Sunday, December 7, 2008

Mate.Watcher Spyware

Removing Mate.Watcher
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Visible Symptoms:
Files in system folders:
[%PROGRAMS%]\Double-click to start Control Panel Software.lnk
[%PROGRAMS%]\Double-click to start Control Panel Software.lnk

How to detect Mate.Watcher:

Files:
[%PROGRAMS%]\Double-click to start Control Panel Software.lnk
[%PROGRAMS%]\Double-click to start Control Panel Software.lnk

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\control panel software
HKEY_LOCAL_MACHINE\software\userfriendlyproducts, inc.

Removing Mate.Watcher:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Winsock.Packet.Editor Trojan Removal
Removing Pigeon.AVVK Trojan
ASpam.Amcis BHO Information
Cerene Trojan Information

Posted by at No comments:

Moses Backdoor

Removing Moses
Categories: Backdoor,RAT
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
Moses Also known as:

[Kaspersky]Backdoor.Moses.115,Backdoor.Win32.Moses.115;
[McAfee]BackDoor-PA;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/Moses.115;
[Computer Associates]Win32.Moses.115,Backdoor/Moses.115,Backdoor/Moses.115!Installer
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\userprof.dll
[%WINDOWS%]\system\userprof.dll

How to detect Moses:

Files:
[%WINDOWS%]\system\userprof.dll
[%WINDOWS%]\system\userprof.dll

Removing Moses:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing WindFind Trojan
New.Malware.as Trojan Cleaner
XferPro32 Downloader Removal
Bancos.APK Trojan Cleaner

Posted by at No comments:

QuickSearch Toolbar

Removing QuickSearch
Categories: Toolbar
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\New29.tmp\upgrade.cab
[%PROFILE_TEMP%]\New93.tmp\upgrade.exe
[%WINDOWS%]\NDNuninstall6_34.exe
[%PROFILE_TEMP%]\New29.tmp\upgrade.cab
[%PROFILE_TEMP%]\New93.tmp\upgrade.exe
[%WINDOWS%]\NDNuninstall6_34.exe

How to detect QuickSearch:

Files:
[%PROFILE_TEMP%]\New29.tmp\upgrade.cab
[%PROFILE_TEMP%]\New93.tmp\upgrade.exe
[%WINDOWS%]\NDNuninstall6_34.exe
[%PROFILE_TEMP%]\New29.tmp\upgrade.cab
[%PROFILE_TEMP%]\New93.tmp\upgrade.exe
[%WINDOWS%]\NDNuninstall6_34.exe

Folders:
[%PROGRAMS%]\quicksearch

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{3c368c4a-827f-4f25-9c52-371bdf049912}
HKEY_CLASSES_ROOT\CLSID\{82315A18-6CFB-44a7-BDFD-90E36537C252}
HKEY_CLASSES_ROOT\interface\{141a9a62-342f-4154-a456-d29917e80b45}
HKEY_CLASSES_ROOT\interface\{d9855da1-8ba7-4f08-b138-874ae7a2d2d2}
HKEY_CLASSES_ROOT\quicksearch.desksearchband
HKEY_CLASSES_ROOT\quicksearch.desksearchband.1
HKEY_CLASSES_ROOT\quicksearch.searchband
HKEY_CLASSES_ROOT\quicksearch.searchband.1
HKEY_CLASSES_ROOT\software\classes\quicksearch.searchband
HKEY_CLASSES_ROOT\typelib\{b7620af8-b460-455a-946f-16f8bf52a9ad}
HKEY_CURRENT_USER\software\quicksearch
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82315A18-6CFB-44a7-BDFD-90E36537C252}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\quicksearch toolbar
HKEY_LOCAL_MACHINE\software\quicksearch
HKEY_CLASSES_ROOT\clsid\{82315a18-6cfb-44a7-bdfd-90e36537c252}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{82315a18-6cfb-44a7-bdfd-90e36537c252}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{82315a18-6cfb-44a7-bdfd-90e36537c252}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\quicksearch

Removing QuickSearch:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Generic.KeyLogger Spyware Information
Qidion Adware Removal instruction
QDel6 Trojan Cleaner
Removing Speakeasy RAT

Posted by at No comments:

FloodDesktop Trojan

Removing FloodDesktop
Categories: Trojan,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.


FloodDesktop Also known as:

[Panda]Trojan Horse;
[Computer Associates]FloodDesktop.A!Trojan
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\ttext.dll
[%WINDOWS%]\ttext.dll

How to detect FloodDesktop:

Files:
[%WINDOWS%]\ttext.dll
[%WINDOWS%]\ttext.dll

Removing FloodDesktop:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Vxidl.APN Trojan Cleaner
PSW.Hooker Trojan Symptoms

Posted by at No comments:

MaxSpeed Adware

Removing MaxSpeed
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

MaxSpeed Also known as:

[Panda]Adware/IEDriver
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\ckz3f3b55cc\Files\sx.htm
[%SYSTEM%]\SearchBar.htm
[%SYSTEM%]\searchx.htm
[%DESKTOP%]\advance your career.url
[%DESKTOP%]\guaranteed approval!!.url
[%DESKTOP%]\meet sexy singles today!!.url
[%SYSTEM%]\maxspeed.exe
[%SYSTEM%]\sb.htm
[%SYSTEM%]\searchbar.htm
[%SYSTEM%]\sx.htm
[%PROFILE_TEMP%]\ckz3f3b55cc\Files\sx.htm
[%SYSTEM%]\SearchBar.htm
[%SYSTEM%]\searchx.htm
[%DESKTOP%]\advance your career.url
[%DESKTOP%]\guaranteed approval!!.url
[%DESKTOP%]\meet sexy singles today!!.url
[%SYSTEM%]\maxspeed.exe
[%SYSTEM%]\sb.htm
[%SYSTEM%]\searchbar.htm
[%SYSTEM%]\sx.htm

How to detect MaxSpeed:

Files:
[%PROFILE_TEMP%]\ckz3f3b55cc\Files\sx.htm
[%SYSTEM%]\SearchBar.htm
[%SYSTEM%]\searchx.htm
[%DESKTOP%]\advance your career.url
[%DESKTOP%]\guaranteed approval!!.url
[%DESKTOP%]\meet sexy singles today!!.url
[%SYSTEM%]\maxspeed.exe
[%SYSTEM%]\sb.htm
[%SYSTEM%]\searchbar.htm
[%SYSTEM%]\sx.htm
[%PROFILE_TEMP%]\ckz3f3b55cc\Files\sx.htm
[%SYSTEM%]\SearchBar.htm
[%SYSTEM%]\searchx.htm
[%DESKTOP%]\advance your career.url
[%DESKTOP%]\guaranteed approval!!.url
[%DESKTOP%]\meet sexy singles today!!.url
[%SYSTEM%]\maxspeed.exe
[%SYSTEM%]\sb.htm
[%SYSTEM%]\searchbar.htm
[%SYSTEM%]\sx.htm

Folders:
[%PROGRAM_FILES%]\maxspeed

Registry Keys:
HKEY_LOCAL_MACHINE\software\maxspeed
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{1A00C40B-DA85-4AA3-A67F-582D9347EECD}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{120e090d-9136-4b78-8258-f0b44b4bd2ac}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{1a00c40b-da85-4aa3-a67f-582d9347eecd}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1a00c40b-da85-4aa3-a67f-582d9347eecd}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{120e090d-9136-4b78-8258-f0b44b4bd2ac}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{120e090d-9136-4b78-8258-f0b44b4bd2ac}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{120e090d-9136-4b78-8258-f0b44b4bd2ac}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{120e090d-9136-4b78-8258-f0b44b4bd2ac}

Removing MaxSpeed:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SillyDl.DKS Trojan Information
SillyDl.CZL Trojan Information

Posted by at No comments:

VTLBar Adware

Removing VTLBar
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\vtlbar1.dll
[%SYSTEM%]\vtlbar1.ini
[%SYSTEM%]\vtlbar1.dll
[%SYSTEM%]\vtlbar1.ini

How to detect VTLBar:

Files:
[%SYSTEM%]\vtlbar1.dll
[%SYSTEM%]\vtlbar1.ini
[%SYSTEM%]\vtlbar1.dll
[%SYSTEM%]\vtlbar1.ini

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{9eac0102-5e61-2312-bc2d-76746c56544c}
HKEY_CLASSES_ROOT\typelib\{9eac0102-5e61-2312-bc2b-76746c56544c}
HKEY_CURRENT_USER\software\vtlbar1 vtl
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{9eac0102-5e61-2312-bc2d-76746c56544c}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9eac0102-5e61-2312-bc2d-76746c56544c}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\search toolbar

Removing VTLBar:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing 180Search Assistant Spyware

Posted by at No comments:

WebMail.Spy Spyware

Removing WebMail.Spy
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.
Visible Symptoms:
Files in system folders:
[%PROGRAMS%]\webmail spy 2.0\purchase webmail spy now!.lnk
[%PROGRAMS%]\webmail spy 2.0\readme.lnk
[%PROGRAMS%]\webmail spy 2.0\remove webmail spy 2.0.lnk
[%PROGRAMS%]\webmail spy 2.0\visit exploreanywhere software website.lnk
[%PROGRAMS%]\webmail spy 2.0\webmail spy users guide.lnk
[%PROGRAMS%]\webmail spy 2.0\webmailspy.lnk
[%PROGRAMS%]\webmail spy 2.0\purchase webmail spy now!.lnk
[%PROGRAMS%]\webmail spy 2.0\readme.lnk
[%PROGRAMS%]\webmail spy 2.0\remove webmail spy 2.0.lnk
[%PROGRAMS%]\webmail spy 2.0\visit exploreanywhere software website.lnk
[%PROGRAMS%]\webmail spy 2.0\webmail spy users guide.lnk
[%PROGRAMS%]\webmail spy 2.0\webmailspy.lnk

How to detect WebMail.Spy:

Files:
[%PROGRAMS%]\webmail spy 2.0\purchase webmail spy now!.lnk
[%PROGRAMS%]\webmail spy 2.0\readme.lnk
[%PROGRAMS%]\webmail spy 2.0\remove webmail spy 2.0.lnk
[%PROGRAMS%]\webmail spy 2.0\visit exploreanywhere software website.lnk
[%PROGRAMS%]\webmail spy 2.0\webmail spy users guide.lnk
[%PROGRAMS%]\webmail spy 2.0\webmailspy.lnk
[%PROGRAMS%]\webmail spy 2.0\purchase webmail spy now!.lnk
[%PROGRAMS%]\webmail spy 2.0\readme.lnk
[%PROGRAMS%]\webmail spy 2.0\remove webmail spy 2.0.lnk
[%PROGRAMS%]\webmail spy 2.0\visit exploreanywhere software website.lnk
[%PROGRAMS%]\webmail spy 2.0\webmail spy users guide.lnk
[%PROGRAMS%]\webmail spy 2.0\webmailspy.lnk

Folders:
[%APPDATA%]\wms32data
[%PROGRAMS%]\webmail spy

Registry Keys:
HKEY_LOCAL_MACHINE\software\blazing logic
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\webmail spy

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\webmail spy 2.0
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\webmail spy 2.0

Removing WebMail.Spy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bancos.GOV Trojan Symptoms
Remove XP.Keylogger Spyware
WebDialer Adware Removal instruction
SMS Trojan Removal
BrowserAid Adware Removal

Posted by at No comments:

WebHancer Spyware

Removing WebHancer
Categories: Spyware,BHO,Adware
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

WebHancer Also known as:

[F-Prot]->license.txt;
[Panda]Adware/Xupiter
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\2.txt
[%PROFILE_TEMP%]\b129.exe
[%PROFILE_TEMP%]\RarSFX0\license.txt
[%PROFILE_TEMP%]\RarSFX0\whAgent.ini
[%PROFILE_TEMP%]\temp.fr????
[%PROFILE_TEMP%]\temp.fr????\Programs\webhdll.dll
[%PROFILE_TEMP%]\wh.exe
[%PROFILE_TEMP%]\WZS18.tmp\readme.txt
[%PROFILE_TEMP%]\WZS18.tmp\whInstaller.exe
[%PROFILE_TEMP%]\WZS23.tmp\readme.txt
[%PROFILE_TEMP%]\WZS4.tmp\license.txt
[%PROFILE_TEMP%]\WZS4.tmp\readme.txt
[%PROFILE_TEMP%]\WZS4.tmp\Webhdll.dll
[%PROFILE_TEMP%]\WZS4.tmp\WhAgent.exe
[%PROFILE_TEMP%]\WZS4.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\WZS4.tmp\whInstaller.exe
[%PROFILE_TEMP%]\WZS4.tmp\whInstaller.ini
[%PROFILE_TEMP%]\WZS4.tmp\WhSurvey.exe
[%PROGRAM_FILES%]\em\dohancer\webinstaller.exe
[%PROGRAM_FILES%]\webHancer\Programs\whSurvey.exe
[%PROGRAM_FILES%]\whInstall\license.txt
[%PROGRAM_FILES%]\whInstall\readme.txt
[%PROGRAM_FILES%]\whInstall\whAgent.inf
[%PROGRAM_FILES%]\whInstall\whAgent.ini
[%PROGRAM_FILES%]\whInstall\whInstaller.ini
[%SYSTEM%]\auto_update_uninstall.log
[%WINDOWS%]\b129.exe
[%WINDOWS%]\hancerdoem.exe
[%WINDOWS%]\ntsautodial.ini
[%WINDOWS%]\webhdll(2)(2)(2)(2)(2)(2)(2).dll
[%WINDOWS%]\webhdll(2)(2)(2)(2)(2)(2).dll
[%WINDOWS%]\webhdll(2)(2)(2)(2).dll
[%WINDOWS%]\webhdll(2)(2)(3).dll
[%WINDOWS%]\webhdll.dll
[%WINDOWS%]\webhdll.dll_tobedeleted
[%WINDOWS%]\wh.exe
[%WINDOWS%]\whagent.inf
[%WINDOWS%]\whCC-GIANT.exe
[%WINDOWS%]\whCC-MOTOR.exe
[%WINDOWS%]\whInstaller.exe
[%WINDOWS%]\whInstaller.ini
[%PROGRAM_FILES%]\webHancer\programs\whiehlpr.dll
[%PROFILE%]\administrator\start menu\programs\earn\about earn.lnk
[%PROFILE_TEMP%]\whcc-grokster.exe
[%PROFILE_TEMP%]\wzs105.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzs105.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzs105.tmp\whagent.exe
[%PROFILE_TEMP%]\wzs105.tmp\whagent.inf
[%PROFILE_TEMP%]\wzs105.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzs105.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzs105.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzs105.tmp\whinstaller.ini
[%PROFILE_TEMP%]\wzs46.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzs46.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzs46.tmp\whagent.exe
[%PROFILE_TEMP%]\wzs46.tmp\whagent.inf
[%PROFILE_TEMP%]\wzs46.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzs46.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzs46.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzs46.tmp\whinstaller.ini
[%PROFILE_TEMP%]\wzsb2.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzsb2.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzsb2.tmp\whagent.exe
[%PROFILE_TEMP%]\wzsb2.tmp\whagent.inf
[%PROFILE_TEMP%]\wzsb2.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzsb2.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzsb2.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzsb2.tmp\whinstaller.ini
[%PROFILE_TEMP%]\wzsee.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzsee.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzsee.tmp\whagent.exe
[%PROFILE_TEMP%]\wzsee.tmp\whagent.inf
[%PROFILE_TEMP%]\wzsee.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzsee.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzsee.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzsee.tmp\whinstaller.ini
[%PROGRAMS%]\grokster\grokster.lnk
[%SYSTEM%]\whiehlpr.dll
[%WINDOWS%]\digital signature 20030814.htm
[%WINDOWS%]\downloaded program files\mqgold1.dll
[%WINDOWS%]\lastgood\whagent.inf
[%WINDOWS%]\lastgood\whinstaller.exe
[%WINDOWS%]\system\whiehlpr.dll
[%WINDOWS%]\temp\whagent.inf
[%WINDOWS%]\temp\whcc-grokster.exe
[%WINDOWS%]\temp\whiehlpr.ini
[%WINDOWS%]\temp\whinstaller.exe
[%WINDOWS%]\temp\whinstaller.ini
[%WINDOWS%]\whinstaller.exe
[%WINDOWS%]\whinstaller.ini
[%PROFILE_TEMP%]\2.txt
[%PROFILE_TEMP%]\b129.exe
[%PROFILE_TEMP%]\RarSFX0\license.txt
[%PROFILE_TEMP%]\RarSFX0\whAgent.ini
[%PROFILE_TEMP%]\temp.fr????
[%PROFILE_TEMP%]\temp.fr????\Programs\webhdll.dll
[%PROFILE_TEMP%]\wh.exe
[%PROFILE_TEMP%]\WZS18.tmp\readme.txt
[%PROFILE_TEMP%]\WZS18.tmp\whInstaller.exe
[%PROFILE_TEMP%]\WZS23.tmp\readme.txt
[%PROFILE_TEMP%]\WZS4.tmp\license.txt
[%PROFILE_TEMP%]\WZS4.tmp\readme.txt
[%PROFILE_TEMP%]\WZS4.tmp\Webhdll.dll
[%PROFILE_TEMP%]\WZS4.tmp\WhAgent.exe
[%PROFILE_TEMP%]\WZS4.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\WZS4.tmp\whInstaller.exe
[%PROFILE_TEMP%]\WZS4.tmp\whInstaller.ini
[%PROFILE_TEMP%]\WZS4.tmp\WhSurvey.exe
[%PROGRAM_FILES%]\em\dohancer\webinstaller.exe
[%PROGRAM_FILES%]\webHancer\Programs\whSurvey.exe
[%PROGRAM_FILES%]\whInstall\license.txt
[%PROGRAM_FILES%]\whInstall\readme.txt
[%PROGRAM_FILES%]\whInstall\whAgent.inf
[%PROGRAM_FILES%]\whInstall\whAgent.ini
[%PROGRAM_FILES%]\whInstall\whInstaller.ini
[%SYSTEM%]\auto_update_uninstall.log
[%WINDOWS%]\b129.exe
[%WINDOWS%]\hancerdoem.exe
[%WINDOWS%]\ntsautodial.ini
[%WINDOWS%]\webhdll(2)(2)(2)(2)(2)(2)(2).dll
[%WINDOWS%]\webhdll(2)(2)(2)(2)(2)(2).dll
[%WINDOWS%]\webhdll(2)(2)(2)(2).dll
[%WINDOWS%]\webhdll(2)(2)(3).dll
[%WINDOWS%]\webhdll.dll
[%WINDOWS%]\webhdll.dll_tobedeleted
[%WINDOWS%]\wh.exe
[%WINDOWS%]\whagent.inf
[%WINDOWS%]\whCC-GIANT.exe
[%WINDOWS%]\whCC-MOTOR.exe
[%WINDOWS%]\whInstaller.exe
[%WINDOWS%]\whInstaller.ini
[%PROGRAM_FILES%]\webHancer\programs\whiehlpr.dll
[%PROFILE%]\administrator\start menu\programs\earn\about earn.lnk
[%PROFILE_TEMP%]\whcc-grokster.exe
[%PROFILE_TEMP%]\wzs105.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzs105.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzs105.tmp\whagent.exe
[%PROFILE_TEMP%]\wzs105.tmp\whagent.inf
[%PROFILE_TEMP%]\wzs105.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzs105.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzs105.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzs105.tmp\whinstaller.ini
[%PROFILE_TEMP%]\wzs46.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzs46.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzs46.tmp\whagent.exe
[%PROFILE_TEMP%]\wzs46.tmp\whagent.inf
[%PROFILE_TEMP%]\wzs46.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzs46.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzs46.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzs46.tmp\whinstaller.ini
[%PROFILE_TEMP%]\wzsb2.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzsb2.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzsb2.tmp\whagent.exe
[%PROFILE_TEMP%]\wzsb2.tmp\whagent.inf
[%PROFILE_TEMP%]\wzsb2.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzsb2.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzsb2.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzsb2.tmp\whinstaller.ini
[%PROFILE_TEMP%]\wzsee.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzsee.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzsee.tmp\whagent.exe
[%PROFILE_TEMP%]\wzsee.tmp\whagent.inf
[%PROFILE_TEMP%]\wzsee.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzsee.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzsee.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzsee.tmp\whinstaller.ini
[%PROGRAMS%]\grokster\grokster.lnk
[%SYSTEM%]\whiehlpr.dll
[%WINDOWS%]\digital signature 20030814.htm
[%WINDOWS%]\downloaded program files\mqgold1.dll
[%WINDOWS%]\lastgood\whagent.inf
[%WINDOWS%]\lastgood\whinstaller.exe
[%WINDOWS%]\system\whiehlpr.dll
[%WINDOWS%]\temp\whagent.inf
[%WINDOWS%]\temp\whcc-grokster.exe
[%WINDOWS%]\temp\whiehlpr.ini
[%WINDOWS%]\temp\whinstaller.exe
[%WINDOWS%]\temp\whinstaller.ini
[%WINDOWS%]\whinstaller.exe
[%WINDOWS%]\whinstaller.ini

How to detect WebHancer:

Files:
[%PROFILE_TEMP%]\2.txt
[%PROFILE_TEMP%]\b129.exe
[%PROFILE_TEMP%]\RarSFX0\license.txt
[%PROFILE_TEMP%]\RarSFX0\whAgent.ini
[%PROFILE_TEMP%]\temp.fr????
[%PROFILE_TEMP%]\temp.fr????\Programs\webhdll.dll
[%PROFILE_TEMP%]\wh.exe
[%PROFILE_TEMP%]\WZS18.tmp\readme.txt
[%PROFILE_TEMP%]\WZS18.tmp\whInstaller.exe
[%PROFILE_TEMP%]\WZS23.tmp\readme.txt
[%PROFILE_TEMP%]\WZS4.tmp\license.txt
[%PROFILE_TEMP%]\WZS4.tmp\readme.txt
[%PROFILE_TEMP%]\WZS4.tmp\Webhdll.dll
[%PROFILE_TEMP%]\WZS4.tmp\WhAgent.exe
[%PROFILE_TEMP%]\WZS4.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\WZS4.tmp\whInstaller.exe
[%PROFILE_TEMP%]\WZS4.tmp\whInstaller.ini
[%PROFILE_TEMP%]\WZS4.tmp\WhSurvey.exe
[%PROGRAM_FILES%]\em\dohancer\webinstaller.exe
[%PROGRAM_FILES%]\webHancer\Programs\whSurvey.exe
[%PROGRAM_FILES%]\whInstall\license.txt
[%PROGRAM_FILES%]\whInstall\readme.txt
[%PROGRAM_FILES%]\whInstall\whAgent.inf
[%PROGRAM_FILES%]\whInstall\whAgent.ini
[%PROGRAM_FILES%]\whInstall\whInstaller.ini
[%SYSTEM%]\auto_update_uninstall.log
[%WINDOWS%]\b129.exe
[%WINDOWS%]\hancerdoem.exe
[%WINDOWS%]\ntsautodial.ini
[%WINDOWS%]\webhdll(2)(2)(2)(2)(2)(2)(2).dll
[%WINDOWS%]\webhdll(2)(2)(2)(2)(2)(2).dll
[%WINDOWS%]\webhdll(2)(2)(2)(2).dll
[%WINDOWS%]\webhdll(2)(2)(3).dll
[%WINDOWS%]\webhdll.dll
[%WINDOWS%]\webhdll.dll_tobedeleted
[%WINDOWS%]\wh.exe
[%WINDOWS%]\whagent.inf
[%WINDOWS%]\whCC-GIANT.exe
[%WINDOWS%]\whCC-MOTOR.exe
[%WINDOWS%]\whInstaller.exe
[%WINDOWS%]\whInstaller.ini
[%PROGRAM_FILES%]\webHancer\programs\whiehlpr.dll
[%PROFILE%]\administrator\start menu\programs\earn\about earn.lnk
[%PROFILE_TEMP%]\whcc-grokster.exe
[%PROFILE_TEMP%]\wzs105.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzs105.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzs105.tmp\whagent.exe
[%PROFILE_TEMP%]\wzs105.tmp\whagent.inf
[%PROFILE_TEMP%]\wzs105.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzs105.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzs105.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzs105.tmp\whinstaller.ini
[%PROFILE_TEMP%]\wzs46.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzs46.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzs46.tmp\whagent.exe
[%PROFILE_TEMP%]\wzs46.tmp\whagent.inf
[%PROFILE_TEMP%]\wzs46.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzs46.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzs46.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzs46.tmp\whinstaller.ini
[%PROFILE_TEMP%]\wzsb2.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzsb2.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzsb2.tmp\whagent.exe
[%PROFILE_TEMP%]\wzsb2.tmp\whagent.inf
[%PROFILE_TEMP%]\wzsb2.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzsb2.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzsb2.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzsb2.tmp\whinstaller.ini
[%PROFILE_TEMP%]\wzsee.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzsee.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzsee.tmp\whagent.exe
[%PROFILE_TEMP%]\wzsee.tmp\whagent.inf
[%PROFILE_TEMP%]\wzsee.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzsee.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzsee.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzsee.tmp\whinstaller.ini
[%PROGRAMS%]\grokster\grokster.lnk
[%SYSTEM%]\whiehlpr.dll
[%WINDOWS%]\digital signature 20030814.htm
[%WINDOWS%]\downloaded program files\mqgold1.dll
[%WINDOWS%]\lastgood\whagent.inf
[%WINDOWS%]\lastgood\whinstaller.exe
[%WINDOWS%]\system\whiehlpr.dll
[%WINDOWS%]\temp\whagent.inf
[%WINDOWS%]\temp\whcc-grokster.exe
[%WINDOWS%]\temp\whiehlpr.ini
[%WINDOWS%]\temp\whinstaller.exe
[%WINDOWS%]\temp\whinstaller.ini
[%WINDOWS%]\whinstaller.exe
[%WINDOWS%]\whinstaller.ini
[%PROFILE_TEMP%]\2.txt
[%PROFILE_TEMP%]\b129.exe
[%PROFILE_TEMP%]\RarSFX0\license.txt
[%PROFILE_TEMP%]\RarSFX0\whAgent.ini
[%PROFILE_TEMP%]\temp.fr????
[%PROFILE_TEMP%]\temp.fr????\Programs\webhdll.dll
[%PROFILE_TEMP%]\wh.exe
[%PROFILE_TEMP%]\WZS18.tmp\readme.txt
[%PROFILE_TEMP%]\WZS18.tmp\whInstaller.exe
[%PROFILE_TEMP%]\WZS23.tmp\readme.txt
[%PROFILE_TEMP%]\WZS4.tmp\license.txt
[%PROFILE_TEMP%]\WZS4.tmp\readme.txt
[%PROFILE_TEMP%]\WZS4.tmp\Webhdll.dll
[%PROFILE_TEMP%]\WZS4.tmp\WhAgent.exe
[%PROFILE_TEMP%]\WZS4.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\WZS4.tmp\whInstaller.exe
[%PROFILE_TEMP%]\WZS4.tmp\whInstaller.ini
[%PROFILE_TEMP%]\WZS4.tmp\WhSurvey.exe
[%PROGRAM_FILES%]\em\dohancer\webinstaller.exe
[%PROGRAM_FILES%]\webHancer\Programs\whSurvey.exe
[%PROGRAM_FILES%]\whInstall\license.txt
[%PROGRAM_FILES%]\whInstall\readme.txt
[%PROGRAM_FILES%]\whInstall\whAgent.inf
[%PROGRAM_FILES%]\whInstall\whAgent.ini
[%PROGRAM_FILES%]\whInstall\whInstaller.ini
[%SYSTEM%]\auto_update_uninstall.log
[%WINDOWS%]\b129.exe
[%WINDOWS%]\hancerdoem.exe
[%WINDOWS%]\ntsautodial.ini
[%WINDOWS%]\webhdll(2)(2)(2)(2)(2)(2)(2).dll
[%WINDOWS%]\webhdll(2)(2)(2)(2)(2)(2).dll
[%WINDOWS%]\webhdll(2)(2)(2)(2).dll
[%WINDOWS%]\webhdll(2)(2)(3).dll
[%WINDOWS%]\webhdll.dll
[%WINDOWS%]\webhdll.dll_tobedeleted
[%WINDOWS%]\wh.exe
[%WINDOWS%]\whagent.inf
[%WINDOWS%]\whCC-GIANT.exe
[%WINDOWS%]\whCC-MOTOR.exe
[%WINDOWS%]\whInstaller.exe
[%WINDOWS%]\whInstaller.ini
[%PROGRAM_FILES%]\webHancer\programs\whiehlpr.dll
[%PROFILE%]\administrator\start menu\programs\earn\about earn.lnk
[%PROFILE_TEMP%]\whcc-grokster.exe
[%PROFILE_TEMP%]\wzs105.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzs105.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzs105.tmp\whagent.exe
[%PROFILE_TEMP%]\wzs105.tmp\whagent.inf
[%PROFILE_TEMP%]\wzs105.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzs105.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzs105.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzs105.tmp\whinstaller.ini
[%PROFILE_TEMP%]\wzs46.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzs46.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzs46.tmp\whagent.exe
[%PROFILE_TEMP%]\wzs46.tmp\whagent.inf
[%PROFILE_TEMP%]\wzs46.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzs46.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzs46.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzs46.tmp\whinstaller.ini
[%PROFILE_TEMP%]\wzsb2.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzsb2.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzsb2.tmp\whagent.exe
[%PROFILE_TEMP%]\wzsb2.tmp\whagent.inf
[%PROFILE_TEMP%]\wzsb2.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzsb2.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzsb2.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzsb2.tmp\whinstaller.ini
[%PROFILE_TEMP%]\wzsee.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzsee.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzsee.tmp\whagent.exe
[%PROFILE_TEMP%]\wzsee.tmp\whagent.inf
[%PROFILE_TEMP%]\wzsee.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzsee.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzsee.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzsee.tmp\whinstaller.ini
[%PROGRAMS%]\grokster\grokster.lnk
[%SYSTEM%]\whiehlpr.dll
[%WINDOWS%]\digital signature 20030814.htm
[%WINDOWS%]\downloaded program files\mqgold1.dll
[%WINDOWS%]\lastgood\whagent.inf
[%WINDOWS%]\lastgood\whinstaller.exe
[%WINDOWS%]\system\whiehlpr.dll
[%WINDOWS%]\temp\whagent.inf
[%WINDOWS%]\temp\whcc-grokster.exe
[%WINDOWS%]\temp\whiehlpr.ini
[%WINDOWS%]\temp\whinstaller.exe
[%WINDOWS%]\temp\whinstaller.ini
[%WINDOWS%]\whinstaller.exe
[%WINDOWS%]\whinstaller.ini

Folders:
[%PROGRAM_FILES%]\em
[%PROGRAM_FILES%]\webhancer
[%PROGRAM_FILES%]\whinstall
[%PROFILE_TEMP%]\wzs11.tmp

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}
HKEY_CLASSES_ROOT\interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0}
HKEY_CLASSES_ROOT\typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1
HKEY_LOCAL_MACHINE\software\classes\interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0}
HKEY_LOCAL_MACHINE\software\classes\typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}
HKEY_LOCAL_MACHINE\software\classes\whiehelperobj.whiehelperobj
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\whsurvey
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C900B400-CDFE-11D3-976A-00E02913A9E0}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\webhancer agent
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\whsurvey
HKEY_LOCAL_MACHINE\software\webhancer
HKEY_CLASSES_ROOT\clsid\{c89435b0-cdfe-11d3-976a-00e02913a9e0}
HKEY_CLASSES_ROOT\clsid\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}
HKEY_CLASSES_ROOT\clsid\{c900b400-cdfe-11d3-976a-00e02913a9e0}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1

Removing WebHancer:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Webcont Adware Cleaner
chatstat.com Tracking Cookie Cleaner
Remove MSN.com Tracking Cookie
Removing Donise Trojan

Posted by at No comments:

Free.Scratch.Cards BHO

Removing Free.Scratch.Cards
Categories: BHO,Hijacker,Downloader
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search.
Trojans-downloaders downloads and installs new malware or adware on the computer.

Free.Scratch.Cards Also known as:

[Kaspersky]TrojanDownloader.Win32.Swizzor.j;
[McAfee]Free-Scratch-Cards

How to detect Free.Scratch.Cards:

Folders:
[%PROGRAM_FILES%]\fsw

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{20a03a4c-9faf-45d5-a5c2-b6c49774e03c}
HKEY_CLASSES_ROOT\clsid\{47cc4dcd-bbc9-47a3-a677-44db2559e0d8}
HKEY_CLASSES_ROOT\clsid\{5dd7b3be-fdec-4563-b038-ff80f2345b89}
HKEY_CLASSES_ROOT\clsid\{99b0b113-6f25-49c9-8ecf-2fddd3edff6a}
HKEY_CLASSES_ROOT\fsw.application
HKEY_CLASSES_ROOT\fswinst.application
HKEY_CLASSES_ROOT\fsw_beta1.application

Removing Free.Scratch.Cards:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SillyDl.CAL Trojan Symptoms

Posted by at No comments:

Exal Trojan

Removing Exal
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\diablo_2_install_disc\Diablo II Loader.exe
[%DESKTOP%]\diablo_2_install_disc\Diablo II Loader.exe

How to detect Exal:

Files:
[%DESKTOP%]\diablo_2_install_disc\Diablo II Loader.exe
[%DESKTOP%]\diablo_2_install_disc\Diablo II Loader.exe

Removing Exal:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bancos.HWE Trojan Information
Remove Generic.Dialer Adware

Posted by at No comments:

Look.Spy Trojan

Removing Look.Spy
Categories: Trojan,Backdoor,RAT
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

Look.Spy Also known as:

[Kaspersky]Backdoor.LookSpy;
[McAfee]BackDoor-OO;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/LookSpy;
[Computer Associates]Backdoor/LookSpy
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\look spy trojan.exe
[%WINDOWS%]\system\look spy trojan.exe

How to detect Look.Spy:

Files:
[%WINDOWS%]\system\look spy trojan.exe
[%WINDOWS%]\system\look spy trojan.exe

Removing Look.Spy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove All.in.One Spyware
Bounce Trojan Cleaner
Bancos.IBR Trojan Removal
Bancos.GXP Trojan Information
Netrax Backdoor Removal instruction

Posted by at No comments:

404Search Toolbar

Removing 404Search
Categories: Toolbar
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\404search\404search.dll
[%PROGRAM_FILES%]\404search\404search.dll

How to detect 404Search:

Files:
[%PROGRAM_FILES%]\404search\404search.dll
[%PROGRAM_FILES%]\404search\404search.dll

Registry Keys:
HKEY_CURRENT_USER\software\search404\all\info

Removing 404Search:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Stdecodw Trojan Cleaner
Gogfeed Trojan Removal instruction
Vxidl.BCP Trojan Removal instruction

Posted by at No comments:

INetSpeak.eBoom Adware

Removing INetSpeak.eBoom
Categories: Adware,BHO
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\boombar.dll
[%WINDOWS%]\system\boombar.dll
[%SYSTEM%]\boombar.dll
[%WINDOWS%]\system\boombar.dll

How to detect INetSpeak.eBoom:

Files:
[%SYSTEM%]\boombar.dll
[%WINDOWS%]\system\boombar.dll
[%SYSTEM%]\boombar.dll
[%WINDOWS%]\system\boombar.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{c4d99500-4c77-11d4-93b7-0040950570ba}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{c4d99500-4c77-11d4-93b7-0040950570ba}
HKEY_LOCAL_MACHINE\software\classes\clsid\{c4d99500-4c77-11d4-93b7-0040950570ba}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c4d99500-4c77-11d4-93b7-0040950570ba}

Removing INetSpeak.eBoom:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
HateVBA Trojan Removal instruction
Alia Trojan Cleaner
Extractor Trojan Removal instruction
RelevantKnowledge Spyware Removal instruction
SillyDl.DLU Downloader Information

Posted by at No comments:

SmartBrowser Adware

Removing SmartBrowser
Categories: Adware,BHO,Hijacker,Hacker Tool
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\SB\SMART-~1\BHO010~1.DLL
[%PROGRAM_FILES%]\SB\SMART-~1\BHO.0.1.0.155.dll
[%PROFILE_TEMP%]\iybd.5.exe
[%PROFILE_TEMP%]\logo.ico
[%PROFILE_TEMP%]\regme.exe
[%PROFILE_TEMP%]\system.htm
[%PROFILE_TEMP%]\ybd.dll
[%PROFILE_TEMP%]\ybdversion.5
[%PROGRAM_FILES%]\SB\SMART-~1\BHO010~1.DLL
[%PROGRAM_FILES%]\SB\SMART-~1\BHO.0.1.0.155.dll
[%PROFILE_TEMP%]\iybd.5.exe
[%PROFILE_TEMP%]\logo.ico
[%PROFILE_TEMP%]\regme.exe
[%PROFILE_TEMP%]\system.htm
[%PROFILE_TEMP%]\ybd.dll
[%PROFILE_TEMP%]\ybdversion.5

How to detect SmartBrowser:

Files:
[%PROGRAM_FILES%]\SB\SMART-~1\BHO010~1.DLL
[%PROGRAM_FILES%]\SB\SMART-~1\BHO.0.1.0.155.dll
[%PROFILE_TEMP%]\iybd.5.exe
[%PROFILE_TEMP%]\logo.ico
[%PROFILE_TEMP%]\regme.exe
[%PROFILE_TEMP%]\system.htm
[%PROFILE_TEMP%]\ybd.dll
[%PROFILE_TEMP%]\ybdversion.5
[%PROGRAM_FILES%]\SB\SMART-~1\BHO010~1.DLL
[%PROGRAM_FILES%]\SB\SMART-~1\BHO.0.1.0.155.dll
[%PROFILE_TEMP%]\iybd.5.exe
[%PROFILE_TEMP%]\logo.ico
[%PROFILE_TEMP%]\regme.exe
[%PROFILE_TEMP%]\system.htm
[%PROFILE_TEMP%]\ybd.dll
[%PROFILE_TEMP%]\ybdversion.5

Folders:
[%PROGRAM_FILES%]\sb\smart-~1
[%PROGRAM_FILES%]\sb\smart-browser\bho010~1.dll

Registry Keys:
HKEY_CLASSES_ROOT\BHO.iBHO
HKEY_CLASSES_ROOT\CLSID\{00000185-C745-43D2-44F1-01A1C789C738}
HKEY_CLASSES_ROOT\Interface\{00000183-C745-43D2-44F1-01A1C789C738}
HKEY_CLASSES_ROOT\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}
HKEY_LOCAL_MACHINE\software\classes\clsid\{00000185-c745-43d2-44f1-01a1c789c738}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000185-C745-43D2-44F1-01A1C789C738}
HKEY_CLASSES_ROOT\bho.ibho
HKEY_CLASSES_ROOT\clsid\{00000185-c745-43d2-44f1-01a1c789c738}
HKEY_CLASSES_ROOT\interface\{00000183-b716-11d3-92f3-00d0b709a7d8}
HKEY_CLASSES_ROOT\interface\{00000183-c745-43d2-44f1-01a1c789c738}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000185-c745-43d2-44f1-01a1c789c738}
HKEY_CLASSES_ROOT\typelib\{00000182-b716-11d3-92f3-00d0b709a7d8}
HKEY_CLASSES_ROOT\typelib\{00000182-c745-43d2-44f1-01a1c789c738}
HKEY_CURRENT_USER\software\system\lastversion
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000185-c745-43d2-44f1-01a1c789c738}

Removing SmartBrowser:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Turkojan.Yard?m? Backdoor Removal
Remove VBS.Regidel Trojan
Sheep.Goat.14K Backdoor Information
TopLeftBlack Trojan Information

Posted by at No comments:

Zlob.Fam.DittoSideBar Trojan

Removing Zlob.Fam.DittoSideBar
Categories: Trojan,Popups
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
The pop-ups generally will not be stopped by pop-up stoppers, and often are
not dependent on your having Internet Explorer open.

Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\Safety Bar\Safety Bar.dll
[%PROGRAM_FILES%]\Safety Bar\SafetyBar.dll
[%PROGRAM_FILES%]\Safety Bar\Uninstall.bat
[%PROGRAM_FILES%]\Safety Bar\Safety Bar.dll
[%PROGRAM_FILES%]\Safety Bar\SafetyBar.dll
[%PROGRAM_FILES%]\Safety Bar\Uninstall.bat

How to detect Zlob.Fam.DittoSideBar:

Files:
[%PROGRAM_FILES%]\Safety Bar\Safety Bar.dll
[%PROGRAM_FILES%]\Safety Bar\SafetyBar.dll
[%PROGRAM_FILES%]\Safety Bar\Uninstall.bat
[%PROGRAM_FILES%]\Safety Bar\Safety Bar.dll
[%PROGRAM_FILES%]\Safety Bar\SafetyBar.dll
[%PROGRAM_FILES%]\Safety Bar\Uninstall.bat

Folders:
[%PROGRAM_FILES%]\Safety Bar

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{2E4136F6-A927-4337-8178-B7EBC309EFC4}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E4136F6-A927-4337-8178-B7EBC309EFC4}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Safety Bar

Removing Zlob.Fam.DittoSideBar:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing DoDoor Adware
Remove Lineage.AAN Trojan
Vxidl.BFD Trojan Symptoms

Posted by at No comments:

Kraimer Trojan

Removing Kraimer
Categories: Trojan,Spyware,Backdoor,RAT
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
Kraimer Also known as:

[Kaspersky]Backdoor.Kraimer.11,Trojan.Spy.Kraimer.12,TrojanSpy.Win32.Kraimer.12,Sniffer.Win32.IPGrabber,Backdoor.Kraimer.13;
[Eset]Win32/Kraimer.13 trojan;
[McAfee]W32/Kraimer.worm,Kraimer;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/Kraimer.11,Trojan Horse,Backdoor Program;
[Computer Associates]Backdoor/Kraimer.11,Win32.Kraimer.11,Backdoor/Kraimer.12,Win32.Kraimer.12,Win32.KraimGrab,Win32/Ipgrab2!Worm,Backdoor/KrAIMer.13,Win32.Kraimer.13
Visible Symptoms:
Files in system folders:
[%STARTUP%]\aolstart.exe
[%STARTUP%]\aolstart.exe

How to detect Kraimer:

Files:
[%STARTUP%]\aolstart.exe
[%STARTUP%]\aolstart.exe

Removing Kraimer:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Webext Adware Cleaner

Posted by at No comments:

Aimbot.aj Worm

Removing Aimbot.aj
Categories: Worm,Backdoor,Hijacker
Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.

Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\lockx.exe
[%SYSTEM%]\lockx.exe

How to detect Aimbot.aj:

Files:
[%SYSTEM%]\lockx.exe
[%SYSTEM%]\lockx.exe

Registry Keys:
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_msdirectx
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\msdirectx

Registry Values:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\software\microsoft\ole
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices
HKEY_CURRENT_USER\system\currentcontrolset\control\lsa
HKEY_LOCAL_MACHINE\software\microsoft\ole
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

Removing Aimbot.aj:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Hllo.Dpog Trojan

Posted by at No comments:

NetControl.TakeOver Spyware

Removing NetControl.TakeOver
Categories: Spyware,Backdoor,RAT
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
NetControl.TakeOver Also known as:

[Kaspersky]Backdoor.NetControl.30.a;
[Panda]Backdoor Program;
[Computer Associates]Backdoor/NetControl.3.0.A
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\msnc.exe
[%WINDOWS%]\system\msnc.exe

How to detect NetControl.TakeOver:

Files:
[%WINDOWS%]\system\msnc.exe
[%WINDOWS%]\system\msnc.exe

Removing NetControl.TakeOver:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.AQS Trojan Removal instruction
Kaczor Trojan Removal instruction
JS.Zecho Trojan Cleaner
Remove BrowserAid.Quicklaunch BHO
Remove ICQ.Serial.Pager Trojan

Posted by at No comments:

Hackworld Backdoor

Removing Hackworld
Categories: Backdoor,RAT
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

Hackworld Also known as:

[Kaspersky]Backdoor.VB.gs;
[McAfee]New BackDoor1;
[F-Prot]security risk or a "backdoor" program;
[Panda]Backdoor Program,Backdoor Program.LC;
[Computer Associates]Backdoor/VB.GS,Backdoor/VB.Unknown!Server
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\hackworld.exe
[%WINDOWS%]\system\hackworld.exe

How to detect Hackworld:

Files:
[%WINDOWS%]\system\hackworld.exe
[%WINDOWS%]\system\hackworld.exe

Removing Hackworld:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing TrojanDropper.Win32.Small.ab Trojan
Removing Sysphear DoS

Posted by at No comments:

Upidet Trojan

Removing Upidet
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Upidet Also known as:

[Kaspersky]Backdoor.Win32.Vb.ate;
[Other]Win32/Upidet.A,Backdoor.Trojan
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\mschkdsk.exe
[%SYSTEM%]\mschkdsk.exe

How to detect Upidet:

Files:
[%SYSTEM%]\mschkdsk.exe
[%SYSTEM%]\mschkdsk.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Upidet:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pio Trojan Symptoms
VirtualVegas.com Tracking Cookie Cleaner
netdebit.counter.de Tracking Cookie Removal instruction
Pigeon.AVOU Trojan Removal

Posted by at No comments:

AutoStartup Spyware

Removing AutoStartup
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\ast.exe
[%WINDOWS%]\ac.aut
[%WINDOWS%]\ib.exe
[%WINDOWS%]\system\ast.exe
[%WINDOWS%]\unast.exe
[%SYSTEM%]\ast.exe
[%WINDOWS%]\ac.aut
[%WINDOWS%]\ib.exe
[%WINDOWS%]\system\ast.exe
[%WINDOWS%]\unast.exe

How to detect AutoStartup:

Files:
[%SYSTEM%]\ast.exe
[%WINDOWS%]\ac.aut
[%WINDOWS%]\ib.exe
[%WINDOWS%]\system\ast.exe
[%WINDOWS%]\unast.exe
[%SYSTEM%]\ast.exe
[%WINDOWS%]\ac.aut
[%WINDOWS%]\ib.exe
[%WINDOWS%]\system\ast.exe
[%WINDOWS%]\unast.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing AutoStartup:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
MyGulp Trojan Removal
Removing CBlade Worm
Bomka Trojan Symptoms
Removing Pigeon.AVER Trojan
Dialer.RAS.aj Adware Symptoms

Posted by at No comments:

Taiwan Trojan

Removing Taiwan
Categories: Trojan,Backdoor,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
DoS trojans conduct attacks from a single computer with the consent of the user.
Taiwan Also known as:

[Kaspersky]Taiwan.708;
[Panda]Taiwan A,Taiwan B;
[Computer Associates]Taiwan 703,Taiwan 743
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\ExtractDLL.dll
[%SYSTEM%]\btnetw3_venturahot_246765.exe
[%SYSTEM%]\InstallerV4.exe
[%SYSTEM%]\iwshmjvo.dll
[%SYSTEM%]\peoxpsgr.dll
[%SYSTEM%]\pkshapys.dll
[%SYSTEM%]\pkshumdz.dll
[%SYSTEM%]\PSHWR.EXE
[%SYSTEM%]\virushunter4.ico
[%SYSTEM%]\vkamfxvf.dll
[%SYSTEM%]\wirelanb.dll
[%WINDOWS%]\ISSM0064.DAT
[%PROFILE_TEMP%]\ExtractDLL.dll
[%SYSTEM%]\btnetw3_venturahot_246765.exe
[%SYSTEM%]\InstallerV4.exe
[%SYSTEM%]\iwshmjvo.dll
[%SYSTEM%]\peoxpsgr.dll
[%SYSTEM%]\pkshapys.dll
[%SYSTEM%]\pkshumdz.dll
[%SYSTEM%]\PSHWR.EXE
[%SYSTEM%]\virushunter4.ico
[%SYSTEM%]\vkamfxvf.dll
[%SYSTEM%]\wirelanb.dll
[%WINDOWS%]\ISSM0064.DAT

How to detect Taiwan:

Files:
[%PROFILE_TEMP%]\ExtractDLL.dll
[%SYSTEM%]\btnetw3_venturahot_246765.exe
[%SYSTEM%]\InstallerV4.exe
[%SYSTEM%]\iwshmjvo.dll
[%SYSTEM%]\peoxpsgr.dll
[%SYSTEM%]\pkshapys.dll
[%SYSTEM%]\pkshumdz.dll
[%SYSTEM%]\PSHWR.EXE
[%SYSTEM%]\virushunter4.ico
[%SYSTEM%]\vkamfxvf.dll
[%SYSTEM%]\wirelanb.dll
[%WINDOWS%]\ISSM0064.DAT
[%PROFILE_TEMP%]\ExtractDLL.dll
[%SYSTEM%]\btnetw3_venturahot_246765.exe
[%SYSTEM%]\InstallerV4.exe
[%SYSTEM%]\iwshmjvo.dll
[%SYSTEM%]\peoxpsgr.dll
[%SYSTEM%]\pkshapys.dll
[%SYSTEM%]\pkshumdz.dll
[%SYSTEM%]\PSHWR.EXE
[%SYSTEM%]\virushunter4.ico
[%SYSTEM%]\vkamfxvf.dll
[%SYSTEM%]\wirelanb.dll
[%WINDOWS%]\ISSM0064.DAT

Folders:
[%FAVORITES%]\1111

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{71D1708F-973D-4600-AF01-AD86688403AE}
HKEY_CLASSES_ROOT\Pool.LANBridge.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4006DCA3-433D-4FC8-AC36-42DA7797DCB7}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{9ade0443-2ab2-4b23-a3f8-ac520773de12}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\netsync
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\rsyncmon
HKEY_LOCAL_MACHINE\software\rsyncmon

Registry Values:
HKEY_CLASSES_ROOT\interface\{2ab7a3c6-9d09-428c-aa65-07bd49fb7065}\typelib

Removing Taiwan:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SiteHistory BHO Cleaner
Ascerad Trojan Information
Remove SillyDl.CTJ Trojan
Bancos.HZA Trojan Removal instruction
Agent.bq Trojan Information

Posted by at No comments:

Deakom Trojan

Removing Deakom
Categories: Trojan,Adware,Toolbar,Downloader
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.Trojans-downloaders downloads and installs new malware or adware on the computer.

Deakom Also known as:

[Kaspersky]AdWare.win32.AdMoke.I,AdWare.Win32.AdMoke,AdWare.Win32.Agent.aa,Trojan-Downlaoder.Win32.Delf.alt,AdWare.Win32.AdMoke.d,AdWare.Win32.AdMoke.b,AdWare.win32.AdMoke.a,AdWare.Win32.AdMoke.j,AdWare.Win32.AdMoke.ac,AdWare.Win32.AdMoke.bg,AdWare.Win32.AdMoke.fd;
[McAfee]Downloader-AYD,Adware-MokeAd;
[Other]Win32/Deakom,W32/Delf.MGQ,Adware.Iebar,W32/DLoader.BLYS
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\OKADS014.exe
[%SYSTEM%]\818eug81.dll
[%SYSTEM%]\SkymmstpRAR.exe
[%PROFILE_TEMP%]\OKADS014.exe
[%SYSTEM%]\818eug81.dll
[%SYSTEM%]\SkymmstpRAR.exe

How to detect Deakom:

Files:
[%PROFILE_TEMP%]\OKADS014.exe
[%SYSTEM%]\818eug81.dll
[%SYSTEM%]\SkymmstpRAR.exe
[%PROFILE_TEMP%]\OKADS014.exe
[%SYSTEM%]\818eug81.dll
[%SYSTEM%]\SkymmstpRAR.exe

Folders:
[%PROGRAM_FILES%]\SystemInspect
[%PROGRAM_FILES_COMMON%]\SystemInspectpkg

Registry Keys:
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_systeminspect
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\systeminspect

Removing Deakom:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Math.Test Trojan Cleaner
Removing gomyron.com Hijacker
ISilo.free RAT Removal instruction
Remove Frethog.AFE Trojan
Removing ZQuest Trojan

Posted by at No comments:

Zlob.Fam.My Pass Generator Trojan

Removing Zlob.Fam.My Pass Generator
Categories: Trojan,Popups
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware is the class of programs that place advertisements on your screen.
These may be in the form of pop-ups, pop-unders, advertisements embedded in programs,
advertisements placed on top of ads in web sites, or any other way the authors can
think of showing you an ad.

The pop-ups generally will not be stopped by pop-up stoppers, and often are
not dependent on your having Internet Explorer open.
They may show up when you are playing a game, writing a document, listening to music,
or anything else. Should you be surfing, the advertisements will often be related to
the web page you are viewing.

How to detect Zlob.Fam.My Pass Generator:

Folders:
[%PROGRAMS%]\My Pass Generator
[%PROGRAM_FILES%]\My Pass Generator

Registry Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Pass Generator

Removing Zlob.Fam.My Pass Generator:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove BW Trojan
Assasins.Bot DoS Information
GoodTech.Telnet.Server DoS Information
Remove Pornuper Trojan
Removing Sys.Detective+ Spyware

Posted by at No comments:

Ebates.MoneyMaker Adware

Removing Ebates.MoneyMaker
Categories: Adware,Hacker Tool
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.
Ebates.MoneyMaker Also known as:

[Panda]Adware/MoeMoney,Adware/TopMoxie,HackTool/Jkill.A
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\djebmm350.exe
[%PROFILE_TEMP%]\temp.fr????\Ap350\psid399.dat
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_counv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_couyv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_non.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_nv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\pref350a_dis.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\scri350a.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\spec350a_yv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_0.dat
[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_2.dat
[%PROFILE_TEMP%]\THI11E0.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI2BE3.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI376A.tmp\MMaker4b.exe
[%PROFILE_TEMP%]\THI575D.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI76A.tmp\MMaker4b.exe
[%PROGRAM_FILES%]\couponsandoffers\System\Code\o.class
[%PROGRAM_FILES%]\couponsandoffers\System\Temp\couponsandoffers.exe
[%PROGRAM_FILES%]\LimeShop\Popup.exe
[%DESKTOP%]\earn money.lnk
[%PROFILE_TEMP%]\ebatesmoemoneymaker.exe
[%PROGRAM_FILES%]\care2gtu\popup.exe
[%PROGRAM_FILES%]\couponsandoffers\couponsandoffers1.exe
[%STARTMENU%]\casino.url
[%WINDOWS%]\dkry.exe
[%PROFILE_TEMP%]\djebmm350.exe
[%PROFILE_TEMP%]\temp.fr????\Ap350\psid399.dat
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_counv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_couyv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_non.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_nv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\pref350a_dis.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\scri350a.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\spec350a_yv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_0.dat
[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_2.dat
[%PROFILE_TEMP%]\THI11E0.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI2BE3.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI376A.tmp\MMaker4b.exe
[%PROFILE_TEMP%]\THI575D.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI76A.tmp\MMaker4b.exe
[%PROGRAM_FILES%]\couponsandoffers\System\Code\o.class
[%PROGRAM_FILES%]\couponsandoffers\System\Temp\couponsandoffers.exe
[%PROGRAM_FILES%]\LimeShop\Popup.exe
[%DESKTOP%]\earn money.lnk
[%PROFILE_TEMP%]\ebatesmoemoneymaker.exe
[%PROGRAM_FILES%]\care2gtu\popup.exe
[%PROGRAM_FILES%]\couponsandoffers\couponsandoffers1.exe
[%STARTMENU%]\casino.url
[%WINDOWS%]\dkry.exe

How to detect Ebates.MoneyMaker:

Files:
[%PROFILE_TEMP%]\djebmm350.exe
[%PROFILE_TEMP%]\temp.fr????\Ap350\psid399.dat
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_counv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_couyv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_non.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_nv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\pref350a_dis.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\scri350a.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\spec350a_yv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_0.dat
[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_2.dat
[%PROFILE_TEMP%]\THI11E0.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI2BE3.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI376A.tmp\MMaker4b.exe
[%PROFILE_TEMP%]\THI575D.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI76A.tmp\MMaker4b.exe
[%PROGRAM_FILES%]\couponsandoffers\System\Code\o.class
[%PROGRAM_FILES%]\couponsandoffers\System\Temp\couponsandoffers.exe
[%PROGRAM_FILES%]\LimeShop\Popup.exe
[%DESKTOP%]\earn money.lnk
[%PROFILE_TEMP%]\ebatesmoemoneymaker.exe
[%PROGRAM_FILES%]\care2gtu\popup.exe
[%PROGRAM_FILES%]\couponsandoffers\couponsandoffers1.exe
[%STARTMENU%]\casino.url
[%WINDOWS%]\dkry.exe
[%PROFILE_TEMP%]\djebmm350.exe
[%PROFILE_TEMP%]\temp.fr????\Ap350\psid399.dat
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_counv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_couyv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_non.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_nv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\pref350a_dis.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\scri350a.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\spec350a_yv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_0.dat
[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_2.dat
[%PROFILE_TEMP%]\THI11E0.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI2BE3.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI376A.tmp\MMaker4b.exe
[%PROFILE_TEMP%]\THI575D.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI76A.tmp\MMaker4b.exe
[%PROGRAM_FILES%]\couponsandoffers\System\Code\o.class
[%PROGRAM_FILES%]\couponsandoffers\System\Temp\couponsandoffers.exe
[%PROGRAM_FILES%]\LimeShop\Popup.exe
[%DESKTOP%]\earn money.lnk
[%PROFILE_TEMP%]\ebatesmoemoneymaker.exe
[%PROGRAM_FILES%]\care2gtu\popup.exe
[%PROGRAM_FILES%]\couponsandoffers\couponsandoffers1.exe
[%STARTMENU%]\casino.url
[%WINDOWS%]\dkry.exe

Folders:
[%PROGRAM_FILES%]\ebatesmoemoneymaker
[%PROGRAM_FILES%]\ebates_moemoneymaker
[%PROGRAM_FILES%]\webrebates
[%PROGRAM_FILES%]\websearch

Registry Keys:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{6685509E-B47B-4f47-8E16-9A5F3A62F683}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{7F241C00-DAB6-11d5-AAA8-0001028DF1BC}
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\ebates
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{6685509e-b47b-4f47-8e16-9a5f3a62f683}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\ebatesver2.xml
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping\{6685509e-b47b-4f47-8e16-9a5f3a62f683}
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping\{7f241c00-dab6-11d5-aaa8-0001028df1bc}
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\{6685509e-b47b-4f47-8e16-9a5f3a62f683}
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\{7f241c00-dab6-11d5-aaa8-0001028df1bc}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ebatesver2.xml

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Ebates.MoneyMaker:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Eziin Adware Information
Freeprod Downloader Information
SillyDl.CKR Trojan Information
Removing Noon.Beep Backdoor

Posted by at No comments:

TrojanDropper.Win32.Small.gj Trojan

Removing TrojanDropper.Win32.Small.gj
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
TrojanDropper.Win32.Small.gj Also known as:

[Panda]Spyware/TVMedia
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\tvm_b6.exe
[%PROFILE_TEMP%]\tvm_b6.exe

How to detect TrojanDropper.Win32.Small.gj:

Files:
[%PROFILE_TEMP%]\tvm_b6.exe
[%PROFILE_TEMP%]\tvm_b6.exe

Removing TrojanDropper.Win32.Small.gj:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Win32.GDoor Trojan Information

Posted by at No comments:

Alanchum Trojan

Removing Alanchum
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

How to detect Alanchum:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{b5ac49a2-94f3-42bd-f434-2604812c897d}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{b5ac49a2-94f3-42bd-f434-2604812c897d}

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Alanchum:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Win32.Rayman!Worm Trojan
Removing SmartDove Adware
Removing PrivacyRedeemer Ransomware
Removing Bancos.CVD Trojan
Vxidl.AOH Trojan Removal instruction

Posted by at No comments:
Subscribe to: Posts (Atom)