Tuesday, January 27, 2009

SpywareWall Adware

Removing SpywareWall
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.


Visible Symptoms:
Files in system folders:
[%SYSTEM%]\DrPMon.dll
[%SYSTEM%]\openconf.exe
[%SYSTEM%]\sysmnt.dat
[%WINDOWS%]\dinst.exe
[%WINDOWS%]\dsr.dll
[%WINDOWS%]\dsr.exe
[%WINDOWS%]\svcproc.exe
[%APPDATA%]\nsv\keys.dat
[%PROGRAM_FILES_COMMON%]\microsoft shared\dao\faq.url
[%PROGRAM_FILES_COMMON%]\microsoft shared\dao\svchost.exe\svchost.exe
[%PROGRAM_FILES_COMMON%]\microsoft shared\dao\website.url
[%STARTUP%]\popupwall.lnk
[%SYSTEM%]\drpmon.dll
[%SYSTEM%]\qumgdn.exe
[%SYSTEM%]\rldsregn.exe
[%SYSTEM%]\rndsregs.exe
[%SYSTEM%]\spnping.exe\spnping.exe
[%SYSTEM%]\winuptd.exe
[%SYSTEM%]\ysyssuuz.exe
[%WINDOWS%]\12868461b2545a878a7767e188056a07.ini
[%WINDOWS%]\bundles\spywarewall.exe
[%WINDOWS%]\temp\new105.tmp\upgrade.exe\00008260.exe
[%SYSTEM%]\DrPMon.dll
[%SYSTEM%]\openconf.exe
[%SYSTEM%]\sysmnt.dat
[%WINDOWS%]\dinst.exe
[%WINDOWS%]\dsr.dll
[%WINDOWS%]\dsr.exe
[%WINDOWS%]\svcproc.exe
[%APPDATA%]\nsv\keys.dat
[%PROGRAM_FILES_COMMON%]\microsoft shared\dao\faq.url
[%PROGRAM_FILES_COMMON%]\microsoft shared\dao\svchost.exe\svchost.exe
[%PROGRAM_FILES_COMMON%]\microsoft shared\dao\website.url
[%STARTUP%]\popupwall.lnk
[%SYSTEM%]\drpmon.dll
[%SYSTEM%]\qumgdn.exe
[%SYSTEM%]\rldsregn.exe
[%SYSTEM%]\rndsregs.exe
[%SYSTEM%]\spnping.exe\spnping.exe
[%SYSTEM%]\winuptd.exe
[%SYSTEM%]\ysyssuuz.exe
[%WINDOWS%]\12868461b2545a878a7767e188056a07.ini
[%WINDOWS%]\bundles\spywarewall.exe
[%WINDOWS%]\temp\new105.tmp\upgrade.exe\00008260.exe

How to detect SpywareWall:

Files:
[%SYSTEM%]\DrPMon.dll
[%SYSTEM%]\openconf.exe
[%SYSTEM%]\sysmnt.dat
[%WINDOWS%]\dinst.exe
[%WINDOWS%]\dsr.dll
[%WINDOWS%]\dsr.exe
[%WINDOWS%]\svcproc.exe
[%APPDATA%]\nsv\keys.dat
[%PROGRAM_FILES_COMMON%]\microsoft shared\dao\faq.url
[%PROGRAM_FILES_COMMON%]\microsoft shared\dao\svchost.exe\svchost.exe
[%PROGRAM_FILES_COMMON%]\microsoft shared\dao\website.url
[%STARTUP%]\popupwall.lnk
[%SYSTEM%]\drpmon.dll
[%SYSTEM%]\qumgdn.exe
[%SYSTEM%]\rldsregn.exe
[%SYSTEM%]\rndsregs.exe
[%SYSTEM%]\spnping.exe\spnping.exe
[%SYSTEM%]\winuptd.exe
[%SYSTEM%]\ysyssuuz.exe
[%WINDOWS%]\12868461b2545a878a7767e188056a07.ini
[%WINDOWS%]\bundles\spywarewall.exe
[%WINDOWS%]\temp\new105.tmp\upgrade.exe\00008260.exe
[%SYSTEM%]\DrPMon.dll
[%SYSTEM%]\openconf.exe
[%SYSTEM%]\sysmnt.dat
[%WINDOWS%]\dinst.exe
[%WINDOWS%]\dsr.dll
[%WINDOWS%]\dsr.exe
[%WINDOWS%]\svcproc.exe
[%APPDATA%]\nsv\keys.dat
[%PROGRAM_FILES_COMMON%]\microsoft shared\dao\faq.url
[%PROGRAM_FILES_COMMON%]\microsoft shared\dao\svchost.exe\svchost.exe
[%PROGRAM_FILES_COMMON%]\microsoft shared\dao\website.url
[%STARTUP%]\popupwall.lnk
[%SYSTEM%]\drpmon.dll
[%SYSTEM%]\qumgdn.exe
[%SYSTEM%]\rldsregn.exe
[%SYSTEM%]\rndsregs.exe
[%SYSTEM%]\spnping.exe\spnping.exe
[%SYSTEM%]\winuptd.exe
[%SYSTEM%]\ysyssuuz.exe
[%WINDOWS%]\12868461b2545a878a7767e188056a07.ini
[%WINDOWS%]\bundles\spywarewall.exe
[%WINDOWS%]\temp\new105.tmp\upgrade.exe\00008260.exe

Folders:
[%APPDATA%]\linkbho
[%APPDATA%]\spywarewall
[%PROGRAMS%]\popupwall
[%PROGRAMS%]\spywarewall
[%PROGRAM_FILES%]\popupwall
[%PROGRAM_FILES%]\spywarewall

Registry Keys:
HKEY_CLASSES_ROOT\appid\atlbrowser.exe
HKEY_CLASSES_ROOT\atlbrcon.atlbrcon
HKEY_CLASSES_ROOT\typelib\{6600d220-083f-11d6-99de-d172e92ebc2a}
HKEY_CURRENT_USER\Software\inst
HKEY_LOCAL_MACHINE\software\ddate
HKEY_LOCAL_MACHINE\system\controlset001\services\svcproc
HKEY_CLASSES_ROOT\interface\{ca621437-cb64-462a-94c4-0386e6158416}
HKEY_CURRENT_USER\software\inst
HKEY_CURRENT_USER\software\vb and vba program settings\popupwall
HKEY_CURRENT_USER\software\vb and vba program settings\spywarewall
HKEY_LOCAL_MACHINE\software\linkbho
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\popupwall
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spywarewall
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ssw_searchtool
HKEY_LOCAL_MACHINE\software\spywarewall

Registry Values:
HKEY_LOCAL_MACHINE\software\wise solutions\wise installation system\repair
HKEY_LOCAL_MACHINE\software\wise solutions\wise installation system\repair

Removing SpywareWall:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
TrojanDownloader.Win32.Small.fi Trojan Removal
CWD Backdoor Information
Removing MBat Trojan
Bancos.GLA Trojan Information
Removing Mechbot Backdoor

No comments: