Saturday, December 13, 2008

TTC Adware

Removing TTC
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

TTC Also known as:

[Kaspersky]AdWare.Win32.TTC.b,AdWare.Win32.TTC.c;
[McAfee]Zquest.dr;
[Other]Adware.TTC,SecurityRiskOn
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\camg-77798.exe
[%PROFILE_TEMP%]\camg-77798.exe.ren
[%PROGRAM_FILES%]\Internet Explorer\tebohije83122.dll
[%PROGRAM_FILES%]\Movie Maker\hoxyhuro77798.exe
[%PROGRAM_FILES%]\MSN Gaming Zone\hokevof83122.dll
[%PROGRAM_FILES%]\NetMeeting\tegewije77798.exe
[%PROGRAM_FILES%]\Online Services\hosecuky43855.dll
[%PROGRAM_FILES%]\Windows NT\hokemoqyz83122.dll
[%PROGRAM_FILES%]\WindowsUpdate\vihyni83122.dll
[%SYSTEM%]\skna455101.exe
[%PROFILE_TEMP%]\camg-77798.exe
[%PROFILE_TEMP%]\camg-77798.exe.ren
[%PROGRAM_FILES%]\Internet Explorer\tebohije83122.dll
[%PROGRAM_FILES%]\Movie Maker\hoxyhuro77798.exe
[%PROGRAM_FILES%]\MSN Gaming Zone\hokevof83122.dll
[%PROGRAM_FILES%]\NetMeeting\tegewije77798.exe
[%PROGRAM_FILES%]\Online Services\hosecuky43855.dll
[%PROGRAM_FILES%]\Windows NT\hokemoqyz83122.dll
[%PROGRAM_FILES%]\WindowsUpdate\vihyni83122.dll
[%SYSTEM%]\skna455101.exe

How to detect TTC:

Files:
[%PROFILE_TEMP%]\camg-77798.exe
[%PROFILE_TEMP%]\camg-77798.exe.ren
[%PROGRAM_FILES%]\Internet Explorer\tebohije83122.dll
[%PROGRAM_FILES%]\Movie Maker\hoxyhuro77798.exe
[%PROGRAM_FILES%]\MSN Gaming Zone\hokevof83122.dll
[%PROGRAM_FILES%]\NetMeeting\tegewije77798.exe
[%PROGRAM_FILES%]\Online Services\hosecuky43855.dll
[%PROGRAM_FILES%]\Windows NT\hokemoqyz83122.dll
[%PROGRAM_FILES%]\WindowsUpdate\vihyni83122.dll
[%SYSTEM%]\skna455101.exe
[%PROFILE_TEMP%]\camg-77798.exe
[%PROFILE_TEMP%]\camg-77798.exe.ren
[%PROGRAM_FILES%]\Internet Explorer\tebohije83122.dll
[%PROGRAM_FILES%]\Movie Maker\hoxyhuro77798.exe
[%PROGRAM_FILES%]\MSN Gaming Zone\hokevof83122.dll
[%PROGRAM_FILES%]\NetMeeting\tegewije77798.exe
[%PROGRAM_FILES%]\Online Services\hosecuky43855.dll
[%PROGRAM_FILES%]\Windows NT\hokemoqyz83122.dll
[%PROGRAM_FILES%]\WindowsUpdate\vihyni83122.dll
[%SYSTEM%]\skna455101.exe

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{12e04497-60f6-4656-8d11-59b26e9a8f49}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{12e04497-60f6-4656-8d11-59b26e9a8f49}

Removing TTC:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Rbot.ASW Worm
RVP Adware Removal instruction

Posted by at No comments:

SpyLab.WebSpy Spyware

Removing SpyLab.WebSpy
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.
Visible Symptoms:
Files in system folders:
[%COMMON_PROGRAMS%]\Spylab WebSpy\Spylab WebSpy.lnk
[%COMMON_PROGRAMS%]\Spylab WebSpy\Uninstall Spylab WebSpy.lnk
[%COMMON_PROGRAMS%]\Spylab WebSpy\WebSpy Help.lnk
[%COMMON_PROGRAMS%]\Spylab WebSpy\WebSpy On The Web.lnk
[%DESKTOP%]\Spylab WebSpy.lnk
[%SYSTEM%]\WebSpy.lnk
[%COMMON_PROGRAMS%]\Spylab WebSpy\Spylab WebSpy.lnk
[%COMMON_PROGRAMS%]\Spylab WebSpy\Uninstall Spylab WebSpy.lnk
[%COMMON_PROGRAMS%]\Spylab WebSpy\WebSpy Help.lnk
[%COMMON_PROGRAMS%]\Spylab WebSpy\WebSpy On The Web.lnk
[%DESKTOP%]\Spylab WebSpy.lnk
[%SYSTEM%]\WebSpy.lnk

How to detect SpyLab.WebSpy:

Files:
[%COMMON_PROGRAMS%]\Spylab WebSpy\Spylab WebSpy.lnk
[%COMMON_PROGRAMS%]\Spylab WebSpy\Uninstall Spylab WebSpy.lnk
[%COMMON_PROGRAMS%]\Spylab WebSpy\WebSpy Help.lnk
[%COMMON_PROGRAMS%]\Spylab WebSpy\WebSpy On The Web.lnk
[%DESKTOP%]\Spylab WebSpy.lnk
[%SYSTEM%]\WebSpy.lnk
[%COMMON_PROGRAMS%]\Spylab WebSpy\Spylab WebSpy.lnk
[%COMMON_PROGRAMS%]\Spylab WebSpy\Uninstall Spylab WebSpy.lnk
[%COMMON_PROGRAMS%]\Spylab WebSpy\WebSpy Help.lnk
[%COMMON_PROGRAMS%]\Spylab WebSpy\WebSpy On The Web.lnk
[%DESKTOP%]\Spylab WebSpy.lnk
[%SYSTEM%]\WebSpy.lnk

Folders:
[%PROGRAM_FILES%]\spylab

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing SpyLab.WebSpy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Small.B Trojan Removal

Posted by at No comments:

BrowserAid.Startium BHO

Removing BrowserAid.Startium
Categories: BHO,Toolbar
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.
BrowserAid.Startium Also known as:

[Panda]Adware/BrowserAid
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\stlbupdt.dll
[%DESKTOP%]\mypcsearch.lnk
[%SYSTEM%]\stlbad123.dll
[%SYSTEM%]\stlbdist.dll
[%WINDOWS%]\mwsvm.dat
[%WINDOWS%]\system\stlbad123.dll
[%WINDOWS%]\system\stlbdist.dll
[%WINDOWS%]\system\stlbupdt.dll
[%SYSTEM%]\stlbupdt.dll
[%DESKTOP%]\mypcsearch.lnk
[%SYSTEM%]\stlbad123.dll
[%SYSTEM%]\stlbdist.dll
[%WINDOWS%]\mwsvm.dat
[%WINDOWS%]\system\stlbad123.dll
[%WINDOWS%]\system\stlbdist.dll
[%WINDOWS%]\system\stlbupdt.dll

How to detect BrowserAid.Startium:

Files:
[%SYSTEM%]\stlbupdt.dll
[%DESKTOP%]\mypcsearch.lnk
[%SYSTEM%]\stlbad123.dll
[%SYSTEM%]\stlbdist.dll
[%WINDOWS%]\mwsvm.dat
[%WINDOWS%]\system\stlbad123.dll
[%WINDOWS%]\system\stlbdist.dll
[%WINDOWS%]\system\stlbupdt.dll
[%SYSTEM%]\stlbupdt.dll
[%DESKTOP%]\mypcsearch.lnk
[%SYSTEM%]\stlbad123.dll
[%SYSTEM%]\stlbdist.dll
[%WINDOWS%]\mwsvm.dat
[%WINDOWS%]\system\stlbad123.dll
[%WINDOWS%]\system\stlbdist.dll
[%WINDOWS%]\system\stlbupdt.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{2cf0b992-5eeb-4143-99c0-5297ef71f44a}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{2cf0b992-5eeb-4143-99c0-5297ef71f443}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{2cf0b992-5eeb-4143-99c0-5297ef71f444}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{2cf0b992-5eeb-4143-99c0-5297ef71f44a}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{2cf0b992-5eeb-4143-99c2-5297ef71f44a}
HKEY_LOCAL_MACHINE\software\classes\clsid\{2cf0b992-5eeb-4143-99c0-5297ef71f443}
HKEY_LOCAL_MACHINE\software\classes\clsid\{2cf0b992-5eeb-4143-99c0-5297ef71f444}
HKEY_LOCAL_MACHINE\software\classes\clsid\{2cf0b992-5eeb-4143-99c0-5297ef71f44a}
HKEY_LOCAL_MACHINE\software\classes\clsid\{2cf0b992-5eeb-4143-99c2-5297ef71f44a}
HKEY_LOCAL_MACHINE\software\classes\clsid\{2cf0b992-5eeb-4143-99c2-5297ef71f44b}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2cf0b992-5eeb-4143-99c0-5297ef71f444}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2cf0b992-5eeb-4143-99c0-5297ef71f44a}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing BrowserAid.Startium:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Moron Trojan Symptoms
BoySoft.ICQ.Rescue Trojan Removal
Haxdoor Trojan Removal
Remove Bancos.HES Trojan
Remove Randex Trojan

Posted by at No comments:

PPGou Worm

Removing PPGou
Categories: Worm
Worms can be classified according to the propagation method they use,
i.e. how they deliver copies of themselves to new victim machines.
Worms can also be classified by installation method, launch method and finally according
to characteristics standard to all malware: polymorphism, stealth etc.

Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.
The methods are listed separately below.
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\PPGou\CatchUrlUser.txt
[%PROGRAM_FILES%]\PPGou\ClientNoKey.txt
[%PROGRAM_FILES%]\PPGou\FrdInfo.dll
[%PROGRAM_FILES%]\PPGou\geturl.htm
[%PROGRAM_FILES%]\PPGou\LoGo\16X16_1.bmp
[%PROGRAM_FILES%]\PPGou\LoGo\16X16_2.bmp
[%PROGRAM_FILES%]\PPGou\LoGo\ICO.ico
[%PROGRAM_FILES%]\PPGou\LoGo\Load.gif
[%PROGRAM_FILES%]\PPGou\LoGo\LoGo.gif
[%PROGRAM_FILES%]\PPGou\NewVer.ini
[%PROGRAM_FILES%]\PPGou\PlanWeb.txt
[%PROGRAM_FILES%]\PPGou\Plug\50040013.exe
[%PROGRAM_FILES%]\PPGou\Plug\bind_8414.exe
[%PROGRAM_FILES%]\PPGou\Plug\DIYNETSetupUni.exe
[%PROGRAM_FILES%]\PPGou\Plug\ppgou0610_cns_yassist.exe
[%PROGRAM_FILES%]\PPGou\Plug\ppgou_233.exe
[%PROGRAM_FILES%]\PPGou\PPAutoDown4.ocx
[%PROGRAM_FILES%]\PPGou\PPGIECom6.dll
[%PROGRAM_FILES%]\PPGou\PPGou.exe
[%PROGRAM_FILES%]\PPGou\UNPPGou.EXE.lnk
[%PROGRAM_FILES%]\PPGou\CatchUrlUser.txt
[%PROGRAM_FILES%]\PPGou\ClientNoKey.txt
[%PROGRAM_FILES%]\PPGou\FrdInfo.dll
[%PROGRAM_FILES%]\PPGou\geturl.htm
[%PROGRAM_FILES%]\PPGou\LoGo\16X16_1.bmp
[%PROGRAM_FILES%]\PPGou\LoGo\16X16_2.bmp
[%PROGRAM_FILES%]\PPGou\LoGo\ICO.ico
[%PROGRAM_FILES%]\PPGou\LoGo\Load.gif
[%PROGRAM_FILES%]\PPGou\LoGo\LoGo.gif
[%PROGRAM_FILES%]\PPGou\NewVer.ini
[%PROGRAM_FILES%]\PPGou\PlanWeb.txt
[%PROGRAM_FILES%]\PPGou\Plug\50040013.exe
[%PROGRAM_FILES%]\PPGou\Plug\bind_8414.exe
[%PROGRAM_FILES%]\PPGou\Plug\DIYNETSetupUni.exe
[%PROGRAM_FILES%]\PPGou\Plug\ppgou0610_cns_yassist.exe
[%PROGRAM_FILES%]\PPGou\Plug\ppgou_233.exe
[%PROGRAM_FILES%]\PPGou\PPAutoDown4.ocx
[%PROGRAM_FILES%]\PPGou\PPGIECom6.dll
[%PROGRAM_FILES%]\PPGou\PPGou.exe
[%PROGRAM_FILES%]\PPGou\UNPPGou.EXE.lnk

How to detect PPGou:

Files:
[%PROGRAM_FILES%]\PPGou\CatchUrlUser.txt
[%PROGRAM_FILES%]\PPGou\ClientNoKey.txt
[%PROGRAM_FILES%]\PPGou\FrdInfo.dll
[%PROGRAM_FILES%]\PPGou\geturl.htm
[%PROGRAM_FILES%]\PPGou\LoGo\16X16_1.bmp
[%PROGRAM_FILES%]\PPGou\LoGo\16X16_2.bmp
[%PROGRAM_FILES%]\PPGou\LoGo\ICO.ico
[%PROGRAM_FILES%]\PPGou\LoGo\Load.gif
[%PROGRAM_FILES%]\PPGou\LoGo\LoGo.gif
[%PROGRAM_FILES%]\PPGou\NewVer.ini
[%PROGRAM_FILES%]\PPGou\PlanWeb.txt
[%PROGRAM_FILES%]\PPGou\Plug\50040013.exe
[%PROGRAM_FILES%]\PPGou\Plug\bind_8414.exe
[%PROGRAM_FILES%]\PPGou\Plug\DIYNETSetupUni.exe
[%PROGRAM_FILES%]\PPGou\Plug\ppgou0610_cns_yassist.exe
[%PROGRAM_FILES%]\PPGou\Plug\ppgou_233.exe
[%PROGRAM_FILES%]\PPGou\PPAutoDown4.ocx
[%PROGRAM_FILES%]\PPGou\PPGIECom6.dll
[%PROGRAM_FILES%]\PPGou\PPGou.exe
[%PROGRAM_FILES%]\PPGou\UNPPGou.EXE.lnk
[%PROGRAM_FILES%]\PPGou\CatchUrlUser.txt
[%PROGRAM_FILES%]\PPGou\ClientNoKey.txt
[%PROGRAM_FILES%]\PPGou\FrdInfo.dll
[%PROGRAM_FILES%]\PPGou\geturl.htm
[%PROGRAM_FILES%]\PPGou\LoGo\16X16_1.bmp
[%PROGRAM_FILES%]\PPGou\LoGo\16X16_2.bmp
[%PROGRAM_FILES%]\PPGou\LoGo\ICO.ico
[%PROGRAM_FILES%]\PPGou\LoGo\Load.gif
[%PROGRAM_FILES%]\PPGou\LoGo\LoGo.gif
[%PROGRAM_FILES%]\PPGou\NewVer.ini
[%PROGRAM_FILES%]\PPGou\PlanWeb.txt
[%PROGRAM_FILES%]\PPGou\Plug\50040013.exe
[%PROGRAM_FILES%]\PPGou\Plug\bind_8414.exe
[%PROGRAM_FILES%]\PPGou\Plug\DIYNETSetupUni.exe
[%PROGRAM_FILES%]\PPGou\Plug\ppgou0610_cns_yassist.exe
[%PROGRAM_FILES%]\PPGou\Plug\ppgou_233.exe
[%PROGRAM_FILES%]\PPGou\PPAutoDown4.ocx
[%PROGRAM_FILES%]\PPGou\PPGIECom6.dll
[%PROGRAM_FILES%]\PPGou\PPGou.exe
[%PROGRAM_FILES%]\PPGou\UNPPGou.EXE.lnk

Removing PPGou:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
PowerPoint.ShapeMaster Trojan Symptoms
ServU.based Backdoor Information
IBar.cn Toolbar Symptoms
Remove BackSocket Backdoor

Posted by at No comments:

Bancos.INM Trojan

Removing Bancos.INM
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Bancos.INM Also known as:

[Kaspersky]Trojan-Spy.Win32.Banker.drh;
[McAfee]PWS-Banker.gen.i
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\aviso.123456
[%SYSTEM%]\aviso.123456

How to detect Bancos.INM:

Files:
[%SYSTEM%]\aviso.123456
[%SYSTEM%]\aviso.123456

Removing Bancos.INM:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
EasyInstall Adware Symptoms
STOPzilla Hijacker Removal
Removing ELF.R40!Rootkit!Trojan Backdoor
Remove Pigeon.AWX Trojan
Removing Melter Trojan

Posted by at No comments:

Win32.Qoologic.bj Downloader

Removing Win32.Qoologic.bj
Categories: Downloader
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
Win32.Qoologic.bj Also known as:

[Kaspersky]Trojan-Downloader.Win32.Qoologic.bj;
[McAfee]Qoolaid;
[Other]Adware.QoolAid
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\f219535390.exe
[%PROFILE_TEMP%]\f415187.exe
[%PROFILE_TEMP%]\f518468.exe
[%SYSTEM%]\gsqpw.dat
[%SYSTEM%]\lnrocv.exe
[%SYSTEM%]\lwvbi.dat
[%SYSTEM%]\lxcda.dat
[%SYSTEM%]\ntxut.dat
[%SYSTEM%]\qlhso.dat
[%SYSTEM%]\qtodg.dat
[%SYSTEM%]\rurptef.dll
[%COMMON_STARTUP%]\cpbiw.exe
[%PROFILE_TEMP%]\f1150625.exe
[%SYSTEM%]\arflq.exe
[%SYSTEM%]\kiohqo.exe
[%SYSTEM%]\lmmpbtl.exe
[%SYSTEM%]\pfdkd.dat
[%SYSTEM%]\qpohiww.dll
[%WINDOWS%]\idvnh.dll
[%PROFILE_TEMP%]\f219535390.exe
[%PROFILE_TEMP%]\f415187.exe
[%PROFILE_TEMP%]\f518468.exe
[%SYSTEM%]\gsqpw.dat
[%SYSTEM%]\lnrocv.exe
[%SYSTEM%]\lwvbi.dat
[%SYSTEM%]\lxcda.dat
[%SYSTEM%]\ntxut.dat
[%SYSTEM%]\qlhso.dat
[%SYSTEM%]\qtodg.dat
[%SYSTEM%]\rurptef.dll
[%COMMON_STARTUP%]\cpbiw.exe
[%PROFILE_TEMP%]\f1150625.exe
[%SYSTEM%]\arflq.exe
[%SYSTEM%]\kiohqo.exe
[%SYSTEM%]\lmmpbtl.exe
[%SYSTEM%]\pfdkd.dat
[%SYSTEM%]\qpohiww.dll
[%WINDOWS%]\idvnh.dll

How to detect Win32.Qoologic.bj:

Files:
[%PROFILE_TEMP%]\f219535390.exe
[%PROFILE_TEMP%]\f415187.exe
[%PROFILE_TEMP%]\f518468.exe
[%SYSTEM%]\gsqpw.dat
[%SYSTEM%]\lnrocv.exe
[%SYSTEM%]\lwvbi.dat
[%SYSTEM%]\lxcda.dat
[%SYSTEM%]\ntxut.dat
[%SYSTEM%]\qlhso.dat
[%SYSTEM%]\qtodg.dat
[%SYSTEM%]\rurptef.dll
[%COMMON_STARTUP%]\cpbiw.exe
[%PROFILE_TEMP%]\f1150625.exe
[%SYSTEM%]\arflq.exe
[%SYSTEM%]\kiohqo.exe
[%SYSTEM%]\lmmpbtl.exe
[%SYSTEM%]\pfdkd.dat
[%SYSTEM%]\qpohiww.dll
[%WINDOWS%]\idvnh.dll
[%PROFILE_TEMP%]\f219535390.exe
[%PROFILE_TEMP%]\f415187.exe
[%PROFILE_TEMP%]\f518468.exe
[%SYSTEM%]\gsqpw.dat
[%SYSTEM%]\lnrocv.exe
[%SYSTEM%]\lwvbi.dat
[%SYSTEM%]\lxcda.dat
[%SYSTEM%]\ntxut.dat
[%SYSTEM%]\qlhso.dat
[%SYSTEM%]\qtodg.dat
[%SYSTEM%]\rurptef.dll
[%COMMON_STARTUP%]\cpbiw.exe
[%PROFILE_TEMP%]\f1150625.exe
[%SYSTEM%]\arflq.exe
[%SYSTEM%]\kiohqo.exe
[%SYSTEM%]\lmmpbtl.exe
[%SYSTEM%]\pfdkd.dat
[%SYSTEM%]\qpohiww.dll
[%WINDOWS%]\idvnh.dll

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing Win32.Qoologic.bj:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
WordMacro.Junkface Trojan Information
Trymedia Adware Removal instruction

Posted by at No comments:

Acext Spyware

Removing Acext
Categories: Spyware
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\ie_32.exe
[%WINDOWS%]\ie_32.exe

How to detect Acext:

Files:
[%WINDOWS%]\ie_32.exe
[%WINDOWS%]\ie_32.exe

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing Acext:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
BlueAngel Trojan Removal instruction
Speed Trojan Symptoms
PKings.IEHelper BHO Removal
bpk2003 Spyware Symptoms
Bomka Trojan Removal

Posted by at No comments:

SpySpotter Ransomware

Removing SpySpotter
Categories: Ransomware
The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.
Visible Symptoms:
Files in system folders:
[%STARTMENU%]\SpySpotter.lnk
[%STARTMENU%]\SpySpotter.lnk

How to detect SpySpotter:

Files:
[%STARTMENU%]\SpySpotter.lnk
[%STARTMENU%]\SpySpotter.lnk

Folders:
[%PROGRAM_FILES%]\SpySpotter
[%PROGRAM_FILES%]\SpySpotter3

Removing SpySpotter:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.AWW Trojan Symptoms

Posted by at No comments:

Tvmtwo Adware

Removing Tvmtwo
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Tvmtwo Also known as:

[Kaspersky]Trojan.Win32.VB.alb

How to detect Tvmtwo:

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing Tvmtwo:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Messiah Backdoor

Posted by at No comments:

VirtualBouncer Adware

Removing VirtualBouncer
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:
[%PROGRAMS%]\winfingerprint\winfingerprint help.lnk
[%WINDOWS%]\downloaded program files\bundleouter1132031209.exe
[%PROGRAMS%]\winfingerprint\winfingerprint help.lnk
[%WINDOWS%]\downloaded program files\bundleouter1132031209.exe

How to detect VirtualBouncer:

Files:
[%PROGRAMS%]\winfingerprint\winfingerprint help.lnk
[%WINDOWS%]\downloaded program files\bundleouter1132031209.exe
[%PROGRAMS%]\winfingerprint\winfingerprint help.lnk
[%WINDOWS%]\downloaded program files\bundleouter1132031209.exe

Folders:
[%PROFILE%]\start menu\programs\winfingerprint

Registry Keys:
HKEY_CURRENT_USER\software\vb and vba program settings\vbouncer

Removing VirtualBouncer:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Atwinda Trojan Removal
Stdecodw Trojan Symptoms

Posted by at No comments:

AntiVirusPro Ransomware

Removing AntiVirusPro
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe software that encrypts the data
belonging to an individual on a computer, demanding a ransom for its restoration.
Although the field known as cryptovirology predates the term "ransomware".
Visible Symptoms:
Files in system folders:
[%COMMON_DESKTOPDIRECTORY%]\Anti Virus Pro spyware remover.lnk
[%COMMON_DESKTOPDIRECTORY%]\Anti Virus Pro spyware remover.lnk

How to detect AntiVirusPro:

Files:
[%COMMON_DESKTOPDIRECTORY%]\Anti Virus Pro spyware remover.lnk
[%COMMON_DESKTOPDIRECTORY%]\Anti Virus Pro spyware remover.lnk

Folders:
[%PROGRAM_FILES%]\AntiVirusPro
[%COMMON_PROGRAMS%]\Anti Virus Pro spyware remover

Registry Keys:
HKEY_LOCAL_MACHINE\software\antiviruspro
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\anti virus pro spyware remover

Registry Values:
HKEY_CLASSES_ROOT\clsid\{dc021780-0db9-4c74-831d-64a68cd4a5fa}\inprocserver32
HKEY_CLASSES_ROOT\interface\{0afe119f-479b-4653-973a-5b3524e05f53}\typelib
HKEY_CLASSES_ROOT\interface\{0b885854-9680-4bc1-993b-6461721e51b8}\typelib
HKEY_CLASSES_ROOT\interface\{0d8054c9-db72-4928-a394-9f1f99adc842}\typelib
HKEY_CLASSES_ROOT\interface\{14ea9080-bb0b-4d10-b824-eb664d188d83}\typelib
HKEY_CLASSES_ROOT\interface\{2d9e3feb-9ad7-4ffe-934d-99f11c158cd3}\typelib
HKEY_CLASSES_ROOT\interface\{311c9076-5ea9-46b5-8cdd-df2b21a63bc6}\typelib
HKEY_CLASSES_ROOT\interface\{3cc3b165-76b5-4881-89cc-b9b2e371deba}\typelib
HKEY_CLASSES_ROOT\interface\{40d229a3-8fab-447b-b745-593bcc978e7e}\typelib
HKEY_CLASSES_ROOT\interface\{40f19c94-b585-40e3-9215-734af0797831}\typelib
HKEY_CLASSES_ROOT\interface\{45eacac4-484c-488b-b6f3-70f85078cc1e}\typelib
HKEY_CLASSES_ROOT\interface\{534b9356-604e-4694-8148-0e80c0767b28}\typelib
HKEY_CLASSES_ROOT\interface\{6a5a0886-c3e8-4539-a10d-1906fb26e992}\typelib
HKEY_CLASSES_ROOT\interface\{6b309cfd-a70c-4240-8c81-9f6122f25894}\typelib
HKEY_CLASSES_ROOT\interface\{6e976666-3e65-496f-aef6-3611c85f21b1}\typelib
HKEY_CLASSES_ROOT\interface\{7e4f3e28-a761-4783-9d78-813e84b9adbf}\typelib
HKEY_CLASSES_ROOT\interface\{7f455837-276a-4738-9fd1-423d55a85450}\typelib
HKEY_CLASSES_ROOT\interface\{84aeea7e-dfb2-49fa-b13d-24b757989300}\typelib
HKEY_CLASSES_ROOT\interface\{853237ac-2445-4088-b5b6-da59fe490a99}\typelib
HKEY_CLASSES_ROOT\interface\{89350442-aa5d-448a-b1f1-8ef4a6b2793f}\typelib
HKEY_CLASSES_ROOT\interface\{9cf67df1-b070-4dbb-938c-e6b65f89650a}\typelib
HKEY_CLASSES_ROOT\interface\{aa3241f3-db02-49dc-8c10-1edd594b00d9}\typelib
HKEY_CLASSES_ROOT\interface\{ba41251e-4ccb-4c12-9d60-88d3bb8cd40e}\typelib
HKEY_CLASSES_ROOT\interface\{c1cff37f-b3da-445d-8df0-f0e0d184e374}\typelib
HKEY_CLASSES_ROOT\interface\{c1d797e3-23f0-435a-a180-d5fee6659add}\typelib
HKEY_CLASSES_ROOT\interface\{cf4293ee-46d3-4a59-b3c6-97a65e289ae9}\typelib
HKEY_CLASSES_ROOT\interface\{cfd72227-d4d3-4163-9a1d-c59025c963d6}\typelib
HKEY_CLASSES_ROOT\interface\{e555bdbf-3cd2-4006-b09a-ba23b77ff1b1}\typelib
HKEY_CLASSES_ROOT\interface\{e98c98a2-5066-428d-9baa-ad700d0560f7}\typelib
HKEY_CLASSES_ROOT\interface\{ea069128-b49c-4be8-ba45-539a2585dfaf}\typelib
HKEY_CLASSES_ROOT\interface\{f123d718-0bcf-489d-9158-140d73b3fd96}\typelib
HKEY_CLASSES_ROOT\interface\{f257b6f7-bfcd-43a7-8900-10fc96b7dd90}\typelib
HKEY_CLASSES_ROOT\interface\{f7d58870-0d07-4ffe-b5da-0aade1fc35f8}\typelib
HKEY_CLASSES_ROOT\interface\{fa94f25b-9c28-4c74-9167-4e053e0e2e3b}\typelib
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing AntiVirusPro:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Noscid Trojan Removal instruction
Backdoor.Pigeon Trojan Removal instruction
BuddyLinks Adware Information
Adtraffic Hijacker Removal instruction
TrojanDropper.Win32.VB.aa Trojan Removal instruction

Posted by at No comments:

SearchExplorerBar Adware

Removing SearchExplorerBar
Categories: Adware,Hijacker,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\searching-4u toolbar.lnk
[%WINDOWS%]\downloaded program files\explbar.dll
[%DESKTOP%]\searching-4u toolbar.lnk
[%WINDOWS%]\downloaded program files\explbar.dll

How to detect SearchExplorerBar:

Files:
[%DESKTOP%]\searching-4u toolbar.lnk
[%WINDOWS%]\downloaded program files\explbar.dll
[%DESKTOP%]\searching-4u toolbar.lnk
[%WINDOWS%]\downloaded program files\explbar.dll

Folders:
[%PROGRAM_FILES%]\search-explorer
[%PROGRAM_FILES%]\searching-4u

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{7fc19c98-ac4c-4d06-96d9-49f082d19fd7}
HKEY_CLASSES_ROOT\searchexplorer.searchexplorerobj
HKEY_CLASSES_ROOT\searchexplorer.searchexplorerobj.1
HKEY_CLASSES_ROOT\typelib\{7fc19c98-ac4c-4d06-96d9-49f082d19fd7}
HKEY_CURRENT_USER\software\search-explorer
HKEY_CURRENT_USER\software\searching-4u
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{3717df55-0396-463d-98b7-647c7dc6898a}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\explbar.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\searching-4u
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\searching-4uietoolbar

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\search

Removing SearchExplorerBar:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Zlob.Fam.PerfectCodec Trojan

Posted by at No comments:

VNC RAT

Removing VNC
Categories: RAT
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
VNC Also known as:

[Kaspersky]RemoteAdmin.Win32.WinVNC.4
Visible Symptoms:
Files in system folders:
[%COMMON_PROGRAMS%]\RealVNC\VNC Server 4 (Service-Mode)\Set License Key.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Viewer 4\Run Listening VNC Viewer.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Viewer 4\Run VNC Viewer.lnk
[%DESKTOP%]\vnc viewer 4.lnk
[%DESKTOP%]\vnc viewer.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Server 4 (Service-Mode)\Set License Key.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Viewer 4\Run Listening VNC Viewer.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Viewer 4\Run VNC Viewer.lnk
[%DESKTOP%]\vnc viewer 4.lnk
[%DESKTOP%]\vnc viewer.lnk

How to detect VNC:

Files:
[%COMMON_PROGRAMS%]\RealVNC\VNC Server 4 (Service-Mode)\Set License Key.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Viewer 4\Run Listening VNC Viewer.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Viewer 4\Run VNC Viewer.lnk
[%DESKTOP%]\vnc viewer 4.lnk
[%DESKTOP%]\vnc viewer.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Server 4 (Service-Mode)\Set License Key.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Viewer 4\Run Listening VNC Viewer.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Viewer 4\Run VNC Viewer.lnk
[%DESKTOP%]\vnc viewer 4.lnk
[%DESKTOP%]\vnc viewer.lnk

Folders:
[%PROGRAMS%]\realvnc
[%PROGRAM_FILES%]\realvnc

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\realvnc_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\winvnc_is1
HKEY_LOCAL_MACHINE\software\realvnc
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\winvnc4
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winvnc4

Removing VNC:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
HighTraffic Adware Removal
Clear.Search Hijacker Information
Remove Dominador Backdoor

Posted by at No comments:

TrojanDownloader.Win32.Small.hr Trojan

Removing TrojanDownloader.Win32.Small.hr
Categories: Trojan,Downloader
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
TrojanDownloader.Win32.Small.hr Also known as:

[Panda]Trojan Horse
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\crt32_v2.dll
[%SYSTEM%]\crt32_v2.dll

How to detect TrojanDownloader.Win32.Small.hr:

Files:
[%SYSTEM%]\crt32_v2.dll
[%SYSTEM%]\crt32_v2.dll

Removing TrojanDownloader.Win32.Small.hr:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
AntivirusGold Trojan Information
Vxidl.ASZ Trojan Symptoms
Remove WM.FTP.Server Backdoor

Posted by at No comments:

Bla Trojan

Removing Bla
Categories: Trojan,Backdoor,RAT,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.
Bla Also known as:

[Kaspersky]Backdoor.BLA.10,Trojan.PSW.Blaver.a,Backdoor.BLA.40,Backdoor.BLA.53,Backdoor.BLA,Backdoor.BLA.51,Backdoor.BLA.51.b;
[Eset]Win32/BLA.10 trojan,Win32/BLA.40 trojan,Win32/BLA.53 trojan,Win32/BLA.51 trojan,Win32/BLA.51.A trojan,Win32/BLA.51.B trojan;
[McAfee]BackDoor-BD;
[F-Prot]security risk or a "backdoor" program,W32/Backdoor.Blaver;
[Computer Associates]Backdoor/Blamm.Server,Win32.Bla,Backdoor/Bla.40,Backdoor/Bla.40 Client,Backdoor/Bla.40 Server,Backdoor/Bla.502,Backdoor/Bla.53,Backdoor/BLA.53.SFX,Backdoor/BLA,Backdoor/Bla.502 Client,Backdoor/Bla.502.Mod,Win32.BLA.51,Win32.BLA.51.b
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\mprdll.exe
[%WINDOWS%]\system\mprdll.exe

How to detect Bla:

Files:
[%WINDOWS%]\system\mprdll.exe
[%WINDOWS%]\system\mprdll.exe

Removing Bla:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Delf Trojan
Removing Rbot.pac Backdoor
Windows.Mite Trojan Information
Removing WinFavorites Trojan
Windupdates.Media.Pass Adware Removal instruction

Posted by at No comments:

Guardian.Monitor Spyware

Removing Guardian.Monitor
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\guardianmonitor.lnk
[%SYSTEM%]\gsp.dll
[%DESKTOP%]\guardianmonitor.lnk
[%SYSTEM%]\gsp.dll

How to detect Guardian.Monitor:

Files:
[%DESKTOP%]\guardianmonitor.lnk
[%SYSTEM%]\gsp.dll
[%DESKTOP%]\guardianmonitor.lnk
[%SYSTEM%]\gsp.dll

Folders:
[%SYSTEM%]\gdsys
[%SYSTEM%]\rrdata

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{6ea56d21-f9a6-451a-816e-642c1e5b46ba}
HKEY_CLASSES_ROOT\interface\{3888b8bf-2317-429e-8ac8-3581dd3344c9}
HKEY_CLASSES_ROOT\interface\{c9e54d19-87fd-4f61-bed4-0b59d8306818}
HKEY_CLASSES_ROOT\relevantreach.userdetails
HKEY_CLASSES_ROOT\relevantreach.userdetails.1
HKEY_CLASSES_ROOT\typelib\{fdd270b3-c56c-426c-987b-9ee1e4b51a26}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\guardian software

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Guardian.Monitor:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.APO Trojan Removal instruction
Remove Bancos.GAQ Trojan
W95.Yildiz Trojan Symptoms

Posted by at No comments:

Spydown Downloader

Removing Spydown
Categories: Downloader
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
Spydown Also known as:

[Kaspersky]Hoax.Win32.Renos.dw,Hoax.win32.Renos.eu,Trojan-Downloader.Win32.Zlob.jx;
[McAfee]FakeAlert-B,Spywarestrike.dldr;
[Other]Win32.Spax.AC,Adware.SpySherriff,Win32.Spydown.AB,Adware.SpySheriff,Win32/Spax!generic,Adware.spySheriff,Win32/Spax.Q,Win32/Spax.U,SpyFalcon
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\dpfwu.dll
[%SYSTEM%]\mzoeut.dll
[%SYSTEM%]\dpfwu.dll
[%SYSTEM%]\mzoeut.dll

How to detect Spydown:

Files:
[%SYSTEM%]\dpfwu.dll
[%SYSTEM%]\mzoeut.dll
[%SYSTEM%]\dpfwu.dll
[%SYSTEM%]\mzoeut.dll

Removing Spydown:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
TrojanDownloader.Win32.Small.lb Downloader Removal
Grob Trojan Cleaner
Remove Antispywarebox Adware
GGC223 Backdoor Cleaner
Bancos.IMG Trojan Removal

Posted by at No comments:

WStart.dll BHO

Removing WStart.dll
Categories: BHO
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.

How to detect WStart.dll:

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{9896231A-C487-43A5-8369-6EC9B0A96CC0}
HKEY_CLASSES_ROOT\typelib\{c5991634-0185-4b0d-b4f9-6c45597962b7}
HKEY_CLASSES_ROOT\clsid\{9896231a-c487-43a5-8369-6ec9b0a96cc0}

Removing WStart.dll:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
gureport.co.uk Tracking Cookie Information
Mom.Knows.Best Spyware Information

Posted by at No comments:

SCData Adware

Removing SCData
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

How to detect SCData:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{6ed16eff-3b18-11d6-9139-00e02964e8e3}

Removing SCData:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
CWS.IEFeats Trojan Removal instruction
XXXDial Adware Symptoms
Trivial.30d Trojan Removal
Remove Win32.Candebe Trojan

Posted by at No comments:

Trojandownloader.win32.vb.do Downloader

Removing Trojandownloader.win32.vb.do
Categories: Downloader
Trojans-downloaders downloads and installs new malware or adware on the computer.

Trojandownloader.win32.vb.do Also known as:

[Panda]Trj/Downloader.LQ
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\downloaded program files\installer.inf
[%WINDOWS%]\downloaded program files\installer.inf

How to detect Trojandownloader.win32.vb.do:

Files:
[%WINDOWS%]\downloaded program files\installer.inf
[%WINDOWS%]\downloaded program files\installer.inf

Removing Trojandownloader.win32.vb.do:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Kakkeys Trojan
Removing Mir Trojan

Posted by at No comments:

hz Adware

Removing hz
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

How to detect hz:

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\user agent\post platform

Removing hz:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
NetHack RAT Information
Troyen Trojan Removal
Pigeon.EFA Trojan Removal instruction
CrackedEarth Hijacker Removal instruction
Pigeon.AAL Trojan Removal instruction

Posted by at No comments:

Bonzi Adware

Removing Bonzi
Categories: Adware,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\webcompassbar.dll
[%WINDOWS%]\system\webcompassbar.dll
[%SYSTEM%]\webcompassbar.dll
[%WINDOWS%]\system\webcompassbar.dll

How to detect Bonzi:

Files:
[%SYSTEM%]\webcompassbar.dll
[%WINDOWS%]\system\webcompassbar.dll
[%SYSTEM%]\webcompassbar.dll
[%WINDOWS%]\system\webcompassbar.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{71b8ab7e-cb3f-4471-878e-8e1dfdf49b8b}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar

Removing Bonzi:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bancos.GHV Trojan Symptoms

Posted by at No comments:

Troj.Small Trojan

Removing Troj.Small
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\Rem160F.exe
[%PROFILE_TEMP%]\Rem160F.exe

How to detect Troj.Small:

Files:
[%PROFILE_TEMP%]\Rem160F.exe
[%PROFILE_TEMP%]\Rem160F.exe

Removing Troj.Small:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Milan Trojan Symptoms
Bat.Lisi Trojan Symptoms
Remove Pigeon.AWHM Trojan
TwistedHumor Adware Removal instruction
Pigeon.APE Trojan Symptoms

Posted by at No comments:

Win32.VB.kz Trojan

Removing Win32.VB.kz
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Win32.VB.kz Also known as:

[Panda]Spyware/Adclicker,Trojan Horse
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\dsicu.exe
[%WINDOWS%]\hevnmtydc.exe
[%WINDOWS%]\ivvygk.exe
[%WINDOWS%]\lsmbonvy.exe
[%WINDOWS%]\lyyameg.exe
[%WINDOWS%]\macn.exe
[%WINDOWS%]\mbyfqumlk.exe
[%WINDOWS%]\mqjln.exe
[%WINDOWS%]\oaqkghvze.exe
[%WINDOWS%]\oxewkfusa.exe
[%WINDOWS%]\pzjggj.exe
[%WINDOWS%]\qyblxw.exe
[%WINDOWS%]\rcwinf.exe
[%WINDOWS%]\snculk.exe
[%WINDOWS%]\vgnvqfqpy.exe
[%WINDOWS%]\vnyzy.exe
[%WINDOWS%]\vzdumlu.exe
[%WINDOWS%]\dsicu.exe
[%WINDOWS%]\hevnmtydc.exe
[%WINDOWS%]\ivvygk.exe
[%WINDOWS%]\lsmbonvy.exe
[%WINDOWS%]\lyyameg.exe
[%WINDOWS%]\macn.exe
[%WINDOWS%]\mbyfqumlk.exe
[%WINDOWS%]\mqjln.exe
[%WINDOWS%]\oaqkghvze.exe
[%WINDOWS%]\oxewkfusa.exe
[%WINDOWS%]\pzjggj.exe
[%WINDOWS%]\qyblxw.exe
[%WINDOWS%]\rcwinf.exe
[%WINDOWS%]\snculk.exe
[%WINDOWS%]\vgnvqfqpy.exe
[%WINDOWS%]\vnyzy.exe
[%WINDOWS%]\vzdumlu.exe

How to detect Win32.VB.kz:

Files:
[%WINDOWS%]\dsicu.exe
[%WINDOWS%]\hevnmtydc.exe
[%WINDOWS%]\ivvygk.exe
[%WINDOWS%]\lsmbonvy.exe
[%WINDOWS%]\lyyameg.exe
[%WINDOWS%]\macn.exe
[%WINDOWS%]\mbyfqumlk.exe
[%WINDOWS%]\mqjln.exe
[%WINDOWS%]\oaqkghvze.exe
[%WINDOWS%]\oxewkfusa.exe
[%WINDOWS%]\pzjggj.exe
[%WINDOWS%]\qyblxw.exe
[%WINDOWS%]\rcwinf.exe
[%WINDOWS%]\snculk.exe
[%WINDOWS%]\vgnvqfqpy.exe
[%WINDOWS%]\vnyzy.exe
[%WINDOWS%]\vzdumlu.exe
[%WINDOWS%]\dsicu.exe
[%WINDOWS%]\hevnmtydc.exe
[%WINDOWS%]\ivvygk.exe
[%WINDOWS%]\lsmbonvy.exe
[%WINDOWS%]\lyyameg.exe
[%WINDOWS%]\macn.exe
[%WINDOWS%]\mbyfqumlk.exe
[%WINDOWS%]\mqjln.exe
[%WINDOWS%]\oaqkghvze.exe
[%WINDOWS%]\oxewkfusa.exe
[%WINDOWS%]\pzjggj.exe
[%WINDOWS%]\qyblxw.exe
[%WINDOWS%]\rcwinf.exe
[%WINDOWS%]\snculk.exe
[%WINDOWS%]\vgnvqfqpy.exe
[%WINDOWS%]\vnyzy.exe
[%WINDOWS%]\vzdumlu.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Win32.VB.kz:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Win32.BO2K.Plugin.Aes Trojan

Posted by at No comments:

CIA Trojan

Removing CIA
Categories: Trojan,Spyware,Backdoor,RAT,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.
CIA Also known as:

[Kaspersky]Backdoor.Ciadoor.10.b,Backdoor.Ciadoor.11.a,Backdoor.Ciadoor.11.c,Backdoor.Ciadoor.11.b,Backdoor.Ciadoor.10.a,Backdoor.Ciadoor.121,Backdoor.Win32.Ciadoor.102,Backdoor.Win32.Ciadoor.12.a,Backdoor.Win32.Ciadoor.121,Backdoor.Win32.Ciadoor.a,Backdoor.Win32.Ciadoor.logger;
[Eset]Win32/Ciadoor.11.A trojan,Win32/Ciadoor.11.C trojan,Win32/Ciadoor.121.Logger trojan;
[McAfee]BackDoor-ASB;
[F-Prot]security risk or a "backdoor" program,security risk named W32/CYAdoor.A;
[Panda]Backdoor Program,Bck/Ciadoor,Backdoor Program.LC,Bck/Ciadoor.10,Bck/Ciadoor.B,Bck/Ciadoor.H,Constructor/Ciadoor.A,Trojan Horse;
[Computer Associates]Win32/Ciadoor!Backdoor!EditServe,Win32/Ciadoor.10.b!Backdoor!Serv,Win32.Ciadoor.11,Win32/Ciadoor.11!Backdoor!Server,Win32.Ciadoor.11.B,Win32/Ciadoor.11.B!Backdoor!Serv,Win32/Ciadoor.11.b!Backdoor!Serv,Win32.Ciadoor.1,Win32/Ciadoor.10!Backdoor!Server,PHP/Ciadoor!Trojan,Win32.Ciadoor.121.A,Win32.Ciadoor.121.A.plugin,Win32/Ciadoor.121.A!Backdoor!Ser,Win32/Ciadoor.121.A!Config
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\okl.okl
[%WINDOWS%]\system\okl445.dat
[%WINDOWS%]\system\okl.okl
[%WINDOWS%]\system\okl445.dat

How to detect CIA:

Files:
[%WINDOWS%]\system\okl.okl
[%WINDOWS%]\system\okl445.dat
[%WINDOWS%]\system\okl.okl
[%WINDOWS%]\system\okl445.dat

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing CIA:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Bifrost Trojan
Removing SuperMM Backdoor
Pigeon.DZT Trojan Cleaner
Vxidl.ACW Trojan Removal instruction
Ramzdor Backdoor Symptoms

Posted by at No comments:

AdGoblin.foontext Hijacker

Removing AdGoblin.foontext
Categories: Hijacker
When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\foontext.dll
[%WINDOWS%]\foontext.dll

How to detect AdGoblin.foontext:

Files:
[%WINDOWS%]\foontext.dll
[%WINDOWS%]\foontext.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{3182c8ab-5a3e-4644-80da-647417799b11}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browserhelperobjects\{3182c8ab-5a3e-4644-80da-647417799b11}

Removing AdGoblin.foontext:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove AdPartner Adware
Pigeon.EYH Trojan Symptoms
CmjSpy Trojan Cleaner

Posted by at No comments:

adtools Adware

Removing adtools
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\AdTools Service\AdTools.exe
[%PROGRAM_FILES%]\AdTools Service\AdToolsComm.dll
[%PROGRAM_FILES%]\AdTools Service\AdTools.exe
[%PROGRAM_FILES%]\AdTools Service\AdToolsComm.dll

How to detect adtools:

Files:
[%PROGRAM_FILES%]\AdTools Service\AdTools.exe
[%PROGRAM_FILES%]\AdTools Service\AdToolsComm.dll
[%PROGRAM_FILES%]\AdTools Service\AdTools.exe
[%PROGRAM_FILES%]\AdTools Service\AdToolsComm.dll

Folders:
[%PROGRAM_FILES%]\adtools service

Registry Keys:
HKEY_LOCAL_MACHINE\software\adtools service
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdTools Service
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\adtools service

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing adtools:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
MetaKodix.Stealth.Keylogger Spyware Symptoms
Removing BAT.PG94 Trojan
Remove Kitten.Free.Sex Adware
KGB Trojan Removal
Eziin Adware Information

Posted by at No comments:
Subscribe to: Posts (Atom)