Monday, December 8, 2008

HK Trojan

Removing HK
Categories: Trojan,Backdoor,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.
HK Also known as:

[Kaspersky]Trojan.Win32.HK;
[F-Prot]destructive program;
[Panda]Backdoor Program,Trj/HK;
[Computer Associates]Win32.HK,Win32/HK!Trojan
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\JAsfv.dll
[%WINDOWS%]\system\JAsfv.dll

How to detect HK:

Files:
[%WINDOWS%]\system\JAsfv.dll
[%WINDOWS%]\system\JAsfv.dll

Removing HK:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Email.Spy.Monitor Spyware Removal
SillyDl.BBS Trojan Information

Posted by at No comments:

KaZaa.Lite Worm

Removing KaZaa.Lite
Categories: Worm
Worms can be classified by installation method, launch method and finally according
to characteristics standard to all malware: polymorphism, stealth etc.

Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.

Visible Symptoms:
Files in system folders:
[%PROGRAMS%]\kazaalite.lnk
[%PROGRAMS%]\kli.lnk
[%PROGRAMS%]\kazaalite.lnk
[%PROGRAMS%]\kli.lnk

How to detect KaZaa.Lite:

Files:
[%PROGRAMS%]\kazaalite.lnk
[%PROGRAMS%]\kli.lnk
[%PROGRAMS%]\kazaalite.lnk
[%PROGRAMS%]\kli.lnk

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\kazaalite
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\kazaalite

Removing KaZaa.Lite:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Bancos.IHE Trojan

Posted by at No comments:

Web.Specials Adware

Removing Web.Specials
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

How to detect Web.Specials:

Folders:
[%PROGRAM_FILES%]\webspecials

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Web.Specials:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.EPD Trojan Removal instruction
Formov Trojan Cleaner

Posted by at No comments:

Banworm Worm

Removing Banworm
Categories: Worm
Worms can be classified according to the propagation method they use,
i.e. how they deliver copies of themselves to new victim machines.
Worms can also be classified by installation method, launch method and finally according
to characteristics standard to all malware: polymorphism, stealth etc.

Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.
The methods are listed separately below.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\syshost.exe
[%SYSTEM%]\syshost.exe

How to detect Banworm:

Files:
[%SYSTEM%]\syshost.exe
[%SYSTEM%]\syshost.exe

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Removing Banworm:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
IP Adware Removal instruction
PS.MPC Trojan Information
ShdocDoor Trojan Cleaner

Posted by at No comments:

ErrorProtector Ransomware

Removing ErrorProtector
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe software that encrypts the data
belonging to an individual on a computer, demanding a ransom for its restoration.
Although the field known as cryptovirology predates the term "ransomware".
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\ErrorProtector.lnk
[%DESKTOP%]\ErrorProtector.lnk

How to detect ErrorProtector:

Files:
[%DESKTOP%]\ErrorProtector.lnk
[%DESKTOP%]\ErrorProtector.lnk

Folders:
[%APPDATA%]\ErrorProtector
[%APPDATA%]\ErrorProtector Free
[%COMMON_APPDATA%]\ErrorProtector
[%COMMON_APPDATA%]\ErrorProtector Free
[%COMMON_PROGRAMS%]\ErrorProtector Unregistered Version
[%PROGRAM_FILES%]\ErrorProtector Free
[%PROGRAM_FILES_COMMON%]\ErrorProtector
[%PROGRAM_FILES_COMMON%]\ErrorProtector Free

Removing ErrorProtector:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SillyDl.CPM Trojan Removal instruction
Bancos.IDJ Trojan Symptoms
Remove Mumuboy Trojan
Bancos.HWU Trojan Removal
ICQ.Nexz DoS Information

Posted by at No comments:

Aconti Adware

Removing Aconti
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\aconti.exe
[%WINDOWS%]\aconti.sdb
[%WINDOWS%]\aconti.exe
[%WINDOWS%]\aconti.sdb

How to detect Aconti:

Files:
[%WINDOWS%]\aconti.exe
[%WINDOWS%]\aconti.sdb
[%WINDOWS%]\aconti.exe
[%WINDOWS%]\aconti.sdb

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}

Removing Aconti:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bancos.GNS Trojan Information
Hard.Core Adware Removal
Remove Pigeon.EDM Trojan
Vxidl.BCD Trojan Removal instruction
Crime.Catcher Spyware Removal instruction

Posted by at No comments:

SillyDl.DFL Trojan

Removing SillyDl.DFL
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\H@tKeysH@@k.DLL
[%SYSTEM%]\H@tKeysH@@k.DLL

How to detect SillyDl.DFL:

Files:
[%SYSTEM%]\H@tKeysH@@k.DLL
[%SYSTEM%]\H@tKeysH@@k.DLL

Removing SillyDl.DFL:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove W95.Mort Trojan

Posted by at No comments:

CaiShow Adware

Removing CaiShow
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

CaiShow Also known as:

[Kaspersky]AdWare.Win32.Dm.e;
[Other]Adware.Caishow
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\caishow.exe
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\caishow.exe
[%SYSTEM%]\caishow.exe
[%PROFILE_TEMP%]\caishow.exe
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\caishow.exe
[%SYSTEM%]\caishow.exe

How to detect CaiShow:

Files:
[%PROFILE_TEMP%]\caishow.exe
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\caishow.exe
[%SYSTEM%]\caishow.exe
[%PROFILE_TEMP%]\caishow.exe
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\caishow.exe
[%SYSTEM%]\caishow.exe

Folders:
[%PROGRAM_FILES%]\CaiShow Tech

Registry Keys:
HKEY_CLASSES_ROOT\appid\browerhelpermfc.dll
HKEY_CLASSES_ROOT\appid\my.dll
HKEY_CLASSES_ROOT\appid\ssoaddionalindical.dll
HKEY_CLASSES_ROOT\appid\{18e8c855-ff2e-4beb-b9d2-e7b25af92a48}
HKEY_CLASSES_ROOT\appid\{37bc804e-e26b-4d09-836f-ac15fc0c253e}
HKEY_CLASSES_ROOT\appid\{fbb4d7ba-ccd3-457d-beff-f3b1757bd6b1}
HKEY_CLASSES_ROOT\browerhelpermfc.caishowbh
HKEY_CLASSES_ROOT\browerhelpermfc.caishowbh.1
HKEY_CLASSES_ROOT\clsid\{dd6c4862-4bf9-48ce-bd27-9838e30d3dd5}
HKEY_CLASSES_ROOT\interface\{315420b2-e5c8-4e7b-b812-6676ba4f30ce}
HKEY_CLASSES_ROOT\interface\{6ca6de10-8705-4e1b-9117-bcfa5bece14b}
HKEY_CLASSES_ROOT\interface\{ce98ad53-16f1-48d3-9208-1203aa19f77e}
HKEY_CLASSES_ROOT\interface\{d32d8a55-a21a-4237-b8bb-5a5ebee6746d}
HKEY_CLASSES_ROOT\interface\{dbd14208-5f2f-40b8-8d97-6de44c1d2e3d}
HKEY_CLASSES_ROOT\interface\{dc616c5a-3bd6-4774-9823-f20802655811}
HKEY_CLASSES_ROOT\interface\{f6ce85c8-99e7-49f5-a1a2-03ffc4ff09a5}
HKEY_CLASSES_ROOT\my.netaccelerate
HKEY_CLASSES_ROOT\my.netaccelerate.1
HKEY_CLASSES_ROOT\ssoaddionalindical.identify
HKEY_CLASSES_ROOT\ssoaddionalindical.identify.1
HKEY_CLASSES_ROOT\typelib\{1f805a43-0e95-4245-8eaf-9271d520722a}
HKEY_CLASSES_ROOT\typelib\{73d53d7b-66df-419b-9b44-cf3f42adf5c9}
HKEY_CLASSES_ROOT\typelib\{864f198d-6568-4686-b4f5-4a970b85e58b}
HKEY_CLASSES_ROOT\typelib\{89a99589-82b0-4983-a882-e8d8db3da5c7}
HKEY_CLASSES_ROOT\typelib\{cebe027d-5423-41b8-af51-9f1c22557cc6}
HKEY_CLASSES_ROOT\typelib\{d0581d47-e3cb-402d-b8a6-5f8561b2a36c}
HKEY_CURRENT_USER\software\classes\download.download
HKEY_CURRENT_USER\software\classes\download.download.1
HKEY_CURRENT_USER\software\microsoft\installer\upgradecodes\51d767ec8af379d43b3e631a28e7def7
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{3af40cb8-b3ba-4e2d-8968-4bf8db172997}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{5673a7c0-95cc-4646-bb07-3bd71234cef9}
HKEY_LOCAL_MACHINE\software\caishow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\upgradecodes\51d767ec8af379d43b3e631a28e7def7
HKEY_CLASSES_ROOT\clsid\{3af40cb8-b3ba-4e2d-8968-4bf8db172997}
HKEY_CLASSES_ROOT\clsid\{5673a7c0-95cc-4646-bb07-3bd71234cef9}
HKEY_CURRENT_USER\software\classes\appid\download.dll
HKEY_CURRENT_USER\software\classes\appid\mmsfactory.dll
HKEY_CURRENT_USER\software\classes\appid\mmssend.dll
HKEY_CURRENT_USER\software\classes\appid\{22a36e6e-07cb-4851-aa84-5fc1ca73a1de}
HKEY_CURRENT_USER\software\classes\appid\{88abd365-12ae-44e7-8450-da5c3653325b}
HKEY_CURRENT_USER\software\classes\appid\{f375f726-23d3-4179-9ca2-54fe6e490879}
HKEY_CURRENT_USER\software\classes\clsid\{0e6e0b51-0300-4ae2-b6c4-f4efe33a33b2}
HKEY_CURRENT_USER\software\classes\clsid\{32f64094-a155-4554-8753-e5e267a8c002}
HKEY_CURRENT_USER\software\classes\clsid\{6abb6c58-feb7-43ae-946a-af05d074f493}
HKEY_CURRENT_USER\software\classes\interface\{315420b2-e5c8-4e7b-b812-6676ba4f30ce}
HKEY_CURRENT_USER\software\classes\interface\{dbd14208-5f2f-40b8-8d97-6de44c1d2e3d}
HKEY_CURRENT_USER\software\classes\interface\{dc616c5a-3bd6-4774-9823-f20802655811}
HKEY_CURRENT_USER\software\classes\interface\{f6ce85c8-99e7-49f5-a1a2-03ffc4ff09a5}
HKEY_CURRENT_USER\software\classes\mmsfactory.send
HKEY_CURRENT_USER\software\classes\mmsfactory.send.1
HKEY_CURRENT_USER\software\classes\mmssend.send
HKEY_CURRENT_USER\software\classes\mmssend.send.1
HKEY_CURRENT_USER\software\microsoft\installer\features\8d15efaff3f76694e8331e3d97fe51d7
HKEY_CURRENT_USER\software\microsoft\installer\products\8d15efaff3f76694e8331e3d97fe51d7
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\[chinese characters]
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3af40cb8-b3ba-4e2d-8968-4bf8db172997}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5673a7c0-95cc-4646-bb07-3bd71234cef9}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\14aa5729dada23d2f57c1c2297718ac2
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\[user sid]\products\8d15efaff3f76694e8331e3d97fe51d7

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders
HKEY_CLASSES_ROOT\appid\download.dll
HKEY_CLASSES_ROOT\appid\mmsfactory.dll
HKEY_CLASSES_ROOT\appid\mmssend.dll
HKEY_CURRENT_USER\appid\download.dll
HKEY_CURRENT_USER\appid\mmsfactory.dll
HKEY_CURRENT_USER\appid\mmssend.dll
HKEY_CURRENT_USER\clsid\{0e6e0b51-0300-4ae2-b6c4-f4efe33a33b2}\inprocserver32
HKEY_CURRENT_USER\clsid\{32f64094-a155-4554-8753-e5e267a8c002}\inprocserver32
HKEY_CURRENT_USER\clsid\{6abb6c58-feb7-43ae-946a-af05d074f493}\inprocserver32
HKEY_CURRENT_USER\interface\{315420b2-e5c8-4e7b-b812-6676ba4f30ce}\typelib
HKEY_CURRENT_USER\interface\{dbd14208-5f2f-40b8-8d97-6de44c1d2e3d}\typelib
HKEY_CURRENT_USER\interface\{dc616c5a-3bd6-4774-9823-f20802655811}\typelib
HKEY_CURRENT_USER\interface\{f6ce85c8-99e7-49f5-a1a2-03ffc4ff09a5}\typelib
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing CaiShow:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Virus.Kill Adware Removal instruction
SillyDl.CCY Trojan Information

Posted by at No comments:

Goldun Trojan

Removing Goldun
Categories: Trojan,Spyware
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Goldun Also known as:

[Kaspersky]Trojan-Spy.Win32.Goldun.mx,Trohan-Spyware.Goldun.Im,Trojan-Spy.Win32.Goldun.pf;
[McAfee]PWS-Goldun.dll;
[F-Prot]W32/Goldun.NR,W32/Trojan-Dlr-SysWrt-based!Maximus;
[Panda]Trj/Banker.IKQ;
[Other]Trojan.Goldun,TSPY_GOLDUN.GL,Trojan.Goldun.M,Goldun.Fam,trojan-backdoor-goldun,Mal/Packer
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\wmdconf32.dll
[%SYSTEM%]\wmdconf32.dll

How to detect Goldun:

Files:
[%SYSTEM%]\wmdconf32.dll
[%SYSTEM%]\wmdconf32.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{92617934-9abc-def0-0fed-fad48c654321}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{92617934-9abc-def0-0fed-fad48c654321}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Goldun:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing AVKill Trojan
Sdbot.EEB Trojan Cleaner
EZSearch Adware Removal
PWShip Trojan Cleaner

Posted by at No comments:

Bancos.HVW Trojan

Removing Bancos.HVW
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Visible Symptoms:
Files in system folders:
[%PROFILE%]\Emails.txt
[%PROFILE%]\Emails.txt

How to detect Bancos.HVW:

Files:
[%PROFILE%]\Emails.txt
[%PROFILE%]\Emails.txt

Removing Bancos.HVW:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Cotmonger Trojan Cleaner
TrojanDownloader.Win32.Small.fc Trojan Information
Bancos.HKM Trojan Information
Remove VBS.Toren Trojan
Bancos.DIC Trojan Information

Posted by at No comments:

Lolyda Trojan

Removing Lolyda
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Lolyda Also known as:

[Kaspersky]Trojan.PSW.Win32.OnLineGames.nn,Trojan-PSW.Win32.OnLineGames.dpc,Trojan-PSW.Win32.OnLineGames.dwv,Trojan-PSW.Win32.OnLineGames.hpj,Trojan-PSW.Win32.OnLineGames.ibg;
[McAfee]New.Malware.aj,Generic PWS.j;
[F-Prot]W32/Pws.VAI,W32/Pws.VSH;
[Other]Win32/Lolyda.AO,TSPY_INFOSTEA.EH,Win32/Lolyda.AU,TrojanSpy:Win32/Agent.HZ,Infostealer.Gampass,Win32/Lolyda.AV,TSPY_ONLINEG.HTU,Win32/Lolyda.BC,W32/OnLineGames.UWU,TSPY_ONLINEG.LPE,Mal/PWS-N,W32/OnLineGames.VFJ,Win32/Lolyda.BF
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\LYLOADER.EXE
[%PROFILE_TEMP%]\LYMANGR.DLL
[%PROFILE_TEMP%]\MSDEG32.DLL
[%SYSTEM%]\LYLOADER.EXE
[%SYSTEM%]\LYMANGR.DLL
[%SYSTEM%]\MSDEG32.DLL
[%PROFILE_TEMP%]\LYLOADER.EXE
[%PROFILE_TEMP%]\LYMANGR.DLL
[%PROFILE_TEMP%]\MSDEG32.DLL
[%SYSTEM%]\LYLOADER.EXE
[%SYSTEM%]\LYMANGR.DLL
[%SYSTEM%]\MSDEG32.DLL

How to detect Lolyda:

Files:
[%PROFILE_TEMP%]\LYLOADER.EXE
[%PROFILE_TEMP%]\LYMANGR.DLL
[%PROFILE_TEMP%]\MSDEG32.DLL
[%SYSTEM%]\LYLOADER.EXE
[%SYSTEM%]\LYMANGR.DLL
[%SYSTEM%]\MSDEG32.DLL
[%PROFILE_TEMP%]\LYLOADER.EXE
[%PROFILE_TEMP%]\LYMANGR.DLL
[%PROFILE_TEMP%]\MSDEG32.DLL
[%SYSTEM%]\LYLOADER.EXE
[%SYSTEM%]\LYMANGR.DLL
[%SYSTEM%]\MSDEG32.DLL

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run

Removing Lolyda:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Backdoor.UhilBot.Server Trojan Removal

Posted by at No comments:

Track4Win.Monitor Spyware

Removing Track4Win.Monitor
Categories: Spyware
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Visible Symptoms:
Files in system folders:
[%APPDATA%]\System\STMonitor.dat
[%APPDATA%]\Track4Win.GUID
[%DESKTOP%]\Track4Win Monitor.lnk
[%APPDATA%]\System\STMonitor.dat
[%APPDATA%]\Track4Win.GUID
[%DESKTOP%]\Track4Win Monitor.lnk

How to detect Track4Win.Monitor:

Files:
[%APPDATA%]\System\STMonitor.dat
[%APPDATA%]\Track4Win.GUID
[%DESKTOP%]\Track4Win Monitor.lnk
[%APPDATA%]\System\STMonitor.dat
[%APPDATA%]\Track4Win.GUID
[%DESKTOP%]\Track4Win Monitor.lnk

Folders:
[%PROGRAMS%]\Track4Win Monitor
[%PROGRAM_FILES%]\Track4Win Monitor

Registry Keys:
HKEY_LOCAL_MACHINE\software\sepama software\track4win

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Track4Win.Monitor:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Hack.Office Worm Information

Posted by at No comments:

Thunder Trojan

Removing Thunder
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

How to detect Thunder:

Registry Keys:
HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-0000-0000-0000-000000000000}

Removing Thunder:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bancos.HZT Trojan Symptoms

Posted by at No comments:

Mosucker Trojan

Removing Mosucker
Categories: Trojan,Backdoor,RAT,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.
Mosucker Also known as:

[Kaspersky]Backdoor.MoSucker.10,Backdoor.Win32.MoSucker.10,Backdoor.MoSucker.11,Backdoor.Win32.MoSucker.11,Backdoor.MoSucker.21.a,Backdoor.MoSucker.21.b,Backdoor.MoSucker.20.a,Backdoor.MoSucker.20.b,Backdoor.Win32.MoSucker.20.b,Backdoor.MoSucker.30.a,Backdoor.MoSucker.30.b,Backdoor.MoSucker.30.e;
[Eset]Win32/MoSucker.C trojan,Win32/MoSucker.B trojan,Win32/MoSucker.20 trojan;
[McAfee]BackDoor-EE,BackDoor-EE.svr,Generic;
[F-Prot]security risk or a "backdoor" program,->exefile is a security risk or a "backdoor" program;
[Panda]Bck/Mosuck.1.0,Backdoor Program,Bck/Mosuck.1.1,Bck/Mosucker.21,Bck/Mosucker.210,Backdoor Program.LC,Bck/Mosucker.22,Bck/Mosucker.30,Bck/Mosucker.M,Bck/Mosuck.2.0,Bck/Mosucker.21b,Bck/MoSucker,Bck/MoSucker.30.b,Bck/Mosucker.H,Bck/Mosucker.I,Trojan Horse;
[Computer Associates]Backdoor/MoSucker,Backdoor/MoSucker_Client,Win32.Mosuck.A,Backdoor/MoSuck.1_1,Win32.Mosuck.B,Backdoor/MoSuck.2_1.B,Backdoor/Mosuck.21.B!Server,Win32.Mosuck.F,Backdoor/Mosuck.20,Backdoor/MoSucker.20,Backdoor/MoSucker.20.C,Win32.Mosuck.G,Backdoor/MoSuck.2_0,Win32.Mosuck.D,Backdoor/MoSuck.2_1,Win32.Mosuck.E,Backdoor/Mosucker.3_0a!Infector,Backdoor/Mosucker.3_0a.Fakelogin,Backdoor/Mosucker.3_0a.Icons,Backdoor/Mosucker.3_0a.Messenger,Win32.Mosuck!plugin,Backdoor/Mosuck.30.b,Backdoor/Mosuck.30.B!Client,mIRC/Mosuck!Trojan,Win32.Mosuck.L,Backdoor/MoSucker.06,Win32.Mosuck.06.A,Backdoor/Mosucker!Server,Win32.MiniMo.052,Backdoor/MoSucker.40.A,Win32.Mosuck.22
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\WEBDL.OCX
[%WINDOWS%]\buxyelbk.dll
[%WINDOWS%]\jthh.exe
[%WINDOWS%]\msnetcfg.exe
[%WINDOWS%]\qirqgs.bin
[%WINDOWS%]\system\svr.exe
[%WINDOWS%]\temp\pkg310.exe
[%WINDOWS%]\temp\pkg332.exe
[%WINDOWS%]\temp\pkg3392.exe
[%WINDOWS%]\unin0686.exe
[%WINDOWS%]\vvuijoe.exe
[%WINDOWS%]\wesapygp.sys
[%WINDOWS%]\winexec32.dli
[%WINDOWS%]\xqwrmthm.sys
[%SYSTEM%]\WEBDL.OCX
[%WINDOWS%]\buxyelbk.dll
[%WINDOWS%]\jthh.exe
[%WINDOWS%]\msnetcfg.exe
[%WINDOWS%]\qirqgs.bin
[%WINDOWS%]\system\svr.exe
[%WINDOWS%]\temp\pkg310.exe
[%WINDOWS%]\temp\pkg332.exe
[%WINDOWS%]\temp\pkg3392.exe
[%WINDOWS%]\unin0686.exe
[%WINDOWS%]\vvuijoe.exe
[%WINDOWS%]\wesapygp.sys
[%WINDOWS%]\winexec32.dli
[%WINDOWS%]\xqwrmthm.sys

How to detect Mosucker:

Files:
[%SYSTEM%]\WEBDL.OCX
[%WINDOWS%]\buxyelbk.dll
[%WINDOWS%]\jthh.exe
[%WINDOWS%]\msnetcfg.exe
[%WINDOWS%]\qirqgs.bin
[%WINDOWS%]\system\svr.exe
[%WINDOWS%]\temp\pkg310.exe
[%WINDOWS%]\temp\pkg332.exe
[%WINDOWS%]\temp\pkg3392.exe
[%WINDOWS%]\unin0686.exe
[%WINDOWS%]\vvuijoe.exe
[%WINDOWS%]\wesapygp.sys
[%WINDOWS%]\winexec32.dli
[%WINDOWS%]\xqwrmthm.sys
[%SYSTEM%]\WEBDL.OCX
[%WINDOWS%]\buxyelbk.dll
[%WINDOWS%]\jthh.exe
[%WINDOWS%]\msnetcfg.exe
[%WINDOWS%]\qirqgs.bin
[%WINDOWS%]\system\svr.exe
[%WINDOWS%]\temp\pkg310.exe
[%WINDOWS%]\temp\pkg332.exe
[%WINDOWS%]\temp\pkg3392.exe
[%WINDOWS%]\unin0686.exe
[%WINDOWS%]\vvuijoe.exe
[%WINDOWS%]\wesapygp.sys
[%WINDOWS%]\winexec32.dli
[%WINDOWS%]\xqwrmthm.sys

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{beuicvq-zpdev-zyk-oswoz-ipcjbgekjhf}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{eengqgs-gdrfc-zzvzd-thmp-dnvpuihfkre}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{hmcsqss-ejo-sdbyh-rcwb-ypenjkwjze}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{mbubrwf-krfhc-cpg-qygw-lrjscpnsur}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{rtemrsp-vhe-kgsoz-enjdg-tdtfhwtknffn}

Removing Mosucker:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Coma.Server Trojan
Win32.ColdFusion Trojan Symptoms
MadFinder Hijacker Symptoms

Posted by at No comments:

TrojanDownloader.Win32.VB.ec Downloader

Removing TrojanDownloader.Win32.VB.ec
Categories: Downloader
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
TrojanDownloader.Win32.VB.ec Also known as:

[Panda]Spyware/Adclicker
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\ahrqcxhp.exe
[%WINDOWS%]\drhhvb.exe
[%WINDOWS%]\fzanar.exe
[%WINDOWS%]\mcuqjpc.exe
[%WINDOWS%]\mzkdzjvn.exe
[%WINDOWS%]\osme.exe
[%WINDOWS%]\qbphdatz.exe
[%WINDOWS%]\uqvnl.exe
[%WINDOWS%]\xpcl.exe
[%WINDOWS%]\zfjdijr.exe
[%WINDOWS%]\ahrqcxhp.exe
[%WINDOWS%]\drhhvb.exe
[%WINDOWS%]\fzanar.exe
[%WINDOWS%]\mcuqjpc.exe
[%WINDOWS%]\mzkdzjvn.exe
[%WINDOWS%]\osme.exe
[%WINDOWS%]\qbphdatz.exe
[%WINDOWS%]\uqvnl.exe
[%WINDOWS%]\xpcl.exe
[%WINDOWS%]\zfjdijr.exe

How to detect TrojanDownloader.Win32.VB.ec:

Files:
[%WINDOWS%]\ahrqcxhp.exe
[%WINDOWS%]\drhhvb.exe
[%WINDOWS%]\fzanar.exe
[%WINDOWS%]\mcuqjpc.exe
[%WINDOWS%]\mzkdzjvn.exe
[%WINDOWS%]\osme.exe
[%WINDOWS%]\qbphdatz.exe
[%WINDOWS%]\uqvnl.exe
[%WINDOWS%]\xpcl.exe
[%WINDOWS%]\zfjdijr.exe
[%WINDOWS%]\ahrqcxhp.exe
[%WINDOWS%]\drhhvb.exe
[%WINDOWS%]\fzanar.exe
[%WINDOWS%]\mcuqjpc.exe
[%WINDOWS%]\mzkdzjvn.exe
[%WINDOWS%]\osme.exe
[%WINDOWS%]\qbphdatz.exe
[%WINDOWS%]\uqvnl.exe
[%WINDOWS%]\xpcl.exe
[%WINDOWS%]\zfjdijr.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing TrojanDownloader.Win32.VB.ec:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Cutwail Trojan Removal
Removing Track4.com Tracking Cookie
Remove Smitfraud.c Trojan
mixmarket.biz Tracking Cookie Symptoms
XtraTank Trojan Cleaner

Posted by at 1 comment:

MalwareCrush Ransomware

Removing MalwareCrush
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.

If the victim opens/executes the attachment, the program encrypts
a number of files on the victim's computer. A ransom note is then left behind for the victim.

