Malware Info: 01/25/09

Sunday, January 25, 2009

TTC Adware

Removing TTC
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

TTC Also known as:


[Kaspersky]AdWare.Win32.TTC.b,AdWare.Win32.TTC.c;
[McAfee]Zquest.dr;
[Other]Adware.TTC,SecurityRiskOn

Visible Symptoms:
Files in system folders:

 
[%PROFILE_TEMP%]\camg-77798.exe
[%PROFILE_TEMP%]\camg-77798.exe.ren
[%PROGRAM_FILES%]\Internet Explorer\tebohije83122.dll
[%PROGRAM_FILES%]\Movie Maker\hoxyhuro77798.exe
[%PROGRAM_FILES%]\MSN Gaming Zone\hokevof83122.dll
[%PROGRAM_FILES%]\NetMeeting\tegewije77798.exe
[%PROGRAM_FILES%]\Online Services\hosecuky43855.dll
[%PROGRAM_FILES%]\Windows NT\hokemoqyz83122.dll
[%PROGRAM_FILES%]\WindowsUpdate\vihyni83122.dll
[%SYSTEM%]\skna455101.exe
[%PROFILE_TEMP%]\camg-77798.exe
[%PROFILE_TEMP%]\camg-77798.exe.ren
[%PROGRAM_FILES%]\Internet Explorer\tebohije83122.dll
[%PROGRAM_FILES%]\Movie Maker\hoxyhuro77798.exe
[%PROGRAM_FILES%]\MSN Gaming Zone\hokevof83122.dll
[%PROGRAM_FILES%]\NetMeeting\tegewije77798.exe
[%PROGRAM_FILES%]\Online Services\hosecuky43855.dll
[%PROGRAM_FILES%]\Windows NT\hokemoqyz83122.dll
[%PROGRAM_FILES%]\WindowsUpdate\vihyni83122.dll
[%SYSTEM%]\skna455101.exe

How to detect TTC:

Files: [%PROFILE_TEMP%]\camg-77798.exe [%PROFILE_TEMP%]\camg-77798.exe.ren [%PROGRAM_FILES%]\Internet Explorer\tebohije83122.dll [%PROGRAM_FILES%]\Movie Maker\hoxyhuro77798.exe [%PROGRAM_FILES%]\MSN Gaming Zone\hokevof83122.dll [%PROGRAM_FILES%]\NetMeeting\tegewije77798.exe [%PROGRAM_FILES%]\Online Services\hosecuky43855.dll [%PROGRAM_FILES%]\Windows NT\hokemoqyz83122.dll [%PROGRAM_FILES%]\WindowsUpdate\vihyni83122.dll [%SYSTEM%]\skna455101.exe [%PROFILE_TEMP%]\camg-77798.exe [%PROFILE_TEMP%]\camg-77798.exe.ren [%PROGRAM_FILES%]\Internet Explorer\tebohije83122.dll [%PROGRAM_FILES%]\Movie Maker\hoxyhuro77798.exe [%PROGRAM_FILES%]\MSN Gaming Zone\hokevof83122.dll [%PROGRAM_FILES%]\NetMeeting\tegewije77798.exe [%PROGRAM_FILES%]\Online Services\hosecuky43855.dll [%PROGRAM_FILES%]\Windows NT\hokemoqyz83122.dll [%PROGRAM_FILES%]\WindowsUpdate\vihyni83122.dll [%SYSTEM%]\skna455101.exe

Registry Keys: HKEY_CLASSES_ROOT\clsid\{12e04497-60f6-4656-8d11-59b26e9a8f49} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{12e04497-60f6-4656-8d11-59b26e9a8f49}

Removing TTC:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing PMT.kit Trojan
DutchWeb24 Adware Information
Bancos.GHV Trojan Removal

Net.Metropolitan Spyware

Removing Net.Metropolitan
Categories: Spyware,RAT
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\mexplore.exe
[%WINDOWS%]\mexplore.exe

How to detect Net.Metropolitan:

Files: [%WINDOWS%]\mexplore.exe [%WINDOWS%]\mexplore.exe

Removing Net.Metropolitan:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Swizzor.bq Trojan

MsjGet30 BHO

Removing MsjGet30
Categories: BHO
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\system\msjget40.dll
[%WINDOWS%]\system\msjget40.dll

How to detect MsjGet30:

Files: [%WINDOWS%]\system\msjget40.dll [%WINDOWS%]\system\msjget40.dll

Registry Keys: HKEY_CLASSES_ROOT\clsid\{4567a600-0cee-11d8-9a3c-00047624d817} HKEY_LOCAL_MACHINE\software\classes\clsid\{4567a600-0cee-11d8-9a3c-00047624d817} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4567a600-0cee-11d8-9a3c-00047624d817}

Removing MsjGet30:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Tpvo Trojan Removal instruction
Remscan RAT Removal
Removing ActiveX.SendFile Trojan

BlazeFind.variant BHO

Removing BlazeFind.variant
Categories: BHO,Hijacker
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\2_0_1browserhelper2.dll
[%SYSTEM%]\3_0_1browserhelper3.dll
[%SYSTEM%]\5_0_1browserhelper5.dll
[%SYSTEM%]\car.ico
[%SYSTEM%]\creditcard.bmp
[%SYSTEM%]\go.ico
[%SYSTEM%]\key2.txt
[%SYSTEM%]\omniprivacy.khtml
[%SYSTEM%]\unstsa2.exe
[%WINDOWS%]\3_0_1browserhelper3.dll
[%WINDOWS%]\system\2_0_1browserhelper2.dll
[%WINDOWS%]\system\3_0_1browserhelper3.dll
[%WINDOWS%]\system\5_0_1browserhelper5.dll
[%SYSTEM%]\2_0_1browserhelper2.dll
[%SYSTEM%]\3_0_1browserhelper3.dll
[%SYSTEM%]\5_0_1browserhelper5.dll
[%SYSTEM%]\car.ico
[%SYSTEM%]\creditcard.bmp
[%SYSTEM%]\go.ico
[%SYSTEM%]\key2.txt
[%SYSTEM%]\omniprivacy.khtml
[%SYSTEM%]\unstsa2.exe
[%WINDOWS%]\3_0_1browserhelper3.dll
[%WINDOWS%]\system\2_0_1browserhelper2.dll
[%WINDOWS%]\system\3_0_1browserhelper3.dll
[%WINDOWS%]\system\5_0_1browserhelper5.dll

How to detect BlazeFind.variant:

Files: [%SYSTEM%]\2_0_1browserhelper2.dll [%SYSTEM%]\3_0_1browserhelper3.dll [%SYSTEM%]\5_0_1browserhelper5.dll [%SYSTEM%]\car.ico [%SYSTEM%]\creditcard.bmp [%SYSTEM%]\go.ico [%SYSTEM%]\key2.txt [%SYSTEM%]\omniprivacy.khtml [%SYSTEM%]\unstsa2.exe [%WINDOWS%]\3_0_1browserhelper3.dll [%WINDOWS%]\system\2_0_1browserhelper2.dll [%WINDOWS%]\system\3_0_1browserhelper3.dll [%WINDOWS%]\system\5_0_1browserhelper5.dll [%SYSTEM%]\2_0_1browserhelper2.dll [%SYSTEM%]\3_0_1browserhelper3.dll [%SYSTEM%]\5_0_1browserhelper5.dll [%SYSTEM%]\car.ico [%SYSTEM%]\creditcard.bmp [%SYSTEM%]\go.ico [%SYSTEM%]\key2.txt [%SYSTEM%]\omniprivacy.khtml [%SYSTEM%]\unstsa2.exe [%WINDOWS%]\3_0_1browserhelper3.dll [%WINDOWS%]\system\2_0_1browserhelper2.dll [%WINDOWS%]\system\3_0_1browserhelper3.dll [%WINDOWS%]\system\5_0_1browserhelper5.dll

Registry Keys: HKEY_LOCAL_MACHINE\software\classes\clsid\{83de62e0-5805-11d8-9b25-00e04c60faf2} HKEY_CLASSES_ROOT\clsid\{fbed6a02-71fb-11d8-86b0-0002441a9695} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{83de62e0-5805-11d8-9b25-00e04c60faf2} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{c5941ee5-6dfa-11d8-86b0-0002441a9695} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{fbed6a02-71fb-11d8-86b0-0002441a9695} HKEY_LOCAL_MACHINE\software\classes\clsid\{c5941ee5-6dfa-11d8-86b0-0002441a9695} HKEY_LOCAL_MACHINE\software\classes\clsid\{fbed6a02-71fb-11d8-86b0-0002441a9695} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c5941ee5-6dfa-11d8-86b0-0002441a9695} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{fbed6a02-71fb-11d8-86b0-0002441a9695} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\windows controlad

Registry Values: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing BlazeFind.variant:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Synflooder DoS
Remove W95.Yabram.dr Trojan

Zlob.Fam.iVideoCodec Trojan

Removing Zlob.Fam.iVideoCodec
Categories: Trojan,Popups
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
The pop-ups generally will not be stopped by pop-up stoppers, and often are
not dependent on your having Internet Explorer open.

Visible Symptoms:
Files in system folders:

 
[%PROGRAM_FILES%]\iVideoCodec\iesplugin.dll
[%PROGRAM_FILES%]\iVideoCodec\iesuninst.exe
[%PROGRAM_FILES%]\iVideoCodec\ignored.lst
[%PROGRAM_FILES%]\iVideoCodec\isaddon.dll
[%PROGRAM_FILES%]\iVideoCodec\isamini.exe
[%PROGRAM_FILES%]\iVideoCodec\isamonitor.exe
[%PROGRAM_FILES%]\iVideoCodec\isauninst.exe
[%PROGRAM_FILES%]\iVideoCodec\ot.ico
[%PROGRAM_FILES%]\iVideoCodec\pmmon.exe
[%PROGRAM_FILES%]\iVideoCodec\pmsngr.exe
[%PROGRAM_FILES%]\iVideoCodec\pmuninst.exe
[%PROGRAM_FILES%]\iVideoCodec\Thumbs.db
[%PROGRAM_FILES%]\iVideoCodec\ts.ico
[%PROGRAM_FILES%]\iVideoCodec\uninst.exe
[%PROGRAM_FILES%]\iVideoCodec\iesplugin.dll
[%PROGRAM_FILES%]\iVideoCodec\iesuninst.exe
[%PROGRAM_FILES%]\iVideoCodec\ignored.lst
[%PROGRAM_FILES%]\iVideoCodec\isaddon.dll
[%PROGRAM_FILES%]\iVideoCodec\isamini.exe
[%PROGRAM_FILES%]\iVideoCodec\isamonitor.exe
[%PROGRAM_FILES%]\iVideoCodec\isauninst.exe
[%PROGRAM_FILES%]\iVideoCodec\ot.ico
[%PROGRAM_FILES%]\iVideoCodec\pmmon.exe
[%PROGRAM_FILES%]\iVideoCodec\pmsngr.exe
[%PROGRAM_FILES%]\iVideoCodec\pmuninst.exe
[%PROGRAM_FILES%]\iVideoCodec\Thumbs.db
[%PROGRAM_FILES%]\iVideoCodec\ts.ico
[%PROGRAM_FILES%]\iVideoCodec\uninst.exe

How to detect Zlob.Fam.iVideoCodec:

Files: [%PROGRAM_FILES%]\iVideoCodec\iesplugin.dll [%PROGRAM_FILES%]\iVideoCodec\iesuninst.exe [%PROGRAM_FILES%]\iVideoCodec\ignored.lst [%PROGRAM_FILES%]\iVideoCodec\isaddon.dll [%PROGRAM_FILES%]\iVideoCodec\isamini.exe [%PROGRAM_FILES%]\iVideoCodec\isamonitor.exe [%PROGRAM_FILES%]\iVideoCodec\isauninst.exe [%PROGRAM_FILES%]\iVideoCodec\ot.ico [%PROGRAM_FILES%]\iVideoCodec\pmmon.exe [%PROGRAM_FILES%]\iVideoCodec\pmsngr.exe [%PROGRAM_FILES%]\iVideoCodec\pmuninst.exe [%PROGRAM_FILES%]\iVideoCodec\Thumbs.db [%PROGRAM_FILES%]\iVideoCodec\ts.ico [%PROGRAM_FILES%]\iVideoCodec\uninst.exe [%PROGRAM_FILES%]\iVideoCodec\iesplugin.dll [%PROGRAM_FILES%]\iVideoCodec\iesuninst.exe [%PROGRAM_FILES%]\iVideoCodec\ignored.lst [%PROGRAM_FILES%]\iVideoCodec\isaddon.dll [%PROGRAM_FILES%]\iVideoCodec\isamini.exe [%PROGRAM_FILES%]\iVideoCodec\isamonitor.exe [%PROGRAM_FILES%]\iVideoCodec\isauninst.exe [%PROGRAM_FILES%]\iVideoCodec\ot.ico [%PROGRAM_FILES%]\iVideoCodec\pmmon.exe [%PROGRAM_FILES%]\iVideoCodec\pmsngr.exe [%PROGRAM_FILES%]\iVideoCodec\pmuninst.exe [%PROGRAM_FILES%]\iVideoCodec\Thumbs.db [%PROGRAM_FILES%]\iVideoCodec\ts.ico [%PROGRAM_FILES%]\iVideoCodec\uninst.exe

Folders: [%PROGRAM_FILES%]\iVideoCodec

Registry Keys: HKEY_CLASSES_ROOT\codecssoftwarepackage.chl HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecsSoftwarePackage.chl HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iVideoCodec

Removing Zlob.Fam.iVideoCodec:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bancos.HXQ Trojan Cleaner

Litmus Trojan

Removing Litmus
Categories: Trojan,Backdoor,DoS
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
DoS trojans conduct attacks from a single computer with the consent of the user.

Litmus Also known as:


[Kaspersky]Backdoor.Litmus.108,Backdoor.Litmus.II;
[Eset]Win32/Litmus.203 trojan,Win32/Litmus.203.A trojan,Win32/Litmus.203.B trojan,Win32/Litmus.202 trojan,Win32/Litmus.II trojan,Win32/Litmus.002 trojan;
[McAfee]BackDoor-JZ;
[F-Prot]security risk or a "backdoor" program;
[Panda]Backdoor Program.LC,Backdoor Program;
[Computer Associates]Backdoor/Litmus.203!Server,Backdoor/Litmus.203.Server,Win32.Litmus.203,Backdoor/Litmus.108,Backdoor/Litmus.202,Win32.Litmus.202,Win32.Litmus.002

How to detect Litmus:

Folders: [%WINDOWS%]\litmus

Removing Litmus:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SillyDl.CSA Trojan Removal
VB.bh Adware Symptoms
WatchPorn Trojan Cleaner

WinSoftWare Adware

Removing WinSoftWare
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

How to detect WinSoftWare:

Folders: [%PROGRAM_FILES_COMMON%]\Companion Wizard

Removing WinSoftWare:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
PSW.Ges Trojan Information
Removing Kellie Trojan
Katherdoor Trojan Symptoms
Removing thecoolpics.net Hijacker

SandBoxer Adware

Removing SandBoxer
Categories: Adware,Backdoor,Downloader
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Trojans-downloaders downloads and installs new malware or adware on the computer.

SandBoxer Also known as:


[Panda]Adware/MemoryWatcher

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\bvu9v35.exe
[%SYSTEM%]\gnsdk.exe
[%SYSTEM%]\lbk7.exe
[%SYSTEM%]\mxjqzl.exe
[%SYSTEM%]\ocn67i0.exe
[%SYSTEM%]\ojz1.exe
[%SYSTEM%]\pusy6.exe
[%SYSTEM%]\pwbm74i.exe
[%SYSTEM%]\tgjog.exe
[%SYSTEM%]\tpws.exe
[%SYSTEM%]\unj36t.exe
[%SYSTEM%]\xjpvq9t0.exe
[%SYSTEM%]\yfk8.exe
[%SYSTEM%]\yubxk.exe
[%SYSTEM%]\zpuwldj.exe
[%WINDOWS%]\idjqqk.exe
[%WINDOWS%]\ymcjqxfa.exe
[%SYSTEM%]\bvu9v35.exe
[%SYSTEM%]\gnsdk.exe
[%SYSTEM%]\lbk7.exe
[%SYSTEM%]\mxjqzl.exe
[%SYSTEM%]\ocn67i0.exe
[%SYSTEM%]\ojz1.exe
[%SYSTEM%]\pusy6.exe
[%SYSTEM%]\pwbm74i.exe
[%SYSTEM%]\tgjog.exe
[%SYSTEM%]\tpws.exe
[%SYSTEM%]\unj36t.exe
[%SYSTEM%]\xjpvq9t0.exe
[%SYSTEM%]\yfk8.exe
[%SYSTEM%]\yubxk.exe
[%SYSTEM%]\zpuwldj.exe
[%WINDOWS%]\idjqqk.exe
[%WINDOWS%]\ymcjqxfa.exe

How to detect SandBoxer:

Files: [%SYSTEM%]\bvu9v35.exe [%SYSTEM%]\gnsdk.exe [%SYSTEM%]\lbk7.exe [%SYSTEM%]\mxjqzl.exe [%SYSTEM%]\ocn67i0.exe [%SYSTEM%]\ojz1.exe [%SYSTEM%]\pusy6.exe [%SYSTEM%]\pwbm74i.exe [%SYSTEM%]\tgjog.exe [%SYSTEM%]\tpws.exe [%SYSTEM%]\unj36t.exe [%SYSTEM%]\xjpvq9t0.exe [%SYSTEM%]\yfk8.exe [%SYSTEM%]\yubxk.exe [%SYSTEM%]\zpuwldj.exe [%WINDOWS%]\idjqqk.exe [%WINDOWS%]\ymcjqxfa.exe [%SYSTEM%]\bvu9v35.exe [%SYSTEM%]\gnsdk.exe [%SYSTEM%]\lbk7.exe [%SYSTEM%]\mxjqzl.exe [%SYSTEM%]\ocn67i0.exe [%SYSTEM%]\ojz1.exe [%SYSTEM%]\pusy6.exe [%SYSTEM%]\pwbm74i.exe [%SYSTEM%]\tgjog.exe [%SYSTEM%]\tpws.exe [%SYSTEM%]\unj36t.exe [%SYSTEM%]\xjpvq9t0.exe [%SYSTEM%]\yfk8.exe [%SYSTEM%]\yubxk.exe [%SYSTEM%]\zpuwldj.exe [%WINDOWS%]\idjqqk.exe [%WINDOWS%]\ymcjqxfa.exe

Folders: [%PROGRAMS%]\memorywatcher

Registry Keys: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\memorywatcher

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing SandBoxer:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bancos.HFI Trojan Removal
Pigeon.AZD Trojan Symptoms

Punisher Trojan

Removing Punisher
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Visible Symptoms:
Files in system folders:

 
[%DESKTOP%]\AdwarePunisher.lnk
[%DESKTOP%]\AdwarePunisher.lnk

How to detect Punisher:

Files: [%DESKTOP%]\AdwarePunisher.lnk [%DESKTOP%]\AdwarePunisher.lnk

Folders: [%PROGRAMS%]\AdwarePunisher [%PROGRAM_FILES%]\AdwarePunisher

Registry Keys: HKEY_CURRENT_USER\software\adwarepunisher HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\adwarepunisher

Registry Values: HKEY_CURRENT_USER\software\borland\locales HKEY_CURRENT_USER\software\borland\locales HKEY_CURRENT_USER\software\borland\locales HKEY_CURRENT_USER\software\borland\locales HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing Punisher:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Die.ANSI.Bomb Worm Information
SuperUtilBar Toolbar Cleaner
Remove Rendezvous RAT

AntispywareSuite Ransomware

Removing AntispywareSuite
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.

If the victim opens/executes the attachment, the program encrypts
a number of files on the victim's computer. A ransom note is then left behind for the victim.

The victim will be unable to open the encrypted files without the correct decryption key.
Once the ransom demanded in the ransom note is paid, the cracker may (or may not)
send the decryption key, enabling decryption of the "kidnapped" files.

Visible Symptoms:
Files in system folders:

 
[%COMMON_DESKTOPDIRECTORY%]\AntiSpywareSuite.lnk
[%PROGRAM_FILES%]\AntiSpywareSuite\pgs.exe
[%COMMON_DESKTOPDIRECTORY%]\AntiSpywareSuite.lnk
[%PROGRAM_FILES%]\AntiSpywareSuite\pgs.exe

How to detect AntispywareSuite:

Files: [%COMMON_DESKTOPDIRECTORY%]\AntiSpywareSuite.lnk [%PROGRAM_FILES%]\AntiSpywareSuite\pgs.exe [%COMMON_DESKTOPDIRECTORY%]\AntiSpywareSuite.lnk [%PROGRAM_FILES%]\AntiSpywareSuite\pgs.exe

Folders: [%APPDATA%]\AntiSpywareSuite [%COMMON_PROGRAMS%]\AntiSpywareSuite [%PROGRAM_FILES%]\AntiSpywareSuite [%PROGRAM_FILES_COMMON%]\AntiSpywareSuite

Registry Keys: HKEY_LOCAL_MACHINE\SOFTWARE\AntiSpywareSuite HKEY_CURRENT_USER\software\antispywaresuite HKEY_LOCAL_MACHINE\software\antispywaresuite HKEY_LOCAL_MACHINE\software\ugcw

Registry Values: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\products, compname=locus software HKEY_LOCAL_MACHINE\software\products HKEY_LOCAL_MACHINE\software\products

Removing AntispywareSuite:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
WWW.HowStuffWorks.com Tracking Cookie Information
CrazyCD Trojan Removal instruction
Bat.Grem Trojan Cleaner
Bancos.BNA Trojan Information
Pot Trojan Cleaner

Luzia Spyware

Removing Luzia
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

Luzia Also known as:


[Kaspersky]Trojan-Spy.Win32.Luzia.k;
[Other]Infostealer

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\msnscr.exe
[%SYSTEM%]\msnscr.exe

How to detect Luzia:

Files: [%SYSTEM%]\msnscr.exe [%SYSTEM%]\msnscr.exe

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Luzia:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Spiffit DoS
Nina Trojan Symptoms

Loadwin.exe Trojan

Removing Loadwin.exe
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\sldrv.dll
[%WINDOWS%]\system\loadwin.exe
[%SYSTEM%]\sldrv.dll
[%WINDOWS%]\system\loadwin.exe

How to detect Loadwin.exe:

Files: [%SYSTEM%]\sldrv.dll [%WINDOWS%]\system\loadwin.exe [%SYSTEM%]\sldrv.dll [%WINDOWS%]\system\loadwin.exe

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Loadwin.exe:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing IE.Host Adware
Bancos.AGV Trojan Cleaner
Vxidl.AZY Trojan Removal
Pigeon.ETU Trojan Cleaner

CWS.GoogleMS Hijacker

Removing CWS.GoogleMS
Categories: Hijacker
Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search.

Visible Symptoms:
Files in system folders:

 
[%APPDATA%]\googlems.dll
[%APPDATA%]\microsoft\office\word10.dll
[%APPDATA%]\searchword.dll
[%APPDATA%]\googlems.dll
[%APPDATA%]\microsoft\office\word10.dll
[%APPDATA%]\searchword.dll

How to detect CWS.GoogleMS:

Files: [%APPDATA%]\googlems.dll [%APPDATA%]\microsoft\office\word10.dll [%APPDATA%]\searchword.dll [%APPDATA%]\googlems.dll [%APPDATA%]\microsoft\office\word10.dll [%APPDATA%]\searchword.dll

Registry Keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} HKEY_CLASSES_ROOT\clsid\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} HKEY_CLASSES_ROOT\interface\{212552cf-d5b0-49f0-961d-95ca146cde03} HKEY_CLASSES_ROOT\interface\{84f2d0d3-79de-42cd-b8bb-f7dbaebddd4e} HKEY_CLASSES_ROOT\searchword.excelexport HKEY_CLASSES_ROOT\searchword.excelexport.1 HKEY_CLASSES_ROOT\searchword.searchhelp HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} HKEY_CLASSES_ROOT\typelib\{355f8396-c845-4966-a103-8a05d0004248} HKEY_CLASSES_ROOT\typelib\{fb19bc08-e664-462c-909b-3e9c3f4ff90e} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}

Removing CWS.GoogleMS:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove AdButler Tracking Cookie

Lookup Adware

Removing Lookup
Categories: Adware,BHO,Hijacker,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\downloaded program files\ineb.inf
[%WINDOWS%]\ilookup\ttil.exe
[%SYSTEM%]\bundler_mpb_sb.exe
[%SYSTEM%]\gws.dll
[%SYSTEM%]\ineb.dll
[%SYSTEM%]\waeb.dll
[%SYSTEM%]\windec32.dll
[%WINDOWS%]\system\gws.dll
[%WINDOWS%]\system\ineb.dll
[%WINDOWS%]\system\waeb.dll
[%WINDOWS%]\system\windec32.dll
[%WINDOWS%]\downloaded program files\ineb.inf
[%WINDOWS%]\ilookup\ttil.exe
[%SYSTEM%]\bundler_mpb_sb.exe
[%SYSTEM%]\gws.dll
[%SYSTEM%]\ineb.dll
[%SYSTEM%]\waeb.dll
[%SYSTEM%]\windec32.dll
[%WINDOWS%]\system\gws.dll
[%WINDOWS%]\system\ineb.dll
[%WINDOWS%]\system\waeb.dll
[%WINDOWS%]\system\windec32.dll

How to detect Lookup:

Files: [%WINDOWS%]\downloaded program files\ineb.inf [%WINDOWS%]\ilookup\ttil.exe [%SYSTEM%]\bundler_mpb_sb.exe [%SYSTEM%]\gws.dll [%SYSTEM%]\ineb.dll [%SYSTEM%]\waeb.dll [%SYSTEM%]\windec32.dll [%WINDOWS%]\system\gws.dll [%WINDOWS%]\system\ineb.dll [%WINDOWS%]\system\waeb.dll [%WINDOWS%]\system\windec32.dll [%WINDOWS%]\downloaded program files\ineb.inf [%WINDOWS%]\ilookup\ttil.exe [%SYSTEM%]\bundler_mpb_sb.exe [%SYSTEM%]\gws.dll [%SYSTEM%]\ineb.dll [%SYSTEM%]\waeb.dll [%SYSTEM%]\windec32.dll [%WINDOWS%]\system\gws.dll [%WINDOWS%]\system\ineb.dll [%WINDOWS%]\system\waeb.dll [%WINDOWS%]\system\windec32.dll

Folders: [%FAVORITES%]\hot links [%FAVORITES%]\messenger links [%FAVORITES%]\shopping deals [%FAVORITES%]\gifts for her [%FAVORITES%]\i-lookup favorites [%PROGRAM_FILES%]\i-lookup

Registry Keys: HKEY_CLASSES_ROOT\interface\{42f58f60-9299-4564-9abd-8e9324844560} HKEY_CLASSES_ROOT\interface\{696d1af8-d0ff-42fd-bd8d-d0b20d64f508} HKEY_CLASSES_ROOT\interface\{8fc08358-3634-44c7-a8f2-96dc7f39acd2} HKEY_CLASSES_ROOT\interface\{de53fa5d-11cc-4cb5-8d8e-eb5aa59c1e5a} HKEY_CLASSES_ROOT\interface\{e38924f7-f290-4c13-beec-e8c587f58128} HKEY_CLASSES_ROOT\interface\{fa82a7ec-2afc-4ee0-8f83-3229f7c6437e} HKEY_CURRENT_USER\software\share_docs HKEY_LOCAL_MACHINE\software\classes\clsid\{421a63ba-4632-43e0-a942-3b4ab645be51} HKEY_CLASSES_ROOT\clsid\{11f6b95f-0774-4b8d-8c9e-6b552cbcad14} HKEY_CLASSES_ROOT\clsid\{18b79968-1a76-4953-9ebb-b651407f8998} HKEY_CLASSES_ROOT\clsid\{1bef6c0c-955a-4ad7-bf44-c9e0194b2379} HKEY_CLASSES_ROOT\clsid\{4c759ec6-96bd-4551-a320-e61a1d68437f} HKEY_CLASSES_ROOT\clsid\{50a426c6-360d-42ba-93c8-f144950b731b} HKEY_CLASSES_ROOT\clsid\{54a85a38-a699-4aec-8f88-ab542210c93b} HKEY_CLASSES_ROOT\clsid\{593b3b7b-2d60-43cf-8ce2-0d23b897db4c} HKEY_CLASSES_ROOT\clsid\{61d029ac-972b-49fe-a155-962dfa0a37bb} HKEY_CLASSES_ROOT\clsid\{6ef3ae25-5a7d-40c2-9b44-9ed0068621c0} HKEY_CLASSES_ROOT\clsid\{89580613-09bb-4df6-8c2f-41896f7ea5cd} HKEY_CLASSES_ROOT\clsid\{895fdaae-9464-458d-a2f8-0dbe95788620} HKEY_CLASSES_ROOT\clsid\{8e4c16f3-45c8-4b24-99e6-f55082b7c4f1} HKEY_CLASSES_ROOT\clsid\{a752277b-b866-4e70-b89e-5fb95cbad219} HKEY_CLASSES_ROOT\clsid\{bd419acd-b41c-49d9-8adf-cca159052515} HKEY_CLASSES_ROOT\clsid\{cba523b2-1906-4d14-95a2-cd8e233701c7} HKEY_CLASSES_ROOT\clsid\{d35a69a7-7a34-4c67-814a-3f508c0bf371} HKEY_CLASSES_ROOT\clsid\{e88a86d2-e5ce-4089-bc9f-e7a819feaedb} HKEY_CLASSES_ROOT\clsid\{f74b777e-13e7-4fea-a793-400f93adb813} HKEY_CLASSES_ROOT\clsid\{fbaa0b9e-a059-43e4-9699-76eb0aeb975b} HKEY_CLASSES_ROOT\clsid\{fcd1122e-fc8d-4281-8203-d6cf88735eb2} HKEY_CLASSES_ROOT\clsid\{fe1a240f-b247-4e06-a600-30e28f5af3a0} HKEY_CLASSES_ROOT\ineb.bho HKEY_CLASSES_ROOT\ineb.bho.1 HKEY_CLASSES_ROOT\ineb.inebdb HKEY_CLASSES_ROOT\ineb.inebdb.1 HKEY_CLASSES_ROOT\ineb.inst HKEY_CLASSES_ROOT\ineb.inst.1 HKEY_CLASSES_ROOT\ineb.oma HKEY_CLASSES_ROOT\ineb.oma.1 HKEY_CLASSES_ROOT\ineb.omo HKEY_CLASSES_ROOT\ineb.omo.1 HKEY_CLASSES_ROOT\interface\{072b061c-d125-43da-b2c3-b852ea74fa75} HKEY_CLASSES_ROOT\interface\{3fd0ee3a-96af-434b-8b05-6970699905ae} HKEY_CLASSES_ROOT\interface\{48eb9347-32ef-4fea-803d-3cd314105cb5} HKEY_CLASSES_ROOT\interface\{5fcbdfe8-0e64-4190-90e6-baf31077e46a} HKEY_CLASSES_ROOT\interface\{61cf04dd-f258-4adf-9339-4842c563d1a3} HKEY_CLASSES_ROOT\interface\{7ba07821-d9ef-45df-8e7b-e2c242568f7f} HKEY_CLASSES_ROOT\interface\{7ba3aee4-8bd2-4d88-a1eb-7627a086c2e6} HKEY_CLASSES_ROOT\interface\{7e893886-5641-4867-a323-2d8abb7b4d6d} HKEY_CLASSES_ROOT\interface\{8707b839-3140-4d81-b5fd-5c9f51ddf7bb} HKEY_CLASSES_ROOT\interface\{95d5ab22-576d-47c1-97f0-9b9e9e784439} HKEY_CLASSES_ROOT\interface\{9ca8eb8e-7d4e-443e-b227-c959d52be707} HKEY_CLASSES_ROOT\interface\{b05644e6-d092-4131-bf55-962ed6220aac} HKEY_CLASSES_ROOT\interface\{b0632ec9-bd27-48c4-b16c-294f8823bff0} HKEY_CLASSES_ROOT\interface\{b2231c24-e5bc-4067-b450-2bfd7c9458c7} HKEY_CLASSES_ROOT\interface\{b7383d80-81aa-4fd7-8ac2-d852677cdeae} HKEY_CLASSES_ROOT\interface\{bfeffbf3-9f1d-400d-b3e4-7016d47810db} HKEY_CLASSES_ROOT\interface\{c142ab6d-8a47-4178-b0c6-7e80d89f0e1e} HKEY_CLASSES_ROOT\interface\{c8418b66-7898-4131-a131-f2b839308c15} HKEY_CLASSES_ROOT\interface\{d28b0b4c-c2a8-4f2d-8a9c-e98844d293d2} HKEY_CLASSES_ROOT\interface\{e432b411-6e00-4a49-b715-a88e1cc90cc5} HKEY_CLASSES_ROOT\interface\{e6ed4741-a9df-4bb1-a203-c7461fc00355} HKEY_CLASSES_ROOT\interface\{f3a898b0-6d64-4155-bdf9-c26c99e15071} HKEY_CLASSES_ROOT\interface\{fe118bbf-1b52-4cb3-97f2-4995e90a630d} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{18b79968-1a76-4953-9ebb-b651407f8998} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{61d029ac-972b-49fe-a155-962dfa0a37bb} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{8e4c16f3-45c8-4b24-99e6-f55082b7c4f1} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{cba523b2-1906-4d14-95a2-cd8e233701c7} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{fbaa0b9e-a059-43e4-9699-76eb0aeb975b} HKEY_CLASSES_ROOT\typelib\{0aaf602e-72a1-45fe-bab1-06971e07eaa2} HKEY_CLASSES_ROOT\typelib\{0c9cbfe1-91cd-40c2-bb64-1ec84c4c46af} HKEY_CLASSES_ROOT\typelib\{2038a287-4221-4f76-a7c0-addd77afabb3} HKEY_CLASSES_ROOT\typelib\{4da3703c-eae4-4b1d-93a6-f1d5835a28fd} HKEY_CLASSES_ROOT\typelib\{660b38cb-6349-4c67-a418-aadabae09c38} HKEY_CLASSES_ROOT\typelib\{753aa023-02d1-447d-8b55-53a91a5abf18} HKEY_CLASSES_ROOT\typelib\{edd73c85-28b8-4145-ab9c-673c74c667e6}\1.0 HKEY_CLASSES_ROOT\windec.amo HKEY_CLASSES_ROOT\windec.amo.1 HKEY_CLASSES_ROOT\windec.dbi HKEY_CLASSES_ROOT\windec.dbi.1 HKEY_CLASSES_ROOT\windec.iiittt HKEY_CLASSES_ROOT\windec.iiittt.1 HKEY_CLASSES_ROOT\windec.momo HKEY_CLASSES_ROOT\windec.momo.1 HKEY_CLASSES_ROOT\windec.ohb HKEY_CLASSES_ROOT\windec.ohb.1 HKEY_LOCAL_MACHINE\software\classes\clsid\{11f6b95f-0774-4b8d-8c9e-6b552cbcad14} HKEY_LOCAL_MACHINE\software\classes\clsid\{18b79968-1a76-4953-9ebb-b651407f8998} HKEY_LOCAL_MACHINE\software\classes\clsid\{54a85a38-a699-4aec-8f88-ab542210c93b} HKEY_LOCAL_MACHINE\software\classes\clsid\{61d029ac-972b-49fe-a155-962dfa0a37bb} HKEY_LOCAL_MACHINE\software\classes\clsid\{6ef3ae25-5a7d-40c2-9b44-9ed0068621c0} HKEY_LOCAL_MACHINE\software\classes\clsid\{8e4c16f3-45c8-4b24-99e6-f55082b7c4f1} HKEY_LOCAL_MACHINE\software\classes\clsid\{cba523b2-1906-4d14-95a2-cd8e233701c7} HKEY_LOCAL_MACHINE\software\classes\clsid\{d35a69a7-7a34-4c67-814a-3f508c0bf371} HKEY_LOCAL_MACHINE\software\classes\clsid\{fbaa0b9e-a059-43e4-9699-76eb0aeb975b} HKEY_LOCAL_MACHINE\software\classes\interface\{7e893886-5641-4867-a323-2d8abb7b4d6d} HKEY_LOCAL_MACHINE\software\classes\interface\{b0632ec9-bd27-48c4-b16c-294f8823bff0} HKEY_LOCAL_MACHINE\software\classes\interface\{e6ed4741-a9df-4bb1-a203-c7461fc00355} HKEY_LOCAL_MACHINE\software\classes\typelib\{edd73c85-28b8-4145-ab9c-673c74c667e6} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18b79968-1a76-4953-9ebb-b651407f8998} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{61d029ac-972b-49fe-a155-962dfa0a37bb} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{cba523b2-1906-4d14-95a2-cd8e233701c7} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{fbaa0b9e-a059-43e4-9699-76eb0aeb975b}

Registry Values: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Lookup:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Exploit.IIS.WebDir Worm Information
Piratos Adware Symptoms
Tufelen Trojan Removal
Veygolk Trojan Information
Vxidl.AKH Trojan Information

Vundo.Variant Spyware

Removing Vundo.Variant
Categories: Spyware,Backdoor
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Vundo.Variant Also known as:


[Eset]Win32/Spy.Agent.P trojan;
[Panda]Bck/Agent.H;
[Computer Associates]Win32/Vundo.Variant!Trojan

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\security\logs\mfcexp.exe
[%WINDOWS%]\system\mui\svcbak.exe
[%WINDOWS%]\security\logs\mfcexp.exe
[%WINDOWS%]\system\mui\svcbak.exe

How to detect Vundo.Variant:

Files: [%WINDOWS%]\security\logs\mfcexp.exe [%WINDOWS%]\system\mui\svcbak.exe [%WINDOWS%]\security\logs\mfcexp.exe [%WINDOWS%]\system\mui\svcbak.exe

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Vundo.Variant:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
XT.Bot Backdoor Removal
Ugo Tracking Cookie Symptoms

CnsMin BHO

Removing CnsMin
Categories: BHO,Hijacker,Toolbar,Downloader
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

CnsMin Also known as:


[Panda]Spyware/CnsMin

Visible Symptoms:
Files in system folders:

 
[%PROGRAM_FILES%]\3721\alLiveEx.dll
[%SYSTEM%]\assist.dll
[%SYSTEM%]\cns.dat
[%SYSTEM%]\cns.dll
[%SYSTEM%]\cns.exe
[%SYSTEM%]\drivers\cnsminkp.sys
[%WINDOWS%]\cnsinfo.dat
[%WINDOWS%]\downloaded program files\cnshook.dll
[%WINDOWS%]\downloaded program files\cnsio.dll
[%WINDOWS%]\downloaded program files\cnsmin.dll
[%WINDOWS%]\downloaded program files\cnsmin.inf
[%WINDOWS%]\downloaded program files\cnsmin.ini
[%WINDOWS%]\downloaded program files\cnsmincg.ini
[%WINDOWS%]\downloaded program files\cnsmindt.cab
[%WINDOWS%]\downloaded program files\cnsmindt.dll
[%WINDOWS%]\downloaded program files\cnsminex.cab
[%WINDOWS%]\downloaded program files\cnsminex.dll
[%WINDOWS%]\downloaded program files\cnsminex.ini
[%WINDOWS%]\downloaded program files\cnsminhk.cab
[%WINDOWS%]\downloaded program files\cnsminidn.cab
[%WINDOWS%]\downloaded program files\cnsminio.cab
[%WINDOWS%]\downloaded program files\cnsminio.dll
[%WINDOWS%]\downloaded program files\cnsminsv.cab
[%WINDOWS%]\Downloaded Program Files\CnsMinSV.dll
[%WINDOWS%]\downloaded program files\cnsup.ini
[%WINDOWS%]\downloaded program files\keepmain.dll
[%WINDOWS%]\downlo~1\3721\cnsio.dll
[%WINDOWS%]\downlo~1\cnshook.dll
[%WINDOWS%]\downlo~1\cnsio.dll
[%WINDOWS%]\downlo~1\cnsmin.dll
[%WINDOWS%]\downlo~1\cnsmin.ini
[%WINDOWS%]\downlo~1\cnsmincg.ini
[%WINDOWS%]\downlo~1\cnsmindt.dll
[%WINDOWS%]\downlo~1\cnsminex.dll
[%WINDOWS%]\downlo~1\cnsminex.ini
[%WINDOWS%]\downlo~1\cnsminio.dll
[%WINDOWS%]\DOWNLO~1\CnsMinSV.dll
[%WINDOWS%]\downlo~1\cnsup.ini
[%APPDATA%]\aneestdpea.lib
[%FAVORITES%]\3721 chinese keywords.url
[%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\3721éïíøöúêö.lnk
[%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\ieðþ¸´.lnk
[%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\ïµí³¼óëù.lnk
[%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\öúêö°ïöú.lnk
[%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\òþë½±£»¤.lnk
[%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\°²è«·à»¤.lnk
[%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\¹ã¸æà¹½ø.lnk
[%PROGRAM_FILES%]\cnscfgf.dat
[%PROGRAM_FILES%]\cnscfgr.dat
[%PROGRAM_FILES%]\cnsmin.dat
[%SYSTEM%]\bdhelper.dll
[%SYSTEM%]\cesweb.dll
[%SYSTEM%]\cnshook.dll
[%SYSTEM%]\ehelper.dll
[%WINDOWS%]\downloaded program files\3721\cnsio.dll
[%WINDOWS%]\downloaded program files\axfilter.dll
[%WINDOWS%]\downloaded program files\cns02.dat
[%WINDOWS%]\downloaded program files\cnsminaf.cab
[%WINDOWS%]\downloaded program files\cnsminck.cab
[%WINDOWS%]\downloaded program files\cnsminck.dll
[%WINDOWS%]\downloaded program files\cnsminsv.dll
[%WINDOWS%]\downloaded program files\keepmainm.cab
[%WINDOWS%]\system\assist.dll
[%WINDOWS%]\system\bdhelper.dll
[%WINDOWS%]\system\cesweb.dll
[%WINDOWS%]\system\cnshook.dll
[%PROGRAM_FILES%]\3721\alLiveEx.dll
[%SYSTEM%]\assist.dll
[%SYSTEM%]\cns.dat
[%SYSTEM%]\cns.dll
[%SYSTEM%]\cns.exe
[%SYSTEM%]\drivers\cnsminkp.sys
[%WINDOWS%]\cnsinfo.dat
[%WINDOWS%]\downloaded program files\cnshook.dll
[%WINDOWS%]\downloaded program files\cnsio.dll
[%WINDOWS%]\downloaded program files\cnsmin.dll
[%WINDOWS%]\downloaded program files\cnsmin.inf
[%WINDOWS%]\downloaded program files\cnsmin.ini
[%WINDOWS%]\downloaded program files\cnsmincg.ini
[%WINDOWS%]\downloaded program files\cnsmindt.cab
[%WINDOWS%]\downloaded program files\cnsmindt.dll
[%WINDOWS%]\downloaded program files\cnsminex.cab
[%WINDOWS%]\downloaded program files\cnsminex.dll
[%WINDOWS%]\downloaded program files\cnsminex.ini
[%WINDOWS%]\downloaded program files\cnsminhk.cab
[%WINDOWS%]\downloaded program files\cnsminidn.cab
[%WINDOWS%]\downloaded program files\cnsminio.cab
[%WINDOWS%]\downloaded program files\cnsminio.dll
[%WINDOWS%]\downloaded program files\cnsminsv.cab
[%WINDOWS%]\Downloaded Program Files\CnsMinSV.dll
[%WINDOWS%]\downloaded program files\cnsup.ini
[%WINDOWS%]\downloaded program files\keepmain.dll
[%WINDOWS%]\downlo~1\3721\cnsio.dll
[%WINDOWS%]\downlo~1\cnshook.dll
[%WINDOWS%]\downlo~1\cnsio.dll
[%WINDOWS%]\downlo~1\cnsmin.dll
[%WINDOWS%]\downlo~1\cnsmin.ini
[%WINDOWS%]\downlo~1\cnsmincg.ini
[%WINDOWS%]\downlo~1\cnsmindt.dll
[%WINDOWS%]\downlo~1\cnsminex.dll
[%WINDOWS%]\downlo~1\cnsminex.ini
[%WINDOWS%]\downlo~1\cnsminio.dll
[%WINDOWS%]\DOWNLO~1\CnsMinSV.dll
[%WINDOWS%]\downlo~1\cnsup.ini
[%APPDATA%]\aneestdpea.lib
[%FAVORITES%]\3721 chinese keywords.url
[%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\3721éïíøöúêö.lnk
[%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\ieðþ¸´.lnk
[%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\ïµí³¼óëù.lnk
[%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\öúêö°ïöú.lnk
[%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\òþë½±£»¤.lnk
[%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\°²è«·à»¤.lnk
[%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\¹ã¸æà¹½ø.lnk
[%PROGRAM_FILES%]\cnscfgf.dat
[%PROGRAM_FILES%]\cnscfgr.dat
[%PROGRAM_FILES%]\cnsmin.dat
[%SYSTEM%]\bdhelper.dll
[%SYSTEM%]\cesweb.dll
[%SYSTEM%]\cnshook.dll
[%SYSTEM%]\ehelper.dll
[%WINDOWS%]\downloaded program files\3721\cnsio.dll
[%WINDOWS%]\downloaded program files\axfilter.dll
[%WINDOWS%]\downloaded program files\cns02.dat
[%WINDOWS%]\downloaded program files\cnsminaf.cab
[%WINDOWS%]\downloaded program files\cnsminck.cab
[%WINDOWS%]\downloaded program files\cnsminck.dll
[%WINDOWS%]\downloaded program files\cnsminsv.dll
[%WINDOWS%]\downloaded program files\keepmainm.cab
[%WINDOWS%]\system\assist.dll
[%WINDOWS%]\system\bdhelper.dll
[%WINDOWS%]\system\cesweb.dll
[%WINDOWS%]\system\cnshook.dll

How to detect CnsMin:

Files: [%PROGRAM_FILES%]\3721\alLiveEx.dll [%SYSTEM%]\assist.dll [%SYSTEM%]\cns.dat [%SYSTEM%]\cns.dll [%SYSTEM%]\cns.exe [%SYSTEM%]\drivers\cnsminkp.sys [%WINDOWS%]\cnsinfo.dat [%WINDOWS%]\downloaded program files\cnshook.dll [%WINDOWS%]\downloaded program files\cnsio.dll [%WINDOWS%]\downloaded program files\cnsmin.dll [%WINDOWS%]\downloaded program files\cnsmin.inf [%WINDOWS%]\downloaded program files\cnsmin.ini [%WINDOWS%]\downloaded program files\cnsmincg.ini [%WINDOWS%]\downloaded program files\cnsmindt.cab [%WINDOWS%]\downloaded program files\cnsmindt.dll [%WINDOWS%]\downloaded program files\cnsminex.cab [%WINDOWS%]\downloaded program files\cnsminex.dll [%WINDOWS%]\downloaded program files\cnsminex.ini [%WINDOWS%]\downloaded program files\cnsminhk.cab [%WINDOWS%]\downloaded program files\cnsminidn.cab [%WINDOWS%]\downloaded program files\cnsminio.cab [%WINDOWS%]\downloaded program files\cnsminio.dll [%WINDOWS%]\downloaded program files\cnsminsv.cab [%WINDOWS%]\Downloaded Program Files\CnsMinSV.dll [%WINDOWS%]\downloaded program files\cnsup.ini [%WINDOWS%]\downloaded program files\keepmain.dll [%WINDOWS%]\downlo~1\3721\cnsio.dll [%WINDOWS%]\downlo~1\cnshook.dll [%WINDOWS%]\downlo~1\cnsio.dll [%WINDOWS%]\downlo~1\cnsmin.dll [%WINDOWS%]\downlo~1\cnsmin.ini [%WINDOWS%]\downlo~1\cnsmincg.ini [%WINDOWS%]\downlo~1\cnsmindt.dll [%WINDOWS%]\downlo~1\cnsminex.dll [%WINDOWS%]\downlo~1\cnsminex.ini [%WINDOWS%]\downlo~1\cnsminio.dll [%WINDOWS%]\DOWNLO~1\CnsMinSV.dll [%WINDOWS%]\downlo~1\cnsup.ini [%APPDATA%]\aneestdpea.lib [%FAVORITES%]\3721 chinese keywords.url [%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\3721éïíøöúêö.lnk [%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\ieðþ¸´.lnk [%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\ïµí³¼óëù.lnk [%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\öúêö°ïöú.lnk [%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\òþë½±£»¤.lnk [%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\°²è«·à»¤.lnk [%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\¹ã¸æà¹½ø.lnk [%PROGRAM_FILES%]\cnscfgf.dat [%PROGRAM_FILES%]\cnscfgr.dat [%PROGRAM_FILES%]\cnsmin.dat [%SYSTEM%]\bdhelper.dll [%SYSTEM%]\cesweb.dll [%SYSTEM%]\cnshook.dll [%SYSTEM%]\ehelper.dll [%WINDOWS%]\downloaded program files\3721\cnsio.dll [%WINDOWS%]\downloaded program files\axfilter.dll [%WINDOWS%]\downloaded program files\cns02.dat [%WINDOWS%]\downloaded program files\cnsminaf.cab [%WINDOWS%]\downloaded program files\cnsminck.cab [%WINDOWS%]\downloaded program files\cnsminck.dll [%WINDOWS%]\downloaded program files\cnsminsv.dll [%WINDOWS%]\downloaded program files\keepmainm.cab [%WINDOWS%]\system\assist.dll [%WINDOWS%]\system\bdhelper.dll [%WINDOWS%]\system\cesweb.dll [%WINDOWS%]\system\cnshook.dll [%PROGRAM_FILES%]\3721\alLiveEx.dll [%SYSTEM%]\assist.dll [%SYSTEM%]\cns.dat [%SYSTEM%]\cns.dll [%SYSTEM%]\cns.exe [%SYSTEM%]\drivers\cnsminkp.sys [%WINDOWS%]\cnsinfo.dat [%WINDOWS%]\downloaded program files\cnshook.dll [%WINDOWS%]\downloaded program files\cnsio.dll [%WINDOWS%]\downloaded program files\cnsmin.dll [%WINDOWS%]\downloaded program files\cnsmin.inf [%WINDOWS%]\downloaded program files\cnsmin.ini [%WINDOWS%]\downloaded program files\cnsmincg.ini [%WINDOWS%]\downloaded program files\cnsmindt.cab [%WINDOWS%]\downloaded program files\cnsmindt.dll [%WINDOWS%]\downloaded program files\cnsminex.cab [%WINDOWS%]\downloaded program files\cnsminex.dll [%WINDOWS%]\downloaded program files\cnsminex.ini [%WINDOWS%]\downloaded program files\cnsminhk.cab [%WINDOWS%]\downloaded program files\cnsminidn.cab [%WINDOWS%]\downloaded program files\cnsminio.cab [%WINDOWS%]\downloaded program files\cnsminio.dll [%WINDOWS%]\downloaded program files\cnsminsv.cab [%WINDOWS%]\Downloaded Program Files\CnsMinSV.dll [%WINDOWS%]\downloaded program files\cnsup.ini [%WINDOWS%]\downloaded program files\keepmain.dll [%WINDOWS%]\downlo~1\3721\cnsio.dll [%WINDOWS%]\downlo~1\cnshook.dll [%WINDOWS%]\downlo~1\cnsio.dll [%WINDOWS%]\downlo~1\cnsmin.dll [%WINDOWS%]\downlo~1\cnsmin.ini [%WINDOWS%]\downlo~1\cnsmincg.ini [%WINDOWS%]\downlo~1\cnsmindt.dll [%WINDOWS%]\downlo~1\cnsminex.dll [%WINDOWS%]\downlo~1\cnsminex.ini [%WINDOWS%]\downlo~1\cnsminio.dll [%WINDOWS%]\DOWNLO~1\CnsMinSV.dll [%WINDOWS%]\downlo~1\cnsup.ini [%APPDATA%]\aneestdpea.lib [%FAVORITES%]\3721 chinese keywords.url [%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\3721éïíøöúêö.lnk [%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\ieðþ¸´.lnk [%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\ïµí³¼óëù.lnk [%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\öúêö°ïöú.lnk [%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\òþë½±£»¤.lnk [%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\°²è«·à»¤.lnk [%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\¹ã¸æà¹½ø.lnk [%PROGRAM_FILES%]\cnscfgf.dat [%PROGRAM_FILES%]\cnscfgr.dat [%PROGRAM_FILES%]\cnsmin.dat [%SYSTEM%]\bdhelper.dll [%SYSTEM%]\cesweb.dll [%SYSTEM%]\cnshook.dll [%SYSTEM%]\ehelper.dll [%WINDOWS%]\downloaded program files\3721\cnsio.dll [%WINDOWS%]\downloaded program files\axfilter.dll [%WINDOWS%]\downloaded program files\cns02.dat [%WINDOWS%]\downloaded program files\cnsminaf.cab [%WINDOWS%]\downloaded program files\cnsminck.cab [%WINDOWS%]\downloaded program files\cnsminck.dll [%WINDOWS%]\downloaded program files\cnsminsv.dll [%WINDOWS%]\downloaded program files\keepmainm.cab [%WINDOWS%]\system\assist.dll [%WINDOWS%]\system\bdhelper.dll [%WINDOWS%]\system\cesweb.dll [%WINDOWS%]\system\cnshook.dll

Folders: [%PROGRAM_FILES%]\3721 [%WINDOWS%]\downloaded program files\3721 [%COMMON_PROGRAMS%]\Chinese keywords [%PROFILE%]\start menu\programs\3721éïíøöúêö [%PROGRAMS%]\chinese keywor [%PROGRAMS%]\chinese keywords

Registry Keys: HKEY_CLASSES_ROOT\autolive.live HKEY_CLASSES_ROOT\autolive.live.1 HKEY_CLASSES_ROOT\CLSID\{118CE65F-5D86-4AEA-A9BD-94F92B89119F} HKEY_CLASSES_ROOT\clsid\{47387079-da8d-48ab-98c7-0017812d51ea} HKEY_CLASSES_ROOT\clsid\{abec6103-f6ac-43a3-834f-fb03fba339a2} HKEY_CLASSES_ROOT\clsid\{b83fc273-3522-4cc6-92ec-75cc86678da4} HKEY_CLASSES_ROOT\clsid\{bb936323-19fa-4521-ba29-eca6a121bc78} HKEY_CLASSES_ROOT\CLSID\{CA92B524-BC8A-4610-BD2C-6BD3E28155D0} HKEY_CLASSES_ROOT\CLSID\{D157330A-9EF3-49F8-9A67-4141AC41ADD4} HKEY_CLASSES_ROOT\cnshelper.ch HKEY_CLASSES_ROOT\cnshelper.ch.1 HKEY_CLASSES_ROOT\fflash.flashobjectinterface HKEY_CLASSES_ROOT\fflash.flashobjectinterface.1 HKEY_CLASSES_ROOT\idnhelper.actobj HKEY_CLASSES_ROOT\idnhelper.actobj.1 HKEY_CLASSES_ROOT\idnhelper.idnhelperobj HKEY_CLASSES_ROOT\idnhelper.idnhelperobj.1 HKEY_CLASSES_ROOT\interface\{09cee5c3-ceb5-4e4b-9885-a0bad4305d9a} HKEY_CLASSES_ROOT\interface\{1bb0abbe-2d95-4847-b9d8-6f90de3714c1} HKEY_CLASSES_ROOT\interface\{46c18a88-0915-48fc-a8be-58a9fe7f6e45} HKEY_CLASSES_ROOT\interface\{48e688c8-609f-4b08-944e-3c7fab99cd08} HKEY_CLASSES_ROOT\interface\{a13d9b20-dfce-46ce-894b-1d6a4f688f13} HKEY_CLASSES_ROOT\interface\{be08f6bc-c3e6-4149-beb1-cb449e1b372e} HKEY_CLASSES_ROOT\interface\{df692509-d9ef-48a0-9cd0-3aa5b81f6f68} HKEY_CLASSES_ROOT\typelib\{7354662f-caa3-448b-bc01-04f55a2dca35} HKEY_CLASSES_ROOT\typelib\{a5adeae7-a8b4-4f94-9128-bf8d8db5e927} HKEY_CLASSES_ROOT\typelib\{aab6bce3-1df6-4930-9b14-9ca79dc8c267} HKEY_CLASSES_ROOT\typelib\{b37e0a2d-9a61-4a95-a0e0-6d6f6123dab4} HKEY_CLASSES_ROOT\typelib\{b9fad589-bb1b-4c06-bc98-16300869c24b} HKEY_CLASSES_ROOT\typelib\{f9ad9d67-efa8-480e-8291-0163f3960de7} HKEY_CURRENT_USER\software\3721 HKEY_LOCAL_MACHINE\software\3721 HKEY_LOCAL_MACHINE\software\classes\autolive.live HKEY_LOCAL_MACHINE\software\classes\autolive.live.1 HKEY_LOCAL_MACHINE\software\classes\clsid\{9eb2b422-c9ee-46c4-a471-1e79c7517b1d} HKEY_LOCAL_MACHINE\software\classes\clsid\{abec6103-f6ac-43a3-834f-fb03fba339a2} HKEY_LOCAL_MACHINE\software\classes\clsid\{b83fc273-3522-4cc6-92ec-75cc86678da4} HKEY_LOCAL_MACHINE\software\classes\clsid\{ca92b524-bc8a-4610-bd2c-6bd3e28155d0} HKEY_LOCAL_MACHINE\software\classes\clsid\{d157330a-9ef3-49f8-9a67-4141ac41add4} HKEY_LOCAL_MACHINE\software\classes\cnshelper.ch HKEY_LOCAL_MACHINE\software\classes\cnshelper.ch.1 HKEY_LOCAL_MACHINE\software\classes\fflash.flashobjectinterface HKEY_LOCAL_MACHINE\software\classes\fflash.flashobjectinterface.1 HKEY_LOCAL_MACHINE\software\classes\interface\{1bb0abbe-2d95-4847-b9d8-6f90de3714c1} HKEY_LOCAL_MACHINE\software\classes\interface\{48e688c8-609f-4b08-944e-3c7fab99cd08} HKEY_LOCAL_MACHINE\software\classes\interface\{924f5b3a-7a27-484a-b873-e855c9708667} HKEY_LOCAL_MACHINE\software\classes\interface\{be08f6bc-c3e6-4149-beb1-cb449e1b372e} HKEY_LOCAL_MACHINE\software\classes\interface\{c3a9f7f8-8862-496a-b8a4-25d4140b7dbc} HKEY_LOCAL_MACHINE\software\classes\interface\{df692509-d9ef-48a0-9cd0-3aa5b81f6f68} HKEY_LOCAL_MACHINE\software\classes\typelib\{19069804-2cf0-4357-b696-ba6e9aad99ef} HKEY_LOCAL_MACHINE\software\classes\typelib\{4158db95-de71-41ff-bea1-2c3d1c679df1} HKEY_LOCAL_MACHINE\software\classes\typelib\{7354662f-caa3-448b-bc01-04f55a2dca35} HKEY_LOCAL_MACHINE\software\classes\typelib\{a5adeae7-a8b4-4f94-9128-bf8d8db5e927} HKEY_LOCAL_MACHINE\software\classes\typelib\{aab6bce3-1df6-4930-9b14-9ca79dc8c267} HKEY_LOCAL_MACHINE\software\classes\typelib\{f9ad9d67-efa8-480e-8291-0163f3960de7} HKEY_LOCAL_MACHINE\software\interchina HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\advancedoptions\!cns HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{507f9113-cd77-4866-ba92-0e86da3d0b97} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{59bc54a2-56b3-44a0-93e5-432d58746e26} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{5d73ee86-05f1-49ed-b850-e423120ec338} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{e5d12c4e-7b4f-11d3-b5c9-0050045c3c96} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\cnsmin HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{118CE65F-5D86-4AEA-A9BD-94F92B89119F} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA92B524-BC8A-4610-BD2C-6BD3E28155D0} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D157330A-9EF3-49F8-9A67-4141AC41ADD4} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\cnsmin HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_cnsminkp HKEY_LOCAL_MACHINE\system\currentcontrolset\services\cnsminkp HKEY_CLASSES_ROOT\clsid\{118ce65f-5d86-4aea-a9bd-94f92b89119f} HKEY_CLASSES_ROOT\clsid\{1b0e7716-898e-48cc-9690-4e338e8de1d3} HKEY_CLASSES_ROOT\clsid\{5eb7cb50-e375-4718-b4c0-9ad12efa2f84} HKEY_CLASSES_ROOT\clsid\{6231d512-e4a4-4df2-be62-5b8f0ee348ef} HKEY_CLASSES_ROOT\clsid\{6d8f256b-6ab8-4398-8f86-1e56207db77a} HKEY_CLASSES_ROOT\clsid\{ca92b524-bc8a-4610-bd2c-6bd3e28155d0} HKEY_CLASSES_ROOT\clsid\{d157330a-9ef3-49f8-9a67-4141ac41add4} HKEY_CLASSES_ROOT\clsid\{e5e4e352-6947-44ee-a420-db84efd3fe93} HKEY_CLASSES_ROOT\cnsminhk.cnshook HKEY_CLASSES_ROOT\cnsminhk.cnshook.1 HKEY_CLASSES_ROOT\interface\{7436db12-1a7a-4d87-a4e0-713ec9d86050} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{6231d512-e4a4-4df2-be62-5b8f0ee348ef} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{ca92b524-bc8a-4610-bd2c-6bd3e28155d0} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{d157330a-9ef3-49f8-9a67-4141ac41add4} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{e5e4e352-6947-44ee-a420-db84efd3fe93} HKEY_LOCAL_MACHINE\software\classes\assist.easyassist HKEY_LOCAL_MACHINE\software\classes\assist.easyassist.1 HKEY_LOCAL_MACHINE\software\classes\clsid\{1b0e7716-898e-48cc-9690-4e338e8de1d3} HKEY_LOCAL_MACHINE\software\classes\clsid\{6231d512-e4a4-4df2-be62-5b8f0ee348ef} HKEY_LOCAL_MACHINE\software\classes\clsid\{7ca83cf1-3aea-42d0-a4e3-1594fc6e48b2} HKEY_LOCAL_MACHINE\software\classes\clsid\{b835c273-3522-4cc6-92ec-75cc86678da4} HKEY_LOCAL_MACHINE\software\classes\clsid\{e5e4e352-6947-44ee-a420-db84efd3fe93} HKEY_LOCAL_MACHINE\software\classes\cnsminhk.cnshook HKEY_LOCAL_MACHINE\software\classes\cnsminhk.cnshook.1 HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{00000000-0000-0001-0001-596baedd1289} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{ecf2e268-f28c-48d2-9ab7-8f69c11ccb71} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{fd00d911-7529-4084-9946-a29f1bdf4fe5} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{118ce65f-5d86-4aea-a9bd-94f92b89119f} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1b0e7716-898e-48cc-9690-4e338e8de1d3} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5eb7cb50-e375-4718-b4c0-9ad12efa2f84} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6231d512-e4a4-4df2-be62-5b8f0ee348ef} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{bb936323-19fa-4521-ba29-eca6a121bc78} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ca92b524-bc8a-4610-bd2c-6bd3e28155d0} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d157330a-9ef3-49f8-9a67-4141ac41add4} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{e5e4e352-6947-44ee-a420-db84efd3fe93} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\cns02.dat HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\cnshook.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1b0e7716-898e-48cc-9690-4e338e8de1d3}

Registry Values: HKEY_CLASSES_ROOT\interface\{c3a9f7f8-8862-496a-b8a4-25d4140b7dbc}\typelib HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/autolive.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CLASSES_ROOT\clsid\{7ca83cf1-3aea-42d0-a4e3-1594fc6e48b2}\inprocserver32 HKEY_CLASSES_ROOT\interface\{c3a9f7f8-8862-496a-b8a4-25d4140b7dbc}\typelib HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\advancedoptions HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{0f7de07d-bd74-4991-9d5f-ecbb8391875d} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{0f7de07d-bd74-4991-9d5f-ecbb8391875d} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{0f7de07d-bd74-4991-9d5f-ecbb8391875d} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{0f7de07d-bd74-4991-9d5f-ecbb8391875d} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{0f7de07d-bd74-4991-9d5f-ecbb8391875d} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{0f7de07d-bd74-4991-9d5f-ecbb8391875d} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\ex HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/autolive.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/autolive.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/cns02.dat HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/cns02.dat HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/cnsmin.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/cnsmin.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls

Removing CnsMin:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Mxkeybd Spyware Removal
Removing Backdoor.WinCmp32.Server Backdoor
Tuareg.dr Trojan Cleaner
FunLove.dr Trojan Cleaner

Rlsloup Trojan

Removing Rlsloup
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Rlsloup Also known as:


[Kaspersky]SpamTool.Win32.Agent.u;
[Other]Win32/Rlsloup.T,Trojan.Spamdes

Visible Symptoms:
Files in system folders:

 
[%PROFILE_TEMP%]\THI7216.tmp\localNrd.inf
[%PROFILE_TEMP%]\THI7216.tmp\localNrd.inf

How to detect Rlsloup:

Files: [%PROFILE_TEMP%]\THI7216.tmp\localNrd.inf [%PROFILE_TEMP%]\THI7216.tmp\localNrd.inf

Removing Rlsloup:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bancos.IFA Trojan Removal
Vxidl.BCM Trojan Removal instruction

Spyboter.gen Backdoor

Removing Spyboter.gen
Categories: Backdoor
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\aolmsngr.exe
[%SYSTEM%]\zopytlrs.exe
[%SYSTEM%]\aolmsngr.exe
[%SYSTEM%]\zopytlrs.exe

How to detect Spyboter.gen:

Files: [%SYSTEM%]\aolmsngr.exe [%SYSTEM%]\zopytlrs.exe [%SYSTEM%]\aolmsngr.exe [%SYSTEM%]\zopytlrs.exe

Removing Spyboter.gen:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
DelWindows Trojan Information
AIG Backdoor Information
Remove Hepster Trojan
Removing Tiffy Trojan

Dadobra Trojan

Removing Dadobra
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\cmrst.scr
[%SYSTEM%]\imgit.scr
[%SYSTEM%]\cmrst.scr
[%SYSTEM%]\imgit.scr

How to detect Dadobra:

Files: [%SYSTEM%]\cmrst.scr [%SYSTEM%]\imgit.scr [%SYSTEM%]\cmrst.scr [%SYSTEM%]\imgit.scr

Registry Values: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing Dadobra:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.AVCG Trojan Removal
Removing Silent.Spy Backdoor
SillyDl.CMV Trojan Cleaner

Tudprie Trojan

Removing Tudprie
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Tudprie Also known as:


[Kaspersky]AdWare.Win32.WSearch.I,AdWare.Win32.Dm.y,Trojan.Win32.BHO.aw,AdWare.Win32.Dm.ba;
[McAfee]Adware.BDSearch,Adware-BDSearch;
[Other]Trojan.Adclicker,Adware.Roogoo,Adware.Rugo

Visible Symptoms:
Files in system folders:

 
[%PROFILE_TEMP%]\_BHO.dll
[%PROFILE_TEMP%]\_Inst.dll
[%PROFILE_TEMP%]\_play.dll
[%PROFILE_TEMP%]\_ser.exe
[%SYSTEM%]\-65-4876-30
[%SYSTEM%]\-81-4876-30
[%SYSTEM%]\1b1.dll
[%SYSTEM%]\37a
[%SYSTEM%]\60e41.exe
[%SYSTEM%]\b601.dll
[%WINDOWS%]\-106-4876-30
[%WINDOWS%]\031.bmp
[%WINDOWS%]\3fa1.exe
[%WINDOWS%]\96d04ce2
[%WINDOWS%]\fa7c1.txt
[%WINDOWS%]\xxxx.bat
[%PROFILE_TEMP%]\_BHO.dll
[%PROFILE_TEMP%]\_Inst.dll
[%PROFILE_TEMP%]\_play.dll
[%PROFILE_TEMP%]\_ser.exe
[%SYSTEM%]\-65-4876-30
[%SYSTEM%]\-81-4876-30
[%SYSTEM%]\1b1.dll
[%SYSTEM%]\37a
[%SYSTEM%]\60e41.exe
[%SYSTEM%]\b601.dll
[%WINDOWS%]\-106-4876-30
[%WINDOWS%]\031.bmp
[%WINDOWS%]\3fa1.exe
[%WINDOWS%]\96d04ce2
[%WINDOWS%]\fa7c1.txt
[%WINDOWS%]\xxxx.bat

How to detect Tudprie:

Files: [%PROFILE_TEMP%]\_BHO.dll [%PROFILE_TEMP%]\_Inst.dll [%PROFILE_TEMP%]\_play.dll [%PROFILE_TEMP%]\_ser.exe [%SYSTEM%]\-65-4876-30 [%SYSTEM%]\-81-4876-30 [%SYSTEM%]\1b1.dll [%SYSTEM%]\37a [%SYSTEM%]\60e41.exe [%SYSTEM%]\b601.dll [%WINDOWS%]\-106-4876-30 [%WINDOWS%]\031.bmp [%WINDOWS%]\3fa1.exe [%WINDOWS%]\96d04ce2 [%WINDOWS%]\fa7c1.txt [%WINDOWS%]\xxxx.bat [%PROFILE_TEMP%]\_BHO.dll [%PROFILE_TEMP%]\_Inst.dll [%PROFILE_TEMP%]\_play.dll [%PROFILE_TEMP%]\_ser.exe [%SYSTEM%]\-65-4876-30 [%SYSTEM%]\-81-4876-30 [%SYSTEM%]\1b1.dll [%SYSTEM%]\37a [%SYSTEM%]\60e41.exe [%SYSTEM%]\b601.dll [%WINDOWS%]\-106-4876-30 [%WINDOWS%]\031.bmp [%WINDOWS%]\3fa1.exe [%WINDOWS%]\96d04ce2 [%WINDOWS%]\fa7c1.txt [%WINDOWS%]\xxxx.bat

Folders: [%APPDATA%]\t

Registry Keys: HKEY_CLASSES_ROOT\appid\{ccf11a98-dc8c-40a9-abaa-df9c4d6dd923} HKEY_CLASSES_ROOT\CLSID\{FAAAC0F6-94BE-4466-934B-7C53666A2F41} HKEY_CLASSES_ROOT\dbho.ff HKEY_CLASSES_ROOT\dbho.ff.1 HKEY_CLASSES_ROOT\interface\{90c84f29-48af-4822-80aa-c959808a210b} HKEY_CLASSES_ROOT\typelib\{0fecb569-7e71-4adb-ac44-f3c1c0e8ef2d} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FAAAC0F6-94BE-4466-934B-7C53666A2F41} HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_ms_2fax HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\ms_2fax HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ms_2fax HKEY_CLASSES_ROOT\appid\{1f8f0995-f170-4793-a812-d3cd5cacc3e1} HKEY_CLASSES_ROOT\clsid\{3aa0903b-1e13-4865-b114-15792d413c41} HKEY_CLASSES_ROOT\clsid\{5fb8c5d4-929f-4870-89e2-7e3ee26ee701} HKEY_CLASSES_ROOT\clsid\{faaac0f6-94be-4466-934b-7c53666a2f41} HKEY_CLASSES_ROOT\iehpr.invoke HKEY_CLASSES_ROOT\iehpr.invoke.1 HKEY_CLASSES_ROOT\interface\{27ff85bc-ff68-40b9-bb0d-e92d065c0370} HKEY_CLASSES_ROOT\interface\{c8eb3e47-64a2-4b1d-bda7-2f6b1b100ece} HKEY_CLASSES_ROOT\typelib\{1c605e21-c217-41cd-99bf-347f09f122a3} HKEY_CLASSES_ROOT\typelib\{abbf3e09-6453-43cc-bc46-879c5dc5cb07} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3aa0903b-1e13-4865-b114-15792d413c41} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5fb8c5d4-929f-4870-89e2-7e3ee26ee701} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{faaac0f6-94be-4466-934b-7c53666a2f41}

Registry Values: HKEY_CLASSES_ROOT\appid\dbho.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run

Removing Tudprie:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
WWW.grab.itsolutions.com Tracking Cookie Removal
Arcv.More Trojan Symptoms
Veslorn Trojan Information

RasDialer Adware

Removing RasDialer
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

Visible Symptoms:
Files in system folders:

 
[%FAVORITES%]\igsex1x.lnk
[%PROGRAMS%]\igsex1x.lnk
[%STARTMENU%]\igsex1x.lnk
[%WINDOWS%]\_DlrApps\igsex1x.exe
[%FAVORITES%]\igsex1x.lnk
[%PROGRAMS%]\igsex1x.lnk
[%STARTMENU%]\igsex1x.lnk
[%WINDOWS%]\_DlrApps\igsex1x.exe

How to detect RasDialer:

Files: [%FAVORITES%]\igsex1x.lnk [%PROGRAMS%]\igsex1x.lnk [%STARTMENU%]\igsex1x.lnk [%WINDOWS%]\_DlrApps\igsex1x.exe [%FAVORITES%]\igsex1x.lnk [%PROGRAMS%]\igsex1x.lnk [%STARTMENU%]\igsex1x.lnk [%WINDOWS%]\_DlrApps\igsex1x.exe

Registry Values: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing RasDialer:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Attackthread Hostile Code
Hero Trojan Removal

Zlob.Fam.strCodec Trojan

Removing Zlob.Fam.strCodec
Categories: Trojan,Popups
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
The pop-ups generally will not be stopped by pop-up stoppers, and often are
not dependent on your having Internet Explorer open.

Visible Symptoms:
Files in system folders:

 
[%PROGRAM_FILES%]\strCodec\iesplugin.dll
[%PROGRAM_FILES%]\strCodec\iesuninst.exe
[%PROGRAM_FILES%]\strCodec\isaddon.dll
[%PROGRAM_FILES%]\strCodec\isamini.exe
[%PROGRAM_FILES%]\strCodec\isamonitor.exe
[%PROGRAM_FILES%]\strCodec\isauninst.exe
[%PROGRAM_FILES%]\strCodec\ot.ico
[%PROGRAM_FILES%]\strCodec\pmsngr.exe
[%PROGRAM_FILES%]\strCodec\pmuninst.exe
[%PROGRAM_FILES%]\strCodec\ts.ico
[%PROGRAM_FILES%]\strCodec\uninst.exe
[%PROGRAM_FILES%]\strCodec\iesplugin.dll
[%PROGRAM_FILES%]\strCodec\iesuninst.exe
[%PROGRAM_FILES%]\strCodec\isaddon.dll
[%PROGRAM_FILES%]\strCodec\isamini.exe
[%PROGRAM_FILES%]\strCodec\isamonitor.exe
[%PROGRAM_FILES%]\strCodec\isauninst.exe
[%PROGRAM_FILES%]\strCodec\ot.ico
[%PROGRAM_FILES%]\strCodec\pmsngr.exe
[%PROGRAM_FILES%]\strCodec\pmuninst.exe
[%PROGRAM_FILES%]\strCodec\ts.ico
[%PROGRAM_FILES%]\strCodec\uninst.exe

How to detect Zlob.Fam.strCodec:

Files: [%PROGRAM_FILES%]\strCodec\iesplugin.dll [%PROGRAM_FILES%]\strCodec\iesuninst.exe [%PROGRAM_FILES%]\strCodec\isaddon.dll [%PROGRAM_FILES%]\strCodec\isamini.exe [%PROGRAM_FILES%]\strCodec\isamonitor.exe [%PROGRAM_FILES%]\strCodec\isauninst.exe [%PROGRAM_FILES%]\strCodec\ot.ico [%PROGRAM_FILES%]\strCodec\pmsngr.exe [%PROGRAM_FILES%]\strCodec\pmuninst.exe [%PROGRAM_FILES%]\strCodec\ts.ico [%PROGRAM_FILES%]\strCodec\uninst.exe [%PROGRAM_FILES%]\strCodec\iesplugin.dll [%PROGRAM_FILES%]\strCodec\iesuninst.exe [%PROGRAM_FILES%]\strCodec\isaddon.dll [%PROGRAM_FILES%]\strCodec\isamini.exe [%PROGRAM_FILES%]\strCodec\isamonitor.exe [%PROGRAM_FILES%]\strCodec\isauninst.exe [%PROGRAM_FILES%]\strCodec\ot.ico [%PROGRAM_FILES%]\strCodec\pmsngr.exe [%PROGRAM_FILES%]\strCodec\pmuninst.exe [%PROGRAM_FILES%]\strCodec\ts.ico [%PROGRAM_FILES%]\strCodec\uninst.exe

Folders: [%PROGRAM_FILES%]\StrCodec

Registry Keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\strCodec

Removing Zlob.Fam.strCodec:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Deshack Trojan
Remove TrojanDownloader.Win32.PurityScan Downloader
NetTrash Backdoor Cleaner

InCommand Trojan

Removing InCommand
Categories: Trojan,Spyware,Backdoor,RAT,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:

Launching/ deleting files

Sending/ receiving files

Deleting data

Displaying notification

Rebooting the machine

Executing files

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.

InCommand Also known as:


[Kaspersky]Backdoor.InCommander.10,Backdoor.InCommander.10.b,Backdoor.Win32.InCommander.10,Backdoor.Win32.InCommander.10.b,Backdoor.InCommander.11,Backdoor.Win32.InCommander.11,Backdoor.InCommander.12,Backdoor.Win32.InCommander.12,Backdoor.InCommander.13,Backdoor.Win32.InCommander.13,Backdoor.InCommander.14,Backdoor.Win32.InCommander.14,Backdoor.InCommander.15,Backdoor.InCommander.15.a,Backdoor.InCommander.153,Backdoor.InCommander.16.b,Backdoor.Win32.InCommander.16.b,Backdoor.InCommander.16.e,Backdoor.InCommander.plugin.RegEdit.a,Backdoor.InCommander.plugin.RegEdit.b,Backdoor.InCommander.16.f;
[Eset]Win32/InCommander.13.Server trojan,Win32/InCommander.1_7.D trojan,Win32/InCommander.Plugin.RegistryEditor trojan;
[McAfee]BackDoor-DB,BackDoor-DB.svr.gen,Generic;
[F-Prot]security risk or a "backdoor" program,W32/Backdoor.Incommand;
[Panda]Bck/InCommander.10,Bck/Incommander.Clt,Bck/Incommander.Srv,Bck/Incommander.11.I,Bck/Incommander.11.II,Bck/Incommander.12,Bck/InCommander.1.3,Bck/Incommander.13,Bck/InCommander.1.4,Bck/Incommander.14,Bck/InCommander.1.5,Bck/Incommander.15,Backdoor Program,Bck/Incommander.153,Bck/Incommander.16b,Bck/Incommand.RegEd,Bck/Incommand.Comp;
[Computer Associates]Backdoor/BackConstructor_Server_,Win32.InCommand.10,Backdoor/InCommander.11,Backdoor/InCommander.11.a,Win32.InCommand.11,Backdoor/InCommander.12,Backdoor/Incommand.13!Server,Win32.InCommand.13,Backdoor/InCommand_Server_family,Backdoor/InCommander.14,Win32.InCommand.14,Backdoor/BladeRunner.15!Server,Backdoor/Incommander.15,Win32.InCommand.15,Backdoor/InCommand.153,Win32.InCommand.153,Backdoor/InCommand_1.6_EditServe,Win32.InCommand.16.B,Backdoor/InCommander!Plugin.RegE

Visible Symptoms:
Files in system folders:

 
[%WINDOWS%]\info32.exe
[%WINDOWS%]\msie50h.exe
[%WINDOWS%]\olemon32.exe
[%WINDOWS%]\rsapi.exe
[%WINDOWS%]\info32.exe
[%WINDOWS%]\msie50h.exe
[%WINDOWS%]\olemon32.exe
[%WINDOWS%]\rsapi.exe

How to detect InCommand:

Files: [%WINDOWS%]\info32.exe [%WINDOWS%]\msie50h.exe [%WINDOWS%]\olemon32.exe [%WINDOWS%]\rsapi.exe [%WINDOWS%]\info32.exe [%WINDOWS%]\msie50h.exe [%WINDOWS%]\olemon32.exe [%WINDOWS%]\rsapi.exe

Removing InCommand:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Diamond Trojan Removal

Blog Archive

About Me

Sunday, January 25, 2009

How to detect TTC:

Removing TTC:

How to detect Net.Metropolitan:

Removing Net.Metropolitan:

How to detect MsjGet30:

Removing MsjGet30:

How to detect BlazeFind.variant:

Removing BlazeFind.variant:

How to detect Zlob.Fam.iVideoCodec:

Removing Zlob.Fam.iVideoCodec:

How to detect Litmus:

Removing Litmus:

How to detect WinSoftWare:

Removing WinSoftWare:

How to detect SandBoxer:

Removing SandBoxer:

How to detect Punisher:

Removing Punisher:

How to detect AntispywareSuite:

Removing AntispywareSuite:

How to detect Luzia:

Removing Luzia:

How to detect Loadwin.exe:

Removing Loadwin.exe:

How to detect CWS.GoogleMS:

Removing CWS.GoogleMS:

How to detect Lookup:

Removing Lookup:

How to detect Vundo.Variant:

Removing Vundo.Variant:

How to detect CnsMin:

Removing CnsMin:

How to detect Rlsloup:

Removing Rlsloup:

How to detect Spyboter.gen:

Removing Spyboter.gen:

How to detect Dadobra:

Removing Dadobra:

How to detect Tudprie:

Removing Tudprie:

How to detect RasDialer:

Removing RasDialer:

How to detect Zlob.Fam.strCodec:

Removing Zlob.Fam.strCodec:

How to detect InCommand:

Removing InCommand: