Upl Ransomware

Removing Upl
Categories: Ransomware
The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.

---

Upl Also known as:

[McAfee]Generic.BackDoor.t;
[Other]Backdoor.Trojan

How to detect Upl:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{ad4a14f9-1ba1-49ec-b721-e1d79ad768f6}
HKEY_CLASSES_ROOT\interface\{4bad4299-c643-4826-8e1c-690f674401c5}
HKEY_CLASSES_ROOT\typelib\{ffaa7fcd-af24-4437-97f4-db3f1228fb14}
HKEY_CLASSES_ROOT\upl.upg
HKEY_CLASSES_ROOT\upl.upg.1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ad4a14f9-1ba1-49ec-b721-e1d79ad768f6}

Removing Upl:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
ICQ.GNotify Trojan Information
Bancos.GUV Trojan Symptoms
Removing anm.co.uk Tracking Cookie
Removing CIA.boot Trojan
Remove Assasins.Bot DoS

CWS.DomPeek Hijacker

Removing CWS.DomPeek
Categories: Hijacker
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.

How to detect CWS.DomPeek:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{a0ed918d-b8e6-4c3d-bd15-1db1ae9a5dd3}
HKEY_CLASSES_ROOT\typelib\{64bfae89-da25-41b1-a349-88032cda7f88}
HKEY_CLASSES_ROOT\wtlbass.vdomp
HKEY_CLASSES_ROOT\wtlbass.vdomp.1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{a0ed918d-b8e6-4c3d-bd15-1db1ae9a5dd3}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\wieassistant

Removing CWS.DomPeek:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Remove OfferAgent Adware

Small.an Trojan

Removing Small.an
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

---

Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES_COMMON%]\java\breg.exe
[%PROGRAM_FILES_COMMON%]\java\breg.exe

How to detect Small.an:

Files:
[%PROGRAM_FILES_COMMON%]\java\breg.exe
[%PROGRAM_FILES_COMMON%]\java\breg.exe

Removing Small.an:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Delf.er Backdoor Removal instruction
Removing Dope.Wars Adware
Delf.ci Trojan Cleaner
Lookup Adware Information

Wineatea Downloader

Removing Wineatea
Categories: Downloader
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

---

Wineatea Also known as:

[Kaspersky]Trojan-Clicker.Win32.Vb.pc,Trojan-Downloader.Win32.Vb.asj,Trojan-Clicker.Win32.VB.pc;
[Other]TROJ_VB.CEJ,TROJ_VB.CEG,TrojanClicker:Win32.VB!DFF2,Trojan.Adclicker,TrojanClicker:Win32/VB!4A6C

How to detect Wineatea:

Registry Keys:
HKEY_LOCAL_MACHINE\software\wildmedia

Removing Wineatea:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Loader Downloader Information
BlowSearch Adware Symptoms
Xitami.win95 DoS Symptoms
Serveme Backdoor Information

TrojanDownloader.Win32.Esepor Trojan

Removing TrojanDownloader.Win32.Esepor
Categories: Trojan,Adware,Downloader
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

---

TrojanDownloader.Win32.Esepor Also known as:

[Kaspersky]TrojanDownloader.Win32.Esepor.a;
[Panda]Adware/Xplugin,Trojan Horse

---

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\tksrv98.exe
[%SYSTEM%]\tmksrvu.exe
[%SYSTEM%]\tksrv98.exe
[%SYSTEM%]\tmksrvu.exe

How to detect TrojanDownloader.Win32.Esepor:

Files:
[%SYSTEM%]\tksrv98.exe
[%SYSTEM%]\tmksrvu.exe
[%SYSTEM%]\tksrv98.exe
[%SYSTEM%]\tmksrvu.exe

Removing TrojanDownloader.Win32.Esepor:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
SillyDl.AZG Trojan Removal instruction
Pigeon.EYQ Trojan Removal
Removing Un.named Trojan
Removing SearchTool Adware
ZyncosMark Adware Information

MalwareDestructor Ransomware

Removing MalwareDestructor
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe software that encrypts the data
belonging to an individual on a computer, demanding a ransom for its restoration.
Although the field known as cryptovirology predates the term "ransomware".

---

Visible Symptoms:
Files in system folders:
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\MalwareDestructor 4.5.lnk
[%DESKTOP%]\MalwareDestructor 4.5.lnk
[%STARTMENU%]\MalwareDestructor 4.5.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\MalwareDestructor 4.5.lnk
[%DESKTOP%]\MalwareDestructor 4.5.lnk
[%STARTMENU%]\MalwareDestructor 4.5.lnk

How to detect MalwareDestructor:

Files:
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\MalwareDestructor 4.5.lnk
[%DESKTOP%]\MalwareDestructor 4.5.lnk
[%STARTMENU%]\MalwareDestructor 4.5.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\MalwareDestructor 4.5.lnk
[%DESKTOP%]\MalwareDestructor 4.5.lnk
[%STARTMENU%]\MalwareDestructor 4.5.lnk

Folders:
[%PROGRAM_FILES%]\MalwareDestructor
[%PROGRAMS%]\MalwareDestructor

Registry Keys:
HKEY_CLASSES_ROOT\appid\malwaredestruct.exe
HKEY_CLASSES_ROOT\clsid\{a301fab7-0853-9f4d-ba0d-be2f421e5a18}
HKEY_CLASSES_ROOT\clsid\{d0367d41-1c19-4e98-8f5d-006213c5b1bb}
HKEY_CLASSES_ROOT\interface\{4ed5e198-e576-4676-93b8-2c401d1a67d0}
HKEY_CLASSES_ROOT\malwaredestruct.server
HKEY_CLASSES_ROOT\malwaredestruct.server.1
HKEY_CLASSES_ROOT\typelib\{f8ff4547-4fa4-4fea-b689-7190c2a40364}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\malwaredestructor
HKEY_LOCAL_MACHINE\software\malwaredestructor
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\malwaredestructor
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\malwaredestructor

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing MalwareDestructor:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
JS.Puzzle Trojan Removal
Automatic.Screen.Observer Spyware Removal instruction
Stealth.Keyboard.Interceptor.Professional Spyware Cleaner
QZap103 Trojan Removal

Fucoudbg Trojan

Removing Fucoudbg
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

How to detect Fucoudbg:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{acadabaf-1000-0010-8000-10aa006d2ea4}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks

Removing Fucoudbg:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Formov Trojan Removal instruction
Pigeon.AVLL Trojan Removal instruction
SillyDl.CQY Trojan Cleaner
Cri.Cri Trojan Cleaner

Servsax Trojan

Removing Servsax
Categories: Trojan,Spyware,Backdoor
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

---

Servsax Also known as:

[Kaspersky]TrojanSpy.Win32.Delf.bk,TrojanSpy.Win32.KeyLogger.c;
[Panda]Trojan Horse;
[Computer Associates]Backdoor/Servsax.A!Server,Win32.Servsax

---

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\inetsxa.dll
[%SYSTEM%]\reshl32.lib
[%SYSTEM%]\srvexc.exe
[%SYSTEM%]\inetsxa.dll
[%SYSTEM%]\reshl32.lib
[%SYSTEM%]\srvexc.exe

How to detect Servsax:

Files:
[%SYSTEM%]\inetsxa.dll
[%SYSTEM%]\reshl32.lib
[%SYSTEM%]\srvexc.exe
[%SYSTEM%]\inetsxa.dll
[%SYSTEM%]\reshl32.lib
[%SYSTEM%]\srvexc.exe

Folders:
[%PROGRAMS%]\iipwr package
[%PROGRAM_FILES%]\iipwr package

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{b91d4568-d492-11d3-8021-0010e3b966ce}
HKEY_CLASSES_ROOT\emmanuel.simplednsclient
HKEY_CLASSES_ROOT\emmanuel.simplednsclient.1
HKEY_CLASSES_ROOT\interface\{b91d4567-d492-11d3-8021-0010e3b966ce}
HKEY_CLASSES_ROOT\typelib\{b91d4558-d492-11d3-8021-0010e3b966ce}
HKEY_LOCAL_MACHINE\software\iipwr.com\iipwr package
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\iipwr package
HKEY_LOCAL_MACHINE\software\pwinwrtt

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Servsax:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Command.and.Control RAT Cleaner
Removing Itavir Trojan
Family.Cyber.Alert Spyware Information

Agent.aq Backdoor

Removing Agent.aq
Categories: Backdoor
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

---

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\1092343543.dll
[%WINDOWS%]\1092343543.dll

How to detect Agent.aq:

Files:
[%WINDOWS%]\1092343543.dll
[%WINDOWS%]\1092343543.dll

Removing Agent.aq:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Warez Trojan Information
Remove WinSecureAv Ransomware

SearchSquire Adware

Removing SearchSquire
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

---

Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\b103.exe
[%WINDOWS%]\b103.exe
[%WINDOWS%]\Temp\b103.exe
[%PROFILE_TEMP%]\b103.exe
[%WINDOWS%]\b103.exe
[%WINDOWS%]\Temp\b103.exe

How to detect SearchSquire:

Files:
[%PROFILE_TEMP%]\b103.exe
[%WINDOWS%]\b103.exe
[%WINDOWS%]\Temp\b103.exe
[%PROFILE_TEMP%]\b103.exe
[%WINDOWS%]\b103.exe
[%WINDOWS%]\Temp\b103.exe

Removing SearchSquire:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Pigeon.AQZ Trojan Cleaner
TinyP Trojan Removal
Remove Glupak Trojan

Keylogger Trojan

Removing Keylogger
Categories: Trojan,Spyware,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.

---

Keylogger Also known as:

[Kaspersky]Trojan.PSW.KeyLogger.10,Trojan.Spy.MegaHard,TrojanSpy.Win32.DSKeyLogger,TrojanSpy.Win32.ZombKeyLog;
[McAfee]KeyLogger.c,KeyLogger.d;
[F-Prot]destructive program,security risk or a "backdoor" program;
[Panda]Trj/PSW.Keylog.1.0,Trojan Horse,Trojan Horse.LC,Trj/Spy.ZombKeyLog,Trj/Zombkey,Trj/Keylog.M;
[Computer Associates]Win32/Keylog.B!Trojan,Win32/MegaHard!Spy!Trojan,Win32/ZombKeyLog!Trojan,Win32/KeyLogger.n!Spy!Trojan,Win32/KeyLogger.f!Trojan,Win32.PSW.KeyLogger.10,Win32/KeyLogger.80384!DLL!Trojan,Win32.Forkey

---

Visible Symptoms:
Files in system folders:
[%DESKTOP%]\bpk.exe
[%DESKTOP%]\pk.bin
[%WINDOWS%]\643642kl.txt
[%WINDOWS%]\657523fg.txt
[%WINDOWS%]\GpSysHookDLL.dll
[%WINDOWS%]\keylogf.dll
[%DESKTOP%]\bpk.exe
[%DESKTOP%]\pk.bin
[%WINDOWS%]\643642kl.txt
[%WINDOWS%]\657523fg.txt
[%WINDOWS%]\GpSysHookDLL.dll
[%WINDOWS%]\keylogf.dll

How to detect Keylogger:

Files:
[%DESKTOP%]\bpk.exe
[%DESKTOP%]\pk.bin
[%WINDOWS%]\643642kl.txt
[%WINDOWS%]\657523fg.txt
[%WINDOWS%]\GpSysHookDLL.dll
[%WINDOWS%]\keylogf.dll
[%DESKTOP%]\bpk.exe
[%DESKTOP%]\pk.bin
[%WINDOWS%]\643642kl.txt
[%WINDOWS%]\657523fg.txt
[%WINDOWS%]\GpSysHookDLL.dll
[%WINDOWS%]\keylogf.dll

Folders:
[%PROGRAMS%]\auto keylogger
[%PROGRAM_FILES%]\auto keylogger

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\kl.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\auto keylogger
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\\auto keylogger

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\userassist\{75048700-ef1f-11d0-9888-006097deacf9}\count
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\userassist\{75048700-ef1f-11d0-9888-006097deacf9}\count
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\userassist\{75048700-ef1f-11d0-9888-006097deacf9}\count
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\userassist\{75048700-ef1f-11d0-9888-006097deacf9}\count
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\userassist\{75048700-ef1f-11d0-9888-006097deacf9}\count
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\settings\ina

Removing Keylogger:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
DrProtection Ransomware Symptoms

SillyDl.DHY Trojan

Removing SillyDl.DHY
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

---

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\Att.xpt
[%SYSTEM%]\ischot.exe
[%SYSTEM%]\mscheld.xpt
[%SYSTEM%]\MscheldB.exe
[%SYSTEM%]\MscheldBra.exe
[%SYSTEM%]\MscheldBra2.exe
[%SYSTEM%]\Mscheldncx.scr
[%SYSTEM%]\Mscheldork.scr
[%SYSTEM%]\msnnet.exe
[%SYSTEM%]\zt3.exe
[%WINDOWS%]\MscheldB.ocx
[%WINDOWS%]\MscheldBra.ocx
[%WINDOWS%]\MscheldBra2.ocx
[%WINDOWS%]\netstart.ocx
[%SYSTEM%]\Att.xpt
[%SYSTEM%]\ischot.exe
[%SYSTEM%]\mscheld.xpt
[%SYSTEM%]\MscheldB.exe
[%SYSTEM%]\MscheldBra.exe
[%SYSTEM%]\MscheldBra2.exe
[%SYSTEM%]\Mscheldncx.scr
[%SYSTEM%]\Mscheldork.scr
[%SYSTEM%]\msnnet.exe
[%SYSTEM%]\zt3.exe
[%WINDOWS%]\MscheldB.ocx
[%WINDOWS%]\MscheldBra.ocx
[%WINDOWS%]\MscheldBra2.ocx
[%WINDOWS%]\netstart.ocx

How to detect SillyDl.DHY:

Files:
[%SYSTEM%]\Att.xpt
[%SYSTEM%]\ischot.exe
[%SYSTEM%]\mscheld.xpt
[%SYSTEM%]\MscheldB.exe
[%SYSTEM%]\MscheldBra.exe
[%SYSTEM%]\MscheldBra2.exe
[%SYSTEM%]\Mscheldncx.scr
[%SYSTEM%]\Mscheldork.scr
[%SYSTEM%]\msnnet.exe
[%SYSTEM%]\zt3.exe
[%WINDOWS%]\MscheldB.ocx
[%WINDOWS%]\MscheldBra.ocx
[%WINDOWS%]\MscheldBra2.ocx
[%WINDOWS%]\netstart.ocx
[%SYSTEM%]\Att.xpt
[%SYSTEM%]\ischot.exe
[%SYSTEM%]\mscheld.xpt
[%SYSTEM%]\MscheldB.exe
[%SYSTEM%]\MscheldBra.exe
[%SYSTEM%]\MscheldBra2.exe
[%SYSTEM%]\Mscheldncx.scr
[%SYSTEM%]\Mscheldork.scr
[%SYSTEM%]\msnnet.exe
[%SYSTEM%]\zt3.exe
[%WINDOWS%]\MscheldB.ocx
[%WINDOWS%]\MscheldBra.ocx
[%WINDOWS%]\MscheldBra2.ocx
[%WINDOWS%]\netstart.ocx

Removing SillyDl.DHY:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Awax Trojan Information
TrojanDownloader.Win32.VB.aq Trojan Symptoms

123Mania Adware

Removing 123Mania
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

---

Visible Symptoms:
Files in system folders:
[%APPDATA%]\DownloadLegalMusic\DownloadLegalMusic.ico
[%APPDATA%]\DownloadLegalMusic\DownloadLegalMusicTMP.ico
[%APPDATA%]\MATRIX\FotosSexys\App.ico
[%APPDATA%]\MATRIX\FotosSexys\Conectado.ico
[%APPDATA%]\MATRIX\FotosSexys\Conectando.ico
[%APPDATA%]\MATRIX\FotosSexys\Desconectado.ico
[%PROFILE_TEMP%]\aplicacion.ico
[%PROFILE_TEMP%]\licencia.txt
[%PROFILE_TEMP%]\telefonos.txt
[%PROFILE_TEMP%]\textos.txt
[%DESKTOP%]\123downloadsuk.lnk
[%FAVORITES%]\123downloadsuk.lnk
[%PROFILE%]\start menu\123downloadsuk.lnk
[%PROFILE_TEMP%]\123downloadsuk.cab
[%PROFILE_TEMP%]\123downloadsuk.per
[%SYSTEM%]\123downloadsuk.lnk
[%SYSTEM%]\de42s.ico
[%SYSTEM%]\gidcai32.dll
[%SYSTEM%]\sipspi32.dll
[%APPDATA%]\DownloadLegalMusic\DownloadLegalMusic.ico
[%APPDATA%]\DownloadLegalMusic\DownloadLegalMusicTMP.ico
[%APPDATA%]\MATRIX\FotosSexys\App.ico
[%APPDATA%]\MATRIX\FotosSexys\Conectado.ico
[%APPDATA%]\MATRIX\FotosSexys\Conectando.ico
[%APPDATA%]\MATRIX\FotosSexys\Desconectado.ico
[%PROFILE_TEMP%]\aplicacion.ico
[%PROFILE_TEMP%]\licencia.txt
[%PROFILE_TEMP%]\telefonos.txt
[%PROFILE_TEMP%]\textos.txt
[%DESKTOP%]\123downloadsuk.lnk
[%FAVORITES%]\123downloadsuk.lnk
[%PROFILE%]\start menu\123downloadsuk.lnk
[%PROFILE_TEMP%]\123downloadsuk.cab
[%PROFILE_TEMP%]\123downloadsuk.per
[%SYSTEM%]\123downloadsuk.lnk
[%SYSTEM%]\de42s.ico
[%SYSTEM%]\gidcai32.dll
[%SYSTEM%]\sipspi32.dll

How to detect 123Mania:

Files:
[%APPDATA%]\DownloadLegalMusic\DownloadLegalMusic.ico
[%APPDATA%]\DownloadLegalMusic\DownloadLegalMusicTMP.ico
[%APPDATA%]\MATRIX\FotosSexys\App.ico
[%APPDATA%]\MATRIX\FotosSexys\Conectado.ico
[%APPDATA%]\MATRIX\FotosSexys\Conectando.ico
[%APPDATA%]\MATRIX\FotosSexys\Desconectado.ico
[%PROFILE_TEMP%]\aplicacion.ico
[%PROFILE_TEMP%]\licencia.txt
[%PROFILE_TEMP%]\telefonos.txt
[%PROFILE_TEMP%]\textos.txt
[%DESKTOP%]\123downloadsuk.lnk
[%FAVORITES%]\123downloadsuk.lnk
[%PROFILE%]\start menu\123downloadsuk.lnk
[%PROFILE_TEMP%]\123downloadsuk.cab
[%PROFILE_TEMP%]\123downloadsuk.per
[%SYSTEM%]\123downloadsuk.lnk
[%SYSTEM%]\de42s.ico
[%SYSTEM%]\gidcai32.dll
[%SYSTEM%]\sipspi32.dll
[%APPDATA%]\DownloadLegalMusic\DownloadLegalMusic.ico
[%APPDATA%]\DownloadLegalMusic\DownloadLegalMusicTMP.ico
[%APPDATA%]\MATRIX\FotosSexys\App.ico
[%APPDATA%]\MATRIX\FotosSexys\Conectado.ico
[%APPDATA%]\MATRIX\FotosSexys\Conectando.ico
[%APPDATA%]\MATRIX\FotosSexys\Desconectado.ico
[%PROFILE_TEMP%]\aplicacion.ico
[%PROFILE_TEMP%]\licencia.txt
[%PROFILE_TEMP%]\telefonos.txt
[%PROFILE_TEMP%]\textos.txt
[%DESKTOP%]\123downloadsuk.lnk
[%FAVORITES%]\123downloadsuk.lnk
[%PROFILE%]\start menu\123downloadsuk.lnk
[%PROFILE_TEMP%]\123downloadsuk.cab
[%PROFILE_TEMP%]\123downloadsuk.per
[%SYSTEM%]\123downloadsuk.lnk
[%SYSTEM%]\de42s.ico
[%SYSTEM%]\gidcai32.dll
[%SYSTEM%]\sipspi32.dll

Folders:
[%APPDATA%]\123downloadsuk

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{88c51e90-8e9c-4c96-8a45-574d88b63faf}
HKEY_CLASSES_ROOT\interface\{4fc63700-2093-4ad2-8d37-3b3d86d9c940}
HKEY_CLASSES_ROOT\interface\{5bf0ce3e-61d2-4a7b-baa3-0c4667a9563d}
HKEY_CLASSES_ROOT\ptpsa32.ptpsaweb
HKEY_CLASSES_ROOT\ptpsa32.ptpsaweb.1
HKEY_CLASSES_ROOT\typelib\{095c0db4-fea6-440e-8dfc-00fc53ac827d}
HKEY_CURRENT_USER\software\matrix_html
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{88C51E90-8E9C-4C96-8A45-574D88B63FAF}
HKEY_CLASSES_ROOT\autosearch1.bhosrc
HKEY_CLASSES_ROOT\autosearch1.bhosrc.1
HKEY_CLASSES_ROOT\autosearch1.srchhook
HKEY_CLASSES_ROOT\autosearch1.srchhook.1
HKEY_CLASSES_ROOT\bho.html
HKEY_CLASSES_ROOT\bho.html.1
HKEY_CLASSES_ROOT\bho1.html
HKEY_CLASSES_ROOT\bho1.html.1
HKEY_CLASSES_ROOT\clsid\{15651c7c-e812-44a2-a9ac-b467a2233e7d}
HKEY_CLASSES_ROOT\clsid\{622cc208-b014-4fe0-801b-874a5e5e403a}
HKEY_CLASSES_ROOT\clsid\{9c5b2f29-1f46-4639-a6b4-828942301d3e}
HKEY_CLASSES_ROOT\clsid\{d879a0f1-2b3b-4409-8879-fad6e49e1ea9}
HKEY_CLASSES_ROOT\interface\{16f6a635-09f8-44e6-953e-81d037647255}
HKEY_CLASSES_ROOT\interface\{34dcdbdb-60ef-4281-92c6-68c299aab8e5}
HKEY_CLASSES_ROOT\interface\{722c6699-fdf7-4b4f-bdd0-f84cf5791a80}
HKEY_CLASSES_ROOT\interface\{fc02833e-9fde-4862-974f-828887716a28}
HKEY_CLASSES_ROOT\typelib\{5e6895ea-e919-4331-adbe-827d4d8915ac}
HKEY_CLASSES_ROOT\typelib\{b8f9dd56-4ffa-47b0-b9d7-42f45a752f4e}
HKEY_CLASSES_ROOT\typelib\{e9a45914-275e-4866-bb75-5d65cbc3f311}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{15651c7c-e812-44a2-a9ac-b467a2233e7d}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{88c51e90-8e9c-4c96-8a45-574d88b63faf}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{9c5b2f29-1f46-4639-a6b4-828942301d3e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{622cc208-b014-4fe0-801b-874a5e5e403a}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping
HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\userassist\{75048700-ef1f-11d0-9888-006097deacf9}\count
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\userassist\{75048700-ef1f-11d0-9888-006097deacf9}\count
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\settings
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\wintrust\trust providers\software publishing\trust database\0, goicfboogidikkejccmclpieicihhlpo mmhkbp=futurpago
HKEY_LOCAL_MACHINE\software\microsoft\eventsystem\{26c409cc-ae86-11d1-b616-00805fc79216}\subscriptions\{fce5f4d6-6d1a-4366-bb61-cfaa4a463c94}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\abouturls
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\abouturls
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\abouturls
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\abouturls
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\abouturls
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\abouturls
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\abouturls
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{76dd9e77-f06c-4471-ab6c-cf03c5c6b5b0}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{76dd9e77-f06c-4471-ab6c-cf03c5c6b5b0}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{76dd9e77-f06c-4471-ab6c-cf03c5c6b5b0}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{76dd9e77-f06c-4471-ab6c-cf03c5c6b5b0}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{76dd9e77-f06c-4471-ab6c-cf03c5c6b5b0}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{76dd9e77-f06c-4471-ab6c-cf03c5c6b5b0}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing 123Mania:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
FMSZ Trojan Information

ClickToSearch Adware

Removing ClickToSearch
Categories: Adware,BHO,Hijacker
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

---

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\bpv2t.dll
[%WINDOWS%]\system\bpv2t.dll
[%SYSTEM%]\bpv2t.dll
[%WINDOWS%]\system\bpv2t.dll

How to detect ClickToSearch:

Files:
[%SYSTEM%]\bpv2t.dll
[%WINDOWS%]\system\bpv2t.dll
[%SYSTEM%]\bpv2t.dll
[%WINDOWS%]\system\bpv2t.dll

Removing ClickToSearch:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
ErrorProtector Ransomware Cleaner
DlToon Trojan Removal instruction
Game Trojan Information
Blood.Rage Trojan Information

Nova Trojan

Removing Nova
Categories: Trojan,Backdoor,RAT
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

---

Nova Also known as:

[Kaspersky]Backdoor.Novadoor.10;
[Eset]Win32/Noknok.80.A trojan;
[Panda]Backdoor Program;
[Computer Associates]Backdoor/Avon.10!Server,Backdoor/Novadoor.1_0,Win32.Avon.A,Backdoor/Nova

---

Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\v.dat
[%PROFILE_TEMP%]\v.dat

How to detect Nova:

Files:
[%PROFILE_TEMP%]\v.dat
[%PROFILE_TEMP%]\v.dat

Folders:
[%PROGRAM_FILES%]\mlh

Registry Keys:
HKEY_CURRENT_USER\software\medialoads
HKEY_LOCAL_MACHINE\software\mlh

Removing Nova:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
TrojanDownloader.Win32.Briss Downloader Removal

Junk.NavQuar Spyware

Removing Junk.NavQuar
Categories: Spyware,RAT,Hacker Tool
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.

---

Junk.NavQuar Also known as:

[Kaspersky]Terror.1085,Win32.Cecile;
[McAfee]Junk-NavQuar,Kamikaze.dam,VTool/jul1,W32/Cecile.dr;
[F-Prot]corrupted or intended virus,virus dropper;
[Panda]W32/Cecile;
[Computer Associates]Win32.Cecile,Win32/Cecile

How to detect Junk.NavQuar:

Folders:
[%PROGRAM_FILES%]\languard network scanner

Removing Junk.NavQuar:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Removing Goesna Trojan
Remove Excel.Yohimbe Trojan
SillyDl.DAH Trojan Information

SearchCentrix.Mygeek.com BHO

Removing SearchCentrix.Mygeek.com
Categories: BHO,Hijacker
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

---

SearchCentrix.Mygeek.com Also known as:

[Panda]Spyware/Searchcentrix

---

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\barbho.dll
[%SYSTEM%]\gsim.dll
[%SYSTEM%]\mgeekremove.exe
[%SYSTEM%]\mygeek.dll
[%SYSTEM%]\reg2.exe
[%WINDOWS%]\adrsb.exe
[%WINDOWS%]\gsim.dll
[%WINDOWS%]\system\gsim.dll
[%WINDOWS%]\waladhpr.exe
[%SYSTEM%]\barbho.dll
[%SYSTEM%]\gsim.dll
[%SYSTEM%]\mgeekremove.exe
[%SYSTEM%]\mygeek.dll
[%SYSTEM%]\reg2.exe
[%WINDOWS%]\adrsb.exe
[%WINDOWS%]\gsim.dll
[%WINDOWS%]\system\gsim.dll
[%WINDOWS%]\waladhpr.exe

How to detect SearchCentrix.Mygeek.com:

Files:
[%SYSTEM%]\barbho.dll
[%SYSTEM%]\gsim.dll
[%SYSTEM%]\mgeekremove.exe
[%SYSTEM%]\mygeek.dll
[%SYSTEM%]\reg2.exe
[%WINDOWS%]\adrsb.exe
[%WINDOWS%]\gsim.dll
[%WINDOWS%]\system\gsim.dll
[%WINDOWS%]\waladhpr.exe
[%SYSTEM%]\barbho.dll
[%SYSTEM%]\gsim.dll
[%SYSTEM%]\mgeekremove.exe
[%SYSTEM%]\mygeek.dll
[%SYSTEM%]\reg2.exe
[%WINDOWS%]\adrsb.exe
[%WINDOWS%]\gsim.dll
[%WINDOWS%]\system\gsim.dll
[%WINDOWS%]\waladhpr.exe

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-dff7-ec6bf4d5fa7d}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{4e7bd74f-2b8d-469e-dff7-ec6bf4d5fa7d}
HKEY_LOCAL_MACHINE\software\classes\barbho.class1
HKEY_LOCAL_MACHINE\software\classes\clsid\{4e7bd74f-2b8d-469e-dff7-ec6bf4d5fa7d}
HKEY_LOCAL_MACHINE\software\classes\clsid\{c431bf1e-9e71-4bb6-9c4e-8496d158db1f}
HKEY_LOCAL_MACHINE\software\classes\clsid\{cd2a865b-6c0f-44f9-baa1-7cdb31e04bc8}
HKEY_LOCAL_MACHINE\software\classes\interface\{7bd45240-7166-4768-a845-8ce375c5e096}
HKEY_LOCAL_MACHINE\software\classes\interface\{9f9d3d1f-e697-4a86-90c7-58cecf6a2634}
HKEY_LOCAL_MACHINE\software\classes\mygeek.com
HKEY_LOCAL_MACHINE\software\classes\typelib\{47d616a1-b588-45d1-ad71-33ac15fb6940}
HKEY_LOCAL_MACHINE\software\classes\typelib\{48977f6e-4120-4f88-8c4b-a6399bd0dd08}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4e7bd74f-2b8d-469e-dff7-ec6bf4d5fa7d}

Removing SearchCentrix.Mygeek.com:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Remove Mexhetm Downloader
Remove Incubus Trojan

TrustedAntivirus Ransomware

Removing TrustedAntivirus
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe software that encrypts the data
belonging to an individual on a computer, demanding a ransom for its restoration.
Although the field known as cryptovirology predates the term "ransomware".

---

Visible Symptoms:
Files in system folders:
[%APPDATA%]\TrustedAntivirus\avtasks.dat
[%APPDATA%]\TrustedAntivirus\Logs\av.log
[%APPDATA%]\TrustedAntivirus\Logs\ga6Support.log
[%APPDATA%]\TrustedAntivirus\Logs\update.log
[%COMMON_DESKTOPDIRECTORY%]\TrustedAntivirus.lnk
[%COMMON_PROGRAMS%]\TrustedAntivirus\Contact Customer Support.lnk
[%COMMON_PROGRAMS%]\TrustedAntivirus\TrustedAntivirus.lnk
[%COMMON_PROGRAMS%]\TrustedAntivirus\Uninstall TrustedAntivirus.lnk
[%PROGRAM_FILES_COMMON%]\TrustedAntivirus\bm.exe
[%PROGRAM_FILES_COMMON%]\TrustedAntivirus\ugcw.exe
[%SYSTEM%]\drivers\FMTR.sys
[%APPDATA%]\TrustedAntivirus\avtasks.dat
[%APPDATA%]\TrustedAntivirus\Logs\av.log
[%APPDATA%]\TrustedAntivirus\Logs\ga6Support.log
[%APPDATA%]\TrustedAntivirus\Logs\update.log
[%COMMON_DESKTOPDIRECTORY%]\TrustedAntivirus.lnk
[%COMMON_PROGRAMS%]\TrustedAntivirus\Contact Customer Support.lnk
[%COMMON_PROGRAMS%]\TrustedAntivirus\TrustedAntivirus.lnk
[%COMMON_PROGRAMS%]\TrustedAntivirus\Uninstall TrustedAntivirus.lnk
[%PROGRAM_FILES_COMMON%]\TrustedAntivirus\bm.exe
[%PROGRAM_FILES_COMMON%]\TrustedAntivirus\ugcw.exe
[%SYSTEM%]\drivers\FMTR.sys

How to detect TrustedAntivirus:

Files:
[%APPDATA%]\TrustedAntivirus\avtasks.dat
[%APPDATA%]\TrustedAntivirus\Logs\av.log
[%APPDATA%]\TrustedAntivirus\Logs\ga6Support.log
[%APPDATA%]\TrustedAntivirus\Logs\update.log
[%COMMON_DESKTOPDIRECTORY%]\TrustedAntivirus.lnk
[%COMMON_PROGRAMS%]\TrustedAntivirus\Contact Customer Support.lnk
[%COMMON_PROGRAMS%]\TrustedAntivirus\TrustedAntivirus.lnk
[%COMMON_PROGRAMS%]\TrustedAntivirus\Uninstall TrustedAntivirus.lnk
[%PROGRAM_FILES_COMMON%]\TrustedAntivirus\bm.exe
[%PROGRAM_FILES_COMMON%]\TrustedAntivirus\ugcw.exe
[%SYSTEM%]\drivers\FMTR.sys
[%APPDATA%]\TrustedAntivirus\avtasks.dat
[%APPDATA%]\TrustedAntivirus\Logs\av.log
[%APPDATA%]\TrustedAntivirus\Logs\ga6Support.log
[%APPDATA%]\TrustedAntivirus\Logs\update.log
[%COMMON_DESKTOPDIRECTORY%]\TrustedAntivirus.lnk
[%COMMON_PROGRAMS%]\TrustedAntivirus\Contact Customer Support.lnk
[%COMMON_PROGRAMS%]\TrustedAntivirus\TrustedAntivirus.lnk
[%COMMON_PROGRAMS%]\TrustedAntivirus\Uninstall TrustedAntivirus.lnk
[%PROGRAM_FILES_COMMON%]\TrustedAntivirus\bm.exe
[%PROGRAM_FILES_COMMON%]\TrustedAntivirus\ugcw.exe
[%SYSTEM%]\drivers\FMTR.sys

Folders:
[%PROGRAM_FILES%]\TrustedAntivirus

Registry Keys:
HKEY_CURRENT_USER\software\trustedantivirus
HKEY_LOCAL_MACHINE\software\trustedantivirus

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\products
HKEY_LOCAL_MACHINE\software\products

Removing TrustedAntivirus:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Bizibot Trojan Information
Webbulion Adware Cleaner

SearchUrl (SearchSpy) Adware

Removing SearchUrl (SearchSpy)
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

---

Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\SearchURL\SearchURL1015.dll
[%PROGRAM_FILES%]\SearchURL\SearchURL1021.dll
[%PROGRAM_FILES%]\SearchURL\SearchURL1015.dll
[%PROGRAM_FILES%]\SearchURL\SearchURL1021.dll

How to detect SearchUrl (SearchSpy):

Files:
[%PROGRAM_FILES%]\SearchURL\SearchURL1015.dll
[%PROGRAM_FILES%]\SearchURL\SearchURL1021.dll
[%PROGRAM_FILES%]\SearchURL\SearchURL1015.dll
[%PROGRAM_FILES%]\SearchURL\SearchURL1021.dll

Folders:
[%PROGRAM_FILES%]\SearchSpy
[%PROGRAM_FILES%]\SearchURL

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{C6294462-2E39-4565-BCA4-DD5DB7397220}

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar

Removing SearchUrl (SearchSpy):

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Bancos.GHA Trojan Symptoms
SysInfo Trojan Cleaner
Ogre.2009!Trojan Trojan Cleaner
SurfAccuracy Adware Information

Midnight.Oil Adware

Removing Midnight.Oil
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

How to detect Midnight.Oil:

Folders:
[%PROGRAMS%]\midnight oil
[%PROGRAM_FILES%]\midnight oil

Registry Keys:
HKEY_LOCAL_MACHINE\software\classes\netscape starting
HKEY_LOCAL_MACHINE\software\classes\clsid\{ebbfe288-bdf0-11d2-bbe5-00609419f467}
HKEY_LOCAL_MACHINE\software\classes\clsid\{ebbfe28a-bdf0-11d2-bbe5-00609419f467}
HKEY_LOCAL_MACHINE\software\classes\interface\{ebbfe27b-bdf0-11d2-bbe5-00609419f467}
HKEY_LOCAL_MACHINE\software\classes\interface\{ebbfe287-bdf0-11d2-bbe5-00609419f467}
HKEY_LOCAL_MACHINE\software\classes\interface\{ebbfe289-bdf0-11d2-bbe5-00609419f467}
HKEY_LOCAL_MACHINE\software\classes\stub.ciestub
HKEY_LOCAL_MACHINE\software\classes\stub.ciestub.1
HKEY_LOCAL_MACHINE\software\classes\stub.netscapestop

Registry Values:
HKEY_LOCAL_MACHINE\software\classes\software\aureate\advertising\default server
HKEY_LOCAL_MACHINE\software\classes\software\aureate\advertising\default server
HKEY_LOCAL_MACHINE\software\classes\software\aureate\advertising\servers\1
HKEY_LOCAL_MACHINE\software\classes\software\aureate\advertising\servers\1
HKEY_LOCAL_MACHINE\software\classes\software\aureate\advertising\servers\2
HKEY_LOCAL_MACHINE\software\classes\software\aureate\advertising\servers\2
HKEY_LOCAL_MACHINE\software\classes\software\aureate\advertising\servers\3
HKEY_LOCAL_MACHINE\software\classes\software\aureate\advertising\servers\3
HKEY_LOCAL_MACHINE\software\classes\software\aureate\advertising\servers\4
HKEY_LOCAL_MACHINE\software\classes\software\aureate\advertising\servers\4
HKEY_LOCAL_MACHINE\software\classes\software\aureate\advertising\default server
HKEY_LOCAL_MACHINE\software\classes\software\aureate\advertising\default server
HKEY_LOCAL_MACHINE\software\classes\software\aureate\advertising\path
HKEY_LOCAL_MACHINE\software\classes\software\aureate\advertising\servers\1
HKEY_LOCAL_MACHINE\software\classes\software\aureate\advertising\servers\1
HKEY_LOCAL_MACHINE\software\classes\software\aureate\advertising\servers\2
HKEY_LOCAL_MACHINE\software\classes\software\aureate\advertising\servers\2
HKEY_LOCAL_MACHINE\software\classes\software\aureate\advertising\servers\3
HKEY_LOCAL_MACHINE\software\classes\software\aureate\advertising\servers\3
HKEY_LOCAL_MACHINE\software\classes\software\aureate\advertising\servers\4
HKEY_LOCAL_MACHINE\software\classes\software\aureate\advertising\servers\4
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\midnight oil solitaire 3.11_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\midnight oil solitaire 3.11_is1

Removing Midnight.Oil:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Pigeon.EPF Trojan Information
Pigeon.ADW Trojan Information
Actual.Spy Spyware Symptoms
Removing NTRC Backdoor
ScreenSaver.Lightningstorm Adware Information

KeyToPorn Trojan

Removing KeyToPorn
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

How to detect KeyToPorn:

Folders:
[%PROGRAMS%]\KeyToPorn
[%PROGRAM_FILES%]\KeyToPorn

Registry Keys:
HKEY_CLASSES_ROOT\keytoporn
HKEY_CURRENT_USER\software\keytoporn
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\keytoporn

Removing KeyToPorn:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Removing Sysphear DoS
Removing Activex.Dialer Adware
TrojanDownloader.Win32.Small Trojan Information

BlazeFind Adware

Removing BlazeFind
Categories: Adware,BHO,Hijacker,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.A Search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

---

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\iesearchbar.dll
[%WINDOWS%]\system\iesearchbar.dll
[%SYSTEM%]\iesearchbar.dll
[%WINDOWS%]\system\iesearchbar.dll

How to detect BlazeFind:

Files:
[%SYSTEM%]\iesearchbar.dll
[%WINDOWS%]\system\iesearchbar.dll
[%SYSTEM%]\iesearchbar.dll
[%WINDOWS%]\system\iesearchbar.dll

Folders:
[%WINDOWS%]\winskw

Registry Keys:
HKEY_CLASSES_ROOT\bridgex.installer
HKEY_CLASSES_ROOT\clsid\{14d2cffe-6656-4bec-8d9e-dde6f2d4eae5}
HKEY_CLASSES_ROOT\CLSID\{83DE62E0-5805-11D8-9B25-00E04C60FAF2}
HKEY_CLASSES_ROOT\interface\{8c505a6b-124b-4768-8fd3-1a066c839848}
HKEY_CLASSES_ROOT\typelib\{0b3569d7-1ea4-4cba-ac13-225902619789}
HKEY_CLASSES_ROOT\windowssaband.winsaband
HKEY_CLASSES_ROOT\windowssaband.winsaband.1
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{83de62e0-5805-11d8-9b25-00e04c60faf2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83DE62E0-5805-11D8-9B25-00E04C60FAF2}
HKEY_CLASSES_ROOT\clsid\{71ed4fba-4024-4bbe-91dc-9704c93f453e}
HKEY_CLASSES_ROOT\clsid\{83de62e0-5805-11d8-9b25-00e04c60faf2}
HKEY_CLASSES_ROOT\clsid\{c5941ee5-6dfa-11d8-86b0-0002441a9695}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{71ed4fba-4024-4bbe-91dc-9704c93f453e}
HKEY_LOCAL_MACHINE\clsid\{71ed4fba-4024-4bbe-91dc-9704c93f453e}
HKEY_LOCAL_MACHINE\clsid\{83de62e0-5805-11d8-9b25-00e04c60faf2}
HKEY_LOCAL_MACHINE\clsid\{c5941ee5-6dfa-11d8-86b0-0002441a9695}
HKEY_LOCAL_MACHINE\clsid\{fbed6a02-71fb-11d8-86b0-0002441a9695}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{71ed4fba-4024-4bbe-91dc-9704c93f453e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{71ed4fba-4024-4bbe-91dc-9704c93f453e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{83de62e0-5805-11d8-9b25-00e04c60faf2}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar

Removing BlazeFind:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Agent.al Trojan Information

BrowserAid.LetsSearch BHO

Removing BrowserAid.LetsSearch
Categories: BHO
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.

How to detect BrowserAid.LetsSearch:

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\uptodate.exe

Removing BrowserAid.LetsSearch:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
SMS Trojan Cleaner
Winfo Adware Cleaner
Pigeon.AVDC Trojan Removal

2nd Thought Adware

Removing 2nd Thought
Categories: Adware,BHO,Popups
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The pop-ups generally will not be stopped by pop-up stoppers, and often are
not dependent on your having Internet Explorer open.

---

Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\STC\bundles.exe
[%PROGRAM_FILES%]\STC\bundles53.exe
[%PROGRAM_FILES%]\STC\STC.exe
[%SYSTEM%]\2ndsrch.dll
[%SYSTEM%]\stcloader.exe
[%SYSTEM%]\winupdt.001
[%SYSTEM%]\winupdt.bin
[%WINDOWS%]\bundles\2504040824.exe
[%WINDOWS%]\bundles\32wu54rd.exe
[%WINDOWS%]\bundles\bs5-cvuacy.exe
[%WINDOWS%]\bundles\bs5-vmk1.exe
[%WINDOWS%]\bundles\bs5-vwqouc.exe
[%WINDOWS%]\bundles\CSV5P070.exe
[%WINDOWS%]\bundles\ezStub.exe
[%WINDOWS%]\bundles\log.bak.txt
[%WINDOWS%]\bundles\optimize.exe
[%WINDOWS%]\bundles\setup_silent_14725.exe
[%WINDOWS%]\bundles\setup_silent_14765.exe
[%WINDOWS%]\bundles\setup_silent_17299.exe
[%WINDOWS%]\bundles\trafficvenue1.exe
[%WINDOWS%]\bundles\TVM_B5.EXE
[%WINDOWS%]\bundles\Tvm_b5_269.exe
[%PROGRAM_FILES%]\STC\bundles.exe
[%PROGRAM_FILES%]\STC\bundles53.exe
[%PROGRAM_FILES%]\STC\STC.exe
[%SYSTEM%]\2ndsrch.dll
[%SYSTEM%]\stcloader.exe
[%SYSTEM%]\winupdt.001
[%SYSTEM%]\winupdt.bin
[%WINDOWS%]\bundles\2504040824.exe
[%WINDOWS%]\bundles\32wu54rd.exe
[%WINDOWS%]\bundles\bs5-cvuacy.exe
[%WINDOWS%]\bundles\bs5-vmk1.exe
[%WINDOWS%]\bundles\bs5-vwqouc.exe
[%WINDOWS%]\bundles\CSV5P070.exe
[%WINDOWS%]\bundles\ezStub.exe
[%WINDOWS%]\bundles\log.bak.txt
[%WINDOWS%]\bundles\optimize.exe
[%WINDOWS%]\bundles\setup_silent_14725.exe
[%WINDOWS%]\bundles\setup_silent_14765.exe
[%WINDOWS%]\bundles\setup_silent_17299.exe
[%WINDOWS%]\bundles\trafficvenue1.exe
[%WINDOWS%]\bundles\TVM_B5.EXE
[%WINDOWS%]\bundles\Tvm_b5_269.exe

How to detect 2nd Thought:

Files:
[%PROGRAM_FILES%]\STC\bundles.exe
[%PROGRAM_FILES%]\STC\bundles53.exe
[%PROGRAM_FILES%]\STC\STC.exe
[%SYSTEM%]\2ndsrch.dll
[%SYSTEM%]\stcloader.exe
[%SYSTEM%]\winupdt.001
[%SYSTEM%]\winupdt.bin
[%WINDOWS%]\bundles\2504040824.exe
[%WINDOWS%]\bundles\32wu54rd.exe
[%WINDOWS%]\bundles\bs5-cvuacy.exe
[%WINDOWS%]\bundles\bs5-vmk1.exe
[%WINDOWS%]\bundles\bs5-vwqouc.exe
[%WINDOWS%]\bundles\CSV5P070.exe
[%WINDOWS%]\bundles\ezStub.exe
[%WINDOWS%]\bundles\log.bak.txt
[%WINDOWS%]\bundles\optimize.exe
[%WINDOWS%]\bundles\setup_silent_14725.exe
[%WINDOWS%]\bundles\setup_silent_14765.exe
[%WINDOWS%]\bundles\setup_silent_17299.exe
[%WINDOWS%]\bundles\trafficvenue1.exe
[%WINDOWS%]\bundles\TVM_B5.EXE
[%WINDOWS%]\bundles\Tvm_b5_269.exe
[%PROGRAM_FILES%]\STC\bundles.exe
[%PROGRAM_FILES%]\STC\bundles53.exe
[%PROGRAM_FILES%]\STC\STC.exe
[%SYSTEM%]\2ndsrch.dll
[%SYSTEM%]\stcloader.exe
[%SYSTEM%]\winupdt.001
[%SYSTEM%]\winupdt.bin
[%WINDOWS%]\bundles\2504040824.exe
[%WINDOWS%]\bundles\32wu54rd.exe
[%WINDOWS%]\bundles\bs5-cvuacy.exe
[%WINDOWS%]\bundles\bs5-vmk1.exe
[%WINDOWS%]\bundles\bs5-vwqouc.exe
[%WINDOWS%]\bundles\CSV5P070.exe
[%WINDOWS%]\bundles\ezStub.exe
[%WINDOWS%]\bundles\log.bak.txt
[%WINDOWS%]\bundles\optimize.exe
[%WINDOWS%]\bundles\setup_silent_14725.exe
[%WINDOWS%]\bundles\setup_silent_14765.exe
[%WINDOWS%]\bundles\setup_silent_17299.exe
[%WINDOWS%]\bundles\trafficvenue1.exe
[%WINDOWS%]\bundles\TVM_B5.EXE
[%WINDOWS%]\bundles\Tvm_b5_269.exe

Folders:
[%PROGRAM_FILES%]\STC
[%WINDOWS%]\bundles

Registry Keys:
HKEY_CURRENT_USER\Software\AUN
HKEY_CURRENT_USER\Software\Bundles
HKEY_CURRENT_USER\Software\STC

Removing 2nd Thought:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Remove Pigeon.EZQ Trojan
Zlob.Fam.Browser Protection Volume Trojan Removal instruction
MDSA.Sentinel Spyware Information

Adware.CDNHelper Adware

Removing Adware.CDNHelper
Categories: Adware,Downloader
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

---

Adware.CDNHelper Also known as:

[McAfee]Adware-CDNHelper;
[Other]W32/CNNIC.A,BrowserModifier:Win32/CNNICChineseKeywords,Adware.WSearch,Win32/CNNIC

---

Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\26\cdnprot.dat
[%PROFILE_TEMP%]\2B\cdnprot.dat
[%PROFILE_TEMP%]\31\cdnprot.dat
[%PROFILE_TEMP%]\36\cdnprot.dat
[%SYSTEM%]\cdnprot.dat
[%PROFILE_TEMP%]\63\cdn.dll
[%PROFILE_TEMP%]\63\cdnaux.dll
[%PROFILE_TEMP%]\63\cdnforie.dll
[%PROFILE_TEMP%]\63\cdnins.dll
[%PROFILE_TEMP%]\63\cdnprh.dll
[%PROFILE_TEMP%]\63\cdnprot.dat
[%PROFILE_TEMP%]\63\cdnprot.sys
[%PROFILE_TEMP%]\63\cdnunins.exe
[%PROFILE_TEMP%]\63\cdnup.exe
[%PROFILE_TEMP%]\63\cdnvers.dat
[%PROFILE_TEMP%]\63\idnconvs.dll
[%PROFILE_TEMP%]\63\setup.exe
[%PROFILE_TEMP%]\63\src.dat
[%SYSTEM%]\drivers\dddjijfb.sys
[%SYSTEM%]\drivers\gjjfdcgd.sys
[%PROFILE_TEMP%]\26\cdnprot.dat
[%PROFILE_TEMP%]\2B\cdnprot.dat
[%PROFILE_TEMP%]\31\cdnprot.dat
[%PROFILE_TEMP%]\36\cdnprot.dat
[%SYSTEM%]\cdnprot.dat
[%PROFILE_TEMP%]\63\cdn.dll
[%PROFILE_TEMP%]\63\cdnaux.dll
[%PROFILE_TEMP%]\63\cdnforie.dll
[%PROFILE_TEMP%]\63\cdnins.dll
[%PROFILE_TEMP%]\63\cdnprh.dll
[%PROFILE_TEMP%]\63\cdnprot.dat
[%PROFILE_TEMP%]\63\cdnprot.sys
[%PROFILE_TEMP%]\63\cdnunins.exe
[%PROFILE_TEMP%]\63\cdnup.exe
[%PROFILE_TEMP%]\63\cdnvers.dat
[%PROFILE_TEMP%]\63\idnconvs.dll
[%PROFILE_TEMP%]\63\setup.exe
[%PROFILE_TEMP%]\63\src.dat
[%SYSTEM%]\drivers\dddjijfb.sys
[%SYSTEM%]\drivers\gjjfdcgd.sys

How to detect Adware.CDNHelper:

Files:
[%PROFILE_TEMP%]\26\cdnprot.dat
[%PROFILE_TEMP%]\2B\cdnprot.dat
[%PROFILE_TEMP%]\31\cdnprot.dat
[%PROFILE_TEMP%]\36\cdnprot.dat
[%SYSTEM%]\cdnprot.dat
[%PROFILE_TEMP%]\63\cdn.dll
[%PROFILE_TEMP%]\63\cdnaux.dll
[%PROFILE_TEMP%]\63\cdnforie.dll
[%PROFILE_TEMP%]\63\cdnins.dll
[%PROFILE_TEMP%]\63\cdnprh.dll
[%PROFILE_TEMP%]\63\cdnprot.dat
[%PROFILE_TEMP%]\63\cdnprot.sys
[%PROFILE_TEMP%]\63\cdnunins.exe
[%PROFILE_TEMP%]\63\cdnup.exe
[%PROFILE_TEMP%]\63\cdnvers.dat
[%PROFILE_TEMP%]\63\idnconvs.dll
[%PROFILE_TEMP%]\63\setup.exe
[%PROFILE_TEMP%]\63\src.dat
[%SYSTEM%]\drivers\dddjijfb.sys
[%SYSTEM%]\drivers\gjjfdcgd.sys
[%PROFILE_TEMP%]\26\cdnprot.dat
[%PROFILE_TEMP%]\2B\cdnprot.dat
[%PROFILE_TEMP%]\31\cdnprot.dat
[%PROFILE_TEMP%]\36\cdnprot.dat
[%SYSTEM%]\cdnprot.dat
[%PROFILE_TEMP%]\63\cdn.dll
[%PROFILE_TEMP%]\63\cdnaux.dll
[%PROFILE_TEMP%]\63\cdnforie.dll
[%PROFILE_TEMP%]\63\cdnins.dll
[%PROFILE_TEMP%]\63\cdnprh.dll
[%PROFILE_TEMP%]\63\cdnprot.dat
[%PROFILE_TEMP%]\63\cdnprot.sys
[%PROFILE_TEMP%]\63\cdnunins.exe
[%PROFILE_TEMP%]\63\cdnup.exe
[%PROFILE_TEMP%]\63\cdnvers.dat
[%PROFILE_TEMP%]\63\idnconvs.dll
[%PROFILE_TEMP%]\63\setup.exe
[%PROFILE_TEMP%]\63\src.dat
[%SYSTEM%]\drivers\dddjijfb.sys
[%SYSTEM%]\drivers\gjjfdcgd.sys

Removing Adware.CDNHelper:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
ICMPstrike DoS Removal
Msgmess Trojan Removal

KeySnatch Spyware

Removing KeySnatch
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

How to detect KeySnatch:

Folders:
[%PROGRAM_FILES%]\keysnatch

Registry Keys:
HKEY_LOCAL_MACHINE\software\classes\aboxctl.abox
HKEY_LOCAL_MACHINE\software\classes\clsid\{634e2191-2142-4c32-8a9a-d92032ca5f51}
HKEY_LOCAL_MACHINE\software\classes\clsid\{680c2b92-6fbf-446e-8b32-3bba73f1004d}
HKEY_LOCAL_MACHINE\software\classes\clsid\{7a834f35-3908-4fda-bdac-28eab89a0fb3}
HKEY_LOCAL_MACHINE\software\classes\clsid\{9e563445-b3b2-4a4c-850f-32073a5df93e}
HKEY_LOCAL_MACHINE\software\classes\clsid\{b50ee6c3-c280-47f5-b73f-d624a2980e5d}
HKEY_LOCAL_MACHINE\software\classes\clsid\{d4f6d70a-eca7-4d42-aaec-dad4e26889e1}
HKEY_LOCAL_MACHINE\software\classes\clsid\{e2a1da8f-fb3e-4e4a-8df6-bc54af4f2b7b}
HKEY_LOCAL_MACHINE\software\classes\interface\{083e2157-26b7-4a35-92df-11d886ed88ce}
HKEY_LOCAL_MACHINE\software\classes\interface\{1a23c59a-8c62-4860-a2fe-fc3940e8158c}
HKEY_LOCAL_MACHINE\software\classes\interface\{3923042b-2c35-4910-8711-4e0712b8e7c0}
HKEY_LOCAL_MACHINE\software\classes\interface\{77190304-5e62-46b2-a556-599361fb7155}
HKEY_LOCAL_MACHINE\software\classes\interface\{a368e682-63c3-4a6b-90df-d36f1f94b68f}
HKEY_LOCAL_MACHINE\software\classes\interface\{b538d830-1f02-4c5e-a881-a442e48e6310}
HKEY_LOCAL_MACHINE\software\classes\interface\{df329552-2e33-45dd-b529-f1a79c5c14d6}
HKEY_LOCAL_MACHINE\software\classes\interface\{fdf66bea-fec0-4fe5-b6f3-db416f6f7cb9}
HKEY_LOCAL_MACHINE\software\classes\typelib\{03f7cb5f-9e40-4b74-a3ed-7dbeaab01c6c}
HKEY_LOCAL_MACHINE\software\classes\interface\{330849e8-b164-474c-9f09-0fe635d36c3c}
HKEY_LOCAL_MACHINE\software\classes\interface\{48372215-470c-4108-b9b3-6de0ea8a6210}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\keysnatch
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\keysnatch

Removing KeySnatch:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Remove Plague Trojan

Xeol Backdoor

Removing Xeol
Categories: Backdoor
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

---

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\scvhost.exe
[%WINDOWS%]\scvhost.exe

How to detect Xeol:

Files:
[%WINDOWS%]\scvhost.exe
[%WINDOWS%]\scvhost.exe

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing Xeol:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Surfcomp Adware Symptoms

Dubfouf Adware

Removing Dubfouf
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

---

Dubfouf Also known as:

[Kaspersky]Trojan-Downloader.Win32.CWS.am,Trojan.Win32.LowZones.ek;
[Other]Trojan.KillAV

---

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\ServicePackFiles\mm1417.exe
[%WINDOWS%]\ServicePackFiles\mm182.exe
[%WINDOWS%]\ServicePackFiles\mm2570.exe
[%WINDOWS%]\ServicePackFiles\mm2715.exe
[%WINDOWS%]\ServicePackFiles\mm2840.exe
[%WINDOWS%]\ServicePackFiles\mm2919.exe
[%WINDOWS%]\ServicePackFiles\mm3200.exe
[%WINDOWS%]\ServicePackFiles\mm372.exe
[%WINDOWS%]\ServicePackFiles\mm4206.exe
[%WINDOWS%]\ServicePackFiles\mm535.exe
[%WINDOWS%]\ServicePackFiles\mm5467.exe
[%WINDOWS%]\ServicePackFiles\mm5525.exe
[%WINDOWS%]\ServicePackFiles\mm6911.exe
[%WINDOWS%]\ServicePackFiles\mm7981.exe
[%WINDOWS%]\ServicePackFiles\mm8126.exe
[%WINDOWS%]\ServicePackFiles\mm872.exe
[%WINDOWS%]\ServicePackFiles\services.exe
[%WINDOWS%]\ServicePackFiles\mm1417.exe
[%WINDOWS%]\ServicePackFiles\mm182.exe
[%WINDOWS%]\ServicePackFiles\mm2570.exe
[%WINDOWS%]\ServicePackFiles\mm2715.exe
[%WINDOWS%]\ServicePackFiles\mm2840.exe
[%WINDOWS%]\ServicePackFiles\mm2919.exe
[%WINDOWS%]\ServicePackFiles\mm3200.exe
[%WINDOWS%]\ServicePackFiles\mm372.exe
[%WINDOWS%]\ServicePackFiles\mm4206.exe
[%WINDOWS%]\ServicePackFiles\mm535.exe
[%WINDOWS%]\ServicePackFiles\mm5467.exe
[%WINDOWS%]\ServicePackFiles\mm5525.exe
[%WINDOWS%]\ServicePackFiles\mm6911.exe
[%WINDOWS%]\ServicePackFiles\mm7981.exe
[%WINDOWS%]\ServicePackFiles\mm8126.exe
[%WINDOWS%]\ServicePackFiles\mm872.exe
[%WINDOWS%]\ServicePackFiles\services.exe

How to detect Dubfouf:

Files:
[%WINDOWS%]\ServicePackFiles\mm1417.exe
[%WINDOWS%]\ServicePackFiles\mm182.exe
[%WINDOWS%]\ServicePackFiles\mm2570.exe
[%WINDOWS%]\ServicePackFiles\mm2715.exe
[%WINDOWS%]\ServicePackFiles\mm2840.exe
[%WINDOWS%]\ServicePackFiles\mm2919.exe
[%WINDOWS%]\ServicePackFiles\mm3200.exe
[%WINDOWS%]\ServicePackFiles\mm372.exe
[%WINDOWS%]\ServicePackFiles\mm4206.exe
[%WINDOWS%]\ServicePackFiles\mm535.exe
[%WINDOWS%]\ServicePackFiles\mm5467.exe
[%WINDOWS%]\ServicePackFiles\mm5525.exe
[%WINDOWS%]\ServicePackFiles\mm6911.exe
[%WINDOWS%]\ServicePackFiles\mm7981.exe
[%WINDOWS%]\ServicePackFiles\mm8126.exe
[%WINDOWS%]\ServicePackFiles\mm872.exe
[%WINDOWS%]\ServicePackFiles\services.exe
[%WINDOWS%]\ServicePackFiles\mm1417.exe
[%WINDOWS%]\ServicePackFiles\mm182.exe
[%WINDOWS%]\ServicePackFiles\mm2570.exe
[%WINDOWS%]\ServicePackFiles\mm2715.exe
[%WINDOWS%]\ServicePackFiles\mm2840.exe
[%WINDOWS%]\ServicePackFiles\mm2919.exe
[%WINDOWS%]\ServicePackFiles\mm3200.exe
[%WINDOWS%]\ServicePackFiles\mm372.exe
[%WINDOWS%]\ServicePackFiles\mm4206.exe
[%WINDOWS%]\ServicePackFiles\mm535.exe
[%WINDOWS%]\ServicePackFiles\mm5467.exe
[%WINDOWS%]\ServicePackFiles\mm5525.exe
[%WINDOWS%]\ServicePackFiles\mm6911.exe
[%WINDOWS%]\ServicePackFiles\mm7981.exe
[%WINDOWS%]\ServicePackFiles\mm8126.exe
[%WINDOWS%]\ServicePackFiles\mm872.exe
[%WINDOWS%]\ServicePackFiles\services.exe

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Dubfouf:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Miskur Trojan Symptoms
Bancos.HLM Trojan Cleaner
Remove Biphist Trojan

Luzia Spyware

Removing Luzia
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.

---

Luzia Also known as:

[Kaspersky]Trojan-Spy.Win32.Luzia.k;
[Other]Infostealer

---

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\msnscr.exe
[%SYSTEM%]\msnscr.exe

How to detect Luzia:

Files:
[%SYSTEM%]\msnscr.exe
[%SYSTEM%]\msnscr.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Luzia:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
SillyDl.CFQ Downloader Information
NiteLineMedia Adware Removal instruction
Daqa Trojan Removal instruction

CashSaver Adware

Removing CashSaver
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

---

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\cashsaverupdate.exe
[%SYSTEM%]\cashsaverupdate.exe

How to detect CashSaver:

Files:
[%SYSTEM%]\cashsaverupdate.exe
[%SYSTEM%]\cashsaverupdate.exe

Removing CashSaver:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Removing SearchingAll Adware

Baigoo Adware

Removing Baigoo
Categories: Adware,Hijacker
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

---

Baigoo Also known as:

[Kaspersky]AdWare.Win32.Baigoo.a;
[Other]W32/BHO.H!tr.dldr,Win32/Adware.Toolbar.Baigoo application

---

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\rv40.dll
[%SYSTEM%]\bg50.exe
[%SYSTEM%]\rv40.dll
[%SYSTEM%]\bg50.exe

How to detect Baigoo:

Files:
[%SYSTEM%]\rv40.dll
[%SYSTEM%]\bg50.exe
[%SYSTEM%]\rv40.dll
[%SYSTEM%]\bg50.exe

Folders:
[%PROGRAM_FILES%]\baigoo

Registry Keys:
HKEY_CLASSES_ROOT\appid\{40ef7ccc-71fe-4615-a0ca-d373f8c2ac88}
HKEY_CLASSES_ROOT\bgoobho.status
HKEY_CLASSES_ROOT\bgoobho.status.1
HKEY_CLASSES_ROOT\bgoosrv.htmlpaser
HKEY_CLASSES_ROOT\bgoosrv.htmlpaser.1
HKEY_CLASSES_ROOT\clsid\{18439a22-67a7-4a82-abb6-82977555ac9b}
HKEY_CLASSES_ROOT\interface\{0bfd5815-6072-41d8-bca5-7768ed97a079}
HKEY_CLASSES_ROOT\interface\{32cfa498-08be-4bb7-b362-85ee3bed4617}
HKEY_CLASSES_ROOT\interface\{5cd25f44-7f74-432d-aa30-4031fe28c326}
HKEY_CLASSES_ROOT\typelib\{6b01a4af-1ab1-47fe-bf1b-1d1583d2b2c0}
HKEY_CLASSES_ROOT\baigooex.update
HKEY_CLASSES_ROOT\baigooex.update.1
HKEY_CLASSES_ROOT\baigoopm.bhohelper
HKEY_CLASSES_ROOT\baigoopm.bhohelper.1
HKEY_CLASSES_ROOT\baigoopm.browserobject
HKEY_CLASSES_ROOT\baigoopm.browserobject.1
HKEY_CLASSES_ROOT\clsid\{7905958a-18c2-4139-9957-ae6f2b754818}
HKEY_CLASSES_ROOT\clsid\{7bdaf75a-0d6f-4f50-afe9-333d08df4005}
HKEY_CLASSES_ROOT\clsid\{808eaf87-61b8-4eea-8b85-27480d1bdbee}
HKEY_CLASSES_ROOT\clsid\{8816ea7a-5944-4277-b98e-2c0a46fb36e9}
HKEY_CLASSES_ROOT\interface\{427263c1-fe45-4ef7-8765-318395f7d795}
HKEY_CLASSES_ROOT\interface\{73d898cc-32ae-4c08-a4ba-2142fccdb9ce}
HKEY_CLASSES_ROOT\interface\{a20b50fb-d4b9-4637-83db-72253a2e3d53}
HKEY_CLASSES_ROOT\typelib\{9dc44a38-b772-47f8-a406-054f842ec7c5}
HKEY_CURRENT_USER\software\baigoo
HKEY_LOCAL_MACHINE\software\baigoo
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7bdaf75a-0d6f-4f50-afe9-333d08df4005}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8465d755-afe0-40ef-bc5e-2290d2c1f31f}

Registry Values:
HKEY_CLASSES_ROOT\appid\mtsrv.exe
HKEY_CLASSES_ROOT\appid\mtsrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{6c893032-1e26-4409-ba26-ed6c6007dca6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{6c893032-1e26-4409-ba26-ed6c6007dca6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{6c893032-1e26-4409-ba26-ed6c6007dca6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{6c893032-1e26-4409-ba26-ed6c6007dca6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{6c893032-1e26-4409-ba26-ed6c6007dca6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{6c893032-1e26-4409-ba26-ed6c6007dca6}

Removing Baigoo:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Armagedon Trojan Cleaner
Bancos.IHL Trojan Removal
Peefim Downloader Information
Pigeon.EUV Trojan Removal

Volkoser Trojan

Removing Volkoser
Categories: Trojan,Backdoor
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

---

Volkoser Also known as:

[Kaspersky]Backdoor.Volkoser.01;
[Panda]Backdoor Program

How to detect Volkoser:

Folders:
[%WINDOWS%]\temp\adware

Removing Volkoser:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Remove Hate Trojan
Meyfew Trojan Removal instruction
Remove Packus Trojan
Win32.DiskFlood Trojan Symptoms
Remove VCatch Trojan

Screen.Spy Spyware

Removing Screen.Spy
Categories: Spyware
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

---

Visible Symptoms:
Files in system folders:
[%COMMON_PROGRAMS%]\VirtualLTD\CopDad 1.2\CopDad.lnk
[%COMMON_PROGRAMS%]\VirtualLTD\CopDad 1.2\Uninstall.lnk
[%DESKTOP%]\CopDad.lnk
[%PROGRAMS%]\Screen Spy\Screen Spy Uninstall.lnk
[%PROGRAMS%]\Screen Spy\Screen Spy.lnk
[%SYSTEM%]\svc_copdadnotify.exe
[%SYSTEM%]\WSpyNotify.dll
[%COMMON_PROGRAMS%]\VirtualLTD\CopDad 1.2\CopDad.lnk
[%COMMON_PROGRAMS%]\VirtualLTD\CopDad 1.2\Uninstall.lnk
[%DESKTOP%]\CopDad.lnk
[%PROGRAMS%]\Screen Spy\Screen Spy Uninstall.lnk
[%PROGRAMS%]\Screen Spy\Screen Spy.lnk
[%SYSTEM%]\svc_copdadnotify.exe
[%SYSTEM%]\WSpyNotify.dll

How to detect Screen.Spy:

Files:
[%COMMON_PROGRAMS%]\VirtualLTD\CopDad 1.2\CopDad.lnk
[%COMMON_PROGRAMS%]\VirtualLTD\CopDad 1.2\Uninstall.lnk
[%DESKTOP%]\CopDad.lnk
[%PROGRAMS%]\Screen Spy\Screen Spy Uninstall.lnk
[%PROGRAMS%]\Screen Spy\Screen Spy.lnk
[%SYSTEM%]\svc_copdadnotify.exe
[%SYSTEM%]\WSpyNotify.dll
[%COMMON_PROGRAMS%]\VirtualLTD\CopDad 1.2\CopDad.lnk
[%COMMON_PROGRAMS%]\VirtualLTD\CopDad 1.2\Uninstall.lnk
[%DESKTOP%]\CopDad.lnk
[%PROGRAMS%]\Screen Spy\Screen Spy Uninstall.lnk
[%PROGRAMS%]\Screen Spy\Screen Spy.lnk
[%SYSTEM%]\svc_copdadnotify.exe
[%SYSTEM%]\WSpyNotify.dll

Folders:
[%PROGRAMS%]\VirtualLTD\CopDad 1.2
[%PROGRAM_FILES%]\VirtualLTD\CopDad\1.2\ScreenSpy
[%SYSTEM%]\ScreenRX

Registry Keys:
HKEY_CLASSES_ROOT\appid\usernotificationservice.exe
HKEY_CLASSES_ROOT\appid\{4c6aade3-6d03-4869-b1a5-4750e8119187}
HKEY_CLASSES_ROOT\clsid\{44c2335c-d46e-4b26-9992-2f85007d2c0c}
HKEY_CLASSES_ROOT\installer\assemblies\[%PROGRAM_FILES%]\virtualltd\copdad\1.2\screenspy\en-us\vl.copdad.resources.dll
HKEY_CLASSES_ROOT\installer\assemblies\[%PROGRAM_FILES%]\virtualltd\copdad\1.2\screenspy\en-us\vl.screenspy.gui.resources.dll
HKEY_CLASSES_ROOT\installer\assemblies\[%PROGRAM_FILES%]\virtualltd\copdad\1.2\screenspy\fr-fr\vl.copdad.resources.dll
HKEY_CLASSES_ROOT\installer\assemblies\[%PROGRAM_FILES%]\virtualltd\copdad\1.2\screenspy\fr-fr\vl.screenspy.gui.resources.dll
HKEY_CLASSES_ROOT\installer\assemblies\[%PROGRAM_FILES%]\virtualltd\copdad\1.2\screenspy\svc_copdad.exe
HKEY_CLASSES_ROOT\installer\assemblies\[%PROGRAM_FILES%]\virtualltd\copdad\1.2\screenspy\svc_copdadnotify.exe
HKEY_CLASSES_ROOT\installer\assemblies\[%PROGRAM_FILES%]\virtualltd\copdad\1.2\screenspy\vl.controls.dll
HKEY_CLASSES_ROOT\installer\assemblies\[%PROGRAM_FILES%]\virtualltd\copdad\1.2\screenspy\vl.copdad.exe
HKEY_CLASSES_ROOT\installer\assemblies\[%PROGRAM_FILES%]\virtualltd\copdad\1.2\screenspy\vl.copdad.server.dll
HKEY_CLASSES_ROOT\installer\assemblies\[%PROGRAM_FILES%]\virtualltd\copdad\1.2\screenspy\vl.data.dll
HKEY_CLASSES_ROOT\installer\assemblies\[%PROGRAM_FILES%]\virtualltd\copdad\1.2\screenspy\vl.dll
HKEY_CLASSES_ROOT\installer\assemblies\[%PROGRAM_FILES%]\virtualltd\copdad\1.2\screenspy\vl.screenspy.dll
HKEY_CLASSES_ROOT\installer\assemblies\[%PROGRAM_FILES%]\virtualltd\copdad\1.2\screenspy\vl.screenspy.gui.dll
HKEY_CLASSES_ROOT\installer\assemblies\[%PROGRAM_FILES%]\virtualltd\copdad\1.2\screenspy\vl.screenspy.screencapture.dll
HKEY_CLASSES_ROOT\installer\assemblies\[%PROGRAM_FILES%]\virtualltd\copdad\1.2\screenspy\vl.utilitylibrary.dll
HKEY_CLASSES_ROOT\installer\assemblies\[%SYSTEM%]\svc_copdadnotify.exe
HKEY_CLASSES_ROOT\installer\assemblies\[%SYSTEM%]\wspynotify.dll
HKEY_CLASSES_ROOT\installer\features\3f4d9c16cddd31c43a6f7f27526a3c69
HKEY_CLASSES_ROOT\installer\products\3f4d9c16cddd31c43a6f7f27526a3c69
HKEY_CLASSES_ROOT\installer\upgradecodes\feb8a0addbee86a40a842039fbdffe15
HKEY_CLASSES_ROOT\interface\{8612bb6d-e63f-4f01-a8d0-466e55700a09}
HKEY_CLASSES_ROOT\typelib\{07d9341d-a478-4e28-af7c-57bbcbfbd8a9}
HKEY_CLASSES_ROOT\usernotificationservice.usernotificat.1
HKEY_CURRENT_USER\software\microsoft\installer\assemblies\[%PROGRAM_FILES%]\virtualltd\copdad\1.2\screenspy\en-us\vl.copdad.resources.dll
HKEY_CURRENT_USER\software\microsoft\installer\assemblies\[%PROGRAM_FILES%]\virtualltd\copdad\1.2\screenspy\en-us\vl.screenspy.gui.resources.dll
HKEY_CURRENT_USER\software\microsoft\installer\assemblies\[%PROGRAM_FILES%]\virtualltd\copdad\1.2\screenspy\fr-fr\vl.copdad.resources.dll
HKEY_CURRENT_USER\software\microsoft\installer\assemblies\[%PROGRAM_FILES%]\virtualltd\copdad\1.2\screenspy\fr-fr\vl.screenspy.gui.resources.dll
HKEY_CURRENT_USER\software\microsoft\installer\assemblies\[%PROGRAM_FILES%]\virtualltd\copdad\1.2\screenspy\svc_copdad.exe
HKEY_CURRENT_USER\software\microsoft\installer\assemblies\[%PROGRAM_FILES%]\virtualltd\copdad\1.2\screenspy\svc_copdadnotify.exe
HKEY_CURRENT_USER\software\microsoft\installer\assemblies\[%PROGRAM_FILES%]\virtualltd\copdad\1.2\screenspy\vl.controls.dll
HKEY_CURRENT_USER\software\microsoft\installer\assemblies\[%PROGRAM_FILES%]\virtualltd\copdad\1.2\screenspy\vl.copdad.exe
HKEY_CURRENT_USER\software\microsoft\installer\assemblies\[%PROGRAM_FILES%]\virtualltd\copdad\1.2\screenspy\vl.copdad.server.dll
HKEY_CURRENT_USER\software\microsoft\installer\assemblies\[%PROGRAM_FILES%]\virtualltd\copdad\1.2\screenspy\vl.data.dll
HKEY_CURRENT_USER\software\microsoft\installer\assemblies\[%PROGRAM_FILES%]\virtualltd\copdad\1.2\screenspy\vl.dll
HKEY_CURRENT_USER\software\microsoft\installer\assemblies\[%PROGRAM_FILES%]\virtualltd\copdad\1.2\screenspy\vl.screenspy.dll
HKEY_CURRENT_USER\software\microsoft\installer\assemblies\[%PROGRAM_FILES%]\virtualltd\copdad\1.2\screenspy\vl.screenspy.gui.dll
HKEY_CURRENT_USER\software\microsoft\installer\assemblies\[%PROGRAM_FILES%]\virtualltd\copdad\1.2\screenspy\vl.screenspy.screencapture.dll
HKEY_CURRENT_USER\software\microsoft\installer\assemblies\[%PROGRAM_FILES%]\virtualltd\copdad\1.2\screenspy\vl.utilitylibrary.dll
HKEY_CURRENT_USER\software\microsoft\installer\assemblies\[%SYSTEM%]\svc_copdadnotify.exe
HKEY_CURRENT_USER\software\microsoft\installer\assemblies\[%SYSTEM%]\wspynotify.dll
HKEY_CURRENT_USER\software\microsoft\installer\features\3f4d9c16cddd31c43a6f7f27526a3c69
HKEY_CURRENT_USER\software\microsoft\installer\products\3f4d9c16cddd31c43a6f7f27526a3c69
HKEY_CURRENT_USER\software\microsoft\installer\upgradecodes\feb8a0addbee86a40a842039fbdffe15
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\screen spy trial_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{61c9d4f3-dddc-4c13-a3f6-f77225a6c396}
HKEY_LOCAL_MACHINE\software\virtualltd\copdad\10\virtual screen spy
HKEY_LOCAL_MACHINE\system\controlset001\services\copdad 1.0 service
HKEY_LOCAL_MACHINE\system\controlset001\services\eventlog\application\copdad 1.0 service
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\copdad 1.0 service
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\copdad 1.0 service

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\copdad
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Screen.Spy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Free.Keylogger Spyware Symptoms
Sin.Static.Ip RAT Symptoms