Friday, December 5, 2008

Hacker.Brazil Backdoor

Removing Hacker.Brazil
Categories: Backdoor,RAT
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
Hacker.Brazil Also known as:

[Kaspersky]Backdoor.HBR.10;
[McAfee]SennaSpy2001;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/HBR.10
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\hacker_brasil.exe
[%WINDOWS%]\system\hacker_brasil.exe

How to detect Hacker.Brazil:

Files:
[%WINDOWS%]\system\hacker_brasil.exe
[%WINDOWS%]\system\hacker_brasil.exe

Removing Hacker.Brazil:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Rewind.FTP.Server RAT Removal instruction
Hack.Office Worm Symptoms
Patch Trojan Removal
HideExec Trojan Cleaner

Posted by at No comments:

PopMonster Adware

Removing PopMonster
Categories: Adware,BHO,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\searchbar.dll
[%WINDOWS%]\system\searchbar.dll
[%SYSTEM%]\searchbar.dll
[%WINDOWS%]\system\searchbar.dll

How to detect PopMonster:

Files:
[%SYSTEM%]\searchbar.dll
[%WINDOWS%]\system\searchbar.dll
[%SYSTEM%]\searchbar.dll
[%WINDOWS%]\system\searchbar.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{4209b4c1-1295-4908-9312-a53c036eb3cd}
HKEY_CLASSES_ROOT\clsid\{85c76fbd-6218-4379-95c1-b4f37bf6180}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{4209b4c1-1295-4908-9312-a53c036eb3cd}
HKEY_LOCAL_MACHINE\software\classes\clsid\{4209b4c1-1295-4908-9312-a53c036eb3cd}
HKEY_LOCAL_MACHINE\software\classes\clsid\{85c76fbd-6218-4379-95c1-b4f37bf6180}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4209b4c1-1295-4908-9312-a53c036eb3cd}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar

Removing PopMonster:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
AdwareRemover Adware Removal instruction
TrojanDropper.Win32.VB.aj Trojan Cleaner
Remove CIA.boot Trojan
sdcmerck.com Tracking Cookie Symptoms
MSS Adware Symptoms

Posted by at No comments:

Aflac Trojan

Removing Aflac
Categories: Trojan,Adware
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Aflac Also known as:

[Kaspersky]Trojan-Clicker.Win32.Spywad.j,Hoax.Win32.Aflac,Trojan.Win32.Agent.qt;
[McAfee]AdClicker-CG;
[Other]Win32/Aflac.B,W32/Spywad.FR,Troj/Spywad-B,HTML/Aflac,RazeSpyware,Win32/Aflac.C,win32/Aflac.D
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\drvboc.dll
[%SYSTEM%]\drvbug.dll
[%SYSTEM%]\drvdec.dll
[%SYSTEM%]\drvfil.dll
[%SYSTEM%]\drvkaj.dll
[%SYSTEM%]\drvkuv.dll
[%SYSTEM%]\drvlak.dll
[%SYSTEM%]\drvlur.dll
[%SYSTEM%]\drvsod.dll
[%SYSTEM%]\drvwik.dll
[%SYSTEM%]\drvzuf.dll
[%SYSTEM%]\drvnaz.dll
[%SYSTEM%]\drvboc.dll
[%SYSTEM%]\drvbug.dll
[%SYSTEM%]\drvdec.dll
[%SYSTEM%]\drvfil.dll
[%SYSTEM%]\drvkaj.dll
[%SYSTEM%]\drvkuv.dll
[%SYSTEM%]\drvlak.dll
[%SYSTEM%]\drvlur.dll
[%SYSTEM%]\drvsod.dll
[%SYSTEM%]\drvwik.dll
[%SYSTEM%]\drvzuf.dll
[%SYSTEM%]\drvnaz.dll

How to detect Aflac:

Files:
[%SYSTEM%]\drvboc.dll
[%SYSTEM%]\drvbug.dll
[%SYSTEM%]\drvdec.dll
[%SYSTEM%]\drvfil.dll
[%SYSTEM%]\drvkaj.dll
[%SYSTEM%]\drvkuv.dll
[%SYSTEM%]\drvlak.dll
[%SYSTEM%]\drvlur.dll
[%SYSTEM%]\drvsod.dll
[%SYSTEM%]\drvwik.dll
[%SYSTEM%]\drvzuf.dll
[%SYSTEM%]\drvnaz.dll
[%SYSTEM%]\drvboc.dll
[%SYSTEM%]\drvbug.dll
[%SYSTEM%]\drvdec.dll
[%SYSTEM%]\drvfil.dll
[%SYSTEM%]\drvkaj.dll
[%SYSTEM%]\drvkuv.dll
[%SYSTEM%]\drvlak.dll
[%SYSTEM%]\drvlur.dll
[%SYSTEM%]\drvsod.dll
[%SYSTEM%]\drvwik.dll
[%SYSTEM%]\drvzuf.dll
[%SYSTEM%]\drvnaz.dll

Removing Aflac:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.DZT Trojan Information

Posted by at No comments:

Dluca.gen Downloader

Removing Dluca.gen
Categories: Downloader
Trojans-downloaders downloads and installs new malware or adware on the computer.

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\gwmpivue.exe
[%SYSTEM%]\kmrptame.exe
[%SYSTEM%]\msgb1.exe
[%SYSTEM%]\gwmpivue.exe
[%SYSTEM%]\kmrptame.exe
[%SYSTEM%]\msgb1.exe

How to detect Dluca.gen:

Files:
[%SYSTEM%]\gwmpivue.exe
[%SYSTEM%]\kmrptame.exe
[%SYSTEM%]\msgb1.exe
[%SYSTEM%]\gwmpivue.exe
[%SYSTEM%]\kmrptame.exe
[%SYSTEM%]\msgb1.exe

Removing Dluca.gen:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
DlQQHelp Trojan Symptoms
SillyDl.CJM Downloader Cleaner

Posted by at No comments:

Perlovga Trojan

Removing Perlovga
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Perlovga Also known as:

[Kaspersky]Virus.win32.Perlovga;
[McAfee]W32/Perlovga;
[Other]Win32/Perlovga,Win32/Perlovga.A
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\temp1.exe
[%SYSTEM%]\temp2.exe
[%WINDOWS%]\svchost.exe
[%WINDOWS%]\xcopy.exe
[%SYSTEM%]\temp1.exe
[%SYSTEM%]\temp2.exe
[%WINDOWS%]\svchost.exe
[%WINDOWS%]\xcopy.exe

How to detect Perlovga:

Files:
[%SYSTEM%]\temp1.exe
[%SYSTEM%]\temp2.exe
[%WINDOWS%]\svchost.exe
[%WINDOWS%]\xcopy.exe
[%SYSTEM%]\temp1.exe
[%SYSTEM%]\temp2.exe
[%WINDOWS%]\svchost.exe
[%WINDOWS%]\xcopy.exe

Removing Perlovga:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Backdoor.EggDrop Backdoor
Remove Zlob.Fam.NewMediaCodec Trojan

Posted by at No comments:

