Malware Info: 12/04/08

Thursday, December 4, 2008

HuntBar Spyware

Removing HuntBar
Categories: Spyware,BHO,Hijacker,Toolbar
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\downloaded program files\qdow.dll
[%SYSTEM%]\btlink.dll
[%SYSTEM%]\msielink.dll
[%SYSTEM%]\msiets.dll
[%SYSTEM%]\wtoolsb.dll
[%WINDOWS%]\system\btlink.dll
[%WINDOWS%]\system\msielink.dll
[%WINDOWS%]\system\msiets.dll
[%WINDOWS%]\system\wtoolsb.dll
[%WINDOWS%]\downloaded program files\qdow.dll
[%SYSTEM%]\btlink.dll
[%SYSTEM%]\msielink.dll
[%SYSTEM%]\msiets.dll
[%SYSTEM%]\wtoolsb.dll
[%WINDOWS%]\system\btlink.dll
[%WINDOWS%]\system\msielink.dll
[%WINDOWS%]\system\msiets.dll
[%WINDOWS%]\system\wtoolsb.dll

How to detect HuntBar:

Files: [%WINDOWS%]\downloaded program files\qdow.dll [%SYSTEM%]\btlink.dll [%SYSTEM%]\msielink.dll [%SYSTEM%]\msiets.dll [%SYSTEM%]\wtoolsb.dll [%WINDOWS%]\system\btlink.dll [%WINDOWS%]\system\msielink.dll [%WINDOWS%]\system\msiets.dll [%WINDOWS%]\system\wtoolsb.dll [%WINDOWS%]\downloaded program files\qdow.dll [%SYSTEM%]\btlink.dll [%SYSTEM%]\msielink.dll [%SYSTEM%]\msiets.dll [%SYSTEM%]\wtoolsb.dll [%WINDOWS%]\system\btlink.dll [%WINDOWS%]\system\msielink.dll [%WINDOWS%]\system\msiets.dll [%WINDOWS%]\system\wtoolsb.dll

Folders: [%PROGRAM_FILES_COMMON%]\msiets

Registry Keys: HKEY_LOCAL_MACHINE\software\classes\clsid\{d6dff6d8-b94b-4720-b730-1c38c7065c3b} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\explorer bars\{850cd0b8-da33-4558-a8c8-95d7908e37a7} HKEY_CLASSES_ROOT\4107b18517.relatedlinksprotocol HKEY_CLASSES_ROOT\clsid\{0a68c5a2-64ae-4415-88a2-6542304a4745} HKEY_CLASSES_ROOT\clsid\{59450db0-341d-4436-b380-b8377d8b6796} HKEY_CLASSES_ROOT\clsid\{5ab65dd4-01fb-44d5-9537-3767ab80f790} HKEY_CLASSES_ROOT\clsid\{850cd0b8-da33-4558-a8c8-95d7908e37a7} HKEY_CLASSES_ROOT\clsid\{8a05273a-2ea5-42de-aa75-59ea7d9d50d7} HKEY_CLASSES_ROOT\clsid\{a6250fb8-2206-499e-a7aa-e1ec437e71c0} HKEY_CLASSES_ROOT\clsid\{d6e66235-7aa6-44ed-a06c-6f2033b1d993} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{0a68c5a2-64ae-4415-88a2-6542304a4745} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{63b78bc1-a711-4d46-ad2f-c581ac420d41} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{8952a998-1e7e-4716-b23d-3dbe03910972} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{a6250fb8-2206-499e-a7aa-e1ec437e71c0} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{d6dff6d8-b94b-4720-b730-1c38c7065c3b} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{d6e66235-7aa6-44ed-a06c-6f2033b1d993} HKEY_CLASSES_ROOT\typelib\{26e8361f-bce7-4f75-a347-98c88b418328} HKEY_CLASSES_ROOT\typelib\{d6dff6d8-b94b-4720-b730-1c38c7065c3b} HKEY_CURRENT_USER\software\msiets HKEY_CURRENT_USER\software\msietslink HKEY_LOCAL_MACHINE\software\classes\clsid\{0a68c5a2-64ae-4415-88a2-6542304a4745} HKEY_LOCAL_MACHINE\software\classes\clsid\{63b78bc1-a711-4d46-ad2f-c581ac420d41} HKEY_LOCAL_MACHINE\software\classes\clsid\{8a05273a-2ea5-42de-aa75-59ea7d9d50d7} HKEY_LOCAL_MACHINE\software\classes\clsid\{a6250fb8-2206-499e-a7aa-e1ec437e71c0} HKEY_LOCAL_MACHINE\software\classes\clsid\{d6e66235-7aa6-44ed-a06c-6f2033b1d993} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0a68c5a2-64ae-4415-88a2-6542304a4745} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{a6250fb8-2206-499e-a7aa-e1ec437e71c0} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d6e66235-7aa6-44ed-a06c-6f2033b1d993} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\msielink_404 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\msielink_dll

Registry Values: HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar

Removing HuntBar:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bancos.HYY Trojan Symptoms
Servsax Trojan Symptoms
USPS Tracking Cookie Removal

Internal.Revise Trojan

Removing Internal.Revise
Categories: Trojan,Backdoor,RAT
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:

Launching/ deleting files

Sending/ receiving files

Deleting data

Displaying notification

Rebooting the machine

Executing files

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.

Internal.Revise Also known as:


[Kaspersky]Backdoor.InternalRevise.10,Backdoor.Win32.InternalRevise.10;
[Eset]Win32/DarkConnection.1_2.Server trojan;
[McAfee]BackDoor-TB;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/InternalRevise.10;
[Computer Associates]Backdoor/InternalRevise.10!Serve,Win32.InternalRevise.10

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\system\systray32c.exe
[%WINDOWS%]\system\systray32c.exe

How to detect Internal.Revise:

Files: [%WINDOWS%]\system\systray32c.exe [%WINDOWS%]\system\systray32c.exe

Removing Internal.Revise:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
All.in.One.Keylogger Spyware Removal
Cupomaple Trojan Removal instruction

Couponica Adware

Removing Couponica
Categories: Adware,BHO,Downloader
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

How to detect Couponica:

Folders: [%PROGRAM_FILES%]\couponica

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Couponica:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Matcash Trojan Cleaner
Kubik Trojan Removal instruction
Pigeon.ADH Trojan Symptoms
LoudMarketing.WinFavorites Adware Removal instruction

GoToMyPC RAT

Removing GoToMyPC
Categories: RAT
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.

How to detect GoToMyPC:

Folders: [%PROGRAM_FILES%]\citrix\gotomypc [%PROGRAM_FILES%]\expertcity\gotomypc

Registry Keys: HKEY_CLASSES_ROOT\gotomypc.starthereloader HKEY_CLASSES_ROOT\gotomypc.starthereloader.1 HKEY_LOCAL_MACHINE\software\citrix\gotomypc HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gotomypc HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\g2svc.exe HKEY_LOCAL_MACHINE\system\currentcontrolset\control\print\monitors\gotomypc port HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gotomypc

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing GoToMyPC:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
AClient Adware Symptoms

Comet Adware

Removing Comet
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:

 
[%MYPICTURES%]\Funstuff\sinstaller2.exe
[%PROGRAM_FILES%]\Screensavers.com\SSSInst\bin\SSSInst.dll
[%PROGRAM_FILES%]\Screensavers.com\SSSInst\temp\pltbinst.exe
[%MYPICTURES%]\Funstuff\sinstaller2.exe
[%PROGRAM_FILES%]\Screensavers.com\SSSInst\bin\SSSInst.dll
[%PROGRAM_FILES%]\Screensavers.com\SSSInst\temp\pltbinst.exe

How to detect Comet:

Files: [%MYPICTURES%]\Funstuff\sinstaller2.exe [%PROGRAM_FILES%]\Screensavers.com\SSSInst\bin\SSSInst.dll [%PROGRAM_FILES%]\Screensavers.com\SSSInst\temp\pltbinst.exe [%MYPICTURES%]\Funstuff\sinstaller2.exe [%PROGRAM_FILES%]\Screensavers.com\SSSInst\bin\SSSInst.dll [%PROGRAM_FILES%]\Screensavers.com\SSSInst\temp\pltbinst.exe

Registry Keys: HKEY_CLASSES_ROOT\CLSID\{722D2939-A14A-41A9-9EAC-AB8F4E295819} HKEY_CLASSES_ROOT\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa} HKEY_CLASSES_ROOT\interface\{760aca60-79c3-4875-9d19-b14a5b3fea77} HKEY_CLASSES_ROOT\interface\{883ea659-ed80-46f9-9ed2-83327f67789f} HKEY_CLASSES_ROOT\interface\{b64c73d7-459e-4816-91f9-1348f8e36984} HKEY_CLASSES_ROOT\screensaversinstaller.installer HKEY_CLASSES_ROOT\screensaversinstaller.sinstaller HKEY_CLASSES_ROOT\typelib\{0ab5b0d8-2b74-4c1c-8fa4-e52550b8b45b} HKEY_CLASSES_ROOT\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}

Removing Comet:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
ModalDigits Trojan Removal
Remove Outerinfo Malware
SillyDl.DOC Trojan Symptoms
ZZ Backdoor Removal

IntraKey Spyware

Removing IntraKey
Categories: Spyware
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

Visible Symptoms:
Files in system folders:

 
[%DESKTOP%]\intrakey.lnk
[%DESKTOP%]\intrakey.lnk

How to detect IntraKey:

Files: [%DESKTOP%]\intrakey.lnk [%DESKTOP%]\intrakey.lnk

Folders: [%PROGRAMS%]\intrakey [%PROGRAM_FILES%]\intrakey

Registry Keys: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\intrakey_is1

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing IntraKey:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing BargainBuddy Adware

Xupiter.Orbitexplorer Adware

Removing Xupiter.Orbitexplorer
Categories: Adware,BHO,Hijacker,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

Xupiter.Orbitexplorer Also known as:


[Kaspersky]TrojanDownloader.Win32.Comet;
[Panda]Adware/Comet

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\bobsaver.exe
[%WINDOWS%]\bobsaver.scr
[%SYSTEM%]\redirector.dll
[%WINDOWS%]\downloaded program files\conflict.1\oeloader.dll
[%WINDOWS%]\downloaded program files\conflict.1\oeloader.exe
[%WINDOWS%]\Downloaded Program Files\OELoader.dll
[%WINDOWS%]\downloaded program files\oeloader.exe
[%WINDOWS%]\downloaded program files\oeloader.inf
[%WINDOWS%]\system\redirector.dll
[%WINDOWS%]\bobsaver.exe
[%WINDOWS%]\bobsaver.scr
[%SYSTEM%]\redirector.dll
[%WINDOWS%]\downloaded program files\conflict.1\oeloader.dll
[%WINDOWS%]\downloaded program files\conflict.1\oeloader.exe
[%WINDOWS%]\Downloaded Program Files\OELoader.dll
[%WINDOWS%]\downloaded program files\oeloader.exe
[%WINDOWS%]\downloaded program files\oeloader.inf
[%WINDOWS%]\system\redirector.dll

How to detect Xupiter.Orbitexplorer:

Files: [%WINDOWS%]\bobsaver.exe [%WINDOWS%]\bobsaver.scr [%SYSTEM%]\redirector.dll [%WINDOWS%]\downloaded program files\conflict.1\oeloader.dll [%WINDOWS%]\downloaded program files\conflict.1\oeloader.exe [%WINDOWS%]\Downloaded Program Files\OELoader.dll [%WINDOWS%]\downloaded program files\oeloader.exe [%WINDOWS%]\downloaded program files\oeloader.inf [%WINDOWS%]\system\redirector.dll [%WINDOWS%]\bobsaver.exe [%WINDOWS%]\bobsaver.scr [%SYSTEM%]\redirector.dll [%WINDOWS%]\downloaded program files\conflict.1\oeloader.dll [%WINDOWS%]\downloaded program files\conflict.1\oeloader.exe [%WINDOWS%]\Downloaded Program Files\OELoader.dll [%WINDOWS%]\downloaded program files\oeloader.exe [%WINDOWS%]\downloaded program files\oeloader.inf [%WINDOWS%]\system\redirector.dll

Folders: [%PROGRAM_FILES%]\oe [%PROGRAM_FILES%]\orbit [%PROGRAM_FILES_COMMON%]\oe

