Tuesday, January 27, 2009

Bancos.IND Trojan

This summary is not available. Please click here to view the post.
Posted by at No comments:

DialXS Adware

Removing DialXS
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

How to detect DialXS:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{841a9192-5690-11d4-a258-0040954a01be}
HKEY_CLASSES_ROOT\clsid\{9b4aa442-9ebf-11d5-8c11-0050da4957f5}

Removing DialXS:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing RemoteHAK Backdoor
Pigeon.EQF Trojan Removal instruction
TrojanDropper.Win32.Small.cy Trojan Removal instruction

Posted by at No comments:

TIB.Browser Trojan

Removing TIB.Browser
Categories: Trojan,Adware
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

TIB.Browser Also known as:

[Other]TROJ_PORNDIAL.BP
Visible Symptoms:
Files in system folders:
[%PROFILE%]\desktop\sexcam.lnk
[%PROFILE%]\start menu\sexcam.lnk
[%WINDOWS%]\desktop\sexxx.lnk
[%WINDOWS%]\start menu\sexxxl.lnk
[%PROFILE%]\desktop\sexcam.lnk
[%PROFILE%]\start menu\sexcam.lnk
[%WINDOWS%]\desktop\sexxx.lnk
[%WINDOWS%]\start menu\sexxxl.lnk

How to detect TIB.Browser:

Files:
[%PROFILE%]\desktop\sexcam.lnk
[%PROFILE%]\start menu\sexcam.lnk
[%WINDOWS%]\desktop\sexxx.lnk
[%WINDOWS%]\start menu\sexxxl.lnk
[%PROFILE%]\desktop\sexcam.lnk
[%PROFILE%]\start menu\sexcam.lnk
[%WINDOWS%]\desktop\sexxx.lnk
[%WINDOWS%]\start menu\sexxxl.lnk

Folders:
[%PROGRAM_FILES%]\websiteviewer

Registry Keys:
HKEY_CURRENT_USER\software\websiteviewer

Removing TIB.Browser:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Web.Serve RAT Removal instruction
Pass Trojan Symptoms
Removing UltraKeyboard Spyware
ISTbar.CSearch Hijacker Cleaner
Hatchet.Remote RAT Cleaner

Posted by at No comments:

AdwarePro Ransomware

Removing AdwarePro
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.

If the victim opens/executes the attachment, the program encrypts
a number of files on the victim's computer. A ransom note is then left behind for the victim.

The victim will be unable to open the encrypted files without the correct decryption key.
Once the ransom demanded in the ransom note is paid, the cracker may (or may not)
send the decryption key, enabling decryption of the "kidnapped" files.
Visible Symptoms:
Files in system folders:
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\AdwarePro.lnk
[%COMMON_DESKTOPDIRECTORY%]\AdwarePro.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\AdwarePro.lnk
[%COMMON_DESKTOPDIRECTORY%]\AdwarePro.lnk

How to detect AdwarePro:

Files:
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\AdwarePro.lnk
[%COMMON_DESKTOPDIRECTORY%]\AdwarePro.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\AdwarePro.lnk
[%COMMON_DESKTOPDIRECTORY%]\AdwarePro.lnk

Folders:
[%APPDATA%]\'AdwarePro'
[%COMMON_PROGRAMS%]\AdwarePro
[%PROGRAM_FILES%]\AdwarePro

Registry Keys:
HKEY_CURRENT_USER\software\'adwarepro'
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\adwarepro_is1

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing AdwarePro:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove IRC.IRCKill DoS
Remove IRC.Client.CHOCOA.Version.0beta7R.for.Windows98 DoS
Rbot.Oz Worm Symptoms

Posted by at No comments:

Networking Adware

Removing Networking
Categories: Adware,Hijacker
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\mysetp.exe
[%PROFILE_TEMP%]\p2psetup.exe
[%PROFILE_TEMP%]\wis32.exe
[%SYSTEM%]\p2p networking v126.cpl
[%SYSTEM%]\P2P Networking\MARSHAL.DLL
[%SYSTEM%]\P2P Networking\MARSHAL12.DLL
[%SYSTEM%]\P2P Networking\P2P Networking.exe
[%WINDOWS%]\Downloaded Program Files\WebP2PInstaller.dll
[%PROFILE%]\recent\p2psetup.exe.lnk
[%PROGRAM_FILES%]\system32\p2p networking\p2p networking.exe
[%WINDOWS%]\downloaded program files\webp2pinstaller.dll
[%PROFILE_TEMP%]\mysetp.exe
[%PROFILE_TEMP%]\p2psetup.exe
[%PROFILE_TEMP%]\wis32.exe
[%SYSTEM%]\p2p networking v126.cpl
[%SYSTEM%]\P2P Networking\MARSHAL.DLL
[%SYSTEM%]\P2P Networking\MARSHAL12.DLL
[%SYSTEM%]\P2P Networking\P2P Networking.exe
[%WINDOWS%]\Downloaded Program Files\WebP2PInstaller.dll
[%PROFILE%]\recent\p2psetup.exe.lnk
[%PROGRAM_FILES%]\system32\p2p networking\p2p networking.exe
[%WINDOWS%]\downloaded program files\webp2pinstaller.dll

How to detect Networking:

Files:
[%PROFILE_TEMP%]\mysetp.exe
[%PROFILE_TEMP%]\p2psetup.exe
[%PROFILE_TEMP%]\wis32.exe
[%SYSTEM%]\p2p networking v126.cpl
[%SYSTEM%]\P2P Networking\MARSHAL.DLL
[%SYSTEM%]\P2P Networking\MARSHAL12.DLL
[%SYSTEM%]\P2P Networking\P2P Networking.exe
[%WINDOWS%]\Downloaded Program Files\WebP2PInstaller.dll
[%PROFILE%]\recent\p2psetup.exe.lnk
[%PROGRAM_FILES%]\system32\p2p networking\p2p networking.exe
[%WINDOWS%]\downloaded program files\webp2pinstaller.dll
[%PROFILE_TEMP%]\mysetp.exe
[%PROFILE_TEMP%]\p2psetup.exe
[%PROFILE_TEMP%]\wis32.exe
[%SYSTEM%]\p2p networking v126.cpl
[%SYSTEM%]\P2P Networking\MARSHAL.DLL
[%SYSTEM%]\P2P Networking\MARSHAL12.DLL
[%SYSTEM%]\P2P Networking\P2P Networking.exe
[%WINDOWS%]\Downloaded Program Files\WebP2PInstaller.dll
[%PROFILE%]\recent\p2psetup.exe.lnk
[%PROGRAM_FILES%]\system32\p2p networking\p2p networking.exe
[%WINDOWS%]\downloaded program files\webp2pinstaller.dll

Folders:
[%PROGRAM_FILES%]\need2find
[%WINDOWS%]\system\p2p networking

Registry Keys:
HKEY_CURRENT_USER\software\p2p networking
HKEY_LOCAL_MACHINE\software\classes\clsid\{1d6711c8-7154-40bb-8380-3dea45b69cbf}
HKEY_LOCAL_MACHINE\software\classes\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2}
HKEY_LOCAL_MACHINE\software\classes\interface\{c91e8926-d4be-4685-99f4-0d996b96bac0}
HKEY_LOCAL_MACHINE\software\classes\typelib\{f720b40f-3a38-4b22-b30d-dcf095d42498}

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Networking:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing TX Adware
Win32.Spy.VB Spyware Removal
WhitehouseCn DoS Removal instruction
Removing Win32.Winet!Trojan Adware
VidStream RAT Cleaner

Posted by at No comments:

FastSeeker BHO

Removing FastSeeker
Categories: BHO,Toolbar
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\fastseekertoolbar.dll
[%WINDOWS%]\system\fastseekertoolbar.dll
[%SYSTEM%]\fastseekertoolbar.dll
[%WINDOWS%]\system\fastseekertoolbar.dll

How to detect FastSeeker:

Files:
[%SYSTEM%]\fastseekertoolbar.dll
[%WINDOWS%]\system\fastseekertoolbar.dll
[%SYSTEM%]\fastseekertoolbar.dll
[%WINDOWS%]\system\fastseekertoolbar.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{4cc0faf8-6048-421c-9fe2-261a9ece5f80}
HKEY_LOCAL_MACHINE\software\classes\clsid\{4cc0faf8-6048-421c-9fe2-261a9ece5f80}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar

Removing FastSeeker:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Bancos.HPN Trojan

Posted by at No comments:

Sinnum Trojan

Removing Sinnum
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Sinnum Also known as:

[Kaspersky]Trojan-Proxy.Win32.Lager.dp;
[Other]Win32/Sinnum.B,Trojan.Peacomm
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\lnwin.exe
[%SYSTEM%]\lnwin.exe

How to detect Sinnum:

Files:
[%SYSTEM%]\lnwin.exe
[%SYSTEM%]\lnwin.exe

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Sinnum:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
VB.cc Adware Symptoms
IstBar.fn Downloader Removal
Bancos.HXO Trojan Symptoms
Remove Delf.KR Trojan
Remove Appkiller.src Trojan

Posted by at No comments:

Seecha Adware

Removing Seecha
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Seecha Also known as:

[Kaspersky]Adware.Win32.SeeCha.b,Adware.Win32.Seecha,Adware.Win32.SeeCha.a;
[Other]Adware/Seecha
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\sctongji04.dll
[%SYSTEM%]\sctongji04.dll

How to detect Seecha:

Files:
[%SYSTEM%]\sctongji04.dll
[%SYSTEM%]\sctongji04.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{083863f1-70de-11d0-bd40-00a0c911ce86}\instance\{5531fd0a-6293-46b2-9075-c6845576f522}
HKEY_CLASSES_ROOT\clsid\{083863f1-70de-11d0-bd40-00a0c911ce86}\instance\{5592d97a-b649-4606-b7dc-470bfe2a3036}
HKEY_CLASSES_ROOT\clsid\{5531fd0a-6293-46b2-9075-c6845576f522}
HKEY_CLASSES_ROOT\clsid\{5592d97a-b649-4606-b7dc-470bfe2a3036}
HKEY_CURRENT_USER\software\seecha

Removing Seecha:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.EPP Trojan Cleaner

Posted by at No comments:

WebD Trojan

Removing WebD
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\webd.exe
[%WINDOWS%]\webd.exe

How to detect WebD:

Files:
[%WINDOWS%]\webd.exe
[%WINDOWS%]\webd.exe

Removing WebD:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Qcbar.AdultLinks BHO

Posted by at No comments:

PWS.Zhengtu Trojan

Removing PWS.Zhengtu
Categories: Trojan,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.
PWS.Zhengtu Also known as:

[McAfee]PWS-Zhengtu;
[Other]Win32/Frethog.BG,Infostealer.Gampass,Win32/Tuzheng
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\CN_SPI32.DLL
[%SYSTEM%]\CN_SPI32.DLL

How to detect PWS.Zhengtu:

Files:
[%SYSTEM%]\CN_SPI32.DLL
[%SYSTEM%]\CN_SPI32.DLL

Removing PWS.Zhengtu:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Inud Trojan Removal instruction
Mmail.olly2html Trojan Information
Removing Ping Backdoor

Posted by at No comments:

Aureate.Group.Mail Adware

Removing Aureate.Group.Mail
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\adimage.dll
[%SYSTEM%]\ajj.exe
[%SYSTEM%]\gmaglue.exe
[%PROFILE%]\start menu\aureate group mail.lnk
[%PROGRAMS%]\aureate group mail\aureate group mail help.lnk
[%PROGRAMS%]\aureate group mail\aureate group mail homepage.lnk
[%PROGRAMS%]\aureate group mail\aureate group mail.lnk
[%PROGRAMS%]\aureate group mail\read me.lnk
[%SYSTEM%]\amcis2.dll
[%SYSTEM%]\adimage.dll
[%SYSTEM%]\ajj.exe
[%SYSTEM%]\gmaglue.exe
[%PROFILE%]\start menu\aureate group mail.lnk
[%PROGRAMS%]\aureate group mail\aureate group mail help.lnk
[%PROGRAMS%]\aureate group mail\aureate group mail homepage.lnk
[%PROGRAMS%]\aureate group mail\aureate group mail.lnk
[%PROGRAMS%]\aureate group mail\read me.lnk
[%SYSTEM%]\amcis2.dll

How to detect Aureate.Group.Mail:

Files:
[%SYSTEM%]\adimage.dll
[%SYSTEM%]\ajj.exe
[%SYSTEM%]\gmaglue.exe
[%PROFILE%]\start menu\aureate group mail.lnk
[%PROGRAMS%]\aureate group mail\aureate group mail help.lnk
[%PROGRAMS%]\aureate group mail\aureate group mail homepage.lnk
[%PROGRAMS%]\aureate group mail\aureate group mail.lnk
[%PROGRAMS%]\aureate group mail\read me.lnk
[%SYSTEM%]\amcis2.dll
[%SYSTEM%]\adimage.dll
[%SYSTEM%]\ajj.exe
[%SYSTEM%]\gmaglue.exe
[%PROFILE%]\start menu\aureate group mail.lnk
[%PROGRAMS%]\aureate group mail\aureate group mail help.lnk
[%PROGRAMS%]\aureate group mail\aureate group mail homepage.lnk
[%PROGRAMS%]\aureate group mail\aureate group mail.lnk
[%PROGRAMS%]\aureate group mail\read me.lnk
[%SYSTEM%]\amcis2.dll

Folders:
[%PROFILE%]\start menu\programs\aureate group mail
[%PROGRAM_FILES%]\aureate\group mail

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{ebbfe26d-bdf0-11d2-bbe5-00609419f467}
HKEY_LOCAL_MACHINE\software\classes\typelib\{ebbfe26d-bdf0-11d2-bbe5-00609419f467}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\aureate group mail

Removing Aureate.Group.Mail:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Win32.Killlav.ay Trojan Removal
Remove Adserver.pollstar.Tracking.Cookie Tracking Cookie
cj Adware Removal
Bancos.GTQ Trojan Symptoms
Bancos.HEC Trojan Symptoms

Posted by at No comments:

WinSpyControl Ransomware

Removing WinSpyControl
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.

If the victim opens/executes the attachment, the program encrypts
a number of files on the victim's computer. A ransom note is then left behind for the victim.

The victim will be unable to open the encrypted files without the correct decryption key.
Once the ransom demanded in the ransom note is paid, the cracker may (or may not)
send the decryption key, enabling decryption of the "kidnapped" files.
Visible Symptoms:
Files in system folders:
[%COMMON_DESKTOPDIRECTORY%]\WinSpyControl.lnk
[%PROFILE_TEMP%]\NI.UGA6P_0001_N115M0110\settings.ini
[%COMMON_DESKTOPDIRECTORY%]\WinSpyControl.lnk
[%PROFILE_TEMP%]\NI.UGA6P_0001_N115M0110\settings.ini

How to detect WinSpyControl:

Files:
[%COMMON_DESKTOPDIRECTORY%]\WinSpyControl.lnk
[%PROFILE_TEMP%]\NI.UGA6P_0001_N115M0110\settings.ini
[%COMMON_DESKTOPDIRECTORY%]\WinSpyControl.lnk
[%PROFILE_TEMP%]\NI.UGA6P_0001_N115M0110\settings.ini

Folders:
[%APPDATA%]\WinSpyControl
[%COMMON_PROGRAMS%]\WinSpyControl
[%PROGRAM_FILES%]\WinSpyControl
[%PROGRAM_FILES_COMMON%]\WinSpyControl

Registry Keys:
HKEY_CURRENT_USER\software\winspycontrol

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\products
HKEY_LOCAL_MACHINE\software\products
HKEY_LOCAL_MACHINE\software\winspycontrol
HKEY_LOCAL_MACHINE\software\winspycontrol
HKEY_LOCAL_MACHINE\software\winspycontrol
HKEY_LOCAL_MACHINE\software\winspycontrol
HKEY_LOCAL_MACHINE\software\winspycontrol
HKEY_LOCAL_MACHINE\software\winspycontrol\settings

Removing WinSpyControl:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Microsoft.Media.Server.Denial.of.Service.Attack DoS
TrojanDownloader.Win32.Small.nu Trojan Removal instruction
Removing Daum Hijacker

Posted by at No comments:

IP Adware

This summary is not available. Please click here to view the post.
Posted by at No comments:

cl Trojan

Removing cl
Categories: Trojan,Adware
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

How to detect cl:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing cl:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing PSW.Mewey Trojan
Banker.CNQ Trojan Cleaner

Posted by at No comments:

Coced.ASPask!PWS!Troja Trojan

Removing Coced.ASPask!PWS!Troja
Categories: Trojan,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.
Visible Symptoms:
Files in system folders:
[%COMMON_DOCUMENTS%]\Program\Zipclix\zipclix.dll
[%COMMON_DOCUMENTS%]\Program\Zipclix\zipclix.dll

How to detect Coced.ASPask!PWS!Troja:

Files:
[%COMMON_DOCUMENTS%]\Program\Zipclix\zipclix.dll
[%COMMON_DOCUMENTS%]\Program\Zipclix\zipclix.dll

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\zipclix
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\zipclix

Removing Coced.ASPask!PWS!Troja:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Foqerc DoS
ComLoad RAT Removal instruction
Pigeon.ABD Trojan Cleaner

Posted by at No comments:

Internal.Revise Trojan

Removing Internal.Revise
Categories: Trojan,Backdoor,RAT
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
Internal.Revise Also known as:

[Kaspersky]Backdoor.InternalRevise.10,Backdoor.Win32.InternalRevise.10;
[Eset]Win32/DarkConnection.1_2.Server trojan;
[McAfee]BackDoor-TB;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/InternalRevise.10;
[Computer Associates]Backdoor/InternalRevise.10!Serve,Win32.InternalRevise.10
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\systray32c.exe
[%WINDOWS%]\system\systray32c.exe

How to detect Internal.Revise:

Files:
[%WINDOWS%]\system\systray32c.exe
[%WINDOWS%]\system\systray32c.exe

Removing Internal.Revise:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Xenozbot Backdoor
TrojanSpy.Win32.Zhangyan Trojan Removal
Removing Pigeon.AJE Trojan
SillyDl.CLW Trojan Removal

Posted by at No comments:

system-processes.com Hijacker

Removing system-processes.com
Categories: Hijacker,Adware,Toolbar
When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\navshext.dll
[%SYSTEM%]\p.dat
[%SYSTEM%]\navshext.dll
[%SYSTEM%]\p.dat

How to detect system-processes.com:

Files:
[%SYSTEM%]\navshext.dll
[%SYSTEM%]\p.dat
[%SYSTEM%]\navshext.dll
[%SYSTEM%]\p.dat

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{c2eeb4fa-b6d6-41b9-9cfa-aba87f862bcb}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Startup
HKEY_LOCAL_MACHINE\SOFTWARE\System Process

Registry Values:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow

Removing system-processes.com:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Goreg Trojan Information
Win32.VB.gk Trojan Symptoms

Posted by at No comments:

Gold RAT

Removing Gold
Categories: RAT
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\ghookdll.dll
[%WINDOWS%]\system\sysexhook.exe
[%WINDOWS%]\system\ghookdll.dll
[%WINDOWS%]\system\sysexhook.exe

How to detect Gold:

Files:
[%WINDOWS%]\system\ghookdll.dll
[%WINDOWS%]\system\sysexhook.exe
[%WINDOWS%]\system\ghookdll.dll
[%WINDOWS%]\system\sysexhook.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Gold:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Decept Trojan Removal
Kol Trojan Cleaner
Pigeon.ENG Trojan Cleaner

Posted by at No comments:

MP.Bus RAT

Removing MP.Bus
Categories: RAT
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\mpower.exe
[%WINDOWS%]\mpowerk.dll
[%WINDOWS%]\mpower.exe
[%WINDOWS%]\mpowerk.dll

How to detect MP.Bus:

Files:
[%WINDOWS%]\mpower.exe
[%WINDOWS%]\mpowerk.dll
[%WINDOWS%]\mpower.exe
[%WINDOWS%]\mpowerk.dll

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing MP.Bus:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Win32.Revop Trojan
Removing Desktop.Snooper Spyware
Kukac.Turbo Trojan Cleaner
180Solutions.Seekmo Adware Cleaner
Tenbot Backdoor Removal

Posted by at No comments:

AdwareProtector Adware

Removing AdwareProtector
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

How to detect AdwareProtector:

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing AdwareProtector:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Porn.Popups Adware Symptoms
Win32.PSW.Rit Trojan Symptoms
Removing SillyDl.CSZ Trojan

Posted by at No comments:

Warefof Trojan

Removing Warefof
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Warefof Also known as:

[Kaspersky]AdWare.Win32.BHO.rs,AdWare.Win32.BHO.rh;
[McAfee]Puper.dll;
[Other]Win32/Warefof.A,Win32/Warefof.B,VirusProtectPro,Win32.Fuzfle.V
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\Helper\superfindout.dll
[%PROGRAM_FILES%]\Helper\superfindout.dll

How to detect Warefof:

Files:
[%PROGRAM_FILES%]\Helper\superfindout.dll
[%PROGRAM_FILES%]\Helper\superfindout.dll

Removing Warefof:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
ROISpy.com Tracking Cookie Removal

Posted by at No comments:

myCleanerPC Adware

Removing myCleanerPC
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\1.jpg
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\2.jpg
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\3.jpg
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\4.jpg
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\5.jpg
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\CleanerDefs.css
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\error.log
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\history.dat
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\schedule.dat
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\Signatures.dat
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\stats.log
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\user.dat
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\1.jpg
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\2.jpg
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\3.jpg
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\4.jpg
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\5.jpg
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\CleanerDefs.css
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\error.log
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\history.dat
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\schedule.dat
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\Signatures.dat
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\stats.log
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\user.dat

How to detect myCleanerPC:

Files:
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\1.jpg
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\2.jpg
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\3.jpg
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\4.jpg
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\5.jpg
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\CleanerDefs.css
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\error.log
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\history.dat
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\schedule.dat
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\Signatures.dat
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\stats.log
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\user.dat
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\1.jpg
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\2.jpg
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\3.jpg
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\4.jpg
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\5.jpg
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\CleanerDefs.css
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\error.log
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\history.dat
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\schedule.dat
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\Signatures.dat
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\stats.log
[%SYSTEM%]\Documents and Settings\All Users\Application Data\myCleanerPC\user.dat

Folders:
[%PROGRAM_FILES%]\myCleanerPC
[%APPDATA%]\myCleanerPC
[%PROGRAMS%]\myCleanerPC

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{41765812-f0d1-4837-9662-5fbcd9cc2dee}
HKEY_CLASSES_ROOT\clsid\{4f81b064-e53b-48cd-98dd-84abd18d4cbe}
HKEY_CLASSES_ROOT\clsid\{72556741-56fd-45a8-93da-ee5ee41b908a}
HKEY_CLASSES_ROOT\clsid\{9bd6a9a7-7d88-4658-8be4-1aa69174f8af}
HKEY_CLASSES_ROOT\clsid\{a582b627-ce65-4ba7-b44f-8b9609193c32}
HKEY_CLASSES_ROOT\clsid\{ab9f5dd2-427a-4ce3-9522-3756bf2f0048}
HKEY_CLASSES_ROOT\clsid\{ae94bd95-408c-4506-ba90-2faacb173927}
HKEY_CLASSES_ROOT\clsid\{b6b86368-2787-49b2-9054-f32b4b839af1}
HKEY_CLASSES_ROOT\clsid\{f30973b1-dd06-4885-8c39-ee3ced95061f}
HKEY_CLASSES_ROOT\interface\{1295e3d3-fdc8-4a3e-8e60-c6031601d08d}
HKEY_CLASSES_ROOT\interface\{14627bd3-6c96-4b5f-aa47-941cb370bb94}
HKEY_CLASSES_ROOT\interface\{244db87b-7310-46db-a7b8-651b8aec8648}
HKEY_CLASSES_ROOT\interface\{26953a7a-bc68-496e-a479-ae975b0bfc6a}
HKEY_CLASSES_ROOT\interface\{7265b88d-c685-4290-8b25-3659f8626031}
HKEY_CLASSES_ROOT\interface\{908099c8-e0c7-4787-b084-96f915383598}
HKEY_CLASSES_ROOT\interface\{af6015bd-186a-4e60-a08e-0fc1c53324d9}
HKEY_CLASSES_ROOT\interface\{bc978724-6c36-4f11-9a63-e85834ba344f}
HKEY_CLASSES_ROOT\interface\{cc03d597-a404-4b95-8544-fd215925b677}
HKEY_CLASSES_ROOT\interface\{dba4c028-544c-4d46-8d96-87e12b655cdd}
HKEY_CLASSES_ROOT\interface\{fa6eea37-5d54-490f-801e-dc0ad91c1045}
HKEY_CLASSES_ROOT\interface\{fc912f2e-a101-4015-b822-7d2d71d15545}
HKEY_CLASSES_ROOT\typelib\{472fa6ed-4a44-49ba-8241-7ca38806c618}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\mycleanerpc

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls

Removing myCleanerPC:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Joiner Trojan
Win32.Agent.wc Trojan Cleaner
Espile Trojan Symptoms
Dowque.AAZ Trojan Removal instruction

Posted by at No comments:

Loki Trojan

Removing Loki
Categories: Trojan,Backdoor,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.
Loki Also known as:

[Panda]Loki.1234.1st;
[Computer Associates]Loki
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\EaslME.exe
[%PROFILE_TEMP%]\EFJa7E.exe
[%PROFILE_TEMP%]\OaKDu7.exe
[%PROGRAM_FILES%]\default.skn
[%PROGRAM_FILES%]\skins\default.skn
[%SYSTEM%]\acsproxy.lib
[%SYSTEM%]\bw6mds51.ocx
[%SYSTEM%]\chat.dat
[%SYSTEM%]\ezines.dat
[%SYSTEM%]\home.dat
[%SYSTEM%]\imgconv.dll
[%SYSTEM%]\longtimer.ocx
[%SYSTEM%]\mciwndx.ocx
[%SYSTEM%]\olelib.tlb
[%SYSTEM%]\paysites.dat
[%SYSTEM%]\pics.dat
[%SYSTEM%]\unregister.exe
[%SYSTEM%]\VIC32.DLL
[%SYSTEM%]\videos.dat
[%WINDOWS%]\alchem.ini
[%WINDOWS%]\msbb.exe
[%PROFILE_TEMP%]\EaslME.exe
[%PROFILE_TEMP%]\EFJa7E.exe
[%PROFILE_TEMP%]\OaKDu7.exe
[%PROGRAM_FILES%]\default.skn
[%PROGRAM_FILES%]\skins\default.skn
[%SYSTEM%]\acsproxy.lib
[%SYSTEM%]\bw6mds51.ocx
[%SYSTEM%]\chat.dat
[%SYSTEM%]\ezines.dat
[%SYSTEM%]\home.dat
[%SYSTEM%]\imgconv.dll
[%SYSTEM%]\longtimer.ocx
[%SYSTEM%]\mciwndx.ocx
[%SYSTEM%]\olelib.tlb
[%SYSTEM%]\paysites.dat
[%SYSTEM%]\pics.dat
[%SYSTEM%]\unregister.exe
[%SYSTEM%]\VIC32.DLL
[%SYSTEM%]\videos.dat
[%WINDOWS%]\alchem.ini
[%WINDOWS%]\msbb.exe

How to detect Loki:

Files:
[%PROFILE_TEMP%]\EaslME.exe
[%PROFILE_TEMP%]\EFJa7E.exe
[%PROFILE_TEMP%]\OaKDu7.exe
[%PROGRAM_FILES%]\default.skn
[%PROGRAM_FILES%]\skins\default.skn
[%SYSTEM%]\acsproxy.lib
[%SYSTEM%]\bw6mds51.ocx
[%SYSTEM%]\chat.dat
[%SYSTEM%]\ezines.dat
[%SYSTEM%]\home.dat
[%SYSTEM%]\imgconv.dll
[%SYSTEM%]\longtimer.ocx
[%SYSTEM%]\mciwndx.ocx
[%SYSTEM%]\olelib.tlb
[%SYSTEM%]\paysites.dat
[%SYSTEM%]\pics.dat
[%SYSTEM%]\unregister.exe
[%SYSTEM%]\VIC32.DLL
[%SYSTEM%]\videos.dat
[%WINDOWS%]\alchem.ini
[%WINDOWS%]\msbb.exe
[%PROFILE_TEMP%]\EaslME.exe
[%PROFILE_TEMP%]\EFJa7E.exe
[%PROFILE_TEMP%]\OaKDu7.exe
[%PROGRAM_FILES%]\default.skn
[%PROGRAM_FILES%]\skins\default.skn
[%SYSTEM%]\acsproxy.lib
[%SYSTEM%]\bw6mds51.ocx
[%SYSTEM%]\chat.dat
[%SYSTEM%]\ezines.dat
[%SYSTEM%]\home.dat
[%SYSTEM%]\imgconv.dll
[%SYSTEM%]\longtimer.ocx
[%SYSTEM%]\mciwndx.ocx
[%SYSTEM%]\olelib.tlb
[%SYSTEM%]\paysites.dat
[%SYSTEM%]\pics.dat
[%SYSTEM%]\unregister.exe
[%SYSTEM%]\VIC32.DLL
[%SYSTEM%]\videos.dat
[%WINDOWS%]\alchem.ini
[%WINDOWS%]\msbb.exe

Folders:
[%PROGRAM_FILES_COMMON%]\totem shared
[%PROGRAM_FILES%]\search bar

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{771a1334-6b08-4a6b-aedc-cf994ba2cebe}
HKEY_CLASSES_ROOT\clsid\{dc341f1b-ec77-47be-8f58-96e83861cc5a}
HKEY_CLASSES_ROOT\interface\{90ce74cc-788a-4a00-b38d-cbca08cc9e8f}
HKEY_CLASSES_ROOT\interface\{bf06da8e-2beb-4816-9bbd-f7625246e245}
HKEY_CLASSES_ROOT\istx.installer.2
HKEY_CLASSES_ROOT\typelib\{cc257918-f435-4a33-8231-2b8195990cca}
HKEY_CLASSES_ROOT\typelib\{db447818-96b4-40df-8a55-720da496f514}
HKEY_CURRENT_USER\software\ist
HKEY_LOCAL_MACHINE\software\classes\appid\{11baf79b-530c-4200-a33d-48be83fc75be}
HKEY_LOCAL_MACHINE\software\classes\appid\{5fb747f9-320c-47b4-9ce8-545fb4f3ba81}
HKEY_LOCAL_MACHINE\software\classes\atltoolbar.tbar
HKEY_LOCAL_MACHINE\software\classes\atltoolbar.tbar.1
HKEY_LOCAL_MACHINE\software\classes\bho.bhoobject
HKEY_LOCAL_MACHINE\software\classes\bho.bhoobject.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{68706808-7097-4818-9aec-cb1a0e7aca51}
HKEY_LOCAL_MACHINE\software\classes\clsid\{98a8315e-667a-11d5-87a3-bb213c32b44b}
HKEY_LOCAL_MACHINE\software\classes\clsid\{aa8c93e1-7e5f-497e-b67c-cc8fe2a40d3b}
HKEY_LOCAL_MACHINE\software\classes\clsid\{f3e7ff6d-dca1-11d4-95df-00c0dfe9982c}
HKEY_LOCAL_MACHINE\software\classes\imgconv.clsimgconv
HKEY_LOCAL_MACHINE\software\classes\interface\{2ddd90d6-f153-4ea7-a324-4b2d83d1027e}
HKEY_LOCAL_MACHINE\software\classes\interface\{788bd7b7-fa4f-4fd3-b63e-e3fbc0aa7d0a}
HKEY_LOCAL_MACHINE\software\classes\interface\{79bf9dcd-c52d-4da8-b15e-ac2a88e96b0a}
HKEY_LOCAL_MACHINE\software\classes\interface\{7ed9e9b8-e1d4-4576-aec2-2a70bb3caa1c}
HKEY_LOCAL_MACHINE\software\classes\interface\{98a8315d-667a-11d5-87a3-bb213c32b44b}
HKEY_LOCAL_MACHINE\software\classes\interface\{98a8315f-667a-11d5-87a3-bb213c32b44b}
HKEY_LOCAL_MACHINE\software\classes\interface\{996b33c1-8e19-4f4f-ab6c-52a2c523b7d3}
HKEY_LOCAL_MACHINE\software\classes\interface\{9ce15eb5-6b39-4656-9e1f-2d219ee42e0e}
HKEY_LOCAL_MACHINE\software\classes\typelib\{17ed04b9-6c71-11d4-87a3-daa6b6b40e8f}
HKEY_LOCAL_MACHINE\software\classes\typelib\{7c9e9a74-1922-409e-ab46-e48784336c3a}
HKEY_LOCAL_MACHINE\software\classes\typelib\{b1c5c992-23df-4704-9f7a-155b575ed19a}
HKEY_LOCAL_MACHINE\software\classes\typelib\{d956a47d-73cd-4ee9-bbf7-b06c14100c41}
HKEY_LOCAL_MACHINE\software\classes\typelib\{f3e7ff6b-dca1-11d4-95df-00c0dfe9982c}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7C559105-9ECF-42B8-B3F7-832E75EDD959}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains\contentmatch.net
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:\windows\downloaded program files\istactivex.dll

Registry Values:
HKEY_LOCAL_MACHINE\software\classes\appid\atltoolbar.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer

Removing Loki:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Elza Trojan Symptoms
Remove LipGame Adware
Dismember Trojan Removal
Removing Bancos.IEC Trojan
Removing Qomar Trojan

Posted by at No comments:

Crusc Trojan

Removing Crusc
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Crusc Also known as:

[Kaspersky]Trojan-Proxy.Win32.Horst.be,Trojan-Proxy.Win32.Horst.cm,Trojan-Proxy.win32.Horst.be,Trojan-Proxy.Win32.Horst.bk,Trojan-Downloader.Win32.Agent.amc,Trojan-Proxy.Win32.Horst.z,Trojan-Downloader.Win32.Vivia.y;
[McAfee]Spam-Loot,Spam-loot;
[Other]TROJ_AGENT.CAH,Win32.Crusc.K,Win32/Crusc.H,TROJ_HORST.CM,Win32/Crusc.J,Trojan-Spy.Win32.Agent.nr,Trojan.Webus.G,Win32/Crusc.I,Trojan-Proxy.Win32.Horst.cg,Hacktool.Proxy,Win32/Crusc.Q,Trojan-Proxy.win32.Horst.bu,Win32/Crusc.R,Trojan-Proxy.Win32.Horst.bu,Win32/Crusc.P,trojan-backdoor-medbod,Win32/Crusc.M,Trojan.Zlob,Win32/Crusc.N,Backdoor.DMSpammer,Win32/Crusc.L,Win32/Crusc.O,Win32/Crusc.T,Win32/Crusc.S,TROJ_HORST.BU,Win32/Crusc.E,Win32/Crusc.F
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\14exmodul32e.d.exe
[%PROFILE_TEMP%]\17exmodul32d.1.exe
[%PROFILE_TEMP%]\17exmodul32s.4.exe
[%PROFILE_TEMP%]\18exmodul32d.1.exe
[%PROFILE_TEMP%]\18exmodul32s.4.exe
[%PROFILE_TEMP%]\19exmodul32c.3.exe
[%PROFILE_TEMP%]\1exmodul32d.1.exe
[%PROFILE_TEMP%]\22exmodul32s.4.exe
[%PROFILE_TEMP%]\24exinjs.h.exe
[%PROFILE_TEMP%]\27exmodul32s.4.exe
[%PROFILE_TEMP%]\3.modul32h2.exe
[%PROFILE_TEMP%]\30exmodul32d.1.exe
[%PROFILE_TEMP%]\37exmodul32s.4.exe
[%PROFILE_TEMP%]\41exmodul32d.b.exe
[%PROFILE_TEMP%]\46exmodul32s.4.exe
[%PROFILE_TEMP%]\48exmodul32d.1.exe
[%PROFILE_TEMP%]\49exinjs.h.exe
[%PROFILE_TEMP%]\49exmodul32d.1.exe
[%PROFILE_TEMP%]\5.modul32h2.exe
[%PROFILE_TEMP%]\53exmodul32s.4.exe
[%PROFILE_TEMP%]\54exmodul32e.d.exe
[%PROFILE_TEMP%]\57exmodul32s.4.exe
[%PROFILE_TEMP%]\58exmodul32s.4.exe
[%PROFILE_TEMP%]\6.modul32h2.exe
[%PROFILE_TEMP%]\61exmodul32s.4.exe
[%PROFILE_TEMP%]\62exmodul32d.b.exe
[%PROFILE_TEMP%]\64exmodul32d.4.exe
[%PROFILE_TEMP%]\69exmodul32c.3.exe
[%PROFILE_TEMP%]\69exmodul32e.d.exe
[%PROFILE_TEMP%]\71exmodul32c.3.exe
[%PROFILE_TEMP%]\71exmodul32d.7.exe
[%PROFILE_TEMP%]\72exmodul32d.8.exe
[%PROFILE_TEMP%]\73exmodul32s.4.exe
[%PROFILE_TEMP%]\81exmodul32e.d.exe
[%PROFILE_TEMP%]\82exmodul32d.8.exe
[%PROFILE_TEMP%]\83exinjs.h.exe
[%PROFILE_TEMP%]\86exmodul32d.1.exe
[%PROFILE_TEMP%]\92exinjs.h.exe
[%PROFILE_TEMP%]\94exmodul32e.d.exe
[%PROFILE_TEMP%]\96exmodul32c.3.exe
[%PROFILE_TEMP%]\96exmodul32e.d.exe
[%PROFILE_TEMP%]\98exmodul32d.1.exe
[%PROFILE_TEMP%]\modul32c.3.exe
[%PROFILE_TEMP%]\modul32d.1.exe
[%PROFILE_TEMP%]\modul32d.4.exe
[%PROFILE_TEMP%]\modul32d.7.exe
[%PROFILE_TEMP%]\modul32d.8.exe
[%PROFILE_TEMP%]\modul32d.b.exe
[%PROFILE_TEMP%]\14exmodul32e.d.exe
[%PROFILE_TEMP%]\17exmodul32d.1.exe
[%PROFILE_TEMP%]\17exmodul32s.4.exe
[%PROFILE_TEMP%]\18exmodul32d.1.exe
[%PROFILE_TEMP%]\18exmodul32s.4.exe
[%PROFILE_TEMP%]\19exmodul32c.3.exe
[%PROFILE_TEMP%]\1exmodul32d.1.exe
[%PROFILE_TEMP%]\22exmodul32s.4.exe
[%PROFILE_TEMP%]\24exinjs.h.exe
[%PROFILE_TEMP%]\27exmodul32s.4.exe
[%PROFILE_TEMP%]\3.modul32h2.exe
[%PROFILE_TEMP%]\30exmodul32d.1.exe
[%PROFILE_TEMP%]\37exmodul32s.4.exe
[%PROFILE_TEMP%]\41exmodul32d.b.exe
[%PROFILE_TEMP%]\46exmodul32s.4.exe
[%PROFILE_TEMP%]\48exmodul32d.1.exe
[%PROFILE_TEMP%]\49exinjs.h.exe
[%PROFILE_TEMP%]\49exmodul32d.1.exe
[%PROFILE_TEMP%]\5.modul32h2.exe
[%PROFILE_TEMP%]\53exmodul32s.4.exe
[%PROFILE_TEMP%]\54exmodul32e.d.exe
[%PROFILE_TEMP%]\57exmodul32s.4.exe
[%PROFILE_TEMP%]\58exmodul32s.4.exe
[%PROFILE_TEMP%]\6.modul32h2.exe
[%PROFILE_TEMP%]\61exmodul32s.4.exe
[%PROFILE_TEMP%]\62exmodul32d.b.exe
[%PROFILE_TEMP%]\64exmodul32d.4.exe
[%PROFILE_TEMP%]\69exmodul32c.3.exe
[%PROFILE_TEMP%]\69exmodul32e.d.exe
[%PROFILE_TEMP%]\71exmodul32c.3.exe
[%PROFILE_TEMP%]\71exmodul32d.7.exe
[%PROFILE_TEMP%]\72exmodul32d.8.exe
[%PROFILE_TEMP%]\73exmodul32s.4.exe
[%PROFILE_TEMP%]\81exmodul32e.d.exe
[%PROFILE_TEMP%]\82exmodul32d.8.exe
[%PROFILE_TEMP%]\83exinjs.h.exe
[%PROFILE_TEMP%]\86exmodul32d.1.exe
[%PROFILE_TEMP%]\92exinjs.h.exe
[%PROFILE_TEMP%]\94exmodul32e.d.exe
[%PROFILE_TEMP%]\96exmodul32c.3.exe
[%PROFILE_TEMP%]\96exmodul32e.d.exe
[%PROFILE_TEMP%]\98exmodul32d.1.exe
[%PROFILE_TEMP%]\modul32c.3.exe
[%PROFILE_TEMP%]\modul32d.1.exe
[%PROFILE_TEMP%]\modul32d.4.exe
[%PROFILE_TEMP%]\modul32d.7.exe
[%PROFILE_TEMP%]\modul32d.8.exe
[%PROFILE_TEMP%]\modul32d.b.exe

How to detect Crusc:

Files:
[%PROFILE_TEMP%]\14exmodul32e.d.exe
[%PROFILE_TEMP%]\17exmodul32d.1.exe
[%PROFILE_TEMP%]\17exmodul32s.4.exe
[%PROFILE_TEMP%]\18exmodul32d.1.exe
[%PROFILE_TEMP%]\18exmodul32s.4.exe
[%PROFILE_TEMP%]\19exmodul32c.3.exe
[%PROFILE_TEMP%]\1exmodul32d.1.exe
[%PROFILE_TEMP%]\22exmodul32s.4.exe
[%PROFILE_TEMP%]\24exinjs.h.exe
[%PROFILE_TEMP%]\27exmodul32s.4.exe
[%PROFILE_TEMP%]\3.modul32h2.exe
[%PROFILE_TEMP%]\30exmodul32d.1.exe
[%PROFILE_TEMP%]\37exmodul32s.4.exe
[%PROFILE_TEMP%]\41exmodul32d.b.exe
[%PROFILE_TEMP%]\46exmodul32s.4.exe
[%PROFILE_TEMP%]\48exmodul32d.1.exe
[%PROFILE_TEMP%]\49exinjs.h.exe
[%PROFILE_TEMP%]\49exmodul32d.1.exe
[%PROFILE_TEMP%]\5.modul32h2.exe
[%PROFILE_TEMP%]\53exmodul32s.4.exe
[%PROFILE_TEMP%]\54exmodul32e.d.exe
[%PROFILE_TEMP%]\57exmodul32s.4.exe
[%PROFILE_TEMP%]\58exmodul32s.4.exe
[%PROFILE_TEMP%]\6.modul32h2.exe
[%PROFILE_TEMP%]\61exmodul32s.4.exe
[%PROFILE_TEMP%]\62exmodul32d.b.exe
[%PROFILE_TEMP%]\64exmodul32d.4.exe
[%PROFILE_TEMP%]\69exmodul32c.3.exe
[%PROFILE_TEMP%]\69exmodul32e.d.exe
[%PROFILE_TEMP%]\71exmodul32c.3.exe
[%PROFILE_TEMP%]\71exmodul32d.7.exe
[%PROFILE_TEMP%]\72exmodul32d.8.exe
[%PROFILE_TEMP%]\73exmodul32s.4.exe
[%PROFILE_TEMP%]\81exmodul32e.d.exe
[%PROFILE_TEMP%]\82exmodul32d.8.exe
[%PROFILE_TEMP%]\83exinjs.h.exe
[%PROFILE_TEMP%]\86exmodul32d.1.exe
[%PROFILE_TEMP%]\92exinjs.h.exe
[%PROFILE_TEMP%]\94exmodul32e.d.exe
[%PROFILE_TEMP%]\96exmodul32c.3.exe
[%PROFILE_TEMP%]\96exmodul32e.d.exe
[%PROFILE_TEMP%]\98exmodul32d.1.exe
[%PROFILE_TEMP%]\modul32c.3.exe
[%PROFILE_TEMP%]\modul32d.1.exe
[%PROFILE_TEMP%]\modul32d.4.exe
[%PROFILE_TEMP%]\modul32d.7.exe
[%PROFILE_TEMP%]\modul32d.8.exe
[%PROFILE_TEMP%]\modul32d.b.exe
[%PROFILE_TEMP%]\14exmodul32e.d.exe
[%PROFILE_TEMP%]\17exmodul32d.1.exe
[%PROFILE_TEMP%]\17exmodul32s.4.exe
[%PROFILE_TEMP%]\18exmodul32d.1.exe
[%PROFILE_TEMP%]\18exmodul32s.4.exe
[%PROFILE_TEMP%]\19exmodul32c.3.exe
[%PROFILE_TEMP%]\1exmodul32d.1.exe
[%PROFILE_TEMP%]\22exmodul32s.4.exe
[%PROFILE_TEMP%]\24exinjs.h.exe
[%PROFILE_TEMP%]\27exmodul32s.4.exe
[%PROFILE_TEMP%]\3.modul32h2.exe
[%PROFILE_TEMP%]\30exmodul32d.1.exe
[%PROFILE_TEMP%]\37exmodul32s.4.exe
[%PROFILE_TEMP%]\41exmodul32d.b.exe
[%PROFILE_TEMP%]\46exmodul32s.4.exe
[%PROFILE_TEMP%]\48exmodul32d.1.exe
[%PROFILE_TEMP%]\49exinjs.h.exe
[%PROFILE_TEMP%]\49exmodul32d.1.exe
[%PROFILE_TEMP%]\5.modul32h2.exe
[%PROFILE_TEMP%]\53exmodul32s.4.exe
[%PROFILE_TEMP%]\54exmodul32e.d.exe
[%PROFILE_TEMP%]\57exmodul32s.4.exe
[%PROFILE_TEMP%]\58exmodul32s.4.exe
[%PROFILE_TEMP%]\6.modul32h2.exe
[%PROFILE_TEMP%]\61exmodul32s.4.exe
[%PROFILE_TEMP%]\62exmodul32d.b.exe
[%PROFILE_TEMP%]\64exmodul32d.4.exe
[%PROFILE_TEMP%]\69exmodul32c.3.exe
[%PROFILE_TEMP%]\69exmodul32e.d.exe
[%PROFILE_TEMP%]\71exmodul32c.3.exe
[%PROFILE_TEMP%]\71exmodul32d.7.exe
[%PROFILE_TEMP%]\72exmodul32d.8.exe
[%PROFILE_TEMP%]\73exmodul32s.4.exe
[%PROFILE_TEMP%]\81exmodul32e.d.exe
[%PROFILE_TEMP%]\82exmodul32d.8.exe
[%PROFILE_TEMP%]\83exinjs.h.exe
[%PROFILE_TEMP%]\86exmodul32d.1.exe
[%PROFILE_TEMP%]\92exinjs.h.exe
[%PROFILE_TEMP%]\94exmodul32e.d.exe
[%PROFILE_TEMP%]\96exmodul32c.3.exe
[%PROFILE_TEMP%]\96exmodul32e.d.exe
[%PROFILE_TEMP%]\98exmodul32d.1.exe
[%PROFILE_TEMP%]\modul32c.3.exe
[%PROFILE_TEMP%]\modul32d.1.exe
[%PROFILE_TEMP%]\modul32d.4.exe
[%PROFILE_TEMP%]\modul32d.7.exe
[%PROFILE_TEMP%]\modul32d.8.exe
[%PROFILE_TEMP%]\modul32d.b.exe

Removing Crusc:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Win32.NTRootKit Backdoor
Remove Pss Trojan
Lynch0 Trojan Removal instruction

Posted by at No comments:

ICMP.Cmd RAT

Removing ICMP.Cmd
Categories: RAT
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

How to detect ICMP.Cmd:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing ICMP.Cmd:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Neuropath Trojan
TrojanDownloader.Win32.Hatcher Trojan Removal
Serstroy Trojan Cleaner
Remove Spax! Trojan
Remove Inv.Evil Trojan

Posted by at No comments:

AccessMembre Adware

Removing AccessMembre
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

How to detect AccessMembre:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{d1b80ebf-1a26-4fec-b0b9-dcb934c6507e}
HKEY_CLASSES_ROOT\typelib\{a41c6220-6f42-4646-b119-fbe6f4d38e3c}

Removing AccessMembre:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.EHL Trojan Information
Psaft Trojan Removal instruction
Removing Win32.VB.ew Trojan
Shah.version RAT Information

Posted by at No comments:

Dialer.RAS.aj Adware

Removing Dialer.RAS.aj
Categories: Adware,BHO,Hijacker,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.
Dialer.RAS.aj Also known as:

[McAfee]Dialer-RAS.aj;
[Panda]Adware/Xupiter,Dialer.Gen
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\downloaded program files\xupitertoolbarloader.inf
[%WINDOWS%]\temp\xupitertoolbarinstaller.exe
[%PROFILE_TEMP%]\msgc.tmp10703064614618.exe
[%SYSTEM%]\t.dll
[%SYSTEM%]\xtupdate.dll
[%SYSTEM%]\xupitertoolbar.dll
[%WINDOWS%]\system\t.dll
[%WINDOWS%]\system\xtupdate.dll
[%WINDOWS%]\system\xupitertoolbar.dll
[%WINDOWS%]\downloaded program files\xupitertoolbarloader.inf
[%WINDOWS%]\temp\xupitertoolbarinstaller.exe
[%PROFILE_TEMP%]\msgc.tmp10703064614618.exe
[%SYSTEM%]\t.dll
[%SYSTEM%]\xtupdate.dll
[%SYSTEM%]\xupitertoolbar.dll
[%WINDOWS%]\system\t.dll
[%WINDOWS%]\system\xtupdate.dll
[%WINDOWS%]\system\xupitertoolbar.dll

How to detect Dialer.RAS.aj:

Files:
[%WINDOWS%]\downloaded program files\xupitertoolbarloader.inf
[%WINDOWS%]\temp\xupitertoolbarinstaller.exe
[%PROFILE_TEMP%]\msgc.tmp10703064614618.exe
[%SYSTEM%]\t.dll
[%SYSTEM%]\xtupdate.dll
[%SYSTEM%]\xupitertoolbar.dll
[%WINDOWS%]\system\t.dll
[%WINDOWS%]\system\xtupdate.dll
[%WINDOWS%]\system\xupitertoolbar.dll
[%WINDOWS%]\downloaded program files\xupitertoolbarloader.inf
[%WINDOWS%]\temp\xupitertoolbarinstaller.exe
[%PROFILE_TEMP%]\msgc.tmp10703064614618.exe
[%SYSTEM%]\t.dll
[%SYSTEM%]\xtupdate.dll
[%SYSTEM%]\xupitertoolbar.dll
[%WINDOWS%]\system\t.dll
[%WINDOWS%]\system\xtupdate.dll
[%WINDOWS%]\system\xupitertoolbar.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{6e6dd93e-1fc3-4f43-8afb-1b7b90c9d3eb}
HKEY_CLASSES_ROOT\interface\{1a8b567b-bd3f-44a1-8b94-f50d37a1914e}
HKEY_CLASSES_ROOT\interface\{3a021d2f-5f75-47f5-9bab-a137e1fb015f}
HKEY_CLASSES_ROOT\interface\{d686db39-659a-491a-a35c-60b99495c16e}
HKEY_CLASSES_ROOT\typelib\{43732063-1bda-45a0-bbee-13e014cb4041}
HKEY_CLASSES_ROOT\typelib\{909e0059-f545-42de-9d2c-cc4a3e336ec3}
HKEY_CLASSES_ROOT\typelib\{c6c2871f-7467-4a35-90fa-9e9894bc1916}
HKEY_CLASSES_ROOT\xtsearch.xtsearchhook
HKEY_CLASSES_ROOT\xtsearch.xtsearchhook.1
HKEY_CLASSES_ROOT\xtupdate.xt
HKEY_CLASSES_ROOT\xtupdate.xt.1
HKEY_CLASSES_ROOT\xupitertoolbar.band
HKEY_CLASSES_ROOT\xupitertoolbar.band.1
HKEY_CURRENT_USER\software\xupiter
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\sqwire
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\xupiter
HKEY_CLASSES_ROOT\clsid\{26fd5192-a97c-4b48-a5d7-2420cfdcfdf2}
HKEY_CLASSES_ROOT\clsid\{3c5ba506-6c30-4738-9ced-797acadea8dc}
HKEY_CLASSES_ROOT\clsid\{a27cfcae-9351-4d74-bffc-21eb19693d8c}
HKEY_CLASSES_ROOT\clsid\{d7b3e460-9968-4191-bd6f-beed1bc18482}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{2662bdd7-05d6-408f-b241-ff98face6054}
HKEY_CLASSES_ROOT\sqtoolbar.band
HKEY_CLASSES_ROOT\sqtoolbar.band.1
HKEY_CLASSES_ROOT\xtupdate.
HKEY_CLASSES_ROOT\xupitertoolbar
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\power search
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{280168bc-76bf-4cd0-b835-3d686efa8ddc}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{a27cfcae-9351-4d74-bffc-21eb19693d8c}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/wuinst.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/wuinst.dll
HKEY_CURRENT_USER\software\microsoft\internetexplorer\main
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/conflict.1/installer.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/conflict.1/installer.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/wuinst.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/wuinst.dll

Removing Dialer.RAS.aj:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
XDel Trojan Removal instruction
mindfire.com Tracking Cookie Removal

Posted by at No comments:

Borlan Trojan

Removing Borlan
Categories: Trojan,Adware
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Borlan Also known as:

[Kaspersky]AdWare.Win32.Boran.c,AdWare.Win32.Boran.i,AdWare.Win32.Boran.e,AdWare.Win32.Borlan.x,AdWare.Win32.Boran.ab,AdWare.Win32.Borlan.ab,AdWare.Win32.Boran.p,AdWare.Win32.Boran.w,AdWare.Win32.Boran.z,AdWare.Win32.Boran.ae,AdWare.Win32.Boran.o,AdWare.Win32.Borlan.aj,AdWare.Win32.Boran.ah,AdWare.Win32.Boran.bh;
[McAfee]Adware-Boran,Adware-Borlan,Adware-Boran-gen,Adware-Boran.gen,Adware-Borlan.gen,Generic PUP.g,Adware-Borlan.dr;
[F-Prot]W32/AdwareX.ADH,W32/OnlineGames.A.gen!Eldorado;
[Other]Adware.Borlan,AdWare.Borlan,Trojan Horse,Trojan.Win32.Agent.zl,Borlan.MMsAssist,W32/Boran.AH.dropper,Program:Win32/MMSAssist,W32/Boran.QI,W32/Borlan.AE.dropper,W32/Agent.CWZQ
Visible Symptoms:
Files in system folders:
[%RECENT%]\working.lnk
[%PROFILE%]\Recent\Albus.lnk
[%PROFILE%]\Recent\working.lnk
[%PROFILE_TEMP%]\13_386.exe
[%PROFILE_TEMP%]\DecFile.exe
[%PROFILE_TEMP%]\mms_661.exe
[%PROGRAM_FILES%]\vision\almms.dat
[%PROGRAM_FILES%]\vision\alvsn.dll
[%PROGRAM_FILES%]\vision\updateex.ini
[%PROGRAM_FILES%]\vision\updvsnex.ini
[%PROGRAM_FILES%]\vision\vision.dll
[%PROGRAM_FILES%]\vision\vision.ini
[%PROGRAM_FILES%]\vision\visver.dll
[%PROGRAM_FILES%]\ynxq\crbu.ini
[%PROGRAM_FILES%]\ynxq\etdw.dll
[%PROGRAM_FILES%]\ynxq\odng.lex
[%SYSTEM%]\00005119.DAT
[%SYSTEM%]\ad_2234.exe
[%SYSTEM%]\Albus.DAT
[%SYSTEM%]\albus.dll
[%SYSTEM%]\almms.dat
[%SYSTEM%]\alpst.dat
[%SYSTEM%]\alsmt.exe
[%SYSTEM%]\alstd.dat
[%SYSTEM%]\drivers\00005119.SYS
[%SYSTEM%]\drivers\00006397.SYS
[%SYSTEM%]\drivers\Albus.SYS
[%SYSTEM%]\drivers\iExplorer.exe
[%SYSTEM%]\std.ini
[%SYSTEM%]\stdact.ini
[%SYSTEM%]\stdd.ini
[%SYSTEM%]\stdplay.dll
[%SYSTEM%]\stdstub.dll
[%SYSTEM%]\STDSVER.DLL
[%SYSTEM%]\stdup.dll
[%SYSTEM%]\stdup.uni
[%SYSTEM%]\stdupnet.dll
[%SYSTEM%]\stdvote.dll
[%SYSTEM%]\updadini.ini
[%SYSTEM%]\updstdex.ini
[%SYSTEM%]\updstdup.ini
[%WINDOWS%]\Delrixing.bat
[%WINDOWS%]\Delskynet.bat
[%WINDOWS%]\Help\winmail.chm
[%RECENT%]\working.lnk
[%PROFILE%]\Recent\Albus.lnk
[%PROFILE%]\Recent\working.lnk
[%PROFILE_TEMP%]\13_386.exe
[%PROFILE_TEMP%]\DecFile.exe
[%PROFILE_TEMP%]\mms_661.exe
[%PROGRAM_FILES%]\vision\almms.dat
[%PROGRAM_FILES%]\vision\alvsn.dll
[%PROGRAM_FILES%]\vision\updateex.ini
[%PROGRAM_FILES%]\vision\updvsnex.ini
[%PROGRAM_FILES%]\vision\vision.dll
[%PROGRAM_FILES%]\vision\vision.ini
[%PROGRAM_FILES%]\vision\visver.dll
[%PROGRAM_FILES%]\ynxq\crbu.ini
[%PROGRAM_FILES%]\ynxq\etdw.dll
[%PROGRAM_FILES%]\ynxq\odng.lex
[%SYSTEM%]\00005119.DAT
[%SYSTEM%]\ad_2234.exe
[%SYSTEM%]\Albus.DAT
[%SYSTEM%]\albus.dll
[%SYSTEM%]\almms.dat
[%SYSTEM%]\alpst.dat
[%SYSTEM%]\alsmt.exe
[%SYSTEM%]\alstd.dat
[%SYSTEM%]\drivers\00005119.SYS
[%SYSTEM%]\drivers\00006397.SYS
[%SYSTEM%]\drivers\Albus.SYS
[%SYSTEM%]\drivers\iExplorer.exe
[%SYSTEM%]\std.ini
[%SYSTEM%]\stdact.ini
[%SYSTEM%]\stdd.ini
[%SYSTEM%]\stdplay.dll
[%SYSTEM%]\stdstub.dll
[%SYSTEM%]\STDSVER.DLL
[%SYSTEM%]\stdup.dll
[%SYSTEM%]\stdup.uni
[%SYSTEM%]\stdupnet.dll
[%SYSTEM%]\stdvote.dll
[%SYSTEM%]\updadini.ini
[%SYSTEM%]\updstdex.ini
[%SYSTEM%]\updstdup.ini
[%WINDOWS%]\Delrixing.bat
[%WINDOWS%]\Delskynet.bat
[%WINDOWS%]\Help\winmail.chm

How to detect Borlan:

Files:
[%RECENT%]\working.lnk
[%PROFILE%]\Recent\Albus.lnk
[%PROFILE%]\Recent\working.lnk
[%PROFILE_TEMP%]\13_386.exe
[%PROFILE_TEMP%]\DecFile.exe
[%PROFILE_TEMP%]\mms_661.exe
[%PROGRAM_FILES%]\vision\almms.dat
[%PROGRAM_FILES%]\vision\alvsn.dll
[%PROGRAM_FILES%]\vision\updateex.ini
[%PROGRAM_FILES%]\vision\updvsnex.ini
[%PROGRAM_FILES%]\vision\vision.dll
[%PROGRAM_FILES%]\vision\vision.ini
[%PROGRAM_FILES%]\vision\visver.dll
[%PROGRAM_FILES%]\ynxq\crbu.ini
[%PROGRAM_FILES%]\ynxq\etdw.dll
[%PROGRAM_FILES%]\ynxq\odng.lex
[%SYSTEM%]\00005119.DAT
[%SYSTEM%]\ad_2234.exe
[%SYSTEM%]\Albus.DAT
[%SYSTEM%]\albus.dll
[%SYSTEM%]\almms.dat
[%SYSTEM%]\alpst.dat
[%SYSTEM%]\alsmt.exe
[%SYSTEM%]\alstd.dat
[%SYSTEM%]\drivers\00005119.SYS
[%SYSTEM%]\drivers\00006397.SYS
[%SYSTEM%]\drivers\Albus.SYS
[%SYSTEM%]\drivers\iExplorer.exe
[%SYSTEM%]\std.ini
[%SYSTEM%]\stdact.ini
[%SYSTEM%]\stdd.ini
[%SYSTEM%]\stdplay.dll
[%SYSTEM%]\stdstub.dll
[%SYSTEM%]\STDSVER.DLL
[%SYSTEM%]\stdup.dll
[%SYSTEM%]\stdup.uni
[%SYSTEM%]\stdupnet.dll
[%SYSTEM%]\stdvote.dll
[%SYSTEM%]\updadini.ini
[%SYSTEM%]\updstdex.ini
[%SYSTEM%]\updstdup.ini
[%WINDOWS%]\Delrixing.bat
[%WINDOWS%]\Delskynet.bat
[%WINDOWS%]\Help\winmail.chm
[%RECENT%]\working.lnk
[%PROFILE%]\Recent\Albus.lnk
[%PROFILE%]\Recent\working.lnk
[%PROFILE_TEMP%]\13_386.exe
[%PROFILE_TEMP%]\DecFile.exe
[%PROFILE_TEMP%]\mms_661.exe
[%PROGRAM_FILES%]\vision\almms.dat
[%PROGRAM_FILES%]\vision\alvsn.dll
[%PROGRAM_FILES%]\vision\updateex.ini
[%PROGRAM_FILES%]\vision\updvsnex.ini
[%PROGRAM_FILES%]\vision\vision.dll
[%PROGRAM_FILES%]\vision\vision.ini
[%PROGRAM_FILES%]\vision\visver.dll
[%PROGRAM_FILES%]\ynxq\crbu.ini
[%PROGRAM_FILES%]\ynxq\etdw.dll
[%PROGRAM_FILES%]\ynxq\odng.lex
[%SYSTEM%]\00005119.DAT
[%SYSTEM%]\ad_2234.exe
[%SYSTEM%]\Albus.DAT
[%SYSTEM%]\albus.dll
[%SYSTEM%]\almms.dat
[%SYSTEM%]\alpst.dat
[%SYSTEM%]\alsmt.exe
[%SYSTEM%]\alstd.dat
[%SYSTEM%]\drivers\00005119.SYS
[%SYSTEM%]\drivers\00006397.SYS
[%SYSTEM%]\drivers\Albus.SYS
[%SYSTEM%]\drivers\iExplorer.exe
[%SYSTEM%]\std.ini
[%SYSTEM%]\stdact.ini
[%SYSTEM%]\stdd.ini
[%SYSTEM%]\stdplay.dll
[%SYSTEM%]\stdstub.dll
[%SYSTEM%]\STDSVER.DLL
[%SYSTEM%]\stdup.dll
[%SYSTEM%]\stdup.uni
[%SYSTEM%]\stdupnet.dll
[%SYSTEM%]\stdvote.dll
[%SYSTEM%]\updadini.ini
[%SYSTEM%]\updstdex.ini
[%SYSTEM%]\updstdup.ini
[%WINDOWS%]\Delrixing.bat
[%WINDOWS%]\Delskynet.bat
[%WINDOWS%]\Help\winmail.chm

Folders:
[%PROGRAM_FILES%]\mmsassist
[%PROGRAM_FILES%]\snbr
[%PROGRAM_FILES%]\sswv
[%PROGRAM_FILES%]\vision\updvsn
[%PROGRAM_FILES%]\vision\updvsnex
[%PROGRAM_FILES_COMMON%]\snbr
[%SYSTEM%]\stdcache
[%SYSTEM%]\updadini
[%SYSTEM%]\updstdex
[%SYSTEM%]\updstdup
[%WINDOWS%]\Temp\adgug
[%WINDOWS%]\Temp\inspstb
[%WINDOWS%]\Temp\insshell
[%WINDOWS%]\Temp\invison
[%WINDOWS%]\webwork
[%WINDOWS%]\wincup

Registry Keys:
HKEY_CURRENT_USER\software\rfo
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_albus
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_winwrcup
HKEY_CLASSES_ROOT\ad.axobj
HKEY_CLASSES_ROOT\ad.axobj.1
HKEY_CLASSES_ROOT\clsid\{0d24de39-9061-4377-881b-ee7b8af81c86}
HKEY_CLASSES_ROOT\clsid\{1978f4be-8d76-42cf-90bd-288ece576296}
HKEY_CLASSES_ROOT\clsid\{1fb890bf-76ff-46c5-848b-e3a11e1af06c}
HKEY_CLASSES_ROOT\clsid\{46d4ba6d-2d37-429e-b4b8-64c543dda7a2}
HKEY_CLASSES_ROOT\clsid\{4c611512-2c1d-44b2-a044-872ad2ad5a61}
HKEY_CLASSES_ROOT\clsid\{535fabd5-adfb-4dba-846e-8d022863089a}
HKEY_CLASSES_ROOT\clsid\{64223f78-e086-4fc0-97dd-d5f3f77928e7}
HKEY_CLASSES_ROOT\clsid\{6671a431-5c3d-463d-a7cf-5587f9b7e191}
HKEY_CLASSES_ROOT\clsid\{6671a432-5c3d-463d-a7cf-5587f9b7e191}
HKEY_CLASSES_ROOT\clsid\{6a512bf7-ec78-4e8d-9841-6c02e8fa9838}
HKEY_CLASSES_ROOT\clsid\{7117fb5e-7571-48e7-a9b0-5288412fe996}
HKEY_CLASSES_ROOT\clsid\{766c79d4-d442-41eb-880d-b0001cdf535e}
HKEY_CLASSES_ROOT\clsid\{8c592122-eacb-4c07-9c91-19974c7555f9}
HKEY_CLASSES_ROOT\clsid\{98ad3238-a23a-421a-8e0b-4bae8194ace8}
HKEY_CLASSES_ROOT\clsid\{98d3c58a-ea4d-4d7f-b03a-20e4bd03d8f6}
HKEY_CLASSES_ROOT\clsid\{9b220093-61bf-4aa6-aa0e-493c3ef2af27}
HKEY_CLASSES_ROOT\clsid\{ee658ba1-5ca4-4081-8934-a12ec93952ea}
HKEY_CLASSES_ROOT\clsid\{f15673f9-78f3-4ee8-b0d7-19575e37624a}
HKEY_CLASSES_ROOT\fbdf84372483f7693f63ff
HKEY_CLASSES_ROOT\insii.brins
HKEY_CLASSES_ROOT\interface\{74289a79-e652-4a57-a6b9-ee64ad532a8d}
HKEY_CLASSES_ROOT\interface\{74289a7a-e652-4a57-a6b9-ee64ad532a8d}
HKEY_CLASSES_ROOT\interface\{ab45ce36-c280-4525-bcf9-1bd01d3e4b57}
HKEY_CLASSES_ROOT\kfwjho.kfwjssist
HKEY_CLASSES_ROOT\kfwjho.kfwjssist.1
HKEY_CLASSES_ROOT\kfwjho.kfwjssistmenu
HKEY_CLASSES_ROOT\kfwjho.kfwjssistmenu.1
HKEY_CLASSES_ROOT\kuoqho.kuoqssist
HKEY_CLASSES_ROOT\kuoqho.kuoqssist.1
HKEY_CLASSES_ROOT\kuoqho.kuoqssistmenu
HKEY_CLASSES_ROOT\kuoqho.kuoqssistmenu.1
HKEY_CLASSES_ROOT\mmsbho.mmsassist
HKEY_CLASSES_ROOT\mmsbho.mmsassist.1
HKEY_CLASSES_ROOT\mmsbho.mmsassistmenu
HKEY_CLASSES_ROOT\mmsbho.mmsassistmenu.1
HKEY_CLASSES_ROOT\typelib\{077525ac-c681-4139-8c3e-b582bdd375c7}
HKEY_CLASSES_ROOT\typelib\{22f87d75-7dd1-4545-94b3-ca80c0f462c6}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{6a512bf7-ec78-4e8d-9841-6c02e8fa9838}
HKEY_LOCAL_MACHINE\software\fpjl
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{6671a433-5c3d-463d-a7cf-5587f9b7e191}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0d24de39-9061-4377-881b-ee7b8af81c86}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1fb890bf-76ff-46c5-848b-e3a11e1af06c}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{64223f78-e086-4fc0-97dd-d5f3f77928e7}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6671a431-5c3d-463d-a7cf-5587f9b7e191}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6a512bf7-ec78-4e8d-9841-6c02e8fa9838}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{766c79d4-d442-41eb-880d-b0001cdf535e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{98d3c58a-ea4d-4d7f-b03a-20e4bd03d8f6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{aaeba2c3-e5d5-413f-8a3f-ffe15e431853}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ee658ba1-5ca4-4081-8934-a12ec93952ea}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{f15673f9-78f3-4ee8-b0d7-19575e37624a}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\mmsassist
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\mwqs
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\vision communicate
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\webwork
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\winwrcup
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{0c5c8e9a-48ba-4d26-aa01-2e1d4dc14718}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{6a512bf7-ec78-4e8d-9841-6c02e8fa9838}
HKEY_LOCAL_MACHINE\software\mmsassist
HKEY_LOCAL_MACHINE\software\stdup
HKEY_LOCAL_MACHINE\system\controlset001\services\stdservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_jmediaservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_mhvl
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_mwqs
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_stdservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_stdupnet
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_visionservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\albus
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\jmediaservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\mhvl
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\mwqs
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\stdservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\stdupnet
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\visionservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winwrcup

Registry Values:
HKEY_CLASSES_ROOT\clsid\{3f264c6c-7a80-44c6-b1ff-e8b4da4d1e9f}\inprocserver32
HKEY_CLASSES_ROOT\clsid\{aaeba2c3-e5d5-413f-8a3f-ffe15e431853}\inprocserver32
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\mhvl
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\mhvl

Removing Borlan:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Husrtdo Trojan
Remove Win32.VB.OA.110592!Trojan Trojan
Removing Coreflood.DLL.Troja Trojan

Posted by at No comments:

Baigoo Adware

Removing Baigoo
Categories: Adware,Hijacker
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.
Baigoo Also known as:

[Kaspersky]AdWare.Win32.Baigoo.a;
[Other]W32/BHO.H!tr.dldr,Win32/Adware.Toolbar.Baigoo application
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\rv40.dll
[%SYSTEM%]\bg50.exe
[%SYSTEM%]\rv40.dll
[%SYSTEM%]\bg50.exe

How to detect Baigoo:

Files:
[%SYSTEM%]\rv40.dll
[%SYSTEM%]\bg50.exe
[%SYSTEM%]\rv40.dll
[%SYSTEM%]\bg50.exe

Folders:
[%PROGRAM_FILES%]\baigoo

Registry Keys:
HKEY_CLASSES_ROOT\appid\{40ef7ccc-71fe-4615-a0ca-d373f8c2ac88}
HKEY_CLASSES_ROOT\bgoobho.status
HKEY_CLASSES_ROOT\bgoobho.status.1
HKEY_CLASSES_ROOT\bgoosrv.htmlpaser
HKEY_CLASSES_ROOT\bgoosrv.htmlpaser.1
HKEY_CLASSES_ROOT\clsid\{18439a22-67a7-4a82-abb6-82977555ac9b}
HKEY_CLASSES_ROOT\interface\{0bfd5815-6072-41d8-bca5-7768ed97a079}
HKEY_CLASSES_ROOT\interface\{32cfa498-08be-4bb7-b362-85ee3bed4617}
HKEY_CLASSES_ROOT\interface\{5cd25f44-7f74-432d-aa30-4031fe28c326}
HKEY_CLASSES_ROOT\typelib\{6b01a4af-1ab1-47fe-bf1b-1d1583d2b2c0}
HKEY_CLASSES_ROOT\baigooex.update
HKEY_CLASSES_ROOT\baigooex.update.1
HKEY_CLASSES_ROOT\baigoopm.bhohelper
HKEY_CLASSES_ROOT\baigoopm.bhohelper.1
HKEY_CLASSES_ROOT\baigoopm.browserobject
HKEY_CLASSES_ROOT\baigoopm.browserobject.1
HKEY_CLASSES_ROOT\clsid\{7905958a-18c2-4139-9957-ae6f2b754818}
HKEY_CLASSES_ROOT\clsid\{7bdaf75a-0d6f-4f50-afe9-333d08df4005}
HKEY_CLASSES_ROOT\clsid\{808eaf87-61b8-4eea-8b85-27480d1bdbee}
HKEY_CLASSES_ROOT\clsid\{8816ea7a-5944-4277-b98e-2c0a46fb36e9}
HKEY_CLASSES_ROOT\interface\{427263c1-fe45-4ef7-8765-318395f7d795}
HKEY_CLASSES_ROOT\interface\{73d898cc-32ae-4c08-a4ba-2142fccdb9ce}
HKEY_CLASSES_ROOT\interface\{a20b50fb-d4b9-4637-83db-72253a2e3d53}
HKEY_CLASSES_ROOT\typelib\{9dc44a38-b772-47f8-a406-054f842ec7c5}
HKEY_CURRENT_USER\software\baigoo
HKEY_LOCAL_MACHINE\software\baigoo
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7bdaf75a-0d6f-4f50-afe9-333d08df4005}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8465d755-afe0-40ef-bc5e-2290d2c1f31f}

Registry Values:
HKEY_CLASSES_ROOT\appid\mtsrv.exe
HKEY_CLASSES_ROOT\appid\mtsrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{6c893032-1e26-4409-ba26-ed6c6007dca6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{6c893032-1e26-4409-ba26-ed6c6007dca6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{6c893032-1e26-4409-ba26-ed6c6007dca6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{6c893032-1e26-4409-ba26-ed6c6007dca6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{6c893032-1e26-4409-ba26-ed6c6007dca6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{6c893032-1e26-4409-ba26-ed6c6007dca6}

Removing Baigoo:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Dowque.ABK Trojan Removal
Kazaalite.GratisDownloads Adware Removal instruction

Posted by at No comments:
Subscribe to: Posts (Atom)