Friday, January 23, 2009

Infotel.srl Adware

Removing Infotel.srl
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

How to detect Infotel.srl:

Registry Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FFFF0003-0001-101A-A3C9-08002B2F49FB}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{ffff0003-0001-101a-a3c9-08002b2f49fb}

Removing Infotel.srl:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.EWV Trojan Cleaner
Bat.!Vir Trojan Symptoms
Remove DAC.MP3.Mini.How.To Trojan
Pigeon.EWC Trojan Removal
Noknok.50!Setup Backdoor Removal

Posted by at No comments:

MySpaceBar.IE Hijacker

Removing MySpaceBar.IE
Categories: Hijacker,Toolbar
Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

How to detect MySpaceBar.IE:

Folders:
[%PROGRAMS%]\MySpaceBar

Registry Keys:
HKEY_CURRENT_USER\software\classes\clsid\{0e8f5593-5671-41d7-9851-3f58b8d9beb6}
HKEY_CURRENT_USER\software\classes\clsid\{547b894f-4c24-41c3-aa33-66869e00389f}
HKEY_CURRENT_USER\software\classes\myspacebar.myhtmlevents
HKEY_CURRENT_USER\software\classes\myspacebar.myspacebar
HKEY_CURRENT_USER\software\myspacebar

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing MySpaceBar.IE:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove KeyKap Trojan

Posted by at No comments:

SecureServicePk Adware

Removing SecureServicePk
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\SecureServicePack5.dll
[%SYSTEM%]\SecureServicePack5.dll

How to detect SecureServicePk:

Files:
[%SYSTEM%]\SecureServicePack5.dll
[%SYSTEM%]\SecureServicePack5.dll

Folders:
[%PROGRAM_FILES%]\SecureServicePack5

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{dfeff09f-785e-4191-8e5d-a7650a1c4f9a}
HKEY_CLASSES_ROOT\interface\{b5918c1e-b0cd-4123-a0cb-cfe9703a265b}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\explorer bars\{dfeff09f-785e-4191-8e5d-a7650a1c4f9a}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{dfeff09f-785e-4191-8e5d-a7650a1c4f9a}
HKEY_CLASSES_ROOT\clsid\{fe6a3e85-0f6c-49ad-8843-68ff44e7eea9}
HKEY_CLASSES_ROOT\clsid\{fe6a3e85-0f6c-49ad-8843-68ff44e7eeaa}
HKEY_CLASSES_ROOT\clsid\{fe6a3e85-0f6c-49ad-8843-68ff44e7eeab}
HKEY_CLASSES_ROOT\clsid\{fe6a3e85-0f6c-49ad-8843-68ff44e7eeac}
HKEY_CLASSES_ROOT\clsid\{ff167dc2-4ac2-4bcf-bfca-2829c243cf30}
HKEY_CLASSES_ROOT\secureservicepack1.bho
HKEY_CLASSES_ROOT\secureservicepack1.bho.1
HKEY_CLASSES_ROOT\secureservicepack2.bho
HKEY_CLASSES_ROOT\secureservicepack2.bho.1
HKEY_CLASSES_ROOT\secureservicepack3.bho
HKEY_CLASSES_ROOT\secureservicepack3.bho.1
HKEY_CLASSES_ROOT\secureservicepack4.bho
HKEY_CLASSES_ROOT\secureservicepack4.bho.1
HKEY_CLASSES_ROOT\secureservicepack5.bho
HKEY_CLASSES_ROOT\secureservicepack5.bho.1
HKEY_CLASSES_ROOT\typelib\{90bb6171-83d8-43de-94d4-6c0078dd7896}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ff167dc2-4ac2-4bcf-bfca-2829c243cf30}

Removing SecureServicePk:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.AVPY Trojan Cleaner
Removing Pigeon.ELR Trojan
Pigeon.APR Trojan Symptoms

Posted by at No comments:

Duole8 Adware

Removing Duole8
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\mskey16.dll
[%SYSTEM%]\mskey16.dll

How to detect Duole8:

Files:
[%SYSTEM%]\mskey16.dll
[%SYSTEM%]\mskey16.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{be442802-3911-46e0-b227-076b15a4ead3}
HKEY_CLASSES_ROOT\interface\{b2fe3737-313d-4c3d-abd3-59f519c0cda6}
HKEY_CLASSES_ROOT\shdocvw2.shdocvwhlp
HKEY_CLASSES_ROOT\typelib\{af5ff4b8-bfce-47ce-ad2b-cb91ed9fddfa}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{be442802-3911-46e0-b227-076b15a4ead3}

Removing Duole8:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Allsum.5bk Trojan

Posted by at No comments:

Sheldor Adware

Removing Sheldor
Categories: Adware,Backdoor
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\windll.ini
[%SYSTEM%]\hndldt.ini
[%SYSTEM%]\winhndl.ini
[%WINDOWS%]\system\shellexpl.exe
[%SYSTEM%]\windll.ini
[%SYSTEM%]\hndldt.ini
[%SYSTEM%]\winhndl.ini
[%WINDOWS%]\system\shellexpl.exe

How to detect Sheldor:

Files:
[%SYSTEM%]\windll.ini
[%SYSTEM%]\hndldt.ini
[%SYSTEM%]\winhndl.ini
[%WINDOWS%]\system\shellexpl.exe
[%SYSTEM%]\windll.ini
[%SYSTEM%]\hndldt.ini
[%SYSTEM%]\winhndl.ini
[%WINDOWS%]\system\shellexpl.exe

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Sheldor:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing PSW.Temporizador Trojan

Posted by at No comments:

Downloader.BBL.gen Downloader

Removing Downloader.BBL.gen
Categories: Downloader
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
Downloader.BBL.gen Also known as:

[McAfee]Downloader-BBL.gen;
[Other]Win32/Vxidl.EX
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\kernels32.exe
[%SYSTEM%]\kernels32.exe

How to detect Downloader.BBL.gen:

Files:
[%SYSTEM%]\kernels32.exe
[%SYSTEM%]\kernels32.exe

Removing Downloader.BBL.gen:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remote.Task.Manager RAT Information

Posted by at No comments:

Vxidl.AVC Trojan

Removing Vxidl.AVC
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\bobsaver.exe
[%WINDOWS%]\bobsaver.scr
[%WINDOWS%]\bobsaver.exe
[%WINDOWS%]\bobsaver.scr

How to detect Vxidl.AVC:

Files:
[%WINDOWS%]\bobsaver.exe
[%WINDOWS%]\bobsaver.scr
[%WINDOWS%]\bobsaver.exe
[%WINDOWS%]\bobsaver.scr

Registry Keys:
HKEY_LOCAL_MACHINE\software\classes\interface\{665abe65-2c16-4341-b4b8-01ff799e8f4c}

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser

Removing Vxidl.AVC:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.AOJ Trojan Information
Pigeon.AVEP Trojan Information
Adultlinks.Quickbar Hijacker Information
Crawen Trojan Removal
Remove Declten Trojan

Posted by at No comments:

Edipole Adware

Removing Edipole
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\sitexxx.lnk
[%FAVORITES%]\Links\sitexxx.lnk
[%STARTMENU%]\sitexxx.lnk
[%DESKTOP%]\sitexxx.lnk
[%FAVORITES%]\Links\sitexxx.lnk
[%STARTMENU%]\sitexxx.lnk

How to detect Edipole:

Files:
[%DESKTOP%]\sitexxx.lnk
[%FAVORITES%]\Links\sitexxx.lnk
[%STARTMENU%]\sitexxx.lnk
[%DESKTOP%]\sitexxx.lnk
[%FAVORITES%]\Links\sitexxx.lnk
[%STARTMENU%]\sitexxx.lnk

Folders:
[%PROGRAM_FILES%]\sitexxx

Removing Edipole:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Small.gs Trojan Information
The.Revenge.Pack Backdoor Symptoms
VeryCD Toolbar Removal

Posted by at No comments:

Bancos.IBC Trojan

Removing Bancos.IBC
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Bancos.IBC Also known as:

[Other]Win32/Bancos.IBC
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\ntmcsvc.dll
[%SYSTEM%]\photowin.dll
[%SYSTEM%]\xvid.ini
[%SYSTEM%]\ntmcsvc.dll
[%SYSTEM%]\photowin.dll
[%SYSTEM%]\xvid.ini

How to detect Bancos.IBC:

Files:
[%SYSTEM%]\ntmcsvc.dll
[%SYSTEM%]\photowin.dll
[%SYSTEM%]\xvid.ini
[%SYSTEM%]\ntmcsvc.dll
[%SYSTEM%]\photowin.dll
[%SYSTEM%]\xvid.ini

Removing Bancos.IBC:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Unreal Trojan Removal instruction
Removing Win16.HookDump Trojan
PSW.Lmir.ee Trojan Removal
Remove Cure.rus Trojan
SillyDl.CTY Trojan Symptoms

Posted by at No comments:

Surfairy Adware

Removing Surfairy
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

How to detect Surfairy:

Registry Keys:
HKEY_CURRENT_USER\software\surfairy

Removing Surfairy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bancos.HGU Trojan Cleaner

Posted by at No comments:

One.Half Trojan

Removing One.Half
Categories: Trojan,Backdoor,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.
One.Half Also known as:

[Kaspersky]OneHalf,OneHalf.3544.a,OneHalf.3544.b,OneHalf.3544.k,OneHalf.3544.l,OneHalf.3577,OneHalf.3579,OneHalf.3434,OneHalf.3474,OneHalf.3486,OneHalf.3518,OneHalf.3570,OneHalf.3591,OneHalf.3696.a;
[Panda]One Half.3544,One.3544,One_Half.3577,One_Half.3579,Cri-Cri.4616,OneHalf.3486.boot,One Half.3570,One_Half.3666.Mbr;
[Computer Associates]One Half,SatanBug.Family,One_Half.3482

How to detect One.Half:

Registry Keys:
HKEY_CLASSES_ROOT\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F}
HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}
HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}
HKEY_LOCAL_MACHINE\software\classes\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}
HKEY_LOCAL_MACHINE\software\classes\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}

Removing One.Half:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Omnilnet Hacker Tool Symptoms
HLL.sub Trojan Cleaner
Mitglieder.Q Trojan Cleaner
Pigeon.EMX Trojan Cleaner

Posted by at No comments:

AdServerNow Adware

Removing AdServerNow
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\adservernow.exe
[%SYSTEM%]\adservernow.exe

How to detect AdServerNow:

Files:
[%SYSTEM%]\adservernow.exe
[%SYSTEM%]\adservernow.exe

Registry Keys:
HKEY_LOCAL_MACHINE\software\adservernow
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{595acdcc-d4f4-43a4-8155-dd7eb1ca5dc0}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\adservernow

Removing AdServerNow:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Chopenoz.BM4 Trojan Removal
Removing Bancos.FWS Trojan
Remove Optix.Pro Trojan

Posted by at No comments:

VCL.Dome Trojan

Removing VCL.Dome
Categories: Trojan,Backdoor,Downloader,DoS
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.
VCL.Dome Also known as:

[Kaspersky]SatanBrain.606,VCL.Jam.458,VCL.Olympic.1442,VCL_MUT-based.Parasitic,VCL-based.trojan;
[Panda]Univ,VCLb.Azrael;
[Computer Associates]VCL.1442,VCL.606.C,VCL.660.A,VCL.O.458,VCL.O.470

How to detect VCL.Dome:

Folders:
[%PROGRAM_FILES%]\webdialer

Removing VCL.Dome:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Cerfobs Trojan Removal instruction
Remove Vxidl.ASB Trojan
Remove Silencer Trojan
AquaVoxFreeze DoS Removal instruction

Posted by at No comments:

Spy.Recon Ransomware

Removing Spy.Recon
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.

If the victim opens/executes the attachment, the program encrypts
a number of files on the victim's computer. A ransom note is then left behind for the victim.

The victim will be unable to open the encrypted files without the correct decryption key.
Once the ransom demanded in the ransom note is paid, the cracker may (or may not)
send the decryption key, enabling decryption of the "kidnapped" files.

How to detect Spy.Recon:

Folders:
[%PROGRAM_FILES%]\sprcon

Registry Keys:
HKEY_LOCAL_MACHINE\software\spcrcn

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Spy.Recon:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Hagcite Trojan Cleaner
Pigeon.EIR Trojan Cleaner

Posted by at No comments:

QaBar BHO

Removing QaBar
Categories: BHO
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.

How to detect QaBar:

Registry Keys:
HKEY_LOCAL_MACHINE\software\classes\interface\{6d7d135e-f7c2-4a27-a87c-c0dfeb3a628f}
HKEY_LOCAL_MACHINE\software\classes\typelib\{d02ee3a0-1881-419f-a5ed-737223463292}

Removing QaBar:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Bat.Futility Trojan

Posted by at No comments:

ICQ.PWS Trojan

Removing ICQ.PWS
Categories: Trojan,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.
ICQ.PWS Also known as:

[Kaspersky]Trojan.PSW.Coced.226,Trojan.PSW.Coced.227.a,Trojan-PSW.Win32.Coced.226,Trojan-PSW.Win32.Coced.227.a,Trojan.PSW.Coced.231,Trojan-PSW.Win32.Coced.231,Trojan.PSW.Coced.231.b,Trojan.PSW.Coced.233,Trojan.PSW.Coced.234,Trojan.PSW.Icup,Trojan.PSW.Coced.230,Trojan.PSW.Coced.229.b,Trojan.PSW.GOPtrojan.12;
[Eset]Naebi.2_26 trojan,Naebi.227.A trojan,Naebi.2_31.A trojan,Naebi.2_31.B trojan,Naebi.2_33 trojan,Naebi.2_34 trojan,Win32/PSW.Coced.234 trojan,Naebi.2_30 trojan,Naebi.2_29 trojan;
[McAfee]ICQ-PWS,PWS.gen,PWS-CP,PWS-CE;
[F-Prot]Trojan.Coced.227,W32/Trojan.Coced.226,Trojan.Coced.231,W32/Trojan.Coced.231,security risk or a "backdoor" program,destructive program;
[Panda]Trj/Coced.227,Trj/Coced.231,Trj/Coced.232,Trj/Coced.234,Trj/PSW.Coced.234,Trj/PSW.Coced233,Trj/PSW.Icup,Trj/Coced.230,Trj/PSW.Coced.229.b,Trj/PSW.Gop.12,Trojan Horse;
[Computer Associates]Win32.PSW.Coced.227,Win32/Coced.2.2.6!PWS!Trojan,Win32/Coced.227.ASPask!PWS!Troja,Win32.PSW.Coced.231,Win32/Coced.231!PWS!Trojan,Win32/Coced.231.ASPask!PWS!Troja,Win32.PSW.Coced.2321,Win32/Coced!PWS!Trojan,Win32.PSW.Coced.2342,Win32/Coced.233!PWS!Trojan,Win95/Coce2225!Dropper,Win32/Icup!PWS!Trojan,Win32.PSW.Coced.230,Win32/Coced.230!PWS!Trojan,Win32/Coced.230.ASPask!PWS!Troja,Win32/Coced.229.B!PWS!Trojan,Win32.PSW.OICQ2001,Win32/MultiDropper.AF-0!Dropper,Win32/OICQ2001!PWS!Trojan

How to detect ICQ.PWS:

Registry Values:
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\easymail pop3 object
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\easymail pop3 object

Removing ICQ.PWS:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove QZap12 Trojan

Posted by at No comments:

Rbot.EGV Trojan

Removing Rbot.EGV
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Rbot.EGV Also known as:

[Kaspersky]Backdoor.Win32.Rbot.akq;
[F-Prot]W32/Spybot.OBT;
[Other]W32/Rbot.EGV,W32/Rbot-BCD
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\recyclecl.exe
[%SYSTEM%]\aspr_keys.ini
[%SYSTEM%]\recyclecl.exe
[%SYSTEM%]\aspr_keys.ini

How to detect Rbot.EGV:

Files:
[%SYSTEM%]\recyclecl.exe
[%SYSTEM%]\aspr_keys.ini
[%SYSTEM%]\recyclecl.exe
[%SYSTEM%]\aspr_keys.ini

Registry Values:
HKEY_CURRENT_USER\software\microsoft\ole
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices
HKEY_CURRENT_USER\system\currentcontrolset\control\lsa
HKEY_LOCAL_MACHINE\software\microsoft\ole
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

Removing Rbot.EGV:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Phillippines Trojan Symptoms
SillyDL.COP Trojan Information
Ehg.aha.hitbox Tracking Cookie Information
Remove Kenny Backdoor

Posted by at No comments:

Applets Trojan

Removing Applets
Categories: Trojan,Backdoor
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Applets Also known as:

[Kaspersky]Backdoor.NetTerrorist;
[Eset]Win32/NetTerrorist trojan;
[McAfee]BackDoor-LI;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/NetTerrorist;
[Computer Associates]Backdoor/NetTerrorist!Client
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\RarSFX0\pwdump2\getpid.c
[%PROFILE_TEMP%]\RarSFX1\pwdump2\getpid.c
[%PROFILE_TEMP%]\RarSFX2\pwdump2\getpid.c
[%PROFILE_TEMP%]\RarSFX0\pwdump2\getpid.c
[%PROFILE_TEMP%]\RarSFX1\pwdump2\getpid.c
[%PROFILE_TEMP%]\RarSFX2\pwdump2\getpid.c

How to detect Applets:

Files:
[%PROFILE_TEMP%]\RarSFX0\pwdump2\getpid.c
[%PROFILE_TEMP%]\RarSFX1\pwdump2\getpid.c
[%PROFILE_TEMP%]\RarSFX2\pwdump2\getpid.c
[%PROFILE_TEMP%]\RarSFX0\pwdump2\getpid.c
[%PROFILE_TEMP%]\RarSFX1\pwdump2\getpid.c
[%PROFILE_TEMP%]\RarSFX2\pwdump2\getpid.c

Removing Applets:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
The.mstream.distributed.denial.of.service.attack.tool DoS Information
Removing Win32.Swizzor.fg Trojan
Removing Malware Toolbar Toolbar

Posted by at No comments:

Romelp Trojan

Removing Romelp
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Romelp Also known as:

[Kaspersky]Trojan-PSW.Win32.WOW.pq;
[Other]Win32/Romelp.E
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\Tmp2.tmp.rom
[%PROFILE_TEMP%]\~Tm1.tmp.rom
[%PROFILE_TEMP%]\Tmp2.tmp.rom
[%PROFILE_TEMP%]\~Tm1.tmp.rom

How to detect Romelp:

Files:
[%PROFILE_TEMP%]\Tmp2.tmp.rom
[%PROFILE_TEMP%]\~Tm1.tmp.rom
[%PROFILE_TEMP%]\Tmp2.tmp.rom
[%PROFILE_TEMP%]\~Tm1.tmp.rom

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Romelp:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
RealMedia.com Tracking Cookie Cleaner

Posted by at No comments:

Rotcev Trojan

Removing Rotcev
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\adodbc.exe
[%SYSTEM%]\adodbc.exe

How to detect Rotcev:

Files:
[%SYSTEM%]\adodbc.exe
[%SYSTEM%]\adodbc.exe

Removing Rotcev:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing TrojanDownloader.Win32.Cmjdown Trojan

Posted by at No comments:

Frethog Trojan

Removing Frethog
Categories: Trojan,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.
Frethog Also known as:

[Kaspersky]Trojan-PSW.Win32.Agent.iu,Trojan-PWS.Win32.Agent.iu,Trojan-PSW.Win32.OnLineGames.bs,Trojan-PSW.Win32.OnLineGame.bs,Trojan-PSW.Win32.OnLineGames.es,Trojan-PSW.Win32.OnLineGames.gs,Trojan-PWS.Win32.WOW.qf,Trojan-PSW.Win32.OnLineGame.gs,Trojan-PSW.Win32.WOW.qr,Trojan-PSW.Win32.OnLineGames.qp,Trojan-PSW.Win32.OnLineGames.tz,Trojan-PSW.Win32.OnLineGames.uf,Trojan-PSW.Win32.OnLineGames.mp,Trojan.Win32.Qhost.Ip,Trojan-PSW.Win32.OnLineGames.tk,Trojan-PSW.Win32.Nilage.bju,Trojan-Downloader.Win32.Agent.bna,Trojan-PSW.Win32.OnLinesGames.es,Trojan-PSW.Win32.OnLineGames.te,Trojan-PSW.Win32.WOW.qo,Trojan-PSW.WIn32.OnLineGames.xg,Trojan-PSW.Win32.OnLineGames.sc,Trojan-PSW.Win32.OnLineGames.sy,Trojan-PSW.Win32.OnLineGames.ry,Trojan-PSW.Win32.OnLineGames.ox,Trojan-PSW.Win32.OnlineGames.wz,Trojan-PSW.Win32.OnLineGames.tl,Trojan-PSW.Win32.OnLineGames.yn,Trojan-PSW.Win32.Small.cf,Worm.Win32.Agent.aj,Trojan-PSW.Win32.OnLineGames.kw,Trojan-PWS.OnLineGames.aci,Trojan-Downloader.Win32.Agent.bek,Trojan-Downloader.Win32.Agent.dey,Trojan-PSW.Win32.OnLineGames.edt,Trojan-PSW.Win32.Nilage.bty;
[McAfee]PWS-Legmir.dll,PWS-Lineage,New Malware.w,PWS-LegMir.gen.b,PWS-WoW,PWS-Mmorpg.gen,PWS-LegMir,New malware.aj,Generic.PWS;
[F-Prot]W32/PWStealer.AIN,W32/PWStealer,W32/PWStealer.gen1,W32/PWStealer.JBY,W32/PWStealer.GQS,W32/PWStealer.JTI,W32/PWStealer2!Generic;
[Other]Win32/Frethog,win32/Frethog.B,Infostealer,Infostealer.Menghuan,TSPY_AGENT.FUY,Win32/Frethog.H,W32/OnLineGames.FX,Infostealer.Gampass,Win32/Frethog.BT,Win32/Frethog.BH,Win32/Frethog.BI,Win32/Frethog.BD,Win32/Frethog.AX,Win32/Frethog.BU,Infostealer.Perfwo,W32/Blackhole.LN,Mal/Packer,Win32/Frethog.AG,Win32/Frethog.BF,Win32/Frethog.DB,Win32/Frethog.DC,Win32/Frethog.DU,Win32/Frethog.IJ,Win32/Frethog.IG,Win32/Frethog.IM,Win32/Frethog.IO,Win32/Frethog.JG,Win32/Frethog!generic,Win32/Frethog.KQ,Win32/Frethog.KR,Win32/Frethog.KS,Win32/Frethog.KT,Win32/Frethog.KU,Win32/Frethog.KV,Win32/Frethog.JU,Win32/Frethog.OB,Win32/Frethog.OX,Win32/Frethog.ND,VirTool:Win32/Obfuscator.A,OnlineGames.dam,TSPY_ONLINEG.BLG,Trojan.Win32.NSAnti.b,PWS:Win32/Frethog.E,W32/OnLineGames.DDZ,TSPY_ONLINEG.BIF,Troja/PSW-Gen,Trojan-PWS.7BE35CC9,Win32/Frethog.QR,PWS:Win32/Frethog.C,W32/Horst.gen31,Win32/Frethog.QO,TSPY_ONLINEG.AXS,Win32/Frethog.QV,W32/OnLineGames.GJP,Win32/Frethog.SL,Win32/Frethog.SG,Win32/Frethog.SF,Win32/Frethog.SE,Win32/Frethog.SD,Win32/Frethog.SC,Win32/Frethog.SI,Win32/Frethog.SR,Virus:Win32/Detnat.F,W32/Viking.gen4,TROJ_Generic,Mal/EncPk-F,INfostealer.Gampass,Win32/Frethog.TI,Win32/Frethog.TH,Win32/Frethog.SS,Trojan.Packed.NsAnti,Mal/EncPk-I,Infostealer.Wowcraft,Infostealer.Gamepass,Win32/Frethog.UF,Win32/Frethog.UG,Win32/Frethog.UH,Win32/Frethog.VB,PWS:Win32/Frethog.D,W32/Suspicious_U.gen.dropper,TPSY_LEGMIR.AWY,TSPY_FRETHOG.PU,Win32/Frethog WT,Win32/Frethog.WS,Win32/Frethog.XD,Win32/Frethog.WR,PWS:Win32/Frethog.F,PWS:Win32/Frethog.gen!E,TSPY_ONLINEG.HVZ,Mal/Gampass-A,W32/Hupigon.gen67,W32/Lineage.AXZP,TSPY_NILAGE.PY
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\woso.exe
[%PROFILE_TEMP%]\woso0.dll
[%PROFILE_TEMP%]\ztso.exe
[%PROFILE_TEMP%]\ztso0.dll
[%SYSTEM%]\dllhost32.exe
[%SYSTEM%]\mppds.dll
[%SYSTEM%]\NVDispDrv.dll
[%WINDOWS%]\mppds.exe
[%WINDOWS%]\NVDispDrv.exe
[%PROFILE%]\Temp\zts0.dll
[%PROFILE_TEMP%]\mhs0.dll
[%PROFILE_TEMP%]\mhs2.dll
[%PROFILE_TEMP%]\mhs2.exe
[%PROFILE_TEMP%]\mhso.exe
[%PROFILE_TEMP%]\mhso0.dll
[%PROFILE_TEMP%]\RavMonD.exe
[%PROFILE_TEMP%]\wgso.exe
[%PROFILE_TEMP%]\wgso0.dll
[%PROFILE_TEMP%]\wlzs.dll
[%PROFILE_TEMP%]\wlzs.exe
[%PROFILE_TEMP%]\zts2.dll
[%PROFILE_TEMP%]\zts2.exe
[%PROGRAM_FILES%]\Internet Explorer\RAVDHMON.DAT
[%PROGRAM_FILES%]\Internet Explorer\RAVDHMON.exe
[%PROGRAM_FILES%]\Internet Explorer\RAVTLMON.DAT
[%PROGRAM_FILES%]\Internet Explorer\RAVTLMON.exe
[%SYSTEM%]\cmdbcs.dll
[%SYSTEM%]\dh2103.dll
[%SYSTEM%]\DiskMan32.dll
[%SYSTEM%]\Kvsc3.dll
[%SYSTEM%]\mh104.dll
[%SYSTEM%]\MOSOU.dll
[%SYSTEM%]\mosou.exe
[%SYSTEM%]\nmhxy.dll
[%SYSTEM%]\nmhxy.exe
[%SYSTEM%]\nwizdh.exe
[%SYSTEM%]\nwiztlbb.dll
[%SYSTEM%]\nwiztlbu.exe
[%SYSTEM%]\nwizwmgjs.dll
[%SYSTEM%]\nwizwmgjs.exe
[%SYSTEM%]\nwizzhuxians.dll
[%SYSTEM%]\nwizzhuxians.exe
[%SYSTEM%]\RAV00AE.DAT
[%SYSTEM%]\RAV00AE.exe
[%SYSTEM%]\RAVMY623.dll
[%SYSTEM%]\upxdnd.dll
[%SYSTEM%]\vbsdaas2.exe
[%SYSTEM%]\WSVBRS.dll
[%SYSTEM%]\wsvbs.dll
[%SYSTEM%]\wsvbs.exe
[%SYSTEM%]\xk1s0.dll
[%WINDOWS%]\cmdbcs.exe
[%WINDOWS%]\DiskMan32.exe
[%WINDOWS%]\Kvsc3.exe
[%WINDOWS%]\mhs3.exe
[%WINDOWS%]\upxdnd.exe
[%WINDOWS%]\wsvbs.exe
[%WINDOWS%]\zts3.exe
[%PROFILE_TEMP%]\woso.exe
[%PROFILE_TEMP%]\woso0.dll
[%PROFILE_TEMP%]\ztso.exe
[%PROFILE_TEMP%]\ztso0.dll
[%SYSTEM%]\dllhost32.exe
[%SYSTEM%]\mppds.dll
[%SYSTEM%]\NVDispDrv.dll
[%WINDOWS%]\mppds.exe
[%WINDOWS%]\NVDispDrv.exe
[%PROFILE%]\Temp\zts0.dll
[%PROFILE_TEMP%]\mhs0.dll
[%PROFILE_TEMP%]\mhs2.dll
[%PROFILE_TEMP%]\mhs2.exe
[%PROFILE_TEMP%]\mhso.exe
[%PROFILE_TEMP%]\mhso0.dll
[%PROFILE_TEMP%]\RavMonD.exe
[%PROFILE_TEMP%]\wgso.exe
[%PROFILE_TEMP%]\wgso0.dll
[%PROFILE_TEMP%]\wlzs.dll
[%PROFILE_TEMP%]\wlzs.exe
[%PROFILE_TEMP%]\zts2.dll
[%PROFILE_TEMP%]\zts2.exe
[%PROGRAM_FILES%]\Internet Explorer\RAVDHMON.DAT
[%PROGRAM_FILES%]\Internet Explorer\RAVDHMON.exe
[%PROGRAM_FILES%]\Internet Explorer\RAVTLMON.DAT
[%PROGRAM_FILES%]\Internet Explorer\RAVTLMON.exe
[%SYSTEM%]\cmdbcs.dll
[%SYSTEM%]\dh2103.dll
[%SYSTEM%]\DiskMan32.dll
[%SYSTEM%]\Kvsc3.dll
[%SYSTEM%]\mh104.dll
[%SYSTEM%]\MOSOU.dll
[%SYSTEM%]\mosou.exe
[%SYSTEM%]\nmhxy.dll
[%SYSTEM%]\nmhxy.exe
[%SYSTEM%]\nwizdh.exe
[%SYSTEM%]\nwiztlbb.dll
[%SYSTEM%]\nwiztlbu.exe
[%SYSTEM%]\nwizwmgjs.dll
[%SYSTEM%]\nwizwmgjs.exe
[%SYSTEM%]\nwizzhuxians.dll
[%SYSTEM%]\nwizzhuxians.exe
[%SYSTEM%]\RAV00AE.DAT
[%SYSTEM%]\RAV00AE.exe
[%SYSTEM%]\RAVMY623.dll
[%SYSTEM%]\upxdnd.dll
[%SYSTEM%]\vbsdaas2.exe
[%SYSTEM%]\WSVBRS.dll
[%SYSTEM%]\wsvbs.dll
[%SYSTEM%]\wsvbs.exe
[%SYSTEM%]\xk1s0.dll
[%WINDOWS%]\cmdbcs.exe
[%WINDOWS%]\DiskMan32.exe
[%WINDOWS%]\Kvsc3.exe
[%WINDOWS%]\mhs3.exe
[%WINDOWS%]\upxdnd.exe
[%WINDOWS%]\wsvbs.exe
[%WINDOWS%]\zts3.exe

How to detect Frethog:

Files:
[%PROFILE_TEMP%]\woso.exe
[%PROFILE_TEMP%]\woso0.dll
[%PROFILE_TEMP%]\ztso.exe
[%PROFILE_TEMP%]\ztso0.dll
[%SYSTEM%]\dllhost32.exe
[%SYSTEM%]\mppds.dll
[%SYSTEM%]\NVDispDrv.dll
[%WINDOWS%]\mppds.exe
[%WINDOWS%]\NVDispDrv.exe
[%PROFILE%]\Temp\zts0.dll
[%PROFILE_TEMP%]\mhs0.dll
[%PROFILE_TEMP%]\mhs2.dll
[%PROFILE_TEMP%]\mhs2.exe
[%PROFILE_TEMP%]\mhso.exe
[%PROFILE_TEMP%]\mhso0.dll
[%PROFILE_TEMP%]\RavMonD.exe
[%PROFILE_TEMP%]\wgso.exe
[%PROFILE_TEMP%]\wgso0.dll
[%PROFILE_TEMP%]\wlzs.dll
[%PROFILE_TEMP%]\wlzs.exe
[%PROFILE_TEMP%]\zts2.dll
[%PROFILE_TEMP%]\zts2.exe
[%PROGRAM_FILES%]\Internet Explorer\RAVDHMON.DAT
[%PROGRAM_FILES%]\Internet Explorer\RAVDHMON.exe
[%PROGRAM_FILES%]\Internet Explorer\RAVTLMON.DAT
[%PROGRAM_FILES%]\Internet Explorer\RAVTLMON.exe
[%SYSTEM%]\cmdbcs.dll
[%SYSTEM%]\dh2103.dll
[%SYSTEM%]\DiskMan32.dll
[%SYSTEM%]\Kvsc3.dll
[%SYSTEM%]\mh104.dll
[%SYSTEM%]\MOSOU.dll
[%SYSTEM%]\mosou.exe
[%SYSTEM%]\nmhxy.dll
[%SYSTEM%]\nmhxy.exe
[%SYSTEM%]\nwizdh.exe
[%SYSTEM%]\nwiztlbb.dll
[%SYSTEM%]\nwiztlbu.exe
[%SYSTEM%]\nwizwmgjs.dll
[%SYSTEM%]\nwizwmgjs.exe
[%SYSTEM%]\nwizzhuxians.dll
[%SYSTEM%]\nwizzhuxians.exe
[%SYSTEM%]\RAV00AE.DAT
[%SYSTEM%]\RAV00AE.exe
[%SYSTEM%]\RAVMY623.dll
[%SYSTEM%]\upxdnd.dll
[%SYSTEM%]\vbsdaas2.exe
[%SYSTEM%]\WSVBRS.dll
[%SYSTEM%]\wsvbs.dll
[%SYSTEM%]\wsvbs.exe
[%SYSTEM%]\xk1s0.dll
[%WINDOWS%]\cmdbcs.exe
[%WINDOWS%]\DiskMan32.exe
[%WINDOWS%]\Kvsc3.exe
[%WINDOWS%]\mhs3.exe
[%WINDOWS%]\upxdnd.exe
[%WINDOWS%]\wsvbs.exe
[%WINDOWS%]\zts3.exe
[%PROFILE_TEMP%]\woso.exe
[%PROFILE_TEMP%]\woso0.dll
[%PROFILE_TEMP%]\ztso.exe
[%PROFILE_TEMP%]\ztso0.dll
[%SYSTEM%]\dllhost32.exe
[%SYSTEM%]\mppds.dll
[%SYSTEM%]\NVDispDrv.dll
[%WINDOWS%]\mppds.exe
[%WINDOWS%]\NVDispDrv.exe
[%PROFILE%]\Temp\zts0.dll
[%PROFILE_TEMP%]\mhs0.dll
[%PROFILE_TEMP%]\mhs2.dll
[%PROFILE_TEMP%]\mhs2.exe
[%PROFILE_TEMP%]\mhso.exe
[%PROFILE_TEMP%]\mhso0.dll
[%PROFILE_TEMP%]\RavMonD.exe
[%PROFILE_TEMP%]\wgso.exe
[%PROFILE_TEMP%]\wgso0.dll
[%PROFILE_TEMP%]\wlzs.dll
[%PROFILE_TEMP%]\wlzs.exe
[%PROFILE_TEMP%]\zts2.dll
[%PROFILE_TEMP%]\zts2.exe
[%PROGRAM_FILES%]\Internet Explorer\RAVDHMON.DAT
[%PROGRAM_FILES%]\Internet Explorer\RAVDHMON.exe
[%PROGRAM_FILES%]\Internet Explorer\RAVTLMON.DAT
[%PROGRAM_FILES%]\Internet Explorer\RAVTLMON.exe
[%SYSTEM%]\cmdbcs.dll
[%SYSTEM%]\dh2103.dll
[%SYSTEM%]\DiskMan32.dll
[%SYSTEM%]\Kvsc3.dll
[%SYSTEM%]\mh104.dll
[%SYSTEM%]\MOSOU.dll
[%SYSTEM%]\mosou.exe
[%SYSTEM%]\nmhxy.dll
[%SYSTEM%]\nmhxy.exe
[%SYSTEM%]\nwizdh.exe
[%SYSTEM%]\nwiztlbb.dll
[%SYSTEM%]\nwiztlbu.exe
[%SYSTEM%]\nwizwmgjs.dll
[%SYSTEM%]\nwizwmgjs.exe
[%SYSTEM%]\nwizzhuxians.dll
[%SYSTEM%]\nwizzhuxians.exe
[%SYSTEM%]\RAV00AE.DAT
[%SYSTEM%]\RAV00AE.exe
[%SYSTEM%]\RAVMY623.dll
[%SYSTEM%]\upxdnd.dll
[%SYSTEM%]\vbsdaas2.exe
[%SYSTEM%]\WSVBRS.dll
[%SYSTEM%]\wsvbs.dll
[%SYSTEM%]\wsvbs.exe
[%SYSTEM%]\xk1s0.dll
[%WINDOWS%]\cmdbcs.exe
[%WINDOWS%]\DiskMan32.exe
[%WINDOWS%]\Kvsc3.exe
[%WINDOWS%]\mhs3.exe
[%WINDOWS%]\upxdnd.exe
[%WINDOWS%]\wsvbs.exe
[%WINDOWS%]\zts3.exe

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5ff01121-f04d-30cf-64cd-74ff5fe1cf1c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6a202101-f04d-11cf-64cd-31ff5fe1cf20}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{77709117-a10d-41cf-64cd-51ff5fe1cf41}
HKEY_LOCAL_MACHINE\software\microsoft\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Frethog:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Stealth.Redirector Trojan
Removing Doly.Error.Fix RAT

Posted by at No comments:

Orifice2K.plugin Trojan

Removing Orifice2K.plugin
Categories: Trojan,Backdoor,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.
Orifice2K.plugin Also known as:

[Kaspersky]TrojanDropper.Win32.SilkRope.a;
[McAfee]Orifice2k.plugin,Orifice2K.plugin;
[F-Prot]W32/Bo2K.286720;
[Panda]Trj/Runner.SilkRope;
[Other]Win32/Unssell.A
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\$333$.exe
[%SYSTEM%]\drivers\$333$.sy
[%SYSTEM%]\$333$.exe
[%SYSTEM%]\drivers\$333$.sy

How to detect Orifice2K.plugin:

Files:
[%SYSTEM%]\$333$.exe
[%SYSTEM%]\drivers\$333$.sy
[%SYSTEM%]\$333$.exe
[%SYSTEM%]\drivers\$333$.sy

Removing Orifice2K.plugin:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
GoSocks Trojan Information
Sood RAT Removal instruction

Posted by at No comments:

Look2Me.ab Adware

Removing Look2Me.ab
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\ALKRNL32.DLL
[%SYSTEM%]\ALKRNL32.DLL

How to detect Look2Me.ab:

Files:
[%SYSTEM%]\ALKRNL32.DLL
[%SYSTEM%]\ALKRNL32.DLL

Removing Look2Me.ab:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
INetBar Adware Symptoms
Pigeon.AUP Trojan Cleaner

Posted by at No comments:

Huplu Trojan

Removing Huplu
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Huplu Also known as:

[Kaspersky]Backdoor.Win32.Hupigon.dfv;
[McAfee]BackDoor-AWQ.b;
[Other]Win32/Huplu.C
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES_COMMON%]\Microsoft Shared\MSInfo\realetin.exe
[%PROGRAM_FILES_COMMON%]\Microsoft Shared\MSInfo\realetin.exe

How to detect Huplu:

Files:
[%PROGRAM_FILES_COMMON%]\Microsoft Shared\MSInfo\realetin.exe
[%PROGRAM_FILES_COMMON%]\Microsoft Shared\MSInfo\realetin.exe

Registry Keys:
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_java_inetice
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\java inetice

Removing Huplu:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
WM.Nightmare Trojan Cleaner
Pigeon.EVC Trojan Cleaner

Posted by at No comments:

SillyDl.BYG Downloader

Removing SillyDl.BYG
Categories: Downloader
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
SillyDl.BYG Also known as:

[Kaspersky]Trojan-Downloader.Win32.Banload.yo;
[Other]Win32/SillyDl.BYG,Trojan.PWS.QQPass
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\systemupd.exe
[%WINDOWS%]\systemupd.exe

How to detect SillyDl.BYG:

Files:
[%WINDOWS%]\systemupd.exe
[%WINDOWS%]\systemupd.exe

Removing SillyDl.BYG:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
AdServer.News.com Tracking Cookie Removal instruction
Engage.Everyone Tracking Cookie Information
hitvirus Ransomware Information
Removing Bancos.CVD Trojan
ht Adware Cleaner

Posted by at No comments:

PAL.PCSpy Spyware

Removing PAL.PCSpy
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\pal - pc spy.lnk
[%PROGRAM_FILES%]\pcs\cpu.exe
[%PROGRAM_FILES%]\pcs\explorer.exe
[%PROGRAM_FILES%]\pcs\ieguard.dll
[%PROGRAM_FILES%]\pcs\klpf.exe
[%PROGRAM_FILES%]\pcs\pc spy - shareware license.txt
[%PROGRAM_FILES%]\pcs\readme!!!.txt
[%PROGRAM_FILES%]\pcs\thehook.dll
[%PROGRAM_FILES%]\pcs\thehookxp.dll
[%PROGRAM_FILES%]\pcs\uninstall.exe
[%PROGRAM_FILES%]\pcs\uninstall_95.bat
[%PROGRAM_FILES%]\pcs\uninstall_nt.bat
[%DESKTOP%]\pal - pc spy.lnk
[%PROGRAM_FILES%]\pcs\cpu.exe
[%PROGRAM_FILES%]\pcs\explorer.exe
[%PROGRAM_FILES%]\pcs\ieguard.dll
[%PROGRAM_FILES%]\pcs\klpf.exe
[%PROGRAM_FILES%]\pcs\pc spy - shareware license.txt
[%PROGRAM_FILES%]\pcs\readme!!!.txt
[%PROGRAM_FILES%]\pcs\thehook.dll
[%PROGRAM_FILES%]\pcs\thehookxp.dll
[%PROGRAM_FILES%]\pcs\uninstall.exe
[%PROGRAM_FILES%]\pcs\uninstall_95.bat
[%PROGRAM_FILES%]\pcs\uninstall_nt.bat

How to detect PAL.PCSpy:

Files:
[%DESKTOP%]\pal - pc spy.lnk
[%PROGRAM_FILES%]\pcs\cpu.exe
[%PROGRAM_FILES%]\pcs\explorer.exe
[%PROGRAM_FILES%]\pcs\ieguard.dll
[%PROGRAM_FILES%]\pcs\klpf.exe
[%PROGRAM_FILES%]\pcs\pc spy - shareware license.txt
[%PROGRAM_FILES%]\pcs\readme!!!.txt
[%PROGRAM_FILES%]\pcs\thehook.dll
[%PROGRAM_FILES%]\pcs\thehookxp.dll
[%PROGRAM_FILES%]\pcs\uninstall.exe
[%PROGRAM_FILES%]\pcs\uninstall_95.bat
[%PROGRAM_FILES%]\pcs\uninstall_nt.bat
[%DESKTOP%]\pal - pc spy.lnk
[%PROGRAM_FILES%]\pcs\cpu.exe
[%PROGRAM_FILES%]\pcs\explorer.exe
[%PROGRAM_FILES%]\pcs\ieguard.dll
[%PROGRAM_FILES%]\pcs\klpf.exe
[%PROGRAM_FILES%]\pcs\pc spy - shareware license.txt
[%PROGRAM_FILES%]\pcs\readme!!!.txt
[%PROGRAM_FILES%]\pcs\thehook.dll
[%PROGRAM_FILES%]\pcs\thehookxp.dll
[%PROGRAM_FILES%]\pcs\uninstall.exe
[%PROGRAM_FILES%]\pcs\uninstall_95.bat
[%PROGRAM_FILES%]\pcs\uninstall_nt.bat

Removing PAL.PCSpy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Lookup Adware
SysProtect Adware Symptoms

Posted by at No comments:

Busted Spyware

Removing Busted
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\Busted!.lnk
[%DESKTOP%]\Busted!.lnk

How to detect Busted:

Files:
[%DESKTOP%]\Busted!.lnk
[%DESKTOP%]\Busted!.lnk

Folders:
[%PROGRAMS%]\PCSentinel's Busted!

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\busted.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pcsentinel's busted!
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\sentinellistener

Removing Busted:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Bancos.BZN Trojan
Win32.StartPage.it Trojan Information
Removing Declten Trojan
Bancos.GAU Trojan Symptoms

Posted by at No comments:

ReFog.KGBSpy Spyware

Removing ReFog.KGBSpy
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Visible Symptoms:
Files in system folders:
[%PROGRAMS%]\netchatspy\netchatspy.lnk
[%PROGRAMS%]\netchatspy\netchatspyhelp.lnk
[%PROGRAMS%]\netchatspy\read me.lnk
[%PROGRAMS%]\netchatspy\netchatspy.lnk
[%PROGRAMS%]\netchatspy\netchatspyhelp.lnk
[%PROGRAMS%]\netchatspy\read me.lnk

How to detect ReFog.KGBSpy:

Files:
[%PROGRAMS%]\netchatspy\netchatspy.lnk
[%PROGRAMS%]\netchatspy\netchatspyhelp.lnk
[%PROGRAMS%]\netchatspy\read me.lnk
[%PROGRAMS%]\netchatspy\netchatspy.lnk
[%PROGRAMS%]\netchatspy\netchatspyhelp.lnk
[%PROGRAMS%]\netchatspy\read me.lnk

Folders:
[%PROGRAM_FILES%]\netchatspy

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\netchatspy

Removing ReFog.KGBSpy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
ControlTotal.k[2] Backdoor Removal
Remove Vxidl.ADM Trojan
Atmader Trojan Cleaner
Bancos.GLU Trojan Removal

Posted by at No comments:

Win32.Agent.ir Trojan

Removing Win32.Agent.ir
Categories: Trojan,Spyware,BHO
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\btlmct32.dll
[%WINDOWS%]\system\btlmct32.dll

How to detect Win32.Agent.ir:

Files:
[%WINDOWS%]\system\btlmct32.dll
[%WINDOWS%]\system\btlmct32.dll

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{626482AF-17D0-5DFC-C12D-32A58E631863}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{626482AF-17D0-5DFC-C12D-32A58E631863}

Removing Win32.Agent.ir:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Vxidl.ATZ Trojan

Posted by at No comments:
Subscribe to: Posts (Atom)