Malware Info: 12/12/08

Friday, December 12, 2008

AdMoke Adware

Removing AdMoke
Categories: Adware,Downloader
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

AdMoke Also known as:


[Kaspersky]AdWare.Win32.AdMoke.bc;
[Other]Trojan.Downloader.Agent.NY,W32/DLoader.AIYY

Visible Symptoms:
Files in system folders:

 
[%PROFILE_TEMP%]\Skymmstp013.exe
[%PROFILE_TEMP%]\Skymmstp013.exe

How to detect AdMoke:

Files: [%PROFILE_TEMP%]\Skymmstp013.exe [%PROFILE_TEMP%]\Skymmstp013.exe

Removing AdMoke:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
BackDoor.AED Trojan Cleaner
Remove IntermixMedia.PowerSearch BHO
Bancos.INU Trojan Information
Remove SpyGuardPro Ransomware
QScare.Jeru.unp Trojan Symptoms

Win32.DelP2P Trojan

Removing Win32.DelP2P
Categories: Trojan,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Win32.DelP2P Also known as:


[Kaspersky]Trojan.Win32.KillFiles.fz;
[Panda]Spyware/Virtumonde;
[Computer Associates]Win32.KillFiles.AA

Visible Symptoms:
Files in system folders:

 
[%PROFILE_TEMP%]\host.exe
[%PROFILE_TEMP%]\host.exe

How to detect Win32.DelP2P:

Files: [%PROFILE_TEMP%]\host.exe [%PROFILE_TEMP%]\host.exe

Removing Win32.DelP2P:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Tamsui Trojan Information
Infostealer.Bzup Trojan Removal instruction
Removing bpk2003 Spyware

Netguarder.Web.Cleaner Adware

Removing Netguarder.Web.Cleaner
Categories: Adware,BHO,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\webtool.dll
[%WINDOWS%]\system\webtool.dll
[%SYSTEM%]\webtool.dll
[%WINDOWS%]\system\webtool.dll

How to detect Netguarder.Web.Cleaner:

Files: [%SYSTEM%]\webtool.dll [%WINDOWS%]\system\webtool.dll [%SYSTEM%]\webtool.dll [%WINDOWS%]\system\webtool.dll

Registry Keys: HKEY_CLASSES_ROOT\clsid\{f585d290-1bf4-480a-aec2-4182593f1e32} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{f585d290-1bf4-480a-aec2-4182593f1e32} HKEY_LOCAL_MACHINE\software\classes\clsid\{f585d290-1bf4-480a-aec2-4182593f1e32} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{f585d290-1bf4-480a-aec2-4182593f1e32}

Removing Netguarder.Web.Cleaner:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.EPI Trojan Symptoms
Quake Trojan Cleaner
VB.mo Trojan Cleaner
At Trojan Cleaner
WinPopup DoS Information

IESecurityPro Spyware

Removing IESecurityPro
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.

Visible Symptoms:
Files in system folders:

 
[%PROGRAM_FILES%]\1STINT~1\iesecpro.dll
[%PROGRAM_FILES%]\POPUPB~1\iehelper.dll
[%SYSTEM%]\IEHelper.dll
[%SYSTEM%]\iehelper3.dll
[%PROGRAM_FILES%]\1STINT~1\iesecpro.dll
[%PROGRAM_FILES%]\POPUPB~1\iehelper.dll
[%SYSTEM%]\IEHelper.dll
[%SYSTEM%]\iehelper3.dll

How to detect IESecurityPro:

Files: [%PROGRAM_FILES%]\1STINT~1\iesecpro.dll [%PROGRAM_FILES%]\POPUPB~1\iehelper.dll [%SYSTEM%]\IEHelper.dll [%SYSTEM%]\iehelper3.dll [%PROGRAM_FILES%]\1STINT~1\iesecpro.dll [%PROGRAM_FILES%]\POPUPB~1\iehelper.dll [%SYSTEM%]\IEHelper.dll [%SYSTEM%]\iehelper3.dll

Registry Keys: HKEY_CLASSES_ROOT\CLSID\{49E0E0F0-5C30-11D4-945D-000000000000} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49E0E0F0-5C30-11D4-945D-000000000000}

Removing IESecurityPro:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Tobort Trojan Information

Downloader.BCF Trojan

Removing Downloader.BCF
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Downloader.BCF Also known as:


[Kaspersky]Trojan-Downloader.Win32.Agent.bls;
[McAfee]Downloader-BCF;
[F-Prot]W32/Downloader2.FHX;
[Other]W32/Agent.BOYK,TROJ_AGENT.ODU,Win32/Matcash.AM,Downloader,BrowserModifier:Win32/Matcash,Trojan-Downloader.Gen

How to detect Downloader.BCF:

Registry Keys: HKEY_CURRENT_USER\software\classes\clsid\{f862b760-0af0-1033-1203-050001}

Removing Downloader.BCF:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
ControlTotal.k[2] Backdoor Removal
Removing XoloX Worm
FliMod Trojan Symptoms
TMS Backdoor Information
Remove Win32.Blueang Trojan

Efewe Trojan

Removing Efewe
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Efewe Also known as:


[Panda]Trojan Horse;
[Computer Associates]Win32.Efewe,Win32/Vanquish!Rootkit!Trojan

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\rdriv.sys
[%SYSTEM%]\rdriv.sys

How to detect Efewe:

Files: [%SYSTEM%]\rdriv.sys [%SYSTEM%]\rdriv.sys

Removing Efewe:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Need2Find Adware Cleaner

NS.Keylogger Spyware

Removing NS.Keylogger
Categories: Spyware
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Visible Symptoms:
Files in system folders:

 
[%DESKTOP%]\ns keylogger personal monitor.lnk
[%DESKTOP%]\ns keylogger personal monitor.lnk

How to detect NS.Keylogger:

Files: [%DESKTOP%]\ns keylogger personal monitor.lnk [%DESKTOP%]\ns keylogger personal monitor.lnk

Folders: [%PROGRAMS%]\ns keylogger personal monitor [%PROGRAM_FILES%]\NSkeylogger

Registry Keys: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ns keylogger personal monitor_is1

Removing NS.Keylogger:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Stactisu Trojan Removal instruction
Aprentice.Productions.Adbot Spyware Symptoms

FirewallBypass Trojan

Removing FirewallBypass
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

FirewallBypass Also known as:


[Kaspersky]Backdoor.Win32.Agent.acx;
[Other]Trojan.FirewallByPass,taskmgn,Troj/Agent-DMM

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\1172015
[%WINDOWS%]\1984578
[%WINDOWS%]\1172015
[%WINDOWS%]\1984578

How to detect FirewallBypass:

Files: [%WINDOWS%]\1172015 [%WINDOWS%]\1984578 [%WINDOWS%]\1172015 [%WINDOWS%]\1984578

Registry Values: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list

Removing FirewallBypass:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Claria.Screenscenes Adware
Mind.Control Trojan Symptoms
Glenwiry Trojan Cleaner

FlashGet BHO

Removing FlashGet
Categories: BHO,Toolbar
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

Visible Symptoms:
Files in system folders:

 
[%PROGRAM_FILES%]\flashget\fgiebar.dll
[%PROGRAM_FILES%]\flashget\flashget.chm
[%PROGRAM_FILES%]\flashget\flashget.exe
[%PROGRAM_FILES%]\flashget\jccatch.dll
[%PROGRAM_FILES%]\flashget\jc_all.htm
[%PROGRAM_FILES%]\flashget\jc_link.htm
[%PROGRAM_FILES%]\flashget\language\jcbul.ini
[%PROGRAM_FILES%]\flashget\language\jccat.ini
[%PROGRAM_FILES%]\flashget\language\jcchs.ini
[%PROGRAM_FILES%]\flashget\language\jccht.ini
[%PROGRAM_FILES%]\flashget\language\jccze.ini
[%PROGRAM_FILES%]\flashget\language\jcdax.ini
[%PROGRAM_FILES%]\flashget\language\jcdeu.ini
[%PROGRAM_FILES%]\flashget\language\jcell.ini
[%PROGRAM_FILES%]\flashget\language\jceng.ini
[%PROGRAM_FILES%]\flashget\language\jcesp.ini
[%PROGRAM_FILES%]\flashget\language\jcfin.ini
[%PROGRAM_FILES%]\flashget\language\jcfra.ini
[%PROGRAM_FILES%]\flashget\language\jcheb.ini
[%PROGRAM_FILES%]\flashget\language\jchun.ini
[%PROGRAM_FILES%]\flashget\language\jcita.ini
[%PROGRAM_FILES%]\flashget\language\jcjpn.ini
[%PROGRAM_FILES%]\flashget\language\jckor.ini
[%PROGRAM_FILES%]\flashget\language\jclat.ini
[%PROGRAM_FILES%]\flashget\language\jcltu.ini
[%PROGRAM_FILES%]\flashget\language\jcnld.ini
[%PROGRAM_FILES%]\flashget\language\jcnor.ini
[%PROGRAM_FILES%]\flashget\language\jcpls.ini
[%PROGRAM_FILES%]\flashget\language\jcpob.ini
[%PROGRAM_FILES%]\flashget\language\jcptp.ini
[%PROGRAM_FILES%]\flashget\language\jcrom.ini
[%PROGRAM_FILES%]\flashget\language\jcrus.ini
[%PROGRAM_FILES%]\flashget\language\jcslo.ini
[%PROGRAM_FILES%]\flashget\language\jcsrl.ini
[%PROGRAM_FILES%]\flashget\language\jcsvk.ini
[%PROGRAM_FILES%]\flashget\language\jcswe.ini
[%PROGRAM_FILES%]\flashget\language\jcthi.ini
[%PROGRAM_FILES%]\flashget\language\jctur.ini
[%PROGRAM_FILES%]\flashget\language\jcukr.ini
[%PROGRAM_FILES%]\flashget\skin\imagebk.ini
[%PROGRAM_FILES%]\flashget\skin\music_notes.ini
[%PROGRAM_FILES%]\flashget\skin\normal.ini
[%PROGRAM_FILES%]\flashget\skin\sky(gradient).ini
[%PROGRAM_FILES%]\flashget\skin\xp_luna(gradient).ini
[%PROGRAM_FILES%]\flashget\skin\xp_luna.ini
[%PROGRAM_FILES%]\flashget\uninstalllib.exe
[%PROGRAM_FILES%]\flashget\unreg.inf
[%WINDOWS%]\system\msdoh.dll
[%PROGRAM_FILES%]\flashget\fgiebar.dll
[%PROGRAM_FILES%]\flashget\flashget.chm
[%PROGRAM_FILES%]\flashget\flashget.exe
[%PROGRAM_FILES%]\flashget\jccatch.dll
[%PROGRAM_FILES%]\flashget\jc_all.htm
[%PROGRAM_FILES%]\flashget\jc_link.htm
[%PROGRAM_FILES%]\flashget\language\jcbul.ini
[%PROGRAM_FILES%]\flashget\language\jccat.ini
[%PROGRAM_FILES%]\flashget\language\jcchs.ini
[%PROGRAM_FILES%]\flashget\language\jccht.ini
[%PROGRAM_FILES%]\flashget\language\jccze.ini
[%PROGRAM_FILES%]\flashget\language\jcdax.ini
[%PROGRAM_FILES%]\flashget\language\jcdeu.ini
[%PROGRAM_FILES%]\flashget\language\jcell.ini
[%PROGRAM_FILES%]\flashget\language\jceng.ini
[%PROGRAM_FILES%]\flashget\language\jcesp.ini
[%PROGRAM_FILES%]\flashget\language\jcfin.ini
[%PROGRAM_FILES%]\flashget\language\jcfra.ini
[%PROGRAM_FILES%]\flashget\language\jcheb.ini
[%PROGRAM_FILES%]\flashget\language\jchun.ini
[%PROGRAM_FILES%]\flashget\language\jcita.ini
[%PROGRAM_FILES%]\flashget\language\jcjpn.ini
[%PROGRAM_FILES%]\flashget\language\jckor.ini
[%PROGRAM_FILES%]\flashget\language\jclat.ini
[%PROGRAM_FILES%]\flashget\language\jcltu.ini
[%PROGRAM_FILES%]\flashget\language\jcnld.ini
[%PROGRAM_FILES%]\flashget\language\jcnor.ini
[%PROGRAM_FILES%]\flashget\language\jcpls.ini
[%PROGRAM_FILES%]\flashget\language\jcpob.ini
[%PROGRAM_FILES%]\flashget\language\jcptp.ini
[%PROGRAM_FILES%]\flashget\language\jcrom.ini
[%PROGRAM_FILES%]\flashget\language\jcrus.ini
[%PROGRAM_FILES%]\flashget\language\jcslo.ini
[%PROGRAM_FILES%]\flashget\language\jcsrl.ini
[%PROGRAM_FILES%]\flashget\language\jcsvk.ini
[%PROGRAM_FILES%]\flashget\language\jcswe.ini
[%PROGRAM_FILES%]\flashget\language\jcthi.ini
[%PROGRAM_FILES%]\flashget\language\jctur.ini
[%PROGRAM_FILES%]\flashget\language\jcukr.ini
[%PROGRAM_FILES%]\flashget\skin\imagebk.ini
[%PROGRAM_FILES%]\flashget\skin\music_notes.ini
[%PROGRAM_FILES%]\flashget\skin\normal.ini
[%PROGRAM_FILES%]\flashget\skin\sky(gradient).ini
[%PROGRAM_FILES%]\flashget\skin\xp_luna(gradient).ini
[%PROGRAM_FILES%]\flashget\skin\xp_luna.ini
[%PROGRAM_FILES%]\flashget\uninstalllib.exe
[%PROGRAM_FILES%]\flashget\unreg.inf
[%WINDOWS%]\system\msdoh.dll

How to detect FlashGet:

