Categories: Trojan,Adware
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.
[Kaspersky]AdWare.Win32.Boran.c,AdWare.Win32.Boran.i,AdWare.Win32.Boran.e,AdWare.Win32.Borlan.x,AdWare.Win32.Boran.ab,AdWare.Win32.Borlan.ab,AdWare.Win32.Boran.p,AdWare.Win32.Boran.w,AdWare.Win32.Boran.z,AdWare.Win32.Boran.ae,AdWare.Win32.Boran.o,AdWare.Win32.Borlan.aj,AdWare.Win32.Boran.ah,AdWare.Win32.Boran.bh;
[McAfee]Adware-Boran,Adware-Borlan,Adware-Boran-gen,Adware-Boran.gen,Adware-Borlan.gen,Generic PUP.g,Adware-Borlan.dr;
[F-Prot]W32/AdwareX.ADH,W32/OnlineGames.A.gen!Eldorado;
[Other]Adware.Borlan,AdWare.Borlan,Trojan Horse,Trojan.Win32.Agent.zl,Borlan.MMsAssist,W32/Boran.AH.dropper,Program:Win32/MMSAssist,W32/Boran.QI,W32/Borlan.AE.dropper,W32/Agent.CWZQVisible Symptoms:
Files in system folders:
[%RECENT%]\working.lnk
[%PROFILE%]\Recent\Albus.lnk
[%PROFILE%]\Recent\working.lnk
[%PROFILE_TEMP%]\13_386.exe
[%PROFILE_TEMP%]\DecFile.exe
[%PROFILE_TEMP%]\mms_661.exe
[%PROGRAM_FILES%]\vision\almms.dat
[%PROGRAM_FILES%]\vision\alvsn.dll
[%PROGRAM_FILES%]\vision\updateex.ini
[%PROGRAM_FILES%]\vision\updvsnex.ini
[%PROGRAM_FILES%]\vision\vision.dll
[%PROGRAM_FILES%]\vision\vision.ini
[%PROGRAM_FILES%]\vision\visver.dll
[%PROGRAM_FILES%]\ynxq\crbu.ini
[%PROGRAM_FILES%]\ynxq\etdw.dll
[%PROGRAM_FILES%]\ynxq\odng.lex
[%SYSTEM%]\00005119.DAT
[%SYSTEM%]\ad_2234.exe
[%SYSTEM%]\Albus.DAT
[%SYSTEM%]\albus.dll
[%SYSTEM%]\almms.dat
[%SYSTEM%]\alpst.dat
[%SYSTEM%]\alsmt.exe
[%SYSTEM%]\alstd.dat
[%SYSTEM%]\drivers\00005119.SYS
[%SYSTEM%]\drivers\00006397.SYS
[%SYSTEM%]\drivers\Albus.SYS
[%SYSTEM%]\drivers\iExplorer.exe
[%SYSTEM%]\std.ini
[%SYSTEM%]\stdact.ini
[%SYSTEM%]\stdd.ini
[%SYSTEM%]\stdplay.dll
[%SYSTEM%]\stdstub.dll
[%SYSTEM%]\STDSVER.DLL
[%SYSTEM%]\stdup.dll
[%SYSTEM%]\stdup.uni
[%SYSTEM%]\stdupnet.dll
[%SYSTEM%]\stdvote.dll
[%SYSTEM%]\updadini.ini
[%SYSTEM%]\updstdex.ini
[%SYSTEM%]\updstdup.ini
[%WINDOWS%]\Delrixing.bat
[%WINDOWS%]\Delskynet.bat
[%WINDOWS%]\Help\winmail.chm
[%RECENT%]\working.lnk
[%PROFILE%]\Recent\Albus.lnk
[%PROFILE%]\Recent\working.lnk
[%PROFILE_TEMP%]\13_386.exe
[%PROFILE_TEMP%]\DecFile.exe
[%PROFILE_TEMP%]\mms_661.exe
[%PROGRAM_FILES%]\vision\almms.dat
[%PROGRAM_FILES%]\vision\alvsn.dll
[%PROGRAM_FILES%]\vision\updateex.ini
[%PROGRAM_FILES%]\vision\updvsnex.ini
[%PROGRAM_FILES%]\vision\vision.dll
[%PROGRAM_FILES%]\vision\vision.ini
[%PROGRAM_FILES%]\vision\visver.dll
[%PROGRAM_FILES%]\ynxq\crbu.ini
[%PROGRAM_FILES%]\ynxq\etdw.dll
[%PROGRAM_FILES%]\ynxq\odng.lex
[%SYSTEM%]\00005119.DAT
[%SYSTEM%]\ad_2234.exe
[%SYSTEM%]\Albus.DAT
[%SYSTEM%]\albus.dll
[%SYSTEM%]\almms.dat
[%SYSTEM%]\alpst.dat
[%SYSTEM%]\alsmt.exe
[%SYSTEM%]\alstd.dat
[%SYSTEM%]\drivers\00005119.SYS
[%SYSTEM%]\drivers\00006397.SYS
[%SYSTEM%]\drivers\Albus.SYS
[%SYSTEM%]\drivers\iExplorer.exe
[%SYSTEM%]\std.ini
[%SYSTEM%]\stdact.ini
[%SYSTEM%]\stdd.ini
[%SYSTEM%]\stdplay.dll
[%SYSTEM%]\stdstub.dll
[%SYSTEM%]\STDSVER.DLL
[%SYSTEM%]\stdup.dll
[%SYSTEM%]\stdup.uni
[%SYSTEM%]\stdupnet.dll
[%SYSTEM%]\stdvote.dll
[%SYSTEM%]\updadini.ini
[%SYSTEM%]\updstdex.ini
[%SYSTEM%]\updstdup.ini
[%WINDOWS%]\Delrixing.bat
[%WINDOWS%]\Delskynet.bat
[%WINDOWS%]\Help\winmail.chm How to detect Borlan:
Files:
[%RECENT%]\working.lnk
[%PROFILE%]\Recent\Albus.lnk
[%PROFILE%]\Recent\working.lnk
[%PROFILE_TEMP%]\13_386.exe
[%PROFILE_TEMP%]\DecFile.exe
[%PROFILE_TEMP%]\mms_661.exe
[%PROGRAM_FILES%]\vision\almms.dat
[%PROGRAM_FILES%]\vision\alvsn.dll
[%PROGRAM_FILES%]\vision\updateex.ini
[%PROGRAM_FILES%]\vision\updvsnex.ini
[%PROGRAM_FILES%]\vision\vision.dll
[%PROGRAM_FILES%]\vision\vision.ini
[%PROGRAM_FILES%]\vision\visver.dll
[%PROGRAM_FILES%]\ynxq\crbu.ini
[%PROGRAM_FILES%]\ynxq\etdw.dll
[%PROGRAM_FILES%]\ynxq\odng.lex
[%SYSTEM%]\00005119.DAT
[%SYSTEM%]\ad_2234.exe
[%SYSTEM%]\Albus.DAT
[%SYSTEM%]\albus.dll
[%SYSTEM%]\almms.dat
[%SYSTEM%]\alpst.dat
[%SYSTEM%]\alsmt.exe
[%SYSTEM%]\alstd.dat
[%SYSTEM%]\drivers\00005119.SYS
[%SYSTEM%]\drivers\00006397.SYS
[%SYSTEM%]\drivers\Albus.SYS
[%SYSTEM%]\drivers\iExplorer.exe
[%SYSTEM%]\std.ini
[%SYSTEM%]\stdact.ini
[%SYSTEM%]\stdd.ini
[%SYSTEM%]\stdplay.dll
[%SYSTEM%]\stdstub.dll
[%SYSTEM%]\STDSVER.DLL
[%SYSTEM%]\stdup.dll
[%SYSTEM%]\stdup.uni
[%SYSTEM%]\stdupnet.dll
[%SYSTEM%]\stdvote.dll
[%SYSTEM%]\updadini.ini
[%SYSTEM%]\updstdex.ini
[%SYSTEM%]\updstdup.ini
[%WINDOWS%]\Delrixing.bat
[%WINDOWS%]\Delskynet.bat
[%WINDOWS%]\Help\winmail.chm
[%RECENT%]\working.lnk
[%PROFILE%]\Recent\Albus.lnk
[%PROFILE%]\Recent\working.lnk
[%PROFILE_TEMP%]\13_386.exe
[%PROFILE_TEMP%]\DecFile.exe
[%PROFILE_TEMP%]\mms_661.exe
[%PROGRAM_FILES%]\vision\almms.dat
[%PROGRAM_FILES%]\vision\alvsn.dll
[%PROGRAM_FILES%]\vision\updateex.ini
[%PROGRAM_FILES%]\vision\updvsnex.ini
[%PROGRAM_FILES%]\vision\vision.dll
[%PROGRAM_FILES%]\vision\vision.ini
[%PROGRAM_FILES%]\vision\visver.dll
[%PROGRAM_FILES%]\ynxq\crbu.ini
[%PROGRAM_FILES%]\ynxq\etdw.dll
[%PROGRAM_FILES%]\ynxq\odng.lex
[%SYSTEM%]\00005119.DAT
[%SYSTEM%]\ad_2234.exe
[%SYSTEM%]\Albus.DAT
[%SYSTEM%]\albus.dll
[%SYSTEM%]\almms.dat
[%SYSTEM%]\alpst.dat
[%SYSTEM%]\alsmt.exe
[%SYSTEM%]\alstd.dat
[%SYSTEM%]\drivers\00005119.SYS
[%SYSTEM%]\drivers\00006397.SYS
[%SYSTEM%]\drivers\Albus.SYS
[%SYSTEM%]\drivers\iExplorer.exe
[%SYSTEM%]\std.ini
[%SYSTEM%]\stdact.ini
[%SYSTEM%]\stdd.ini
[%SYSTEM%]\stdplay.dll
[%SYSTEM%]\stdstub.dll
[%SYSTEM%]\STDSVER.DLL
[%SYSTEM%]\stdup.dll
[%SYSTEM%]\stdup.uni
[%SYSTEM%]\stdupnet.dll
[%SYSTEM%]\stdvote.dll
[%SYSTEM%]\updadini.ini
[%SYSTEM%]\updstdex.ini
[%SYSTEM%]\updstdup.ini
[%WINDOWS%]\Delrixing.bat
[%WINDOWS%]\Delskynet.bat
[%WINDOWS%]\Help\winmail.chm
Folders:
[%PROGRAM_FILES%]\mmsassist
[%PROGRAM_FILES%]\snbr
[%PROGRAM_FILES%]\sswv
[%PROGRAM_FILES%]\vision\updvsn
[%PROGRAM_FILES%]\vision\updvsnex
[%PROGRAM_FILES_COMMON%]\snbr
[%SYSTEM%]\stdcache
[%SYSTEM%]\updadini
[%SYSTEM%]\updstdex
[%SYSTEM%]\updstdup
[%WINDOWS%]\Temp\adgug
[%WINDOWS%]\Temp\inspstb
[%WINDOWS%]\Temp\insshell
[%WINDOWS%]\Temp\invison
[%WINDOWS%]\webwork
[%WINDOWS%]\wincup
Registry Keys:
HKEY_CURRENT_USER\software\rfo
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_albus
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_winwrcup
HKEY_CLASSES_ROOT\ad.axobj
HKEY_CLASSES_ROOT\ad.axobj.1
HKEY_CLASSES_ROOT\clsid\{0d24de39-9061-4377-881b-ee7b8af81c86}
HKEY_CLASSES_ROOT\clsid\{1978f4be-8d76-42cf-90bd-288ece576296}
HKEY_CLASSES_ROOT\clsid\{1fb890bf-76ff-46c5-848b-e3a11e1af06c}
HKEY_CLASSES_ROOT\clsid\{46d4ba6d-2d37-429e-b4b8-64c543dda7a2}
HKEY_CLASSES_ROOT\clsid\{4c611512-2c1d-44b2-a044-872ad2ad5a61}
HKEY_CLASSES_ROOT\clsid\{535fabd5-adfb-4dba-846e-8d022863089a}
HKEY_CLASSES_ROOT\clsid\{64223f78-e086-4fc0-97dd-d5f3f77928e7}
HKEY_CLASSES_ROOT\clsid\{6671a431-5c3d-463d-a7cf-5587f9b7e191}
HKEY_CLASSES_ROOT\clsid\{6671a432-5c3d-463d-a7cf-5587f9b7e191}
HKEY_CLASSES_ROOT\clsid\{6a512bf7-ec78-4e8d-9841-6c02e8fa9838}
HKEY_CLASSES_ROOT\clsid\{7117fb5e-7571-48e7-a9b0-5288412fe996}
HKEY_CLASSES_ROOT\clsid\{766c79d4-d442-41eb-880d-b0001cdf535e}
HKEY_CLASSES_ROOT\clsid\{8c592122-eacb-4c07-9c91-19974c7555f9}
HKEY_CLASSES_ROOT\clsid\{98ad3238-a23a-421a-8e0b-4bae8194ace8}
HKEY_CLASSES_ROOT\clsid\{98d3c58a-ea4d-4d7f-b03a-20e4bd03d8f6}
HKEY_CLASSES_ROOT\clsid\{9b220093-61bf-4aa6-aa0e-493c3ef2af27}
HKEY_CLASSES_ROOT\clsid\{ee658ba1-5ca4-4081-8934-a12ec93952ea}
HKEY_CLASSES_ROOT\clsid\{f15673f9-78f3-4ee8-b0d7-19575e37624a}
HKEY_CLASSES_ROOT\fbdf84372483f7693f63ff
HKEY_CLASSES_ROOT\insii.brins
HKEY_CLASSES_ROOT\interface\{74289a79-e652-4a57-a6b9-ee64ad532a8d}
HKEY_CLASSES_ROOT\interface\{74289a7a-e652-4a57-a6b9-ee64ad532a8d}
HKEY_CLASSES_ROOT\interface\{ab45ce36-c280-4525-bcf9-1bd01d3e4b57}
HKEY_CLASSES_ROOT\kfwjho.kfwjssist
HKEY_CLASSES_ROOT\kfwjho.kfwjssist.1
HKEY_CLASSES_ROOT\kfwjho.kfwjssistmenu
HKEY_CLASSES_ROOT\kfwjho.kfwjssistmenu.1
HKEY_CLASSES_ROOT\kuoqho.kuoqssist
HKEY_CLASSES_ROOT\kuoqho.kuoqssist.1
HKEY_CLASSES_ROOT\kuoqho.kuoqssistmenu
HKEY_CLASSES_ROOT\kuoqho.kuoqssistmenu.1
HKEY_CLASSES_ROOT\mmsbho.mmsassist
HKEY_CLASSES_ROOT\mmsbho.mmsassist.1
HKEY_CLASSES_ROOT\mmsbho.mmsassistmenu
HKEY_CLASSES_ROOT\mmsbho.mmsassistmenu.1
HKEY_CLASSES_ROOT\typelib\{077525ac-c681-4139-8c3e-b582bdd375c7}
HKEY_CLASSES_ROOT\typelib\{22f87d75-7dd1-4545-94b3-ca80c0f462c6}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{6a512bf7-ec78-4e8d-9841-6c02e8fa9838}
HKEY_LOCAL_MACHINE\software\fpjl
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{6671a433-5c3d-463d-a7cf-5587f9b7e191}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0d24de39-9061-4377-881b-ee7b8af81c86}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1fb890bf-76ff-46c5-848b-e3a11e1af06c}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{64223f78-e086-4fc0-97dd-d5f3f77928e7}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6671a431-5c3d-463d-a7cf-5587f9b7e191}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6a512bf7-ec78-4e8d-9841-6c02e8fa9838}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{766c79d4-d442-41eb-880d-b0001cdf535e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{98d3c58a-ea4d-4d7f-b03a-20e4bd03d8f6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{aaeba2c3-e5d5-413f-8a3f-ffe15e431853}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ee658ba1-5ca4-4081-8934-a12ec93952ea}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{f15673f9-78f3-4ee8-b0d7-19575e37624a}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\mmsassist
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\mwqs
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\vision communicate
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\webwork
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\winwrcup
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{0c5c8e9a-48ba-4d26-aa01-2e1d4dc14718}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{6a512bf7-ec78-4e8d-9841-6c02e8fa9838}
HKEY_LOCAL_MACHINE\software\mmsassist
HKEY_LOCAL_MACHINE\software\stdup
HKEY_LOCAL_MACHINE\system\controlset001\services\stdservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_jmediaservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_mhvl
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_mwqs
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_stdservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_stdupnet
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_visionservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\albus
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\jmediaservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\mhvl
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\mwqs
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\stdservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\stdupnet
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\visionservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winwrcup
Registry Values:
HKEY_CLASSES_ROOT\clsid\{3f264c6c-7a80-44c6-b1ff-e8b4da4d1e9f}\inprocserver32
HKEY_CLASSES_ROOT\clsid\{aaeba2c3-e5d5-413f-8a3f-ffe15e431853}\inprocserver32
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\mhvl
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\mhvl
Removing Borlan:
You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.
Or buy it to remove ALL viruses from your computer.Also Be Aware of the Following Threats:
Remove Husrtdo Trojan
Remove Win32.VB.OA.110592!Trojan Trojan
Removing Coreflood.DLL.Troja Trojan
No comments:
Post a Comment