Monday, February 2, 2009

MS06 Trojan

Removing MS06
Categories: Trojan,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.
MS06 Also known as:

[Other]VBS/MS06-014!exploit
Visible Symptoms:
Files in system folders:
[%INTERNET_CACHE%]\Content.IE5\45AV45Q3\count[3].htm
[%INTERNET_CACHE%]\Content.IE5\C3RVUOH5\count[1].htm
[%INTERNET_CACHE%]\Content.IE5\45AV45Q3\count[3].htm
[%INTERNET_CACHE%]\Content.IE5\C3RVUOH5\count[1].htm

How to detect MS06:

Files:
[%INTERNET_CACHE%]\Content.IE5\45AV45Q3\count[3].htm
[%INTERNET_CACHE%]\Content.IE5\C3RVUOH5\count[1].htm
[%INTERNET_CACHE%]\Content.IE5\45AV45Q3\count[3].htm
[%INTERNET_CACHE%]\Content.IE5\C3RVUOH5\count[1].htm

Removing MS06:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.DSG Trojan Removal
Lithium.server Backdoor Removal
Pigeon.AVAU Trojan Symptoms
Satcah Trojan Removal

Posted by at No comments:

SillyDl.DLK Trojan

Removing SillyDl.DLK
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\ctfmona.exe
[%SYSTEM%]\ctfmona.exe

How to detect SillyDl.DLK:

Files:
[%SYSTEM%]\ctfmona.exe
[%SYSTEM%]\ctfmona.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\software notifier
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing SillyDl.DLK:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Fawx DoS Removal
Intelli.tracker Tracking Cookie Information
180Search Assistant Spyware Cleaner
TrojanDownloader.Win32.Swizzor.bh Downloader Removal instruction

Posted by at No comments:

Jakposh Trojan

Removing Jakposh
Categories: Trojan,Hijacker
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.
Jakposh Also known as:

[Kaspersky]Trojan-Clicker.Win32.Agent.hz;
[McAfee]Adware-LugSearch;
[F-Prot]W32/Trojan.AGCF;
[Other]Trojan.Jakposh,Troj/Agent-DMT,Win32/Jakposh.C,Trojan.Adclicker,TrojanClicker:Win32/Agent!4276
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\82541744.dll
[%SYSTEM%]\82541744.dll

How to detect Jakposh:

Files:
[%SYSTEM%]\82541744.dll
[%SYSTEM%]\82541744.dll

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Jakposh:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Vxidl.BEE Trojan
Removing Lyusane Trojan
BDirect Trojan Information
Removing VB11176 Trojan
Zdl Trojan Cleaner

Posted by at No comments:

Crystalys.Media Toolbar

Removing Crystalys.Media
Categories: Toolbar
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

How to detect Crystalys.Media:

Folders:
[%PROGRAMS%]\Crystalys Media

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\crystalys media internet assistant

Registry Values:
HKEY_LOCAL_MACHINE\software\crystalys media
HKEY_LOCAL_MACHINE\software\crystalys media
HKEY_LOCAL_MACHINE\software\crystalys media
HKEY_LOCAL_MACHINE\software\crystalys media
HKEY_LOCAL_MACHINE\software\crystalys media
HKEY_LOCAL_MACHINE\software\crystalys media
HKEY_LOCAL_MACHINE\software\crystalys media
HKEY_LOCAL_MACHINE\software\crystalys media
HKEY_LOCAL_MACHINE\software\crystalys media
HKEY_LOCAL_MACHINE\software\crystalys media
HKEY_LOCAL_MACHINE\software\crystalys media
HKEY_LOCAL_MACHINE\software\crystalys media
HKEY_LOCAL_MACHINE\software\crystalys media
HKEY_LOCAL_MACHINE\software\crystalys media
HKEY_LOCAL_MACHINE\software\crystalys media
HKEY_LOCAL_MACHINE\software\crystalys media
HKEY_LOCAL_MACHINE\software\crystalys media
HKEY_LOCAL_MACHINE\software\crystalys media
HKEY_LOCAL_MACHINE\software\crystalys media
HKEY_LOCAL_MACHINE\software\crystalys media
HKEY_LOCAL_MACHINE\software\crystalys media
HKEY_LOCAL_MACHINE\software\crystalys media
HKEY_LOCAL_MACHINE\software\crystalys media
HKEY_LOCAL_MACHINE\software\crystalys media
HKEY_LOCAL_MACHINE\software\crystalys media
HKEY_LOCAL_MACHINE\software\crystalys media
HKEY_LOCAL_MACHINE\software\crystalys media
HKEY_LOCAL_MACHINE\software\crystalys media
HKEY_LOCAL_MACHINE\software\crystalys media
HKEY_LOCAL_MACHINE\software\crystalys media

Removing Crystalys.Media:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Bancos.GFJ Trojan
Bancos.HKO Trojan Removal instruction
Removing ESyndicate Adware
Removing IRC.Aladinz Backdoor

Posted by at No comments:

Messenger.Blocker Ransomware

Removing Messenger.Blocker
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe software that encrypts the data
belonging to an individual on a computer, demanding a ransom for its restoration.
Although the field known as cryptovirology predates the term "ransomware".
Visible Symptoms:
Files in system folders:
[%FAVORITES%]\Messenger Blocker.url
[%FAVORITES%]\Messenger Blocker.url

How to detect Messenger.Blocker:

Files:
[%FAVORITES%]\Messenger Blocker.url
[%FAVORITES%]\Messenger Blocker.url

Folders:
[%COMMON_PROGRAMS%]\Messenger Blocker
[%PROGRAM_FILES%]\MBlocker

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Messenger.Blocker:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Agent.bj Downloader
Removing Vxidl.AVH Trojan

Posted by at No comments:

Winlogon Malware Malware

Removing Winlogon Malware
Categories: Malware
Malware includes a range of programs that do not threaten computers directly,
but are used to create viruses or Trojans, or used to carry out illegal activities
such as DoS attacks and breaking into other computers.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\explorer.dll
[%SYSTEM%]\iexplorer.dll
[%SYSTEM%]\j40s0ed7eh0.dll
[%SYSTEM%]\req.dat
[%SYSTEM%]\ssldr32.dll
[%SYSTEM%]\winbug32.dll
[%SYSTEM%]\wineil32.dll
[%SYSTEM%]\winfon32.dll
[%SYSTEM%]\wingsa32.dll
[%SYSTEM%]\winhab32.dll
[%SYSTEM%]\winhfp32.dll
[%SYSTEM%]\winjgf32.dll
[%SYSTEM%]\winmmt32.dll
[%SYSTEM%]\winowl32.dll
[%SYSTEM%]\winpsa32.dll
[%SYSTEM%]\winrge32.dll
[%SYSTEM%]\wintts32.dll
[%SYSTEM%]\winvhi32.dll
[%SYSTEM%]\winwly32.dll
[%SYSTEM%]\winysc32.dll
[%SYSTEM%]\winzwr32.dll
[%SYSTEM%]\yvpp01.dll
[%WINDOWS%]\$NtUninstallKB823559$\run.dll
[%SYSTEM%]\explorer.dll
[%SYSTEM%]\iexplorer.dll
[%SYSTEM%]\j40s0ed7eh0.dll
[%SYSTEM%]\req.dat
[%SYSTEM%]\ssldr32.dll
[%SYSTEM%]\winbug32.dll
[%SYSTEM%]\wineil32.dll
[%SYSTEM%]\winfon32.dll
[%SYSTEM%]\wingsa32.dll
[%SYSTEM%]\winhab32.dll
[%SYSTEM%]\winhfp32.dll
[%SYSTEM%]\winjgf32.dll
[%SYSTEM%]\winmmt32.dll
[%SYSTEM%]\winowl32.dll
[%SYSTEM%]\winpsa32.dll
[%SYSTEM%]\winrge32.dll
[%SYSTEM%]\wintts32.dll
[%SYSTEM%]\winvhi32.dll
[%SYSTEM%]\winwly32.dll
[%SYSTEM%]\winysc32.dll
[%SYSTEM%]\winzwr32.dll
[%SYSTEM%]\yvpp01.dll
[%WINDOWS%]\$NtUninstallKB823559$\run.dll

How to detect Winlogon Malware:

Files:
[%SYSTEM%]\explorer.dll
[%SYSTEM%]\iexplorer.dll
[%SYSTEM%]\j40s0ed7eh0.dll
[%SYSTEM%]\req.dat
[%SYSTEM%]\ssldr32.dll
[%SYSTEM%]\winbug32.dll
[%SYSTEM%]\wineil32.dll
[%SYSTEM%]\winfon32.dll
[%SYSTEM%]\wingsa32.dll
[%SYSTEM%]\winhab32.dll
[%SYSTEM%]\winhfp32.dll
[%SYSTEM%]\winjgf32.dll
[%SYSTEM%]\winmmt32.dll
[%SYSTEM%]\winowl32.dll
[%SYSTEM%]\winpsa32.dll
[%SYSTEM%]\winrge32.dll
[%SYSTEM%]\wintts32.dll
[%SYSTEM%]\winvhi32.dll
[%SYSTEM%]\winwly32.dll
[%SYSTEM%]\winysc32.dll
[%SYSTEM%]\winzwr32.dll
[%SYSTEM%]\yvpp01.dll
[%WINDOWS%]\$NtUninstallKB823559$\run.dll
[%SYSTEM%]\explorer.dll
[%SYSTEM%]\iexplorer.dll
[%SYSTEM%]\j40s0ed7eh0.dll
[%SYSTEM%]\req.dat
[%SYSTEM%]\ssldr32.dll
[%SYSTEM%]\winbug32.dll
[%SYSTEM%]\wineil32.dll
[%SYSTEM%]\winfon32.dll
[%SYSTEM%]\wingsa32.dll
[%SYSTEM%]\winhab32.dll
[%SYSTEM%]\winhfp32.dll
[%SYSTEM%]\winjgf32.dll
[%SYSTEM%]\winmmt32.dll
[%SYSTEM%]\winowl32.dll
[%SYSTEM%]\winpsa32.dll
[%SYSTEM%]\winrge32.dll
[%SYSTEM%]\wintts32.dll
[%SYSTEM%]\winvhi32.dll
[%SYSTEM%]\winwly32.dll
[%SYSTEM%]\winysc32.dll
[%SYSTEM%]\winzwr32.dll
[%SYSTEM%]\yvpp01.dll
[%WINDOWS%]\$NtUninstallKB823559$\run.dll

Registry Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\artm_newreg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\BITS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\browsela
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\debugg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\directpt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gatexkey
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gdiwxp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Hints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hpprintx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\htproc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ideusr50
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Installer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lanH32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msgnap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msupdate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Nls
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OemStartMenuData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pptp16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reliability
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\req
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnceEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensSrv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\seppgs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SharedDlls
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssldr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\st3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\style2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\URL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vistax
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\welcome
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winbug32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WindowsUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wineil32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winexz32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winfon32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wingsa32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winhab32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winhfp32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winjgf32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winjyp32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winkvh32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winmfu32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winmhw32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winmiu32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winmmt32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winnjx32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winowl32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winpsa32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrge32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrgq32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrnt32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrvc32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrzf32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winsdr32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winstu32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wintfj32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wintts32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winuns32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winuqw32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winvhi32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winwil32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winwly32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winxtn32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winysc32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzdn32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzwr32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ydsvgd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yvpp01

Removing Winlogon Malware:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing SillyDl.CFR Trojan
Pigeon.ADN Trojan Symptoms
VB.fk Trojan Cleaner

Posted by at No comments:

TX Adware

Removing TX
Categories: Adware,BHO,RAT
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\apphelp32.dll
[%SYSTEM%]\asferror32.dll
[%SYSTEM%]\asycfilt32.dll
[%SYSTEM%]\athprxy32.dll
[%SYSTEM%]\ati2dvaa32.dll
[%SYSTEM%]\ati2dvag32.dll
[%SYSTEM%]\audiosrv32.dll
[%SYSTEM%]\autodisc32.dll
[%SYSTEM%]\avifile32.dll
[%SYSTEM%]\avisynthex32.dll
[%SYSTEM%]\aviwrap32.dll
[%SYSTEM%]\browserad.dll
[%WINDOWS%]\system\apphelp32.dll
[%WINDOWS%]\system\asferror32.dll
[%WINDOWS%]\system\asycfilt32.dll
[%WINDOWS%]\system\athprxy32.dll
[%WINDOWS%]\system\ati2dvaa32.dll
[%WINDOWS%]\system\ati2dvag32.dll
[%WINDOWS%]\system\audiosrv32.dll
[%WINDOWS%]\system\autodisc32.dll
[%WINDOWS%]\system\avifile32.dll
[%WINDOWS%]\system\avisynthex32.dll
[%WINDOWS%]\system\aviwrap32.dll
[%WINDOWS%]\system\browserad.dll
[%SYSTEM%]\apphelp32.dll
[%SYSTEM%]\asferror32.dll
[%SYSTEM%]\asycfilt32.dll
[%SYSTEM%]\athprxy32.dll
[%SYSTEM%]\ati2dvaa32.dll
[%SYSTEM%]\ati2dvag32.dll
[%SYSTEM%]\audiosrv32.dll
[%SYSTEM%]\autodisc32.dll
[%SYSTEM%]\avifile32.dll
[%SYSTEM%]\avisynthex32.dll
[%SYSTEM%]\aviwrap32.dll
[%SYSTEM%]\browserad.dll
[%WINDOWS%]\system\apphelp32.dll
[%WINDOWS%]\system\asferror32.dll
[%WINDOWS%]\system\asycfilt32.dll
[%WINDOWS%]\system\athprxy32.dll
[%WINDOWS%]\system\ati2dvaa32.dll
[%WINDOWS%]\system\ati2dvag32.dll
[%WINDOWS%]\system\audiosrv32.dll
[%WINDOWS%]\system\autodisc32.dll
[%WINDOWS%]\system\avifile32.dll
[%WINDOWS%]\system\avisynthex32.dll
[%WINDOWS%]\system\aviwrap32.dll
[%WINDOWS%]\system\browserad.dll

How to detect TX:

Files:
[%SYSTEM%]\apphelp32.dll
[%SYSTEM%]\asferror32.dll
[%SYSTEM%]\asycfilt32.dll
[%SYSTEM%]\athprxy32.dll
[%SYSTEM%]\ati2dvaa32.dll
[%SYSTEM%]\ati2dvag32.dll
[%SYSTEM%]\audiosrv32.dll
[%SYSTEM%]\autodisc32.dll
[%SYSTEM%]\avifile32.dll
[%SYSTEM%]\avisynthex32.dll
[%SYSTEM%]\aviwrap32.dll
[%SYSTEM%]\browserad.dll
[%WINDOWS%]\system\apphelp32.dll
[%WINDOWS%]\system\asferror32.dll
[%WINDOWS%]\system\asycfilt32.dll
[%WINDOWS%]\system\athprxy32.dll
[%WINDOWS%]\system\ati2dvaa32.dll
[%WINDOWS%]\system\ati2dvag32.dll
[%WINDOWS%]\system\audiosrv32.dll
[%WINDOWS%]\system\autodisc32.dll
[%WINDOWS%]\system\avifile32.dll
[%WINDOWS%]\system\avisynthex32.dll
[%WINDOWS%]\system\aviwrap32.dll
[%WINDOWS%]\system\browserad.dll
[%SYSTEM%]\apphelp32.dll
[%SYSTEM%]\asferror32.dll
[%SYSTEM%]\asycfilt32.dll
[%SYSTEM%]\athprxy32.dll
[%SYSTEM%]\ati2dvaa32.dll
[%SYSTEM%]\ati2dvag32.dll
[%SYSTEM%]\audiosrv32.dll
[%SYSTEM%]\autodisc32.dll
[%SYSTEM%]\avifile32.dll
[%SYSTEM%]\avisynthex32.dll
[%SYSTEM%]\aviwrap32.dll
[%SYSTEM%]\browserad.dll
[%WINDOWS%]\system\apphelp32.dll
[%WINDOWS%]\system\asferror32.dll
[%WINDOWS%]\system\asycfilt32.dll
[%WINDOWS%]\system\athprxy32.dll
[%WINDOWS%]\system\ati2dvaa32.dll
[%WINDOWS%]\system\ati2dvag32.dll
[%WINDOWS%]\system\audiosrv32.dll
[%WINDOWS%]\system\autodisc32.dll
[%WINDOWS%]\system\avifile32.dll
[%WINDOWS%]\system\avisynthex32.dll
[%WINDOWS%]\system\aviwrap32.dll
[%WINDOWS%]\system\browserad.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{00000000-0000-5dfc-5652-1705043f6518}
HKEY_CLASSES_ROOT\clsid\{00000000-0000-7ebf-57c6-0bae047ea682}
HKEY_CLASSES_ROOT\clsid\{00000000-0001-0345-2280-0287f27a63ee}
HKEY_CLASSES_ROOT\clsid\{00000000-0001-1dbe-075a-39ec04bd88af}
HKEY_CLASSES_ROOT\clsid\{00000000-0001-f7a6-1f38-0204019e355e}
HKEY_CLASSES_ROOT\clsid\{00000000-0002-53d4-0622-35ea0235778e}
HKEY_CLASSES_ROOT\clsid\{00000000-0008-d357-0798-004401965d4a}
HKEY_CLASSES_ROOT\clsid\{00000000-0009-1c42-7d61-6cff050894a7}
HKEY_CLASSES_ROOT\clsid\{00000000-0015-bd9c-263a-493001ba0c6c}
HKEY_CLASSES_ROOT\clsid\{00000000-0033-c1ac-0e62-0c1f0537605d}
HKEY_CLASSES_ROOT\clsid\{00000000-008c-1e65-6aa6-3a270279f027}
HKEY_CLASSES_ROOT\clsid\{00000000-00fa-71ed-4aba-348801baa0a9}
HKEY_CLASSES_ROOT\clsid\{00000000-0c95-b1f8-547a-405204d6961a}
HKEY_CLASSES_ROOT\interface\{00387fb8-4a60-5f01-44bf-1e5143bd1781}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0000-5dfc-5652-1705043f6518}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0000-7ebf-57c6-0bae047ea682}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0001-0345-2280-0287f27a63ee}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0001-1dbe-075a-39ec04bd88af}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0001-f7a6-1f38-0204019e355e}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0002-53d4-0622-35ea0235778e}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0008-d357-0798-004401965d4a}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0009-1c42-7d61-6cff050894a7}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0015-bd9c-263a-493001ba0c6c}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0033-c1ac-0e62-0c1f0537605d}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-008c-1e65-6aa6-3a270279f027}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-00fa-71ed-4aba-348801baa0a9}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0c95-b1f8-547a-405204d6961a}
HKEY_CLASSES_ROOT\typelib\{1e5534b7-22be-2828-4397-5fb302849962}
HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-0000-5dfc-5652-1705043f6518}
HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-0000-7ebf-57c6-0bae047ea682}
HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-0001-0345-2280-0287f27a63ee}
HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-0001-1dbe-075a-39ec04bd88af}
HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-0001-f7a6-1f38-0204019e355e}
HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-0002-53d4-0622-35ea0235778e}
HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-0008-d357-0798-004401965d4a}
HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-0009-1c42-7d61-6cff050894a7}
HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-0015-bd9c-263a-493001ba0c6c}
HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-0033-c1ac-0e62-0c1f0537605d}
HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-008c-1e65-6aa6-3a270279f027}
HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-00fa-71ed-4aba-348801baa0a9}
HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-0c95-b1f8-547a-405204d6961a}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0000-5dfc-5652-1705043f6518}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0000-7ebf-57c6-0bae047ea682}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0001-0345-2280-0287f27a63ee}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0001-1dbe-075a-39ec04bd88af}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0001-f7a6-1f38-0204019e355e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0002-53d4-0622-35ea0235778e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0008-d357-0798-004401965d4a}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0009-1c42-7d61-6cff050894a7}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0015-bd9c-263a-493001ba0c6c}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0033-c1ac-0e62-0c1f0537605d}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-008c-1e65-6aa6-3a270279f027}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-00fa-71ed-4aba-348801baa0a9}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0c95-b1f8-547a-405204d6961a}

Removing TX:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Dagger Backdoor Removal instruction
Vienna.Fog Trojan Removal

Posted by at No comments:

AgoBot.ST Worm

Removing AgoBot.ST
Categories: Worm
Worms can be classified according to the propagation method they use,
i.e. how they deliver copies of themselves to new victim machines.
Worms can also be classified by installation method, launch method and finally according
to characteristics standard to all malware: polymorphism, stealth etc.

Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.
The methods are listed separately below.

How to detect AgoBot.ST:

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

Removing AgoBot.ST:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.AVUR Trojan Cleaner
Pigeon.EMG Trojan Cleaner
Bancos.GJB Trojan Cleaner
Removing medbanner.com Tracking Cookie

Posted by at No comments:

Pcclient Trojan

Removing Pcclient
Categories: Trojan,Backdoor
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Pcclient Also known as:

[Kaspersky]Trojan.Win32.Pakes,Backdoor.Win32.PcClient.gg,Backdoor.Win32.Pcclient.ty,Backdoor.Win32.PCClient.vr,Backdoor.Win32.Pcclient.ii,Backdoor.Win32.PcClient.fc,Backdoor.Win32.PcClient.wi,Backdoor.Win32.PcClient.aai;
[Eset]Win32/PcClient.B trojan;
[McAfee]BackDoor-CKB,Backdoor-CKB.gen;
[Computer Associates]Win32.Pcclient.B,Win32/PcClient.Trojan;
[Other]Win32/Pcclient.BA,Win32/PcClient.GG!Trojan,Backdoor.Formador,Troj/Bckdr-HRX,Win32/Pcclient.BD,win32/Pcclient.BC,Win32/Pcclient!generic,Win32/Pcclient.BJ,Backdoor.Pcclient.B,Win32/Pcclient.BH,Win32/Pcclient.BO,Win32.Pcclient.CD
Visible Symptoms:
Files in system folders:
[%RECYCLER%]\autorun.exe
[%SYSTEM%]\autorun3.exe
[%SYSTEM%]\KOfcpfwSvcs.exe
[%SYSTEM%]\OfcpfwSvcs.exe
[%DESKTOP%]\My Lockbox.lnk
[%PROGRAM_FILES%]\xerox\folderlockbox.exe
[%SYSTEM%]\drivers\mprifl.sys
[%SYSTEM%]\drivers\Yrfzvmec.sys
[%SYSTEM%]\Xubkmwau.d1l
[%SYSTEM%]\Xubkmwau.sys
[%SYSTEM%]\Yrfzvmec.d1l
[%RECYCLER%]\autorun.exe
[%SYSTEM%]\autorun3.exe
[%SYSTEM%]\KOfcpfwSvcs.exe
[%SYSTEM%]\OfcpfwSvcs.exe
[%DESKTOP%]\My Lockbox.lnk
[%PROGRAM_FILES%]\xerox\folderlockbox.exe
[%SYSTEM%]\drivers\mprifl.sys
[%SYSTEM%]\drivers\Yrfzvmec.sys
[%SYSTEM%]\Xubkmwau.d1l
[%SYSTEM%]\Xubkmwau.sys
[%SYSTEM%]\Yrfzvmec.d1l

How to detect Pcclient:

Files:
[%RECYCLER%]\autorun.exe
[%SYSTEM%]\autorun3.exe
[%SYSTEM%]\KOfcpfwSvcs.exe
[%SYSTEM%]\OfcpfwSvcs.exe
[%DESKTOP%]\My Lockbox.lnk
[%PROGRAM_FILES%]\xerox\folderlockbox.exe
[%SYSTEM%]\drivers\mprifl.sys
[%SYSTEM%]\drivers\Yrfzvmec.sys
[%SYSTEM%]\Xubkmwau.d1l
[%SYSTEM%]\Xubkmwau.sys
[%SYSTEM%]\Yrfzvmec.d1l
[%RECYCLER%]\autorun.exe
[%SYSTEM%]\autorun3.exe
[%SYSTEM%]\KOfcpfwSvcs.exe
[%SYSTEM%]\OfcpfwSvcs.exe
[%DESKTOP%]\My Lockbox.lnk
[%PROGRAM_FILES%]\xerox\folderlockbox.exe
[%SYSTEM%]\drivers\mprifl.sys
[%SYSTEM%]\drivers\Yrfzvmec.sys
[%SYSTEM%]\Xubkmwau.d1l
[%SYSTEM%]\Xubkmwau.sys
[%SYSTEM%]\Yrfzvmec.d1l

Folders:
[%PROGRAMS%]\Folder Lockbox
[%PROGRAMS%]\My Lockbox
[%PROGRAM_FILES%]\Folder Lockbox
[%PROGRAM_FILES%]\My Lockbox

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{1627e1fe-69fa-4943-9d87-2a40de9075bf}
HKEY_CLASSES_ROOT\flockbox.dochostuihandler
HKEY_CURRENT_USER\software\fspro labs\folder lockbox
HKEY_LOCAL_MACHINE\software\fspro labs\folder lockbox
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\folder lockbox_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\my lockbox_is1
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_mprifl
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_yrfzvmec
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\mprifl
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\xubkmwau
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\yrfzvmec

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Pcclient:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Exit.Win.Predator Trojan Information
Remove Pigeon.AVFM Trojan

Posted by at No comments:

NewAds Adware

Removing NewAds
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\BattyRun.dll
[%SYSTEM%]\BattyRun.dll

How to detect NewAds:

Files:
[%SYSTEM%]\BattyRun.dll
[%SYSTEM%]\BattyRun.dll

Folders:
[%PROGRAM_FILES%]\batty
[%PROGRAM_FILES%]\AdSponsor
[%PROGRAM_FILES%]\Exolon
[%PROGRAM_FILES%]\PSupport

Registry Keys:
HKEY_CLASSES_ROOT\adband.bandbho
HKEY_CLASSES_ROOT\adband.bandbho.1
HKEY_CLASSES_ROOT\adband.bandimpl
HKEY_CLASSES_ROOT\adband.bandimpl.1
HKEY_CLASSES_ROOT\appid\adband.dll
HKEY_CLASSES_ROOT\appid\{36946a0a-05a1-4cf7-934b-270571338e55}
HKEY_CLASSES_ROOT\typelib\{1b8b502e-455b-4022-be27-736d9f808a18}
HKEY_CLASSES_ROOT\typelib\{d5599fae-28aa-4c2b-a29c-6c0cd5b245aa}
HKEY_CLASSES_ROOT\clsid\{04dcb17c-ab45-83ad-a86a-6dfb90277939}
HKEY_CLASSES_ROOT\clsid\{2bc9c452-bb57-4896-a9a2-64611e06c5aa}
HKEY_CLASSES_ROOT\clsid\{6ca1c00b-90fc-4f3e-911f-95306aba43aa}
HKEY_CLASSES_ROOT\clsid\{994d478a-45d0-4db4-ae28-738b1e346f99}
HKEY_CURRENT_USER\software\adsponsor
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{04dcb17c-ab45-83ad-a86a-6dfb90277939}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{6ca1c00b-90fc-4f3e-911f-95306aba43aa}
HKEY_CURRENT_USER\software\padsysassistant
HKEY_CURRENT_USER\software\psupport
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\explorer bars\{2bc9c452-bb57-4896-a9a2-64611e06c5aa}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{04dcb17c-ab45-83ad-a86a-6dfb90277939}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6ca1c00b-90fc-4f3e-911f-95306aba43aa}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\adsponsor

Registry Values:
HKEY_CLASSES_ROOT\protocols\filter\text/html

Removing NewAds:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Blubster Worm
Agobot.ad Trojan Information
SillyDl.CZF Trojan Removal

Posted by at No comments:

Abetear Trojan

Removing Abetear
Categories: Trojan,Adware
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Abetear Also known as:

[Kaspersky]Trojan.Win32.Agent.aoy,Trojan.Win32.Agent.bck;
[F-Prot]W32/Trojan.CGOY;
[Other]Win32/Abetear.A,Trojan.Vundo,Trojan:Win32/Fotomoto.A,Win32/Abetear.B,W32/Agent.BUYH,Troj/Agent-FXL,Win32/Abetear.C,W32/Agent.BWQY,Win32/Abetear.G,Trojan:Win32/Agent.AGA,Troj/Bckdr-QJL,W32/Vundo.dam
Visible Symptoms:
Files in system folders:
[%APPDATA%]\tmp2.tmp.exe
[%APPDATA%]\tmp4.tmp.exe
[%SYSTEM%]\qwerty12.exe
[%APPDATA%]\tmp2.tmp.exe
[%APPDATA%]\tmp4.tmp.exe
[%SYSTEM%]\qwerty12.exe

How to detect Abetear:

Files:
[%APPDATA%]\tmp2.tmp.exe
[%APPDATA%]\tmp4.tmp.exe
[%SYSTEM%]\qwerty12.exe
[%APPDATA%]\tmp2.tmp.exe
[%APPDATA%]\tmp4.tmp.exe
[%SYSTEM%]\qwerty12.exe

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\domainservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_domainservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\domainservice

Removing Abetear:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
AngryChair Trojan Removal
Removing Oplads Trojan
Rauser Trojan Cleaner
EasySearch Adware Removal instruction

Posted by at No comments:

Ofpo Trojan

Removing Ofpo
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Ofpo Also known as:

[Kaspersky]Rootkit.Win32.Agent.cf;
[Other]WIn32/Ofpo,Hacktool.Rootkit,Win32.Ofpo.C
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\ntio256.sys
[%SYSTEM%]\ntio256.sys
[%SYSTEM%]\poof
[%SYSTEM%]\ntio256.sys
[%SYSTEM%]\ntio256.sys
[%SYSTEM%]\poof

How to detect Ofpo:

Files:
[%SYSTEM%]\ntio256.sys
[%SYSTEM%]\ntio256.sys
[%SYSTEM%]\poof
[%SYSTEM%]\ntio256.sys
[%SYSTEM%]\ntio256.sys
[%SYSTEM%]\poof

Removing Ofpo:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Wonder Spyware Symptoms
Wanderer Trojan Symptoms
Removing Unclassified Trojan
Bancos.GPS Trojan Information
Remove PSW.Jiakong Trojan

Posted by at No comments:

Netster.Smart.Browse BHO

Removing Netster.Smart.Browse
Categories: BHO,Toolbar
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
Visible Symptoms:
Files in system folders:
[%PROFILE%]\netster.dll
[%SYSTEM%]\netster.dll
[%SYSTEM%]\_netster.dll
[%WINDOWS%]\system\netster.dll
[%WINDOWS%]\system\_netster.dll
[%PROFILE%]\netster.dll
[%SYSTEM%]\netster.dll
[%SYSTEM%]\_netster.dll
[%WINDOWS%]\system\netster.dll
[%WINDOWS%]\system\_netster.dll

How to detect Netster.Smart.Browse:

Files:
[%PROFILE%]\netster.dll
[%SYSTEM%]\netster.dll
[%SYSTEM%]\_netster.dll
[%WINDOWS%]\system\netster.dll
[%WINDOWS%]\system\_netster.dll
[%PROFILE%]\netster.dll
[%SYSTEM%]\netster.dll
[%SYSTEM%]\_netster.dll
[%WINDOWS%]\system\netster.dll
[%WINDOWS%]\system\_netster.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{359f7e49-1ea0-4671-92e9-61e32fe25c5e}
HKEY_CLASSES_ROOT\clsid\{856d6a8e-a24c-498a-a55a-2b25c606a6b4}
HKEY_CLASSES_ROOT\clsid\{acc63168-5876-439b-95bc-3bae59ca860c}
HKEY_CLASSES_ROOT\clsid\{b98f79f4-3619-49fb-a7e7-b737e58c5727}
HKEY_CLASSES_ROOT\interface\{aa644580-8f8a-4f8b-9263-42e14c7c2fcb}
HKEY_CLASSES_ROOT\interface\{b4fadc3f-7c5f-4fc8-a050-dbeb2c119dd5}
HKEY_CLASSES_ROOT\interface\{eed9bcbf-d40e-408f-8080-e4afc9fddb36}
HKEY_CLASSES_ROOT\interface\{f5619700-a76a-462b-abdd-6372ff10eab7}
HKEY_CLASSES_ROOT\netster.bho
HKEY_CLASSES_ROOT\netster.bho.1
HKEY_CLASSES_ROOT\netster.initscript
HKEY_CLASSES_ROOT\netster.initscript.1
HKEY_CLASSES_ROOT\netster.netsterband
HKEY_CLASSES_ROOT\netster.netsterband.1
HKEY_CLASSES_ROOT\netster.netsterph
HKEY_CLASSES_ROOT\netster.netsterph.1
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{b98f79f4-3619-49fb-a7e7-b737e58c5727}
HKEY_CLASSES_ROOT\typelib\{e1c643a6-8b7b-4f28-b652-f712fe4f7402}
HKEY_LOCAL_MACHINE\software\classes\clsid\{856d6a8e-a24c-498a-a55a-2b25c606a6b4}
HKEY_LOCAL_MACHINE\software\classes\clsid\{b98f79f4-3619-49fb-a7e7-b737e58c5727}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{b98f79f4-3619-49fb-a7e7-b737e58c5727}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{856d6a8e-a24c-498a-a55a-2b25c606a6b4}
HKEY_LOCAL_MACHINE\software\netster

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar

Removing Netster.Smart.Browse:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Sranda Trojan
Remove Dowque.AAJ Trojan
Lookup Adware Removal
File.Backup Hostile Code Removal

Posted by at No comments:

WinFetcher Adware

Removing WinFetcher
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\WM_FUINS.bat
[%PROFILE_TEMP%]\update_1.exe
[%WINDOWS%]\temp\nr1beo9r.dll
[%WINDOWS%]\temp\nr1beo9r.exe
[%WINDOWS%]\temp\winwildapp.exe
[%WINDOWS%]\temp\_istmp4.dir\_istmp0.dir\29389bdd.dll
[%PROFILE_TEMP%]\WM_FUINS.bat
[%PROFILE_TEMP%]\update_1.exe
[%WINDOWS%]\temp\nr1beo9r.dll
[%WINDOWS%]\temp\nr1beo9r.exe
[%WINDOWS%]\temp\winwildapp.exe
[%WINDOWS%]\temp\_istmp4.dir\_istmp0.dir\29389bdd.dll

How to detect WinFetcher:

Files:
[%PROFILE_TEMP%]\WM_FUINS.bat
[%PROFILE_TEMP%]\update_1.exe
[%WINDOWS%]\temp\nr1beo9r.dll
[%WINDOWS%]\temp\nr1beo9r.exe
[%WINDOWS%]\temp\winwildapp.exe
[%WINDOWS%]\temp\_istmp4.dir\_istmp0.dir\29389bdd.dll
[%PROFILE_TEMP%]\WM_FUINS.bat
[%PROFILE_TEMP%]\update_1.exe
[%WINDOWS%]\temp\nr1beo9r.dll
[%WINDOWS%]\temp\nr1beo9r.exe
[%WINDOWS%]\temp\winwildapp.exe
[%WINDOWS%]\temp\_istmp4.dir\_istmp0.dir\29389bdd.dll

Folders:
[%PROFILE_TEMP%]\winwildapp.exe

Registry Keys:
HKEY_LOCAL_MACHINE\software\wildmedia

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing WinFetcher:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Vxidl.BFN Trojan Removal instruction
Removing Agobot.az Trojan

Posted by at No comments:

Brave.A Trojan

Removing Brave.A
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\adirss.exe
[%SYSTEM%]\adirss.exe

How to detect Brave.A:

Files:
[%SYSTEM%]\adirss.exe
[%SYSTEM%]\adirss.exe

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Removing Brave.A:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bancos.HGX Trojan Removal

Posted by at No comments:

WinADiscount Adware

Removing WinADiscount
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\winadiscount\cache\adwin.exe
[%PROGRAM_FILES%]\winadiscount\cache\bundle.cfg
[%PROGRAM_FILES%]\winadiscount\cache\combosearch_button_1.acs
[%PROGRAM_FILES%]\winadiscount\cache\eraser001.bmp
[%PROGRAM_FILES%]\winadiscount\cache\hide002.bmp
[%PROGRAM_FILES%]\winadiscount\cache\logo.bmp
[%PROGRAM_FILES%]\winadiscount\cache\movies001.bmp
[%PROGRAM_FILES%]\winadiscount\cache\popupblocker002.bmp
[%PROGRAM_FILES%]\winadiscount\cache\search013.bmp
[%PROGRAM_FILES%]\winadiscount\cache\searchresults.xsl
[%PROGRAM_FILES%]\winadiscount\cache\shopping004.bmp
[%PROGRAM_FILES%]\winadiscount\cache\sk.ini
[%PROGRAM_FILES%]\winadiscount\cache\skbho.dll
[%PROGRAM_FILES%]\winadiscount\cache\uninstall001.bmp
[%PROGRAM_FILES%]\winadiscount\cache\weather003.bmp
[%PROGRAM_FILES%]\winadiscount\cache\winadiscounttb0401.cfg
[%PROGRAM_FILES%]\winadiscount\toolbar.ini
[%PROGRAM_FILES%]\winadiscount\uninstall.exe
[%PROGRAM_FILES%]\winadiscount\winadiscount.dll
[%PROGRAM_FILES%]\winadiscount\cache\adwin.exe
[%PROGRAM_FILES%]\winadiscount\cache\bundle.cfg
[%PROGRAM_FILES%]\winadiscount\cache\combosearch_button_1.acs
[%PROGRAM_FILES%]\winadiscount\cache\eraser001.bmp
[%PROGRAM_FILES%]\winadiscount\cache\hide002.bmp
[%PROGRAM_FILES%]\winadiscount\cache\logo.bmp
[%PROGRAM_FILES%]\winadiscount\cache\movies001.bmp
[%PROGRAM_FILES%]\winadiscount\cache\popupblocker002.bmp
[%PROGRAM_FILES%]\winadiscount\cache\search013.bmp
[%PROGRAM_FILES%]\winadiscount\cache\searchresults.xsl
[%PROGRAM_FILES%]\winadiscount\cache\shopping004.bmp
[%PROGRAM_FILES%]\winadiscount\cache\sk.ini
[%PROGRAM_FILES%]\winadiscount\cache\skbho.dll
[%PROGRAM_FILES%]\winadiscount\cache\uninstall001.bmp
[%PROGRAM_FILES%]\winadiscount\cache\weather003.bmp
[%PROGRAM_FILES%]\winadiscount\cache\winadiscounttb0401.cfg
[%PROGRAM_FILES%]\winadiscount\toolbar.ini
[%PROGRAM_FILES%]\winadiscount\uninstall.exe
[%PROGRAM_FILES%]\winadiscount\winadiscount.dll

How to detect WinADiscount:

Files:
[%PROGRAM_FILES%]\winadiscount\cache\adwin.exe
[%PROGRAM_FILES%]\winadiscount\cache\bundle.cfg
[%PROGRAM_FILES%]\winadiscount\cache\combosearch_button_1.acs
[%PROGRAM_FILES%]\winadiscount\cache\eraser001.bmp
[%PROGRAM_FILES%]\winadiscount\cache\hide002.bmp
[%PROGRAM_FILES%]\winadiscount\cache\logo.bmp
[%PROGRAM_FILES%]\winadiscount\cache\movies001.bmp
[%PROGRAM_FILES%]\winadiscount\cache\popupblocker002.bmp
[%PROGRAM_FILES%]\winadiscount\cache\search013.bmp
[%PROGRAM_FILES%]\winadiscount\cache\searchresults.xsl
[%PROGRAM_FILES%]\winadiscount\cache\shopping004.bmp
[%PROGRAM_FILES%]\winadiscount\cache\sk.ini
[%PROGRAM_FILES%]\winadiscount\cache\skbho.dll
[%PROGRAM_FILES%]\winadiscount\cache\uninstall001.bmp
[%PROGRAM_FILES%]\winadiscount\cache\weather003.bmp
[%PROGRAM_FILES%]\winadiscount\cache\winadiscounttb0401.cfg
[%PROGRAM_FILES%]\winadiscount\toolbar.ini
[%PROGRAM_FILES%]\winadiscount\uninstall.exe
[%PROGRAM_FILES%]\winadiscount\winadiscount.dll
[%PROGRAM_FILES%]\winadiscount\cache\adwin.exe
[%PROGRAM_FILES%]\winadiscount\cache\bundle.cfg
[%PROGRAM_FILES%]\winadiscount\cache\combosearch_button_1.acs
[%PROGRAM_FILES%]\winadiscount\cache\eraser001.bmp
[%PROGRAM_FILES%]\winadiscount\cache\hide002.bmp
[%PROGRAM_FILES%]\winadiscount\cache\logo.bmp
[%PROGRAM_FILES%]\winadiscount\cache\movies001.bmp
[%PROGRAM_FILES%]\winadiscount\cache\popupblocker002.bmp
[%PROGRAM_FILES%]\winadiscount\cache\search013.bmp
[%PROGRAM_FILES%]\winadiscount\cache\searchresults.xsl
[%PROGRAM_FILES%]\winadiscount\cache\shopping004.bmp
[%PROGRAM_FILES%]\winadiscount\cache\sk.ini
[%PROGRAM_FILES%]\winadiscount\cache\skbho.dll
[%PROGRAM_FILES%]\winadiscount\cache\uninstall001.bmp
[%PROGRAM_FILES%]\winadiscount\cache\weather003.bmp
[%PROGRAM_FILES%]\winadiscount\cache\winadiscounttb0401.cfg
[%PROGRAM_FILES%]\winadiscount\toolbar.ini
[%PROGRAM_FILES%]\winadiscount\uninstall.exe
[%PROGRAM_FILES%]\winadiscount\winadiscount.dll

Folders:
[%PROGRAM_FILES%]\winadiscount\cache\newcfg

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{4961a993-7f48-4c50-a30e-d597ac571707}
HKEY_CURRENT_USER\software\winadiscount\config
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4961a993-7f48-4c50-a30e-d597ac571707}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4e7bd74f-2b8d-469e-87be-a334b786b339}

Registry Values:
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-87be-a334b786b339}\inprocserver32
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-87be-a334b786b33a}\inprocserver32
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-87be-a334b786b33b}\inprocserver32
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\winadiscount
HKEY_CURRENT_USER\software\winadiscount
HKEY_CURRENT_USER\software\winadiscount
HKEY_CURRENT_USER\software\winadiscount
HKEY_CURRENT_USER\software\winadiscount
HKEY_CURRENT_USER\software\winadiscount
HKEY_CURRENT_USER\software\winadiscount
HKEY_CURRENT_USER\software\winadiscount
HKEY_CURRENT_USER\software\winadiscount
HKEY_CURRENT_USER\software\winadiscount
HKEY_CURRENT_USER\software\winadiscount
HKEY_CURRENT_USER\software\winadiscount
HKEY_CURRENT_USER\software\winadiscount
HKEY_CURRENT_USER\software\winadiscount\ages
HKEY_CURRENT_USER\software\winadiscount\ages
HKEY_CURRENT_USER\software\winadiscount\ages
HKEY_CURRENT_USER\software\winadiscount\options
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\winadiscount
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\winadiscount

Removing WinADiscount:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
INService.ja Downloader Removal instruction
toolband BHO Removal instruction
Remove Stealth.Web.Page.Recorder Spyware

Posted by at No comments:

KCGame RAT

Removing KCGame
Categories: RAT
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\winsys.exe
[%WINDOWS%]\system\y!.ocx
[%WINDOWS%]\system\winsys.exe
[%WINDOWS%]\system\y!.ocx

How to detect KCGame:

Files:
[%WINDOWS%]\system\winsys.exe
[%WINDOWS%]\system\y!.ocx
[%WINDOWS%]\system\winsys.exe
[%WINDOWS%]\system\y!.ocx

Removing KCGame:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Fake.login.for.Yahoo! Trojan Information
Archive Trojan Symptoms
Removing NetControl Spyware
VBS.Flood Trojan Removal instruction

Posted by at No comments:

AntiLamer Trojan

Removing AntiLamer
Categories: Trojan,Backdoor,RAT
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.
AntiLamer Also known as:

[Kaspersky]Backdoor.Antilam.13.b,Backdoor.Antilam.14.a,Backdoor.Antilam.14.c,Backdoor.FC.a,TrojanDropper.Win32.ZomJoiner.10,Backdoor.Antilam.20.a,Backdoor.Antilam.20.k,Backdoor.Antilam.11,Backdoor.Antilam.g1,Backdoor.Antilam.20.l,Backdoor.Antilam.20.m,Backdoor.Antilam.14.b;
[Eset]Win32/Antilam.13.B trojan,Win32/Antilam.14.A trojan,Win32/Antilam.14.C trojan,Win32/TrojanDropper.Antivirus.10 trojan,Win32/Antilam.20 trojan,Win32/Antilam.20.K trojan,Win32/Antilam.20.L trojan,Win32/Antilam.20.M trojan,Win32/Antilam.14.B trojan;
[McAfee]BackDoor-AED,MultiDropper-DN.cfg,BackDoor-AJW;
[F-Prot]security risk or a "backdoor" program,security risk named W32/AntiLam.B;
[Panda]Backdoor Program,Bck/Antilam,Bck/AntiLam.14,Trojan Horse,Bck/Antilam.F;
[Computer Associates]Backdoor/Latinus Server family,Win32.Antilam.13.B,Backdoor/Antilam.14.c,Win32.Antilam.14,Backdoor/Antilam.20,Backdoor/Antilam.20.k,Backdoor/AntiLamer Server family,Win32.Antilam.20,Backdoor/AntiLam,Backdoor/Antilam.20.m,Win32.Antilam.D,Win32/Antilam.14!Trojan

How to detect AntiLamer:

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing AntiLamer:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
AdvSearch Adware Information
AIM.Watch Trojan Removal instruction
Remove Nympho Trojan
Ping.Server RAT Removal instruction
Removing Pigeon.EKI Trojan

Posted by at No comments:

Deskbar Adware

Removing Deskbar
Categories: Adware,Hijacker,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.
Deskbar Also known as:

[Other]desktop bar,Adware.Look2Me
Visible Symptoms:
Files in system folders:
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpyLocked 3.1.lnk
[%DESKTOP%]\SpyLocked.lnk
[%PROGRAM_FILES%]\DeskAlerts\deskbar.dll
[%PROGRAM_FILES%]\Deskbar\deskbar.dll
[%STARTMENU%]\SpyLocked 3.1.lnk
[%SYSTEM%]\Deskbar\deskbar.dll
[%SYSTEM%]\Favorites\deskbar.dll
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpyLocked 3.1.lnk
[%DESKTOP%]\SpyLocked.lnk
[%PROGRAM_FILES%]\DeskAlerts\deskbar.dll
[%PROGRAM_FILES%]\Deskbar\deskbar.dll
[%STARTMENU%]\SpyLocked 3.1.lnk
[%SYSTEM%]\Deskbar\deskbar.dll
[%SYSTEM%]\Favorites\deskbar.dll

How to detect Deskbar:

Files:
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpyLocked 3.1.lnk
[%DESKTOP%]\SpyLocked.lnk
[%PROGRAM_FILES%]\DeskAlerts\deskbar.dll
[%PROGRAM_FILES%]\Deskbar\deskbar.dll
[%STARTMENU%]\SpyLocked 3.1.lnk
[%SYSTEM%]\Deskbar\deskbar.dll
[%SYSTEM%]\Favorites\deskbar.dll
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpyLocked 3.1.lnk
[%DESKTOP%]\SpyLocked.lnk
[%PROGRAM_FILES%]\DeskAlerts\deskbar.dll
[%PROGRAM_FILES%]\Deskbar\deskbar.dll
[%STARTMENU%]\SpyLocked 3.1.lnk
[%SYSTEM%]\Deskbar\deskbar.dll
[%SYSTEM%]\Favorites\deskbar.dll

Folders:
[%PROGRAMS%]\SpyLocked
[%PROGRAM_FILES%]\SpyLocked
[%PROGRAM_FILES%]\Deskbar

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{1F101905-C9C7-4B92-BDE6-4F8E76C5A7DB}
HKEY_CLASSES_ROOT\CLSID\{5121B863-FAE8-4935-BA76-0ABE0239AECA}
HKEY_CLASSES_ROOT\CLSID\{652383EE-CA01-4aec-A763-50A08062AC58}
HKEY_CLASSES_ROOT\CLSID\{65E03378-E22E-4F50-BE9D-588A889B24C9}
HKEY_CLASSES_ROOT\CLSID\{67A8D847-B79F-403e-8D2B-D2CADE3A967F}
HKEY_CLASSES_ROOT\CLSID\{69DACF5A-70EF-4363-A036-89450346121F}
HKEY_CLASSES_ROOT\CLSID\{9DD77D09-901B-4af0-8F89-812950DB6FF2}
HKEY_CLASSES_ROOT\clsid\{a8b28872-3324-4cd2-8aa3-7d555c872d96}
HKEY_CLASSES_ROOT\CLSID\{CC79522A-9E3B-4bc9-9218-D95EC5DA5349}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C5B5226-045D-4A46-B4FC-228B0891FEEC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{314120E4-5A05-492C-9BF2-22558CF0F202}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{392D4A36-6ADF-4A99-A820-3014A53E62E3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3BF6C840-4D12-4FB5-88A2-E2BC03461DC2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{42F16135-D0A4-43A2-990C-27FCABD9C19F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{43DF1CEE-70B3-4E2D-A740-4AC468786207}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5CA1A9F6-10F8-4008-B884-755B25B6848A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{630CBF61-54CC-4AC3-97B0-D4071345807C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AFB5B8E-ACFD-4489-91B3-DAA1388A31EC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{815B01A0-BF97-41E9-ACF2-32B76F98A960}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C5BF4465-5322-462F-B41F-459F649F3996}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E4703CF2-7F82-4AD7-B317-8EC1CBC9B619}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E9817993-83FF-4343-B14E-6CDFB378B21D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EDE2A2B4-B1CB-4BF8-93D1-154E49284A71}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F5D23930-23C6-440E-AB55-D019E1171539}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{50450F27-B90B-422B-A4C9-5EC5A5B78001}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyLocked.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F101905-C9C7-4B92-BDE6-4F8E76C5A7DB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5121B863-FAE8-4935-BA76-0ABE0239AECA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{652383EE-CA01-4aec-A763-50A08062AC58}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65E03378-E22E-4F50-BE9D-588A889B24C9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67A8D847-B79F-403e-8D2B-D2CADE3A967F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69DACF5A-70EF-4363-A036-89450346121F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9DD77D09-901B-4af0-8F89-812950DB6FF2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8B28872-3324-4CD2-8AA3-7D555C872D96}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC79522A-9E3B-4bc9-9218-D95EC5DA5349}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyLocked
HKEY_LOCAL_MACHINE\SOFTWARE\SpyLocked
HKEY_CLASSES_ROOT\clsid\{d7cc80d4-376c-4586-b023-4f35c2ceb28e}
HKEY_CLASSES_ROOT\clsid\{d8c2d4b4-eeaf-4ec4-b1f8-9b6ed15d5a38}
HKEY_CLASSES_ROOT\dbtb00001.dbtb00001
HKEY_CLASSES_ROOT\dbtb00001.dbtb00001.1
HKEY_CLASSES_ROOT\dbtb00001.deskbar
HKEY_CLASSES_ROOT\dbtb00001.deskbar.1
HKEY_CLASSES_ROOT\dbtb00001.deskbarbho
HKEY_CLASSES_ROOT\dbtb00001.deskbarbho.1
HKEY_CLASSES_ROOT\dbtb00001.deskbarenabler
HKEY_CLASSES_ROOT\dbtb00001.deskbarenabler.1
HKEY_CLASSES_ROOT\interface\{8f15b157-40d9-4b20-8d3b-b1f8b475b58d}
HKEY_CLASSES_ROOT\interface\{a0881aa1-68be-41ac-9c0d-4c8a69c6c72c}
HKEY_CLASSES_ROOT\interface\{e827ffd9-95d1-4b49-beb3-5d49e688c108}
HKEY_CLASSES_ROOT\typelib\{a4c8f181-6cdb-4dcc-9fc9-bb9933c81e1f}
HKEY_CURRENT_USER\software\dbtb00001
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{a8b28872-3324-4cd2-8aa3-7d555c872d96}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\dbtb00001.dbtb00001deskbar

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks

Removing Deskbar:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
pal.remover Ransomware Cleaner
PC.Remote.Control RAT Removal instruction
SillyDl.CPD Trojan Cleaner
Remove Haxspy Trojan

Posted by at No comments:

Zlob.Fam.ProtectionBar Trojan

Removing Zlob.Fam.ProtectionBar
Categories: Trojan,Popups
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware is the class of programs that place advertisements on your screen.
These may be in the form of pop-ups, pop-unders, advertisements embedded in programs,
advertisements placed on top of ads in web sites, or any other way the authors can
think of showing you an ad.

The pop-ups generally will not be stopped by pop-up stoppers, and often are
not dependent on your having Internet Explorer open.
They may show up when you are playing a game, writing a document, listening to music,
or anything else. Should you be surfing, the advertisements will often be related to
the web page you are viewing.
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\Brain Codec\iesplugin.dll
[%PROGRAM_FILES%]\Gold Codec\iesplugin.dll
[%PROGRAM_FILES%]\Gold Codec\isaddon.dll
[%PROGRAM_FILES%]\Image Access ActiveX Object\iesplugin.dll
[%PROGRAM_FILES%]\Image Access ActiveX Object\isadd.dll
[%PROGRAM_FILES%]\Image ActiveX Access\iesplg.dll
[%PROGRAM_FILES%]\Image ActiveX Object\iesplugin.dll
[%PROGRAM_FILES%]\Image ActiveX Object\isadd.dll
[%PROGRAM_FILES%]\Image ActiveX Object\isaddon.dll
[%PROGRAM_FILES%]\Image AX Object\bpvol.dll
[%PROGRAM_FILES%]\Image AX Object\splug.dll
[%PROGRAM_FILES%]\IntCodec\iesplugin.dll
[%PROGRAM_FILES%]\Internet Security\iesplugin.dll
[%PROGRAM_FILES%]\Internet Security\isadd.dll
[%PROGRAM_FILES%]\iVideoCodec\isaddon.dll
[%PROGRAM_FILES%]\Key Generator\iesplugin.dll
[%PROGRAM_FILES%]\Key Generator\isadd.dll
[%PROGRAM_FILES%]\Key Generator\isaddon.dll
[%PROGRAM_FILES%]\Media-Codec\iesplugin.dll
[%PROGRAM_FILES%]\Media-Codec\isaddon.dll
[%PROGRAM_FILES%]\MediaCodec\isaddon.dll
[%PROGRAM_FILES%]\MMediaCodec\iesplugin.dll
[%PROGRAM_FILES%]\MMediaCodec\isaddon.dll
[%PROGRAM_FILES%]\PCODEC\iesplugin.dll
[%PROGRAM_FILES%]\Perfect Codec\iesplugin.dll
[%PROGRAM_FILES%]\Perfect Codec\isaddon.dll
[%PROGRAM_FILES%]\Protection Tools\bpvol.dll
[%PROGRAM_FILES%]\Protection Tools\splug.dll
[%PROGRAM_FILES%]\QualityCodec\iesplugin.dll
[%PROGRAM_FILES%]\QualityCodec\isaddon.dll
[%PROGRAM_FILES%]\Security Tools\iesplg.dll
[%PROGRAM_FILES%]\strCodec\iesplugin.dll
[%PROGRAM_FILES%]\strCodec\isaddon.dll
[%PROGRAM_FILES%]\VidCodecs\isaddon.dll
[%PROGRAM_FILES%]\Video Access ActiveX Object\iesplugin.dll
[%PROGRAM_FILES%]\Video Access ActiveX Object\isadd.dll
[%PROGRAM_FILES%]\Video ActiveX Access\iesbpl.dll
[%PROGRAM_FILES%]\Video ActiveX Access\iesplg.dll
[%PROGRAM_FILES%]\Video ActiveX Object\iesplugin.dll
[%PROGRAM_FILES%]\Video ActiveX Object\isadd.dll
[%PROGRAM_FILES%]\Video ActiveX Object\isaddon.dll
[%PROGRAM_FILES%]\Video AX Object\bpvol.dll
[%PROGRAM_FILES%]\Video AX Object\splug.dll
[%PROGRAM_FILES%]\VideoKeyCodec\isaddon.dll
[%SYSTEM%]\iesplg.dll
[%PROGRAM_FILES%]\Brain Codec\iesplugin.dll
[%PROGRAM_FILES%]\Gold Codec\iesplugin.dll
[%PROGRAM_FILES%]\Gold Codec\isaddon.dll
[%PROGRAM_FILES%]\Image Access ActiveX Object\iesplugin.dll
[%PROGRAM_FILES%]\Image Access ActiveX Object\isadd.dll
[%PROGRAM_FILES%]\Image ActiveX Access\iesplg.dll
[%PROGRAM_FILES%]\Image ActiveX Object\iesplugin.dll
[%PROGRAM_FILES%]\Image ActiveX Object\isadd.dll
[%PROGRAM_FILES%]\Image ActiveX Object\isaddon.dll
[%PROGRAM_FILES%]\Image AX Object\bpvol.dll
[%PROGRAM_FILES%]\Image AX Object\splug.dll
[%PROGRAM_FILES%]\IntCodec\iesplugin.dll
[%PROGRAM_FILES%]\Internet Security\iesplugin.dll
[%PROGRAM_FILES%]\Internet Security\isadd.dll
[%PROGRAM_FILES%]\iVideoCodec\isaddon.dll
[%PROGRAM_FILES%]\Key Generator\iesplugin.dll
[%PROGRAM_FILES%]\Key Generator\isadd.dll
[%PROGRAM_FILES%]\Key Generator\isaddon.dll
[%PROGRAM_FILES%]\Media-Codec\iesplugin.dll
[%PROGRAM_FILES%]\Media-Codec\isaddon.dll
[%PROGRAM_FILES%]\MediaCodec\isaddon.dll
[%PROGRAM_FILES%]\MMediaCodec\iesplugin.dll
[%PROGRAM_FILES%]\MMediaCodec\isaddon.dll
[%PROGRAM_FILES%]\PCODEC\iesplugin.dll
[%PROGRAM_FILES%]\Perfect Codec\iesplugin.dll
[%PROGRAM_FILES%]\Perfect Codec\isaddon.dll
[%PROGRAM_FILES%]\Protection Tools\bpvol.dll
[%PROGRAM_FILES%]\Protection Tools\splug.dll
[%PROGRAM_FILES%]\QualityCodec\iesplugin.dll
[%PROGRAM_FILES%]\QualityCodec\isaddon.dll
[%PROGRAM_FILES%]\Security Tools\iesplg.dll
[%PROGRAM_FILES%]\strCodec\iesplugin.dll
[%PROGRAM_FILES%]\strCodec\isaddon.dll
[%PROGRAM_FILES%]\VidCodecs\isaddon.dll
[%PROGRAM_FILES%]\Video Access ActiveX Object\iesplugin.dll
[%PROGRAM_FILES%]\Video Access ActiveX Object\isadd.dll
[%PROGRAM_FILES%]\Video ActiveX Access\iesbpl.dll
[%PROGRAM_FILES%]\Video ActiveX Access\iesplg.dll
[%PROGRAM_FILES%]\Video ActiveX Object\iesplugin.dll
[%PROGRAM_FILES%]\Video ActiveX Object\isadd.dll
[%PROGRAM_FILES%]\Video ActiveX Object\isaddon.dll
[%PROGRAM_FILES%]\Video AX Object\bpvol.dll
[%PROGRAM_FILES%]\Video AX Object\splug.dll
[%PROGRAM_FILES%]\VideoKeyCodec\isaddon.dll
[%SYSTEM%]\iesplg.dll

How to detect Zlob.Fam.ProtectionBar:

Files:
[%PROGRAM_FILES%]\Brain Codec\iesplugin.dll
[%PROGRAM_FILES%]\Gold Codec\iesplugin.dll
[%PROGRAM_FILES%]\Gold Codec\isaddon.dll
[%PROGRAM_FILES%]\Image Access ActiveX Object\iesplugin.dll
[%PROGRAM_FILES%]\Image Access ActiveX Object\isadd.dll
[%PROGRAM_FILES%]\Image ActiveX Access\iesplg.dll
[%PROGRAM_FILES%]\Image ActiveX Object\iesplugin.dll
[%PROGRAM_FILES%]\Image ActiveX Object\isadd.dll
[%PROGRAM_FILES%]\Image ActiveX Object\isaddon.dll
[%PROGRAM_FILES%]\Image AX Object\bpvol.dll
[%PROGRAM_FILES%]\Image AX Object\splug.dll
[%PROGRAM_FILES%]\IntCodec\iesplugin.dll
[%PROGRAM_FILES%]\Internet Security\iesplugin.dll
[%PROGRAM_FILES%]\Internet Security\isadd.dll
[%PROGRAM_FILES%]\iVideoCodec\isaddon.dll
[%PROGRAM_FILES%]\Key Generator\iesplugin.dll
[%PROGRAM_FILES%]\Key Generator\isadd.dll
[%PROGRAM_FILES%]\Key Generator\isaddon.dll
[%PROGRAM_FILES%]\Media-Codec\iesplugin.dll
[%PROGRAM_FILES%]\Media-Codec\isaddon.dll
[%PROGRAM_FILES%]\MediaCodec\isaddon.dll
[%PROGRAM_FILES%]\MMediaCodec\iesplugin.dll
[%PROGRAM_FILES%]\MMediaCodec\isaddon.dll
[%PROGRAM_FILES%]\PCODEC\iesplugin.dll
[%PROGRAM_FILES%]\Perfect Codec\iesplugin.dll
[%PROGRAM_FILES%]\Perfect Codec\isaddon.dll
[%PROGRAM_FILES%]\Protection Tools\bpvol.dll
[%PROGRAM_FILES%]\Protection Tools\splug.dll
[%PROGRAM_FILES%]\QualityCodec\iesplugin.dll
[%PROGRAM_FILES%]\QualityCodec\isaddon.dll
[%PROGRAM_FILES%]\Security Tools\iesplg.dll
[%PROGRAM_FILES%]\strCodec\iesplugin.dll
[%PROGRAM_FILES%]\strCodec\isaddon.dll
[%PROGRAM_FILES%]\VidCodecs\isaddon.dll
[%PROGRAM_FILES%]\Video Access ActiveX Object\iesplugin.dll
[%PROGRAM_FILES%]\Video Access ActiveX Object\isadd.dll
[%PROGRAM_FILES%]\Video ActiveX Access\iesbpl.dll
[%PROGRAM_FILES%]\Video ActiveX Access\iesplg.dll
[%PROGRAM_FILES%]\Video ActiveX Object\iesplugin.dll
[%PROGRAM_FILES%]\Video ActiveX Object\isadd.dll
[%PROGRAM_FILES%]\Video ActiveX Object\isaddon.dll
[%PROGRAM_FILES%]\Video AX Object\bpvol.dll
[%PROGRAM_FILES%]\Video AX Object\splug.dll
[%PROGRAM_FILES%]\VideoKeyCodec\isaddon.dll
[%SYSTEM%]\iesplg.dll
[%PROGRAM_FILES%]\Brain Codec\iesplugin.dll
[%PROGRAM_FILES%]\Gold Codec\iesplugin.dll
[%PROGRAM_FILES%]\Gold Codec\isaddon.dll
[%PROGRAM_FILES%]\Image Access ActiveX Object\iesplugin.dll
[%PROGRAM_FILES%]\Image Access ActiveX Object\isadd.dll
[%PROGRAM_FILES%]\Image ActiveX Access\iesplg.dll
[%PROGRAM_FILES%]\Image ActiveX Object\iesplugin.dll
[%PROGRAM_FILES%]\Image ActiveX Object\isadd.dll
[%PROGRAM_FILES%]\Image ActiveX Object\isaddon.dll
[%PROGRAM_FILES%]\Image AX Object\bpvol.dll
[%PROGRAM_FILES%]\Image AX Object\splug.dll
[%PROGRAM_FILES%]\IntCodec\iesplugin.dll
[%PROGRAM_FILES%]\Internet Security\iesplugin.dll
[%PROGRAM_FILES%]\Internet Security\isadd.dll
[%PROGRAM_FILES%]\iVideoCodec\isaddon.dll
[%PROGRAM_FILES%]\Key Generator\iesplugin.dll
[%PROGRAM_FILES%]\Key Generator\isadd.dll
[%PROGRAM_FILES%]\Key Generator\isaddon.dll
[%PROGRAM_FILES%]\Media-Codec\iesplugin.dll
[%PROGRAM_FILES%]\Media-Codec\isaddon.dll
[%PROGRAM_FILES%]\MediaCodec\isaddon.dll
[%PROGRAM_FILES%]\MMediaCodec\iesplugin.dll
[%PROGRAM_FILES%]\MMediaCodec\isaddon.dll
[%PROGRAM_FILES%]\PCODEC\iesplugin.dll
[%PROGRAM_FILES%]\Perfect Codec\iesplugin.dll
[%PROGRAM_FILES%]\Perfect Codec\isaddon.dll
[%PROGRAM_FILES%]\Protection Tools\bpvol.dll
[%PROGRAM_FILES%]\Protection Tools\splug.dll
[%PROGRAM_FILES%]\QualityCodec\iesplugin.dll
[%PROGRAM_FILES%]\QualityCodec\isaddon.dll
[%PROGRAM_FILES%]\Security Tools\iesplg.dll
[%PROGRAM_FILES%]\strCodec\iesplugin.dll
[%PROGRAM_FILES%]\strCodec\isaddon.dll
[%PROGRAM_FILES%]\VidCodecs\isaddon.dll
[%PROGRAM_FILES%]\Video Access ActiveX Object\iesplugin.dll
[%PROGRAM_FILES%]\Video Access ActiveX Object\isadd.dll
[%PROGRAM_FILES%]\Video ActiveX Access\iesbpl.dll
[%PROGRAM_FILES%]\Video ActiveX Access\iesplg.dll
[%PROGRAM_FILES%]\Video ActiveX Object\iesplugin.dll
[%PROGRAM_FILES%]\Video ActiveX Object\isadd.dll
[%PROGRAM_FILES%]\Video ActiveX Object\isaddon.dll
[%PROGRAM_FILES%]\Video AX Object\bpvol.dll
[%PROGRAM_FILES%]\Video AX Object\splug.dll
[%PROGRAM_FILES%]\VideoKeyCodec\isaddon.dll
[%SYSTEM%]\iesplg.dll

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}
HKEY_CLASSES_ROOT\CLSID\{184746EC-9E9D-4C7D-B9E7-9039EBD801A9}
HKEY_CLASSES_ROOT\CLSID\{192c5b4a-3efd-40c7-9f99-c472deb8efc0}
HKEY_CLASSES_ROOT\CLSID\{1a1ddc19-5893-43ab-a73f-f41a0f34d115}
HKEY_CLASSES_ROOT\CLSID\{1a29a79a-b9c8-44a9-bedf-7fadde3cf33f}
HKEY_CLASSES_ROOT\CLSID\{202a961f-23ae-42b1-9505-ffe3c818d717}
HKEY_CLASSES_ROOT\CLSID\{274c0420-ebe0-4f1d-b473-edd1aa9b85dd}
HKEY_CLASSES_ROOT\CLSID\{2810fba5-55ec-4bee-8263-0e2fa5883768}
HKEY_CLASSES_ROOT\CLSID\{31615D5C-5126-448A-818A-A7CDFEE85A9B}
HKEY_CLASSES_ROOT\CLSID\{36ADA89D-2440-4DC4-820A-3A05E8630935}
HKEY_CLASSES_ROOT\CLSID\{44d22a64-2399-4edf-8b32-f2c729c1e8a7}
HKEY_CLASSES_ROOT\CLSID\{4734044c-7427-43d8-adbe-df942e52bef2}
HKEY_CLASSES_ROOT\CLSID\{479fd0cf-5be9-4c63-8cda-b6d371c67bd5}
HKEY_CLASSES_ROOT\CLSID\{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2}
HKEY_CLASSES_ROOT\CLSID\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}
HKEY_CLASSES_ROOT\CLSID\{74a49269-9779-48b4-a0e6-3a5af2a3ade6}
HKEY_CLASSES_ROOT\CLSID\{7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8}
HKEY_CLASSES_ROOT\CLSID\{7b4d79df-9ef0-429d-a0e9-d9b138c6a53b}
HKEY_CLASSES_ROOT\CLSID\{84938242-5C5B-4A55-B6B9-A1507543B418}
HKEY_CLASSES_ROOT\CLSID\{860c2f6b-ca82-4282-9187-beccbb66f0af}
HKEY_CLASSES_ROOT\CLSID\{8aed5df3-6e0b-4930-b1a5-f8aa8d757497}
HKEY_CLASSES_ROOT\CLSID\{8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d}
HKEY_CLASSES_ROOT\CLSID\{96ebbe6a-2864-4345-b32b-26ee9be524b5}
HKEY_CLASSES_ROOT\CLSID\{a2595f37-48d0-46a1-9b51-478591a97764}
HKEY_CLASSES_ROOT\CLSID\{A6ACAE64-F798-4930-AD86-BD3FB32038DB}
HKEY_CLASSES_ROOT\CLSID\{ae18da4e-be15-4925-81bb-890c04af0200}
HKEY_CLASSES_ROOT\CLSID\{bf1ced2c-4b3f-4079-a330-864eda5a4cff}
HKEY_CLASSES_ROOT\CLSID\{d1ac752e-883f-4ed8-8828-b618c3a72152}
HKEY_CLASSES_ROOT\CLSID\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}
HKEY_CLASSES_ROOT\CLSID\{d869742a-e5d2-4624-96c7-aae26170665e}
HKEY_CLASSES_ROOT\CLSID\{F0993251-2512-4710-AF6E-0A13EA199D02}
HKEY_CLASSES_ROOT\CLSID\{f7d40011-29bb-43eb-9c97-875ce89e9e36}
HKEY_CLASSES_ROOT\CLSID\{fe2d25c1-c1db-4b5e-9390-af1cb5302f32}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{f7d40011-29bb-43eb-9c97-875ce89e9e36}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{184746EC-9E9D-4C7D-B9E7-9039EBD801A9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{192c5b4a-3efd-40c7-9f99-c472deb8efc0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a1ddc19-5893-43ab-a73f-f41a0f34d115}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{202a961f-23ae-42b1-9505-ffe3c818d717}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{274c0420-ebe0-4f1d-b473-edd1aa9b85dd}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2810fba5-55ec-4bee-8263-0e2fa5883768}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36ADA89D-2440-4DC4-820A-3A05E8630935}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4734044c-7427-43d8-adbe-df942e52bef2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{479fd0cf-5be9-4c63-8cda-b6d371c67bd5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b4d79df-9ef0-429d-a0e9-d9b138c6a53b}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a2595f37-48d0-46a1-9b51-478591a97764}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6ACAE64-F798-4930-AD86-BD3FB32038DB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ae18da4e-be15-4925-81bb-890c04af0200}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d869742a-e5d2-4624-96c7-aae26170665e}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f7d40011-29bb-43eb-9c97-875ce89e9e36}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fe2d25c1-c1db-4b5e-9390-af1cb5302f32}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCODEC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar

Removing Zlob.Fam.ProtectionBar:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Win32.InCommander Trojan Information
IEBAR Hijacker Removal instruction
Pigeon.EHB Trojan Removal
Removing Tequila Trojan

Posted by at No comments:

Ebates.MoneyMaker Adware

Removing Ebates.MoneyMaker
Categories: Adware,Hacker Tool
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.
Ebates.MoneyMaker Also known as:

[Panda]Adware/MoeMoney,Adware/TopMoxie,HackTool/Jkill.A
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\djebmm350.exe
[%PROFILE_TEMP%]\temp.fr????\Ap350\psid399.dat
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_counv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_couyv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_non.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_nv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\pref350a_dis.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\scri350a.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\spec350a_yv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_0.dat
[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_2.dat
[%PROFILE_TEMP%]\THI11E0.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI2BE3.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI376A.tmp\MMaker4b.exe
[%PROFILE_TEMP%]\THI575D.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI76A.tmp\MMaker4b.exe
[%PROGRAM_FILES%]\couponsandoffers\System\Code\o.class
[%PROGRAM_FILES%]\couponsandoffers\System\Temp\couponsandoffers.exe
[%PROGRAM_FILES%]\LimeShop\Popup.exe
[%DESKTOP%]\earn money.lnk
[%PROFILE_TEMP%]\ebatesmoemoneymaker.exe
[%PROGRAM_FILES%]\care2gtu\popup.exe
[%PROGRAM_FILES%]\couponsandoffers\couponsandoffers1.exe
[%STARTMENU%]\casino.url
[%WINDOWS%]\dkry.exe
[%PROFILE_TEMP%]\djebmm350.exe
[%PROFILE_TEMP%]\temp.fr????\Ap350\psid399.dat
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_counv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_couyv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_non.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_nv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\pref350a_dis.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\scri350a.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\spec350a_yv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_0.dat
[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_2.dat
[%PROFILE_TEMP%]\THI11E0.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI2BE3.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI376A.tmp\MMaker4b.exe
[%PROFILE_TEMP%]\THI575D.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI76A.tmp\MMaker4b.exe
[%PROGRAM_FILES%]\couponsandoffers\System\Code\o.class
[%PROGRAM_FILES%]\couponsandoffers\System\Temp\couponsandoffers.exe
[%PROGRAM_FILES%]\LimeShop\Popup.exe
[%DESKTOP%]\earn money.lnk
[%PROFILE_TEMP%]\ebatesmoemoneymaker.exe
[%PROGRAM_FILES%]\care2gtu\popup.exe
[%PROGRAM_FILES%]\couponsandoffers\couponsandoffers1.exe
[%STARTMENU%]\casino.url
[%WINDOWS%]\dkry.exe

How to detect Ebates.MoneyMaker:

Files:
[%PROFILE_TEMP%]\djebmm350.exe
[%PROFILE_TEMP%]\temp.fr????\Ap350\psid399.dat
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_counv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_couyv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_non.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_nv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\pref350a_dis.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\scri350a.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\spec350a_yv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_0.dat
[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_2.dat
[%PROFILE_TEMP%]\THI11E0.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI2BE3.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI376A.tmp\MMaker4b.exe
[%PROFILE_TEMP%]\THI575D.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI76A.tmp\MMaker4b.exe
[%PROGRAM_FILES%]\couponsandoffers\System\Code\o.class
[%PROGRAM_FILES%]\couponsandoffers\System\Temp\couponsandoffers.exe
[%PROGRAM_FILES%]\LimeShop\Popup.exe
[%DESKTOP%]\earn money.lnk
[%PROFILE_TEMP%]\ebatesmoemoneymaker.exe
[%PROGRAM_FILES%]\care2gtu\popup.exe
[%PROGRAM_FILES%]\couponsandoffers\couponsandoffers1.exe
[%STARTMENU%]\casino.url
[%WINDOWS%]\dkry.exe
[%PROFILE_TEMP%]\djebmm350.exe
[%PROFILE_TEMP%]\temp.fr????\Ap350\psid399.dat
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_counv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_couyv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_non.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_nv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\pref350a_dis.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\scri350a.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\spec350a_yv.htm
[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_0.dat
[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_2.dat
[%PROFILE_TEMP%]\THI11E0.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI2BE3.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI376A.tmp\MMaker4b.exe
[%PROFILE_TEMP%]\THI575D.tmp\TRebates.exe
[%PROFILE_TEMP%]\THI76A.tmp\MMaker4b.exe
[%PROGRAM_FILES%]\couponsandoffers\System\Code\o.class
[%PROGRAM_FILES%]\couponsandoffers\System\Temp\couponsandoffers.exe
[%PROGRAM_FILES%]\LimeShop\Popup.exe
[%DESKTOP%]\earn money.lnk
[%PROFILE_TEMP%]\ebatesmoemoneymaker.exe
[%PROGRAM_FILES%]\care2gtu\popup.exe
[%PROGRAM_FILES%]\couponsandoffers\couponsandoffers1.exe
[%STARTMENU%]\casino.url
[%WINDOWS%]\dkry.exe

Folders:
[%PROGRAM_FILES%]\ebatesmoemoneymaker
[%PROGRAM_FILES%]\ebates_moemoneymaker
[%PROGRAM_FILES%]\webrebates
[%PROGRAM_FILES%]\websearch

Registry Keys:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{6685509E-B47B-4f47-8E16-9A5F3A62F683}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{7F241C00-DAB6-11d5-AAA8-0001028DF1BC}
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\ebates
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{6685509e-b47b-4f47-8e16-9a5f3a62f683}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\ebatesver2.xml
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping\{6685509e-b47b-4f47-8e16-9a5f3a62f683}
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping\{7f241c00-dab6-11d5-aaa8-0001028df1bc}
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\{6685509e-b47b-4f47-8e16-9a5f3a62f683}
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\{7f241c00-dab6-11d5-aaa8-0001028df1bc}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ebatesver2.xml

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Ebates.MoneyMaker:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Pigeon.AWY Trojan

Posted by at No comments:
Subscribe to: Posts (Atom)