Saturday, January 24, 2009

Madjid Trojan

Removing Madjid
Categories: Trojan,Backdoor,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.
Madjid Also known as:

[Panda]Madjid.2930.mbr;
[Computer Associates]Madjid.2930
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\iadhide3.dll
[%PROFILE_TEMP%]\msview.inf
[%PROFILE_TEMP%]\setup_wm.exe
[%PROFILE_TEMP%]\px.dll
[%PROGRAM_FILES%]\BearShare\RunMSC.dll
[%PROGRAM_FILES%]\BearShare\Webstats.bat
[%PROGRAM_FILES%]\BearShare\Webstats.exe
[%PROGRAM_FILES%]\BearShare\Webstats.ini
[%PROGRAM_FILES%]\WhenUSearch\Search.exe
[%SYSTEM%]\WinDmy.dll
[%WINDOWS%]\lastgood\system32\msvcp50.dll
[%WINDOWS%]\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\setup_wm.exe
[%PROFILE_TEMP%]\iadhide3.dll
[%PROFILE_TEMP%]\msview.inf
[%PROFILE_TEMP%]\setup_wm.exe
[%PROFILE_TEMP%]\px.dll
[%PROGRAM_FILES%]\BearShare\RunMSC.dll
[%PROGRAM_FILES%]\BearShare\Webstats.bat
[%PROGRAM_FILES%]\BearShare\Webstats.exe
[%PROGRAM_FILES%]\BearShare\Webstats.ini
[%PROGRAM_FILES%]\WhenUSearch\Search.exe
[%SYSTEM%]\WinDmy.dll
[%WINDOWS%]\lastgood\system32\msvcp50.dll
[%WINDOWS%]\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\setup_wm.exe

How to detect Madjid:

Files:
[%PROFILE_TEMP%]\iadhide3.dll
[%PROFILE_TEMP%]\msview.inf
[%PROFILE_TEMP%]\setup_wm.exe
[%PROFILE_TEMP%]\px.dll
[%PROGRAM_FILES%]\BearShare\RunMSC.dll
[%PROGRAM_FILES%]\BearShare\Webstats.bat
[%PROGRAM_FILES%]\BearShare\Webstats.exe
[%PROGRAM_FILES%]\BearShare\Webstats.ini
[%PROGRAM_FILES%]\WhenUSearch\Search.exe
[%SYSTEM%]\WinDmy.dll
[%WINDOWS%]\lastgood\system32\msvcp50.dll
[%WINDOWS%]\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\setup_wm.exe
[%PROFILE_TEMP%]\iadhide3.dll
[%PROFILE_TEMP%]\msview.inf
[%PROFILE_TEMP%]\setup_wm.exe
[%PROFILE_TEMP%]\px.dll
[%PROGRAM_FILES%]\BearShare\RunMSC.dll
[%PROGRAM_FILES%]\BearShare\Webstats.bat
[%PROGRAM_FILES%]\BearShare\Webstats.exe
[%PROGRAM_FILES%]\BearShare\Webstats.ini
[%PROGRAM_FILES%]\WhenUSearch\Search.exe
[%SYSTEM%]\WinDmy.dll
[%WINDOWS%]\lastgood\system32\msvcp50.dll
[%WINDOWS%]\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\setup_wm.exe

Folders:
[%STARTMENU%]\programs\whenusearch

Registry Keys:
HKEY_CLASSES_ROOT\acm.acmfactory
HKEY_CLASSES_ROOT\acm.acmfactory.1
HKEY_CLASSES_ROOT\appid\acm.dll
HKEY_CLASSES_ROOT\appid\{127df9b4-d75d-44a6-af78-8c3a8ceb03db}
HKEY_CLASSES_ROOT\clsid\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad}
HKEY_CLASSES_ROOT\interface\{43382522-a846-46f4-ac57-1f71ae6e1086}
HKEY_CLASSES_ROOT\interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0}
HKEY_CLASSES_ROOT\interface\{72a836d1-bc00-43c0-a941-17960e4fb842}
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader.1\clsid
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\clsid
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\curver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\savenow
HKEY_LOCAL_MACHINE\software\whenu

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\whenusearch
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\whenusearch
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\whenusearch
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\whenusearch
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\whenusearch

Removing Madjid:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Nethief Trojan
Removing Win32.Defeg DoS
BAT.Prob Trojan Information

Posted by at No comments:

SillyDl.BIT Trojan

Removing SillyDl.BIT
Categories: Trojan,Downloader
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Trojans-downloaders downloads and installs new malware or adware on the computer.

SillyDl.BIT Also known as:

[Kaspersky]Trojan-Downloader.Win32.Small.ecw;
[Other]W32/Lmir.GPO,Win32/SillyDl.BIT!Trojan
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\scvhsot.exe
[%SYSTEM%]\scvhsot.exe

How to detect SillyDl.BIT:

Files:
[%SYSTEM%]\scvhsot.exe
[%SYSTEM%]\scvhsot.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing SillyDl.BIT:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Ehg.UbiSoft.Hitbox Tracking Cookie Symptoms

Posted by at No comments:

Boiling RAT

Removing Boiling
Categories: RAT
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\intranet.exe
[%WINDOWS%]\system\intranet.exe

How to detect Boiling:

Files:
[%WINDOWS%]\system\intranet.exe
[%WINDOWS%]\system\intranet.exe

Removing Boiling:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
AppsTraka Spyware Removal

Posted by at No comments:

Desktop.Snooper Spyware

Removing Desktop.Snooper
Categories: Spyware
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

How to detect Desktop.Snooper:

Folders:
[%PROGRAM_FILES%]\MTI\Desktop Snooper

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{8294d950-5630-456b-96ce-5af0028d87d2}
HKEY_CURRENT_USER\msdesksn
HKEY_CURRENT_USER\software\mti\msdesksn

Removing Desktop.Snooper:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
QQSendMess Trojan Removal instruction
Removing Oprobe Trojan

Posted by at No comments:

Fucoudbg Trojan

Removing Fucoudbg
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

How to detect Fucoudbg:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{acadabaf-1000-0010-8000-10aa006d2ea4}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks

Removing Fucoudbg:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Galore Trojan
dyndns.info Tracking Cookie Cleaner
Remove Pigeon.ESG Trojan
Thursday.12th Trojan Information
Pigeon.AVK Trojan Symptoms

Posted by at No comments:

Spyguard Ransomware

Removing Spyguard
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe software that encrypts the data
belonging to an individual on a computer, demanding a ransom for its restoration.
Although the field known as cryptovirology predates the term "ransomware".
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\SpyGuard.lnk
[%DESKTOP%]\SpyGuard.lnk

How to detect Spyguard:

Files:
[%DESKTOP%]\SpyGuard.lnk
[%DESKTOP%]\SpyGuard.lnk

Folders:
[%PROGRAMS%]\SpyGuard
[%PROGRAM_FILES%]\SpyGuard

Registry Keys:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\spyguard
HKEY_CURRENT_USER\software\thespyguard
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\the spy guard

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing Spyguard:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Lineage.ABL Trojan Cleaner
Moonpie Trojan Cleaner
Whomp RAT Removal instruction
Removing Itis Trojan
Removing Bouffetroyen RAT

Posted by at No comments:

AntiSpyPro Ransomware

Removing AntiSpyPro
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe software that encrypts the data
belonging to an individual on a computer, demanding a ransom for its restoration.
Although the field known as cryptovirology predates the term "ransomware".
Visible Symptoms:
Files in system folders:
[%PROFILE%]\Desktop\AntiSpy Pro 2.4.lnk
[%PROFILE%]\Start Menu\Programs\AntiSpy Pro 2.4.lnk
[%PROFILE%]\Desktop\AntiSpy Pro 2.4.lnk
[%PROFILE%]\Start Menu\Programs\AntiSpy Pro 2.4.lnk

How to detect AntiSpyPro:

Files:
[%PROFILE%]\Desktop\AntiSpy Pro 2.4.lnk
[%PROFILE%]\Start Menu\Programs\AntiSpy Pro 2.4.lnk
[%PROFILE%]\Desktop\AntiSpy Pro 2.4.lnk
[%PROFILE%]\Start Menu\Programs\AntiSpy Pro 2.4.lnk

Folders:
[%PROGRAM_FILES%]\AntiSpyPro

Registry Keys:
HKEY_CURRENT_USER\software\antispy-pro
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\antispy pro

Removing AntiSpyPro:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Win32.Sagic Trojan Removal instruction
4Arcade.PBar Toolbar Removal instruction
Bancos.GKT Trojan Symptoms
Z1.Adserver.com Tracking Cookie Symptoms
Aflac Trojan Information

Posted by at No comments:

AntiSpyZone Adware

Removing AntiSpyZone
Categories: Adware,Ransomware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe software that encrypts the data
belonging to an individual on a computer, demanding a ransom for its restoration.
Although the field known as cryptovirology predates the term "ransomware".
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\ASZLanguage.ini
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\AntiSpyZone 4.7.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\AntiSpyZone 5.4.lnk
[%DESKTOP%]\AntiSpyZone 5.4.lnk
[%PROFILE%]\LOCAL.EXE
[%PROGRAM_FILES%]\AntiSpyZone 5.4\AntiSpyZone 5.4.exe
[%STARTMENU%]\AntiSpyZone 4.7.lnk
[%STARTMENU%]\AntiSpyZone 5.4.lnk
[%APPDATA%]\microsoft\internet explorer\quick launch\antispyzone 4.6.lnk
[%APPDATA%]\microsoft\internet explorer\quick launch\antispyzone 4.7.lnk
[%APPDATA%]\microsoft\internet explorer\quick launch\antispyzone 4.9.lnk
[%DESKTOP%]\antispyzone 4.6.lnk
[%DESKTOP%]\antispyzone 4.7.lnk
[%DESKTOP%]\antispyzone 4.9.lnk
[%PROFILE_TEMP%]\aszlanguage.ini
[%PROFILE_TEMP%]\aszone.dat
[%PROGRAMS%]\antispyzone 4.6
[%PROGRAMS%]\antispyzone 4.7
[%PROGRAMS%]\antispyzone 4.9
[%PROFILE_TEMP%]\ASZLanguage.ini
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\AntiSpyZone 4.7.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\AntiSpyZone 5.4.lnk
[%DESKTOP%]\AntiSpyZone 5.4.lnk
[%PROFILE%]\LOCAL.EXE
[%PROGRAM_FILES%]\AntiSpyZone 5.4\AntiSpyZone 5.4.exe
[%STARTMENU%]\AntiSpyZone 4.7.lnk
[%STARTMENU%]\AntiSpyZone 5.4.lnk
[%APPDATA%]\microsoft\internet explorer\quick launch\antispyzone 4.6.lnk
[%APPDATA%]\microsoft\internet explorer\quick launch\antispyzone 4.7.lnk
[%APPDATA%]\microsoft\internet explorer\quick launch\antispyzone 4.9.lnk
[%DESKTOP%]\antispyzone 4.6.lnk
[%DESKTOP%]\antispyzone 4.7.lnk
[%DESKTOP%]\antispyzone 4.9.lnk
[%PROFILE_TEMP%]\aszlanguage.ini
[%PROFILE_TEMP%]\aszone.dat
[%PROGRAMS%]\antispyzone 4.6
[%PROGRAMS%]\antispyzone 4.7
[%PROGRAMS%]\antispyzone 4.9

How to detect AntiSpyZone:

Files:
[%PROFILE_TEMP%]\ASZLanguage.ini
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\AntiSpyZone 4.7.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\AntiSpyZone 5.4.lnk
[%DESKTOP%]\AntiSpyZone 5.4.lnk
[%PROFILE%]\LOCAL.EXE
[%PROGRAM_FILES%]\AntiSpyZone 5.4\AntiSpyZone 5.4.exe
[%STARTMENU%]\AntiSpyZone 4.7.lnk
[%STARTMENU%]\AntiSpyZone 5.4.lnk
[%APPDATA%]\microsoft\internet explorer\quick launch\antispyzone 4.6.lnk
[%APPDATA%]\microsoft\internet explorer\quick launch\antispyzone 4.7.lnk
[%APPDATA%]\microsoft\internet explorer\quick launch\antispyzone 4.9.lnk
[%DESKTOP%]\antispyzone 4.6.lnk
[%DESKTOP%]\antispyzone 4.7.lnk
[%DESKTOP%]\antispyzone 4.9.lnk
[%PROFILE_TEMP%]\aszlanguage.ini
[%PROFILE_TEMP%]\aszone.dat
[%PROGRAMS%]\antispyzone 4.6
[%PROGRAMS%]\antispyzone 4.7
[%PROGRAMS%]\antispyzone 4.9
[%PROFILE_TEMP%]\ASZLanguage.ini
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\AntiSpyZone 4.7.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\AntiSpyZone 5.4.lnk
[%DESKTOP%]\AntiSpyZone 5.4.lnk
[%PROFILE%]\LOCAL.EXE
[%PROGRAM_FILES%]\AntiSpyZone 5.4\AntiSpyZone 5.4.exe
[%STARTMENU%]\AntiSpyZone 4.7.lnk
[%STARTMENU%]\AntiSpyZone 5.4.lnk
[%APPDATA%]\microsoft\internet explorer\quick launch\antispyzone 4.6.lnk
[%APPDATA%]\microsoft\internet explorer\quick launch\antispyzone 4.7.lnk
[%APPDATA%]\microsoft\internet explorer\quick launch\antispyzone 4.9.lnk
[%DESKTOP%]\antispyzone 4.6.lnk
[%DESKTOP%]\antispyzone 4.7.lnk
[%DESKTOP%]\antispyzone 4.9.lnk
[%PROFILE_TEMP%]\aszlanguage.ini
[%PROFILE_TEMP%]\aszone.dat
[%PROGRAMS%]\antispyzone 4.6
[%PROGRAMS%]\antispyzone 4.7
[%PROGRAMS%]\antispyzone 4.9

Folders:
[%PROGRAMS%]\AntiSpyZone 4.7
[%PROGRAMS%]\AntiSpyZone 5.0
[%PROGRAMS%]\AntiSpyZone 5.4
[%PROGRAM_FILES%]\AntiSpyZone
[%PROGRAM_FILES%]\AntiSpyZone 4.6
[%PROGRAM_FILES%]\AntiSpyZone 4.7
[%PROGRAM_FILES%]\AntiSpyZone 5.4
[%PROGRAM_FILES%]\AntiSpyZone 4.9

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{A4591AB7-7BDD-791C-C9A2-A44D727FD102}
HKEY_CLASSES_ROOT\interface\{18c6eff0-9a46-47de-ac4d-8d41d550b35b}
HKEY_CLASSES_ROOT\interface\{2a895b3a-432f-478d-99e4-7c5888b9f60b}
HKEY_CLASSES_ROOT\interface\{3110b2b8-3cef-479a-a170-36cf1bd5c2d0}
HKEY_CLASSES_ROOT\interface\{35dfd15c-20a3-4b9a-8074-9a5cb42cfaca}
HKEY_CLASSES_ROOT\interface\{4374734d-e189-4a01-894c-a8e410f06d75}
HKEY_CLASSES_ROOT\interface\{44b81fd0-d641-486f-adb6-a5c94fd78a4b}
HKEY_CLASSES_ROOT\interface\{48ab5840-bd96-40be-ad08-c7bdd8a99fb8}
HKEY_CLASSES_ROOT\interface\{577ff186-8a1a-4b60-ab67-33d5786a0d30}
HKEY_CLASSES_ROOT\interface\{5b629edf-20cf-4a29-ae73-f7dfb1cb0802}
HKEY_CLASSES_ROOT\interface\{9402ca68-4ce1-4ce6-91eb-95853a32f355}
HKEY_CLASSES_ROOT\interface\{d30a5825-8cb1-4ba0-8d50-669f391dd93a}
HKEY_CLASSES_ROOT\interface\{d41b41d3-2aef-4413-bd7d-d09535b4b642}
HKEY_CLASSES_ROOT\interface\{da50098c-37d3-47a3-977c-b093cdc99630}
HKEY_CLASSES_ROOT\interface\{e5122f58-8d45-4281-b92e-f5d17bcdddce}
HKEY_CLASSES_ROOT\interface\{f2c583b5-65bc-45e9-b49b-17ca06f358c2}
HKEY_CLASSES_ROOT\interface\{f9a74184-345e-4d66-8178-6695f866e461}
HKEY_CLASSES_ROOT\typelib\{ac91c7bb-4f2a-4e02-a8c6-950eb6c31423}
HKEY_CLASSES_ROOT\Interface\{0F6385B2-6CE3-4BBD-BB0D-C69AC771931A}
HKEY_CLASSES_ROOT\Interface\{169E3DE5-B2F9-4164-A3C1-35D8F14C855E}
HKEY_CLASSES_ROOT\Interface\{2A21BA9B-B974-439E-92A6-9A1312D41E3E}
HKEY_CLASSES_ROOT\Interface\{4D036BF4-D6D4-4D2E-9DD4-1191BF1BC3C8}
HKEY_CLASSES_ROOT\Interface\{5554969E-0F2E-44E2-B32C-EF46C6889AAB}
HKEY_CLASSES_ROOT\Interface\{59F18BE7-C991-4A3A-AC20-E023B3454281}
HKEY_CLASSES_ROOT\Interface\{5BF88860-3EFD-4DE1-8D5E-D775FE715D00}
HKEY_CLASSES_ROOT\Interface\{5E0E8E5D-E365-49A5-BC45-436FCA0EFCC5}
HKEY_CLASSES_ROOT\Interface\{605106D2-8EF3-4903-8811-E9F345F9FD2D}
HKEY_CLASSES_ROOT\Interface\{A369DF09-814F-461E-A52B-08423B2B1C2B}
HKEY_CLASSES_ROOT\Interface\{AB0B71D3-E9D4-40C5-ADDC-45D7E2F397D8}
HKEY_CLASSES_ROOT\Interface\{AC1B2E43-DEDB-4B7D-9BC5-4751C2DEAB7D}
HKEY_CLASSES_ROOT\Interface\{BA3A6B06-0E13-427B-857F-C7E775FE000E}
HKEY_CLASSES_ROOT\Interface\{C4892324-B47F-4B6F-B29A-84F663C7A735}
HKEY_CLASSES_ROOT\Interface\{D5878CCF-D246-4F37-855F-8C2829F424D3}
HKEY_CLASSES_ROOT\Interface\{E830D202-66A8-4661-BB63-F2FA92B25335}
HKEY_CLASSES_ROOT\TypeLib\{DEE6B1D4-9D0E-4231-82D4-BFA701502C50}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4591AB7-7BDD-791C-C9A2-A44D727FD102}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0F6385B2-6CE3-4BBD-BB0D-C69AC771931A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{169E3DE5-B2F9-4164-A3C1-35D8F14C855E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A21BA9B-B974-439E-92A6-9A1312D41E3E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4D036BF4-D6D4-4D2E-9DD4-1191BF1BC3C8}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5554969E-0F2E-44E2-B32C-EF46C6889AAB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{59F18BE7-C991-4A3A-AC20-E023B3454281}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5BF88860-3EFD-4DE1-8D5E-D775FE715D00}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5E0E8E5D-E365-49A5-BC45-436FCA0EFCC5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{605106D2-8EF3-4903-8811-E9F345F9FD2D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A369DF09-814F-461E-A52B-08423B2B1C2B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB0B71D3-E9D4-40C5-ADDC-45D7E2F397D8}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AC1B2E43-DEDB-4B7D-9BC5-4751C2DEAB7D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BA3A6B06-0E13-427B-857F-C7E775FE000E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4892324-B47F-4B6F-B29A-84F663C7A735}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D5878CCF-D246-4F37-855F-8C2829F424D3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E830D202-66A8-4661-BB63-F2FA92B25335}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DEE6B1D4-9D0E-4231-82D4-BFA701502C50}
HKEY_CLASSES_ROOT\clsid\{a4591ab7-7bdd-791c-c9a2-a44d727fd102}
HKEY_CLASSES_ROOT\interface\{081a69ac-4076-4445-b929-717a345197de}
HKEY_CLASSES_ROOT\interface\{0db204c3-846b-4585-8f0d-12a9dbf4652f}
HKEY_CLASSES_ROOT\interface\{2af5f685-a020-4c32-acb4-0775acaa726d}
HKEY_CLASSES_ROOT\interface\{31e578da-db12-4b21-8c84-ee0bb155bccf}
HKEY_CLASSES_ROOT\interface\{341fde82-84bb-4ff2-9ff7-42436f9b000b}
HKEY_CLASSES_ROOT\interface\{39a12f82-970b-473c-a873-e30010c30c13}
HKEY_CLASSES_ROOT\interface\{4440c928-46f1-49c5-b3fc-86e9577215b0}
HKEY_CLASSES_ROOT\interface\{47f75d3d-18c4-4c1e-a5e1-07c82cd6d314}
HKEY_CLASSES_ROOT\interface\{51b6c6b8-f9de-4874-8890-8c051857946b}
HKEY_CLASSES_ROOT\interface\{56538e2e-4786-48f4-a217-3564614302a0}
HKEY_CLASSES_ROOT\interface\{684cd8bc-f21a-4bc3-b3e2-82cbd3947eac}
HKEY_CLASSES_ROOT\interface\{6893f6e0-6242-449f-9e1e-bd4a6316cef6}
HKEY_CLASSES_ROOT\interface\{69b2dfed-db60-4ec8-adea-2510920054c5}
HKEY_CLASSES_ROOT\interface\{6afeae7f-c7a2-4f05-b26e-f950c4879a81}
HKEY_CLASSES_ROOT\interface\{6b0edc3a-c29f-4389-84cd-f228e7e9639b}
HKEY_CLASSES_ROOT\interface\{6f3490cf-9f42-4197-b3b7-1ebc0e891829}
HKEY_CLASSES_ROOT\interface\{75d606d3-e322-4e29-8c1c-485f0dfc56ee}
HKEY_CLASSES_ROOT\interface\{79c0464e-485e-42c5-b9dc-b2f7dd117e11}
HKEY_CLASSES_ROOT\interface\{7a738d1f-8b06-41eb-b327-16660e0b6e64}
HKEY_CLASSES_ROOT\interface\{8009c188-067b-4167-87d7-c6f9f74a91f7}
HKEY_CLASSES_ROOT\interface\{958095d6-b6c0-4fdc-9800-8c3d8657844f}
HKEY_CLASSES_ROOT\interface\{9982a17f-7ded-43b6-821e-817bedf1381e}
HKEY_CLASSES_ROOT\interface\{9ad5d1b8-71c0-41d0-8315-e827926b3628}
HKEY_CLASSES_ROOT\interface\{bbf4c3ec-4901-4194-a2fd-cd859d9b2698}
HKEY_CLASSES_ROOT\interface\{bef96896-ede0-40c8-9036-64284b7b8738}
HKEY_CLASSES_ROOT\interface\{c1f4c8dd-7d29-4b5c-a9bb-857ff92e085e}
HKEY_CLASSES_ROOT\interface\{c3c1c7a3-ad38-4f9f-8bcd-c73e3c85e79b}
HKEY_CLASSES_ROOT\interface\{ca679db4-4c3f-460f-ae24-a49d78d72c6a}
HKEY_CLASSES_ROOT\interface\{dd67b31d-6d7f-45f7-883e-e713e11c99b8}
HKEY_CLASSES_ROOT\interface\{dfd0f9e2-d2e9-4c18-9ac8-3bd5475932a9}
HKEY_CLASSES_ROOT\interface\{e281dd06-0e2c-4366-96cc-9ac69c2d7708}
HKEY_CLASSES_ROOT\interface\{fd55f9f1-ab5f-4f18-a274-d0aae138e123}
HKEY_CLASSES_ROOT\typelib\{2784d535-7c78-44b7-9f88-89c25ce19cee}
HKEY_CLASSES_ROOT\typelib\{6c04136a-2061-4164-8137-c64e695c828b}
HKEY_LOCAL_MACHINE\software\antispyzone 4.6
HKEY_LOCAL_MACHINE\software\antispyzone 4.7
HKEY_LOCAL_MACHINE\software\antispyzone 4.9
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\antispyzone 4.6.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\antispyzone 4.7.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\antispyzone 4.9.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\antispyzone 4.6
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\antispyzone 4.7
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\antispyzone 4.9

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Removing AntiSpyZone:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Mariano Trojan
Nuclear.Uploader Trojan Information
TotalRC RAT Removal
Exploit.URLSpoof.gen Trojan Information

Posted by at No comments:

MaxSearch Adware

Removing MaxSearch
Categories: Adware,Hijacker
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

How to detect MaxSearch:

Folders:
[%PROGRAM_FILES%]\maxifiles
[%PROGRAM_FILES%]\freeprod toolbar

Registry Keys:
HKEY_CLASSES_ROOT\xbtb07618.ietoolbar
HKEY_CLASSES_ROOT\xbtb07618.ietoolbar.1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\xbtb07618.xbtb07618toolbar
HKEY_CLASSES_ROOT\toolband.xbtb04715
HKEY_CLASSES_ROOT\toolband.xbtb04715.1
HKEY_CLASSES_ROOT\toolband.xbtb07618
HKEY_CLASSES_ROOT\toolband.xbtb07618.1
HKEY_CLASSES_ROOT\typelib\{3261a9a1-91f5-4a20-bec7-3f8373c72c1f}
HKEY_CLASSES_ROOT\typelib\{75e46ee7-404b-48ec-9326-c654f21f65bf}
HKEY_CLASSES_ROOT\typelib\{ffbe337d-cb05-4ff0-b9fa-3c2fcc2f54fb}
HKEY_CLASSES_ROOT\xbtb04715.ietoolbar
HKEY_CLASSES_ROOT\xbtb04715.ietoolbar.1
HKEY_CLASSES_ROOT\xbtb04715.xbtb04715
HKEY_CLASSES_ROOT\xbtb04715.xbtb04715.1
HKEY_CLASSES_ROOT\xbtb07618.xbtb07618
HKEY_CLASSES_ROOT\xbtb07618.xbtb07618.1
HKEY_CURRENT_USER\software\xbtb07618
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\user agent\post platform\maxifiles
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\user agent\post platform\maxifilestb
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\xbtb04715.xbtb04715toolbar

Removing MaxSearch:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SillyDl.NP!Trojan Trojan Information

Posted by at No comments:

riversoft Adware

Removing riversoft
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Visible Symptoms:
Files in system folders:
[%APPDATA%]\xoff\x2ff.cfg
[%APPDATA%]\xoff\xoff.cfg
[%APPDATA%]\xoff\xoff.dll
[%APPDATA%]\xoff\x2ff.cfg
[%APPDATA%]\xoff\xoff.cfg
[%APPDATA%]\xoff\xoff.dll

How to detect riversoft:

Files:
[%APPDATA%]\xoff\x2ff.cfg
[%APPDATA%]\xoff\xoff.cfg
[%APPDATA%]\xoff\xoff.dll
[%APPDATA%]\xoff\x2ff.cfg
[%APPDATA%]\xoff\xoff.cfg
[%APPDATA%]\xoff\xoff.dll

Registry Keys:
HKEY_CLASSES_ROOT\appid\x2ff.dll
HKEY_CLASSES_ROOT\appid\csa.dll
HKEY_CLASSES_ROOT\appid\x0ff.dll
HKEY_CLASSES_ROOT\appid\{ccb76c32-c755-4859-b195-73db23d55ac4}
HKEY_CLASSES_ROOT\appid\{d137514c-fffa-492a-933b-d29145b7a468}
HKEY_CLASSES_ROOT\appid\{d1bb73a7-5d35-48c9-94c0-d0bd624b0f5d}
HKEY_CLASSES_ROOT\clsid\{abd45f35-2e4c-44c0-a075-6ef1de75398e}
HKEY_CLASSES_ROOT\clsid\{ac109d01-32d6-4eb5-8300-d3c5ebac7c83}
HKEY_CLASSES_ROOT\clsid\{d319662b-d5bf-4538-adf3-8d3e36362608}
HKEY_CLASSES_ROOT\csa.accel
HKEY_CLASSES_ROOT\csa.accel.1
HKEY_CLASSES_ROOT\interface\{248d0792-644c-403b-8525-aa2877603204}
HKEY_CLASSES_ROOT\interface\{b0c5e55e-53df-4966-90a0-912d34cb64a7}
HKEY_CLASSES_ROOT\interface\{f1ea6966-79fb-47fa-ab97-8ed1a8d89de4}
HKEY_CLASSES_ROOT\typelib\{1d1a0231-322a-4024-a282-697bf547970e}
HKEY_CLASSES_ROOT\typelib\{f81f7f91-8ba8-47dd-80fe-a262a4c8a985}
HKEY_CLASSES_ROOT\typelib\{fec81dde-1320-4027-8d1d-72753d27b4f3}
HKEY_CLASSES_ROOT\x0ff.xbrowse
HKEY_CLASSES_ROOT\x0ff.xbrowse.1
HKEY_CLASSES_ROOT\x2ff.xbrowse
HKEY_CLASSES_ROOT\x2ff.xbrowse.1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ac109d01-32d6-4eb5-8300-d3c5ebac7c83}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper {d319662b-d5bf-4538-adf3-8d3e36362608}

Removing riversoft:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Satan.Cam.View RAT
Istzone Downloader Removal instruction
Remove Pigeon.EPF Trojan
Templar Trojan Removal

Posted by at No comments:

Altnet Trojan

Removing Altnet
Categories: Trojan,Adware
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Altnet Also known as:

[Panda]Spyware/Altnet
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\Altnet\Download Manager\adm25.dll
[%SYSTEM%]\adm.exe
[%SYSTEM%]\adm4.dll
[%SYSTEM%]\admdata.dll
[%SYSTEM%]\admdloader.dll
[%SYSTEM%]\admfdi.dll
[%SYSTEM%]\admprog.dll
[%PROGRAM_FILES%]\Altnet\Download Manager\adm25.dll
[%SYSTEM%]\adm.exe
[%SYSTEM%]\adm4.dll
[%SYSTEM%]\admdata.dll
[%SYSTEM%]\admdloader.dll
[%SYSTEM%]\admfdi.dll
[%SYSTEM%]\admprog.dll

How to detect Altnet:

Files:
[%PROGRAM_FILES%]\Altnet\Download Manager\adm25.dll
[%SYSTEM%]\adm.exe
[%SYSTEM%]\adm4.dll
[%SYSTEM%]\admdata.dll
[%SYSTEM%]\admdloader.dll
[%SYSTEM%]\admfdi.dll
[%SYSTEM%]\admprog.dll
[%PROGRAM_FILES%]\Altnet\Download Manager\adm25.dll
[%SYSTEM%]\adm.exe
[%SYSTEM%]\adm4.dll
[%SYSTEM%]\admdata.dll
[%SYSTEM%]\admdloader.dll
[%SYSTEM%]\admfdi.dll
[%SYSTEM%]\admprog.dll

Registry Keys:
HKEY_CLASSES_ROOT\adm.adm
HKEY_CLASSES_ROOT\adm.adm.1
HKEY_CLASSES_ROOT\adm4.adm4
HKEY_CLASSES_ROOT\adm4.adm4.1
HKEY_CLASSES_ROOT\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}
HKEY_CURRENT_USER\software\altnet
HKEY_LOCAL_MACHINE\software\altnet
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4fa2b39b-a7da-983c-68e6-5b095a4118fd}

Removing Altnet:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Vxidl.ADE Trojan

Posted by at No comments:

Back.Find Trojan

Removing Back.Find
Categories: Trojan,Downloader
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
Back.Find Also known as:

[Kaspersky]Trojan.Loader.SAD.6288,Trojan.Off.b,Trojan.Off.a,Trojan.Jackel,Trojan.Jackel.b,Trojan.Loader.E-evil;
[Eset]_MX trojan,Off.B trojan,Off.A trojan;
[McAfee]Back Find,Earthquake;
[F-Prot]destructive program;
[Panda]Trj/Eras,Trj/SWAT,Trj/Jackel.b;
[Computer Associates]Jackel,Jackel.b,PressEnter!Trojan,F-Off.Trojan,Search_and_Destroj!Trojan,Buffett!Trojan,HllP.Jackel,Electronic_Evil
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\grwinsthlp.exe
[%SYSTEM%]\grwinsthlp.exe

How to detect Back.Find:

Files:
[%SYSTEM%]\grwinsthlp.exe
[%SYSTEM%]\grwinsthlp.exe

Removing Back.Find:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Psychward Trojan
Bancos.AFY Trojan Removal
Removing Backdoor.An Backdoor

Posted by at No comments:

DarkFace Backdoor

Removing DarkFace
Categories: Backdoor,RAT
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.
DarkFace Also known as:

[Kaspersky]Backdoor.Antilam.g1,Backdoor.Delf.hw,Backdoor.Pestdoor.31;
[McAfee]BackDoor-AED;
[F-Prot]security risk or a "backdoor" program;
[Panda]Backdoor Program.LC,Bck/Antilam.g1;
[Computer Associates]Backdoor/Latinus_Server_family
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\mshtml.exe
[%WINDOWS%]\mshtml.exe

How to detect DarkFace:

Files:
[%WINDOWS%]\mshtml.exe
[%WINDOWS%]\mshtml.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing DarkFace:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Noone Trojan Cleaner
Pigeon.AAJ Trojan Symptoms
Urircstall Trojan Information
Remove Bancos.HQR Trojan

Posted by at No comments:

DBestRelief Adware

Removing DBestRelief
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\sstyle.css
[%WINDOWS%]\sstyle.css

How to detect DBestRelief:

Files:
[%WINDOWS%]\sstyle.css
[%WINDOWS%]\sstyle.css

Removing DBestRelief:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bancos.IAC Trojan Removal instruction

Posted by at No comments:

Lineage.ACO Trojan

Removing Lineage.ACO
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Lineage.ACO Also known as:

[Kaspersky]Trojan-Dropper.Win32.Agent.cpj
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\xerox\best.bat
[%WINDOWS%]\Debug\62D4F8F5DDAC.dll
[%WINDOWS%]\Debug\62D4F8F5DDAC.exe
[%PROGRAM_FILES%]\xerox\best.bat
[%WINDOWS%]\Debug\62D4F8F5DDAC.dll
[%WINDOWS%]\Debug\62D4F8F5DDAC.exe

How to detect Lineage.ACO:

Files:
[%PROGRAM_FILES%]\xerox\best.bat
[%WINDOWS%]\Debug\62D4F8F5DDAC.dll
[%WINDOWS%]\Debug\62D4F8F5DDAC.exe
[%PROGRAM_FILES%]\xerox\best.bat
[%WINDOWS%]\Debug\62D4F8F5DDAC.dll
[%WINDOWS%]\Debug\62D4F8F5DDAC.exe

Folders:
[%PROGRAM_FILES%]\Filsec

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{7f7a1edd-e15e-41ed-aa85-06ea55c7e13a}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks

Removing Lineage.ACO:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Satcah Trojan Symptoms
NetControl.TakeOver Spyware Cleaner
Evyl Trojan Symptoms

Posted by at No comments:

Jokcn Downloader

Removing Jokcn
Categories: Downloader
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
Jokcn Also known as:

[Kaspersky]Trojan-Downloader.Win32.Ieser.w,AdWare.Win32.Ejik.g,AdWare.Win32.Ejik.q;
[McAfee]Downloader-ACH;
[Other]Win32/Jokcn.C,Downloader,Win32/Jokcn.D,W32/Malware.BIBN,Win32/Jokcn.F,Trojan.Adclicker,Win32/Jokcn.H,Win32/Jokcn.I
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\resiifers.ini
[%WINDOWS%]\98032C.exe
[%WINDOWS%]\acdsee321.dll
[%WINDOWS%]\my_70320.exe
[%WINDOWS%]\system\zhqb32.dll
[%WINDOWS%]\zhqbdf16.ini
[%WINDOWS%]\zsmsdf32.ini
[%SYSTEM%]\resiifers.ini
[%WINDOWS%]\98032C.exe
[%WINDOWS%]\acdsee321.dll
[%WINDOWS%]\my_70320.exe
[%WINDOWS%]\system\zhqb32.dll
[%WINDOWS%]\zhqbdf16.ini
[%WINDOWS%]\zsmsdf32.ini

How to detect Jokcn:

Files:
[%SYSTEM%]\resiifers.ini
[%WINDOWS%]\98032C.exe
[%WINDOWS%]\acdsee321.dll
[%WINDOWS%]\my_70320.exe
[%WINDOWS%]\system\zhqb32.dll
[%WINDOWS%]\zhqbdf16.ini
[%WINDOWS%]\zsmsdf32.ini
[%SYSTEM%]\resiifers.ini
[%WINDOWS%]\98032C.exe
[%WINDOWS%]\acdsee321.dll
[%WINDOWS%]\my_70320.exe
[%WINDOWS%]\system\zhqb32.dll
[%WINDOWS%]\zhqbdf16.ini
[%WINDOWS%]\zsmsdf32.ini

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{16c6167b-fed4-4cee-8951-134c9a345da2}
HKEY_CLASSES_ROOT\clsid\{242f800b-2172-4659-a381-476b66e3de2a}
HKEY_CLASSES_ROOT\clsid\{956d977e-3ee4-460f-8cd2-23cdeabbdc94}
HKEY_CLASSES_ROOT\clsid\{c1ba80ee-2fb8-4c8d-bac9-938215e539c5}
HKEY_CLASSES_ROOT\kdcvbehbwgviz.tiebhocom\clsid
HKEY_CLASSES_ROOT\tirqikts.tiebhocom
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{16c6167b-fed4-4cee-8951-134c9a345da2}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{242f800b-2172-4659-a381-476b66e3de2a}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{956d977e-3ee4-460f-8cd2-23cdeabbdc94}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c1ba80ee-2fb8-4c8d-bac9-938215e539c5}

Removing Jokcn:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Zlob.Fam.Video AX Enhancement Trojan Information
SpyGator.pro Spyware Removal
Pigeon.EYV Trojan Symptoms
Vxidl.BFO Trojan Information
Carioca Trojan Removal

Posted by at No comments:

Wiretap.Professional Spyware

Removing Wiretap.Professional
Categories: Spyware
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

How to detect Wiretap.Professional:

Folders:
[%SYSTEM%]\recoveryinfo
[%COMMON_PROGRAMS%]\Wiretap Professional
[%PROGRAMS%]\wiretap professional
[%PROGRAM_FILES%]\wiretap professional

Registry Keys:
HKEY_CLASSES_ROOT\applications\scvhost.exe
HKEY_CLASSES_ROOT\clsid\{935fa400-243d-11d3-b06e-857b2ae2be64}
HKEY_CLASSES_ROOT\clsid\{e8b31a72-aace-412d-aa2c-d03fa6fccdef}
HKEY_CLASSES_ROOT\shellexecutehook.tshellexecutehook
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{e8b31a72-aace-412d-aa2c-d03fa6fccdef}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks\{935fa400-243d-11d3-b06e-857b2ae2be64}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\wtp_is1

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\5291-mdiv

Removing Wiretap.Professional:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing VB.om Trojan
Pigeon.AVMA Trojan Information
Bancos.HIQ Trojan Symptoms
Removing Fujacks Trojan
Removing Pigeon.AUL Trojan

Posted by at No comments:

InternetAlert Spyware

Removing InternetAlert
Categories: Spyware
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
InternetAlert Also known as:

[Panda]Adware/SaveNow
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\BonziTapFilters.dll
[%SYSTEM%]\utdns.dll
[%DESKTOP%]\speed up my computer.url
[%PROFILE%]\administrator\start menu\programs\bonzibuddy\uninstall bonzibuddy.lnk
[%PROFILE%]\desktop\speed up my computer.url
[%SYSTEM%]\BonziTapFilters.dll
[%SYSTEM%]\utdns.dll
[%DESKTOP%]\speed up my computer.url
[%PROFILE%]\administrator\start menu\programs\bonzibuddy\uninstall bonzibuddy.lnk
[%PROFILE%]\desktop\speed up my computer.url

How to detect InternetAlert:

Files:
[%SYSTEM%]\BonziTapFilters.dll
[%SYSTEM%]\utdns.dll
[%DESKTOP%]\speed up my computer.url
[%PROFILE%]\administrator\start menu\programs\bonzibuddy\uninstall bonzibuddy.lnk
[%PROFILE%]\desktop\speed up my computer.url
[%SYSTEM%]\BonziTapFilters.dll
[%SYSTEM%]\utdns.dll
[%DESKTOP%]\speed up my computer.url
[%PROFILE%]\administrator\start menu\programs\bonzibuddy\uninstall bonzibuddy.lnk
[%PROFILE%]\desktop\speed up my computer.url

Removing InternetAlert:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
4Arcade.PBar Toolbar Removal
medianewsgroup.com Tracking Cookie Symptoms
Lineage.ABH Trojan Symptoms

Posted by at No comments:

FakeAlert Trojan

Removing FakeAlert
Categories: Trojan,Downloader,Hoax
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
A HOAX is a false email message warning the recipient
of a virus that is going around. The message usually serves as a chain e-mail that
tells the recipient to forward it to everyone they know.

FakeAlert Also known as:

[Kaspersky]Hoax.Win32.Renos.eq,Trojan-Clicker.Win32.Agent.is;
[McAfee]FakeAlert-D,FakeAlert-H,FakeAlert-U;
[F-Prot]W32/FakeAlert.DS;
[Other]Win32.Cadux.AU,Trojan.Fakealert.196,TR/SpyCleaner.A,Win32/Vaxkat,Downloader,W32/Agent.BRAT,Troj/Clicker-EF
Visible Symptoms:
Files in system folders:
[%INTERNET_CACHE%]\Content.IE5\KPCZQPW7\vwjrmrmur[1].htm
[%WINDOWS%]\system32fab.exe
[%SYSTEM%]\tcpipmon.exe
[%SYSTEM%]\winblsrv.dll
[%SYSTEM%]\ctpmon.exe
[%INTERNET_CACHE%]\Content.IE5\KPCZQPW7\vwjrmrmur[1].htm
[%WINDOWS%]\system32fab.exe
[%SYSTEM%]\tcpipmon.exe
[%SYSTEM%]\winblsrv.dll
[%SYSTEM%]\ctpmon.exe

How to detect FakeAlert:

Files:
[%INTERNET_CACHE%]\Content.IE5\KPCZQPW7\vwjrmrmur[1].htm
[%WINDOWS%]\system32fab.exe
[%SYSTEM%]\tcpipmon.exe
[%SYSTEM%]\winblsrv.dll
[%SYSTEM%]\ctpmon.exe
[%INTERNET_CACHE%]\Content.IE5\KPCZQPW7\vwjrmrmur[1].htm
[%WINDOWS%]\system32fab.exe
[%SYSTEM%]\tcpipmon.exe
[%SYSTEM%]\winblsrv.dll
[%SYSTEM%]\ctpmon.exe

Registry Keys:
HKEY_CLASSES_ROOT\650ef38e.axb8
HKEY_CLASSES_ROOT\650ef38f.ds45
HKEY_CLASSES_ROOT\6fa10094.vcsd
HKEY_CLASSES_ROOT\767960fa.ccas
HKEY_CLASSES_ROOT\767960fb.2345
HKEY_CLASSES_ROOT\7fe62cc2.bctp
HKEY_CLASSES_ROOT\877faba2.2dfh
HKEY_CLASSES_ROOT\8dcb614a.afbs
HKEY_CLASSES_ROOT\94ad4b18.3hpo
HKEY_CLASSES_ROOT\adfghost.cli
HKEY_CLASSES_ROOT\bprintinghost.serv
HKEY_CLASSES_ROOT\c5621605.dhcp
HKEY_CLASSES_ROOT\svshost1.dhcp
HKEY_CLASSES_ROOT\svshost10.3hpo
HKEY_CLASSES_ROOT\svshost11.cs35
HKEY_CLASSES_ROOT\svshost12.varh
HKEY_CLASSES_ROOT\svshost13.fpol
HKEY_CLASSES_ROOT\svshost14.knbs
HKEY_CLASSES_ROOT\svshost15.kbns
HKEY_CLASSES_ROOT\svshost2.axb8
HKEY_CLASSES_ROOT\svshost3.ds45
HKEY_CLASSES_ROOT\svshost4.vcsd
HKEY_CLASSES_ROOT\svshost5.ccas
HKEY_CLASSES_ROOT\svshost6.2345
HKEY_CLASSES_ROOT\svshost7.bctp
HKEY_CLASSES_ROOT\svshost8.2dfh
HKEY_CLASSES_ROOT\svshost9.afbs
HKEY_CLASSES_ROOT\svshostt.arty
HKEY_CLASSES_ROOT\ntservice.control.1
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winalert

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing FakeAlert:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing VCL.Restart Trojan
Removing Backdoor.SubSeven.PSW Backdoor
Vxidl.AMF Trojan Cleaner
Bancos.HRV Trojan Removal
Removing Pigeon.EJZ Trojan

Posted by at No comments:

StartPage.hb Hijacker

Removing StartPage.hb
Categories: Hijacker
A Search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\setdbg.exe
[%WINDOWS%]\setdbg.exe

How to detect StartPage.hb:

Files:
[%WINDOWS%]\setdbg.exe
[%WINDOWS%]\setdbg.exe

Removing StartPage.hb:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SomeTrouble Trojan Removal instruction
TrojanDownloader.Win32.Perfiler Adware Symptoms
SillyDl.CPR Trojan Symptoms
Zdl Trojan Removal
Removing Stachel DoS

Posted by at No comments:

WebLookUp Adware

Removing WebLookUp
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

How to detect WebLookUp:

Registry Keys:
HKEY_CURRENT_USER\software\weblookup
HKEY_CLASSES_ROOT\clsid\{dc8240df-e60d-4193-b984-5111847dc7e6}
HKEY_CLASSES_ROOT\interface\{d7988033-bde1-4a36-bbe0-633f658be770}
HKEY_CLASSES_ROOT\redirect.redirectpage
HKEY_CLASSES_ROOT\redirect.redirectpage.1
HKEY_CLASSES_ROOT\typelib\{dede7333-91f2-4064-8557-0eb2e3d37155}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{dc8240df-e60d-4193-b984-5111847dc7e6}

Removing WebLookUp:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Yulihubot RAT Removal instruction
Pigeon.AOT Trojan Information
Ill Trojan Removal
Skyfire.Spy Trojan Cleaner

Posted by at No comments:

Key.Generator Backdoor

Removing Key.Generator
Categories: Backdoor,Hacker Tool
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.
Key.Generator Also known as:

[Kaspersky]packed: Apack,packed: ASPack,packed: Com2Exe,packed: ExePack,packed: UPX
Visible Symptoms:
Files in system folders:
[%PROFILE%]\Shared\PS2 DVDgame rip kit (rip dvd games to a 700MB cdr disc)\Hex Workshop Keygen.exe
[%PROFILE%]\Shared\PS2 DVDgame rip kit (rip dvd games to a 700MB cdr disc)\Hex Workshop Keygen.exe

How to detect Key.Generator:

Files:
[%PROFILE%]\Shared\PS2 DVDgame rip kit (rip dvd games to a 700MB cdr disc)\Hex Workshop Keygen.exe
[%PROFILE%]\Shared\PS2 DVDgame rip kit (rip dvd games to a 700MB cdr disc)\Hex Workshop Keygen.exe

Removing Key.Generator:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Deltree1 Trojan
Unexplained Backdoor Information
Sibind Trojan Removal instruction
Atlas Trojan Symptoms

Posted by at No comments:

JS.SillyDlScript Trojan

Removing JS.SillyDlScript
Categories: Trojan,Downloader
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Trojans-downloaders downloads and installs new malware or adware on the computer.

JS.SillyDlScript Also known as:

[Kaspersky]Trojan-Downloader.JS.Agent.kd;
[McAfee]JS/Downloader-BCZ,JS/Downloader.BCZ;
[Other]JS/SillyDlScript.CV,JS/SillyDlScript.CS,JS/SillyDlScript.CX
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\scvhost.exe
[%WINDOWS%]\scvhost.exe

How to detect JS.SillyDlScript:

Files:
[%WINDOWS%]\scvhost.exe
[%WINDOWS%]\scvhost.exe

Removing JS.SillyDlScript:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
BO2K.Plugin.Idea Trojan Information
Backdoor.Netbus Trojan Symptoms
Remove Bancos.CYP Trojan
Bugmaster.Telnet RAT Removal

Posted by at No comments:

Zhong Adware

Removing Zhong
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\WinBudget\bin\matrix.dll
[%SYSTEM%]\append.dll
[%SYSTEM%]\nethelp.dll
[%PROGRAM_FILES%]\WinBudget\bin\matrix.dll
[%SYSTEM%]\append.dll
[%SYSTEM%]\nethelp.dll

How to detect Zhong:

Files:
[%PROGRAM_FILES%]\WinBudget\bin\matrix.dll
[%SYSTEM%]\append.dll
[%SYSTEM%]\nethelp.dll
[%PROGRAM_FILES%]\WinBudget\bin\matrix.dll
[%SYSTEM%]\append.dll
[%SYSTEM%]\nethelp.dll

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}

Removing Zhong:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.AVUO Trojan Removal

Posted by at No comments:

Hacker.Brazil Backdoor

Removing Hacker.Brazil
Categories: Backdoor,RAT
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
Hacker.Brazil Also known as:

[Kaspersky]Backdoor.HBR.10;
[McAfee]SennaSpy2001;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/HBR.10
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\hacker_brasil.exe
[%WINDOWS%]\system\hacker_brasil.exe

How to detect Hacker.Brazil:

Files:
[%WINDOWS%]\system\hacker_brasil.exe
[%WINDOWS%]\system\hacker_brasil.exe

Removing Hacker.Brazil:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Anubis Trojan
Remove TrojanDownloader.Swizzor.bo Downloader
Acid.Head Trojan Removal instruction
SillyDl.DBL Trojan Symptoms
Win2K.Infis Trojan Information

Posted by at No comments:

Goldun Trojan

Removing Goldun
Categories: Trojan,Spyware
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Goldun Also known as:

[Kaspersky]Trojan-Spy.Win32.Goldun.mx,Trohan-Spyware.Goldun.Im,Trojan-Spy.Win32.Goldun.pf;
[McAfee]PWS-Goldun.dll;
[F-Prot]W32/Goldun.NR,W32/Trojan-Dlr-SysWrt-based!Maximus;
[Panda]Trj/Banker.IKQ;
[Other]Trojan.Goldun,TSPY_GOLDUN.GL,Trojan.Goldun.M,Goldun.Fam,trojan-backdoor-goldun,Mal/Packer
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\wmdconf32.dll
[%SYSTEM%]\wmdconf32.dll

How to detect Goldun:

Files:
[%SYSTEM%]\wmdconf32.dll
[%SYSTEM%]\wmdconf32.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{92617934-9abc-def0-0fed-fad48c654321}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{92617934-9abc-def0-0fed-fad48c654321}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Goldun:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Vxidl.ALR Trojan Removal
BreakSpyware Ransomware Cleaner
Grog.Sempre Trojan Cleaner

Posted by at No comments:

Zlob.br Downloader

Removing Zlob.br
Categories: Downloader
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

How to detect Zlob.br:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{724510c3-f3c8-4fb7-879a-d99f29008a2f}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{724510c3-f3c8-4fb7-879a-d99f29008a2f}

Removing Zlob.br:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
exit.ad.de Tracking Cookie Removal
Bat.!Vir Trojan Symptoms

Posted by at No comments:

EXact.Advertising.Cashback Adware

Removing EXact.Advertising.Cashback
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:
[%DESKTOP%]\cashback.exe
[%DESKTOP%]\uninstall.exe
[%SYSTEM%]\exul3.exe
[%DESKTOP%]\cashback.exe
[%DESKTOP%]\uninstall.exe
[%SYSTEM%]\exul3.exe

How to detect EXact.Advertising.Cashback:

Files:
[%DESKTOP%]\cashback.exe
[%DESKTOP%]\uninstall.exe
[%SYSTEM%]\exul3.exe
[%DESKTOP%]\cashback.exe
[%DESKTOP%]\uninstall.exe
[%SYSTEM%]\exul3.exe

Registry Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0878B424-1F95-4E26-B5AB-F0D349D89650}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0878b424-1f95-4e26-b5ab-f0d349d89650}

Removing EXact.Advertising.Cashback:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Bpkhk.dll BHO
Svs Trojan Removal instruction
Removing BillyPie.dam Trojan
Removing Lineage.ACE Trojan

Posted by at No comments:

Crime.Catcher Spyware

Removing Crime.Catcher
Categories: Spyware
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\motion.dll
[%SYSTEM%]\motion.dll

How to detect Crime.Catcher:

Files:
[%SYSTEM%]\motion.dll
[%SYSTEM%]\motion.dll

Folders:
[%PROGRAM_FILES%]\crime catcher
[%PROGRAMS%]\crime catcher

Removing Crime.Catcher:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Delf Trojan Symptoms
Tini Trojan Removal
Remove PWS.Pricol Trojan

Posted by at No comments:

VidCach Trojan

Removing VidCach
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
VidCach Also known as:

[Kaspersky]AdWare.Win32.Vapsup.ml;
[Other]Win32/Vidcach.E,Trojan.Zlob,Bonsws Toolbar
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\iedrives.dll
[%WINDOWS%]\iedrives.dll

How to detect VidCach:

Files:
[%WINDOWS%]\iedrives.dll
[%WINDOWS%]\iedrives.dll

Registry Keys:
HKEY_CLASSES_ROOT\bonsws.btmx
HKEY_CLASSES_ROOT\bonsws.toolbar.1
HKEY_CLASSES_ROOT\clsid\{05e9894e-9c5f-454b-a6e1-7bef518ec87e}
HKEY_CLASSES_ROOT\interface\{947af619-a242-422c-beb8-28d0df96c4f7}
HKEY_CLASSES_ROOT\typelib\{b3a2a04f-e4b3-4e16-b7ad-555e8dd3dbba}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar

Removing VidCach:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
TrojanDownloader.Win32.INService Trojan Removal instruction
Bancos.HLQ Trojan Information

Posted by at No comments:

TrafficHog Adware

Removing TrafficHog
Categories: Adware,BHO
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\winalot32.dll
[%SYSTEM%]\winalot32.dll

How to detect TrafficHog:

Files:
[%SYSTEM%]\winalot32.dll
[%SYSTEM%]\winalot32.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{086cefd5-a88d-4981-8915-d51f04360ed1}
HKEY_CLASSES_ROOT\interface\{90ccdcb0-c9e5-4dc0-b791-a1111d37af9d}
HKEY_CLASSES_ROOT\interface\{967b8a74-4063-49ab-95d4-e3d25308ec66}
HKEY_CLASSES_ROOT\interface\{a19ac0c8-24c1-43c9-8f7c-449e931df473}
HKEY_CLASSES_ROOT\interface\{da8fe493-49a2-44f6-b4aa-e58cafc7ffdf}
HKEY_CLASSES_ROOT\interface\{fab925c1-16b6-4de1-bfca-880fbeafe584}
HKEY_CLASSES_ROOT\interface\{fb3daa1e-3236-4b43-9c19-64f57eb9c019}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{086cefd5-a88d-4981-8915-d51f04360ed1}

Registry Values:
HKEY_CURRENT_USER\software\traffichog
HKEY_CURRENT_USER\software\traffichog

Removing TrafficHog:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bancos.DSB Trojan Removal instruction

Posted by at No comments:

Backdoor.Progent.11!DLL Trojan

Removing Backdoor.Progent.11!DLL
Categories: Trojan,Backdoor
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Backdoor.Progent.11!DLL Also known as:

[Kaspersky]TrojanSpy.Win32.ProAgent.11;
[Eset]Win32/Spy.ProAgent.11 trojan;
[Panda]Trojan Horse
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\VPN Clients\tightvnc-1.2.9-setup.exe
[%PROGRAM_FILES%]\VPN Clients\tightvnc-1.2.9-setup.exe

How to detect Backdoor.Progent.11!DLL:

Files:
[%PROGRAM_FILES%]\VPN Clients\tightvnc-1.2.9-setup.exe
[%PROGRAM_FILES%]\VPN Clients\tightvnc-1.2.9-setup.exe

Registry Keys:
HKEY_CURRENT_USER\software\orl\vnchooks\application_prefs\winvnc.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\tightvnc_is1

Removing Backdoor.Progent.11!DLL:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.EJN Trojan Information
Remove Winshare Trojan
AVP Adware Cleaner
Remove KeyLog.Impossible Trojan
Removing agent.em Trojan

Posted by at No comments:

Bloon Trojan

Removing Bloon
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Bloon Also known as:

[Kaspersky]AdWare.Win32.Msnagent.b;
[McAfee]AdClicker-BW;
[Other]Win32/Bloon.V,Adware.WinProtect
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\pppcgm.exe
[%SYSTEM%]\{EB553BDA-B36E-41EB-A605-F44C2AB1C37D}.exe
[%WINDOWS%]\Help\SPAlert.chm
[%SYSTEM%]\pppcgm.exe
[%SYSTEM%]\{EB553BDA-B36E-41EB-A605-F44C2AB1C37D}.exe
[%WINDOWS%]\Help\SPAlert.chm

How to detect Bloon:

Files:
[%SYSTEM%]\pppcgm.exe
[%SYSTEM%]\{EB553BDA-B36E-41EB-A605-F44C2AB1C37D}.exe
[%WINDOWS%]\Help\SPAlert.chm
[%SYSTEM%]\pppcgm.exe
[%SYSTEM%]\{EB553BDA-B36E-41EB-A605-F44C2AB1C37D}.exe
[%WINDOWS%]\Help\SPAlert.chm

Removing Bloon:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bap Trojan Removal
Remove Vxidl.AMH Trojan
Removing Coldfeet Trojan
WinReg.Stw Trojan Cleaner
Remove Pigeon.AUU Trojan

Posted by at No comments:

Computer.Keylogger Spyware

Removing Computer.Keylogger
Categories: Spyware
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\ComputerKeylogger.com Full.lnk
[%DESKTOP%]\ComputerKeylogger.com Full.lnk

How to detect Computer.Keylogger:

Files:
[%DESKTOP%]\ComputerKeylogger.com Full.lnk
[%DESKTOP%]\ComputerKeylogger.com Full.lnk

Folders:
[%PROGRAMS%]\ETN Software\ComputerKeylogger.com Full
[%PROGRAM_FILES%]\ETNKL

Removing Computer.Keylogger:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing TrojanDownloader.VBS.Codin Trojan
Chopenoz!downloader Trojan Cleaner

Posted by at No comments:

DeluxeCommunications Adware

Removing DeluxeCommunications
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
DeluxeCommunications Also known as:

[Kaspersky]AdWare.Win32.SurfSide.ay
Visible Symptoms:
Files in system folders:
[%APPDATA%]\Dxcknwrd.dll
[%PROFILE_TEMP%]\DxcUpdater3.exe
[%PROGRAM_FILES%]\DeluxeCommunications\DxcBho.dll
[%PROGRAM_FILES%]\DeluxeCommunications\DxcCore.dll
[%PROGRAM_FILES_COMMON%]\misc002\DXC.exe
[%SYSTEM%]\abc.exe
[%SYSTEM%]\bkd.exe
[%SYSTEM%]\dxclib303562752.dll
[%WINDOWS%]\DXCecho.exe
[%PROFILE_TEMP%]\DXC8.x.exe
[%APPDATA%]\Dxcknwrd.dll
[%PROFILE_TEMP%]\DxcUpdater3.exe
[%PROGRAM_FILES%]\DeluxeCommunications\DxcBho.dll
[%PROGRAM_FILES%]\DeluxeCommunications\DxcCore.dll
[%PROGRAM_FILES_COMMON%]\misc002\DXC.exe
[%SYSTEM%]\abc.exe
[%SYSTEM%]\bkd.exe
[%SYSTEM%]\dxclib303562752.dll
[%WINDOWS%]\DXCecho.exe
[%PROFILE_TEMP%]\DXC8.x.exe

How to detect DeluxeCommunications:

Files:
[%APPDATA%]\Dxcknwrd.dll
[%PROFILE_TEMP%]\DxcUpdater3.exe
[%PROGRAM_FILES%]\DeluxeCommunications\DxcBho.dll
[%PROGRAM_FILES%]\DeluxeCommunications\DxcCore.dll
[%PROGRAM_FILES_COMMON%]\misc002\DXC.exe
[%SYSTEM%]\abc.exe
[%SYSTEM%]\bkd.exe
[%SYSTEM%]\dxclib303562752.dll
[%WINDOWS%]\DXCecho.exe
[%PROFILE_TEMP%]\DXC8.x.exe
[%APPDATA%]\Dxcknwrd.dll
[%PROFILE_TEMP%]\DxcUpdater3.exe
[%PROGRAM_FILES%]\DeluxeCommunications\DxcBho.dll
[%PROGRAM_FILES%]\DeluxeCommunications\DxcCore.dll
[%PROGRAM_FILES_COMMON%]\misc002\DXC.exe
[%SYSTEM%]\abc.exe
[%SYSTEM%]\bkd.exe
[%SYSTEM%]\dxclib303562752.dll
[%WINDOWS%]\DXCecho.exe
[%PROFILE_TEMP%]\DXC8.x.exe

Folders:
[%PROGRAM_FILES%]\DeluxeCommunications
[%PROGRAM_FILES%]\InetGet2

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{a8bd6820-6ed7-423e-9558-2d1486b0feea}
HKEY_CURRENT_USER\software\deluxecommunications
HKEY_LOCAL_MACHINE\software\deluxecommunications
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\deluxecommunications

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing DeluxeCommunications:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SillyDl.DHK Trojan Cleaner
BestPhrases BHO Cleaner
Pigeon.EVN Trojan Symptoms
Net.Rex.Pro Spyware Symptoms

Posted by at No comments:

SwimSuitNetwork Adware

Removing SwimSuitNetwork
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\downloaded program files\activeinstall.dll
[%WINDOWS%]\downloaded program files\activeinstall.dll

How to detect SwimSuitNetwork:

Files:
[%WINDOWS%]\downloaded program files\activeinstall.dll
[%WINDOWS%]\downloaded program files\activeinstall.dll

Folders:
[%PROGRAM_FILES%]\swimsuitnetwork

Registry Keys:
HKEY_CURRENT_USER\software\mediacharger
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:\windows\downloaded program files\activeinstall.dll
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\activeinstall.dll

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls

Removing SwimSuitNetwork:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
DLP Backdoor Removal instruction

Posted by at No comments:

OnlineGuard Ransomware

Removing OnlineGuard
Categories: Ransomware
The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\OnlineGuard.lnk
[%DESKTOP%]\OnlineGuard.lnk

How to detect OnlineGuard:

Files:
[%DESKTOP%]\OnlineGuard.lnk
[%DESKTOP%]\OnlineGuard.lnk

Folders:
[%PROGRAMS%]\OnlineGuard
[%PROGRAM_FILES%]\OnlineGuard

Registry Keys:
HKEY_CURRENT_USER\software\onlineguard
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\onlineguard

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing OnlineGuard:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Shokdial Adware Information

Posted by at No comments:

Morpheus Adware

Removing Morpheus
Categories: Adware,BHO,Worm
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
Worms can be classified according to the propagation method they use,
i.e. how they deliver copies of themselves to new victim machines.
Worms can also be classified by installation method, launch method and finally according
to characteristics standard to all malware: polymorphism, stealth etc.

Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.
The methods are listed separately below.
Morpheus Also known as:

[Panda]Adware/WurldMedia
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\beegd10.ocx
[%SYSTEM%]\clsncx22.dll
[%SYSTEM%]\clsnol22.dll
[%SYSTEM%]\fkhjqhsj.dll
[%SYSTEM%]\mobho.dll
[%SYSTEM%]\mos.exe
[%SYSTEM%]\s4setp.exe
[%SYSTEM%]\beegd10.ocx
[%SYSTEM%]\clsncx22.dll
[%SYSTEM%]\clsnol22.dll
[%SYSTEM%]\fkhjqhsj.dll
[%SYSTEM%]\mobho.dll
[%SYSTEM%]\mos.exe
[%SYSTEM%]\s4setp.exe

How to detect Morpheus:

Files:
[%SYSTEM%]\beegd10.ocx
[%SYSTEM%]\clsncx22.dll
[%SYSTEM%]\clsnol22.dll
[%SYSTEM%]\fkhjqhsj.dll
[%SYSTEM%]\mobho.dll
[%SYSTEM%]\mos.exe
[%SYSTEM%]\s4setp.exe
[%SYSTEM%]\beegd10.ocx
[%SYSTEM%]\clsncx22.dll
[%SYSTEM%]\clsnol22.dll
[%SYSTEM%]\fkhjqhsj.dll
[%SYSTEM%]\mobho.dll
[%SYSTEM%]\mos.exe
[%SYSTEM%]\s4setp.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\morpheus\mediamanager
HKEY_LOCAL_MACHINE\software\morpheus\mediamanager
HKEY_LOCAL_MACHINE\software\morpheus\mediamanager
HKEY_LOCAL_MACHINE\software\morpheus\mediamanager
HKEY_LOCAL_MACHINE\software\morpheus\mediamanager
HKEY_LOCAL_MACHINE\software\morpheus\mediamanager
HKEY_LOCAL_MACHINE\software\morpheus\mediamanager
HKEY_LOCAL_MACHINE\software\morpheus\mediamanager

Removing Morpheus:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Kenny Backdoor Removal instruction
Win32.Flooder.MailSpam.VB.virus DoS Removal
SillyDL.4PW Trojan Cleaner
Pigeon.ACZ Trojan Cleaner

Posted by at No comments:
Subscribe to: Posts (Atom)