Files: [%PROGRAM_FILES%]\flashget\fgiebar.dll [%PROGRAM_FILES%]\flashget\flashget.chm [%PROGRAM_FILES%]\flashget\flashget.exe [%PROGRAM_FILES%]\flashget\jccatch.dll [%PROGRAM_FILES%]\flashget\jc_all.htm [%PROGRAM_FILES%]\flashget\jc_link.htm [%PROGRAM_FILES%]\flashget\language\jcbul.ini [%PROGRAM_FILES%]\flashget\language\jccat.ini [%PROGRAM_FILES%]\flashget\language\jcchs.ini [%PROGRAM_FILES%]\flashget\language\jccht.ini [%PROGRAM_FILES%]\flashget\language\jccze.ini [%PROGRAM_FILES%]\flashget\language\jcdax.ini [%PROGRAM_FILES%]\flashget\language\jcdeu.ini [%PROGRAM_FILES%]\flashget\language\jcell.ini [%PROGRAM_FILES%]\flashget\language\jceng.ini [%PROGRAM_FILES%]\flashget\language\jcesp.ini [%PROGRAM_FILES%]\flashget\language\jcfin.ini [%PROGRAM_FILES%]\flashget\language\jcfra.ini [%PROGRAM_FILES%]\flashget\language\jcheb.ini [%PROGRAM_FILES%]\flashget\language\jchun.ini [%PROGRAM_FILES%]\flashget\language\jcita.ini [%PROGRAM_FILES%]\flashget\language\jcjpn.ini [%PROGRAM_FILES%]\flashget\language\jckor.ini [%PROGRAM_FILES%]\flashget\language\jclat.ini [%PROGRAM_FILES%]\flashget\language\jcltu.ini [%PROGRAM_FILES%]\flashget\language\jcnld.ini [%PROGRAM_FILES%]\flashget\language\jcnor.ini [%PROGRAM_FILES%]\flashget\language\jcpls.ini [%PROGRAM_FILES%]\flashget\language\jcpob.ini [%PROGRAM_FILES%]\flashget\language\jcptp.ini [%PROGRAM_FILES%]\flashget\language\jcrom.ini [%PROGRAM_FILES%]\flashget\language\jcrus.ini [%PROGRAM_FILES%]\flashget\language\jcslo.ini [%PROGRAM_FILES%]\flashget\language\jcsrl.ini [%PROGRAM_FILES%]\flashget\language\jcsvk.ini [%PROGRAM_FILES%]\flashget\language\jcswe.ini [%PROGRAM_FILES%]\flashget\language\jcthi.ini [%PROGRAM_FILES%]\flashget\language\jctur.ini [%PROGRAM_FILES%]\flashget\language\jcukr.ini [%PROGRAM_FILES%]\flashget\skin\imagebk.ini [%PROGRAM_FILES%]\flashget\skin\music_notes.ini [%PROGRAM_FILES%]\flashget\skin\normal.ini [%PROGRAM_FILES%]\flashget\skin\sky(gradient).ini [%PROGRAM_FILES%]\flashget\skin\xp_luna(gradient).ini [%PROGRAM_FILES%]\flashget\skin\xp_luna.ini [%PROGRAM_FILES%]\flashget\uninstalllib.exe [%PROGRAM_FILES%]\flashget\unreg.inf [%WINDOWS%]\system\msdoh.dll [%PROGRAM_FILES%]\flashget\fgiebar.dll [%PROGRAM_FILES%]\flashget\flashget.chm [%PROGRAM_FILES%]\flashget\flashget.exe [%PROGRAM_FILES%]\flashget\jccatch.dll [%PROGRAM_FILES%]\flashget\jc_all.htm [%PROGRAM_FILES%]\flashget\jc_link.htm [%PROGRAM_FILES%]\flashget\language\jcbul.ini [%PROGRAM_FILES%]\flashget\language\jccat.ini [%PROGRAM_FILES%]\flashget\language\jcchs.ini [%PROGRAM_FILES%]\flashget\language\jccht.ini [%PROGRAM_FILES%]\flashget\language\jccze.ini [%PROGRAM_FILES%]\flashget\language\jcdax.ini [%PROGRAM_FILES%]\flashget\language\jcdeu.ini [%PROGRAM_FILES%]\flashget\language\jcell.ini [%PROGRAM_FILES%]\flashget\language\jceng.ini [%PROGRAM_FILES%]\flashget\language\jcesp.ini [%PROGRAM_FILES%]\flashget\language\jcfin.ini [%PROGRAM_FILES%]\flashget\language\jcfra.ini [%PROGRAM_FILES%]\flashget\language\jcheb.ini [%PROGRAM_FILES%]\flashget\language\jchun.ini [%PROGRAM_FILES%]\flashget\language\jcita.ini [%PROGRAM_FILES%]\flashget\language\jcjpn.ini [%PROGRAM_FILES%]\flashget\language\jckor.ini [%PROGRAM_FILES%]\flashget\language\jclat.ini [%PROGRAM_FILES%]\flashget\language\jcltu.ini [%PROGRAM_FILES%]\flashget\language\jcnld.ini [%PROGRAM_FILES%]\flashget\language\jcnor.ini [%PROGRAM_FILES%]\flashget\language\jcpls.ini [%PROGRAM_FILES%]\flashget\language\jcpob.ini [%PROGRAM_FILES%]\flashget\language\jcptp.ini [%PROGRAM_FILES%]\flashget\language\jcrom.ini [%PROGRAM_FILES%]\flashget\language\jcrus.ini [%PROGRAM_FILES%]\flashget\language\jcslo.ini [%PROGRAM_FILES%]\flashget\language\jcsrl.ini [%PROGRAM_FILES%]\flashget\language\jcsvk.ini [%PROGRAM_FILES%]\flashget\language\jcswe.ini [%PROGRAM_FILES%]\flashget\language\jcthi.ini [%PROGRAM_FILES%]\flashget\language\jctur.ini [%PROGRAM_FILES%]\flashget\language\jcukr.ini [%PROGRAM_FILES%]\flashget\skin\imagebk.ini [%PROGRAM_FILES%]\flashget\skin\music_notes.ini [%PROGRAM_FILES%]\flashget\skin\normal.ini [%PROGRAM_FILES%]\flashget\skin\sky(gradient).ini [%PROGRAM_FILES%]\flashget\skin\xp_luna(gradient).ini [%PROGRAM_FILES%]\flashget\skin\xp_luna.ini [%PROGRAM_FILES%]\flashget\uninstalllib.exe [%PROGRAM_FILES%]\flashget\unreg.inf [%WINDOWS%]\system\msdoh.dll

Registry Keys: HKEY_CLASSES_ROOT\clsid\{a5366673-e8ca-11d3-9cd9-0090271d075b} HKEY_CLASSES_ROOT\clsid\{e0e899ab-f487-11d5-8d29-0050ba6940e3} HKEY_LOCAL_MACHINE\software\classes\clsid\{a5366673-e8ca-11d3-9cd9-0090271d075b} HKEY_LOCAL_MACHINE\software\classes\clsid\{e0e899ab-f487-11d5-8d29-0050ba6940e3} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{a5366673-e8ca-11d3-9cd9-0090271d075b}

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar

Removing FlashGet:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Vxidl.BFU Trojan Cleaner
Removing Notiex Trojan

Sin.Cyn Backdoor

Removing Sin.Cyn
Categories: Backdoor,Hacker Tool
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Sin.Cyn Also known as:


[Kaspersky]Backdoor.Cyn.22;
[McAfee]BackDoor-PB;
[F-Prot]security risk or a "backdoor" program;
[Panda]Backdoor Program,Bck/Cyn;
[Computer Associates]Backdoor/Cyn.2.2,Backdoor/Cyn.22

How to detect Sin.Cyn:

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Sin.Cyn:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Sweet.Heart.Skyfire RAT Removal
Pigeon.ACB Trojan Cleaner
CokeGift.joke Trojan Symptoms

SillyDl Trojan

Removing SillyDl
Categories: Trojan,Adware,Toolbar,Downloader
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.
Trojans-downloaders downloads and installs new malware or adware on the computer.

SillyDl Also known as:


[Kaspersky]Trojan-Downloader.Win32.IstBar.gn,TrojanDownloader.Win32.Small.uf,Trojan-Downloader.Win32.Agent.anz,Troajn-Downloader.Win32.VB.afu,Trojan-Downlaoder.Win32.Agent.anu,Trojan-Downlaoder.Win32.Agent.ass,Trojan-Dwonloader.win32.Agent.anu,Trojan-Downloader.Win32.Small.ddy,Trojan-Downloader.Win32.VB.aif,Trojan-Downloader.Win32.Small.dix,Trojan-Downloader.win32.Small.buq,Trojan-Downloader.Win32.Small.bsq,Trojan-Downloader.Win32.Delf.abt,Trojan-Downlaoder.Win32.Delf.atu,Trojan-Downloader.Win32.Small.cyh,Trojan-Downloader.Win32Obfuscated.n,Trojan-Downlaoder.Win32.Small.dlb,Trojan-Downloader.Win32.Obfuscated.n,Trojan-Dropper.Win32.Small.asi,Trojan-Downloader.Win32.Small.auy,Trojan-Downloader.Win32.Small.dgz,Trojan-Downloader.Win32.Mudrop.bq,Trojan-Downloader.Win32.VB.aam,Trojan-Downloader.Win32.Small.cjh,Trojan-Dropper.win32.Delf.wo,Trojan-Clicker.Win32.Small.ja,Trojan-Downloader.Win32.Agent.avm,Trojan-Downloader.Win32.Small.cmu,Trojan-Dropper.Win32.Agent.ata,Trojan-CLicker.Win32.Small.kj,Trojan-Downloader.Win32.Small.btj,Trojan-Downloader.Win32.Small.dbi,Trojan-Downloader.Win32.VB.ji,Trojan-Downloader.Win32.Agent.rq,Trojan-Downloader.Win32.Small.bfb,Trojan-Downloader.Win32.VB.ags,Trojan-Downloader.Win32.Agent.apn,Worm.Win32.Delf.ah,Trojan-Downloader.Win32.Small.dxg,Trojan-Downloader.Win32.Small.us,Trojan-Downloader.Win32.Delf.aku,Trojan-Downloader.Win32.Delf.df,Trojan.Win32.Delf.dq,Trojan-Downloader.win32.VB.auq,Trojan-Downloader.Win32.Small.aom,Trojan-PSW.Win32.OnLineGames.vv,Trojan-Dropper.Win32.Delf.ev;
[Eset]Win32/TrojanDownloader.Agent.AE trojan,Win32/TrojanDownloader.Alchemic.A trojan;
[McAfee]Downloader-AXM,Downloader-AXU,Downloader-AFY,Generic.Downloader.c,Downloader-AXF,Generic Downloader. k,Downloader-VC,Generic Downloader.k,Generic.dl,Downlaoder-ASK,Generic.dk,Generic.dp,Downloader-JU,Downloader-NV,Downloader-BCJ,Generic Downloader.j;
[F-Prot]W32/Downloader.SS,W32/Delf.DB;
[Panda]Trj/Downloader.GK,Trj/Downloader.NG,Trj/Donn.A,Trj/Agent.AO,Trj/Downloader.DC,Adware/IPInsight,Adware/Twain-Tech,Trj/Downloader.HE,Spyware/TVMedia,Trj/Downloader.SV,Trj/Delnetdall.A,Spyware/Overpro;
[Computer Associates]Win32.SillyDL.DL,Win32.SillyDL.DM,Win32.SillyDl.DW,Win32.SillyDl.DX,Win32/SillyDL.37888!Trojan,Win32/SillyDL.DW!Trojan,Win32/SillyDL.DX!Trojan,Win32.SillyDl.BX,Win32.SillyDl.AK,Win32/Gloogle.55174!Trojan,Win32.SillyDl.O,Win32.SillyDl.DV,Win32/SillyDL.DV!Trojan,Win32.SillyDl.DG,Win32/SillyDl.69632!Trojan,Win32.SillyDl,Win32/Ecip.143360!Downlaoder!Tro,Win32.SillyDl.H,Win32/Gloogle!Downloader.52626!T,Win32.SillyDl.EN,Win32.SillyDl.EW,Win32/EliteBar!BHO!Dropper,Win32/EliteBar!BHO!Trojan,Win32.SillyDl.CS,Win32/SillyDl.CS!Trojan,Win32.SillyDl.CM,Win32/Sillydl.EL!Trojan,Win32.Dent.A;
[Other]Downloader,Win32/SillyDl.ATS,Win32/SillyDl.ATM,Win32/SillyDl,Win32/SillyDl.ATV,Downloader.Trojan,Win32/SillyDl.AUS,Win32/SillyDl.AUO,Win32/SillyDl.AVE,Win32/SillyDl.AUW,Win32/SillyDl.AVM,Win32/SillyDl.AVH,Win32/SillyDl.AMZ,Win32/SillyDl.AVN,Win32/SillyDl.AUH,Win32/SillyDl.AZA,Trojan-Downlaoder.Win32.Small.dsv,Win32/sillyDl.AZC,Win32/SillyDl.AOY,Trojan-Downlaoder.Win32.Small.czs,Win32/DillDL.4mga!,Win32/SillyDl.PW,Win32/SillyDl.ATF,Dialer.DialPlatform,MediaMotor,Adware.Medload,Trojan.Adclicker,Trojan.Dropper,enbrowser,Win32/SillyDl.AZV,Generic Downloader.ab,Downloader-ACV,visfx,Win32/SillyDl.AWZ,Win32/SillyDl.AUK,Win32/SillyDl.ATP,Win32/SillyDl.AUA,Win32/SillyDl.ATU,coolwebsearch (cws),Win32/SillyDl.BBO,W32/Smalldrp.GOJ,Win32/SillyDl.XF,W32/Smalldrp.FBZ,Downlaoder,Trojan.KillAV,Trojan.StartPage,Win32/SillyDl.W,Win32/SillyDl.CLI,Win32/SillyDl.EE,Adware.JustFindIt,Trojan.Delf,Troj/Delf-DV,Win32/SillyDl.EC,xpehbam dialer,Win32/SillyDl.SZ,Backdoor.Trojan,Win32/SillyDl.ZN,Trojan Horse,Trojan:Win32/Meredrop,W32/Smalldrp.FIE,TROJ_Generic.Z,Troj/Delf-JZ

Visible Symptoms:
Files in system folders:

 
[%INTERNET_CACHE%]\Content.IE5\4LM3S9IZ\L2[1].exe
[%INTERNET_CACHE%]\content.ie5\K3TRUY71\tool3[1].txt
[%INTERNET_CACHE%]\content.ie5\VYSFJHOX\ms1[1].txt
[%PROFILE_TEMP%]\1245934_4056_580_3468_79.41.tst
[%PROFILE_TEMP%]\1311928_2992_580_2720_79.41.tst
[%PROFILE_TEMP%]\131658_2360_200_2420_79.41.tst
[%PROFILE_TEMP%]\131658_2360_200_2448_79.41.tst
[%PROFILE_TEMP%]\131736_1332_348_1076_79.41.tst
[%PROFILE_TEMP%]\131802_3512_1848_3668_79.41.tst
[%PROFILE_TEMP%]\1376672_4056_580_3668_79.41.tst
[%PROFILE_TEMP%]\1835924_4056_580_1172_79.41.tst
[%PROFILE_TEMP%]\1901206_236_224_3244_79.41.tst
[%PROFILE_TEMP%]\1966774_4056_580_2888_79.41.tst
[%PROFILE_TEMP%]\2097914_1300_580_4064_79.41.tst
[%PROFILE_TEMP%]\262708_236_224_1640_79.41.tst
[%PROFILE_TEMP%]\328360_3512_1848_3552_79.41.tst
[%PROFILE_TEMP%]\590892_1968_580_1572_79.41.tst
[%PROFILE_TEMP%]\6226776_2992_580_2932_79.41.tst
[%PROFILE_TEMP%]\656248_616_2024_3032_79.41.tst
[%PROFILE_TEMP%]\656268_3512_1848_2256_79.41.tst
[%PROFILE_TEMP%]\656432_1968_580_3636_79.41.tst
[%PROFILE_TEMP%]\66306_1016_224_2100_79.41.tst
[%PROFILE_TEMP%]\66326_1332_348_612_79.41.tst
[%PROFILE_TEMP%]\66362_2568_212_3020_79.41.tst
[%PROFILE_TEMP%]\66534_2360_200_3400_79.41.tst
[%PROFILE_TEMP%]\6YQoWs.exe
[%PROFILE_TEMP%]\7340640_616_2024_2116_79.41.tst
[%PROFILE_TEMP%]\787048_2568_212_3896_79.41.tst
[%PROFILE_TEMP%]\983876_2992_580_3020_79.41.tst
[%PROFILE_TEMP%]\984042_2992_580_3184_79.41.tst
[%PROFILE_TEMP%]\btgrab.inf
[%PROFILE_TEMP%]\ceQau6.exe
[%PROFILE_TEMP%]\E2f8oD.exe
[%PROFILE_TEMP%]\GLF35GLF35.EXE
[%PROFILE_TEMP%]\ICD2.tmp\m67m.inf
[%PROFILE_TEMP%]\ICD6.tmp\elite.inf
[%PROFILE_TEMP%]\ICD6.tmp\elite.ocx
[%PROFILE_TEMP%]\istsv_.exe
[%PROFILE_TEMP%]\kmGc9H.exe
[%PROFILE_TEMP%]\localNrd.inf
[%PROFILE_TEMP%]\ma11x1dd12111v.game
[%PROFILE_TEMP%]\mmxsnet.exe
[%PROFILE_TEMP%]\polmx.exe
[%PROFILE_TEMP%]\polmx2.inf
[%PROFILE_TEMP%]\polmx3.exe
[%PROFILE_TEMP%]\poltt.cab
[%PROFILE_TEMP%]\poltt.exe
[%PROFILE_TEMP%]\poltt.inf
[%PROFILE_TEMP%]\pre.exe
[%PROFILE_TEMP%]\temp.fr????\istsvc.exe
[%PROFILE_TEMP%]\THI1E47.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI2855.tmp\btgrab.inf
[%PROFILE_TEMP%]\THI30CA.tmp\polall1m.exe
[%PROFILE_TEMP%]\THI3263.tmp\polall1m.exe
[%PROFILE_TEMP%]\THI3B2A.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI3E66.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI411B.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI4313.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI4EFD.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI50FB.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI598C.tmp\btgrab.inf
[%PROFILE_TEMP%]\THI5A06.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI62BF.tmp\polall1t.exe
[%PROFILE_TEMP%]\THI62BF.tmp\twaintec.cab
[%PROFILE_TEMP%]\ts_8_new.exe
[%PROFILE_TEMP%]\xI8bHF.exe
[%PROFILE_TEMP%]\Y7TDSp.exe
[%PROGRAM_FILES%]\epicenter\snuninst.exe
[%SYSTEM%]\0.exe
[%SYSTEM%]\aaa00000.dll
[%SYSTEM%]\aaa00000.sys
[%SYSTEM%]\big5_gb2312.exe
[%SYSTEM%]\bpara.dll
[%SYSTEM%]\Cache\us4.0-2.exe
[%SYSTEM%]\cpoepnkf.exe
[%SYSTEM%]\dllhost32.exe
[%SYSTEM%]\elitedoolsav.dat
[%SYSTEM%]\laesbpfl.exe_
[%SYSTEM%]\m1ax1d1213216143v.exe
[%SYSTEM%]\my_update.exe
[%SYSTEM%]\oiimvtre.exe
[%SYSTEM%]\polall1m.exe
[%SYSTEM%]\start32.exe
[%SYSTEM%]\systf.dll
[%SYSTEM%]\TheMatri1HasYou.exe
[%SYSTEM%]\ujscvhfh.exe
[%SYSTEM%]\vbefsspc.exe
[%SYSTEM%]\winsrv32.exe
[%SYSTEM%]\xplugin.dll
[%SYSTEM%]\xvlqqfbx.exe
[%WINDOWS%]\1.exe
[%WINDOWS%]\109uninst.exe
[%WINDOWS%]\alchem.exe
[%WINDOWS%]\BTGrab.dll
[%WINDOWS%]\Downloaded Program Files\m67m.inf
[%WINDOWS%]\etb\etl
[%WINDOWS%]\etb\nt_hide79.dll
[%WINDOWS%]\etb\pokapoka79.exe
[%WINDOWS%]\etb\xml\adult.tbr
[%WINDOWS%]\etb\xml\images\50kwincash2.bmp
[%WINDOWS%]\etb\xml\images\casino.bmp
[%WINDOWS%]\etb\xml\images\dating.bmp
[%WINDOWS%]\etb\xml\images\findemails.bmp
[%WINDOWS%]\etb\xml\images\ringtones.bmp
[%WINDOWS%]\etb\xml\images\searchpeople.bmp
[%WINDOWS%]\etb\xml\images\virus.bmp
[%WINDOWS%]\inf\btgrab.inf
[%WINDOWS%]\inf\localNrd.inf
[%WINDOWS%]\localNRD.dll
[%WINDOWS%]\mousepad12.exe
[%WINDOWS%]\ms044779575-1262006.exe
[%WINDOWS%]\polmx.exe
[%WINDOWS%]\preinsln.exe
[%WINDOWS%]\TEMP\b.com
[%WINDOWS%]\temp\backups\backup-20060602-131510-617.inf
[%WINDOWS%]\TEMP\bl4ck.com
[%WINDOWS%]\TEMP\ma11x1dd12111v.game
[%WINDOWS%]\thin.exe
[%WINDOWS%]\videoc.ocx
[%WINDOWS%]\win32105-1264779572006.exe
[%PROFILE_TEMP%]\conscorr.exe
[%PROFILE_TEMP%]\msshed32.exe
[%PROFILE_TEMP%]\suicidetb.exe
[%PROFILE_TEMP%]\temporary directory 1 for jcrea250[1].zip\setup.exe
[%PROFILE_TEMP%]\thi14a5.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi15e8.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi174f.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi1832.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi1f8d.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi2357.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi23f0.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi261a.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi261a.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi261a.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi2e2b.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi334f.tmp\polall1t.exe
[%PROFILE_TEMP%]\thi36e.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi390d.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi3a0.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi3c79.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi400a.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi4020.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi406.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi4941.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi4a64.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi4e3b.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi4e88.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi5249.tmp\polall1t.exe
[%PROFILE_TEMP%]\thi5291.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi542b.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi565d.tmp\polall1t.exe
[%PROFILE_TEMP%]\thi5755.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi58e1.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi5c06.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi6.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi6513.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi659c.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi67dd.tmp\btgrab.dll
[%PROFILE_TEMP%]\thi67dd.tmp\btgrab.inf
[%PROFILE_TEMP%]\thi686d.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi69c9.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi6b86.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi6ea2.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi734b.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi76c9.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi7caf.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi7fc9.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi7fd.tmp\polall1t.exe
[%PROFILE_TEMP%]\thi98a.tmp\polall1m.exe
[%PROFILE_TEMP%]\thia59.tmp\polall1m.exe
[%PROFILE_TEMP%]\thib58.tmp\polall1m.exe
[%PROFILE_TEMP%]\thib6f.tmp\polall1m.exe
[%SYSTEM%]\12345.exe
[%SYSTEM%]\akazafex.exe
[%SYSTEM%]\avtapi.exe
[%SYSTEM%]\deinst_qfe002.exe
[%SYSTEM%]\elitefmj32.exe
[%SYSTEM%]\elitekck32.exe
[%SYSTEM%]\elitexdx32.exe
[%SYSTEM%]\hrbogl.exe
[%SYSTEM%]\ixsso.exe
[%SYSTEM%]\mirindaspk.exe
[%SYSTEM%]\mssaru.exe
[%SYSTEM%]\msshed32.exe
[%SYSTEM%]\PID.EXE
[%SYSTEM%]\systp.exe
[%SYSTEM%]\w3b384d1.dll
[%SYSTEM%]\w3b69adb.dll
[%SYSTEM%]\wfusqayn.exe
[%SYSTEM%]\wiascr.exe
[%SYSTEM%]\wmicsmgr.dll
[%SYSTEM%]\zrupga.exe
[%SYSTEM%]\zshf5459.dll
[%WINDOWS%]\btgrab.dll
[%WINDOWS%]\conscorr.exe
[%WINDOWS%]\dmvkx.exe
[%WINDOWS%]\down.exe
[%WINDOWS%]\file1.exe
[%WINDOWS%]\file2.exe
[%WINDOWS%]\INF\CDLMAIL.EXE
[%WINDOWS%]\INF\system_oper.exe
[%WINDOWS%]\INF\SYS_REQ.EXE
[%WINDOWS%]\java\classes\cmmon.scr
[%WINDOWS%]\java\classes\explorer.scr
[%WINDOWS%]\java\classes\smsss.scr
[%WINDOWS%]\localnrd.dll
[%WINDOWS%]\mstray.exe
[%WINDOWS%]\odbint.dll
[%WINDOWS%]\polmx3.exe
[%WINDOWS%]\Sloopy7.exe
[%WINDOWS%]\syskey.ini
[%WINDOWS%]\system32\win.ini.t00
[%WINDOWS%]\system\coreak.dll
[%WINDOWS%]\system\evjpfd.exe
[%WINDOWS%]\system\fabmax.exe
[%WINDOWS%]\system\ihpxtg.exe
[%WINDOWS%]\system\odrosh.exe
[%WINDOWS%]\system\oocdngv.exe
[%WINDOWS%]\system\qmdkkp.exe
[%WINDOWS%]\system\xewobv.exe
[%WINDOWS%]\system\xwxnwhcw.exe
[%WINDOWS%]\system\ypojlw.exe
[%WINDOWS%]\temp\alchem.exe
[%WINDOWS%]\temp\polmx.exe
[%WINDOWS%]\temp\polmx3.exe
[%WINDOWS%]\temp\thi677c.tmp\polall1t.exe
[%WINDOWS%]\terra.exe
[%INTERNET_CACHE%]\Content.IE5\4LM3S9IZ\L2[1].exe
[%INTERNET_CACHE%]\content.ie5\K3TRUY71\tool3[1].txt
[%INTERNET_CACHE%]\content.ie5\VYSFJHOX\ms1[1].txt
[%PROFILE_TEMP%]\1245934_4056_580_3468_79.41.tst
[%PROFILE_TEMP%]\1311928_2992_580_2720_79.41.tst
[%PROFILE_TEMP%]\131658_2360_200_2420_79.41.tst
[%PROFILE_TEMP%]\131658_2360_200_2448_79.41.tst
[%PROFILE_TEMP%]\131736_1332_348_1076_79.41.tst
[%PROFILE_TEMP%]\131802_3512_1848_3668_79.41.tst
[%PROFILE_TEMP%]\1376672_4056_580_3668_79.41.tst
[%PROFILE_TEMP%]\1835924_4056_580_1172_79.41.tst
[%PROFILE_TEMP%]\1901206_236_224_3244_79.41.tst
[%PROFILE_TEMP%]\1966774_4056_580_2888_79.41.tst
[%PROFILE_TEMP%]\2097914_1300_580_4064_79.41.tst
[%PROFILE_TEMP%]\262708_236_224_1640_79.41.tst
[%PROFILE_TEMP%]\328360_3512_1848_3552_79.41.tst
[%PROFILE_TEMP%]\590892_1968_580_1572_79.41.tst
[%PROFILE_TEMP%]\6226776_2992_580_2932_79.41.tst
[%PROFILE_TEMP%]\656248_616_2024_3032_79.41.tst
[%PROFILE_TEMP%]\656268_3512_1848_2256_79.41.tst
[%PROFILE_TEMP%]\656432_1968_580_3636_79.41.tst
[%PROFILE_TEMP%]\66306_1016_224_2100_79.41.tst
[%PROFILE_TEMP%]\66326_1332_348_612_79.41.tst
[%PROFILE_TEMP%]\66362_2568_212_3020_79.41.tst
[%PROFILE_TEMP%]\66534_2360_200_3400_79.41.tst
[%PROFILE_TEMP%]\6YQoWs.exe
[%PROFILE_TEMP%]\7340640_616_2024_2116_79.41.tst
[%PROFILE_TEMP%]\787048_2568_212_3896_79.41.tst
[%PROFILE_TEMP%]\983876_2992_580_3020_79.41.tst
[%PROFILE_TEMP%]\984042_2992_580_3184_79.41.tst
[%PROFILE_TEMP%]\btgrab.inf
[%PROFILE_TEMP%]\ceQau6.exe
[%PROFILE_TEMP%]\E2f8oD.exe
[%PROFILE_TEMP%]\GLF35GLF35.EXE
[%PROFILE_TEMP%]\ICD2.tmp\m67m.inf
[%PROFILE_TEMP%]\ICD6.tmp\elite.inf
[%PROFILE_TEMP%]\ICD6.tmp\elite.ocx
[%PROFILE_TEMP%]\istsv_.exe
[%PROFILE_TEMP%]\kmGc9H.exe
[%PROFILE_TEMP%]\localNrd.inf
[%PROFILE_TEMP%]\ma11x1dd12111v.game
[%PROFILE_TEMP%]\mmxsnet.exe
[%PROFILE_TEMP%]\polmx.exe
[%PROFILE_TEMP%]\polmx2.inf
[%PROFILE_TEMP%]\polmx3.exe
[%PROFILE_TEMP%]\poltt.cab
[%PROFILE_TEMP%]\poltt.exe
[%PROFILE_TEMP%]\poltt.inf
[%PROFILE_TEMP%]\pre.exe
[%PROFILE_TEMP%]\temp.fr????\istsvc.exe
[%PROFILE_TEMP%]\THI1E47.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI2855.tmp\btgrab.inf
[%PROFILE_TEMP%]\THI30CA.tmp\polall1m.exe
[%PROFILE_TEMP%]\THI3263.tmp\polall1m.exe
[%PROFILE_TEMP%]\THI3B2A.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI3E66.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI411B.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI4313.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI4EFD.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI50FB.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI598C.tmp\btgrab.inf
[%PROFILE_TEMP%]\THI5A06.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI62BF.tmp\polall1t.exe
[%PROFILE_TEMP%]\THI62BF.tmp\twaintec.cab
[%PROFILE_TEMP%]\ts_8_new.exe
[%PROFILE_TEMP%]\xI8bHF.exe
[%PROFILE_TEMP%]\Y7TDSp.exe
[%PROGRAM_FILES%]\epicenter\snuninst.exe
[%SYSTEM%]\0.exe
[%SYSTEM%]\aaa00000.dll
[%SYSTEM%]\aaa00000.sys
[%SYSTEM%]\big5_gb2312.exe
[%SYSTEM%]\bpara.dll
[%SYSTEM%]\Cache\us4.0-2.exe
[%SYSTEM%]\cpoepnkf.exe
[%SYSTEM%]\dllhost32.exe
[%SYSTEM%]\elitedoolsav.dat
[%SYSTEM%]\laesbpfl.exe_
[%SYSTEM%]\m1ax1d1213216143v.exe
[%SYSTEM%]\my_update.exe
[%SYSTEM%]\oiimvtre.exe
[%SYSTEM%]\polall1m.exe
[%SYSTEM%]\start32.exe
[%SYSTEM%]\systf.dll
[%SYSTEM%]\TheMatri1HasYou.exe
[%SYSTEM%]\ujscvhfh.exe
[%SYSTEM%]\vbefsspc.exe
[%SYSTEM%]\winsrv32.exe
[%SYSTEM%]\xplugin.dll
[%SYSTEM%]\xvlqqfbx.exe
[%WINDOWS%]\1.exe
[%WINDOWS%]\109uninst.exe
[%WINDOWS%]\alchem.exe
[%WINDOWS%]\BTGrab.dll
[%WINDOWS%]\Downloaded Program Files\m67m.inf
[%WINDOWS%]\etb\etl
[%WINDOWS%]\etb\nt_hide79.dll
[%WINDOWS%]\etb\pokapoka79.exe
[%WINDOWS%]\etb\xml\adult.tbr
[%WINDOWS%]\etb\xml\images\50kwincash2.bmp
[%WINDOWS%]\etb\xml\images\casino.bmp
[%WINDOWS%]\etb\xml\images\dating.bmp
[%WINDOWS%]\etb\xml\images\findemails.bmp
[%WINDOWS%]\etb\xml\images\ringtones.bmp
[%WINDOWS%]\etb\xml\images\searchpeople.bmp
[%WINDOWS%]\etb\xml\images\virus.bmp
[%WINDOWS%]\inf\btgrab.inf
[%WINDOWS%]\inf\localNrd.inf
[%WINDOWS%]\localNRD.dll
[%WINDOWS%]\mousepad12.exe
[%WINDOWS%]\ms044779575-1262006.exe
[%WINDOWS%]\polmx.exe
[%WINDOWS%]\preinsln.exe
[%WINDOWS%]\TEMP\b.com
[%WINDOWS%]\temp\backups\backup-20060602-131510-617.inf
[%WINDOWS%]\TEMP\bl4ck.com
[%WINDOWS%]\TEMP\ma11x1dd12111v.game
[%WINDOWS%]\thin.exe
[%WINDOWS%]\videoc.ocx
[%WINDOWS%]\win32105-1264779572006.exe
[%PROFILE_TEMP%]\conscorr.exe
[%PROFILE_TEMP%]\msshed32.exe
[%PROFILE_TEMP%]\suicidetb.exe
[%PROFILE_TEMP%]\temporary directory 1 for jcrea250[1].zip\setup.exe
[%PROFILE_TEMP%]\thi14a5.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi15e8.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi174f.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi1832.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi1f8d.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi2357.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi23f0.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi261a.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi261a.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi261a.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi2e2b.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi334f.tmp\polall1t.exe
[%PROFILE_TEMP%]\thi36e.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi390d.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi3a0.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi3c79.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi400a.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi4020.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi406.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi4941.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi4a64.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi4e3b.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi4e88.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi5249.tmp\polall1t.exe
[%PROFILE_TEMP%]\thi5291.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi542b.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi565d.tmp\polall1t.exe
[%PROFILE_TEMP%]\thi5755.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi58e1.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi5c06.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi6.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi6513.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi659c.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi67dd.tmp\btgrab.dll
[%PROFILE_TEMP%]\thi67dd.tmp\btgrab.inf
[%PROFILE_TEMP%]\thi686d.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi69c9.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi6b86.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi6ea2.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi734b.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi76c9.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi7caf.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi7fc9.tmp\polall1m.exe
[%PROFILE_TEMP%]\thi7fd.tmp\polall1t.exe
[%PROFILE_TEMP%]\thi98a.tmp\polall1m.exe
[%PROFILE_TEMP%]\thia59.tmp\polall1m.exe
[%PROFILE_TEMP%]\thib58.tmp\polall1m.exe
[%PROFILE_TEMP%]\thib6f.tmp\polall1m.exe
[%SYSTEM%]\12345.exe
[%SYSTEM%]\akazafex.exe
[%SYSTEM%]\avtapi.exe
[%SYSTEM%]\deinst_qfe002.exe
[%SYSTEM%]\elitefmj32.exe
[%SYSTEM%]\elitekck32.exe
[%SYSTEM%]\elitexdx32.exe
[%SYSTEM%]\hrbogl.exe
[%SYSTEM%]\ixsso.exe
[%SYSTEM%]\mirindaspk.exe
[%SYSTEM%]\mssaru.exe
[%SYSTEM%]\msshed32.exe
[%SYSTEM%]\PID.EXE
[%SYSTEM%]\systp.exe
[%SYSTEM%]\w3b384d1.dll
[%SYSTEM%]\w3b69adb.dll
[%SYSTEM%]\wfusqayn.exe
[%SYSTEM%]\wiascr.exe
[%SYSTEM%]\wmicsmgr.dll
[%SYSTEM%]\zrupga.exe
[%SYSTEM%]\zshf5459.dll
[%WINDOWS%]\btgrab.dll
[%WINDOWS%]\conscorr.exe
[%WINDOWS%]\dmvkx.exe
[%WINDOWS%]\down.exe
[%WINDOWS%]\file1.exe
[%WINDOWS%]\file2.exe
[%WINDOWS%]\INF\CDLMAIL.EXE
[%WINDOWS%]\INF\system_oper.exe
[%WINDOWS%]\INF\SYS_REQ.EXE
[%WINDOWS%]\java\classes\cmmon.scr
[%WINDOWS%]\java\classes\explorer.scr
[%WINDOWS%]\java\classes\smsss.scr
[%WINDOWS%]\localnrd.dll
[%WINDOWS%]\mstray.exe
[%WINDOWS%]\odbint.dll
[%WINDOWS%]\polmx3.exe
[%WINDOWS%]\Sloopy7.exe
[%WINDOWS%]\syskey.ini
[%WINDOWS%]\system32\win.ini.t00
[%WINDOWS%]\system\coreak.dll
[%WINDOWS%]\system\evjpfd.exe
[%WINDOWS%]\system\fabmax.exe
[%WINDOWS%]\system\ihpxtg.exe
[%WINDOWS%]\system\odrosh.exe
[%WINDOWS%]\system\oocdngv.exe
[%WINDOWS%]\system\qmdkkp.exe
[%WINDOWS%]\system\xewobv.exe
[%WINDOWS%]\system\xwxnwhcw.exe
[%WINDOWS%]\system\ypojlw.exe
[%WINDOWS%]\temp\alchem.exe
[%WINDOWS%]\temp\polmx.exe
[%WINDOWS%]\temp\polmx3.exe
[%WINDOWS%]\temp\thi677c.tmp\polall1t.exe
[%WINDOWS%]\terra.exe

How to detect SillyDl:

Files: [%INTERNET_CACHE%]\Content.IE5\4LM3S9IZ\L2[1].exe [%INTERNET_CACHE%]\content.ie5\K3TRUY71\tool3[1].txt [%INTERNET_CACHE%]\content.ie5\VYSFJHOX\ms1[1].txt [%PROFILE_TEMP%]\1245934_4056_580_3468_79.41.tst [%PROFILE_TEMP%]\1311928_2992_580_2720_79.41.tst [%PROFILE_TEMP%]\131658_2360_200_2420_79.41.tst [%PROFILE_TEMP%]\131658_2360_200_2448_79.41.tst [%PROFILE_TEMP%]\131736_1332_348_1076_79.41.tst [%PROFILE_TEMP%]\131802_3512_1848_3668_79.41.tst [%PROFILE_TEMP%]\1376672_4056_580_3668_79.41.tst [%PROFILE_TEMP%]\1835924_4056_580_1172_79.41.tst [%PROFILE_TEMP%]\1901206_236_224_3244_79.41.tst [%PROFILE_TEMP%]\1966774_4056_580_2888_79.41.tst [%PROFILE_TEMP%]\2097914_1300_580_4064_79.41.tst [%PROFILE_TEMP%]\262708_236_224_1640_79.41.tst [%PROFILE_TEMP%]\328360_3512_1848_3552_79.41.tst [%PROFILE_TEMP%]\590892_1968_580_1572_79.41.tst [%PROFILE_TEMP%]\6226776_2992_580_2932_79.41.tst [%PROFILE_TEMP%]\656248_616_2024_3032_79.41.tst [%PROFILE_TEMP%]\656268_3512_1848_2256_79.41.tst [%PROFILE_TEMP%]\656432_1968_580_3636_79.41.tst [%PROFILE_TEMP%]\66306_1016_224_2100_79.41.tst [%PROFILE_TEMP%]\66326_1332_348_612_79.41.tst [%PROFILE_TEMP%]\66362_2568_212_3020_79.41.tst [%PROFILE_TEMP%]\66534_2360_200_3400_79.41.tst [%PROFILE_TEMP%]\6YQoWs.exe [%PROFILE_TEMP%]\7340640_616_2024_2116_79.41.tst [%PROFILE_TEMP%]\787048_2568_212_3896_79.41.tst [%PROFILE_TEMP%]\983876_2992_580_3020_79.41.tst [%PROFILE_TEMP%]\984042_2992_580_3184_79.41.tst [%PROFILE_TEMP%]\btgrab.inf [%PROFILE_TEMP%]\ceQau6.exe [%PROFILE_TEMP%]\E2f8oD.exe [%PROFILE_TEMP%]\GLF35GLF35.EXE [%PROFILE_TEMP%]\ICD2.tmp\m67m.inf [%PROFILE_TEMP%]\ICD6.tmp\elite.inf [%PROFILE_TEMP%]\ICD6.tmp\elite.ocx [%PROFILE_TEMP%]\istsv_.exe [%PROFILE_TEMP%]\kmGc9H.exe [%PROFILE_TEMP%]\localNrd.inf [%PROFILE_TEMP%]\ma11x1dd12111v.game [%PROFILE_TEMP%]\mmxsnet.exe [%PROFILE_TEMP%]\polmx.exe [%PROFILE_TEMP%]\polmx2.inf [%PROFILE_TEMP%]\polmx3.exe [%PROFILE_TEMP%]\poltt.cab [%PROFILE_TEMP%]\poltt.exe [%PROFILE_TEMP%]\poltt.inf [%PROFILE_TEMP%]\pre.exe [%PROFILE_TEMP%]\temp.fr????\istsvc.exe [%PROFILE_TEMP%]\THI1E47.tmp\localNrd.inf [%PROFILE_TEMP%]\THI2855.tmp\btgrab.inf [%PROFILE_TEMP%]\THI30CA.tmp\polall1m.exe [%PROFILE_TEMP%]\THI3263.tmp\polall1m.exe [%PROFILE_TEMP%]\THI3B2A.tmp\localNrd.inf [%PROFILE_TEMP%]\THI3E66.tmp\localNrd.inf [%PROFILE_TEMP%]\THI411B.tmp\localNrd.inf [%PROFILE_TEMP%]\THI4313.tmp\localNrd.inf [%PROFILE_TEMP%]\THI4EFD.tmp\localNrd.inf [%PROFILE_TEMP%]\THI50FB.tmp\localNrd.inf [%PROFILE_TEMP%]\THI598C.tmp\btgrab.inf [%PROFILE_TEMP%]\THI5A06.tmp\localNrd.inf [%PROFILE_TEMP%]\THI62BF.tmp\polall1t.exe [%PROFILE_TEMP%]\THI62BF.tmp\twaintec.cab [%PROFILE_TEMP%]\ts_8_new.exe [%PROFILE_TEMP%]\xI8bHF.exe [%PROFILE_TEMP%]\Y7TDSp.exe [%PROGRAM_FILES%]\epicenter\snuninst.exe [%SYSTEM%]\0.exe [%SYSTEM%]\aaa00000.dll [%SYSTEM%]\aaa00000.sys [%SYSTEM%]\big5_gb2312.exe [%SYSTEM%]\bpara.dll [%SYSTEM%]\Cache\us4.0-2.exe [%SYSTEM%]\cpoepnkf.exe [%SYSTEM%]\dllhost32.exe [%SYSTEM%]\elitedoolsav.dat [%SYSTEM%]\laesbpfl.exe_ [%SYSTEM%]\m1ax1d1213216143v.exe [%SYSTEM%]\my_update.exe [%SYSTEM%]\oiimvtre.exe [%SYSTEM%]\polall1m.exe [%SYSTEM%]\start32.exe [%SYSTEM%]\systf.dll [%SYSTEM%]\TheMatri1HasYou.exe [%SYSTEM%]\ujscvhfh.exe [%SYSTEM%]\vbefsspc.exe [%SYSTEM%]\winsrv32.exe [%SYSTEM%]\xplugin.dll [%SYSTEM%]\xvlqqfbx.exe [%WINDOWS%]\1.exe [%WINDOWS%]\109uninst.exe [%WINDOWS%]\alchem.exe [%WINDOWS%]\BTGrab.dll [%WINDOWS%]\Downloaded Program Files\m67m.inf [%WINDOWS%]\etb\etl [%WINDOWS%]\etb\nt_hide79.dll [%WINDOWS%]\etb\pokapoka79.exe [%WINDOWS%]\etb\xml\adult.tbr [%WINDOWS%]\etb\xml\images\50kwincash2.bmp [%WINDOWS%]\etb\xml\images\casino.bmp [%WINDOWS%]\etb\xml\images\dating.bmp [%WINDOWS%]\etb\xml\images\findemails.bmp [%WINDOWS%]\etb\xml\images\ringtones.bmp [%WINDOWS%]\etb\xml\images\searchpeople.bmp [%WINDOWS%]\etb\xml\images\virus.bmp [%WINDOWS%]\inf\btgrab.inf [%WINDOWS%]\inf\localNrd.inf [%WINDOWS%]\localNRD.dll [%WINDOWS%]\mousepad12.exe [%WINDOWS%]\ms044779575-1262006.exe [%WINDOWS%]\polmx.exe [%WINDOWS%]\preinsln.exe [%WINDOWS%]\TEMP\b.com [%WINDOWS%]\temp\backups\backup-20060602-131510-617.inf [%WINDOWS%]\TEMP\bl4ck.com [%WINDOWS%]\TEMP\ma11x1dd12111v.game [%WINDOWS%]\thin.exe [%WINDOWS%]\videoc.ocx [%WINDOWS%]\win32105-1264779572006.exe [%PROFILE_TEMP%]\conscorr.exe [%PROFILE_TEMP%]\msshed32.exe [%PROFILE_TEMP%]\suicidetb.exe [%PROFILE_TEMP%]\temporary directory 1 for jcrea250[1].zip\setup.exe [%PROFILE_TEMP%]\thi14a5.tmp\polall1m.exe [%PROFILE_TEMP%]\thi15e8.tmp\polall1m.exe [%PROFILE_TEMP%]\thi174f.tmp\polall1m.exe [%PROFILE_TEMP%]\thi1832.tmp\polall1m.exe [%PROFILE_TEMP%]\thi1f8d.tmp\polall1m.exe [%PROFILE_TEMP%]\thi2357.tmp\polall1m.exe [%PROFILE_TEMP%]\thi23f0.tmp\polall1m.exe [%PROFILE_TEMP%]\thi261a.tmp\polall1m.exe [%PROFILE_TEMP%]\thi261a.tmp\twaintec.dll [%PROFILE_TEMP%]\thi261a.tmp\twaintec.inf [%PROFILE_TEMP%]\thi2e2b.tmp\polall1m.exe [%PROFILE_TEMP%]\thi334f.tmp\polall1t.exe [%PROFILE_TEMP%]\thi36e.tmp\polall1m.exe [%PROFILE_TEMP%]\thi390d.tmp\polall1m.exe [%PROFILE_TEMP%]\thi3a0.tmp\polall1m.exe [%PROFILE_TEMP%]\thi3c79.tmp\polall1m.exe [%PROFILE_TEMP%]\thi400a.tmp\polall1m.exe [%PROFILE_TEMP%]\thi4020.tmp\polall1m.exe [%PROFILE_TEMP%]\thi406.tmp\polall1m.exe [%PROFILE_TEMP%]\thi4941.tmp\polall1m.exe [%PROFILE_TEMP%]\thi4a64.tmp\polall1m.exe [%PROFILE_TEMP%]\thi4e3b.tmp\polall1m.exe [%PROFILE_TEMP%]\thi4e88.tmp\polall1m.exe [%PROFILE_TEMP%]\thi5249.tmp\polall1t.exe [%PROFILE_TEMP%]\thi5291.tmp\polall1m.exe [%PROFILE_TEMP%]\thi542b.tmp\polall1m.exe [%PROFILE_TEMP%]\thi565d.tmp\polall1t.exe [%PROFILE_TEMP%]\thi5755.tmp\polall1m.exe [%PROFILE_TEMP%]\thi58e1.tmp\polall1m.exe [%PROFILE_TEMP%]\thi5c06.tmp\polall1m.exe [%PROFILE_TEMP%]\thi6.tmp\polall1m.exe [%PROFILE_TEMP%]\thi6513.tmp\polall1m.exe [%PROFILE_TEMP%]\thi659c.tmp\polall1m.exe [%PROFILE_TEMP%]\thi67dd.tmp\btgrab.dll [%PROFILE_TEMP%]\thi67dd.tmp\btgrab.inf [%PROFILE_TEMP%]\thi686d.tmp\polall1m.exe [%PROFILE_TEMP%]\thi69c9.tmp\polall1m.exe [%PROFILE_TEMP%]\thi6b86.tmp\polall1m.exe [%PROFILE_TEMP%]\thi6ea2.tmp\polall1m.exe [%PROFILE_TEMP%]\thi734b.tmp\polall1m.exe [%PROFILE_TEMP%]\thi76c9.tmp\polall1m.exe [%PROFILE_TEMP%]\thi7caf.tmp\polall1m.exe [%PROFILE_TEMP%]\thi7fc9.tmp\polall1m.exe [%PROFILE_TEMP%]\thi7fd.tmp\polall1t.exe [%PROFILE_TEMP%]\thi98a.tmp\polall1m.exe [%PROFILE_TEMP%]\thia59.tmp\polall1m.exe [%PROFILE_TEMP%]\thib58.tmp\polall1m.exe [%PROFILE_TEMP%]\thib6f.tmp\polall1m.exe [%SYSTEM%]\12345.exe [%SYSTEM%]\akazafex.exe [%SYSTEM%]\avtapi.exe [%SYSTEM%]\deinst_qfe002.exe [%SYSTEM%]\elitefmj32.exe [%SYSTEM%]\elitekck32.exe [%SYSTEM%]\elitexdx32.exe [%SYSTEM%]\hrbogl.exe [%SYSTEM%]\ixsso.exe [%SYSTEM%]\mirindaspk.exe [%SYSTEM%]\mssaru.exe [%SYSTEM%]\msshed32.exe [%SYSTEM%]\PID.EXE [%SYSTEM%]\systp.exe [%SYSTEM%]\w3b384d1.dll [%SYSTEM%]\w3b69adb.dll [%SYSTEM%]\wfusqayn.exe [%SYSTEM%]\wiascr.exe [%SYSTEM%]\wmicsmgr.dll [%SYSTEM%]\zrupga.exe [%SYSTEM%]\zshf5459.dll [%WINDOWS%]\btgrab.dll [%WINDOWS%]\conscorr.exe [%WINDOWS%]\dmvkx.exe [%WINDOWS%]\down.exe [%WINDOWS%]\file1.exe [%WINDOWS%]\file2.exe [%WINDOWS%]\INF\CDLMAIL.EXE [%WINDOWS%]\INF\system_oper.exe [%WINDOWS%]\INF\SYS_REQ.EXE [%WINDOWS%]\java\classes\cmmon.scr [%WINDOWS%]\java\classes\explorer.scr [%WINDOWS%]\java\classes\smsss.scr [%WINDOWS%]\localnrd.dll [%WINDOWS%]\mstray.exe [%WINDOWS%]\odbint.dll [%WINDOWS%]\polmx3.exe [%WINDOWS%]\Sloopy7.exe [%WINDOWS%]\syskey.ini [%WINDOWS%]\system32\win.ini.t00 [%WINDOWS%]\system\coreak.dll [%WINDOWS%]\system\evjpfd.exe [%WINDOWS%]\system\fabmax.exe [%WINDOWS%]\system\ihpxtg.exe [%WINDOWS%]\system\odrosh.exe [%WINDOWS%]\system\oocdngv.exe [%WINDOWS%]\system\qmdkkp.exe [%WINDOWS%]\system\xewobv.exe [%WINDOWS%]\system\xwxnwhcw.exe [%WINDOWS%]\system\ypojlw.exe [%WINDOWS%]\temp\alchem.exe [%WINDOWS%]\temp\polmx.exe [%WINDOWS%]\temp\polmx3.exe [%WINDOWS%]\temp\thi677c.tmp\polall1t.exe [%WINDOWS%]\terra.exe [%INTERNET_CACHE%]\Content.IE5\4LM3S9IZ\L2[1].exe [%INTERNET_CACHE%]\content.ie5\K3TRUY71\tool3[1].txt [%INTERNET_CACHE%]\content.ie5\VYSFJHOX\ms1[1].txt [%PROFILE_TEMP%]\1245934_4056_580_3468_79.41.tst [%PROFILE_TEMP%]\1311928_2992_580_2720_79.41.tst [%PROFILE_TEMP%]\131658_2360_200_2420_79.41.tst [%PROFILE_TEMP%]\131658_2360_200_2448_79.41.tst [%PROFILE_TEMP%]\131736_1332_348_1076_79.41.tst [%PROFILE_TEMP%]\131802_3512_1848_3668_79.41.tst [%PROFILE_TEMP%]\1376672_4056_580_3668_79.41.tst [%PROFILE_TEMP%]\1835924_4056_580_1172_79.41.tst [%PROFILE_TEMP%]\1901206_236_224_3244_79.41.tst [%PROFILE_TEMP%]\1966774_4056_580_2888_79.41.tst [%PROFILE_TEMP%]\2097914_1300_580_4064_79.41.tst [%PROFILE_TEMP%]\262708_236_224_1640_79.41.tst [%PROFILE_TEMP%]\328360_3512_1848_3552_79.41.tst [%PROFILE_TEMP%]\590892_1968_580_1572_79.41.tst [%PROFILE_TEMP%]\6226776_2992_580_2932_79.41.tst [%PROFILE_TEMP%]\656248_616_2024_3032_79.41.tst [%PROFILE_TEMP%]\656268_3512_1848_2256_79.41.tst [%PROFILE_TEMP%]\656432_1968_580_3636_79.41.tst [%PROFILE_TEMP%]\66306_1016_224_2100_79.41.tst [%PROFILE_TEMP%]\66326_1332_348_612_79.41.tst [%PROFILE_TEMP%]\66362_2568_212_3020_79.41.tst [%PROFILE_TEMP%]\66534_2360_200_3400_79.41.tst [%PROFILE_TEMP%]\6YQoWs.exe [%PROFILE_TEMP%]\7340640_616_2024_2116_79.41.tst [%PROFILE_TEMP%]\787048_2568_212_3896_79.41.tst [%PROFILE_TEMP%]\983876_2992_580_3020_79.41.tst [%PROFILE_TEMP%]\984042_2992_580_3184_79.41.tst [%PROFILE_TEMP%]\btgrab.inf [%PROFILE_TEMP%]\ceQau6.exe [%PROFILE_TEMP%]\E2f8oD.exe [%PROFILE_TEMP%]\GLF35GLF35.EXE [%PROFILE_TEMP%]\ICD2.tmp\m67m.inf [%PROFILE_TEMP%]\ICD6.tmp\elite.inf [%PROFILE_TEMP%]\ICD6.tmp\elite.ocx [%PROFILE_TEMP%]\istsv_.exe [%PROFILE_TEMP%]\kmGc9H.exe [%PROFILE_TEMP%]\localNrd.inf [%PROFILE_TEMP%]\ma11x1dd12111v.game [%PROFILE_TEMP%]\mmxsnet.exe [%PROFILE_TEMP%]\polmx.exe [%PROFILE_TEMP%]\polmx2.inf [%PROFILE_TEMP%]\polmx3.exe [%PROFILE_TEMP%]\poltt.cab [%PROFILE_TEMP%]\poltt.exe [%PROFILE_TEMP%]\poltt.inf [%PROFILE_TEMP%]\pre.exe [%PROFILE_TEMP%]\temp.fr????\istsvc.exe [%PROFILE_TEMP%]\THI1E47.tmp\localNrd.inf [%PROFILE_TEMP%]\THI2855.tmp\btgrab.inf [%PROFILE_TEMP%]\THI30CA.tmp\polall1m.exe [%PROFILE_TEMP%]\THI3263.tmp\polall1m.exe [%PROFILE_TEMP%]\THI3B2A.tmp\localNrd.inf [%PROFILE_TEMP%]\THI3E66.tmp\localNrd.inf [%PROFILE_TEMP%]\THI411B.tmp\localNrd.inf [%PROFILE_TEMP%]\THI4313.tmp\localNrd.inf [%PROFILE_TEMP%]\THI4EFD.tmp\localNrd.inf [%PROFILE_TEMP%]\THI50FB.tmp\localNrd.inf [%PROFILE_TEMP%]\THI598C.tmp\btgrab.inf [%PROFILE_TEMP%]\THI5A06.tmp\localNrd.inf [%PROFILE_TEMP%]\THI62BF.tmp\polall1t.exe [%PROFILE_TEMP%]\THI62BF.tmp\twaintec.cab [%PROFILE_TEMP%]\ts_8_new.exe [%PROFILE_TEMP%]\xI8bHF.exe [%PROFILE_TEMP%]\Y7TDSp.exe [%PROGRAM_FILES%]\epicenter\snuninst.exe [%SYSTEM%]\0.exe [%SYSTEM%]\aaa00000.dll [%SYSTEM%]\aaa00000.sys [%SYSTEM%]\big5_gb2312.exe [%SYSTEM%]\bpara.dll [%SYSTEM%]\Cache\us4.0-2.exe [%SYSTEM%]\cpoepnkf.exe [%SYSTEM%]\dllhost32.exe [%SYSTEM%]\elitedoolsav.dat [%SYSTEM%]\laesbpfl.exe_ [%SYSTEM%]\m1ax1d1213216143v.exe [%SYSTEM%]\my_update.exe [%SYSTEM%]\oiimvtre.exe [%SYSTEM%]\polall1m.exe [%SYSTEM%]\start32.exe [%SYSTEM%]\systf.dll [%SYSTEM%]\TheMatri1HasYou.exe [%SYSTEM%]\ujscvhfh.exe [%SYSTEM%]\vbefsspc.exe [%SYSTEM%]\winsrv32.exe [%SYSTEM%]\xplugin.dll [%SYSTEM%]\xvlqqfbx.exe [%WINDOWS%]\1.exe [%WINDOWS%]\109uninst.exe [%WINDOWS%]\alchem.exe [%WINDOWS%]\BTGrab.dll [%WINDOWS%]\Downloaded Program Files\m67m.inf [%WINDOWS%]\etb\etl [%WINDOWS%]\etb\nt_hide79.dll [%WINDOWS%]\etb\pokapoka79.exe [%WINDOWS%]\etb\xml\adult.tbr [%WINDOWS%]\etb\xml\images\50kwincash2.bmp [%WINDOWS%]\etb\xml\images\casino.bmp [%WINDOWS%]\etb\xml\images\dating.bmp [%WINDOWS%]\etb\xml\images\findemails.bmp [%WINDOWS%]\etb\xml\images\ringtones.bmp [%WINDOWS%]\etb\xml\images\searchpeople.bmp [%WINDOWS%]\etb\xml\images\virus.bmp [%WINDOWS%]\inf\btgrab.inf [%WINDOWS%]\inf\localNrd.inf [%WINDOWS%]\localNRD.dll [%WINDOWS%]\mousepad12.exe [%WINDOWS%]\ms044779575-1262006.exe [%WINDOWS%]\polmx.exe [%WINDOWS%]\preinsln.exe [%WINDOWS%]\TEMP\b.com [%WINDOWS%]\temp\backups\backup-20060602-131510-617.inf [%WINDOWS%]\TEMP\bl4ck.com [%WINDOWS%]\TEMP\ma11x1dd12111v.game [%WINDOWS%]\thin.exe [%WINDOWS%]\videoc.ocx [%WINDOWS%]\win32105-1264779572006.exe [%PROFILE_TEMP%]\conscorr.exe [%PROFILE_TEMP%]\msshed32.exe [%PROFILE_TEMP%]\suicidetb.exe [%PROFILE_TEMP%]\temporary directory 1 for jcrea250[1].zip\setup.exe [%PROFILE_TEMP%]\thi14a5.tmp\polall1m.exe [%PROFILE_TEMP%]\thi15e8.tmp\polall1m.exe [%PROFILE_TEMP%]\thi174f.tmp\polall1m.exe [%PROFILE_TEMP%]\thi1832.tmp\polall1m.exe [%PROFILE_TEMP%]\thi1f8d.tmp\polall1m.exe [%PROFILE_TEMP%]\thi2357.tmp\polall1m.exe [%PROFILE_TEMP%]\thi23f0.tmp\polall1m.exe [%PROFILE_TEMP%]\thi261a.tmp\polall1m.exe [%PROFILE_TEMP%]\thi261a.tmp\twaintec.dll [%PROFILE_TEMP%]\thi261a.tmp\twaintec.inf [%PROFILE_TEMP%]\thi2e2b.tmp\polall1m.exe [%PROFILE_TEMP%]\thi334f.tmp\polall1t.exe [%PROFILE_TEMP%]\thi36e.tmp\polall1m.exe [%PROFILE_TEMP%]\thi390d.tmp\polall1m.exe [%PROFILE_TEMP%]\thi3a0.tmp\polall1m.exe [%PROFILE_TEMP%]\thi3c79.tmp\polall1m.exe [%PROFILE_TEMP%]\thi400a.tmp\polall1m.exe [%PROFILE_TEMP%]\thi4020.tmp\polall1m.exe [%PROFILE_TEMP%]\thi406.tmp\polall1m.exe [%PROFILE_TEMP%]\thi4941.tmp\polall1m.exe [%PROFILE_TEMP%]\thi4a64.tmp\polall1m.exe [%PROFILE_TEMP%]\thi4e3b.tmp\polall1m.exe [%PROFILE_TEMP%]\thi4e88.tmp\polall1m.exe [%PROFILE_TEMP%]\thi5249.tmp\polall1t.exe [%PROFILE_TEMP%]\thi5291.tmp\polall1m.exe [%PROFILE_TEMP%]\thi542b.tmp\polall1m.exe [%PROFILE_TEMP%]\thi565d.tmp\polall1t.exe [%PROFILE_TEMP%]\thi5755.tmp\polall1m.exe [%PROFILE_TEMP%]\thi58e1.tmp\polall1m.exe [%PROFILE_TEMP%]\thi5c06.tmp\polall1m.exe [%PROFILE_TEMP%]\thi6.tmp\polall1m.exe [%PROFILE_TEMP%]\thi6513.tmp\polall1m.exe [%PROFILE_TEMP%]\thi659c.tmp\polall1m.exe [%PROFILE_TEMP%]\thi67dd.tmp\btgrab.dll [%PROFILE_TEMP%]\thi67dd.tmp\btgrab.inf [%PROFILE_TEMP%]\thi686d.tmp\polall1m.exe [%PROFILE_TEMP%]\thi69c9.tmp\polall1m.exe [%PROFILE_TEMP%]\thi6b86.tmp\polall1m.exe [%PROFILE_TEMP%]\thi6ea2.tmp\polall1m.exe [%PROFILE_TEMP%]\thi734b.tmp\polall1m.exe [%PROFILE_TEMP%]\thi76c9.tmp\polall1m.exe [%PROFILE_TEMP%]\thi7caf.tmp\polall1m.exe [%PROFILE_TEMP%]\thi7fc9.tmp\polall1m.exe [%PROFILE_TEMP%]\thi7fd.tmp\polall1t.exe [%PROFILE_TEMP%]\thi98a.tmp\polall1m.exe [%PROFILE_TEMP%]\thia59.tmp\polall1m.exe [%PROFILE_TEMP%]\thib58.tmp\polall1m.exe [%PROFILE_TEMP%]\thib6f.tmp\polall1m.exe [%SYSTEM%]\12345.exe [%SYSTEM%]\akazafex.exe [%SYSTEM%]\avtapi.exe [%SYSTEM%]\deinst_qfe002.exe [%SYSTEM%]\elitefmj32.exe [%SYSTEM%]\elitekck32.exe [%SYSTEM%]\elitexdx32.exe [%SYSTEM%]\hrbogl.exe [%SYSTEM%]\ixsso.exe [%SYSTEM%]\mirindaspk.exe [%SYSTEM%]\mssaru.exe [%SYSTEM%]\msshed32.exe [%SYSTEM%]\PID.EXE [%SYSTEM%]\systp.exe [%SYSTEM%]\w3b384d1.dll [%SYSTEM%]\w3b69adb.dll [%SYSTEM%]\wfusqayn.exe [%SYSTEM%]\wiascr.exe [%SYSTEM%]\wmicsmgr.dll [%SYSTEM%]\zrupga.exe [%SYSTEM%]\zshf5459.dll [%WINDOWS%]\btgrab.dll [%WINDOWS%]\conscorr.exe [%WINDOWS%]\dmvkx.exe [%WINDOWS%]\down.exe [%WINDOWS%]\file1.exe [%WINDOWS%]\file2.exe [%WINDOWS%]\INF\CDLMAIL.EXE [%WINDOWS%]\INF\system_oper.exe [%WINDOWS%]\INF\SYS_REQ.EXE [%WINDOWS%]\java\classes\cmmon.scr [%WINDOWS%]\java\classes\explorer.scr [%WINDOWS%]\java\classes\smsss.scr [%WINDOWS%]\localnrd.dll [%WINDOWS%]\mstray.exe [%WINDOWS%]\odbint.dll [%WINDOWS%]\polmx3.exe [%WINDOWS%]\Sloopy7.exe [%WINDOWS%]\syskey.ini [%WINDOWS%]\system32\win.ini.t00 [%WINDOWS%]\system\coreak.dll [%WINDOWS%]\system\evjpfd.exe [%WINDOWS%]\system\fabmax.exe [%WINDOWS%]\system\ihpxtg.exe [%WINDOWS%]\system\odrosh.exe [%WINDOWS%]\system\oocdngv.exe [%WINDOWS%]\system\qmdkkp.exe [%WINDOWS%]\system\xewobv.exe [%WINDOWS%]\system\xwxnwhcw.exe [%WINDOWS%]\system\ypojlw.exe [%WINDOWS%]\temp\alchem.exe [%WINDOWS%]\temp\polmx.exe [%WINDOWS%]\temp\polmx3.exe [%WINDOWS%]\temp\thi677c.tmp\polall1t.exe [%WINDOWS%]\terra.exe

