Wednesday, November 19, 2008

SpywareSolver Ransomware

Removing SpywareSolver
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.

If the victim opens/executes the attachment, the program encrypts
a number of files on the victim's computer. A ransom note is then left behind for the victim.

The victim will be unable to open the encrypted files without the correct decryption key.
Once the ransom demanded in the ransom note is paid, the cracker may (or may not)
send the decryption key, enabling decryption of the "kidnapped" files.

How to detect SpywareSolver:

Folders:
[%COMMON_PROGRAMS%]\SpywareSolver
[%PROGRAM_FILES%]\SpywareSolver

Registry Keys:
HKEY_CURRENT_USER\software\noadware4
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spyware solver_is1

Removing SpywareSolver:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
gamespy.com Tracking Cookie Information
CyberSpy.build RAT Removal instruction

Posted by at No comments:

Deltabar.Deltaclick BHO

Removing Deltabar.Deltaclick
Categories: BHO,Toolbar
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\deltaclick.dll
[%WINDOWS%]\system\deltaclick.dll
[%SYSTEM%]\deltaclick.dll
[%WINDOWS%]\system\deltaclick.dll

How to detect Deltabar.Deltaclick:

Files:
[%SYSTEM%]\deltaclick.dll
[%WINDOWS%]\system\deltaclick.dll
[%SYSTEM%]\deltaclick.dll
[%WINDOWS%]\system\deltaclick.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{0fc817c2-3b45-11d4-8340-0050da825906}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{0fc817c2-3b45-11d4-8340-0050da825906}
HKEY_LOCAL_MACHINE\software\classes\clsid\{0fc817c2-3b45-11d4-8340-0050da825906}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0fc817c2-3b45-11d4-8340-0050da825906}

Removing Deltabar.Deltaclick:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Vxidl.AOU Trojan Removal
Remove ZToolbar Adware
Removing Crinf Trojan
Removing ShowPassword Trojan
Spax Trojan Removal

Posted by at No comments:

PCSentinel.SmokingGun Spyware

Removing PCSentinel.SmokingGun
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\PC Smoking Gun.lnk
[%DESKTOP%]\Smoking Gun!.lnk
[%DESKTOP%]\PC Smoking Gun.lnk
[%DESKTOP%]\Smoking Gun!.lnk

How to detect PCSentinel.SmokingGun:

Files:
[%DESKTOP%]\PC Smoking Gun.lnk
[%DESKTOP%]\Smoking Gun!.lnk
[%DESKTOP%]\PC Smoking Gun.lnk
[%DESKTOP%]\Smoking Gun!.lnk

Folders:
[%PROGRAMS%]\PC Sentinel's Smoking Gun!
[%PROGRAMS%]\PC Sentinel's Smoking Gun! 2.0.1
[%PROGRAMS%]\PC Sentinel's Smoking Gun! 2.0.3
[%PROGRAMS%]\PC Sentinel's Smoking Gun! 2.0.4
[%PROGRAMS%]\PCSentinel's Smoking Gun!
[%PROGRAM_FILES%]\PCS\PC Sentinel's Smoking Gun!

Registry Keys:
HKEY_CURRENT_USER\software\pcs\pc sentinel's smoking gun!
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pcsmokinggun.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pcsmokinggun1.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\smokinggun.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pc sentinel's smoking gun!
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pc sentinel's smoking gun! 2.0.1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pc sentinel's smoking gun! 2.0.3
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pc sentinel's smoking gun! 2.0.4
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pcsentinel's smoking gun!
HKEY_LOCAL_MACHINE\software\pcsentinel software
HKEY_LOCAL_MACHINE\software\pcs\pc sentinel's smoking gun!

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing PCSentinel.SmokingGun:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Choprox Backdoor Cleaner

Posted by at No comments:

Cufrab Downloader

Removing Cufrab
Categories: Downloader
Trojans-downloaders downloads and installs new malware or adware on the computer.

Cufrab Also known as:

[Kaspersky]Email-Worm.Win32.Zhelatin.gk;
[McAfee]Downloader-ASH.gen.b;
[Other]Troj/Krone-A,Trojan:Win32/Tibs.DE
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\kr_done1
[%SYSTEM%]\kr_done1

How to detect Cufrab:

Files:
[%SYSTEM%]\kr_done1
[%SYSTEM%]\kr_done1

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft
HKEY_LOCAL_MACHINE\software\microsoft
HKEY_LOCAL_MACHINE\software\microsoft
HKEY_LOCAL_MACHINE\software\microsoft
HKEY_LOCAL_MACHINE\software\microsoft
HKEY_LOCAL_MACHINE\software\microsoft
HKEY_LOCAL_MACHINE\software\microsoft
HKEY_LOCAL_MACHINE\software\microsoft
HKEY_LOCAL_MACHINE\software\microsoft

Removing Cufrab:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.AVLU Trojan Information
SCN Toolbar Removal instruction
Removing Starware.Recipe Hijacker

Posted by at No comments:

WinTools Adware

Removing WinTools
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES_COMMON%]\WinTools\WSup.exe
[%PROGRAM_FILES_COMMON%]\WinTools\WToolsA.exe
[%PROGRAM_FILES_COMMON%]\WinTools\WToolsB.dll
[%PROFILE_TEMP%]\tb_setup.exe
[%PROGRAM_FILES_COMMON%]\WinTools\WSup.exe
[%PROGRAM_FILES_COMMON%]\WinTools\WToolsA.exe
[%PROGRAM_FILES_COMMON%]\WinTools\WToolsB.dll
[%PROFILE_TEMP%]\tb_setup.exe

How to detect WinTools:

Files:
[%PROGRAM_FILES_COMMON%]\WinTools\WSup.exe
[%PROGRAM_FILES_COMMON%]\WinTools\WToolsA.exe
[%PROGRAM_FILES_COMMON%]\WinTools\WToolsB.dll
[%PROFILE_TEMP%]\tb_setup.exe
[%PROGRAM_FILES_COMMON%]\WinTools\WSup.exe
[%PROGRAM_FILES_COMMON%]\WinTools\WToolsA.exe
[%PROGRAM_FILES_COMMON%]\WinTools\WToolsB.dll
[%PROFILE_TEMP%]\tb_setup.exe

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{87067f04-de4c-4688-bc3c-4fcf39d609e7}
HKEY_CLASSES_ROOT\CLSID\{87766247-311C-43B4-8499-3D5FEC94A183}
HKEY_CLASSES_ROOT\clsid\{a8deb4a5-d9ef-4d21-b4f6-921475004e7d}
HKEY_CLASSES_ROOT\wtoolsb.resprotocol
HKEY_CURRENT_USER\software\wintools
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\wintools
HKEY_LOCAL_MACHINE\software\wintools
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wintoolssvc
HKEY_CLASSES_ROOT\clsid\{87766247-311c-43b4-8499-3d5fec94a183}
HKEY_CLASSES_ROOT\wsg.wsgobj

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservicesonce

Removing WinTools:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Agent.asu Trojan Cleaner
Remove CashDialer Adware
Lizards.Tail Spyware Removal
CWS.Svcinit Trojan Removal instruction
Remove BettInet Trojan

Posted by at No comments:

PCSentinel.Busted Spyware

Removing PCSentinel.Busted
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\PC Busted.lnk
[%DESKTOP%]\PC Busted.lnk

How to detect PCSentinel.Busted:

Files:
[%DESKTOP%]\PC Busted.lnk
[%DESKTOP%]\PC Busted.lnk

Folders:
[%PROGRAMS%]\PC Sentinel's Busted!
[%PROGRAMS%]\PC Sentinel's Busted! 2.0.3
[%PROGRAM_FILES%]\pcsentinel software

Registry Keys:
HKEY_CURRENT_USER\software\pcsentinel software
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pcbusted1.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pc sentinel's busted!
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pc sentinel's busted! 2.0.3
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_sentinellistener
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_snlst2.0.3
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\snlst2.0.3
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sentinellistener
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\snlst2.0.3

Removing PCSentinel.Busted:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
AgoBot.ST Worm Cleaner
Offer.Companion Adware Cleaner
Removing Rbot.GHJ Worm
Remove Sex.Cams Adware

Posted by at No comments:

Adware.Accoona Adware

Removing Adware.Accoona
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Adware.Accoona Also known as:

[McAfee]Adware-Accoona
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\asearchassist.dll
[%PROGRAM_FILES%]\filesubmit\simaquariumv200.exe\atoolbar400005.exe
[%PROFILE_TEMP%]\SARemove2.exe
[%PROFILE_TEMP%]\TBQuiesceKB.exe
[%PROFILE_TEMP%]\asearchassist.dll
[%PROGRAM_FILES%]\filesubmit\simaquariumv200.exe\atoolbar400005.exe
[%PROFILE_TEMP%]\SARemove2.exe
[%PROFILE_TEMP%]\TBQuiesceKB.exe

How to detect Adware.Accoona:

Files:
[%PROFILE_TEMP%]\asearchassist.dll
[%PROGRAM_FILES%]\filesubmit\simaquariumv200.exe\atoolbar400005.exe
[%PROFILE_TEMP%]\SARemove2.exe
[%PROFILE_TEMP%]\TBQuiesceKB.exe
[%PROFILE_TEMP%]\asearchassist.dll
[%PROGRAM_FILES%]\filesubmit\simaquariumv200.exe\atoolbar400005.exe
[%PROFILE_TEMP%]\SARemove2.exe
[%PROFILE_TEMP%]\TBQuiesceKB.exe

Folders:
[%PROGRAM_FILES%]\accoona

Registry Keys:
HKEY_CLASSES_ROOT\abar.abarband
HKEY_CLASSES_ROOT\abar.abarband.1
HKEY_CLASSES_ROOT\asearchassist.adefaultsearch
HKEY_CLASSES_ROOT\asearchassist.adefaultsearch.1
HKEY_CLASSES_ROOT\clsid\{364b6276-c6c1-40b6-a6d7-6c48871fd707}
HKEY_CLASSES_ROOT\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208}
HKEY_CLASSES_ROOT\interface\{6c8ab177-7b09-4f5c-9e6d-82eaa765430c}
HKEY_CLASSES_ROOT\interface\{7ed983c3-faac-400c-bbd4-f519d74ff188}
HKEY_CLASSES_ROOT\typelib\{21f022c8-c045-4555-8a90-651e6a3dc6c6}
HKEY_CLASSES_ROOT\typelib\{ea3956d2-ec38-41ab-b601-47aa281e4952}
HKEY_LOCAL_MACHINE\software\accoona
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944864A5-3916-46E2-96A9-A2E84F3F1208}
HKEY_CLASSES_ROOT\clsid\{944864a5-3916-46e2-96a9-a2e84f3f1208}
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\&accoona toolbar search
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}

Registry Values:
HKEY_CLASSES_ROOT\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}
HKEY_CLASSES_ROOT\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}
HKEY_CLASSES_ROOT\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}
HKEY_CLASSES_ROOT\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}
HKEY_CLASSES_ROOT\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}
HKEY_CLASSES_ROOT\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}
HKEY_CLASSES_ROOT\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}
HKEY_CLASSES_ROOT\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}
HKEY_CLASSES_ROOT\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}
HKEY_CLASSES_ROOT\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}
HKEY_CLASSES_ROOT\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}
HKEY_CLASSES_ROOT\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}
HKEY_CLASSES_ROOT\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}
HKEY_CLASSES_ROOT\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}
HKEY_CLASSES_ROOT\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}
HKEY_CLASSES_ROOT\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}
HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks\{944864a5-3916-46e2-96a9-a2e84f3f1208}
HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks\{944864a5-3916-46e2-96a9-a2e84f3f1208}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\accoona search assistant
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\accoona search assistant
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\accoona search assistant
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\accoona search assistant
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\accoona search assistant
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\accoona search assistant
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\accoona search assistant
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\accoona search assistant
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\accoona search assistant
HKEY_CLASSES_ROOT\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}
HKEY_CLASSES_ROOT\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}
HKEY_CLASSES_ROOT\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}
HKEY_CLASSES_ROOT\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}
HKEY_CLASSES_ROOT\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}
HKEY_CLASSES_ROOT\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}
HKEY_CLASSES_ROOT\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}
HKEY_CLASSES_ROOT\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}
HKEY_CLASSES_ROOT\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}
HKEY_CLASSES_ROOT\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}
HKEY_CLASSES_ROOT\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}
HKEY_CLASSES_ROOT\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}
HKEY_CLASSES_ROOT\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\accoona search assistant
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\accoona search assistant
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\accoona search assistant
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\accoona search assistant
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\accoona search assistant
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\accoona search assistant
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\accoona search assistant
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\accoona search assistant
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\accoona search assistant
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\accoona toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\accoona toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\accoona toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\accoona toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\accoona toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\accoona toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\accoona toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\accoona toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\accoona toolbar

Removing Adware.Accoona:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
BargainBuddy Adware Cleaner

Posted by at No comments:

Fenha Trojan

Removing Fenha
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Fenha Also known as:

[Kaspersky]Trojan.Win32.Favadd,Trojan.win32.Favadd.o;
[McAfee]AdClicker-CT;
[Other]Win32/Fenha,Win32/Fenha!generic,Adware.AdShooter
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\sfita.exe
[%WINDOWS%]\sfita.exe

How to detect Fenha:

Files:
[%WINDOWS%]\sfita.exe
[%WINDOWS%]\sfita.exe

Removing Fenha:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Frethog.AEY Trojan
PS2.Emulator Trojan Removal
Removing EasyBar Toolbar

Posted by at No comments:

Ultimate.Cleaner Ransomware

Removing Ultimate.Cleaner
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.

If the victim opens/executes the attachment, the program encrypts
a number of files on the victim's computer. A ransom note is then left behind for the victim.

The victim will be unable to open the encrypted files without the correct decryption key.
Once the ransom demanded in the ransom note is paid, the cracker may (or may not)
send the decryption key, enabling decryption of the "kidnapped" files.
Ultimate.Cleaner Also known as:

[Kaspersky]FraudTool.Win32.UltimateDefender.b;
[McAfee]New Malware.ca;
[F-Prot]W32/SelfStarterInternetTrojan!Maximus;
[Other]Downloader.MisleadApp,Program:Win32/UltimateCleaner
Visible Symptoms:
Files in system folders:
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Start UltimateCleaner 2007.lnk
[%DESKTOP%]\Ultimate Cleaner 2007.lnk
[%PROGRAM_FILES%]\ucleaner_setup.exe
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Start UltimateCleaner 2007.lnk
[%DESKTOP%]\Ultimate Cleaner 2007.lnk
[%PROGRAM_FILES%]\ucleaner_setup.exe

How to detect Ultimate.Cleaner:

Files:
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Start UltimateCleaner 2007.lnk
[%DESKTOP%]\Ultimate Cleaner 2007.lnk
[%PROGRAM_FILES%]\ucleaner_setup.exe
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Start UltimateCleaner 2007.lnk
[%DESKTOP%]\Ultimate Cleaner 2007.lnk
[%PROGRAM_FILES%]\ucleaner_setup.exe

Folders:
[%APPDATA%]\Ultimate Cleaner
[%COMMON_PROGRAMS%]\Ultimate Cleaner
[%COMMON_PROGRAMS%]\UltimateCleaner 2007
[%PROGRAM_FILES%]\Ultimate Cleaner

Registry Keys:
HKEY_CLASSES_ROOT\allfilesystemobjects\shellex\contextmenuhandlers\ucsecuredelete
HKEY_CLASSES_ROOT\clsid\{01d8bb38-9890-4595-92d3-df6ec36cee48}
HKEY_CLASSES_ROOT\clsid\{0e89d037-44cb-429a-a409-63af700285c2}
HKEY_CLASSES_ROOT\clsid\{2fd61988-fe18-466c-9cbe-435764b90806}
HKEY_CLASSES_ROOT\clsid\{3a59f877-9178-4c20-9221-c8042ba351d2}
HKEY_CLASSES_ROOT\clsid\{55b7b292-c397-4aba-9870-263c7766ac0b}
HKEY_CLASSES_ROOT\clsid\{55d2bf17-496c-4ae4-988e-d127bad9353c}
HKEY_CLASSES_ROOT\clsid\{645ff040-5081-101b-9f08-00aa002f954e}\shellex\contextmenuhandlers\ucsecuredelete
HKEY_CURRENT_USER\software\ultimate cleaner
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ultimate cleaner
HKEY_LOCAL_MACHINE\software\ultimate cleaner

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\approved
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\approved
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\approved
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\approved
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\approved

Removing Ultimate.Cleaner:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Snap Toolbar Removal
Search123 Adware Information
Crontel.Ltd Adware Information
Removing Generic.Delphi Trojan

Posted by at No comments:

Message.Spy Spyware

Removing Message.Spy
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.

How to detect Message.Spy:

Folders:
[%PROGRAMS%]\Zemerick Software\Message Spy
[%PROGRAM_FILES%]\msaolim

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Message.Spy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
CWS.Svcinit Trojan Cleaner
Remove Myss Trojan
Espionage Spyware Removal
Removing Superlogy Adware

Posted by at No comments:

RetAd.PU Trojan

Removing RetAd.PU
Categories: Trojan,Downloader
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Trojans-downloaders downloads and installs new malware or adware on the computer.

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\retadpu1000106.exe
[%WINDOWS%]\retadpu1000140.exe
[%WINDOWS%]\retadpu1000272.exe
[%WINDOWS%]\retadpu1000106.exe
[%WINDOWS%]\retadpu1000140.exe
[%WINDOWS%]\retadpu1000272.exe

How to detect RetAd.PU:

Files:
[%WINDOWS%]\retadpu1000106.exe
[%WINDOWS%]\retadpu1000140.exe
[%WINDOWS%]\retadpu1000272.exe
[%WINDOWS%]\retadpu1000106.exe
[%WINDOWS%]\retadpu1000140.exe
[%WINDOWS%]\retadpu1000272.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing RetAd.PU:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
TrojanDownloader.Win32.Agent Trojan Removal
Pigeon.EDU Trojan Removal instruction

Posted by at No comments:

Rbot.ZZ Worm

Removing Rbot.ZZ
Categories: Worm
Worms can be classified by installation method, launch method and finally according
to characteristics standard to all malware: polymorphism, stealth etc.

Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.

How to detect Rbot.ZZ:

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Removing Rbot.ZZ:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Direct.Revenue Adware Removal
Vxidl.ADL Trojan Symptoms

Posted by at No comments:

AdManager Adware

Removing AdManager
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

How to detect AdManager:

Folders:
[%PROGRAM_FILES%]\admanager controller

Registry Keys:
HKEY_LOCAL_MACHINE\software\admanager controller
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\admanager controller

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing AdManager:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Calego Trojan Removal instruction
Zlob.Fam.Internet Explorer Secure Plug-in Trojan Removal

Posted by at No comments:

ItEye RAT

Removing ItEye
Categories: RAT
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\notpad.exe
[%WINDOWS%]\system\notpad.exe

How to detect ItEye:

Files:
[%WINDOWS%]\system\notpad.exe
[%WINDOWS%]\system\notpad.exe

Removing ItEye:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
GotoBar Hijacker Information

Posted by at No comments:

ZapSpot Adware

Removing ZapSpot
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Visible Symptoms:
Files in system folders:
[%APPDATA%]\ZapSpot\Games\{1DCE3B3F-5F75-41ef-9F14-A1D5085B3CD8}\{1DCE3B3F-5F75-41ef-9F14-A1D5085B3CD8}.gam
[%APPDATA%]\ZapSpot\System\Etc\P3OfrMgr.exe
[%APPDATA%]\ZapSpot\System\Skins\default.skn
[%APPDATA%]\ZapSpot\ZapSpot.exe
[%PROGRAMS%]\accessories\games\zapspot.lnk
[%PROGRAMS%]\zapspot.lnk
[%APPDATA%]\ZapSpot\Games\{1DCE3B3F-5F75-41ef-9F14-A1D5085B3CD8}\{1DCE3B3F-5F75-41ef-9F14-A1D5085B3CD8}.gam
[%APPDATA%]\ZapSpot\System\Etc\P3OfrMgr.exe
[%APPDATA%]\ZapSpot\System\Skins\default.skn
[%APPDATA%]\ZapSpot\ZapSpot.exe
[%PROGRAMS%]\accessories\games\zapspot.lnk
[%PROGRAMS%]\zapspot.lnk

How to detect ZapSpot:

Files:
[%APPDATA%]\ZapSpot\Games\{1DCE3B3F-5F75-41ef-9F14-A1D5085B3CD8}\{1DCE3B3F-5F75-41ef-9F14-A1D5085B3CD8}.gam
[%APPDATA%]\ZapSpot\System\Etc\P3OfrMgr.exe
[%APPDATA%]\ZapSpot\System\Skins\default.skn
[%APPDATA%]\ZapSpot\ZapSpot.exe
[%PROGRAMS%]\accessories\games\zapspot.lnk
[%PROGRAMS%]\zapspot.lnk
[%APPDATA%]\ZapSpot\Games\{1DCE3B3F-5F75-41ef-9F14-A1D5085B3CD8}\{1DCE3B3F-5F75-41ef-9F14-A1D5085B3CD8}.gam
[%APPDATA%]\ZapSpot\System\Etc\P3OfrMgr.exe
[%APPDATA%]\ZapSpot\System\Skins\default.skn
[%APPDATA%]\ZapSpot\ZapSpot.exe
[%PROGRAMS%]\accessories\games\zapspot.lnk
[%PROGRAMS%]\zapspot.lnk

Folders:
[%APPDATA%]\zapspot
[%PROFILE%]\my documents\my zapspot
[%DESKTOP%]\zapspot.lnk
[%WINDOWS%]\application data\zapspot

Registry Keys:
HKEY_CLASSES_ROOT\zapspot.zml.1

Removing ZapSpot:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
YahooAssistant Toolbar Removal instruction
Visel Trojan Information

Posted by at No comments:

Doklin Trojan

Removing Doklin
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Doklin Also known as:

[Kaspersky]Trojan-Clicker.Win32.Small.kj,Packed.Win32.PolyCrypt.d;
[McAfee]AdClicker-EV;
[F-Prot]W32/Trojan.MHQ;
[Other]Win32/Doklin.T,Win32/Doklin!generic,WIn32/Doklin.AL,Win32/Doklin.AY,Trojan:Win32/Meredrop,Troj/DropRun-E,W32/PolyCrypt.A
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\service32.exe
[%WINDOWS%]\svchost.dll
[%PROFILE_TEMP%]\1.html.$$$
[%WINDOWS%]\sys32exploer.dll
[%WINDOWS%]\sysnet32.exe
[%WINDOWS%]\systempro32.dll
[%WINDOWS%]\service32.exe
[%WINDOWS%]\svchost.dll
[%PROFILE_TEMP%]\1.html.$$$
[%WINDOWS%]\sys32exploer.dll
[%WINDOWS%]\sysnet32.exe
[%WINDOWS%]\systempro32.dll

How to detect Doklin:

Files:
[%WINDOWS%]\service32.exe
[%WINDOWS%]\svchost.dll
[%PROFILE_TEMP%]\1.html.$$$
[%WINDOWS%]\sys32exploer.dll
[%WINDOWS%]\sysnet32.exe
[%WINDOWS%]\systempro32.dll
[%WINDOWS%]\service32.exe
[%WINDOWS%]\svchost.dll
[%PROFILE_TEMP%]\1.html.$$$
[%WINDOWS%]\sys32exploer.dll
[%WINDOWS%]\sysnet32.exe
[%WINDOWS%]\systempro32.dll

Registry Keys:
HKEY_CLASSES_ROOT\c3.bho3
HKEY_CLASSES_ROOT\c3.bho3.1
HKEY_CLASSES_ROOT\CLSID\{58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9}
HKEY_CLASSES_ROOT\interface\{35b576b9-5a0f-43d7-8174-2ac714dc3ad2}
HKEY_CLASSES_ROOT\typelib\{bbd0d9e0-ee99-4c66-ac1e-2e77d40fe7c9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9}
HKEY_CLASSES_ROOT\clsid\{58fb2cbb-c874-45fc-a1c9-b62cc9e3bed9}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{58fb2cbb-c874-45fc-a1c9-b62cc9e3bed9}

Registry Values:
HKEY_LOCAL_MACHINE\software\4f27v1d89m
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\4f27v1d89m
HKEY_LOCAL_MACHINE\software\4f27v1d89m
HKEY_LOCAL_MACHINE\software\4f27v1d89m
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run

Removing Doklin:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
TrojanSpy.Win32.VB.am Trojan Symptoms
Removing Fade Backdoor

Posted by at No comments:

Abetear Trojan

Removing Abetear
Categories: Trojan,Adware
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Abetear Also known as:

[Kaspersky]Trojan.Win32.Agent.aoy,Trojan.Win32.Agent.bck;
[F-Prot]W32/Trojan.CGOY;
[Other]Win32/Abetear.A,Trojan.Vundo,Trojan:Win32/Fotomoto.A,Win32/Abetear.B,W32/Agent.BUYH,Troj/Agent-FXL,Win32/Abetear.C,W32/Agent.BWQY,Win32/Abetear.G,Trojan:Win32/Agent.AGA,Troj/Bckdr-QJL,W32/Vundo.dam
Visible Symptoms:
Files in system folders:
[%APPDATA%]\tmp2.tmp.exe
[%APPDATA%]\tmp4.tmp.exe
[%SYSTEM%]\qwerty12.exe
[%APPDATA%]\tmp2.tmp.exe
[%APPDATA%]\tmp4.tmp.exe
[%SYSTEM%]\qwerty12.exe

How to detect Abetear:

Files:
[%APPDATA%]\tmp2.tmp.exe
[%APPDATA%]\tmp4.tmp.exe
[%SYSTEM%]\qwerty12.exe
[%APPDATA%]\tmp2.tmp.exe
[%APPDATA%]\tmp4.tmp.exe
[%SYSTEM%]\qwerty12.exe

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\domainservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_domainservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\domainservice

Removing Abetear:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
CWS Adware Information
Remove VBS.Renfil Trojan
HLLC.Borges Trojan Symptoms
Backdoor.LegendMir Trojan Information
BackDoor.CCT Backdoor Removal

Posted by at No comments:

Rshot Trojan

Removing Rshot
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Rshot Also known as:

[Other]Win32/Rshot.A,BKDR_RSHOT.F,Downloader
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\MSATL32.exe
[%WINDOWS%]\MSATL32.exe

How to detect Rshot:

Files:
[%WINDOWS%]\MSATL32.exe
[%WINDOWS%]\MSATL32.exe

Removing Rshot:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Adware.DirectIP Adware
Antigen Trojan Removal
Agent.jt Downloader Removal
RFPoison Trojan Symptoms
Depees Trojan Information

Posted by at No comments:

Virus.Kill Adware

Removing Virus.Kill
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:
[%DESKTOP%]\vksetup_m.exe
[%DESKTOP%]\vksetup_m.exe

How to detect Virus.Kill:

Files:
[%DESKTOP%]\vksetup_m.exe
[%DESKTOP%]\vksetup_m.exe

Folders:
[%PROGRAM_FILES%]\Virus-kill

Registry Keys:
HKEY_CURRENT_USER\software\virus-kill
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\virus-kill

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Virus.Kill:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Win32.PWS.Barrio.DLL Trojan Removal
Bancos.IFR Trojan Removal
Removing Peanut.Brittle.Beta RAT
Removing JS.SelfExecHtml Spyware
Remove Internet.Optimizer Adware

Posted by at No comments:

MicroJoiner Trojan

Removing MicroJoiner
Categories: Trojan,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.
MicroJoiner Also known as:

[Kaspersky]TrojanDropper.Win32.MultiJoiner.11,TrojanDropper.Win32.MultiJoiner.13.b,Trojan-Dropper.Win32.MicroJoiner.13.h;
[McAfee]MultiDropper-PO;
[Panda]Trojan Horse.LC,Trojan Horse,Hacktool Program,Trj/Multijoiner.A;
[Computer Associates]Win32.MicroJoiner.A;
[Other]Win32/MicroJoiner!generic,Trojan.Goldun
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES_COMMON%]\updmgr\rvupdmgr.exe
[%PROGRAM_FILES_COMMON%]\updmgr\simgr.exe
[%PROGRAM_FILES_COMMON%]\updmgr\rvupdmgr.exe
[%PROGRAM_FILES_COMMON%]\updmgr\simgr.exe

How to detect MicroJoiner:

Files:
[%PROGRAM_FILES_COMMON%]\updmgr\rvupdmgr.exe
[%PROGRAM_FILES_COMMON%]\updmgr\simgr.exe
[%PROGRAM_FILES_COMMON%]\updmgr\rvupdmgr.exe
[%PROGRAM_FILES_COMMON%]\updmgr\simgr.exe

Removing MicroJoiner:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SpyPartner Spyware Removal
Near.Mohists RAT Removal
Trufout Trojan Cleaner
Znhatnnh Trojan Information

Posted by at No comments:

Small.chz Trojan

Removing Small.chz
Categories: Trojan,Hijacker,Downloader
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\wuau32.exe
[%WINDOWS%]\osaupd.exe
[%SYSTEM%]\wuau32.exe
[%WINDOWS%]\osaupd.exe

How to detect Small.chz:

Files:
[%SYSTEM%]\wuau32.exe
[%WINDOWS%]\osaupd.exe
[%SYSTEM%]\wuau32.exe
[%WINDOWS%]\osaupd.exe

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{1ca7dbaf-b066-4554-977e-5cebb7fa59c8}

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows

Removing Small.chz:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Aunps Adware
Removing Reign Trojan
Bancos.FGE Trojan Symptoms
BlackStone Trojan Removal instruction
DIEssgol Trojan Symptoms

Posted by at No comments:

Adware.Borlan.dr Trojan

Removing Adware.Borlan.dr
Categories: Trojan,Adware
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Adware.Borlan.dr Also known as:

[McAfee]Adware-Borlan.dr

How to detect Adware.Borlan.dr:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{44b464f6-155d-4b7e-a931-ab7535bb5a90}
HKEY_CLASSES_ROOT\clsid\{6961ae42-b9c8-45ae-bfc0-fb25f56b220b}
HKEY_CLASSES_ROOT\clsid\{a30c6dc3-1014-4a1e-8141-1d4cfdaecf40}
HKEY_CLASSES_ROOT\clsid\{ee8829f8-c3c6-4326-9232-7d95c0a66582}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6961ae42-b9c8-45ae-bfc0-fb25f56b220b}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ee8829f8-c3c6-4326-9232-7d95c0a66582}

Removing Adware.Borlan.dr:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Toledorz Backdoor Removal
Generator.aaa Trojan Symptoms

Posted by at No comments:
Subscribe to: Posts (Atom)