Saturday, January 31, 2009

Keylover Spyware

Removing Keylover
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.

How to detect Keylover:

Folders:
[%PROGRAM_FILES%]\KernelTek\KeyLover21
[%PROGRAM_FILES%]\KernelTek\KeyLoverLite

Registry Keys:
HKEY_LOCAL_MACHINE\software\kerneltek\keylover
HKEY_LOCAL_MACHINE\software\kerneltek\keyloverlite

Removing Keylover:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Aveo Adware Cleaner
Removing Eret Trojan
Removing Mirror Trojan
Removing Bancos.GLD Trojan

Alpha Cleaner Ransomware

Removing Alpha Cleaner
Categories: Ransomware
The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.

How to detect Alpha Cleaner:

Folders:
[%PROGRAM_FILES%]\alfacleaner

Registry Keys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ALFACLEANERSERVICE

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Removing Alpha Cleaner:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Pigeon.AVTO Trojan
Pigeon.EVH Trojan Removal instruction
Netmail Trojan Cleaner
Koska Trojan Information

Contextual Adware

Removing Contextual
Categories: Adware,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

How to detect Contextual:

Folders:
[%PROGRAM_FILES%]\ContextualToolbar

Registry Keys:
HKEY_CLASSES_ROOT\typelib\{1b8b502e-455b-4022-be77-fb6d9f808a18}
HKEY_CLASSES_ROOT\clsid\{9f7a6f30-90c3-4222-af59-c73467018f59}
HKEY_CLASSES_ROOT\clsid\{9f9f7a6f30-90c3-4222-af59-c73467018f59}
HKEY_CLASSES_ROOT\clsid\{e0eb37db-33de-4448-a124-233b9a43f064}
HKEY_CLASSES_ROOT\interface\{65bb0e9a-d57b-485b-828b-15d1b8c3e9d3}
HKEY_CLASSES_ROOT\interface\{ab5c05ae-a2b0-45c3-bae9-ba2f082343a6}
HKEY_CLASSES_ROOT\toolband.xbtb09298
HKEY_CLASSES_ROOT\toolband.xbtb09298.1
HKEY_CLASSES_ROOT\typelib\{b9799a6c-ffc4-44eb-a8b0-71eb09e6ad3b}
HKEY_CLASSES_ROOT\xbtb09298.ietoolbar
HKEY_CLASSES_ROOT\xbtb09298.ietoolbar.1
HKEY_CLASSES_ROOT\xbtb09298.xbtb09298
HKEY_CLASSES_ROOT\xbtb09298.xbtb09298.1
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{9f7a6f30-90c3-4222-af59-c73467018f59}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{e0eb37db-33de-4448-a124-233b9a43f064}
HKEY_CURRENT_USER\software\xbtb09298
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{eoeb37db-33de-4448-a124-233b9a43f064}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\xbtb09298.xbtb09298toolbar

Registry Values:
HKEY_CLASSES_ROOT\clsid\{994d478a-45d0-4db4-ae77-288b1e346e99}\inprocserver32
HKEY_CLASSES_ROOT\protocols\filter\text/html
HKEY_CURRENT_USER\software\fcadvice
HKEY_CURRENT_USER\software\fcadvice
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser

Removing Contextual:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Dila Trojan Symptoms
EroticAccess Adware Cleaner
TrojanDownloader.Win32.Swizzor.bg Downloader Symptoms
WinZapper Trojan Cleaner
Fore Backdoor Information

Ciadoor Trojan

Removing Ciadoor
Categories: Trojan,Backdoor,RAT
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.

Ciadoor Also known as:

[Kaspersky]Backdoor.Win32.Ciadoor.12.a,Backdoor.Win32.Ciadoor.13;
[Panda]Bck/Ciadoor.A,Bck/Ciadoor.C,Backdoor Program;
[Computer Associates]Win32.Ciadoor.121.B,Win32/Ciadoor.121.B!Backdoor!Ser,Win32/Ciadoor.122!Backdoor!Serve,Win32.Ciadoor.121.C,Win32/Ciadoor.12.A!Backdoor!Serv;
[Other]Win32/Ciadoor.M,Backdoor.Ciadoor

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\wsock32.sys
[%SYSTEM%]\wsock32.sys

How to detect Ciadoor:

Files:
[%SYSTEM%]\wsock32.sys
[%SYSTEM%]\wsock32.sys

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list

Removing Ciadoor:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Eepybot Trojan
July13 Trojan Information
Removing Dagger Backdoor
Sheldor Adware Symptoms

Cacb Adware

Removing Cacb
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.


Cacb Also known as:

[Kaspersky]AdWare.Win32.BHO.ag;
[McAfee]Adware-Cacb;
[Other]Adware.Cacb

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\rundll32.dll
[%WINDOWS%]\inf\cpap.ini
[%SYSTEM%]\rundll32.dll
[%WINDOWS%]\inf\cpap.ini

How to detect Cacb:

Files:
[%SYSTEM%]\rundll32.dll
[%WINDOWS%]\inf\cpap.ini
[%SYSTEM%]\rundll32.dll
[%WINDOWS%]\inf\cpap.ini

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{77962960-536e-47ec-9ddb-52651519705f}
HKEY_CLASSES_ROOT\cpap.cpapview
HKEY_CLASSES_ROOT\cpap.cpapview.1
HKEY_CLASSES_ROOT\interface\{11955edd-967e-41b8-b668-45fd97a7fd91}
HKEY_CLASSES_ROOT\typelib\{57504324-cc47-4b92-ba22-87a523e4559f}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{77962960-536e-47ec-9ddb-52651519705f}

Removing Cacb:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Vxidl.AUN Trojan Cleaner

Search.Assistant Adware

Removing Search.Assistant
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.


Search.Assistant Also known as:

[Panda]Adware/BlazeFind

Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\WindowsSA\LIBCURL.dll
[%PROGRAM_FILES%]\WindowsSA\omniscient.exe
[%PROGRAM_FILES%]\WindowsSA\OmniscientHook.dll
[%SYSTEM%]\wsaupdater.exe
[%WINDOWS%]\cerbmod.dll
[%PROGRAM_FILES%]\WindowsSA\LIBCURL.dll
[%PROGRAM_FILES%]\WindowsSA\omniscient.exe
[%PROGRAM_FILES%]\WindowsSA\OmniscientHook.dll
[%SYSTEM%]\wsaupdater.exe
[%WINDOWS%]\cerbmod.dll

How to detect Search.Assistant:

Files:
[%PROGRAM_FILES%]\WindowsSA\LIBCURL.dll
[%PROGRAM_FILES%]\WindowsSA\omniscient.exe
[%PROGRAM_FILES%]\WindowsSA\OmniscientHook.dll
[%SYSTEM%]\wsaupdater.exe
[%WINDOWS%]\cerbmod.dll
[%PROGRAM_FILES%]\WindowsSA\LIBCURL.dll
[%PROGRAM_FILES%]\WindowsSA\omniscient.exe
[%PROGRAM_FILES%]\WindowsSA\OmniscientHook.dll
[%SYSTEM%]\wsaupdater.exe
[%WINDOWS%]\cerbmod.dll

Folders:
[%PROGRAM_FILES%]\windowssa

Registry Keys:
HKEY_CLASSES_ROOT\appid\searchhelp.dll
HKEY_CLASSES_ROOT\clsid\{0f9561d0-03b2-44a3-89a6-e95e417cba25}
HKEY_CLASSES_ROOT\interface\{491be5b7-a7f8-40ec-aad4-cba11fdfd814}
HKEY_CLASSES_ROOT\searchhelp
HKEY_CLASSES_ROOT\typelib\{29358aa6-679d-44ea-8a51-59a3c6e6f811}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0f9561d0-03b2-44a3-89a6-e95e417cba25}

Registry Values:
HKEY_CURRENT_USER\software\microsoft\search assistant
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\software\microsoft\search assistant
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Search.Assistant:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bancos.HHD Trojan Information
Bigbot Backdoor Information
StartPage.cy Hijacker Cleaner
Vxidl.AQX Trojan Cleaner

enBrowser Trojan

Removing enBrowser
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\ts_Justin.exe
[%SYSTEM%]\icon_justin.exe
[%WINDOWS%]\SearchB.exe
[%SYSTEM%]\ts_Justin.exe
[%SYSTEM%]\icon_justin.exe
[%WINDOWS%]\SearchB.exe

How to detect enBrowser:

Files:
[%SYSTEM%]\ts_Justin.exe
[%SYSTEM%]\icon_justin.exe
[%WINDOWS%]\SearchB.exe
[%SYSTEM%]\ts_Justin.exe
[%SYSTEM%]\icon_justin.exe
[%WINDOWS%]\SearchB.exe

Removing enBrowser:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Momaker RAT Information
Bancos.HPF Trojan Symptoms
RegClean Ransomware Removal instruction

Trojan.Proxy.Win32.Lager.aq Trojan

Removing Trojan.Proxy.Win32.Lager.aq
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Trojan.Proxy.Win32.Lager.aq Also known as:

[Other]TROJ_LAGER.AT,Troj/Orse-Gen

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\ipod.raw.exe
[%SYSTEM%]\ipod.raw.exe

How to detect Trojan.Proxy.Win32.Lager.aq:

Files:
[%SYSTEM%]\ipod.raw.exe
[%SYSTEM%]\ipod.raw.exe

Removing Trojan.Proxy.Win32.Lager.aq:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bancos.GLD Trojan Cleaner
Vxidl.AJX Trojan Information
Remove Pigeon.ANV Trojan
BAT.Prob Trojan Removal

Banker.rq Spyware

Removing Banker.rq
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.

How to detect Banker.rq:

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing Banker.rq:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
DlSyfoin Downloader Removal instruction

Rshot Trojan

Removing Rshot
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Rshot Also known as:

[Other]Win32/Rshot.A,BKDR_RSHOT.F,Downloader

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\MSATL32.exe
[%WINDOWS%]\MSATL32.exe

How to detect Rshot:

Files:
[%WINDOWS%]\MSATL32.exe
[%WINDOWS%]\MSATL32.exe

Removing Rshot:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove VTool.rlk Trojan
Pigeon.AVBE Trojan Removal instruction
Agobot.bh Trojan Cleaner
H04x3r RAT Information

Abox Trojan

Removing Abox
Categories: Trojan,Adware,Downloader
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

Abox Also known as:

[Kaspersky]Trojan-Downloader.Win32.VB,Trojan-Downloader.Win32.VB.ft,Trojan-Downloader.Win32.VB.fi;
[Other]Win32/ABox,Downloader.Trojan,Win32/ABox.H,TrojanDownloader:Win32/VB.XC

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\Abox.bup
[%WINDOWS%]\dispatcher.exe
[%WINDOWS%]\mswinsck.ocx
[%WINDOWS%]\vbsendmail.dll
[%WINDOWS%]\winmsgr.exe
[%WINDOWS%]\Router.exe
[%WINDOWS%]\Abox.bup
[%WINDOWS%]\dispatcher.exe
[%WINDOWS%]\mswinsck.ocx
[%WINDOWS%]\vbsendmail.dll
[%WINDOWS%]\winmsgr.exe
[%WINDOWS%]\Router.exe

How to detect Abox:

Files:
[%WINDOWS%]\Abox.bup
[%WINDOWS%]\dispatcher.exe
[%WINDOWS%]\mswinsck.ocx
[%WINDOWS%]\vbsendmail.dll
[%WINDOWS%]\winmsgr.exe
[%WINDOWS%]\Router.exe
[%WINDOWS%]\Abox.bup
[%WINDOWS%]\dispatcher.exe
[%WINDOWS%]\mswinsck.ocx
[%WINDOWS%]\vbsendmail.dll
[%WINDOWS%]\winmsgr.exe
[%WINDOWS%]\Router.exe

Registry Keys:
HKEY_LOCAL_MACHINE\software\carmen
HKEY_LOCAL_MACHINE\software\valentina

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Abox:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Easy.Keylogger.Free Spyware Symptoms
Pigeon.EIJ Trojan Cleaner
Pigeon.AYH Trojan Information

Ginwui Trojan

Removing Ginwui
Categories: Trojan,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\capture.bmp
[%SYSTEM%]\drivers\bridges.sys
[%SYSTEM%]\drivers\DetPort.sys
[%SYSTEM%]\drivers\lsPubDRV.sys
[%SYSTEM%]\drivers\RVdPort.sys
[%SYSTEM%]\kbdusb.dll
[%SYSTEM%]\kbdyl.dll
[%SYSTEM%]\localsp.dll
[%SYSTEM%]\sanlib.dll
[%SYSTEM%]\winguis.dll
[%SYSTEM%]\zsydll.dll
[%SYSTEM%]\zsyhide.dll
[%SYSTEM%]\capture.bmp
[%SYSTEM%]\drivers\bridges.sys
[%SYSTEM%]\drivers\DetPort.sys
[%SYSTEM%]\drivers\lsPubDRV.sys
[%SYSTEM%]\drivers\RVdPort.sys
[%SYSTEM%]\kbdusb.dll
[%SYSTEM%]\kbdyl.dll
[%SYSTEM%]\localsp.dll
[%SYSTEM%]\sanlib.dll
[%SYSTEM%]\winguis.dll
[%SYSTEM%]\zsydll.dll
[%SYSTEM%]\zsyhide.dll

How to detect Ginwui:

Files:
[%SYSTEM%]\capture.bmp
[%SYSTEM%]\drivers\bridges.sys
[%SYSTEM%]\drivers\DetPort.sys
[%SYSTEM%]\drivers\lsPubDRV.sys
[%SYSTEM%]\drivers\RVdPort.sys
[%SYSTEM%]\kbdusb.dll
[%SYSTEM%]\kbdyl.dll
[%SYSTEM%]\localsp.dll
[%SYSTEM%]\sanlib.dll
[%SYSTEM%]\winguis.dll
[%SYSTEM%]\zsydll.dll
[%SYSTEM%]\zsyhide.dll
[%SYSTEM%]\capture.bmp
[%SYSTEM%]\drivers\bridges.sys
[%SYSTEM%]\drivers\DetPort.sys
[%SYSTEM%]\drivers\lsPubDRV.sys
[%SYSTEM%]\drivers\RVdPort.sys
[%SYSTEM%]\kbdusb.dll
[%SYSTEM%]\kbdyl.dll
[%SYSTEM%]\localsp.dll
[%SYSTEM%]\sanlib.dll
[%SYSTEM%]\winguis.dll
[%SYSTEM%]\zsydll.dll
[%SYSTEM%]\zsyhide.dll

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zsydll

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows

Removing Ginwui:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove SkSocket Trojan
SillyDl.CLK Trojan Removal instruction

Alibaba Toolbar

Removing Alibaba
Categories: Toolbar
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

How to detect Alibaba:

Registry Keys:
HKEY_CLASSES_ROOT\alibabaietoolbar.alibababutton
HKEY_CLASSES_ROOT\alibabaietoolbar.alibababutton.1
HKEY_CLASSES_ROOT\alibabaietoolbar.alibabasearchbar
HKEY_CLASSES_ROOT\alibabaietoolbar.alibabasearchbar.1
HKEY_CLASSES_ROOT\alibabaietoolbar.showbarobject
HKEY_CLASSES_ROOT\alibabaietoolbar.showbarobject.1
HKEY_CLASSES_ROOT\clsid\{09f59435-7814-48ed-a73a-96ff861a91eb}
HKEY_CLASSES_ROOT\clsid\{0c588f7d-a2b3-4001-b59b-d856c1bf3ad7}
HKEY_CLASSES_ROOT\clsid\{850b69e4-90db-4f45-8621-891bf35a5b53}
HKEY_CLASSES_ROOT\interface\{42cb709c-a1d6-4c3a-9f9c-b077ff86a760}
HKEY_CLASSES_ROOT\interface\{63c8af31-ad6e-417c-bf8b-48b96e95dc25}
HKEY_CLASSES_ROOT\interface\{ab44756f-fce0-454d-af29-930b89bb44d2}
HKEY_CLASSES_ROOT\typelib\{448f1bd5-c41a-4551-83cf-8cd2309abc66}
HKEY_LOCAL_MACHINE\software\ablibaba\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{09f59435-7814-48ed-a73a-96ff861a91eb}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{13b0c05c-ef05-4bf6-b0ea-f6111af25544}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\alibaba toolbar

Removing Alibaba:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Domuz Trojan Information

Bancos.IHK Trojan

Removing Bancos.IHK
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\winnampis.exe
[%SYSTEM%]\winnampis.exe

How to detect Bancos.IHK:

Files:
[%SYSTEM%]\winnampis.exe
[%SYSTEM%]\winnampis.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Bancos.IHK:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
NetSender.Millennium RAT Removal
Pasorot Trojan Removal

TrojanDownloader.Win32.VB.dx Downloader

Removing TrojanDownloader.Win32.VB.dx
Categories: Downloader
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

TrojanDownloader.Win32.VB.dx Also known as:

[Panda]Spyware/Adclicker

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\owercfgp.exe
[%SYSTEM%]\ilemgmtf.exe
[%SYSTEM%]\mdmlogw.exe
[%SYSTEM%]\nmsrvcm.exe
[%SYSTEM%]\raphicsg.exe
[%SYSTEM%]\ymtdirgs.exe
[%WINDOWS%]\system\egsvr32r.exe
[%SYSTEM%]\owercfgp.exe
[%SYSTEM%]\ilemgmtf.exe
[%SYSTEM%]\mdmlogw.exe
[%SYSTEM%]\nmsrvcm.exe
[%SYSTEM%]\raphicsg.exe
[%SYSTEM%]\ymtdirgs.exe
[%WINDOWS%]\system\egsvr32r.exe

How to detect TrojanDownloader.Win32.VB.dx:

Files:
[%SYSTEM%]\owercfgp.exe
[%SYSTEM%]\ilemgmtf.exe
[%SYSTEM%]\mdmlogw.exe
[%SYSTEM%]\nmsrvcm.exe
[%SYSTEM%]\raphicsg.exe
[%SYSTEM%]\ymtdirgs.exe
[%WINDOWS%]\system\egsvr32r.exe
[%SYSTEM%]\owercfgp.exe
[%SYSTEM%]\ilemgmtf.exe
[%SYSTEM%]\mdmlogw.exe
[%SYSTEM%]\nmsrvcm.exe
[%SYSTEM%]\raphicsg.exe
[%SYSTEM%]\ymtdirgs.exe
[%WINDOWS%]\system\egsvr32r.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing TrojanDownloader.Win32.VB.dx:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Vxidl.ALE Trojan
Remove Bancos.GZP Trojan

Bancos.IKW Trojan

Removing Bancos.IKW
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Bancos.IKW Also known as:

[Kaspersky]Trojan-Downloader.Win32.Banload.fgq

How to detect Bancos.IKW:

Folders:
[%SYSTEM%]\code\fotos

Registry Keys:
HKEY_CURRENT_USER\dark

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Bancos.IKW:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Ebspy Trojan
SearchV Hijacker Information
Perl.BOHTTPD.Finder Trojan Symptoms

ZSpy.II.99b Trojan

Removing ZSpy.II.99b
Categories: Trojan,Spyware,Backdoor
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.


ZSpy.II.99b Also known as:

[Kaspersky]Backdoor.ZSpy;
[Eset]Win32/ZSpy.10 trojan;
[McAfee]BackDoor-AGK;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/ZSpy,Univ.AP.H;
[Computer Associates]Backdoor/ZSpy

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\zspy.exe
[%WINDOWS%]\zspyii.ini
[%SYSTEM%]\zspy.exe
[%WINDOWS%]\zspyii.ini

How to detect ZSpy.II.99b:

Files:
[%SYSTEM%]\zspy.exe
[%WINDOWS%]\zspyii.ini
[%SYSTEM%]\zspy.exe
[%WINDOWS%]\zspyii.ini

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion

Removing ZSpy.II.99b:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Backdoor.XHX.Server Backdoor
Activity.Monitor Spyware Information

Xupiter.Sqwire Hijacker

Removing Xupiter.Sqwire
Categories: Hijacker
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\downloaded program files\sqinstaller.exe
[%WINDOWS%]\syslauncher.exe
[%WINDOWS%]\downloaded program files\sqinstaller.exe
[%WINDOWS%]\syslauncher.exe

How to detect Xupiter.Sqwire:

Files:
[%WINDOWS%]\downloaded program files\sqinstaller.exe
[%WINDOWS%]\syslauncher.exe
[%WINDOWS%]\downloaded program files\sqinstaller.exe
[%WINDOWS%]\syslauncher.exe

Folders:
[%PROGRAM_FILES%]\sqwire
[%PROGRAMS%]\xtractor plus 3.0

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Xupiter.Sqwire:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Levil Trojan Removal instruction

Cydoor.TOPicks Adware

Removing Cydoor.TOPicks
Categories: Adware,BHO,Toolbar,Downloader
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

Cydoor.TOPicks Also known as:

[Panda]Spyware/Altnet

How to detect Cydoor.TOPicks:

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B}

Removing Cydoor.TOPicks:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove FDoS.Shiv Trojan
Bat2EXE.Dilemma!Trojan Trojan Symptoms
Removing Bancos.GDB Trojan
Remove Traffic.Yah.com Tracking Cookie

Spot.Bot Trojan

Removing Spot.Bot
Categories: Trojan,Backdoor
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.


Spot.Bot Also known as:

[Kaspersky]Backdoor.G_Spot.15,Backdoor.G_Spot.20;
[McAfee]BackDoor-AAG;
[F-Prot]security risk or a "backdoor" program;
[Panda]Backdoor Program,Trj/W32.G-Spot.15;
[Computer Associates]Backdoor/G_Spot.15!Server,Win32.Spotbot.15,Backdoor/G_Spot.20

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\gspotbot.exe
[%WINDOWS%]\system\gspotbot.exe

How to detect Spot.Bot:

Files:
[%WINDOWS%]\system\gspotbot.exe
[%WINDOWS%]\system\gspotbot.exe

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Spot.Bot:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Host.Control Trojan
Web.Page.Bomb DoS Removal
FreeGatez.Lite Trojan Removal

Excel.Yohimbe Trojan

Removing Excel.Yohimbe
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Visible Symptoms:
Files in system folders:
[%DESKTOP%]\USB Drive\Tetrinet\TETRINET.TXT
[%DESKTOP%]\USB Drive\Tetrinet\TETRINET.TXT

How to detect Excel.Yohimbe:

Files:
[%DESKTOP%]\USB Drive\Tetrinet\TETRINET.TXT
[%DESKTOP%]\USB Drive\Tetrinet\TETRINET.TXT

Removing Excel.Yohimbe:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Swizzor.ba Downloader Removal

Win32.ColdFusion Trojan

Removing Win32.ColdFusion
Categories: Trojan,Backdoor
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.

Win32.ColdFusion Also known as:

[Kaspersky]Backdoor.Coldfuson.11.c,Backdoor.Win32.Coldfuson.11.c,Backdoor.Win32.Coldfusion.j;
[McAfee]BackDoor-AOP;
[Panda]Backdoor Program,Bck/ColdFusion.11;
[Computer Associates]Backdoor/Billg_Satan!Server,Win32/ColdFusion.E!Backdoor;
[Other]Backdoor.Colfusion,Troj/Fusion-B

Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\TEMP#01.EXE
[%PROFILE_TEMP%]\TEMPTTT$01.EXE
[%PROFILE_TEMP%]\~DP27.dll
[%SYSTEM%]\emgfx.exe
[%SYSTEM%]\SVCH0ST.com
[%SYSTEM%]\svchost.klg
[%WINDOWS%]\nwisse.exe
[%WINDOWS%]\winspols.scr
[%PROFILE_TEMP%]\TEMP#01.EXE
[%PROFILE_TEMP%]\TEMPTTT$01.EXE
[%PROFILE_TEMP%]\~DP27.dll
[%SYSTEM%]\emgfx.exe
[%SYSTEM%]\SVCH0ST.com
[%SYSTEM%]\svchost.klg
[%WINDOWS%]\nwisse.exe
[%WINDOWS%]\winspols.scr

How to detect Win32.ColdFusion:

Files:
[%PROFILE_TEMP%]\TEMP#01.EXE
[%PROFILE_TEMP%]\TEMPTTT$01.EXE
[%PROFILE_TEMP%]\~DP27.dll
[%SYSTEM%]\emgfx.exe
[%SYSTEM%]\SVCH0ST.com
[%SYSTEM%]\svchost.klg
[%WINDOWS%]\nwisse.exe
[%WINDOWS%]\winspols.scr
[%PROFILE_TEMP%]\TEMP#01.EXE
[%PROFILE_TEMP%]\TEMPTTT$01.EXE
[%PROFILE_TEMP%]\~DP27.dll
[%SYSTEM%]\emgfx.exe
[%SYSTEM%]\SVCH0ST.com
[%SYSTEM%]\svchost.klg
[%WINDOWS%]\nwisse.exe
[%WINDOWS%]\winspols.scr

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{tt9381d8f2-0288-11d0-9501-00aa00b911a5}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Win32.ColdFusion:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Messenger.Detect Spyware Information
Recso Trojan Cleaner

Stealth.Eye Backdoor

Removing Stealth.Eye
Categories: Backdoor,RAT
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.


Stealth.Eye Also known as:

[Kaspersky]Backdoor.StealthEye.10,Backdoor.StealthEye.11.a,Backdoor.StealthEye.10.b;
[Panda]Backdoor Program,Backdoor Program.LC,Bck/StealthEye;
[Computer Associates]Backdoor/StealthEye.10,Backdoor/StealthEye

How to detect Stealth.Eye:

Registry Keys:
HKEY_CLASSES_ROOT\interface\{d1320cbb-403d-483d-ae9a-688960a96977}
HKEY_LOCAL_MACHINE\software\classes\clsid\{dd1bca06-f674-424d-a08e-42da97c4d5dd}

Removing Stealth.Eye:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Cidra Trojan
Pigeon.ART Trojan Cleaner
Veloz.com Tracking Cookie Symptoms

Mosucker Trojan

Removing Mosucker
Categories: Trojan,Backdoor,RAT,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Mosucker Also known as:

[Kaspersky]Backdoor.MoSucker.10,Backdoor.Win32.MoSucker.10,Backdoor.MoSucker.11,Backdoor.Win32.MoSucker.11,Backdoor.MoSucker.21.a,Backdoor.MoSucker.21.b,Backdoor.MoSucker.20.a,Backdoor.MoSucker.20.b,Backdoor.Win32.MoSucker.20.b,Backdoor.MoSucker.30.a,Backdoor.MoSucker.30.b,Backdoor.MoSucker.30.e;
[Eset]Win32/MoSucker.C trojan,Win32/MoSucker.B trojan,Win32/MoSucker.20 trojan;
[McAfee]BackDoor-EE,BackDoor-EE.svr,Generic;
[F-Prot]security risk or a "backdoor" program,->exefile is a security risk or a "backdoor" program;
[Panda]Bck/Mosuck.1.0,Backdoor Program,Bck/Mosuck.1.1,Bck/Mosucker.21,Bck/Mosucker.210,Backdoor Program.LC,Bck/Mosucker.22,Bck/Mosucker.30,Bck/Mosucker.M,Bck/Mosuck.2.0,Bck/Mosucker.21b,Bck/MoSucker,Bck/MoSucker.30.b,Bck/Mosucker.H,Bck/Mosucker.I,Trojan Horse;
[Computer Associates]Backdoor/MoSucker,Backdoor/MoSucker_Client,Win32.Mosuck.A,Backdoor/MoSuck.1_1,Win32.Mosuck.B,Backdoor/MoSuck.2_1.B,Backdoor/Mosuck.21.B!Server,Win32.Mosuck.F,Backdoor/Mosuck.20,Backdoor/MoSucker.20,Backdoor/MoSucker.20.C,Win32.Mosuck.G,Backdoor/MoSuck.2_0,Win32.Mosuck.D,Backdoor/MoSuck.2_1,Win32.Mosuck.E,Backdoor/Mosucker.3_0a!Infector,Backdoor/Mosucker.3_0a.Fakelogin,Backdoor/Mosucker.3_0a.Icons,Backdoor/Mosucker.3_0a.Messenger,Win32.Mosuck!plugin,Backdoor/Mosuck.30.b,Backdoor/Mosuck.30.B!Client,mIRC/Mosuck!Trojan,Win32.Mosuck.L,Backdoor/MoSucker.06,Win32.Mosuck.06.A,Backdoor/Mosucker!Server,Win32.MiniMo.052,Backdoor/MoSucker.40.A,Win32.Mosuck.22

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\WEBDL.OCX
[%WINDOWS%]\buxyelbk.dll
[%WINDOWS%]\jthh.exe
[%WINDOWS%]\msnetcfg.exe
[%WINDOWS%]\qirqgs.bin
[%WINDOWS%]\system\svr.exe
[%WINDOWS%]\temp\pkg310.exe
[%WINDOWS%]\temp\pkg332.exe
[%WINDOWS%]\temp\pkg3392.exe
[%WINDOWS%]\unin0686.exe
[%WINDOWS%]\vvuijoe.exe
[%WINDOWS%]\wesapygp.sys
[%WINDOWS%]\winexec32.dli
[%WINDOWS%]\xqwrmthm.sys
[%SYSTEM%]\WEBDL.OCX
[%WINDOWS%]\buxyelbk.dll
[%WINDOWS%]\jthh.exe
[%WINDOWS%]\msnetcfg.exe
[%WINDOWS%]\qirqgs.bin
[%WINDOWS%]\system\svr.exe
[%WINDOWS%]\temp\pkg310.exe
[%WINDOWS%]\temp\pkg332.exe
[%WINDOWS%]\temp\pkg3392.exe
[%WINDOWS%]\unin0686.exe
[%WINDOWS%]\vvuijoe.exe
[%WINDOWS%]\wesapygp.sys
[%WINDOWS%]\winexec32.dli
[%WINDOWS%]\xqwrmthm.sys

How to detect Mosucker:

Files:
[%SYSTEM%]\WEBDL.OCX
[%WINDOWS%]\buxyelbk.dll
[%WINDOWS%]\jthh.exe
[%WINDOWS%]\msnetcfg.exe
[%WINDOWS%]\qirqgs.bin
[%WINDOWS%]\system\svr.exe
[%WINDOWS%]\temp\pkg310.exe
[%WINDOWS%]\temp\pkg332.exe
[%WINDOWS%]\temp\pkg3392.exe
[%WINDOWS%]\unin0686.exe
[%WINDOWS%]\vvuijoe.exe
[%WINDOWS%]\wesapygp.sys
[%WINDOWS%]\winexec32.dli
[%WINDOWS%]\xqwrmthm.sys
[%SYSTEM%]\WEBDL.OCX
[%WINDOWS%]\buxyelbk.dll
[%WINDOWS%]\jthh.exe
[%WINDOWS%]\msnetcfg.exe
[%WINDOWS%]\qirqgs.bin
[%WINDOWS%]\system\svr.exe
[%WINDOWS%]\temp\pkg310.exe
[%WINDOWS%]\temp\pkg332.exe
[%WINDOWS%]\temp\pkg3392.exe
[%WINDOWS%]\unin0686.exe
[%WINDOWS%]\vvuijoe.exe
[%WINDOWS%]\wesapygp.sys
[%WINDOWS%]\winexec32.dli
[%WINDOWS%]\xqwrmthm.sys

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{beuicvq-zpdev-zyk-oswoz-ipcjbgekjhf}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{eengqgs-gdrfc-zzvzd-thmp-dnvpuihfkre}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{hmcsqss-ejo-sdbyh-rcwb-ypenjkwjze}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{mbubrwf-krfhc-cpg-qygw-lrjscpnsur}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{rtemrsp-vhe-kgsoz-enjdg-tdtfhwtknffn}

Removing Mosucker:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
CWS.MSInfo Hijacker Information
Seecha Adware Cleaner
SillyDl.CWT Trojan Removal
Remove Fawx DoS

KeyLogger.Pro Spyware

Removing KeyLogger.Pro
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\McAfee\McAfee Firewall\CPD.EXE
[%SYSTEM%]\tvdhlom.dll
[%WINDOWS%]\kpconfig.dat
[%WINDOWS%]\kplog32.dll
[%WINDOWS%]\klphks.dll
[%WINDOWS%]\klpsscap.dll
[%PROGRAM_FILES%]\McAfee\McAfee Firewall\CPD.EXE
[%SYSTEM%]\tvdhlom.dll
[%WINDOWS%]\kpconfig.dat
[%WINDOWS%]\kplog32.dll
[%WINDOWS%]\klphks.dll
[%WINDOWS%]\klpsscap.dll

How to detect KeyLogger.Pro:

Files:
[%PROGRAM_FILES%]\McAfee\McAfee Firewall\CPD.EXE
[%SYSTEM%]\tvdhlom.dll
[%WINDOWS%]\kpconfig.dat
[%WINDOWS%]\kplog32.dll
[%WINDOWS%]\klphks.dll
[%WINDOWS%]\klpsscap.dll
[%PROGRAM_FILES%]\McAfee\McAfee Firewall\CPD.EXE
[%SYSTEM%]\tvdhlom.dll
[%WINDOWS%]\kpconfig.dat
[%WINDOWS%]\kplog32.dll
[%WINDOWS%]\klphks.dll
[%WINDOWS%]\klpsscap.dll

Folders:
[%PROGRAMS%]\keylogger pro
[%PROGRAMS%]\keylogger pro trial

Registry Keys:
HKEY_CURRENT_USER\software\exploreanywhere
HKEY_LOCAL_MACHINE\software\exploreanywhere
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\keylogger pro
HKEY_LOCAL_MACHINE\software\explorea
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\keylogger pro

Registry Values:
HKEY_LOCAL_MACHINE\software\exploreanywhere software\keyloggerpro
HKEY_LOCAL_MACHINE\software\exploreanywhere software\keyloggerpro
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\keylogger pro trial
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\keylogger pro trial
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\keylogger pro trial
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\keylogger pro trial

Removing KeyLogger.Pro:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Pigeon.AVFP Trojan
Removing FavoriteMan BHO

CWS.conyc Hijacker

Removing CWS.conyc
Categories: Hijacker
A Search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

How to detect CWS.conyc:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{815a82ae-cdef-11d8-ba48-a6d245798277}
HKEY_CLASSES_ROOT\interface\{815a82ad-cdef-11d8-ba48-a6d245798277}
HKEY_CLASSES_ROOT\toolband_atl.band_ie
HKEY_CLASSES_ROOT\toolband_atl.band_ie.1
HKEY_CLASSES_ROOT\typelib\{28f65fbe-d130-11d8-ba48-8be0c49af370}
HKEY_CLASSES_ROOT\typelib\{815a82a1-cdef-11d8-ba48-a6d245798277}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\popup blocker
HKEY_LOCAL_MACHINE\software\tim

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar

Removing CWS.conyc:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove TTC Adware
VB.lt Trojan Symptoms

Diego Backdoor

Removing Diego
Categories: Backdoor,RAT
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.

Diego Also known as:

[Kaspersky]Backdoor.Diego;
[McAfee]BackDoor-RM;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/Diego;
[Computer Associates]Backdoor/Diego!Server

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\microsoftdll.exe
[%WINDOWS%]\system\microsoftdll.exe

How to detect Diego:

Files:
[%WINDOWS%]\system\microsoftdll.exe
[%WINDOWS%]\system\microsoftdll.exe

Removing Diego:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
spoof.message Trojan Removal
BlueAngel Trojan Removal instruction
Hotfe Trojan Removal
Windows.Key.Analyst Trojan Removal
Remove Internet.Spy Spyware

BackLash Trojan

Removing BackLash
Categories: Trojan,Backdoor,RAT
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

BackLash Also known as:

[Kaspersky]Backdoor.Backlash.101;
[Eset]Win32/Backlash.101 trojan;
[Computer Associates]Backdoor/AntiLamer Server family,Win32.BackLash.101

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\d3d8thk.exe
[%WINDOWS%]\d3d8thk.exe

How to detect BackLash:

Files:
[%WINDOWS%]\d3d8thk.exe
[%WINDOWS%]\d3d8thk.exe

Removing BackLash:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove TinyScorp!Backdoor Trojan
IGMP.Nuke Hacker Tool Removal instruction

Khe.Sanh.Lite RAT

Removing Khe.Sanh.Lite
Categories: RAT
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\kssrv.exe
[%WINDOWS%]\system\kssrv.exe

How to detect Khe.Sanh.Lite:

Files:
[%WINDOWS%]\system\kssrv.exe
[%WINDOWS%]\system\kssrv.exe

Removing Khe.Sanh.Lite:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing W95.Blarney.cmp Trojan

Netguarder.Web.Cleaner Adware

Removing Netguarder.Web.Cleaner
Categories: Adware,BHO,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\webtool.dll
[%WINDOWS%]\system\webtool.dll
[%SYSTEM%]\webtool.dll
[%WINDOWS%]\system\webtool.dll

How to detect Netguarder.Web.Cleaner:

Files:
[%SYSTEM%]\webtool.dll
[%WINDOWS%]\system\webtool.dll
[%SYSTEM%]\webtool.dll
[%WINDOWS%]\system\webtool.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{f585d290-1bf4-480a-aec2-4182593f1e32}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{f585d290-1bf4-480a-aec2-4182593f1e32}
HKEY_LOCAL_MACHINE\software\classes\clsid\{f585d290-1bf4-480a-aec2-4182593f1e32}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{f585d290-1bf4-480a-aec2-4182593f1e32}

Removing Netguarder.Web.Cleaner:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Excite Tracking Cookie Removal

BrowserAid.Featured.Results BHO

Removing BrowserAid.Featured.Results
Categories: BHO
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.

BrowserAid.Featured.Results Also known as:

[Panda]Adware/BrowserAid

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\msiefr40.dll
[%WINDOWS%]\system\msiefr40.dll
[%SYSTEM%]\msiefr40.dll
[%WINDOWS%]\system\msiefr40.dll

How to detect BrowserAid.Featured.Results:

Files:
[%SYSTEM%]\msiefr40.dll
[%WINDOWS%]\system\msiefr40.dll
[%SYSTEM%]\msiefr40.dll
[%WINDOWS%]\system\msiefr40.dll

Registry Keys:
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{0ddbb570-0396-44c9-986a-8f6f61a51c2f}
HKEY_LOCAL_MACHINE\software\classes\clsid\{0ddbb570-0396-44c9-986a-8f6f61a51c2f}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0ddbb570-0396-44c9-986a-8f6f61a51c2f}

Removing BrowserAid.Featured.Results:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
QDel17 Trojan Cleaner
Remove Botao Trojan
LoveLiao Toolbar Symptoms
AOLPS Trojan Removal instruction
Removing SillyDL.5Ie! Adware

Comet.DMServer Downloader

Removing Comet.DMServer
Categories: Downloader
Trojans-downloaders downloads and installs new malware or adware on the computer.


Comet.DMServer Also known as:

[Kaspersky]TrojanDownloader.Win32.Comet;
[Panda]Adware/Comet

How to detect Comet.DMServer:

Folders:
[%PROGRAM_FILES%]\comets~1

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Comet.DMServer:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
VB.dz Trojan Removal instruction
Destruction DoS Cleaner
Bancos.GSS Trojan Removal
Blood.Lust Trojan Removal instruction

Zlob.Fam.PrivateVideo Trojan

Removing Zlob.Fam.PrivateVideo
Categories: Trojan,Popups
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
The pop-ups generally will not be stopped by pop-up stoppers, and often are
not dependent on your having Internet Explorer open.

How to detect Zlob.Fam.PrivateVideo:

Folders:
[%PROGRAMS%]\PrivateVideo
[%PROGRAM_FILES%]\PrivateVideo

Registry Keys:
HKEY_CLASSES_ROOT\privatevideo
HKEY_CURRENT_USER\Software\PrivateVideo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PrivateVideo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrivateVideo

Removing Zlob.Fam.PrivateVideo:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove SillyDl.CPV Trojan
Win32.TrojanDownloader.Tooncom Downloader Removal

JoyURLs19 Adware

Removing JoyURLs19
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

JoyURLs19 Also known as:

[Other]Trojan Horse

Visible Symptoms:
Files in system folders:
[%DESKTOP%]\games.url
[%PROGRAM_FILES%]\joystick networks\setup\alienicon.ico
[%PROGRAM_FILES%]\joystick networks\setup\celebs.ico
[%PROGRAM_FILES%]\joystick networks\setup\gamesjoy.ico
[%PROGRAM_FILES%]\joystick networks\setup\imgiant.ico
[%PROGRAM_FILES%]\joystick networks\setup\joystick.ico
[%DESKTOP%]\alien icons.url
[%DESKTOP%]\bling bling icons.url
[%DESKTOP%]\celebrity news.url
[%DESKTOP%]\funny movies.url
[%DESKTOP%]\games.url
[%DESKTOP%]\joystick cheats.url
[%DESKTOP%]\screen savers.url
[%WINDOWS%]\prefetch\joyurls19.exe-317625aa.pf
[%WINDOWS%]\prefetch\myurlff.exe-2a1e7307.pf
[%DESKTOP%]\games.url
[%PROGRAM_FILES%]\joystick networks\setup\alienicon.ico
[%PROGRAM_FILES%]\joystick networks\setup\celebs.ico
[%PROGRAM_FILES%]\joystick networks\setup\gamesjoy.ico
[%PROGRAM_FILES%]\joystick networks\setup\imgiant.ico
[%PROGRAM_FILES%]\joystick networks\setup\joystick.ico
[%DESKTOP%]\alien icons.url
[%DESKTOP%]\bling bling icons.url
[%DESKTOP%]\celebrity news.url
[%DESKTOP%]\funny movies.url
[%DESKTOP%]\games.url
[%DESKTOP%]\joystick cheats.url
[%DESKTOP%]\screen savers.url
[%WINDOWS%]\prefetch\joyurls19.exe-317625aa.pf
[%WINDOWS%]\prefetch\myurlff.exe-2a1e7307.pf

How to detect JoyURLs19:

Files:
[%DESKTOP%]\games.url
[%PROGRAM_FILES%]\joystick networks\setup\alienicon.ico
[%PROGRAM_FILES%]\joystick networks\setup\celebs.ico
[%PROGRAM_FILES%]\joystick networks\setup\gamesjoy.ico
[%PROGRAM_FILES%]\joystick networks\setup\imgiant.ico
[%PROGRAM_FILES%]\joystick networks\setup\joystick.ico
[%DESKTOP%]\alien icons.url
[%DESKTOP%]\bling bling icons.url
[%DESKTOP%]\celebrity news.url
[%DESKTOP%]\funny movies.url
[%DESKTOP%]\games.url
[%DESKTOP%]\joystick cheats.url
[%DESKTOP%]\screen savers.url
[%WINDOWS%]\prefetch\joyurls19.exe-317625aa.pf
[%WINDOWS%]\prefetch\myurlff.exe-2a1e7307.pf
[%DESKTOP%]\games.url
[%PROGRAM_FILES%]\joystick networks\setup\alienicon.ico
[%PROGRAM_FILES%]\joystick networks\setup\celebs.ico
[%PROGRAM_FILES%]\joystick networks\setup\gamesjoy.ico
[%PROGRAM_FILES%]\joystick networks\setup\imgiant.ico
[%PROGRAM_FILES%]\joystick networks\setup\joystick.ico
[%DESKTOP%]\alien icons.url
[%DESKTOP%]\bling bling icons.url
[%DESKTOP%]\celebrity news.url
[%DESKTOP%]\funny movies.url
[%DESKTOP%]\games.url
[%DESKTOP%]\joystick cheats.url
[%DESKTOP%]\screen savers.url
[%WINDOWS%]\prefetch\joyurls19.exe-317625aa.pf
[%WINDOWS%]\prefetch\myurlff.exe-2a1e7307.pf

Folders:
[%PROGRAM_FILES%]\joystick networks

Removing JoyURLs19:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
adfox.ru Tracking Cookie Removal instruction
Vxidl.AYC Trojan Symptoms
New.Downloader Trojan Cleaner

SysVenFakU Adware

Removing SysVenFakU
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

How to detect SysVenFakU:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing SysVenFakU:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Vxidl.BFJ Trojan Information
Removing mindshare.de Tracking Cookie
Angelfire Trojan Symptoms

ESyndicate Adware

Removing ESyndicate
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.


Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\eSyndicateInst.exe
[%PROGRAM_FILES%]\eSyndicate\esyn.dll
[%PROGRAMS%]\documents and settings\douglas\local settings\temp\esyndicateinst.exe
[%PROFILE_TEMP%]\eSyndicateInst.exe
[%PROGRAM_FILES%]\eSyndicate\esyn.dll
[%PROGRAMS%]\documents and settings\douglas\local settings\temp\esyndicateinst.exe

How to detect ESyndicate:

Files:
[%PROFILE_TEMP%]\eSyndicateInst.exe
[%PROGRAM_FILES%]\eSyndicate\esyn.dll
[%PROGRAMS%]\documents and settings\douglas\local settings\temp\esyndicateinst.exe
[%PROFILE_TEMP%]\eSyndicateInst.exe
[%PROGRAM_FILES%]\eSyndicate\esyn.dll
[%PROGRAMS%]\documents and settings\douglas\local settings\temp\esyndicateinst.exe

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{CC378B83-9577-44D0-B4F8-0DD965E176FC}
HKEY_CLASSES_ROOT\esyn.band.1
HKEY_CLASSES_ROOT\typelib\{4e627a1e-bc4b-4faf-8de8-1d9a54d37da3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC378B83-9577-44D0-B4F8-0DD965E176FC}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\esyndicate
HKEY_CLASSES_ROOT\clsid\{cc378b83-9577-44d0-b4f8-0dd965e176fc}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{cc378b83-9577-44d0-b4f8-0dd965e176fc}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing ESyndicate:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.AVEI Trojan Information

SillyDl.DHY Trojan

Removing SillyDl.DHY
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\Att.xpt
[%SYSTEM%]\ischot.exe
[%SYSTEM%]\mscheld.xpt
[%SYSTEM%]\MscheldB.exe
[%SYSTEM%]\MscheldBra.exe
[%SYSTEM%]\MscheldBra2.exe
[%SYSTEM%]\Mscheldncx.scr
[%SYSTEM%]\Mscheldork.scr
[%SYSTEM%]\msnnet.exe
[%SYSTEM%]\zt3.exe
[%WINDOWS%]\MscheldB.ocx
[%WINDOWS%]\MscheldBra.ocx
[%WINDOWS%]\MscheldBra2.ocx
[%WINDOWS%]\netstart.ocx
[%SYSTEM%]\Att.xpt
[%SYSTEM%]\ischot.exe
[%SYSTEM%]\mscheld.xpt
[%SYSTEM%]\MscheldB.exe
[%SYSTEM%]\MscheldBra.exe
[%SYSTEM%]\MscheldBra2.exe
[%SYSTEM%]\Mscheldncx.scr
[%SYSTEM%]\Mscheldork.scr
[%SYSTEM%]\msnnet.exe
[%SYSTEM%]\zt3.exe
[%WINDOWS%]\MscheldB.ocx
[%WINDOWS%]\MscheldBra.ocx
[%WINDOWS%]\MscheldBra2.ocx
[%WINDOWS%]\netstart.ocx

How to detect SillyDl.DHY:

Files:
[%SYSTEM%]\Att.xpt
[%SYSTEM%]\ischot.exe
[%SYSTEM%]\mscheld.xpt
[%SYSTEM%]\MscheldB.exe
[%SYSTEM%]\MscheldBra.exe
[%SYSTEM%]\MscheldBra2.exe
[%SYSTEM%]\Mscheldncx.scr
[%SYSTEM%]\Mscheldork.scr
[%SYSTEM%]\msnnet.exe
[%SYSTEM%]\zt3.exe
[%WINDOWS%]\MscheldB.ocx
[%WINDOWS%]\MscheldBra.ocx
[%WINDOWS%]\MscheldBra2.ocx
[%WINDOWS%]\netstart.ocx
[%SYSTEM%]\Att.xpt
[%SYSTEM%]\ischot.exe
[%SYSTEM%]\mscheld.xpt
[%SYSTEM%]\MscheldB.exe
[%SYSTEM%]\MscheldBra.exe
[%SYSTEM%]\MscheldBra2.exe
[%SYSTEM%]\Mscheldncx.scr
[%SYSTEM%]\Mscheldork.scr
[%SYSTEM%]\msnnet.exe
[%SYSTEM%]\zt3.exe
[%WINDOWS%]\MscheldB.ocx
[%WINDOWS%]\MscheldBra.ocx
[%WINDOWS%]\MscheldBra2.ocx
[%WINDOWS%]\netstart.ocx

Removing SillyDl.DHY:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Annoy.Toys RAT Information

Bancos.IFR Trojan

Removing Bancos.IFR
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Bancos.IFR Also known as:

[Kaspersky]Trojan.Win32.VB.avk;
[Other]Win32/Bancos.IFR,Infostealer,TrojanSpy:Win32/VB.LA

Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES_COMMON%]\fzx9823.exe
[%PROGRAM_FILES_COMMON%]\smss.exe
[%PROGRAM_FILES_COMMON%]\winlogon.exe
[%PROGRAM_FILES_COMMON%]\_fe12rmp.exe
[%PROGRAM_FILES_COMMON%]\fzx9823.exe
[%PROGRAM_FILES_COMMON%]\smss.exe
[%PROGRAM_FILES_COMMON%]\winlogon.exe
[%PROGRAM_FILES_COMMON%]\_fe12rmp.exe

How to detect Bancos.IFR:

Files:
[%PROGRAM_FILES_COMMON%]\fzx9823.exe
[%PROGRAM_FILES_COMMON%]\smss.exe
[%PROGRAM_FILES_COMMON%]\winlogon.exe
[%PROGRAM_FILES_COMMON%]\_fe12rmp.exe
[%PROGRAM_FILES_COMMON%]\fzx9823.exe
[%PROGRAM_FILES_COMMON%]\smss.exe
[%PROGRAM_FILES_COMMON%]\winlogon.exe
[%PROGRAM_FILES_COMMON%]\_fe12rmp.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Bancos.IFR:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Get.Admin Trojan Cleaner
Eixes Trojan Removal instruction

Friday, January 30, 2009

Win32.QQRob Trojan

Removing Win32.QQRob
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Win32.QQRob Also known as:

[Kaspersky]Trojan-PSW.Win32.QQRob.an,Trojan-PSW.Win32.QQRob.15,Trojan-PSW.Win32.QQRob.af;
[McAfee]PWS-QQRob;
[F-Prot]W32/QQRob.D@pws,W32/QQRob.A@pws,W32/QQRob.C@pws;
[Other]Troj/QQRob-AW,Troj/QQRob-CT,W32/QQRob.BZ

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\NTdhcp.exe
[%SYSTEM%]\SVCHOT.exe
[%SYSTEM%]\NTdhcp.exe
[%SYSTEM%]\SVCHOT.exe

How to detect Win32.QQRob:

Files:
[%SYSTEM%]\NTdhcp.exe
[%SYSTEM%]\SVCHOT.exe
[%SYSTEM%]\NTdhcp.exe
[%SYSTEM%]\SVCHOT.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Win32.QQRob:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Cold.Fusion.1d.Socks4.Plugin RAT Removal
Bancos.GRK Trojan Information
Pigeon.ARY Trojan Cleaner
Remove Snowdoor.Server Trojan
Givoree Trojan Removal instruction

Aditer Trojan

Removing Aditer
Categories: Trojan,Adware
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.


Aditer Also known as:

[Kaspersky]Trojan.Win32.Aditer.b,Trojan.Win32.Aditer;
[Panda]Trojan Horse;
[Computer Associates]Win32/Aditer.74754!Trojan;
[Other]Win32/Aditer.B

How to detect Aditer:

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing Aditer:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Dyfuca Trojan Removal instruction

Mumuboy Trojan

Removing Mumuboy
Categories: Trojan,Spyware
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

Mumuboy Also known as:

[Panda]Trojan Horse;
[Computer Associates]Win32/Mumuboy!Trojan

Visible Symptoms:
Files in system folders:
[%PROFILE%]\explorer.exe
[%PROFILE_TEMP%]\17226\explorer.exe
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\explorer.exe
[%PROGRAM_FILES%]\thread22\explorer.exe
[%PROGRAM_FILES%]\WNSXS~1\explorer.exe
[%SYSTEM%]\EXPLORER.EXE
[%SYSTEM%]\Sys\Explorer.exe
[%WINDOWS%]\$NtServicePackUninstall$\explorer.exe
[%WINDOWS%]\ServicePackFiles\i386\explorer.exe
[%WINDOWS%]\system\explorer.exe
[%PROFILE%]\explorer.exe
[%PROFILE_TEMP%]\17226\explorer.exe
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\explorer.exe
[%PROGRAM_FILES%]\thread22\explorer.exe
[%PROGRAM_FILES%]\WNSXS~1\explorer.exe
[%SYSTEM%]\EXPLORER.EXE
[%SYSTEM%]\Sys\Explorer.exe
[%WINDOWS%]\$NtServicePackUninstall$\explorer.exe
[%WINDOWS%]\ServicePackFiles\i386\explorer.exe
[%WINDOWS%]\system\explorer.exe

How to detect Mumuboy:

Files:
[%PROFILE%]\explorer.exe
[%PROFILE_TEMP%]\17226\explorer.exe
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\explorer.exe
[%PROGRAM_FILES%]\thread22\explorer.exe
[%PROGRAM_FILES%]\WNSXS~1\explorer.exe
[%SYSTEM%]\EXPLORER.EXE
[%SYSTEM%]\Sys\Explorer.exe
[%WINDOWS%]\$NtServicePackUninstall$\explorer.exe
[%WINDOWS%]\ServicePackFiles\i386\explorer.exe
[%WINDOWS%]\system\explorer.exe
[%PROFILE%]\explorer.exe
[%PROFILE_TEMP%]\17226\explorer.exe
[%PROGRAM_FILES%]\Internet Explorer\PLUGINS\explorer.exe
[%PROGRAM_FILES%]\thread22\explorer.exe
[%PROGRAM_FILES%]\WNSXS~1\explorer.exe
[%SYSTEM%]\EXPLORER.EXE
[%SYSTEM%]\Sys\Explorer.exe
[%WINDOWS%]\$NtServicePackUninstall$\explorer.exe
[%WINDOWS%]\ServicePackFiles\i386\explorer.exe
[%WINDOWS%]\system\explorer.exe

Registry Values:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Removing Mumuboy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Hero Trojan Removal instruction
WinHound Ransomware Information
Bumba Trojan Cleaner
Pigeon.AVKJ Trojan Symptoms
Remove DSK.Lite Spyware