Categories: Hijacker
A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\tksrv99.exe
[%SYSTEM%]\tmksrvu.exe
[%SYSTEM%]\xplugin.dll
[%WINDOWS%]\nsdb\hosts
[%SYSTEM%]\uc1362.exe
[%SYSTEM%]\ucsl.exe
[%WINDOWS%]\system\xplugin.dll
[%SYSTEM%]\tksrv99.exe
[%SYSTEM%]\tmksrvu.exe
[%SYSTEM%]\xplugin.dll
[%WINDOWS%]\nsdb\hosts
[%SYSTEM%]\uc1362.exe
[%SYSTEM%]\ucsl.exe
[%WINDOWS%]\system\xplugin.dll
How to detect CWS.XPlugin:
Files:
[%SYSTEM%]\tksrv99.exe
[%SYSTEM%]\tmksrvu.exe
[%SYSTEM%]\xplugin.dll
[%WINDOWS%]\nsdb\hosts
[%SYSTEM%]\uc1362.exe
[%SYSTEM%]\ucsl.exe
[%WINDOWS%]\system\xplugin.dll
[%SYSTEM%]\tksrv99.exe
[%SYSTEM%]\tmksrvu.exe
[%SYSTEM%]\xplugin.dll
[%WINDOWS%]\nsdb\hosts
[%SYSTEM%]\uc1362.exe
[%SYSTEM%]\ucsl.exe
[%WINDOWS%]\system\xplugin.dll
Registry Keys:
HKEY_CLASSES_ROOT\typelib\{ee79d398-aaaf-47b1-8c9e-11f7d4c9111b}
HKEY_CLASSES_ROOT\appid\xplugin.dll
HKEY_CLASSES_ROOT\appid\{ac3f36d4-f905-4fe9-a926-eb937e66f591}
HKEY_CLASSES_ROOT\clsid\{4f7681e5-6caf-478d-9cb8-4ca593bee7fb}
HKEY_CLASSES_ROOT\xplugin.xfilter
HKEY_CLASSES_ROOT\xplugin.xfilter.1
HKEY_LOCAL_MACHINE\software\tmksoft
Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CLASSES_ROOT\protocols\filter\text/html
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
Removing CWS.XPlugin:
You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.
Or buy it to remove ALL viruses from your computer.Also Be Aware of the Following Threats:
Cryptlab Trojan Cleaner
No comments:
Post a Comment