NN.Bar Toolbar

Removing NN.Bar
Categories: Toolbar
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\mit2A2.tmp.cab
[%PROFILE_TEMP%]\mit33.tmp.cab
[%PROFILE_TEMP%]\mit407.tmp.cab
[%PROFILE_TEMP%]\NNBar_VCSetup_876029.exe
[%PROFILE_TEMP%]\NNBar_VCSetup_876075.exe
[%SYSTEM%]\WinNB57.dll
[%SYSTEM%]\WinNB58.dll
[%DESKTOP%]\keyactivextest.ocx
[%PROFILE_TEMP%]\mit33.tmp
[%PROFILE_TEMP%]\NNBar_VCSetup_876057.exe
[%PROFILE_TEMP%]\mit2A2.tmp.cab
[%PROFILE_TEMP%]\mit33.tmp.cab
[%PROFILE_TEMP%]\mit407.tmp.cab
[%PROFILE_TEMP%]\NNBar_VCSetup_876029.exe
[%PROFILE_TEMP%]\NNBar_VCSetup_876075.exe
[%SYSTEM%]\WinNB57.dll
[%SYSTEM%]\WinNB58.dll
[%DESKTOP%]\keyactivextest.ocx
[%PROFILE_TEMP%]\mit33.tmp
[%PROFILE_TEMP%]\NNBar_VCSetup_876057.exe

How to detect NN.Bar:

Files:
[%PROFILE_TEMP%]\mit2A2.tmp.cab
[%PROFILE_TEMP%]\mit33.tmp.cab
[%PROFILE_TEMP%]\mit407.tmp.cab
[%PROFILE_TEMP%]\NNBar_VCSetup_876029.exe
[%PROFILE_TEMP%]\NNBar_VCSetup_876075.exe
[%SYSTEM%]\WinNB57.dll
[%SYSTEM%]\WinNB58.dll
[%DESKTOP%]\keyactivextest.ocx
[%PROFILE_TEMP%]\mit33.tmp
[%PROFILE_TEMP%]\NNBar_VCSetup_876057.exe
[%PROFILE_TEMP%]\mit2A2.tmp.cab
[%PROFILE_TEMP%]\mit33.tmp.cab
[%PROFILE_TEMP%]\mit407.tmp.cab
[%PROFILE_TEMP%]\NNBar_VCSetup_876029.exe
[%PROFILE_TEMP%]\NNBar_VCSetup_876075.exe
[%SYSTEM%]\WinNB57.dll
[%SYSTEM%]\WinNB58.dll
[%DESKTOP%]\keyactivextest.ocx
[%PROFILE_TEMP%]\mit33.tmp
[%PROFILE_TEMP%]\NNBar_VCSetup_876057.exe

Registry Keys:
HKEY_CLASSES_ROOT\nn_bar_dummy.nn_bardummy
HKEY_CLASSES_ROOT\nn_bar_dummy.nn_bardummy.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}
HKEY_LOCAL_MACHINE\software\classes\clsid\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e}
HKEY_LOCAL_MACHINE\software\classes\interface\{1037b06c-84b7-4240-8d80-485810a0497d}
HKEY_LOCAL_MACHINE\software\classes\interface\{224302b0-94e9-45c2-9e5b-ba989ee556e1}
HKEY_LOCAL_MACHINE\software\classes\interface\{54b287f9-fd90-4457-b65e-cb91560c021d}
HKEY_LOCAL_MACHINE\software\classes\interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f}
HKEY_LOCAL_MACHINE\software\classes\nn_bar_dummy.nn_bardummy
HKEY_LOCAL_MACHINE\software\classes\nn_bar_dummy.nn_bardummy.1
HKEY_LOCAL_MACHINE\software\classes\typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49}
HKEY_LOCAL_MACHINE\software\classes\typelib\{f8310e7d-4c4d-46a4-a068-b5bb99411cc7}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar

Removing NN.Bar:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Lookup.GWS BHO
Removing Jack.the.Ripper Trojan
Neodurk Trojan Information

Posted by at No comments:

IRC.SdBot.generic Trojan

Removing IRC.SdBot.generic
Categories: Trojan,Backdoor
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

IRC.SdBot.generic Also known as:

[Eset]IRC/SdBot.generic trojan;
[Panda]Bck/Sdbot.gen
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\lshosts32.exe
[%SYSTEM%]\yahoomsgr.exe
[%SYSTEM%]\lshosts32.exe
[%SYSTEM%]\yahoomsgr.exe

How to detect IRC.SdBot.generic:

Files:
[%SYSTEM%]\lshosts32.exe
[%SYSTEM%]\yahoomsgr.exe
[%SYSTEM%]\lshosts32.exe
[%SYSTEM%]\yahoomsgr.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing IRC.SdBot.generic:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
IRC.Bot.for.Windows Backdoor Removal instruction
Frethog.AFL Trojan Removal instruction
Win32.Dotf.13!Trojan Trojan Information
SearchFu.123Search BHO Cleaner
Remove Toledorz Backdoor

Posted by at No comments:

MsnSpy Spyware

Removing MsnSpy
Categories: Spyware
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
Visible Symptoms:
Files in system folders:
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\MsnSpy.lnk
[%DESKTOP%]\MsnSpy.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\MsnSpy.lnk
[%DESKTOP%]\MsnSpy.lnk

How to detect MsnSpy:

Files:
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\MsnSpy.lnk
[%DESKTOP%]\MsnSpy.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\MsnSpy.lnk
[%DESKTOP%]\MsnSpy.lnk

Folders:
[%PROGRAMS%]\MsnSpy
[%PROGRAM_FILES%]\MsnSpy

Registry Keys:
HKEY_CURRENT_USER\software\msnspy
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\msnspy

Removing MsnSpy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
BackDoor.AWQ Trojan Symptoms
Eight.tunes Trojan Removal instruction
RegClean Ransomware Removal
QuickSearch Toolbar Removal
Pigeon.EUA Trojan Symptoms

Posted by at No comments:

Clspring Trojan

Removing Clspring
Categories: Trojan,BHO
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Clspring Also known as:

[Kaspersky]AdWare.Win32.PrutiyScan.ak,AdWare.Win32.PurityScan.ak,Trojan-Downloader.Win32.PurityScan.cl,Trojan-Downloader.Win32.PurityScan.eb,AdWare.Win32.PurityScan.gl;
[McAfee]Adware-ClickSpring;
[Other]Win32/Clspring.GB,Adware.Purityscan,Win32/Clspring.FZ,Adware.PurityScan,ClickSpring.PuritySCAN,purityscan,Win32/Clspring.GG,ClickSpring,Win32/Clspring.GR,Win32/Clspring.GW,Troj/PurScan-BE,Win32/Clspring!generic,Adware:Win32/ClickSpring.PuritySCAN,Win32/Clspring.GZ,Trojan.Adclicker
Visible Symptoms:
Files in system folders:
[%APPDATA%]\CROSOF~1.NET\msconfig.exe
[%APPDATA%]\FNTS~1\msiexec.exe
[%APPDATA%]\YMBOLS~1\lsass.exe
[%INTERNET_CACHE%]\Content.IE5\4LM3S9IZ\116[1].net
[%INTERNET_CACHE%]\Content.IE5\5461ZY3K\!update-4395[1].0000
[%INTERNET_CACHE%]\content.ie5\5MOG1H6V\!update-4395[1].0000
[%INTERNET_CACHE%]\content.ie5\DSUZ3EO9\!update-4395[1].0000
[%INTERNET_CACHE%]\Content.IE5\KLYBC1E3\!update-4395[1].0000
[%PROFILE_TEMP%]\!update.exe
[%PROFILE_TEMP%]\!update.exe.ren
[%PROFILE_TEMP%]\b116.exe
[%PROFILE_TEMP%]\sdexe.exe
[%PROFILE_TEMP%]\YazzleBundle-1281.exe
[%PROFILE_TEMP%]\yazzlesnet.exe
[%PROGRAM_FILES%]\ASEMBL~1\nopdb.exe
[%PROGRAM_FILES%]\RACLE~1\tracert.exe
[%PROGRAM_FILES_COMMON%]\%A5%CCICRO~1.NET\svchost.exe
[%PROGRAM_FILES_COMMON%]\ASEMBL~1\services.exe
[%SYSTEM%]\ICROSO~1.NET\lsass.exe
[%SYSTEM%]\ICROSO~1.NET\tracert.exe
[%SYSTEM%]\regedit.dll
[%SYSTEM%]\smss.dll
[%SYSTEM%]\SSTEM3~1\dexplore.exe
[%SYSTEM%]\wuauboot.dll
[%WINDOWS%]\CROSOF~1.NET\winlogon.exe
[%WINDOWS%]\YAXUninst.exe
[%SYSTEM%]\Outerinfo-1199.exe
[%APPDATA%]\CROSOF~1.NET\msconfig.exe
[%APPDATA%]\FNTS~1\msiexec.exe
[%APPDATA%]\YMBOLS~1\lsass.exe
[%INTERNET_CACHE%]\Content.IE5\4LM3S9IZ\116[1].net
[%INTERNET_CACHE%]\Content.IE5\5461ZY3K\!update-4395[1].0000
[%INTERNET_CACHE%]\content.ie5\5MOG1H6V\!update-4395[1].0000
[%INTERNET_CACHE%]\content.ie5\DSUZ3EO9\!update-4395[1].0000
[%INTERNET_CACHE%]\Content.IE5\KLYBC1E3\!update-4395[1].0000
[%PROFILE_TEMP%]\!update.exe
[%PROFILE_TEMP%]\!update.exe.ren
[%PROFILE_TEMP%]\b116.exe
[%PROFILE_TEMP%]\sdexe.exe
[%PROFILE_TEMP%]\YazzleBundle-1281.exe
[%PROFILE_TEMP%]\yazzlesnet.exe
[%PROGRAM_FILES%]\ASEMBL~1\nopdb.exe
[%PROGRAM_FILES%]\RACLE~1\tracert.exe
[%PROGRAM_FILES_COMMON%]\%A5%CCICRO~1.NET\svchost.exe
[%PROGRAM_FILES_COMMON%]\ASEMBL~1\services.exe
[%SYSTEM%]\ICROSO~1.NET\lsass.exe
[%SYSTEM%]\ICROSO~1.NET\tracert.exe
[%SYSTEM%]\regedit.dll
[%SYSTEM%]\smss.dll
[%SYSTEM%]\SSTEM3~1\dexplore.exe
[%SYSTEM%]\wuauboot.dll
[%WINDOWS%]\CROSOF~1.NET\winlogon.exe
[%WINDOWS%]\YAXUninst.exe
[%SYSTEM%]\Outerinfo-1199.exe

How to detect Clspring:

Files:
[%APPDATA%]\CROSOF~1.NET\msconfig.exe
[%APPDATA%]\FNTS~1\msiexec.exe
[%APPDATA%]\YMBOLS~1\lsass.exe
[%INTERNET_CACHE%]\Content.IE5\4LM3S9IZ\116[1].net
[%INTERNET_CACHE%]\Content.IE5\5461ZY3K\!update-4395[1].0000
[%INTERNET_CACHE%]\content.ie5\5MOG1H6V\!update-4395[1].0000
[%INTERNET_CACHE%]\content.ie5\DSUZ3EO9\!update-4395[1].0000
[%INTERNET_CACHE%]\Content.IE5\KLYBC1E3\!update-4395[1].0000
[%PROFILE_TEMP%]\!update.exe
[%PROFILE_TEMP%]\!update.exe.ren
[%PROFILE_TEMP%]\b116.exe
[%PROFILE_TEMP%]\sdexe.exe
[%PROFILE_TEMP%]\YazzleBundle-1281.exe
[%PROFILE_TEMP%]\yazzlesnet.exe
[%PROGRAM_FILES%]\ASEMBL~1\nopdb.exe
[%PROGRAM_FILES%]\RACLE~1\tracert.exe
[%PROGRAM_FILES_COMMON%]\%A5%CCICRO~1.NET\svchost.exe
[%PROGRAM_FILES_COMMON%]\ASEMBL~1\services.exe
[%SYSTEM%]\ICROSO~1.NET\lsass.exe
[%SYSTEM%]\ICROSO~1.NET\tracert.exe
[%SYSTEM%]\regedit.dll
[%SYSTEM%]\smss.dll
[%SYSTEM%]\SSTEM3~1\dexplore.exe
[%SYSTEM%]\wuauboot.dll
[%WINDOWS%]\CROSOF~1.NET\winlogon.exe
[%WINDOWS%]\YAXUninst.exe
[%SYSTEM%]\Outerinfo-1199.exe
[%APPDATA%]\CROSOF~1.NET\msconfig.exe
[%APPDATA%]\FNTS~1\msiexec.exe
[%APPDATA%]\YMBOLS~1\lsass.exe
[%INTERNET_CACHE%]\Content.IE5\4LM3S9IZ\116[1].net
[%INTERNET_CACHE%]\Content.IE5\5461ZY3K\!update-4395[1].0000
[%INTERNET_CACHE%]\content.ie5\5MOG1H6V\!update-4395[1].0000
[%INTERNET_CACHE%]\content.ie5\DSUZ3EO9\!update-4395[1].0000
[%INTERNET_CACHE%]\Content.IE5\KLYBC1E3\!update-4395[1].0000
[%PROFILE_TEMP%]\!update.exe
[%PROFILE_TEMP%]\!update.exe.ren
[%PROFILE_TEMP%]\b116.exe
[%PROFILE_TEMP%]\sdexe.exe
[%PROFILE_TEMP%]\YazzleBundle-1281.exe
[%PROFILE_TEMP%]\yazzlesnet.exe
[%PROGRAM_FILES%]\ASEMBL~1\nopdb.exe
[%PROGRAM_FILES%]\RACLE~1\tracert.exe
[%PROGRAM_FILES_COMMON%]\%A5%CCICRO~1.NET\svchost.exe
[%PROGRAM_FILES_COMMON%]\ASEMBL~1\services.exe
[%SYSTEM%]\ICROSO~1.NET\lsass.exe
[%SYSTEM%]\ICROSO~1.NET\tracert.exe
[%SYSTEM%]\regedit.dll
[%SYSTEM%]\smss.dll
[%SYSTEM%]\SSTEM3~1\dexplore.exe
[%SYSTEM%]\wuauboot.dll
[%WINDOWS%]\CROSOF~1.NET\winlogon.exe
[%WINDOWS%]\YAXUninst.exe
[%SYSTEM%]\Outerinfo-1199.exe

Folders:
[%PROGRAMS%]\Outerinfo
[%PROGRAM_FILES%]\Outerinfo

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\outerinfo
HKEY_CLASSES_ROOT\clsid\{2e9d4c81-9f27-4c14-b804-7b0f6bc88a4f}
HKEY_CLASSES_ROOT\clsid\{55bb27b1-b15e-b2df-2c22-bcce64b8e8b7}
HKEY_CLASSES_ROOT\clsid\{661d9ab6-595d-0b89-2bc2-0295c1a289b1}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2e9d4c81-9f27-4c14-b804-7b0f6bc88a4f}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{55bb27b1-b15e-b2df-2c22-bcce64b8e8b7}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{661d9ab6-595d-0b89-2bc2-0295c1a289b1}
HKEY_LOCAL_MACHINE\software\outerinfo

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\mozilla\firefox\extensions

Removing Clspring:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Win32.Nuker.NuKe Trojan
Pigeon.ERN Trojan Information
iconinstaller Trojan Removal

Posted by at No comments:

Crusc Trojan

Removing Crusc
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Crusc Also known as:

[Kaspersky]Trojan-Proxy.Win32.Horst.be,Trojan-Proxy.Win32.Horst.cm,Trojan-Proxy.win32.Horst.be,Trojan-Proxy.Win32.Horst.bk,Trojan-Downloader.Win32.Agent.amc,Trojan-Proxy.Win32.Horst.z,Trojan-Downloader.Win32.Vivia.y;
[McAfee]Spam-Loot,Spam-loot;
[Other]TROJ_AGENT.CAH,Win32.Crusc.K,Win32/Crusc.H,TROJ_HORST.CM,Win32/Crusc.J,Trojan-Spy.Win32.Agent.nr,Trojan.Webus.G,Win32/Crusc.I,Trojan-Proxy.Win32.Horst.cg,Hacktool.Proxy,Win32/Crusc.Q,Trojan-Proxy.win32.Horst.bu,Win32/Crusc.R,Trojan-Proxy.Win32.Horst.bu,Win32/Crusc.P,trojan-backdoor-medbod,Win32/Crusc.M,Trojan.Zlob,Win32/Crusc.N,Backdoor.DMSpammer,Win32/Crusc.L,Win32/Crusc.O,Win32/Crusc.T,Win32/Crusc.S,TROJ_HORST.BU,Win32/Crusc.E,Win32/Crusc.F
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\14exmodul32e.d.exe
[%PROFILE_TEMP%]\17exmodul32d.1.exe
[%PROFILE_TEMP%]\17exmodul32s.4.exe
[%PROFILE_TEMP%]\18exmodul32d.1.exe
[%PROFILE_TEMP%]\18exmodul32s.4.exe
[%PROFILE_TEMP%]\19exmodul32c.3.exe
[%PROFILE_TEMP%]\1exmodul32d.1.exe
[%PROFILE_TEMP%]\22exmodul32s.4.exe
[%PROFILE_TEMP%]\24exinjs.h.exe
[%PROFILE_TEMP%]\27exmodul32s.4.exe
[%PROFILE_TEMP%]\3.modul32h2.exe
[%PROFILE_TEMP%]\30exmodul32d.1.exe
[%PROFILE_TEMP%]\37exmodul32s.4.exe
[%PROFILE_TEMP%]\41exmodul32d.b.exe
[%PROFILE_TEMP%]\46exmodul32s.4.exe
[%PROFILE_TEMP%]\48exmodul32d.1.exe
[%PROFILE_TEMP%]\49exinjs.h.exe
[%PROFILE_TEMP%]\49exmodul32d.1.exe
[%PROFILE_TEMP%]\5.modul32h2.exe
[%PROFILE_TEMP%]\53exmodul32s.4.exe
[%PROFILE_TEMP%]\54exmodul32e.d.exe
[%PROFILE_TEMP%]\57exmodul32s.4.exe
[%PROFILE_TEMP%]\58exmodul32s.4.exe
[%PROFILE_TEMP%]\6.modul32h2.exe
[%PROFILE_TEMP%]\61exmodul32s.4.exe
[%PROFILE_TEMP%]\62exmodul32d.b.exe
[%PROFILE_TEMP%]\64exmodul32d.4.exe
[%PROFILE_TEMP%]\69exmodul32c.3.exe
[%PROFILE_TEMP%]\69exmodul32e.d.exe
[%PROFILE_TEMP%]\71exmodul32c.3.exe
[%PROFILE_TEMP%]\71exmodul32d.7.exe
[%PROFILE_TEMP%]\72exmodul32d.8.exe
[%PROFILE_TEMP%]\73exmodul32s.4.exe
[%PROFILE_TEMP%]\81exmodul32e.d.exe
[%PROFILE_TEMP%]\82exmodul32d.8.exe
[%PROFILE_TEMP%]\83exinjs.h.exe
[%PROFILE_TEMP%]\86exmodul32d.1.exe
[%PROFILE_TEMP%]\92exinjs.h.exe
[%PROFILE_TEMP%]\94exmodul32e.d.exe
[%PROFILE_TEMP%]\96exmodul32c.3.exe
[%PROFILE_TEMP%]\96exmodul32e.d.exe
[%PROFILE_TEMP%]\98exmodul32d.1.exe
[%PROFILE_TEMP%]\modul32c.3.exe
[%PROFILE_TEMP%]\modul32d.1.exe
[%PROFILE_TEMP%]\modul32d.4.exe
[%PROFILE_TEMP%]\modul32d.7.exe
[%PROFILE_TEMP%]\modul32d.8.exe
[%PROFILE_TEMP%]\modul32d.b.exe
[%PROFILE_TEMP%]\14exmodul32e.d.exe
[%PROFILE_TEMP%]\17exmodul32d.1.exe
[%PROFILE_TEMP%]\17exmodul32s.4.exe
[%PROFILE_TEMP%]\18exmodul32d.1.exe
[%PROFILE_TEMP%]\18exmodul32s.4.exe
[%PROFILE_TEMP%]\19exmodul32c.3.exe
[%PROFILE_TEMP%]\1exmodul32d.1.exe
[%PROFILE_TEMP%]\22exmodul32s.4.exe
[%PROFILE_TEMP%]\24exinjs.h.exe
[%PROFILE_TEMP%]\27exmodul32s.4.exe
[%PROFILE_TEMP%]\3.modul32h2.exe
[%PROFILE_TEMP%]\30exmodul32d.1.exe
[%PROFILE_TEMP%]\37exmodul32s.4.exe
[%PROFILE_TEMP%]\41exmodul32d.b.exe
[%PROFILE_TEMP%]\46exmodul32s.4.exe
[%PROFILE_TEMP%]\48exmodul32d.1.exe
[%PROFILE_TEMP%]\49exinjs.h.exe
[%PROFILE_TEMP%]\49exmodul32d.1.exe
[%PROFILE_TEMP%]\5.modul32h2.exe
[%PROFILE_TEMP%]\53exmodul32s.4.exe
[%PROFILE_TEMP%]\54exmodul32e.d.exe
[%PROFILE_TEMP%]\57exmodul32s.4.exe
[%PROFILE_TEMP%]\58exmodul32s.4.exe
[%PROFILE_TEMP%]\6.modul32h2.exe
[%PROFILE_TEMP%]\61exmodul32s.4.exe
[%PROFILE_TEMP%]\62exmodul32d.b.exe
[%PROFILE_TEMP%]\64exmodul32d.4.exe
[%PROFILE_TEMP%]\69exmodul32c.3.exe
[%PROFILE_TEMP%]\69exmodul32e.d.exe
[%PROFILE_TEMP%]\71exmodul32c.3.exe
[%PROFILE_TEMP%]\71exmodul32d.7.exe
[%PROFILE_TEMP%]\72exmodul32d.8.exe
[%PROFILE_TEMP%]\73exmodul32s.4.exe
[%PROFILE_TEMP%]\81exmodul32e.d.exe
[%PROFILE_TEMP%]\82exmodul32d.8.exe
[%PROFILE_TEMP%]\83exinjs.h.exe
[%PROFILE_TEMP%]\86exmodul32d.1.exe
[%PROFILE_TEMP%]\92exinjs.h.exe
[%PROFILE_TEMP%]\94exmodul32e.d.exe
[%PROFILE_TEMP%]\96exmodul32c.3.exe
[%PROFILE_TEMP%]\96exmodul32e.d.exe
[%PROFILE_TEMP%]\98exmodul32d.1.exe
[%PROFILE_TEMP%]\modul32c.3.exe
[%PROFILE_TEMP%]\modul32d.1.exe
[%PROFILE_TEMP%]\modul32d.4.exe
[%PROFILE_TEMP%]\modul32d.7.exe
[%PROFILE_TEMP%]\modul32d.8.exe
[%PROFILE_TEMP%]\modul32d.b.exe

How to detect Crusc:

Files:
[%PROFILE_TEMP%]\14exmodul32e.d.exe
[%PROFILE_TEMP%]\17exmodul32d.1.exe
[%PROFILE_TEMP%]\17exmodul32s.4.exe
[%PROFILE_TEMP%]\18exmodul32d.1.exe
[%PROFILE_TEMP%]\18exmodul32s.4.exe
[%PROFILE_TEMP%]\19exmodul32c.3.exe
[%PROFILE_TEMP%]\1exmodul32d.1.exe
[%PROFILE_TEMP%]\22exmodul32s.4.exe
[%PROFILE_TEMP%]\24exinjs.h.exe
[%PROFILE_TEMP%]\27exmodul32s.4.exe
[%PROFILE_TEMP%]\3.modul32h2.exe
[%PROFILE_TEMP%]\30exmodul32d.1.exe
[%PROFILE_TEMP%]\37exmodul32s.4.exe
[%PROFILE_TEMP%]\41exmodul32d.b.exe
[%PROFILE_TEMP%]\46exmodul32s.4.exe
[%PROFILE_TEMP%]\48exmodul32d.1.exe
[%PROFILE_TEMP%]\49exinjs.h.exe
[%PROFILE_TEMP%]\49exmodul32d.1.exe
[%PROFILE_TEMP%]\5.modul32h2.exe
[%PROFILE_TEMP%]\53exmodul32s.4.exe
[%PROFILE_TEMP%]\54exmodul32e.d.exe
[%PROFILE_TEMP%]\57exmodul32s.4.exe
[%PROFILE_TEMP%]\58exmodul32s.4.exe
[%PROFILE_TEMP%]\6.modul32h2.exe
[%PROFILE_TEMP%]\61exmodul32s.4.exe
[%PROFILE_TEMP%]\62exmodul32d.b.exe
[%PROFILE_TEMP%]\64exmodul32d.4.exe
[%PROFILE_TEMP%]\69exmodul32c.3.exe
[%PROFILE_TEMP%]\69exmodul32e.d.exe
[%PROFILE_TEMP%]\71exmodul32c.3.exe
[%PROFILE_TEMP%]\71exmodul32d.7.exe
[%PROFILE_TEMP%]\72exmodul32d.8.exe
[%PROFILE_TEMP%]\73exmodul32s.4.exe
[%PROFILE_TEMP%]\81exmodul32e.d.exe
[%PROFILE_TEMP%]\82exmodul32d.8.exe
[%PROFILE_TEMP%]\83exinjs.h.exe
[%PROFILE_TEMP%]\86exmodul32d.1.exe
[%PROFILE_TEMP%]\92exinjs.h.exe
[%PROFILE_TEMP%]\94exmodul32e.d.exe
[%PROFILE_TEMP%]\96exmodul32c.3.exe
[%PROFILE_TEMP%]\96exmodul32e.d.exe
[%PROFILE_TEMP%]\98exmodul32d.1.exe
[%PROFILE_TEMP%]\modul32c.3.exe
[%PROFILE_TEMP%]\modul32d.1.exe
[%PROFILE_TEMP%]\modul32d.4.exe
[%PROFILE_TEMP%]\modul32d.7.exe
[%PROFILE_TEMP%]\modul32d.8.exe
[%PROFILE_TEMP%]\modul32d.b.exe
[%PROFILE_TEMP%]\14exmodul32e.d.exe
[%PROFILE_TEMP%]\17exmodul32d.1.exe
[%PROFILE_TEMP%]\17exmodul32s.4.exe
[%PROFILE_TEMP%]\18exmodul32d.1.exe
[%PROFILE_TEMP%]\18exmodul32s.4.exe
[%PROFILE_TEMP%]\19exmodul32c.3.exe
[%PROFILE_TEMP%]\1exmodul32d.1.exe
[%PROFILE_TEMP%]\22exmodul32s.4.exe
[%PROFILE_TEMP%]\24exinjs.h.exe
[%PROFILE_TEMP%]\27exmodul32s.4.exe
[%PROFILE_TEMP%]\3.modul32h2.exe
[%PROFILE_TEMP%]\30exmodul32d.1.exe
[%PROFILE_TEMP%]\37exmodul32s.4.exe
[%PROFILE_TEMP%]\41exmodul32d.b.exe
[%PROFILE_TEMP%]\46exmodul32s.4.exe
[%PROFILE_TEMP%]\48exmodul32d.1.exe
[%PROFILE_TEMP%]\49exinjs.h.exe
[%PROFILE_TEMP%]\49exmodul32d.1.exe
[%PROFILE_TEMP%]\5.modul32h2.exe
[%PROFILE_TEMP%]\53exmodul32s.4.exe
[%PROFILE_TEMP%]\54exmodul32e.d.exe
[%PROFILE_TEMP%]\57exmodul32s.4.exe
[%PROFILE_TEMP%]\58exmodul32s.4.exe
[%PROFILE_TEMP%]\6.modul32h2.exe
[%PROFILE_TEMP%]\61exmodul32s.4.exe
[%PROFILE_TEMP%]\62exmodul32d.b.exe
[%PROFILE_TEMP%]\64exmodul32d.4.exe
[%PROFILE_TEMP%]\69exmodul32c.3.exe
[%PROFILE_TEMP%]\69exmodul32e.d.exe
[%PROFILE_TEMP%]\71exmodul32c.3.exe
[%PROFILE_TEMP%]\71exmodul32d.7.exe
[%PROFILE_TEMP%]\72exmodul32d.8.exe
[%PROFILE_TEMP%]\73exmodul32s.4.exe
[%PROFILE_TEMP%]\81exmodul32e.d.exe
[%PROFILE_TEMP%]\82exmodul32d.8.exe
[%PROFILE_TEMP%]\83exinjs.h.exe
[%PROFILE_TEMP%]\86exmodul32d.1.exe
[%PROFILE_TEMP%]\92exinjs.h.exe
[%PROFILE_TEMP%]\94exmodul32e.d.exe
[%PROFILE_TEMP%]\96exmodul32c.3.exe
[%PROFILE_TEMP%]\96exmodul32e.d.exe
[%PROFILE_TEMP%]\98exmodul32d.1.exe
[%PROFILE_TEMP%]\modul32c.3.exe
[%PROFILE_TEMP%]\modul32d.1.exe
[%PROFILE_TEMP%]\modul32d.4.exe
[%PROFILE_TEMP%]\modul32d.7.exe
[%PROFILE_TEMP%]\modul32d.8.exe
[%PROFILE_TEMP%]\modul32d.b.exe

Removing Crusc:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Vxidl.AZS Trojan Removal
Amitis Trojan Information
Small.gks Downloader Removal instruction

Posted by at No comments:

Syfoin Trojan

Removing Syfoin
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Syfoin Also known as:

[Kaspersky]Backdoor.Win32.Pakes,Trojan.Win32.Agent.afj,Trojan-Dropper.MSPPoint.Agent.z;
[Other]Win32/Syfoin.C,Win32/Syfoin.H,Infostealer
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\sysinfo.exe
[%SYSTEM%]\kavlg
[%SYSTEM%]\kavlg.exe
[%SYSTEM%]\sysinfo.exe
[%SYSTEM%]\kavlg
[%SYSTEM%]\kavlg.exe

How to detect Syfoin:

Files:
[%SYSTEM%]\sysinfo.exe
[%SYSTEM%]\kavlg
[%SYSTEM%]\kavlg.exe
[%SYSTEM%]\sysinfo.exe
[%SYSTEM%]\kavlg
[%SYSTEM%]\kavlg.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2b6486ac-f193-cbca-0403-050108050003}

Removing Syfoin:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Aniquro Toolbar
Glieder Trojan Information
SpeakHeavy DoS Information
Sambus RAT Cleaner

Posted by at No comments:

Zango.TV.Times Adware

Removing Zango.TV.Times
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\zango tv times.lnk
[%WINDOWS%]\nkd.exe
[%DESKTOP%]\zango tv times.lnk
[%WINDOWS%]\nkd.exe

How to detect Zango.TV.Times:

Files:
[%DESKTOP%]\zango tv times.lnk
[%WINDOWS%]\nkd.exe
[%DESKTOP%]\zango tv times.lnk
[%WINDOWS%]\nkd.exe

Registry Keys:
HKEY_CLASSES_ROOT\installer\features\99e25b1c0ee771240a274e4782055e71
HKEY_CLASSES_ROOT\installer\products\99e25b1c0ee771240a274e4782055e71

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Zango.TV.Times:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.AJS Trojan Removal instruction
Remove CWS.conyc Hijacker
Pigeon.ESS Trojan Removal
Vxidl.AEQ Trojan Cleaner

Posted by at No comments:

PC.Activity.Monitor.Lite Spyware

Removing PC.Activity.Monitor.Lite
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\Firebird\Firebird_1_5\bin\fbserver.exe
[%DESKTOP%]\pc activity monitor lite.lnk
[%PROGRAM_FILES%]\Firebird\Firebird_1_5\bin\fbserver.exe
[%DESKTOP%]\pc activity monitor lite.lnk

How to detect PC.Activity.Monitor.Lite:

Files:
[%PROGRAM_FILES%]\Firebird\Firebird_1_5\bin\fbserver.exe
[%DESKTOP%]\pc activity monitor lite.lnk
[%PROGRAM_FILES%]\Firebird\Firebird_1_5\bin\fbserver.exe
[%DESKTOP%]\pc activity monitor lite.lnk

Folders:
[%PROGRAMS%]\pc activity monitor lite
[%PROGRAM_FILES%]\pc activity monitor lite

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pc activity monitor lite
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pc activity monitor lite

Removing PC.Activity.Monitor.Lite:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Ursnif Trojan Removal instruction
Win Trojan Removal
SillyDl.DNC Trojan Information
Seekmo.Search.Assistant Adware Removal instruction
NTIT Trojan Removal

Posted by at No comments:

Wenhuu Trojan

Removing Wenhuu
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Wenhuu Also known as:

[Other]Win32/Wenhuu,Win32/Wenhuu.C
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\xboxcenter.dll
[%WINDOWS%]\xboxcenter.dll

How to detect Wenhuu:

Files:
[%WINDOWS%]\xboxcenter.dll
[%WINDOWS%]\xboxcenter.dll

Removing Wenhuu:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing SystemDoctor Trojan
Zombie.version RAT Cleaner
Remove Bancos.GTN Trojan
Pigeon.ASQ Trojan Removal
Remove Intended.Nuke.Pox Backdoor

Posted by at No comments:

StopingSpy Ransomware

Removing StopingSpy
Categories: Ransomware
The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\StopingSpy.lnk
[%DESKTOP%]\StopingSpy.lnk

How to detect StopingSpy:

Files:
[%DESKTOP%]\StopingSpy.lnk
[%DESKTOP%]\StopingSpy.lnk

Folders:
[%PROGRAMS%]\StopingSpy
[%PROGRAM_FILES%]\StopingSpy

Registry Keys:
HKEY_CURRENT_USER\software\stopingspy
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\stopingspy

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing StopingSpy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
MSConnect Adware Information
Bancos.HRZ Trojan Removal
TrojanDownloader.Win32.Agent.nj Downloader Removal
Removing sitesuite.org Tracking Cookie

Posted by at No comments:

Adware.BlogCn Adware

Removing Adware.BlogCn
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Adware.BlogCn Also known as:

[McAfee]Adware-BlogCn;
[Other]Adware.BocaiToolbar
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\bcup.exe
[%SYSTEM%]\bocaitoolbar.dll
[%SYSTEM%]\bcup.exe
[%SYSTEM%]\bocaitoolbar.dll

How to detect Adware.BlogCn:

Files:
[%SYSTEM%]\bcup.exe
[%SYSTEM%]\bocaitoolbar.dll
[%SYSTEM%]\bcup.exe
[%SYSTEM%]\bocaitoolbar.dll

Registry Keys:
HKEY_CLASSES_ROOT\bocaitoolbar.stockbar
HKEY_CLASSES_ROOT\bocaitoolbar.stockbar.1
HKEY_CLASSES_ROOT\clsid\{4da2ee61-6399-4c39-aeb9-0d990e610d29}
HKEY_CLASSES_ROOT\interface\{3855cf44-363b-4e48-b3fd-25736207b27f}
HKEY_CLASSES_ROOT\typelib\{693a1e03-7b1b-41d8-8803-cf9ed9d86070}
HKEY_LOCAL_MACHINE\software\blogchina

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Adware.BlogCn:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Generic.Dialer Adware Information
Pigeon.EDN Trojan Removal instruction
RasDialer Adware Information

Posted by at No comments:

MSWSearch Hijacker

Removing MSWSearch
Categories: Hijacker
A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.
Visible Symptoms:
Files in system folders:
[%COMMON_APPDATA%]\msw\BMan1.exe
[%COMMON_APPDATA%]\msw\BMan1.exe

How to detect MSWSearch:

Files:
[%COMMON_APPDATA%]\msw\BMan1.exe
[%COMMON_APPDATA%]\msw\BMan1.exe

Removing MSWSearch:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Zlob.Fam.SafetyBar Trojan
Bancos.FUJ Trojan Cleaner
Malevolence.Crew.Mail.Spammer Hacker Tool Removal
Bancos.HIR Trojan Cleaner

Posted by at No comments:

Protocol Hijacker Hijacker

Removing Protocol Hijacker
Categories: Hijacker
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\COMMONNAME\TOOLBAR\cnbabe.dll
[%PROGRAM_FILES%]\Crawler\Toolbar\ctbr.dll
[%PROGRAM_FILES%]\ICOO Loader\addons\icoou.dll
[%PROGRAM_FILES%]\rxtoolbar\sfcont.dll
[%PROGRAM_FILES%]\Toolbar\toolbar.dll
[%SYSTEM%]\lmf32v.dll
[%WINDOWS%]\ftpsconfig.dll
[%PROGRAM_FILES%]\COMMONNAME\TOOLBAR\cnbabe.dll
[%PROGRAM_FILES%]\Crawler\Toolbar\ctbr.dll
[%PROGRAM_FILES%]\ICOO Loader\addons\icoou.dll
[%PROGRAM_FILES%]\rxtoolbar\sfcont.dll
[%PROGRAM_FILES%]\Toolbar\toolbar.dll
[%SYSTEM%]\lmf32v.dll
[%WINDOWS%]\ftpsconfig.dll

How to detect Protocol Hijacker:

Files:
[%PROGRAM_FILES%]\COMMONNAME\TOOLBAR\cnbabe.dll
[%PROGRAM_FILES%]\Crawler\Toolbar\ctbr.dll
[%PROGRAM_FILES%]\ICOO Loader\addons\icoou.dll
[%PROGRAM_FILES%]\rxtoolbar\sfcont.dll
[%PROGRAM_FILES%]\Toolbar\toolbar.dll
[%SYSTEM%]\lmf32v.dll
[%WINDOWS%]\ftpsconfig.dll
[%PROGRAM_FILES%]\COMMONNAME\TOOLBAR\cnbabe.dll
[%PROGRAM_FILES%]\Crawler\Toolbar\ctbr.dll
[%PROGRAM_FILES%]\ICOO Loader\addons\icoou.dll
[%PROGRAM_FILES%]\rxtoolbar\sfcont.dll
[%PROGRAM_FILES%]\Toolbar\toolbar.dll
[%SYSTEM%]\lmf32v.dll
[%WINDOWS%]\ftpsconfig.dll

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{0EB00690-8FA1-11D3-96C7-829E3EA50C29}
HKEY_CLASSES_ROOT\clsid\{2ab289ae-4b90-4281-b2ae-1f4bb034b647}
HKEY_CLASSES_ROOT\CLSID\{4A8DADD4-5A25-4d41-8599-CB7458766220}
HKEY_CLASSES_ROOT\CLSID\{4D25FB7A-8902-4291-960E-9ADA051CFBBF}
HKEY_CLASSES_ROOT\CLSID\{86FE362E-74FA-4f71-8B69-B94D28880628}
HKEY_CLASSES_ROOT\CLSID\{9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40}
HKEY_CLASSES_ROOT\CLSID\{994D478A-45D0-4DB4-AE77-288B1E346E99}
HKEY_CLASSES_ROOT\clsid\{da28e0db-229c-4003-827e-96ae15ad90fb}
HKEY_CLASSES_ROOT\CLSID\{DFAA31C8-A356-4313-9D95-5EDAB46C5070}
HKEY_CLASSES_ROOT\CLSID\{FF76A5DA-6158-4439-99FF-EDC1B3FE100C}
HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text\html
HKEY_CLASSES_ROOT\PROTOCOLS\Handler\cn
HKEY_CLASSES_ROOT\protocols\handler\icoo
HKEY_CLASSES_ROOT\PROTOCOLS\Handler\tbr
HKEY_CLASSES_ROOT\PROTOCOLS\Handler\tpro

Removing Protocol Hijacker:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Digital.Upload Backdoor

Posted by at No comments:

Messiah Backdoor

Removing Messiah
Categories: Backdoor,RAT,Hacker Tool
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.
Messiah Also known as:

[Kaspersky]Backdoor.Win32.Messah.10;
[Eset]Win32/Messah.10 trojan;
[Panda]Backdoor Program
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\j4ysrv.exe
[%WINDOWS%]\system\j4ysrv.exe

How to detect Messiah:

Files:
[%WINDOWS%]\system\j4ysrv.exe
[%WINDOWS%]\system\j4ysrv.exe

Registry Keys:
HKEY_LOCAL_MACHINE\software\spy

Removing Messiah:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Public Messenger Trojan Information
PhoneTerror Adware Information
Removing Antispywarebox Adware

Posted by at No comments:

Agent.BGC Trojan

Removing Agent.BGC
Categories: Trojan,Downloader
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
Agent.BGC Also known as:

[Kaspersky]Trojan-Downloader.Win32.Agent.bgc;
[Other]W32/Agent.BFCW,Win32/Atonex.A
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\scvhsot.exe
[%WINDOWS%]\system\scvhsot.exe

How to detect Agent.BGC:

Files:
[%WINDOWS%]\system\scvhsot.exe
[%WINDOWS%]\system\scvhsot.exe

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Agent.BGC:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
PSW.Lmir.ds Trojan Cleaner
PigSearch Trojan Removal
Remove NaviSearch Adware
Shit.Heep RAT Symptoms

Posted by at No comments:

Xupiter.Xjupiter Hijacker

Removing Xupiter.Xjupiter
Categories: Hijacker
A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\winmain.exe
[%PROFILE_TEMP%]\winmain.exe

How to detect Xupiter.Xjupiter:

Files:
[%PROFILE_TEMP%]\winmain.exe
[%PROFILE_TEMP%]\winmain.exe

Folders:
[%PROGRAM_FILES%]\xjupiter

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{266f948a-3dee-4270-8f55-e79accd569fa}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Xupiter.Xjupiter:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bancos.GEH Trojan Cleaner
Acee Trojan Removal instruction
Daemon Trojan Removal
Virus Trojan Removal instruction
Rooter Trojan Cleaner

Posted by at No comments:

Nakter.Affe RAT

Removing Nakter.Affe
Categories: RAT
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
Nakter.Affe Also known as:

[Kaspersky]Backdoor.Nakter;
[McAfee]BackDoor-YF;
[F-Prot]security risk or a "backdoor" program
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\sysw32.exe
[%WINDOWS%]\sysw32.exe

How to detect Nakter.Affe:

Files:
[%WINDOWS%]\sysw32.exe
[%WINDOWS%]\sysw32.exe

Removing Nakter.Affe:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.AEJ Trojan Removal
Error.Inspector Ransomware Cleaner

Posted by at No comments:

CmjSpy Trojan

Removing CmjSpy
Categories: Trojan,Backdoor,RAT
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.
CmjSpy Also known as:

[Kaspersky]Backdoor.CmjSpy.05,Backdoor.CmjSpy.11;
[Eset]Win32/CmjSpy.25.B trojan;
[McAfee]BackDoor-WB;
[F-Prot]security risk or a "backdoor" program;
[Panda]Backdoor Program,Bck/CmjSpy.05,Bck/CmjSpy.11,Backdoor Program.LC;
[Computer Associates]Backdoor/CmjSpy.05!Server,Backdoor/CmjSpy.11!Server,Backdoor/Cmjspy.25.b,Backdoor/Cmjspy.2_1,Backdoor/Cmjspy.B,Backdoor/Cmjspy.L
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\hlicense.vxd
[%WINDOWS%]\system\hlicense.vxd

How to detect CmjSpy:

Files:
[%WINDOWS%]\system\hlicense.vxd
[%WINDOWS%]\system\hlicense.vxd

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing CmjSpy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Wowpa Trojan Cleaner
Remove KeyKap Trojan
Remove IRCBun Trojan
Remove Pigeon.ADN Trojan
Remove Zero.Hunt Trojan

Posted by at No comments:

Web3000 Spyware

Removing Web3000
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\textwiz.lnk
[%WINDOWS%]\instnetmgr.dll
[%WINDOWS%]\w3knet.dll
[%WINDOWS%]\w3knet.w3k
[%WINDOWS%]\w3knet2.num
[%WINDOWS%]\w3knetp.w3k
[%WINDOWS%]\w3knet_rbt.dll
[%WINDOWS%]\w3knet_w3i.dll
[%WINDOWS%]\w3kpopup.dll
[%WINDOWS%]\w3kselfinst.exe
[%DESKTOP%]\textwiz.lnk
[%WINDOWS%]\instnetmgr.dll
[%WINDOWS%]\w3knet.dll
[%WINDOWS%]\w3knet.w3k
[%WINDOWS%]\w3knet2.num
[%WINDOWS%]\w3knetp.w3k
[%WINDOWS%]\w3knet_rbt.dll
[%WINDOWS%]\w3knet_w3i.dll
[%WINDOWS%]\w3kpopup.dll
[%WINDOWS%]\w3kselfinst.exe

How to detect Web3000:

Files:
[%DESKTOP%]\textwiz.lnk
[%WINDOWS%]\instnetmgr.dll
[%WINDOWS%]\w3knet.dll
[%WINDOWS%]\w3knet.w3k
[%WINDOWS%]\w3knet2.num
[%WINDOWS%]\w3knetp.w3k
[%WINDOWS%]\w3knet_rbt.dll
[%WINDOWS%]\w3knet_w3i.dll
[%WINDOWS%]\w3kpopup.dll
[%WINDOWS%]\w3kselfinst.exe
[%DESKTOP%]\textwiz.lnk
[%WINDOWS%]\instnetmgr.dll
[%WINDOWS%]\w3knet.dll
[%WINDOWS%]\w3knet.w3k
[%WINDOWS%]\w3knet2.num
[%WINDOWS%]\w3knetp.w3k
[%WINDOWS%]\w3knet_rbt.dll
[%WINDOWS%]\w3knet_w3i.dll
[%WINDOWS%]\w3kpopup.dll
[%WINDOWS%]\w3kselfinst.exe

Folders:
[%PROGRAMS%]\textwiz 1.5
[%PROGRAM_FILES%]\textwiz

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\textwiz_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\web3000 network
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\xtractor plus_is1
HKEY_LOCAL_MACHINE\software\web3000.com

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_USERS\.default\software

Removing Web3000:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Doubletrouble Hostile Code Cleaner
Perfect.Keylogger Spyware Removal instruction
TrojanDropper.JS.Mimail Trojan Information
Pigeon.AWHW Trojan Removal

Posted by at No comments:

Abetterinternet.Transponder Adware

Removing Abetterinternet.Transponder
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\newdevin.exe
[%SYSTEM%]\newdevin.exe

How to detect Abetterinternet.Transponder:

Files:
[%SYSTEM%]\newdevin.exe
[%SYSTEM%]\newdevin.exe

Removing Abetterinternet.Transponder:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Vxidl.AJD Trojan Symptoms
Removing FreeWire Worm
Removing Backdoor.Splintex Backdoor
Remove Desktop.kazaa.com Tracking Cookie

Posted by at No comments:

Home.Key.Logger Spyware

Removing Home.Key.Logger
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\temp.fr????\FAQ.html
[%PROFILE_TEMP%]\temp.fr????\LICENSE.TXT
[%PROFILE_TEMP%]\temp.fr????\Links\Download lastest version.url
[%PROFILE_TEMP%]\temp.fr????\Links\Mail to support.url
[%PROFILE_TEMP%]\temp.fr????\Links\Program's home page.url
[%PROFILE_TEMP%]\temp.fr????\Links\Try Family Key Logger.url
[%PROFILE_TEMP%]\temp.fr????\OtherProducts.html
[%PROFILE_TEMP%]\temp.fr????\QuickStart.html
[%PROFILE_TEMP%]\temp.fr????\README.TXT
[%PROGRAM_FILES%]\HomeKeyLogger\KeyLogger.dll
[%PROGRAM_FILES%]\HomeKeyLogger\KeyLogger.exe
[%PROGRAM_FILES%]\home keylogger\homekeylogger-setup.exe
[%PROFILE_TEMP%]\temp.fr????\FAQ.html
[%PROFILE_TEMP%]\temp.fr????\LICENSE.TXT
[%PROFILE_TEMP%]\temp.fr????\Links\Download lastest version.url
[%PROFILE_TEMP%]\temp.fr????\Links\Mail to support.url
[%PROFILE_TEMP%]\temp.fr????\Links\Program's home page.url
[%PROFILE_TEMP%]\temp.fr????\Links\Try Family Key Logger.url
[%PROFILE_TEMP%]\temp.fr????\OtherProducts.html
[%PROFILE_TEMP%]\temp.fr????\QuickStart.html
[%PROFILE_TEMP%]\temp.fr????\README.TXT
[%PROGRAM_FILES%]\HomeKeyLogger\KeyLogger.dll
[%PROGRAM_FILES%]\HomeKeyLogger\KeyLogger.exe
[%PROGRAM_FILES%]\home keylogger\homekeylogger-setup.exe

How to detect Home.Key.Logger:

Files:
[%PROFILE_TEMP%]\temp.fr????\FAQ.html
[%PROFILE_TEMP%]\temp.fr????\LICENSE.TXT
[%PROFILE_TEMP%]\temp.fr????\Links\Download lastest version.url
[%PROFILE_TEMP%]\temp.fr????\Links\Mail to support.url
[%PROFILE_TEMP%]\temp.fr????\Links\Program's home page.url
[%PROFILE_TEMP%]\temp.fr????\Links\Try Family Key Logger.url
[%PROFILE_TEMP%]\temp.fr????\OtherProducts.html
[%PROFILE_TEMP%]\temp.fr????\QuickStart.html
[%PROFILE_TEMP%]\temp.fr????\README.TXT
[%PROGRAM_FILES%]\HomeKeyLogger\KeyLogger.dll
[%PROGRAM_FILES%]\HomeKeyLogger\KeyLogger.exe
[%PROGRAM_FILES%]\home keylogger\homekeylogger-setup.exe
[%PROFILE_TEMP%]\temp.fr????\FAQ.html
[%PROFILE_TEMP%]\temp.fr????\LICENSE.TXT
[%PROFILE_TEMP%]\temp.fr????\Links\Download lastest version.url
[%PROFILE_TEMP%]\temp.fr????\Links\Mail to support.url
[%PROFILE_TEMP%]\temp.fr????\Links\Program's home page.url
[%PROFILE_TEMP%]\temp.fr????\Links\Try Family Key Logger.url
[%PROFILE_TEMP%]\temp.fr????\OtherProducts.html
[%PROFILE_TEMP%]\temp.fr????\QuickStart.html
[%PROFILE_TEMP%]\temp.fr????\README.TXT
[%PROGRAM_FILES%]\HomeKeyLogger\KeyLogger.dll
[%PROGRAM_FILES%]\HomeKeyLogger\KeyLogger.exe
[%PROGRAM_FILES%]\home keylogger\homekeylogger-setup.exe

Folders:
[%PROGRAMS%]\home key logger
[%PROGRAM_FILES%]\homekeylogger
[%STARTMENU%]\programs\home key logger
[%PROFILE%]\start menu\programs\home key logger

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\homekeylogger

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Home.Key.Logger:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Staff.Copp Spyware Information

Posted by at No comments:

GMSoft Adware

Removing GMSoft
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

How to detect GMSoft:

Registry Keys:
HKEY_CURRENT_USER\software\gmsoft
HKEY_CURRENT_USER\software\gsoft
HKEY_LOCAL_MACHINE\software\gmsoft

Removing GMSoft:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bancos.AEY Trojan Information

Posted by at No comments:
Subscribe to: Posts (Atom)