Registry Keys: HKEY_CLASSES_ROOT\clsid\{341fb59f-3507-443b-8147-423b4e3b2b15} HKEY_CLASSES_ROOT\interface\{030a8576-686b-479a-af79-94b9fea79bc5} HKEY_CLASSES_ROOT\interface\{1d22a25e-b181-4aee-88ff-2209f7c24fcb} HKEY_CLASSES_ROOT\interface\{ec99cbb3-6275-4923-bc54-8f27ac45f577} HKEY_CLASSES_ROOT\oesearch.oesearchhook HKEY_CLASSES_ROOT\oesearch.oesearchhook.1 HKEY_CLASSES_ROOT\toolbar.band.1 HKEY_CLASSES_ROOT\typelib\{8594cb7b-5a4b-414c-b40f-6c42152b4d2b} HKEY_CLASSES_ROOT\typelib\{92a0bfef-d370-4d4f-ba70-f0c0afb19b9f} HKEY_CLASSES_ROOT\typelib\{ecc4ab37-565f-4424-8802-e4bc7766ba58} HKEY_CLASSES_ROOT\update.redirector HKEY_CLASSES_ROOT\update.redirector.1 HKEY_LOCAL_MACHINE\software\classes\appid\{bac984c9-78c8-4105-9e97-1675a4052686} HKEY_LOCAL_MACHINE\software\classes\bho.csbho HKEY_LOCAL_MACHINE\software\classes\bho.csbho.1 HKEY_LOCAL_MACHINE\software\classes\clsid\{062efa85-8bbb-11d3-80d0-00500487b1c5} HKEY_LOCAL_MACHINE\software\classes\clsid\{0922ec1a-9ec7-11d3-80b9-00500487bdba} HKEY_LOCAL_MACHINE\software\classes\clsid\{0e42926e-96d8-11d3-80d5-00500487b1c5} HKEY_LOCAL_MACHINE\software\classes\clsid\{0e429272-96d8-11d3-80d5-00500487b1c5} HKEY_LOCAL_MACHINE\software\classes\clsid\{1678f7e1-c422-11d0-ad7d-00400515caaa} HKEY_LOCAL_MACHINE\software\classes\clsid\{16bc6464-196a-4bab-a14b-f69f8a0a60f7} HKEY_LOCAL_MACHINE\software\classes\clsid\{197ab1d7-a7dd-4c86-a938-1fcc0db21b85} HKEY_LOCAL_MACHINE\software\classes\clsid\{212b99a1-9cf6-11d3-80b7-00500487bdba} HKEY_LOCAL_MACHINE\software\classes\clsid\{39e01e09-2b45-11d4-810d-00500487b1c5} HKEY_LOCAL_MACHINE\software\classes\clsid\{941228b3-3ad1-4633-a9f5-59154cb362d4} HKEY_LOCAL_MACHINE\software\classes\clsid\{a335d52f-d489-472d-9eaa-d72a40aaf7ca} HKEY_LOCAL_MACHINE\software\classes\clsid\{cbe7d5e7-90a2-11d3-80d1-00500487b1c5} HKEY_LOCAL_MACHINE\software\classes\clsid\{cd74b159-a1d3-11d3-80bc-00500487bdba} HKEY_LOCAL_MACHINE\software\classes\clsid\{e28fcb54-8c8e-11d3-80d1-00500487b1c5} HKEY_LOCAL_MACHINE\software\classes\clsid\{e5c39db9-9dcc-11d3-80d6-00500487b1c5} HKEY_LOCAL_MACHINE\software\classes\clsid\{edee4ccb-0913-4cc9-8ea9-3ddd87ab8bde} HKEY_LOCAL_MACHINE\software\classes\clsid\{f59c663d-e891-492c-86e3-0758c71885c2} HKEY_LOCAL_MACHINE\software\classes\cometietoolbar.comettoolbar HKEY_LOCAL_MACHINE\software\classes\cometietoolbar.comettoolbar.1 HKEY_LOCAL_MACHINE\software\classes\core.bho1 HKEY_LOCAL_MACHINE\software\classes\core.bho1.1 HKEY_LOCAL_MACHINE\software\classes\core.browserappproxy HKEY_LOCAL_MACHINE\software\classes\core.browserappproxy.1 HKEY_LOCAL_MACHINE\software\classes\core.cometcursor HKEY_LOCAL_MACHINE\software\classes\core.cometcursor.1 HKEY_LOCAL_MACHINE\software\classes\core.cometframe HKEY_LOCAL_MACHINE\software\classes\core.cometframe.1 HKEY_LOCAL_MACHINE\software\classes\core.cometwindow HKEY_LOCAL_MACHINE\software\classes\core.cometwindow.1 HKEY_LOCAL_MACHINE\software\classes\core.cs15cursor HKEY_LOCAL_MACHINE\software\classes\core.cs15cursor.1 HKEY_LOCAL_MACHINE\software\classes\core.fileinfo HKEY_LOCAL_MACHINE\software\classes\core.fileinfo.1 HKEY_LOCAL_MACHINE\software\classes\core.httpcomm HKEY_LOCAL_MACHINE\software\classes\core.httpcomm.1 HKEY_LOCAL_MACHINE\software\classes\core.mybrowser1 HKEY_LOCAL_MACHINE\software\classes\core.mybrowser1.1 HKEY_LOCAL_MACHINE\software\classes\core.selfupdater HKEY_LOCAL_MACHINE\software\classes\core.selfupdater.1 HKEY_LOCAL_MACHINE\software\classes\core.system HKEY_LOCAL_MACHINE\software\classes\core.system.1 HKEY_LOCAL_MACHINE\software\classes\core.windowproxy HKEY_LOCAL_MACHINE\software\classes\core.windowproxy.1 HKEY_LOCAL_MACHINE\software\classes\csband.horizontalieband HKEY_LOCAL_MACHINE\software\classes\csband.horizontalieband.1 HKEY_LOCAL_MACHINE\software\classes\csband.verticalieband HKEY_LOCAL_MACHINE\software\classes\csband.verticalieband.1 HKEY_LOCAL_MACHINE\software\classes\cssecurity.htmlsecurity HKEY_LOCAL_MACHINE\software\classes\cssecurity.htmlsecurity.1 HKEY_LOCAL_MACHINE\software\classes\dmproxy.dmproxyctl HKEY_LOCAL_MACHINE\software\classes\dmproxy.dmproxyctl.1 HKEY_LOCAL_MACHINE\software\classes\dmserver.dmnotify HKEY_LOCAL_MACHINE\software\classes\dmserver.dmnotify.1 HKEY_LOCAL_MACHINE\software\classes\interface\{012b0571-2cd6-11d4-810d-00500487b1c5} HKEY_LOCAL_MACHINE\software\classes\interface\{062efa84-8bbb-11d3-80d0-00500487b1c5} HKEY_LOCAL_MACHINE\software\classes\interface\{0922ec19-9ec7-11d3-80b9-00500487bdba} HKEY_LOCAL_MACHINE\software\classes\interface\{0e42926f-96d8-11d3-80d5-00500487b1c5} HKEY_LOCAL_MACHINE\software\classes\interface\{0e429271-96d8-11d3-80d5-00500487b1c5} HKEY_LOCAL_MACHINE\software\classes\interface\{1348e05a-21c7-4134-b4a4-3c12234fca3f} HKEY_LOCAL_MACHINE\software\classes\interface\{1e587528-41aa-4f19-97e8-bb75acc3035c} HKEY_LOCAL_MACHINE\software\classes\interface\{212b99a0-9cf6-11d3-80b7-00500487bdba} HKEY_LOCAL_MACHINE\software\classes\interface\{29089b98-af05-4769-b627-86a745d4b672} HKEY_LOCAL_MACHINE\software\classes\interface\{2da93e50-9d08-11d3-80d5-00500487b1c5} HKEY_LOCAL_MACHINE\software\classes\interface\{2fcfb3fd-7184-4c42-aed3-30fff0119964} HKEY_LOCAL_MACHINE\software\classes\interface\{34fdd882-5530-4a90-89cd-416612c8855e} HKEY_LOCAL_MACHINE\software\classes\interface\{43f1b4ad-92ef-4db3-bda9-12335b012dd0} HKEY_LOCAL_MACHINE\software\classes\interface\{4a0f42b7-a61b-4131-bf41-bf05a2635bfd} HKEY_LOCAL_MACHINE\software\classes\interface\{50d7c4ab-3c82-11d4-8111-00500487b1c5} HKEY_LOCAL_MACHINE\software\classes\interface\{58c59f56-ca66-4b5d-9132-ecea5193be5a} HKEY_LOCAL_MACHINE\software\classes\interface\{665abe65-2c16-4341-b4b8-01ff799e8f4c} HKEY_LOCAL_MACHINE\software\classes\interface\{788e0d0e-caf7-473b-9183-76be6d30dc9a} HKEY_LOCAL_MACHINE\software\classes\interface\{7aa7d1c3-f0f8-460c-936d-b5886d0928eb} HKEY_LOCAL_MACHINE\software\classes\interface\{7f0f5da6-84cb-11d4-8137-00500487b1c5} HKEY_LOCAL_MACHINE\software\classes\interface\{832786ec-9632-4919-8972-59f79d621c87} HKEY_LOCAL_MACHINE\software\classes\interface\{899be974-d575-48bb-a9c7-1d24e8042be4} HKEY_LOCAL_MACHINE\software\classes\interface\{8bee173b-c006-4f0e-acd2-84a882bebcff} HKEY_LOCAL_MACHINE\software\classes\interface\{910e67a6-bd53-46df-8434-41498b7d22f7} HKEY_LOCAL_MACHINE\software\classes\interface\{9464c98e-b5f1-4c6a-bd3f-9696e3bd081e} HKEY_LOCAL_MACHINE\software\classes\interface\{97284959-a553-4576-859c-b3b3ff283de0} HKEY_LOCAL_MACHINE\software\classes\interface\{9dbdd71c-0a7f-48ac-9ffa-e102b3750b9d} HKEY_LOCAL_MACHINE\software\classes\interface\{a0ca55a0-a112-11d3-80d6-00500487b1c5} HKEY_LOCAL_MACHINE\software\classes\interface\{a0ca55a1-a112-11d3-80d6-00500487b1c5} HKEY_LOCAL_MACHINE\software\classes\interface\{a4b977f5-1efc-4da0-b9c2-67c53cba140f} HKEY_LOCAL_MACHINE\software\classes\interface\{a9e67cbe-7a42-47be-962a-c07e73c34fba} HKEY_LOCAL_MACHINE\software\classes\interface\{aeb17fc4-2a52-4945-9866-81cc343a59e3} HKEY_LOCAL_MACHINE\software\classes\interface\{b0db6360-8d7f-11d4-8137-00500487b1c5} HKEY_LOCAL_MACHINE\software\classes\interface\{b0e9399e-fe6f-43b0-98d3-2f47080dde4a} HKEY_LOCAL_MACHINE\software\classes\interface\{bfcbf73b-6eb2-49c1-adca-cf0cd589b140} HKEY_LOCAL_MACHINE\software\classes\interface\{c0cad17e-00a3-4f40-9015-d569c3114ba3} HKEY_LOCAL_MACHINE\software\classes\interface\{c2e56e18-2f04-4ab9-9333-b2db3c350956} HKEY_LOCAL_MACHINE\software\classes\interface\{c4d86dc8-b73b-4470-9914-3dac14ee6f95} HKEY_LOCAL_MACHINE\software\classes\interface\{c7291310-3c8c-11d4-8111-00500487b1c5} HKEY_LOCAL_MACHINE\software\classes\interface\{c81b4b57-b06b-409d-aed0-028051683796} HKEY_LOCAL_MACHINE\software\classes\interface\{cbe7d5e6-90a2-11d3-80d1-00500487b1c5} HKEY_LOCAL_MACHINE\software\classes\interface\{cbe7d5e8-90a2-11d3-80d1-00500487b1c5} HKEY_LOCAL_MACHINE\software\classes\interface\{cd74b15b-a1d3-11d3-80bc-00500487bdba} HKEY_LOCAL_MACHINE\software\classes\interface\{ce2eab19-e31d-43ca-a860-f95a2ca50040} HKEY_LOCAL_MACHINE\software\classes\interface\{d14d6792-9b65-11d3-80b6-00500487bdba} HKEY_LOCAL_MACHINE\software\classes\interface\{dc86768f-5adf-4d84-9de8-fd047b1fe8f5} HKEY_LOCAL_MACHINE\software\classes\interface\{ddd1e8ca-678d-4c9a-a472-ce9578b14dc5} HKEY_LOCAL_MACHINE\software\classes\interface\{e28fcb53-8c8e-11d3-80d1-00500487b1c5} HKEY_LOCAL_MACHINE\software\classes\interface\{e9cbbeed-20b6-456c-8589-cf364d9d2370} HKEY_LOCAL_MACHINE\software\classes\interface\{ea3b6c62-70a6-11d1-b69e-444553540000} HKEY_LOCAL_MACHINE\software\classes\interface\{eb07a6d3-8e36-11d4-8138-00500487b1c5} HKEY_LOCAL_MACHINE\software\classes\interface\{f8c5ea77-7d72-405c-b90a-093655b0f544} HKEY_LOCAL_MACHINE\software\classes\interface\{ffe56921-248b-4c75-9eee-01706310e371} HKEY_LOCAL_MACHINE\software\classes\puk.pukbho HKEY_LOCAL_MACHINE\software\classes\typelib\{062efa78-8bbb-11d3-80d0-00500487b1c5} HKEY_LOCAL_MACHINE\software\classes\typelib\{07fa131e-2eb2-446f-93d2-9f877320010b} HKEY_LOCAL_MACHINE\software\classes\typelib\{32ba13af-001c-456e-8825-8d53077460ac} HKEY_LOCAL_MACHINE\software\classes\typelib\{3f4386e5-2fbe-44a8-81cf-4b792490605f} HKEY_LOCAL_MACHINE\software\classes\typelib\{5d2d50f6-6be2-41a0-b827-1accd3e2e2f7} HKEY_LOCAL_MACHINE\software\classes\typelib\{74232635-a013-49f2-b869-1b1ab932d944} HKEY_LOCAL_MACHINE\software\classes\typelib\{7f0f5d9a-84cb-11d4-8137-00500487b1c5} HKEY_LOCAL_MACHINE\software\classes\typelib\{844c39ec-7ea4-4f11-bce6-28404fd768e3} HKEY_LOCAL_MACHINE\software\classes\typelib\{878ace1b-8db0-4d75-9034-504756ad4215} HKEY_LOCAL_MACHINE\software\classes\typelib\{8fcd3b3f-6f3e-4bb2-9c37-b03b27f71857} HKEY_LOCAL_MACHINE\software\classes\typelib\{bf986691-7f7b-4f94-85e0-20e75350701f} HKEY_LOCAL_MACHINE\software\classes\typelib\{bfa2c963-fc24-4770-8c19-0d5a1cd58df9} HKEY_LOCAL_MACHINE\software\classes\typelib\{c09fb84d-b9ed-43eb-afed-f145c26cb839} HKEY_LOCAL_MACHINE\software\classes\typelib\{d14d6786-9b65-11d3-80b6-00500487bdba} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:\windows\downloaded program files\oeloader.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:\windows\downloaded program files\oeloader.exe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\orbit HKEY_CLASSES_ROOT\clsid\{702ad576-fddb-4d0f-9811-a43252064684} HKEY_CLASSES_ROOT\clsid\{d48f2e28-68e2-4920-9848-d6e6c7ab3eb7} HKEY_CLASSES_ROOT\interface\{229b6742-97c5-4fa1-89d0-0117be82fc39} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{702ad576-fddb-4d0f-9811-a43252064684} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{d48f2e28-68e2-4920-9848-d6e6c7ab3eb7} HKEY_CLASSES_ROOT\sqloader.loader HKEY_CLASSES_ROOT\sqloader.loader.1 HKEY_CLASSES_ROOT\toolbar.band HKEY_CLASSES_ROOT\typelib\{c3e17d0d-593a-457b-a1da-6d082e29323a} HKEY_CURRENT_USER\clsid\{0fda4d2b-7975-405d-8d7c-f5e2247eae80} HKEY_LOCAL_MACHINE\software\classes\clsid\{04fc63f8-ee34-4283-8941-4a11bf17c447} HKEY_LOCAL_MACHINE\software\classes\clsid\{15940f5d-d8bd-49bc-851d-29dcfb166950} HKEY_LOCAL_MACHINE\software\classes\clsid\{37d026c3-84d7-4ac5-a026-c08b7907cacf} HKEY_LOCAL_MACHINE\software\classes\clsid\{4320aeeb-2f2a-4f97-b573-232c6576aa3a} HKEY_LOCAL_MACHINE\software\classes\clsid\{4aa5d526-44d5-4af6-ac53-5ce1534cc40b} HKEY_LOCAL_MACHINE\software\classes\clsid\{64726b8a-0cbe-4f80-90b7-1ca1bc69fcfb} HKEY_LOCAL_MACHINE\software\classes\clsid\{6f2d6a5e-e3e7-4f18-887c-c777650def57} HKEY_LOCAL_MACHINE\software\classes\clsid\{702ad576-fddb-4d0f-9811-a43252064684} HKEY_LOCAL_MACHINE\software\classes\clsid\{7be4e188-dd04-47e4-8c1b-4aa330b18d9f} HKEY_LOCAL_MACHINE\software\classes\clsid\{7f0f5da7-84cb-11d4-8137-00500487b1c5} HKEY_LOCAL_MACHINE\software\classes\clsid\{827a2ece-d76f-4bcc-82ed-d6a287c11211} HKEY_LOCAL_MACHINE\software\classes\clsid\{8ae68b04-d492-4474-a6e2-fd5fe884f4b1} HKEY_LOCAL_MACHINE\software\classes\clsid\{90c61707-c8f8-43db-a25c-c1f4b18ee41e} HKEY_LOCAL_MACHINE\software\classes\clsid\{a5ea242a-442e-4ecb-9cac-97037ccd6ec6} HKEY_LOCAL_MACHINE\software\classes\clsid\{c38fc998-3b1b-4f59-a710-5a6c9cf8bd92} HKEY_LOCAL_MACHINE\software\classes\clsid\{d14d6793-9b65-11d3-80b6-00500487bdba} HKEY_LOCAL_MACHINE\software\classes\clsid\{d48f2e28-68e2-4920-9848-d6e6c7ab3eb7} HKEY_LOCAL_MACHINE\software\classes\clsid\{da0882fb-49a3-4a9e-bb09-5e15347b5647} HKEY_LOCAL_MACHINE\software\classes\clsid\{dfa771a5-2138-48ee-a58e-f782c879af8e} HKEY_LOCAL_MACHINE\software\classes\clsid\{e3a6e4b2-16b4-4f56-a98a-5f4de04ca2be} HKEY_LOCAL_MACHINE\software\classes\clsid\{ea5bb125-a227-40a7-bcaa-652d497c2f65} HKEY_LOCAL_MACHINE\software\classes\clsid\{eb07a6d4-8e36-11d4-8138-00500487b1c5} HKEY_LOCAL_MACHINE\software\classes\clsid\{edc4193f-34ad-4d07-aa87-e3fdb89e3e76} HKEY_LOCAL_MACHINE\software\classes\clsid\{f147ae85-1855-4182-be3a-174160995a40} HKEY_LOCAL_MACHINE\software\classes\clsid\{fe6bc4ef-5676-484b-88ae-883323913256} HKEY_LOCAL_MACHINE\software\classes\cometapputil.cometuievents HKEY_LOCAL_MACHINE\software\classes\cometapputil.cometuievents.1 HKEY_LOCAL_MACHINE\software\classes\comutil.fcparam HKEY_LOCAL_MACHINE\software\classes\comutil.fcparam.1 HKEY_LOCAL_MACHINE\software\classes\comutil.fctcall HKEY_LOCAL_MACHINE\software\classes\comutil.fctcall.1 HKEY_LOCAL_MACHINE\software\classes\contextparser.contextproxy HKEY_LOCAL_MACHINE\software\classes\contextparser.contextproxy.1 HKEY_LOCAL_MACHINE\software\classes\contextparser.contextproxymgr HKEY_LOCAL_MACHINE\software\classes\contextparser.contextproxymgr.1 HKEY_LOCAL_MACHINE\software\classes\contextparser.csregexp HKEY_LOCAL_MACHINE\software\classes\contextparser.csregexp.1 HKEY_LOCAL_MACHINE\software\classes\contextparser.urlcontextparser HKEY_LOCAL_MACHINE\software\classes\contextparser.urlcontextparser.1 HKEY_LOCAL_MACHINE\software\classes\csbrange.byterange HKEY_LOCAL_MACHINE\software\classes\csbrange.byterange.1 HKEY_LOCAL_MACHINE\software\classes\cseng.csengine HKEY_LOCAL_MACHINE\software\classes\cseng.csengine.1 HKEY_LOCAL_MACHINE\software\classes\cseng.cshost HKEY_LOCAL_MACHINE\software\classes\cseng.cshost.1 HKEY_LOCAL_MACHINE\software\classes\cseng.evhandler HKEY_LOCAL_MACHINE\software\classes\cseng.evhandler.1 HKEY_LOCAL_MACHINE\software\classes\csip.cscollection HKEY_LOCAL_MACHINE\software\classes\csip.cscollection.1 HKEY_LOCAL_MACHINE\software\classes\csip.csipdispatch HKEY_LOCAL_MACHINE\software\classes\csip.csipdispatch.1 HKEY_LOCAL_MACHINE\software\classes\csip.csippacket HKEY_LOCAL_MACHINE\software\classes\csip.csippacket.1 HKEY_LOCAL_MACHINE\software\classes\puk.pukbho.1 HKEY_LOCAL_MACHINE\software\classes\skinui.activewindow HKEY_LOCAL_MACHINE\software\classes\skinui.activewindow.1 HKEY_LOCAL_MACHINE\software\classes\skinui.cskinui HKEY_LOCAL_MACHINE\software\classes\skinui.cskinui.1 HKEY_LOCAL_MACHINE\software\classes\skinui.webbrowsersink HKEY_LOCAL_MACHINE\software\classes\skinui.webbrowsersink.1 HKEY_LOCAL_MACHINE\software\classes\skinui.windowshelper HKEY_LOCAL_MACHINE\software\classes\skinui.windowshelper.1 HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{d7b3e460-9968-4191-bd6f-beed1bc18482} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{702ad576-fddb-4d0f-9811-a43252064684} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{702ad576-fddb-4d0f-9811-a43252064684} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d48f2e28-68e2-4920-9848-d6e6c7ab3eb7} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\conflict.1\oeloader.exe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\oeloader.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\oeloader.exe

Registry Values: HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\shellbrowser HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser HKEY_LOCAL_MACHINE\software\classes\appid\dmserver.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\cc2k HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\cc2k HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\shellbrowser HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\shellbrowser HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks HKEY_LOCAL_MACHINE\software\classes\appid\dmserver.exe HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\cc2k HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\cc2k

Removing Xupiter.Orbitexplorer:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Mini.Oblivion Backdoor Removal
QQPass Trojan Removal instruction
Ultimate Defender Ransomware Symptoms

PSW.Delf.cf Trojan

Removing PSW.Delf.cf
Categories: Trojan,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.

PSW.Delf.cf Also known as:


[Panda]Trj/Mirkaa.H

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\dx8.exe
[%SYSTEM%]\dx8.exe

How to detect PSW.Delf.cf:

Files: [%SYSTEM%]\dx8.exe [%SYSTEM%]\dx8.exe

Removing PSW.Delf.cf:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
McMahon Trojan Symptoms
Pigeon.AHT Trojan Information
Remove PCTurboPro Ransomware
Frsk Hijacker Information
Win32.Spy.GWGhost Trojan Removal instruction

Adware.DesktopMedia Hijacker

Removing Adware.DesktopMedia
Categories: Hijacker
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.

Adware.DesktopMedia Also known as:


[Kaspersky]Backdoor.Win32.Agent.amg;
[McAfee]Adware-DesktopMedia

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\drivers\ncio.sys
[%SYSTEM%]\ntfis.exe
[%WINDOWS%]\dataacess.dll
[%WINDOWS%]\imapi.exe
[%SYSTEM%]\drivers\ncio.sys
[%SYSTEM%]\ntfis.exe
[%WINDOWS%]\dataacess.dll
[%WINDOWS%]\imapi.exe

How to detect Adware.DesktopMedia:

Files: [%SYSTEM%]\drivers\ncio.sys [%SYSTEM%]\ntfis.exe [%WINDOWS%]\dataacess.dll [%WINDOWS%]\imapi.exe [%SYSTEM%]\drivers\ncio.sys [%SYSTEM%]\ntfis.exe [%WINDOWS%]\dataacess.dll [%WINDOWS%]\imapi.exe

Registry Keys: HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_file_replication HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_ncio HKEY_LOCAL_MACHINE\system\currentcontrolset\services\file replication HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ncio

Removing Adware.DesktopMedia:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Ac4 Downloader Information
SillyDl.DES Trojan Information
Shutdown Trojan Information

Searchit Hijacker

Removing Searchit
Categories: Hijacker,Toolbar
When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\searchit.dll
[%WINDOWS%]\downloaded program files\srchitbar.dll
[%WINDOWS%]\system\searchit.dll
[%SYSTEM%]\searchit.dll
[%WINDOWS%]\downloaded program files\srchitbar.dll
[%WINDOWS%]\system\searchit.dll

How to detect Searchit:

Files: [%SYSTEM%]\searchit.dll [%WINDOWS%]\downloaded program files\srchitbar.dll [%WINDOWS%]\system\searchit.dll [%SYSTEM%]\searchit.dll [%WINDOWS%]\downloaded program files\srchitbar.dll [%WINDOWS%]\system\searchit.dll

Folders: [%PROGRAM_FILES%]\searchit

Registry Keys: HKEY_LOCAL_MACHINE\software\classes\typelib\{b36cb30a-6ed9-4c62-9a8a-7de9fa234608} HKEY_CLASSES_ROOT\clsid\{0e1230f8-ea50-42a9-983c-d22abc2e0099} HKEY_CLASSES_ROOT\clsid\{6c413541-29a1-4ffe-894c-9d68313c9f73} HKEY_CLASSES_ROOT\clsid\{7b9a715e-9d87-4c21-bf9e-f914f2fa953f} HKEY_CLASSES_ROOT\clsid\{becd7fb6-d67e-4104-a8ad-0dbc10251438} HKEY_CURRENT_USER\software\searchit HKEY_LOCAL_MACHINE\software\classes\clsid\{0e1230f8-ea50-42a9-983c-d22abc2e0099} HKEY_LOCAL_MACHINE\software\classes\clsid\{becd7fb6-d67e-4104-a8ad-0dbc10251438} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{92f02779-6d88-4958-8ad3-83c12d86adc7} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\searchitsearchit HKEY_USERS\.default\software\searchit

Registry Values: HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\toolbartoolbar5ietoolbar HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\toolbartoolbar5ietoolbar

Removing Searchit:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Regap Backdoor Cleaner
Removing AdvertMen Adware
Diedix Trojan Cleaner

Claria.GotSmiley Adware

Removing Claria.GotSmiley
Categories: Adware,Spyware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

Visible Symptoms:
Files in system folders:

 
[%PROFILE_TEMP%]\gsy_temp\about_button.gif
[%PROFILE_TEMP%]\gsy_temp\additem.htm
[%PROFILE_TEMP%]\gsy_temp\add_button.gif
[%PROFILE_TEMP%]\gsy_temp\blank.gif
[%PROFILE_TEMP%]\gsy_temp\emitem.htm
[%PROFILE_TEMP%]\gsy_temp\gain_logo.gif
[%PROFILE_TEMP%]\gsy_temp\gotsmiley.gif
[%PROFILE_TEMP%]\gsy_temp\gsy_banner.htm
[%PROFILE_TEMP%]\gsy_temp\gsy_content_active.htm
[%PROFILE_TEMP%]\GSY_Temp\gsy_footer.htm
[%PROFILE_TEMP%]\gsy_temp\gsy_main.htm
[%PROFILE_TEMP%]\gsy_temp\gsy_main_active.htm
[%PROFILE_TEMP%]\gsy_temp\gsy_newlib_intro_msg.htm
[%PROFILE_TEMP%]\GSY_Temp\gsy_tree.css
[%PROFILE_TEMP%]\gsy_temp\gsy_tree_active.htm
[%PROFILE_TEMP%]\GSY_Temp\gsy_tree_ctl.htm
[%PROFILE_TEMP%]\gsy_temp\help_button.gif
[%PROFILE_TEMP%]\gsy_temp\minus.gif
[%PROFILE_TEMP%]\gsy_temp\plus.gif
[%PROFILE_TEMP%]\gsy_temp\recent_button.gif
[%PROFILE_TEMP%]\gsy_temp\settings_button.gif
[%PROFILE_TEMP%]\gsy_temp\subcat.htm
[%PROGRAMS%]\gotsmiley\get free screensavers.lnk
[%PROGRAMS%]\gotsmiley\gotsmiley settings.lnk
[%PROGRAMS%]\gotsmiley\gotsmiley website.lnk
[%PROGRAMS%]\gotsmiley\gotsmiley.lnk
[%PROGRAMS%]\gotsmiley\upgrade to premium version.lnk
[%PROFILE_TEMP%]\gsy_temp\about_button.gif
[%PROFILE_TEMP%]\gsy_temp\additem.htm
[%PROFILE_TEMP%]\gsy_temp\add_button.gif
[%PROFILE_TEMP%]\gsy_temp\blank.gif
[%PROFILE_TEMP%]\gsy_temp\emitem.htm
[%PROFILE_TEMP%]\gsy_temp\gain_logo.gif
[%PROFILE_TEMP%]\gsy_temp\gotsmiley.gif
[%PROFILE_TEMP%]\gsy_temp\gsy_banner.htm
[%PROFILE_TEMP%]\gsy_temp\gsy_content_active.htm
[%PROFILE_TEMP%]\GSY_Temp\gsy_footer.htm
[%PROFILE_TEMP%]\gsy_temp\gsy_main.htm
[%PROFILE_TEMP%]\gsy_temp\gsy_main_active.htm
[%PROFILE_TEMP%]\gsy_temp\gsy_newlib_intro_msg.htm
[%PROFILE_TEMP%]\GSY_Temp\gsy_tree.css
[%PROFILE_TEMP%]\gsy_temp\gsy_tree_active.htm
[%PROFILE_TEMP%]\GSY_Temp\gsy_tree_ctl.htm
[%PROFILE_TEMP%]\gsy_temp\help_button.gif
[%PROFILE_TEMP%]\gsy_temp\minus.gif
[%PROFILE_TEMP%]\gsy_temp\plus.gif
[%PROFILE_TEMP%]\gsy_temp\recent_button.gif
[%PROFILE_TEMP%]\gsy_temp\settings_button.gif
[%PROFILE_TEMP%]\gsy_temp\subcat.htm
[%PROGRAMS%]\gotsmiley\get free screensavers.lnk
[%PROGRAMS%]\gotsmiley\gotsmiley settings.lnk
[%PROGRAMS%]\gotsmiley\gotsmiley website.lnk
[%PROGRAMS%]\gotsmiley\gotsmiley.lnk
[%PROGRAMS%]\gotsmiley\upgrade to premium version.lnk

How to detect Claria.GotSmiley:

Files: [%PROFILE_TEMP%]\gsy_temp\about_button.gif [%PROFILE_TEMP%]\gsy_temp\additem.htm [%PROFILE_TEMP%]\gsy_temp\add_button.gif [%PROFILE_TEMP%]\gsy_temp\blank.gif [%PROFILE_TEMP%]\gsy_temp\emitem.htm [%PROFILE_TEMP%]\gsy_temp\gain_logo.gif [%PROFILE_TEMP%]\gsy_temp\gotsmiley.gif [%PROFILE_TEMP%]\gsy_temp\gsy_banner.htm [%PROFILE_TEMP%]\gsy_temp\gsy_content_active.htm [%PROFILE_TEMP%]\GSY_Temp\gsy_footer.htm [%PROFILE_TEMP%]\gsy_temp\gsy_main.htm [%PROFILE_TEMP%]\gsy_temp\gsy_main_active.htm [%PROFILE_TEMP%]\gsy_temp\gsy_newlib_intro_msg.htm [%PROFILE_TEMP%]\GSY_Temp\gsy_tree.css [%PROFILE_TEMP%]\gsy_temp\gsy_tree_active.htm [%PROFILE_TEMP%]\GSY_Temp\gsy_tree_ctl.htm [%PROFILE_TEMP%]\gsy_temp\help_button.gif [%PROFILE_TEMP%]\gsy_temp\minus.gif [%PROFILE_TEMP%]\gsy_temp\plus.gif [%PROFILE_TEMP%]\gsy_temp\recent_button.gif [%PROFILE_TEMP%]\gsy_temp\settings_button.gif [%PROFILE_TEMP%]\gsy_temp\subcat.htm [%PROGRAMS%]\gotsmiley\get free screensavers.lnk [%PROGRAMS%]\gotsmiley\gotsmiley settings.lnk [%PROGRAMS%]\gotsmiley\gotsmiley website.lnk [%PROGRAMS%]\gotsmiley\gotsmiley.lnk [%PROGRAMS%]\gotsmiley\upgrade to premium version.lnk [%PROFILE_TEMP%]\gsy_temp\about_button.gif [%PROFILE_TEMP%]\gsy_temp\additem.htm [%PROFILE_TEMP%]\gsy_temp\add_button.gif [%PROFILE_TEMP%]\gsy_temp\blank.gif [%PROFILE_TEMP%]\gsy_temp\emitem.htm [%PROFILE_TEMP%]\gsy_temp\gain_logo.gif [%PROFILE_TEMP%]\gsy_temp\gotsmiley.gif [%PROFILE_TEMP%]\gsy_temp\gsy_banner.htm [%PROFILE_TEMP%]\gsy_temp\gsy_content_active.htm [%PROFILE_TEMP%]\GSY_Temp\gsy_footer.htm [%PROFILE_TEMP%]\gsy_temp\gsy_main.htm [%PROFILE_TEMP%]\gsy_temp\gsy_main_active.htm [%PROFILE_TEMP%]\gsy_temp\gsy_newlib_intro_msg.htm [%PROFILE_TEMP%]\GSY_Temp\gsy_tree.css [%PROFILE_TEMP%]\gsy_temp\gsy_tree_active.htm [%PROFILE_TEMP%]\GSY_Temp\gsy_tree_ctl.htm [%PROFILE_TEMP%]\gsy_temp\help_button.gif [%PROFILE_TEMP%]\gsy_temp\minus.gif [%PROFILE_TEMP%]\gsy_temp\plus.gif [%PROFILE_TEMP%]\gsy_temp\recent_button.gif [%PROFILE_TEMP%]\gsy_temp\settings_button.gif [%PROFILE_TEMP%]\gsy_temp\subcat.htm [%PROGRAMS%]\gotsmiley\get free screensavers.lnk [%PROGRAMS%]\gotsmiley\gotsmiley settings.lnk [%PROGRAMS%]\gotsmiley\gotsmiley website.lnk [%PROGRAMS%]\gotsmiley\gotsmiley.lnk [%PROGRAMS%]\gotsmiley\upgrade to premium version.lnk

Folders: [%PROGRAM_FILES%]\gotsmiley

Registry Keys: HKEY_CURRENT_USER\software\microsoft\office\outlook\addins\gsyoutlookaddin.gsyaddinobj HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\gotsmiley HKEY_CLASSES_ROOT\clsid\{42040532-2221-4ef7-8f16-9779ab7aaa98}

Removing Claria.GotSmiley:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing 123Mania Adware
Remove SearchCentrix.WinDirect Hijacker
BackDoor.CVM.dll Trojan Symptoms
VBS.Muvno Trojan Information
Removing Pigeon.BAF Trojan

Fradwar Adware

Removing Fradwar
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

Fradwar Also known as:


[Kaspersky]AdWare.Win32.WebSearch.bj;
[Other]Trojan.BHO.Xpdrv32,wetgirls

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\camplugin.exe
[%WINDOWS%]\winServices.pif
[%SYSTEM%]\camplugin.exe
[%WINDOWS%]\winServices.pif

How to detect Fradwar:

Files: [%SYSTEM%]\camplugin.exe [%WINDOWS%]\winServices.pif [%SYSTEM%]\camplugin.exe [%WINDOWS%]\winServices.pif

Folders: [%PROGRAM_FILES%]\xpdrv32

Registry Keys: HKEY_CLASSES_ROOT\interface\{6ec7b37a-1592-4820-b547-cbd59ab6cf96} HKEY_CLASSES_ROOT\interface\{9d318d1a-25a3-4789-9174-b60f097e95fe} HKEY_CLASSES_ROOT\interface\{c7f18afa-114b-470a-a781-d2870e9bb69f} HKEY_CLASSES_ROOT\typelib\{31a04fda-8e2c-425e-94c5-77c834fb2d80} HKEY_CLASSES_ROOT\xpdrv32.class HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\xpdrv32 HKEY_CLASSES_ROOT\clsid\{f38696fc-7143-4b0a-9052-a7a96e398d11} HKEY_CLASSES_ROOT\xpdrv32

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Fradwar:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing TrojanDownloader.Win32.Small.lb Downloader
Msudpb.dll BHO Cleaner
Chusk Trojan Removal instruction

Lorofring Trojan

Removing Lorofring
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Lorofring Also known as:


[Kaspersky]Trojan.Win32.Agent.dje;
[Other]Lorofring.C,Lorofring.A

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\kb1111p.dll
[%SYSTEM%]\kb1111p.dll

How to detect Lorofring:

Files: [%SYSTEM%]\kb1111p.dll [%SYSTEM%]\kb1111p.dll

Registry Keys: HKEY_CLASSES_ROOT\clsid\{9c0adb68-353a-61dd-ed09-1d8003a61111}

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks

Removing Lorofring:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove 4Arcade.PBar Toolbar
IST.PowerScan Adware Symptoms

EZSearch Adware

Removing EZSearch
Categories: Adware,BHO
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\ctap7.dll
[%SYSTEM%]\psic2.dll
[%SYSTEM%]\ctap7.dll
[%SYSTEM%]\psic2.dll

How to detect EZSearch:

Files: [%SYSTEM%]\ctap7.dll [%SYSTEM%]\psic2.dll [%SYSTEM%]\ctap7.dll [%SYSTEM%]\psic2.dll

Folders: [%SYSTEM%]\pics

Registry Keys: HKEY_CLASSES_ROOT\clsid\{09860ded-a434-49ea-ad61-427ef7b7f214} HKEY_CLASSES_ROOT\clsid\{b14423ee-8024-4407-8ae8-ca5aeda39b81} HKEY_CLASSES_ROOT\clsid\{b8ab2281-447f-482b-86e9-1f0ed5973637} HKEY_CLASSES_ROOT\clsid\{f0d4ddd6-be12-4718-a543-0f7db6ca600d} HKEY_CLASSES_ROOT\eeeezzzz.csrcbnd HKEY_CLASSES_ROOT\eeeezzzz.csrcbnd.1 HKEY_CLASSES_ROOT\eeeezzzz.hbo HKEY_CLASSES_ROOT\eeeezzzz.hbo.1 HKEY_CLASSES_ROOT\eeeezzzz.inst HKEY_CLASSES_ROOT\eeeezzzz.inst.1 HKEY_CLASSES_ROOT\interface\{079e2ac3-3120-4fea-bc59-4b0fc882d283} HKEY_CLASSES_ROOT\interface\{944f4137-c25c-41bd-aba7-554faaa59f56} HKEY_CLASSES_ROOT\interface\{fb949d1c-821e-4a65-9964-eec8b347aa44} HKEY_CLASSES_ROOT\typelib\{f784f91d-87d4-4897-940d-fb7c6475ebbb} HKEY_CURRENT_USER\software\eeee HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{f0d4ddd6-be12-4718-a543-0f7db6ca600d} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{b14423ee-8024-4407-8ae8-ca5aeda39b81} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]\ezs.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ez

Removing EZSearch:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Group.Sex Adware Removal instruction
MNPol Adware Removal

Adware.LugSearch Hijacker

Removing Adware.LugSearch
Categories: Hijacker
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.

Adware.LugSearch Also known as:


[McAfee]Adware-LugSearch;
[Other]Trojan.Jakposh

How to detect Adware.LugSearch:

Registry Keys: HKEY_CLASSES_ROOT\bho_html.edit_html HKEY_CLASSES_ROOT\CLSID\{14D1A72D-8705-11D8-B120-0040F46CB696} HKEY_CLASSES_ROOT\interface\{14d1a72c-8705-11d8-b120-0040f46cb696} HKEY_CLASSES_ROOT\typelib\{14d1a720-8705-11d8-b120-0040f46cb696} HKEY_CURRENT_USER\software\fid HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14D1A72D-8705-11D8-B120-0040F46CB696} HKEY_CLASSES_ROOT\clsid\{14d1a72d-8705-11d8-b120-0040f46cb696} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{14d1a72d-8705-11d8-b120-0040f46cb696}

Removing Adware.LugSearch:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Iyus Trojan Information

PeopleOnPage Hijacker

Removing PeopleOnPage
Categories: Hijacker,Toolbar
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

PeopleOnPage Also known as:


[Panda]Adware/Envolo

Visible Symptoms:
Files in system folders:

 
[%PROFILE_TEMP%]\autoupdate0\auto_update_install.exe
[%PROFILE_TEMP%]\auf0.exe
[%PROFILE_TEMP%]\AutoUpdate0\setup.inf
[%PROFILE_TEMP%]\AutoUpdate1\setup.inf
[%SYSTEM%]\auto_update_uninstall.exe
[%SYSTEM%]\auto_update_uninstall.log
[%WINDOWS%]\Temp\AutoUpdate1\setup.inf
[%PROFILE%]\locals~1\temp\autoupdate0\auto_update_install.exe
[%PROGRAM_FILES%]\stomps~1\spywar~1\tempfiles\libexpat.dll
[%SYSTEM%]\bi5.exe
[%WINDOWS%]\downloaded program files\activeinstall2.inf
[%WINDOWS%]\downloaded program files\aprload.exe
[%WINDOWS%]\downloaded program files\load.exe
[%WINDOWS%]\windows\system32\auto_update_uninstall.exe
[%PROFILE_TEMP%]\autoupdate0\auto_update_install.exe
[%PROFILE_TEMP%]\auf0.exe
[%PROFILE_TEMP%]\AutoUpdate0\setup.inf
[%PROFILE_TEMP%]\AutoUpdate1\setup.inf
[%SYSTEM%]\auto_update_uninstall.exe
[%SYSTEM%]\auto_update_uninstall.log
[%WINDOWS%]\Temp\AutoUpdate1\setup.inf
[%PROFILE%]\locals~1\temp\autoupdate0\auto_update_install.exe
[%PROGRAM_FILES%]\stomps~1\spywar~1\tempfiles\libexpat.dll
[%SYSTEM%]\bi5.exe
[%WINDOWS%]\downloaded program files\activeinstall2.inf
[%WINDOWS%]\downloaded program files\aprload.exe
[%WINDOWS%]\downloaded program files\load.exe
[%WINDOWS%]\windows\system32\auto_update_uninstall.exe

How to detect PeopleOnPage:

Files: [%PROFILE_TEMP%]\autoupdate0\auto_update_install.exe [%PROFILE_TEMP%]\auf0.exe [%PROFILE_TEMP%]\AutoUpdate0\setup.inf [%PROFILE_TEMP%]\AutoUpdate1\setup.inf [%SYSTEM%]\auto_update_uninstall.exe [%SYSTEM%]\auto_update_uninstall.log [%WINDOWS%]\Temp\AutoUpdate1\setup.inf [%PROFILE%]\locals~1\temp\autoupdate0\auto_update_install.exe [%PROGRAM_FILES%]\stomps~1\spywar~1\tempfiles\libexpat.dll [%SYSTEM%]\bi5.exe [%WINDOWS%]\downloaded program files\activeinstall2.inf [%WINDOWS%]\downloaded program files\aprload.exe [%WINDOWS%]\downloaded program files\load.exe [%WINDOWS%]\windows\system32\auto_update_uninstall.exe [%PROFILE_TEMP%]\autoupdate0\auto_update_install.exe [%PROFILE_TEMP%]\auf0.exe [%PROFILE_TEMP%]\AutoUpdate0\setup.inf [%PROFILE_TEMP%]\AutoUpdate1\setup.inf [%SYSTEM%]\auto_update_uninstall.exe [%SYSTEM%]\auto_update_uninstall.log [%WINDOWS%]\Temp\AutoUpdate1\setup.inf [%PROFILE%]\locals~1\temp\autoupdate0\auto_update_install.exe [%PROGRAM_FILES%]\stomps~1\spywar~1\tempfiles\libexpat.dll [%SYSTEM%]\bi5.exe [%WINDOWS%]\downloaded program files\activeinstall2.inf [%WINDOWS%]\downloaded program files\aprload.exe [%WINDOWS%]\downloaded program files\load.exe [%WINDOWS%]\windows\system32\auto_update_uninstall.exe

Folders: [%PROGRAM_FILES%]\autoupdate

Registry Keys: HKEY_LOCAL_MACHINE\Software\AutoLoader HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\autoupdate HKEY_CLASSES_ROOT\clsid\{a1558b18-f76c-40fe-b358-9e47449f3cfe} HKEY_CLASSES_ROOT\clsid\{b3be5046-8197-48fb-b89f-7c767316d03c} HKEY_CLASSES_ROOT\popad.server HKEY_CLASSES_ROOT\popad.server.1 HKEY_CURRENT_USER\software\microsoft\internet explorer\explorer bars\{8023a3e7-ab95-4c23-8313-0be9842cc70e} HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser\{645fd3bc-c314-4f7a-9d2e-64d62a0fdd78} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\monpop.exe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\amserver HKEY_USERS\.default\software\microsoft\internet explorer\explorer bars\{8023a3e7-ab95-4c23-8313-0be9842cc70e} HKEY_USERS\.default\software\pop

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/aprload.bin HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/aprload.bin HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/load.exe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/load.exe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls HKEY_USERS\.default\software\microsoft\internet explorer\toolbar\webbrowser

Removing PeopleOnPage:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Centenary Trojan
Remove Blaze Trojan
BackDoor.ALP.gen Trojan Cleaner
BuddyPicture Spyware Symptoms

Zango Adware

Removing Zango
Categories: Adware,Hijacker,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

Zango Also known as:


[Kaspersky]Adware.Win32.180Solutions.ax;
[McAfee]Adware-ZangoSA;
[Other]Adware.ZangoSearch,Zango.SearchAssisstant

Visible Symptoms:
Files in system folders:

 
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.2.0\ZbCoreSrv.dll
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.2.0\ZbHostIE.dll
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.2.0\ZbSrv.exe
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.2.0\ZbToolbar.dll
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.3.0\ZbCoreSrv.dll
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.3.0\ZbHostIE.dll
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.3.0\ZbSrv.exe
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.3.0\ZbToolbar.dll
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.3.0\ZbWallpaper.dll
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.2.0\ZbCoreSrv.dll
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.2.0\ZbHostIE.dll
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.2.0\ZbSrv.exe
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.2.0\ZbToolbar.dll
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.3.0\ZbCoreSrv.dll
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.3.0\ZbHostIE.dll
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.3.0\ZbSrv.exe
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.3.0\ZbToolbar.dll
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.3.0\ZbWallpaper.dll

How to detect Zango:

Files: [%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.2.0\ZbCoreSrv.dll [%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.2.0\ZbHostIE.dll [%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.2.0\ZbSrv.exe [%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.2.0\ZbToolbar.dll [%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.3.0\ZbCoreSrv.dll [%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.3.0\ZbHostIE.dll [%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.3.0\ZbSrv.exe [%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.3.0\ZbToolbar.dll [%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.3.0\ZbWallpaper.dll [%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.2.0\ZbCoreSrv.dll [%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.2.0\ZbHostIE.dll [%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.2.0\ZbSrv.exe [%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.2.0\ZbToolbar.dll [%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.3.0\ZbCoreSrv.dll [%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.3.0\ZbHostIE.dll [%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.3.0\ZbSrv.exe [%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.3.0\ZbToolbar.dll [%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.3.0\ZbWallpaper.dll

Folders: [%APPDATA%]\ZangoToolbar [%PROGRAM_FILES%]\ZangoToolbar

Registry Keys: HKEY_CLASSES_ROOT\clsid\{0ebacaf2-e0f9-47a9-98cf-0ecce30b654c} HKEY_CLASSES_ROOT\clsid\{37e5d130-e81c-43e5-a2ad-9c155467f334} HKEY_CLASSES_ROOT\CLSID\{5CBE2611-C31B-401F-89BC-4CBB25E853D7} HKEY_CLASSES_ROOT\clsid\{7585af6a-6d68-4896-a1a1-f23aa8fcf9f1} HKEY_CLASSES_ROOT\clsid\{8109fd3d-d891-4f80-8339-50a4913ace6f} HKEY_CLASSES_ROOT\clsid\{97ce9a1f-672e-4cf4-b483-9de6bcb4cb1e} HKEY_CLASSES_ROOT\clsid\{ac17d2fb-6c7a-47b7-bb3d-ec879bc3c911} HKEY_CLASSES_ROOT\clsid\{cf1a5756-f372-463e-bc20-1d3d58f4b9af} HKEY_CLASSES_ROOT\clsid\{d318484f-1800-441a-8661-a1dea5f8800e} HKEY_CLASSES_ROOT\interface\{06784c15-b640-40f8-aee8-3c1a3c7a899c} HKEY_CLASSES_ROOT\interface\{195ef37c-0ff4-4aef-b51b-47d326f01978} HKEY_CLASSES_ROOT\interface\{1d5df418-73ea-4b20-b0d1-5f9c6c949cb0} HKEY_CLASSES_ROOT\interface\{30022029-2c17-4a99-87d2-a382c674a19d} HKEY_CLASSES_ROOT\interface\{3a6691ea-c844-46f2-9237-1386a85ce119} HKEY_CLASSES_ROOT\interface\{3d2e7662-85fb-4cc1-875c-a624b1aa5d96} HKEY_CLASSES_ROOT\interface\{610e0e95-8f2f-4b71-966e-f91701d4dc2c} HKEY_CLASSES_ROOT\interface\{67a89831-6bc7-4cc0-a2c3-560f9a581e64} HKEY_CLASSES_ROOT\interface\{72feeb09-bb27-46d3-a06d-930d4d544227} HKEY_CLASSES_ROOT\interface\{736918fe-2349-4230-ba9a-1f23649e32ad} HKEY_CLASSES_ROOT\interface\{85e06077-c824-43d0-a8dc-5efb17bc348a} HKEY_CLASSES_ROOT\interface\{89d36231-6bd9-4e20-bba0-fd28c3a83c40} HKEY_CLASSES_ROOT\interface\{972bc913-312c-44b7-aa91-4ae3ec2e264b} HKEY_CLASSES_ROOT\interface\{a0ba9f0f-bcef-49cf-8a8e-d87e19e066f3} HKEY_CLASSES_ROOT\interface\{a53762b6-30f7-469f-ba92-13d63cf09a93} HKEY_CLASSES_ROOT\interface\{b24ff4f6-d327-4208-8840-68ccef7d6125} HKEY_CLASSES_ROOT\interface\{bd31df26-7178-41f4-88dd-f16b82d827ca} HKEY_CLASSES_ROOT\interface\{c4db76d5-b430-4652-8599-7cd2c8fe6cc6} HKEY_CLASSES_ROOT\interface\{e4662b0a-da6b-4408-a73b-5a2bbb2b0cc8} HKEY_CLASSES_ROOT\interface\{e775c662-85d0-438e-82f0-6bce20a8e154} HKEY_CLASSES_ROOT\interface\{e977de7c-34ea-4876-b333-207c4504589e} HKEY_CLASSES_ROOT\typelib\{049b9813-c417-4a47-a893-604fad16b251} HKEY_CLASSES_ROOT\typelib\{4dbe6b29-59fc-400c-915b-fb57a5cd533e} HKEY_CLASSES_ROOT\typelib\{5937cd7f-1c0b-41e1-9075-60ebdf3c7d34} HKEY_CLASSES_ROOT\typelib\{7586a473-7a57-4641-8155-e87135d0e2f4} HKEY_CLASSES_ROOT\typelib\{dc92ee2e-df2d-4a80-a48b-17377c81cfc2} HKEY_CLASSES_ROOT\zangohook.sabho HKEY_CLASSES_ROOT\zangohook.sabho.1 HKEY_CLASSES_ROOT\zangotoolbar.zbcommband HKEY_CLASSES_ROOT\zangotoolbar.zctoolband HKEY_CLASSES_ROOT\zangotoolbar.zctoolband.1 HKEY_CLASSES_ROOT\zbcoresrv.lfgax HKEY_CLASSES_ROOT\zbcoresrv.zbcoreservices HKEY_CLASSES_ROOT\zbhostie.bho HKEY_CLASSES_ROOT\zbsrv.zbcoreservices HKEY_CLASSES_ROOT\zbtoolbar.zbhtmlmenuui HKEY_CLASSES_ROOT\zbtoolbar.zbtoolbarctl HKEY_CLASSES_ROOT\zbtools.hbmain HKEY_CURRENT_USER\software\zangotoolbar HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\explorer bars\{0ebacaf2-e0f9-47a9-98cf-0ecce30b654c} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CBE2611-C31B-401F-89BC-4CBB25E853D7} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zango toolbar HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zangotoolbarwebtools HKEY_LOCAL_MACHINE\software\zango programs HKEY_LOCAL_MACHINE\software\zangotoolbar HKEY_CLASSES_ROOT\clsid\{5cbe2611-c31b-401f-89bc-4cbb25e853d7} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5cbe2611-c31b-401f-89bc-4cbb25e853d7}

Registry Values: HKEY_CLASSES_ROOT\interface\{06784c15-b640-40f8-aee8-3c1a3c7a899c}\typelib HKEY_CLASSES_ROOT\interface\{195ef37c-0ff4-4aef-b51b-47d326f01978}\typelib HKEY_CLASSES_ROOT\interface\{1d5df418-73ea-4b20-b0d1-5f9c6c949cb0}\typelib HKEY_CURRENT_USER\software\microsoft\internet explorer\explorer bars\{0ebacaf2-e0f9-47a9-98cf-0ecce30b654c} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zangotoolbarwebtools HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zangotoolbarwebtools HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zangotoolbarwebtools HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zangotoolbarwebtools HKEY_CURRENT_USER\software\microsoft\internet explorer\explorer bars\{0ebacaf2-e0f9-47a9-98cf-0ecce30b654c}, barsize=23,01,00,00,00,00,00 HKEY_LOCAL_MACHINE\software\fdlgyaph HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar

Removing Zango:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Sinnum Trojan Cleaner
Remove FDoS.Buwah DoS
Rlsloup Trojan Cleaner

Bancos.IMI Trojan

Removing Bancos.IMI
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Bancos.IMI Also known as:


[Kaspersky]Trojan-Spy.Win32.Banker.awa;
[Other]Infostealer.Banpaes

How to detect Bancos.IMI:

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Bancos.IMI:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Bancos.IMK Trojan
CWS.Svcinit Trojan Information

OmegaSearch Hijacker

Removing OmegaSearch
Categories: Hijacker
A Search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

How to detect OmegaSearch:

Folders: [%WINDOWS%]\bsx32

Registry Keys: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{26dc15e7-ea6e-378b-68aa-cd224b3ad7c3}

Removing OmegaSearch:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing DM Trojan
Vxidl.BAO Trojan Cleaner

Rustock Trojan

Removing Rustock
Categories: Trojan,Downloader
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Trojans-downloaders downloads and installs new malware or adware on the computer.

Rustock Also known as:


[Kaspersky]Trojan-Downloader.Win32.Agent.ayc,Trojan-Clicker.Win32.Contrat.o,Backdoor.Win32.Pakes,Trojan-Clicker.Win32.Constrat.t,Trojan-Dropper.Win32.Agent.bjo,Trojan-Clicker.Win32.Costrat.ae,Trojan-Clicker.Win32.Costrat.bz;
[McAfee]Spam-Mailbot.c;
[Other]Win32/Rustock.I,Backdoor.Rustock.B,Win32/Rustock.J,Win32/Rustock.S,Trojan:Win32/Rustock,Backdoor.Rustock,Rustock.dam,Trojan:Win32/Costrat

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\lzx32.sys
[%SYSTEM%]\xpdx.sys
[%SYSTEM%]\lzx32.sys
[%SYSTEM%]\xpdx.sys

How to detect Rustock:

Files: [%SYSTEM%]\lzx32.sys [%SYSTEM%]\xpdx.sys [%SYSTEM%]\lzx32.sys [%SYSTEM%]\xpdx.sys

Registry Keys: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pe386 HKEY_LOCAL_MACHINE\system\currentcontrolset\services\pe386 HKEY_LOCAL_MACHINE\system\currentcontrolset\services\xpdx

Removing Rustock:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Vxidl.AEI Trojan
Removing Rebrand.ComputerMonitorKeylogger Spyware

FakeAlert.Adobepnl Trojan

Removing FakeAlert.Adobepnl
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

FakeAlert.Adobepnl Also known as:


[Kaspersky]Hoax.Win32.Renos.dm

How to detect FakeAlert.Adobepnl:

Registry Keys: HKEY_CLASSES_ROOT\clsid\{2513a321-cb50-4c5f-91c5-80342afacfb1}\implemented categories HKEY_CLASSES_ROOT\clsid\{2513a321-cb50-4c5f-91c5-80342afacfb1}\programmable HKEY_CLASSES_ROOT\TypeLib\{B8CE2641-0F08-43A1-8F28-3AE65B395CB3} HKEY_CLASSES_ROOT\typelib\{b8ce2641-0f08-43a1-8f28-3ae65b395cb3}

Registry Values: HKEY_CLASSES_ROOT\clsid\{2513a321-cb50-4c5f-91c5-80342afacfb1}\inprocserver32

Removing FakeAlert.Adobepnl:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
TinyKeyLogger Spyware Information
Removing Win32.Prodex Trojan
Removing Fear.and.Hope Backdoor
idregie.com Tracking Cookie Cleaner
Removing Pigeon.AVDC Trojan

180Search Assistant Spyware

Removing 180Search Assistant
Categories: Spyware,Popups
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Adware is the class of programs that place advertisements on your screen.
These may be in the form of pop-ups, pop-unders, advertisements embedded in programs,
advertisements placed on top of ads in web sites, or any other way the authors can
think of showing you an ad.

The pop-ups generally will not be stopped by pop-up stoppers, and often are
not dependent on your having Internet Explorer open.
They may show up when you are playing a game, writing a document, listening to music,
or anything else. Should you be surfing, the advertisements will often be related to
the web page you are viewing.

How to detect 180Search Assistant:

Registry Values: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Removing 180Search Assistant:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SafeShare Worm Symptoms
Removing Win32.Hotmail.C!Flooder!Trojan DoS
SillyDl.ATT Downloader Removal instruction

Miondun Adware

Removing Miondun
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Miondun Also known as:


[Kaspersky]AdWare.Win32.Agent.ak

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\mskey32.dll
[%SYSTEM%]\mskey32.dll

How to detect Miondun:

Files: [%SYSTEM%]\mskey32.dll [%SYSTEM%]\mskey32.dll

Registry Keys: HKEY_CLASSES_ROOT\clsid\{b10343bd-1dc6-442f-9ba2-d44c708cee83} HKEY_CLASSES_ROOT\interface\{1fc812f7-f0d0-4f97-86e3-948deba253ab} HKEY_CLASSES_ROOT\mssconime.conimehlp HKEY_CLASSES_ROOT\typelib\{e272567e-cdff-4106-ad06-b7aa8cf704d9} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{b10343bd-1dc6-442f-9ba2-d44c708cee83}

Removing Miondun:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Mimail Trojan Symptoms
Remove Filitop Trojan
Remove Matcash Trojan
VB.jq Trojan Removal instruction
Remove Ritch Trojan

Net.Raider Trojan

Removing Net.Raider
Categories: Trojan,Backdoor,RAT
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

Net.Raider Also known as:


[Kaspersky]Backdoor.Netraider;
[McAfee]BackDoor-CI;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/NetRaider;
[Computer Associates]Backdoor/Netraider

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\rsrcnrs.exe
[%WINDOWS%]\rsrcnrs.exe

How to detect Net.Raider:

Files: [%WINDOWS%]\rsrcnrs.exe [%WINDOWS%]\rsrcnrs.exe

Removing Net.Raider:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SystemVXD Adware Removal instruction

Lookup Adware

Removing Lookup
Categories: Adware,BHO,Hijacker,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\downloaded program files\ineb.inf
[%WINDOWS%]\ilookup\ttil.exe
[%SYSTEM%]\bundler_mpb_sb.exe
[%SYSTEM%]\gws.dll
[%SYSTEM%]\ineb.dll
[%SYSTEM%]\waeb.dll
[%SYSTEM%]\windec32.dll
[%WINDOWS%]\system\gws.dll
[%WINDOWS%]\system\ineb.dll
[%WINDOWS%]\system\waeb.dll
[%WINDOWS%]\system\windec32.dll
[%WINDOWS%]\downloaded program files\ineb.inf
[%WINDOWS%]\ilookup\ttil.exe
[%SYSTEM%]\bundler_mpb_sb.exe
[%SYSTEM%]\gws.dll
[%SYSTEM%]\ineb.dll
[%SYSTEM%]\waeb.dll
[%SYSTEM%]\windec32.dll
[%WINDOWS%]\system\gws.dll
[%WINDOWS%]\system\ineb.dll
[%WINDOWS%]\system\waeb.dll
[%WINDOWS%]\system\windec32.dll

How to detect Lookup:

Files: [%WINDOWS%]\downloaded program files\ineb.inf [%WINDOWS%]\ilookup\ttil.exe [%SYSTEM%]\bundler_mpb_sb.exe [%SYSTEM%]\gws.dll [%SYSTEM%]\ineb.dll [%SYSTEM%]\waeb.dll [%SYSTEM%]\windec32.dll [%WINDOWS%]\system\gws.dll [%WINDOWS%]\system\ineb.dll [%WINDOWS%]\system\waeb.dll [%WINDOWS%]\system\windec32.dll [%WINDOWS%]\downloaded program files\ineb.inf [%WINDOWS%]\ilookup\ttil.exe [%SYSTEM%]\bundler_mpb_sb.exe [%SYSTEM%]\gws.dll [%SYSTEM%]\ineb.dll [%SYSTEM%]\waeb.dll [%SYSTEM%]\windec32.dll [%WINDOWS%]\system\gws.dll [%WINDOWS%]\system\ineb.dll [%WINDOWS%]\system\waeb.dll [%WINDOWS%]\system\windec32.dll

Folders: [%FAVORITES%]\hot links [%FAVORITES%]\messenger links [%FAVORITES%]\shopping deals [%FAVORITES%]\gifts for her [%FAVORITES%]\i-lookup favorites [%PROGRAM_FILES%]\i-lookup

Registry Keys: HKEY_CLASSES_ROOT\interface\{42f58f60-9299-4564-9abd-8e9324844560} HKEY_CLASSES_ROOT\interface\{696d1af8-d0ff-42fd-bd8d-d0b20d64f508} HKEY_CLASSES_ROOT\interface\{8fc08358-3634-44c7-a8f2-96dc7f39acd2} HKEY_CLASSES_ROOT\interface\{de53fa5d-11cc-4cb5-8d8e-eb5aa59c1e5a} HKEY_CLASSES_ROOT\interface\{e38924f7-f290-4c13-beec-e8c587f58128} HKEY_CLASSES_ROOT\interface\{fa82a7ec-2afc-4ee0-8f83-3229f7c6437e} HKEY_CURRENT_USER\software\share_docs HKEY_LOCAL_MACHINE\software\classes\clsid\{421a63ba-4632-43e0-a942-3b4ab645be51} HKEY_CLASSES_ROOT\clsid\{11f6b95f-0774-4b8d-8c9e-6b552cbcad14} HKEY_CLASSES_ROOT\clsid\{18b79968-1a76-4953-9ebb-b651407f8998} HKEY_CLASSES_ROOT\clsid\{1bef6c0c-955a-4ad7-bf44-c9e0194b2379} HKEY_CLASSES_ROOT\clsid\{4c759ec6-96bd-4551-a320-e61a1d68437f} HKEY_CLASSES_ROOT\clsid\{50a426c6-360d-42ba-93c8-f144950b731b} HKEY_CLASSES_ROOT\clsid\{54a85a38-a699-4aec-8f88-ab542210c93b} HKEY_CLASSES_ROOT\clsid\{593b3b7b-2d60-43cf-8ce2-0d23b897db4c} HKEY_CLASSES_ROOT\clsid\{61d029ac-972b-49fe-a155-962dfa0a37bb} HKEY_CLASSES_ROOT\clsid\{6ef3ae25-5a7d-40c2-9b44-9ed0068621c0} HKEY_CLASSES_ROOT\clsid\{89580613-09bb-4df6-8c2f-41896f7ea5cd} HKEY_CLASSES_ROOT\clsid\{895fdaae-9464-458d-a2f8-0dbe95788620} HKEY_CLASSES_ROOT\clsid\{8e4c16f3-45c8-4b24-99e6-f55082b7c4f1} HKEY_CLASSES_ROOT\clsid\{a752277b-b866-4e70-b89e-5fb95cbad219} HKEY_CLASSES_ROOT\clsid\{bd419acd-b41c-49d9-8adf-cca159052515} HKEY_CLASSES_ROOT\clsid\{cba523b2-1906-4d14-95a2-cd8e233701c7} HKEY_CLASSES_ROOT\clsid\{d35a69a7-7a34-4c67-814a-3f508c0bf371} HKEY_CLASSES_ROOT\clsid\{e88a86d2-e5ce-4089-bc9f-e7a819feaedb} HKEY_CLASSES_ROOT\clsid\{f74b777e-13e7-4fea-a793-400f93adb813} HKEY_CLASSES_ROOT\clsid\{fbaa0b9e-a059-43e4-9699-76eb0aeb975b} HKEY_CLASSES_ROOT\clsid\{fcd1122e-fc8d-4281-8203-d6cf88735eb2} HKEY_CLASSES_ROOT\clsid\{fe1a240f-b247-4e06-a600-30e28f5af3a0} HKEY_CLASSES_ROOT\ineb.bho HKEY_CLASSES_ROOT\ineb.bho.1 HKEY_CLASSES_ROOT\ineb.inebdb HKEY_CLASSES_ROOT\ineb.inebdb.1 HKEY_CLASSES_ROOT\ineb.inst HKEY_CLASSES_ROOT\ineb.inst.1 HKEY_CLASSES_ROOT\ineb.oma HKEY_CLASSES_ROOT\ineb.oma.1 HKEY_CLASSES_ROOT\ineb.omo HKEY_CLASSES_ROOT\ineb.omo.1 HKEY_CLASSES_ROOT\interface\{072b061c-d125-43da-b2c3-b852ea74fa75} HKEY_CLASSES_ROOT\interface\{3fd0ee3a-96af-434b-8b05-6970699905ae} HKEY_CLASSES_ROOT\interface\{48eb9347-32ef-4fea-803d-3cd314105cb5} HKEY_CLASSES_ROOT\interface\{5fcbdfe8-0e64-4190-90e6-baf31077e46a} HKEY_CLASSES_ROOT\interface\{61cf04dd-f258-4adf-9339-4842c563d1a3} HKEY_CLASSES_ROOT\interface\{7ba07821-d9ef-45df-8e7b-e2c242568f7f} HKEY_CLASSES_ROOT\interface\{7ba3aee4-8bd2-4d88-a1eb-7627a086c2e6} HKEY_CLASSES_ROOT\interface\{7e893886-5641-4867-a323-2d8abb7b4d6d} HKEY_CLASSES_ROOT\interface\{8707b839-3140-4d81-b5fd-5c9f51ddf7bb} HKEY_CLASSES_ROOT\interface\{95d5ab22-576d-47c1-97f0-9b9e9e784439} HKEY_CLASSES_ROOT\interface\{9ca8eb8e-7d4e-443e-b227-c959d52be707} HKEY_CLASSES_ROOT\interface\{b05644e6-d092-4131-bf55-962ed6220aac} HKEY_CLASSES_ROOT\interface\{b0632ec9-bd27-48c4-b16c-294f8823bff0} HKEY_CLASSES_ROOT\interface\{b2231c24-e5bc-4067-b450-2bfd7c9458c7} HKEY_CLASSES_ROOT\interface\{b7383d80-81aa-4fd7-8ac2-d852677cdeae} HKEY_CLASSES_ROOT\interface\{bfeffbf3-9f1d-400d-b3e4-7016d47810db} HKEY_CLASSES_ROOT\interface\{c142ab6d-8a47-4178-b0c6-7e80d89f0e1e} HKEY_CLASSES_ROOT\interface\{c8418b66-7898-4131-a131-f2b839308c15} HKEY_CLASSES_ROOT\interface\{d28b0b4c-c2a8-4f2d-8a9c-e98844d293d2} HKEY_CLASSES_ROOT\interface\{e432b411-6e00-4a49-b715-a88e1cc90cc5} HKEY_CLASSES_ROOT\interface\{e6ed4741-a9df-4bb1-a203-c7461fc00355} HKEY_CLASSES_ROOT\interface\{f3a898b0-6d64-4155-bdf9-c26c99e15071} HKEY_CLASSES_ROOT\interface\{fe118bbf-1b52-4cb3-97f2-4995e90a630d} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{18b79968-1a76-4953-9ebb-b651407f8998} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{61d029ac-972b-49fe-a155-962dfa0a37bb} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{8e4c16f3-45c8-4b24-99e6-f55082b7c4f1} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{cba523b2-1906-4d14-95a2-cd8e233701c7} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{fbaa0b9e-a059-43e4-9699-76eb0aeb975b} HKEY_CLASSES_ROOT\typelib\{0aaf602e-72a1-45fe-bab1-06971e07eaa2} HKEY_CLASSES_ROOT\typelib\{0c9cbfe1-91cd-40c2-bb64-1ec84c4c46af} HKEY_CLASSES_ROOT\typelib\{2038a287-4221-4f76-a7c0-addd77afabb3} HKEY_CLASSES_ROOT\typelib\{4da3703c-eae4-4b1d-93a6-f1d5835a28fd} HKEY_CLASSES_ROOT\typelib\{660b38cb-6349-4c67-a418-aadabae09c38} HKEY_CLASSES_ROOT\typelib\{753aa023-02d1-447d-8b55-53a91a5abf18} HKEY_CLASSES_ROOT\typelib\{edd73c85-28b8-4145-ab9c-673c74c667e6}\1.0 HKEY_CLASSES_ROOT\windec.amo HKEY_CLASSES_ROOT\windec.amo.1 HKEY_CLASSES_ROOT\windec.dbi HKEY_CLASSES_ROOT\windec.dbi.1 HKEY_CLASSES_ROOT\windec.iiittt HKEY_CLASSES_ROOT\windec.iiittt.1 HKEY_CLASSES_ROOT\windec.momo HKEY_CLASSES_ROOT\windec.momo.1 HKEY_CLASSES_ROOT\windec.ohb HKEY_CLASSES_ROOT\windec.ohb.1 HKEY_LOCAL_MACHINE\software\classes\clsid\{11f6b95f-0774-4b8d-8c9e-6b552cbcad14} HKEY_LOCAL_MACHINE\software\classes\clsid\{18b79968-1a76-4953-9ebb-b651407f8998} HKEY_LOCAL_MACHINE\software\classes\clsid\{54a85a38-a699-4aec-8f88-ab542210c93b} HKEY_LOCAL_MACHINE\software\classes\clsid\{61d029ac-972b-49fe-a155-962dfa0a37bb} HKEY_LOCAL_MACHINE\software\classes\clsid\{6ef3ae25-5a7d-40c2-9b44-9ed0068621c0} HKEY_LOCAL_MACHINE\software\classes\clsid\{8e4c16f3-45c8-4b24-99e6-f55082b7c4f1} HKEY_LOCAL_MACHINE\software\classes\clsid\{cba523b2-1906-4d14-95a2-cd8e233701c7} HKEY_LOCAL_MACHINE\software\classes\clsid\{d35a69a7-7a34-4c67-814a-3f508c0bf371} HKEY_LOCAL_MACHINE\software\classes\clsid\{fbaa0b9e-a059-43e4-9699-76eb0aeb975b} HKEY_LOCAL_MACHINE\software\classes\interface\{7e893886-5641-4867-a323-2d8abb7b4d6d} HKEY_LOCAL_MACHINE\software\classes\interface\{b0632ec9-bd27-48c4-b16c-294f8823bff0} HKEY_LOCAL_MACHINE\software\classes\interface\{e6ed4741-a9df-4bb1-a203-c7461fc00355} HKEY_LOCAL_MACHINE\software\classes\typelib\{edd73c85-28b8-4145-ab9c-673c74c667e6} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18b79968-1a76-4953-9ebb-b651407f8998} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{61d029ac-972b-49fe-a155-962dfa0a37bb} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{cba523b2-1906-4d14-95a2-cd8e233701c7} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{fbaa0b9e-a059-43e4-9699-76eb0aeb975b}

Registry Values: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Lookup:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bancos.GGW Trojan Symptoms
Remove Pigeon.AVKJ Trojan
ProcKill Trojan Removal instruction

Blog Archive

About Me

Thursday, December 4, 2008

How to detect HuntBar:

Removing HuntBar:

How to detect Internal.Revise:

Removing Internal.Revise:

How to detect Couponica:

Removing Couponica:

How to detect GoToMyPC:

Removing GoToMyPC:

How to detect Comet:

Removing Comet:

How to detect IntraKey:

Removing IntraKey:

How to detect Xupiter.Orbitexplorer:

Removing Xupiter.Orbitexplorer:

How to detect PSW.Delf.cf:

Removing PSW.Delf.cf:

How to detect Adware.DesktopMedia:

Removing Adware.DesktopMedia:

How to detect Searchit:

Removing Searchit:

How to detect Claria.GotSmiley:

Removing Claria.GotSmiley:

How to detect Fradwar:

Removing Fradwar:

How to detect Lorofring:

Removing Lorofring:

How to detect EZSearch:

Removing EZSearch:

How to detect Adware.LugSearch:

Removing Adware.LugSearch:

How to detect PeopleOnPage:

Removing PeopleOnPage:

How to detect Zango:

Removing Zango:

How to detect Bancos.IMI:

Removing Bancos.IMI:

How to detect OmegaSearch:

Removing OmegaSearch:

How to detect Rustock:

Removing Rustock:

How to detect FakeAlert.Adobepnl:

Removing FakeAlert.Adobepnl:

How to detect 180Search Assistant:

Removing 180Search Assistant:

How to detect Miondun:

Removing Miondun:

How to detect Net.Raider:

Removing Net.Raider:

How to detect Lookup:

Removing Lookup: