Sunday, February 1, 2009

GuardCenter Ransomware

Removing GuardCenter
Categories: Ransomware
The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\GuardCenter.lnk
[%DESKTOP%]\GuardCenter.lnk

How to detect GuardCenter:

Files:
[%DESKTOP%]\GuardCenter.lnk
[%DESKTOP%]\GuardCenter.lnk

Folders:
[%PROGRAMS%]\GuardCenter
[%PROGRAM_FILES%]\GuardCenter

Registry Keys:
HKEY_CURRENT_USER\software\guardcenter
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\guardcenter
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\guardcenter

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing GuardCenter:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
VBS.Bogus Trojan Information
Bancos.GIG Trojan Symptoms
Remove Banload.BBA Trojan

Posted by at No comments:

PigSearch Trojan

Removing PigSearch
Categories: Trojan,Adware
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
PigSearch Also known as:

[Kaspersky]AdWare.Win32.WSearch.j,Trojan-Downloader.Win32.AdLoad.ji;
[McAfee]Adware-PigSearch;
[Other]Adware.PigSearch,W32/Adload.FPQ
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\CharSet.dll
[%SYSTEM%]\CreateDomTree.dll
[%SYSTEM%]\drivers\mspcidrv.sys
[%SYSTEM%]\CharSet.dll
[%SYSTEM%]\CreateDomTree.dll
[%SYSTEM%]\drivers\mspcidrv.sys

How to detect PigSearch:

Files:
[%SYSTEM%]\CharSet.dll
[%SYSTEM%]\CreateDomTree.dll
[%SYSTEM%]\drivers\mspcidrv.sys
[%SYSTEM%]\CharSet.dll
[%SYSTEM%]\CreateDomTree.dll
[%SYSTEM%]\drivers\mspcidrv.sys

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{8E25AC4A-B129-451B-BEE2-3B510BB751DA}
HKEY_CLASSES_ROOT\ntdll32.advance
HKEY_CLASSES_ROOT\ntdll32.advance.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E25AC4A-B129-451B-BEE2-3B510BB751DA}
HKEY_CLASSES_ROOT\clsid\{8e25ac4a-b129-451b-bee2-3b510bb751da}
HKEY_CLASSES_ROOT\clsid\{d0903a3b-f0ea-434a-9742-98c5335c7946}
HKEY_CLASSES_ROOT\iehelper.bho
HKEY_CLASSES_ROOT\iehelper.bho.1
HKEY_CLASSES_ROOT\interface\{900f9840-be29-48cc-8a4e-acad94164139}
HKEY_CLASSES_ROOT\typelib\{8899d7f9-c544-4bab-8cdc-d16c9d6b3af4}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8e25ac4a-b129-451b-bee2-3b510bb751da}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d0903a3b-f0ea-434a-9742-98c5335c7946}
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_mspcidrv
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\mspcidrv

Registry Values:
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\internet connection manager
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\internet connection manager
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\internet connection manager
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\internet connection manager
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\internet connection manager
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\internet connection manager
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\internet connection manager
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\internet connection manager\security
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\mspath

Removing PigSearch:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
LoseExec Trojan Information
Remove SillyDl.CTU Trojan

Posted by at No comments:

TrojanClicker.Win32.Delf.ab Trojan

Removing TrojanClicker.Win32.Delf.ab
Categories: Trojan,Adware
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
TrojanClicker.Win32.Delf.ab Also known as:

[Panda]Trj/Clicker.S
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\bvm202.dll
[%WINDOWS%]\bvm202.dll

How to detect TrojanClicker.Win32.Delf.ab:

Files:
[%WINDOWS%]\bvm202.dll
[%WINDOWS%]\bvm202.dll

Removing TrojanClicker.Win32.Delf.ab:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Asshole Trojan
Uniq Trojan Cleaner
ExefWrapper Trojan Removal
Win32.FormMail DoS Removal

Posted by at No comments:

Comet Adware

Removing Comet
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:
[%MYPICTURES%]\Funstuff\sinstaller2.exe
[%PROGRAM_FILES%]\Screensavers.com\SSSInst\bin\SSSInst.dll
[%PROGRAM_FILES%]\Screensavers.com\SSSInst\temp\pltbinst.exe
[%MYPICTURES%]\Funstuff\sinstaller2.exe
[%PROGRAM_FILES%]\Screensavers.com\SSSInst\bin\SSSInst.dll
[%PROGRAM_FILES%]\Screensavers.com\SSSInst\temp\pltbinst.exe

How to detect Comet:

Files:
[%MYPICTURES%]\Funstuff\sinstaller2.exe
[%PROGRAM_FILES%]\Screensavers.com\SSSInst\bin\SSSInst.dll
[%PROGRAM_FILES%]\Screensavers.com\SSSInst\temp\pltbinst.exe
[%MYPICTURES%]\Funstuff\sinstaller2.exe
[%PROGRAM_FILES%]\Screensavers.com\SSSInst\bin\SSSInst.dll
[%PROGRAM_FILES%]\Screensavers.com\SSSInst\temp\pltbinst.exe

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{722D2939-A14A-41A9-9EAC-AB8F4E295819}
HKEY_CLASSES_ROOT\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}
HKEY_CLASSES_ROOT\interface\{760aca60-79c3-4875-9d19-b14a5b3fea77}
HKEY_CLASSES_ROOT\interface\{883ea659-ed80-46f9-9ed2-83327f67789f}
HKEY_CLASSES_ROOT\interface\{b64c73d7-459e-4816-91f9-1348f8e36984}
HKEY_CLASSES_ROOT\screensaversinstaller.installer
HKEY_CLASSES_ROOT\screensaversinstaller.sinstaller
HKEY_CLASSES_ROOT\typelib\{0ab5b0d8-2b74-4c1c-8fa4-e52550b8b45b}
HKEY_CLASSES_ROOT\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}

Removing Comet:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing SmartTags BHO
Win95.CIH Trojan Symptoms
Removing Pigeon.EPI Trojan
Win32.Inteter Trojan Symptoms
Remove Net.Spy Backdoor

Posted by at No comments:

Wosrist Trojan

Removing Wosrist
Categories: Trojan,Adware,Hijacker,Downloader
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
Wosrist Also known as:

[Kaspersky]Trojan-Downloader.Win32.Agent.baw,Trojan-Spy.Win32.Agent.oy;
[Other]Troj/DwnLdr-FVD,Win32/Wosrist.A,Downloader,Win32.Wosrist.B,Infostealer
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\iexpl0re.exe
[%SYSTEM%]\aelupsvc32.dll
[%SYSTEM%]\drivers\wsfit32.sys
[%SYSTEM%]\exmple.dll
[%SYSTEM%]\sexmple.exe
[%WINDOWS%]\system\Setup-238.exe
[%WINDOWS%]\iexpl0re.exe
[%SYSTEM%]\aelupsvc32.dll
[%SYSTEM%]\drivers\wsfit32.sys
[%SYSTEM%]\exmple.dll
[%SYSTEM%]\sexmple.exe
[%WINDOWS%]\system\Setup-238.exe

How to detect Wosrist:

Files:
[%WINDOWS%]\iexpl0re.exe
[%SYSTEM%]\aelupsvc32.dll
[%SYSTEM%]\drivers\wsfit32.sys
[%SYSTEM%]\exmple.dll
[%SYSTEM%]\sexmple.exe
[%WINDOWS%]\system\Setup-238.exe
[%WINDOWS%]\iexpl0re.exe
[%SYSTEM%]\aelupsvc32.dll
[%SYSTEM%]\drivers\wsfit32.sys
[%SYSTEM%]\exmple.dll
[%SYSTEM%]\sexmple.exe
[%WINDOWS%]\system\Setup-238.exe

Registry Keys:
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_wsfit32
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wsfit32

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Wosrist:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Bionix Trojan

Posted by at No comments:

SpyAnytime.PC.Spy Spyware

Removing SpyAnytime.PC.Spy
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\keybhook.dll
[%SYSTEM%]\sa2help.chm
[%SYSTEM%]\sysmgr32.dat
[%DESKTOP%]\spyanytime pc spy.lnk
[%SYSTEM%]\sa2.lnk
[%WINDOWS%]\desktop\spyanytime pc spy.lnk
[%WINDOWS%]\start menu\programs\spyanytime pc spy online faq.lnk
[%SYSTEM%]\keybhook.dll
[%SYSTEM%]\sa2help.chm
[%SYSTEM%]\sysmgr32.dat
[%DESKTOP%]\spyanytime pc spy.lnk
[%SYSTEM%]\sa2.lnk
[%WINDOWS%]\desktop\spyanytime pc spy.lnk
[%WINDOWS%]\start menu\programs\spyanytime pc spy online faq.lnk

How to detect SpyAnytime.PC.Spy:

Files:
[%SYSTEM%]\keybhook.dll
[%SYSTEM%]\sa2help.chm
[%SYSTEM%]\sysmgr32.dat
[%DESKTOP%]\spyanytime pc spy.lnk
[%SYSTEM%]\sa2.lnk
[%WINDOWS%]\desktop\spyanytime pc spy.lnk
[%WINDOWS%]\start menu\programs\spyanytime pc spy online faq.lnk
[%SYSTEM%]\keybhook.dll
[%SYSTEM%]\sa2help.chm
[%SYSTEM%]\sysmgr32.dat
[%DESKTOP%]\spyanytime pc spy.lnk
[%SYSTEM%]\sa2.lnk
[%WINDOWS%]\desktop\spyanytime pc spy.lnk
[%WINDOWS%]\start menu\programs\spyanytime pc spy online faq.lnk

Folders:
[%PROGRAM_FILES_COMMON%]\microsoft shared\dao\system
[%APPDATA%]\sysdata
[%PROGRAMS%]\spyanytime pc spy
[%PROGRAM_FILES%]\common files\microsoft shared\dao\system
[%PROGRAM_FILES%]\waresight
[%PROGRAM_FILES_COMMON%]\sysdata

Removing SpyAnytime.PC.Spy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
DirectAds.McAfee Tracking Cookie Cleaner
SillyDl.CKN Trojan Information
ELF.Chsh.30!Rootkit!Trojan Trojan Symptoms
Remove LinkSponsor.com Tracking Cookie

Posted by at No comments:

Pigeon.AWE Trojan

Removing Pigeon.AWE
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

How to detect Pigeon.AWE:

Registry Values:
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_*00d6*00b4*00d0*00d0*00cf*00b5*00cd*00b3*00bb*00b9*00d4*00ad*00b9*00a6*00c4*00dc*00a1*00a3_*00d2*00aa*00cd*00a3*00d6*00b9*00b7*00fe*00ce*00f1
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_*00d6*00b4*00d0*00d0*00cf*00b5*00cd*00b3*00bb*00b9*00d4*00ad*00b9*00a6*00c4*00dc*00a1*00a3_*00d2*00aa*00cd*00a3*00d6*00b9*00b7*00fe*00ce*00f1\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_*00d6*00b4*00d0*00d0*00cf*00b5*00cd*00b3*00bb*00b9*00d4*00ad*00b9*00a6*00c4*00dc*00a1*00a3_*00d2*00aa*00cd*00a3*00d6*00b9*00b7*00fe*00ce*00f1\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_*00d6*00b4*00d0*00d0*00cf*00b5*00cd*00b3*00bb*00b9*00d4*00ad*00b9*00a6*00c4*00dc*00a1*00a3_*00d2*00aa*00cd*00a3*00d6*00b9*00b7*00fe*00ce*00f1\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_*00d6*00b4*00d0*00d0*00cf*00b5*00cd*00b3*00bb*00b9*00d4*00ad*00b9*00a6*00c4*00dc*00a1*00a3_*00d2*00aa*00cd*00a3*00d6*00b9*00b7*00fe*00ce*00f1\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_*00d6*00b4*00d0*00d0*00cf*00b5*00cd*00b3*00bb*00b9*00d4*00ad*00b9*00a6*00c4*00dc*00a1*00a3_*00d2*00aa*00cd*00a3*00d6*00b9*00b7*00fe*00ce*00f1\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_*00d6*00b4*00d0*00d0*00cf*00b5*00cd*00b3*00bb*00b9*00d4*00ad*00b9*00a6*00c4*00dc*00a1*00a3_*00d2*00aa*00cd*00a3*00d6*00b9*00b7*00fe*00ce*00f1\0000\control

Removing Pigeon.AWE:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.EDZ Trojan Symptoms
mixmarket.biz Tracking Cookie Removal

Posted by at No comments:

Key.Captor Spyware

Removing Key.Captor
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\spysplash.dat
[%WINDOWS%]\spysplash.dat

How to detect Key.Captor:

Files:
[%WINDOWS%]\spysplash.dat
[%WINDOWS%]\spysplash.dat

Folders:
[%PROGRAMS%]\Keycaptor
[%PROGRAM_FILES%]\KeyCaptor

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall

Removing Key.Captor:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Win32.Banker.ckj Trojan Removal

Posted by at No comments:

CFour RAT

Removing CFour
Categories: RAT
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\c4.exe
[%WINDOWS%]\system\c4.exe

How to detect CFour:

Files:
[%WINDOWS%]\system\c4.exe
[%WINDOWS%]\system\c4.exe

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing CFour:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Anyplay Adware Information
Removing Backdoor.Death.Server.family Trojan
VCL.Heevahava Trojan Cleaner
Bancos.HZO Trojan Removal instruction

Posted by at No comments:

Neol Backdoor

Removing Neol
Categories: Backdoor
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

How to detect Neol:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Neol:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Phishbank.AUB Trojan

Posted by at No comments:

BHOMoneyGainer Adware

Removing BHOMoneyGainer
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\shginasn.xml
[%WINDOWS%]\shginasn.xml

How to detect BHOMoneyGainer:

Files:
[%WINDOWS%]\shginasn.xml
[%WINDOWS%]\shginasn.xml

Registry Keys:
HKEY_CLASSES_ROOT\bookmark.bhomoneygainer
HKEY_CLASSES_ROOT\bookmark.bhomoneygainer.1
HKEY_CLASSES_ROOT\CLSID\{C815ACE8-3DBF-4FFD-8231-AB1D21E8B7EE}
HKEY_CLASSES_ROOT\interface\{feaa3402-e101-4abd-9337-bdeefc6d29ca}
HKEY_CLASSES_ROOT\typelib\{27195441-54b0-4dd3-820c-699ac3ef8d37}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{c815ace8-3dbf-4ffd-8231-ab1d21e8b7ee}
HKEY_LOCAL_MACHINE\software\iasadc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C815ACE8-3DBF-4FFD-8231-AB1D21E8B7EE}
HKEY_CLASSES_ROOT\clsid\{c815ace8-3dbf-4ffd-8231-ab1d21e8b7ee}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c815ace8-3dbf-4ffd-8231-ab1d21e8b7ee}

Removing BHOMoneyGainer:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Akosh Trojan
Removing Win32.Haxdoor Trojan

Posted by at No comments:

PerMedia Adware

Removing PerMedia
Categories: Adware,BHO
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.

How to detect PerMedia:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{8cdc6a46-08ab-435b-a3fa-7cc00e74ec9f}

Removing PerMedia:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing FDoS.Krate DoS
GayOL Backdoor Information

Posted by at No comments:

Yazzle Adware

Removing Yazzle
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\mfc42.dll
[%SYSTEM%]\msvcrt.dll
[%SYSTEM%]\olepro32.dll
[%SYSTEM%]\mfc42.dll
[%SYSTEM%]\msvcrt.dll
[%SYSTEM%]\olepro32.dll

How to detect Yazzle:

Files:
[%SYSTEM%]\mfc42.dll
[%SYSTEM%]\msvcrt.dll
[%SYSTEM%]\olepro32.dll
[%SYSTEM%]\mfc42.dll
[%SYSTEM%]\msvcrt.dll
[%SYSTEM%]\olepro32.dll

Registry Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{74CD40EA-EF77-4BAD-808A-B5982DA73F20}

Removing Yazzle:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove VB.fu Trojan

Posted by at No comments:

Randex.E Trojan

Removing Randex.E
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Visible Symptoms:
Files in system folders:
[%PROFILE%]\cmd.exe
[%PROFILE%]\start
[%PROFILE%]\cmd.exe
[%PROFILE%]\start

How to detect Randex.E:

Files:
[%PROFILE%]\cmd.exe
[%PROFILE%]\start
[%PROFILE%]\cmd.exe
[%PROFILE%]\start

Removing Randex.E:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Dowque.AFE Trojan Information
Removing countomat.com Tracking Cookie
Bombing Trojan Cleaner
Zhong Adware Information
Removing Qdial Adware

Posted by at No comments:

Tatss Adware

Removing Tatss
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\pgtools\init.dll
[%SYSTEM%]\pgtools\tataccess.ocx
[%SYSTEM%]\pgtools\tatss.dll
[%SYSTEM%]\pgtools\tatss.exe
[%SYSTEM%]\pgtools\init.dll
[%SYSTEM%]\pgtools\tataccess.ocx
[%SYSTEM%]\pgtools\tatss.dll
[%SYSTEM%]\pgtools\tatss.exe

How to detect Tatss:

Files:
[%SYSTEM%]\pgtools\init.dll
[%SYSTEM%]\pgtools\tataccess.ocx
[%SYSTEM%]\pgtools\tatss.dll
[%SYSTEM%]\pgtools\tatss.exe
[%SYSTEM%]\pgtools\init.dll
[%SYSTEM%]\pgtools\tataccess.ocx
[%SYSTEM%]\pgtools\tatss.dll
[%SYSTEM%]\pgtools\tatss.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Tatss:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
DP2DLB Trojan Information

Posted by at No comments:

Kongrid Trojan

Removing Kongrid
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Kongrid Also known as:

[Kaspersky]Trojan.Win32.Agent.ado,Virus.Win32.Agent.l;
[McAfee]BackDoor-DIQ,W32/Generic.y;
[Other]Win32/Kongrid.A,Backdoor:Win32/Difeqs.gen,W32/Agent.AWLA,W32.SillyFDC,Worm:Win32/SillyFDC,WORM_SILLYFDC.BN
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\cologsver.exe
[%SYSTEM%]\cscripts.exe
[%SYSTEM%]\xbox.dll
[%SYSTEM%]\cologsver.exe
[%SYSTEM%]\cscripts.exe
[%SYSTEM%]\xbox.dll

How to detect Kongrid:

Files:
[%SYSTEM%]\cologsver.exe
[%SYSTEM%]\cscripts.exe
[%SYSTEM%]\xbox.dll
[%SYSTEM%]\cologsver.exe
[%SYSTEM%]\cscripts.exe
[%SYSTEM%]\xbox.dll

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{72637363-7069-7374-652e-336d65747300}

Removing Kongrid:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Win32.VB.gf Trojan Information
Squatter Trojan Symptoms
Jura6235 Trojan Cleaner
Desktop.Authority RAT Information
Andum Trojan Removal instruction

Posted by at No comments:

ahv Downloader

Removing ahv
Categories: Downloader
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

How to detect ahv:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run, w034b6b0.dll=rundll32.exe w034b6b0.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run, w07124c8.dll=rundll32.exe w07124c8.dll

Removing ahv:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove AolImSpammer Trojan
Pigeon.AVPM Trojan Removal instruction
Removing SillyDl.CID Downloader
Removing sensis.com.au Tracking Cookie

Posted by at No comments:

Freddy.ASE RAT

Removing Freddy.ASE
Categories: RAT
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\wintool.exe
[%WINDOWS%]\wintool.exe

How to detect Freddy.ASE:

Files:
[%WINDOWS%]\wintool.exe
[%WINDOWS%]\wintool.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Freddy.ASE:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Nulware Spyware Symptoms

Posted by at No comments:

Zlob.Fam.VideoAccess Trojan

Removing Zlob.Fam.VideoAccess
Categories: Trojan,Popups
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware is the class of programs that place advertisements on your screen.
These may be in the form of pop-ups, pop-unders, advertisements embedded in programs,
advertisements placed on top of ads in web sites, or any other way the authors can
think of showing you an ad.

The pop-ups generally will not be stopped by pop-up stoppers, and often are
not dependent on your having Internet Explorer open.
They may show up when you are playing a game, writing a document, listening to music,
or anything else. Should you be surfing, the advertisements will often be related to
the web page you are viewing.
Visible Symptoms:
Files in system folders:
[%PROGRAMS%]\VideoAccess\Uninstall.lnk
[%PROGRAM_FILES%]\VideoAccess\Uninstall.exe
[%PROGRAMS%]\VideoAccess\Uninstall.lnk
[%PROGRAM_FILES%]\VideoAccess\Uninstall.exe

How to detect Zlob.Fam.VideoAccess:

Files:
[%PROGRAMS%]\VideoAccess\Uninstall.lnk
[%PROGRAM_FILES%]\VideoAccess\Uninstall.exe
[%PROGRAMS%]\VideoAccess\Uninstall.lnk
[%PROGRAM_FILES%]\VideoAccess\Uninstall.exe

Folders:
[%PROGRAMS%]\VideoAccess
[%PROGRAM_FILES%]\VideoAccess

Registry Keys:
HKEY_CLASSES_ROOT\VideoAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoAccess

Removing Zlob.Fam.VideoAccess:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.EFD Trojan Removal
Bancos.FVK Trojan Removal
Remove NucScan.Sabine Trojan
Ack.Cmd Trojan Information

Posted by at No comments:

InclinedRoad RAT

Removing InclinedRoad
Categories: RAT
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\inclinedroad.exe
[%WINDOWS%]\system\winroad.exe
[%WINDOWS%]\system\inclinedroad.exe
[%WINDOWS%]\system\winroad.exe

How to detect InclinedRoad:

Files:
[%WINDOWS%]\system\inclinedroad.exe
[%WINDOWS%]\system\winroad.exe
[%WINDOWS%]\system\inclinedroad.exe
[%WINDOWS%]\system\winroad.exe

Removing InclinedRoad:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
BVI Trojan Removal instruction

Posted by at No comments:

VNC RAT

Removing VNC
Categories: RAT
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.
VNC Also known as:

[Kaspersky]RemoteAdmin.Win32.WinVNC.4
Visible Symptoms:
Files in system folders:
[%COMMON_PROGRAMS%]\RealVNC\VNC Server 4 (Service-Mode)\Set License Key.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Viewer 4\Run Listening VNC Viewer.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Viewer 4\Run VNC Viewer.lnk
[%DESKTOP%]\vnc viewer 4.lnk
[%DESKTOP%]\vnc viewer.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Server 4 (Service-Mode)\Set License Key.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Viewer 4\Run Listening VNC Viewer.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Viewer 4\Run VNC Viewer.lnk
[%DESKTOP%]\vnc viewer 4.lnk
[%DESKTOP%]\vnc viewer.lnk

How to detect VNC:

Files:
[%COMMON_PROGRAMS%]\RealVNC\VNC Server 4 (Service-Mode)\Set License Key.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Viewer 4\Run Listening VNC Viewer.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Viewer 4\Run VNC Viewer.lnk
[%DESKTOP%]\vnc viewer 4.lnk
[%DESKTOP%]\vnc viewer.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Server 4 (Service-Mode)\Set License Key.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Viewer 4\Run Listening VNC Viewer.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Viewer 4\Run VNC Viewer.lnk
[%DESKTOP%]\vnc viewer 4.lnk
[%DESKTOP%]\vnc viewer.lnk

Folders:
[%PROGRAMS%]\realvnc
[%PROGRAM_FILES%]\realvnc

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\realvnc_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\winvnc_is1
HKEY_LOCAL_MACHINE\software\realvnc
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\winvnc4
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winvnc4

Removing VNC:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Lockdirs Trojan Removal instruction

Posted by at No comments:

SystemSleuth Spyware

Removing SystemSleuth
Categories: Spyware
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

How to detect SystemSleuth:

Registry Keys:
HKEY_CURRENT_USER\software\microsoft\installer\products\550e28ff89756b140a7ac6ee275e2c49
HKEY_CURRENT_USER\software\microsoft\installer\upgradecodes\35dd57b63ac91b249aa3c668e74bd75e
HKEY_LOCAL_MACHINE\software\divine downloads
HKEY_LOCAL_MACHINE\software\rebrandsoftware\computer monitor keylogger

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing SystemSleuth:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Vxidl.ATV Trojan Symptoms
Win32.Prodex Trojan Removal
Removing OSX.Cosmac Trojan

Posted by at No comments:

INetSpeak Trojan

Removing INetSpeak
Categories: Trojan,Adware,BHO
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
INetSpeak Also known as:

[Kaspersky]Trojan.Win32.Toras.b
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\accele~1\anti-v~1\email_update.exe
[%SYSTEM%]\bho.dll
[%WINDOWS%]\Downloaded Program Files\BHO.INF
[%FAVORITES%]\maria.lnk
[%PROFILE%]\administrator\start menu\programs\musicmagnet\uninstall.lnk
[%PROGRAMS%]\musicmagnet\music magnet.lnk
[%PROGRAMS%]\musicmagnet\uninstall.lnk
[%PROGRAM_FILES%]\internet explorer\boombar.dll
[%PROGRAM_FILES%]\internet explorer\iexplorr11.dll
[%PROGRAM_FILES%]\internet explorer\iexplorr22.dll
[%PROGRAM_FILES%]\internet explorer\iexplorr23.dll
[%SYSTEM%]\windowsie.dll
[%WINDOWS%]\system\bho.dll
[%WINDOWS%]\system\windowsie.dll
[%WINDOWS%]\windowsie.dll
[%WINDOWS%]\winietoolbar.ini
[%PROGRAM_FILES%]\accele~1\anti-v~1\email_update.exe
[%SYSTEM%]\bho.dll
[%WINDOWS%]\Downloaded Program Files\BHO.INF
[%FAVORITES%]\maria.lnk
[%PROFILE%]\administrator\start menu\programs\musicmagnet\uninstall.lnk
[%PROGRAMS%]\musicmagnet\music magnet.lnk
[%PROGRAMS%]\musicmagnet\uninstall.lnk
[%PROGRAM_FILES%]\internet explorer\boombar.dll
[%PROGRAM_FILES%]\internet explorer\iexplorr11.dll
[%PROGRAM_FILES%]\internet explorer\iexplorr22.dll
[%PROGRAM_FILES%]\internet explorer\iexplorr23.dll
[%SYSTEM%]\windowsie.dll
[%WINDOWS%]\system\bho.dll
[%WINDOWS%]\system\windowsie.dll
[%WINDOWS%]\windowsie.dll
[%WINDOWS%]\winietoolbar.ini

How to detect INetSpeak:

Files:
[%PROGRAM_FILES%]\accele~1\anti-v~1\email_update.exe
[%SYSTEM%]\bho.dll
[%WINDOWS%]\Downloaded Program Files\BHO.INF
[%FAVORITES%]\maria.lnk
[%PROFILE%]\administrator\start menu\programs\musicmagnet\uninstall.lnk
[%PROGRAMS%]\musicmagnet\music magnet.lnk
[%PROGRAMS%]\musicmagnet\uninstall.lnk
[%PROGRAM_FILES%]\internet explorer\boombar.dll
[%PROGRAM_FILES%]\internet explorer\iexplorr11.dll
[%PROGRAM_FILES%]\internet explorer\iexplorr22.dll
[%PROGRAM_FILES%]\internet explorer\iexplorr23.dll
[%SYSTEM%]\windowsie.dll
[%WINDOWS%]\system\bho.dll
[%WINDOWS%]\system\windowsie.dll
[%WINDOWS%]\windowsie.dll
[%WINDOWS%]\winietoolbar.ini
[%PROGRAM_FILES%]\accele~1\anti-v~1\email_update.exe
[%SYSTEM%]\bho.dll
[%WINDOWS%]\Downloaded Program Files\BHO.INF
[%FAVORITES%]\maria.lnk
[%PROFILE%]\administrator\start menu\programs\musicmagnet\uninstall.lnk
[%PROGRAMS%]\musicmagnet\music magnet.lnk
[%PROGRAMS%]\musicmagnet\uninstall.lnk
[%PROGRAM_FILES%]\internet explorer\boombar.dll
[%PROGRAM_FILES%]\internet explorer\iexplorr11.dll
[%PROGRAM_FILES%]\internet explorer\iexplorr22.dll
[%PROGRAM_FILES%]\internet explorer\iexplorr23.dll
[%SYSTEM%]\windowsie.dll
[%WINDOWS%]\system\bho.dll
[%WINDOWS%]\system\windowsie.dll
[%WINDOWS%]\windowsie.dll
[%WINDOWS%]\winietoolbar.ini

Folders:
[%DESKTOP%]\music magnet.lnk
[%PROFILE%]\start menu\programs\musicmagnet
[%PROGRAM_FILES%]\mm050102
[%PROGRAM_FILES%]\mm052202
[%PROGRAM_FILES%]\musicmagnet

Registry Keys:
HKEY_CLASSES_ROOT\bho42602.clsinetspeak
HKEY_CLASSES_ROOT\clsid\{2e12b523-3d4c-4fac-9b04-0376a8f5e879}
HKEY_CLASSES_ROOT\clsid\{c389f2cf-26ed-11d5-a212-004005f6feb6}
HKEY_CLASSES_ROOT\clsid\{d6862a22-1dd6-11d3-bb7c-444553540000}
HKEY_CLASSES_ROOT\interface\{d16f4f72-24df-4775-b444-167af5b30620}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{2e12b523-3d4c-4fac-9b04-0376a8f5e879}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{d6862a22-1dd6-11d3-bb7c-444553540000}
HKEY_LOCAL_MACHINE\software\classes\bho42602.clsdockwindow
HKEY_LOCAL_MACHINE\software\classes\bho42602.clsinetspeak
HKEY_LOCAL_MACHINE\software\classes\clsid\{236826b1-8fdb-4d3c-8f70-e154f874703d}
HKEY_LOCAL_MACHINE\software\classes\clsid\{2e12b523-3d4c-4fac-9b04-0376a8f5e879}
HKEY_LOCAL_MACHINE\software\classes\clsid\{4cf5275b-cdbc-11d3-a8af-0090279a5978}
HKEY_LOCAL_MACHINE\software\classes\clsid\{d6862a22-1dd6-11d3-bb7c-444553540000}
HKEY_LOCAL_MACHINE\software\classes\interface\{072d14ef-99b6-49dd-9be5-76142727b7ac}
HKEY_LOCAL_MACHINE\software\classes\interface\{4b191b11-a44c-4d42-b4ac-6fcd5f61587c}
HKEY_LOCAL_MACHINE\software\classes\interface\{943f44c0-44da-40d5-98d7-9aac4c15c603}
HKEY_LOCAL_MACHINE\software\classes\interface\{d16f4f72-24df-4775-b444-167af5b30620}
HKEY_LOCAL_MACHINE\software\classes\typelib\{d6862a20-1dd6-11d3-bb7c-444553540000}
HKEY_LOCAL_MACHINE\software\classes\windowsie.clsdw
HKEY_LOCAL_MACHINE\software\classes\windowsie.clsis
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2e12b523-3d4c-4fac-9b04-0376a8f5e879}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d6862a22-1dd6-11d3-bb7c-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\musicmagnet

Registry Values:
HKEY_LOCAL_MACHINE\software\classes\bho426022
HKEY_LOCAL_MACHINE\software\classes\windowsie
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\windowsie
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\windowsie
HKEY_LOCAL_MACHINE\software\nsis_musicmagnet

Removing INetSpeak:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Anti.School.Tef Trojan Cleaner
YayaVerAtl Adware Removal instruction

Posted by at No comments:

Super.Killer Ransomware

Removing Super.Killer
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe software that encrypts the data
belonging to an individual on a computer, demanding a ransom for its restoration.
Although the field known as cryptovirology predates the term "ransomware".
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\SuperSpywareKiller.lnk
[%DESKTOP%]\SuperSpywareKiller.lnk

How to detect Super.Killer:

Files:
[%DESKTOP%]\SuperSpywareKiller.lnk
[%DESKTOP%]\SuperSpywareKiller.lnk

Folders:
[%COMMON_PROGRAMS%]\SuperSpywareKiller
[%PROGRAM_FILES%]\SuperSpywareKiller

Registry Keys:
HKEY_CURRENT_USER\software\spywarekiller
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\superspywarekiller_is1

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Super.Killer:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bigbot Backdoor Symptoms
MonaBomber RAT Removal instruction
Remove Commission.Junction.com Tracking Cookie

Posted by at No comments:

Easy.Keyboard.Logger Spyware

Removing Easy.Keyboard.Logger
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\EasyKeylog.txt
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Easy Keyboard Logger.lnk
[%DESKTOP%]\Easy Keyboard Logger.lnk
[%PROFILE_TEMP%]\EasyKeylog.txt
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Easy Keyboard Logger.lnk
[%DESKTOP%]\Easy Keyboard Logger.lnk

How to detect Easy.Keyboard.Logger:

Files:
[%PROFILE_TEMP%]\EasyKeylog.txt
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Easy Keyboard Logger.lnk
[%DESKTOP%]\Easy Keyboard Logger.lnk
[%PROFILE_TEMP%]\EasyKeylog.txt
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Easy Keyboard Logger.lnk
[%DESKTOP%]\Easy Keyboard Logger.lnk

Folders:
[%PROGRAM_FILES%]\Easy Keyboard Logger
[%PROGRAMS%]\Easy Keyboard Logger

Registry Keys:
HKEY_CURRENT_USER\software\ekl
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy keyboard logger_is1
HKEY_LOCAL_MACHINE\software\softsaga easy keyboard logger

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Easy.Keyboard.Logger:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Delalot Trojan Symptoms
RA.dr Trojan Removal instruction
Removing NTRC Backdoor
Computer Key Logger Spyware Information

Posted by at No comments:

WinSession.Logger Spyware

Removing WinSession.Logger
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\ws logger.lnk
[%SYSTEM%]\9500\svchost.exe
[%SYSTEM%]\bootldr.exe
[%SYSTEM%]\conwxrl.bin
[%SYSTEM%]\delservicew.exe
[%SYSTEM%]\digiwin.dll
[%SYSTEM%]\exwin32m.exe
[%SYSTEM%]\nxkernel32.dll
[%SYSTEM%]\Old_date32.dll
[%SYSTEM%]\svclsv.exe
[%SYSTEM%]\unicode_digi.dll
[%SYSTEM%]\xwboot.exe
[%DESKTOP%]\ws logger.lnk
[%SYSTEM%]\9500\svchost.exe
[%SYSTEM%]\bootldr.exe
[%SYSTEM%]\conwxrl.bin
[%SYSTEM%]\delservicew.exe
[%SYSTEM%]\digiwin.dll
[%SYSTEM%]\exwin32m.exe
[%SYSTEM%]\nxkernel32.dll
[%SYSTEM%]\Old_date32.dll
[%SYSTEM%]\svclsv.exe
[%SYSTEM%]\unicode_digi.dll
[%SYSTEM%]\xwboot.exe

How to detect WinSession.Logger:

Files:
[%DESKTOP%]\ws logger.lnk
[%SYSTEM%]\9500\svchost.exe
[%SYSTEM%]\bootldr.exe
[%SYSTEM%]\conwxrl.bin
[%SYSTEM%]\delservicew.exe
[%SYSTEM%]\digiwin.dll
[%SYSTEM%]\exwin32m.exe
[%SYSTEM%]\nxkernel32.dll
[%SYSTEM%]\Old_date32.dll
[%SYSTEM%]\svclsv.exe
[%SYSTEM%]\unicode_digi.dll
[%SYSTEM%]\xwboot.exe
[%DESKTOP%]\ws logger.lnk
[%SYSTEM%]\9500\svchost.exe
[%SYSTEM%]\bootldr.exe
[%SYSTEM%]\conwxrl.bin
[%SYSTEM%]\delservicew.exe
[%SYSTEM%]\digiwin.dll
[%SYSTEM%]\exwin32m.exe
[%SYSTEM%]\nxkernel32.dll
[%SYSTEM%]\Old_date32.dll
[%SYSTEM%]\svclsv.exe
[%SYSTEM%]\unicode_digi.dll
[%SYSTEM%]\xwboot.exe

Folders:
[%PROGRAMS%]\WinSession Logger
[%PROGRAM_FILES%]\wlogs
[%PROGRAM_FILES%]\wslogger

Registry Keys:
HKEY_LOCAL_MACHINE\software\mcap4_software
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ebt9l2db0-b607-11d2-9cbd-0000f87a369e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\winsession logger_is1
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\subsystem64r

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\msc_software

Removing WinSession.Logger:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Lameness Trojan Cleaner
Bancos.GYR Trojan Removal
SillyDl.DME Trojan Symptoms

Posted by at No comments:

SpywareRemover Ransomware

Removing SpywareRemover
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe software that encrypts the data
belonging to an individual on a computer, demanding a ransom for its restoration.
Although the field known as cryptovirology predates the term "ransomware".
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\Tasks\SpywareRemover Scheduled Scan.job
[%COMMON_DESKTOPDIRECTORY%]\SpywareRemover.lnk
[%WINDOWS%]\Tasks\SpywareRemover Scheduled Scan.job
[%COMMON_DESKTOPDIRECTORY%]\SpywareRemover.lnk

How to detect SpywareRemover:

Files:
[%WINDOWS%]\Tasks\SpywareRemover Scheduled Scan.job
[%COMMON_DESKTOPDIRECTORY%]\SpywareRemover.lnk
[%WINDOWS%]\Tasks\SpywareRemover Scheduled Scan.job
[%COMMON_DESKTOPDIRECTORY%]\SpywareRemover.lnk

Folders:
[%APPDATA%]\SpywareRemover
[%PROGRAM_FILES%]\SpywareRemover
[%COMMON_PROGRAMS%]\SpywareRemover

Registry Keys:
HKEY_CURRENT_USER\software\spywareremover
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spywareremover_is1

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\shellnoroam\muicache
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing SpywareRemover:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Traitor21 Trojan Information
Removing LugSearch Trojan
DigitalSpawn Trojan Cleaner

Posted by at No comments:

ApplePie Trojan

Removing ApplePie
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
ApplePie Also known as:

[Kaspersky]Trojan-Downloader.Win32.BHO.bo;
[Other]Downloader.Trojan,W32/Malware.BDRI,Mal/Generic-A

How to detect ApplePie:

Folders:
[%PROGRAM_FILES%]\ApplePie

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{4ae2a9a0-dc33-4c27-b521-5b6c68c1c53d}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4ae2a9a0-dc33-4c27-b521-5b6c68c1c53d}

Removing ApplePie:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.EJD Trojan Symptoms

Posted by at No comments:

Stardialer Adware

Removing Stardialer
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Stardialer Also known as:

[Panda]Dialer.Gen

How to detect Stardialer:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{e0b795b4-fd95-4abd-a375-27962efce8cf}

Removing Stardialer:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
adlink.net Tracking Cookie Cleaner
Spy.SCKeyLog Trojan Information
Lospad Trojan Removal instruction

Posted by at No comments:

WinSpy Trojan

Removing WinSpy
Categories: Trojan,Spyware,RAT,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.
WinSpy Also known as:

[Kaspersky]TrojanSpy.Win32.SpyWin,Backdoor.Win32.VB.bal;
[McAfee]Winspy;
[Panda]HackTool/Unsecure.A,Application/WinSpy.A,Trojan Horse.LC;
[Computer Associates]Win32/WinSpy!Trojan;
[Other]Win32/WinSpy.D,Spyware.WinSpy
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\ex.exe
[%WINDOWS%]\smt.exe
[%WINDOWS%]\ex.exe
[%WINDOWS%]\smt.exe

How to detect WinSpy:

Files:
[%WINDOWS%]\ex.exe
[%WINDOWS%]\smt.exe
[%WINDOWS%]\ex.exe
[%WINDOWS%]\smt.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\secureset\ka

Removing WinSpy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Vxidl.ALB Trojan
SillyDl.CBF Trojan Information

Posted by at No comments:
Subscribe to: Posts (Atom)