Tuesday, December 9, 2008

Trust BHO

Removing Trust
Categories: BHO,Hijacker,Toolbar
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.
Visible Symptoms:
Files in system folders:
[%COMMON_PROGRAMS%]\TrustToolbar\Online Help.url
[%PROFILE_TEMP%]\trusttoolbar.exe
[%SYSTEM%]\config\systemprofile\Start Menu\Programs\TrustToolbar\Online Help.url
[%SYSTEM%]\srhook.dll
[%SYSTEM%]\ttbbho.dll
[%SYSTEM%]\ttbsetup.exe
[%SYSTEM%]\ttbsreb.dll
[%SYSTEM%]\wvo_ctrl.exe
[%SYSTEM%]\wvo_util.dll
[%COMMON_PROGRAMS%]\TrustToolbar\Online Help.url
[%PROFILE_TEMP%]\trusttoolbar.exe
[%SYSTEM%]\config\systemprofile\Start Menu\Programs\TrustToolbar\Online Help.url
[%SYSTEM%]\srhook.dll
[%SYSTEM%]\ttbbho.dll
[%SYSTEM%]\ttbsetup.exe
[%SYSTEM%]\ttbsreb.dll
[%SYSTEM%]\wvo_ctrl.exe
[%SYSTEM%]\wvo_util.dll

How to detect Trust:

Files:
[%COMMON_PROGRAMS%]\TrustToolbar\Online Help.url
[%PROFILE_TEMP%]\trusttoolbar.exe
[%SYSTEM%]\config\systemprofile\Start Menu\Programs\TrustToolbar\Online Help.url
[%SYSTEM%]\srhook.dll
[%SYSTEM%]\ttbbho.dll
[%SYSTEM%]\ttbsetup.exe
[%SYSTEM%]\ttbsreb.dll
[%SYSTEM%]\wvo_ctrl.exe
[%SYSTEM%]\wvo_util.dll
[%COMMON_PROGRAMS%]\TrustToolbar\Online Help.url
[%PROFILE_TEMP%]\trusttoolbar.exe
[%SYSTEM%]\config\systemprofile\Start Menu\Programs\TrustToolbar\Online Help.url
[%SYSTEM%]\srhook.dll
[%SYSTEM%]\ttbbho.dll
[%SYSTEM%]\ttbsetup.exe
[%SYSTEM%]\ttbsreb.dll
[%SYSTEM%]\wvo_ctrl.exe
[%SYSTEM%]\wvo_util.dll

Folders:
[%PROGRAMS%]\trusttoolbar

Registry Keys:
HKEY_CLASSES_ROOT\.wvo
HKEY_CLASSES_ROOT\clsid\{21c066eb-1e61-4ab1-98ae-fc102f30b5c7}
HKEY_CLASSES_ROOT\clsid\{2c2c1bed-5b1c-4bf2-bc2a-86bf224b01ab}
HKEY_CLASSES_ROOT\clsid\{4c1f4ce1-57bf-4dfd-baff-58b825254e6b}
HKEY_CLASSES_ROOT\clsid\{bd49a497-f9cb-4c47-8606-ac420efb68c3}
HKEY_CLASSES_ROOT\interface\{c7851188-e89f-435c-a7f2-604a241a4282}
HKEY_CLASSES_ROOT\interface\{e0708144-8950-4d8a-ba61-45abd7b52984}
HKEY_CLASSES_ROOT\trusttoolbar
HKEY_CLASSES_ROOT\ttbbho.trusttoolbabho
HKEY_CLASSES_ROOT\ttbbho.trusttoolbabho.1
HKEY_CLASSES_ROOT\ttbwebinstaller.webinstaller
HKEY_CLASSES_ROOT\ttbwebinstaller.webinstaller.1
HKEY_CLASSES_ROOT\typelib\{ba07cf38-b8a7-41e7-806c-c079e6f80c67}
HKEY_CLASSES_ROOT\webvisibleobject
HKEY_CURRENT_USER\software\comodo\ttbsettings
HKEY_CURRENT_USER\software\comodo\wvo
HKEY_LOCAL_MACHINE\software\comodo\wvo
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\explorer bars\{4c1f4ce1-57bf-4dfd-baff-58b825254e6b}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{8ba1adb8-5b71-47ef-9663-6b68eb3ca9fa}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\webvisibleobject

Registry Values:
HKEY_CLASSES_ROOT\searchhook.urlsearchhook.1\clsid
HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{093caf40-3ba6-4071-a050-e830cbdc6480}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{093caf40-3ba6-4071-a050-e830cbdc6480}\contains\files
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{093caf40-3ba6-4071-a050-e830cbdc6480}\downloadinformation
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{093caf40-3ba6-4071-a050-e830cbdc6480}\downloadinformation
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{093caf40-3ba6-4071-a050-e830cbdc6480}\installedversion
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\approved

Removing Trust:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SillyDl.CLT Trojan Information
Small.an Trojan Removal
Pigeon.AJK Trojan Cleaner
NewtonKnows Adware Removal instruction

Posted by at No comments:

Bancos.HGA Trojan

Removing Bancos.HGA
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Bancos.HGA Also known as:

[Kaspersky]Trojan-Spy.Win32.Banker.byu;
[Other]Win32/Bancos.HGA
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\dllvirtual.exe
[%SYSTEM%]\dllvirtual.exe

How to detect Bancos.HGA:

Files:
[%SYSTEM%]\dllvirtual.exe
[%SYSTEM%]\dllvirtual.exe

Removing Bancos.HGA:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Conspy Trojan Removal

Posted by at No comments:

SingaRaja Hacker Tool

Removing SingaRaja
Categories: Hacker Tool,DoS
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.
DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.


SingaRaja Also known as:

[Kaspersky]Flooder.MailSpam.Singa;
[F-Prot]->sgr.exe
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\pft1e.tmp\redist\wintdist.exe
[%PROGRAMS%]\123 wasp\help.lnk
[%PROGRAMS%]\123 wasp\license.lnk
[%PROGRAM_FILES%]\123wasp\123wasp.exe
[%PROGRAM_FILES%]\123wasp\help.htm
[%PROGRAM_FILES%]\ares lite edition\ares.exe
[%PROGRAM_FILES%]\ares\ares.exe
[%PROFILE_TEMP%]\pft1e.tmp\redist\wintdist.exe
[%PROGRAMS%]\123 wasp\help.lnk
[%PROGRAMS%]\123 wasp\license.lnk
[%PROGRAM_FILES%]\123wasp\123wasp.exe
[%PROGRAM_FILES%]\123wasp\help.htm
[%PROGRAM_FILES%]\ares lite edition\ares.exe
[%PROGRAM_FILES%]\ares\ares.exe

How to detect SingaRaja:

Files:
[%PROFILE_TEMP%]\pft1e.tmp\redist\wintdist.exe
[%PROGRAMS%]\123 wasp\help.lnk
[%PROGRAMS%]\123 wasp\license.lnk
[%PROGRAM_FILES%]\123wasp\123wasp.exe
[%PROGRAM_FILES%]\123wasp\help.htm
[%PROGRAM_FILES%]\ares lite edition\ares.exe
[%PROGRAM_FILES%]\ares\ares.exe
[%PROFILE_TEMP%]\pft1e.tmp\redist\wintdist.exe
[%PROGRAMS%]\123 wasp\help.lnk
[%PROGRAMS%]\123 wasp\license.lnk
[%PROGRAM_FILES%]\123wasp\123wasp.exe
[%PROGRAM_FILES%]\123wasp\help.htm
[%PROGRAM_FILES%]\ares lite edition\ares.exe
[%PROGRAM_FILES%]\ares\ares.exe

Folders:
[%PROFILE%]\start menu\programs\123 wasp
[%PROGRAM_FILES%]\Ares Galaxy FasterDownload\Ares Galaxy FasterDownload.exe
[%PROGRAM_FILES%]\Ares Galaxy FasterDownload\NNGLZA638.EXE
[%PROGRAM_FILES%]\Ares Galaxy FasterDownload\packet.dll
[%PROGRAM_FILES%]\Ares Galaxy FasterDownload\Skin.bmp
[%PROGRAM_FILES%]\Ares Galaxy FasterDownload\SkinAbout.bmp
[%PROGRAM_FILES%]\Ares Galaxy FasterDownload\unins000.dat
[%PROGRAM_FILES%]\Ares Galaxy FasterDownload\unins000.exe
[%PROGRAM_FILES%]\Ares Lite Edition\data
[%PROGRAM_FILES%]\Ares Lite Edition\lang
[%PROGRAM_FILES%]\Ares\data
[%PROGRAM_FILES%]\Ares\lang
[%SYSTEM%]\sporder.dll
[%WINDOWS%]\NDNuninstall6_38.exe

Registry Keys:
HKEY_CLASSES_ROOT\ares.collectionlist
HKEY_CURRENT_USER\software\ares
HKEY_CURRENT_USER\software\areslite
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\123 write all stored passwords
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ares
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\areslite

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing SingaRaja:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
NetTaxi RAT Information
Removing IEBAR Hijacker
Removing Bancos.IMY Trojan
Ystl Trojan Removal instruction
Removing Americlicks Hijacker

Posted by at No comments:

Backdoor.VB.Unknown!Server Trojan

Removing Backdoor.VB.Unknown!Server
Categories: Trojan,Backdoor
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Backdoor.VB.Unknown!Server Also known as:

[Kaspersky]Backdoor.VB.gen;
[Panda]Backdoor Program,Bck/Lemak.A,Trojan Horse
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\itjrm.txt
[%WINDOWS%]\jcvzs.dat
[%SYSTEM%]\itjrm.txt
[%WINDOWS%]\jcvzs.dat

How to detect Backdoor.VB.Unknown!Server:

Files:
[%SYSTEM%]\itjrm.txt
[%WINDOWS%]\jcvzs.dat
[%SYSTEM%]\itjrm.txt
[%WINDOWS%]\jcvzs.dat

Removing Backdoor.VB.Unknown!Server:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Digital.Death Trojan Cleaner
Opalcot Trojan Removal
Deaf Trojan Removal instruction
Removing Remote.Storm Backdoor

Posted by at No comments:

Zlob.Fam.Video Access ActiveX Object Trojan

Removing Zlob.Fam.Video Access ActiveX Object
Categories: Trojan,Popups
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
The pop-ups generally will not be stopped by pop-up stoppers, and often are
not dependent on your having Internet Explorer open.

How to detect Zlob.Fam.Video Access ActiveX Object:

Folders:
[%PROGRAM_FILES%]\Video Access ActiveX Object

Registry Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Access ActiveX Object

Removing Zlob.Fam.Video Access ActiveX Object:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.EGW Trojan Symptoms

Posted by at No comments:

AdBreak.FHFMM BHO

Removing AdBreak.FHFMM
Categories: BHO
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\fhfmm.exe
[%WINDOWS%]\fhfmm-Uninstaller.exe
[%WINDOWS%]\fhfmm.dll
[%WINDOWS%]\fhfmm.txt
[%WINDOWS%]\fhfmm1.tmp
[%WINDOWS%]\fhfmm2.tmp
[%WINDOWS%]\fhfmm3.tmp
[%WINDOWS%]\liqui-Uninstaller.exe
[%WINDOWS%]\fhfmm.exe
[%WINDOWS%]\fhfmm-Uninstaller.exe
[%WINDOWS%]\fhfmm.dll
[%WINDOWS%]\fhfmm.txt
[%WINDOWS%]\fhfmm1.tmp
[%WINDOWS%]\fhfmm2.tmp
[%WINDOWS%]\fhfmm3.tmp
[%WINDOWS%]\liqui-Uninstaller.exe

How to detect AdBreak.FHFMM:

Files:
[%WINDOWS%]\fhfmm.exe
[%WINDOWS%]\fhfmm-Uninstaller.exe
[%WINDOWS%]\fhfmm.dll
[%WINDOWS%]\fhfmm.txt
[%WINDOWS%]\fhfmm1.tmp
[%WINDOWS%]\fhfmm2.tmp
[%WINDOWS%]\fhfmm3.tmp
[%WINDOWS%]\liqui-Uninstaller.exe
[%WINDOWS%]\fhfmm.exe
[%WINDOWS%]\fhfmm-Uninstaller.exe
[%WINDOWS%]\fhfmm.dll
[%WINDOWS%]\fhfmm.txt
[%WINDOWS%]\fhfmm1.tmp
[%WINDOWS%]\fhfmm2.tmp
[%WINDOWS%]\fhfmm3.tmp
[%WINDOWS%]\liqui-Uninstaller.exe

Removing AdBreak.FHFMM:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove The.Cow.Remover RAT

Posted by at No comments:

Spybot Trojan

Removing Spybot
Categories: Trojan,Worm,Backdoor,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Worms can be classified by installation method, launch method and finally according
to characteristics standard to all malware: polymorphism, stealth etc.

Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.
Spybot Also known as:

[Kaspersky]Backdoor.IRCBot.gen,Backdoor.Spyboter.gen,Worm.P2P.SpyBot.gen;
[Eset]Win32/SpyBot.WP worm,Win32/SpyBot.GA worm;
[Panda]W32/Spybot.gen.worm,Backdoor Program;
[Computer Associates]Win32/SpyBot.Variant!P2P!Worm,Win32.Spybot.PP,Win32/P2P.SpyBot.Worm,Win32.Spybot.IA,Win32/Spybot.Worm
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\winclean.exe
[%SYSTEM%]\winclean.exe

How to detect Spybot:

Files:
[%SYSTEM%]\winclean.exe
[%SYSTEM%]\winclean.exe

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Removing Spybot:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
WhenU Adware Removal
MouseDisable Trojan Removal instruction

Posted by at No comments:

AntiSpyStorm Ransomware

Removing AntiSpyStorm
Categories: Ransomware
The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.
Visible Symptoms:
Files in system folders:
[%COMMON_DESKTOPDIRECTORY%]\AntispyStorm.lnk
[%PROGRAM_FILES%]\AntispyStorm\AntispyStorm.exe
[%COMMON_DESKTOPDIRECTORY%]\AntispyStorm.lnk
[%PROGRAM_FILES%]\AntispyStorm\AntispyStorm.exe

How to detect AntiSpyStorm:

Files:
[%COMMON_DESKTOPDIRECTORY%]\AntispyStorm.lnk
[%PROGRAM_FILES%]\AntispyStorm\AntispyStorm.exe
[%COMMON_DESKTOPDIRECTORY%]\AntispyStorm.lnk
[%PROGRAM_FILES%]\AntispyStorm\AntispyStorm.exe

Folders:
[%APPDATA%]\AntispyStorm
[%COMMON_PROGRAMS%]\AntispyStorm
[%PROGRAM_FILES%]\AntispyStorm

Registry Keys:
HKEY_CLASSES_ROOT\as_ie_monitor.ie_monitor
HKEY_CLASSES_ROOT\CLSID\{0723CAE4-C2AB-4995-B749-6BC9BE984564}
HKEY_CLASSES_ROOT\CLSID\{EA201C93-F34A-47A5-B65D-AA7C95068E92}
HKEY_CLASSES_ROOT\Interface\{4619EC5B-EF8F-44E9-9A74-6E7B5F1C4188}
HKEY_CLASSES_ROOT\Interface\{EFBD98B0-0C01-4325-85F8-5E791AB33570}
HKEY_CLASSES_ROOT\mdReg.clsReg
HKEY_CLASSES_ROOT\TypeLib\{C8EBBFFA-881D-4F15-9D29-7435462E4294}
HKEY_CLASSES_ROOT\TypeLib\{D8478214-61AD-4C83-9D76-2BE980A51452}
HKEY_LOCAL_MACHINE\SOFTWARE\AntispyStorm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntispyStorm

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Removing AntiSpyStorm:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Ehg.wetseal.hitbox Tracking Cookie Removal instruction
Bat.Bulbas Trojan Symptoms
Recub.Server Trojan Symptoms
Remove Bancos.FYP Trojan

Posted by at No comments:

CSApp.dll BHO

Removing CSApp.dll
Categories: BHO
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\csapp.dll
[%WINDOWS%]\system\csapp.dll
[%SYSTEM%]\csapp.dll
[%WINDOWS%]\system\csapp.dll

How to detect CSApp.dll:

Files:
[%SYSTEM%]\csapp.dll
[%WINDOWS%]\system\csapp.dll
[%SYSTEM%]\csapp.dll
[%WINDOWS%]\system\csapp.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{cd209a08-98b5-4669-af9f-447ac5253356}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{cd209a08-98b5-4669-af9f-447ac5253356}
HKEY_LOCAL_MACHINE\software\classes\clsid\{cd209a08-98b5-4669-af9f-447ac5253356}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{cd209a08-98b5-4669-af9f-447ac5253356}

Removing CSApp.dll:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
keylogger.keycollector Spyware Information
Remote.Desktop RAT Symptoms
Ramzdor Backdoor Information

Posted by at No comments:

Ads.adsag Tracking Cookie

Removing Ads.adsag
Categories: Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

If you fill out forms online with your real name and contact information,
click on banners and then purchase an item, or fill out sweepstakes or contests forms,
then it's possible that major online advertisers know your name and have associated it
with your IP address and other information.

How to detect Ads.adsag:

Registry Keys:
HKEY_CURRENT_USER\network\recent

Removing Ads.adsag:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Formov Trojan
SillyDl.CDY Trojan Cleaner
Remove SillyDl.AFX Trojan
SillyDl.AZG Trojan Symptoms
Remove Prado Trojan

Posted by at No comments:

VirusBlast Trojan

Removing VirusBlast
Categories: Trojan,Ransomware
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe software that encrypts the data
belonging to an individual on a computer, demanding a ransom for its restoration.
Although the field known as cryptovirology predates the term "ransomware".
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\Ad-Protect\Plugins\MessengerControl\MessengerControl.dll
[%PROGRAM_FILES%]\Ad-Protect\Plugins\StartupEditor\StartupEditor.dll
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\VirusBlaster v5.0.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\VirusBlasters v5.0.lnk
[%DESKTOP%]\VirusBlaster v5.0.lnk
[%DESKTOP%]\VirusBlasters v5.0.lnk
[%PROGRAM_FILES%]\VirusBlaster\BlastIEmonitor.dll
[%PROGRAM_FILES%]\VirusBlast\BlastIEmonitor.dll
[%PROGRAM_FILES%]\VirusBlast\Logs\vblast_activity-10142006-152408.log
[%PROGRAM_FILES%]\VirusBlast\Logs\vblast_activity-10202006-184815.log
[%PROGRAM_FILES%]\VirusBlast\Logs\vblast_activity-10202006-191014.log
[%PROGRAM_FILES%]\VirusBlast\Logs\vblast_activity-10202006-191508.log
[%PROGRAM_FILES%]\VirusBlast\Logs\vblast_activity-10202006-195201.log
[%PROGRAM_FILES%]\VirusBlast\Logs\vblast_activity-10242006-232620.log
[%PROGRAM_FILES%]\VirusBlast\msvcr71.dll
[%PROGRAM_FILES%]\VirusBlast\sdebug.log
[%PROGRAM_FILES%]\VirusBlast\VirusBlast.exe
[%STARTMENU%]\VirusBlast v5.0.lnk
[%STARTMENU%]\VirusBlaster v5.0.lnk
[%STARTMENU%]\VirusBlasters v5.0.lnk
[%DESKTOP%]\VirusBlast v5.0.lnk
[%PROGRAM_FILES%]\Ad-Protect\Plugins\MessengerControl\MessengerControl.dll
[%PROGRAM_FILES%]\Ad-Protect\Plugins\StartupEditor\StartupEditor.dll
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\VirusBlaster v5.0.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\VirusBlasters v5.0.lnk
[%DESKTOP%]\VirusBlaster v5.0.lnk
[%DESKTOP%]\VirusBlasters v5.0.lnk
[%PROGRAM_FILES%]\VirusBlaster\BlastIEmonitor.dll
[%PROGRAM_FILES%]\VirusBlast\BlastIEmonitor.dll
[%PROGRAM_FILES%]\VirusBlast\Logs\vblast_activity-10142006-152408.log
[%PROGRAM_FILES%]\VirusBlast\Logs\vblast_activity-10202006-184815.log
[%PROGRAM_FILES%]\VirusBlast\Logs\vblast_activity-10202006-191014.log
[%PROGRAM_FILES%]\VirusBlast\Logs\vblast_activity-10202006-191508.log
[%PROGRAM_FILES%]\VirusBlast\Logs\vblast_activity-10202006-195201.log
[%PROGRAM_FILES%]\VirusBlast\Logs\vblast_activity-10242006-232620.log
[%PROGRAM_FILES%]\VirusBlast\msvcr71.dll
[%PROGRAM_FILES%]\VirusBlast\sdebug.log
[%PROGRAM_FILES%]\VirusBlast\VirusBlast.exe
[%STARTMENU%]\VirusBlast v5.0.lnk
[%STARTMENU%]\VirusBlaster v5.0.lnk
[%STARTMENU%]\VirusBlasters v5.0.lnk
[%DESKTOP%]\VirusBlast v5.0.lnk

How to detect VirusBlast:

Files:
[%PROGRAM_FILES%]\Ad-Protect\Plugins\MessengerControl\MessengerControl.dll
[%PROGRAM_FILES%]\Ad-Protect\Plugins\StartupEditor\StartupEditor.dll
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\VirusBlaster v5.0.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\VirusBlasters v5.0.lnk
[%DESKTOP%]\VirusBlaster v5.0.lnk
[%DESKTOP%]\VirusBlasters v5.0.lnk
[%PROGRAM_FILES%]\VirusBlaster\BlastIEmonitor.dll
[%PROGRAM_FILES%]\VirusBlast\BlastIEmonitor.dll
[%PROGRAM_FILES%]\VirusBlast\Logs\vblast_activity-10142006-152408.log
[%PROGRAM_FILES%]\VirusBlast\Logs\vblast_activity-10202006-184815.log
[%PROGRAM_FILES%]\VirusBlast\Logs\vblast_activity-10202006-191014.log
[%PROGRAM_FILES%]\VirusBlast\Logs\vblast_activity-10202006-191508.log
[%PROGRAM_FILES%]\VirusBlast\Logs\vblast_activity-10202006-195201.log
[%PROGRAM_FILES%]\VirusBlast\Logs\vblast_activity-10242006-232620.log
[%PROGRAM_FILES%]\VirusBlast\msvcr71.dll
[%PROGRAM_FILES%]\VirusBlast\sdebug.log
[%PROGRAM_FILES%]\VirusBlast\VirusBlast.exe
[%STARTMENU%]\VirusBlast v5.0.lnk
[%STARTMENU%]\VirusBlaster v5.0.lnk
[%STARTMENU%]\VirusBlasters v5.0.lnk
[%DESKTOP%]\VirusBlast v5.0.lnk
[%PROGRAM_FILES%]\Ad-Protect\Plugins\MessengerControl\MessengerControl.dll
[%PROGRAM_FILES%]\Ad-Protect\Plugins\StartupEditor\StartupEditor.dll
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\VirusBlaster v5.0.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\VirusBlasters v5.0.lnk
[%DESKTOP%]\VirusBlaster v5.0.lnk
[%DESKTOP%]\VirusBlasters v5.0.lnk
[%PROGRAM_FILES%]\VirusBlaster\BlastIEmonitor.dll
[%PROGRAM_FILES%]\VirusBlast\BlastIEmonitor.dll
[%PROGRAM_FILES%]\VirusBlast\Logs\vblast_activity-10142006-152408.log
[%PROGRAM_FILES%]\VirusBlast\Logs\vblast_activity-10202006-184815.log
[%PROGRAM_FILES%]\VirusBlast\Logs\vblast_activity-10202006-191014.log
[%PROGRAM_FILES%]\VirusBlast\Logs\vblast_activity-10202006-191508.log
[%PROGRAM_FILES%]\VirusBlast\Logs\vblast_activity-10202006-195201.log
[%PROGRAM_FILES%]\VirusBlast\Logs\vblast_activity-10242006-232620.log
[%PROGRAM_FILES%]\VirusBlast\msvcr71.dll
[%PROGRAM_FILES%]\VirusBlast\sdebug.log
[%PROGRAM_FILES%]\VirusBlast\VirusBlast.exe
[%STARTMENU%]\VirusBlast v5.0.lnk
[%STARTMENU%]\VirusBlaster v5.0.lnk
[%STARTMENU%]\VirusBlasters v5.0.lnk
[%DESKTOP%]\VirusBlast v5.0.lnk

Folders:
[%PROGRAM_FILES%]\VirusBlast
[%PROGRAMS%]\VirusBlaster
[%PROGRAMS%]\VirusBlasters
[%PROGRAM_FILES%]\VirusBlaster
[%PROGRAM_FILES%]\VirusBlasters
[%PROGRAMS%]\VirusBlast

Registry Keys:
HKEY_CLASSES_ROOT\AppID\{490E7D57-1FC1-4ea6-BD52-483B7271B223}
HKEY_CLASSES_ROOT\AppID\{9DA1990B-9BCA-4c80-AEFB-11A40FA849F9}
HKEY_CLASSES_ROOT\CLSID\{0D0FAB5C-2BE4-4126-A28E-828FEBCE1E55}
HKEY_CLASSES_ROOT\CLSID\{1F6FE2C2-6040-4645-9053-7F689AFFE176}
HKEY_CLASSES_ROOT\CLSID\{9DA04BBD-71BB-020C-436E-42FECBB98F05}
HKEY_CLASSES_ROOT\CLSID\{E6B4AB50-F423-4EE6-9839-B35DCFCDFA49}
HKEY_CLASSES_ROOT\Interface\{1131081D-81ED-46F0-8B03-B728AEAFFD12}
HKEY_CLASSES_ROOT\Interface\{214345B8-BB69-498D-A168-29F58F15D806}
HKEY_CLASSES_ROOT\Interface\{E6B4AB50-F423-4EE6-9839-B35DCFCDFA49}
HKEY_CLASSES_ROOT\TypeLib\{283ED043-D403-4808-BF28-FCDE29DCF1FB}
HKEY_CLASSES_ROOT\TypeLib\{80ED1EB2-55FB-4434-BD41-E1645A370158}
HKEY_CLASSES_ROOT\AppID\ad-protect.EXE
HKEY_CLASSES_ROOT\AppID\IEControl.DLL
HKEY_CLASSES_ROOT\CLSID\{3E5E5F84-A73E-0D84-0398-B7E18E4B2B84}
HKEY_CLASSES_ROOT\IEControl.IEExtension
HKEY_CLASSES_ROOT\IEControl.IEExtension.1
HKEY_CLASSES_ROOT\VB.Server
HKEY_CLASSES_ROOT\VB.Server.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusBlasters.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F6FE2C2-6040-4645-9053-7F689AFFE176}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBlaster
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBlasters
HKEY_LOCAL_MACHINE\SOFTWARE\VirusBlaster
HKEY_LOCAL_MACHINE\SOFTWARE\VirusBlasters
HKEY_CLASSES_ROOT\appid\{490e7d57-1fc1-4ea6-bd52-483b7271b223}
HKEY_CLASSES_ROOT\clsid\{0d0fab5c-2be4-4126-a28e-828febce1e55}
HKEY_CLASSES_ROOT\clsid\{1f6fe2c2-6040-4645-9053-7f689affe176}
HKEY_CLASSES_ROOT\clsid\{9da04bbd-71bb-020c-436e-42fecbb98f05}
HKEY_CLASSES_ROOT\clsid\{e6b4ab50-f423-4ee6-9839-b35dcfcdfa49}
HKEY_CLASSES_ROOT\interface\{1131081d-81ed-46f0-8b03-b728aeaffd12}
HKEY_CLASSES_ROOT\interface\{e6b4ab50-f423-4ee6-9839-b35dcfcdfa49}
HKEY_CLASSES_ROOT\typelib\{80ed1eb2-55fb-4434-bd41-e1645a370158}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\virusblast.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\virusblast
HKEY_LOCAL_MACHINE\software\virusblast

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing VirusBlast:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Search123 Adware Cleaner
YuupSearch Toolbar Removal instruction
Remove Enculator Backdoor
AOL.Insane Trojan Cleaner

Posted by at No comments:

MalwareWipe Adware

Removing MalwareWipe
Categories: Adware,Ransomware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.
Visible Symptoms:
Files in system folders:
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Malware-Wipe 4.2.lnk
[%DESKTOP%]\Malware-Wipe.lnk
[%DESKTOP%]\MalwareWipe.com.lnk
[%DESKTOP%]\MalwareWipe.lnk
[%PROFILE_TEMP%]\MWLanguage.ini
[%PROFILE_TEMP%]\~nsu.tmp\Au_.exe
[%PROFILE_TEMP%]\~nsu.tmp\Bu_.exe
[%PROGRAM_FILES%]\MalwareWipe.com\MalwareWipe.com.exe
[%PROGRAM_FILES%]\MalwareWiper\MalwareWiper.url
[%PROGRAM_FILES%]\MalwareWipe\MalwareWipe.url
[%PROGRAM_FILES%]\MW\MalwareWiped 6.0\MalwareWiped 6.0.url
[%PROGRAM_FILES%]\MW\MalwareWiped 6.1\MalwareWiped 6.1.url
[%RECENT%]\MalwareWiped 6.3.url
[%STARTMENU%]\Malware-Wipe 4.2.lnk
[%STARTMENU%]\Malware-Wiped 5.2.lnk
[%STARTMENU%]\malwarewipe 4.0.lnk
[%SYSTEM%]\asgp32.dll
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Malware-Wiped 5.2.lnk
[%DESKTOP%]\Malware-Wiped.lnk
[%DESKTOP%]\malwarewipe.lnk
[%PROFILE%]\Impostazioni locali\Temp\MWLanguage.ini
[%PROFILE%]\start menu\malwarewipe 4.0.lnk
[%STARTMENU%]\MalwareWipe.com 4.2.lnk
[%DESKTOP%]\Malware-Wipe.lnk
[%DESKTOP%]\MalwareWipe.com.lnk
[%DESKTOP%]\MalwareWipe.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Malware-Wipe 4.2.lnk
[%DESKTOP%]\Malware-Wipe.lnk
[%DESKTOP%]\MalwareWipe.com.lnk
[%DESKTOP%]\MalwareWipe.lnk
[%PROFILE_TEMP%]\MWLanguage.ini
[%PROFILE_TEMP%]\~nsu.tmp\Au_.exe
[%PROFILE_TEMP%]\~nsu.tmp\Bu_.exe
[%PROGRAM_FILES%]\MalwareWipe.com\MalwareWipe.com.exe
[%PROGRAM_FILES%]\MalwareWiper\MalwareWiper.url
[%PROGRAM_FILES%]\MalwareWipe\MalwareWipe.url
[%PROGRAM_FILES%]\MW\MalwareWiped 6.0\MalwareWiped 6.0.url
[%PROGRAM_FILES%]\MW\MalwareWiped 6.1\MalwareWiped 6.1.url
[%RECENT%]\MalwareWiped 6.3.url
[%STARTMENU%]\Malware-Wipe 4.2.lnk
[%STARTMENU%]\Malware-Wiped 5.2.lnk
[%STARTMENU%]\malwarewipe 4.0.lnk
[%SYSTEM%]\asgp32.dll
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Malware-Wiped 5.2.lnk
[%DESKTOP%]\Malware-Wiped.lnk
[%DESKTOP%]\malwarewipe.lnk
[%PROFILE%]\Impostazioni locali\Temp\MWLanguage.ini
[%PROFILE%]\start menu\malwarewipe 4.0.lnk
[%STARTMENU%]\MalwareWipe.com 4.2.lnk
[%DESKTOP%]\Malware-Wipe.lnk
[%DESKTOP%]\MalwareWipe.com.lnk
[%DESKTOP%]\MalwareWipe.lnk

How to detect MalwareWipe:

Files:
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Malware-Wipe 4.2.lnk
[%DESKTOP%]\Malware-Wipe.lnk
[%DESKTOP%]\MalwareWipe.com.lnk
[%DESKTOP%]\MalwareWipe.lnk
[%PROFILE_TEMP%]\MWLanguage.ini
[%PROFILE_TEMP%]\~nsu.tmp\Au_.exe
[%PROFILE_TEMP%]\~nsu.tmp\Bu_.exe
[%PROGRAM_FILES%]\MalwareWipe.com\MalwareWipe.com.exe
[%PROGRAM_FILES%]\MalwareWiper\MalwareWiper.url
[%PROGRAM_FILES%]\MalwareWipe\MalwareWipe.url
[%PROGRAM_FILES%]\MW\MalwareWiped 6.0\MalwareWiped 6.0.url
[%PROGRAM_FILES%]\MW\MalwareWiped 6.1\MalwareWiped 6.1.url
[%RECENT%]\MalwareWiped 6.3.url
[%STARTMENU%]\Malware-Wipe 4.2.lnk
[%STARTMENU%]\Malware-Wiped 5.2.lnk
[%STARTMENU%]\malwarewipe 4.0.lnk
[%SYSTEM%]\asgp32.dll
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Malware-Wiped 5.2.lnk
[%DESKTOP%]\Malware-Wiped.lnk
[%DESKTOP%]\malwarewipe.lnk
[%PROFILE%]\Impostazioni locali\Temp\MWLanguage.ini
[%PROFILE%]\start menu\malwarewipe 4.0.lnk
[%STARTMENU%]\MalwareWipe.com 4.2.lnk
[%DESKTOP%]\Malware-Wipe.lnk
[%DESKTOP%]\MalwareWipe.com.lnk
[%DESKTOP%]\MalwareWipe.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Malware-Wipe 4.2.lnk
[%DESKTOP%]\Malware-Wipe.lnk
[%DESKTOP%]\MalwareWipe.com.lnk
[%DESKTOP%]\MalwareWipe.lnk
[%PROFILE_TEMP%]\MWLanguage.ini
[%PROFILE_TEMP%]\~nsu.tmp\Au_.exe
[%PROFILE_TEMP%]\~nsu.tmp\Bu_.exe
[%PROGRAM_FILES%]\MalwareWipe.com\MalwareWipe.com.exe
[%PROGRAM_FILES%]\MalwareWiper\MalwareWiper.url
[%PROGRAM_FILES%]\MalwareWipe\MalwareWipe.url
[%PROGRAM_FILES%]\MW\MalwareWiped 6.0\MalwareWiped 6.0.url
[%PROGRAM_FILES%]\MW\MalwareWiped 6.1\MalwareWiped 6.1.url
[%RECENT%]\MalwareWiped 6.3.url
[%STARTMENU%]\Malware-Wipe 4.2.lnk
[%STARTMENU%]\Malware-Wiped 5.2.lnk
[%STARTMENU%]\malwarewipe 4.0.lnk
[%SYSTEM%]\asgp32.dll
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Malware-Wiped 5.2.lnk
[%DESKTOP%]\Malware-Wiped.lnk
[%DESKTOP%]\malwarewipe.lnk
[%PROFILE%]\Impostazioni locali\Temp\MWLanguage.ini
[%PROFILE%]\start menu\malwarewipe 4.0.lnk
[%STARTMENU%]\MalwareWipe.com 4.2.lnk
[%DESKTOP%]\Malware-Wipe.lnk
[%DESKTOP%]\MalwareWipe.com.lnk
[%DESKTOP%]\MalwareWipe.lnk

Folders:
[%PROGRAMS%]\Malware-Wipe
[%PROGRAMS%]\Malware-Wiped
[%PROGRAMS%]\malwarewipe
[%PROGRAMS%]\MalwareWipe.com
[%PROGRAM_FILES%]\Malware-Wipe
[%PROGRAM_FILES%]\Malware-Wiped
[%PROGRAM_FILES%]\malwarewipe
[%PROGRAM_FILES%]\MalwareWipe.com

