Sunday, January 18, 2009

DotCom Adware

Removing DotCom
Categories: Adware,Spyware,Hijacker,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.
When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
DotCom Also known as:

[Kaspersky]TrojanClicker.Win32.DotComToolBar.b,TrojanClicker.Win32.DotComToolBar.c,TrojanClicker.Win32.DotComToolBar.d;
[Panda]Spyware/DCToolbar,Trojan Horse
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\data.dll
[%WINDOWS%]\redirect7.exe
[%WINDOWS%]\system\data.dll
[%SYSTEM%]\data.dll
[%WINDOWS%]\redirect7.exe
[%WINDOWS%]\system\data.dll

How to detect DotCom:

Files:
[%SYSTEM%]\data.dll
[%WINDOWS%]\redirect7.exe
[%WINDOWS%]\system\data.dll
[%SYSTEM%]\data.dll
[%WINDOWS%]\redirect7.exe
[%WINDOWS%]\system\data.dll

Registry Keys:
HKEY_LOCAL_MACHINE\software\classes\pugi.pugiobj
HKEY_LOCAL_MACHINE\software\classes\pugi.pugiobj.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{29dd1ea6-1fda-44a4-b083-c9900547bc48}
HKEY_LOCAL_MACHINE\software\classes\clsid\{fc2493d6-a673-49fe-a2ee-efe03e95c27c}
HKEY_LOCAL_MACHINE\software\classes\gorsdn.contextitem
HKEY_LOCAL_MACHINE\software\classes\gorsdn.contextitem.1
HKEY_LOCAL_MACHINE\software\classes\interface\{7c479d09-1280-41d2-945f-2377736b8cf7}
HKEY_LOCAL_MACHINE\software\classes\interface\{eaf2ccee-21a1-4203-9f36-4929fd104d43}
HKEY_LOCAL_MACHINE\software\classes\toolband.hits
HKEY_LOCAL_MACHINE\software\classes\toolband.hits.1
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5f1abcdb-a875-46c1-8345-b72a4567e483}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\dotcomtoolbardotcomtoolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\dotcomtoolbardotcomtoolbar
HKEY_CURRENT_USER\software\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\dotcomtoolbardotcomtoolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\dotcomtoolbardotcomtoolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\dotcomtoolbardotcomtoolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/conflict.1/toolbar_nieuw14.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/conflict.1/toolbar_nieuw14.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/toolbar_nieuw14.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/toolbar_nieuw14.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\dotcomtoolbardotcomtoolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\dotcomtoolbardotcomtoolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\³ª¹µàù2³ª¹µàù2
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\³ª¹µàù2³ª¹µàù2

Removing DotCom:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.BAA Trojan Information
Removing o2online.de Tracking Cookie
Removing CHARGEN.Attack DoS
IRC.Kelebek Trojan Information
VBS.OUA Trojan Cleaner

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)