Tuesday, November 18, 2008

Protect Trojan

Removing Protect
Categories: Trojan,DoS
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.


Protect Also known as:

[Kaspersky]Trojan.Protect;
[McAfee]Protect;
[F-Prot]destructive program;
[Panda]Trj/5486;
[Computer Associates]Protect!Trojan
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\mswsck32.dll
[%SYSTEM%]\\mstds.exe
[%SYSTEM%]\mswsck32.dll
[%SYSTEM%]\\mstds.exe

How to detect Protect:

Files:
[%SYSTEM%]\mswsck32.dll
[%SYSTEM%]\\mstds.exe
[%SYSTEM%]\mswsck32.dll
[%SYSTEM%]\\mstds.exe

Removing Protect:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Sprincape Trojan Symptoms
Removing Win32.Rbot.ACI Trojan
Chiclen Trojan Removal
Pigeon.AVDT Trojan Removal
Pigeon.AZM Trojan Removal

Posted by at No comments:

SysUp Trojan

Removing SysUp
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
SysUp Also known as:

[Other]Smalldrp.JDU,Trojan.Dropper,Troj/VB-AZA
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\sysupd.exe
[%SYSTEM%]\sysupd.exe

How to detect SysUp:

Files:
[%SYSTEM%]\sysupd.exe
[%SYSTEM%]\sysupd.exe

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{7765f8fd-d9a4-444f-8a60-ac8cdb7871d9}
HKEY_CLASSES_ROOT\interface\{3fa7aca5-84e6-4d48-99a5-86ee52226170}
HKEY_CLASSES_ROOT\interface\{6393eaf6-7913-498e-b84e-e578a2181552}
HKEY_CLASSES_ROOT\interface\{726ad182-3357-4300-85bd-e051aa264cdc}
HKEY_CLASSES_ROOT\prjbdunionext20060711.cfiledownload
HKEY_CLASSES_ROOT\prjbdunionext20060711.cvsvirus
HKEY_CLASSES_ROOT\typelib\{693b2d0e-7dcd-4169-9428-c91941c1e1ea}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing SysUp:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing TrojanDownloader.Win32.Swizzor.bn Trojan
CNNIC.Update Hijacker Removal instruction
Small.ab Trojan Symptoms
Removing Espionage Spyware
Win32.Keylogger.G!Trojan Trojan Cleaner

Posted by at No comments:

XMLid BHO

Removing XMLid
Categories: BHO
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.

How to detect XMLid:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{11111111-1111-1111-1111-11111111111}

Removing XMLid:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Spaeher Trojan Cleaner

Posted by at No comments:

EnergyPlugin Adware

Removing EnergyPlugin
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:
[%COMMON_PROGRAMS%]\E-nrgyPlus\E-nrgyPlus.lnk
[%COMMON_PROGRAMS%]\E-nrgyPlus\homepage.lnk
[%COMMON_PROGRAMS%]\E-nrgyPlus\UnInstall.lnk
[%COMMON_PROGRAMS%]\E-nrgyPlus\E-nrgyPlus.lnk
[%COMMON_PROGRAMS%]\E-nrgyPlus\homepage.lnk
[%COMMON_PROGRAMS%]\E-nrgyPlus\UnInstall.lnk

How to detect EnergyPlugin:

Files:
[%COMMON_PROGRAMS%]\E-nrgyPlus\E-nrgyPlus.lnk
[%COMMON_PROGRAMS%]\E-nrgyPlus\homepage.lnk
[%COMMON_PROGRAMS%]\E-nrgyPlus\UnInstall.lnk
[%COMMON_PROGRAMS%]\E-nrgyPlus\E-nrgyPlus.lnk
[%COMMON_PROGRAMS%]\E-nrgyPlus\homepage.lnk
[%COMMON_PROGRAMS%]\E-nrgyPlus\UnInstall.lnk

Folders:
[%PROGRAM_FILES%]\E-nrgyPlus
[%PROGRAMS%]\energyplugin
[%PROGRAM_FILES%]\energyplugin

Registry Keys:
HKEY_CLASSES_ROOT\dial\defaulticon
HKEY_CLASSES_ROOT\dial\shell

Registry Values:
HKEY_CLASSES_ROOT\dial
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\user agent\post platform
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\user agent\post platform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\user agent\post platform
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\user agent\post platform
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\user agent\post platform
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing EnergyPlugin:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SystemMD Adware Removal instruction
Vxidl.AWE Trojan Removal instruction
Toledorz Backdoor Information
Istbar.dr Downloader Symptoms
Zlob.Fam.Image ActiveX Access Trojan Symptoms

Posted by at No comments:

Pigeon.APO Trojan

Removing Pigeon.APO
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

How to detect Pigeon.APO:

Registry Keys:
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_windows_applitcation_log
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\windows applitcation log

Removing Pigeon.APO:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Adex Trojan Removal
Removing Web.Asylum Trojan
Surila Trojan Symptoms
RelatedLinks Adware Information

Posted by at No comments:

MBKWBar Toolbar

Removing MBKWBar
Categories: Toolbar
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\mbkwnst.exe
[%PROFILE_TEMP%]\mbkwnst.inf
[%WINDOWS%]\mbkwnst.exe
[%PROFILE_TEMP%]\mbkwnst.exe
[%PROFILE_TEMP%]\mbkwnst.inf
[%WINDOWS%]\mbkwnst.exe

How to detect MBKWBar:

Files:
[%PROFILE_TEMP%]\mbkwnst.exe
[%PROFILE_TEMP%]\mbkwnst.inf
[%WINDOWS%]\mbkwnst.exe
[%PROFILE_TEMP%]\mbkwnst.exe
[%PROFILE_TEMP%]\mbkwnst.inf
[%WINDOWS%]\mbkwnst.exe

Folders:
[%PROGRAM_FILES%]\mbkwbar

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{EA5A82FB-D6BE-44F9-9363-B1ABABC153C1}
HKEY_CLASSES_ROOT\ietoolbar.toolbarimpl
HKEY_CLASSES_ROOT\ietoolbar.toolbarimpl.1
HKEY_CLASSES_ROOT\typelib\{4a7dba74-e729-4ec8-92e2-ffd83921449f}
HKEY_CURRENT_USER\software\mbkwbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\mbkwbar
HKEY_CLASSES_ROOT\clsid\{ea5a82fb-d6be-44f9-9363-b1ababc153c1}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{ea5a82fb-d6be-44f9-9363-b1ababc153c1}

Removing MBKWBar:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
KillSpy Ransomware Removal instruction

Posted by at No comments:

Pigeon.Graybird Trojan

Removing Pigeon.Graybird
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Pigeon.Graybird Also known as:

[Kaspersky]Backdoor.Win32.Hupigon.ayj;
[Other]Win32/Pigeon!generic,Win32/Pigeon.780288!

How to detect Pigeon.Graybird:

Registry Values:
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\graypigeon_hacker.com.cn

Removing Pigeon.Graybird:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Sub7Finder Backdoor Removal
Scoob Trojan Information
Remove Delf.cc Trojan

Posted by at No comments:

BackDoor.AMQ Trojan

Removing BackDoor.AMQ
Categories: Trojan,Backdoor,RAT
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
BackDoor.AMQ Also known as:

[Eset]Win32/Beastdoor.19 trojan;
[McAfee]BackDoor-AMQ;
[F-Prot]security risk named W32/BeastDoor.B;
[Computer Associates]Backdoor/Beastdoor.19
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\hservms.exe
[%WINDOWS%]\system\kb.tlg
[%WINDOWS%]\system\hservms.exe
[%WINDOWS%]\system\kb.tlg

How to detect BackDoor.AMQ:

Files:
[%WINDOWS%]\system\hservms.exe
[%WINDOWS%]\system\kb.tlg
[%WINDOWS%]\system\hservms.exe
[%WINDOWS%]\system\kb.tlg

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{as096941-b967-10d8-9cbd-0000f87a369e}

Removing BackDoor.AMQ:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove XP.Advanced.Keylogger Spyware
Removing CryptExrt.dll BHO
Vaxkat Trojan Cleaner
Remove MIRC Hacker Tool

Posted by at No comments:

HighTraffic Adware

Removing HighTraffic
Categories: Adware,BHO
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\bho2.dll
[%SYSTEM%]\msnie.dll
[%WINDOWS%]\system\bho2.dll
[%WINDOWS%]\system\msnie.dll
[%SYSTEM%]\bho2.dll
[%SYSTEM%]\msnie.dll
[%WINDOWS%]\system\bho2.dll
[%WINDOWS%]\system\msnie.dll

How to detect HighTraffic:

Files:
[%SYSTEM%]\bho2.dll
[%SYSTEM%]\msnie.dll
[%WINDOWS%]\system\bho2.dll
[%WINDOWS%]\system\msnie.dll
[%SYSTEM%]\bho2.dll
[%SYSTEM%]\msnie.dll
[%WINDOWS%]\system\bho2.dll
[%WINDOWS%]\system\msnie.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{53e10c2c-43b2-4657-ba29-aae179e7d35c}
HKEY_CLASSES_ROOT\clsid\{a8b9f08f-2fc4-4ade-9049-cfba586971ba}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{53e10c2c-43b2-4657-ba29-aae179e7d35c}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{a8b9f08f-2fc4-4ade-9049-cfba586971ba}
HKEY_LOCAL_MACHINE\software\classes\clsid\{53e10c2c-43b2-4657-ba29-aae179e7d35c}
HKEY_LOCAL_MACHINE\software\classes\clsid\{a8b9f08f-2fc4-4ade-9049-cfba586971ba}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53e10c2c-43b2-4657-ba29-aae179e7d35c}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{a8b9f08f-2fc4-4ade-9049-cfba586971ba}

Removing HighTraffic:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
1stAntiVirus Trojan Information
Remove Arelocs Trojan
Bancos.GNZ Trojan Symptoms
Remove Easy.Keylogger Spyware
Connob Trojan Symptoms

Posted by at No comments:

Starware.Recipe Hijacker

Removing Starware.Recipe
Categories: Hijacker
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\Starware316\bin\Starware316.dll
[%PROGRAM_FILES%]\Starware316\bin\Starware316.dll

How to detect Starware.Recipe:

Files:
[%PROGRAM_FILES%]\Starware316\bin\Starware316.dll
[%PROGRAM_FILES%]\Starware316\bin\Starware316.dll

Folders:
[%APPDATA%]\Starware337
[%PROGRAM_FILES%]\Starware337

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{1962c5bc-e475-465b-823b-133e711bceb9}
HKEY_CLASSES_ROOT\CLSID\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e}
HKEY_CLASSES_ROOT\clsid\{ab3dfa03-f743-4302-81dd-c370bffeca23}
HKEY_CLASSES_ROOT\clsid\{e550dc77-ef3b-474f-b59c-b3e2aa1fa6a5}
HKEY_CURRENT_USER\software\starware337
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e}
HKEY_CLASSES_ROOT\clsid\{1962c5bc-e475-465b-823b-133e711bceb9}
HKEY_CLASSES_ROOT\clsid\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e}

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar

Removing Starware.Recipe:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Rewzaq Trojan

Posted by at No comments:

IstBar.az Downloader

Removing IstBar.az
Categories: Downloader
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
Visible Symptoms:
Files in system folders:
[%PROFILE%]\applic~1\micros~1\office\excel10.dll
[%PROFILE%]\applic~1\micros~1\office\excel10.dll

How to detect IstBar.az:

Files:
[%PROFILE%]\applic~1\micros~1\office\excel10.dll
[%PROFILE%]\applic~1\micros~1\office\excel10.dll

Removing IstBar.az:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Yesmile Trojan

Posted by at No comments:

Keyboard.Logger Spyware

Removing Keyboard.Logger
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.

How to detect Keyboard.Logger:

Folders:
[%PROGRAM_FILES%]\Keyboard Logger
[%APPDATA%]\KLog
[%PROGRAMS%]\Keyboard Logger Pro

Registry Keys:
HKEY_CURRENT_USER\software\keyboard logger pro

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Keyboard.Logger:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Small.fp Backdoor
VB.pd Trojan Symptoms
GorillaNation Tracking Cookie Removal instruction
TrojanDownloader.Win32.Dyfuca.cn Downloader Symptoms
Soclaip Trojan Cleaner

Posted by at No comments:

Internet.Speed.Monitor Adware

Removing Internet.Speed.Monitor
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Internet.Speed.Monitor Also known as:

[Kaspersky]AdWare.Win32.Agent.qi;
[Other]Adware:Win32/InternetSpeedMonitor
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\ismtpa7.exe
[%PROFILE_TEMP%]\ismtpa7.exe

How to detect Internet.Speed.Monitor:

Files:
[%PROFILE_TEMP%]\ismtpa7.exe
[%PROFILE_TEMP%]\ismtpa7.exe

Folders:
[%PROGRAMS%]\Internet Speed Monitor
[%PROGRAM_FILES%]\ISM
[%PROGRAM_FILES%]\ISM2
[%PROGRAM_FILES%]\QdrDrive
[%PROGRAM_FILES%]\QdrModule
[%PROGRAM_FILES%]\QdrPack

Registry Keys:
HKEY_CLASSES_ROOT\appid\bndshell3.dll
HKEY_CLASSES_ROOT\appid\{543a8ffa-1665-4597-aa5a-2253bb51dc3b}
HKEY_CLASSES_ROOT\appid\{59fa541d-4de4-4182-84df-8b6ec0e7f545}
HKEY_CLASSES_ROOT\bndshell3.band
HKEY_CLASSES_ROOT\bndshell3.band.1
HKEY_CLASSES_ROOT\bndshell3.bho
HKEY_CLASSES_ROOT\bndshell3.bho.1
HKEY_CLASSES_ROOT\clsid\{1b2588f5-45ce-4322-b755-d79944ad1b17}
HKEY_CLASSES_ROOT\clsid\{1bac9a2a-4755-43c3-a430-d3512c5b8a4e}
HKEY_CLASSES_ROOT\clsid\{1ed6a320-8af3-4f06-868a-9ba95585712e}
HKEY_CLASSES_ROOT\clsid\{875a1348-7674-42aa-adac-b4f36a004a2d}
HKEY_CLASSES_ROOT\clsid\{8aba9a9c-8791-4d61-8d5b-bcc9448ea573}
HKEY_CLASSES_ROOT\clsid\{8c6d5a56-791e-4fe8-9d64-81781fa15d68}
HKEY_CLASSES_ROOT\typelib\{da724393-d255-497f-b5e7-c9be76b99622}
HKEY_CLASSES_ROOT\typelib\{dbe49762-874f-41ac-9409-ecdd4b3db4a2}
HKEY_CLASSES_ROOT\typelib\{dde3eca1-0352-4602-a719-154678216cc5}\1.0
HKEY_CLASSES_ROOT\typelib\{de4476af-4276-44ac-964b-7e2555c3bef2}\1.0
HKEY_CURRENT_USER\software\amera
HKEY_CURRENT_USER\software\antica
HKEY_CURRENT_USER\software\qdrmodule
HKEY_CURRENT_USER\software\qdrpack
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\explorer bars\{12da1bc4-5384-42fd-a119-3c99d2d146a2}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\explorer bars\{1bac9a2a-4755-43c3-a430-d3512c5b8a4e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{875a1348-7674-42aa-adac-b4f36a004a2d}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8b27cc68-110c-46a9-80d3-f3107de6eb98}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ism

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing Internet.Speed.Monitor:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Colondoff DoS
PCMonitor Spyware Removal instruction
Yankee.Doodle Trojan Removal
Claria.Screenscenes Adware Information
Remove Small.aph Downloader

Posted by at No comments:

iwAnywhere Backdoor

Removing iwAnywhere
Categories: Backdoor,RAT
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
iwAnywhere Also known as:

[Kaspersky]Backdoor.Apocalaps.10,Backdoor.Apocalaps.11,Backdoor.Iwanywhere.12;
[McAfee]BackDoor-AIO;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/iwAnywhere.10,Bck/iwAnywhere.11,Backdoor Program,Bck/Iwanywhere;
[Computer Associates]Backdoor/IWA.10!Server,Win32.iwAnywhere.10,Backdoor/AIO!Server,Win32.iwAnywhere.11,Backdoor/iwAnywhere.12,Win32.iwAnywhere.12
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\web data\index.html
[%WINDOWS%]\web data\index.html

How to detect iwAnywhere:

Files:
[%WINDOWS%]\web data\index.html
[%WINDOWS%]\web data\index.html

Removing iwAnywhere:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing STOPzilla Hijacker
Invisible.Activity.Spy Spyware Cleaner
Ditul Trojan Symptoms
DepthCharge Backdoor Cleaner

Posted by at No comments:

DTr Trojan

Removing DTr
Categories: Trojan,Backdoor,RAT
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.
DTr Also known as:

[Kaspersky]Backdoor.DTR.13.a,Backdoor.DTR.10.a,Backdoor.DTR.14.d,Backdoor.DTR.142.a,Backdoor.DTR.142.c,Backdoor.DTR.10.b,Backdoor.DTR.144.a,Backdoor.DTR.144.c,Backdoor.DTR.144.h,Backdoor.DTR.144.i,Backdoor.DTR.143,Backdoor.DTR.15.b,Backdoor.DTR.15.d,Backdoor.DTR.15.e,Backdoor.DTR.15.f,Backdoor.DTR.15.a,Backdoor.DTR.15.g,Backdoor.DTR.16.a;
[Eset]Win32/DTR.10 trojan,Win32/DTR.16 trojan,Win32/DTR.14.C trojan,Win32/DTR.144.I trojan;
[McAfee]BackDoor-WF,BackDoor-WF.svr;
[F-Prot]security risk or a "backdoor" program,destructive program,security risk named W32/DTR144.C,security risk named W32/DTR15.D,security risk named W32/DTR15.B,security risk named W32/DTR15.C,security risk named W32/DTR15.A;
[Panda]Backdoor Program,Backdoor Program.LC,Bck/Dtr,Bck/DTR.144.h,Trojan Horse,Bck/DTR.15,Bck/DTR.15.f;
[Computer Associates]Backdoor/Dtr.13,Backdoor/DTR.13.a,Win32.DTR.13,Backdoor/DTR.10,Win32.DTR.10,Backdoor/DTR.141!DLL,Backdoor/DTR.142.A,Win32.DTR.141,Win32.DTR.142,Win32/Dtr.142!Trojan,Backdoor/DTR.10.b!Server,Backdoor/DTR.144.a,Backdoor/DTR,Backdoor/DTR.1_4_4,Backdoor/DTR.1_44_I,Backdoor/Dtr.144,Backdoor/DTR.144.B!Server,Win32.DTR.144,Win32.DTR.144.B,Backdoor/DTR.143.DTrivDLL,Win32.DTR.143,Backdoor/DTR.1_5,Backdoor/DTR.15.b!Server,Backdoor/DTR.15.d!Server,Backdoor/DTR.15.e!Server,Backdoor/DTR.15!Server,Backdoor/DTR.15.A!Server,Backdoor/DTR.15F!Server,Backdoor/DTR.16!Server,Backdoor/DTR.141.B,Win32.DTR.141.B,Backdoor/DTR.144.i
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\dtriv.dat
[%WINDOWS%]\system\dtrivk.dll
[%WINDOWS%]\system\dtrv.dat
[%WINDOWS%]\system\dtrvk.dll
[%WINDOWS%]\system\nb003.exe
[%WINDOWS%]\system\nbsystem.exe
[%WINDOWS%]\system\dtriv.dat
[%WINDOWS%]\system\dtrivk.dll
[%WINDOWS%]\system\dtrv.dat
[%WINDOWS%]\system\dtrvk.dll
[%WINDOWS%]\system\nb003.exe
[%WINDOWS%]\system\nbsystem.exe

How to detect DTr:

Files:
[%WINDOWS%]\system\dtriv.dat
[%WINDOWS%]\system\dtrivk.dll
[%WINDOWS%]\system\dtrv.dat
[%WINDOWS%]\system\dtrvk.dll
[%WINDOWS%]\system\nb003.exe
[%WINDOWS%]\system\nbsystem.exe
[%WINDOWS%]\system\dtriv.dat
[%WINDOWS%]\system\dtrivk.dll
[%WINDOWS%]\system\dtrv.dat
[%WINDOWS%]\system\dtrvk.dll
[%WINDOWS%]\system\nb003.exe
[%WINDOWS%]\system\nbsystem.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload

Removing DTr:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
AMXPlus Spyware Information
FlashEnhancer Adware Removal instruction
PCS Spyware Removal
Msolob Ransomware Removal instruction
HideWindow Trojan Symptoms

Posted by at No comments:

Xupiter.Sqwire Hijacker

Removing Xupiter.Sqwire
Categories: Hijacker
When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\downloaded program files\sqinstaller.exe
[%WINDOWS%]\syslauncher.exe
[%WINDOWS%]\downloaded program files\sqinstaller.exe
[%WINDOWS%]\syslauncher.exe

How to detect Xupiter.Sqwire:

Files:
[%WINDOWS%]\downloaded program files\sqinstaller.exe
[%WINDOWS%]\syslauncher.exe
[%WINDOWS%]\downloaded program files\sqinstaller.exe
[%WINDOWS%]\syslauncher.exe

Folders:
[%PROGRAM_FILES%]\sqwire
[%PROGRAMS%]\xtractor plus 3.0

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Xupiter.Sqwire:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Lifeform Trojan

Posted by at No comments:

SpyDawn Adware

Removing SpyDawn
Categories: Adware,Ransomware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe software that encrypts the data
belonging to an individual on a computer, demanding a ransom for its restoration.
Although the field known as cryptovirology predates the term "ransomware".
SpyDawn Also known as:

[Kaspersky]FraudTool.Win32.SpyHeal.a;
[McAfee]SpyDawn;
[Other]VirusBurst,Program:win32/SpyDawn
Visible Symptoms:
Files in system folders:
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpyDawn 3.1.lnk
[%COOKIES%]\administrator@spydawn[1].txt
[%PROGRAM_FILES%]\SpyDawn\SpyDawn.exe
[%DESKTOP%]\SpyDawn.lnk
[%STARTMENU%]\SpyDawn 3.1.lnk
[%DESKTOP%]\SpyDawn.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpyDawn 3.1.lnk
[%COOKIES%]\administrator@spydawn[1].txt
[%PROGRAM_FILES%]\SpyDawn\SpyDawn.exe
[%DESKTOP%]\SpyDawn.lnk
[%STARTMENU%]\SpyDawn 3.1.lnk
[%DESKTOP%]\SpyDawn.lnk

How to detect SpyDawn:

Files:
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpyDawn 3.1.lnk
[%COOKIES%]\administrator@spydawn[1].txt
[%PROGRAM_FILES%]\SpyDawn\SpyDawn.exe
[%DESKTOP%]\SpyDawn.lnk
[%STARTMENU%]\SpyDawn 3.1.lnk
[%DESKTOP%]\SpyDawn.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpyDawn 3.1.lnk
[%COOKIES%]\administrator@spydawn[1].txt
[%PROGRAM_FILES%]\SpyDawn\SpyDawn.exe
[%DESKTOP%]\SpyDawn.lnk
[%STARTMENU%]\SpyDawn 3.1.lnk
[%DESKTOP%]\SpyDawn.lnk

Folders:
[%PROGRAMS%]\SpyDawn
[%PROGRAM_FILES%]\SpyDawn

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{c1df2728-8510-0773-96d8-5d0c1f27821b}
HKEY_CLASSES_ROOT\interface\{080c3ec1-ab54-40f3-88be-e6face068cf0}
HKEY_CLASSES_ROOT\interface\{101981f9-8ba3-4064-949b-3c5beb867134}
HKEY_CLASSES_ROOT\interface\{16992424-7ac2-47f6-8799-bf4e8ebbecc1}
HKEY_CLASSES_ROOT\interface\{28dc003f-7396-4b9d-8d0c-e40d8f4e3f4a}
HKEY_CLASSES_ROOT\interface\{3a9ccaf6-08b8-4163-8dd8-3d9200314533}
HKEY_CLASSES_ROOT\interface\{3f109e21-d00a-4222-9a42-4a7611122cf1}
HKEY_CLASSES_ROOT\interface\{4db7b2c0-c3be-4a1d-915b-9b04981cf4b4}
HKEY_CLASSES_ROOT\interface\{5fc90027-65c3-4e0c-91c7-e3d3296e3763}
HKEY_CLASSES_ROOT\interface\{63948a86-9227-4dab-8aa6-ccd2111264a0}
HKEY_CLASSES_ROOT\interface\{7a7ca289-6e1e-4a00-aa81-c5d252945645}
HKEY_CLASSES_ROOT\interface\{7de844a5-dc96-4cd5-b4ee-1c7ae0b5e62a}
HKEY_CLASSES_ROOT\interface\{929fc56a-ee5c-436c-bc73-68d583233485}
HKEY_CLASSES_ROOT\interface\{94596fc9-cbf8-4f61-8a02-aacbb86b51ba}
HKEY_CLASSES_ROOT\interface\{a048440c-9495-4757-8fb3-0383ade9e89d}
HKEY_CLASSES_ROOT\interface\{cc09ac3e-aa61-4cbd-a351-df435c8fe5c2}
HKEY_CLASSES_ROOT\interface\{cc61280d-617c-4007-9d21-3f6f7bba81fe}
HKEY_CLASSES_ROOT\typelib\{c7281808-f7c3-4bed-940f-40b9fd5784b6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\spydawn.exe
HKEY_CLASSES_ROOT\Interface\{189518DF-7EBA-4D31-A7E1-73B5BB60E8D5}
HKEY_CLASSES_ROOT\Interface\{23D627FE-3F02-44CF-9EE1-7B9E44BD9E13}
HKEY_CLASSES_ROOT\Interface\{43CFEFBE-8AE4-400E-BBE4-A2B61BB140FB}
HKEY_CLASSES_ROOT\Interface\{5790B963-23C5-43C1-BCF5-01C9B5A3E44E}
HKEY_CLASSES_ROOT\Interface\{5D42DDF4-81EB-4668-9951-819A1D5BEFC8}
HKEY_CLASSES_ROOT\Interface\{76D06077-D5D3-40CA-B32D-6A67A7FF3F06}
HKEY_CLASSES_ROOT\Interface\{86C7E6C3-EC47-44E5-AA08-EE0D0A25895F}
HKEY_CLASSES_ROOT\Interface\{9283DAC1-43F5-4580-BF86-841F22AF2335}
HKEY_CLASSES_ROOT\Interface\{AE90CAFC-09D4-47F0-9E11-CE621C424F08}
HKEY_CLASSES_ROOT\Interface\{BA397E39-F67F-423F-BC6E-65939450093A}
HKEY_CLASSES_ROOT\Interface\{BEC8A83D-01D4-4F15-B8A9-4B4AB24253A7}
HKEY_CLASSES_ROOT\Interface\{C4EEDC19-992D-409A-B323-ED57D511AFA5}
HKEY_CLASSES_ROOT\Interface\{DD90F677-D205-4F70-9014-659614AABCB2}
HKEY_CLASSES_ROOT\Interface\{E3DF91F3-F24F-441E-9001-D61F36024322}
HKEY_CLASSES_ROOT\Interface\{F459EADB-5903-48D5-864C-2B7B46AB1424}
HKEY_CLASSES_ROOT\Interface\{FC4EDF66-0547-4F1A-AE96-7CFCAD711C90}
HKEY_CLASSES_ROOT\TypeLib\{661173EE-FA31-4769-97D4-B556B5D09BDA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3820350F-5092-2ADD-8A4C-8DE2C609FAE5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{189518DF-7EBA-4D31-A7E1-73B5BB60E8D5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23D627FE-3F02-44CF-9EE1-7B9E44BD9E13}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{43CFEFBE-8AE4-400E-BBE4-A2B61BB140FB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5790B963-23C5-43C1-BCF5-01C9B5A3E44E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5D42DDF4-81EB-4668-9951-819A1D5BEFC8}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{76D06077-D5D3-40CA-B32D-6A67A7FF3F06}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{86C7E6C3-EC47-44E5-AA08-EE0D0A25895F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9283DAC1-43F5-4580-BF86-841F22AF2335}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AE90CAFC-09D4-47F0-9E11-CE621C424F08}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BA397E39-F67F-423F-BC6E-65939450093A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BEC8A83D-01D4-4F15-B8A9-4B4AB24253A7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4EEDC19-992D-409A-B323-ED57D511AFA5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD90F677-D205-4F70-9014-659614AABCB2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3DF91F3-F24F-441E-9001-D61F36024322}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F459EADB-5903-48D5-864C-2B7B46AB1424}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FC4EDF66-0547-4F1A-AE96-7CFCAD711C90}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{661173EE-FA31-4769-97D4-B556B5D09BDA}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spydawn
HKEY_LOCAL_MACHINE\software\spydawn

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing SpyDawn:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove WatchDog Spyware
Net.Metropolitan Spyware Removal instruction
Removing Bancos.HLX Trojan
Wenpi Trojan Cleaner
GorillaNation Tracking Cookie Cleaner

Posted by at No comments:

Boolospy Spyware

Removing Boolospy
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\JXKey.exe
[%SYSTEM%]\jxkeydat.sys
[%SYSTEM%]\JXKeyHook.dll
[%SYSTEM%]\KeyLogViewer.exe
[%WINDOWS%]\JXKey.exe
[%WINDOWS%]\jxkeydat.sys
[%WINDOWS%]\JXKeyHook.dll
[%WINDOWS%]\KeyLogViewer.exe
[%SYSTEM%]\JXKey.exe
[%SYSTEM%]\jxkeydat.sys
[%SYSTEM%]\JXKeyHook.dll
[%SYSTEM%]\KeyLogViewer.exe
[%WINDOWS%]\JXKey.exe
[%WINDOWS%]\jxkeydat.sys
[%WINDOWS%]\JXKeyHook.dll
[%WINDOWS%]\KeyLogViewer.exe

How to detect Boolospy:

Files:
[%SYSTEM%]\JXKey.exe
[%SYSTEM%]\jxkeydat.sys
[%SYSTEM%]\JXKeyHook.dll
[%SYSTEM%]\KeyLogViewer.exe
[%WINDOWS%]\JXKey.exe
[%WINDOWS%]\jxkeydat.sys
[%WINDOWS%]\JXKeyHook.dll
[%WINDOWS%]\KeyLogViewer.exe
[%SYSTEM%]\JXKey.exe
[%SYSTEM%]\jxkeydat.sys
[%SYSTEM%]\JXKeyHook.dll
[%SYSTEM%]\KeyLogViewer.exe
[%WINDOWS%]\JXKey.exe
[%WINDOWS%]\jxkeydat.sys
[%WINDOWS%]\JXKeyHook.dll
[%WINDOWS%]\KeyLogViewer.exe

Removing Boolospy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Keylogger.King.Free Spyware
Anserin Trojan Symptoms
LowZones.cza Trojan Symptoms

Posted by at No comments:

KBDPQL1 BHO

Removing KBDPQL1
Categories: BHO
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\kbdpql1.dll
[%SYSTEM%]\kbdpql1.dll

How to detect KBDPQL1:

Files:
[%SYSTEM%]\kbdpql1.dll
[%SYSTEM%]\kbdpql1.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{90d851fa-27e1-4694-8742-0c1eefae03c5}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{90d851fa-27e1-4694-8742-0c1eefae03c5}

Removing KBDPQL1:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
QinqDL Trojan Symptoms
Zlob.Fam.Internet Security Trojan Cleaner

Posted by at No comments:

sqwire Adware

Removing sqwire
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\sqwire.log
[%WINDOWS%]\temp\tsl_rc0_wrap.exe
[%SYSTEM%]\sqwire.log
[%WINDOWS%]\temp\tsl_rc0_wrap.exe

How to detect sqwire:

Files:
[%SYSTEM%]\sqwire.log
[%WINDOWS%]\temp\tsl_rc0_wrap.exe
[%SYSTEM%]\sqwire.log
[%WINDOWS%]\temp\tsl_rc0_wrap.exe

Folders:
[%COMMON_FAVORITES%]\favorites\shopping
[%FAVORITES%]\favorites\business
[%FAVORITES%]\favorites\computers
[%FAVORITES%]\favorites\finance
[%FAVORITES%]\favorites\shopping
[%FAVORITES%]\favorites\cool stuff
[%FAVORITES%]\favorites\entertainment
[%FAVORITES%]\favorites\free stuff
[%FAVORITES%]\favorites\gambling
[%FAVORITES%]\favorites\gaming
[%FAVORITES%]\favorites\inernet
[%FAVORITES%]\favorites\lifestyle

Registry Keys:
HKEY_CLASSES_ROOT\classes\sqloader.loader
HKEY_CLASSES_ROOT\classes\sqloader.loader.1
HKEY_CLASSES_ROOT\interface\{32e715f3-6481-4118-a689-504312933ce6}
HKEY_CLASSES_ROOT\typelib\{118af62f-21b1-4492-8111-c1a03c5e09cb}
HKEY_CLASSES_ROOT\typelib\{4d0ac936-bde8-4ea2-b4fb-9f89e5b4c186}
HKEY_CURRENT_USER\software\sq
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{3c5ba506-6c30-4738-9ced-797acadea8dc}

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing sqwire:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Triplethreat Hostile Code
Y3K.Remote.Administration.Tool.MegaSecurity RAT Information
Remove Attitude Trojan
XP.Antivirus Ransomware Cleaner

Posted by at No comments:

CodeZero BHO

Removing CodeZero
Categories: BHO
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
Visible Symptoms:
Files in system folders:
[%PROGRAMS%]\codezero\codezero.lnk
[%PROGRAM_FILES%]\codezero\bpt.ini
[%PROGRAM_FILES%]\codezero\czbho.dll
[%PROGRAM_FILES%]\codezero\czoptima.exe
[%PROGRAM_FILES%]\codezero\cztray.exe
[%PROGRAM_FILES%]\codezero\czupdate.exe
[%PROGRAM_FILES%]\codezero\image\0.jpg
[%PROGRAM_FILES%]\codezero\image\1.jpg
[%PROGRAM_FILES%]\codezero\image\2.jpg
[%PROGRAM_FILES%]\codezero\image\2_1(1).jpg
[%PROGRAM_FILES%]\codezero\image\2_1.jpg
[%PROGRAM_FILES%]\codezero\image\2_2.jpg
[%PROGRAM_FILES%]\codezero\image\3.jpg
[%PROGRAM_FILES%]\codezero\image\4.jpg
[%PROGRAM_FILES%]\codezero\image\5.jpg
[%PROGRAM_FILES%]\codezero\image\background.jpg
[%PROGRAM_FILES%]\codezero\image\backup.ini
[%PROGRAM_FILES%]\codezero\image\bpt.ini
[%PROGRAM_FILES%]\codezero\image\bpt_h7.ini
[%PROGRAM_FILES%]\codezero\image\bpt_k3.ini
[%PROGRAM_FILES%]\codezero\image\btn.jpg
[%PROGRAM_FILES%]\codezero\image\btn_close.jpg
[%PROGRAM_FILES%]\codezero\image\buttoncontrol.jpg
[%PROGRAM_FILES%]\codezero\image\codezero.ico
[%PROGRAM_FILES%]\codezero\image\codezero.jpg
[%PROGRAM_FILES%]\codezero\image\codezero_main.jpg
[%PROGRAM_FILES%]\codezero\image\codezero_update.jpg
[%PROGRAM_FILES%]\codezero\image\control.jpg
[%PROGRAM_FILES%]\codezero\image\czero_16.ico
[%PROGRAM_FILES%]\codezero\image\diskcontrol.jpg
[%PROGRAM_FILES%]\codezero\image\drive.ini
[%PROGRAM_FILES%]\codezero\image\drive.jpg
[%PROGRAM_FILES%]\codezero\image\findreg.ini
[%PROGRAM_FILES%]\codezero\image\findreg.jpg
[%PROGRAM_FILES%]\codezero\image\hate.ini
[%PROGRAM_FILES%]\codezero\image\info.ini
[%PROGRAM_FILES%]\codezero\image\mad.ini
[%PROGRAM_FILES%]\codezero\image\madorreg.jpg
[%PROGRAM_FILES%]\codezero\image\main.ini
[%PROGRAM_FILES%]\codezero\image\offline.jpg
[%PROGRAM_FILES%]\codezero\image\onok.jpg
[%PROGRAM_FILES%]\codezero\image\optima.ini
[%PROGRAM_FILES%]\codezero\image\page.ini
[%PROGRAM_FILES%]\codezero\image\pcxx.ini
[%PROGRAM_FILES%]\codezero\image\person.jpg
[%PROGRAM_FILES%]\codezero\image\personcontrol.jpg
[%PROGRAM_FILES%]\codezero\image\popup_fixed.bmp
[%PROGRAM_FILES%]\codezero\image\popup_test.bmp
[%PROGRAM_FILES%]\codezero\image\popup_test2.bmp
[%PROGRAM_FILES%]\codezero\image\recdelcontrol.jpg
[%PROGRAM_FILES%]\codezero\image\record.ini
[%PROGRAM_FILES%]\codezero\image\recordcontrol.jpg
[%PROGRAM_FILES%]\codezero\image\recorddel.jpg
[%PROGRAM_FILES%]\codezero\image\regdel.ini
[%PROGRAM_FILES%]\codezero\image\regdel.jpg
[%PROGRAM_FILES%]\codezero\image\searchreg.ini
[%PROGRAM_FILES%]\codezero\image\searchreg.jpg
[%PROGRAM_FILES%]\codezero\image\skin.ini
[%PROGRAM_FILES%]\codezero\image\start.jpg
[%PROGRAM_FILES%]\codezero\image\tab.jpg
[%PROGRAM_FILES%]\codezero\image\topmenu.jpg
[%PROGRAM_FILES%]\codezero\image\update.ini
[%PROGRAM_FILES%]\codezero\image\update.jpg
[%PROGRAM_FILES%]\codezero\mfc42.dll
[%PROGRAM_FILES%]\codezero\uncz.exe
[%PROGRAM_FILES%]\codezero\uninstall.exe
[%PROGRAM_FILES%]\codezero\update\appver.log
[%PROGRAM_FILES%]\codezero\update\badcode.log
[%PROGRAM_FILES%]\codezero\update\badsite.log
[%PROGRAM_FILES%]\codezero\update\badsiteupdate.dat
[%PROGRAM_FILES%]\codezero\update\badsitever.log
[%PROGRAM_FILES%]\codezero\update\obfl.dat
[%PROGRAM_FILES%]\codezero\update\obrl.dat
[%PROGRAMS%]\codezero\codezero.lnk
[%PROGRAM_FILES%]\codezero\bpt.ini
[%PROGRAM_FILES%]\codezero\czbho.dll
[%PROGRAM_FILES%]\codezero\czoptima.exe
[%PROGRAM_FILES%]\codezero\cztray.exe
[%PROGRAM_FILES%]\codezero\czupdate.exe
[%PROGRAM_FILES%]\codezero\image\0.jpg
[%PROGRAM_FILES%]\codezero\image\1.jpg
[%PROGRAM_FILES%]\codezero\image\2.jpg
[%PROGRAM_FILES%]\codezero\image\2_1(1).jpg
[%PROGRAM_FILES%]\codezero\image\2_1.jpg
[%PROGRAM_FILES%]\codezero\image\2_2.jpg
[%PROGRAM_FILES%]\codezero\image\3.jpg
[%PROGRAM_FILES%]\codezero\image\4.jpg
[%PROGRAM_FILES%]\codezero\image\5.jpg
[%PROGRAM_FILES%]\codezero\image\background.jpg
[%PROGRAM_FILES%]\codezero\image\backup.ini
[%PROGRAM_FILES%]\codezero\image\bpt.ini
[%PROGRAM_FILES%]\codezero\image\bpt_h7.ini
[%PROGRAM_FILES%]\codezero\image\bpt_k3.ini
[%PROGRAM_FILES%]\codezero\image\btn.jpg
[%PROGRAM_FILES%]\codezero\image\btn_close.jpg
[%PROGRAM_FILES%]\codezero\image\buttoncontrol.jpg
[%PROGRAM_FILES%]\codezero\image\codezero.ico
[%PROGRAM_FILES%]\codezero\image\codezero.jpg
[%PROGRAM_FILES%]\codezero\image\codezero_main.jpg
[%PROGRAM_FILES%]\codezero\image\codezero_update.jpg
[%PROGRAM_FILES%]\codezero\image\control.jpg
[%PROGRAM_FILES%]\codezero\image\czero_16.ico
[%PROGRAM_FILES%]\codezero\image\diskcontrol.jpg
[%PROGRAM_FILES%]\codezero\image\drive.ini
[%PROGRAM_FILES%]\codezero\image\drive.jpg
[%PROGRAM_FILES%]\codezero\image\findreg.ini
[%PROGRAM_FILES%]\codezero\image\findreg.jpg
[%PROGRAM_FILES%]\codezero\image\hate.ini
[%PROGRAM_FILES%]\codezero\image\info.ini
[%PROGRAM_FILES%]\codezero\image\mad.ini
[%PROGRAM_FILES%]\codezero\image\madorreg.jpg
[%PROGRAM_FILES%]\codezero\image\main.ini
[%PROGRAM_FILES%]\codezero\image\offline.jpg
[%PROGRAM_FILES%]\codezero\image\onok.jpg
[%PROGRAM_FILES%]\codezero\image\optima.ini
[%PROGRAM_FILES%]\codezero\image\page.ini
[%PROGRAM_FILES%]\codezero\image\pcxx.ini
[%PROGRAM_FILES%]\codezero\image\person.jpg
[%PROGRAM_FILES%]\codezero\image\personcontrol.jpg
[%PROGRAM_FILES%]\codezero\image\popup_fixed.bmp
[%PROGRAM_FILES%]\codezero\image\popup_test.bmp
[%PROGRAM_FILES%]\codezero\image\popup_test2.bmp
[%PROGRAM_FILES%]\codezero\image\recdelcontrol.jpg
[%PROGRAM_FILES%]\codezero\image\record.ini
[%PROGRAM_FILES%]\codezero\image\recordcontrol.jpg
[%PROGRAM_FILES%]\codezero\image\recorddel.jpg
[%PROGRAM_FILES%]\codezero\image\regdel.ini
[%PROGRAM_FILES%]\codezero\image\regdel.jpg
[%PROGRAM_FILES%]\codezero\image\searchreg.ini
[%PROGRAM_FILES%]\codezero\image\searchreg.jpg
[%PROGRAM_FILES%]\codezero\image\skin.ini
[%PROGRAM_FILES%]\codezero\image\start.jpg
[%PROGRAM_FILES%]\codezero\image\tab.jpg
[%PROGRAM_FILES%]\codezero\image\topmenu.jpg
[%PROGRAM_FILES%]\codezero\image\update.ini
[%PROGRAM_FILES%]\codezero\image\update.jpg
[%PROGRAM_FILES%]\codezero\mfc42.dll
[%PROGRAM_FILES%]\codezero\uncz.exe
[%PROGRAM_FILES%]\codezero\uninstall.exe
[%PROGRAM_FILES%]\codezero\update\appver.log
[%PROGRAM_FILES%]\codezero\update\badcode.log
[%PROGRAM_FILES%]\codezero\update\badsite.log
[%PROGRAM_FILES%]\codezero\update\badsiteupdate.dat
[%PROGRAM_FILES%]\codezero\update\badsitever.log
[%PROGRAM_FILES%]\codezero\update\obfl.dat
[%PROGRAM_FILES%]\codezero\update\obrl.dat

How to detect CodeZero:

Files:
[%PROGRAMS%]\codezero\codezero.lnk
[%PROGRAM_FILES%]\codezero\bpt.ini
[%PROGRAM_FILES%]\codezero\czbho.dll
[%PROGRAM_FILES%]\codezero\czoptima.exe
[%PROGRAM_FILES%]\codezero\cztray.exe
[%PROGRAM_FILES%]\codezero\czupdate.exe
[%PROGRAM_FILES%]\codezero\image\0.jpg
[%PROGRAM_FILES%]\codezero\image\1.jpg
[%PROGRAM_FILES%]\codezero\image\2.jpg
[%PROGRAM_FILES%]\codezero\image\2_1(1).jpg
[%PROGRAM_FILES%]\codezero\image\2_1.jpg
[%PROGRAM_FILES%]\codezero\image\2_2.jpg
[%PROGRAM_FILES%]\codezero\image\3.jpg
[%PROGRAM_FILES%]\codezero\image\4.jpg
[%PROGRAM_FILES%]\codezero\image\5.jpg
[%PROGRAM_FILES%]\codezero\image\background.jpg
[%PROGRAM_FILES%]\codezero\image\backup.ini
[%PROGRAM_FILES%]\codezero\image\bpt.ini
[%PROGRAM_FILES%]\codezero\image\bpt_h7.ini
[%PROGRAM_FILES%]\codezero\image\bpt_k3.ini
[%PROGRAM_FILES%]\codezero\image\btn.jpg
[%PROGRAM_FILES%]\codezero\image\btn_close.jpg
[%PROGRAM_FILES%]\codezero\image\buttoncontrol.jpg
[%PROGRAM_FILES%]\codezero\image\codezero.ico
[%PROGRAM_FILES%]\codezero\image\codezero.jpg
[%PROGRAM_FILES%]\codezero\image\codezero_main.jpg
[%PROGRAM_FILES%]\codezero\image\codezero_update.jpg
[%PROGRAM_FILES%]\codezero\image\control.jpg
[%PROGRAM_FILES%]\codezero\image\czero_16.ico
[%PROGRAM_FILES%]\codezero\image\diskcontrol.jpg
[%PROGRAM_FILES%]\codezero\image\drive.ini
[%PROGRAM_FILES%]\codezero\image\drive.jpg
[%PROGRAM_FILES%]\codezero\image\findreg.ini
[%PROGRAM_FILES%]\codezero\image\findreg.jpg
[%PROGRAM_FILES%]\codezero\image\hate.ini
[%PROGRAM_FILES%]\codezero\image\info.ini
[%PROGRAM_FILES%]\codezero\image\mad.ini
[%PROGRAM_FILES%]\codezero\image\madorreg.jpg
[%PROGRAM_FILES%]\codezero\image\main.ini
[%PROGRAM_FILES%]\codezero\image\offline.jpg
[%PROGRAM_FILES%]\codezero\image\onok.jpg
[%PROGRAM_FILES%]\codezero\image\optima.ini
[%PROGRAM_FILES%]\codezero\image\page.ini
[%PROGRAM_FILES%]\codezero\image\pcxx.ini
[%PROGRAM_FILES%]\codezero\image\person.jpg
[%PROGRAM_FILES%]\codezero\image\personcontrol.jpg
[%PROGRAM_FILES%]\codezero\image\popup_fixed.bmp
[%PROGRAM_FILES%]\codezero\image\popup_test.bmp
[%PROGRAM_FILES%]\codezero\image\popup_test2.bmp
[%PROGRAM_FILES%]\codezero\image\recdelcontrol.jpg
[%PROGRAM_FILES%]\codezero\image\record.ini
[%PROGRAM_FILES%]\codezero\image\recordcontrol.jpg
[%PROGRAM_FILES%]\codezero\image\recorddel.jpg
[%PROGRAM_FILES%]\codezero\image\regdel.ini
[%PROGRAM_FILES%]\codezero\image\regdel.jpg
[%PROGRAM_FILES%]\codezero\image\searchreg.ini
[%PROGRAM_FILES%]\codezero\image\searchreg.jpg
[%PROGRAM_FILES%]\codezero\image\skin.ini
[%PROGRAM_FILES%]\codezero\image\start.jpg
[%PROGRAM_FILES%]\codezero\image\tab.jpg
[%PROGRAM_FILES%]\codezero\image\topmenu.jpg
[%PROGRAM_FILES%]\codezero\image\update.ini
[%PROGRAM_FILES%]\codezero\image\update.jpg
[%PROGRAM_FILES%]\codezero\mfc42.dll
[%PROGRAM_FILES%]\codezero\uncz.exe
[%PROGRAM_FILES%]\codezero\uninstall.exe
[%PROGRAM_FILES%]\codezero\update\appver.log
[%PROGRAM_FILES%]\codezero\update\badcode.log
[%PROGRAM_FILES%]\codezero\update\badsite.log
[%PROGRAM_FILES%]\codezero\update\badsiteupdate.dat
[%PROGRAM_FILES%]\codezero\update\badsitever.log
[%PROGRAM_FILES%]\codezero\update\obfl.dat
[%PROGRAM_FILES%]\codezero\update\obrl.dat
[%PROGRAMS%]\codezero\codezero.lnk
[%PROGRAM_FILES%]\codezero\bpt.ini
[%PROGRAM_FILES%]\codezero\czbho.dll
[%PROGRAM_FILES%]\codezero\czoptima.exe
[%PROGRAM_FILES%]\codezero\cztray.exe
[%PROGRAM_FILES%]\codezero\czupdate.exe
[%PROGRAM_FILES%]\codezero\image\0.jpg
[%PROGRAM_FILES%]\codezero\image\1.jpg
[%PROGRAM_FILES%]\codezero\image\2.jpg
[%PROGRAM_FILES%]\codezero\image\2_1(1).jpg
[%PROGRAM_FILES%]\codezero\image\2_1.jpg
[%PROGRAM_FILES%]\codezero\image\2_2.jpg
[%PROGRAM_FILES%]\codezero\image\3.jpg
[%PROGRAM_FILES%]\codezero\image\4.jpg
[%PROGRAM_FILES%]\codezero\image\5.jpg
[%PROGRAM_FILES%]\codezero\image\background.jpg
[%PROGRAM_FILES%]\codezero\image\backup.ini
[%PROGRAM_FILES%]\codezero\image\bpt.ini
[%PROGRAM_FILES%]\codezero\image\bpt_h7.ini
[%PROGRAM_FILES%]\codezero\image\bpt_k3.ini
[%PROGRAM_FILES%]\codezero\image\btn.jpg
[%PROGRAM_FILES%]\codezero\image\btn_close.jpg
[%PROGRAM_FILES%]\codezero\image\buttoncontrol.jpg
[%PROGRAM_FILES%]\codezero\image\codezero.ico
[%PROGRAM_FILES%]\codezero\image\codezero.jpg
[%PROGRAM_FILES%]\codezero\image\codezero_main.jpg
[%PROGRAM_FILES%]\codezero\image\codezero_update.jpg
[%PROGRAM_FILES%]\codezero\image\control.jpg
[%PROGRAM_FILES%]\codezero\image\czero_16.ico
[%PROGRAM_FILES%]\codezero\image\diskcontrol.jpg
[%PROGRAM_FILES%]\codezero\image\drive.ini
[%PROGRAM_FILES%]\codezero\image\drive.jpg
[%PROGRAM_FILES%]\codezero\image\findreg.ini
[%PROGRAM_FILES%]\codezero\image\findreg.jpg
[%PROGRAM_FILES%]\codezero\image\hate.ini
[%PROGRAM_FILES%]\codezero\image\info.ini
[%PROGRAM_FILES%]\codezero\image\mad.ini
[%PROGRAM_FILES%]\codezero\image\madorreg.jpg
[%PROGRAM_FILES%]\codezero\image\main.ini
[%PROGRAM_FILES%]\codezero\image\offline.jpg
[%PROGRAM_FILES%]\codezero\image\onok.jpg
[%PROGRAM_FILES%]\codezero\image\optima.ini
[%PROGRAM_FILES%]\codezero\image\page.ini
[%PROGRAM_FILES%]\codezero\image\pcxx.ini
[%PROGRAM_FILES%]\codezero\image\person.jpg
[%PROGRAM_FILES%]\codezero\image\personcontrol.jpg
[%PROGRAM_FILES%]\codezero\image\popup_fixed.bmp
[%PROGRAM_FILES%]\codezero\image\popup_test.bmp
[%PROGRAM_FILES%]\codezero\image\popup_test2.bmp
[%PROGRAM_FILES%]\codezero\image\recdelcontrol.jpg
[%PROGRAM_FILES%]\codezero\image\record.ini
[%PROGRAM_FILES%]\codezero\image\recordcontrol.jpg
[%PROGRAM_FILES%]\codezero\image\recorddel.jpg
[%PROGRAM_FILES%]\codezero\image\regdel.ini
[%PROGRAM_FILES%]\codezero\image\regdel.jpg
[%PROGRAM_FILES%]\codezero\image\searchreg.ini
[%PROGRAM_FILES%]\codezero\image\searchreg.jpg
[%PROGRAM_FILES%]\codezero\image\skin.ini
[%PROGRAM_FILES%]\codezero\image\start.jpg
[%PROGRAM_FILES%]\codezero\image\tab.jpg
[%PROGRAM_FILES%]\codezero\image\topmenu.jpg
[%PROGRAM_FILES%]\codezero\image\update.ini
[%PROGRAM_FILES%]\codezero\image\update.jpg
[%PROGRAM_FILES%]\codezero\mfc42.dll
[%PROGRAM_FILES%]\codezero\uncz.exe
[%PROGRAM_FILES%]\codezero\uninstall.exe
[%PROGRAM_FILES%]\codezero\update\appver.log
[%PROGRAM_FILES%]\codezero\update\badcode.log
[%PROGRAM_FILES%]\codezero\update\badsite.log
[%PROGRAM_FILES%]\codezero\update\badsiteupdate.dat
[%PROGRAM_FILES%]\codezero\update\badsitever.log
[%PROGRAM_FILES%]\codezero\update\obfl.dat
[%PROGRAM_FILES%]\codezero\update\obrl.dat

Registry Values:
HKEY_LOCAL_MACHINE\software\codezero
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\codezero
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\codezero
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\codezero
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\codezero

Removing CodeZero:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing CWS.Feads Trojan
Dipti Backdoor Removal instruction
DDY Trojan Symptoms
TrafficJam Adware Cleaner

Posted by at No comments:

SupaSleep Adware

Removing SupaSleep
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
SupaSleep Also known as:

[Kaspersky]Trojan-Clicker.Win32.Small.lt;
[McAfee]Generic AdClicker.b

How to detect SupaSleep:

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing SupaSleep:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Krepper Trojan Removal
Lobster Downloader Removal
AntiVerminsPro Adware Removal
Lamers.Death Backdoor Information

Posted by at No comments:

SpywareStormer Trojan

Removing SpywareStormer
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Visible Symptoms:
Files in system folders:
[%PROGRAMS%]\Spyware Stormer\Spyware Stormer.lnk
[%PROGRAMS%]\Spyware Stormer\Uninstall.lnk
[%PROGRAMS%]\Spyware Stormer\Website.lnk
[%PROGRAM_FILES%]\Spyware Cleaner\Options Files\ScanHist.opt
[%PROGRAMS%]\Spyware Stormer\Spyware Stormer.lnk
[%PROGRAMS%]\Spyware Stormer\Uninstall.lnk
[%PROGRAMS%]\Spyware Stormer\Website.lnk
[%PROGRAM_FILES%]\Spyware Cleaner\Options Files\ScanHist.opt

How to detect SpywareStormer:

Files:
[%PROGRAMS%]\Spyware Stormer\Spyware Stormer.lnk
[%PROGRAMS%]\Spyware Stormer\Uninstall.lnk
[%PROGRAMS%]\Spyware Stormer\Website.lnk
[%PROGRAM_FILES%]\Spyware Cleaner\Options Files\ScanHist.opt
[%PROGRAMS%]\Spyware Stormer\Spyware Stormer.lnk
[%PROGRAMS%]\Spyware Stormer\Uninstall.lnk
[%PROGRAMS%]\Spyware Stormer\Website.lnk
[%PROGRAM_FILES%]\Spyware Cleaner\Options Files\ScanHist.opt

Folders:
[%PROGRAM_FILES%]\Spyware Stormer

Registry Keys:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\spyware stormer

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spyware stormer
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spyware stormer
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spyware stormer
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spyware stormer
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spyware stormer
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spyware stormer
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spyware stormer

Removing SpywareStormer:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Bancos.GDG Trojan

Posted by at No comments:

AdsStore Adware

Removing AdsStore
Categories: Adware,BHO,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\pcdbs.dll
[%WINDOWS%]\system\pcdbs.dll
[%SYSTEM%]\pcdbs.dll
[%WINDOWS%]\system\pcdbs.dll

How to detect AdsStore:

Files:
[%SYSTEM%]\pcdbs.dll
[%WINDOWS%]\system\pcdbs.dll
[%SYSTEM%]\pcdbs.dll
[%WINDOWS%]\system\pcdbs.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{00010a21-b924-4cd6-893c-eea1071ae8b3}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00010a21-b924-4cd6-893c-eea1071ae8b3}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00010a21-b924-4cd6-893c-eea1071ae8b3}

Removing AdsStore:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing NewAds Adware

Posted by at No comments:

Dabobra.gb Trojan

Removing Dabobra.gb
Categories: Trojan,Downloader
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\cmrrs.exe
[%SYSTEM%]\mccom.com
[%SYSTEM%]\cmrrs.exe
[%SYSTEM%]\mccom.com

How to detect Dabobra.gb:

Files:
[%SYSTEM%]\cmrrs.exe
[%SYSTEM%]\mccom.com
[%SYSTEM%]\cmrrs.exe
[%SYSTEM%]\mccom.com

Registry Keys:
HKEY_CURRENT_USER\cmrrs
HKEY_CURRENT_USER\mccom

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Dabobra.gb:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
VB.vh Backdoor Symptoms
Remove SillyDl.DJA Trojan

Posted by at No comments:

Tool.AVExp Trojan

Removing Tool.AVExp
Categories: Trojan,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.
Tool.AVExp Also known as:

[Kaspersky]VirTool.Win32.Avexp;
[Eset]VirTools.Win32/Avexp virus;
[F-Prot]virus construction tool;
[Panda]HackTool/Avexp.A
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\windows media player\iedll.exe
[%PROGRAM_FILES%]\windows media player\iedll.exe

How to detect Tool.AVExp:

Files:
[%PROGRAM_FILES%]\windows media player\iedll.exe
[%PROGRAM_FILES%]\windows media player\iedll.exe

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing Tool.AVExp:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing WordMacro.GoodNight Trojan
ZipItPro Adware Information

Posted by at No comments:

Zlob.Fam.Seekmo Toolbar Trojan

Removing Zlob.Fam.Seekmo Toolbar
Categories: Trojan,Popups
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware is the class of programs that place advertisements on your screen.
These may be in the form of pop-ups, pop-unders, advertisements embedded in programs,
advertisements placed on top of ads in web sites, or any other way the authors can
think of showing you an ad.

The pop-ups generally will not be stopped by pop-up stoppers, and often are
not dependent on your having Internet Explorer open.
They may show up when you are playing a game, writing a document, listening to music,
or anything else. Should you be surfing, the advertisements will often be related to
the web page you are viewing.
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\seekmo
[%PROGRAM_FILES%]\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll
[%PROGRAM_FILES%]\seekmo
[%PROGRAM_FILES%]\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll

How to detect Zlob.Fam.Seekmo Toolbar:

Files:
[%PROGRAM_FILES%]\seekmo
[%PROGRAM_FILES%]\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll
[%PROGRAM_FILES%]\seekmo
[%PROGRAM_FILES%]\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll

Folders:
[%PROGRAM_FILES%]\Seekmo
[%PROGRAM_FILES%]\Seekmo Programs
[%PROGRAM_FILES%]\SeekmoToolbar

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}
HKEY_CLASSES_ROOT\CLSID\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}
HKEY_CLASSES_ROOT\CLSID\{5CBE2611-C31B-401F-89BC-4CBB25E853D7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CBE2611-C31B-401F-89BC-4CBB25E853D7}

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Removing Zlob.Fam.Seekmo Toolbar:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
iGetNet.Natural.Language.Navigation BHO Removal
Ditul Trojan Information
Small.az Downloader Information
Remove Bancos.HLU Trojan
TheLocalSearch Adware Removal instruction

Posted by at No comments:

Fear.and.Hope Backdoor

Removing Fear.and.Hope
Categories: Backdoor,RAT
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
Fear.and.Hope Also known as:

[Kaspersky]Backdoor.VB.fp;
[McAfee]Generic BackDoor.b;
[F-Prot]security risk named W32/Winsfdoor.A,security risk or a "backdoor" program;
[Panda]Bck/BlackDream;
[Computer Associates]Backdoor/BlackDream.A!Server,Win32.BlackDream

How to detect Fear.and.Hope:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Fear.and.Hope:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Armax Trojan
Mut.int Trojan Removal
Remove Generic.dk Downloader
Winsdoor Trojan Information
AdGoblin.foontext Hijacker Information

Posted by at No comments:

Zlob.Fam.PrivateVideo Trojan

Removing Zlob.Fam.PrivateVideo
Categories: Trojan,Popups
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware is the class of programs that place advertisements on your screen.
These may be in the form of pop-ups, pop-unders, advertisements embedded in programs,
advertisements placed on top of ads in web sites, or any other way the authors can
think of showing you an ad.

The pop-ups generally will not be stopped by pop-up stoppers, and often are
not dependent on your having Internet Explorer open.
They may show up when you are playing a game, writing a document, listening to music,
or anything else. Should you be surfing, the advertisements will often be related to
the web page you are viewing.

How to detect Zlob.Fam.PrivateVideo:

Folders:
[%PROGRAMS%]\PrivateVideo
[%PROGRAM_FILES%]\PrivateVideo

Registry Keys:
HKEY_CLASSES_ROOT\privatevideo
HKEY_CURRENT_USER\Software\PrivateVideo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PrivateVideo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrivateVideo

Removing Zlob.Fam.PrivateVideo:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Zlob.Fam.VidCodecs Trojan
Midnight Trojan Symptoms
Remove OnlineHelpmate Ransomware
Sneak RAT Removal instruction
Download Plugin Trojan Symptoms

Posted by at No comments:

CFour RAT

Removing CFour
Categories: RAT
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\c4.exe
[%WINDOWS%]\system\c4.exe

How to detect CFour:

Files:
[%WINDOWS%]\system\c4.exe
[%WINDOWS%]\system\c4.exe

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing CFour:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Win32.Startpage.FZ.DLL.Tro Trojan

Posted by at No comments:

FMSZ Trojan

Removing FMSZ
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\fmsz.exe
[%WINDOWS%]\fmsz.exe

How to detect FMSZ:

Files:
[%WINDOWS%]\fmsz.exe
[%WINDOWS%]\fmsz.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing FMSZ:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Win32.CWS Downloader Removal instruction
SafeStrip Ransomware Information
Delemon Trojan Cleaner

Posted by at No comments:
Subscribe to: Posts (Atom)