Folders: [%WINDOWS%]\elitetoolbar [%WINDOWS%]\etb

Registry Keys: HKEY_CLASSES_ROOT\btgrabdll.btgrabdllobj HKEY_CLASSES_ROOT\btgrabdll.btgrabdllobj.1 HKEY_CLASSES_ROOT\CLSID\{00000000-F09C-02B4-6EC2-AD0300000000} HKEY_CLASSES_ROOT\clsid\{0a1d22c3-37be-470c-9c29-e3074ee0574b} HKEY_CLASSES_ROOT\clsid\{28caeff3-0f18-4036-b504-51d73bd81abc} HKEY_CLASSES_ROOT\clsid\{825cf5bd-8862-4430-b771-0c15c5ca8def} HKEY_CLASSES_ROOT\clsid\{be8d0059-d24d-4919-b76f-99f4a2203647} HKEY_CLASSES_ROOT\clsid\{ed103d9f-3070-4580-ab1e-e5c179c1ae41} HKEY_CLASSES_ROOT\interface\{59ebb576-ceb0-42fa-9917-da6254a275ad} HKEY_CLASSES_ROOT\interface\{665abe65-2c16-4341-b4b8-01ff799e8f4c} HKEY_CLASSES_ROOT\typelib\{8e0d8965-b97b-468d-8306-a05929e439c1} HKEY_CURRENT_USER\software\btgrab HKEY_LOCAL_MACHINE\software\elitum HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-F09C-02B4-6EC2-AD0300000000} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\elitebar internet explorer toolbar HKEY_LOCAL_MACHINE\software\ohbbackup HKEY_CLASSES_ROOT\clsid\{00000000-f09c-02b4-6ec2-ad0300000000} HKEY_CLASSES_ROOT\clsid\{333872c4-92d6-4396-8542-64ab96518950} HKEY_CLASSES_ROOT\clsid\{45a26e38-f931-4c6f-8106-fbb8534fb0af} HKEY_CLASSES_ROOT\clsid\{855875b5-93f3-429d-ff34-660b206d897c} HKEY_CLASSES_ROOT\clsid\{fcaddc14-bd46-408a-9842-cdb57890086b} HKEY_CLASSES_ROOT\microsoft.wmicsmgr HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-f09c-02b4-6ec2-ad0300000000} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{28caeff3-0f18-4036-b504-51d73bd81abc} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{855875b5-93f3-429d-ff34-660b206d897c} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ed103d9f-3070-4580-ab1e-e5c179c1ae41} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{fcaddc14-bd46-408a-9842-cdb57890086b}

Registry Values: HKEY_CURRENT_USER\software\microsoft\internet explorer HKEY_CURRENT_USER\software\microsoft\internet explorer HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft HKEY_LOCAL_MACHINE\software\microsoft HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\software\microsoft\internet explorer HKEY_CURRENT_USER\software\microsoft\internet explorer HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run, zshf5459=rundll32.exe w3b384d1.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing SillyDl:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Doom Trojan Removal
Darksma Trojan Removal instruction
Messenger.Detect Spyware Symptoms
revsci.net Tracking Cookie Information
Removing MySpaceBar.IE Hijacker

Smondev Trojan

Removing Smondev
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\SecMon.sys
[%WINDOWS%]\SecMon.sys

How to detect Smondev:

Files: [%WINDOWS%]\SecMon.sys [%WINDOWS%]\SecMon.sys

Removing Smondev:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Oneraw Trojan
NFLFinder Trojan Removal instruction
KaZaA Worm Removal instruction

Nedky Trojan

Removing Nedky
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Nedky Also known as:


[Kaspersky]Trojan-Downloader.Win32.Delf.bgb;
[McAfee]Downloader-AZG;
[Other]Win32/Nedky.H

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\moviemk.exe
[%SYSTEM%]\moviemk.exe

How to detect Nedky:

Files: [%SYSTEM%]\moviemk.exe [%SYSTEM%]\moviemk.exe

Removing Nedky:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove ZebraAntivirus Ransomware

Power.Linking.Profits.com BHO

Removing Power.Linking.Profits.com
Categories: BHO,Toolbar
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

How to detect Power.Linking.Profits.com:

Registry Keys: HKEY_CLASSES_ROOT\clsid\{d6223cbc-a263-4cb1-b35e-1ae40fef3b3b} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{d6223cbc-a263-4cb1-b35e-1ae40fef3b3b} HKEY_LOCAL_MACHINE\software\classes\clsid\{d6223cbc-a263-4cb1-b35e-1ae40fef3b3b} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d6223cbc-a263-4cb1-b35e-1ae40fef3b3b}

Removing Power.Linking.Profits.com:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
QQspouse Trojan Symptoms

#1.Killer Trojan

Removing #1.Killer
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

How to detect #1.Killer:

Registry Keys: HKEY_LOCAL_MACHINE\software\classes\abc

Removing #1.Killer:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing SillyDl.CUL Trojan
TrojanDownloader.VB Trojan Cleaner
Agent.gp Trojan Information

ScanandRepair Ransomware

Removing ScanandRepair
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.

If the victim opens/executes the attachment, the program encrypts
a number of files on the victim's computer. A ransom note is then left behind for the victim.

The victim will be unable to open the encrypted files without the correct decryption key.
Once the ransom demanded in the ransom note is paid, the cracker may (or may not)
send the decryption key, enabling decryption of the "kidnapped" files.

ScanandRepair Also known as:


[Other]ScanandRepair,Adware.ScanRepairUtilities,Trojan.Generic.78401

Visible Symptoms:
Files in system folders:

 
[%DESKTOP%]\Scan & Repair Utilities 2007.lnk
[%DESKTOP%]\Scan & Repair Utilities 2007.lnk

How to detect ScanandRepair:

Files: [%DESKTOP%]\Scan & Repair Utilities 2007.lnk [%DESKTOP%]\Scan & Repair Utilities 2007.lnk

Folders: [%COMMON_PROGRAMS%]\Scan & Repair Utilities 2007 [%PROGRAM_FILES%]\Scan & Repair Utilities 2007

Registry Keys: HKEY_CURRENT_USER\software\scan & repair utilities 2007 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\scan & repair utilities 2007_is1

Registry Values: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\microsoft\windows\shellnoroam\muicache HKEY_CURRENT_USER\software\microsoft\windows\shellnoroam\muicache

Removing ScanandRepair:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bancos.AER Trojan Symptoms
Removing Rewzaq Trojan

SysProtect Adware

Removing SysProtect
Categories: Adware,Ransomware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe software that encrypts the data
belonging to an individual on a computer, demanding a ransom for its restoration.
Although the field known as cryptovirology predates the term "ransomware".

Visible Symptoms:
Files in system folders:

 
[%PROFILE_TEMP%]\NI.USYP\setup.exe
[%PROFILE_TEMP%]\NI.USYP_0001_N76M1005\setup.exe
[%PROFILE_TEMP%]\SysProtectScannerSetup.exe
[%PROGRAM_FILES%]\ErrorSafe Free\FlFxr15.dll
[%PROGRAM_FILES%]\ERRORS~1\FlFxr15.dll
[%SYSTEM%]\df_kme.exe
[%DESKTOP%]\Install SysProtect .lnk
[%DESKTOP%]\SysProtect.lnk
[%PROFILE_TEMP%]\NI.USYP\setup.exe
[%PROFILE_TEMP%]\NI.USYP_0001_N76M1005\setup.exe
[%PROFILE_TEMP%]\SysProtectScannerSetup.exe
[%PROGRAM_FILES%]\ErrorSafe Free\FlFxr15.dll
[%PROGRAM_FILES%]\ERRORS~1\FlFxr15.dll
[%SYSTEM%]\df_kme.exe
[%DESKTOP%]\Install SysProtect .lnk
[%DESKTOP%]\SysProtect.lnk

How to detect SysProtect:

Files: [%PROFILE_TEMP%]\NI.USYP\setup.exe [%PROFILE_TEMP%]\NI.USYP_0001_N76M1005\setup.exe [%PROFILE_TEMP%]\SysProtectScannerSetup.exe [%PROGRAM_FILES%]\ErrorSafe Free\FlFxr15.dll [%PROGRAM_FILES%]\ERRORS~1\FlFxr15.dll [%SYSTEM%]\df_kme.exe [%DESKTOP%]\Install SysProtect .lnk [%DESKTOP%]\SysProtect.lnk [%PROFILE_TEMP%]\NI.USYP\setup.exe [%PROFILE_TEMP%]\NI.USYP_0001_N76M1005\setup.exe [%PROFILE_TEMP%]\SysProtectScannerSetup.exe [%PROGRAM_FILES%]\ErrorSafe Free\FlFxr15.dll [%PROGRAM_FILES%]\ERRORS~1\FlFxr15.dll [%SYSTEM%]\df_kme.exe [%DESKTOP%]\Install SysProtect .lnk [%DESKTOP%]\SysProtect.lnk

Folders: [%PROGRAM_FILES%]\SysProtect Free [%PROGRAM_FILES%]\SysProtect [%PROGRAM_FILES_COMMON%]\SysProtect [%COMMON_PROGRAMS%]\SysProtect Unregistered Version

Registry Keys: HKEY_CLASSES_ROOT\AppID\{4F5E5D72-C915-4f3b-908B-527D064B0FAA} HKEY_CLASSES_ROOT\CheckProd.CheckProduct HKEY_CLASSES_ROOT\CLSID\{1640DE0E-75E4-4a83-B5D1-2492BC7EBA8F} HKEY_CLASSES_ROOT\CLSID\{9E87077C-380C-407d-8DAB-EEDAD95C0A5D} HKEY_CLASSES_ROOT\CLSID\{CCAABCDD-7C16-4215-B12E-150BFB994CF0} HKEY_CLASSES_ROOT\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F} HKEY_CLASSES_ROOT\clsid\{f63e3b76-f82f-46eb-851c-8c0a221686bb} HKEY_CLASSES_ROOT\flfxr15.flfixer15 HKEY_CLASSES_ROOT\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9} HKEY_CLASSES_ROOT\interface\{7f4e63c9-f30c-4424-9baf-b6896f5f56c4} HKEY_CLASSES_ROOT\interface\{f5ac8b35-5b15-4e8f-8046-43858973b495} HKEY_CLASSES_ROOT\typelib\{7eacf70b-302f-4049-ac68-2d62eb43e473}\1.0 HKEY_CLASSES_ROOT\typelib\{7fa4ec26-6a28-4474-857d-bb05b001c84a}\1.0 HKEY_CLASSES_ROOT\typelib\{96d58666-8f00-4a9d-9389-c17aaa2407c9}\1.0 HKEY_CLASSES_ROOT\typelib\{e79d5e54-81c9-41ae-9d7b-03f1e5a7733d}\1.0 HKEY_CLASSES_ROOT\typelib\{f585cb1f-f17d-4007-a573-b663197ef500}\1.0 HKEY_LOCAL_MACHINE\Software\SysProtect HKEY_CLASSES_ROOT\AppID\CheckProduct2_1.DLL HKEY_CLASSES_ROOT\AppID\compclr.dll HKEY_CLASSES_ROOT\AppID\FFWrapr.DLL HKEY_CLASSES_ROOT\CheckProd.CheckProduct.1 HKEY_CLASSES_ROOT\ComCleanCore.AppCleaner HKEY_CLASSES_ROOT\ComCleanCore.CCQuickScan HKEY_CLASSES_ROOT\ComCleanCore.CCQuickScan.1 HKEY_CLASSES_ROOT\ComCleanCore.FileCleaner HKEY_CLASSES_ROOT\ComCleanCore.FileCleaner.1 HKEY_CLASSES_ROOT\ComCleanCore.InetCleaner HKEY_CLASSES_ROOT\ComCleanCore.InetCleaner.1 HKEY_CLASSES_ROOT\ComCleanCore.RegCleaner HKEY_CLASSES_ROOT\ComCleanCore.RegCleaner.1 HKEY_CLASSES_ROOT\ComCleanCore.SystemCleaner HKEY_CLASSES_ROOT\ComCleanCore.SystemCleaner.1 HKEY_CLASSES_ROOT\df_fixr.Fixer.1 HKEY_CLASSES_ROOT\TypeLib\{7EACF70B-302F-4049-AC68-2D62EB43E473} HKEY_CURRENT_USER\Software\SysProtect HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSCAN HKEY_CLASSES_ROOT\appid\{4f5e5d72-c915-4f3b-908b-527d064b0faa} HKEY_CLASSES_ROOT\checkprod.checkproduct HKEY_CLASSES_ROOT\clsid\{1640de0e-75e4-4a83-b5d1-2492bc7eba8f} HKEY_CLASSES_ROOT\clsid\{9e87077c-380c-407d-8dab-eedad95c0a5d} HKEY_CLASSES_ROOT\clsid\{ccaabcdd-7c16-4215-b12e-150bfb994cf0} HKEY_CLASSES_ROOT\clsid\{ef130e77-0a34-4365-bfb7-218fd3ddcd5f} HKEY_CLASSES_ROOT\interface\{02946fd1-2d99-46e6-a790-3a089714edd9} HKEY_CURRENT_USER\software\sysprotect free HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\usyp_is1 HKEY_LOCAL_MACHINE\software\sysprotect

Registry Values: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing SysProtect:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Spy.Win32.Banker.mt Trojan
Vxidl.ARC Trojan Removal instruction
Win32.Byte Trojan Cleaner

Busky Trojan

Removing Busky
Categories: Trojan,Downloader
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Trojans-downloaders downloads and installs new malware or adware on the computer.

Busky Also known as:


[Kaspersky]Trojan-Downloader.Win32.Busky.a,Trojan-Downlaoder.Win32.Busky.c,Trojan-Downloader.Win32.Agent.avm,Trojan-Downloader.Win32.Busky.j,Trojan-Downloader.Win32.Busky.k,Trojan-Downloader.Win32.Busky.gen,Trojan.Win32.Obfuscated.ev;
[McAfee]Downloader-AXI,Downloader-AXI.gen;
[F-Prot]W32/Downloader.AGJH,W32/Downloader.AGJI,W32/Downloader.AGJF,W32/Downloader.AGJG;
[Other]TROJ_BUSKY,Trojan-Downloader.Busky,Trojan-Downloader.Busky.AZ,TROJ_BUSKY.AE,Trojan-Downloader.Win32.Busky.a,TROJ_BUSKY.AC,TROJ_BUSKY.CO,trojan-busky,W32/Malware,W32/Agent.AKJB,W32/Malware/ALP,W32/Agent.AKNA,W32/Agent/ALVW,W32/Malware.AX,W32/Agent.AKOF,W32/Malware.BH,W32/Agent.AKOE,win32/Busky.J,Trojan.Busky,Win32/Busky.B,Win32/Busky.D,Win32/Busky.G,Win32/Busky.L,Trojan Horse,Win32/Busky.M,Win32/Busky.N,Win32/Busky.O,Win32/Busky.P,Win32/Busky.V,Win32/Busky.W,Win32/Busky.AA,Win32/Busky.AB,Win32/Busky.AC,Win32/Busky.AH,Win32/Busky!generic,Trojan:Win32/Busky.gen,W32/Busky!generic

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\bdlvtbk.dll
[%SYSTEM%]\bjifygn.dll
[%SYSTEM%]\bnoiqxd.dll
[%SYSTEM%]\budwhwi.dll
[%SYSTEM%]\cfuquzc.dll
[%SYSTEM%]\clsvsbit.exe
[%SYSTEM%]\dakspfk.dll
[%SYSTEM%]\eemelxe.dll
[%SYSTEM%]\ejmyngn.dll
[%SYSTEM%]\etoddkj.dll
[%SYSTEM%]\eukvgei.dll
[%SYSTEM%]\fhbfkmc.dll
[%SYSTEM%]\flvcjre.dll
[%SYSTEM%]\fvnuhcd.dll
[%SYSTEM%]\gfxprue.dll
[%SYSTEM%]\grjiwjh.dll
[%SYSTEM%]\guhtzpm.dll
[%SYSTEM%]\gybdhpc.dll
[%SYSTEM%]\h91746.exe
[%SYSTEM%]\hkumlmd.dll
[%SYSTEM%]\hpxslce.dll
[%SYSTEM%]\hzrdmld.dll
[%SYSTEM%]\ibweowe.dll
[%SYSTEM%]\iisubpl.dll
[%SYSTEM%]\ilqnrme.dll
[%SYSTEM%]\izuoqsn.dll
[%SYSTEM%]\kabzmhd.dll
[%SYSTEM%]\kvzupek.dll
[%SYSTEM%]\lcpcwsn.dll
[%SYSTEM%]\lelctpm.dll
[%SYSTEM%]\lupkpqk.dll
[%SYSTEM%]\lxnzoqc.dll
[%SYSTEM%]\maxfcpd.dll
[%SYSTEM%]\mjavoej.dll
[%SYSTEM%]\mynyric.dll
[%SYSTEM%]\nwjyaec.dll
[%SYSTEM%]\nzdmpq.dll
[%SYSTEM%]\omzcire.dll
[%SYSTEM%]\onfdqec.dll
[%SYSTEM%]\otnkwpl.dll
[%SYSTEM%]\pagkykd.dll
[%SYSTEM%]\pdvyeng.dll
[%SYSTEM%]\peafson.dll
[%SYSTEM%]\pilxpkf.dll
[%SYSTEM%]\pjknfvb.dll
[%SYSTEM%]\qpwitvh.dll
[%SYSTEM%]\qtcneel.dll
[%SYSTEM%]\rkgdfmb.dll
[%SYSTEM%]\rmdrfje.dll
[%SYSTEM%]\rneztej.dll
[%SYSTEM%]\sciekad.dll
[%SYSTEM%]\svmayuj.dll
[%SYSTEM%]\sxyivse.dll
[%SYSTEM%]\ttqymsb.dll
[%SYSTEM%]\udqbhke.dll
[%SYSTEM%]\uhvjsul.dll
[%SYSTEM%]\uideaz.dll
[%SYSTEM%]\unaoakg.dll
[%SYSTEM%]\vspflv.dll
[%SYSTEM%]\wecdth.dll
[%SYSTEM%]\wkldcw.dll
[%SYSTEM%]\xbnojle.dll
[%SYSTEM%]\xzauovf.dll
[%SYSTEM%]\ydnebaf.dll
[%SYSTEM%]\zbcvvnm.dll
[%SYSTEM%]\zszqfnh.dll
[%SYSTEM%]\bdlvtbk.dll
[%SYSTEM%]\bjifygn.dll
[%SYSTEM%]\bnoiqxd.dll
[%SYSTEM%]\budwhwi.dll
[%SYSTEM%]\cfuquzc.dll
[%SYSTEM%]\clsvsbit.exe
[%SYSTEM%]\dakspfk.dll
[%SYSTEM%]\eemelxe.dll
[%SYSTEM%]\ejmyngn.dll
[%SYSTEM%]\etoddkj.dll
[%SYSTEM%]\eukvgei.dll
[%SYSTEM%]\fhbfkmc.dll
[%SYSTEM%]\flvcjre.dll
[%SYSTEM%]\fvnuhcd.dll
[%SYSTEM%]\gfxprue.dll
[%SYSTEM%]\grjiwjh.dll
[%SYSTEM%]\guhtzpm.dll
[%SYSTEM%]\gybdhpc.dll
[%SYSTEM%]\h91746.exe
[%SYSTEM%]\hkumlmd.dll
[%SYSTEM%]\hpxslce.dll
[%SYSTEM%]\hzrdmld.dll
[%SYSTEM%]\ibweowe.dll
[%SYSTEM%]\iisubpl.dll
[%SYSTEM%]\ilqnrme.dll
[%SYSTEM%]\izuoqsn.dll
[%SYSTEM%]\kabzmhd.dll
[%SYSTEM%]\kvzupek.dll
[%SYSTEM%]\lcpcwsn.dll
[%SYSTEM%]\lelctpm.dll
[%SYSTEM%]\lupkpqk.dll
[%SYSTEM%]\lxnzoqc.dll
[%SYSTEM%]\maxfcpd.dll
[%SYSTEM%]\mjavoej.dll
[%SYSTEM%]\mynyric.dll
[%SYSTEM%]\nwjyaec.dll
[%SYSTEM%]\nzdmpq.dll
[%SYSTEM%]\omzcire.dll
[%SYSTEM%]\onfdqec.dll
[%SYSTEM%]\otnkwpl.dll
[%SYSTEM%]\pagkykd.dll
[%SYSTEM%]\pdvyeng.dll
[%SYSTEM%]\peafson.dll
[%SYSTEM%]\pilxpkf.dll
[%SYSTEM%]\pjknfvb.dll
[%SYSTEM%]\qpwitvh.dll
[%SYSTEM%]\qtcneel.dll
[%SYSTEM%]\rkgdfmb.dll
[%SYSTEM%]\rmdrfje.dll
[%SYSTEM%]\rneztej.dll
[%SYSTEM%]\sciekad.dll
[%SYSTEM%]\svmayuj.dll
[%SYSTEM%]\sxyivse.dll
[%SYSTEM%]\ttqymsb.dll
[%SYSTEM%]\udqbhke.dll
[%SYSTEM%]\uhvjsul.dll
[%SYSTEM%]\uideaz.dll
[%SYSTEM%]\unaoakg.dll
[%SYSTEM%]\vspflv.dll
[%SYSTEM%]\wecdth.dll
[%SYSTEM%]\wkldcw.dll
[%SYSTEM%]\xbnojle.dll
[%SYSTEM%]\xzauovf.dll
[%SYSTEM%]\ydnebaf.dll
[%SYSTEM%]\zbcvvnm.dll
[%SYSTEM%]\zszqfnh.dll

How to detect Busky:

Files: [%SYSTEM%]\bdlvtbk.dll [%SYSTEM%]\bjifygn.dll [%SYSTEM%]\bnoiqxd.dll [%SYSTEM%]\budwhwi.dll [%SYSTEM%]\cfuquzc.dll [%SYSTEM%]\clsvsbit.exe [%SYSTEM%]\dakspfk.dll [%SYSTEM%]\eemelxe.dll [%SYSTEM%]\ejmyngn.dll [%SYSTEM%]\etoddkj.dll [%SYSTEM%]\eukvgei.dll [%SYSTEM%]\fhbfkmc.dll [%SYSTEM%]\flvcjre.dll [%SYSTEM%]\fvnuhcd.dll [%SYSTEM%]\gfxprue.dll [%SYSTEM%]\grjiwjh.dll [%SYSTEM%]\guhtzpm.dll [%SYSTEM%]\gybdhpc.dll [%SYSTEM%]\h91746.exe [%SYSTEM%]\hkumlmd.dll [%SYSTEM%]\hpxslce.dll [%SYSTEM%]\hzrdmld.dll [%SYSTEM%]\ibweowe.dll [%SYSTEM%]\iisubpl.dll [%SYSTEM%]\ilqnrme.dll [%SYSTEM%]\izuoqsn.dll [%SYSTEM%]\kabzmhd.dll [%SYSTEM%]\kvzupek.dll [%SYSTEM%]\lcpcwsn.dll [%SYSTEM%]\lelctpm.dll [%SYSTEM%]\lupkpqk.dll [%SYSTEM%]\lxnzoqc.dll [%SYSTEM%]\maxfcpd.dll [%SYSTEM%]\mjavoej.dll [%SYSTEM%]\mynyric.dll [%SYSTEM%]\nwjyaec.dll [%SYSTEM%]\nzdmpq.dll [%SYSTEM%]\omzcire.dll [%SYSTEM%]\onfdqec.dll [%SYSTEM%]\otnkwpl.dll [%SYSTEM%]\pagkykd.dll [%SYSTEM%]\pdvyeng.dll [%SYSTEM%]\peafson.dll [%SYSTEM%]\pilxpkf.dll [%SYSTEM%]\pjknfvb.dll [%SYSTEM%]\qpwitvh.dll [%SYSTEM%]\qtcneel.dll [%SYSTEM%]\rkgdfmb.dll [%SYSTEM%]\rmdrfje.dll [%SYSTEM%]\rneztej.dll [%SYSTEM%]\sciekad.dll [%SYSTEM%]\svmayuj.dll [%SYSTEM%]\sxyivse.dll [%SYSTEM%]\ttqymsb.dll [%SYSTEM%]\udqbhke.dll [%SYSTEM%]\uhvjsul.dll [%SYSTEM%]\uideaz.dll [%SYSTEM%]\unaoakg.dll [%SYSTEM%]\vspflv.dll [%SYSTEM%]\wecdth.dll [%SYSTEM%]\wkldcw.dll [%SYSTEM%]\xbnojle.dll [%SYSTEM%]\xzauovf.dll [%SYSTEM%]\ydnebaf.dll [%SYSTEM%]\zbcvvnm.dll [%SYSTEM%]\zszqfnh.dll [%SYSTEM%]\bdlvtbk.dll [%SYSTEM%]\bjifygn.dll [%SYSTEM%]\bnoiqxd.dll [%SYSTEM%]\budwhwi.dll [%SYSTEM%]\cfuquzc.dll [%SYSTEM%]\clsvsbit.exe [%SYSTEM%]\dakspfk.dll [%SYSTEM%]\eemelxe.dll [%SYSTEM%]\ejmyngn.dll [%SYSTEM%]\etoddkj.dll [%SYSTEM%]\eukvgei.dll [%SYSTEM%]\fhbfkmc.dll [%SYSTEM%]\flvcjre.dll [%SYSTEM%]\fvnuhcd.dll [%SYSTEM%]\gfxprue.dll [%SYSTEM%]\grjiwjh.dll [%SYSTEM%]\guhtzpm.dll [%SYSTEM%]\gybdhpc.dll [%SYSTEM%]\h91746.exe [%SYSTEM%]\hkumlmd.dll [%SYSTEM%]\hpxslce.dll [%SYSTEM%]\hzrdmld.dll [%SYSTEM%]\ibweowe.dll [%SYSTEM%]\iisubpl.dll [%SYSTEM%]\ilqnrme.dll [%SYSTEM%]\izuoqsn.dll [%SYSTEM%]\kabzmhd.dll [%SYSTEM%]\kvzupek.dll [%SYSTEM%]\lcpcwsn.dll [%SYSTEM%]\lelctpm.dll [%SYSTEM%]\lupkpqk.dll [%SYSTEM%]\lxnzoqc.dll [%SYSTEM%]\maxfcpd.dll [%SYSTEM%]\mjavoej.dll [%SYSTEM%]\mynyric.dll [%SYSTEM%]\nwjyaec.dll [%SYSTEM%]\nzdmpq.dll [%SYSTEM%]\omzcire.dll [%SYSTEM%]\onfdqec.dll [%SYSTEM%]\otnkwpl.dll [%SYSTEM%]\pagkykd.dll [%SYSTEM%]\pdvyeng.dll [%SYSTEM%]\peafson.dll [%SYSTEM%]\pilxpkf.dll [%SYSTEM%]\pjknfvb.dll [%SYSTEM%]\qpwitvh.dll [%SYSTEM%]\qtcneel.dll [%SYSTEM%]\rkgdfmb.dll [%SYSTEM%]\rmdrfje.dll [%SYSTEM%]\rneztej.dll [%SYSTEM%]\sciekad.dll [%SYSTEM%]\svmayuj.dll [%SYSTEM%]\sxyivse.dll [%SYSTEM%]\ttqymsb.dll [%SYSTEM%]\udqbhke.dll [%SYSTEM%]\uhvjsul.dll [%SYSTEM%]\uideaz.dll [%SYSTEM%]\unaoakg.dll [%SYSTEM%]\vspflv.dll [%SYSTEM%]\wecdth.dll [%SYSTEM%]\wkldcw.dll [%SYSTEM%]\xbnojle.dll [%SYSTEM%]\xzauovf.dll [%SYSTEM%]\ydnebaf.dll [%SYSTEM%]\zbcvvnm.dll [%SYSTEM%]\zszqfnh.dll

Registry Keys: HKEY_CLASSES_ROOT\CLSID\{278B661A-14A8-D8B0-6AF4-03088B866149} HKEY_CURRENT_USER\software\adwaredisablekey3 HKEY_LOCAL_MACHINE\software\adwaredisablekey3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{278B661A-14A8-D8B0-6AF4-03088B866149} HKEY_CLASSES_ROOT\clsid\{009aedc9-6712-dcbc-f2cb-027f1a9ea9f5} HKEY_CLASSES_ROOT\clsid\{0172cdd0-a175-7c8e-d347-0023a500ce0e} HKEY_CLASSES_ROOT\clsid\{047e9e19-6e5a-d335-60b0-03d3d0ec4a6f} HKEY_CLASSES_ROOT\clsid\{05b8d9c8-35af-946e-72b1-08d571a4e36b} HKEY_CLASSES_ROOT\clsid\{0aa8c7c4-b77f-4ef1-730a-082857c4661d} HKEY_CLASSES_ROOT\clsid\{0b1e6648-0d12-be36-88fb-06f5c429ba8a} HKEY_CLASSES_ROOT\clsid\{0b72aea5-e0f6-53d5-9471-019d3aa975f7} HKEY_CLASSES_ROOT\clsid\{1524ce73-0c0c-a337-300f-09109cb3fa44} HKEY_CLASSES_ROOT\clsid\{15b92608-42ca-06f4-4a9c-070ffabf4092} HKEY_CLASSES_ROOT\clsid\{1a79cbbd-8595-e45e-f2cc-0401d8c92058} HKEY_CLASSES_ROOT\clsid\{1c75d909-7e73-0312-6749-07899e467b86} HKEY_CLASSES_ROOT\clsid\{25750e26-fe58-5837-677a-0a4ff4c4c579} HKEY_CLASSES_ROOT\clsid\{26122534-e125-7854-aae7-09262fcb0a80} HKEY_CLASSES_ROOT\clsid\{278b661a-14a8-d8b0-6af4-03088b866149} HKEY_CLASSES_ROOT\clsid\{28a6f308-82eb-6010-cb92-0a4831e99075} HKEY_CLASSES_ROOT\clsid\{2bd50752-2dc0-f508-168e-03365faebb12} HKEY_CLASSES_ROOT\clsid\{2d86128a-f318-a748-a871-09afa0430634} HKEY_CLASSES_ROOT\clsid\{2dcd59be-0dcc-8908-9f6b-077229571718} HKEY_CLASSES_ROOT\clsid\{2f6ef700-5bed-8289-ddae-01a02e7ded5b} HKEY_CLASSES_ROOT\clsid\{363e1ea2-31cb-8bce-ddca-018a9b3f586d} HKEY_CLASSES_ROOT\clsid\{3efe2706-746b-af14-79a5-028686e4ec72} HKEY_CLASSES_ROOT\clsid\{41120f2f-0a07-c731-a9da-005beabba1d4} HKEY_CLASSES_ROOT\clsid\{418f9de9-29c3-ab63-6b6c-00f390d73ed4} HKEY_CLASSES_ROOT\clsid\{4226ed21-1427-921b-6bf3-0247c54a7c2e} HKEY_CLASSES_ROOT\clsid\{42cb384a-870f-1878-af27-0191157c1336} HKEY_CLASSES_ROOT\clsid\{4305c6dc-6a28-9288-e2be-09666f4838c4} HKEY_CLASSES_ROOT\clsid\{44c0d652-fb53-322b-3446-080360e80e02} HKEY_CLASSES_ROOT\clsid\{48869e2e-da3b-e706-0954-026ce42e5fe4} HKEY_CLASSES_ROOT\clsid\{546c0c65-ef63-707e-d805-055894f6f3b1} HKEY_CLASSES_ROOT\clsid\{590e6791-dc3f-96cf-fe6f-02a7d7f736f8} HKEY_CLASSES_ROOT\clsid\{59607e36-b0ab-e5f7-0c6d-02f83faf176f} HKEY_CLASSES_ROOT\clsid\{59900857-4d71-782e-2cd8-06375ac562c8} HKEY_CLASSES_ROOT\clsid\{5b00ad7d-9d87-a103-059f-003b317cca16} HKEY_CLASSES_ROOT\clsid\{5bf2458f-aacf-7e21-dc47-06f6c36c095e} HKEY_CLASSES_ROOT\clsid\{5ca47164-603c-8ad4-1f41-003f3bb8926c} HKEY_CLASSES_ROOT\clsid\{5f60e4ab-d996-b848-70ff-0866db27a4a6} HKEY_CLASSES_ROOT\clsid\{603857ae-34a4-0a11-a517-001a1c656a4d} HKEY_CLASSES_ROOT\clsid\{6cd47507-3a69-873b-fa8e-074bda9f4fb3} HKEY_CLASSES_ROOT\clsid\{704a5ff4-883c-cb14-1919-03a9cd93aeb9} HKEY_CLASSES_ROOT\clsid\{73f75063-9aa5-3cb9-393d-0aaf6bf39632} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{009aedc9-6712-dcbc-f2cb-027f1a9ea9f5} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0172cdd0-a175-7c8e-d347-0023a500ce0e} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{05b8d9c8-35af-946e-72b1-08d571a4e36b} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0aa8c7c4-b77f-4ef1-730a-082857c4661d} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0b1e6648-0d12-be36-88fb-06f5c429ba8a} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0b72aea5-e0f6-53d5-9471-019d3aa975f7} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1524ce73-0c0c-a337-300f-09109cb3fa44} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{15b92608-42ca-06f4-4a9c-070ffabf4092} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1a79cbbd-8595-e45e-f2cc-0401d8c92058} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1c75d909-7e73-0312-6749-07899e467b86} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{25750e26-fe58-5837-677a-0a4ff4c4c579} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{26122534-e125-7854-aae7-09262fcb0a80} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{278b661a-14a8-d8b0-6af4-03088b866149} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{28a6f308-82eb-6010-cb92-0a4831e99075} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2bd50752-2dc0-f508-168e-03365faebb12} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2d86128a-f318-a748-a871-09afa0430634} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2dcd59be-0dcc-8908-9f6b-077229571718} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2f6ef700-5bed-8289-ddae-01a02e7ded5b} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{363e1ea2-31cb-8bce-ddca-018a9b3f586d} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3efe2706-746b-af14-79a5-028686e4ec72} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{41120f2f-0a07-c731-a9da-005beabba1d4} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{418f9de9-29c3-ab63-6b6c-00f390d73ed4} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4226ed21-1427-921b-6bf3-0247c54a7c2e} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{42cb384a-870f-1878-af27-0191157c1336} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4305c6dc-6a28-9288-e2be-09666f4838c4} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{44c0d652-fb53-322b-3446-080360e80e02} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{48869e2e-da3b-e706-0954-026ce42e5fe4} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{590e6791-dc3f-96cf-fe6f-02a7d7f736f8} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{59607e36-b0ab-e5f7-0c6d-02f83faf176f} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5b00ad7d-9d87-a103-059f-003b317cca16} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5bf2458f-aacf-7e21-dc47-06f6c36c095e} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5ca47164-603c-8ad4-1f41-003f3bb8926c} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5f60e4ab-d996-b848-70ff-0866db27a4a6} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{603857ae-34a4-0a11-a517-001a1c656a4d} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6cd47507-3a69-873b-fa8e-074bda9f4fb3} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{704a5ff4-883c-cb14-1919-03a9cd93aeb9}

Registry Values: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Busky:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Video.Mode Trojan Information
Removing Pigeon.AVCB Trojan
WordMacro.Concept Trojan Symptoms
Remove Pigeon.AVGP Trojan
Removing Nogzoeen Trojan

Blog Archive

About Me

Friday, December 12, 2008

How to detect AdMoke:

Removing AdMoke:

How to detect Win32.DelP2P:

Removing Win32.DelP2P:

How to detect Netguarder.Web.Cleaner:

Removing Netguarder.Web.Cleaner:

How to detect IESecurityPro:

Removing IESecurityPro:

How to detect Downloader.BCF:

Removing Downloader.BCF:

How to detect Efewe:

Removing Efewe:

How to detect NS.Keylogger:

Removing NS.Keylogger:

How to detect FirewallBypass:

Removing FirewallBypass:

How to detect FlashGet:

Removing FlashGet:

How to detect Sin.Cyn:

Removing Sin.Cyn:

How to detect SillyDl:

Removing SillyDl:

How to detect Smondev:

Removing Smondev:

How to detect Nedky:

Removing Nedky:

How to detect Power.Linking.Profits.com:

Removing Power.Linking.Profits.com:

How to detect #1.Killer:

Removing #1.Killer:

How to detect ScanandRepair:

Removing ScanandRepair:

How to detect SysProtect:

Removing SysProtect:

How to detect Busky:

Removing Busky: