Malware Info: 12/06/08

Saturday, December 6, 2008

Chat.Watch Spyware

Removing Chat.Watch
Categories: Spyware
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

Visible Symptoms:
Files in system folders:

 
[%DESKTOP%]\Chat Watch.lnk
[%DESKTOP%]\Chat Watch.lnk

How to detect Chat.Watch:

Files: [%DESKTOP%]\Chat Watch.lnk [%DESKTOP%]\Chat Watch.lnk

Folders: [%APPDATA%]\cw4_log [%PROGRAMS%]\Chat Watch 4 [%PROGRAM_FILES%]\CW4

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Chat.Watch:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing SearchSquire Adware
Removing Pigeon.AVAJ Trojan
TWD.Remote.Anything RAT Removal instruction
AntiVermins Adware Information

Jokcn Downloader

Removing Jokcn
Categories: Downloader
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

Jokcn Also known as:


[Kaspersky]Trojan-Downloader.Win32.Ieser.w,AdWare.Win32.Ejik.g,AdWare.Win32.Ejik.q;
[McAfee]Downloader-ACH;
[Other]Win32/Jokcn.C,Downloader,Win32/Jokcn.D,W32/Malware.BIBN,Win32/Jokcn.F,Trojan.Adclicker,Win32/Jokcn.H,Win32/Jokcn.I

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\resiifers.ini
[%WINDOWS%]\98032C.exe
[%WINDOWS%]\acdsee321.dll
[%WINDOWS%]\my_70320.exe
[%WINDOWS%]\system\zhqb32.dll
[%WINDOWS%]\zhqbdf16.ini
[%WINDOWS%]\zsmsdf32.ini
[%SYSTEM%]\resiifers.ini
[%WINDOWS%]\98032C.exe
[%WINDOWS%]\acdsee321.dll
[%WINDOWS%]\my_70320.exe
[%WINDOWS%]\system\zhqb32.dll
[%WINDOWS%]\zhqbdf16.ini
[%WINDOWS%]\zsmsdf32.ini

How to detect Jokcn:

Files: [%SYSTEM%]\resiifers.ini [%WINDOWS%]\98032C.exe [%WINDOWS%]\acdsee321.dll [%WINDOWS%]\my_70320.exe [%WINDOWS%]\system\zhqb32.dll [%WINDOWS%]\zhqbdf16.ini [%WINDOWS%]\zsmsdf32.ini [%SYSTEM%]\resiifers.ini [%WINDOWS%]\98032C.exe [%WINDOWS%]\acdsee321.dll [%WINDOWS%]\my_70320.exe [%WINDOWS%]\system\zhqb32.dll [%WINDOWS%]\zhqbdf16.ini [%WINDOWS%]\zsmsdf32.ini

Registry Keys: HKEY_CLASSES_ROOT\clsid\{16c6167b-fed4-4cee-8951-134c9a345da2} HKEY_CLASSES_ROOT\clsid\{242f800b-2172-4659-a381-476b66e3de2a} HKEY_CLASSES_ROOT\clsid\{956d977e-3ee4-460f-8cd2-23cdeabbdc94} HKEY_CLASSES_ROOT\clsid\{c1ba80ee-2fb8-4c8d-bac9-938215e539c5} HKEY_CLASSES_ROOT\kdcvbehbwgviz.tiebhocom\clsid HKEY_CLASSES_ROOT\tirqikts.tiebhocom HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{16c6167b-fed4-4cee-8951-134c9a345da2} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{242f800b-2172-4659-a381-476b66e3de2a} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{956d977e-3ee4-460f-8cd2-23cdeabbdc94} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c1ba80ee-2fb8-4c8d-bac9-938215e539c5}

Removing Jokcn:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Virtumonde Trojan Symptoms
Removing Agent.ac Adware
IntraKey Spyware Information
Removing Blurp Trojan
Bancos.HWJ Trojan Cleaner

Hogle Trojan

Removing Hogle
Categories: Trojan,BHO,Backdoor,Hijacker,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Hogle Also known as:


[Kaspersky]TrojanProxy.Win32.Agent.e;
[Panda]Bck/Ranck.E;
[Computer Associates]Backdoor/Hogle,Win32.Hogle.A

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\bmeb.dll
[%WINDOWS%]\hpinfo32.exe
[%WINDOWS%]\hpk.dll
[%WINDOWS%]\hpm.dll
[%WINDOWS%]\system\bmeb.dll
[%SYSTEM%]\bmeb.dll
[%WINDOWS%]\hpinfo32.exe
[%WINDOWS%]\hpk.dll
[%WINDOWS%]\hpm.dll
[%WINDOWS%]\system\bmeb.dll

How to detect Hogle:

Files: [%SYSTEM%]\bmeb.dll [%WINDOWS%]\hpinfo32.exe [%WINDOWS%]\hpk.dll [%WINDOWS%]\hpm.dll [%WINDOWS%]\system\bmeb.dll [%SYSTEM%]\bmeb.dll [%WINDOWS%]\hpinfo32.exe [%WINDOWS%]\hpk.dll [%WINDOWS%]\hpm.dll [%WINDOWS%]\system\bmeb.dll

Registry Keys: HKEY_CLASSES_ROOT\clsid\{0aaf602e-72a1-45fe-bab1-06971e07eaa2} HKEY_CLASSES_ROOT\clsid\{753aa023-02d1-447d-8b55-53a91a5abf18} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{753aa023-02d1-447d-8b55-53a91a5abf18} HKEY_LOCAL_MACHINE\software\classes\clsid\{0aaf602e-72a1-45fe-bab1-06971e07eaa2} HKEY_LOCAL_MACHINE\software\classes\clsid\{753aa023-02d1-447d-8b55-53a91a5abf18} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{753aa023-02d1-447d-8b55-53a91a5abf18}

Registry Values: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Hogle:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Becon Trojan Removal

Computer.Keylogger Spyware

Removing Computer.Keylogger
Categories: Spyware
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

Visible Symptoms:
Files in system folders:

 
[%DESKTOP%]\ComputerKeylogger.com Full.lnk
[%DESKTOP%]\ComputerKeylogger.com Full.lnk

How to detect Computer.Keylogger:

Files: [%DESKTOP%]\ComputerKeylogger.com Full.lnk [%DESKTOP%]\ComputerKeylogger.com Full.lnk

Folders: [%PROGRAMS%]\ETN Software\ComputerKeylogger.com Full [%PROGRAM_FILES%]\ETNKL

Removing Computer.Keylogger:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
ServerSeven RAT Removal instruction
Remove Sin.Static.Ip RAT
Removing Netsphere Trojan
cbmall.com Tracking Cookie Symptoms

X10 Tracking Cookie

Removing X10
Categories: Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

How to detect X10:

Folders: [%APPDATA%]\x1ff

Registry Keys: HKEY_CLASSES_ROOT\appid\{9b3c2a48-df6a-4364-9961-1c80f0ba83b3} HKEY_CLASSES_ROOT\CLSID\{CE7EF827-47CC-48EB-B570-C367F1E1277E} HKEY_CLASSES_ROOT\interface\{d9e03192-5849-4ae2-b76a-204820e6860c} HKEY_CLASSES_ROOT\typelib\{a981f8f6-4505-4670-8d38-96a3e894d5be} HKEY_CLASSES_ROOT\x1ff.xbrowse HKEY_CLASSES_ROOT\x1ff.xbrowse.1 HKEY_CLASSES_ROOT\clsid\{ce7ef827-47cc-48eb-b570-c367f1e1277e} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ce7ef827-47cc-48eb-b570-c367f1e1277e}

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects

Removing X10:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bancos.GES Trojan Symptoms
Bancos.FZF Trojan Information
Removing Vxidl.BAM Trojan

Adload.dd Trojan

Removing Adload.dd
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

How to detect Adload.dd:

Registry Keys: HKEY_CLASSES_ROOT\clsid\{e3db689e-cf95-40c3-a0b2-24e04956741a} HKEY_CLASSES_ROOT\prjbdunionmini20060717.cfiledownload HKEY_CLASSES_ROOT\prjbdunionmini20060717.cvsvirus

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Adload.dd:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
AOL.Admin Trojan Symptoms
Removing Dluca.ag Downloader
Helios.Bot RAT Removal instruction
Win32.Spy.Agent Trojan Removal
atflash.com Tracking Cookie Removal

Xlocator.Winlocator Adware

Removing Xlocator.Winlocator
Categories: Adware,BHO,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\winlocator.dll
[%SYSTEM%]\winlocatorhelper.dll
[%WINDOWS%]\system\winlocator.dll
[%WINDOWS%]\system\winlocatorhelper.dll
[%SYSTEM%]\winlocator.dll
[%SYSTEM%]\winlocatorhelper.dll
[%WINDOWS%]\system\winlocator.dll
[%WINDOWS%]\system\winlocatorhelper.dll

How to detect Xlocator.Winlocator:

Files: [%SYSTEM%]\winlocator.dll [%SYSTEM%]\winlocatorhelper.dll [%WINDOWS%]\system\winlocator.dll [%WINDOWS%]\system\winlocatorhelper.dll [%SYSTEM%]\winlocator.dll [%SYSTEM%]\winlocatorhelper.dll [%WINDOWS%]\system\winlocator.dll [%WINDOWS%]\system\winlocatorhelper.dll

Registry Keys: HKEY_CLASSES_ROOT\clsid\{89aeab46-8e8a-4045-9003-5614bfbfe90b} HKEY_CLASSES_ROOT\clsid\{8f0d6eed-bc11-4e7f-8276-9748947e4a50} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{89aeab46-8e8a-4045-9003-5614bfbfe90b} HKEY_LOCAL_MACHINE\software\classes\clsid\{89aeab46-8e8a-4045-9003-5614bfbfe90b} HKEY_LOCAL_MACHINE\software\classes\clsid\{8f0d6eed-bc11-4e7f-8276-9748947e4a50} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{89aeab46-8e8a-4045-9003-5614bfbfe90b}

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar

Removing Xlocator.Winlocator:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Sears.com Spyware
DeskAd.Service Adware Removal
Svs Trojan Cleaner

Banker.akx Spyware

Removing Banker.akx
Categories: Spyware
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

How to detect Banker.akx:

Folders: [%WINDOWS%]\filespro [%WINDOWS%]\winnavps

Registry Keys: HKEY_CURRENT_USER\irwftp

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Banker.akx:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Illusion Trojan Cleaner

ISTbar.AUpdate Hijacker

Removing ISTbar.AUpdate
Categories: Hijacker
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.

Visible Symptoms:
Files in system folders:

 
[%PROFILE_TEMP%]\istsv_.exe
[%PROGRAM_FILES%]\ISTsvc\istsvc.exe
[%SYSTEM%]\aupdate.exe
[%SYSTEM%]\aupdate_uninstall.exe
[%PROFILE_TEMP%]\istsv_.exe
[%PROGRAM_FILES%]\ISTsvc\istsvc.exe
[%SYSTEM%]\aupdate.exe
[%SYSTEM%]\aupdate_uninstall.exe

How to detect ISTbar.AUpdate:

Files: [%PROFILE_TEMP%]\istsv_.exe [%PROGRAM_FILES%]\ISTsvc\istsvc.exe [%SYSTEM%]\aupdate.exe [%SYSTEM%]\aupdate_uninstall.exe [%PROFILE_TEMP%]\istsv_.exe [%PROGRAM_FILES%]\ISTsvc\istsvc.exe [%SYSTEM%]\aupdate.exe [%SYSTEM%]\aupdate_uninstall.exe

Registry Keys: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\uninstall\ms aupdate HKEY_LOCAL_MACHINE\typelib\{69550be2-9a78-11d2-ba91-00600827878d}

Removing ISTbar.AUpdate:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Msgmess Trojan
Adultoweb Adware Removal instruction
Rustock Trojan Cleaner
Removing Dadobra.eu Downloader
Remove Delcur Trojan

Motd Backdoor

Removing Motd
Categories: Backdoor,RAT
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.

Motd Also known as:


[Kaspersky]Backdoor.MOTD;
[McAfee]BackDoor-GG;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/Motd;
[Computer Associates]Backdoor/Motd.10,Win32.MOTD.10

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\system\rplcsz.exe
[%WINDOWS%]\system\rplcsz.exe

How to detect Motd:

Files: [%WINDOWS%]\system\rplcsz.exe [%WINDOWS%]\system\rplcsz.exe

Removing Motd:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Estalive Adware Removal instruction
Luder Trojan Cleaner
Remove GloboSearch Trojan

SillyDl.DHA Trojan

Removing SillyDl.DHA
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

SillyDl.DHA Also known as:


[Kaspersky]AdWare.Win32.BHO.gx;
[McAfee]Adware-BHO.gen;
[Other]Win32/SillyDl.DHA,Trojan.Adclicker,TROJ_DROPPER.CRT

How to detect SillyDl.DHA:

Registry Keys: HKEY_CLASSES_ROOT\appid\bho_adw.dll HKEY_CLASSES_ROOT\appid\{91c9ce76-9eb1-4a77-92a1-27c44dbbfeee} HKEY_CLASSES_ROOT\bho_adw.bhoad HKEY_CLASSES_ROOT\bho_adw.bhoad.1 HKEY_CLASSES_ROOT\clsid\{85589b5d-d53d-4237-a677-46b82ea275f3} HKEY_CLASSES_ROOT\interface\{9ca1536d-5689-40ca-b92a-f646301517d7} HKEY_CLASSES_ROOT\typelib\{09dc28c6-bce2-42b1-b3ea-8ab82f0f3b0a} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{85589b5d-d53d-4237-a677-46b82ea275f3}

Removing SillyDl.DHA:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove GateCrasher.Final Trojan
Spurf DoS Removal
Removing BettInet Trojan
Chusk Trojan Symptoms

SillyDl.CUT Downloader

Removing SillyDl.CUT
Categories: Downloader
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

SillyDl.CUT Also known as:


[Other]Win32/SillyDl.CUT

How to detect SillyDl.CUT:

Registry Values: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing SillyDl.CUT:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Iani Backdoor Cleaner
Remove Intended.Varicella Trojan
Pigeon.ESF Trojan Cleaner
Small.mk Trojan Cleaner
Remove System.Pro Spyware

Apropo Downloader

Removing Apropo
Categories: Downloader,Trojan
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

How to detect Apropo:

Registry Keys: HKEY_CLASSES_ROOT\CLSID\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} HKEY_CLASSES_ROOT\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} HKEY_CLASSES_ROOT\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} HKEY_CLASSES_ROOT\Interface\{B548B7D8-3D03-4AED-A6A1-4251FAD00C10} HKEY_CLASSES_ROOT\Interface\{B99A727F-0782-4A71-BCC2-6E1E66414904} HKEY_CLASSES_ROOT\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} HKEY_LOCAL_MACHINE\Software\AutoLoader HKEY_LOCAL_MACHINE\SOFTWARE\Envolo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AproposClient

Removing Apropo:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
OneStat Tracking Cookie Removal instruction
Remove ShareAll Trojan
TrojanClicker.Win32.Myxq Trojan Information
Bacteria Trojan Information
Jeru.1716a Trojan Removal instruction

CWS.MUpdate Trojan

Removing CWS.MUpdate
Categories: Trojan,Hijacker
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.

CWS.MUpdate Also known as:


[Kaspersky]Trojan.Win32.StartPage.bb,Trojan.Win32.WebSearch.a;
[Panda]Trj/StartPage.BD;
[Computer Associates]Win32.Startpage.U,Win32/SearchPage.U!Trojan

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\mupdate.exe
[%WINDOWS%]\system\mupdate.exe
[%SYSTEM%]\mupdate.exe
[%WINDOWS%]\system\mupdate.exe

How to detect CWS.MUpdate:

Files: [%SYSTEM%]\mupdate.exe [%WINDOWS%]\system\mupdate.exe [%SYSTEM%]\mupdate.exe [%WINDOWS%]\system\mupdate.exe

Removing CWS.MUpdate:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
CrackedEarth Hijacker Cleaner
Win32.PSW.Prostor Trojan Symptoms
Remove Vursime Trojan

Azara Trojan

Removing Azara
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Azara Also known as:


[Panda]Trojan Horse;
[Computer Associates]Win32.Azara,Win32.Myss.T,Win32/Krepper!Trojan,Win32/Myss.T!Trojan

How to detect Azara:

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Azara:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Fuwu Trojan
Remove DotCom Adware

Adware.Baidu Trojan

Removing Adware.Baidu
Categories: Trojan,Adware,Toolbar
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

Adware.Baidu Also known as:


[McAfee]Adware-Baidu;
[Panda]Adware/6781ToolBar

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\advport.dll
[%SYSTEM%]\wbem\ocmor.dll
[%SYSTEM%]\agyst.dll
[%SYSTEM%]\lqbag.dll
[%SYSTEM%]\wbem\kblfu.dll
[%SYSTEM%]\wbem\vicqr.dll
[%WINDOWS%]\toolsp.exe
[%SYSTEM%]\advport.dll
[%SYSTEM%]\wbem\ocmor.dll
[%SYSTEM%]\agyst.dll
[%SYSTEM%]\lqbag.dll
[%SYSTEM%]\wbem\kblfu.dll
[%SYSTEM%]\wbem\vicqr.dll
[%WINDOWS%]\toolsp.exe

How to detect Adware.Baidu:

Files: [%SYSTEM%]\advport.dll [%SYSTEM%]\wbem\ocmor.dll [%SYSTEM%]\agyst.dll [%SYSTEM%]\lqbag.dll [%SYSTEM%]\wbem\kblfu.dll [%SYSTEM%]\wbem\vicqr.dll [%WINDOWS%]\toolsp.exe [%SYSTEM%]\advport.dll [%SYSTEM%]\wbem\ocmor.dll [%SYSTEM%]\agyst.dll [%SYSTEM%]\lqbag.dll [%SYSTEM%]\wbem\kblfu.dll [%SYSTEM%]\wbem\vicqr.dll [%WINDOWS%]\toolsp.exe

Folders: [%PROGRAM_FILES%]\superutilbar [%PROGRAM_FILES%]\supertoolbar

Registry Keys: HKEY_CLASSES_ROOT\6781.toolbar HKEY_CLASSES_ROOT\6781.toolbar.1 HKEY_CLASSES_ROOT\6781.toolbarloader HKEY_CLASSES_ROOT\6781.toolbarloader.1 HKEY_CLASSES_ROOT\CLSID\{03465FF5-00AE-411A-9C34-960ED566EC03} HKEY_CLASSES_ROOT\CLSID\{6CFD436C-7AAD-4E50-992F-C0C87A94CAD2} HKEY_CLASSES_ROOT\typelib\{03d0c547-ebad-43d9-8b57-de16e7a93b52} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6CFD436C-7AAD-4E50-992F-C0C87A94CAD2} HKEY_CLASSES_ROOT\clsid\{03465ff5-00ae-411a-9c34-960ed566ec03} HKEY_CLASSES_ROOT\clsid\{6cfd436c-7aad-4e50-992f-c0c87a94cad2} HKEY_LOCAL_MACHINE\software\03d0c547-ebad-43d9-8b57-de16e7a93b52 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6cfd436c-7aad-4e50-992f-c0c87a94cad2} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ÊµÓÃËÑË÷¹¤¾ßÌõ

Registry Values: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar

Removing Adware.Baidu:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
BlueAngel Trojan Information
Borlander Downloader Information
Bancos.FVL Trojan Information
VirusLocker Ransomware Symptoms
SillyDl.BBT Trojan Removal instruction

SillyDl.DOQ Downloader

Removing SillyDl.DOQ
Categories: Downloader
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

SillyDl.DOQ Also known as:


[Kaspersky]Backdoor.Win32.Small.cpj;
[Other]Win32/SillyDl.DOQ Removed

Visible Symptoms:
Files in system folders:

 
[%PROFILE_TEMP%]\wan2.exe
[%SYSTEM%]\msvcsl.dll
[%SYSTEM%]\ntd.exe
[%PROFILE_TEMP%]\wan2.exe
[%SYSTEM%]\msvcsl.dll
[%SYSTEM%]\ntd.exe

How to detect SillyDl.DOQ:

Files: [%PROFILE_TEMP%]\wan2.exe [%SYSTEM%]\msvcsl.dll [%SYSTEM%]\ntd.exe [%PROFILE_TEMP%]\wan2.exe [%SYSTEM%]\msvcsl.dll [%SYSTEM%]\ntd.exe

Removing SillyDl.DOQ:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
MSWSearch Hijacker Removal
Removing VX2 Adware
STIEBar Adware Removal instruction

Clodpuntor Trojan

Removing Clodpuntor
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Clodpuntor Also known as:


[Kaspersky]Trojan-Proxy.Win32.Agent.ji,Email-Worm.Win32.Zhelatin.hc;
[Other]Win32/Clodpuntor.L,Win32/Clodpuntor.P,Trojan.SpamThru,Win32/Clodpuntor.Q,Win32/Clodpuntor.S

How to detect Clodpuntor:

Registry Values: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list

Removing Clodpuntor:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Pigeon.EHE Trojan
Removing Spy.CQMA Trojan
Windows.Remote RAT Cleaner
Remove YapBrowser Adware
Removing Win32.Pulpit Trojan

Adsense.Helper.Object Adware

Removing Adsense.Helper.Object
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

How to detect Adsense.Helper.Object:

Folders: [%PROGRAM_FILES%]\Adsense Helper Object

Registry Keys: HKEY_CLASSES_ROOT\clsid\{b313d637-f405-4052-ac37-e2119ab3c8f8} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\ browser helper objects\{b313d637-f405-4052-ac37-e2119ab3c8f8}

Removing Adsense.Helper.Object:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing TrojanDownloader.Win32.Envolo Downloader
Remove Small.he Trojan
superSpy.Beta RAT Symptoms

FavoriteMan.SpyAssault BHO

Removing FavoriteMan.SpyAssault
Categories: BHO
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\ss32.dll
[%WINDOWS%]\system\ss32.dll
[%SYSTEM%]\ss32.dll
[%WINDOWS%]\system\ss32.dll

How to detect FavoriteMan.SpyAssault:

Files: [%SYSTEM%]\ss32.dll [%WINDOWS%]\system\ss32.dll [%SYSTEM%]\ss32.dll [%WINDOWS%]\system\ss32.dll

Registry Keys: HKEY_CLASSES_ROOT\clsid\{ebbd88e5-c372-469d-b4c5-1fe00352ab9b} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{ebbd88e5-c372-469d-b4c5-1fe00352ab9b} HKEY_CLASSES_ROOT\typelib\{ebbd88e5-c372-469d-b4c5-1fe00352ab9b} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ebbd88e5-c372-469d-b4c5-1fe00352ab9b}

Removing FavoriteMan.SpyAssault:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Vxidl.BAC Trojan Cleaner
Leandro Trojan Removal instruction
Pigeon.ERM Trojan Removal

Network1.Popups Adware

Removing Network1.Popups
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:

 
[%PROGRAM_FILES%]\joystick networks\setup\myurlsagain.exe
[%WINDOWS%]\hisistheurls.exe
[%WINDOWS%]\mm63.ocx
[%WINDOWS%]\a64sddd.exe
[%WINDOWS%]\newpop447.exe
[%WINDOWS%]\newpop61.exe
[%WINDOWS%]\newpop62.exe
[%WINDOWS%]\newpop63.exe
[%WINDOWS%]\sixtypopsix.exe
[%PROGRAM_FILES%]\joystick networks\setup\myurlsagain.exe
[%WINDOWS%]\hisistheurls.exe
[%WINDOWS%]\mm63.ocx
[%WINDOWS%]\a64sddd.exe
[%WINDOWS%]\newpop447.exe
[%WINDOWS%]\newpop61.exe
[%WINDOWS%]\newpop62.exe
[%WINDOWS%]\newpop63.exe
[%WINDOWS%]\sixtypopsix.exe

How to detect Network1.Popups:

Files: [%PROGRAM_FILES%]\joystick networks\setup\myurlsagain.exe [%WINDOWS%]\hisistheurls.exe [%WINDOWS%]\mm63.ocx [%WINDOWS%]\a64sddd.exe [%WINDOWS%]\newpop447.exe [%WINDOWS%]\newpop61.exe [%WINDOWS%]\newpop62.exe [%WINDOWS%]\newpop63.exe [%WINDOWS%]\sixtypopsix.exe [%PROGRAM_FILES%]\joystick networks\setup\myurlsagain.exe [%WINDOWS%]\hisistheurls.exe [%WINDOWS%]\mm63.ocx [%WINDOWS%]\a64sddd.exe [%WINDOWS%]\newpop447.exe [%WINDOWS%]\newpop61.exe [%WINDOWS%]\newpop62.exe [%WINDOWS%]\newpop63.exe [%WINDOWS%]\sixtypopsix.exe

Registry Keys: HKEY_CLASSES_ROOT\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9} HKEY_CLASSES_ROOT\interface\{674a6bd5-317a-49cf-9647-1e085e660ce0} HKEY_CLASSES_ROOT\interface\{7f9e4594-fcd3-48e5-a53e-d554b2ad303a} HKEY_CLASSES_ROOT\interface\{a6a98ecf-0080-4f46-b716-0cfef2db6320} HKEY_CLASSES_ROOT\interface\{a9136cfd-fd01-41b8-9969-0b37720ed8ab} HKEY_CLASSES_ROOT\interface\{ad29366c-63aa-4ff3-944f-91ad7193bca2} HKEY_CLASSES_ROOT\interface\{b2eeda99-da99-4d0d-9f7f-143c30521388} HKEY_CLASSES_ROOT\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\media-motor

Registry Values: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\popuppers.com HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Network1.Popups:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Intelliflag Spyware Symptoms
TrojanDownloader.Win32.Turown Hijacker Information
Wincontrol Trojan Symptoms
SillyDl.AFX Trojan Removal
Win32.PowerSpider Trojan Cleaner

Mitglieder Trojan

Removing Mitglieder
Categories: Trojan,Spyware,Worm,Downloader,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
Worms can be classified by installation method, launch method and finally according
to characteristics standard to all malware: polymorphism, stealth etc.

Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.

The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Mitglieder Also known as:


[Kaspersky]TrojanProxy.Win32.Agent.q;
[Eset]Win32/TrojanProxy.Agent.Q trojan;
[Panda]W32/Mitglieder.A.worm,Trj/Deboal.A,Trj/Downloader.EL,Trj/Agent.E;
[Computer Associates]Win32.Mitglieder.N,Win32/Bagle.10240.2!Worm,Win32.Mitglieder.D,Win32/Amidel.A!Trojan,Win32.Mitglieder.AR,Win32/Mitglieder!Proxy!Trojan,Win32.SuxxProxy.A;
[Other]Win32/Mitglieder.EC,Win32/Mitglieder/EE

Visible Symptoms:
Files in system folders:

 
[%PROFILE_TEMP%]\~2.exe
[%PROFILE_TEMP%]\~7.exe
[%PROFILE_TEMP%]\~??.ee
[%PROFILE_TEMP%]\~???.ee
[%SYSTEM%]\ban_list.txt
[%SYSTEM%]\system.exe
[%SYSTEM%]\wintems.exe
[%PROFILE_TEMP%]\wk_163.exe
[%PROFILE_TEMP%]\wk_224.exe
[%PROFILE_TEMP%]\wk_225.exe
[%PROFILE_TEMP%]\wk_238.exe
[%PROFILE_TEMP%]\wk_4b4.exe
[%PROFILE_TEMP%]\wk_4cd.exe
[%PROFILE_TEMP%]\wk_4da.exe
[%PROFILE_TEMP%]\wk_4df.exe
[%PROFILE_TEMP%]\~2.exe
[%PROFILE_TEMP%]\~7.exe
[%PROFILE_TEMP%]\~??.ee
[%PROFILE_TEMP%]\~???.ee
[%SYSTEM%]\ban_list.txt
[%SYSTEM%]\system.exe
[%SYSTEM%]\wintems.exe
[%PROFILE_TEMP%]\wk_163.exe
[%PROFILE_TEMP%]\wk_224.exe
[%PROFILE_TEMP%]\wk_225.exe
[%PROFILE_TEMP%]\wk_238.exe
[%PROFILE_TEMP%]\wk_4b4.exe
[%PROFILE_TEMP%]\wk_4cd.exe
[%PROFILE_TEMP%]\wk_4da.exe
[%PROFILE_TEMP%]\wk_4df.exe

How to detect Mitglieder:

Files: [%PROFILE_TEMP%]\~2.exe [%PROFILE_TEMP%]\~7.exe [%PROFILE_TEMP%]\~??.ee [%PROFILE_TEMP%]\~???.ee [%SYSTEM%]\ban_list.txt [%SYSTEM%]\system.exe [%SYSTEM%]\wintems.exe [%PROFILE_TEMP%]\wk_163.exe [%PROFILE_TEMP%]\wk_224.exe [%PROFILE_TEMP%]\wk_225.exe [%PROFILE_TEMP%]\wk_238.exe [%PROFILE_TEMP%]\wk_4b4.exe [%PROFILE_TEMP%]\wk_4cd.exe [%PROFILE_TEMP%]\wk_4da.exe [%PROFILE_TEMP%]\wk_4df.exe [%PROFILE_TEMP%]\~2.exe [%PROFILE_TEMP%]\~7.exe [%PROFILE_TEMP%]\~??.ee [%PROFILE_TEMP%]\~???.ee [%SYSTEM%]\ban_list.txt [%SYSTEM%]\system.exe [%SYSTEM%]\wintems.exe [%PROFILE_TEMP%]\wk_163.exe [%PROFILE_TEMP%]\wk_224.exe [%PROFILE_TEMP%]\wk_225.exe [%PROFILE_TEMP%]\wk_238.exe [%PROFILE_TEMP%]\wk_4b4.exe [%PROFILE_TEMP%]\wk_4cd.exe [%PROFILE_TEMP%]\wk_4da.exe [%PROFILE_TEMP%]\wk_4df.exe

Registry Keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c691a33-7dda-4c2f-be4c-c176083f35cf}

Registry Values: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Mitglieder:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Upidet Trojan Cleaner
Removing Bancos.HGP Trojan
Removing Snake's.Server.Build RAT

Lookup.Sbus BHO

Removing Lookup.Sbus
Categories: BHO,Hijacker,Toolbar
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\sbus.dll
[%WINDOWS%]\system\sbus.dll
[%SYSTEM%]\sbus.dll
[%WINDOWS%]\system\sbus.dll

How to detect Lookup.Sbus:

Files: [%SYSTEM%]\sbus.dll [%WINDOWS%]\system\sbus.dll [%SYSTEM%]\sbus.dll [%WINDOWS%]\system\sbus.dll

Registry Keys: HKEY_CLASSES_ROOT\clsid\{19a447ba-9c2e-4864-93f5-a0645229771e} HKEY_CLASSES_ROOT\clsid\{1b13bf1b-a528-4cc4-b5bf-553caa6487ac} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{19a447ba-9c2e-4864-93f5-a0645229771e} HKEY_LOCAL_MACHINE\software\classes\clsid\{19a447ba-9c2e-4864-93f5-a0645229771e} HKEY_LOCAL_MACHINE\software\classes\clsid\{1b13bf1b-a528-4cc4-b5bf-553caa6487ac} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{19a447ba-9c2e-4864-93f5-a0645229771e}

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar

Removing Lookup.Sbus:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing PStats.com Tracking Cookie
Unexplained.Server Trojan Information
Remove Seclining!generic Trojan
Removing SpyAnywhere Spyware
Invisible.Stealth.Keylogger Spyware Removal instruction

Adware.LinkMaker Adware

Removing Adware.LinkMaker
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Adware.LinkMaker Also known as:


[McAfee]Adware-LinkMaker;
[Other]Adware.LinkMaker

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\pixk5gp2.phy
[%SYSTEM%]\iqqr.exe
[%SYSTEM%]\wfxqhv.exe
[%SYSTEM%]\xeymi.dll
[%SYSTEM%]\zqskw.exe
[%SYSTEM%]\pixk5gp2.phy
[%SYSTEM%]\iqqr.exe
[%SYSTEM%]\wfxqhv.exe
[%SYSTEM%]\xeymi.dll
[%SYSTEM%]\zqskw.exe

How to detect Adware.LinkMaker:

Files: [%SYSTEM%]\pixk5gp2.phy [%SYSTEM%]\iqqr.exe [%SYSTEM%]\wfxqhv.exe [%SYSTEM%]\xeymi.dll [%SYSTEM%]\zqskw.exe [%SYSTEM%]\pixk5gp2.phy [%SYSTEM%]\iqqr.exe [%SYSTEM%]\wfxqhv.exe [%SYSTEM%]\xeymi.dll [%SYSTEM%]\zqskw.exe

Registry Keys: HKEY_CLASSES_ROOT\clsid\{b5f86455-bf18-4e12-965a-6642a0ac0549} HKEY_CLASSES_ROOT\interface\{522ef89b-532c-4889-b5c5-fbc80236a603} HKEY_CLASSES_ROOT\typelib\{80c0e6bc-1228-47d7-9876-b67ad181477e} HKEY_CLASSES_ROOT\xsdu.bqok HKEY_CLASSES_ROOT\xsdu.ozbyq HKEY_LOCAL_MACHINE\software\jijyl HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\g5a2 HKEY_CLASSES_ROOT\clsid\{d623bc2f-a58d-4a75-a10d-cc244a702a35} HKEY_CLASSES_ROOT\xsdu HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d623bc2f-a58d-4a75-a10d-cc244a702a35}

Registry Values: HKEY_CLASSES_ROOT\protocols\filter\text/html HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Adware.LinkMaker:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bat.ServU.based Trojan Symptoms
Provder Backdoor Symptoms
MoneyTree Adware Information
Remove Keylogger.Express Spyware
Removing GDE3 Trojan

FilterProgram Ransomware

Removing FilterProgram
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.

If the victim opens/executes the attachment, the program encrypts
a number of files on the victim's computer. A ransom note is then left behind for the victim.

The victim will be unable to open the encrypted files without the correct decryption key.
Once the ransom demanded in the ransom note is paid, the cracker may (or may not)
send the decryption key, enabling decryption of the "kidnapped" files.

FilterProgram Also known as:


[Kaspersky]Downloader.Win32.WinFixer.cs;
[Other]Win32/WinFixer

Visible Symptoms:
Files in system folders:

 
[%APPDATA%]\FilterProgram\Abbr
[%APPDATA%]\FilterProgram\ProdCode
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\FilterProgram unregistered.lnk
[%DESKTOP%]\FilterProgram unregistered.lnk
[%APPDATA%]\FilterProgram\Abbr
[%APPDATA%]\FilterProgram\ProdCode
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\FilterProgram unregistered.lnk
[%DESKTOP%]\FilterProgram unregistered.lnk

How to detect FilterProgram:

Files: [%APPDATA%]\FilterProgram\Abbr [%APPDATA%]\FilterProgram\ProdCode [%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\FilterProgram unregistered.lnk [%DESKTOP%]\FilterProgram unregistered.lnk [%APPDATA%]\FilterProgram\Abbr [%APPDATA%]\FilterProgram\ProdCode [%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\FilterProgram unregistered.lnk [%DESKTOP%]\FilterProgram unregistered.lnk

Folders: [%COMMON_PROGRAMS%]\FilterProgram [%PROGRAM_FILES%]\FilterProgram [%PROGRAM_FILES_COMMON%]\FilterProgram

Registry Keys: HKEY_CLASSES_ROOT\cleanerscleaner.cleanerscleanerobj HKEY_CLASSES_ROOT\cleanerscleaner.cleanerscleanerobj.1 HKEY_CLASSES_ROOT\clsid\{7d4ffde7-20c0-45a8-99ea-e9ddee9f617d} HKEY_CLASSES_ROOT\typelib\{7a0257e0-1406-4c5f-b016-5108159a099f} HKEY_CURRENT_USER\software\filterprogram HKEY_LOCAL_MACHINE\software\filterprogram HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\gdc1_is1

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing FilterProgram:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bancos.GRZ Trojan Removal

Zhongsou Adware

Removing Zhongsou
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

Zhongsou Also known as:


[Other]W32/Zhongsou.A,ADW_ZHONGSOU.A

How to detect Zhongsou:

Registry Keys: HKEY_CLASSES_ROOT\snhpr.csnhpr HKEY_CLASSES_ROOT\snhpr.csnhpr.1 HKEY_CLASSES_ROOT\clsid\{2a0176fe-008b-4706-90f5-bba532a49731} HKEY_CLASSES_ROOT\interface\{d1afed83-9133-4660-8c8f-daf1b4a3d5a8} HKEY_CLASSES_ROOT\typelib\{e8d3778f-47d3-4f1f-9245-3d46856936e4} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2a0176fe-008b-4706-90f5-bba532a49731}

Removing Zhongsou:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Obnar Trojan Removal instruction
Bancos.IMG Trojan Cleaner
Removing Viresals Trojan
W95.Mort Trojan Cleaner
Removing Townews Adware

Small.bp Downloader

Removing Small.bp
Categories: Downloader
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

Visible Symptoms:
Files in system folders:

 
[%PROFILE%]\applic~1\aneestdpea.lib
[%PROFILE%]\applic~1\aybgwarn.htm
[%PROFILE%]\applic~1\aybwarn.htm
[%PROFILE%]\applic~1\ckcoofrunea.exe
[%PROFILE%]\applic~1\ddinxmdb.exe
[%PROFILE%]\applic~1\dgpxzhtb.exe
[%PROFILE%]\applic~1\djgxsbcl.exe
[%PROFILE%]\applic~1\efjwxjsl.exe
[%PROFILE%]\applic~1\eneqckap.exe
[%PROFILE%]\applic~1\flmgvmas.exe
[%PROFILE%]\applic~1\fqbhyhjh.exe
[%PROFILE%]\applic~1\gchmfrea.exe
[%PROFILE%]\applic~1\gqlfiqii.exe
[%PROFILE%]\applic~1\gzxqpghe.exe
[%PROFILE%]\applic~1\hlsctpay.exe
[%PROFILE%]\applic~1\idixbdmf.exe
[%PROFILE%]\applic~1\lckqdcvd.exe
[%PROFILE%]\applic~1\lkxelvrg.exe
[%PROFILE%]\applic~1\llssalycshh.dll
[%PROFILE%]\applic~1\mspuztbg.exe
[%PROFILE%]\applic~1\nimylprv.exe
[%PROFILE%]\applic~1\ovnolxvi.exe
[%PROFILE%]\applic~1\pbgqwhoj.exe
[%PROFILE%]\applic~1\qwxgxlrv.exe
[%PROFILE%]\applic~1\sefiqovd.exe
[%PROFILE%]\applic~1\taecoidy.exe
[%PROFILE%]\applic~1\trmugnsu.exe
[%PROFILE%]\applic~1\uljpmexe.exe
[%PROFILE%]\applic~1\xxdfwvli.exe
[%PROFILE%]\applic~1\ysaebwco.exe
[%PROFILE%]\applic~1\zvpkxxtu.exe
[%PROFILE%]\applic~1\zvxcypnh.exe
[%PROFILE%]\applic~1\aneestdpea.lib
[%PROFILE%]\applic~1\aybgwarn.htm
[%PROFILE%]\applic~1\aybwarn.htm
[%PROFILE%]\applic~1\ckcoofrunea.exe
[%PROFILE%]\applic~1\ddinxmdb.exe
[%PROFILE%]\applic~1\dgpxzhtb.exe
[%PROFILE%]\applic~1\djgxsbcl.exe
[%PROFILE%]\applic~1\efjwxjsl.exe
[%PROFILE%]\applic~1\eneqckap.exe
[%PROFILE%]\applic~1\flmgvmas.exe
[%PROFILE%]\applic~1\fqbhyhjh.exe
[%PROFILE%]\applic~1\gchmfrea.exe
[%PROFILE%]\applic~1\gqlfiqii.exe
[%PROFILE%]\applic~1\gzxqpghe.exe
[%PROFILE%]\applic~1\hlsctpay.exe
[%PROFILE%]\applic~1\idixbdmf.exe
[%PROFILE%]\applic~1\lckqdcvd.exe
[%PROFILE%]\applic~1\lkxelvrg.exe
[%PROFILE%]\applic~1\llssalycshh.dll
[%PROFILE%]\applic~1\mspuztbg.exe
[%PROFILE%]\applic~1\nimylprv.exe
[%PROFILE%]\applic~1\ovnolxvi.exe
[%PROFILE%]\applic~1\pbgqwhoj.exe
[%PROFILE%]\applic~1\qwxgxlrv.exe
[%PROFILE%]\applic~1\sefiqovd.exe
[%PROFILE%]\applic~1\taecoidy.exe
[%PROFILE%]\applic~1\trmugnsu.exe
[%PROFILE%]\applic~1\uljpmexe.exe
[%PROFILE%]\applic~1\xxdfwvli.exe
[%PROFILE%]\applic~1\ysaebwco.exe
[%PROFILE%]\applic~1\zvpkxxtu.exe
[%PROFILE%]\applic~1\zvxcypnh.exe

How to detect Small.bp:

Files: [%PROFILE%]\applic~1\aneestdpea.lib [%PROFILE%]\applic~1\aybgwarn.htm [%PROFILE%]\applic~1\aybwarn.htm [%PROFILE%]\applic~1\ckcoofrunea.exe [%PROFILE%]\applic~1\ddinxmdb.exe [%PROFILE%]\applic~1\dgpxzhtb.exe [%PROFILE%]\applic~1\djgxsbcl.exe [%PROFILE%]\applic~1\efjwxjsl.exe [%PROFILE%]\applic~1\eneqckap.exe [%PROFILE%]\applic~1\flmgvmas.exe [%PROFILE%]\applic~1\fqbhyhjh.exe [%PROFILE%]\applic~1\gchmfrea.exe [%PROFILE%]\applic~1\gqlfiqii.exe [%PROFILE%]\applic~1\gzxqpghe.exe [%PROFILE%]\applic~1\hlsctpay.exe [%PROFILE%]\applic~1\idixbdmf.exe [%PROFILE%]\applic~1\lckqdcvd.exe [%PROFILE%]\applic~1\lkxelvrg.exe [%PROFILE%]\applic~1\llssalycshh.dll [%PROFILE%]\applic~1\mspuztbg.exe [%PROFILE%]\applic~1\nimylprv.exe [%PROFILE%]\applic~1\ovnolxvi.exe [%PROFILE%]\applic~1\pbgqwhoj.exe [%PROFILE%]\applic~1\qwxgxlrv.exe [%PROFILE%]\applic~1\sefiqovd.exe [%PROFILE%]\applic~1\taecoidy.exe [%PROFILE%]\applic~1\trmugnsu.exe [%PROFILE%]\applic~1\uljpmexe.exe [%PROFILE%]\applic~1\xxdfwvli.exe [%PROFILE%]\applic~1\ysaebwco.exe [%PROFILE%]\applic~1\zvpkxxtu.exe [%PROFILE%]\applic~1\zvxcypnh.exe [%PROFILE%]\applic~1\aneestdpea.lib [%PROFILE%]\applic~1\aybgwarn.htm [%PROFILE%]\applic~1\aybwarn.htm [%PROFILE%]\applic~1\ckcoofrunea.exe [%PROFILE%]\applic~1\ddinxmdb.exe [%PROFILE%]\applic~1\dgpxzhtb.exe [%PROFILE%]\applic~1\djgxsbcl.exe [%PROFILE%]\applic~1\efjwxjsl.exe [%PROFILE%]\applic~1\eneqckap.exe [%PROFILE%]\applic~1\flmgvmas.exe [%PROFILE%]\applic~1\fqbhyhjh.exe [%PROFILE%]\applic~1\gchmfrea.exe [%PROFILE%]\applic~1\gqlfiqii.exe [%PROFILE%]\applic~1\gzxqpghe.exe [%PROFILE%]\applic~1\hlsctpay.exe [%PROFILE%]\applic~1\idixbdmf.exe [%PROFILE%]\applic~1\lckqdcvd.exe [%PROFILE%]\applic~1\lkxelvrg.exe [%PROFILE%]\applic~1\llssalycshh.dll [%PROFILE%]\applic~1\mspuztbg.exe [%PROFILE%]\applic~1\nimylprv.exe [%PROFILE%]\applic~1\ovnolxvi.exe [%PROFILE%]\applic~1\pbgqwhoj.exe [%PROFILE%]\applic~1\qwxgxlrv.exe [%PROFILE%]\applic~1\sefiqovd.exe [%PROFILE%]\applic~1\taecoidy.exe [%PROFILE%]\applic~1\trmugnsu.exe [%PROFILE%]\applic~1\uljpmexe.exe [%PROFILE%]\applic~1\xxdfwvli.exe [%PROFILE%]\applic~1\ysaebwco.exe [%PROFILE%]\applic~1\zvpkxxtu.exe [%PROFILE%]\applic~1\zvxcypnh.exe

Removing Small.bp:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Pigeon.AGY Trojan
Snackdoor Backdoor Cleaner
Zlob.Fam.Video ActiveX Access Trojan Cleaner

Internal Trojan

Removing Internal
Categories: Trojan,Backdoor,RAT,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Internal Also known as:


[Eset]Win32/Internal trojan;
[Panda]Trj/Internal;
[Computer Associates]Win32.Internal,Win32/Internal!PWS!Trojan

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\internal.exe
[%WINDOWS%]\internal.exe

How to detect Internal:

Files: [%WINDOWS%]\internal.exe [%WINDOWS%]\internal.exe

Removing Internal:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
GoGoTools Adware Cleaner
Sasser.E Worm Symptoms
Win32.TrojanDownloader.Qoologic Downloader Removal instruction
My.Way.Speedbar Toolbar Symptoms

HydroLeak.beta Spyware

Removing HydroLeak.beta
Categories: Spyware,Backdoor,RAT,Hacker Tool
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.

HydroLeak.beta Also known as:


[Kaspersky]Backdoor.HydroLeak.b1;
[Eset]Win32/HydroLeak.B1 trojan;
[McAfee]BackDoor-ACY;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/HydroLeak.B1;
[Computer Associates]Backdoor/Latinus_Server_family

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\msmachine.exe
[%WINDOWS%]\msmachine.exe

How to detect HydroLeak.beta:

Files: [%WINDOWS%]\msmachine.exe [%WINDOWS%]\msmachine.exe

Removing HydroLeak.beta:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
TrojanDownloader.Win32.Small.qt Downloader Cleaner
Neol Backdoor Information
Win32.TrojanDownloader.Keenval Trojan Removal
System Alert Popu Trojan Removal instruction
Pisces Trojan Symptoms

Millenium Trojan

Removing Millenium
Categories: Trojan,Backdoor,RAT
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

Millenium Also known as:


[Kaspersky]Backdoor.Millenium.b,Backdoor.Millenium.a;
[McAfee]BackDoor-L;
[F-Prot]security risk or a "backdoor" program;
[Panda]Backdoor Program,Bck/Millenium.B,Backdoor Program.LC,Trj/Millenium;
[Computer Associates]Backdoor/Millenium_II!Client,Win32/ICQUpdater!Trojan,Backdoor/Millenium.VB!Server

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\system\hool.exe
[%WINDOWS%]\system\reg66.exe
[%WINDOWS%]\system\hool.exe
[%WINDOWS%]\system\reg66.exe

How to detect Millenium:

Files: [%WINDOWS%]\system\hool.exe [%WINDOWS%]\system\reg66.exe [%WINDOWS%]\system\hool.exe [%WINDOWS%]\system\reg66.exe

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Millenium:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Dluca.by Trojan Removal

FDoS.AIMPunt Trojan

Removing FDoS.AIMPunt
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

FDoS.AIMPunt Also known as:


[McAfee]FDoS-AIMPunt

How to detect FDoS.AIMPunt:

Folders: [%PROGRAM_FILES%]\windowssa

Registry Keys: HKEY_CLASSES_ROOT\interface\{491be5b7-a7f8-40ec-aad4-cba11fdfd814} HKEY_CLASSES_ROOT\typelib\{29358aa6-679d-44ea-8a51-59a3c6e6f811}

Registry Values: HKEY_CURRENT_USER\software\microsoft\search assistant

Removing FDoS.AIMPunt:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Cidra Trojan Cleaner

Bancos.IJG Trojan

Removing Bancos.IJG
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Bancos.IJG Also known as:


[Kaspersky]Trojan-Spy.Win32.Bancos.ana;
[Other]Infostealer

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\dll\chvhost.exe
[%SYSTEM%]\dll\chvhost.exe

How to detect Bancos.IJG:

Files: [%SYSTEM%]\dll\chvhost.exe [%SYSTEM%]\dll\chvhost.exe

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Bancos.IJG:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
enilef Downloader Symptoms
Contextual Adware Removal instruction
Removing webspyshield Ransomware

Dlena.an Trojan

Removing Dlena.an
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\rpcc.dll
[%SYSTEM%]\rpcc.dll

How to detect Dlena.an:

Files: [%SYSTEM%]\rpcc.dll [%SYSTEM%]\rpcc.dll

Registry Values: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc

Removing Dlena.an:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
KeyToPorn Trojan Removal instruction
Remove Engage.com Tracking Cookie
Bancos.IDO Trojan Information
SpyAssassin Adware Removal

Voonda Toolbar

Removing Voonda
Categories: Toolbar
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

How to detect Voonda:

Folders: [%PROGRAM_FILES%]\dynamic toolbar\taf\cache

Registry Keys: HKEY_LOCAL_MACHINE\software\classes\clsid\{4e7bd74f-2b8d-469e-d4ff-eb2cf4d5fa7d} HKEY_LOCAL_MACHINE\software\classes\taf.taf HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4e7bd74f-2b8d-469e-d4ff-eb2cf4d5fa7d}

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/taf.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/taf.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\taf HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\taf

Removing Voonda:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.AWJW Trojan Cleaner
CWS.PayForTraffic.net BHO Cleaner
WhenU.WeatherCast Adware Symptoms

Coder Adware

Removing Coder
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\downloaded program files\ieloader.dll
[%WINDOWS%]\downloaded program files\ieloader.dll

How to detect Coder:

Files: [%WINDOWS%]\downloaded program files\ieloader.dll [%WINDOWS%]\downloaded program files\ieloader.dll

Folders: [%WINDOWS%]\coder

Registry Keys: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:\windows\downloaded program files\ieloader.dll HKEY_CLASSES_ROOT\clsid\{00000000-cddc-0704-0b53-2c8830e9faec} HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-cddc-0704-0b53-2c8830e9faec} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{00000000-cddc-0704-0b53-2c8830e9faec} HKEY_LOCAL_MACHINE\software\microsoft\codestoredatabase\distributionunits\{00000000-cddc-0704-0b53-2c8830e9faec} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\ieloader.dll

Removing Coder:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing ebgames.com Tracking Cookie
Bancos.INF Trojan Removal instruction
Zango.Sudoku Adware Information
Bancos.HLD Trojan Information
Zep Trojan Symptoms

Lufoure Trojan

Removing Lufoure
Categories: Trojan,Downloader
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Trojans-downloaders downloads and installs new malware or adware on the computer.

Lufoure Also known as:


[Kaspersky]Trojan-Dwonloader.Win32.VB.adg,Trojan-spy.win32.Sters.v,Trojan-Spy.Win32.Sters.w,Trojan.Win32.VB.afy,Trojan-SPy.Win32.Sters.ab,Trojan.Win32.VB.aez;
[McAfee]Generic VB.c,BackDoor-CWW;
[Other]Win32/Lufoure!downloader,Win32/Lufoure.S,win32/Lufoure.T,Win32/Lufoure.U,Infostealer,Win32/Lufoure.V,Downloader,W32/Agent.MDJ,Troj/VB-SY,Win32/Lufoure.Y,Win32/Lufoure.Z

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\ieschedule.exe
[%SYSTEM%]\ieschedule.exe

How to detect Lufoure:

Files: [%SYSTEM%]\ieschedule.exe [%SYSTEM%]\ieschedule.exe

Removing Lufoure:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove VB.wg Downloader
Bancos.GUU Trojan Symptoms
Doubletrouble Hostile Code Information

Blog Archive

About Me

Saturday, December 6, 2008

How to detect Chat.Watch:

Removing Chat.Watch:

How to detect Jokcn:

Removing Jokcn:

How to detect Hogle:

Removing Hogle:

How to detect Computer.Keylogger:

Removing Computer.Keylogger:

How to detect X10:

Removing X10:

How to detect Adload.dd:

Removing Adload.dd:

How to detect Xlocator.Winlocator:

Removing Xlocator.Winlocator:

How to detect Banker.akx:

Removing Banker.akx:

How to detect ISTbar.AUpdate:

Removing ISTbar.AUpdate:

How to detect Motd:

Removing Motd:

How to detect SillyDl.DHA:

Removing SillyDl.DHA:

How to detect SillyDl.CUT:

Removing SillyDl.CUT:

How to detect Apropo:

Removing Apropo:

How to detect CWS.MUpdate:

Removing CWS.MUpdate:

How to detect Azara:

Removing Azara:

How to detect Adware.Baidu:

Removing Adware.Baidu:

How to detect SillyDl.DOQ:

Removing SillyDl.DOQ:

How to detect Clodpuntor:

Removing Clodpuntor:

How to detect Adsense.Helper.Object:

Removing Adsense.Helper.Object:

How to detect FavoriteMan.SpyAssault:

Removing FavoriteMan.SpyAssault:

How to detect Network1.Popups:

Removing Network1.Popups:

How to detect Mitglieder:

Removing Mitglieder:

How to detect Lookup.Sbus:

Removing Lookup.Sbus:

How to detect Adware.LinkMaker:

Removing Adware.LinkMaker:

How to detect FilterProgram:

Removing FilterProgram:

How to detect Zhongsou:

Removing Zhongsou:

How to detect Small.bp:

Removing Small.bp:

How to detect Internal:

Removing Internal:

How to detect HydroLeak.beta:

Removing HydroLeak.beta:

How to detect Millenium:

Removing Millenium:

How to detect FDoS.AIMPunt:

Removing FDoS.AIMPunt:

How to detect Bancos.IJG:

Removing Bancos.IJG:

How to detect Dlena.an:

Removing Dlena.an:

How to detect Voonda:

Removing Voonda:

How to detect Coder:

Removing Coder:

How to detect Lufoure:

Removing Lufoure: