Tuesday, January 20, 2009

UpSpiral Toolbar

Removing UpSpiral
Categories: Toolbar
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\downloaded program files\upspiral.dll
[%WINDOWS%]\downloaded program files\upspiral.dll

How to detect UpSpiral:

Files:
[%WINDOWS%]\downloaded program files\upspiral.dll
[%WINDOWS%]\downloaded program files\upspiral.dll

Folders:
[%PROGRAM_FILES%]\upspiral toolbar

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-deff-ed65a486aa28}
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-deff-ed65a486aa29}
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-deff-ed65a486aa2a}
HKEY_CLASSES_ROOT\upspiral.upspiral
HKEY_CLASSES_ROOT\upspiral.upspiralmenu button
HKEY_CLASSES_ROOT\upspiral.upspiraltoggle button
HKEY_CURRENT_USER\software\upspiral toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4e7bd74f-2b8d-469e-deff-ed65a486aa28}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\upspiral

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing UpSpiral:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Hauntpc Trojan
Win32.Poitex Trojan Removal
Bancos.HGI Trojan Removal
Halflifes.little.tcp.dumper.program Trojan Removal instruction
Remove Small.abk Trojan

Posted by at No comments:

AIR Trojan

Removing AIR
Categories: Trojan,Backdoor,RAT
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
AIR Also known as:

[Kaspersky]Backdoor.VB.kb;
[Eset]Win32/VB.KB trojan;
[Panda]Backdoor Program;
[Computer Associates]Backdoor/VB.kb.Server
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\airserver.exe
[%WINDOWS%]\system\mail.txt
[%WINDOWS%]\system\airserver.exe
[%WINDOWS%]\system\mail.txt

How to detect AIR:

Files:
[%WINDOWS%]\system\airserver.exe
[%WINDOWS%]\system\mail.txt
[%WINDOWS%]\system\airserver.exe
[%WINDOWS%]\system\mail.txt

Removing AIR:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
VB.cc Adware Cleaner
Admin Trojan Removal

Posted by at No comments:

Acropolis Trojan

Removing Acropolis
Categories: Trojan,Backdoor,RAT
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.
Acropolis Also known as:

[Kaspersky]Backdoor.Acropolis.10;
[Eset]Win32/Acropolis.10 trojan;
[McAfee]BackDoor-NM;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/Acropolis.10;
[Computer Associates]Win32.Acropolis.10,Win32/Acropolis.10.Trojan
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\localbase.dll
[%WINDOWS%]\winport.com
[%WINDOWS%]\localbase.dll
[%WINDOWS%]\winport.com

How to detect Acropolis:

Files:
[%WINDOWS%]\localbase.dll
[%WINDOWS%]\winport.com
[%WINDOWS%]\localbase.dll
[%WINDOWS%]\winport.com

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing Acropolis:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Vxidl.AFR Trojan Removal
S00d Backdoor Information
SpamAcid Trojan Removal

Posted by at No comments:

IE.Host Adware

Removing IE.Host
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

How to detect IE.Host:

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\79b498b3e041

Removing IE.Host:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Vxidl.AAB Trojan
Juno.Hack Trojan Cleaner
Remove Bang.Youre.Dead Trojan

Posted by at No comments:

Temairg Trojan

Removing Temairg
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Temairg Also known as:

[Kaspersky]Trojan-Clicker.Win32.VB.pu;
[Other]Win32/Temairg,Win32/Temairg.B,Win32/Temairg.C,Win32/Temairg.D

How to detect Temairg:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Temairg:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing XCP.Sony.SP2 Trojan
Pigeon.AVRX Trojan Removal instruction
Delf.aaa Backdoor Symptoms
W106.hitbox.Tracking.Cookie Tracking Cookie Removal instruction
Sex.Cookie Tracking Cookie Removal

Posted by at No comments:

Zlob.Fam.My Pass Generator Trojan

Removing Zlob.Fam.My Pass Generator
Categories: Trojan,Popups
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware is the class of programs that place advertisements on your screen.
These may be in the form of pop-ups, pop-unders, advertisements embedded in programs,
advertisements placed on top of ads in web sites, or any other way the authors can
think of showing you an ad.

The pop-ups generally will not be stopped by pop-up stoppers, and often are
not dependent on your having Internet Explorer open.
They may show up when you are playing a game, writing a document, listening to music,
or anything else. Should you be surfing, the advertisements will often be related to
the web page you are viewing.

How to detect Zlob.Fam.My Pass Generator:

Folders:
[%PROGRAMS%]\My Pass Generator
[%PROGRAM_FILES%]\My Pass Generator

Registry Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Pass Generator

Removing Zlob.Fam.My Pass Generator:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Httper BHO Information
Removing CHCB Backdoor
Downhill.Demo RAT Removal instruction
Removing EZSearch Adware

Posted by at No comments:

StopingSpy Ransomware

Removing StopingSpy
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.

If the victim opens/executes the attachment, the program encrypts
a number of files on the victim's computer. A ransom note is then left behind for the victim.

The victim will be unable to open the encrypted files without the correct decryption key.
Once the ransom demanded in the ransom note is paid, the cracker may (or may not)
send the decryption key, enabling decryption of the "kidnapped" files.
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\StopingSpy.lnk
[%DESKTOP%]\StopingSpy.lnk

How to detect StopingSpy:

Files:
[%DESKTOP%]\StopingSpy.lnk
[%DESKTOP%]\StopingSpy.lnk

Folders:
[%PROGRAMS%]\StopingSpy
[%PROGRAM_FILES%]\StopingSpy

Registry Keys:
HKEY_CURRENT_USER\software\stopingspy
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\stopingspy

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing StopingSpy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Gift Trojan Removal instruction

Posted by at No comments:

Registry.Cleaner Adware

Removing Registry.Cleaner
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Visible Symptoms:
Files in system folders:
[%APPDATA%]\Registry Cleaner\RegClean.ini
[%APPDATA%]\Registry Defender\RegClean.ini
[%COMMON_PROGRAMS%]\Registry Cleaner\Registry Cleaner Help.lnk
[%COMMON_PROGRAMS%]\Registry Cleaner\Registry Cleaner.lnk
[%COMMON_PROGRAMS%]\Registry Cleaner\Uninstall Registry Cleaner.lnk
[%DESKTOP%]\Registry Cleaner.lnk
[%PROGRAM_FILES%]\Registry Cleaner Trial\License.rtf
[%PROGRAM_FILES%]\Registry Cleaner Trial\RCUninstall.exe
[%PROGRAM_FILES%]\Registry Cleaner Trial\regclean.dll
[%PROGRAM_FILES%]\Registry Cleaner Trial\RegClean.exe
[%PROGRAM_FILES%]\Registry Cleaner Trial\Registry Cleaner.chm
[%PROGRAM_FILES%]\Registry Cleaner Trial\soref.dll
[%PROGRAM_FILES%]\Registry Cleaner Trial\UninstRegclean.EXE
[%PROGRAM_FILES%]\Registry Cleaner\License.rtf
[%SYSTEM%]\RegistryCleanerSetup.exe
[%DESKTOP%]\Registry Cleaner.lnk
[%DESKTOP%]\soref_regclean.exe
[%APPDATA%]\Registry Cleaner\RegClean.ini
[%APPDATA%]\Registry Defender\RegClean.ini
[%COMMON_PROGRAMS%]\Registry Cleaner\Registry Cleaner Help.lnk
[%COMMON_PROGRAMS%]\Registry Cleaner\Registry Cleaner.lnk
[%COMMON_PROGRAMS%]\Registry Cleaner\Uninstall Registry Cleaner.lnk
[%DESKTOP%]\Registry Cleaner.lnk
[%PROGRAM_FILES%]\Registry Cleaner Trial\License.rtf
[%PROGRAM_FILES%]\Registry Cleaner Trial\RCUninstall.exe
[%PROGRAM_FILES%]\Registry Cleaner Trial\regclean.dll
[%PROGRAM_FILES%]\Registry Cleaner Trial\RegClean.exe
[%PROGRAM_FILES%]\Registry Cleaner Trial\Registry Cleaner.chm
[%PROGRAM_FILES%]\Registry Cleaner Trial\soref.dll
[%PROGRAM_FILES%]\Registry Cleaner Trial\UninstRegclean.EXE
[%PROGRAM_FILES%]\Registry Cleaner\License.rtf
[%SYSTEM%]\RegistryCleanerSetup.exe
[%DESKTOP%]\Registry Cleaner.lnk
[%DESKTOP%]\soref_regclean.exe

How to detect Registry.Cleaner:

Files:
[%APPDATA%]\Registry Cleaner\RegClean.ini
[%APPDATA%]\Registry Defender\RegClean.ini
[%COMMON_PROGRAMS%]\Registry Cleaner\Registry Cleaner Help.lnk
[%COMMON_PROGRAMS%]\Registry Cleaner\Registry Cleaner.lnk
[%COMMON_PROGRAMS%]\Registry Cleaner\Uninstall Registry Cleaner.lnk
[%DESKTOP%]\Registry Cleaner.lnk
[%PROGRAM_FILES%]\Registry Cleaner Trial\License.rtf
[%PROGRAM_FILES%]\Registry Cleaner Trial\RCUninstall.exe
[%PROGRAM_FILES%]\Registry Cleaner Trial\regclean.dll
[%PROGRAM_FILES%]\Registry Cleaner Trial\RegClean.exe
[%PROGRAM_FILES%]\Registry Cleaner Trial\Registry Cleaner.chm
[%PROGRAM_FILES%]\Registry Cleaner Trial\soref.dll
[%PROGRAM_FILES%]\Registry Cleaner Trial\UninstRegclean.EXE
[%PROGRAM_FILES%]\Registry Cleaner\License.rtf
[%SYSTEM%]\RegistryCleanerSetup.exe
[%DESKTOP%]\Registry Cleaner.lnk
[%DESKTOP%]\soref_regclean.exe
[%APPDATA%]\Registry Cleaner\RegClean.ini
[%APPDATA%]\Registry Defender\RegClean.ini
[%COMMON_PROGRAMS%]\Registry Cleaner\Registry Cleaner Help.lnk
[%COMMON_PROGRAMS%]\Registry Cleaner\Registry Cleaner.lnk
[%COMMON_PROGRAMS%]\Registry Cleaner\Uninstall Registry Cleaner.lnk
[%DESKTOP%]\Registry Cleaner.lnk
[%PROGRAM_FILES%]\Registry Cleaner Trial\License.rtf
[%PROGRAM_FILES%]\Registry Cleaner Trial\RCUninstall.exe
[%PROGRAM_FILES%]\Registry Cleaner Trial\regclean.dll
[%PROGRAM_FILES%]\Registry Cleaner Trial\RegClean.exe
[%PROGRAM_FILES%]\Registry Cleaner Trial\Registry Cleaner.chm
[%PROGRAM_FILES%]\Registry Cleaner Trial\soref.dll
[%PROGRAM_FILES%]\Registry Cleaner Trial\UninstRegclean.EXE
[%PROGRAM_FILES%]\Registry Cleaner\License.rtf
[%SYSTEM%]\RegistryCleanerSetup.exe
[%DESKTOP%]\Registry Cleaner.lnk
[%DESKTOP%]\soref_regclean.exe

Folders:
[%APPDATA%]\registry cleaner
[%COMMON_PROGRAMS%]\RegistryCleaner
[%PROGRAMS%]\registry cleaner
[%PROGRAM_FILES%]\registry cleaner trial
[%PROGRAM_FILES%]\RegistryCleaner
[%PROGRAM_FILES%]\TPT Registry_Cleaner (Trial)
[%PROGRAMS%]\regclean

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{205ff73b-ca67-11d5-99dd-444553540013}
HKEY_CLASSES_ROOT\typelib\{205ff72e-ca67-11d5-99dd-444553540013}
HKEY_CURRENT_USER\software\registry cleaner
HKEY_CURRENT_USER\software\softwareonline.com\soref\{334cca36-c1f1-4649-8dae-a46e24911e1b}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\registry cleaner
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegistryCleaner
HKEY_LOCAL_MACHINE\software\registry cleaner
HKEY_LOCAL_MACHINE\SOFTWARE\RegistryCleaner
HKEY_CLASSES_ROOT\clsid\{5fce5f25-b51e-2e50-ed07-ad26b874e903}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\registrycleaner
HKEY_LOCAL_MACHINE\software\registrycleaner

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\affiliatecreator\eba61bb6-aa73-4f9d-946b-c722bee0f153
HKEY_LOCAL_MACHINE\software\affiliatecreator\eba61bb6-aa73-4f9d-946b-c722bee0f153
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\registry cleaner (trial)_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\registry cleaner (trial)_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\registry cleaner (trial)_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\registry cleaner (trial)_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\registry cleaner (trial)_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\registry cleaner (trial)_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\registry cleaner (trial)_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\registry cleaner (trial)_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\registry cleaner (trial)_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\registry cleaner (trial)_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\registry cleaner (trial)_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\registry cleaner (trial)_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\registry cleaner (trial)_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\registry cleaner (trial)_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\registry cleaner (trial)_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\registry cleaner (trial)_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\windowsupdate\reporting\eventcache\9482f4b4-e343-43b6-b170-9a65bc822c77

Removing Registry.Cleaner:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove AMXPlus Spyware

Posted by at No comments:

Agent.mx Trojan

Removing Agent.mx
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\smsys.dat
[%WINDOWS%]\smsys.dat

How to detect Agent.mx:

Files:
[%WINDOWS%]\smsys.dat
[%WINDOWS%]\smsys.dat

Removing Agent.mx:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Vxidl.BDR Trojan

Posted by at No comments:

Employee.Watcher Spyware

Removing Employee.Watcher
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

How to detect Employee.Watcher:

Folders:
c:\windowsupdate\ufp\ew7

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{0468c950-83e2-11d3-be51-00c0dfc2e32c}
HKEY_CLASSES_ROOT\clsid\{22b4c8f5-a686-42cc-8224-e4817445109f}
HKEY_CLASSES_ROOT\clsid\{8b8bb3a2-8576-11d3-be51-00c0dfc2e32c}
HKEY_CLASSES_ROOT\clsid\{de5c2449-65d5-4413-bfcf-6bfcdf294665}
HKEY_CLASSES_ROOT\interface\{0468c94f-83e2-11d3-be51-00c0dfc2e32c}
HKEY_CLASSES_ROOT\interface\{0468c951-83e2-11d3-be51-00c0dfc2e32c}
HKEY_CLASSES_ROOT\interface\{3e3621c0-8635-11d3-be51-00c0dfc2e32c}
HKEY_CLASSES_ROOT\interface\{8b8bb3a1-8576-11d3-be51-00c0dfc2e32c}
HKEY_CLASSES_ROOT\interface\{8b8bb3a3-8576-11d3-be51-00c0dfc2e32c}
HKEY_CLASSES_ROOT\interface\{ab14f05e-4c1d-49dc-8bd5-9e6b510b3eba}
HKEY_CLASSES_ROOT\interface\{b78b0e98-0431-4a6b-8c3d-f240fe8725f5}
HKEY_CLASSES_ROOT\interface\{d937a3c0-8634-11d3-be51-00c0dfc2e32c}
HKEY_CLASSES_ROOT\interface\{f7c1a3fa-c511-488a-b583-4f153b9368c4}
HKEY_CLASSES_ROOT\typelib\{0468c933-83e2-11d3-be51-00c0dfc2e32c}
HKEY_CLASSES_ROOT\typelib\{0468c941-83e2-11d3-be51-00c0dfc2e32c}
HKEY_CLASSES_ROOT\typelib\{1faa49c4-16b7-4d28-8930-31be1810d943}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Employee.Watcher:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Passenger Trojan
Remove Autospy Trojan
Pass Trojan Removal
Pigeon.ETP Trojan Cleaner

Posted by at No comments:

Dpwam Trojan

Removing Dpwam
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Dpwam Also known as:

[Kaspersky]Trojan.Win32.Agent.ny;
[McAfee]Puper;
[Other]Win32/Dpwam,Win32/Dpwam.A,Trojan.Zlob
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\drivers\DP.sys
[%SYSTEM%]\drivers\DP.sys

How to detect Dpwam:

Files:
[%SYSTEM%]\drivers\DP.sys
[%SYSTEM%]\drivers\DP.sys

Removing Dpwam:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
TypeTeller Spyware Removal
Zlob.zb Downloader Removal
Koska Trojan Information
PASSMIE Trojan Cleaner
Remove Musanub Trojan

Posted by at No comments:

SillyDl.DNC Trojan

Removing SillyDl.DNC
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\_svchost.exe
[%SYSTEM%]\_svchost.exe

How to detect SillyDl.DNC:

Files:
[%SYSTEM%]\_svchost.exe
[%SYSTEM%]\_svchost.exe

Registry Keys:
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_microsoft_inet_service
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\microsoft inet service

Removing SillyDl.DNC:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
BeSeen.com Tracking Cookie Removal

Posted by at No comments:

Adult.Material Adware

Removing Adult.Material
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

How to detect Adult.Material:

Registry Keys:
HKEY_CLASSES_ROOT\typelib\{ce7c3cf0-4b15-11d1-abed-709549c10001}

Removing Adult.Material:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing AZV.Variant Trojan
Pigeon.DZX Trojan Removal
AFAEnhance Adware Information

Posted by at No comments:

TSpy Spyware

Removing TSpy
Categories: Spyware
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\tspy.exe
[%PROGRAM_FILES%]\tspy.log
[%PROGRAM_FILES%]\tspy.exe
[%PROGRAM_FILES%]\tspy.log

How to detect TSpy:

Files:
[%PROGRAM_FILES%]\tspy.exe
[%PROGRAM_FILES%]\tspy.log
[%PROGRAM_FILES%]\tspy.exe
[%PROGRAM_FILES%]\tspy.log

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\tspy
HKEY_LOCAL_MACHINE\software\microsoft\windows\tpsy

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing TSpy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SmartBrowser Adware Symptoms
Dowque.AAB Trojan Cleaner
Theinf.plugin Backdoor Removal

Posted by at No comments:

Viresals Trojan

Removing Viresals
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Viresals Also known as:

[Other]Trojan.Dropper
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\Inte32.dll
[%WINDOWS%]\SYSTEM\realsched.exe
[%WINDOWS%]\SYSTEM\vp_VM.dll
[%SYSTEM%]\Inte32.dll
[%WINDOWS%]\SYSTEM\realsched.exe
[%WINDOWS%]\SYSTEM\vp_VM.dll

How to detect Viresals:

Files:
[%SYSTEM%]\Inte32.dll
[%WINDOWS%]\SYSTEM\realsched.exe
[%WINDOWS%]\SYSTEM\vp_VM.dll
[%SYSTEM%]\Inte32.dll
[%WINDOWS%]\SYSTEM\realsched.exe
[%WINDOWS%]\SYSTEM\vp_VM.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{8462112e-2d10-4d27-aa0f-d0326d3ce7ef}
HKEY_CLASSES_ROOT\clsid\{9b840ed7-32c9-4121-b6c9-a9ff1db76fe8}
HKEY_CLASSES_ROOT\clsid\{ebbc6e6d-7b65-46be-b509-86ced2d17876}
HKEY_CLASSES_ROOT\clsid\{ee09b8c3-bdb8-4301-bc8d-c13ce4664194}
HKEY_CLASSES_ROOT\clsid\{f8eb3b42-0665-4a7b-ada5-b21b0c189fbd}
HKEY_LOCAL_MACHINE\software\microsoft\intesearch

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Viresals:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SillyDl.DAL Trojan Symptoms

Posted by at No comments:

Agent.ac Adware

Removing Agent.ac
Categories: Adware,Backdoor,Downloader
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Trojans-downloaders downloads and installs new malware or adware on the computer.

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\vbsys2.dll
[%SYSTEM%]\wdmbgnb_.dll
[%SYSTEM%]\vbsys2.dll
[%SYSTEM%]\wdmbgnb_.dll

How to detect Agent.ac:

Files:
[%SYSTEM%]\vbsys2.dll
[%SYSTEM%]\wdmbgnb_.dll
[%SYSTEM%]\vbsys2.dll
[%SYSTEM%]\wdmbgnb_.dll

Removing Agent.ac:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Is.My.Mate.Cheating.Online Spyware
VBS.Maz Trojan Removal
PSW.Delf.ca Trojan Removal instruction
Remove IRC.BBot Backdoor

Posted by at No comments:

PCTurboPro Ransomware

Removing PCTurboPro
Categories: Ransomware
The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.

How to detect PCTurboPro:

Folders:
[%APPDATA%]\PCTurbo Pro Free
[%COMMON_PROGRAMS%]\PCTurboPro

Removing PCTurboPro:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Generic.PWS Trojan Removal instruction
Trojan.Downloader.Win32.Small.csn Trojan Removal instruction
Removing Qinq Trojan

Posted by at No comments:

VB.mo Trojan

Removing VB.mo
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\mousepad11.exe
[%WINDOWS%]\mousepad11.exe

How to detect VB.mo:

Files:
[%WINDOWS%]\mousepad11.exe
[%WINDOWS%]\mousepad11.exe

Removing VB.mo:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
KNotZsImZ DoS Information
Bancos.EVU Trojan Removal instruction
LorNuker Trojan Removal instruction
new.directions.de Tracking Cookie Removal instruction
Removing Baca Trojan

Posted by at No comments:

Mumb Trojan

Removing Mumb
Categories: Trojan,Backdoor,Downloader,DoS
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.
Mumb Also known as:

[Kaspersky]Mumbler.1287;
[Panda]Body.1287.A
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\msrev21.dll
[%SYSTEM%]\msrev21.dll

How to detect Mumb:

Files:
[%SYSTEM%]\msrev21.dll
[%SYSTEM%]\msrev21.dll

Removing Mumb:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
dx50codec Trojan Symptoms

Posted by at No comments:

MyCpMads.Browser.Optimiser BHO

Removing MyCpMads.Browser.Optimiser
Categories: BHO
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\s1ec
[%PROFILE_TEMP%]\s1rk
[%SYSTEM%]\br_rt.dll
[%WINDOWS%]\3-d0105f0375fe6b62fc90f554e10ca5eb.exe
[%SYSTEM%]\br_rt-uninst.exe
[%PROFILE_TEMP%]\s1ec
[%PROFILE_TEMP%]\s1rk
[%SYSTEM%]\br_rt.dll
[%WINDOWS%]\3-d0105f0375fe6b62fc90f554e10ca5eb.exe
[%SYSTEM%]\br_rt-uninst.exe

How to detect MyCpMads.Browser.Optimiser:

Files:
[%PROFILE_TEMP%]\s1ec
[%PROFILE_TEMP%]\s1rk
[%SYSTEM%]\br_rt.dll
[%WINDOWS%]\3-d0105f0375fe6b62fc90f554e10ca5eb.exe
[%SYSTEM%]\br_rt-uninst.exe
[%PROFILE_TEMP%]\s1ec
[%PROFILE_TEMP%]\s1rk
[%SYSTEM%]\br_rt.dll
[%WINDOWS%]\3-d0105f0375fe6b62fc90f554e10ca5eb.exe
[%SYSTEM%]\br_rt-uninst.exe

Registry Keys:
HKEY_CLASSES_ROOT\adspipe.adbot2
HKEY_CLASSES_ROOT\adspipe.adbot2.1
HKEY_CLASSES_ROOT\clsid\{582fdcf0-a82e-4fc1-a6f6-0d2f36881f63}
HKEY_CLASSES_ROOT\interface\{aedc088b-51de-4677-92df-ae0f978aac81}
HKEY_CLASSES_ROOT\typelib\{49570c69-425d-47a6-944d-5b035af58b09}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{582fdcf0-a82e-4fc1-a6f6-0d2f36881f63}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\br_rt

Removing MyCpMads.Browser.Optimiser:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.FBB Trojan Removal
Bancos.GLA Trojan Removal
Link.DI.Residential.Gateways.Admin.login Trojan Information
Remove Pigeon.ERH Trojan
Talitum Downloader Removal

Posted by at No comments:

Qoogler Hijacker

Removing Qoogler
Categories: Hijacker
When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

How to detect Qoogler:

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\qoogler.com\www

Removing Qoogler:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove SMS.Bomb DoS
Remove WinKeyLogger Trojan
Bancos.GKQ Trojan Cleaner
Removing Agobot.es Backdoor
Win32.Elfnet Trojan Removal

Posted by at No comments:

SpySnipe Ransomware

Removing SpySnipe
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe software that encrypts the data
belonging to an individual on a computer, demanding a ransom for its restoration.
Although the field known as cryptovirology predates the term "ransomware".
Visible Symptoms:
Files in system folders:
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpySnipe 1.0.lnk
[%PROFILE%]\Desktop\SpySnipe 1.0.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpySnipe 1.0.lnk
[%PROFILE%]\Desktop\SpySnipe 1.0.lnk

How to detect SpySnipe:

Files:
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpySnipe 1.0.lnk
[%PROFILE%]\Desktop\SpySnipe 1.0.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpySnipe 1.0.lnk
[%PROFILE%]\Desktop\SpySnipe 1.0.lnk

Folders:
[%PROFILE%]\Start Menu\Programs\SpySnipe
[%PROGRAM_FILES%]\SpySnipe

Registry Keys:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\spysnipe
HKEY_CURRENT_USER\software\spysnipe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spysnipe 1.0_is1

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing SpySnipe:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove QZap1 Trojan
SillyDl.DHK Trojan Symptoms
Vxidl.AKD Trojan Removal instruction

Posted by at No comments:

Skiks Trojan

Removing Skiks
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Visible Symptoms:
Files in system folders:
[%COMMON_DESKTOPDIRECTORY%]\sp.exe
[%SYSTEM%]\wmp.exe
[%COMMON_DESKTOPDIRECTORY%]\sp.exe
[%SYSTEM%]\wmp.exe

How to detect Skiks:

Files:
[%COMMON_DESKTOPDIRECTORY%]\sp.exe
[%SYSTEM%]\wmp.exe
[%COMMON_DESKTOPDIRECTORY%]\sp.exe
[%SYSTEM%]\wmp.exe

Registry Keys:
HKEY_CURRENT_USER\software\microsoft\esevcbko

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2d0cce2d-2eef-4432-0503-020002010803}

Removing Skiks:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
ErrorDoctor Ransomware Removal

Posted by at No comments:

Conspy Trojan

Removing Conspy
Categories: Trojan,Spyware
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Conspy Also known as:

[Panda]Trj/Conspy.A;
[Computer Associates]Win32/Conspy.e!Spy!Trojan
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\waol.exe
[%WINDOWS%]\waol.exe

How to detect Conspy:

Files:
[%WINDOWS%]\waol.exe
[%WINDOWS%]\waol.exe

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing Conspy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
EasyNet RAT Information
Keycorder Spyware Removal instruction
Remove Fichv.EXE RAT
Iroffer Trojan Removal
IBS Adware Removal instruction

Posted by at No comments:

MoneyTree.DyFuCA Trojan

Removing MoneyTree.DyFuCA
Categories: Trojan,Adware,BHO,Downloader
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
Trojans-downloaders downloads and installs new malware or adware on the computer.

MoneyTree.DyFuCA Also known as:

[Kaspersky]TrojanDownloader.Win32.Dyfuca.ac;
[Eset]Win32/TrojanDownloader.Dyfica.AC trojan;
[Panda]Spyware/Dyfuca

How to detect MoneyTree.DyFuCA:

Registry Keys:
HKEY_CLASSES_ROOT\typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4}

Removing MoneyTree.DyFuCA:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
PSW.Watcher Trojan Symptoms
Remove Netrunner Trojan
Backdoor.Konik Trojan Removal
IRC.Advertiser DoS Removal instruction
PassAlert Trojan Information

Posted by at No comments:

Mechbot Backdoor

Removing Mechbot
Categories: Backdoor
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Mechbot Also known as:

[Kaspersky]Backdoor.Win32.Mechbot,Backdoor.Win32.Mechbot.a;
[McAfee]W32/IRCbot.gen.f;
[Other]W32.IRCBot,Backdoor.Win32.Mechbot.d,BKDR_MECHBOT.D,Win32/Chembot.A,Backdoor.Trojan

How to detect Mechbot:

Folders:
[%SYSTEM%]\dllcache\audio

Registry Keys:
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_mrtserv
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\mrtserv

Removing Mechbot:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Small.awa Downloader Removal instruction

Posted by at No comments:

Bazooka Ransomware

Removing Bazooka
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.

If the victim opens/executes the attachment, the program encrypts
a number of files on the victim's computer. A ransom note is then left behind for the victim.

The victim will be unable to open the encrypted files without the correct decryption key.
Once the ransom demanded in the ransom note is paid, the cracker may (or may not)
send the decryption key, enabling decryption of the "kidnapped" files.
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\ADWareBazooka.lnk
[%DESKTOP%]\ADWareBazooka.lnk

How to detect Bazooka:

Files:
[%DESKTOP%]\ADWareBazooka.lnk
[%DESKTOP%]\ADWareBazooka.lnk

Folders:
[%PROGRAMS%]\ADWareBazooka
[%PROGRAM_FILES%]\ADWareBazooka

Registry Keys:
HKEY_CURRENT_USER\software\adwarebazooka
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\adwarebazooka

Registry Values:
HKEY_CURRENT_USER\software\borland\locales
HKEY_CURRENT_USER\software\borland\locales
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing Bazooka:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SmartAdServer.com Tracking Cookie Symptoms
Ipflood Trojan Removal
mIRC.Critical!Trojan Trojan Symptoms

Posted by at No comments:

StartPage.yp Hijacker

Removing StartPage.yp
Categories: Hijacker
Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search.

How to detect StartPage.yp:

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices

Removing StartPage.yp:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
UpMedia Adware Removal
Ardamax.KeyLogger.Common.Components Spyware Cleaner
Local.Remote.Attack.in.Super.Mail.Transfer.Package.Server DoS Removal instruction

Posted by at No comments:

Bisier Trojan

Removing Bisier
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

How to detect Bisier:

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Bisier:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Pigeon.EDH Trojan
Small.CZL Trojan Removal instruction
Pregnant Trojan Cleaner
IRC.Zapchast Backdoor Cleaner
ErrorProtector Ransomware Information

Posted by at No comments:

FloodDesktop Trojan

Removing FloodDesktop
Categories: Trojan,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.


FloodDesktop Also known as:

[Panda]Trojan Horse;
[Computer Associates]FloodDesktop.A!Trojan
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\ttext.dll
[%WINDOWS%]\ttext.dll

How to detect FloodDesktop:

Files:
[%WINDOWS%]\ttext.dll
[%WINDOWS%]\ttext.dll

Removing FloodDesktop:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.AVLM Trojan Information
Rattler Trojan Cleaner

Posted by at No comments:

Win32.Swizzor.fg Trojan

Removing Win32.Swizzor.fg
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

How to detect Win32.Swizzor.fg:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{1477a146-9b4f-df83-07b0-31f153c2e2f5}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1477a146-9b4f-df83-07b0-31f153c2e2f5}

Registry Values:
HKEY_CLASSES_ROOT\clsid\{7546fcf3-6f06-fb3b-f5ef-ac9b1903c279}
HKEY_CLASSES_ROOT\clsid\{7546fcf3-6f06-fb3b-f5ef-ac9b1903c279}\inprocserver32
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Win32.Swizzor.fg:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.AZZ Trojan Removal instruction
Win32.Sagic Trojan Removal instruction

Posted by at No comments:

ADBreak BHO

Removing ADBreak
Categories: BHO,Backdoor,Hijacker,Hacker Tool
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.
ADBreak Also known as:

[Kaspersky]Backdoor.WbeCheck.a;
[Eset]Win32/PSW.WbeCheck.A trojan;
[McAfee]Floid.dr;
[F-Prot]security risk or a "backdoor" program;
[Panda]Backdoor Program;
[Computer Associates]Win32.WbeCheck,Win32/WbeCheck!Trojan
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\cbinst$.exe
[%WINDOWS%]\hcwprn.exe
[%WINDOWS%]\kkcomp.dll
[%WINDOWS%]\kkcomp.exe
[%WINDOWS%]\kvnab$.exe
[%WINDOWS%]\kvnab.dll
[%WINDOWS%]\kvnab.exe
[%WINDOWS%]\liqad.dll
[%WINDOWS%]\liqad.exe
[%WINDOWS%]\liqui.dll
[%WINDOWS%]\liqui.exe
[%WINDOWS%]\pbsysie.dll
[%WINDOWS%]\settn.dll
[%WINDOWS%]\wbeCheck.exe
[%WINDOWS%]\xadbrk.dll
[%WINDOWS%]\xadbrk.exe
[%SYSTEM%]\fhfmm.dll
[%WINDOWS%]\exrem.ini
[%WINDOWS%]\kkcomp.old
[%WINDOWS%]\kkcomp.tmp
[%WINDOWS%]\kvnab.ini
[%WINDOWS%]\kvnab.old
[%WINDOWS%]\kvnab.tmp
[%WINDOWS%]\liqad$.exe
[%WINDOWS%]\liqad.ini
[%WINDOWS%]\liqad.old
[%WINDOWS%]\liqad.tmp
[%WINDOWS%]\liqui.txt
[%WINDOWS%]\liqui1.tmp
[%WINDOWS%]\liqui2.tmp
[%WINDOWS%]\liqui3.tmp
[%WINDOWS%]\ltosie.old
[%WINDOWS%]\odidbu.in
[%WINDOWS%]\odidbu.ini
[%WINDOWS%]\plotpp.tmp
[%WINDOWS%]\system\fhfmm.dll
[%WINDOWS%]\wbecheck.exe
[%WINDOWS%]\wbecheck.old
[%WINDOWS%]\wbecheck.tmp
[%WINDOWS%]\xabrk.dll
[%WINDOWS%]\xadbrk1.tmp
[%WINDOWS%]\xadbrk2.tmp
[%WINDOWS%]\xadbrk3.tmp
[%WINDOWS%]\cbinst$.exe
[%WINDOWS%]\hcwprn.exe
[%WINDOWS%]\kkcomp.dll
[%WINDOWS%]\kkcomp.exe
[%WINDOWS%]\kvnab$.exe
[%WINDOWS%]\kvnab.dll
[%WINDOWS%]\kvnab.exe
[%WINDOWS%]\liqad.dll
[%WINDOWS%]\liqad.exe
[%WINDOWS%]\liqui.dll
[%WINDOWS%]\liqui.exe
[%WINDOWS%]\pbsysie.dll
[%WINDOWS%]\settn.dll
[%WINDOWS%]\wbeCheck.exe
[%WINDOWS%]\xadbrk.dll
[%WINDOWS%]\xadbrk.exe
[%SYSTEM%]\fhfmm.dll
[%WINDOWS%]\exrem.ini
[%WINDOWS%]\kkcomp.old
[%WINDOWS%]\kkcomp.tmp
[%WINDOWS%]\kvnab.ini
[%WINDOWS%]\kvnab.old
[%WINDOWS%]\kvnab.tmp
[%WINDOWS%]\liqad$.exe
[%WINDOWS%]\liqad.ini
[%WINDOWS%]\liqad.old
[%WINDOWS%]\liqad.tmp
[%WINDOWS%]\liqui.txt
[%WINDOWS%]\liqui1.tmp
[%WINDOWS%]\liqui2.tmp
[%WINDOWS%]\liqui3.tmp
[%WINDOWS%]\ltosie.old
[%WINDOWS%]\odidbu.in
[%WINDOWS%]\odidbu.ini
[%WINDOWS%]\plotpp.tmp
[%WINDOWS%]\system\fhfmm.dll
[%WINDOWS%]\wbecheck.exe
[%WINDOWS%]\wbecheck.old
[%WINDOWS%]\wbecheck.tmp
[%WINDOWS%]\xabrk.dll
[%WINDOWS%]\xadbrk1.tmp
[%WINDOWS%]\xadbrk2.tmp
[%WINDOWS%]\xadbrk3.tmp

How to detect ADBreak:

Files:
[%WINDOWS%]\cbinst$.exe
[%WINDOWS%]\hcwprn.exe
[%WINDOWS%]\kkcomp.dll
[%WINDOWS%]\kkcomp.exe
[%WINDOWS%]\kvnab$.exe
[%WINDOWS%]\kvnab.dll
[%WINDOWS%]\kvnab.exe
[%WINDOWS%]\liqad.dll
[%WINDOWS%]\liqad.exe
[%WINDOWS%]\liqui.dll
[%WINDOWS%]\liqui.exe
[%WINDOWS%]\pbsysie.dll
[%WINDOWS%]\settn.dll
[%WINDOWS%]\wbeCheck.exe
[%WINDOWS%]\xadbrk.dll
[%WINDOWS%]\xadbrk.exe
[%SYSTEM%]\fhfmm.dll
[%WINDOWS%]\exrem.ini
[%WINDOWS%]\kkcomp.old
[%WINDOWS%]\kkcomp.tmp
[%WINDOWS%]\kvnab.ini
[%WINDOWS%]\kvnab.old
[%WINDOWS%]\kvnab.tmp
[%WINDOWS%]\liqad$.exe
[%WINDOWS%]\liqad.ini
[%WINDOWS%]\liqad.old
[%WINDOWS%]\liqad.tmp
[%WINDOWS%]\liqui.txt
[%WINDOWS%]\liqui1.tmp
[%WINDOWS%]\liqui2.tmp
[%WINDOWS%]\liqui3.tmp
[%WINDOWS%]\ltosie.old
[%WINDOWS%]\odidbu.in
[%WINDOWS%]\odidbu.ini
[%WINDOWS%]\plotpp.tmp
[%WINDOWS%]\system\fhfmm.dll
[%WINDOWS%]\wbecheck.exe
[%WINDOWS%]\wbecheck.old
[%WINDOWS%]\wbecheck.tmp
[%WINDOWS%]\xabrk.dll
[%WINDOWS%]\xadbrk1.tmp
[%WINDOWS%]\xadbrk2.tmp
[%WINDOWS%]\xadbrk3.tmp
[%WINDOWS%]\cbinst$.exe
[%WINDOWS%]\hcwprn.exe
[%WINDOWS%]\kkcomp.dll
[%WINDOWS%]\kkcomp.exe
[%WINDOWS%]\kvnab$.exe
[%WINDOWS%]\kvnab.dll
[%WINDOWS%]\kvnab.exe
[%WINDOWS%]\liqad.dll
[%WINDOWS%]\liqad.exe
[%WINDOWS%]\liqui.dll
[%WINDOWS%]\liqui.exe
[%WINDOWS%]\pbsysie.dll
[%WINDOWS%]\settn.dll
[%WINDOWS%]\wbeCheck.exe
[%WINDOWS%]\xadbrk.dll
[%WINDOWS%]\xadbrk.exe
[%SYSTEM%]\fhfmm.dll
[%WINDOWS%]\exrem.ini
[%WINDOWS%]\kkcomp.old
[%WINDOWS%]\kkcomp.tmp
[%WINDOWS%]\kvnab.ini
[%WINDOWS%]\kvnab.old
[%WINDOWS%]\kvnab.tmp
[%WINDOWS%]\liqad$.exe
[%WINDOWS%]\liqad.ini
[%WINDOWS%]\liqad.old
[%WINDOWS%]\liqad.tmp
[%WINDOWS%]\liqui.txt
[%WINDOWS%]\liqui1.tmp
[%WINDOWS%]\liqui2.tmp
[%WINDOWS%]\liqui3.tmp
[%WINDOWS%]\ltosie.old
[%WINDOWS%]\odidbu.in
[%WINDOWS%]\odidbu.ini
[%WINDOWS%]\plotpp.tmp
[%WINDOWS%]\system\fhfmm.dll
[%WINDOWS%]\wbecheck.exe
[%WINDOWS%]\wbecheck.old
[%WINDOWS%]\wbecheck.tmp
[%WINDOWS%]\xabrk.dll
[%WINDOWS%]\xadbrk1.tmp
[%WINDOWS%]\xadbrk2.tmp
[%WINDOWS%]\xadbrk3.tmp

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}
HKEY_CLASSES_ROOT\clsid\{00000012-890e-4aac-afd9-eff6954a34dd}
HKEY_CURRENT_USER\software\opendata
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}
HKEY_CURRENT_USER\software\adbreak
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\search
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce

Removing ADBreak:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SinCity Adware Removal
Pigeon.EZR Trojan Cleaner
Julia Trojan Information

Posted by at No comments:

CashSaver Adware

Removing CashSaver
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\cashsaverupdate.exe
[%SYSTEM%]\cashsaverupdate.exe

How to detect CashSaver:

Files:
[%SYSTEM%]\cashsaverupdate.exe
[%SYSTEM%]\cashsaverupdate.exe

Removing CashSaver:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bancos.HTL Trojan Symptoms

Posted by at No comments:
Subscribe to: Posts (Atom)