Sunday, December 14, 2008

TrojanDownloader.Win32.Wintrim Trojan

Removing TrojanDownloader.Win32.Wintrim
Categories: Trojan,Adware,Backdoor,Downloader
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
Trojans-downloaders downloads and installs new malware or adware on the computer.

TrojanDownloader.Win32.Wintrim Also known as:

[Kaspersky]TrojanDownloader.Win32.Wintrim.b,Backdoor.Magicon.h,TrojanDownloader.Win32.Wintrim.t;
[Panda]Dialer.B,Backdoor Program,Trj/Downloader.O;
[Computer Associates]Win32.Wintrim.B,Win32/Wintrim.B!Trojan,Win32.Wintrim.J,Win32/Wintrim!Downloader.Variant,Win32/WinTrim.F!Trojan
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\EGDACCESS_1063.dll
[%SYSTEM%]\msclock32.dll
[%SYSTEM%]\svcsysnet32.dll
[%SYSTEM%]\EGDACCESS_1063.dll
[%SYSTEM%]\msclock32.dll
[%SYSTEM%]\svcsysnet32.dll

How to detect TrojanDownloader.Win32.Wintrim:

Files:
[%SYSTEM%]\EGDACCESS_1063.dll
[%SYSTEM%]\msclock32.dll
[%SYSTEM%]\svcsysnet32.dll
[%SYSTEM%]\EGDACCESS_1063.dll
[%SYSTEM%]\msclock32.dll
[%SYSTEM%]\svcsysnet32.dll

Folders:
[%WINDOWS%]\wintrim

Removing TrojanDownloader.Win32.Wintrim:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Formov Trojan Information
HMToolbar Toolbar Removal
File.Injector Trojan Cleaner
EZVideo Hijacker Cleaner
Xuhuan Trojan Symptoms

Posted by at No comments:

Frethog.ADV Trojan

Removing Frethog.ADV
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

How to detect Frethog.ADV:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Frethog.ADV:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove ProRat Trojan
Pigeon.AVSU Trojan Removal instruction

Posted by at No comments:

Key.Thief.Key.Serv Spyware

Removing Key.Thief.Key.Serv
Categories: Spyware
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\keythf2.ini
[%WINDOWS%]\keythf2.ini

How to detect Key.Thief.Key.Serv:

Files:
[%WINDOWS%]\keythf2.ini
[%WINDOWS%]\keythf2.ini

Folders:
[%PROGRAMS%]\idigital technologies
[%PROGRAM_FILES%]\idigital technologies
[%WINDOWS%]\keylogs

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\key serv
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\key serv 2.0

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Key.Thief.Key.Serv:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
RedV.Protector.Suite Adware Information
SillyDl.DEO Downloader Symptoms

Posted by at No comments:

Spy.Agent.cf Trojan

Removing Spy.Agent.cf
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Spy.Agent.cf Also known as:

[McAfee]Spy-Agent.cf;
[Other]Win32/Banbot.Q,Trojan:Win32/Rundis.A,Troj/Small-EKE

How to detect Spy.Agent.cf:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{1e0abea7-7385-4b5e-a23a-6e97bd9f3412}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1e0abea7-7385-4b5e-a23a-6e97bd9f3412}

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8db1b67a-e3cb-44a8-afa6-ece6d1e7d028}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing Spy.Agent.cf:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Vxidl.AEG Trojan Removal

Posted by at No comments:

WVIOLENCE Trojan

Removing WVIOLENCE
Categories: Trojan,Backdoor,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Trojans-downloaders downloads and installs new malware or adware on the computer.

These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.
WVIOLENCE Also known as:

[Kaspersky]Yosha.Y-Boot;
[Panda]Yosha.Y-Boot
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\Downloaded Program Files\popcaploader.dll
[%WINDOWS%]\Downloaded Program Files\popcaploader.dll

How to detect WVIOLENCE:

Files:
[%WINDOWS%]\Downloaded Program Files\popcaploader.dll
[%WINDOWS%]\Downloaded Program Files\popcaploader.dll

Removing WVIOLENCE:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
JS.MHTMLRedir!exploit Trojan Symptoms
Sality Trojan Symptoms
SdBot.bu Backdoor Removal instruction
Removing SillyDl.AHX Trojan

Posted by at No comments:

Seeq Toolbar Adware

Removing Seeq Toolbar
Categories: Adware,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

How to detect Seeq Toolbar:

Registry Keys:
HKEY_CLASSES_ROOT\Interface\{FABBB49A-4D7B-415B-8250-15C3B854E9FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FABBB49A-4D7B-415B-8250-15C3B854E9FF}

Removing Seeq Toolbar:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Win32.Akosch.Client Trojan Removal

Posted by at No comments:

HomepageProtector BHO

Removing HomepageProtector
Categories: BHO
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.

How to detect HomepageProtector:

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{7d6bec01-15e2-46f0-8ed3-d715de09a8f9}

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping

Removing HomepageProtector:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Benuti.H!downloader Trojan Removal

Posted by at No comments:

Win32.VB.kb Trojan

Removing Win32.VB.kb
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Win32.VB.kb Also known as:

[Panda]Trojan Horse
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\66817873.exe
[%SYSTEM%]\66817873.exe

How to detect Win32.VB.kb:

Files:
[%SYSTEM%]\66817873.exe
[%SYSTEM%]\66817873.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Win32.VB.kb:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Win32.Banker.ckj Trojan Information
Nozad Trojan Removal
Pigeon.AVGT Trojan Removal instruction
Removing SillyDl.DHB Trojan
Pigeon.EGD Trojan Removal instruction

Posted by at No comments:

VividGal Adware

Removing VividGal
Categories: Adware,Dialer
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

A Dialer Trojan can connect to a toll number that
adds long distance charges to the telephone bill without the user's knowledge or permission.
VividGal Also known as:

[Panda]Dialer.SA

How to detect VividGal:

Registry Values:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run_Disabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices_Disabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run_Disabled

Removing VividGal:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
ActualNames BHO Cleaner
SogouPush Adware Information
Dikshev Trojan Removal instruction
Mut.int Trojan Symptoms
Removing Pigeon.EZT Trojan

Posted by at No comments:

CWS.GoogleMS Hijacker

Removing CWS.GoogleMS
Categories: Hijacker
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.
Visible Symptoms:
Files in system folders:
[%APPDATA%]\googlems.dll
[%APPDATA%]\microsoft\office\word10.dll
[%APPDATA%]\searchword.dll
[%APPDATA%]\googlems.dll
[%APPDATA%]\microsoft\office\word10.dll
[%APPDATA%]\searchword.dll

How to detect CWS.GoogleMS:

Files:
[%APPDATA%]\googlems.dll
[%APPDATA%]\microsoft\office\word10.dll
[%APPDATA%]\searchword.dll
[%APPDATA%]\googlems.dll
[%APPDATA%]\microsoft\office\word10.dll
[%APPDATA%]\searchword.dll

Registry Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}
HKEY_CLASSES_ROOT\clsid\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}
HKEY_CLASSES_ROOT\interface\{212552cf-d5b0-49f0-961d-95ca146cde03}
HKEY_CLASSES_ROOT\interface\{84f2d0d3-79de-42cd-b8bb-f7dbaebddd4e}
HKEY_CLASSES_ROOT\searchword.excelexport
HKEY_CLASSES_ROOT\searchword.excelexport.1
HKEY_CLASSES_ROOT\searchword.searchhelp
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}
HKEY_CLASSES_ROOT\typelib\{355f8396-c845-4966-a103-8a05d0004248}
HKEY_CLASSES_ROOT\typelib\{fb19bc08-e664-462c-909b-3e9c3f4ff90e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}

Removing CWS.GoogleMS:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
BackDoor Trojan Information
Remove TopSurfer Toolbar
Remove CProc Downloader
Bancos.HFY Trojan Cleaner

Posted by at No comments:

BlazeFind.variant BHO

Removing BlazeFind.variant
Categories: BHO,Hijacker
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
A Search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\2_0_1browserhelper2.dll
[%SYSTEM%]\3_0_1browserhelper3.dll
[%SYSTEM%]\5_0_1browserhelper5.dll
[%SYSTEM%]\car.ico
[%SYSTEM%]\creditcard.bmp
[%SYSTEM%]\go.ico
[%SYSTEM%]\key2.txt
[%SYSTEM%]\omniprivacy.khtml
[%SYSTEM%]\unstsa2.exe
[%WINDOWS%]\3_0_1browserhelper3.dll
[%WINDOWS%]\system\2_0_1browserhelper2.dll
[%WINDOWS%]\system\3_0_1browserhelper3.dll
[%WINDOWS%]\system\5_0_1browserhelper5.dll
[%SYSTEM%]\2_0_1browserhelper2.dll
[%SYSTEM%]\3_0_1browserhelper3.dll
[%SYSTEM%]\5_0_1browserhelper5.dll
[%SYSTEM%]\car.ico
[%SYSTEM%]\creditcard.bmp
[%SYSTEM%]\go.ico
[%SYSTEM%]\key2.txt
[%SYSTEM%]\omniprivacy.khtml
[%SYSTEM%]\unstsa2.exe
[%WINDOWS%]\3_0_1browserhelper3.dll
[%WINDOWS%]\system\2_0_1browserhelper2.dll
[%WINDOWS%]\system\3_0_1browserhelper3.dll
[%WINDOWS%]\system\5_0_1browserhelper5.dll

How to detect BlazeFind.variant:

Files:
[%SYSTEM%]\2_0_1browserhelper2.dll
[%SYSTEM%]\3_0_1browserhelper3.dll
[%SYSTEM%]\5_0_1browserhelper5.dll
[%SYSTEM%]\car.ico
[%SYSTEM%]\creditcard.bmp
[%SYSTEM%]\go.ico
[%SYSTEM%]\key2.txt
[%SYSTEM%]\omniprivacy.khtml
[%SYSTEM%]\unstsa2.exe
[%WINDOWS%]\3_0_1browserhelper3.dll
[%WINDOWS%]\system\2_0_1browserhelper2.dll
[%WINDOWS%]\system\3_0_1browserhelper3.dll
[%WINDOWS%]\system\5_0_1browserhelper5.dll
[%SYSTEM%]\2_0_1browserhelper2.dll
[%SYSTEM%]\3_0_1browserhelper3.dll
[%SYSTEM%]\5_0_1browserhelper5.dll
[%SYSTEM%]\car.ico
[%SYSTEM%]\creditcard.bmp
[%SYSTEM%]\go.ico
[%SYSTEM%]\key2.txt
[%SYSTEM%]\omniprivacy.khtml
[%SYSTEM%]\unstsa2.exe
[%WINDOWS%]\3_0_1browserhelper3.dll
[%WINDOWS%]\system\2_0_1browserhelper2.dll
[%WINDOWS%]\system\3_0_1browserhelper3.dll
[%WINDOWS%]\system\5_0_1browserhelper5.dll

Registry Keys:
HKEY_LOCAL_MACHINE\software\classes\clsid\{83de62e0-5805-11d8-9b25-00e04c60faf2}
HKEY_CLASSES_ROOT\clsid\{fbed6a02-71fb-11d8-86b0-0002441a9695}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{83de62e0-5805-11d8-9b25-00e04c60faf2}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{c5941ee5-6dfa-11d8-86b0-0002441a9695}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{fbed6a02-71fb-11d8-86b0-0002441a9695}
HKEY_LOCAL_MACHINE\software\classes\clsid\{c5941ee5-6dfa-11d8-86b0-0002441a9695}
HKEY_LOCAL_MACHINE\software\classes\clsid\{fbed6a02-71fb-11d8-86b0-0002441a9695}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c5941ee5-6dfa-11d8-86b0-0002441a9695}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{fbed6a02-71fb-11d8-86b0-0002441a9695}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\windows controlad

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing BlazeFind.variant:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Ebspy Trojan Cleaner
Removing Vxidl.BEH Trojan
Win32.Connect4 Trojan Removal
Spy Heal Ransomware Removal

Posted by at No comments:

Lineage.AAW Trojan

Removing Lineage.AAW
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Lineage.AAW Also known as:

[Kaspersky]Backdoor.Win32.Bifrose.ri;
[Other]Win32/Lineage.AAW
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\xerox\keygen.exe
[%PROGRAM_FILES%]\xerox\keygen.exe

How to detect Lineage.AAW:

Files:
[%PROGRAM_FILES%]\xerox\keygen.exe
[%PROGRAM_FILES%]\xerox\keygen.exe

Removing Lineage.AAW:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Win32.Agent Trojan Cleaner
Boro Trojan Removal
Mutters Trojan Cleaner
DLP Backdoor Symptoms
metriserve.com Tracking Cookie Information

Posted by at No comments:

CasinoClient Adware

Removing CasinoClient
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\cas2setup.exe
[%PROGRAM_FILES%]\System Files\System.exe
[%WINDOWS%]\pf78.exe
[%PROFILE%]\LOCAL.EXE
[%PROGRAM_FILES%]\Cas\Client\casclient.exe
[%PROGRAM_FILES%]\Cas\Client\casmf.dll
[%PROGRAM_FILES%]\Cas\Client\hf.txt
[%PROGRAM_FILES%]\Cas\Client\sf.txt
[%PROGRAM_FILES%]\Cas\Client\Uninstall.exe
[%DESKTOP%]\chat now.lnk
[%DESKTOP%]\free plasma tv.lnk
[%DESKTOP%]\poker shortcut.lnk
[%DESKTOP%]\weather.lnk
[%PROFILE_TEMP%]\cassetup.exe
[%PROFILE_TEMP%]\cas2setup.exe
[%PROGRAM_FILES%]\System Files\System.exe
[%WINDOWS%]\pf78.exe
[%PROFILE%]\LOCAL.EXE
[%PROGRAM_FILES%]\Cas\Client\casclient.exe
[%PROGRAM_FILES%]\Cas\Client\casmf.dll
[%PROGRAM_FILES%]\Cas\Client\hf.txt
[%PROGRAM_FILES%]\Cas\Client\sf.txt
[%PROGRAM_FILES%]\Cas\Client\Uninstall.exe
[%DESKTOP%]\chat now.lnk
[%DESKTOP%]\free plasma tv.lnk
[%DESKTOP%]\poker shortcut.lnk
[%DESKTOP%]\weather.lnk
[%PROFILE_TEMP%]\cassetup.exe

How to detect CasinoClient:

Files:
[%PROFILE_TEMP%]\cas2setup.exe
[%PROGRAM_FILES%]\System Files\System.exe
[%WINDOWS%]\pf78.exe
[%PROFILE%]\LOCAL.EXE
[%PROGRAM_FILES%]\Cas\Client\casclient.exe
[%PROGRAM_FILES%]\Cas\Client\casmf.dll
[%PROGRAM_FILES%]\Cas\Client\hf.txt
[%PROGRAM_FILES%]\Cas\Client\sf.txt
[%PROGRAM_FILES%]\Cas\Client\Uninstall.exe
[%DESKTOP%]\chat now.lnk
[%DESKTOP%]\free plasma tv.lnk
[%DESKTOP%]\poker shortcut.lnk
[%DESKTOP%]\weather.lnk
[%PROFILE_TEMP%]\cassetup.exe
[%PROFILE_TEMP%]\cas2setup.exe
[%PROGRAM_FILES%]\System Files\System.exe
[%WINDOWS%]\pf78.exe
[%PROFILE%]\LOCAL.EXE
[%PROGRAM_FILES%]\Cas\Client\casclient.exe
[%PROGRAM_FILES%]\Cas\Client\casmf.dll
[%PROGRAM_FILES%]\Cas\Client\hf.txt
[%PROGRAM_FILES%]\Cas\Client\sf.txt
[%PROGRAM_FILES%]\Cas\Client\Uninstall.exe
[%DESKTOP%]\chat now.lnk
[%DESKTOP%]\free plasma tv.lnk
[%DESKTOP%]\poker shortcut.lnk
[%DESKTOP%]\weather.lnk
[%PROFILE_TEMP%]\cassetup.exe

Folders:
[%PROGRAM_FILES%]\cmman

Registry Keys:
HKEY_CLASSES_ROOT\appid\main.dll
HKEY_CLASSES_ROOT\typelib\{67c89c18-b4f3-46a9-8800-e9e7a55afbd9}
HKEY_CLASSES_ROOT\typelib\{d4c89c18-b4f3-46a9-8800-e9e7a55afbd9}
HKEY_CURRENT_USER\software\cmsystem
HKEY_CURRENT_USER\Software\CAS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\Main.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{E0DC5CC4-25A5-4BC7-A3AA-3525733DC796}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8293D547-38DD-4325-B35A-F1817EDFA5FC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Main.MimeFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Main.MimeFilter.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D4C89C18-B4F3-46A9-8800-E9E7A55AFBD9}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing CasinoClient:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Tarliver Trojan Cleaner
Voltron.Annoyer Adware Symptoms
Remove ConHook Trojan

Posted by at No comments:

Porno.Top Adware

Removing Porno.Top
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

How to detect Porno.Top:

Folders:
[%PROGRAM_FILES%]\porno top

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Porno.Top:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Win32.TrojanDownloader.PurityScan Trojan Information
Pigeon.AEO Trojan Symptoms

Posted by at No comments:

SpyFalcon Adware

Removing SpyFalcon
Categories: Adware,Ransomware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.
Visible Symptoms:
Files in system folders:
[%APPDATA%]\microsoft\internet explorer\quick launch\spyfalcon 2.0.lnk
[%SYSTEM%]\ginuerep.dll
[%PROGRAM_FILES%]\SpyFalcon\SpyFalcon.exe
[%SYSTEM%]\dxmpp.dll
[%DESKTOP%]\spyfalcon.lnk
[%PROFILE%]\start menu\spyfalcon 2.0.lnk
[%APPDATA%]\microsoft\internet explorer\quick launch\spyfalcon 2.0.lnk
[%SYSTEM%]\ginuerep.dll
[%PROGRAM_FILES%]\SpyFalcon\SpyFalcon.exe
[%SYSTEM%]\dxmpp.dll
[%DESKTOP%]\spyfalcon.lnk
[%PROFILE%]\start menu\spyfalcon 2.0.lnk

How to detect SpyFalcon:

Files:
[%APPDATA%]\microsoft\internet explorer\quick launch\spyfalcon 2.0.lnk
[%SYSTEM%]\ginuerep.dll
[%PROGRAM_FILES%]\SpyFalcon\SpyFalcon.exe
[%SYSTEM%]\dxmpp.dll
[%DESKTOP%]\spyfalcon.lnk
[%PROFILE%]\start menu\spyfalcon 2.0.lnk
[%APPDATA%]\microsoft\internet explorer\quick launch\spyfalcon 2.0.lnk
[%SYSTEM%]\ginuerep.dll
[%PROGRAM_FILES%]\SpyFalcon\SpyFalcon.exe
[%SYSTEM%]\dxmpp.dll
[%DESKTOP%]\spyfalcon.lnk
[%PROFILE%]\start menu\spyfalcon 2.0.lnk

Folders:
[%PROGRAMS%]\spyfalcon
[%PROGRAM_FILES%]\SpyFalcon
[%PROGRAM_FILES%]\spyfalcon

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}
HKEY_CLASSES_ROOT\interface\{001501e7-c970-4cb1-9740-e055bf3ddfd6}
HKEY_CLASSES_ROOT\interface\{0fbbbc44-296d-4a2f-af45-be1ee387f569}
HKEY_CLASSES_ROOT\interface\{163469fd-6009-48e2-ad8c-47bb2e0d88be}
HKEY_CLASSES_ROOT\interface\{1694e5c6-9e1f-4c3b-b79a-828c2fc40003}
HKEY_CLASSES_ROOT\interface\{200bd3a6-a02b-4bac-a364-a9d8017e3c4e}
HKEY_CLASSES_ROOT\interface\{20c59f9f-33cb-4b1b-afb6-b710db845709}
HKEY_CLASSES_ROOT\interface\{23d80835-4a3a-4572-9f5f-3f24a7a28ae5}
HKEY_CLASSES_ROOT\interface\{255cdda3-576b-44c9-b944-46eac18d5d6f}
HKEY_CLASSES_ROOT\interface\{3261f690-1ca4-4839-928b-f4f898b74eb7}
HKEY_CLASSES_ROOT\interface\{37b9988b-1997-41f4-a832-dae42cc3f7c2}
HKEY_CLASSES_ROOT\interface\{5b861fb8-903c-4996-b1d3-e9a86ed4bbcf}
HKEY_CLASSES_ROOT\interface\{6876543e-da55-4f90-9cd2-5ed380d9516c}
HKEY_CLASSES_ROOT\interface\{701e8c3a-7910-4ccd-a9f8-7b9a5f5b3947}
HKEY_CLASSES_ROOT\interface\{850300d6-d53b-4720-9372-6d31b85537e1}
HKEY_CLASSES_ROOT\interface\{8c803228-bd61-4744-8b79-949e3f512ddc}
HKEY_CLASSES_ROOT\interface\{b7c685f0-1804-4382-a8ef-17d33df97069}
HKEY_CLASSES_ROOT\typelib\{244b730e-d899-4e38-9428-03d1143242e0}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spyfalcon
HKEY_LOCAL_MACHINE\SOFTWARE\SpyFalcon
HKEY_CLASSES_ROOT\clsid\{330a77c2-c15a-43b5-055c-b4e35eaed279}
HKEY_CURRENT_USER\software\classes\clsid\{c9fa1dc9-1fb3-c2a8-2f1a-dc1a33e7af9d}
HKEY_LOCAL_MACHINE\software\spyfalcon

Registry Values:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\spyfalcon.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing SpyFalcon:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Bancos.GQA Trojan
Win32.Nulnuler Trojan Symptoms
Remove BagleDl.AH Trojan
YahooAssistant Toolbar Symptoms
Fun.Screenz Adware Information

Posted by at No comments:

SpyArsenal AIM Logger Spyware

Removing SpyArsenal AIM Logger
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Visible Symptoms:
Files in system folders:
[%PROFILE%]\cmd.exe
[%PROFILE%]\start
[%PROFILE%]\cmd.exe
[%PROFILE%]\start

How to detect SpyArsenal AIM Logger:

Files:
[%PROFILE%]\cmd.exe
[%PROFILE%]\start
[%PROFILE%]\cmd.exe
[%PROFILE%]\start

Folders:
[%SYSTEM%]\csvdea

Registry Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\KMiNT21\SpyArsenal-AIM-Logger
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSSdk21
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PSSDK21
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSSdk21

Removing SpyArsenal AIM Logger:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
ICQ.version.and.UDP.portion.details Trojan Information
PeerEnabler Worm Symptoms

Posted by at No comments:

BlackIce RAT

Removing BlackIce
Categories: RAT
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
BlackIce Also known as:

[Kaspersky]BlackIce.1930;
[McAfee]QDel7;
[F-Prot]BlackIce.1930
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\start menu\programs\startup\jade.exe
[%WINDOWS%]\start menu\programs\startup\jade.exe

How to detect BlackIce:

Files:
[%WINDOWS%]\start menu\programs\startup\jade.exe
[%WINDOWS%]\start menu\programs\startup\jade.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing BlackIce:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Pigeon.EMN Trojan
Adware.2Search Adware Removal instruction
Try2Find Adware Cleaner
Nilage Trojan Cleaner
Removing SillyDl.DNB Trojan

Posted by at No comments:

Adware.Fuel Adware

Removing Adware.Fuel
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Adware.Fuel Also known as:

[Kaspersky]Trojan.Win32.Agent.qg;
[McAfee]Adware-Fuel
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\License_Manager\license_manager.exe
[%SYSTEM%]\entry.dll
[%PROGRAM_FILES%]\License_Manager\license_manager.exe
[%SYSTEM%]\entry.dll

How to detect Adware.Fuel:

Files:
[%PROGRAM_FILES%]\License_Manager\license_manager.exe
[%SYSTEM%]\entry.dll
[%PROGRAM_FILES%]\License_Manager\license_manager.exe
[%SYSTEM%]\entry.dll

Removing Adware.Fuel:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing VB.wg Downloader
Remove PcLog Trojan
Win32.PWS.Update Trojan Cleaner
Remove Ptakks.R1 Backdoor
Harnig.bb Downloader Removal instruction

Posted by at No comments:
Subscribe to: Posts (Atom)