Registry Keys:
HKEY_CLASSES_ROOT\AppID\MalwareWipe.EXE
HKEY_CLASSES_ROOT\AppID\{70F17C8C-1744-41B6-9D07-575DB448DCC5}
HKEY_CLASSES_ROOT\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}
HKEY_CLASSES_ROOT\CLSID\{9DFD0A51-6176-5770-217C-A5BCD7E6F3E2}
HKEY_CLASSES_ROOT\Interface\{16CE4DF1-88FC-4843-9134-F13D4C7BF3EE}
HKEY_CLASSES_ROOT\Interface\{17811539-2602-4840-A189-DE2F58C61038}
HKEY_CLASSES_ROOT\interface\{1d1e9b3d-5a4c-4c70-a9b4-5a19e0c625dc}
HKEY_CLASSES_ROOT\Interface\{24368407-E9FC-45CD-B403-AC9FCDB8988C}
HKEY_CLASSES_ROOT\interface\{2a34546c-c437-460a-88af-d4703a548ea9}
HKEY_CLASSES_ROOT\Interface\{36A742EE-7EB2-428C-BF53-FD44E8D24A6B}
HKEY_CLASSES_ROOT\interface\{3d9fd47c-e0b5-4005-9ade-552980d3761f}
HKEY_CLASSES_ROOT\interface\{3e5b0894-fe91-4063-bb41-d885c7691581}
HKEY_CLASSES_ROOT\Interface\{419813FC-0271-4521-8855-4AD41884CB73}
HKEY_CLASSES_ROOT\interface\{479b1aea-4414-4e43-8cbf-94bfc7c69b56}
HKEY_CLASSES_ROOT\Interface\{49AB62F1-1F76-4D45-8830-FDA6B3C3B4DE}
HKEY_CLASSES_ROOT\interface\{4a2ecc12-46ba-4c52-9749-c0faf38d507b}
HKEY_CLASSES_ROOT\interface\{4d6079cb-fd9e-46af-a896-6e8582e52827}
HKEY_CLASSES_ROOT\interface\{511a9bb1-917a-414a-88fd-3128e37032a1}
HKEY_CLASSES_ROOT\Interface\{58120ABA-BEB7-4459-8297-8CBCB2E9D795}
HKEY_CLASSES_ROOT\Interface\{631C5E80-EF5A-436A-ACEE-603844A024B4}
HKEY_CLASSES_ROOT\Interface\{6B2C0504-130C-486F-A2BB-000E53BCF48C}
HKEY_CLASSES_ROOT\Interface\{716C0242-551E-429C-A93C-955016678C4D}
HKEY_CLASSES_ROOT\Interface\{83198DC1-CB01-457A-A375-A23CC9A0055B}
HKEY_CLASSES_ROOT\interface\{8cbed98f-8ddd-4af0-a9ea-c75e10c937bc}
HKEY_CLASSES_ROOT\interface\{a44cab15-6b7e-406b-9d9b-b1c1c6ba8cdb}
HKEY_CLASSES_ROOT\interface\{a99ac77f-4de5-4aa2-810a-35fab5fc114b}
HKEY_CLASSES_ROOT\Interface\{A9EE6184-0DFA-4296-94B4-CC19111A586B}
HKEY_CLASSES_ROOT\Interface\{B09F616C-B561-4111-BD8F-D7D7E5BD0341}
HKEY_CLASSES_ROOT\Interface\{B41D39A9-1044-4A96-979B-6B43718E5680}
HKEY_CLASSES_ROOT\interface\{b74b2b6c-9b8d-47d9-872f-e83d475aaf34}
HKEY_CLASSES_ROOT\interface\{ce5ecf63-6065-4b92-8b7e-72b5042c2f25}
HKEY_CLASSES_ROOT\interface\{d4bfbb89-4bc5-4d13-8d3a-75edcc0cf50c}
HKEY_CLASSES_ROOT\Interface\{D973304C-F078-4BA4-B295-F53006FE330A}
HKEY_CLASSES_ROOT\Interface\{E72ECD09-2B43-4687-938A-4485CA0E91F7}
HKEY_CLASSES_ROOT\interface\{e86d0281-fa5a-4e36-b993-84fd87da9df1}
HKEY_CLASSES_ROOT\typelib\{177e74d6-e1d1-4d15-9d36-85399ba00729}
HKEY_CLASSES_ROOT\TypeLib\{70BD49C5-7776-46B8-B025-E5E34CED92C3}
HKEY_LOCAL_MACHINE\SOFTWARE\Malware-Wipe
HKEY_LOCAL_MACHINE\SOFTWARE\Malware-Wiped
HKEY_LOCAL_MACHINE\SOFTWARE\MalwareWipe
HKEY_LOCAL_MACHINE\software\malwarewipe.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Malware-Wipe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\malwarewipe.com.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MalwareWipe.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware-Wipe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MalwareWipe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\malwarewipe.com
HKEY_CLASSES_ROOT\CLSID\{89923A78-1DEA-41DC-A323-88DA2DE7B5AE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{89923A78-1DEA-41DC-A323-88DA2DE7B5AE}
HKEY_CLASSES_ROOT\appid\malwarewipe.exe
HKEY_CLASSES_ROOT\appid\{70f17c8c-1744-41b6-9d07-575db448dcc5}
HKEY_CLASSES_ROOT\clsid\{035c1836-0d78-dabc-f4a7-d5d0517ee1f9}
HKEY_CLASSES_ROOT\clsid\{9dfd0a51-6176-5770-217c-a5bcd7e6f3e2}
HKEY_CLASSES_ROOT\interface\{0b4595e3d-27be-4da1-a278-ca4d904b5823}
HKEY_CLASSES_ROOT\interface\{16ce4df1-88fc-4843-9134-f13d4c7bf3ee}
HKEY_CLASSES_ROOT\interface\{17811539-2602-4840-a189-de2f58c61038}
HKEY_CLASSES_ROOT\interface\{24368407-e9fc-45cd-b403-ac9fcdb8988c}
HKEY_CLASSES_ROOT\interface\{36a742ee-7eb2-428c-bf53-fd44e8d24a6b}
HKEY_CLASSES_ROOT\interface\{419813fc-0271-4521-8855-4ad41884cb73}
HKEY_CLASSES_ROOT\interface\{49ab62f1-1f76-4d45-8830-fda6b3c3b4de}
HKEY_CLASSES_ROOT\interface\{58120aba-beb7-4459-8297-8cbcb2e9d795}
HKEY_CLASSES_ROOT\interface\{631c5e80-ef5a-436a-acee-603844a024b4}
HKEY_CLASSES_ROOT\interface\{6b2c0504-130c-486f-a2bb-000e53bcf48c}
HKEY_CLASSES_ROOT\interface\{716c0242-551e-429c-a93c-955016678c4d}
HKEY_CLASSES_ROOT\interface\{83198dc1-cb01-457a-a375-a23cc9a0055b}
HKEY_CLASSES_ROOT\interface\{a9ee6184-0dfa-4296-94b4-cc19111a586b}
HKEY_CLASSES_ROOT\interface\{b09f616c-b561-4111-bd8f-d7d7e5bd0341}
HKEY_CLASSES_ROOT\interface\{b41d39a9-1044-4a96-979b-6b43718e5680}
HKEY_CLASSES_ROOT\interface\{d973304c-f078-4ba4-b295-f53006fe330a}
HKEY_CLASSES_ROOT\interface\{e72ecd09-2b43-4687-938a-4485ca0e91f7}
HKEY_CLASSES_ROOT\typelib\{70bd49c5-7776-46b8-b025-e5e34ced92c3}
HKEY_LOCAL_MACHINE\software\malware-wipe
HKEY_LOCAL_MACHINE\software\malware-wiped
HKEY_LOCAL_MACHINE\software\malwarewipe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\malware-wipe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\malware-wiped.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\malwarewipe.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\malware-wipe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\malware-wiped
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\malwarewipe

Registry Values:
HKEY_CLASSES_ROOT\interface\{124051bd-57ba-4614-945e-798ac91581b4}\typelib
HKEY_CLASSES_ROOT\interface\{23fd014c-455b-4497-98e9-d66ee36f1de6}\typelib
HKEY_CLASSES_ROOT\interface\{3872760b-d0d8-41e0-9a73-e6a40e30d5ac}\typelib
HKEY_CLASSES_ROOT\interface\{3dbda661-f6d1-4a43-8eaa-9a95977257f1}\typelib
HKEY_CLASSES_ROOT\interface\{525c8f79-9bef-4f76-a28c-27f1e71bce5a}\typelib
HKEY_CLASSES_ROOT\interface\{52f3adb8-d062-4622-94fb-c0374dc4a94e}\typelib
HKEY_CLASSES_ROOT\interface\{54e16983-0202-43ec-9cac-5b8f7493bb80}\typelib
HKEY_CLASSES_ROOT\interface\{73a77f6a-c2c9-4f7e-ad8b-3ec0a7877185}\typelib
HKEY_CLASSES_ROOT\interface\{8ee388cb-a53e-49ea-9e0f-9ccfa1c016b7}\typelib
HKEY_CLASSES_ROOT\interface\{939cbb64-212b-47c5-b610-38b5811e630a}\typelib
HKEY_CLASSES_ROOT\interface\{ba0017fe-829e-4460-9dea-b969ba166b85}\typelib
HKEY_CLASSES_ROOT\interface\{d56c35e6-720f-451d-a85e-e07317479f3e}\typelib
HKEY_CLASSES_ROOT\interface\{d8e3d728-0f31-4479-b936-35eed7015282}\typelib
HKEY_CLASSES_ROOT\interface\{e4245bb7-4478-4d78-b9a6-12d3ea5befa6}\typelib
HKEY_CLASSES_ROOT\interface\{e4d111a5-a3d5-4097-bbe6-2edbc0277d61}\typelib
HKEY_CLASSES_ROOT\interface\{edf9f7f2-c764-46d6-b5a8-5a87938f9793}\typelib
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_CLASSES_ROOT\appid
HKEY_CLASSES_ROOT\interface\{124051bd-57ba-4614-945e-798ac91581b4}\typelib
HKEY_CLASSES_ROOT\interface\{23fd014c-455b-4497-98e9-d66ee36f1de6}\typelib
HKEY_CLASSES_ROOT\interface\{3872760b-d0d8-41e0-9a73-e6a40e30d5ac}\typelib
HKEY_CLASSES_ROOT\interface\{3dbda661-f6d1-4a43-8eaa-9a95977257f1}\typelib
HKEY_CLASSES_ROOT\interface\{525c8f79-9bef-4f76-a28c-27f1e71bce5a}\typelib
HKEY_CLASSES_ROOT\interface\{52f3adb8-d062-4622-94fb-c0374dc4a94e}\typelib
HKEY_CLASSES_ROOT\interface\{54e16983-0202-43ec-9cac-5b8f7493bb80}\typelib
HKEY_CLASSES_ROOT\interface\{73a77f6a-c2c9-4f7e-ad8b-3ec0a7877185}\typelib
HKEY_CLASSES_ROOT\interface\{8ee388cb-a53e-49ea-9e0f-9ccfa1c016b7}\typelib
HKEY_CLASSES_ROOT\interface\{939cbb64-212b-47c5-b610-38b5811e630a}\typelib
HKEY_CLASSES_ROOT\interface\{ba0017fe-829e-4460-9dea-b969ba166b85}\typelib
HKEY_CLASSES_ROOT\interface\{d56c35e6-720f-451d-a85e-e07317479f3e}\typelib
HKEY_CLASSES_ROOT\interface\{d8e3d728-0f31-4479-b936-35eed7015282}\typelib
HKEY_CLASSES_ROOT\interface\{e4245bb7-4478-4d78-b9a6-12d3ea5befa6}\typelib
HKEY_CLASSES_ROOT\interface\{e4d111a5-a3d5-4097-bbe6-2edbc0277d61}\typelib
HKEY_CLASSES_ROOT\interface\{edf9f7f2-c764-46d6-b5a8-5a87938f9793}\typelib
HKEY_CURRENT_USER\software\microsoft\windows\shellnoroam\muicache
HKEY_CURRENT_USER\software\microsoft\windows\shellnoroam\muicache
HKEY_CURRENT_USER\software\microsoft\windows\shellnoroam\muicache\[%DESKTOPDIRECTORY%]
HKEY_CURRENT_USER\software\microsoft\windows\shellnoroam\muicache\[%PROGRAM_FILES%]\malware-wiped
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_CURRENT_USER\software\microsoft\windows\shellnoroam\muicache
HKEY_CURRENT_USER\software\microsoft\windows\shellnoroam\muicache\[%DESKTOP%]
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\software\licenses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\system\controlset001\services\kmxfile\createdfilestimestamp\[%DESKTOP%]
HKEY_LOCAL_MACHINE\system\controlset001\services\kmxfile\createdfilestimestamp\[%LOCAL_APPDATA%]\microsoft\internet explorer\quick launch
HKEY_LOCAL_MACHINE\system\controlset001\services\kmxfile\createdfilestimestamp\[%PROGRAMS%]
HKEY_LOCAL_MACHINE\system\controlset001\services\kmxfile\createdfilestimestamp\[%PROGRAMS%]\malware-wiped
HKEY_LOCAL_MACHINE\system\controlset001\services\kmxfile\createdfilestimestamp\[%PROGRAMS%]\malware-wiped
HKEY_LOCAL_MACHINE\system\controlset001\services\kmxfile\createdfilestimestamp\[%PROGRAMS%]\malware-wiped
HKEY_LOCAL_MACHINE\system\controlset001\services\kmxfile\createdfilestimestamp\[%PROGRAM_FILES%]
HKEY_LOCAL_MACHINE\system\controlset001\services\kmxfile\createdfilestimestamp\[%PROGRAM_FILES%]\malware-wiped
HKEY_LOCAL_MACHINE\system\controlset001\services\kmxfile\createdfilestimestamp\[%PROGRAM_FILES%]\malware-wiped
HKEY_LOCAL_MACHINE\system\controlset001\services\kmxfile\createdfilestimestamp\[%PROGRAM_FILES%]\malware-wiped
HKEY_LOCAL_MACHINE\system\controlset001\services\kmxfile\createdfilestimestamp\[%PROGRAM_FILES%]\malware-wiped
HKEY_LOCAL_MACHINE\system\controlset001\services\kmxfile\createdfilestimestamp\[%PROGRAM_FILES%]\malware-wiped
HKEY_LOCAL_MACHINE\system\controlset001\services\kmxfile\createdfilestimestamp\[%PROGRAM_FILES%]\malware-wiped
HKEY_LOCAL_MACHINE\system\controlset001\services\kmxfile\createdfilestimestamp\[%PROGRAM_FILES%]\malware-wiped
HKEY_LOCAL_MACHINE\system\controlset001\services\kmxfile\createdfilestimestamp\[%PROGRAM_FILES%]\malware-wiped
HKEY_LOCAL_MACHINE\system\controlset001\services\kmxfile\createdfilestimestamp\[%PROGRAM_FILES%]\malware-wiped\lang
HKEY_LOCAL_MACHINE\system\controlset001\services\kmxfile\createdfilestimestamp\[%WINDOWS%]\prefetch
HKEY_LOCAL_MACHINE\system\controlset001\services\kmxfile\createdfilestimestamp\[%WINDOWS%]\prefetch

Removing MalwareWipe:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Mitglieder.Q Trojan
Remove SillyDl.ABB Downloader
Remove Vxidl.AIB Trojan
Remove Pigeon.APO Trojan
Remove Dynamic.Desktop.Media Trojan

Posted by at No comments:

SkinTrim Trojan

Removing SkinTrim
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
SkinTrim Also known as:

[Other]Win32/Skintrim.H
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\WebMediaPlayer.lnk
[%WINDOWS%]\Temp\Install_WMP.exe
[%DESKTOP%]\WebMediaPlayer.lnk
[%DESKTOP%]\WebMediaPlayer.lnk
[%WINDOWS%]\Temp\Install_WMP.exe
[%DESKTOP%]\WebMediaPlayer.lnk

How to detect SkinTrim:

Files:
[%DESKTOP%]\WebMediaPlayer.lnk
[%WINDOWS%]\Temp\Install_WMP.exe
[%DESKTOP%]\WebMediaPlayer.lnk
[%DESKTOP%]\WebMediaPlayer.lnk
[%WINDOWS%]\Temp\Install_WMP.exe
[%DESKTOP%]\WebMediaPlayer.lnk

Folders:
[%PROGRAMS%]\WebMediaPlayer
[%PROGRAM_FILES%]\mailskinner
[%PROGRAM_FILES%]\WebMediaPlayer
[%WINDOWS%]\msskinner

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{180b4ee9-1795-4429-9651-f17a6515726d}
HKEY_CLASSES_ROOT\interface\{0a089e22-5736-4092-b3f8-3f0d5f345482}
HKEY_CLASSES_ROOT\typelib\{5bad7fae-81f0-4439-8c1a-3e8907998047}
HKEY_CURRENT_USER\software\epk_extr
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\webmediaplayer.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\mailskinner
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\webmediaplayer
HKEY_LOCAL_MACHINE\software\webmediaplayer

Registry Values:
HKEY_CURRENT_USER\software\exts\{8e09cb72-3143-4414-a1c2-63e9c0438472}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing SkinTrim:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SillyDl.CMI Trojan Removal

Posted by at No comments:

Netbus.dr RAT

Removing Netbus.dr
Categories: RAT
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\execution.exe
[%WINDOWS%]\keyhook.dll
[%WINDOWS%]\system\execution.exe
[%WINDOWS%]\execution.exe
[%WINDOWS%]\keyhook.dll
[%WINDOWS%]\system\execution.exe

How to detect Netbus.dr:

Files:
[%WINDOWS%]\execution.exe
[%WINDOWS%]\keyhook.dll
[%WINDOWS%]\system\execution.exe
[%WINDOWS%]\execution.exe
[%WINDOWS%]\keyhook.dll
[%WINDOWS%]\system\execution.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Netbus.dr:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bancos.FTF Trojan Removal instruction
Bat2EXE Trojan Removal
Removing SongSpy Spyware

Posted by at No comments:

Wast Adware

Removing Wast
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\syswast.exe
[%WINDOWS%]\syswast.exe

How to detect Wast:

Files:
[%WINDOWS%]\syswast.exe
[%WINDOWS%]\syswast.exe

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\wast

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Wast:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Janet Trojan Information
Kozog DoS Removal
Bancos.HNJ Trojan Information

Posted by at No comments:

Prosiak.beta Trojan

Removing Prosiak.beta
Categories: Trojan,Backdoor,RAT
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
Prosiak.beta Also known as:

[Kaspersky]Backdoor.Prosiak.070,Backdoor.Prosiak.070.5;
[Eset]Win32/Prosiak.070 trojan;
[McAfee]BackDoor-AI.cfg,BackDoor-AI.cli;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/Prosiak.G,Bck/Prosiak.075;
[Computer Associates]Backdoor/Prosiak__2.60,Backdoor/Prosiak_0.70.5_Server

How to detect Prosiak.beta:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce

Removing Prosiak.beta:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Ehg.akagourmet.hitboxe Tracking Cookie Information
Mainpean.Stardialer Adware Cleaner
Remove Mystruc.defs Trojan
Remove BrowserToolbar Adware

Posted by at No comments:

SWEET.BOX Adware

Removing SWEET.BOX
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\inetcomm.exe
[%SYSTEM%]\inetsvr.dll
[%SYSTEM%]\inetsvrhelper.dll
[%SYSTEM%]\site_history.tmp
[%SYSTEM%]\site_list.tmp
[%SYSTEM%]\sweetsetup.exe
[%WINDOWS%]\sweetbox.ini
[%SYSTEM%]\inetcomm.exe
[%SYSTEM%]\inetsvr.dll
[%SYSTEM%]\inetsvrhelper.dll
[%SYSTEM%]\site_history.tmp
[%SYSTEM%]\site_list.tmp
[%SYSTEM%]\sweetsetup.exe
[%WINDOWS%]\sweetbox.ini

How to detect SWEET.BOX:

Files:
[%SYSTEM%]\inetcomm.exe
[%SYSTEM%]\inetsvr.dll
[%SYSTEM%]\inetsvrhelper.dll
[%SYSTEM%]\site_history.tmp
[%SYSTEM%]\site_list.tmp
[%SYSTEM%]\sweetsetup.exe
[%WINDOWS%]\sweetbox.ini
[%SYSTEM%]\inetcomm.exe
[%SYSTEM%]\inetsvr.dll
[%SYSTEM%]\inetsvrhelper.dll
[%SYSTEM%]\site_history.tmp
[%SYSTEM%]\site_list.tmp
[%SYSTEM%]\sweetsetup.exe
[%WINDOWS%]\sweetbox.ini

Folders:
[%PROGRAM_FILES%]\sweetbox

Registry Keys:
HKEY_CLASSES_ROOT\classes\clsid\{68a7f9fa-a202-4d45-aaba-a10dcac0d899}
HKEY_CLASSES_ROOT\classes\interface\{61297440-4879-4264-9602-59dbb717778f}
HKEY_CLASSES_ROOT\classes\typelib\{1d366026-28e1-4b07-8140-b8fb929a1c19}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{68a7f9fa-a202-4d45-aaba-a10dcac0d899}
HKEY_CLASSES_ROOT\sweetbarbho.cinetsvrhelper
HKEY_CLASSES_ROOT\sweetbarbho.cinetsvrhelper.1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{68a7f9fa-a202-4d45-aaba-a10dcac0d899}
HKEY_LOCAL_MACHINE\software\sweetbar
HKEY_LOCAL_MACHINE\system\controlset001\services\iprip

Removing SWEET.BOX:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SearchMaid Adware Cleaner
SillyDl.BCG Trojan Symptoms

Posted by at No comments:

Tagasaurus Adware

Removing Tagasaurus
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Tagasaurus Also known as:

[Kaspersky]Trojan-Downloader.Win32.VB.tf;
[McAfee]Generic Downloader.a;
[F-Prot]W32/Downloader.KEH;
[Other]W32/DLoader.OVC,Troj/Dloadr-BK,Trojan.Startup.NameShifter.A,enbrowser,Adware:Win32/TagAsaurus
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\SearchUs.exe
[%DESKTOP%]\TagASaurus.exe
[%WINDOWS%]\Gwang.exe
[%WINDOWS%]\Setup90.exe
[%WINDOWS%]\uninst104.exe
[%WINDOWS%]\uni_ehhhh.exe
[%DESKTOP%]\SearchUs.exe
[%DESKTOP%]\TagASaurus.exe
[%WINDOWS%]\g4356cbvy63.exe
[%WINDOWS%]\ms03122656409.exe
[%WINDOWS%]\ms04226564091.exe
[%WINDOWS%]\ms042265640912006.exe
[%WINDOWS%]\ms05265640912.exe
[%WINDOWS%]\ms06656409122.exe
[%WINDOWS%]\sys010912265642006.exe
[%WINDOWS%]\sys02912265640.exe
[%WINDOWS%]\sys09409122656.exe
[%WINDOWS%]\sys094091226562006.exe
[%WINDOWS%]\Tagasuarus2.exe
[%WINDOWS%]\tapeG22.exe
[%WINDOWS%]\uninst1014.exe
[%WINDOWS%]\uni_eh44.exe
[%WINDOWS%]\win3206656409122.exe
[%WINDOWS%]\win3207564091226.exe
[%WINDOWS%]\win32075640912262006.exe
[%WINDOWS%]\win3208640912265.exe
[%DESKTOP%]\SearchUs.exe
[%DESKTOP%]\TagASaurus.exe
[%WINDOWS%]\Gwang.exe
[%WINDOWS%]\Setup90.exe
[%WINDOWS%]\uninst104.exe
[%WINDOWS%]\uni_ehhhh.exe
[%DESKTOP%]\SearchUs.exe
[%DESKTOP%]\TagASaurus.exe
[%WINDOWS%]\g4356cbvy63.exe
[%WINDOWS%]\ms03122656409.exe
[%WINDOWS%]\ms04226564091.exe
[%WINDOWS%]\ms042265640912006.exe
[%WINDOWS%]\ms05265640912.exe
[%WINDOWS%]\ms06656409122.exe
[%WINDOWS%]\sys010912265642006.exe
[%WINDOWS%]\sys02912265640.exe
[%WINDOWS%]\sys09409122656.exe
[%WINDOWS%]\sys094091226562006.exe
[%WINDOWS%]\Tagasuarus2.exe
[%WINDOWS%]\tapeG22.exe
[%WINDOWS%]\uninst1014.exe
[%WINDOWS%]\uni_eh44.exe
[%WINDOWS%]\win3206656409122.exe
[%WINDOWS%]\win3207564091226.exe
[%WINDOWS%]\win32075640912262006.exe
[%WINDOWS%]\win3208640912265.exe

How to detect Tagasaurus:

Files:
[%DESKTOP%]\SearchUs.exe
[%DESKTOP%]\TagASaurus.exe
[%WINDOWS%]\Gwang.exe
[%WINDOWS%]\Setup90.exe
[%WINDOWS%]\uninst104.exe
[%WINDOWS%]\uni_ehhhh.exe
[%DESKTOP%]\SearchUs.exe
[%DESKTOP%]\TagASaurus.exe
[%WINDOWS%]\g4356cbvy63.exe
[%WINDOWS%]\ms03122656409.exe
[%WINDOWS%]\ms04226564091.exe
[%WINDOWS%]\ms042265640912006.exe
[%WINDOWS%]\ms05265640912.exe
[%WINDOWS%]\ms06656409122.exe
[%WINDOWS%]\sys010912265642006.exe
[%WINDOWS%]\sys02912265640.exe
[%WINDOWS%]\sys09409122656.exe
[%WINDOWS%]\sys094091226562006.exe
[%WINDOWS%]\Tagasuarus2.exe
[%WINDOWS%]\tapeG22.exe
[%WINDOWS%]\uninst1014.exe
[%WINDOWS%]\uni_eh44.exe
[%WINDOWS%]\win3206656409122.exe
[%WINDOWS%]\win3207564091226.exe
[%WINDOWS%]\win32075640912262006.exe
[%WINDOWS%]\win3208640912265.exe
[%DESKTOP%]\SearchUs.exe
[%DESKTOP%]\TagASaurus.exe
[%WINDOWS%]\Gwang.exe
[%WINDOWS%]\Setup90.exe
[%WINDOWS%]\uninst104.exe
[%WINDOWS%]\uni_ehhhh.exe
[%DESKTOP%]\SearchUs.exe
[%DESKTOP%]\TagASaurus.exe
[%WINDOWS%]\g4356cbvy63.exe
[%WINDOWS%]\ms03122656409.exe
[%WINDOWS%]\ms04226564091.exe
[%WINDOWS%]\ms042265640912006.exe
[%WINDOWS%]\ms05265640912.exe
[%WINDOWS%]\ms06656409122.exe
[%WINDOWS%]\sys010912265642006.exe
[%WINDOWS%]\sys02912265640.exe
[%WINDOWS%]\sys09409122656.exe
[%WINDOWS%]\sys094091226562006.exe
[%WINDOWS%]\Tagasuarus2.exe
[%WINDOWS%]\tapeG22.exe
[%WINDOWS%]\uninst1014.exe
[%WINDOWS%]\uni_eh44.exe
[%WINDOWS%]\win3206656409122.exe
[%WINDOWS%]\win3207564091226.exe
[%WINDOWS%]\win32075640912262006.exe
[%WINDOWS%]\win3208640912265.exe

Registry Keys:
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system\sysold

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system
HKEY_LOCAL_MACHINE\software\system

Removing Tagasaurus:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
BackDoor.BAC.gen Backdoor Information
SpywareSheriff.com::SpywareSheriff Adware Symptoms
Ecoly Trojan Cleaner
Remove Skowor.O Worm
Immunizr Ransomware Removal instruction

Posted by at No comments:

RemoteWatch Spyware

Removing RemoteWatch
Categories: Spyware,Hacker Tool
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.
RemoteWatch Also known as:

[Kaspersky]Monitor.Win32.RemoteWatch,Monitor.Win32.ReomoteWatch.a;
[McAfee]Generic PUP,Generic PUP.e;
[Other]Trojan Horse
Visible Symptoms:
Files in system folders:
[%COMMON_STARTUP%]\remotewatch.lnk
[%PROGRAM_FILES%]\remotewatch\remotewatch.exe
[%PROGRAM_FILES%]\remotewatch\unins000.dat
[%PROGRAM_FILES%]\remotewatch\unins000.exe
[%WINDOWS%]\remotewatch.INI
[%COMMON_STARTUP%]\remotewatch.lnk
[%PROGRAM_FILES%]\remotewatch\remotewatch.exe
[%PROGRAM_FILES%]\remotewatch\unins000.dat
[%PROGRAM_FILES%]\remotewatch\unins000.exe
[%WINDOWS%]\remotewatch.INI

How to detect RemoteWatch:

Files:
[%COMMON_STARTUP%]\remotewatch.lnk
[%PROGRAM_FILES%]\remotewatch\remotewatch.exe
[%PROGRAM_FILES%]\remotewatch\unins000.dat
[%PROGRAM_FILES%]\remotewatch\unins000.exe
[%WINDOWS%]\remotewatch.INI
[%COMMON_STARTUP%]\remotewatch.lnk
[%PROGRAM_FILES%]\remotewatch\remotewatch.exe
[%PROGRAM_FILES%]\remotewatch\unins000.dat
[%PROGRAM_FILES%]\remotewatch\unins000.exe
[%WINDOWS%]\remotewatch.INI

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\remotewatch_is1

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing RemoteWatch:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing ERRN Adware
Rammstein Trojan Information
Removing Lanbyte RAT

Posted by at No comments:

Poncs Trojan

Removing Poncs
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

How to detect Poncs:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{7da7be7d-a382-4aa7-a125-ca55a2070125}

Removing Poncs:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Middle Trojan
Bancos.HQB Trojan Symptoms

Posted by at No comments:

Kzmmultitv.class Trojan

Removing Kzmmultitv.class
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Visible Symptoms:
Files in system folders:
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\27\3966f95b-1c21ba47
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\KzmMultiTV.class-32126837-2a334ffd.class
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\27\3966f95b-1c21ba47
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\KzmMultiTV.class-32126837-2a334ffd.class

How to detect Kzmmultitv.class:

Files:
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\27\3966f95b-1c21ba47
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\KzmMultiTV.class-32126837-2a334ffd.class
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\27\3966f95b-1c21ba47
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\KzmMultiTV.class-32126837-2a334ffd.class

Removing Kzmmultitv.class:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Zud Backdoor
Old.Yankee Trojan Removal
mediaturf.net Tracking Cookie Removal

Posted by at No comments:

PWS.Fib Trojan

Removing PWS.Fib
Categories: Trojan,RAT,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.
PWS.Fib Also known as:

[Kaspersky]Trojan.PSW.FI7.14b;
[McAfee]PWS-Fib;
[F-Prot]security risk or a "backdoor" program;
[Panda]Trj/PSW.FI7.14b;
[Computer Associates]Win32/FI7.14b!PWS!Trojan
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\.exe
[%WINDOWS%]\system\.exe

How to detect PWS.Fib:

Files:
[%WINDOWS%]\system\.exe
[%WINDOWS%]\system\.exe

Removing PWS.Fib:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Lineage.AAO Trojan
rada.tat.RAT RAT Removal instruction
Honeypot Trojan Cleaner
Hackworld Backdoor Information
Win32.JepRuss Trojan Removal instruction

Posted by at No comments:

Virtual.Bouncer Adware

Removing Virtual.Bouncer
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Virtual.Bouncer Also known as:

[Panda]Adware/VirtualBouncer
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\24581281.EXE
[%SYSTEM%]\BO2802040113.dll
[%SYSTEM%]\book.dll
[%SYSTEM%]\config\systemprofile\Local Settings\Temp\antispy.exe
[%SYSTEM%]\VB1.exe
[%STARTUP%]\virtual bouncer.lnk
[%SYSTEM%]\vern32.dll
[%WINDOWS%]\downloaded program files\bundleouter2501031120.exe
[%WINDOWS%]\downloaded program files\conflict.1\bundleouter2501031120.exe
[%WINDOWS%]\downloaded program files\conflict.1\vbouncerouter1402030731.exe
[%WINDOWS%]\downloaded program files\vbouncerouter1402030731.exe
[%SYSTEM%]\24581281.EXE
[%SYSTEM%]\BO2802040113.dll
[%SYSTEM%]\book.dll
[%SYSTEM%]\config\systemprofile\Local Settings\Temp\antispy.exe
[%SYSTEM%]\VB1.exe
[%STARTUP%]\virtual bouncer.lnk
[%SYSTEM%]\vern32.dll
[%WINDOWS%]\downloaded program files\bundleouter2501031120.exe
[%WINDOWS%]\downloaded program files\conflict.1\bundleouter2501031120.exe
[%WINDOWS%]\downloaded program files\conflict.1\vbouncerouter1402030731.exe
[%WINDOWS%]\downloaded program files\vbouncerouter1402030731.exe

How to detect Virtual.Bouncer:

Files:
[%SYSTEM%]\24581281.EXE
[%SYSTEM%]\BO2802040113.dll
[%SYSTEM%]\book.dll
[%SYSTEM%]\config\systemprofile\Local Settings\Temp\antispy.exe
[%SYSTEM%]\VB1.exe
[%STARTUP%]\virtual bouncer.lnk
[%SYSTEM%]\vern32.dll
[%WINDOWS%]\downloaded program files\bundleouter2501031120.exe
[%WINDOWS%]\downloaded program files\conflict.1\bundleouter2501031120.exe
[%WINDOWS%]\downloaded program files\conflict.1\vbouncerouter1402030731.exe
[%WINDOWS%]\downloaded program files\vbouncerouter1402030731.exe
[%SYSTEM%]\24581281.EXE
[%SYSTEM%]\BO2802040113.dll
[%SYSTEM%]\book.dll
[%SYSTEM%]\config\systemprofile\Local Settings\Temp\antispy.exe
[%SYSTEM%]\VB1.exe
[%STARTUP%]\virtual bouncer.lnk
[%SYSTEM%]\vern32.dll
[%WINDOWS%]\downloaded program files\bundleouter2501031120.exe
[%WINDOWS%]\downloaded program files\conflict.1\bundleouter2501031120.exe
[%WINDOWS%]\downloaded program files\conflict.1\vbouncerouter1402030731.exe
[%WINDOWS%]\downloaded program files\vbouncerouter1402030731.exe

Folders:
[%PROGRAMS%]\virtual bouncer
[%PROGRAM_FILES%]\vbouncer
[%STARTMENU%]\programs\virtual bouncer
[%APPDATA%]\vbouncer
[%PROFILE%]\start menu\programs\virtual bouncer

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\virtual bouncer

Registry Values:
HKEY_CURRENT_USER\software\bundles
HKEY_CURRENT_USER\software\bundles
HKEY_CURRENT_USER\software\bundles
HKEY_CURRENT_USER\software\bundles
HKEY_LOCAL_MACHINE\software\wise solutions\wise installation system\repair\c:/windows/system32/innervbinstall.log
HKEY_CURRENT_USER\software\bundles
HKEY_CURRENT_USER\software\bundles
HKEY_CURRENT_USER\software\bundles
HKEY_CURRENT_USER\software\bundles
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spyblocs v2.0
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spyblocs v2.0
HKEY_LOCAL_MACHINE\software\wise solutions\wise installation system\repair\[%SYSTEM%]/innervbinstall.log

Removing Virtual.Bouncer:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing TypeTeller Spyware
Removing KAKSOFT.Keylogger Spyware

Posted by at No comments:

Barbie Trojan

Removing Barbie
Categories: Trojan,Backdoor,RAT
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

Barbie Also known as:

[Kaspersky]Backdoor.Barbie;
[Eset]Barbie trojan;
[Computer Associates]Win32.Barbie,Win95/ShowIP.Trojan
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\ddraw16.exe
[%WINDOWS%]\system\ddraw16.exe

How to detect Barbie:

Files:
[%WINDOWS%]\system\ddraw16.exe
[%WINDOWS%]\system\ddraw16.exe

Removing Barbie:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
NetPal BHO Cleaner

Posted by at No comments:
Subscribe to: Posts (Atom)