The victim will be unable to open the encrypted files without the correct decryption key.
Once the ransom demanded in the ransom note is paid, the cracker may (or may not)
send the decryption key, enabling decryption of the "kidnapped" files.
MalwareCrush Also known as:

[Kaspersky]FraudTool.Win32.MalwareCrush.a;
[McAfee]SpyCrush;
[F-Prot]W32/HackTool.CNW;
[Other]MalwareCrush
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\MalwareCrush.lnk
[%PROFILE_TEMP%]\AC8F4C01.TMP
[%STARTMENU%]\MalwareCrush 3.7.lnk
[%DESKTOP%]\MalwareCrush.lnk
[%PROFILE_TEMP%]\AC8F4C01.TMP
[%STARTMENU%]\MalwareCrush 3.7.lnk

How to detect MalwareCrush:

Files:
[%DESKTOP%]\MalwareCrush.lnk
[%PROFILE_TEMP%]\AC8F4C01.TMP
[%STARTMENU%]\MalwareCrush 3.7.lnk
[%DESKTOP%]\MalwareCrush.lnk
[%PROFILE_TEMP%]\AC8F4C01.TMP
[%STARTMENU%]\MalwareCrush 3.7.lnk

Folders:
[%PROGRAMS%]\MalwareCrush
[%PROGRAM_FILES%]\MalwareCrush

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{e4d71e45-94e1-a19a-a939-b7d2a756f719}
HKEY_CLASSES_ROOT\interface\{28621188-61c7-4829-a54b-3b73d055e982}
HKEY_CLASSES_ROOT\interface\{3544568d-d586-4746-84b9-84c7706ad597}
HKEY_CLASSES_ROOT\interface\{4f2a5211-53b6-4c07-9a6d-959bf989528f}
HKEY_CLASSES_ROOT\interface\{535841d3-f4e1-4d3a-b506-cbc7f4e14913}
HKEY_CLASSES_ROOT\interface\{58035c9e-9a00-42fe-8f38-b380704f8eba}
HKEY_CLASSES_ROOT\interface\{5c6d3658-833b-4e33-8bf4-77c4173770cf}
HKEY_CLASSES_ROOT\interface\{6d1595ce-b92a-47c5-9cc3-ae11e5a9aafa}
HKEY_CLASSES_ROOT\interface\{83481be4-117a-4bb4-87b1-2b14528b64a7}
HKEY_CLASSES_ROOT\interface\{878bf64d-da3b-417c-a957-19662d5331c3}
HKEY_CLASSES_ROOT\interface\{8a5b98b5-6cc9-49d4-967c-bb6aaa04e7e4}
HKEY_CLASSES_ROOT\interface\{8c55cf0f-fd4a-4b03-9365-906b0bfa86cc}
HKEY_CLASSES_ROOT\interface\{b216377d-994c-4555-b44f-35f64d586833}
HKEY_CLASSES_ROOT\interface\{c2105722-4ecc-48e8-866a-bf166ca967c4}
HKEY_CLASSES_ROOT\interface\{c4585709-b01d-4ee5-9274-3e34ea56e4b8}
HKEY_CLASSES_ROOT\interface\{cccc68a6-7114-423a-b9a5-7110eb925edd}
HKEY_CLASSES_ROOT\interface\{e04407f5-f6b9-495d-a767-4d860e42dbe2}
HKEY_CLASSES_ROOT\typelib\{5a4c66fb-4b04-478c-b855-fca385797db7}
HKEY_LOCAL_MACHINE\software\malwarecrush
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\malwarecrush.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\malwarecrush

Registry Values:
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing MalwareCrush:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
PSW.Crazer Trojan Information
Pigeon.ATL Trojan Removal

Posted by at No comments:

ContextUAd Adware

Removing ContextUAd
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

ContextUAd Also known as:

[Kaspersky]AdWare.Win32.MediaBack.a;
[McAfee]Beav-Adware-Bho
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\clsid.log
[%SYSTEM%]\mdrpdev.exe
[%SYSTEM%]\msprxcore.dll
[%SYSTEM%]\obcore.exe
[%SYSTEM%]\uueprx.exe
[%SYSTEM%]\clsid.log
[%SYSTEM%]\mdrpdev.exe
[%SYSTEM%]\msprxcore.dll
[%SYSTEM%]\obcore.exe
[%SYSTEM%]\uueprx.exe

How to detect ContextUAd:

Files:
[%SYSTEM%]\clsid.log
[%SYSTEM%]\mdrpdev.exe
[%SYSTEM%]\msprxcore.dll
[%SYSTEM%]\obcore.exe
[%SYSTEM%]\uueprx.exe
[%SYSTEM%]\clsid.log
[%SYSTEM%]\mdrpdev.exe
[%SYSTEM%]\msprxcore.dll
[%SYSTEM%]\obcore.exe
[%SYSTEM%]\uueprx.exe

Registry Keys:
HKEY_CLASSES_ROOT\mxvc
HKEY_CLASSES_ROOT\clsid\{1920e150-5d27-4b95-b60b-d68b78928441}
HKEY_CLASSES_ROOT\interface\{1920e14f-5d27-4b95-b60b-d68b78928441}
HKEY_CLASSES_ROOT\repspobj.repspobj
HKEY_CLASSES_ROOT\typelib\{1920e142-5d27-4b95-b60b-d68b78928441}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1920e150-5d27-4b95-b60b-d68b78928441}

Removing ContextUAd:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
WinFavorites Trojan Removal instruction
HackerDefender Trojan Removal
W95.Puma Trojan Removal

Posted by at No comments:

Connection Trojan

Removing Connection
Categories: Trojan,Backdoor,RAT
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
Connection Also known as:

[Kaspersky]Backdoor.Connection.13,Backdoor.Connection,Backdoor.Connection.12,Backdoor.Win32.Connection.12;
[Eset]Win32/Connection.13 trojan,Win32/Connection trojan,Win32/Connection.12 trojan;
[McAfee]BackDoor-IZ,Generic;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/Connection.1.3,Bck/Connection.1.0,Bck/Connection.Clt,Bck/Connection.1.2;
[Computer Associates]Backdoor/Connection.13,Win32.Connection.13,Backdoor/Connection.A!Server,Backdoor/Connection.B!Server,Win32.Connection,Backdoor/Connection.12,Win32.Connection.12,Win32/Connection.12!Trojan

How to detect Connection:

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing Connection:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Daqa Trojan Removal

Posted by at No comments:

CommonName.Outlook.Agent Hijacker

Removing CommonName.Outlook.Agent
Categories: Hijacker
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.

How to detect CommonName.Outlook.Agent:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{489d8ac2-4cfc-421d-9b8c-c13c221338e3}
HKEY_CLASSES_ROOT\clsid\{fc201a94-aefa-436a-9b52-e5f1b7630832}
HKEY_CLASSES_ROOT\cnoutlook.connect
HKEY_CLASSES_ROOT\cnoutlook.connect.1
HKEY_CLASSES_ROOT\cnoutlook.inspectors
HKEY_CLASSES_ROOT\cnoutlook.inspectors.1
HKEY_CLASSES_ROOT\interface\{4c52e36b-1a0c-46cc-bd3c-d22af869dac2}
HKEY_CLASSES_ROOT\interface\{615c75e3-6138-4ca4-bf04-33956428ea40}
HKEY_CLASSES_ROOT\typelib\{9e13b03d-faf6-4b9b-9db2-e48bd4353ec6}
HKEY_CURRENT_USER\software\microsoft\office\outlook\addins\cnoutlook.connect
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\commonname outlook agent 2.2_is1

Removing CommonName.Outlook.Agent:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.EUZ Trojan Cleaner
Banker.tu Spyware Removal

Posted by at No comments:

Bancos.IHE Trojan

Removing Bancos.IHE
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\Help\ConfigEx.dll
[%WINDOWS%]\Help\ConfigIn.dll
[%WINDOWS%]\Help\msauto.exe
[%WINDOWS%]\Help\services.exe
[%WINDOWS%]\Help\SmtpFile.dll
[%WINDOWS%]\Help\ConfigEx.dll
[%WINDOWS%]\Help\ConfigIn.dll
[%WINDOWS%]\Help\msauto.exe
[%WINDOWS%]\Help\services.exe
[%WINDOWS%]\Help\SmtpFile.dll

How to detect Bancos.IHE:

Files:
[%WINDOWS%]\Help\ConfigEx.dll
[%WINDOWS%]\Help\ConfigIn.dll
[%WINDOWS%]\Help\msauto.exe
[%WINDOWS%]\Help\services.exe
[%WINDOWS%]\Help\SmtpFile.dll
[%WINDOWS%]\Help\ConfigEx.dll
[%WINDOWS%]\Help\ConfigIn.dll
[%WINDOWS%]\Help\msauto.exe
[%WINDOWS%]\Help\services.exe
[%WINDOWS%]\Help\SmtpFile.dll

Registry Values:
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\svservice

Removing Bancos.IHE:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Gipsy Trojan Cleaner
Removing Dimbus Backdoor

Posted by at No comments:

Troj.Agent.he Trojan

Removing Troj.Agent.he
Categories: Trojan,Downloader
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Trojans-downloaders downloads and installs new malware or adware on the computer.

Troj.Agent.he Also known as:

[Panda]Trj/Agent.AR

How to detect Troj.Agent.he:

Registry Keys:
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_comxt
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\comxt

Removing Troj.Agent.he:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SillyDl.CHP Trojan Cleaner
Remove Bancos.HKY Trojan
Removing Ursnif Trojan
TrojanDownloader.Win32.Agent.aw Downloader Removal instruction

Posted by at No comments:

Rbot.gen Backdoor

Removing Rbot.gen
Categories: Backdoor
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Visible Symptoms:
Files in system folders:
[%COMMON_APPDATA%]\iolo\AntiVirus\Quarantined\protector_update[1].exe.INFECTED
[%SYSTEM%]\dailin.exe
[%SYSTEM%]\lsasss.exe
[%SYSTEM%]\microsoftx.exe
[%SYSTEM%]\nav32sp.exe
[%SYSTEM%]\wowpos32.exe
[%SYSTEM%]\wuamgard.exe
[%SYSTEM%]\wuamgrd.exe
[%SYSTEM%]\xvshost.exe
[%COMMON_APPDATA%]\iolo\AntiVirus\Quarantined\protector_update[1].exe.INFECTED
[%SYSTEM%]\dailin.exe
[%SYSTEM%]\lsasss.exe
[%SYSTEM%]\microsoftx.exe
[%SYSTEM%]\nav32sp.exe
[%SYSTEM%]\wowpos32.exe
[%SYSTEM%]\wuamgard.exe
[%SYSTEM%]\wuamgrd.exe
[%SYSTEM%]\xvshost.exe

How to detect Rbot.gen:

Files:
[%COMMON_APPDATA%]\iolo\AntiVirus\Quarantined\protector_update[1].exe.INFECTED
[%SYSTEM%]\dailin.exe
[%SYSTEM%]\lsasss.exe
[%SYSTEM%]\microsoftx.exe
[%SYSTEM%]\nav32sp.exe
[%SYSTEM%]\wowpos32.exe
[%SYSTEM%]\wuamgard.exe
[%SYSTEM%]\wuamgrd.exe
[%SYSTEM%]\xvshost.exe
[%COMMON_APPDATA%]\iolo\AntiVirus\Quarantined\protector_update[1].exe.INFECTED
[%SYSTEM%]\dailin.exe
[%SYSTEM%]\lsasss.exe
[%SYSTEM%]\microsoftx.exe
[%SYSTEM%]\nav32sp.exe
[%SYSTEM%]\wowpos32.exe
[%SYSTEM%]\wuamgard.exe
[%SYSTEM%]\wuamgrd.exe
[%SYSTEM%]\xvshost.exe

Registry Values:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing Rbot.gen:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing BackDoor.AUP Trojan

Posted by at No comments:

Spider Trojan

Removing Spider
Categories: Trojan,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.
Spider Also known as:

[Kaspersky]Trojan.Spider.a,Trojan.Spider.b,Backdoor.Win32.Bancodor.k;
[McAfee]Spider,PWS-Banker.gen.b;
[F-Prot]destructive program;
[Panda]Trj/Spider.A,Trj/Spider.D;
[Computer Associates]ScanDisk!Trojan,Spider.a,SWAT!Trojan;
[Other]Win32/Spider.C,Backdoor.Badcodor
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\file.bck
[%WINDOWS%]\system\Ios.exe
[%WINDOWS%]\system\KeyChar.dll
[%WINDOWS%]\system\list.txt
[%WINDOWS%]\system\MsdosDll.exe
[%WINDOWS%]\system\MsdosDll.INI
[%WINDOWS%]\system\WinSee32.Ver
[%WINDOWS%]\system\file.bck
[%WINDOWS%]\system\Ios.exe
[%WINDOWS%]\system\KeyChar.dll
[%WINDOWS%]\system\list.txt
[%WINDOWS%]\system\MsdosDll.exe
[%WINDOWS%]\system\MsdosDll.INI
[%WINDOWS%]\system\WinSee32.Ver

How to detect Spider:

Files:
[%WINDOWS%]\system\file.bck
[%WINDOWS%]\system\Ios.exe
[%WINDOWS%]\system\KeyChar.dll
[%WINDOWS%]\system\list.txt
[%WINDOWS%]\system\MsdosDll.exe
[%WINDOWS%]\system\MsdosDll.INI
[%WINDOWS%]\system\WinSee32.Ver
[%WINDOWS%]\system\file.bck
[%WINDOWS%]\system\Ios.exe
[%WINDOWS%]\system\KeyChar.dll
[%WINDOWS%]\system\list.txt
[%WINDOWS%]\system\MsdosDll.exe
[%WINDOWS%]\system\MsdosDll.INI
[%WINDOWS%]\system\WinSee32.Ver

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Spider:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Win32.Agent Trojan
vipstat.com Tracking Cookie Removal
Remove CWS.IEFeats Trojan

Posted by at No comments:

Keylogger.dll.CommonComponents Spyware

Removing Keylogger.dll.CommonComponents
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.

How to detect Keylogger.dll.CommonComponents:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{252a0afd-ba48-4ca3-98ad-022b58bd0185}
HKEY_CLASSES_ROOT\clsid\{3d1f63a7-ce32-46ec-8e45-53733227e71b}
HKEY_CLASSES_ROOT\clsid\{552d3df3-f32a-459a-8c26-45ad5c1d987c}
HKEY_CLASSES_ROOT\clsid\{69b1417c-a1eb-4049-86b8-9cbe318e2b1d}
HKEY_CLASSES_ROOT\clsid\{6b8443a7-e6c9-432d-8ad2-43728f696168}
HKEY_CLASSES_ROOT\clsid\{761ea5d9-5171-432d-99a7-282109373eb8}
HKEY_CLASSES_ROOT\clsid\{83c02270-7bc9-444e-adbf-e7aeba849154}
HKEY_CLASSES_ROOT\clsid\{8b7971f3-4bd8-43a4-a432-5a80db640ba9}
HKEY_CLASSES_ROOT\clsid\{bdaeb579-3b30-46bf-9bfd-d2f48862bb84}
HKEY_CLASSES_ROOT\clsid\{bf9bced1-67f2-43de-8351-16df6520b7bc}
HKEY_CLASSES_ROOT\clsid\{f4c9fa0b-4e73-41b4-bbbb-b680ab4f9c9d}
HKEY_CLASSES_ROOT\nicerecorderdll.aboutbox
HKEY_CLASSES_ROOT\nicerecorderdll.aboutbox.1
HKEY_CLASSES_ROOT\nicerecorderdll.explorer
HKEY_CLASSES_ROOT\nicerecorderdll.explorer.1
HKEY_CLASSES_ROOT\nicerecorderdll.hotkeycontrol
HKEY_CLASSES_ROOT\nicerecorderdll.hotkeycontrol.1
HKEY_CLASSES_ROOT\nicerecorderdll.loginbox
HKEY_CLASSES_ROOT\nicerecorderdll.loginbox.1
HKEY_CLASSES_ROOT\nicerecorderdll.mailsetting
HKEY_CLASSES_ROOT\nicerecorderdll.mailsetting.1
HKEY_CLASSES_ROOT\nicerecorderdll.monitorcontrol
HKEY_CLASSES_ROOT\nicerecorderdll.monitorcontrol.1
HKEY_CLASSES_ROOT\nicerecorderdll.passwordcontrol
HKEY_CLASSES_ROOT\nicerecorderdll.passwordcontrol.1
HKEY_CLASSES_ROOT\nicerecorderdll.registerbox
HKEY_CLASSES_ROOT\nicerecorderdll.registerbox.1
HKEY_CLASSES_ROOT\nicerecorderdll.registertip
HKEY_CLASSES_ROOT\nicerecorderdll.registertip.1
HKEY_CLASSES_ROOT\nicerecorderdll.setpasswordbox
HKEY_CLASSES_ROOT\nicerecorderdll.setpasswordbox.1
HKEY_CLASSES_ROOT\nicerecorderdll.settingbox
HKEY_CLASSES_ROOT\nicerecorderdll.settingbox.1

Removing Keylogger.dll.CommonComponents:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Phantom.of.the.Keyboard Spyware Removal instruction

Posted by at No comments:

Spedia.Surf+ BHO

Removing Spedia.Surf+
Categories: BHO
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.

How to detect Spedia.Surf+:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{84b71424-b020-11d4-b198-000102c6d473}

Removing Spedia.Surf+:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
PC.Weasel Spyware Removal instruction

Posted by at No comments:

Vxidl.AVP Trojan

Removing Vxidl.AVP
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\inf\msview.inf
[%WINDOWS%]\inf\msview.inf

How to detect Vxidl.AVP:

Files:
[%WINDOWS%]\inf\msview.inf
[%WINDOWS%]\inf\msview.inf

Removing Vxidl.AVP:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Red.Spider RAT Removal instruction
JScript.Destroyer98 Hacker Tool Removal

Posted by at No comments:

Agent.li Downloader

Removing Agent.li
Categories: Downloader
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

How to detect Agent.li:

Registry Keys:
HKEY_LOCAL_MACHINE\software\ptssa

Removing Agent.li:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
PSW.MiniLD.exe Trojan Removal
Remote.Command.Router Trojan Information
Efno Trojan Removal

Posted by at No comments:

Pohlup Trojan

Removing Pohlup
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Pohlup Also known as:

[Kaspersky]Trojan.Win32.BHO.e;
[McAfee]Generic BackDoor.h;
[Other]Trojan.Dropper,Troj/BHO-BP,TROJ_BHO.DJ,W32/BHO.RQ,Win32/Pohlup.A

How to detect Pohlup:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{f04d16e3-7236-49c4-85ec-d65769b2cf10}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{f04d16e3-7236-49c4-85ec-d65769b2cf10}

Removing Pohlup:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Annoy Trojan
Comforest Trojan Information

Posted by at No comments:

WurldMedia.Mo Hijacker

Removing WurldMedia.Mo
Categories: Hijacker
Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\mo030414s.dll
[%SYSTEM%]\moconfig.exe
[%WINDOWS%]\system\mo030414s.dll
[%WINDOWS%]\system\moconfig.exe
[%SYSTEM%]\mo030414s.dll
[%SYSTEM%]\moconfig.exe
[%WINDOWS%]\system\mo030414s.dll
[%WINDOWS%]\system\moconfig.exe

How to detect WurldMedia.Mo:

Files:
[%SYSTEM%]\mo030414s.dll
[%SYSTEM%]\moconfig.exe
[%WINDOWS%]\system\mo030414s.dll
[%WINDOWS%]\system\moconfig.exe
[%SYSTEM%]\mo030414s.dll
[%SYSTEM%]\moconfig.exe
[%WINDOWS%]\system\mo030414s.dll
[%WINDOWS%]\system\moconfig.exe

Removing WurldMedia.Mo:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Adult.Material Adware
MGTU Trojan Removal

Posted by at No comments:

SillyDl.DNI Trojan

Removing SillyDl.DNI
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
SillyDl.DNI Also known as:

[Kaspersky]Trojan-Downloader.Win32.Agent.avf;
[McAfee]Generic Downloader.h;
[F-Prot]W32/Dlr-Trojan-Malware-based!Maximus;
[Other]Win32/SillyDl.DNI,Trojan.Adclicker,TrojanClicker:Win32/Agent.ET,W32/Agent.BNSN,TROJ_AGENT.QGX,Mal/Heuri-E
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\wnset.exe
[%PROFILE_TEMP%]\wnset.exe

How to detect SillyDl.DNI:

Files:
[%PROFILE_TEMP%]\wnset.exe
[%PROFILE_TEMP%]\wnset.exe

Removing SillyDl.DNI:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bancos.TE!downloader Trojan Symptoms
Zlob.Fam.SuperCodec Trojan Symptoms
Wincontrol Trojan Removal

Posted by at No comments:

Chopenoz Trojan

Removing Chopenoz
Categories: Trojan,Downloader
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Trojans-downloaders downloads and installs new malware or adware on the computer.

Chopenoz Also known as:

[Kaspersky]Trojan-Downlaoder.Win32.CWS.at,Trojan-Downloader.Win32.CWS.al,Trojan-Downloader.Win32.CWS.s;
[McAfee]Downloader-ARQ;
[Panda]Trj/Downloader.FY,Trj/Legmir.D,Trj/Downloader.ON,Trj/Downloader.DJ;
[Computer Associates]Win32.Chopenoz.F,Win32.Chopenoz.G,Win32/Chopenoz.66048!Trojan,Win32.Chopenoz.B;
[Other]Win32/Chopenoz!generic,Trojan.KillAV,Win32/Chopenoz.BH,Win32/Chopenoz.AW,Trojan.Bookmarker
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\services\msxmidi.exe
[%SYSTEM%]\services\wmplayer.exe
[%WINDOWS%]\inetm\1.00.04.dll
[%WINDOWS%]\inetm\crontab.ini
[%WINDOWS%]\inetm\id.ini
[%WINDOWS%]\inetm\keywords.ini
[%WINDOWS%]\inetm\services.exe
[%WINDOWS%]\inetm\sl.ini
[%WINDOWS%]\inetm\titles.ini
[%WINDOWS%]\system\services\msxmidi.exe
[%WINDOWS%]\system\services\y.exe
[%WINDOWS%]\t\services.exe
[%SYSTEM%]\services\msxmidi.exe
[%SYSTEM%]\services\wmplayer.exe
[%WINDOWS%]\inetm\1.00.04.dll
[%WINDOWS%]\inetm\crontab.ini
[%WINDOWS%]\inetm\id.ini
[%WINDOWS%]\inetm\keywords.ini
[%WINDOWS%]\inetm\services.exe
[%WINDOWS%]\inetm\sl.ini
[%WINDOWS%]\inetm\titles.ini
[%WINDOWS%]\system\services\msxmidi.exe
[%WINDOWS%]\system\services\y.exe
[%WINDOWS%]\t\services.exe

How to detect Chopenoz:

Files:
[%SYSTEM%]\services\msxmidi.exe
[%SYSTEM%]\services\wmplayer.exe
[%WINDOWS%]\inetm\1.00.04.dll
[%WINDOWS%]\inetm\crontab.ini
[%WINDOWS%]\inetm\id.ini
[%WINDOWS%]\inetm\keywords.ini
[%WINDOWS%]\inetm\services.exe
[%WINDOWS%]\inetm\sl.ini
[%WINDOWS%]\inetm\titles.ini
[%WINDOWS%]\system\services\msxmidi.exe
[%WINDOWS%]\system\services\y.exe
[%WINDOWS%]\t\services.exe
[%SYSTEM%]\services\msxmidi.exe
[%SYSTEM%]\services\wmplayer.exe
[%WINDOWS%]\inetm\1.00.04.dll
[%WINDOWS%]\inetm\crontab.ini
[%WINDOWS%]\inetm\id.ini
[%WINDOWS%]\inetm\keywords.ini
[%WINDOWS%]\inetm\services.exe
[%WINDOWS%]\inetm\sl.ini
[%WINDOWS%]\inetm\titles.ini
[%WINDOWS%]\system\services\msxmidi.exe
[%WINDOWS%]\system\services\y.exe
[%WINDOWS%]\t\services.exe

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Chopenoz:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Fizzle.Wizzle.Entertainment.Searchbar Toolbar Information
Close.UpDownloader RAT Symptoms
Vdrw.Class.Reg.Key BHO Cleaner
Avocado.ServerDLL Trojan Removal instruction

Posted by at No comments:

Randex.E Trojan

Removing Randex.E
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Visible Symptoms:
Files in system folders:
[%PROFILE%]\cmd.exe
[%PROFILE%]\start
[%PROFILE%]\cmd.exe
[%PROFILE%]\start

How to detect Randex.E:

Files:
[%PROFILE%]\cmd.exe
[%PROFILE%]\start
[%PROFILE%]\cmd.exe
[%PROFILE%]\start

Removing Randex.E:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Borlander Downloader Removal
Remove Pigeon.AWKK Trojan
Nexus Trojan Cleaner
Aqua Trojan Cleaner
LowerMyBills.com Tracking Cookie Removal

Posted by at No comments:

Ludepo Trojan

Removing Ludepo
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\3797\gm.exe
[%WINDOWS%]\TEMP\21737\gm.exe
[%PROFILE_TEMP%]\3797\gm.exe
[%WINDOWS%]\TEMP\21737\gm.exe

How to detect Ludepo:

Files:
[%PROFILE_TEMP%]\3797\gm.exe
[%WINDOWS%]\TEMP\21737\gm.exe
[%PROFILE_TEMP%]\3797\gm.exe
[%WINDOWS%]\TEMP\21737\gm.exe

Removing Ludepo:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Vampire Trojan Symptoms
Removing SaveNow.Download Adware
Bancos.HUA Trojan Information
Remove Bancos.ETW Trojan
Media.Tickets Spyware Symptoms

Posted by at No comments:

PWS.Mafia Trojan

Removing PWS.Mafia
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
PWS.Mafia Also known as:

[Kaspersky]Trojan-PSW.Win32.Bumaf.c;
[McAfee]PWS-Mafia;
[Other]Infostealer.Salira
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\winrarshell32.exe
[%WINDOWS%]\backup.exe
[%SYSTEM%]\winrarshell32.exe
[%WINDOWS%]\backup.exe

How to detect PWS.Mafia:

Files:
[%SYSTEM%]\winrarshell32.exe
[%WINDOWS%]\backup.exe
[%SYSTEM%]\winrarshell32.exe
[%WINDOWS%]\backup.exe

Registry Keys:
HKEY_CURRENT_USER\software\bgm

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing PWS.Mafia:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
VBS.Startpage Trojan Symptoms
modchipstore.com Tracking Cookie Cleaner

Posted by at No comments:
Subscribe to: Posts (Atom)