Malware Info: 01/18/09

Sunday, January 18, 2009

XP.Keylogger Spyware

Removing XP.Keylogger
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.

Visible Symptoms:
Files in system folders:

 
[%DESKTOP%]\xp keylogger.lnk
[%DESKTOP%]\xp keylogger.lnk

How to detect XP.Keylogger:

Files: [%DESKTOP%]\xp keylogger.lnk [%DESKTOP%]\xp keylogger.lnk

Folders: [%PROGRAMS%]\xp keylogger [%PROGRAM_FILES%]\xp keylogger

Registry Keys: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\xp keylogger_is1

Removing XP.Keylogger:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Nethief.XP.SP1 RAT Symptoms
Removing SpyGator.pro Spyware
Bancos.GXI Trojan Removal

Removing BEsys
Categories: Downloader
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

How to detect BEsys:

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing BEsys:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SillyDl.DDG Trojan Removal
Ehg.chrysler.hitbox Tracking Cookie Removal
OpinionBar BHO Information
Butterfly Trojan Cleaner

4Arcade.PBar Toolbar

Removing 4Arcade.PBar
Categories: Toolbar
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\pbar.dll
[%WINDOWS%]\system\pbar.dll
[%SYSTEM%]\pbar.dll
[%WINDOWS%]\system\pbar.dll

How to detect 4Arcade.PBar:

Files: [%SYSTEM%]\pbar.dll [%WINDOWS%]\system\pbar.dll [%SYSTEM%]\pbar.dll [%WINDOWS%]\system\pbar.dll

Registry Keys: HKEY_CLASSES_ROOT\clsid\{ca1d1b05-9c66-11d5-a009-000103c1e50b}

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar

Removing 4Arcade.PBar:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Likha Trojan

SpyGator.pro Spyware

Removing SpyGator.pro
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.

Visible Symptoms:
Files in system folders:

 
[%DESKTOP%]\Spy Gator Pro.lnk
[%WINDOWS%]\AOLPicEditor.exe
[%DESKTOP%]\Spy Gator Pro.lnk
[%WINDOWS%]\AOLPicEditor.exe

How to detect SpyGator.pro:

Files: [%DESKTOP%]\Spy Gator Pro.lnk [%WINDOWS%]\AOLPicEditor.exe [%DESKTOP%]\Spy Gator Pro.lnk [%WINDOWS%]\AOLPicEditor.exe

Folders: [%PROGRAMS%]\Thunder Technologies Inc. Software\Spy Gator Pro [%PROGRAM_FILES%]\SGP

Registry Keys: HKEY_CURRENT_USER\software\microsoft\installer\features\7c741c4b12d640a43a5fceb9bbb9650e HKEY_CURRENT_USER\software\microsoft\installer\products\7c741c4b12d640a43a5fceb9bbb9650e HKEY_CURRENT_USER\software\microsoft\installer\upgradecodes\bfb2faa0d27b30648814077fe5d071cb HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\thunder technologies inc. software\spy gator pro HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1e1b2879-88fa-11d3-8d96-d7acac95951a} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{b4c147c7-6d21-4a04-a3f5-ec9bbb9b56e0} HKEY_LOCAL_MACHINE\software\thunder technologies inc.\spy gator pro

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing SpyGator.pro:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove RAT Information
Remove Vxidl.AKH Trojan
Guangwaigirl.0xp Backdoor Removal instruction

Bancos.IPY Trojan

Removing Bancos.IPY
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\reg_0001.txt
[%WINDOWS%]\winload.inf
[%SYSTEM%]\reg_0001.txt
[%WINDOWS%]\winload.inf

How to detect Bancos.IPY:

Files: [%SYSTEM%]\reg_0001.txt [%WINDOWS%]\winload.inf [%SYSTEM%]\reg_0001.txt [%WINDOWS%]\winload.inf

Removing Bancos.IPY:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Webext Adware Removal instruction
Remove Parent.Tool Spyware
Remove SdBot.hn Trojan
2004cms.com Tracking Cookie Symptoms
Vxidl.BAQ Trojan Removal

Web.Position Downloader

Removing Web.Position
Categories: Downloader
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

Visible Symptoms:
Files in system folders:

 
[%PROGRAM_FILES%]\webposition2\default-template200.htm
[%PROGRAM_FILES%]\webposition2\webpos20.ini
[%PROGRAM_FILES%]\webposition2\wpgold20.exe
[%PROGRAM_FILES%]\webposition2\wpsched20.exe
[%PROGRAM_FILES%]\webposition2\wpsched20.ini
[%PROGRAM_FILES%]\webposition2\default-template200.htm
[%PROGRAM_FILES%]\webposition2\webpos20.ini
[%PROGRAM_FILES%]\webposition2\wpgold20.exe
[%PROGRAM_FILES%]\webposition2\wpsched20.exe
[%PROGRAM_FILES%]\webposition2\wpsched20.ini

How to detect Web.Position:

Files: [%PROGRAM_FILES%]\webposition2\default-template200.htm [%PROGRAM_FILES%]\webposition2\webpos20.ini [%PROGRAM_FILES%]\webposition2\wpgold20.exe [%PROGRAM_FILES%]\webposition2\wpsched20.exe [%PROGRAM_FILES%]\webposition2\wpsched20.ini [%PROGRAM_FILES%]\webposition2\default-template200.htm [%PROGRAM_FILES%]\webposition2\webpos20.ini [%PROGRAM_FILES%]\webposition2\wpgold20.exe [%PROGRAM_FILES%]\webposition2\wpsched20.exe [%PROGRAM_FILES%]\webposition2\wpsched20.ini

Removing Web.Position:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Haxdoor.cu Backdoor
Polymorphic Downloader Removal instruction
Removing Pigeon.AVVA Trojan
Removing Arcvvir Trojan

Rebrand.ComputerMonitorKeylogger Spyware

Removing Rebrand.ComputerMonitorKeylogger
Categories: Spyware
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

Visible Symptoms:
Files in system folders:

 
[%DESKTOP%]\computer monitor keylogger demo.lnk
[%DESKTOP%]\computer monitor keylogger demo.lnk

How to detect Rebrand.ComputerMonitorKeylogger:

Files: [%DESKTOP%]\computer monitor keylogger demo.lnk [%DESKTOP%]\computer monitor keylogger demo.lnk

Folders: [%PROGRAMS%]\rebrandsoftware [%PROGRAM_FILES%]\rscmkd

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\upgradecodes\35dd57b63ac91b249aa3c668e74bd75e HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff82e055-5798-41b6-a0a7-6cee72e5c294} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff82e055-5798-41b6-a0a7-6cee72e5c294} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff82e055-5798-41b6-a0a7-6cee72e5c294} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff82e055-5798-41b6-a0a7-6cee72e5c294} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff82e055-5798-41b6-a0a7-6cee72e5c294} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff82e055-5798-41b6-a0a7-6cee72e5c294} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff82e055-5798-41b6-a0a7-6cee72e5c294} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff82e055-5798-41b6-a0a7-6cee72e5c294} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff82e055-5798-41b6-a0a7-6cee72e5c294} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff82e055-5798-41b6-a0a7-6cee72e5c294} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff82e055-5798-41b6-a0a7-6cee72e5c294} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ff82e055-5798-41b6-a0a7-6cee72e5c294}

Removing Rebrand.ComputerMonitorKeylogger:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Apsend Trojan Information
Vxidl.AHU Trojan Removal instruction
DKS Trojan Removal instruction
Remove MetaStop BHO
Removing Hauntpc Trojan

Expext.MetaDirect BHO

Removing Expext.MetaDirect
Categories: BHO,Hijacker
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search.

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\expext.dll
[%WINDOWS%]\system\expext.dll
[%SYSTEM%]\expext.dll
[%WINDOWS%]\system\expext.dll

How to detect Expext.MetaDirect:

Files: [%SYSTEM%]\expext.dll [%WINDOWS%]\system\expext.dll [%SYSTEM%]\expext.dll [%WINDOWS%]\system\expext.dll

Registry Keys: HKEY_CLASSES_ROOT\clsid\{23bc1ccf-4be7-497f-b154-6ada68425fbb} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{23bc1ccf-4be7-497f-b154-6ada68425fbb} HKEY_LOCAL_MACHINE\software\classes\clsid\{23bc1ccf-4be7-497f-b154-6ada68425fbb} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{23bc1ccf-4be7-497f-b154-6ada68425fbb}

Removing Expext.MetaDirect:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Win32.Prodex Trojan Removal
Remove DownloadWare Adware
Bat.Black Trojan Information

Win32.Scapur Trojan

Removing Win32.Scapur
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Win32.Scapur Also known as:


[Panda]Adware/PurityScan

Visible Symptoms:
Files in system folders:

 
[%PROFILE_TEMP%]\Temporary Directory 1 for PL-GOLD[1].zip\PL-GOLD.exe
[%PROFILE_TEMP%]\Temporary Directory 2 for PL-GOLD[1].zip\PL-GOLD.exe
[%SYSTEM%]\wnscpsu.exe
[%SYSTEM%]\wnstssv.exe
[%PROFILE_TEMP%]\ps_install-mt.exe
[%PROFILE_TEMP%]\Temporary Directory 1 for PL-GOLD[1].zip\PL-GOLD.exe
[%PROFILE_TEMP%]\Temporary Directory 2 for PL-GOLD[1].zip\PL-GOLD.exe
[%SYSTEM%]\wnscpsu.exe
[%SYSTEM%]\wnstssv.exe
[%PROFILE_TEMP%]\ps_install-mt.exe

How to detect Win32.Scapur:

Files: [%PROFILE_TEMP%]\Temporary Directory 1 for PL-GOLD[1].zip\PL-GOLD.exe [%PROFILE_TEMP%]\Temporary Directory 2 for PL-GOLD[1].zip\PL-GOLD.exe [%SYSTEM%]\wnscpsu.exe [%SYSTEM%]\wnstssv.exe [%PROFILE_TEMP%]\ps_install-mt.exe [%PROFILE_TEMP%]\Temporary Directory 1 for PL-GOLD[1].zip\PL-GOLD.exe [%PROFILE_TEMP%]\Temporary Directory 2 for PL-GOLD[1].zip\PL-GOLD.exe [%SYSTEM%]\wnscpsu.exe [%SYSTEM%]\wnstssv.exe [%PROFILE_TEMP%]\ps_install-mt.exe

Registry Values: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing Win32.Scapur:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Orochi.mp Trojan Cleaner
Removing My.Search Toolbar
pege.org Tracking Cookie Cleaner
Sylvia Trojan Removal

FirewallBypass Trojan

Removing FirewallBypass
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

FirewallBypass Also known as:


[Kaspersky]Backdoor.Win32.Agent.acx;
[Other]Trojan.FirewallByPass,taskmgn,Troj/Agent-DMM

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\1172015
[%WINDOWS%]\1984578
[%WINDOWS%]\1172015
[%WINDOWS%]\1984578

How to detect FirewallBypass:

Files: [%WINDOWS%]\1172015 [%WINDOWS%]\1984578 [%WINDOWS%]\1172015 [%WINDOWS%]\1984578

Registry Values: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list

Removing FirewallBypass:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing TrojanDownloader.Win32.Miled Trojan
Remove DeltreeY.at Trojan
BAT.Prob Trojan Removal instruction
Coldfuson Trojan Cleaner
Remove BannerBank.net Tracking Cookie

DotCom Adware

Removing DotCom
Categories: Adware,Spyware,Hijacker,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.
When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

DotCom Also known as:


[Kaspersky]TrojanClicker.Win32.DotComToolBar.b,TrojanClicker.Win32.DotComToolBar.c,TrojanClicker.Win32.DotComToolBar.d;
[Panda]Spyware/DCToolbar,Trojan Horse

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\data.dll
[%WINDOWS%]\redirect7.exe
[%WINDOWS%]\system\data.dll
[%SYSTEM%]\data.dll
[%WINDOWS%]\redirect7.exe
[%WINDOWS%]\system\data.dll

How to detect DotCom:

Files: [%SYSTEM%]\data.dll [%WINDOWS%]\redirect7.exe [%WINDOWS%]\system\data.dll [%SYSTEM%]\data.dll [%WINDOWS%]\redirect7.exe [%WINDOWS%]\system\data.dll

Registry Keys: HKEY_LOCAL_MACHINE\software\classes\pugi.pugiobj HKEY_LOCAL_MACHINE\software\classes\pugi.pugiobj.1 HKEY_LOCAL_MACHINE\software\classes\clsid\{29dd1ea6-1fda-44a4-b083-c9900547bc48} HKEY_LOCAL_MACHINE\software\classes\clsid\{fc2493d6-a673-49fe-a2ee-efe03e95c27c} HKEY_LOCAL_MACHINE\software\classes\gorsdn.contextitem HKEY_LOCAL_MACHINE\software\classes\gorsdn.contextitem.1 HKEY_LOCAL_MACHINE\software\classes\interface\{7c479d09-1280-41d2-945f-2377736b8cf7} HKEY_LOCAL_MACHINE\software\classes\interface\{eaf2ccee-21a1-4203-9f36-4929fd104d43} HKEY_LOCAL_MACHINE\software\classes\toolband.hits HKEY_LOCAL_MACHINE\software\classes\toolband.hits.1 HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5f1abcdb-a875-46c1-8345-b72a4567e483}

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\dotcomtoolbardotcomtoolbar HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\dotcomtoolbardotcomtoolbar HKEY_CURRENT_USER\software\³ª¹µàù2 HKEY_CURRENT_USER\software\³ª¹µàù2 HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2 HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2 HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2 HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2 HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2 HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2 HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2 HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2 HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2 HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2 HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2 HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2 HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2 HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2 HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2 HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2 HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2 HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2 HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2 HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2 HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2 HKEY_CURRENT_USER\software\³ª¹µàù2\³ª¹µàù2 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\dotcomtoolbardotcomtoolbar HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\dotcomtoolbardotcomtoolbar HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\dotcomtoolbardotcomtoolbar HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/conflict.1/toolbar_nieuw14.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/conflict.1/toolbar_nieuw14.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/toolbar_nieuw14.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/toolbar_nieuw14.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\dotcomtoolbardotcomtoolbar HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\dotcomtoolbardotcomtoolbar HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\³ª¹µàù2³ª¹µàù2 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\³ª¹µàù2³ª¹µàù2

Removing DotCom:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.BAA Trojan Information
Removing o2online.de Tracking Cookie
Removing CHARGEN.Attack DoS
IRC.Kelebek Trojan Information
VBS.OUA Trojan Cleaner

BlackIce RAT

Removing BlackIce
Categories: RAT
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.

BlackIce Also known as:


[Kaspersky]BlackIce.1930;
[McAfee]QDel7;
[F-Prot]BlackIce.1930

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\start menu\programs\startup\jade.exe
[%WINDOWS%]\start menu\programs\startup\jade.exe

How to detect BlackIce:

Files: [%WINDOWS%]\start menu\programs\startup\jade.exe [%WINDOWS%]\start menu\programs\startup\jade.exe

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing BlackIce:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
ScreenCutter Backdoor Removal instruction
Remove SillyDl.BCG Trojan

INetBar Adware

Removing INetBar
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

How to detect INetBar:

Folders: [%DESKTOP%]\inetbar starten.lnk [%PROGRAMS%]\inetcash [%PROGRAM_FILES%]\inetbar

Registry Keys: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\inetbar_is1

Registry Values: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing INetBar:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Toxic.Ultma Trojan Removal
PSW.Spider Trojan Information
Back.Orifice.FTP.Plugin RAT Information

Total.Velocity Adware

Removing Total.Velocity
Categories: Adware,Hijacker
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

A Search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

Total.Velocity Also known as:


[Panda]Spyware/TVMedia

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\msmgt.exe
[%DESKTOP%]\inpbtvm56 (1).dll
[%DESKTOP%]\inpbtvm56 (2).dll
[%DESKTOP%]\inpbtvm56.exe
[%WINDOWS%]\msmgt.exe
[%DESKTOP%]\inpbtvm56 (1).dll
[%DESKTOP%]\inpbtvm56 (2).dll
[%DESKTOP%]\inpbtvm56.exe

How to detect Total.Velocity:

Files: [%WINDOWS%]\msmgt.exe [%DESKTOP%]\inpbtvm56 (1).dll [%DESKTOP%]\inpbtvm56 (2).dll [%DESKTOP%]\inpbtvm56.exe [%WINDOWS%]\msmgt.exe [%DESKTOP%]\inpbtvm56 (1).dll [%DESKTOP%]\inpbtvm56 (2).dll [%DESKTOP%]\inpbtvm56.exe

Removing Total.Velocity:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Bat.BatXP Trojan
StartPage.cd Hijacker Symptoms
Paska Trojan Cleaner
Excel95Macro.Laroux Trojan Removal

Burgspill Trojan

Removing Burgspill
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Burgspill Also known as:


[Kaspersky]Trojan-Downloader.Win32.Delf.djg,Trojan-Downloader.Win32.Zlob.fee,Trojan-Downloader.Win32.Delf.djl,Trojan-Downloader.Win32.Delf.dke,Trojan-Downloader.Win32.Delf.dkk;
[McAfee]Generic Downloader.c;
[F-Prot]W32/NewMalware-LSU-based!Maximus;
[Other]Mal/DelpDldr-E,Trojan-Downloader.Win32.Delf.cwv,Trojan:Win32/Delflob.I

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\oggview32.dll
[%WINDOWS%]\pmspl.dll
[%WINDOWS%]\windivx.dll
[%WINDOWS%]\oggview32.dll
[%WINDOWS%]\pmspl.dll
[%WINDOWS%]\windivx.dll

How to detect Burgspill:

Files: [%WINDOWS%]\oggview32.dll [%WINDOWS%]\pmspl.dll [%WINDOWS%]\windivx.dll [%WINDOWS%]\oggview32.dll [%WINDOWS%]\pmspl.dll [%WINDOWS%]\windivx.dll

Registry Keys: HKEY_CURRENT_USER\software\microsoft\clock2 HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{819efd78-6fd4-42ef-9030-f6dab24bb9f0} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{819efd78-6fd4-42ef-9030-f6dab24bb9f0} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ff5137b5-c506-4d9b-8682-e0be4675b899}

Registry Values: HKEY_CURRENT_USER\software\microsoft\bind HKEY_CURRENT_USER\software\microsoft\bind

Removing Burgspill:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove ad20.net Tracking Cookie
QZap1 Trojan Removal instruction

GotoBar Hijacker

Removing GotoBar
Categories: Hijacker
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

How to detect GotoBar:

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing GotoBar:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove No.Hope Trojan
Removing TrojanDownloader.Win32.Small.fz Trojan
Cotmonger Trojan Information
Remove WinFixer Adware

Hacker.ag Adware

Removing Hacker.ag
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\coder.ini
[%WINDOWS%]\coder.ini

How to detect Hacker.ag:

Files: [%WINDOWS%]\coder.ini [%WINDOWS%]\coder.ini

Removing Hacker.ag:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Log.Arp Trojan

ClipGenie Adware

Removing ClipGenie
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

ClipGenie Also known as:


[Panda]Adware/Medload

Visible Symptoms:
Files in system folders:

 
[%PROGRAMS%]\clipgenie.lnk
[%PROGRAM_FILES%]\scansoft\paperport\visioneer.exe
[%PROGRAMS%]\clipgenie.lnk
[%PROGRAM_FILES%]\scansoft\paperport\visioneer.exe

How to detect ClipGenie:

Files: [%PROGRAMS%]\clipgenie.lnk [%PROGRAM_FILES%]\scansoft\paperport\visioneer.exe [%PROGRAMS%]\clipgenie.lnk [%PROGRAM_FILES%]\scansoft\paperport\visioneer.exe

Folders: [%PROGRAM_FILES%]\clipgenie [%PROFILE%]\start menu\programs\clipgenie.lnk

Registry Keys: HKEY_CURRENT_USER\software\clipgenie HKEY_CURRENT_USER\software\traynotifier\clipgenie HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\clipgenie HKEY_LOCAL_MACHINE\software\traynotifier\clipgenie

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing ClipGenie:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove SillyDl.CVY Trojan
Backdoor.Way Trojan Removal instruction
Remove Sendmail Trojan
Remove SillyDl.DCE Trojan
Removing Alureon! Trojan

Eziin Adware

Removing Eziin
Categories: Adware,Hijacker
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\clienttimer.exe
[%SYSTEM%]\popclient.exe
[%SYSTEM%]\system_ct.exe
[%SYSTEM%]\system_pp.exe
[%SYSTEM%]\system_tp.exe
[%SYSTEM%]\clienttimer.exe
[%SYSTEM%]\popclient.exe
[%SYSTEM%]\system_ct.exe
[%SYSTEM%]\system_pp.exe
[%SYSTEM%]\system_tp.exe

How to detect Eziin:

Files: [%SYSTEM%]\clienttimer.exe [%SYSTEM%]\popclient.exe [%SYSTEM%]\system_ct.exe [%SYSTEM%]\system_pp.exe [%SYSTEM%]\system_tp.exe [%SYSTEM%]\clienttimer.exe [%SYSTEM%]\popclient.exe [%SYSTEM%]\system_ct.exe [%SYSTEM%]\system_pp.exe [%SYSTEM%]\system_tp.exe

Registry Keys: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\ezion

Registry Values: HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\security HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Eziin:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Enles Trojan Symptoms

Small.fe Trojan

Removing Small.fe
Categories: Trojan,Downloader
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Trojans-downloaders downloads and installs new malware or adware on the computer.

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\downloaded program files\conflict.1\ugo20.exe
[%WINDOWS%]\downloaded program files\conflict.2\ugo20.exe
[%WINDOWS%]\downloaded program files\conflict.3\ugo20.exe
[%WINDOWS%]\downloaded program files\conflict.1\ugo20.exe
[%WINDOWS%]\downloaded program files\conflict.2\ugo20.exe
[%WINDOWS%]\downloaded program files\conflict.3\ugo20.exe

How to detect Small.fe:

Files: [%WINDOWS%]\downloaded program files\conflict.1\ugo20.exe [%WINDOWS%]\downloaded program files\conflict.2\ugo20.exe [%WINDOWS%]\downloaded program files\conflict.3\ugo20.exe [%WINDOWS%]\downloaded program files\conflict.1\ugo20.exe [%WINDOWS%]\downloaded program files\conflict.2\ugo20.exe [%WINDOWS%]\downloaded program files\conflict.3\ugo20.exe

Removing Small.fe:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SubSeven.2b1 Trojan Information
Fundoor Backdoor Cleaner

Perfect.Keylogger Spyware

Removing Perfect.Keylogger
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.

Perfect.Keylogger Also known as:


[Kaspersky]KeyLogger.Win32.PerfectKeyLogger.141;
[Computer Associates]Win32.Perflogger.A,Win32/PerfectKeyLogger.141!Troja,Win32/Perflogger.A!Trojan

Visible Symptoms:
Files in system folders:

 
[%DESKTOP%]\this folder leads to all of my other folders ok\bpk.exe
[%PROFILE_TEMP%]\RarSFX0\rinst.exe
[%PROFILE_TEMP%]\RarSFX1\rinst.exe
[%PROFILE_TEMP%]\RarSFX3\rinst.exe
[%PROGRAMS%]\blazingtools perfect keylogger\blazingtools perfect keylogger.lnk
[%PROGRAMS%]\blazingtools perfect keylogger\more useful programs.lnk
[%PROGRAMS%]\blazingtools perfect keylogger\order now!.lnk
[%PROGRAMS%]\blazingtools perfect keylogger\perfect keylogger help.lnk
[%PROGRAMS%]\blazingtools perfect keylogger\uninstall perfect keylogger.lnk
[%PROGRAM_FILES%]\BPK\bpk.chm
[%PROGRAM_FILES%]\bpk\bpk.dat
[%PROGRAM_FILES%]\BPK\bpk.exe
[%PROGRAM_FILES%]\bpk\bpk.exe
[%PROGRAM_FILES%]\BPK\bpkhk.dll
[%PROGRAM_FILES%]\bpk\bpkhk.dll
[%PROGRAM_FILES%]\bpk\bpki.dll
[%PROGRAM_FILES%]\BPK\bpkr.exe
[%PROGRAM_FILES%]\BPK\bpkun.exe
[%PROGRAM_FILES%]\bpk\bpkun.exe
[%PROGRAM_FILES%]\BPK\bpkvw.exe
[%PROGRAM_FILES%]\bpk\bpkvw.exe
[%PROGRAM_FILES%]\BPK\bpkwb.dll
[%PROGRAM_FILES%]\BPK\downloads.url
[%PROGRAM_FILES%]\bpk\downloads.url
[%PROGRAM_FILES%]\bpk\inst.bin
[%PROGRAM_FILES%]\bpk\install.log
[%PROGRAM_FILES%]\BPK\license.txt
[%PROGRAM_FILES%]\bpk\license.txt
[%PROGRAM_FILES%]\BPK\order.url
[%PROGRAM_FILES%]\bpk\order.url
[%PROGRAM_FILES%]\bpk\pk.bin
[%PROGRAM_FILES%]\bpk\web.dat
[%SYSTEM%]\bpk.bin
[%SYSTEM%]\bpk.dat
[%SYSTEM%]\bpk.exe
[%SYSTEM%]\bpkhk.dll
[%SYSTEM%]\bpkr.exe
[%SYSTEM%]\bpkwb.dll
[%SYSTEM%]\Kazaa+.exe
[%SYSTEM%]\Kazaa+hk.dll
[%SYSTEM%]\Kazaa+wb.dll
[%SYSTEM%]\Keyloggerhk.dll
[%SYSTEM%]\Keyloggerr.exe
[%SYSTEM%]\l2w.exe
[%SYSTEM%]\l2whk.dll
[%SYSTEM%]\l2wwb.dll
[%SYSTEM%]\PROGRAM FILES.EXE
[%SYSTEM%]\PROGRAM FILESHK.DLL
[%SYSTEM%]\Program Fileswb.dll
[%SYSTEM%]\rinst.exe
[%WINDOWS%]\WinXp\downloads.url
[%PROFILE%]\Impostazioni locali\Temp\RarSFX0\rinst.exe
[%PROFILE%]\Impostazioni locali\Temp\RarSFX1\rinst.exe
[%PROFILE%]\Impostazioni locali\Temp\RarSFX3\rinst.exe
[%PROGRAM_FILES%]\bpk\.exe
[%PROGRAM_FILES%]\bpk\bpk.chm
[%PROGRAM_FILES%]\bpk\bpkr.exe
[%PROGRAM_FILES%]\bpk\bpkwb.dll
[%PROGRAM_FILES%]\bpk\dumbo.exe
[%PROGRAM_FILES%]\bpk\dumbohk.dll
[%PROGRAM_FILES%]\bpk\hk.dll
[%PROGRAM_FILES%]\bpk\i.dll
[%PROGRAM_FILES%]\bpk\r.exe
[%PROGRAM_FILES%]\bpk\un.exe
[%PROGRAM_FILES%]\bpk\vw.exe
[%PROGRAM_FILES%]\bpk\wb.dll
[%DESKTOP%]\this folder leads to all of my other folders ok\bpk.exe
[%PROFILE_TEMP%]\RarSFX0\rinst.exe
[%PROFILE_TEMP%]\RarSFX1\rinst.exe
[%PROFILE_TEMP%]\RarSFX3\rinst.exe
[%PROGRAMS%]\blazingtools perfect keylogger\blazingtools perfect keylogger.lnk
[%PROGRAMS%]\blazingtools perfect keylogger\more useful programs.lnk
[%PROGRAMS%]\blazingtools perfect keylogger\order now!.lnk
[%PROGRAMS%]\blazingtools perfect keylogger\perfect keylogger help.lnk
[%PROGRAMS%]\blazingtools perfect keylogger\uninstall perfect keylogger.lnk
[%PROGRAM_FILES%]\BPK\bpk.chm
[%PROGRAM_FILES%]\bpk\bpk.dat
[%PROGRAM_FILES%]\BPK\bpk.exe
[%PROGRAM_FILES%]\bpk\bpk.exe
[%PROGRAM_FILES%]\BPK\bpkhk.dll
[%PROGRAM_FILES%]\bpk\bpkhk.dll
[%PROGRAM_FILES%]\bpk\bpki.dll
[%PROGRAM_FILES%]\BPK\bpkr.exe
[%PROGRAM_FILES%]\BPK\bpkun.exe
[%PROGRAM_FILES%]\bpk\bpkun.exe
[%PROGRAM_FILES%]\BPK\bpkvw.exe
[%PROGRAM_FILES%]\bpk\bpkvw.exe
[%PROGRAM_FILES%]\BPK\bpkwb.dll
[%PROGRAM_FILES%]\BPK\downloads.url
[%PROGRAM_FILES%]\bpk\downloads.url
[%PROGRAM_FILES%]\bpk\inst.bin
[%PROGRAM_FILES%]\bpk\install.log
[%PROGRAM_FILES%]\BPK\license.txt
[%PROGRAM_FILES%]\bpk\license.txt
[%PROGRAM_FILES%]\BPK\order.url
[%PROGRAM_FILES%]\bpk\order.url
[%PROGRAM_FILES%]\bpk\pk.bin
[%PROGRAM_FILES%]\bpk\web.dat
[%SYSTEM%]\bpk.bin
[%SYSTEM%]\bpk.dat
[%SYSTEM%]\bpk.exe
[%SYSTEM%]\bpkhk.dll
[%SYSTEM%]\bpkr.exe
[%SYSTEM%]\bpkwb.dll
[%SYSTEM%]\Kazaa+.exe
[%SYSTEM%]\Kazaa+hk.dll
[%SYSTEM%]\Kazaa+wb.dll
[%SYSTEM%]\Keyloggerhk.dll
[%SYSTEM%]\Keyloggerr.exe
[%SYSTEM%]\l2w.exe
[%SYSTEM%]\l2whk.dll
[%SYSTEM%]\l2wwb.dll
[%SYSTEM%]\PROGRAM FILES.EXE
[%SYSTEM%]\PROGRAM FILESHK.DLL
[%SYSTEM%]\Program Fileswb.dll
[%SYSTEM%]\rinst.exe
[%WINDOWS%]\WinXp\downloads.url
[%PROFILE%]\Impostazioni locali\Temp\RarSFX0\rinst.exe
[%PROFILE%]\Impostazioni locali\Temp\RarSFX1\rinst.exe
[%PROFILE%]\Impostazioni locali\Temp\RarSFX3\rinst.exe
[%PROGRAM_FILES%]\bpk\.exe
[%PROGRAM_FILES%]\bpk\bpk.chm
[%PROGRAM_FILES%]\bpk\bpkr.exe
[%PROGRAM_FILES%]\bpk\bpkwb.dll
[%PROGRAM_FILES%]\bpk\dumbo.exe
[%PROGRAM_FILES%]\bpk\dumbohk.dll
[%PROGRAM_FILES%]\bpk\hk.dll
[%PROGRAM_FILES%]\bpk\i.dll
[%PROGRAM_FILES%]\bpk\r.exe
[%PROGRAM_FILES%]\bpk\un.exe
[%PROGRAM_FILES%]\bpk\vw.exe
[%PROGRAM_FILES%]\bpk\wb.dll

How to detect Perfect.Keylogger:

Files: [%DESKTOP%]\this folder leads to all of my other folders ok\bpk.exe [%PROFILE_TEMP%]\RarSFX0\rinst.exe [%PROFILE_TEMP%]\RarSFX1\rinst.exe [%PROFILE_TEMP%]\RarSFX3\rinst.exe [%PROGRAMS%]\blazingtools perfect keylogger\blazingtools perfect keylogger.lnk [%PROGRAMS%]\blazingtools perfect keylogger\more useful programs.lnk [%PROGRAMS%]\blazingtools perfect keylogger\order now!.lnk [%PROGRAMS%]\blazingtools perfect keylogger\perfect keylogger help.lnk [%PROGRAMS%]\blazingtools perfect keylogger\uninstall perfect keylogger.lnk [%PROGRAM_FILES%]\BPK\bpk.chm [%PROGRAM_FILES%]\bpk\bpk.dat [%PROGRAM_FILES%]\BPK\bpk.exe [%PROGRAM_FILES%]\bpk\bpk.exe [%PROGRAM_FILES%]\BPK\bpkhk.dll [%PROGRAM_FILES%]\bpk\bpkhk.dll [%PROGRAM_FILES%]\bpk\bpki.dll [%PROGRAM_FILES%]\BPK\bpkr.exe [%PROGRAM_FILES%]\BPK\bpkun.exe [%PROGRAM_FILES%]\bpk\bpkun.exe [%PROGRAM_FILES%]\BPK\bpkvw.exe [%PROGRAM_FILES%]\bpk\bpkvw.exe [%PROGRAM_FILES%]\BPK\bpkwb.dll [%PROGRAM_FILES%]\BPK\downloads.url [%PROGRAM_FILES%]\bpk\downloads.url [%PROGRAM_FILES%]\bpk\inst.bin [%PROGRAM_FILES%]\bpk\install.log [%PROGRAM_FILES%]\BPK\license.txt [%PROGRAM_FILES%]\bpk\license.txt [%PROGRAM_FILES%]\BPK\order.url [%PROGRAM_FILES%]\bpk\order.url [%PROGRAM_FILES%]\bpk\pk.bin [%PROGRAM_FILES%]\bpk\web.dat [%SYSTEM%]\bpk.bin [%SYSTEM%]\bpk.dat [%SYSTEM%]\bpk.exe [%SYSTEM%]\bpkhk.dll [%SYSTEM%]\bpkr.exe [%SYSTEM%]\bpkwb.dll [%SYSTEM%]\Kazaa+.exe [%SYSTEM%]\Kazaa+hk.dll [%SYSTEM%]\Kazaa+wb.dll [%SYSTEM%]\Keyloggerhk.dll [%SYSTEM%]\Keyloggerr.exe [%SYSTEM%]\l2w.exe [%SYSTEM%]\l2whk.dll [%SYSTEM%]\l2wwb.dll [%SYSTEM%]\PROGRAM FILES.EXE [%SYSTEM%]\PROGRAM FILESHK.DLL [%SYSTEM%]\Program Fileswb.dll [%SYSTEM%]\rinst.exe [%WINDOWS%]\WinXp\downloads.url [%PROFILE%]\Impostazioni locali\Temp\RarSFX0\rinst.exe [%PROFILE%]\Impostazioni locali\Temp\RarSFX1\rinst.exe [%PROFILE%]\Impostazioni locali\Temp\RarSFX3\rinst.exe [%PROGRAM_FILES%]\bpk\.exe [%PROGRAM_FILES%]\bpk\bpk.chm [%PROGRAM_FILES%]\bpk\bpkr.exe [%PROGRAM_FILES%]\bpk\bpkwb.dll [%PROGRAM_FILES%]\bpk\dumbo.exe [%PROGRAM_FILES%]\bpk\dumbohk.dll [%PROGRAM_FILES%]\bpk\hk.dll [%PROGRAM_FILES%]\bpk\i.dll [%PROGRAM_FILES%]\bpk\r.exe [%PROGRAM_FILES%]\bpk\un.exe [%PROGRAM_FILES%]\bpk\vw.exe [%PROGRAM_FILES%]\bpk\wb.dll [%DESKTOP%]\this folder leads to all of my other folders ok\bpk.exe [%PROFILE_TEMP%]\RarSFX0\rinst.exe [%PROFILE_TEMP%]\RarSFX1\rinst.exe [%PROFILE_TEMP%]\RarSFX3\rinst.exe [%PROGRAMS%]\blazingtools perfect keylogger\blazingtools perfect keylogger.lnk [%PROGRAMS%]\blazingtools perfect keylogger\more useful programs.lnk [%PROGRAMS%]\blazingtools perfect keylogger\order now!.lnk [%PROGRAMS%]\blazingtools perfect keylogger\perfect keylogger help.lnk [%PROGRAMS%]\blazingtools perfect keylogger\uninstall perfect keylogger.lnk [%PROGRAM_FILES%]\BPK\bpk.chm [%PROGRAM_FILES%]\bpk\bpk.dat [%PROGRAM_FILES%]\BPK\bpk.exe [%PROGRAM_FILES%]\bpk\bpk.exe [%PROGRAM_FILES%]\BPK\bpkhk.dll [%PROGRAM_FILES%]\bpk\bpkhk.dll [%PROGRAM_FILES%]\bpk\bpki.dll [%PROGRAM_FILES%]\BPK\bpkr.exe [%PROGRAM_FILES%]\BPK\bpkun.exe [%PROGRAM_FILES%]\bpk\bpkun.exe [%PROGRAM_FILES%]\BPK\bpkvw.exe [%PROGRAM_FILES%]\bpk\bpkvw.exe [%PROGRAM_FILES%]\BPK\bpkwb.dll [%PROGRAM_FILES%]\BPK\downloads.url [%PROGRAM_FILES%]\bpk\downloads.url [%PROGRAM_FILES%]\bpk\inst.bin [%PROGRAM_FILES%]\bpk\install.log [%PROGRAM_FILES%]\BPK\license.txt [%PROGRAM_FILES%]\bpk\license.txt [%PROGRAM_FILES%]\BPK\order.url [%PROGRAM_FILES%]\bpk\order.url [%PROGRAM_FILES%]\bpk\pk.bin [%PROGRAM_FILES%]\bpk\web.dat [%SYSTEM%]\bpk.bin [%SYSTEM%]\bpk.dat [%SYSTEM%]\bpk.exe [%SYSTEM%]\bpkhk.dll [%SYSTEM%]\bpkr.exe [%SYSTEM%]\bpkwb.dll [%SYSTEM%]\Kazaa+.exe [%SYSTEM%]\Kazaa+hk.dll [%SYSTEM%]\Kazaa+wb.dll [%SYSTEM%]\Keyloggerhk.dll [%SYSTEM%]\Keyloggerr.exe [%SYSTEM%]\l2w.exe [%SYSTEM%]\l2whk.dll [%SYSTEM%]\l2wwb.dll [%SYSTEM%]\PROGRAM FILES.EXE [%SYSTEM%]\PROGRAM FILESHK.DLL [%SYSTEM%]\Program Fileswb.dll [%SYSTEM%]\rinst.exe [%WINDOWS%]\WinXp\downloads.url [%PROFILE%]\Impostazioni locali\Temp\RarSFX0\rinst.exe [%PROFILE%]\Impostazioni locali\Temp\RarSFX1\rinst.exe [%PROFILE%]\Impostazioni locali\Temp\RarSFX3\rinst.exe [%PROGRAM_FILES%]\bpk\.exe [%PROGRAM_FILES%]\bpk\bpk.chm [%PROGRAM_FILES%]\bpk\bpkr.exe [%PROGRAM_FILES%]\bpk\bpkwb.dll [%PROGRAM_FILES%]\bpk\dumbo.exe [%PROGRAM_FILES%]\bpk\dumbohk.dll [%PROGRAM_FILES%]\bpk\hk.dll [%PROGRAM_FILES%]\bpk\i.dll [%PROGRAM_FILES%]\bpk\r.exe [%PROGRAM_FILES%]\bpk\un.exe [%PROGRAM_FILES%]\bpk\vw.exe [%PROGRAM_FILES%]\bpk\wb.dll

Folders: [%PROGRAM_FILES%]\bpk\dt

Registry Keys: HKEY_CLASSES_ROOT\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A} HKEY_CLASSES_ROOT\interface\{1e1b2878-88ff-11d3-8d96-d7acac95951a} HKEY_CLASSES_ROOT\pk.ie HKEY_CLASSES_ROOT\pk.ie.1 HKEY_CLASSES_ROOT\typelib\{1e1b286c-88ff-11d3-8d96-d7acac95951a} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\perfect keylogger HKEY_CLASSES_ROOT\clsid\{1e1b2879-88ff-11d3-8d96-d7acac95951a} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1e1b2879-88ff-11d3-8d96-d7acac95951a}

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\internet explorer HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\internet explorer HKEY_LOCAL_MACHINE\software\microsoft\internet explorer HKEY_LOCAL_MACHINE\software\microsoft\internet explorer HKEY_LOCAL_MACHINE\software\microsoft\internet explorer HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Perfect.Keylogger:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Larry Trojan
Remove Trojan.Downloader.Win32.Small.csn Trojan
Remove BOClient Trojan
Ehg.mccormick.hitbox Tracking Cookie Symptoms

CWS.XPlugin Hijacker

Removing CWS.XPlugin
Categories: Hijacker
A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\tksrv99.exe
[%SYSTEM%]\tmksrvu.exe
[%SYSTEM%]\xplugin.dll
[%WINDOWS%]\nsdb\hosts
[%SYSTEM%]\uc1362.exe
[%SYSTEM%]\ucsl.exe
[%WINDOWS%]\system\xplugin.dll
[%SYSTEM%]\tksrv99.exe
[%SYSTEM%]\tmksrvu.exe
[%SYSTEM%]\xplugin.dll
[%WINDOWS%]\nsdb\hosts
[%SYSTEM%]\uc1362.exe
[%SYSTEM%]\ucsl.exe
[%WINDOWS%]\system\xplugin.dll

How to detect CWS.XPlugin:

Files: [%SYSTEM%]\tksrv99.exe [%SYSTEM%]\tmksrvu.exe [%SYSTEM%]\xplugin.dll [%WINDOWS%]\nsdb\hosts [%SYSTEM%]\uc1362.exe [%SYSTEM%]\ucsl.exe [%WINDOWS%]\system\xplugin.dll [%SYSTEM%]\tksrv99.exe [%SYSTEM%]\tmksrvu.exe [%SYSTEM%]\xplugin.dll [%WINDOWS%]\nsdb\hosts [%SYSTEM%]\uc1362.exe [%SYSTEM%]\ucsl.exe [%WINDOWS%]\system\xplugin.dll

Registry Keys: HKEY_CLASSES_ROOT\typelib\{ee79d398-aaaf-47b1-8c9e-11f7d4c9111b} HKEY_CLASSES_ROOT\appid\xplugin.dll HKEY_CLASSES_ROOT\appid\{ac3f36d4-f905-4fe9-a926-eb937e66f591} HKEY_CLASSES_ROOT\clsid\{4f7681e5-6caf-478d-9cb8-4ca593bee7fb} HKEY_CLASSES_ROOT\xplugin.xfilter HKEY_CLASSES_ROOT\xplugin.xfilter.1 HKEY_LOCAL_MACHINE\software\tmksoft

Registry Values: HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CLASSES_ROOT\protocols\filter\text/html HKEY_CURRENT_USER\software\microsoft\internet explorer\main

Removing CWS.XPlugin:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Cryptlab Trojan Cleaner

Krepper Trojan

Removing Krepper
Categories: Trojan,Spyware,Downloader
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.
Trojans-downloaders downloads and installs new malware or adware on the computer.

Krepper Also known as:


[Kaspersky]Trojan.Win32.Krepper.a;
[Panda]Trojan Horse;
[Computer Associates]Win32/Krepper.b!PWS!Trojan,Win32/Krepper!Trojan,Win32.Azara

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\temp\svshost.exe
[%WINDOWS%]\temp\svshost.exe

How to detect Krepper:

Files: [%WINDOWS%]\temp\svshost.exe [%WINDOWS%]\temp\svshost.exe

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/qabar.dll

Removing Krepper:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SillyDl.BZK Trojan Removal instruction
Bancos.GZC Trojan Symptoms
Backdoor.TDS Trojan Removal instruction

toolband BHO

Removing toolband
Categories: BHO,Toolbar
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

How to detect toolband:

Registry Keys: HKEY_CLASSES_ROOT\toolband.toolbandobj HKEY_CLASSES_ROOT\clsid\{441354c5-409b-9a66-a11d6d4e1a22} HKEY_CLASSES_ROOT\interface\{1aa58304-832c-47fd-8d20-48677243f9e1} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eed3b}

Removing toolband:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Tieing.up.the.schools.phones DoS Symptoms
Bancos.MNN Trojan Removal

Zlob.Fam.DittoSideBar Trojan

Removing Zlob.Fam.DittoSideBar
Categories: Trojan,Popups
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
The pop-ups generally will not be stopped by pop-up stoppers, and often are
not dependent on your having Internet Explorer open.

Visible Symptoms:
Files in system folders:

 
[%PROGRAM_FILES%]\Safety Bar\Safety Bar.dll
[%PROGRAM_FILES%]\Safety Bar\SafetyBar.dll
[%PROGRAM_FILES%]\Safety Bar\Uninstall.bat
[%PROGRAM_FILES%]\Safety Bar\Safety Bar.dll
[%PROGRAM_FILES%]\Safety Bar\SafetyBar.dll
[%PROGRAM_FILES%]\Safety Bar\Uninstall.bat

How to detect Zlob.Fam.DittoSideBar:

Files: [%PROGRAM_FILES%]\Safety Bar\Safety Bar.dll [%PROGRAM_FILES%]\Safety Bar\SafetyBar.dll [%PROGRAM_FILES%]\Safety Bar\Uninstall.bat [%PROGRAM_FILES%]\Safety Bar\Safety Bar.dll [%PROGRAM_FILES%]\Safety Bar\SafetyBar.dll [%PROGRAM_FILES%]\Safety Bar\Uninstall.bat

Folders: [%PROGRAM_FILES%]\Safety Bar

Registry Keys: HKEY_CLASSES_ROOT\CLSID\{2E4136F6-A927-4337-8178-B7EBC309EFC4} HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E4136F6-A927-4337-8178-B7EBC309EFC4} HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Safety Bar

Removing Zlob.Fam.DittoSideBar:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.AVTQ Trojan Symptoms

Mitglieder Trojan

Removing Mitglieder
Categories: Trojan,Spyware,Worm,Downloader,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.
Worms can be classified by installation method, launch method and finally according
to characteristics standard to all malware: polymorphism, stealth etc.

Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.

The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Mitglieder Also known as:


[Kaspersky]TrojanProxy.Win32.Agent.q;
[Eset]Win32/TrojanProxy.Agent.Q trojan;
[Panda]W32/Mitglieder.A.worm,Trj/Deboal.A,Trj/Downloader.EL,Trj/Agent.E;
[Computer Associates]Win32.Mitglieder.N,Win32/Bagle.10240.2!Worm,Win32.Mitglieder.D,Win32/Amidel.A!Trojan,Win32.Mitglieder.AR,Win32/Mitglieder!Proxy!Trojan,Win32.SuxxProxy.A;
[Other]Win32/Mitglieder.EC,Win32/Mitglieder/EE

Visible Symptoms:
Files in system folders:

 
[%PROFILE_TEMP%]\~2.exe
[%PROFILE_TEMP%]\~7.exe
[%PROFILE_TEMP%]\~??.ee
[%PROFILE_TEMP%]\~???.ee
[%SYSTEM%]\ban_list.txt
[%SYSTEM%]\system.exe
[%SYSTEM%]\wintems.exe
[%PROFILE_TEMP%]\wk_163.exe
[%PROFILE_TEMP%]\wk_224.exe
[%PROFILE_TEMP%]\wk_225.exe
[%PROFILE_TEMP%]\wk_238.exe
[%PROFILE_TEMP%]\wk_4b4.exe
[%PROFILE_TEMP%]\wk_4cd.exe
[%PROFILE_TEMP%]\wk_4da.exe
[%PROFILE_TEMP%]\wk_4df.exe
[%PROFILE_TEMP%]\~2.exe
[%PROFILE_TEMP%]\~7.exe
[%PROFILE_TEMP%]\~??.ee
[%PROFILE_TEMP%]\~???.ee
[%SYSTEM%]\ban_list.txt
[%SYSTEM%]\system.exe
[%SYSTEM%]\wintems.exe
[%PROFILE_TEMP%]\wk_163.exe
[%PROFILE_TEMP%]\wk_224.exe
[%PROFILE_TEMP%]\wk_225.exe
[%PROFILE_TEMP%]\wk_238.exe
[%PROFILE_TEMP%]\wk_4b4.exe
[%PROFILE_TEMP%]\wk_4cd.exe
[%PROFILE_TEMP%]\wk_4da.exe
[%PROFILE_TEMP%]\wk_4df.exe

How to detect Mitglieder:

Files: [%PROFILE_TEMP%]\~2.exe [%PROFILE_TEMP%]\~7.exe [%PROFILE_TEMP%]\~??.ee [%PROFILE_TEMP%]\~???.ee [%SYSTEM%]\ban_list.txt [%SYSTEM%]\system.exe [%SYSTEM%]\wintems.exe [%PROFILE_TEMP%]\wk_163.exe [%PROFILE_TEMP%]\wk_224.exe [%PROFILE_TEMP%]\wk_225.exe [%PROFILE_TEMP%]\wk_238.exe [%PROFILE_TEMP%]\wk_4b4.exe [%PROFILE_TEMP%]\wk_4cd.exe [%PROFILE_TEMP%]\wk_4da.exe [%PROFILE_TEMP%]\wk_4df.exe [%PROFILE_TEMP%]\~2.exe [%PROFILE_TEMP%]\~7.exe [%PROFILE_TEMP%]\~??.ee [%PROFILE_TEMP%]\~???.ee [%SYSTEM%]\ban_list.txt [%SYSTEM%]\system.exe [%SYSTEM%]\wintems.exe [%PROFILE_TEMP%]\wk_163.exe [%PROFILE_TEMP%]\wk_224.exe [%PROFILE_TEMP%]\wk_225.exe [%PROFILE_TEMP%]\wk_238.exe [%PROFILE_TEMP%]\wk_4b4.exe [%PROFILE_TEMP%]\wk_4cd.exe [%PROFILE_TEMP%]\wk_4da.exe [%PROFILE_TEMP%]\wk_4df.exe

Registry Keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c691a33-7dda-4c2f-be4c-c176083f35cf}

Registry Values: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Mitglieder:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Lapse Trojan
FirstCash.Websearch Adware Symptoms
SillyDl.DMU Trojan Cleaner

Win32.TrojanDownloader.Qoologic Downloader

Removing Win32.TrojanDownloader.Qoologic
Categories: Downloader
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

Win32.TrojanDownloader.Qoologic Also known as:


[Eset]Win32/TrojanDownloader.Qoologic.B trojan;
[Panda]Adware/QoolAid

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\adolib32.dll
[%SYSTEM%]\adolib32.dll

How to detect Win32.TrojanDownloader.Qoologic:

Files: [%SYSTEM%]\adolib32.dll [%SYSTEM%]\adolib32.dll

Removing Win32.TrojanDownloader.Qoologic:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Vxidl.AMT Trojan Information
Reload Backdoor Cleaner
Remove Phishbank.BBD Trojan

888Bar Toolbar

Removing 888Bar
Categories: Toolbar
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

Visible Symptoms:
Files in system folders:

 
[%PROGRAM_FILES_COMMON%]\{3839DF00-0D3F-1033-0729-050001}\888.dll
[%PROGRAM_FILES_COMMON%]\{3839DF00-0D3F-1033-0729-050001}\Uninstall.dll
[%PROGRAM_FILES_COMMON%]\{D8e9df00-0d3f-1033-0729-050001}\system.dll
[%PROGRAM_FILES_COMMON%]\{D8e9df00-0d3f-1033-0729-050001}\Update.exe
[%PROGRAM_FILES_COMMON%]\{3839DF00-0D3F-1033-0729-050001}\888.dll
[%PROGRAM_FILES_COMMON%]\{3839DF00-0D3F-1033-0729-050001}\Uninstall.dll
[%PROGRAM_FILES_COMMON%]\{D8e9df00-0d3f-1033-0729-050001}\system.dll
[%PROGRAM_FILES_COMMON%]\{D8e9df00-0d3f-1033-0729-050001}\Update.exe

How to detect 888Bar:

Files: [%PROGRAM_FILES_COMMON%]\{3839DF00-0D3F-1033-0729-050001}\888.dll [%PROGRAM_FILES_COMMON%]\{3839DF00-0D3F-1033-0729-050001}\Uninstall.dll [%PROGRAM_FILES_COMMON%]\{D8e9df00-0d3f-1033-0729-050001}\system.dll [%PROGRAM_FILES_COMMON%]\{D8e9df00-0d3f-1033-0729-050001}\Update.exe [%PROGRAM_FILES_COMMON%]\{3839DF00-0D3F-1033-0729-050001}\888.dll [%PROGRAM_FILES_COMMON%]\{3839DF00-0D3F-1033-0729-050001}\Uninstall.dll [%PROGRAM_FILES_COMMON%]\{D8e9df00-0d3f-1033-0729-050001}\system.dll [%PROGRAM_FILES_COMMON%]\{D8e9df00-0d3f-1033-0729-050001}\Update.exe

Registry Keys: HKEY_CLASSES_ROOT\interface\{c6f2214e-0b54-45a9-b90d-7dd4ba45ed0b} HKEY_CLASSES_ROOT\luckytoolbar.luckytoolbarobj.1\clsid HKEY_CLASSES_ROOT\luckytoolbar.luckytoolbarobj\clsid HKEY_CLASSES_ROOT\luckytoolbar.luckytoolbarobj\curver HKEY_CLASSES_ROOT\typelib\{569304ba-83ed-4cff-ac26-be3e482f7208} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{c004dec2-2623-438e-9ca2-c9043ab28508}

Registry Values: HKEY_CLASSES_ROOT\luckytoolbar.luckytoolbarobj.1 HKEY_CLASSES_ROOT\luckytoolbar.luckytoolbarobj.a\clsid

Removing 888Bar:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
howstuffworks.com Tracking Cookie Cleaner

Arcvvir Trojan

Removing Arcvvir
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Arcvvir Also known as:


[Kaspersky]Australian.AIH.591,DirII.1024.j,packed: PkLite,Virus.DOS.DirII.1024.j;
[Eset]Ap.591 virus,Dir2.Ba virus;
[McAfee]Dir-II,Univ/f;
[F-Prot]DIR-II.2048.B;
[Panda]Aih,DIR-II {2};
[Computer Associates]Arcvvir,DIR-II.AJ,DIR-II.E,Ozpar.D

How to detect Arcvvir:

Registry Keys: HKEY_CLASSES_ROOT\clsid\{7e5da25b-1c13-4b78-837a-b938624eba41} HKEY_CLASSES_ROOT\typelib\{ed15346e-0aec-4b72-b23c-ed6f420fcba7} HKEY_CURRENT_USER\software\wurld media HKEY_LOCAL_MACHINE\software\morp

Removing Arcvvir:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
QZap124 Trojan Removal
Winkernal Trojan Removal
Keylog.Pino Trojan Symptoms
Intended.Nuke.Pox Backdoor Symptoms

DKS Trojan

Removing DKS
Categories: Trojan,Spyware,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.

DKS Also known as:


[Kaspersky]Trojan.Spy.DKS.11.b,TrojanSpy.Win32.DKS.11.b,TrojanSpy.Win32.DKS.10,TrojanSpy.Win32.DKS.13.a,TrojanSpy.Win32.DKS.12.c,TrojanSpy.Win32.Sisie.a;
[Eset]Win32/Spy.Sisie.C trojan;
[F-Prot]security risk or a "backdoor" program;
[Panda]Univ.AP.H,Trojan Horse,Trojan Horse.LC,Trj/Spy.Dks.12.B,Trj/Narod.B,Trj/Narod.A;
[Computer Associates]Win32/Dks.1.1!Trojan,Win32/DKS.10!Spy!Trojan,Win32/DKS.13.a!Spy!Trojan,Win32/Dks.1.2!Trojan,Win32/Dks.1.2.B!Spy!Trojan,Win32.DKS.M,Win32/Emerleox!PWS!DLL!Trojan,Win32/Narod.5154!PWS!Trojan,Win32/DKS.A!Dll!Trojan,Win32.DKS.A

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\sp.dat
[%SYSTEM%]\sysie.dll
[%SYSTEM%]\systemp.exe
[%WINDOWS%]\system\sysie.dll
[%WINDOWS%]\system\systemie.exe
[%SYSTEM%]\sp.dat
[%SYSTEM%]\sysie.dll
[%SYSTEM%]\systemp.exe
[%WINDOWS%]\system\sysie.dll
[%WINDOWS%]\system\systemie.exe

How to detect DKS:

Files: [%SYSTEM%]\sp.dat [%SYSTEM%]\sysie.dll [%SYSTEM%]\systemp.exe [%WINDOWS%]\system\sysie.dll [%WINDOWS%]\system\systemie.exe [%SYSTEM%]\sp.dat [%SYSTEM%]\sysie.dll [%SYSTEM%]\systemp.exe [%WINDOWS%]\system\sysie.dll [%WINDOWS%]\system\systemie.exe

Registry Values: HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\shellbrowser HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\shellbrowser

Removing DKS:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Win32.CWS Downloader Cleaner
Bancos.GNJ Trojan Symptoms
MSN.com Tracking Cookie Symptoms
Zlob.Fam.Browser Protection Volume Trojan Cleaner
Small.an Trojan Information

Atztecmarketing.syscpy Adware

Removing Atztecmarketing.syscpy
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\syscpy.exe
[%SYSTEM%]\syscpy1.exe
[%SYSTEM%]\syscpy.exe
[%SYSTEM%]\syscpy1.exe

How to detect Atztecmarketing.syscpy:

Files: [%SYSTEM%]\syscpy.exe [%SYSTEM%]\syscpy1.exe [%SYSTEM%]\syscpy.exe [%SYSTEM%]\syscpy1.exe

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Atztecmarketing.syscpy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.AGU Trojan Information
Wotch.com Tracking Cookie Symptoms
Removing Win32.TheThing Backdoor

ZToolbar Adware

Removing ZToolbar
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\bandserv.dll
[%WINDOWS%]\bandserv.dll

How to detect ZToolbar:

Files: [%WINDOWS%]\bandserv.dll [%WINDOWS%]\bandserv.dll

Registry Keys: HKEY_CLASSES_ROOT\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} HKEY_CLASSES_ROOT\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501} HKEY_CLASSES_ROOT\motleyfool.stockbar HKEY_CLASSES_ROOT\motleyfool.stockbar.1 HKEY_CLASSES_ROOT\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77} HKEY_CLASSES_ROOT\ZToolbar.activator HKEY_CLASSES_ROOT\ZToolbar.activator.1 HKEY_CLASSES_ROOT\ZToolbar.ParamWr HKEY_CLASSES_ROOT\ZToolbar.ParamWr.1 HKEY_CLASSES_ROOT\ZToolbar.StockBar HKEY_CLASSES_ROOT\ZToolbar.StockBar.1 HKEY_CLASSES_ROOT\Interface\{DCFAB192-4A0E-4720-8E24-70D5F0CB8C39} HKEY_CLASSES_ROOT\Interface\{F4394F24-163D-430B-B5AF-B68B56031B99} HKEY_CLASSES_ROOT\clsid\{a6790aa5-c6c7-4bcf-a46d-0fdac4ea90eb} HKEY_CLASSES_ROOT\clsid\{b75f75b8-93f3-429d-ff34-660b206d897a} HKEY_CLASSES_ROOT\clsid\{d7bf3304-138b-4dd5-86ee-491bb6a2286c} HKEY_CLASSES_ROOT\clsid\{fff5092f-7172-4018-827b-fa5868fb0478} HKEY_CLASSES_ROOT\interface\{6deee498-08cc-43f0-bca0-dbb5a25c9501} HKEY_CLASSES_ROOT\interface\{dcfab192-4a0e-4720-8e24-70d5f0cb8c39} HKEY_CLASSES_ROOT\interface\{f4394f24-163d-430b-b5af-b68b56031b99} HKEY_CLASSES_ROOT\typelib\{84c94803-b5ec-4491-b2be-7b113e013b77} HKEY_CLASSES_ROOT\ztoolbar.activator HKEY_CLASSES_ROOT\ztoolbar.activator.1 HKEY_CLASSES_ROOT\ztoolbar.paramwr HKEY_CLASSES_ROOT\ztoolbar.paramwr.1 HKEY_CLASSES_ROOT\ztoolbar.stockbar HKEY_CLASSES_ROOT\ztoolbar.stockbar.1 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{fff5092f-7172-4018-827b-fa5868fb0478} HKEY_LOCAL_MACHINE\software\zsearchco

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar

Removing ZToolbar:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Banker.ju Spyware Symptoms
Remove Win32.CWS Downloader
Remove AppServ Trojan
Elephant2 Trojan Information
WS.FTP BHO Removal

HuntBar.BTLink Hijacker

Removing HuntBar.BTLink
Categories: Hijacker
Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search.

Visible Symptoms:
Files in system folders:

 
[%PROGRAM_FILES_COMMON%]\btlink\btlink.dll
[%PROGRAM_FILES%]\common files\btlink\btlink.dll
[%PROGRAM_FILES_COMMON%]\btlink\btlink.dll
[%PROGRAM_FILES%]\common files\btlink\btlink.dll

How to detect HuntBar.BTLink:

Files: [%PROGRAM_FILES_COMMON%]\btlink\btlink.dll [%PROGRAM_FILES%]\common files\btlink\btlink.dll [%PROGRAM_FILES_COMMON%]\btlink\btlink.dll [%PROGRAM_FILES%]\common files\btlink\btlink.dll

Removing HuntBar.BTLink:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Security Toolbar Cleaner
Removing SillyDl.CVJ Trojan
Remove Bancos.IFT Trojan

Pripi Trojan

Removing Pripi
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\ipripsvc.dll
[%SYSTEM%]\ipripsvc.dll

How to detect Pripi:

Files: [%SYSTEM%]\ipripsvc.dll [%SYSTEM%]\ipripsvc.dll

Registry Keys: HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_iprip HKEY_LOCAL_MACHINE\system\currentcontrolset\services\iprip

Removing Pripi:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
WinFixer Adware Symptoms
Remove Chpok Backdoor
Hkdoor Trojan Removal instruction
Trojanspy.Win32.Zhixingzhe Trojan Removal instruction
Remove Frethog.ACT Trojan

Keylogger Trojan

Removing Keylogger
Categories: Trojan,Spyware,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Keylogger Also known as:


[Kaspersky]Trojan.PSW.KeyLogger.10,Trojan.Spy.MegaHard,TrojanSpy.Win32.DSKeyLogger,TrojanSpy.Win32.ZombKeyLog;
[McAfee]KeyLogger.c,KeyLogger.d;
[F-Prot]destructive program,security risk or a "backdoor" program;
[Panda]Trj/PSW.Keylog.1.0,Trojan Horse,Trojan Horse.LC,Trj/Spy.ZombKeyLog,Trj/Zombkey,Trj/Keylog.M;
[Computer Associates]Win32/Keylog.B!Trojan,Win32/MegaHard!Spy!Trojan,Win32/ZombKeyLog!Trojan,Win32/KeyLogger.n!Spy!Trojan,Win32/KeyLogger.f!Trojan,Win32.PSW.KeyLogger.10,Win32/KeyLogger.80384!DLL!Trojan,Win32.Forkey

Visible Symptoms:
Files in system folders:

 
[%DESKTOP%]\bpk.exe
[%DESKTOP%]\pk.bin
[%WINDOWS%]\643642kl.txt
[%WINDOWS%]\657523fg.txt
[%WINDOWS%]\GpSysHookDLL.dll
[%WINDOWS%]\keylogf.dll
[%DESKTOP%]\bpk.exe
[%DESKTOP%]\pk.bin
[%WINDOWS%]\643642kl.txt
[%WINDOWS%]\657523fg.txt
[%WINDOWS%]\GpSysHookDLL.dll
[%WINDOWS%]\keylogf.dll

How to detect Keylogger:

Files: [%DESKTOP%]\bpk.exe [%DESKTOP%]\pk.bin [%WINDOWS%]\643642kl.txt [%WINDOWS%]\657523fg.txt [%WINDOWS%]\GpSysHookDLL.dll [%WINDOWS%]\keylogf.dll [%DESKTOP%]\bpk.exe [%DESKTOP%]\pk.bin [%WINDOWS%]\643642kl.txt [%WINDOWS%]\657523fg.txt [%WINDOWS%]\GpSysHookDLL.dll [%WINDOWS%]\keylogf.dll

Folders: [%PROGRAMS%]\auto keylogger [%PROGRAM_FILES%]\auto keylogger

Registry Keys: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\kl.exe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\auto keylogger HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\\auto keylogger

Registry Values: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\userassist\{75048700-ef1f-11d0-9888-006097deacf9}\count HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\userassist\{75048700-ef1f-11d0-9888-006097deacf9}\count HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\userassist\{75048700-ef1f-11d0-9888-006097deacf9}\count HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\userassist\{75048700-ef1f-11d0-9888-006097deacf9}\count HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\userassist\{75048700-ef1f-11d0-9888-006097deacf9}\count HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\settings\ina

Removing Keylogger:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
TKHO.com Tracking Cookie Cleaner
Haxdoor.cu Backdoor Information
Removing Chpok Backdoor
Removing StopingSpy Ransomware
Remove rn11.com Tracking Cookie

FormatA Trojan

Removing FormatA
Categories: Trojan,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.

FormatA Also known as:


[Kaspersky]/See The World!.bat infected: Trojan.BAT.FormatA.d,Trojan.BAT.FormatA.d;
[McAfee]FormatA;
[Panda]Trj/FormatA;
[Computer Associates]FormatA,Formatter

Visible Symptoms:
Files in system folders:

 
[%PROGRAM_FILES%]\accele~1\anti-v~1\email_update.exe
[%PROGRAM_FILES%]\accele~1\anti-v~1\email_update.exe

How to detect FormatA:

Files: [%PROGRAM_FILES%]\accele~1\anti-v~1\email_update.exe [%PROGRAM_FILES%]\accele~1\anti-v~1\email_update.exe

Folders: [%PROGRAM_FILES%]\musicmagnet

Removing FormatA:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Easy.exe Trojan Information
Bancos.IFT Trojan Cleaner
Hkdoor Trojan Information

Blog Archive

About Me

Sunday, January 18, 2009

How to detect XP.Keylogger:

Removing XP.Keylogger:

How to detect BEsys:

Removing BEsys:

How to detect 4Arcade.PBar:

Removing 4Arcade.PBar:

How to detect SpyGator.pro:

Removing SpyGator.pro:

How to detect Bancos.IPY:

Removing Bancos.IPY:

How to detect Web.Position:

Removing Web.Position:

How to detect Rebrand.ComputerMonitorKeylogger:

Removing Rebrand.ComputerMonitorKeylogger:

How to detect Expext.MetaDirect:

Removing Expext.MetaDirect:

How to detect Win32.Scapur:

Removing Win32.Scapur:

How to detect FirewallBypass:

Removing FirewallBypass:

How to detect DotCom:

Removing DotCom:

How to detect BlackIce:

Removing BlackIce:

How to detect INetBar:

Removing INetBar:

How to detect Total.Velocity:

Removing Total.Velocity:

How to detect Burgspill:

Removing Burgspill:

How to detect GotoBar:

Removing GotoBar:

How to detect Hacker.ag:

Removing Hacker.ag:

How to detect ClipGenie:

Removing ClipGenie:

How to detect Eziin:

Removing Eziin:

How to detect Small.fe:

Removing Small.fe:

How to detect Perfect.Keylogger:

Removing Perfect.Keylogger:

How to detect CWS.XPlugin:

Removing CWS.XPlugin:

How to detect Krepper:

Removing Krepper:

How to detect toolband:

Removing toolband:

How to detect Zlob.Fam.DittoSideBar:

Removing Zlob.Fam.DittoSideBar:

How to detect Mitglieder:

Removing Mitglieder:

How to detect Win32.TrojanDownloader.Qoologic:

Removing Win32.TrojanDownloader.Qoologic:

How to detect 888Bar:

Removing 888Bar:

How to detect Arcvvir:

Removing Arcvvir:

How to detect DKS:

Removing DKS:

How to detect Atztecmarketing.syscpy:

Removing Atztecmarketing.syscpy:

How to detect ZToolbar:

Removing ZToolbar:

How to detect HuntBar.BTLink:

Removing HuntBar.BTLink:

How to detect Pripi:

Removing Pripi:

How to detect Keylogger:

Removing Keylogger:

How to detect FormatA:

Removing FormatA: