Monday, November 17, 2008

BAT.SS Trojan

Removing BAT.SS
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

How to detect BAT.SS:

Folders:
[%PROGRAM_FILES%]\TS Trial

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing BAT.SS:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Rbot.aeu Worm
Remove Xdoor Backdoor
Remove System33r.Socks5 Trojan

Posted by at No comments:

MSN.Chat Spyware

Removing MSN.Chat
Categories: Spyware
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\Msn Chat Monitor & Snifferr.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\MSN Chat Monitor.lnk
[%DESKTOP%]\Msn Chat Monitor & Snifferr.lnk
[%DESKTOP%]\MSN Chat Monitor.lnk
[%DESKTOP%]\Msn Chat Monitor & Snifferr.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\MSN Chat Monitor.lnk
[%DESKTOP%]\Msn Chat Monitor & Snifferr.lnk
[%DESKTOP%]\MSN Chat Monitor.lnk

How to detect MSN.Chat:

Files:
[%DESKTOP%]\Msn Chat Monitor & Snifferr.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\MSN Chat Monitor.lnk
[%DESKTOP%]\Msn Chat Monitor & Snifferr.lnk
[%DESKTOP%]\MSN Chat Monitor.lnk
[%DESKTOP%]\Msn Chat Monitor & Snifferr.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\MSN Chat Monitor.lnk
[%DESKTOP%]\Msn Chat Monitor & Snifferr.lnk
[%DESKTOP%]\MSN Chat Monitor.lnk

Folders:
[%COMMON_PROGRAMS%]\MSN Chat Monitor
[%PROGRAM_FILES%]\AwinSoft
[%PROGRAM_FILES%]\MSN Chat Monitor
[%PROGRAMS%]\Msn Chat Monitor & Sniffer

Registry Keys:
HKEY_CURRENT_USER\software\msn chat monitor(im sniffer) v2.8.1120
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\msn chat monitor v2.8_is1
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\msn chat monitor
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\msn chat monitor & sniffer

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing MSN.Chat:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Ultimate.Fixer Ransomware Removal
Removing BackDoor.AED Trojan

Posted by at No comments:

Netzip Adware

Removing Netzip
Categories: Adware,Spyware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\setup3.2\nzdd.dll
[%SYSTEM%]\npnzdad.exe
[%PROFILE_TEMP%]\setup3.2\nzdd.dll
[%SYSTEM%]\npnzdad.exe

How to detect Netzip:

Files:
[%PROFILE_TEMP%]\setup3.2\nzdd.dll
[%SYSTEM%]\npnzdad.exe
[%PROFILE_TEMP%]\setup3.2\nzdd.dll
[%SYSTEM%]\npnzdad.exe

Folders:
[%PROGRAM_FILES%]\netzip download demon
[%PROGRAMS%]\netzip download demon

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{200ceb6f-cca5-11d0-9439-00609758e95a}
HKEY_CLASSES_ROOT\clsid\{d3b7d8e1-92db-11d2-8551-0060083cfb9c}
HKEY_CLASSES_ROOT\clsid\{ebcdda5e-2a68-11d3-8a43-0060083cfb9c}\implemented categories\{7dd95801-9882-11cf-9fa9-00aa006c42c4}
HKEY_CLASSES_ROOT\clsid\{ebcdda5e-2a68-11d3-8a43-0060083cfb9c}\implemented categories\{7dd95802-9882-11cf-9fa9-00aa006c42c4}
HKEY_CLASSES_ROOT\interface\{d3b7d8e2-92db-11d2-8551-0060083cfb9c}
HKEY_CLASSES_ROOT\interface\{ebcdda5f-2a68-11d3-8a43-0060083cfb9c}
HKEY_CLASSES_ROOT\typelib\{d3b7d8e0-92db-11d2-8551-0060083cfb9c}
HKEY_CLASSES_ROOT\interface\{e8dc9c4a-12bc-11d3-9720-00500460a552}

Registry Values:
HKEY_CLASSES_ROOT\interface\{ebcdda5d-2a68-11d3-8a43-0060083cfb9c}\typelib
HKEY_CLASSES_ROOT\mime\database\content type\application/x-cnet-vsl
HKEY_CLASSES_ROOT\clsid\{ebcdda60-2a68-11d3-8a43-0060083cfb9c}\inprocserver32
HKEY_CLASSES_ROOT\interface\{ebcdda5d-2a68-11d3-8a43-0060083cfb9c}\typelib
HKEY_CLASSES_ROOT\mime\database\content type\application/x-cnet-vsl
HKEY_CLASSES_ROOT\protocols\name-space handler\ftp\smartdownload
HKEY_CLASSES_ROOT\protocols\name-space handler\http\smartdownload
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\uninstall\netzip smartdownloader
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\uninstall\netzip smartdownloader
HKEY_CURRENT_USER\software\netscape\netscape navigator\automation protocols
HKEY_CURRENT_USER\software\netscape\netscape navigator\automation protocols
HKEY_CURRENT_USER\software\smartdownload
HKEY_CURRENT_USER\software\smartdownload\2.8\options
HKEY_CURRENT_USER\software\smartdownload\2.8\options
HKEY_CURRENT_USER\software\smartdownload\2.8\options
HKEY_CURRENT_USER\software\smartdownload\2.8\options
HKEY_CURRENT_USER\software\smartdownload\2.8\options
HKEY_CURRENT_USER\software\smartdownload\2.8\options
HKEY_CURRENT_USER\software\smartdownload\2.8\options\domains
HKEY_CURRENT_USER\software\smartdownload\2.8\options\domains
HKEY_CURRENT_USER\software\smartdownload\2.8\options\extensions

Removing Netzip:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
JamesBob Downloader Information
Remove Bonzo.exe Trojan

Posted by at No comments:

Delta.Remote.Access Backdoor

Removing Delta.Remote.Access
Categories: Backdoor,RAT,Hacker Tool
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.
Delta.Remote.Access Also known as:

[Kaspersky]Backdoor.DRA.a,Backdoor.DRA.b,Backdoor.DRA.c;
[McAfee]BackDoor-GO;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/DRA,Bck/Knight,Backdoor Program,Bck/DRAccess;
[Computer Associates]Win32.PSW.Dra.unp,Win32/Dra!PWS!Trojan,Backdoor/Knight,Win32.DeltaForever.B,Backdoor/Dras.C!Server
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\msdra32.exe
[%WINDOWS%]\msdra32.exe

How to detect Delta.Remote.Access:

Files:
[%WINDOWS%]\msdra32.exe
[%WINDOWS%]\msdra32.exe

Removing Delta.Remote.Access:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Win32.Agent.db Trojan Cleaner
Idyll Trojan Removal
Removing WebMail.Spy Spyware
Remove Bat.IRCFlood.Sheh32!Trojan Trojan
CDGluck Trojan Removal

Posted by at No comments:

Kollah Trojan

Removing Kollah
Categories: Trojan,Backdoor
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Kollah Also known as:

[Kaspersky]Trojan-Spy.Win32.Agent.pz,Trojan-Spy.Win32.Banker.cmb,Trojan-Spy.Win32.Banker.cmq,Trojan-Spy.Win32.Bancos.aam,Virus.Win32.Gpcode.ai,Trojan-Spy.Win32.Zbot.r,Packed.Win32.Tibs.dc,Trojan-Spy.Win32.Agent.amw,Trojan-Spy.Win32.Zbot.dy,Trojan-Spy.Win32.Zbot.fc,Trojan-Spy.Win32.Broker.an;
[McAfee]Spy-Agent.bw,New Malware.ci,GPcoder.h,PWS-Banker,Spy-Agent.cj.gen,PWS-Banker.gen.bw,New Malware.bj,PWS-Banker.gen.bz;
[F-Prot]W32/Banker.AEMT,W32/Backdoor.AJNO,W32/Bancos.AKWF,W32/new-malware!Maximus,W32/Backdoor.AJOD,W32/Trojan.BQCZ,W32/Trojan2.DMV,W32/Pws.XPG,W32/Internet-Trojan-patched-based!Maximu,W32/Backdoor.AHIO,W32/Backdoor.CARS,W32/Backdoor2.U,W32/Banker.AJOR,W32/Backdoor.AJOC,W32/Bancos.ALBC,W32/Banker.AZR,W32/Banker.AVJI;
[Other]Win32/Kollah.B,Backdoor.Trojan,Mal/Behav-010,Win32.Kollah.F,Win32.Kollah.L,Win32/Kollah.P,Infostealer.Banker.C,Trojan:Win32/Banker,Win32/Kollah.N,Trojan:Win32/Wsn,W32/Bancos.PSL,Win32/Kollah.T,Win32/Kollah.X,Win32/Kollah.AB,Backdoor:Win32/Kollah.D,TSPY_KOLLAH.F,TROJ-AGENT.UUA,Win32/Kollah.AH,W32/Bancos.QJG,W32/Gorhax.gen4,TROJ_AGENT.YTQ,Win32/Kollah.AN,W32/Banker.BKXP,TSPY_AGENT.POA,Troj/Banker-EED,Trojan-Spy.Win32.Banker.cmb,PWS:Win32/Zbot.W,W32/Tibs.AZXU,Mal/Behav-066,Win32/Kollah.BA,PWS:Win32/Bankrypt.gen,W32/Zbot.I,TSPY_BANKRYPT.N,Win32/Kollah.AU,Bakcdoor:Win32/Kollah.A,Win32/Kollah.AX,Backdoor:Win32/Kollah.A,W32/Smalltroj.BGOL,TROJ_DLOADER.GWF,W32/Smalltroj.BGXX,Win32/Kollah.AW,VirTool:Win32/DelfInject.gen!U,Win32/Kollah.BC,TSPY_BANKRYPT.X,Win32/Kollah.BK,Win32/Kollah.BD,W32/Zbot.T,Win32/Kollah.BF,Win32/Kollah.BE,W32/Zbot.W,Mal/Dropper-T,Win32/Kollah.BG,TrojanSpy:Win32/Bancos,Bancos.gen3,Mal/Behav-045,Win32/Kollah.BH,Downloader,Backdoor:Win32/Kollah.B,W32/Bancos.SCS,Win32/Kollah.BL,W32/Bancos.SBC,Win32/Kollah.BP,W32/Zbot.AJ,Mal/Zbot-A,Win32/Kollah.BM,Infostealer.Notos!gen,Win32/Kollah.BJ,Win32/Kollah.BR,W32/Zbot.AH
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\ntos.exe
[%SYSTEM%]\wsnpoem\audio.dll
[%SYSTEM%]\wsnpoem\video.dll
[%SYSTEM%]\ntos.exe
[%SYSTEM%]\wsnpoem\audio.dll
[%SYSTEM%]\wsnpoem\video.dll

How to detect Kollah:

Files:
[%SYSTEM%]\ntos.exe
[%SYSTEM%]\wsnpoem\audio.dll
[%SYSTEM%]\wsnpoem\video.dll
[%SYSTEM%]\ntos.exe
[%SYSTEM%]\wsnpoem\audio.dll
[%SYSTEM%]\wsnpoem\video.dll

Folders:
[%SYSTEM%]\wsnpoem

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\network
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\network
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\network
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\network
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\network
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\network
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\network
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\network
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\network
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\network
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\network
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\network
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\network
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\network
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\network
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\network
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\network
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\network
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Kollah:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
MPGcom BHO Information
SpyKeylogger Spyware Cleaner
Grad Hacker Tool Removal instruction

Posted by at No comments:

SillyDl.CFO Downloader

Removing SillyDl.CFO
Categories: Downloader
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
SillyDl.CFO Also known as:

[Kaspersky]Trojan-Downloader.Win32.Small.il;
[Other]WIn32/SillyDl.CFO
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\rocky2.exe
[%WINDOWS%]\rocky2.exe

How to detect SillyDl.CFO:

Files:
[%WINDOWS%]\rocky2.exe
[%WINDOWS%]\rocky2.exe

Removing SillyDl.CFO:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Vxidl.ASZ Trojan Removal
Virus.Ray Ransomware Removal instruction
AdsStore Adware Removal instruction
Ejmx BHO Information

Posted by at No comments:

siboco Trojan

Removing siboco
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
siboco Also known as:

[Eset]Win32/Small.I trojan;
[Panda]Trj/Siboco.A;
[Computer Associates]Win32.Siboco.A,Win32/Siboco.A!Trojan
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\msgked.exe
[%WINDOWS%]\system\msgked.exe
[%WINDOWS%]\temp\msgked.exe
[%SYSTEM%]\msgked.exe
[%WINDOWS%]\system\msgked.exe
[%WINDOWS%]\temp\msgked.exe

How to detect siboco:

Files:
[%SYSTEM%]\msgked.exe
[%WINDOWS%]\system\msgked.exe
[%WINDOWS%]\temp\msgked.exe
[%SYSTEM%]\msgked.exe
[%WINDOWS%]\system\msgked.exe
[%WINDOWS%]\temp\msgked.exe

Registry Values:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing siboco:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Hider Trojan Removal
power.spy Spyware Removal

Posted by at No comments:

DotCom Adware

Removing DotCom
Categories: Adware,Spyware,Hijacker,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.
DotCom Also known as:

[Kaspersky]TrojanClicker.Win32.DotComToolBar.b,TrojanClicker.Win32.DotComToolBar.c,TrojanClicker.Win32.DotComToolBar.d;
[Panda]Spyware/DCToolbar,Trojan Horse
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\data.dll
[%WINDOWS%]\redirect7.exe
[%WINDOWS%]\system\data.dll
[%SYSTEM%]\data.dll
[%WINDOWS%]\redirect7.exe
[%WINDOWS%]\system\data.dll

How to detect DotCom:

Files:
[%SYSTEM%]\data.dll
[%WINDOWS%]\redirect7.exe
[%WINDOWS%]\system\data.dll
[%SYSTEM%]\data.dll
[%WINDOWS%]\redirect7.exe
[%WINDOWS%]\system\data.dll

Registry Keys:
HKEY_LOCAL_MACHINE\software\classes\pugi.pugiobj
HKEY_LOCAL_MACHINE\software\classes\pugi.pugiobj.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{29dd1ea6-1fda-44a4-b083-c9900547bc48}
HKEY_LOCAL_MACHINE\software\classes\clsid\{fc2493d6-a673-49fe-a2ee-efe03e95c27c}
HKEY_LOCAL_MACHINE\software\classes\gorsdn.contextitem
HKEY_LOCAL_MACHINE\software\classes\gorsdn.contextitem.1
HKEY_LOCAL_MACHINE\software\classes\interface\{7c479d09-1280-41d2-945f-2377736b8cf7}
HKEY_LOCAL_MACHINE\software\classes\interface\{eaf2ccee-21a1-4203-9f36-4929fd104d43}
HKEY_LOCAL_MACHINE\software\classes\toolband.hits
HKEY_LOCAL_MACHINE\software\classes\toolband.hits.1
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5f1abcdb-a875-46c1-8345-b72a4567e483}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\dotcomtoolbardotcomtoolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\dotcomtoolbardotcomtoolbar
HKEY_CURRENT_USER\software\³Âª¹ÂµÃ Ã¹2
HKEY_CURRENT_USER\software\³Âª¹ÂµÃ Ã¹2
HKEY_CURRENT_USER\software\³Âª¹ÂµÃ Ã¹2\³Âª¹ÂµÃ Ã¹2
HKEY_CURRENT_USER\software\³Âª¹ÂµÃ Ã¹2\³Âª¹ÂµÃ Ã¹2
HKEY_CURRENT_USER\software\³Âª¹ÂµÃ Ã¹2\³Âª¹ÂµÃ Ã¹2
HKEY_CURRENT_USER\software\³Âª¹ÂµÃ Ã¹2\³Âª¹ÂµÃ Ã¹2
HKEY_CURRENT_USER\software\³Âª¹ÂµÃ Ã¹2\³Âª¹ÂµÃ Ã¹2
HKEY_CURRENT_USER\software\³Âª¹ÂµÃ Ã¹2\³Âª¹ÂµÃ Ã¹2
HKEY_CURRENT_USER\software\³Âª¹ÂµÃ Ã¹2\³Âª¹ÂµÃ Ã¹2
HKEY_CURRENT_USER\software\³Âª¹ÂµÃ Ã¹2\³Âª¹ÂµÃ Ã¹2
HKEY_CURRENT_USER\software\³Âª¹ÂµÃ Ã¹2\³Âª¹ÂµÃ Ã¹2
HKEY_CURRENT_USER\software\³Âª¹ÂµÃ Ã¹2\³Âª¹ÂµÃ Ã¹2
HKEY_CURRENT_USER\software\³Âª¹ÂµÃ Ã¹2\³Âª¹ÂµÃ Ã¹2
HKEY_CURRENT_USER\software\³Âª¹ÂµÃ Ã¹2\³Âª¹ÂµÃ Ã¹2
HKEY_CURRENT_USER\software\³Âª¹ÂµÃ Ã¹2\³Âª¹ÂµÃ Ã¹2
HKEY_CURRENT_USER\software\³Âª¹ÂµÃ Ã¹2\³Âª¹ÂµÃ Ã¹2
HKEY_CURRENT_USER\software\³Âª¹ÂµÃ Ã¹2\³Âª¹ÂµÃ Ã¹2
HKEY_CURRENT_USER\software\³Âª¹ÂµÃ Ã¹2\³Âª¹ÂµÃ Ã¹2
HKEY_CURRENT_USER\software\³Âª¹ÂµÃ Ã¹2\³Âª¹ÂµÃ Ã¹2
HKEY_CURRENT_USER\software\³Âª¹ÂµÃ Ã¹2\³Âª¹ÂµÃ Ã¹2
HKEY_CURRENT_USER\software\³Âª¹ÂµÃ Ã¹2\³Âª¹ÂµÃ Ã¹2
HKEY_CURRENT_USER\software\³Âª¹ÂµÃ Ã¹2\³Âª¹ÂµÃ Ã¹2
HKEY_CURRENT_USER\software\³Âª¹ÂµÃ Ã¹2\³Âª¹ÂµÃ Ã¹2
HKEY_CURRENT_USER\software\³Âª¹ÂµÃ Ã¹2\³Âª¹ÂµÃ Ã¹2
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\dotcomtoolbardotcomtoolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\dotcomtoolbardotcomtoolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\dotcomtoolbardotcomtoolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/conflict.1/toolbar_nieuw14.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/conflict.1/toolbar_nieuw14.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/toolbar_nieuw14.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/toolbar_nieuw14.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\dotcomtoolbardotcomtoolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\dotcomtoolbardotcomtoolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\³Âª¹ÂµÃ Ã¹2³Âª¹ÂµÃ Ã¹2
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\³Âª¹ÂµÃ Ã¹2³Âª¹ÂµÃ Ã¹2

Removing DotCom:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Easy.Keylogger.Free Spyware Removal
Nuke.Die.Die Trojan Cleaner
Remove TrojanDownloader.Win32.GoldenPalace Trojan

Posted by at No comments:

Dominador Backdoor

Removing Dominador
Categories: Backdoor,RAT
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\kernel32.exe
[%WINDOWS%]\system\kernel32.exe

How to detect Dominador:

Files:
[%WINDOWS%]\system\kernel32.exe
[%WINDOWS%]\system\kernel32.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing Dominador:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Look2Me Hijacker
Removing Small.atx Downloader

Posted by at No comments:

Generator Trojan

Removing Generator
Categories: Trojan,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.
Generator Also known as:

[Kaspersky]Constructor.WishMaster.10;
[McAfee]WishMaster.kit;
[F-Prot]virus construction tool;
[Panda]Constructor/WMTG
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\destripador.exe
[%DESKTOP%]\generador destripador v4.0.exe
[%DESKTOP%]\destripador.exe
[%DESKTOP%]\generador destripador v4.0.exe

How to detect Generator:

Files:
[%DESKTOP%]\destripador.exe
[%DESKTOP%]\generador destripador v4.0.exe
[%DESKTOP%]\destripador.exe
[%DESKTOP%]\generador destripador v4.0.exe

Removing Generator:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing CWS.DomPeek Hijacker
IKatzu.IE.App Adware Removal

Posted by at No comments:

Qhost.df Trojan

Removing Qhost.df
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\howiper.exe
[%SYSTEM%]\hclean32.exe
[%SYSTEM%]\hwiper.exe
[%SYSTEM%]\howiper.exe
[%SYSTEM%]\hclean32.exe
[%SYSTEM%]\hwiper.exe

How to detect Qhost.df:

Files:
[%SYSTEM%]\howiper.exe
[%SYSTEM%]\hclean32.exe
[%SYSTEM%]\hwiper.exe
[%SYSTEM%]\howiper.exe
[%SYSTEM%]\hclean32.exe
[%SYSTEM%]\hwiper.exe

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\ruins

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Qhost.df:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Pigeon.ABZ Trojan
GCDoor Trojan Symptoms
ClickSpring.PSHope Adware Symptoms
Lineage.ACC Trojan Symptoms

Posted by at No comments:

NavExcel Adware

Removing NavExcel
Categories: Adware,BHO,Hijacker,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
NavExcel Also known as:

[Panda]Adware/NavHelper,Spyware/CommonName
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\temp.fr????\NavHelper\v2.0.4b\NHelper.htm
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.2\NHelper.htm
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.4c\NHelper.htm
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.4c\NHUninstaller.exe
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.4c\NHUpdater.exe
[%SYSTEM%]\NaviHelper.dll
[%WINDOWS%]\nxstinst.exe
[%SYSTEM%]\nhelper.dll
[%WINDOWS%]\system\nhelper.dll
[%PROFILE_TEMP%]\temp.fr????\NavHelper\v2.0.4b\NHelper.htm
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.2\NHelper.htm
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.4c\NHelper.htm
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.4c\NHUninstaller.exe
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.4c\NHUpdater.exe
[%SYSTEM%]\NaviHelper.dll
[%WINDOWS%]\nxstinst.exe
[%SYSTEM%]\nhelper.dll
[%WINDOWS%]\system\nhelper.dll

How to detect NavExcel:

Files:
[%PROFILE_TEMP%]\temp.fr????\NavHelper\v2.0.4b\NHelper.htm
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.2\NHelper.htm
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.4c\NHelper.htm
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.4c\NHUninstaller.exe
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.4c\NHUpdater.exe
[%SYSTEM%]\NaviHelper.dll
[%WINDOWS%]\nxstinst.exe
[%SYSTEM%]\nhelper.dll
[%WINDOWS%]\system\nhelper.dll
[%PROFILE_TEMP%]\temp.fr????\NavHelper\v2.0.4b\NHelper.htm
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.2\NHelper.htm
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.4c\NHelper.htm
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.4c\NHUninstaller.exe
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.4c\NHUpdater.exe
[%SYSTEM%]\NaviHelper.dll
[%WINDOWS%]\nxstinst.exe
[%SYSTEM%]\nhelper.dll
[%WINDOWS%]\system\nhelper.dll

Folders:
[%PROGRAM_FILES%]\navexcel
[%PROGRAM_FILES%]\nh

Registry Keys:
HKEY_CLASSES_ROOT\appid\nhelper.dll
HKEY_CLASSES_ROOT\clsid\{c1e58a84-95b3-4630-b8c2-d06b77b7a0fc}
HKEY_CLASSES_ROOT\navexcel.navhelper
HKEY_CLASSES_ROOT\navexcel.navhelper.1
HKEY_CLASSES_ROOT\typelib\{fa4de133-d3c3-4ed4-92d1-cd4dde839ab3}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{c1e58a84-95b3-4630-b8c2-d06b77b7a0fc}
HKEY_LOCAL_MACHINE\software\classes\clsid\{c1e58a84-95b3-4630-b8c2-d06b77b7a0fc}
HKEY_LOCAL_MACHINE\software\classes\interface\{20f36af3-3486-4bb6-8bcb-f1f8abe74d07}
HKEY_LOCAL_MACHINE\software\classes\typelib\{fa4de133-d3c3-4ed4-92d1-cd4dde839ab3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\navhelper
HKEY_LOCAL_MACHINE\software\navexcel
HKEY_CLASSES_ROOT\clsid\{b5ef836b-7582-4d82-9246-17f6c40ddf0f}
HKEY_CLASSES_ROOT\clsid\{c1e58a84-95b3-4630-b8c2-d06b77b7a0fc} appid {710bcb5b-8c6c-483e-a4f5-faf083b13184}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{c1e58a84-95b3-4630-b8c2-d06b77b7a0fc}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\navcab
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c1e58a84-95b3-4630-b8c2-d06b77b7a0fc}

Registry Values:
HKEY_LOCAL_MACHINE\software\classes\appid\nhelper.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\classes\appid\nhelper.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/conflict.1/navinst2.ocx
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/conflict.1/navinst2.ocx
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/conflict.2/navinst2.ocx
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/conflict.2/navinst2.ocx
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/conflict.4/navinst2.ocx
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/conflict.4/navinst2.ocx
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/navinst2.ocx
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/navinst2.ocx
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls

Removing NavExcel:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Backdoor.Progent.11!DLL Trojan Removal
Free.Community BHO Information
Win32.Nuker.NuKe Trojan Removal

Posted by at No comments:

Little.Busters Backdoor

Removing Little.Busters
Categories: Backdoor,RAT
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
Little.Busters Also known as:

[Kaspersky]Backdoor.LittleBusters.210,Backdoor.L-Buster;
[McAfee]BackDoor-DZ;
[F-Prot]security risk or a "backdoor" program;
[Panda]Backdoor Program,Bck/LittleBusters,Bck/L-Buster;
[Computer Associates]Backdoor/LittleBusters.2.1.0,Backdoor/L-Buster_Client
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\win32.dii
[%WINDOWS%]\system\win32.dii

How to detect Little.Busters:

Files:
[%WINDOWS%]\system\win32.dii
[%WINDOWS%]\system\win32.dii

Registry Keys:
HKEY_CLASSES_ROOT\diifile\shell\open\command
HKEY_LOCAL_MACHINE\software\littlebusters

Removing Little.Busters:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Win32.Agent.NGH Trojan Removal

Posted by at No comments:

Advanced.KEYLOGGER Spyware

Removing Advanced.KEYLOGGER
Categories: Spyware
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\TMLib.dll
[%WINDOWS%]\ddemal.bin
[%WINDOWS%]\system\msidllsi.dat
[%WINDOWS%]\tm-log.log
[%SYSTEM%]\TMUtils.dll
[%WINDOWS%]\ddemal32.bin
[%SYSTEM%]\TMLib.dll
[%WINDOWS%]\ddemal.bin
[%WINDOWS%]\system\msidllsi.dat
[%WINDOWS%]\tm-log.log
[%SYSTEM%]\TMUtils.dll
[%WINDOWS%]\ddemal32.bin

How to detect Advanced.KEYLOGGER:

Files:
[%SYSTEM%]\TMLib.dll
[%WINDOWS%]\ddemal.bin
[%WINDOWS%]\system\msidllsi.dat
[%WINDOWS%]\tm-log.log
[%SYSTEM%]\TMUtils.dll
[%WINDOWS%]\ddemal32.bin
[%SYSTEM%]\TMLib.dll
[%WINDOWS%]\ddemal.bin
[%WINDOWS%]\system\msidllsi.dat
[%WINDOWS%]\tm-log.log
[%SYSTEM%]\TMUtils.dll
[%WINDOWS%]\ddemal32.bin

Folders:
[%WINDOWS%]\idde

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{dee6806c-fb33-d04c-e1c6-8da9b2204850}
HKEY_LOCAL_MACHINE\software\microsoft\idde
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\svchost

Removing Advanced.KEYLOGGER:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bagle.gen Trojan Cleaner

Posted by at No comments:

Small.aph Downloader

Removing Small.aph
Categories: Downloader
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

How to detect Small.aph:

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings
HKEY_CURRENT_USER\software\microsoft\windows\currentversion
HKEY_CURRENT_USER\software\microsoft\windows\currentversion
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings

Removing Small.aph:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
BlazeFind Adware Removal instruction
Insurrection Trojan Cleaner
Remove GaduGadu Trojan
Removing Other Downloader
BreakSpyware Ransomware Symptoms

Posted by at No comments:

00[Sub]7 Trojan

Removing 00[Sub]7
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

How to detect 00[Sub]7:

Registry Keys:
HKEY_CLASSES_ROOT\searchw\ord.searchhelp.1

Removing 00[Sub]7:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Italian.Soccer.Wallpaper Adware Information
Removing Vienna.Twer Trojan
Win32.Nuker.NuKe Trojan Removal
Listolf Trojan Removal
Barbare RAT Information

Posted by at No comments:

Awola.AntiSpyware Ransomware

Removing Awola.AntiSpyware
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe software that encrypts the data
belonging to an individual on a computer, demanding a ransom for its restoration.
Although the field known as cryptovirology predates the term "ransomware".

How to detect Awola.AntiSpyware:

Folders:
[%APPDATA%]\Awola
[%PROGRAMS%]\Awola

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing Awola.AntiSpyware:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
TX Adware Cleaner
Removing StartPage.hb Hijacker
Webbulion Adware Cleaner
Remove YapBrowser Adware

Posted by at No comments:

Sherlock.Keylogger Spyware

Removing Sherlock.Keylogger
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\Sherlock.exe
[%SYSTEM%]\Sherlock.exe

How to detect Sherlock.Keylogger:

Files:
[%SYSTEM%]\Sherlock.exe
[%SYSTEM%]\Sherlock.exe

Folders:
[%PROGRAMS%]\Sherlock Configuration
[%PROGRAM_FILES%]\Sherlock Configuration

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\sherlockconfiguration.exe

Removing Sherlock.Keylogger:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Vxidl.AMP Trojan

Posted by at No comments:

Lookup.Chgrgs BHO

Removing Lookup.Chgrgs
Categories: BHO,Hijacker
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
A Search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\chgrgs.dll
[%WINDOWS%]\system\chgrgs.dll
[%SYSTEM%]\chgrgs.dll
[%WINDOWS%]\system\chgrgs.dll

How to detect Lookup.Chgrgs:

Files:
[%SYSTEM%]\chgrgs.dll
[%WINDOWS%]\system\chgrgs.dll
[%SYSTEM%]\chgrgs.dll
[%WINDOWS%]\system\chgrgs.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{35cc7369-c6eb-4a64-ab05-44cf0b5087a0}
HKEY_CLASSES_ROOT\clsid\{c82b55f0-60e0-478c-bc55-e4e22f11301d}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{35cc7369-c6eb-4a64-ab05-44cf0b5087a0}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{c82b55f0-60e0-478c-bc55-e4e22f11301d}
HKEY_LOCAL_MACHINE\software\classes\clsid\{35cc7369-c6eb-4a64-ab05-44cf0b5087a0}
HKEY_LOCAL_MACHINE\software\classes\clsid\{c82b55f0-60e0-478c-bc55-e4e22f11301d}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{35cc7369-c6eb-4a64-ab05-44cf0b5087a0}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c82b55f0-60e0-478c-bc55-e4e22f11301d}

Removing Lookup.Chgrgs:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Holica Downloader Removal instruction
Chakameg Trojan Removal instruction

Posted by at No comments:

NewAds Adware

Removing NewAds
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\BattyRun.dll
[%SYSTEM%]\BattyRun.dll

How to detect NewAds:

Files:
[%SYSTEM%]\BattyRun.dll
[%SYSTEM%]\BattyRun.dll

Folders:
[%PROGRAM_FILES%]\batty
[%PROGRAM_FILES%]\AdSponsor
[%PROGRAM_FILES%]\Exolon
[%PROGRAM_FILES%]\PSupport

Registry Keys:
HKEY_CLASSES_ROOT\adband.bandbho
HKEY_CLASSES_ROOT\adband.bandbho.1
HKEY_CLASSES_ROOT\adband.bandimpl
HKEY_CLASSES_ROOT\adband.bandimpl.1
HKEY_CLASSES_ROOT\appid\adband.dll
HKEY_CLASSES_ROOT\appid\{36946a0a-05a1-4cf7-934b-270571338e55}
HKEY_CLASSES_ROOT\typelib\{1b8b502e-455b-4022-be27-736d9f808a18}
HKEY_CLASSES_ROOT\typelib\{d5599fae-28aa-4c2b-a29c-6c0cd5b245aa}
HKEY_CLASSES_ROOT\clsid\{04dcb17c-ab45-83ad-a86a-6dfb90277939}
HKEY_CLASSES_ROOT\clsid\{2bc9c452-bb57-4896-a9a2-64611e06c5aa}
HKEY_CLASSES_ROOT\clsid\{6ca1c00b-90fc-4f3e-911f-95306aba43aa}
HKEY_CLASSES_ROOT\clsid\{994d478a-45d0-4db4-ae28-738b1e346f99}
HKEY_CURRENT_USER\software\adsponsor
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{04dcb17c-ab45-83ad-a86a-6dfb90277939}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{6ca1c00b-90fc-4f3e-911f-95306aba43aa}
HKEY_CURRENT_USER\software\padsysassistant
HKEY_CURRENT_USER\software\psupport
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\explorer bars\{2bc9c452-bb57-4896-a9a2-64611e06c5aa}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{04dcb17c-ab45-83ad-a86a-6dfb90277939}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6ca1c00b-90fc-4f3e-911f-95306aba43aa}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\adsponsor

Registry Values:
HKEY_CLASSES_ROOT\protocols\filter\text/html

Removing NewAds:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove ICQ.House Trojan
Tiny.DI.Grower Trojan Information
Removing Keylogger.King Spyware

Posted by at No comments:

Need2Find Adware

Removing Need2Find
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\Need2Find\bar\1.bin\ND2FNBAR.DLL
[%PROGRAM_FILES%]\Need2Find\bar\1.bin\ND2FNBAR.DLL

How to detect Need2Find:

Files:
[%PROGRAM_FILES%]\Need2Find\bar\1.bin\ND2FNBAR.DLL
[%PROGRAM_FILES%]\Need2Find\bar\1.bin\ND2FNBAR.DLL

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\clsid\{630d6140-04c5-4db0-b27a-020d766ff09b}
HKEY_CLASSES_ROOT\need2findbar.settingsplugin
HKEY_CLASSES_ROOT\need2findbar.settingsplugin.1
HKEY_CLASSES_ROOT\need2findbar.toolbarplugin
HKEY_CLASSES_ROOT\need2findbar.toolbarplugin.1
HKEY_CLASSES_ROOT\clsid\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\need2findbar uninstall
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\need2findbar uninstall
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\need2findbar uninstall
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\need2findbar uninstall
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\need2findbar uninstall
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\need2findbar uninstall

Removing Need2Find:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Reload Backdoor
Windows Safety Alert Trojan Removal
Puper.dll.gen Trojan Information
TrojanDropper.Win32.Siboco Trojan Removal

Posted by at No comments:

Amitis Trojan

Removing Amitis
Categories: Trojan,Backdoor,RAT,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.
Amitis Also known as:

[Kaspersky]Backdoor.Amitis.11,Backdoor.Amitis.11.a,Backdoor.Amitis.12,Backdoor.Amitis.13,Backdoor.Amitis.143,Backdoor.Win32.Amitis.143;
[Eset]Win32/Amitis.11 trojan,Win32/Amitis.12 trojan,Win32/Amitis.13 trojan,Win32/Amitis.143.B trojan;
[McAfee]BackDoor-AKZ,MultiDropper.cfg,BackDoor-AKZ.gen;
[F-Prot]security risk or a "backdoor" program,destructive program;
[Panda]Bck/Amitis.11,Bck/Amitis.12,Bck/Amitis.12.esvr,Bck/Amitis.12.scr,Bck/Amitis.12.svr,Backdoor Program,Bck/Amitis.13,Bck/Amitis.A,Bck/Amitis.E,Constructor/Amitis.A,Trojan Horse;
[Computer Associates]Backdoor/Amitis.1_2!Server,Win32.Amitis.12,Backdoor/Amitis.13.Server,Backdoor/Amitis_Server_family,Win32.Amitis.13,Backdoor/Amitis.143b.Server
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\kernel32.dli
[%WINDOWS%]\system\kernel32.dli

How to detect Amitis:

Files:
[%WINDOWS%]\system\kernel32.dli
[%WINDOWS%]\system\kernel32.dli

Registry Keys:
HKEY_CLASSES_ROOT\.dli
HKEY_CLASSES_ROOT\dlifile\shell\open\command

Removing Amitis:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Banworm Worm Cleaner
Removing Delf.GEN Trojan
CWS.EHTTP Hijacker Removal
CWS.Searchx Hijacker Information
Remove VBS.Generator.50b Worm

Posted by at No comments:

NeoSpy Ransomware

Removing NeoSpy
Categories: Ransomware
The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.
Visible Symptoms:
Files in system folders:
[%PROFILE%]\Desktop\NeoSpy.lnk
[%PROFILE_TEMP%]\INMEM000.REM
[%PROFILE%]\Desktop\NeoSpy.lnk
[%PROFILE_TEMP%]\INMEM000.REM

How to detect NeoSpy:

Files:
[%PROFILE%]\Desktop\NeoSpy.lnk
[%PROFILE_TEMP%]\INMEM000.REM
[%PROFILE%]\Desktop\NeoSpy.lnk
[%PROFILE_TEMP%]\INMEM000.REM

Folders:
[%PROFILE%]\Start Menu\Programs\NeoSpy
[%PROFILE_TEMP%]\RarSFX0
[%PROGRAM_FILES%]\NeoSpy

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{38ea2037-19a5-4da3-8944-9c1eb0db164f}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\neospy.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\neospy

Removing NeoSpy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
NetSource101 Hijacker Information

Posted by at No comments:

HaczYK Adware

Removing HaczYK
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

How to detect HaczYK:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing HaczYK:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SearchingAll Adware Removal instruction
WM.Daniel Trojan Removal
AxFreeAccess Adware Removal instruction

Posted by at No comments:

Death Trojan

Removing Death
Categories: Trojan,Spyware,Backdoor,RAT,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.
Death Also known as:

[Kaspersky]Backdoor.Death.25.h;
[Eset]Win32/Death.24.B trojan,Win32/Death.26 trojan,Win32/Death.26.A trojan,Win32/Spy.LD.25 trojan,Win32/Death.25.A trojan,Win32/Death.24.D trojan;
[Panda]Bck/Death.24.B,Bck/Death.26,Bck/Death.25,Trj/DskEraser.11;
[Computer Associates]Backdoor/Death.24_B,Backdoor/Death_Server_family,Win32.Death.25.A,Win32.Death.25.B,Win32.Death.26.K,Win32/Death.K.Trojan,Backdoor/Death.26!Server,Backdoor/Death.26.DLL,Win32.Death.26.A,Win32.Death.26.B,Win32.Death.25.E,Win32/Spy.LD.25.Trojan,Backdoor/Death.25.G,Death.A!Trojan,Win32.Death.26.G/H,Win32/PWS.Death.26.A.Trojan
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\asmfiles.cab
[%PROFILE_TEMP%]\cd_clint.dll
[%PROFILE_TEMP%]\vg.dat
[%PROFILE_TEMP%]\__unin__.exe
[%SYSTEM%]\icsxml\vg.dat
[%SYSTEM%]\vg.dat
[%WINDOWS%]\cdmxtras\uninst.exe
[%WINDOWS%]\system\cfgh.ini
[%WINDOWS%]\system\pdx.dll
[%WINDOWS%]\system\pdx32.sys
[%WINDOWS%]\system\snowx.ini
[%WINDOWS%]\system\tage32.sys
[%PROFILE_TEMP%]\asmfiles.cab
[%PROFILE_TEMP%]\cd_clint.dll
[%PROFILE_TEMP%]\vg.dat
[%PROFILE_TEMP%]\__unin__.exe
[%SYSTEM%]\icsxml\vg.dat
[%SYSTEM%]\vg.dat
[%WINDOWS%]\cdmxtras\uninst.exe
[%WINDOWS%]\system\cfgh.ini
[%WINDOWS%]\system\pdx.dll
[%WINDOWS%]\system\pdx32.sys
[%WINDOWS%]\system\snowx.ini
[%WINDOWS%]\system\tage32.sys

How to detect Death:

Files:
[%PROFILE_TEMP%]\asmfiles.cab
[%PROFILE_TEMP%]\cd_clint.dll
[%PROFILE_TEMP%]\vg.dat
[%PROFILE_TEMP%]\__unin__.exe
[%SYSTEM%]\icsxml\vg.dat
[%SYSTEM%]\vg.dat
[%WINDOWS%]\cdmxtras\uninst.exe
[%WINDOWS%]\system\cfgh.ini
[%WINDOWS%]\system\pdx.dll
[%WINDOWS%]\system\pdx32.sys
[%WINDOWS%]\system\snowx.ini
[%WINDOWS%]\system\tage32.sys
[%PROFILE_TEMP%]\asmfiles.cab
[%PROFILE_TEMP%]\cd_clint.dll
[%PROFILE_TEMP%]\vg.dat
[%PROFILE_TEMP%]\__unin__.exe
[%SYSTEM%]\icsxml\vg.dat
[%SYSTEM%]\vg.dat
[%WINDOWS%]\cdmxtras\uninst.exe
[%WINDOWS%]\system\cfgh.ini
[%WINDOWS%]\system\pdx.dll
[%WINDOWS%]\system\pdx32.sys
[%WINDOWS%]\system\snowx.ini
[%WINDOWS%]\system\tage32.sys

Folders:
[%SYSTEM%]\adcache
[%SYSTEM%]\roodyc

Registry Keys:
HKEY_CLASSES_ROOT\adm25.adm25
HKEY_CLASSES_ROOT\adm25.adm25.1
HKEY_CLASSES_ROOT\appid\adm.exe
HKEY_CLASSES_ROOT\appid\altnet signing module.exe
HKEY_CLASSES_ROOT\clsid\{1d3bce37-7834-4579-8169-e67681420a98}
HKEY_CLASSES_ROOT\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}
HKEY_CLASSES_ROOT\clsid\{c15b7ea2-a360-43e8-a591-5faedc7c4e1d}
HKEY_CLASSES_ROOT\clsid\{def37997-d9c9-4a4b-bf3c-88f99eaceec2}
HKEY_CLASSES_ROOT\clsid\{e813099d-5529-47f4-9b37-4afafcb00a43}
HKEY_CLASSES_ROOT\interface\{258a3625-183b-4477-aee2-ea54df6d878d}
HKEY_CLASSES_ROOT\interface\{29e825aa-13bc-457c-806a-d72e4a25b3c5}
HKEY_CLASSES_ROOT\interface\{9d4548ce-92fd-4c6c-ae7f-3dbe3bc763d8}
HKEY_CLASSES_ROOT\interface\{ad5bc1f0-72d8-44b3-8e3d-8e8fecce43fb}
HKEY_CLASSES_ROOT\interface\{e79dadc6-18d0-4a2a-831f-d196d41f8438}
HKEY_CLASSES_ROOT\interface\{e813099d-5529-47f4-9b37-4afafcb00a43}
HKEY_LOCAL_MACHINE\software\altnet
HKEY_LOCAL_MACHINE\software\classes\clsid\{1d3bce37-7834-4579-8169-e67681420a98}
HKEY_LOCAL_MACHINE\software\classes\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}
HKEY_LOCAL_MACHINE\software\classes\clsid\{c15b7ea2-a360-43e8-a591-5faedc7c4e1d}
HKEY_LOCAL_MACHINE\software\classes\clsid\{def37997-d9c9-4a4b-bf3c-88f99eaceec2}
HKEY_LOCAL_MACHINE\software\classes\clsid\{e813099d-5529-47f4-9b37-4afafcb00a43}
HKEY_LOCAL_MACHINE\software\classes\interface\{16097036-894c-4c00-a61f-93ca0d49a70e}
HKEY_LOCAL_MACHINE\software\classes\interface\{1b540d44-3f61-4394-ae30-25fdc3649405}
HKEY_LOCAL_MACHINE\software\classes\interface\{258a3625-183b-4477-aee2-ea54df6d878d}
HKEY_LOCAL_MACHINE\software\classes\interface\{29e825aa-13bc-457c-806a-d72e4a25b3c5}
HKEY_LOCAL_MACHINE\software\classes\interface\{2ed5af98-9258-45ba-b79b-06625c92f662}
HKEY_LOCAL_MACHINE\software\classes\interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd}
HKEY_LOCAL_MACHINE\software\classes\interface\{9d4548ce-92fd-4c6c-ae7f-3dbe3bc763d8}
HKEY_LOCAL_MACHINE\software\classes\interface\{ad5bc1f0-72d8-44b3-8e3d-8e8fecce43fb}
HKEY_LOCAL_MACHINE\software\classes\interface\{ce9b37ec-d243-47a2-83db-3a8350175193}
HKEY_LOCAL_MACHINE\software\classes\interface\{d273d427-57c6-4b12-860f-bbb8195f6e2a}
HKEY_LOCAL_MACHINE\software\classes\interface\{e79dadc6-18d0-4a2a-831f-d196d41f8438}
HKEY_LOCAL_MACHINE\software\classes\interface\{e813099d-5529-47f4-9b37-4afafcb00a43}
HKEY_LOCAL_MACHINE\software\classes\interface\{fd42f6d3-7ab1-470c-979b-7996edc99099}

Removing Death:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Lodis Trojan Symptoms
TrojanClicker.Win32.Agent Trojan Cleaner
Removing ClickTheButton Adware
SillyDl.BBY Trojan Symptoms
Glenwiry Trojan Information

Posted by at No comments:

Email.Spy.Monitor Spyware

Removing Email.Spy.Monitor
Categories: Spyware
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\adsnwe.exe
[%SYSTEM%]\adsnwe.exe

How to detect Email.Spy.Monitor:

Files:
[%SYSTEM%]\adsnwe.exe
[%SYSTEM%]\adsnwe.exe

Folders:
[%PROGRAM_FILES%]\EMLCS

Registry Keys:
HKEY_CLASSES_ROOT\chilkat.email2
HKEY_CLASSES_ROOT\chilkat.email2.1
HKEY_CLASSES_ROOT\chilkat.emailbundle2
HKEY_CLASSES_ROOT\chilkat.emailbundle2.1
HKEY_CLASSES_ROOT\chilkat.mailman2
HKEY_CLASSES_ROOT\chilkat.mailman2.1
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemail2
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemail2.1
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemailbundle2
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemailbundle2.1
HKEY_CLASSES_ROOT\chilkatmail2.chilkatmailman2
HKEY_CLASSES_ROOT\chilkatmail2.chilkatmailman2.1
HKEY_CLASSES_ROOT\clsid\{5883ca7c-b619-45c9-8e5d-dd6f7ea91785}
HKEY_CLASSES_ROOT\clsid\{a4643a87-99a0-4404-9bc5-2322bdd61637}
HKEY_CLASSES_ROOT\clsid\{a46e5261-9956-4767-88ca-dfced050d09e}
HKEY_CLASSES_ROOT\clsid\{a7ec2cd3-9941-4fd4-9d01-105dc16a4313}
HKEY_CLASSES_ROOT\interface\{06544919-f559-4ae5-9001-f903bd8a84e6}
HKEY_CLASSES_ROOT\interface\{51a0888c-9970-44de-8c2c-835ba870d06f}
HKEY_CLASSES_ROOT\interface\{5acae4b8-62d9-4124-a58a-9b1258b77e99}
HKEY_CLASSES_ROOT\interface\{7d37ded8-1945-4e42-a3fd-b9620e0ad8e3}
HKEY_CLASSES_ROOT\interface\{c4c23b78-db98-444c-b601-dcac6ebbec54}
HKEY_CLASSES_ROOT\interface\{ccb7fb40-99ec-4678-9202-52798da78aba}
HKEY_CLASSES_ROOT\interface\{d12fb216-99da-4eb3-9cc0-c0f760b174a0}
HKEY_CLASSES_ROOT\interface\{d56c1af1-3fde-471c-9bc2-c52515f260c1}
HKEY_CLASSES_ROOT\interface\{e656b867-992c-4462-a27d-ebe604ec3a48}
HKEY_CLASSES_ROOT\interface\{fc279bc4-9e6e-4999-93e2-3ae39cce2927}
HKEY_CLASSES_ROOT\mapiprop.mapipropwrapper
HKEY_CLASSES_ROOT\typelib\{1df3afed-99e0-4474-9900-954b8fd24e86}
HKEY_CLASSES_ROOT\typelib\{64debe33-c381-465b-a707-3f56c5b93470}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\email spy monitor_is1

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Email.Spy.Monitor:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
PolyEngine.Win32.EXPO Trojan Information

Posted by at No comments:

Adware.BrowserAid BHO

Removing Adware.BrowserAid
Categories: BHO,Toolbar,Downloader
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.
Trojans-downloaders downloads and installs new malware or adware on the computer.

Adware.BrowserAid Also known as:

[Kaspersky]TrojanDownloader.Win32.Braidupdate.c;
[McAfee]Adware-BrowserAid;
[Panda]Adware/BrowserAid
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\rundll16.exe
[%SYSTEM%]\rundll16.dll
[%WINDOWS%]\rundll16.dll
[%WINDOWS%]\system\rundll16.dll
[%WINDOWS%]\uptodate.exe
[%WINDOWS%]\rundll16.exe
[%SYSTEM%]\rundll16.dll
[%WINDOWS%]\rundll16.dll
[%WINDOWS%]\system\rundll16.dll
[%WINDOWS%]\uptodate.exe

How to detect Adware.BrowserAid:

Files:
[%WINDOWS%]\rundll16.exe
[%SYSTEM%]\rundll16.dll
[%WINDOWS%]\rundll16.dll
[%WINDOWS%]\system\rundll16.dll
[%WINDOWS%]\uptodate.exe
[%WINDOWS%]\rundll16.exe
[%SYSTEM%]\rundll16.dll
[%WINDOWS%]\rundll16.dll
[%WINDOWS%]\system\rundll16.dll
[%WINDOWS%]\uptodate.exe

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{85c2c2a1-3f20-4ead-adc3-bd3217391543}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{80672997-d58c-4190-9843-c6c61af8fe97}
HKEY_CLASSES_ROOT\typelib\{80672997-d58c-4190-9843-c6c61af8fe97}
HKEY_LOCAL_MACHINE\software\classes\clsid\{80672997-d58c-4190-9843-c6c61af8fe97}
HKEY_LOCAL_MACHINE\software\classes\clsid\{85c2c2a1-3f20-4ead-adc3-bd3217391543}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Adware.BrowserAid:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Osmosis RAT
Remove Zlob.Fam.Video ActiveX Object Trojan
NetZero Trojan Removal instruction
ScreenView RAT Symptoms
WM.Daniel Trojan Cleaner

Posted by at No comments:

KidLogger Spyware

Removing KidLogger
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.

How to detect KidLogger:

Folders:
[%PROGRAM_FILES%]\Teslain KidLogger
[%PROGRAM_FILES%]\KidLogger

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\teslain kidlogger_is1

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices

Removing KidLogger:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Pigeon.AVFW Trojan
Benuti Trojan Information
BDPlugin BHO Removal instruction
Mayaten Trojan Symptoms

Posted by at No comments:

SpyBan Trojan

Removing SpyBan
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\spyban\spyban.exe
[%PROGRAM_FILES%]\spyban\spyban.exe

How to detect SpyBan:

Files:
[%PROGRAM_FILES%]\spyban\spyban.exe
[%PROGRAM_FILES%]\spyban\spyban.exe

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing SpyBan:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Windows.Family.Safety Spyware Cleaner
UpMedia Adware Removal instruction
pe386 Rootkit Symptoms
ClearSearch Adware Removal

Posted by at No comments:

Loli Trojan

Removing Loli
Categories: Trojan,Downloader
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
Loli Also known as:

[Panda]Trojan Horse,Trj/Lolaweb.A,Trj/Downloader.BY,Trj/Tray.A;
[Computer Associates]Win32.Loli.F,Win32/Loli.F!Trojan,Win32.Loli.G,Win32/Lolita.C!Trojan,Win32.Loli!downloader,Win32/Lolita.C!Downloader,Win32.Loli.A,Win32/Lolita.E!Trojan
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\wintt.exe
[%WINDOWS%]\wintt.exe

How to detect Loli:

Files:
[%WINDOWS%]\wintt.exe
[%WINDOWS%]\wintt.exe

Removing Loli:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Riviera.Gold.Casino Adware Information
UPC Trojan Symptoms

Posted by at No comments:

Claria.Weatherscope Adware

Removing Claria.Weatherscope
Categories: Adware,Spyware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\weatherscopesetup.exe
[%STARTUP%]\weatherscope.lnk
[%WINDOWS%]\downloaded program files\iegator4127.dll
[%PROFILE_TEMP%]\weatherscopesetup.exe
[%STARTUP%]\weatherscope.lnk
[%WINDOWS%]\downloaded program files\iegator4127.dll

How to detect Claria.Weatherscope:

Files:
[%PROFILE_TEMP%]\weatherscopesetup.exe
[%STARTUP%]\weatherscope.lnk
[%WINDOWS%]\downloaded program files\iegator4127.dll
[%PROFILE_TEMP%]\weatherscopesetup.exe
[%STARTUP%]\weatherscope.lnk
[%WINDOWS%]\downloaded program files\iegator4127.dll

Folders:
[%PROGRAMS%]\weatherscope
[%PROGRAM_FILES%]\weatherscope
[%PROGRAM_FILES_COMMON%]\prtdbfnn

Registry Keys:
HKEY_CLASSES_ROOT\appid\hungryhands.dll
HKEY_CLASSES_ROOT\appid\{03f8822f-8877-4002-8bcd-b532d53d8471}
HKEY_CLASSES_ROOT\clsid\{bcf96fb4-5f1b-497b-aecc-910304a55011}
HKEY_CLASSES_ROOT\hungryhands.hungrybho
HKEY_CLASSES_ROOT\hungryhands.hungrybho.1
HKEY_CLASSES_ROOT\interface\{f8fb4ea2-6c05-4de5-8cd0-625b03f48e22}
HKEY_CLASSES_ROOT\typelib\{03f8822f-8877-4002-8bcd-b532d53d8471}
HKEY_LOCAL_MACHINE\software\classes\clsid\{bcf96fb4-5f1b-497b-aecc-910304a55011}
HKEY_LOCAL_MACHINE\software\classes\interface\{f8fb4ea2-6c05-4de5-8cd0-625b03f48e22}
HKEY_LOCAL_MACHINE\software\classes\typelib\{03f8822f-8877-4002-8bcd-b532d53d8471}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\iegator4128.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\weatherscope

Registry Values:
HKEY_LOCAL_MACHINE\software\classes\appid\hungryhands.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\weatherscope
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\weatherscope

Removing Claria.Weatherscope:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
TargetSaver Downloader Removal
Removing SpyAxe Trojan
WinxDefender Ransomware Removal instruction
PrivacyRedeemer Ransomware Removal instruction

Posted by at No comments:
Subscribe to: Posts (Atom)