
[%SYSTEM%]\RAVWM526.dll

How to detect Winsics:

Files:
[%SYSTEM%]\Packet1.exe
[%SYSTEM%]\RAVWM526.dll
[%SYSTEM%]\Packet1.exe
[%SYSTEM%]\RAVWM526.dll

Registry Keys:
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_winwmservicenow
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winwmservicenow

Removing Winsics:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

MMTask Adware

Removing MMTask
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\mmtask1.exe
[%SYSTEM%]\mmtask2.exe
[%PROGRAM_FILES%]\ecommerce\dialer.exe
[%PROGRAM_FILES%]\ecommerce\dialer.ini
[%SYSTEM%]\mmtask0.exe
[%WINDOWS%]\system\mmtask0.exe
[%WINDOWS%]\system\mmtask1.exe
[%WINDOWS%]\system\mmtask2.exe
[%SYSTEM%]\mmtask1.exe
[%SYSTEM%]\mmtask2.exe
[%PROGRAM_FILES%]\ecommerce\dialer.exe
[%PROGRAM_FILES%]\ecommerce\dialer.ini
[%SYSTEM%]\mmtask0.exe
[%WINDOWS%]\system\mmtask0.exe
[%WINDOWS%]\system\mmtask1.exe
[%WINDOWS%]\system\mmtask2.exe

How to detect MMTask:

Files:
[%SYSTEM%]\mmtask1.exe
[%SYSTEM%]\mmtask2.exe
[%PROGRAM_FILES%]\ecommerce\dialer.exe
[%PROGRAM_FILES%]\ecommerce\dialer.ini
[%SYSTEM%]\mmtask0.exe
[%WINDOWS%]\system\mmtask0.exe
[%WINDOWS%]\system\mmtask1.exe
[%WINDOWS%]\system\mmtask2.exe
[%SYSTEM%]\mmtask1.exe
[%SYSTEM%]\mmtask2.exe
[%PROGRAM_FILES%]\ecommerce\dialer.exe
[%PROGRAM_FILES%]\ecommerce\dialer.ini
[%SYSTEM%]\mmtask0.exe
[%WINDOWS%]\system\mmtask0.exe
[%WINDOWS%]\system\mmtask1.exe
[%WINDOWS%]\system\mmtask2.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing MMTask:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Capharm Adware

Removing Capharm
Categories: Adware,BHO
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.

How to detect Capharm:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{0fb2459f-8908-4381-8904-7fc334f1562c}\programmable
HKEY_CLASSES_ROOT\clsid\{83a98eb4-f00d-4717-8530-042545e9916f}\control
HKEY_CLASSES_ROOT\clsid\{83a98eb4-f00d-4717-8530-042545e9916f}\implemented categories
HKEY_CLASSES_ROOT\typelib\{83a98eb1-f00d-4717-8530-042545e9916f}
HKEY_CLASSES_ROOT\typelib\{f3fee123-6cf3-4547-ba14-422e5cbcc202}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0fb2459f-8908-4381-8904-7fc334f1562c}

Registry Values:
HKEY_CLASSES_ROOT\clsid\{83a98eb4-f00d-4717-8530-042545e9916f}\inprocserver32
HKEY_CLASSES_ROOT\interface\{83a98eb2-f00d-4717-8530-042545e9916f}\typelib
HKEY_CLASSES_ROOT\interface\{83a98eb3-f00d-4717-8530-042545e9916f}\typelib
HKEY_CLASSES_ROOT\interface\{bcce7305-e335-4dc9-9854-5da98a2285ec}\typelib

Removing Capharm:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Ap Trojan

Removing Ap
Categories: Trojan,Adware,Backdoor,Downloader,DoS
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
DoS trojans conduct attacks from a single computer with the consent of the user.
Ap Also known as:

[Kaspersky]AP.a,Australian.1014,Australian.Twelve.312.a,Australian.Twelve.279.a,Australian.Twelve.284,Australian.Twelve.320,Australian.Twelve.297,Australian.Twelve.305,Australian.Twelve.310,Australian.Twelve.315,Australian.147,Australian.153,Australian.162,Australian.369.b,Australian.424,Australian.440,Australian.550,Australian.Oil.579,DarkFiber.423,Dialer.Win32.Agent.b;
[Eset]Ap.1014 virus,Ap.312.A virus,Ap.279.A virus,Ap.284 virus,Ap.320 virus,Ap.297 virus,Ap.305 virus,Ap.310 virus,Ap.315 virus,Ap.147 virus,Ap.153.A virus,Ap.162 virus,Ap.369.B virus,Ap.424 virus,Ap.440 virus,Ap.550.A virus,modified Ap.550.A virus,Ap.579 virus,Ap.423 virus;
[McAfee]Dialer-Generic;
[F-Prot]W32/Dialer.DEA;
[Panda]AP.a,Night_City,Australian.1014,Aussie (273.320),Australian Tiny,Australian.162,Aussie Parasite,Anke Huber.424,Anke Huber,Australian.550,Aussie.Sdir.579,Aussie.AIH.423;
[Computer Associates]TPE encrypted;
[Other]Dialer.Trafficjam,Dialer-315
Visible Symptoms:
Files in system folders:
[%COMMON_STARTMENU%]\del.lnk
[%PROGRAM_FILES%]\TextBridge Pro 9.0\Bin\ZoneMgrResEng.dll
[%COMMON_STARTMENU%]\del.lnk
[%PROGRAM_FILES%]\TextBridge Pro 9.0\Bin\ZoneMgrResEng.dll

How to detect Ap:

Files:
[%COMMON_STARTMENU%]\del.lnk
[%PROGRAM_FILES%]\TextBridge Pro 9.0\Bin\ZoneMgrResEng.dll
[%COMMON_STARTMENU%]\del.lnk
[%PROGRAM_FILES%]\TextBridge Pro 9.0\Bin\ZoneMgrResEng.dll

Registry Keys:
HKEY_CURRENT_USER\software\delsim
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\delsim

Removing Ap:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

Reign Trojan

Removing Reign
Categories: Trojan,Spyware,Backdoor,Downloader,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Trojans-downloaders downloads and installs new malware or adware on the computer.

These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.
Reign Also known as:

[Panda]Trojan Horse,Trj/Agent.AA,Trj/Iyus.B,Trj/Iyus.F,Trj/Iyus.C,Trj/Bizex.B,Bck/Xordoor.A;
[Computer Associates]Win32.Reign.K,Win32/Reign.K!Trojan,Win32/Reign.K!HookDLL!Trojan,Win32.Reign.O,Win32/Reign.O!Trojan,Win32.Reign.N,Win32/Reign.N!Trojan,Win32.Reign.Z,Win32/Reign!DLL.102400!Trojan,Win32/Reign.Z!Worm,Win32.Reign.X,Win32/Reign.X!Trojan
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\iyus.dll
[%SYSTEM%]\iyus\ampgbbje.exe
[%SYSTEM%]\iyus\foimeobm.exe
[%SYSTEM%]\iyus\hqejkanf.exe
[%SYSTEM%]\unic2_32.dll
[%SYSTEM%]\x3yy\dbkajomk.exe
[%SYSTEM%]\xor\svchost.exe
[%SYSTEM%]\iyus.dll
[%SYSTEM%]\iyus\ampgbbje.exe
[%SYSTEM%]\iyus\foimeobm.exe
[%SYSTEM%]\iyus\hqejkanf.exe
[%SYSTEM%]\unic2_32.dll
[%SYSTEM%]\x3yy\dbkajomk.exe
[%SYSTEM%]\xor\svchost.exe

How to detect Reign:

Files:
[%SYSTEM%]\iyus.dll
[%SYSTEM%]\iyus\ampgbbje.exe
[%SYSTEM%]\iyus\foimeobm.exe
[%SYSTEM%]\iyus\hqejkanf.exe
[%SYSTEM%]\unic2_32.dll
[%SYSTEM%]\x3yy\dbkajomk.exe
[%SYSTEM%]\xor\svchost.exe
[%SYSTEM%]\iyus.dll
[%SYSTEM%]\iyus\ampgbbje.exe
[%SYSTEM%]\iyus\foimeobm.exe
[%SYSTEM%]\iyus\hqejkanf.exe
[%SYSTEM%]\unic2_32.dll
[%SYSTEM%]\x3yy\dbkajomk.exe
[%SYSTEM%]\xor\svchost.exe

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Reign:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:

TIBS Trojan

Removing TIBS
Categories: Trojan,Adware,Backdoor,Downloader
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Trojans-downloaders downloads and installs new malware or adware on the computer.

TIBS Also known as:

[Kaspersky]Trojan-Downloader.Win32.Tibs.im,Trojan-Downloader.Win32.Small.cwj,Email-Worm.Win32.Zhelatin.bw,Packed.Win32.Tibs.w,Trojan-Downloader.Win32.Tibs.pk;
[McAfee]Generic Downloader.q,BraveSentry;
[F-Prot]W32/EmailWorm.IRB;
[Panda]Dialer.DU;
[Other]Win32/Tibs!generic,W32/DLoader.CBPU,W32/DLoader.CBPT,W32/Tibs.VWN,Trojan.Packed.13,Worm:Win32/Nuwar.gen,Mal/EncPk-E,Trojan.Vxgame.z,members area dialer,TrojanDownloader:Win32/Tibs.L,W32/Tibs.gen92,TrojanDownloader:Win32/Tibs
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\1.dllb
[%PROFILE_TEMP%]\2.dllb
[%PROFILE_TEMP%]\5.dllb
[%PROFILE_TEMP%]\6.dllb
[%PROFILE_TEMP%]\7.dllb
[%PROFILE_TEMP%]\qv3xt3.game
[%PROFILE_TEMP%]\qvxt34.game
[%PROFILE_TEMP%]\qvxt42.game
[%SYSTEM%]\dlh9jkd1q1.exe
[%SYSTEM%]\dlh9jkd1q2.exe
[%SYSTEM%]\dlh9jkd1q5.exe
[%SYSTEM%]\dlh9jkd1q6.exe
[%SYSTEM%]\dlh9jkd1q7.exe
[%SYSTEM%]\dlh9jkd1q8.exe
[%SYSTEM%]\dsuiexq.dll
[%SYSTEM%]\ma.exe.exe
[%PROFILE_TEMP%]\ixqlsxgh.exe
[%PROFILE_TEMP%]\ma1xdd1.game
[%SYSTEM%]\bofhn32.dll
[%SYSTEM%]\cubtzv32.dll
[%SYSTEM%]\hdefvz.sys
[%SYSTEM%]\kfejwmi.dll
[%SYSTEM%]\max1d641.exe
[%SYSTEM%]\qvx5gamet2.exe
[%SYSTEM%]\qvxga6met3.exe
[%SYSTEM%]\ufypth.dll
[%SYSTEM%]\usjbgwl.dll
[%PROFILE_TEMP%]\1.dllb
[%PROFILE_TEMP%]\2.dllb
[%PROFILE_TEMP%]\5.dllb
[%PROFILE_TEMP%]\6.dllb
[%PROFILE_TEMP%]\7.dllb
[%PROFILE_TEMP%]\qv3xt3.game
[%PROFILE_TEMP%]\qvxt34.game
[%PROFILE_TEMP%]\qvxt42.game
[%SYSTEM%]\dlh9jkd1q1.exe
[%SYSTEM%]\dlh9jkd1q2.exe
[%SYSTEM%]\dlh9jkd1q5.exe
[%SYSTEM%]\dlh9jkd1q6.exe
[%SYSTEM%]\dlh9jkd1q7.exe
[%SYSTEM%]\dlh9jkd1q8.exe
[%SYSTEM%]\dsuiexq.dll
[%SYSTEM%]\ma.exe.exe
[%PROFILE_TEMP%]\ixqlsxgh.exe
[%PROFILE_TEMP%]\ma1xdd1.game
[%SYSTEM%]\bofhn32.dll
[%SYSTEM%]\cubtzv32.dll
[%SYSTEM%]\hdefvz.sys
[%SYSTEM%]\kfejwmi.dll
[%SYSTEM%]\max1d641.exe
[%SYSTEM%]\qvx5gamet2.exe
[%SYSTEM%]\qvxga6met3.exe
[%SYSTEM%]\ufypth.dll
[%SYSTEM%]\usjbgwl.dll

How to detect TIBS:

Files:
[%PROFILE_TEMP%]\1.dllb
[%PROFILE_TEMP%]\2.dllb
[%PROFILE_TEMP%]\5.dllb
[%PROFILE_TEMP%]\6.dllb
[%PROFILE_TEMP%]\7.dllb
[%PROFILE_TEMP%]\qv3xt3.game
[%PROFILE_TEMP%]\qvxt34.game
[%PROFILE_TEMP%]\qvxt42.game
[%SYSTEM%]\dlh9jkd1q1.exe
[%SYSTEM%]\dlh9jkd1q2.exe
[%SYSTEM%]\dlh9jkd1q5.exe
[%SYSTEM%]\dlh9jkd1q6.exe
[%SYSTEM%]\dlh9jkd1q7.exe
[%SYSTEM%]\dlh9jkd1q8.exe
[%SYSTEM%]\dsuiexq.dll
[%SYSTEM%]\ma.exe.exe
[%PROFILE_TEMP%]\ixqlsxgh.exe
[%PROFILE_TEMP%]\ma1xdd1.game
[%SYSTEM%]\bofhn32.dll
[%SYSTEM%]\cubtzv32.dll
[%SYSTEM%]\hdefvz.sys
[%SYSTEM%]\kfejwmi.dll
[%SYSTEM%]\max1d641.exe
[%SYSTEM%]\qvx5gamet2.exe
[%SYSTEM%]\qvxga6met3.exe
[%SYSTEM%]\ufypth.dll
[%SYSTEM%]\usjbgwl.dll
[%PROFILE_TEMP%]\1.dllb
[%PROFILE_TEMP%]\2.dllb
[%PROFILE_TEMP%]\5.dllb
[%PROFILE_TEMP%]\6.dllb
[%PROFILE_TEMP%]\7.dllb
[%PROFILE_TEMP%]\qv3xt3.game
[%PROFILE_TEMP%]\qvxt34.game
[%PROFILE_TEMP%]\qvxt42.game
[%SYSTEM%]\dlh9jkd1q1.exe
[%SYSTEM%]\dlh9jkd1q2.exe
[%SYSTEM%]\dlh9jkd1q5.exe
[%SYSTEM%]\dlh9jkd1q6.exe
[%SYSTEM%]\dlh9jkd1q7.exe
[%SYSTEM%]\dlh9jkd1q8.exe
[%SYSTEM%]\dsuiexq.dll
[%SYSTEM%]\ma.exe.exe
[%PROFILE_TEMP%]\ixqlsxgh.exe
[%PROFILE_TEMP%]\ma1xdd1.game
[%SYSTEM%]\bofhn32.dll
[%SYSTEM%]\cubtzv32.dll
[%SYSTEM%]\hdefvz.sys
[%SYSTEM%]\kfejwmi.dll
[%SYSTEM%]\max1d641.exe
[%SYSTEM%]\qvx5gamet2.exe
[%SYSTEM%]\qvxga6met3.exe
[%SYSTEM%]\ufypth.dll
[%SYSTEM%]\usjbgwl.dll

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{00009E9F-DDD7-AA59-AA7D-AA4B7D6BE000}
HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304B60787}
HKEY_CURRENT_USER\software\adwaredisablekey4
HKEY_LOCAL_MACHINE\software\adwaredisablekey4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00009E9F-DDD7-AA59-AA7D-AA4B7D6BE000}
HKEY_CLASSES_ROOT\clsid\{2c1cd3d7-86ac-4068-93bc-a02304b60787}
HKEY_CLASSES_ROOT\clsid\{4f67b44e-7ba5-aef4-828e-074034113a82}
HKEY_CURRENT_USER\clsid\{f862b760-0a21-1033-0729-0529050001}
HKEY_CURRENT_USER\software\classes\clsid\{f862b760-0a21-1033-0729-0529050001}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4f67b44e-7ba5-aef4-828e-074034113a82}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\a3dxq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\a3dxq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\a3dxq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\a3dxq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\a3dxq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\a3dxq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys2freg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys2freg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys2freg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys2freg
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gb\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gb\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gb\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gb\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gb\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gb\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gb\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gb\0000\control
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_runtime\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_runtime\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_runtime\0000\control
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\example
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\example
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\example
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\example
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\example
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\parameters
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\parameters
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\parameters
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\parameters
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\security
HKEY_CURRENT_USER\clsid\{1862b760-0a21-1033-0729-0529050001}
HKEY_CURRENT_USER\clsid\{1862b760-0a21-1033-0729-0529050001}
HKEY_CURRENT_USER\clsid\{1862b760-0a21-1033-0729-0529050001}
HKEY_CURRENT_USER\software\classes\clsid\{1862b760-0a21-1033-0729-0529050001}
HKEY_CURRENT_USER\software\classes\clsid\{1862b760-0a21-1033-0729-0529050001}
HKEY_CURRENT_USER\software\classes\clsid\{1862b760-0a21-1033-0729-0529050001}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\a3dxq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\a3dxq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\a3dxq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\a3dxq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys2freg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys2freg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys2freg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys2freg
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\example
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\example
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\example
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\example
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\parameters
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\security
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\security

Removing TIBS:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at No comments:
Subscribe to: Posts (Atom)