Dpwam Trojan

Removing Dpwam
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

---

Dpwam Also known as:

[Kaspersky]Trojan.Win32.Agent.ny;
[McAfee]Puper;
[Other]Win32/Dpwam,Win32/Dpwam.A,Trojan.Zlob

---

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\drivers\DP.sys
[%SYSTEM%]\drivers\DP.sys

How to detect Dpwam:

Files:
[%SYSTEM%]\drivers\DP.sys
[%SYSTEM%]\drivers\DP.sys

Removing Dpwam:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Remove Nagem Trojan
Remove Bancos.GMF Trojan
Remove FlyAgent Trojan
Removing VBS.Silba:intended Trojan

CWS.QTTasks Hijacker

Removing CWS.QTTasks
Categories: Hijacker
A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

---

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\qttasks.exe
[%WINDOWS%]\qttasks.exe

How to detect CWS.QTTasks:

Files:
[%WINDOWS%]\qttasks.exe
[%WINDOWS%]\qttasks.exe

Removing CWS.QTTasks:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Zinx Spyware Information
Removing Spudrag Trojan
Bancos.GZN Trojan Removal
PowerTrip DoS Information
Remove Apem Trojan

NetworkEssentials.SCBar Adware

Removing NetworkEssentials.SCBar
Categories: Adware,BHO,Hijacker
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
A Search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

---

Visible Symptoms:
Files in system folders:
[%FAVORITES%]\-autos-\auto financing.url
[%FAVORITES%]\-autos-\auto insurance.url
[%FAVORITES%]\-autos-\buy a car.url
[%FAVORITES%]\-autos-\buy a new car.url
[%FAVORITES%]\-autos-\free car!.url
[%FAVORITES%]\-autos-\lease a new car.url
[%FAVORITES%]\-autos-\rent a car.url
[%FAVORITES%]\-autos-\traffic school.url
[%FAVORITES%]\-autos-\used cars.url
[%FAVORITES%]\-business & home office-\banking.url
[%FAVORITES%]\-business & home office-\computer education.url
[%FAVORITES%]\-business & home office-\credit repair.url
[%FAVORITES%]\-business & home office-\income tax.url
[%FAVORITES%]\-business & home office-\office & home supplies.url
[%FAVORITES%]\-business & home office-\office equipment.url
[%FAVORITES%]\-business & home office-\office space & rental.url
[%FAVORITES%]\-dating-\adult dating.url
[%FAVORITES%]\-dating-\christian singles.url
[%FAVORITES%]\-dating-\dating clubs.url
[%FAVORITES%]\-dating-\free dating services.url
[%FAVORITES%]\-dating-\jewish singles.url
[%FAVORITES%]\-dating-\matchmaking services.url
[%FAVORITES%]\-dating-\people search.url
[%FAVORITES%]\-dating-\photo personals.url
[%FAVORITES%]\-dating-\video dating.url
[%FAVORITES%]\-fitness-\diet foods.url
[%FAVORITES%]\-fitness-\exercise programs.url
[%FAVORITES%]\-fitness-\fitness equipment.url
[%FAVORITES%]\-fitness-\gain muscle.url
[%FAVORITES%]\-fitness-\gym gear & clothing.url
[%FAVORITES%]\-fitness-\instructional aids.url
[%FAVORITES%]\-fitness-\lose weight.url
[%FAVORITES%]\-fitness-\stop hair loss!.url
[%FAVORITES%]\-fitness-\vitamins & supplements.url
[%FAVORITES%]\-popular sites-\-career-\find a better job.url
[%FAVORITES%]\-popular sites-\-career-\find a job.url
[%FAVORITES%]\-popular sites-\-career-\jobs online.url
[%FAVORITES%]\-popular sites-\-career-\learn computers.url
[%FAVORITES%]\-popular sites-\-career-\relocate.url
[%FAVORITES%]\-popular sites-\-career-\resume help.url
[%FAVORITES%]\-popular sites-\-movies-\buy movies.url
[%FAVORITES%]\-popular sites-\-movies-\home video equipment.url
[%FAVORITES%]\-popular sites-\-movies-\movie downloads.url
[%FAVORITES%]\-popular sites-\-movies-\movie posters.url
[%FAVORITES%]\-popular sites-\-movies-\movie showtimes.url
[%FAVORITES%]\-popular sites-\-movies-\movies for rent.url
[%FAVORITES%]\-popular sites-\-movies-\movies on dvd.url
[%FAVORITES%]\-popular sites-\-movies-\movies reviews.url
[%FAVORITES%]\-popular sites-\-movies-\vhs.url
[%DESKTOP%]\fortune towers casino.url
[%DESKTOP%]\onluck casino.url
[%DESKTOP%]\play games win cash prizegames.com.url
[%DESKTOP%]\riviera gold casino.url
[%DESKTOP%]\wild west frontier.url
[%FAVORITES%]\-autos-\car dealers.url
[%FAVORITES%]\-popular sites-\-career-\get you degree.url
[%SYSTEM%]\msg{75f9eddb-7068-44f3-929e-5fe57a778e98}0110.dll
[%SYSTEM%]\msg{75f9eddb-7068-44f3-929e-5fe57a778e98}0111.dll
[%SYSTEM%]\scbar.dll
[%SYSTEM%]\windowenhancer.dll
[%SYSTEM%]\winex.dll
[%WINDOWS%]\system\scbar.dll
[%WINDOWS%]\system\windowenhancer.dll
[%WINDOWS%]\system\winex.dll
[%FAVORITES%]\-autos-\auto financing.url
[%FAVORITES%]\-autos-\auto insurance.url
[%FAVORITES%]\-autos-\buy a car.url
[%FAVORITES%]\-autos-\buy a new car.url
[%FAVORITES%]\-autos-\free car!.url
[%FAVORITES%]\-autos-\lease a new car.url
[%FAVORITES%]\-autos-\rent a car.url
[%FAVORITES%]\-autos-\traffic school.url
[%FAVORITES%]\-autos-\used cars.url
[%FAVORITES%]\-business & home office-\banking.url
[%FAVORITES%]\-business & home office-\computer education.url
[%FAVORITES%]\-business & home office-\credit repair.url
[%FAVORITES%]\-business & home office-\income tax.url
[%FAVORITES%]\-business & home office-\office & home supplies.url
[%FAVORITES%]\-business & home office-\office equipment.url
[%FAVORITES%]\-business & home office-\office space & rental.url
[%FAVORITES%]\-dating-\adult dating.url
[%FAVORITES%]\-dating-\christian singles.url
[%FAVORITES%]\-dating-\dating clubs.url
[%FAVORITES%]\-dating-\free dating services.url
[%FAVORITES%]\-dating-\jewish singles.url
[%FAVORITES%]\-dating-\matchmaking services.url
[%FAVORITES%]\-dating-\people search.url
[%FAVORITES%]\-dating-\photo personals.url
[%FAVORITES%]\-dating-\video dating.url
[%FAVORITES%]\-fitness-\diet foods.url
[%FAVORITES%]\-fitness-\exercise programs.url
[%FAVORITES%]\-fitness-\fitness equipment.url
[%FAVORITES%]\-fitness-\gain muscle.url
[%FAVORITES%]\-fitness-\gym gear & clothing.url
[%FAVORITES%]\-fitness-\instructional aids.url
[%FAVORITES%]\-fitness-\lose weight.url
[%FAVORITES%]\-fitness-\stop hair loss!.url
[%FAVORITES%]\-fitness-\vitamins & supplements.url
[%FAVORITES%]\-popular sites-\-career-\find a better job.url
[%FAVORITES%]\-popular sites-\-career-\find a job.url
[%FAVORITES%]\-popular sites-\-career-\jobs online.url
[%FAVORITES%]\-popular sites-\-career-\learn computers.url
[%FAVORITES%]\-popular sites-\-career-\relocate.url
[%FAVORITES%]\-popular sites-\-career-\resume help.url
[%FAVORITES%]\-popular sites-\-movies-\buy movies.url
[%FAVORITES%]\-popular sites-\-movies-\home video equipment.url
[%FAVORITES%]\-popular sites-\-movies-\movie downloads.url
[%FAVORITES%]\-popular sites-\-movies-\movie posters.url
[%FAVORITES%]\-popular sites-\-movies-\movie showtimes.url
[%FAVORITES%]\-popular sites-\-movies-\movies for rent.url
[%FAVORITES%]\-popular sites-\-movies-\movies on dvd.url
[%FAVORITES%]\-popular sites-\-movies-\movies reviews.url
[%FAVORITES%]\-popular sites-\-movies-\vhs.url
[%DESKTOP%]\fortune towers casino.url
[%DESKTOP%]\onluck casino.url
[%DESKTOP%]\play games win cash prizegames.com.url
[%DESKTOP%]\riviera gold casino.url
[%DESKTOP%]\wild west frontier.url
[%FAVORITES%]\-autos-\car dealers.url
[%FAVORITES%]\-popular sites-\-career-\get you degree.url
[%SYSTEM%]\msg{75f9eddb-7068-44f3-929e-5fe57a778e98}0110.dll
[%SYSTEM%]\msg{75f9eddb-7068-44f3-929e-5fe57a778e98}0111.dll
[%SYSTEM%]\scbar.dll
[%SYSTEM%]\windowenhancer.dll
[%SYSTEM%]\winex.dll
[%WINDOWS%]\system\scbar.dll
[%WINDOWS%]\system\windowenhancer.dll
[%WINDOWS%]\system\winex.dll

How to detect NetworkEssentials.SCBar:

Files:
[%FAVORITES%]\-autos-\auto financing.url
[%FAVORITES%]\-autos-\auto insurance.url
[%FAVORITES%]\-autos-\buy a car.url
[%FAVORITES%]\-autos-\buy a new car.url
[%FAVORITES%]\-autos-\free car!.url
[%FAVORITES%]\-autos-\lease a new car.url
[%FAVORITES%]\-autos-\rent a car.url
[%FAVORITES%]\-autos-\traffic school.url
[%FAVORITES%]\-autos-\used cars.url
[%FAVORITES%]\-business & home office-\banking.url
[%FAVORITES%]\-business & home office-\computer education.url
[%FAVORITES%]\-business & home office-\credit repair.url
[%FAVORITES%]\-business & home office-\income tax.url
[%FAVORITES%]\-business & home office-\office & home supplies.url
[%FAVORITES%]\-business & home office-\office equipment.url
[%FAVORITES%]\-business & home office-\office space & rental.url
[%FAVORITES%]\-dating-\adult dating.url
[%FAVORITES%]\-dating-\christian singles.url
[%FAVORITES%]\-dating-\dating clubs.url
[%FAVORITES%]\-dating-\free dating services.url
[%FAVORITES%]\-dating-\jewish singles.url
[%FAVORITES%]\-dating-\matchmaking services.url
[%FAVORITES%]\-dating-\people search.url
[%FAVORITES%]\-dating-\photo personals.url
[%FAVORITES%]\-dating-\video dating.url
[%FAVORITES%]\-fitness-\diet foods.url
[%FAVORITES%]\-fitness-\exercise programs.url
[%FAVORITES%]\-fitness-\fitness equipment.url
[%FAVORITES%]\-fitness-\gain muscle.url
[%FAVORITES%]\-fitness-\gym gear & clothing.url
[%FAVORITES%]\-fitness-\instructional aids.url
[%FAVORITES%]\-fitness-\lose weight.url
[%FAVORITES%]\-fitness-\stop hair loss!.url
[%FAVORITES%]\-fitness-\vitamins & supplements.url
[%FAVORITES%]\-popular sites-\-career-\find a better job.url
[%FAVORITES%]\-popular sites-\-career-\find a job.url
[%FAVORITES%]\-popular sites-\-career-\jobs online.url
[%FAVORITES%]\-popular sites-\-career-\learn computers.url
[%FAVORITES%]\-popular sites-\-career-\relocate.url
[%FAVORITES%]\-popular sites-\-career-\resume help.url
[%FAVORITES%]\-popular sites-\-movies-\buy movies.url
[%FAVORITES%]\-popular sites-\-movies-\home video equipment.url
[%FAVORITES%]\-popular sites-\-movies-\movie downloads.url
[%FAVORITES%]\-popular sites-\-movies-\movie posters.url
[%FAVORITES%]\-popular sites-\-movies-\movie showtimes.url
[%FAVORITES%]\-popular sites-\-movies-\movies for rent.url
[%FAVORITES%]\-popular sites-\-movies-\movies on dvd.url
[%FAVORITES%]\-popular sites-\-movies-\movies reviews.url
[%FAVORITES%]\-popular sites-\-movies-\vhs.url
[%DESKTOP%]\fortune towers casino.url
[%DESKTOP%]\onluck casino.url
[%DESKTOP%]\play games win cash prizegames.com.url
[%DESKTOP%]\riviera gold casino.url
[%DESKTOP%]\wild west frontier.url
[%FAVORITES%]\-autos-\car dealers.url
[%FAVORITES%]\-popular sites-\-career-\get you degree.url
[%SYSTEM%]\msg{75f9eddb-7068-44f3-929e-5fe57a778e98}0110.dll
[%SYSTEM%]\msg{75f9eddb-7068-44f3-929e-5fe57a778e98}0111.dll
[%SYSTEM%]\scbar.dll
[%SYSTEM%]\windowenhancer.dll
[%SYSTEM%]\winex.dll
[%WINDOWS%]\system\scbar.dll
[%WINDOWS%]\system\windowenhancer.dll
[%WINDOWS%]\system\winex.dll
[%FAVORITES%]\-autos-\auto financing.url
[%FAVORITES%]\-autos-\auto insurance.url
[%FAVORITES%]\-autos-\buy a car.url
[%FAVORITES%]\-autos-\buy a new car.url
[%FAVORITES%]\-autos-\free car!.url
[%FAVORITES%]\-autos-\lease a new car.url
[%FAVORITES%]\-autos-\rent a car.url
[%FAVORITES%]\-autos-\traffic school.url
[%FAVORITES%]\-autos-\used cars.url
[%FAVORITES%]\-business & home office-\banking.url
[%FAVORITES%]\-business & home office-\computer education.url
[%FAVORITES%]\-business & home office-\credit repair.url
[%FAVORITES%]\-business & home office-\income tax.url
[%FAVORITES%]\-business & home office-\office & home supplies.url
[%FAVORITES%]\-business & home office-\office equipment.url
[%FAVORITES%]\-business & home office-\office space & rental.url
[%FAVORITES%]\-dating-\adult dating.url
[%FAVORITES%]\-dating-\christian singles.url
[%FAVORITES%]\-dating-\dating clubs.url
[%FAVORITES%]\-dating-\free dating services.url
[%FAVORITES%]\-dating-\jewish singles.url
[%FAVORITES%]\-dating-\matchmaking services.url
[%FAVORITES%]\-dating-\people search.url
[%FAVORITES%]\-dating-\photo personals.url
[%FAVORITES%]\-dating-\video dating.url
[%FAVORITES%]\-fitness-\diet foods.url
[%FAVORITES%]\-fitness-\exercise programs.url
[%FAVORITES%]\-fitness-\fitness equipment.url
[%FAVORITES%]\-fitness-\gain muscle.url
[%FAVORITES%]\-fitness-\gym gear & clothing.url
[%FAVORITES%]\-fitness-\instructional aids.url
[%FAVORITES%]\-fitness-\lose weight.url
[%FAVORITES%]\-fitness-\stop hair loss!.url
[%FAVORITES%]\-fitness-\vitamins & supplements.url
[%FAVORITES%]\-popular sites-\-career-\find a better job.url
[%FAVORITES%]\-popular sites-\-career-\find a job.url
[%FAVORITES%]\-popular sites-\-career-\jobs online.url
[%FAVORITES%]\-popular sites-\-career-\learn computers.url
[%FAVORITES%]\-popular sites-\-career-\relocate.url
[%FAVORITES%]\-popular sites-\-career-\resume help.url
[%FAVORITES%]\-popular sites-\-movies-\buy movies.url
[%FAVORITES%]\-popular sites-\-movies-\home video equipment.url
[%FAVORITES%]\-popular sites-\-movies-\movie downloads.url
[%FAVORITES%]\-popular sites-\-movies-\movie posters.url
[%FAVORITES%]\-popular sites-\-movies-\movie showtimes.url
[%FAVORITES%]\-popular sites-\-movies-\movies for rent.url
[%FAVORITES%]\-popular sites-\-movies-\movies on dvd.url
[%FAVORITES%]\-popular sites-\-movies-\movies reviews.url
[%FAVORITES%]\-popular sites-\-movies-\vhs.url
[%DESKTOP%]\fortune towers casino.url
[%DESKTOP%]\onluck casino.url
[%DESKTOP%]\play games win cash prizegames.com.url
[%DESKTOP%]\riviera gold casino.url
[%DESKTOP%]\wild west frontier.url
[%FAVORITES%]\-autos-\car dealers.url
[%FAVORITES%]\-popular sites-\-career-\get you degree.url
[%SYSTEM%]\msg{75f9eddb-7068-44f3-929e-5fe57a778e98}0110.dll
[%SYSTEM%]\msg{75f9eddb-7068-44f3-929e-5fe57a778e98}0111.dll
[%SYSTEM%]\scbar.dll
[%SYSTEM%]\windowenhancer.dll
[%SYSTEM%]\winex.dll
[%WINDOWS%]\system\scbar.dll
[%WINDOWS%]\system\windowenhancer.dll
[%WINDOWS%]\system\winex.dll

Folders:
[%FAVORITES%]\-shopping-
[%FAVORITES%]\-sports-
[%FAVORITES%]\-travel-
[%PROGRAM_FILES%]\scbar
[%PROGRAM_FILES%]\pop
[%PROGRAM_FILES%]\winex

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{22941a26-7033-432c-94c7-6371de343822}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00041a26-7033-432c-94c7-6371de343822}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{22941a26-7033-432c-94c7-6371de343822}
HKEY_CLASSES_ROOT\typelib\{00041a26-7033-432c-94c7-6371de343822}
HKEY_CLASSES_ROOT\typelib\{22941a26-7033-432c-94c7-6371de343822}
HKEY_CLASSES_ROOT\typelib\{9368d063-44be-49b9-bd14-bb9663fd38fc}
HKEY_LOCAL_MACHINE\software\classes\clsid\{00041a26-7033-432c-94c7-6371de343822}
HKEY_LOCAL_MACHINE\software\classes\clsid\{22941a26-7033-432c-94c7-6371de343822}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{22941a26-7033-432c-94c7-6371de343822}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing NetworkEssentials.SCBar:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Silicon.Avenger Trojan Removal

Dowque Trojan

Removing Dowque
Categories: Trojan,Downloader,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.

---

Dowque Also known as:

[Kaspersky]Trojan-PSW.Win32.Delf.qc,Trojan-PSW.Win32.QQPass.xc,Trojan-PSW.Win32.OnLineGames.fwg,Packed.Win32.Klone.af;
[McAfee]Generic PWS,PWS-OnlineGames.a.dldr,PWS-QQGame;
[Other]Win32/Dowque!generic,Mal/Packer,Trojan:Win32/Downque.A,Win32/Dowque.AL,TrojanDropper:Win32/Dowque.A,Troj/QQPass-JDD,Hupigon.gen83,Hupigon.gen101

---

Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\System64.Jmp
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\System64.Sys
[%PROGRAM_FILES%]\Internet Explorer\romdrivers.bak
[%PROGRAM_FILES%]\Internet Explorer\romdrivers.dll
[%PROGRAM_FILES_COMMON%]\Microsoft Shared\MSInfo\ReDelBat.bat
[%PROGRAM_FILES_COMMON%]\Microsoft Shared\MSInfo\SysInfo.vxd
[%PROGRAM_FILES_COMMON%]\Microsoft Shared\MSInfo\SysInfo1.dll
[%PROGRAM_FILES_COMMON%]\Microsoft Shared\MSInfo\system42.rar
[%PROGRAM_FILES_COMMON%]\Microsoft Shared\MSInfo\upsetup.exe
[%PROGRAM_FILES_COMMON%]\SyInfo.bps
[%PROGRAM_FILES_COMMON%]\system.dt2
[%SYSTEM%]\asview32.dll
[%SYSTEM%]\_rejoice81.exe
[%SYSTEM%]\_upsetup.exe
[%WINDOWS%]\rejoice81.exe
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\System64.Jmp
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\System64.Sys
[%PROGRAM_FILES%]\Internet Explorer\romdrivers.bak
[%PROGRAM_FILES%]\Internet Explorer\romdrivers.dll
[%PROGRAM_FILES_COMMON%]\Microsoft Shared\MSInfo\ReDelBat.bat
[%PROGRAM_FILES_COMMON%]\Microsoft Shared\MSInfo\SysInfo.vxd
[%PROGRAM_FILES_COMMON%]\Microsoft Shared\MSInfo\SysInfo1.dll
[%PROGRAM_FILES_COMMON%]\Microsoft Shared\MSInfo\system42.rar
[%PROGRAM_FILES_COMMON%]\Microsoft Shared\MSInfo\upsetup.exe
[%PROGRAM_FILES_COMMON%]\SyInfo.bps
[%PROGRAM_FILES_COMMON%]\system.dt2
[%SYSTEM%]\asview32.dll
[%SYSTEM%]\_rejoice81.exe
[%SYSTEM%]\_upsetup.exe
[%WINDOWS%]\rejoice81.exe

How to detect Dowque:

Files:
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\System64.Jmp
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\System64.Sys
[%PROGRAM_FILES%]\Internet Explorer\romdrivers.bak
[%PROGRAM_FILES%]\Internet Explorer\romdrivers.dll
[%PROGRAM_FILES_COMMON%]\Microsoft Shared\MSInfo\ReDelBat.bat
[%PROGRAM_FILES_COMMON%]\Microsoft Shared\MSInfo\SysInfo.vxd
[%PROGRAM_FILES_COMMON%]\Microsoft Shared\MSInfo\SysInfo1.dll
[%PROGRAM_FILES_COMMON%]\Microsoft Shared\MSInfo\system42.rar
[%PROGRAM_FILES_COMMON%]\Microsoft Shared\MSInfo\upsetup.exe
[%PROGRAM_FILES_COMMON%]\SyInfo.bps
[%PROGRAM_FILES_COMMON%]\system.dt2
[%SYSTEM%]\asview32.dll
[%SYSTEM%]\_rejoice81.exe
[%SYSTEM%]\_upsetup.exe
[%WINDOWS%]\rejoice81.exe
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\System64.Jmp
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\System64.Sys
[%PROGRAM_FILES%]\Internet Explorer\romdrivers.bak
[%PROGRAM_FILES%]\Internet Explorer\romdrivers.dll
[%PROGRAM_FILES_COMMON%]\Microsoft Shared\MSInfo\ReDelBat.bat
[%PROGRAM_FILES_COMMON%]\Microsoft Shared\MSInfo\SysInfo.vxd
[%PROGRAM_FILES_COMMON%]\Microsoft Shared\MSInfo\SysInfo1.dll
[%PROGRAM_FILES_COMMON%]\Microsoft Shared\MSInfo\system42.rar
[%PROGRAM_FILES_COMMON%]\Microsoft Shared\MSInfo\upsetup.exe
[%PROGRAM_FILES_COMMON%]\SyInfo.bps
[%PROGRAM_FILES_COMMON%]\system.dt2
[%SYSTEM%]\asview32.dll
[%SYSTEM%]\_rejoice81.exe
[%SYSTEM%]\_upsetup.exe
[%WINDOWS%]\rejoice81.exe

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{754fb7d8-b8fe-4810-b363-a788cd060f1f}
HKEY_CLASSES_ROOT\clsid\{0cb68ad9-ff66-3e63-636b-b693e62f6236}
HKEY_CLASSES_ROOT\clsid\{0ea66ad2-cf26-2e23-532b-b292e22f3266}
HKEY_CLASSES_ROOT\clsid\{72204f90-5cd6-41b1-bd69-62cd84c9fb24}
HKEY_CLASSES_ROOT\clsid\{7f4d1081-25fd-44f5-99c6-ff271cfb7ec2}
HKEY_CLASSES_ROOT\clsid\{90bc520c-9175-470e-94b8-10fd869d170b}
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sheellhwd
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wmi performance adapte

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winmtsrv

Removing Dowque:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Removing imedia.co.il Tracking Cookie
Generic.ce Trojan Symptoms
Remove IconAds Adware

Try2Find Adware

Removing Try2Find
Categories: Adware,BHO,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

How to detect Try2Find:

Folders:
[%PROGRAM_FILES%]\try2find

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{90baeb8b-47c2-44b4-a5a6-b99d34f1d4c5}
HKEY_CLASSES_ROOT\clsid\{d8c6179a-58c3-4662-800a-22dae7dcb152}
HKEY_CLASSES_ROOT\interface\{537d3507-9619-40fb-9b38-cfc7e82657f8}
HKEY_CLASSES_ROOT\sptbax.install
HKEY_CLASSES_ROOT\sptbax.install.1
HKEY_CLASSES_ROOT\typelib\{753f0433-e341-40d2-b4fa-3de1c888313f}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\sptbaxcab
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\sptbax.dll
HKEY_LOCAL_MACHINE\software\try2find

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls

Removing Try2Find:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
CAZ Trojan Cleaner
Remove Adware.BHO.gen Downloader
Givoree Trojan Removal instruction

NetSonic Adware

Removing NetSonic
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

---

Visible Symptoms:
Files in system folders:
[%COMMON_PROGRAMS%]\NetSonic\NetSonic.lnk
[%COMMON_PROGRAMS%]\NetSonic\Readme.lnk
[%COMMON_PROGRAMS%]\NetSonic\UnInstall NetSonic.lnk
[%COMMON_STARTUP%]\NetSonic.lnk
[%DESKTOP%]\NetSonic\netsonic.rar
[%PROFILE%]\Recent\netsonic.rar.lnk
[%STARTUP%]\netsonic.lnk
[%WINDOWS%]\NetSonic.w3k
[%WINDOWS%]\netsoniccleanup.exe
[%COMMON_PROGRAMS%]\NetSonic\NetSonic.lnk
[%COMMON_PROGRAMS%]\NetSonic\Readme.lnk
[%COMMON_PROGRAMS%]\NetSonic\UnInstall NetSonic.lnk
[%COMMON_STARTUP%]\NetSonic.lnk
[%DESKTOP%]\NetSonic\netsonic.rar
[%PROFILE%]\Recent\netsonic.rar.lnk
[%STARTUP%]\netsonic.lnk
[%WINDOWS%]\NetSonic.w3k
[%WINDOWS%]\netsoniccleanup.exe

How to detect NetSonic:

Files:
[%COMMON_PROGRAMS%]\NetSonic\NetSonic.lnk
[%COMMON_PROGRAMS%]\NetSonic\Readme.lnk
[%COMMON_PROGRAMS%]\NetSonic\UnInstall NetSonic.lnk
[%COMMON_STARTUP%]\NetSonic.lnk
[%DESKTOP%]\NetSonic\netsonic.rar
[%PROFILE%]\Recent\netsonic.rar.lnk
[%STARTUP%]\netsonic.lnk
[%WINDOWS%]\NetSonic.w3k
[%WINDOWS%]\netsoniccleanup.exe
[%COMMON_PROGRAMS%]\NetSonic\NetSonic.lnk
[%COMMON_PROGRAMS%]\NetSonic\Readme.lnk
[%COMMON_PROGRAMS%]\NetSonic\UnInstall NetSonic.lnk
[%COMMON_STARTUP%]\NetSonic.lnk
[%DESKTOP%]\NetSonic\netsonic.rar
[%PROFILE%]\Recent\netsonic.rar.lnk
[%STARTUP%]\netsonic.lnk
[%WINDOWS%]\NetSonic.w3k
[%WINDOWS%]\netsoniccleanup.exe

Folders:
[%PROGRAMS%]\netsonic
[%PROGRAM_FILES%]\netsonic

Registry Keys:
HKEY_CURRENT_USER\software\web3000.com
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\netsonic

Removing NetSonic:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Removing QZap127 Trojan
Cemgar Trojan Removal
Forethought Trojan Removal instruction
Ishowbao BHO Cleaner

Banker.cn Spyware

Removing Banker.cn
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.

---

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\mct.sys
[%WINDOWS%]\sct.sys
[%WINDOWS%]\win.txt
[%WINDOWS%]\wini.sys
[%WINDOWS%]\mct.sys
[%WINDOWS%]\sct.sys
[%WINDOWS%]\win.txt
[%WINDOWS%]\wini.sys

How to detect Banker.cn:

Files:
[%WINDOWS%]\mct.sys
[%WINDOWS%]\sct.sys
[%WINDOWS%]\win.txt
[%WINDOWS%]\wini.sys
[%WINDOWS%]\mct.sys
[%WINDOWS%]\sct.sys
[%WINDOWS%]\win.txt
[%WINDOWS%]\wini.sys

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Banker.cn:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Secure4U.Firewall BHO Information
Removing Mini.Asylum RAT
NetVizor Spyware Removal
Pigeon.EUA Trojan Removal
Ebates.Moe.Money.Maker BHO Removal instruction

Computer.Use.Reporter Spyware

Removing Computer.Use.Reporter
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.

---

Visible Symptoms:
Files in system folders:
[%COMMON_DESKTOPDIRECTORY%]\Computer Use Reporter.lnk
[%COMMON_PROGRAMS%]\Computer Use Reporter.lnk
[%COMMON_STARTMENU%]\Computer Use Reporter.lnk
[%COMMON_STARTUP%]\cure.exe
[%PROGRAM_FILES%]\CUR\CUR.txt
[%PROGRAM_FILES%]\CUR\CURC.exe
[%PROGRAM_FILES%]\CUR\Pointer.html
[%COMMON_DESKTOPDIRECTORY%]\Computer Use Reporter.lnk
[%COMMON_PROGRAMS%]\Computer Use Reporter.lnk
[%COMMON_STARTMENU%]\Computer Use Reporter.lnk
[%COMMON_STARTUP%]\cure.exe
[%PROGRAM_FILES%]\CUR\CUR.txt
[%PROGRAM_FILES%]\CUR\CURC.exe
[%PROGRAM_FILES%]\CUR\Pointer.html

How to detect Computer.Use.Reporter:

Files:
[%COMMON_DESKTOPDIRECTORY%]\Computer Use Reporter.lnk
[%COMMON_PROGRAMS%]\Computer Use Reporter.lnk
[%COMMON_STARTMENU%]\Computer Use Reporter.lnk
[%COMMON_STARTUP%]\cure.exe
[%PROGRAM_FILES%]\CUR\CUR.txt
[%PROGRAM_FILES%]\CUR\CURC.exe
[%PROGRAM_FILES%]\CUR\Pointer.html
[%COMMON_DESKTOPDIRECTORY%]\Computer Use Reporter.lnk
[%COMMON_PROGRAMS%]\Computer Use Reporter.lnk
[%COMMON_STARTMENU%]\Computer Use Reporter.lnk
[%COMMON_STARTUP%]\cure.exe
[%PROGRAM_FILES%]\CUR\CUR.txt
[%PROGRAM_FILES%]\CUR\CURC.exe
[%PROGRAM_FILES%]\CUR\Pointer.html

Removing Computer.Use.Reporter:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Frethog.AFE Trojan Removal

SpyArsenal.Print.Monitor Spyware

Removing SpyArsenal.Print.Monitor
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

---

Visible Symptoms:
Files in system folders:
[%DESKTOP%]\SpyArsenal Print Monitor.lnk
[%PROGRAMS%]\SpyArsenal Print Monitor Pro\SpyArsenal Print Monitor Pro.lnk
[%DESKTOP%]\SpyArsenal Print Monitor.lnk
[%PROGRAMS%]\SpyArsenal Print Monitor Pro\SpyArsenal Print Monitor Pro.lnk

How to detect SpyArsenal.Print.Monitor:

Files:
[%DESKTOP%]\SpyArsenal Print Monitor.lnk
[%PROGRAMS%]\SpyArsenal Print Monitor Pro\SpyArsenal Print Monitor Pro.lnk
[%DESKTOP%]\SpyArsenal Print Monitor.lnk
[%PROGRAMS%]\SpyArsenal Print Monitor Pro\SpyArsenal Print Monitor Pro.lnk

Folders:
[%PROGRAMS%]\SpyArsenal Print Monitor
[%PROGRAM_FILES%]\SpyArsenal Print Monitor
[%PROGRAM_FILES%]\SpyArsenal Print Monitor Pro

Registry Keys:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\spyarsenal print monitor
HKEY_LOCAL_MACHINE\software\kmint21\spyarsenal-print-monitor
HKEY_LOCAL_MACHINE\software\kmint21\spyarsenal-print-monitor-pro
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spyarsenal-print-monitor
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spyarsenal-print-monitor-pro

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing SpyArsenal.Print.Monitor:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Malaise Trojan Removal instruction
Remove QDel1 Trojan
Bancos.GIM Trojan Symptoms
MSN.Chat Spyware Removal
Billboard Trojan Symptoms

Drunk.Mouse Trojan

Removing Drunk.Mouse
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

---

Drunk.Mouse Also known as:

[Kaspersky]not-virus:Joke.Win32.MovingMouse

---

Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\Adobe\Photoshop CS\Plug-Ins\DSB Flex\flux_license.txt
[%PROGRAM_FILES%]\eDonkey2000\incoming\Complete.NOKIA.Ringtone.and.logo.pack.madda.(osloskop.net).com\Complete NOKIA Ringtone and logo pack\21286 ringtones\RINGTONES\POLYPHONIC RINGTONES 1300+\EGYPTIAN.MID
[%PROGRAM_FILES%]\Macromedia\Dreamweaver 4\pc.mus
[%PROGRAM_FILES%]\Macromedia\Dreamweaver 4\PCNFO.EXE
[%PROGRAM_FILES%]\Adobe\Photoshop CS\Plug-Ins\DSB Flex\flux_license.txt
[%PROGRAM_FILES%]\eDonkey2000\incoming\Complete.NOKIA.Ringtone.and.logo.pack.madda.(osloskop.net).com\Complete NOKIA Ringtone and logo pack\21286 ringtones\RINGTONES\POLYPHONIC RINGTONES 1300+\EGYPTIAN.MID
[%PROGRAM_FILES%]\Macromedia\Dreamweaver 4\pc.mus
[%PROGRAM_FILES%]\Macromedia\Dreamweaver 4\PCNFO.EXE

How to detect Drunk.Mouse:

Files:
[%PROGRAM_FILES%]\Adobe\Photoshop CS\Plug-Ins\DSB Flex\flux_license.txt
[%PROGRAM_FILES%]\eDonkey2000\incoming\Complete.NOKIA.Ringtone.and.logo.pack.madda.(osloskop.net).com\Complete NOKIA Ringtone and logo pack\21286 ringtones\RINGTONES\POLYPHONIC RINGTONES 1300+\EGYPTIAN.MID
[%PROGRAM_FILES%]\Macromedia\Dreamweaver 4\pc.mus
[%PROGRAM_FILES%]\Macromedia\Dreamweaver 4\PCNFO.EXE
[%PROGRAM_FILES%]\Adobe\Photoshop CS\Plug-Ins\DSB Flex\flux_license.txt
[%PROGRAM_FILES%]\eDonkey2000\incoming\Complete.NOKIA.Ringtone.and.logo.pack.madda.(osloskop.net).com\Complete NOKIA Ringtone and logo pack\21286 ringtones\RINGTONES\POLYPHONIC RINGTONES 1300+\EGYPTIAN.MID
[%PROGRAM_FILES%]\Macromedia\Dreamweaver 4\pc.mus
[%PROGRAM_FILES%]\Macromedia\Dreamweaver 4\PCNFO.EXE

Removing Drunk.Mouse:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
AdBlocker Adware Information

Adtech Adware

Removing Adtech
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

How to detect Adtech:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Adtech:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Removing Yam Trojan
Over Trojan Cleaner
ProtectingTool Ransomware Removal

TrustyHound Spyware

Removing TrustyHound
Categories: Spyware
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

---

Visible Symptoms:
Files in system folders:
[%DESKTOP%]\CardFountain Greetings.lnk
[%DESKTOP%]\Free Stuff Directory.lnk
[%DESKTOP%]\FunFlirts Online Dating.lnk
[%DESKTOP%]\TrustyHound Image Search.lnk
[%DESKTOP%]\TrustyHound Web Search.lnk
[%PROGRAM_FILES%]\TrustyHound-TS\cardfountain.html
[%PROGRAM_FILES%]\TrustyHound-TS\cardfountain.ico
[%PROGRAM_FILES%]\TrustyHound-TS\free-stuff-directory.html
[%PROGRAM_FILES%]\TrustyHound-TS\free-stuff-directory.ico
[%PROGRAM_FILES%]\TrustyHound-TS\funflirts.html
[%PROGRAM_FILES%]\TrustyHound-TS\funflirts.ico
[%PROGRAM_FILES%]\TrustyHound-TS\image-search.html
[%PROGRAM_FILES%]\TrustyHound-TS\image-search.ico
[%PROGRAM_FILES%]\TrustyHound-TS\TrustyHound-TS.exe
[%PROGRAM_FILES%]\TrustyHound-TS\unins000.dat
[%PROGRAM_FILES%]\TrustyHound-TS\unins000.exe
[%PROGRAM_FILES%]\TrustyHound-TS\web-search.html
[%PROGRAM_FILES%]\TrustyHound-TS\web-search.ico
[%STARTMENU%]\CardFountain Greetings.lnk
[%STARTMENU%]\Free Stuff Directory.lnk
[%STARTMENU%]\FunFlirts Online Dating.lnk
[%STARTMENU%]\TrustyHound Image Search.lnk
[%STARTMENU%]\TrustyHound Web Search.lnk
[%DESKTOP%]\CardFountain Greetings.lnk
[%DESKTOP%]\Free Stuff Directory.lnk
[%DESKTOP%]\FunFlirts Online Dating.lnk
[%DESKTOP%]\TrustyHound Image Search.lnk
[%DESKTOP%]\TrustyHound Web Search.lnk
[%PROGRAM_FILES%]\TrustyHound-TS\cardfountain.html
[%PROGRAM_FILES%]\TrustyHound-TS\cardfountain.ico
[%PROGRAM_FILES%]\TrustyHound-TS\free-stuff-directory.html
[%PROGRAM_FILES%]\TrustyHound-TS\free-stuff-directory.ico
[%PROGRAM_FILES%]\TrustyHound-TS\funflirts.html
[%PROGRAM_FILES%]\TrustyHound-TS\funflirts.ico
[%PROGRAM_FILES%]\TrustyHound-TS\image-search.html
[%PROGRAM_FILES%]\TrustyHound-TS\image-search.ico
[%PROGRAM_FILES%]\TrustyHound-TS\TrustyHound-TS.exe
[%PROGRAM_FILES%]\TrustyHound-TS\unins000.dat
[%PROGRAM_FILES%]\TrustyHound-TS\unins000.exe
[%PROGRAM_FILES%]\TrustyHound-TS\web-search.html
[%PROGRAM_FILES%]\TrustyHound-TS\web-search.ico
[%STARTMENU%]\CardFountain Greetings.lnk
[%STARTMENU%]\Free Stuff Directory.lnk
[%STARTMENU%]\FunFlirts Online Dating.lnk
[%STARTMENU%]\TrustyHound Image Search.lnk
[%STARTMENU%]\TrustyHound Web Search.lnk

How to detect TrustyHound:

Files:
[%DESKTOP%]\CardFountain Greetings.lnk
[%DESKTOP%]\Free Stuff Directory.lnk
[%DESKTOP%]\FunFlirts Online Dating.lnk
[%DESKTOP%]\TrustyHound Image Search.lnk
[%DESKTOP%]\TrustyHound Web Search.lnk
[%PROGRAM_FILES%]\TrustyHound-TS\cardfountain.html
[%PROGRAM_FILES%]\TrustyHound-TS\cardfountain.ico
[%PROGRAM_FILES%]\TrustyHound-TS\free-stuff-directory.html
[%PROGRAM_FILES%]\TrustyHound-TS\free-stuff-directory.ico
[%PROGRAM_FILES%]\TrustyHound-TS\funflirts.html
[%PROGRAM_FILES%]\TrustyHound-TS\funflirts.ico
[%PROGRAM_FILES%]\TrustyHound-TS\image-search.html
[%PROGRAM_FILES%]\TrustyHound-TS\image-search.ico
[%PROGRAM_FILES%]\TrustyHound-TS\TrustyHound-TS.exe
[%PROGRAM_FILES%]\TrustyHound-TS\unins000.dat
[%PROGRAM_FILES%]\TrustyHound-TS\unins000.exe
[%PROGRAM_FILES%]\TrustyHound-TS\web-search.html
[%PROGRAM_FILES%]\TrustyHound-TS\web-search.ico
[%STARTMENU%]\CardFountain Greetings.lnk
[%STARTMENU%]\Free Stuff Directory.lnk
[%STARTMENU%]\FunFlirts Online Dating.lnk
[%STARTMENU%]\TrustyHound Image Search.lnk
[%STARTMENU%]\TrustyHound Web Search.lnk
[%DESKTOP%]\CardFountain Greetings.lnk
[%DESKTOP%]\Free Stuff Directory.lnk
[%DESKTOP%]\FunFlirts Online Dating.lnk
[%DESKTOP%]\TrustyHound Image Search.lnk
[%DESKTOP%]\TrustyHound Web Search.lnk
[%PROGRAM_FILES%]\TrustyHound-TS\cardfountain.html
[%PROGRAM_FILES%]\TrustyHound-TS\cardfountain.ico
[%PROGRAM_FILES%]\TrustyHound-TS\free-stuff-directory.html
[%PROGRAM_FILES%]\TrustyHound-TS\free-stuff-directory.ico
[%PROGRAM_FILES%]\TrustyHound-TS\funflirts.html
[%PROGRAM_FILES%]\TrustyHound-TS\funflirts.ico
[%PROGRAM_FILES%]\TrustyHound-TS\image-search.html
[%PROGRAM_FILES%]\TrustyHound-TS\image-search.ico
[%PROGRAM_FILES%]\TrustyHound-TS\TrustyHound-TS.exe
[%PROGRAM_FILES%]\TrustyHound-TS\unins000.dat
[%PROGRAM_FILES%]\TrustyHound-TS\unins000.exe
[%PROGRAM_FILES%]\TrustyHound-TS\web-search.html
[%PROGRAM_FILES%]\TrustyHound-TS\web-search.ico
[%STARTMENU%]\CardFountain Greetings.lnk
[%STARTMENU%]\Free Stuff Directory.lnk
[%STARTMENU%]\FunFlirts Online Dating.lnk
[%STARTMENU%]\TrustyHound Image Search.lnk
[%STARTMENU%]\TrustyHound Web Search.lnk

Folders:
[%PROGRAMS%]\TrustyHound-TS
[%PROGRAM_FILES%]\TrustyHound-TB

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing TrustyHound:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Pigeon.APP Trojan Removal instruction
MagicCenter Trojan Information

SpyGator.pro Spyware

Removing SpyGator.pro
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.

---

Visible Symptoms:
Files in system folders:
[%DESKTOP%]\Spy Gator Pro.lnk
[%WINDOWS%]\AOLPicEditor.exe
[%DESKTOP%]\Spy Gator Pro.lnk
[%WINDOWS%]\AOLPicEditor.exe

How to detect SpyGator.pro:

Files:
[%DESKTOP%]\Spy Gator Pro.lnk
[%WINDOWS%]\AOLPicEditor.exe
[%DESKTOP%]\Spy Gator Pro.lnk
[%WINDOWS%]\AOLPicEditor.exe

Folders:
[%PROGRAMS%]\Thunder Technologies Inc. Software\Spy Gator Pro
[%PROGRAM_FILES%]\SGP

Registry Keys:
HKEY_CURRENT_USER\software\microsoft\installer\features\7c741c4b12d640a43a5fceb9bbb9650e
HKEY_CURRENT_USER\software\microsoft\installer\products\7c741c4b12d640a43a5fceb9bbb9650e
HKEY_CURRENT_USER\software\microsoft\installer\upgradecodes\bfb2faa0d27b30648814077fe5d071cb
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\thunder technologies inc. software\spy gator pro
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1e1b2879-88fa-11d3-8d96-d7acac95951a}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{b4c147c7-6d21-4a04-a3f5-ec9bbb9b56e0}
HKEY_LOCAL_MACHINE\software\thunder technologies inc.\spy gator pro

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing SpyGator.pro:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Removing Download.AAO Trojan
Removing KaZaA Worm
Bagdrop Trojan Symptoms

SearchCentrix.WinDirect Hijacker

Removing SearchCentrix.WinDirect
Categories: Hijacker
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.

---

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\wzhelper.dll
[%SYSTEM%]\wzhelper.dll

How to detect SearchCentrix.WinDirect:

Files:
[%SYSTEM%]\wzhelper.dll
[%SYSTEM%]\wzhelper.dll

Registry Keys:
HKEY_LOCAL_MACHINE\software\classes\clsid\{4e7bd74f-2b8d-469e-c0fb-ef60b19da02a}
HKEY_LOCAL_MACHINE\software\classes\wzhelper.wzhelper

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\windirect_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\windirect_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\windirect_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\windirect_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\windirect_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\windirect_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\windirect_is1

Removing SearchCentrix.WinDirect:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Remove Bancos.HWO Trojan
BrowserAid.Startium BHO Symptoms
AIM.Pws Backdoor Information

FactoryNetwork Adware

Removing FactoryNetwork
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

How to detect FactoryNetwork:

Registry Keys:
HKEY_LOCAL_MACHINE\software\dksoftware
HKEY_LOCAL_MACHINE\software\windowsrts

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing FactoryNetwork:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Hider Trojan Cleaner
Semtex Trojan Information

IEYHelper Adware

Removing IEYHelper
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

---

IEYHelper Also known as:

[Kaspersky]AdWare.Win32.IEHlpr.u;
[McAfee]Adware-YayaBands

How to detect IEYHelper:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{5c761d09-377e-4eac-ada1-c9cde39b5674}
HKEY_CLASSES_ROOT\ieyhlprobj.ieyhlprobj
HKEY_CLASSES_ROOT\ieyhlprobj.ieyhlprobj.1
HKEY_CLASSES_ROOT\interface\{4a4d91de-b8a6-4ced-a62a-1cd3ce627da0}
HKEY_CLASSES_ROOT\typelib\{dd18cec3-abed-4391-ac52-d5275e6ea2fe}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5c761d09-377e-4eac-ada1-c9cde39b5674}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects

Removing IEYHelper:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
SillyDl.CCX Downloader Removal

MediaPipe Adware

Removing MediaPipe
Categories: Adware,Worm
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Worms can be classified according to the propagation method they use,
i.e. how they deliver copies of themselves to new victim machines.
Worms can also be classified by installation method, launch method and finally according
to characteristics standard to all malware: polymorphism, stealth etc.

Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.
The methods are listed separately below.

---

MediaPipe Also known as:

[Other]Mediapipe

---

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\Access.0ll
[%SYSTEM%]\Access.dll
[%DESKTOP%]\ Terms.lnk
[%DESKTOP%]\.url
[%DESKTOP%]\movieland terms.lnk
[%DESKTOP%]\movieland.url
[%DESKTOP%]\movieland_access_g.exe
[%PROGRAMS%]\247Cams.lnk
[%PROGRAMS%]\downloadmanager.lnk
[%PROGRAM_FILES%]\ Terms.html
[%PROGRAM_FILES%]\downloadmanager\agent.dll
[%PROGRAM_FILES%]\downloadmanager\api.exe
[%PROGRAM_FILES%]\downloadmanager\dm.exe
[%PROGRAM_FILES%]\downloadmanager\downloadmanager.exe
[%PROGRAM_FILES%]\downloadmanager\downloadmanager.ini
[%PROGRAM_FILES%]\downloadmanager\insdl.dll
[%PROGRAM_FILES%]\downloadmanager\install.log
[%PROGRAM_FILES%]\downloadmanager\mptray.exe
[%PROGRAM_FILES%]\downloadmanager\mpupdate.exe
[%PROGRAM_FILES%]\downloadmanager\p2pinst.exe
[%PROGRAM_FILES%]\downloadmanager\p2pl.exe
[%PROGRAM_FILES%]\downloadmanager\uninst.exe
[%PROGRAM_FILES%]\movieland terms.html
[%SYSTEM%]\mplic.dll
[%SYSTEM%]\Access.0ll
[%SYSTEM%]\Access.dll
[%DESKTOP%]\ Terms.lnk
[%DESKTOP%]\.url
[%DESKTOP%]\movieland terms.lnk
[%DESKTOP%]\movieland.url
[%DESKTOP%]\movieland_access_g.exe
[%PROGRAMS%]\247Cams.lnk
[%PROGRAMS%]\downloadmanager.lnk
[%PROGRAM_FILES%]\ Terms.html
[%PROGRAM_FILES%]\downloadmanager\agent.dll
[%PROGRAM_FILES%]\downloadmanager\api.exe
[%PROGRAM_FILES%]\downloadmanager\dm.exe
[%PROGRAM_FILES%]\downloadmanager\downloadmanager.exe
[%PROGRAM_FILES%]\downloadmanager\downloadmanager.ini
[%PROGRAM_FILES%]\downloadmanager\insdl.dll
[%PROGRAM_FILES%]\downloadmanager\install.log
[%PROGRAM_FILES%]\downloadmanager\mptray.exe
[%PROGRAM_FILES%]\downloadmanager\mpupdate.exe
[%PROGRAM_FILES%]\downloadmanager\p2pinst.exe
[%PROGRAM_FILES%]\downloadmanager\p2pl.exe
[%PROGRAM_FILES%]\downloadmanager\uninst.exe
[%PROGRAM_FILES%]\movieland terms.html
[%SYSTEM%]\mplic.dll

How to detect MediaPipe:

Files:
[%SYSTEM%]\Access.0ll
[%SYSTEM%]\Access.dll
[%DESKTOP%]\ Terms.lnk
[%DESKTOP%]\.url
[%DESKTOP%]\movieland terms.lnk
[%DESKTOP%]\movieland.url
[%DESKTOP%]\movieland_access_g.exe
[%PROGRAMS%]\247Cams.lnk
[%PROGRAMS%]\downloadmanager.lnk
[%PROGRAM_FILES%]\ Terms.html
[%PROGRAM_FILES%]\downloadmanager\agent.dll
[%PROGRAM_FILES%]\downloadmanager\api.exe
[%PROGRAM_FILES%]\downloadmanager\dm.exe
[%PROGRAM_FILES%]\downloadmanager\downloadmanager.exe
[%PROGRAM_FILES%]\downloadmanager\downloadmanager.ini
[%PROGRAM_FILES%]\downloadmanager\insdl.dll
[%PROGRAM_FILES%]\downloadmanager\install.log
[%PROGRAM_FILES%]\downloadmanager\mptray.exe
[%PROGRAM_FILES%]\downloadmanager\mpupdate.exe
[%PROGRAM_FILES%]\downloadmanager\p2pinst.exe
[%PROGRAM_FILES%]\downloadmanager\p2pl.exe
[%PROGRAM_FILES%]\downloadmanager\uninst.exe
[%PROGRAM_FILES%]\movieland terms.html
[%SYSTEM%]\mplic.dll
[%SYSTEM%]\Access.0ll
[%SYSTEM%]\Access.dll
[%DESKTOP%]\ Terms.lnk
[%DESKTOP%]\.url
[%DESKTOP%]\movieland terms.lnk
[%DESKTOP%]\movieland.url
[%DESKTOP%]\movieland_access_g.exe
[%PROGRAMS%]\247Cams.lnk
[%PROGRAMS%]\downloadmanager.lnk
[%PROGRAM_FILES%]\ Terms.html
[%PROGRAM_FILES%]\downloadmanager\agent.dll
[%PROGRAM_FILES%]\downloadmanager\api.exe
[%PROGRAM_FILES%]\downloadmanager\dm.exe
[%PROGRAM_FILES%]\downloadmanager\downloadmanager.exe
[%PROGRAM_FILES%]\downloadmanager\downloadmanager.ini
[%PROGRAM_FILES%]\downloadmanager\insdl.dll
[%PROGRAM_FILES%]\downloadmanager\install.log
[%PROGRAM_FILES%]\downloadmanager\mptray.exe
[%PROGRAM_FILES%]\downloadmanager\mpupdate.exe
[%PROGRAM_FILES%]\downloadmanager\p2pinst.exe
[%PROGRAM_FILES%]\downloadmanager\p2pl.exe
[%PROGRAM_FILES%]\downloadmanager\uninst.exe
[%PROGRAM_FILES%]\movieland terms.html
[%SYSTEM%]\mplic.dll

Folders:
[%PROGRAM_FILES%]\247Cams
[%PROGRAM_FILES%]\itbill
[%PROGRAM_FILES%]\License_Manager
[%PROGRAM_FILES%]\mediapipe
[%PROGRAM_FILES%]\p2pnetworks

Registry Keys:
HKEY_CLASSES_ROOT\amnotifier.hubawindow
HKEY_CLASSES_ROOT\amnotifier.hubawindow.1
HKEY_CLASSES_ROOT\appid\amnotifier.exe
HKEY_CLASSES_ROOT\appid\mpagent.dll
HKEY_CLASSES_ROOT\appid\{4c0b0548-ae0b-4008-999d-db33b8b2eb90}
HKEY_CLASSES_ROOT\appid\{626873ac-27f3-4d48-be81-535cf2360071}
HKEY_CLASSES_ROOT\appid\{7911272a-a32a-404e-8a51-ee18b99b18c4}
HKEY_CLASSES_ROOT\appid\{9236268d-8b29-49e5-96d9-daf5fe76941c}
HKEY_CLASSES_ROOT\appid\{99c4f93d-42a7-478d-8746-4afb6c10bc26}
HKEY_CLASSES_ROOT\appid\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}
HKEY_CLASSES_ROOT\clsid\{1e9adaf2-4eda-4074-96ce-c9972e675c88}
HKEY_CLASSES_ROOT\clsid\{48bb16aa-3f6c-4b28-9884-1fcec1c5da65}
HKEY_CLASSES_ROOT\clsid\{7bf58804-e672-4b96-8eec-bfcce6492c9a}
HKEY_CLASSES_ROOT\clsid\{b3e19860-0cd5-4991-a066-4fca2704de59}
HKEY_CLASSES_ROOT\clsid\{dfe95408-fd86-4818-a30a-bc859d9658e1}
HKEY_CLASSES_ROOT\downloadmanager.manager
HKEY_CLASSES_ROOT\downloadmanager.manager.1
HKEY_CLASSES_ROOT\interface\{1a7bcc8e-b65d-409a-bb67-57e8226d1780}
HKEY_CLASSES_ROOT\interface\{873209c1-1118-4246-be69-1b903862e061}
HKEY_CLASSES_ROOT\interface\{8e33f539-11bc-44e5-80bf-057fa1e511a6}
HKEY_CLASSES_ROOT\interface\{9a395c6c-e42e-4777-b8ef-fddeb705f3fb}
HKEY_CLASSES_ROOT\interface\{afe46cdd-00ce-45ee-bb73-8349d624f7af}
HKEY_CLASSES_ROOT\interface\{cf1e4638-637f-499d-8309-fd71b9750abc}
HKEY_CLASSES_ROOT\interface\{de2bf8da-a159-4758-8199-0b2435268212}
HKEY_CLASSES_ROOT\mediapipe.gui
HKEY_CLASSES_ROOT\mediapipe.gui.1
HKEY_CLASSES_ROOT\mpagent.agent
HKEY_CLASSES_ROOT\mpagent.agent.1
HKEY_CLASSES_ROOT\sp2p.sp2p
HKEY_CLASSES_ROOT\sp2p.sp2p.1
HKEY_CLASSES_ROOT\typelib\{45c2360e-bfdf-439b-a3ea-65e8383f9353}
HKEY_CLASSES_ROOT\typelib\{555fb512-9f3b-4359-9d2a-3c10e750ce5e}
HKEY_CLASSES_ROOT\typelib\{913422c5-c92b-4e4f-85ac-241fa700a971}\1.0
HKEY_CLASSES_ROOT\typelib\{97d860c4-f072-477b-b241-409f7cffb954}
HKEY_CLASSES_ROOT\typelib\{ab3b59a5-8bb4-46ab-a878-dfdb237d5bd5}
HKEY_CLASSES_ROOT\typelib\{afdbb222-dea9-4c12-b3a3-a13c2985e3ee}
HKEY_CLASSES_ROOT\typelib\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}
HKEY_CURRENT_USER\software\247cams
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\uninstall\247cams
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\uninstall\notify
HKEY_CURRENT_USER\software\notify
HKEY_LOCAL_MACHINE\software\downloadmanager
HKEY_LOCAL_MACHINE\software\mediapipe

Registry Values:
HKEY_CLASSES_ROOT\appid\downloadmanager.exe
HKEY_CLASSES_ROOT\appid\mediapipe.exe
HKEY_CLASSES_ROOT\appid\sp2p.exe
HKEY_CLASSES_ROOT\appid\trayicon.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\itbill
HKEY_LOCAL_MACHINE\software\itbill
HKEY_LOCAL_MACHINE\software\itbill
HKEY_LOCAL_MACHINE\software\itbill
HKEY_LOCAL_MACHINE\software\itbill
HKEY_LOCAL_MACHINE\software\itbill
HKEY_LOCAL_MACHINE\software\itbill\config
HKEY_LOCAL_MACHINE\software\itbill\config
HKEY_LOCAL_MACHINE\software\itbill\config
HKEY_LOCAL_MACHINE\software\itbill\config
HKEY_LOCAL_MACHINE\software\itbill\config
HKEY_LOCAL_MACHINE\software\itbill\config
HKEY_LOCAL_MACHINE\software\itbill\config
HKEY_LOCAL_MACHINE\software\itbill\update
HKEY_LOCAL_MACHINE\software\itbill\update
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\itbill
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\itbill
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\mediapipe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\mediapipe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\p2pnetworks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\p2pnetworks
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list

Removing MediaPipe:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Removing Vxidl.AUY Trojan
ProBot.Activity.Monitor Spyware Cleaner
Spectre Spyware Cleaner
DeepThroat Trojan Cleaner
MailSpam.Squad Hacker Tool Cleaner

APie Trojan

Removing APie
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

---

APie Also known as:

[Other]Mal/DownLdr-O

---

Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\sys-addon\sys-addon.dll
[%PROGRAM_FILES%]\sys-addon\uninstall.exe
[%PROGRAM_FILES%]\sys-addon\sys-addon.dll
[%PROGRAM_FILES%]\sys-addon\uninstall.exe

How to detect APie:

Files:
[%PROGRAM_FILES%]\sys-addon\sys-addon.dll
[%PROGRAM_FILES%]\sys-addon\uninstall.exe
[%PROGRAM_FILES%]\sys-addon\sys-addon.dll
[%PROGRAM_FILES%]\sys-addon\uninstall.exe

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4cf7c596-c8ff-41d5-88a5-0f1a1a92dde1}
HKEY_LOCAL_MACHINE\software\sys-addon

Removing APie:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Remove Bat.FormatCQU Trojan

Italian.Soccer.Wallpaper Adware

Removing Italian.Soccer.Wallpaper
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

---

Italian.Soccer.Wallpaper Also known as:

[Kaspersky]not-a-virus:AdWare.Win32.Relevant.a;
[Other]Application.Adware.NewDotNet.B.Dropper,Adware.Relevant

---

Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\install.rdf
[%PROGRAM_FILES%]\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\install.rdf

How to detect Italian.Soccer.Wallpaper:

Files:
[%PROGRAM_FILES%]\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\install.rdf
[%PROGRAM_FILES%]\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\install.rdf

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\italiawpv09.zip
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\italiawpv09.zip

Removing Italian.Soccer.Wallpaper:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Skulls Trojan Cleaner
TSpy Spyware Removal
WordMacro.Paper Trojan Removal instruction

Derowarb Trojan

Removing Derowarb
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

---

Derowarb Also known as:

[Kaspersky]Trojan-Downloader.Win32.Agent.brq;
[Other]Win32/Derowarb.N

---

Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\xrun.exe
[%PROFILE_TEMP%]\xrun.exe

How to detect Derowarb:

Files:
[%PROFILE_TEMP%]\xrun.exe
[%PROFILE_TEMP%]\xrun.exe

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Derowarb:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Remove Tillusion Trojan
Removing CWS.Keymgrldr Hijacker

Bancos.IDJ Trojan

Removing Bancos.IDJ
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

---

Bancos.IDJ Also known as:

[Other]Win32/Bancos.IDJ

---

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\RegScr.exe
[%WINDOWS%]\system\RegScr.exe

How to detect Bancos.IDJ:

Files:
[%WINDOWS%]\system\RegScr.exe
[%WINDOWS%]\system\RegScr.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing Bancos.IDJ:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
ICMP Trojan Symptoms
Startpage.Z!downloader Trojan Removal instruction
BadBoh BHO Removal

eShopee Trojan

Removing eShopee
Categories: Trojan,BHO,Hijacker
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

---

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\eshop.xml
[%SYSTEM%]\eshopcamp.xml
[%SYSTEM%]\ESHOPEE.exe
[%SYSTEM%]\EShopee.exe
[%SYSTEM%]\eshop.xml
[%SYSTEM%]\eshopcamp.xml
[%SYSTEM%]\ESHOPEE.exe
[%SYSTEM%]\EShopee.exe

How to detect eShopee:

Files:
[%SYSTEM%]\eshop.xml
[%SYSTEM%]\eshopcamp.xml
[%SYSTEM%]\ESHOPEE.exe
[%SYSTEM%]\EShopee.exe
[%SYSTEM%]\eshop.xml
[%SYSTEM%]\eshopcamp.xml
[%SYSTEM%]\ESHOPEE.exe
[%SYSTEM%]\EShopee.exe

Folders:
[%SYSTEM%]\NewmsrdkForKey

Registry Keys:
HKEY_LOCAL_MACHINE\software\eshopee

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing eShopee:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
MPC.McWhale Trojan Removal instruction
AdClicker.MediaPlex.EbayShop Adware Information
Emesx.dll Adware Removal

Higlieder Trojan

Removing Higlieder
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

---

Higlieder Also known as:

[Kaspersky]Email-Worm.Win32.Bagle.hc,Email-Worm.Win32.Bagle.hg,Trojan-Downloader.Win32.Bagle.cw;
[Other]Win32/Higlieder,Win32/Higlieder.E,Win32/Higlieder.M,Bloodhound.Beagle,Win32/Higlieder.O,Win32/Higlieder.AJ

---

Visible Symptoms:
Files in system folders:
[%APPDATA%]\hidires\hidr.exe
[%APPDATA%]\hidires\m_hook.sys
[%PROFILE_TEMP%]\~1.exe
[%PROFILE_TEMP%]\~6.exe
[%PROFILE_TEMP%]\~??.ee
[%PROFILE_TEMP%]\~???.ee
[%APPDATA%]\hidires\hidr.exe
[%APPDATA%]\hidires\m_hook.sys
[%PROFILE_TEMP%]\~1.exe
[%PROFILE_TEMP%]\~6.exe
[%PROFILE_TEMP%]\~??.ee
[%PROFILE_TEMP%]\~???.ee

How to detect Higlieder:

Files:
[%APPDATA%]\hidires\hidr.exe
[%APPDATA%]\hidires\m_hook.sys
[%PROFILE_TEMP%]\~1.exe
[%PROFILE_TEMP%]\~6.exe
[%PROFILE_TEMP%]\~??.ee
[%PROFILE_TEMP%]\~???.ee
[%APPDATA%]\hidires\hidr.exe
[%APPDATA%]\hidires\m_hook.sys
[%PROFILE_TEMP%]\~1.exe
[%PROFILE_TEMP%]\~6.exe
[%PROFILE_TEMP%]\~??.ee
[%PROFILE_TEMP%]\~???.ee

Registry Keys:
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_m_hook
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\m_hook

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing Higlieder:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
DOS32.QHA Trojan Removal instruction
Iani Backdoor Cleaner
Slodist Trojan Cleaner
Removing RemoteNC RAT

Computer.Spy Spyware

Removing Computer.Spy
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

---

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\winfile32.dll
[%WINDOWS%]\winfile64.dll
[%WINDOWS%]\winfileb32.dll
[%WINDOWS%]\winfile32.dll
[%WINDOWS%]\winfile64.dll
[%WINDOWS%]\winfileb32.dll

How to detect Computer.Spy:

Files:
[%WINDOWS%]\winfile32.dll
[%WINDOWS%]\winfile64.dll
[%WINDOWS%]\winfileb32.dll
[%WINDOWS%]\winfile32.dll
[%WINDOWS%]\winfile64.dll
[%WINDOWS%]\winfileb32.dll

Folders:
[%PROGRAMS%]\Computer Spying System
[%PROGRAM_FILES%]\Munart\CSS

Registry Keys:
HKEY_CURRENT_USER\software\microsoft\installer\features\31756894ec616c64eba8fd20d2054c79
HKEY_CURRENT_USER\software\microsoft\installer\products\31756894ec616c64eba8fd20d2054c79
HKEY_CURRENT_USER\software\microsoft\installer\upgradecodes\ece9cf640c19f064b84b575037320481
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\computer spying system
HKEY_CURRENT_USER\software\munart
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\upgradecodes\ece9cf640c19f064b84b575037320481
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{49865713-16ce-46c6-be8a-df022d50c497}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Computer.Spy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
RFF Trojan Removal
Nip Trojan Symptoms
Uhrnf Trojan Symptoms

CE Trojan

Removing CE
Categories: Trojan,Adware
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

---

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\services\he4sy.exe
[%WINDOWS%]\system\services\losve.exe
[%WINDOWS%]\system\services\he4sy.exe
[%WINDOWS%]\system\services\losve.exe

How to detect CE:

Files:
[%WINDOWS%]\system\services\he4sy.exe
[%WINDOWS%]\system\services\losve.exe
[%WINDOWS%]\system\services\he4sy.exe
[%WINDOWS%]\system\services\losve.exe

Removing CE:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
net.filter.com Tracking Cookie Symptoms
Du.Remote RAT Cleaner
Adware.BHO.gen Downloader Symptoms
SatWar Trojan Removal instruction
Removing Belio Trojan

Antivirus.Gold Adware

Removing Antivirus.Gold
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

---

Antivirus.Gold Also known as:

[Other]Troj/Spyre-C,Trojan Horse

---

Visible Symptoms:
Files in system folders:
[%PROFILE%]\start menu\antivirusgold 2.0.lnk
[%PROGRAMS%]\antivirusgold\antivirusgold 2.0 website.lnk
[%PROGRAMS%]\antivirusgold\antivirusgold 2.0.lnk
[%PROGRAMS%]\antivirusgold\uninstall antivirusgold 2.0.lnk
[%PROFILE%]\start menu\antivirusgold 2.0.lnk
[%PROGRAMS%]\antivirusgold\antivirusgold 2.0 website.lnk
[%PROGRAMS%]\antivirusgold\antivirusgold 2.0.lnk
[%PROGRAMS%]\antivirusgold\uninstall antivirusgold 2.0.lnk

How to detect Antivirus.Gold:

Files:
[%PROFILE%]\start menu\antivirusgold 2.0.lnk
[%PROGRAMS%]\antivirusgold\antivirusgold 2.0 website.lnk
[%PROGRAMS%]\antivirusgold\antivirusgold 2.0.lnk
[%PROGRAMS%]\antivirusgold\uninstall antivirusgold 2.0.lnk
[%PROFILE%]\start menu\antivirusgold 2.0.lnk
[%PROGRAMS%]\antivirusgold\antivirusgold 2.0 website.lnk
[%PROGRAMS%]\antivirusgold\antivirusgold 2.0.lnk
[%PROGRAMS%]\antivirusgold\uninstall antivirusgold 2.0.lnk

Removing Antivirus.Gold:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Yar Adware Cleaner
PWS.LeMir.dr Trojan Information
Remove Micro.Bot RAT
SpywareQuake Trojan Removal

Calego Trojan

Removing Calego
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

---

Calego Also known as:

[Kaspersky]Backdoor.Win32.Rukap.bs,Backdoor.Win32.Rukap.cf,Backdor.Win32.Rukap.dx,Backdoor.Win32.Rukap.dn;
[McAfee]BackDoor-CZY;
[Other]Win32/Calego.C,Backdoor.Sdbot,Win32/Calego.E,Win32/Calego.G,Win32/Rukap.B,Win32/Calego.D

How to detect Calego:

Registry Keys:
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_directnyvl
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_directqubs
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_directximm
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_directxocc
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\directnyvl
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\directqubs
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\directximm
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\directxocc

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\directnyvl
HKEY_LOCAL_MACHINE\software\microsoft\directqubs
HKEY_LOCAL_MACHINE\software\microsoft\directximm
HKEY_LOCAL_MACHINE\software\microsoft\directxocc
HKEY_LOCAL_MACHINE\system\currentcontrolset\services

Removing Calego:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Remove Regger Trojan
Misnfodown Downloader Removal instruction
Banker.akx Spyware Removal instruction

Win32.ExpDwnldr Adware

Removing Win32.ExpDwnldr
Categories: Adware,BHO
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.

---

Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\WinMsg\notepad.dll
[%PROGRAM_FILES%]\WinMsg\sclick.exe
[%PROGRAM_FILES%]\WinMsg\SYSMONMS.EXE
[%PROGRAM_FILES%]\WinMsg\uinst.exe
[%SYSTEM%]\psc_mon.exe
[%WINDOWS%]\ddesupport.dll
[%PROGRAM_FILES%]\WinMsg\notepad.dll
[%PROGRAM_FILES%]\WinMsg\sclick.exe
[%PROGRAM_FILES%]\WinMsg\SYSMONMS.EXE
[%PROGRAM_FILES%]\WinMsg\uinst.exe
[%SYSTEM%]\psc_mon.exe
[%WINDOWS%]\ddesupport.dll

How to detect Win32.ExpDwnldr:

Files:
[%PROGRAM_FILES%]\WinMsg\notepad.dll
[%PROGRAM_FILES%]\WinMsg\sclick.exe
[%PROGRAM_FILES%]\WinMsg\SYSMONMS.EXE
[%PROGRAM_FILES%]\WinMsg\uinst.exe
[%SYSTEM%]\psc_mon.exe
[%WINDOWS%]\ddesupport.dll
[%PROGRAM_FILES%]\WinMsg\notepad.dll
[%PROGRAM_FILES%]\WinMsg\sclick.exe
[%PROGRAM_FILES%]\WinMsg\SYSMONMS.EXE
[%PROGRAM_FILES%]\WinMsg\uinst.exe
[%SYSTEM%]\psc_mon.exe
[%WINDOWS%]\ddesupport.dll

Folders:
[%PROGRAM_FILES%]\WinMsg

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{0B9B7B2E-30E3-4C5D-AD2C-C38724979B4B}
HKEY_CLASSES_ROOT\CLSID\{100B21CD-3B97-44FB-B1C0-EA6249E482E8}
HKEY_CLASSES_ROOT\CLSID\{49CF52D7-8D58-4E22-A874-AAD721F5B523}
HKEY_CLASSES_ROOT\CLSID\{8E6CFDFE-79A8-421C-B854-04081690CE6B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B9B7B2E-30E3-4C5D-AD2C-C38724979B4B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100B21CD-3B97-44FB-B1C0-EA6249E482E8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49CF52D7-8D58-4E22-A874-AAD721F5B523}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E6CFDFE-79A8-421C-B854-04081690CE6B}

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Removing Win32.ExpDwnldr:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Avenger!Backdoor Trojan Symptoms
MS03.Exploit!Trojan Trojan Removal

Hijack Worm

Removing Hijack
Categories: Worm,Hijacker
Worms can be classified according to the propagation method they use,
i.e. how they deliver copies of themselves to new victim machines.
Worms can also be classified by installation method, launch method and finally according
to characteristics standard to all malware: polymorphism, stealth etc.

Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.
The methods are listed separately below.
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.

---

Hijack Also known as:

[Panda]Linux/Hijack.Worm,Worm Generic;
[Computer Associates]Linux/Hijack.A

---

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\msenfh.dll
[%WINDOWS%]\system\mspgjp.dll
[%SYSTEM%]\msenfh.dll
[%WINDOWS%]\system\mspgjp.dll

How to detect Hijack:

Files:
[%SYSTEM%]\msenfh.dll
[%WINDOWS%]\system\mspgjp.dll
[%SYSTEM%]\msenfh.dll
[%WINDOWS%]\system\mspgjp.dll

Removing Hijack:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
ShopForGood Adware Removal

Search200 Adware

Removing Search200
Categories: Adware,Hijacker,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
A Search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

---

Visible Symptoms:
Files in system folders:
[%APPDATA%]\support delete\boltfunk.exe
[%APPDATA%]\thebarbcash\388841ea
[%APPDATA%]\thebarbcash\antethirdproxyplay.exe
[%APPDATA%]\thebarbcash\lxbzvkvm.exe
[%APPDATA%]\thebarbcash\mpegmemoblah.exe
[%APPDATA%]\thebarbcash\titleteam.exe
[%APPDATA%]\thebarbcash\tkwmpzmx.exe
[%APPDATA%]\support delete\boltfunk.exe
[%APPDATA%]\thebarbcash\388841ea
[%APPDATA%]\thebarbcash\antethirdproxyplay.exe
[%APPDATA%]\thebarbcash\lxbzvkvm.exe
[%APPDATA%]\thebarbcash\mpegmemoblah.exe
[%APPDATA%]\thebarbcash\titleteam.exe
[%APPDATA%]\thebarbcash\tkwmpzmx.exe

How to detect Search200:

Files:
[%APPDATA%]\support delete\boltfunk.exe
[%APPDATA%]\thebarbcash\388841ea
[%APPDATA%]\thebarbcash\antethirdproxyplay.exe
[%APPDATA%]\thebarbcash\lxbzvkvm.exe
[%APPDATA%]\thebarbcash\mpegmemoblah.exe
[%APPDATA%]\thebarbcash\titleteam.exe
[%APPDATA%]\thebarbcash\tkwmpzmx.exe
[%APPDATA%]\support delete\boltfunk.exe
[%APPDATA%]\thebarbcash\388841ea
[%APPDATA%]\thebarbcash\antethirdproxyplay.exe
[%APPDATA%]\thebarbcash\lxbzvkvm.exe
[%APPDATA%]\thebarbcash\mpegmemoblah.exe
[%APPDATA%]\thebarbcash\titleteam.exe
[%APPDATA%]\thebarbcash\tkwmpzmx.exe

Folders:
[%APPDATA%]\bikeeggsloudmpeg
[%APPDATA%]\thebarcash

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{86067727-f592-a113-3317-a8b9c15a1827}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\heart mags great
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\uninstall\amengreatclose

Registry Values:
HKEY_CURRENT_USER\software\bitsmorepeakfile
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Search200:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

---

Also Be Aware of the Following Threats:
Remove Banker.CNQ Trojan