tag:blogger.com,1999:blog-14818761435518500492011-04-21T17:47:46.502-07:00Here you can found some information about malware, virus, trojan, etc. How to remove, how to protect, how to identify.Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.comBlogger19521100tag:blogger.com,1999:blog-1481876143551850049.post-32411329328551148482009-02-04T01:55:00.001-08:002009-02-04T01:55:53.711-08:00Removing Virtumonde.by <br/><strong>Categories:</strong> Adware<br/><em>Adware are programs that facilitate delivery for <strong>advertising content</strong> <br />to the user and in some cases gather information from the user's computer, <br />including information related to Internet browser usage or other computer habits<br/> </em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%SYSTEM%]\efcccbb.dll<br/>[%SYSTEM%]\efcccbb.dll </CODE> <p><h2>How to detect Virtumonde.by:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%SYSTEM%]\efcccbb.dll<br/>[%SYSTEM%]\efcccbb.dll </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}<br/>HKEY_CLASSES_ROOT\clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6b69e170-f59b-4897-b51c-3bb214d099ae} </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks </CODE> </p> <p> <h2>Removing Virtumonde.by:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://virusinfo-2411.blogspot.com/2009/02/sillydlcey-trojan.html">Removing SillyDl.CEY Trojan</a><br/><a href="http://protection-protect-details.blogspot.com/2009/01/nikademus-trojan.html">Nikademus Trojan Removal</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-3241132932855114848?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-79897223445490324252009-02-04T00:23:00.001-08:002009-02-04T00:23:46.694-08:00Removing CRS.Gate <br/><strong>Categories:</strong> Backdoor,RAT<br/><em><strong>Backdoors are the most dangerous type of Trojans</strong> and the most popular. <br /><strong>Backdoors open infected machines</strong> to external control via Internet. <br />They function in the same way as legal remote administration programs used by system administrators. <br />This makes them difficult to detect.<br/> <br /><strong>Backdoors</strong> are installed and launched without the consent of the user of computer. <br />Often the backdoor will not be visible in the log of active programs.<br/> <br />Once a backdoor has been successfully launched, the computer is wide open. <br />Backdoor functions can include:<br/> <br /> <ul> <br /> <li> Launching/ deleting files</li> <br /> <li> Sending/ receiving files</li> <br /> <li> Deleting data</li> <br /> <li> Displaying notification</li> <br /> <li> Rebooting the machine</li> <br /> <li> Executing files</li> <br /> </ul> <br /><br/> <br /><strong>Backdoors are used by virus writers to detect and download confidential information</strong>, <br />execute malicious code, destroy data, include the machine in bot networks and so forth. <br />Backdoors combine the functionality of most other types of in one package.<br/> <br />Backdoors have one especially dangerous sub-class: variants that can propagate like worms. <br/>Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on <br />April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack. <br /><br/></em><hr/><string>CRS.Gate Also known as:</strong><br/><code><br/>[Kaspersky]Backdoor.CRS-Gate;<br/>[Panda]Backdoor Program,Bck/CRS-Gate;<br/>[Computer Associates]Backdoor/CRS-Gate!Server</code><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%WINDOWS%]\system\regsys32.dll<br/>[%WINDOWS%]\system\regsys32.exe<br/>[%WINDOWS%]\system\regsys32.dll<br/>[%WINDOWS%]\system\regsys32.exe </CODE> <p><h2>How to detect CRS.Gate:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%WINDOWS%]\system\regsys32.dll<br/>[%WINDOWS%]\system\regsys32.exe<br/>[%WINDOWS%]\system\regsys32.dll<br/>[%WINDOWS%]\system\regsys32.exe </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices </CODE> </p> <p> <h2>Removing CRS.Gate:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://info-blog-protect.blogspot.com/2009/02/netadministrator-backdoor.html">Net.Administrator Backdoor Symptoms</a><br/><a href="http://protect-kill-infections.blogspot.com/2009/01/countomatcom-tracking-cookie.html">countomat.com Tracking Cookie Removal instruction</a><br/><a href="http://virusinfo-4832.blogspot.com/2009/01/pcremotecontrol-rat.html">PC.Remote.Control RAT Information</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-7989722344549032425?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-65732072920742948402009-02-04T00:15:00.001-08:002009-02-04T00:15:42.676-08:00Removing Alureon <br/><strong>Categories:</strong> Trojan,BHO,Hijacker,Downloader<br/><em>This loose category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/> <br />Multi-purpose Trojans are also included in this group, as some virus writers <br />create multi-functional Trojans rather than Trojan packs.<br/><strong>BHO (Browser Helper Object) Trojan</strong>. <br />The BHO waits for the user to post personal information to a monitored website. <br />As this information is entered by the user, it is captured by the BHO and sent back to the attacker. <br />The method of network transport used by the attacker makes this Trojan unique. <br />Typically, keyloggers of this type will send the stolen information back to the attacker via email <br />or HTTP POST, which can appear suspicious. <br />Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into <br />the data section of an ICMP ping packet." explained the company.<br/>A desktop hijacker replaces the desktop wallpaper with advertising <br />for products and services on the desktop.<br/>Trojans-downloaders downloads and installs new malware or adware on the computer. <br /><br/></em><hr/><string>Alureon Also known as:</strong><br/><code><br/>[Kaspersky]Trojan-Downloader.Win32.Small.den,Trojan.Win32.DNSChanger.ef,Trojan.Win32.DNSChanger.fc,Trojan.Win32.DNSChanger.ge,Trojan.Win32.Agent.r,Trojan-Downloader.Win32.Murlo.d,Trojan.Win32.DNSChanger.iq,Trojan.Win32.DNSChanger.iu,Trojan.Win32.DNSChanger.abk,Trojan.Win32.DNSChanger.abf,Trojan.Win32.DNSChanger.abe;<br/>[McAfee]DNSChanger.a,DNSChanger.gen;<br/>[F-Prot]W32/Trojan2.HSQ (exact),W32/Trojan2.HSG (exact);<br/>[Panda]Adware/Oner,Trojan Horse;<br/>[Computer Associates]Win32.Alureon.B,Win32/Alureon.B!DLL!Trojan,Win32.Alureon.A,Win32/Alureon.A!DLL!Trojan,Win32/Alureon.A.20285!Trojan;<br/>[Other]Win32.Alueon.AU,Win32.Alureon.AV,Trojan.Win32.DNSChanger.ef,Win32/Alureon.T,Win32.Alureon.AX,Win32/Alureon.AZ,Win32/Alureon.BN,Win32/Alureon.BO,Win32/Alureon.BP,Win32/Alureon.BQ,Win32/Alureon.Y,W32/Downloader.NNL,Win32/Alureon.BX,Win32/Alureon.CE,Win32/Alureon!generic,Troj/RuinDl-Gen,Win32/Alureon.A,Win32/Alureon.CH,Trujan.Flush.K,Win32/Alureon.CI,WIn32/Alureon.CJ,Win32/Alureon.CQ,Win32/Alureon.CR,Trojan.Emcodec,Win32/Alureon.CS,Trojan.Zlob,Trojan.Flush.L,DNSChanger.gen9,Troj/Zlobar-Fam,Troj/Zlob-ADO,Win32/Alureon.DB,Trojan.Flush.G,Win32/Alureon.DE,Win32/Alureon.EM</code><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%LOCAL_APPDATA%]\Temp\~nsu.tmp\Au_.exe<br/>[%SYSTEM%]\winnet.dll<br/>[%WINDOWS%]\image.dll<br/>[%DESKTOP%]\asd3.dll<br/>[%DESKTOP%]\playercodec1000.exe<br/>[%DESKTOP%]\tbar.exe<br/>[%FAVORITES%]\!!! exclusive youngest porn !!!.url<br/>[%FAVORITES%]\censored youngest porn.url<br/>[%FAVORITES%]\free hidden cams world.url<br/>[%FAVORITES%]\free spy cam.url<br/>[%FAVORITES%]\free web cams chats.url<br/>[%FAVORITES%]\free xxx pics & movies.url<br/>[%FAVORITES%]\fresh xxx pics & movie.url<br/>[%FAVORITES%]\get this 4 free.url<br/>[%FAVORITES%]\super xxx pics.url<br/>[%FAVORITES%]\young masha sucking huge dick until her lips teared open.url<br/>[%FAVORITES%]\~ fully categories porn database. enjoy!.url<br/>[%FAVORITES%]\~ new porn pics everyday.url<br/>[%PROGRAMS%]\FreeVideo\Uninstall.lnk<br/>[%SYSTEM%]\dmcal.exe<br/>[%SYSTEM%]\dmfap.exe<br/>[%SYSTEM%]\dmfsg.exe<br/>[%SYSTEM%]\dmrfp.exe<br/>[%SYSTEM%]\dmthp.exe<br/>[%SYSTEM%]\kddmx.exe<br/>[%SYSTEM%]\kdoxr.exe<br/>[%SYSTEM%]\mlwlr.exe<br/>[%SYSTEM%]\msmk.dll<br/>[%SYSTEM%]\nzbxn.exe<br/>[%SYSTEM%]\sysobjwertb.dll<br/>[%SYSTEM%]\wmstrbum.exe<br/>[%WINDOWS%]\cracrwinz.exe<br/>[%WINDOWS%]\msew\msew32.dll<br/>[%WINDOWS%]\msew\msiesh.dll<br/>[%WINDOWS%]\msew\mssearch.dll<br/>[%WINDOWS%]\tromomwin32.exe<br/>[%LOCAL_APPDATA%]\Temp\~nsu.tmp\Au_.exe<br/>[%SYSTEM%]\winnet.dll<br/>[%WINDOWS%]\image.dll<br/>[%DESKTOP%]\asd3.dll<br/>[%DESKTOP%]\playercodec1000.exe<br/>[%DESKTOP%]\tbar.exe<br/>[%FAVORITES%]\!!! exclusive youngest porn !!!.url<br/>[%FAVORITES%]\censored youngest porn.url<br/>[%FAVORITES%]\free hidden cams world.url<br/>[%FAVORITES%]\free spy cam.url<br/>[%FAVORITES%]\free web cams chats.url<br/>[%FAVORITES%]\free xxx pics & movies.url<br/>[%FAVORITES%]\fresh xxx pics & movie.url<br/>[%FAVORITES%]\get this 4 free.url<br/>[%FAVORITES%]\super xxx pics.url<br/>[%FAVORITES%]\young masha sucking huge dick until her lips teared open.url<br/>[%FAVORITES%]\~ fully categories porn database. enjoy!.url<br/>[%FAVORITES%]\~ new porn pics everyday.url<br/>[%PROGRAMS%]\FreeVideo\Uninstall.lnk<br/>[%SYSTEM%]\dmcal.exe<br/>[%SYSTEM%]\dmfap.exe<br/>[%SYSTEM%]\dmfsg.exe<br/>[%SYSTEM%]\dmrfp.exe<br/>[%SYSTEM%]\dmthp.exe<br/>[%SYSTEM%]\kddmx.exe<br/>[%SYSTEM%]\kdoxr.exe<br/>[%SYSTEM%]\mlwlr.exe<br/>[%SYSTEM%]\msmk.dll<br/>[%SYSTEM%]\nzbxn.exe<br/>[%SYSTEM%]\sysobjwertb.dll<br/>[%SYSTEM%]\wmstrbum.exe<br/>[%WINDOWS%]\cracrwinz.exe<br/>[%WINDOWS%]\msew\msew32.dll<br/>[%WINDOWS%]\msew\msiesh.dll<br/>[%WINDOWS%]\msew\mssearch.dll<br/>[%WINDOWS%]\tromomwin32.exe </CODE> <p><h2>How to detect Alureon:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%LOCAL_APPDATA%]\Temp\~nsu.tmp\Au_.exe<br/>[%SYSTEM%]\winnet.dll<br/>[%WINDOWS%]\image.dll<br/>[%DESKTOP%]\asd3.dll<br/>[%DESKTOP%]\playercodec1000.exe<br/>[%DESKTOP%]\tbar.exe<br/>[%FAVORITES%]\!!! exclusive youngest porn !!!.url<br/>[%FAVORITES%]\censored youngest porn.url<br/>[%FAVORITES%]\free hidden cams world.url<br/>[%FAVORITES%]\free spy cam.url<br/>[%FAVORITES%]\free web cams chats.url<br/>[%FAVORITES%]\free xxx pics & movies.url<br/>[%FAVORITES%]\fresh xxx pics & movie.url<br/>[%FAVORITES%]\get this 4 free.url<br/>[%FAVORITES%]\super xxx pics.url<br/>[%FAVORITES%]\young masha sucking huge dick until her lips teared open.url<br/>[%FAVORITES%]\~ fully categories porn database. enjoy!.url<br/>[%FAVORITES%]\~ new porn pics everyday.url<br/>[%PROGRAMS%]\FreeVideo\Uninstall.lnk<br/>[%SYSTEM%]\dmcal.exe<br/>[%SYSTEM%]\dmfap.exe<br/>[%SYSTEM%]\dmfsg.exe<br/>[%SYSTEM%]\dmrfp.exe<br/>[%SYSTEM%]\dmthp.exe<br/>[%SYSTEM%]\kddmx.exe<br/>[%SYSTEM%]\kdoxr.exe<br/>[%SYSTEM%]\mlwlr.exe<br/>[%SYSTEM%]\msmk.dll<br/>[%SYSTEM%]\nzbxn.exe<br/>[%SYSTEM%]\sysobjwertb.dll<br/>[%SYSTEM%]\wmstrbum.exe<br/>[%WINDOWS%]\cracrwinz.exe<br/>[%WINDOWS%]\msew\msew32.dll<br/>[%WINDOWS%]\msew\msiesh.dll<br/>[%WINDOWS%]\msew\mssearch.dll<br/>[%WINDOWS%]\tromomwin32.exe<br/>[%LOCAL_APPDATA%]\Temp\~nsu.tmp\Au_.exe<br/>[%SYSTEM%]\winnet.dll<br/>[%WINDOWS%]\image.dll<br/>[%DESKTOP%]\asd3.dll<br/>[%DESKTOP%]\playercodec1000.exe<br/>[%DESKTOP%]\tbar.exe<br/>[%FAVORITES%]\!!! exclusive youngest porn !!!.url<br/>[%FAVORITES%]\censored youngest porn.url<br/>[%FAVORITES%]\free hidden cams world.url<br/>[%FAVORITES%]\free spy cam.url<br/>[%FAVORITES%]\free web cams chats.url<br/>[%FAVORITES%]\free xxx pics & movies.url<br/>[%FAVORITES%]\fresh xxx pics & movie.url<br/>[%FAVORITES%]\get this 4 free.url<br/>[%FAVORITES%]\super xxx pics.url<br/>[%FAVORITES%]\young masha sucking huge dick until her lips teared open.url<br/>[%FAVORITES%]\~ fully categories porn database. enjoy!.url<br/>[%FAVORITES%]\~ new porn pics everyday.url<br/>[%PROGRAMS%]\FreeVideo\Uninstall.lnk<br/>[%SYSTEM%]\dmcal.exe<br/>[%SYSTEM%]\dmfap.exe<br/>[%SYSTEM%]\dmfsg.exe<br/>[%SYSTEM%]\dmrfp.exe<br/>[%SYSTEM%]\dmthp.exe<br/>[%SYSTEM%]\kddmx.exe<br/>[%SYSTEM%]\kdoxr.exe<br/>[%SYSTEM%]\mlwlr.exe<br/>[%SYSTEM%]\msmk.dll<br/>[%SYSTEM%]\nzbxn.exe<br/>[%SYSTEM%]\sysobjwertb.dll<br/>[%SYSTEM%]\wmstrbum.exe<br/>[%WINDOWS%]\cracrwinz.exe<br/>[%WINDOWS%]\msew\msew32.dll<br/>[%WINDOWS%]\msew\msiesh.dll<br/>[%WINDOWS%]\msew\mssearch.dll<br/>[%WINDOWS%]\tromomwin32.exe </CODE> </p> <p><strong>Folders:</strong> <CODE> <br/>[%PROGRAMS%]\HQvideo<br/>[%PROGRAMS%]\MovieBox<br/>[%PROGRAMS%]\PornoPlayer<br/>[%PROGRAMS%]\VideoBox<br/>[%PROGRAMS%]\VideoPlugin<br/>[%PROGRAMS%]\XXXAccess<br/>[%PROGRAMS%]\XXXPlugin<br/>[%PROGRAM_FILES%]\FreeVideo<br/>[%PROGRAM_FILES%]\HQvideo<br/>[%PROGRAM_FILES%]\MovieBox<br/>[%PROGRAM_FILES%]\PornoPlayer<br/>[%PROGRAM_FILES%]\VideoBox<br/>[%PROGRAM_FILES%]\VideoPlugin<br/>[%PROGRAM_FILES%]\XXXAccess<br/>[%PROGRAM_FILES%]\XXXPlugin<br/>[%PROGRAMS%]\SelectiveAdmission<br/>[%PROGRAM_FILES%]\SelectiveAdmission<br/>[%PROGRAM_FILES%]\WinMsg </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\freevideo<br/>HKEY_CLASSES_ROOT\HQvideo<br/>HKEY_CLASSES_ROOT\MovieBox<br/>HKEY_CLASSES_ROOT\pornoplayer<br/>HKEY_CLASSES_ROOT\VideoBox<br/>HKEY_CLASSES_ROOT\videoplugin<br/>HKEY_CLASSES_ROOT\xxxaccess<br/>HKEY_CLASSES_ROOT\xxxplugin<br/>HKEY_CURRENT_USER\software\freevideo<br/>HKEY_CURRENT_USER\Software\HQvideo<br/>HKEY_CURRENT_USER\Software\MovieBox<br/>HKEY_CURRENT_USER\software\pornoplayer<br/>HKEY_CURRENT_USER\Software\VideoBox<br/>HKEY_CURRENT_USER\software\videoplugin<br/>HKEY_CURRENT_USER\software\xxxaccess<br/>HKEY_CURRENT_USER\software\xxxplugin<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeVideo<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoBox<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\videoplugin<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\xxxplugin<br/>HKEY_CLASSES_ROOT\clsid\{85cbfde0-b26b-4ee5-bd3c-4de111de763e}<br/>HKEY_CLASSES_ROOT\hqvideo<br/>HKEY_CLASSES_ROOT\moviebox<br/>HKEY_CLASSES_ROOT\selectiveadmission<br/>HKEY_CLASSES_ROOT\videobox<br/>HKEY_CURRENT_USER\software\hqvideo<br/>HKEY_CURRENT_USER\software\microsoft\windows\currentversion\_r<br/>HKEY_CURRENT_USER\software\moviebox<br/>HKEY_CURRENT_USER\software\selectiveadmission<br/>HKEY_CURRENT_USER\software\videobox<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversino\uninstall\moviebox<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversino\uninstall\pornoplayer<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{85cbfde0-b26b-4ee5-bd3c-4de111de763e}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\freevideo<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\selectiveadmission<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\videobox<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\xxxaccess<br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\services\windows management service </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks<br/>HKEY_CURRENT_USER\software\microsoft\windows\currentversion<br/>HKEY_CURRENT_USER\software\microsoft\windows\currentversion<br/>HKEY_CURRENT_USER\software\microsoft\windows\currentversion<br/>HKEY_CURRENT_USER\software\microsoft\windows\currentversion<br/>HKEY_CURRENT_USER\software\microsoft\windows\currentversion<br/>HKEY_CURRENT_USER\software\microsoft\windows\currentversion<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\searchbar<br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9c830788-3ef6-4c70-8fce-1e890dc53533}, dhcpnameserver=85.255.115.42<br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9c830788-3ef6-4c70-8fce-1e890dc53533}, dhcpnameserver=85.255.115.82<br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9c830788-3ef6-4c70-8fce-1e890dc53533}, nameserver=85.255.115.82 </CODE> </p> <p> <h2>Removing Alureon:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-05.blogspot.com/2009/01/spytector-spyware.html">Spytector Spyware Removal instruction</a><br/><a href="http://trojan-list-77.blogspot.com/2009/01/jeem-trojan.html">Jeem Trojan Removal</a><br/><a href="http://keylogger-listing-protection.blogspot.com/2009/01/win32sdbotbackdoorservervari-worm.html">Win32.SDBot!Backdoor!Server.Vari Worm Symptoms</a><br/><a href="http://trojan-list-52.blogspot.com/2009/01/zapchastbl-trojan.html">Remove Zapchast.bl Trojan</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-6573207292074294840?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-16243426019833374022009-02-03T23:39:00.001-08:002009-02-03T23:39:35.128-08:00Removing Starware.Recipe <br/><strong>Categories:</strong> Hijacker<br/><em><strong>Hijackers are software programs that modify users' default browser home page</strong>, <br />search settings, error page settings, or desktop wallpaper without adequate notice, disclosure, <br />or user consent.<br/> <br />When the default home page is hijacked, the browser opens to the web page set by the hijacker <br />instead of the user's designated home page. In some cases, the hijacker may block users from <br />restoring their desired home page.<br/> <br />A <strong>search hijacker</strong> redirects search results to other pages and may <br />transmit search and browsing data to unknown servers. An error page hijacker directs <br />the browser to another page, usually an advertising page, instead of the usual error <br />page when the requested URL is not found.<br/> <br />A <strong>desktop hijacker</strong> replaces the desktop wallpaper with advertising <br />for products and services on the desktop.<br/> <br />Hijackers take control of various parts of your web browser, including your home page, <br />search pages, and search bar. They may also redirect you to certain sites should you <br />mistype an address or prevent you from going to a website they would rather you not, <br />such as sites that combat malware. Some will even redirect you to their own search engine <br />when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.<br/></em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%PROGRAM_FILES%]\Starware316\bin\Starware316.dll<br/>[%PROGRAM_FILES%]\Starware316\bin\Starware316.dll </CODE> <p><h2>How to detect Starware.Recipe:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%PROGRAM_FILES%]\Starware316\bin\Starware316.dll<br/>[%PROGRAM_FILES%]\Starware316\bin\Starware316.dll </CODE> </p> <p><strong>Folders:</strong> <CODE> <br/>[%APPDATA%]\Starware337<br/>[%PROGRAM_FILES%]\Starware337 </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\CLSID\{1962c5bc-e475-465b-823b-133e711bceb9}<br/>HKEY_CLASSES_ROOT\CLSID\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e}<br/>HKEY_CLASSES_ROOT\clsid\{ab3dfa03-f743-4302-81dd-c370bffeca23}<br/>HKEY_CLASSES_ROOT\clsid\{e550dc77-ef3b-474f-b59c-b3e2aa1fa6a5}<br/>HKEY_CURRENT_USER\software\starware337<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e}<br/>HKEY_CLASSES_ROOT\clsid\{1962c5bc-e475-465b-823b-133e711bceb9}<br/>HKEY_CLASSES_ROOT\clsid\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce<br/>HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar </CODE> </p> <p> <h2>Removing Starware.Recipe:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-19.blogspot.com/2009/01/vxskey-trojan.html">VxsKey Trojan Removal instruction</a><br/><a href="http://trojan-list-30.blogspot.com/2009/01/bancosiem-trojan.html">Bancos.IEM Trojan Cleaner</a><br/><a href="http://trojan-list-58.blogspot.com/2009/01/pigeonavjq-trojan.html">Pigeon.AVJQ Trojan Removal instruction</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-1624342601983337402?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-59816119512429162012009-02-03T23:00:00.001-08:002009-02-03T23:00:23.670-08:00Removing Kraimer <br/><strong>Categories:</strong> Trojan,Spyware,Backdoor,RAT<br/><em>This loose category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/> <br />Multi-purpose Trojans are also included in this group, as some virus writers <br />create multi-functional Trojans rather than Trojan packs.<br/>Spyware is computer software that is installed surreptitiously on a personal computer <br />to <strong>intercept or take partial control</strong> over the user's interaction <br />with the computer, without the user's informed consent.<br/> <br />While the term spyware suggests software that secretly monitors the user's behavior, <br />the functions of spyware extend well beyond simple monitoring.<br/> <br />Spyware programs can collect various types of personal information, <br />such as Internet surfing habit, sites that have been visited, <br />but can also interfere with user control of the computer in other ways, <br />such as installing additional software, redirecting Web browser activity, <br />accessing websites blindly that will cause more harmful viruses, <br />or diverting advertising revenue to a third party.<br/> <br />Spyware can even change computer settings, resulting in slow connection speeds, <br />different home pages, and loss of Internet or other programs. <br />In an attempt to increase the understanding of spyware, a more formal classification <br />of its included software types is captured under the term privacy-invasive software. <br/>Backdoors are the most dangerous type of Trojans and the most popular. <br />Backdoors open infected machines to external control via Internet. <br />Often the backdoor will not be visible in the log of active programs.<br/>Many trojans and backdoors now have <strong>remote administration capabilities</strong> <br />allowing an individual to control the victim's computer. <br />Many times a file called the server must be opened on the victim's computer before <br />the trojan can have access to it.<br/> <br />These are generally sent through email, P2P file sharing software, <br />and in internet downloads. They are usually disguised as a legitimate program or file. <br />Many server files will display a fake error message when opened, to make it seem like it didn't open. <br />Some will also kill antivirus and firewall software.<br/> <br />Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on <br />April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack. <br />They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray, <br />and swap mouse buttons. However, they can be quite hard to remove.<br/></em><hr/><string>Kraimer Also known as:</strong><br/><code><br/>[Kaspersky]Backdoor.Kraimer.11,Trojan.Spy.Kraimer.12,TrojanSpy.Win32.Kraimer.12,Sniffer.Win32.IPGrabber,Backdoor.Kraimer.13;<br/>[Eset]Win32/Kraimer.13 trojan;<br/>[McAfee]W32/Kraimer.worm,Kraimer;<br/>[F-Prot]security risk or a "backdoor" program;<br/>[Panda]Bck/Kraimer.11,Trojan Horse,Backdoor Program;<br/>[Computer Associates]Backdoor/Kraimer.11,Win32.Kraimer.11,Backdoor/Kraimer.12,Win32.Kraimer.12,Win32.KraimGrab,Win32/Ipgrab2!Worm,Backdoor/KrAIMer.13,Win32.Kraimer.13</code><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%STARTUP%]\aolstart.exe<br/>[%STARTUP%]\aolstart.exe </CODE> <p><h2>How to detect Kraimer:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%STARTUP%]\aolstart.exe<br/>[%STARTUP%]\aolstart.exe </CODE> </p> <p> <h2>Removing Kraimer:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-61.blogspot.com/2009/02/infantile-backdoor.html">Infantile Backdoor Symptoms</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-5981611951242916201?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-86802143754674564802009-02-03T22:31:00.001-08:002009-02-03T22:31:38.911-08:00Removing KnightSeven <br/><strong>Categories:</strong> Backdoor,RAT<br/><em><strong>Backdoors are the most dangerous type of Trojans</strong> and the most popular. <br /><strong>Backdoors open infected machines</strong> to external control via Internet. <br />They function in the same way as legal remote administration programs used by system administrators. <br />This makes them difficult to detect.<br/> <br /><strong>Backdoors</strong> are installed and launched without the consent of the user of computer. <br />Often the backdoor will not be visible in the log of active programs.<br/> <br />Once a backdoor has been successfully launched, the computer is wide open. <br />Backdoor functions can include:<br/> <br /> <ul> <br /> <li> Launching/ deleting files</li> <br /> <li> Sending/ receiving files</li> <br /> <li> Deleting data</li> <br /> <li> Displaying notification</li> <br /> <li> Rebooting the machine</li> <br /> <li> Executing files</li> <br /> </ul> <br /><br/> <br /><strong>Backdoors are used by virus writers to detect and download confidential information</strong>, <br />execute malicious code, destroy data, include the machine in bot networks and so forth. <br />Backdoors combine the functionality of most other types of in one package.<br/> <br />Backdoors have one especially dangerous sub-class: variants that can propagate like worms. <br/>Many trojans and backdoors now have <strong>remote administration capabilities</strong> <br />allowing an individual to control the victim's computer. <br />Many times a file called the server must be opened on the victim's computer before <br />the trojan can have access to it.<br/> <br />These are generally sent through email, P2P file sharing software, <br />and in internet downloads. They are usually disguised as a legitimate program or file. <br />Many server files will display a fake error message when opened, to make it seem like it didn't open. <br />Some will also kill antivirus and firewall software.<br/> <br />Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on <br />April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack. <br />They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray, <br />and swap mouse buttons. However, they can be quite hard to remove.<br/></em><hr/><string>KnightSeven Also known as:</strong><br/><code><br/>[Kaspersky]Backdoor.Knightseven.10;<br/>[Panda]Backdoor Program;<br/>[Computer Associates]Backdoor/Knightseven.1_0</code><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%WINDOWS%]\sndctl32.cfg<br/>[%WINDOWS%]\sndctl32.exe<br/>[%WINDOWS%]\sndctl32.cfg<br/>[%WINDOWS%]\sndctl32.exe </CODE> <p><h2>How to detect KnightSeven:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%WINDOWS%]\sndctl32.cfg<br/>[%WINDOWS%]\sndctl32.exe<br/>[%WINDOWS%]\sndctl32.cfg<br/>[%WINDOWS%]\sndctl32.exe </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run </CODE> </p> <p> <h2>Removing KnightSeven:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-28.blogspot.com/2009/02/cpasecom-tracking-cookie.html">cpase.com Tracking Cookie Information</a><br/><a href="http://virusinfo-4229.blogspot.com/2009/02/destruction-dos.html">Destruction DoS Symptoms</a><br/><a href="http://malwarepedia-protect-listing.blogspot.com/2009/01/whitehousecn-dos.html">WhitehouseCn DoS Information</a><br/><a href="http://trojan-list-35.blogspot.com/2009/02/00d-adware.html">00d Adware Information</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-8680214375467456480?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-90202293921256074902009-02-03T21:47:00.001-08:002009-02-03T21:47:56.752-08:00Removing ActualNames.SearchPike <br/><strong>Categories:</strong> BHO,Hijacker<br/><em>As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and <br />sent back to the attacker. <br />Typically, keyloggers of this type will send the stolen information back to the attacker via email <br />or HTTP POST, which can appear suspicious.Hijackers are software programs that modify users' default browser home page, <br />search settings, error page settings, or desktop wallpaper without adequate notice, disclosure, <br />or user consent.<br/></em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%SYSTEM%]\spredirect.dll<br/>[%WINDOWS%]\system\spredirect.dll<br/>[%SYSTEM%]\spredirect.dll<br/>[%WINDOWS%]\system\spredirect.dll </CODE> <p><h2>How to detect ActualNames.SearchPike:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%SYSTEM%]\spredirect.dll<br/>[%WINDOWS%]\system\spredirect.dll<br/>[%SYSTEM%]\spredirect.dll<br/>[%WINDOWS%]\system\spredirect.dll </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\clsid\{92c7d65c-52f3-4545-8a35-213d730db1ed}<br/>HKEY_LOCAL_MACHINE\software\classes\clsid\{92c7d65c-52f3-4545-8a35-213d730db1ed}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{92c7d65c-52f3-4545-8a35-213d730db1ed} </CODE> </p> <p> <h2>Removing ActualNames.SearchPike:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://details-list-pc.blogspot.com/2009/01/elotus-trojan.html">Elotus Trojan Removal instruction</a><br/><a href="http://virusinfo-3747.blogspot.com/2009/01/bancoshnb-trojan.html">Removing Bancos.HNB Trojan</a><br/><a href="http://virusinfo-0715.blogspot.com/2009/02/trojandownloaderwin32skoob-downloader.html">Remove TrojanDownloader.Win32.Skoob Downloader</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-9020229392125607490?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-77500405463099016492009-02-03T21:43:00.001-08:002009-02-03T21:43:30.666-08:00Removing Win32.TrojanDownloader.Dyfica <br/><strong>Categories:</strong> Trojan,Downloader<br/><em>This loose category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/> <br />Multi-purpose Trojans are also included in this group, as some virus writers <br />create multi-functional Trojans rather than Trojan packs.<br/>This family of Trojans <strong>downloads and installs new malware or adware on the computer</strong>. <br />The downloader then either launches the new malware or registers it to enable autorun <br />according to the local operating system requirements.<br/> <br />The names and locations of malware to be downloaded are either coded into the <br />Trojan or downloaded from a specified website.<br/></em><hr/><string>Win32.TrojanDownloader.Dyfica Also known as:</strong><br/><code><br/>[Kaspersky]TrojanDownloader.Win32.Dyfuca.da;<br/>[Panda]Spyware/Dyfuca</code><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%PROFILE_TEMP%]\optimize.exe<br/>[%PROFILE_TEMP%]\optimize.exe </CODE> <p><h2>How to detect Win32.TrojanDownloader.Dyfica:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%PROFILE_TEMP%]\optimize.exe<br/>[%PROFILE_TEMP%]\optimize.exe </CODE> </p> <p> <h2>Removing Win32.TrojanDownloader.Dyfica:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-05.blogspot.com/2009/01/jt-adware.html">JT Adware Removal</a><br/><a href="http://trojan-list-24.blogspot.com/2009/01/pigeonavp-trojan.html">Removing Pigeon.AVP Trojan</a><br/><a href="http://trojan-list-78.blogspot.com/2009/02/vxidlakg-trojan.html">Vxidl.AKG Trojan Symptoms</a><br/><a href="http://trojan-list-23.blogspot.com/2009/01/bancosgom-trojan.html">Bancos.GOM Trojan Cleaner</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-7750040546309901649?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-4213148170141948762009-02-03T21:40:00.001-08:002009-02-03T21:40:13.745-08:00Removing Sectemp <br/><strong>Categories:</strong> Adware<br/><em>Adware are programs that facilitate delivery for <strong>advertising content</strong> <br />to the user and in some cases gather information from the user's computer, <br />including information related to Internet browser usage or other computer habits<br/> </em> <p><h2>How to detect Sectemp:</h2></p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\sectemp<br/>HKEY_LOCAL_MACHINE\software\sectemp<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run<br/>HKEY_LOCAL_MACHINE\software\sectemp<br/>HKEY_LOCAL_MACHINE\software\sectemp<br/>HKEY_LOCAL_MACHINE\software\sectemp<br/>HKEY_LOCAL_MACHINE\software\sectemp<br/>HKEY_LOCAL_MACHINE\software\sectemp<br/>HKEY_LOCAL_MACHINE\software\sectemp </CODE> </p> <p> <h2>Removing Sectemp:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-33.blogspot.com/2009/01/smalljf-trojan.html">Small.jf Trojan Cleaner</a><br/><a href="http://remove-listing-pc.blogspot.com/2009/01/cwsxxxvideo-hijacker.html">Remove CWS.XXXVideo Hijacker</a><br/><a href="http://trojan-list-88.blogspot.com/2009/01/bancosgnc-trojan.html">Bancos.GNC Trojan Removal instruction</a><br/><a href="http://trojan-list-68.blogspot.com/2009/01/bancoshjm-trojan.html">Bancos.HJM Trojan Symptoms</a><br/><a href="http://description-info-remove.blogspot.com/2009/02/backdooraqi-trojan.html">Removing Backdoor.AQI Trojan</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-421314817014194876?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-43374399288813718272009-02-03T20:31:00.001-08:002009-02-03T20:31:35.652-08:00Removing Checkin <br/><strong>Categories:</strong> Adware,Downloader<br/><em>Adware are programs that facilitate delivery for <strong>advertising content</strong> <br />to the user and in some cases gather information from the user's computer, <br />including information related to Internet browser usage or other computer habits<br/> This family of Trojans <strong>downloads and installs new malware or adware on the computer</strong>. <br />The downloader then either launches the new malware or registers it to enable autorun <br />according to the local operating system requirements.<br/> <br />The names and locations of malware to be downloaded are either coded into the <br />Trojan or downloaded from a specified website.<br/></em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%SYSTEM%]\owmngr.exe<br/>[%SYSTEM%]\ttps.exe<br/>[%WINDOWS%]\system\owmngr.exe<br/>[%WINDOWS%]\system\ttps.exe<br/>[%SYSTEM%]\owmngr.exe<br/>[%SYSTEM%]\ttps.exe<br/>[%WINDOWS%]\system\owmngr.exe<br/>[%WINDOWS%]\system\ttps.exe </CODE> <p><h2>How to detect Checkin:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%SYSTEM%]\owmngr.exe<br/>[%SYSTEM%]\ttps.exe<br/>[%WINDOWS%]\system\owmngr.exe<br/>[%WINDOWS%]\system\ttps.exe<br/>[%SYSTEM%]\owmngr.exe<br/>[%SYSTEM%]\ttps.exe<br/>[%WINDOWS%]\system\owmngr.exe<br/>[%WINDOWS%]\system\ttps.exe </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run<br/>HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce </CODE> </p> <p> <h2>Removing Checkin:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-26.blogspot.com/2009/01/trojandownloaderwin32swizzoran-bho.html">TrojanDownloader.Win32.Swizzor.an BHO Symptoms</a><br/><a href="http://viruslist-c.blogspot.com/2009/01/faketelnet-trojan_26.html">Fake.Telnet Trojan Removal instruction</a><br/><a href="http://computer-protect-virus.blogspot.com/2009/02/swfwob-trojan.html">Removing Swfwob Trojan</a><br/><a href="http://trojan-list-14.blogspot.com/2009/01/crazywin-adware.html">Removing CrazyWin Adware</a><br/><a href="http://virusinfo-0913.blogspot.com/2009/01/kewrih-trojan.html">Removing Kewrih Trojan</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-4337439928881371827?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-68017773321445141582009-02-03T19:07:00.001-08:002009-02-03T19:07:22.295-08:00Removing Delf.az <br/><strong>Categories:</strong> Trojan,Downloader<br/><em>This loose category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/> <br />Multi-purpose Trojans are also included in this group, as some virus writers <br />create multi-functional Trojans rather than Trojan packs.<br/>This family of Trojans <strong>downloads and installs new malware or adware on the computer</strong>. <br />The downloader then either launches the new malware or registers it to enable autorun <br />according to the local operating system requirements.<br/> <br />The names and locations of malware to be downloaded are either coded into the <br />Trojan or downloaded from a specified website.<br/></em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%SYSTEM%]\comnt32.dll<br/>[%SYSTEM%]\inetconnect.dll<br/>[%SYSTEM%]\comnt32.dll<br/>[%SYSTEM%]\inetconnect.dll </CODE> <p><h2>How to detect Delf.az:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%SYSTEM%]\comnt32.dll<br/>[%SYSTEM%]\inetconnect.dll<br/>[%SYSTEM%]\comnt32.dll<br/>[%SYSTEM%]\inetconnect.dll </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\clsid\{1bb87441-6b7f-4b60-885c-b7af9f9afde3}<br/>HKEY_CLASSES_ROOT\clsid\{fd3a6ab4-5527-4b52-90af-f90cd3270861}<br/>HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0cdaaec2-e245-44cc-8357-cab70172d017}<br/>HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{77566c2a-2987-44bc-ac81-a02d19ee271b}<br/>HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8e668361-c801-41b7-bf89-2fc2c8de9167}<br/>HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{c0dadd7e-d3f1-430d-b735-39dc6033592c}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1bb87441-6b7f-4b60-885c-b7af9f9afde3} </CODE> </p> <p> <h2>Removing Delf.az:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://viruslist-d.blogspot.com/2009/01/inserviceja-downloader.html">INService.ja Downloader Information</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-6801777332144514158?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-76754465798094875972009-02-03T19:00:00.001-08:002009-02-03T19:00:42.993-08:00Removing Zlob.Fam.Security Messenger <br/><strong>Categories:</strong> Trojan,Popups<br/><em>This category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/>Adware is the class of programs that <strong>place advertisements on your screen</strong>. <br />These may be in the form of pop-ups, pop-unders, advertisements embedded in programs, <br />advertisements placed on top of ads in web sites, or any other way the authors can <br />think of showing you an ad.<br/> <br />The pop-ups generally will not be stopped by pop-up stoppers, and often are <br />not dependent on your having Internet Explorer open. <br />They may show up when you are playing a game, writing a document, listening to music, <br />or anything else. Should you be surfing, the advertisements will often be related to <br />the web page you are viewing. <br/></em> <p><h2>How to detect Zlob.Fam.Security Messenger:</h2></p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Security Messenger </CODE> </p> <p> <h2>Removing Zlob.Fam.Security Messenger:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-47.blogspot.com/2009/01/priosted-trojan.html">Remove Priosted Trojan</a><br/><a href="http://trojan-list-74.blogspot.com/2009/01/doubleheart-trojan.html">Doubleheart Trojan Cleaner</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-7675446579809487597?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-14566431982638406712009-02-03T15:27:00.001-08:002009-02-03T15:27:46.766-08:00Removing MSBot <br/><strong>Categories:</strong> Backdoor<br/><em>Backdoors are used by virus writers to detect and download confidential information, <br />execute malicious code, destroy data, include the machine in bot networks and so forth. <br /><br/></em><hr/><string>MSBot Also known as:</strong><br/><code><br/>[Kaspersky]Backdoor.MSBot.b;<br/>[McAfee]BackDoor-DT;<br/>[F-Prot]security risk or a "backdoor" program;<br/>[Panda]Bck/MSbot.B</code><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%WINDOWS%]\system\msstat32.exe<br/>[%WINDOWS%]\system\msstat32.exe </CODE> <p><h2>How to detect MSBot:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%WINDOWS%]\system\msstat32.exe<br/>[%WINDOWS%]\system\msstat32.exe </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run </CODE> </p> <p> <h2>Removing MSBot:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://virusinfo-4345.blogspot.com/2009/02/win32pwsallight-backdoor.html">Win32.PWS.AlLight Backdoor Information</a><br/><a href="http://virusinfo-4834.blogspot.com/2009/02/pigeonegc-trojan.html">Pigeon.EGC Trojan Cleaner</a><br/><a href="http://virusinfo-0333.blogspot.com/2009/02/searchingbooth-tracking-cookie.html">Removing SearchingBooth Tracking Cookie</a><br/><a href="http://details-pc-keylogger.blogspot.com/2009/01/sillydlcra-downloader.html">SillyDl.CRA Downloader Information</a><br/><a href="http://trojan-list-24.blogspot.com/2009/01/ipromnet-tracking-cookie.html">iprom.net Tracking Cookie Removal</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-1456643198263840671?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-57047210909120324782009-02-03T15:23:00.001-08:002009-02-03T15:23:29.299-08:00Removing Win32.TrojanClicker.Delf <br/><strong>Categories:</strong> Trojan,Adware<br/><em>This category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/>Adware are programs that facilitate delivery for <strong>advertising content</strong> <br />to the user and in some cases gather information from the user's computer, <br />including information related to Internet browser usage or other computer habits<br/> </em><hr/><string>Win32.TrojanClicker.Delf Also known as:</strong><br/><code><br/>[Eset]Win32/TrojanClicker.Delf.R trojan;<br/>[Panda]Adware/WinTools</code><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%PROFILE_TEMP%]\temp.fr????<br/>[%WINDOWS%]\2_0_1browserhelper2.dll<br/>[%WINDOWS%]\2_0_1browserhelper2.dll_tobedeleted<br/>[%PROFILE_TEMP%]\temp.fr????<br/>[%WINDOWS%]\2_0_1browserhelper2.dll<br/>[%WINDOWS%]\2_0_1browserhelper2.dll_tobedeleted </CODE> <p><h2>How to detect Win32.TrojanClicker.Delf:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%PROFILE_TEMP%]\temp.fr????<br/>[%WINDOWS%]\2_0_1browserhelper2.dll<br/>[%WINDOWS%]\2_0_1browserhelper2.dll_tobedeleted<br/>[%PROFILE_TEMP%]\temp.fr????<br/>[%WINDOWS%]\2_0_1browserhelper2.dll<br/>[%WINDOWS%]\2_0_1browserhelper2.dll_tobedeleted </CODE> </p> <p> <h2>Removing Win32.TrojanClicker.Delf:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://virusinfo-1609.blogspot.com/2009/02/bancosguu-trojan.html">Bancos.GUU Trojan Information</a><br/><a href="http://infections-information-protect.blogspot.com/2009/01/bridgew-backdoor.html">BridgeW Backdoor Cleaner</a><br/><a href="http://details-pc-keylogger.blogspot.com/2009/01/batattrib-trojan.html">Remove Bat.Attrib Trojan</a><br/><a href="http://trojan-list-28.blogspot.com/2009/01/pigeonavqp-trojan.html">Removing Pigeon.AVQP Trojan</a><br/><a href="http://trojan-list-73.blogspot.com/2009/02/msksoftstudy-corp-trojan.html">MskSoftStudy Corp. Trojan Removal</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-5704721090912032478?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-656694434394353112009-02-03T13:31:00.001-08:002009-02-03T13:31:31.570-08:00Removing abxtoolbar <br/><strong>Categories:</strong> BHO<br/><em>As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and <br />sent back to the attacker. <br />Typically, keyloggers of this type will send the stolen information back to the attacker via email <br />or HTTP POST, which can appear suspicious.</em> <p><h2>How to detect abxtoolbar:</h2></p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\clsid\{00ceaf8f-bf59-429b-a1d9-91c88ccfe94b}<br/>HKEY_CLASSES_ROOT\clsid\{544f12d3-0b83-4ddb-b73a-53e1b4bba4af}<br/>HKEY_CLASSES_ROOT\interface\{17bbff9a-5d7b-4a5b-8265-15b4b86be90f}<br/>HKEY_CLASSES_ROOT\interface\{1e5c9fae-43b0-47c3-ba51-ba5a08e44322}<br/>HKEY_CLASSES_ROOT\toolband.xbtb01186<br/>HKEY_CLASSES_ROOT\toolband.xbtb01186.1<br/>HKEY_CLASSES_ROOT\typelib\{483d2273-2c22-4053-94ca-6a99b2778bf2}<br/>HKEY_CLASSES_ROOT\xbtb01186.ietoolbar<br/>HKEY_CLASSES_ROOT\xbtb01186.ietoolbar.1<br/>HKEY_CLASSES_ROOT\xbtb01186.xbtb01186<br/>HKEY_CLASSES_ROOT\xbtb01186.xbtb01186.1<br/>HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser\{544f12d3-0b83-4ddb-b73a-53e1b4bba4af}<br/>HKEY_CURRENT_USER\software\xbtb01186<br/>HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{544f12d3-0b83-4ddb-b73a-53e1b4bba4af}<br/>HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{544f12d3-0b83-4ddb-b73a-53e1b4bba4af}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00ceaf8f-bf59-429b-a1d9-91c88ccfe94b}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\xbtb01186.xbtb01186toolbar </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\search </CODE> </p> <p> <h2>Removing abxtoolbar:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-55.blogspot.com/2009/01/pigeonauzy-trojan.html">Remove Pigeon.AUZY Trojan</a><br/><a href="http://virusinfo-0935.blogspot.com/2009/01/loofeer-trojan.html">Removing Loofeer Trojan</a><br/><a href="http://trojan-list-89.blogspot.com/2009/01/tpebosnia-trojan.html">Removing TPE.Bosnia Trojan</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-65669443439435311?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-43883841242003359072009-02-03T12:55:00.001-08:002009-02-03T12:55:27.962-08:00Removing abxtoolbar <br/><strong>Categories:</strong> BHO<br/><em><strong>BHO (Browser Helper Object) Trojan</strong>. <br />The BHO waits for the user to post personal information to a monitored website. <br />As this information is entered by the user, it is captured by the BHO and sent back to the attacker. <br />The method of network transport used by the attacker makes this Trojan unique. <br />Typically, keyloggers of this type will send the stolen information back to the attacker via email <br />or HTTP POST, which can appear suspicious. <br />Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into <br />the data section of an ICMP ping packet." explained the company.<br/></em> <p><h2>How to detect abxtoolbar:</h2></p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\clsid\{00ceaf8f-bf59-429b-a1d9-91c88ccfe94b}<br/>HKEY_CLASSES_ROOT\clsid\{544f12d3-0b83-4ddb-b73a-53e1b4bba4af}<br/>HKEY_CLASSES_ROOT\interface\{17bbff9a-5d7b-4a5b-8265-15b4b86be90f}<br/>HKEY_CLASSES_ROOT\interface\{1e5c9fae-43b0-47c3-ba51-ba5a08e44322}<br/>HKEY_CLASSES_ROOT\toolband.xbtb01186<br/>HKEY_CLASSES_ROOT\toolband.xbtb01186.1<br/>HKEY_CLASSES_ROOT\typelib\{483d2273-2c22-4053-94ca-6a99b2778bf2}<br/>HKEY_CLASSES_ROOT\xbtb01186.ietoolbar<br/>HKEY_CLASSES_ROOT\xbtb01186.ietoolbar.1<br/>HKEY_CLASSES_ROOT\xbtb01186.xbtb01186<br/>HKEY_CLASSES_ROOT\xbtb01186.xbtb01186.1<br/>HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser\{544f12d3-0b83-4ddb-b73a-53e1b4bba4af}<br/>HKEY_CURRENT_USER\software\xbtb01186<br/>HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{544f12d3-0b83-4ddb-b73a-53e1b4bba4af}<br/>HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{544f12d3-0b83-4ddb-b73a-53e1b4bba4af}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00ceaf8f-bf59-429b-a1d9-91c88ccfe94b}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\xbtb01186.xbtb01186toolbar </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\search </CODE> </p> <p> <h2>Removing abxtoolbar:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-70.blogspot.com/2009/01/vxidlait-trojan.html">Vxidl.AIT Trojan Cleaner</a><br/><a href="http://trojan-list-55.blogspot.com/2009/01/tribefloodnetwork-dos.html">Remove Tribe.Flood.Network DoS</a><br/><a href="http://trojan-list-51.blogspot.com/2009/01/drzip-trojan.html">Drzip Trojan Information</a><br/><a href="http://details-pc-keylogger.blogspot.com/2009/01/bancosfyw-trojan.html">Remove Bancos.FYW Trojan</a><br/><a href="http://trojan-list-26.blogspot.com/2009/01/pigeonejm-trojan.html">Pigeon.EJM Trojan Cleaner</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-4388384124200335907?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-6140375903796364812009-02-03T12:51:00.001-08:002009-02-03T12:51:28.853-08:00Removing DetectSatan <br/><strong>Categories:</strong> Ransomware<br/><em>A <strong>cryptovirus, cryptotrojan or cryptoworm</strong> is a type of <br />malware that encrypts the data belonging to an individual on a computer, <br />demanding a ransom for its restoration.<br/> <br />The term ransomware is commonly used to describe software that encrypts the data <br />belonging to an individual on a computer, demanding a ransom for its restoration. <br />Although the field known as cryptovirology predates the term "ransomware".<br/></em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%DESKTOP%]\DetectSatan 2.0.lnk<br/>[%DESKTOP%]\UnusualSoftware.com.lnk<br/>[%DESKTOP%]\DetectSatan 2.0.lnk<br/>[%DESKTOP%]\UnusualSoftware.com.lnk </CODE> <p><h2>How to detect DetectSatan:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%DESKTOP%]\DetectSatan 2.0.lnk<br/>[%DESKTOP%]\UnusualSoftware.com.lnk<br/>[%DESKTOP%]\DetectSatan 2.0.lnk<br/>[%DESKTOP%]\UnusualSoftware.com.lnk </CODE> </p> <p><strong>Folders:</strong> <CODE> <br/>[%PROGRAMS%]\DetectSatan 2.0<br/>[%PROGRAM_FILES%]\Unusual Software </CODE> </p> <p> <h2>Removing DetectSatan:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-28.blogspot.com/2009/01/vclcmp-trojan.html">VCL.cmp Trojan Removal instruction</a><br/><a href="http://protection-protect-details.blogspot.com/2009/01/win32telhack-dos.html">Removing Win32.TelHack DoS</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-614037590379636481?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-42155172680040803932009-02-03T12:31:00.001-08:002009-02-03T12:31:26.106-08:00Removing CommonName.Zenet <br/><strong>Categories:</strong> Hijacker<br/><em><strong>Hijackers are software programs that modify users' default browser home page</strong>, <br />search settings, error page settings, or desktop wallpaper without adequate notice, disclosure, <br />or user consent.<br/> <br />When the default home page is hijacked, the browser opens to the web page set by the hijacker <br />instead of the user's designated home page. In some cases, the hijacker may block users from <br />restoring their desired home page.<br/> <br />A <strong>search hijacker</strong> redirects search results to other pages and may <br />transmit search and browsing data to unknown servers. An error page hijacker directs <br />the browser to another page, usually an advertising page, instead of the usual error <br />page when the requested URL is not found.<br/> <br />A <strong>desktop hijacker</strong> replaces the desktop wallpaper with advertising <br />for products and services on the desktop.<br/> <br />Hijackers take control of various parts of your web browser, including your home page, <br />search pages, and search bar. They may also redirect you to certain sites should you <br />mistype an address or prevent you from going to a website they would rather you not, <br />such as sites that combat malware. Some will even redirect you to their own search engine <br />when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.<br/></em> <p><h2>How to detect CommonName.Zenet:</h2></p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run </CODE> </p> <p> <h2>Removing CommonName.Zenet:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://description-info-remove.blogspot.com/2009/01/fdosudpstorm-dos.html">Remove FDoS.Udp.Storm DoS</a><br/><a href="http://trojan-list-67.blogspot.com/2009/01/systemprocess-adware.html">SystemProcess Adware Symptoms</a><br/><a href="http://trojan-list-71.blogspot.com/2009/02/bancosijo-trojan.html">Bancos.IJO Trojan Cleaner</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-4215517268004080393?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-79582277991214925092009-02-03T12:15:00.001-08:002009-02-03T12:15:24.155-08:00Removing Remote.Control <br/><strong>Categories:</strong> Backdoor,RAT<br/><em>Backdoors combine the functionality of most other types of in one package. <br />Backdoors have one especially dangerous sub-class: variants that can propagate like worms. <br /><br/>Many trojans and backdoors now have <strong>remote administration capabilities</strong> <br />allowing an individual to control the victim's computer. <br />Many times a file called the server must be opened on the victim's computer before <br />the trojan can have access to it.<br/> <br />These are generally sent through email, P2P file sharing software, <br />and in internet downloads. They are usually disguised as a legitimate program or file. <br />Many server files will display a fake error message when opened, to make it seem like it didn't open. <br />Some will also kill antivirus and firewall software.<br/> <br />Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on <br />April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack. <br />They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray, <br />and swap mouse buttons. However, they can be quite hard to remove.<br/></em><hr/><string>Remote.Control Also known as:</strong><br/><code><br/>[Kaspersky]Backdoor.RC,Backdoor.Remotrol.11,Backdoor.Remotcon.10,Backdoor.VB.ey;<br/>[McAfee]BackDoor-FU,BackDoor-APD,BackDoor-AQY.gen;<br/>[F-Prot]security risk or a "backdoor" program;<br/>[Panda]Bck/Rc,Bck/RC.1.0,Bck/Remotrol.B,Backdoor Program,Backdoor Program.LC;<br/>[Computer Associates]Backdoor/RC!Server,Backdoor/Remotrol.1_1,Backdoor/VB.ey,Backdoor/VB.HU</code><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%PROGRAM_FILES%]\Shareaza\Plugins\MediaPlayer.dll<br/>[%PROGRAM_FILES%]\Shareaza\Plugins\RazaWebHook.dll<br/>[%PROGRAM_FILES%]\Shareaza\Plugins\MediaPlayer.dll<br/>[%PROGRAM_FILES%]\Shareaza\Plugins\RazaWebHook.dll </CODE> <p><h2>How to detect Remote.Control:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%PROGRAM_FILES%]\Shareaza\Plugins\MediaPlayer.dll<br/>[%PROGRAM_FILES%]\Shareaza\Plugins\RazaWebHook.dll<br/>[%PROGRAM_FILES%]\Shareaza\Plugins\MediaPlayer.dll<br/>[%PROGRAM_FILES%]\Shareaza\Plugins\RazaWebHook.dll </CODE> </p> <p> <h2>Removing Remote.Control:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://virusinfo-0611.blogspot.com/2009/01/istbarep-downloader.html">Remove IstBar.ep Downloader</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-7958227799121492509?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-39987821816562469542009-02-03T11:55:00.001-08:002009-02-03T11:55:19.843-08:00Removing Cytron <br/><strong>Categories:</strong> BHO<br/><em>The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website. <br />As this information is entered by the user, it is captured by the BHO and sent back to the attacker.<br/></em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%WINDOWS%]\downloaded program files\potd.dll<br/>[%WINDOWS%]\downloaded program files\sec.dll<br/>[%WINDOWS%]\downloaded program files\potd.dll<br/>[%WINDOWS%]\downloaded program files\sec.dll </CODE> <p><h2>How to detect Cytron:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%WINDOWS%]\downloaded program files\potd.dll<br/>[%WINDOWS%]\downloaded program files\sec.dll<br/>[%WINDOWS%]\downloaded program files\potd.dll<br/>[%WINDOWS%]\downloaded program files\sec.dll </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CURRENT_USER\software\potd </CODE> </p> <p> <h2>Removing Cytron:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://virusinfo-1036.blogspot.com/2009/02/seed-trojan.html">Seed Trojan Symptoms</a><br/><a href="http://trojan-list-18.blogspot.com/2009/01/ocspl-trojan.html">OC.spl Trojan Symptoms</a><br/><a href="http://trojan-list-29.blogspot.com/2009/01/mbkwbar-toolbar.html">Remove MBKWBar Toolbar</a><br/><a href="http://trojan-list-14.blogspot.com/2009/01/globalnetcominc-trojan.html">Global.Netcom.Inc Trojan Removal instruction</a><br/><a href="http://trojan-list-07.blogspot.com/2009/01/pigeonawhr-trojan.html">Pigeon.AWHR Trojan Cleaner</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-3998782181656246954?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-57851453698506748912009-02-03T11:35:00.001-08:002009-02-03T11:35:35.250-08:00Removing Dluca.gen <br/><strong>Categories:</strong> Downloader<br/><em>Trojans-downloaders downloads and installs new malware or adware on the computer. <br /><br/></em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%SYSTEM%]\gwmpivue.exe<br/>[%SYSTEM%]\kmrptame.exe<br/>[%SYSTEM%]\msgb1.exe<br/>[%SYSTEM%]\gwmpivue.exe<br/>[%SYSTEM%]\kmrptame.exe<br/>[%SYSTEM%]\msgb1.exe </CODE> <p><h2>How to detect Dluca.gen:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%SYSTEM%]\gwmpivue.exe<br/>[%SYSTEM%]\kmrptame.exe<br/>[%SYSTEM%]\msgb1.exe<br/>[%SYSTEM%]\gwmpivue.exe<br/>[%SYSTEM%]\kmrptame.exe<br/>[%SYSTEM%]\msgb1.exe </CODE> </p> <p> <h2>Removing Dluca.gen:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-26.blogspot.com/2009/01/3xterm-trojan.html">3xterm Trojan Cleaner</a><br/><a href="http://trojan-list-66.blogspot.com/2009/01/netrax-backdoor.html">Netrax Backdoor Information</a><br/><a href="http://keylogger-listing-protection.blogspot.com/2009/02/pigeonebq-trojan.html">Pigeon.EBQ Trojan Removal instruction</a><br/><a href="http://virusinfo-2701.blogspot.com/2009/02/vxidlafk-trojan.html">Vxidl.AFK Trojan Removal</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-5785145369850674891?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-15982916737255361612009-02-03T10:35:00.001-08:002009-02-03T10:35:19.365-08:00Removing Ohbeeb <br/><strong>Categories:</strong> Trojan,DoS<br/><em>This loose category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/> <br />Multi-purpose Trojans are also included in this group, as some virus writers <br />create multi-functional Trojans rather than Trojan packs.<br/>DoS programs attack web servers by sending numerous requests to the specified server, <br />often causing it to crash under an excessive volume of requests.<br/> <br /><br/></em><hr/><string>Ohbeeb Also known as:</strong><br/><code><br/>[Kaspersky]Trojan-Downlaoder.Win32.Tiny.cl,Trojan.Win32.Agent.zw,Trojan-Downlaoder.Win32.Small.dsx,Trojan.Win32.Zapxhast.cd,Trojan-Downlaoder.Win32.Small.dqt,Trojan-Downloader.Win32.tiny.bm,Trojan.Win32.Agent.zq,Trojan-Downlaoder.win32.Tiny.ad,Trojan-Downlaoder.Win32.Small.cug;<br/>[McAfee]Generic Downloader.ab,Downloader-AUw,Downloader-AUW,Downloader-BAB;<br/>[F-Prot]W32/Trojan.SCN;<br/>[Other]Win32/Ohbeeb,Win32.Ohbeeb,Win32/Ohbeeb.R,Win32/Ohbeeb.S,Downloader,Win32/Ohbeeb.T,Win32/Ohbeeb.N,win32/Ohbeeb.O,Win32/Ohbeeb.P,Win32.Ohbeeb.Q,Win32/Ohbeeb.V,Win32/Ohbeeb!generic,Win32/Ohbeeb.AF,Win32/Ohbeeb.AI,Win32/Ohbeeb.AH</code> <p><h2>How to detect Ohbeeb:</h2></p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run </CODE> </p> <p> <h2>Removing Ohbeeb:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://malwarepedia-protect-listing.blogspot.com/2009/02/pigeonaveh-trojan.html">Remove Pigeon.AVEH Trojan</a><br/><a href="http://kill-computer-virus.blogspot.com/2009/01/mecapaw-trojan.html">Mecapaw Trojan Cleaner</a><br/><a href="http://trojan-list-97.blogspot.com/2009/01/blackmonday-trojan.html">Black.Monday Trojan Information</a><br/><a href="http://information-details-removal.blogspot.com/2009/01/hoaveldoor-trojan.html">Removing Hoaveldoor Trojan</a><br/><a href="http://virusinfo-3831.blogspot.com/2009/02/elotus-trojan.html">Elotus Trojan Removal instruction</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-1598291673725536161?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-33316696173051089812009-02-03T10:11:00.001-08:002009-02-03T10:11:42.281-08:00Removing IEPageHelper <br/><strong>Categories:</strong> Adware,BHO<br/><em>Adware are programs that facilitate delivery for <strong>advertising content</strong> <br />to the user and in some cases gather information from the user's computer, <br />including information related to Internet browser usage or other computer habits<br/> The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website. <br />As this information is entered by the user, it is captured by the BHO and sent back to the attacker.<br/></em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%SYSTEM%]\inetdctr.dll<br/>[%WINDOWS%]\system\inetdctr.dll<br/>[%SYSTEM%]\inetdctr.dll<br/>[%WINDOWS%]\system\inetdctr.dll </CODE> <p><h2>How to detect IEPageHelper:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%SYSTEM%]\inetdctr.dll<br/>[%WINDOWS%]\system\inetdctr.dll<br/>[%SYSTEM%]\inetdctr.dll<br/>[%WINDOWS%]\system\inetdctr.dll </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C4DA27D-4D52-4465-A089-98E01BB725CA}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6F42CAD-2559-48DF-AF30-89E480AF5DFA}<br/>HKEY_CLASSES_ROOT\clsid\{1c4da27d-4d52-4465-a089-98e01bb725ca}<br/>HKEY_CLASSES_ROOT\clsid\{a6f42cad-2559-48df-af30-89e480af5dfa}<br/>HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{1c4da27d-4d52-4465-a089-98e01bb725ca}<br/>HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{a6f42cad-2559-48df-af30-89e480af5dfa}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1c4da27d-4d52-4465-a089-98e01bb725ca}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{a6f42cad-2559-48df-af30-89e480af5dfa} </CODE> </p> <p> <h2>Removing IEPageHelper:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://virusinfo-4832.blogspot.com/2009/02/gatesofhell-backdoor.html">Gates.of.Hell Backdoor Symptoms</a><br/><a href="http://trojan-list-74.blogspot.com/2009/01/inetspeakiexplorr-adware.html">INetSpeak.Iexplorr Adware Information</a><br/><a href="http://list-details-trojanpedia.blogspot.com/2009/01/webprefix-adware.html">Remove Webprefix Adware</a><br/><a href="http://virusinfo-1943.blogspot.com/2009/02/hoolaxy-trojan.html">Removing Hoolaxy Trojan</a><br/><a href="http://trojan-malwarepedia-info.blogspot.com/2009/01/bancosgtb-trojan.html">Bancos.GTB Trojan Symptoms</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-3331669617305108981?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-82788102892686483692009-02-03T09:01:00.001-08:002009-02-03T09:01:05.162-08:00Removing ShopForGood <br/><strong>Categories:</strong> Adware,BHO,Hijacker,Toolbar<br/><em>Adware are programs that facilitate delivery for <strong>advertising content</strong> <br />to the user and in some cases gather information from the user's computer, <br />including information related to Internet browser usage or other computer habits<br/> The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website. <br />As this information is entered by the user, it is captured by the BHO and sent back to the attacker.<br/>A Search hijacker redirects search results to other pages and may <br />transmit search and browsing data to unknown servers. An error page hijacker directs <br />the browser to another page, usually an advertising page, instead of the usual error <br />page when the requested URL is not found.<br/>Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.</em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%SYSTEM%]\winy.dll<br/>[%WINDOWS%]\system\winy.dll<br/>[%SYSTEM%]\winy.dll<br/>[%WINDOWS%]\system\winy.dll </CODE> <p><h2>How to detect ShopForGood:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%SYSTEM%]\winy.dll<br/>[%WINDOWS%]\system\winy.dll<br/>[%SYSTEM%]\winy.dll<br/>[%WINDOWS%]\system\winy.dll </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\clsid\{05bbb56a-2a69-4a5c-bfda-43295dd67434}<br/>HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{05bbb56a-2a69-4a5c-bfda-43295dd67434}<br/>HKEY_LOCAL_MACHINE\software\classes\clsid\{05bbb56a-2a69-4a5c-bfda-43295dd67434}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{05bbb56a-2a69-4a5c-bfda-43295dd67434} </CODE> </p> <p> <h2>Removing ShopForGood:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-03.blogspot.com/2009/01/trojandownloaderwin32smallcsn-trojan.html">Trojan.Downloader.Win32.Small.csn Trojan Cleaner</a><br/><a href="http://virusinfo-3039.blogspot.com/2009/01/dos-trojan.html">Dos Trojan Information</a><br/><a href="http://trojan-list-74.blogspot.com/2009/01/velozcom-tracking-cookie.html">Veloz.com Tracking Cookie Removal</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-8278810289268648369?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-1344447783927005342009-02-03T07:27:00.001-08:002009-02-03T07:27:39.587-08:00Removing Zlob.QK <br/><strong>Categories:</strong> Trojan,Downloader,Popups<br/><em>This loose category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/> <br />Multi-purpose Trojans are also included in this group, as some virus writers <br />create multi-functional Trojans rather than Trojan packs.<br/>This family of Trojans <strong>downloads and installs new malware or adware on the computer</strong>. <br />The downloader then either launches the new malware or registers it to enable autorun <br />according to the local operating system requirements.<br/> <br />The names and locations of malware to be downloaded are either coded into the <br />Trojan or downloaded from a specified website.<br/>Adware is the class of programs that <strong>place advertisements on your screen</strong>. <br />These may be in the form of pop-ups, pop-unders, advertisements embedded in programs, <br />advertisements placed on top of ads in web sites, or any other way the authors can <br />think of showing you an ad.<br/> <br />The pop-ups generally will not be stopped by pop-up stoppers, and often are <br />not dependent on your having Internet Explorer open. <br />They may show up when you are playing a game, writing a document, listening to music, <br />or anything else. Should you be surfing, the advertisements will often be related to <br />the web page you are viewing. <br/></em> <p><h2>How to detect Zlob.QK:</h2></p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\AVZipEnchancer.Chl<br/>HKEY_CLASSES_ROOT\codecssoftwarepackage.chl </CODE> </p> <p> <h2>Removing Zlob.QK:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-00.blogspot.com/2009/01/daviddropper-trojan.html">David!Dropper Trojan Symptoms</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-134444778392700534?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-28474217009920501572009-02-03T06:51:00.001-08:002009-02-03T06:51:39.486-08:00Removing Samsa <br/><strong>Categories:</strong> Trojan<br/><em>This category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/></em><hr/><string>Samsa Also known as:</strong><br/><code><br/>[Kaspersky]Trojan.Win32/Samsa.b,Trojan.Win32.Samsa,Trojan.Win32.Samsa.v;<br/>[McAfee]Enfal;<br/>[F-Prot]W32/Trojan2.LSU (exact);<br/>[Other]Win32/Samsa.A,Win32/Samsa</code><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%SYSTEM%]\inbackup.exe<br/>[%SYSTEM%]\inbackup.exe </CODE> <p><h2>How to detect Samsa:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%SYSTEM%]\inbackup.exe<br/>[%SYSTEM%]\inbackup.exe </CODE> </p> <p> <h2>Removing Samsa:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-30.blogspot.com/2009/01/browsertoolbar-adware.html">BrowserToolbar Adware Cleaner</a><br/><a href="http://trojan-list-81.blogspot.com/2009/01/mitgliederdz-trojan.html">Mitglieder.dz Trojan Removal instruction</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-2847421700992050157?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-91188646875464516192009-02-03T06:47:00.001-08:002009-02-03T06:47:43.445-08:00Removing AdBreak.FHFMM <br/><strong>Categories:</strong> BHO<br/><em>The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website. <br />As this information is entered by the user, it is captured by the BHO and sent back to the attacker.<br/></em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%WINDOWS%]\fhfmm.exe<br/>[%WINDOWS%]\fhfmm-Uninstaller.exe<br/>[%WINDOWS%]\fhfmm.dll<br/>[%WINDOWS%]\fhfmm.txt<br/>[%WINDOWS%]\fhfmm1.tmp<br/>[%WINDOWS%]\fhfmm2.tmp<br/>[%WINDOWS%]\fhfmm3.tmp<br/>[%WINDOWS%]\liqui-Uninstaller.exe<br/>[%WINDOWS%]\fhfmm.exe<br/>[%WINDOWS%]\fhfmm-Uninstaller.exe<br/>[%WINDOWS%]\fhfmm.dll<br/>[%WINDOWS%]\fhfmm.txt<br/>[%WINDOWS%]\fhfmm1.tmp<br/>[%WINDOWS%]\fhfmm2.tmp<br/>[%WINDOWS%]\fhfmm3.tmp<br/>[%WINDOWS%]\liqui-Uninstaller.exe </CODE> <p><h2>How to detect AdBreak.FHFMM:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%WINDOWS%]\fhfmm.exe<br/>[%WINDOWS%]\fhfmm-Uninstaller.exe<br/>[%WINDOWS%]\fhfmm.dll<br/>[%WINDOWS%]\fhfmm.txt<br/>[%WINDOWS%]\fhfmm1.tmp<br/>[%WINDOWS%]\fhfmm2.tmp<br/>[%WINDOWS%]\fhfmm3.tmp<br/>[%WINDOWS%]\liqui-Uninstaller.exe<br/>[%WINDOWS%]\fhfmm.exe<br/>[%WINDOWS%]\fhfmm-Uninstaller.exe<br/>[%WINDOWS%]\fhfmm.dll<br/>[%WINDOWS%]\fhfmm.txt<br/>[%WINDOWS%]\fhfmm1.tmp<br/>[%WINDOWS%]\fhfmm2.tmp<br/>[%WINDOWS%]\fhfmm3.tmp<br/>[%WINDOWS%]\liqui-Uninstaller.exe </CODE> </p> <p> <h2>Removing AdBreak.FHFMM:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-description-blog.blogspot.com/2009/01/bancosaks-trojan.html">Bancos.AKS Trojan Removal instruction</a><br/><a href="http://information-details-removal.blogspot.com/2009/01/vxidlacm-trojan.html">Remove Vxidl.ACM Trojan</a><br/><a href="http://trojan-list-68.blogspot.com/2009/01/formatkill-trojan.html">Remove Format.Kill Trojan</a><br/><a href="http://virusinfo-0329.blogspot.com/2009/01/mute-trojan.html">Removing Mute Trojan</a><br/><a href="http://protect-kill-infections.blogspot.com/2009/01/nethiefxpsp1-rat.html">Nethief.XP.SP1 RAT Cleaner</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-9118864687546451619?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-81997887681969041882009-02-03T06:39:00.001-08:002009-02-03T06:39:36.263-08:00Removing PassAlert <br/><strong>Categories:</strong> Trojan,Downloader<br/><em>This category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/>This family of Trojans <strong>downloads and installs new malware or adware on the computer</strong>. <br />The downloader then either launches the new malware or registers it to enable autorun <br />according to the local operating system requirements.<br/> <br />The names and locations of malware to be downloaded are either coded into the <br />Trojan or downloaded from a specified website.<br/></em> <p><h2>How to detect PassAlert:</h2></p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run </CODE> </p> <p> <h2>Removing PassAlert:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://viruslist-d.blogspot.com/2009/01/pluto-trojan.html">Pluto Trojan Symptoms</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-8199788768196904188?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-64024788411254019192009-02-03T06:35:00.001-08:002009-02-03T06:35:31.034-08:00Removing Need2Find <br/><strong>Categories:</strong> Adware<br/><em>Adware are programs that facilitate delivery for advertising content <br />to the user and in some cases gather information from the user's computer. <br /><br/> </em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%PROGRAM_FILES%]\Need2Find\bar\1.bin\ND2FNBAR.DLL<br/>[%PROGRAM_FILES%]\Need2Find\bar\1.bin\ND2FNBAR.DLL </CODE> <p><h2>How to detect Need2Find:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%PROGRAM_FILES%]\Need2Find\bar\1.bin\ND2FNBAR.DLL<br/>[%PROGRAM_FILES%]\Need2Find\bar\1.bin\ND2FNBAR.DLL </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\CLSID\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}<br/>HKEY_CLASSES_ROOT\clsid\{630d6140-04c5-4db0-b27a-020d766ff09b}<br/>HKEY_CLASSES_ROOT\need2findbar.settingsplugin<br/>HKEY_CLASSES_ROOT\need2findbar.settingsplugin.1<br/>HKEY_CLASSES_ROOT\need2findbar.toolbarplugin<br/>HKEY_CLASSES_ROOT\need2findbar.toolbarplugin.1<br/>HKEY_CLASSES_ROOT\clsid\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\need2findbar uninstall<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\need2findbar uninstall<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\need2findbar uninstall<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\need2findbar uninstall<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\need2findbar uninstall<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\need2findbar uninstall </CODE> </p> <p> <h2>Removing Need2Find:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-95.blogspot.com/2009/01/backdoorbladerunner-trojan.html">Backdoor.Bladerunner Trojan Removal</a><br/><a href="http://trojan-list-41.blogspot.com/2009/01/tcsinstallationampconfiguration-trojan.html">Remove TCS.Installation.&.Configuration Trojan</a><br/><a href="http://trojan-list-84.blogspot.com/2009/01/mosaic-trojan.html">Mosaic Trojan Cleaner</a><br/><a href="http://virusinfo-3211.blogspot.com/2009/02/defie-trojan.html">Remove DefIE Trojan</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-6402478841125401919?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-19557752452171528112009-02-03T06:32:00.001-08:002009-02-03T06:32:16.921-08:00Removing BrowserAid.FindIt.Quick <br/><strong>Categories:</strong> BHO,Toolbar<br/><em><strong>BHO (Browser Helper Object) Trojan</strong>. <br />The BHO waits for the user to post personal information to a monitored website. <br />As this information is entered by the user, it is captured by the BHO and sent back to the attacker. <br />The method of network transport used by the attacker makes this Trojan unique. <br />Typically, keyloggers of this type will send the stolen information back to the attacker via email <br />or HTTP POST, which can appear suspicious. <br />Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into <br />the data section of an ICMP ping packet." explained the company.<br/>Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.</em> <p><h2>How to detect BrowserAid.FindIt.Quick:</h2></p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\clsid\{72ceae02-df9c-49f3-9689-10d1b82dc343}<br/>HKEY_LOCAL_MACHINE\software\classes\clsid\{72ceae02-df9c-49f3-9689-10d1b82dc343} </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar </CODE> </p> <p> <h2>Removing BrowserAid.FindIt.Quick:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-05.blogspot.com/2009/01/pigeonavnn-trojan.html">Remove Pigeon.AVNN Trojan</a><br/><a href="http://trojan-list-32.blogspot.com/2009/01/pathfindercom-tracking-cookie.html">pathfinder.com Tracking Cookie Removal instruction</a><br/><a href="http://trojan-list-04.blogspot.com/2009/01/avocadoserverdll-trojan.html">Remove Avocado.ServerDLL Trojan</a><br/><a href="http://virusinfo-1817.blogspot.com/2009/02/dowqueabw-trojan.html">Dowque.ABW Trojan Cleaner</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-1955775245217152811?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-89681193092356922282009-02-03T06:00:00.001-08:002009-02-03T06:00:03.764-08:00Removing Hellraider <br/><strong>Categories:</strong> RAT<br/><em>Many trojans and backdoors now have <strong>remote administration capabilities</strong> <br />allowing an individual to control the victim's computer. <br />Many times a file called the server must be opened on the victim's computer before <br />the trojan can have access to it.<br/> <br />These are generally sent through email, P2P file sharing software, <br />and in internet downloads. They are usually disguised as a legitimate program or file. <br />Many server files will display a fake error message when opened, to make it seem like it didn't open. <br />Some will also kill antivirus and firewall software.<br/> <br />Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on <br />April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack. <br />They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray, <br />and swap mouse buttons. However, they can be quite hard to remove.<br/></em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%WINDOWS%]\hellraider.exe<br/>[%WINDOWS%]\hellraider.exe </CODE> <p><h2>How to detect Hellraider:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%WINDOWS%]\hellraider.exe<br/>[%WINDOWS%]\hellraider.exe </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_CURRENT_USER\software\mirabilis\icq\agent\apps\cxyfp<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices </CODE> </p> <p> <h2>Removing Hellraider:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-96.blogspot.com/2009/01/araradr-rat.html">Arara.dr RAT Symptoms</a><br/><a href="http://description-info-remove.blogspot.com/2009/01/priosted-trojan.html">Priosted Trojan Removal</a><br/><a href="http://malware-list-info.blogspot.com/2009/01/bancoshxj-trojan.html">Bancos.HXJ Trojan Removal</a><br/><a href="http://viruslist-d.blogspot.com/2009/01/agentfz-trojan.html">Agent.FZ Trojan Cleaner</a><br/><a href="http://trojan-list-01.blogspot.com/2009/02/pigeonemg-trojan.html">Removing Pigeon.EMG Trojan</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-8968119309235692228?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-36664748442776329202009-02-03T03:43:00.001-08:002009-02-03T03:43:22.294-08:00Removing CWS Homepage Hijacker <br/><strong>Categories:</strong> Hijacker<br/><em>Hijackers take control of various parts of your web browser, including your home page, <br />search pages, and search bar. They may also redirect you to certain sites should you <br />mistype an address or prevent you from going to a website they would rather you not, <br />such as sites that combat malware. Some will even redirect you to their own search engine <br />when you attempt a search.<br/></em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%PROGRAM_FILES%]\COMMONNAME\TOOLBAR\cnbabe.dll<br/>[%PROGRAM_FILES%]\Dianlei\Plugins\DLManager.dll<br/>[%PROGRAM_FILES%]\FlashGet\Jccatch.dll<br/>[%PROGRAM_FILES%]\ICOO Loader\addons\icoou.dll<br/>[%PROGRAM_FILES%]\ICOO Loader\addons\icooue.dll<br/>[%SYSTEM%]\afontext.dll<br/>[%SYSTEM%]\atlwt32.dll<br/>[%SYSTEM%]\msacmx.dll<br/>[%WINDOWS%]\apilx32.dll<br/>[%WINDOWS%]\apizu32.dll<br/>[%WINDOWS%]\g230320000.dll<br/>[%WINDOWS%]\ipec32.dll<br/>[%WINDOWS%]\mfchi32.dll<br/>[%WINDOWS%]\wingj.dll<br/>[%PROGRAM_FILES%]\COMMONNAME\TOOLBAR\cnbabe.dll<br/>[%PROGRAM_FILES%]\Dianlei\Plugins\DLManager.dll<br/>[%PROGRAM_FILES%]\FlashGet\Jccatch.dll<br/>[%PROGRAM_FILES%]\ICOO Loader\addons\icoou.dll<br/>[%PROGRAM_FILES%]\ICOO Loader\addons\icooue.dll<br/>[%SYSTEM%]\afontext.dll<br/>[%SYSTEM%]\atlwt32.dll<br/>[%SYSTEM%]\msacmx.dll<br/>[%WINDOWS%]\apilx32.dll<br/>[%WINDOWS%]\apizu32.dll<br/>[%WINDOWS%]\g230320000.dll<br/>[%WINDOWS%]\ipec32.dll<br/>[%WINDOWS%]\mfchi32.dll<br/>[%WINDOWS%]\wingj.dll </CODE> <p><h2>How to detect CWS Homepage Hijacker:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%PROGRAM_FILES%]\COMMONNAME\TOOLBAR\cnbabe.dll<br/>[%PROGRAM_FILES%]\Dianlei\Plugins\DLManager.dll<br/>[%PROGRAM_FILES%]\FlashGet\Jccatch.dll<br/>[%PROGRAM_FILES%]\ICOO Loader\addons\icoou.dll<br/>[%PROGRAM_FILES%]\ICOO Loader\addons\icooue.dll<br/>[%SYSTEM%]\afontext.dll<br/>[%SYSTEM%]\atlwt32.dll<br/>[%SYSTEM%]\msacmx.dll<br/>[%WINDOWS%]\apilx32.dll<br/>[%WINDOWS%]\apizu32.dll<br/>[%WINDOWS%]\g230320000.dll<br/>[%WINDOWS%]\ipec32.dll<br/>[%WINDOWS%]\mfchi32.dll<br/>[%WINDOWS%]\wingj.dll<br/>[%PROGRAM_FILES%]\COMMONNAME\TOOLBAR\cnbabe.dll<br/>[%PROGRAM_FILES%]\Dianlei\Plugins\DLManager.dll<br/>[%PROGRAM_FILES%]\FlashGet\Jccatch.dll<br/>[%PROGRAM_FILES%]\ICOO Loader\addons\icoou.dll<br/>[%PROGRAM_FILES%]\ICOO Loader\addons\icooue.dll<br/>[%SYSTEM%]\afontext.dll<br/>[%SYSTEM%]\atlwt32.dll<br/>[%SYSTEM%]\msacmx.dll<br/>[%WINDOWS%]\apilx32.dll<br/>[%WINDOWS%]\apizu32.dll<br/>[%WINDOWS%]\g230320000.dll<br/>[%WINDOWS%]\ipec32.dll<br/>[%WINDOWS%]\mfchi32.dll<br/>[%WINDOWS%]\wingj.dll </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\clsid\{00000000-0000-0000-0000-000000000000}<br/>HKEY_CLASSES_ROOT\CLSID\{008764D5-773A-A0CE-0E07-D1A50B2AEB9C}<br/>HKEY_CLASSES_ROOT\CLSID\{027602E2-163B-E675-169C-61D11C7D6D27}<br/>HKEY_CLASSES_ROOT\CLSID\{0519A9C9-064A-4cbc-BC47-D0EACD581477}<br/>HKEY_CLASSES_ROOT\CLSID\{093646C5-CDDB-2035-BD50-008A30E3EA96}<br/>HKEY_CLASSES_ROOT\CLSID\{0E0649E4-4EF1-5350-5D27-33BAD0093516}<br/>HKEY_CLASSES_ROOT\CLSID\{0FEE7E33-7D50-E2F1-5115-7D9B474CAEA8}<br/>HKEY_CLASSES_ROOT\CLSID\{18A2EFFD-B6E8-69B5-4ABB-1F1C8F860433}<br/>HKEY_CLASSES_ROOT\CLSID\{199D9E0B-2F5F-DA98-2B62-FA9AA3710DD5}<br/>HKEY_CLASSES_ROOT\CLSID\{1C72FEB7-4D6C-FAF3-195A-D51516EDCC77}<br/>HKEY_CLASSES_ROOT\CLSID\{242B315F-5E97-AB86-1F6E-F73703F03993}<br/>HKEY_CLASSES_ROOT\CLSID\{255FEB8E-6196-9318-D570-21DED5FF9E37}<br/>HKEY_CLASSES_ROOT\CLSID\{30C15F1B-B902-8769-7E97-07B632351674}<br/>HKEY_CLASSES_ROOT\CLSID\{32646C8A-BB54-7D47-C6A8-722B0FA51A6C}<br/>HKEY_CLASSES_ROOT\CLSID\{32FD5A16-7B87-D254-57E3-C8A486AA74D6}<br/>HKEY_CLASSES_ROOT\CLSID\{35211BE1-8EDF-F9D6-D61F-027B7DB286D4}<br/>HKEY_CLASSES_ROOT\CLSID\{38B38285-1192-F79E-1DFC-91016F827D80}<br/>HKEY_CLASSES_ROOT\CLSID\{39497903-FC95-F850-8965-3C13F3D7274A}<br/>HKEY_CLASSES_ROOT\CLSID\{3C6CC514-0686-8D4A-3795-115CE35C21E9}<br/>HKEY_CLASSES_ROOT\CLSID\{3F300A97-6990-3673-92B7-FCDF52055C5F}<br/>HKEY_CLASSES_ROOT\CLSID\{4129401E-E0CC-8390-738E-DCC2CDEFBA2B}<br/>HKEY_CLASSES_ROOT\CLSID\{41A0091F-BE0B-897D-16F8-5BD81668DD3F}<br/>HKEY_CLASSES_ROOT\CLSID\{46016C67-D3FF-4014-621E-C121E994E090}<br/>HKEY_CLASSES_ROOT\CLSID\{465A59EC-20E5-4fca-A38A-E5EC3C480218}<br/>HKEY_CLASSES_ROOT\CLSID\{467FAEB2-5F5B-4C81-BAE0-2A4752CA7F4E}<br/>HKEY_CLASSES_ROOT\CLSID\{47E71DA2-60FF-677A-1484-28704F9ABE46}<br/>HKEY_CLASSES_ROOT\CLSID\{4D3F045A-9870-CF55-CF30-851993A3AF6F}<br/>HKEY_CLASSES_ROOT\CLSID\{4D7C2D84-2B00-146D-CAF2-38E8743204A2}<br/>HKEY_CLASSES_ROOT\CLSID\{513E86B0-D516-B255-E656-DEF35121232E}<br/>HKEY_CLASSES_ROOT\CLSID\{521B84C2-EFEB-DC8C-B02A-9089847972E1}<br/>HKEY_CLASSES_ROOT\CLSID\{5742F79A-1D91-42C4-990C-B46CF55A6478}<br/>HKEY_CLASSES_ROOT\CLSID\{59708803-B475-5C15-39AD-7A1D62317282}<br/>HKEY_CLASSES_ROOT\CLSID\{5BCE8A80-9FA3-A229-B315-13932E0AA5D8}<br/>HKEY_CLASSES_ROOT\CLSID\{605B61F1-324E-B844-52EA-08A764AA37D9}<br/>HKEY_CLASSES_ROOT\CLSID\{60B33657-9E08-DEB2-4980-97C2352D4AEF}<br/>HKEY_CLASSES_ROOT\CLSID\{624D0ED6-FBD6-D488-B435-B1E924C175C0}<br/>HKEY_CLASSES_ROOT\CLSID\{6259AAB6-979D-83C5-B2DB-ABC95EA1C8B2}<br/>HKEY_CLASSES_ROOT\CLSID\{68258D5A-F48D-99E0-FFBF-35C3BFB74C94}<br/>HKEY_CLASSES_ROOT\CLSID\{6A9852CC-FCBB-61A5-41A1-2EDA8230AEC5}<br/>HKEY_CLASSES_ROOT\CLSID\{6D5064E5-DB4F-986D-4AD0-EC06E8821EA9}<br/>HKEY_CLASSES_ROOT\CLSID\{7363BA68-FA5B-4BC9-8DEF-84263F54F53D}<br/>HKEY_CLASSES_ROOT\CLSID\{741EF1A1-D9CC-94D4-0B32-52C18D0ED509}<br/>HKEY_CLASSES_ROOT\CLSID\{77E35B59-5DBF-CA0F-2037-00B52E21E874}<br/>HKEY_CLASSES_ROOT\CLSID\{8227E624-0D80-2ABA-0149-6F487ADE838B}<br/>HKEY_CLASSES_ROOT\CLSID\{869819CE-8035-1170-64C2-6EE1E98B3458}<br/>HKEY_CLASSES_ROOT\CLSID\{87680A9A-4595-032D-4F84-B593061B9FC5}<br/>HKEY_CLASSES_ROOT\CLSID\{8F6B33B6-05DF-FAF4-C592-388E843E5ADB}<br/>HKEY_CLASSES_ROOT\CLSID\{904D6A45-F3FF-1A6D-7B1D-0DB4E2E1F3E7}<br/>HKEY_CLASSES_ROOT\CLSID\{90B46B07-282D-8DDE-D296-452CDBB0603B}<br/>HKEY_CLASSES_ROOT\CLSID\{90C2CAE8-913A-DBA5-AC8E-D0896D0378CA}<br/>HKEY_CLASSES_ROOT\CLSID\{92CDA6FC-1C7D-E1DC-676E-761A6ECC0847}<br/>HKEY_CLASSES_ROOT\CLSID\{98A9B656-1029-E870-F0CD-CA151569B86D}<br/>HKEY_CLASSES_ROOT\CLSID\{9E2E0AAF-55CD-8D02-957C-C88F3AC0AE90}<br/>HKEY_CLASSES_ROOT\CLSID\{A0B5AE4D-89E5-F22A-060E-06256A646F77}<br/>HKEY_CLASSES_ROOT\CLSID\{A2BEDD84-A226-805F-8E96-0121145966E2}<br/>HKEY_CLASSES_ROOT\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00322}<br/>HKEY_CLASSES_ROOT\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}<br/>HKEY_CLASSES_ROOT\clsid\{a5366673-e8ca-11d3-9cd9-0090271d075b}<br/>HKEY_CLASSES_ROOT\CLSID\{A6AB0709-374D-2F77-3E70-0DE0910A9568}<br/>HKEY_CLASSES_ROOT\CLSID\{A7FA3C2B-428C-A94F-686F-2252E4F3A02C}<br/>HKEY_CLASSES_ROOT\CLSID\{AA0A9B7C-1E92-535C-0904-539590028603}<br/>HKEY_CLASSES_ROOT\CLSID\{AB9D62B8-7E56-2DB3-A516-E377F1010DCD}<br/>HKEY_CLASSES_ROOT\CLSID\{B063B761-34B8-42D9-CBCD-08B0A1D3E8D4}<br/>HKEY_CLASSES_ROOT\CLSID\{B9D90B27-AD4A-413A-88CB-3E6DDC10DC2D}<br/>HKEY_CLASSES_ROOT\CLSID\{BEF00307-0846-75C4-B6F5-84A949B91F47}<br/>HKEY_CLASSES_ROOT\CLSID\{CDF3AE9D-4F8C-67BC-66A6-A9252CCD81A1}<br/>HKEY_CLASSES_ROOT\CLSID\{D572A88C-5F1B-7EFE-45C7-5E070937FBFC}<br/>HKEY_CLASSES_ROOT\CLSID\{DEFC684A-30AD-8E93-CC49-E8F76A63D101}<br/>HKEY_CLASSES_ROOT\CLSID\{DFD57175-D4E1-532D-8EE9-D8E60D7C3992}<br/>HKEY_CLASSES_ROOT\CLSID\{E2E6C0E2-FA3A-8992-181C-3BA9E7ED6D56}<br/>HKEY_CLASSES_ROOT\CLSID\{E32E2C23-F6D7-0593-005D-8AE4C8C742A8}<br/>HKEY_CLASSES_ROOT\CLSID\{E38ED9F3-91EA-355E-5715-27B3113CA15D}<br/>HKEY_CLASSES_ROOT\CLSID\{E66BEB61-721E-FA12-3F4B-CC71F7910CF0}<br/>HKEY_CLASSES_ROOT\CLSID\{E6F23682-174F-AF3C-0738-3DEF6F7B9091}<br/>HKEY_CLASSES_ROOT\CLSID\{E902A02C-DD59-5DE4-624F-8012F9AFA9B9}<br/>HKEY_CLASSES_ROOT\CLSID\{E97E5AE0-29D6-7DFA-7E92-29CC5D770DA3}<br/>HKEY_CLASSES_ROOT\CLSID\{F9567894-1E9F-4452-79FF-F795A197EFBA}<br/>HKEY_CLASSES_ROOT\CLSID\{FC2593E3-3E5A-410F-AF3D-82613CCE58E5}<br/>HKEY_CLASSES_ROOT\CLSID\{FD7786C4-36BE-9F97-70B6-B4EF1D3FBA8B}<br/>HKEY_CLASSES_ROOT\CLSID\{FF52FC75-302C-5DED-C090-F77905337D75}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-0000-0000-0000-000000000000}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{008764D5-773A-A0CE-0E07-D1A50B2AEB9C}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01295AD0-0541-D9B9-7631-E16A07785229}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{027602E2-163B-E675-169C-61D11C7D6D27}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0519A9C9-064A-4cbc-BC47-D0EACD581477}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0566E16E-2A99-5084-E121-5895960CC230}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07F009CC-0ADE-5083-F469-92CE6474B119}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{093646C5-CDDB-2035-BD50-008A30E3EA96}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ABCE593-A2F9-DA6D-2B6D-D92E2B05E875}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E0649E4-4EF1-5350-5D27-33BAD0093516}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FEE7E33-7D50-E2F1-5115-7D9B474CAEA8}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BA77F1-683B-FBF7-B61E-4821BC229D98}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12869A5D-0FF9-B9AA-8BD8-9337FB04C5C6}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1289C13B-DC64-888A-AC41-234F521546F5}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{182318D0-C69A-F785-8040-72D18DFA96ED}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18A2EFFD-B6E8-69B5-4ABB-1F1C8F860433}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18ECE89C-2542-91DE-E39B-39C5120593D7}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{199D9E0B-2F5F-DA98-2B62-FA9AA3710DD5}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0D767B-0C24-CB78-0876-5F7AEE9294F4}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b68470c-2def-493b-8a4a-8e2d81be4ea5}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C72FEB7-4D6C-FAF3-195A-D51516EDCC77}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20FA44E2-4117-97B3-21C4-ABFD27838805}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{213FF3C4-933A-5728-4344-750F1EBB3DD5}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{242B315F-5E97-AB86-1F6E-F73703F03993}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{255FEB8E-6196-9318-D570-21DED5FF9E37}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2761A38B-D828-B1C6-1039-1395C426EDDA}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29C196DF-2556-96EE-B27D-089B4B07F011}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2FCA15DA-4534-DA39-35D0-ED78D3F19541}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30C15F1B-B902-8769-7E97-07B632351674}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32646C8A-BB54-7D47-C6A8-722B0FA51A6C}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32A6B01D-983B-8AF2-A16D-062280B34476}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32FD5A16-7B87-D254-57E3-C8A486AA74D6}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33C7D509-2F1B-1150-D9B4-4CAEA87399FC}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35211BE1-8EDF-F9D6-D61F-027B7DB286D4}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38729DB3-1DF3-C16A-63B7-BE2CC5DC8D27}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3881EB3F-A5F4-4CF3-F9B2-25986B2B2656}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38B38285-1192-F79E-1DFC-91016F827D80}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3901E8B9-569B-50AA-35AC-D0FC976E91F1}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39497903-FC95-F850-8965-3C13F3D7274A}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395654E0-C152-DEFC-F1D5-D4ED74FC94EC}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3959283E-C72B-D2BA-8167-B27A8FA8F55B}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C6CC514-0686-8D4A-3795-115CE35C21E9}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3DF3AE97-927A-A988-F257-18F61D1C5ABA}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3E634ABC-AA83-3403-5DD5-43546E8735F1}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3F300A97-6990-3673-92B7-FCDF52055C5F}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40967C3E-0316-B8F3-7AC2-AC680D6E22D9}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4129401E-E0CC-8390-738E-DCC2CDEFBA2B}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41A0091F-BE0B-897D-16F8-5BD81668DD3F}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44A73433-E13D-79D4-D26D-9CDD83E71551}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46016C67-D3FF-4014-621E-C121E994E090}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{465A59EC-20E5-4fca-A38A-E5EC3C480218}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467FAEB2-5F5B-4C81-BAE0-2A4752CA7F4E}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47E71DA2-60FF-677A-1484-28704F9ABE46}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A50DB5A-1456-7EE4-9AD0-BD52FA677D5F}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4AA3BB56-37CA-AC96-1BCE-57B02E6C007B}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D3F045A-9870-CF55-CF30-851993A3AF6F}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D7C2D84-2B00-146D-CAF2-38E8743204A2}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9FC428-C242-144C-B27B-F27F0CC116BE}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E367784-F4CD-00AD-8490-A4619B7AAF21}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{513E86B0-D516-B255-E656-DEF35121232E}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51704C8A-007A-8362-32D7-C2EE36CE9214}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{521B84C2-EFEB-DC8C-B02A-9089847972E1}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56602600-9335-D10F-A0C5-C6602AA24FD3}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5742F79A-1D91-42C4-990C-B46CF55A6478}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58A18AE6-6FAA-D8C2-14DB-4B8800933F55}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59708803-B475-5C15-39AD-7A1D62317282}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BCE8A80-9FA3-A229-B315-13932E0AA5D8}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{605B61F1-324E-B844-52EA-08A764AA37D9}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{605BB929-10FB-81EB-196F-7822E1EA2567}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60B33657-9E08-DEB2-4980-97C2352D4AEF}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{624D0ED6-FBD6-D488-B435-B1E924C175C0}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6259AAB6-979D-83C5-B2DB-ABC95EA1C8B2}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66E7A648-A2D0-B506-715E-8D564D8364C2}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68258D5A-F48D-99E0-FFBF-35C3BFB74C94}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A9852CC-FCBB-61A5-41A1-2EDA8230AEC5}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6BFC7DB0-C871-9935-DEC2-92E086CE9435}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D5064E5-DB4F-986D-4AD0-EC06E8821EA9}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7070A8F9-08A4-CA47-0AB0-1EB9E4EE1F3B}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7363BA68-FA5B-4BC9-8DEF-84263F54F53D}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{741EF1A1-D9CC-94D4-0B32-52C18D0ED509}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77E35B59-5DBF-CA0F-2037-00B52E21E874}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{791E9324-130C-DB07-16B3-102D31B10114}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B30F33D-4323-2428-D014-8BE0A8C8C8ED}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C461C96-0310-49FA-767A-6D27FEB941E6}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D6BFD31-52A5-44A7-6A16-E14766D2A648}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8227E624-0D80-2ABA-0149-6F487ADE838B}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{826B2228-BC09-49F2-B5F8-42CE26B1B712}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8327E127-2658-4B06-86B0-8D575DE1575B}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84AA3CA6-585D-1802-BCC6-20C398800817}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{869819CE-8035-1170-64C2-6EE1E98B3458}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87680A9A-4595-032D-4F84-B593061B9FC5}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8795D063-4F75-198C-F00B-C7FF75B8735D}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{882631A5-5AE7-4F3B-DA2D-18C71F0FDF23}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{89DA6847-5449-92CF-67AA-38AE4BD6F831}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8F6B33B6-05DF-FAF4-C592-388E843E5ADB}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{904C63F5-2041-CB09-DEEA-722D9B6F8DEF}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{904D6A45-F3FF-1A6D-7B1D-0DB4E2E1F3E7}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90965649-8DEF-CF3B-37E1-4CB76DC73681}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90B46B07-282D-8DDE-D296-452CDBB0603B}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90C2CAE8-913A-DBA5-AC8E-D0896D0378CA}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92CDA6FC-1C7D-E1DC-676E-761A6ECC0847}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98A9B656-1029-E870-F0CD-CA151569B86D}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9A8F5394-C42E-426F-B539-E4F44D9C9347}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E1A8018-A9B5-1BCD-91E7-FC63C21F3EAF}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E2E0AAF-55CD-8D02-957C-C88F3AC0AE90}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6480CF-41D5-ADA6-566E-13AE9287A0CD}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A0B5AE4D-89E5-F22A-060E-06256A646F77}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2BEDD84-A226-805F-8E96-0121145966E2}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00311}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00322}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5366673-E8CA-11D3-9CD9-0090271D075B}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6AB0709-374D-2F77-3E70-0DE0910A9568}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7FA3C2B-428C-A94F-686F-2252E4F3A02C}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A9A674BF-771F-42E5-A440-D20DDA85A862}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA0A9B7C-1E92-535C-0904-539590028603}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA21D960-C084-D85E-9E3A-1D4E146F5773}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB9D62B8-7E56-2DB3-A516-E377F1010DCD}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B063B761-34B8-42D9-CBCD-08B0A1D3E8D4}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B1EA2010-07E4-3D19-B07F-C5DA991481C8}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4A7D9ED-89B3-E958-4A80-16026C986728}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6007EAD-B9FB-819A-9125-AF6A6A50A711}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B9D90B27-AD4A-413A-88CB-3E6DDC10DC2D}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BEF00307-0846-75C4-B6F5-84A949B91F47}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3D292B4-683A-18D1-852B-943823CD81BF}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C448539A-1A24-DCB9-3152-D2DCA94E1831}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C500B6E9-8A37-3168-2346-44B58FB04FA8}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C643F570-05B9-FEDB-D764-AC5B786D4B39}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C97FF6D5-D8E9-6EAE-0F99-AC588DF99F9C}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB9BF6D5-EA1D-0B43-F3D0-8964A6728480}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDF3AE9D-4F8C-67BC-66A6-A9252CCD81A1}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0CEC06E-821E-9959-CABB-8F52B1005BA8}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D572A88C-5F1B-7EFE-45C7-5E070937FBFC}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB29A986-131A-F212-4C89-18F9E42C205A}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD6F50C0-9F8F-A41C-291E-7B3FB818EF18}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DEFC684A-30AD-8E93-CC49-E8F76A63D101}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DFD57175-D4E1-532D-8EE9-D8E60D7C3992}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2E6C0E2-FA3A-8992-181C-3BA9E7ED6D56}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E32E2C23-F6D7-0593-005D-8AE4C8C742A8}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E38ED9F3-91EA-355E-5715-27B3113CA15D}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3BB58FA-9E29-5453-8515-DD85FF9C16C7}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E6510F00-8D63-A5DF-5C50-00AE920791E7}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E66BEB61-721E-FA12-3F4B-CC71F7910CF0}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E6F23682-174F-AF3C-0738-3DEF6F7B9091}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E72EF259-0958-844E-2249-322BFBF6B069}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E902A02C-DD59-5DE4-624F-8012F9AFA9B9}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E97E5AE0-29D6-7DFA-7E92-29CC5D770DA3}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EAF521EB-5513-475B-B2B3-4D4B1195A1B0}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB230940-8256-ABD5-52BD-BE5EBE5DA35B}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F21BD77E-0CCE-C6CD-4F85-AA3B7895988E}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9567894-1E9F-4452-79FF-F795A197EFBA}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC2593E3-3E5A-410F-AF3D-82613CCE58E5}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC90281A-715F-5453-5E27-FF1B02AE0DA5}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD7786C4-36BE-9F97-70B6-B4EF1D3FBA8B}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FEB58C92-D119-8F66-A8FA-72D46A544DA9}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF52FC75-302C-5DED-C090-F77905337D75}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF731508-CD28-E0B0-3E85-0CF55FDE9FBA} </CODE> </p> <p> <h2>Removing CWS Homepage Hijacker:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://virusinfo-2124.blogspot.com/2009/02/fdosretrace-dos.html">Remove FDoS.Retrace DoS</a><br/><a href="http://kill-computer-virus.blogspot.com/2009/01/cufrab-downloader.html">Cufrab Downloader Information</a><br/><a href="http://trojan-list-51.blogspot.com/2009/01/aolselide-trojan.html">AOL.Selide Trojan Information</a><br/><a href="http://trojan-list-62.blogspot.com/2009/01/vxidlbbm-trojan.html">Vxidl.BBM Trojan Symptoms</a><br/><a href="http://trojan-list-23.blogspot.com/2009/01/helwix-trojan.html">Helwix Trojan Cleaner</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-3666474844277632920?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-90283149482366658422009-02-03T01:40:00.001-08:002009-02-03T01:40:06.473-08:00Removing Banker.anv <br/><strong>Categories:</strong> Spyware<br/><em>Spyware can even change computer settings, resulting in slow connection speeds, <br />different home pages, and loss of Internet or other programs. <br />In an attempt to increase the understanding of spyware, a more formal classification <br />of its included software types is captured under the term privacy-invasive software. <br/></em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%WINDOWS%]\media\winework.exe<br/>[%WINDOWS%]\media\winework.exe </CODE> <p><h2>How to detect Banker.anv:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%WINDOWS%]\media\winework.exe<br/>[%WINDOWS%]\media\winework.exe </CODE> </p> <p> <h2>Removing Banker.anv:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-88.blogspot.com/2009/01/warpigsc-trojan.html">WarPigs.C Trojan Cleaner</a><br/><a href="http://malware-list-info.blogspot.com/2009/02/term-trojan.html">Term Trojan Information</a><br/><a href="http://trojan-list-05.blogspot.com/2009/02/wordmacroeraser-trojan.html">Remove WordMacro.Eraser Trojan</a><br/><a href="http://trojan-list-33.blogspot.com/2009/01/bancosied-trojan.html">Remove Bancos.IED Trojan</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-9028314948236665842?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-48171769012547358552009-02-03T01:12:00.001-08:002009-02-03T01:12:13.300-08:00Removing AdClicker.Oddbot <br/><strong>Categories:</strong> Adware<br/><em>Adware are programs that facilitate delivery for <strong>advertising content</strong> <br />to the user and in some cases gather information from the user's computer, <br />including information related to Internet browser usage or other computer habits<br/> </em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%SYSTEM%]\CCFDV.DLL<br/>[%SYSTEM%]\nodeipproc.dll<br/>[%SYSTEM%]\CCFDV.DLL<br/>[%SYSTEM%]\nodeipproc.dll </CODE> <p><h2>How to detect AdClicker.Oddbot:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%SYSTEM%]\CCFDV.DLL<br/>[%SYSTEM%]\nodeipproc.dll<br/>[%SYSTEM%]\CCFDV.DLL<br/>[%SYSTEM%]\nodeipproc.dll </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\interface\{251df512-6faf-4aaf-bf19-d99b5f1c9250}<br/>HKEY_CLASSES_ROOT\clsid\{2b896072-f6e3-4ff7-ade6-43d5bec6557c}<br/>HKEY_CLASSES_ROOT\oddbot.adclicker<br/>HKEY_CLASSES_ROOT\oddbot.adclicker.1<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2b896072-f6e3-4ff7-ade6-43d5bec6557c} </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\nodeipproc<br/>HKEY_LOCAL_MACHINE\software\nodeipproc<br/>HKEY_LOCAL_MACHINE\software\nodeipproc </CODE> </p> <p> <h2>Removing AdClicker.Oddbot:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-57.blogspot.com/2009/01/bufalobot-trojan.html">BufaloBot Trojan Removal</a><br/><a href="http://trojan-list-36.blogspot.com/2009/01/evasivekeylog-trojan.html">Evasive.KeyLog Trojan Cleaner</a><br/><a href="http://trojan-list-60.blogspot.com/2009/01/remove-rat.html">Remove RAT Cleaner</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-4817176901254735855?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-41878845769533176392009-02-03T01:08:00.001-08:002009-02-03T01:08:21.377-08:00Removing VB.tf <br/><strong>Categories:</strong> Trojan<br/><em>This category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/></em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%WINDOWS%]\win3208160-15319522006.exe<br/>[%WINDOWS%]\win3208160-15319522006.exe </CODE> <p><h2>How to detect VB.tf:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%WINDOWS%]\win3208160-15319522006.exe<br/>[%WINDOWS%]\win3208160-15319522006.exe </CODE> </p> <p> <h2>Removing VB.tf:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-63.blogspot.com/2009/01/rahack-trojan.html">Rahack Trojan Removal</a><br/><a href="http://malwarepedia-protect-listing.blogspot.com/2009/01/benuti-trojan.html">Benuti Trojan Removal instruction</a><br/><a href="http://virusinfo-4345.blogspot.com/2009/01/vulwingar-downloader.html">Vulwingar Downloader Cleaner</a><br/><a href="http://ridethe-pc-info.blogspot.com/2009/01/bancosgnd-trojan.html">Removing Bancos.GND Trojan</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-4187884576953317639?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-4609271712876123132009-02-03T01:03:00.001-08:002009-02-03T01:03:42.440-08:00Removing PWS.Banker.gen.bu <br/><strong>Categories:</strong> Trojan<br/><em>This loose category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/> <br />Multi-purpose Trojans are also included in this group, as some virus writers <br />create multi-functional Trojans rather than Trojan packs.<br/></em><hr/><string>PWS.Banker.gen.bu Also known as:</strong><br/><code><br/>[McAfee]PWS-Banker.gen.bu;<br/>[Panda]Trj/Banker.IBT;<br/>[Other]Infostealer.Banker.D,Trojan.Nethell,VirTool:Win32/Obfuscator.C</code><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%SYSTEM%]\w1m.dll<br/>[%SYSTEM%]\w1m.dll </CODE> <p><h2>How to detect PWS.Banker.gen.bu:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%SYSTEM%]\w1m.dll<br/>[%SYSTEM%]\w1m.dll </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\clsid\{b3056695-ce91-404e-bd3b-62a4a3e6adfd}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{b3056695-ce91-404e-bd3b-62a4a3e6adfd} </CODE> </p> <p> <h2>Removing PWS.Banker.gen.bu:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-69.blogspot.com/2009/01/sensi-worm.html">SenSi Worm Removal instruction</a><br/><a href="http://trojan-list-78.blogspot.com/2009/01/y3kremoteadministrationtoolpro-backdoor_19.html">Y3K.Remote.Administration.Tool.Pro Backdoor Information</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-460927171287612313?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-34453036473564370422009-02-03T00:51:00.001-08:002009-02-03T00:51:42.424-08:00Removing Win <br/><strong>Categories:</strong> Trojan,Hacker Tool,Downloader<br/><em>This category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/>Hacker Tools are designed to penetrate remote computers <br />in order to use them as zombies or to download other malicious programs to computer.<br/>This family of Trojans <strong>downloads and installs new malware or adware on the computer</strong>. <br />The downloader then either launches the new malware or registers it to enable autorun <br />according to the local operating system requirements.<br/> <br />The names and locations of malware to be downloaded are either coded into the <br />Trojan or downloaded from a specified website.<br/></em><hr/><string>Win Also known as:</strong><br/><code><br/>[Panda]Trj/Crack;<br/>[Computer Associates]Win/183935</code> <p><h2>How to detect Win:</h2></p> <p><strong>Folders:</strong> <CODE> <br/>[%PROGRAM_FILES%]\winsniffer </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CURRENT_USER\software\winsniffer<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\win sniffer 1.2 </CODE> </p> <p> <h2>Removing Win:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-63.blogspot.com/2009/01/hundredpc-trojan.html">HundredPC Trojan Removal</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-3445303647356437042?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-8109924170124676562009-02-03T00:47:00.001-08:002009-02-03T00:47:31.117-08:00Removing Cobfinn <br/><strong>Categories:</strong> Trojan<br/><em>This category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/></em><hr/><string>Cobfinn Also known as:</strong><br/><code><br/>[Kaspersky]Backdoor.Win32.ShBot.a,Backdoor.Win32.ShBot.b;<br/>[McAfee]BackDoor-CYL;<br/>[Other]Win32/Cobfinn.I,Backdoor.Shellbot,BackDoor-CYL,Win32/Cobfinn.H</code><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%WINDOWS%]\system\svchctrl.dll<br/>[%WINDOWS%]\system\svchctrl.exe<br/>[%WINDOWS%]\system\svchostw.dll<br/>[%WINDOWS%]\system\svchostw.exe<br/>[%WINDOWS%]\system\svchctrl.dll<br/>[%WINDOWS%]\system\svchctrl.exe<br/>[%WINDOWS%]\system\svchostw.dll<br/>[%WINDOWS%]\system\svchostw.exe </CODE> <p><h2>How to detect Cobfinn:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%WINDOWS%]\system\svchctrl.dll<br/>[%WINDOWS%]\system\svchctrl.exe<br/>[%WINDOWS%]\system\svchostw.dll<br/>[%WINDOWS%]\system\svchostw.exe<br/>[%WINDOWS%]\system\svchctrl.dll<br/>[%WINDOWS%]\system\svchctrl.exe<br/>[%WINDOWS%]\system\svchostw.dll<br/>[%WINDOWS%]\system\svchostw.exe </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellbotr<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellbot </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run </CODE> </p> <p> <h2>Removing Cobfinn:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-66.blogspot.com/2009/01/pigeonavec-trojan.html">Pigeon.AVEC Trojan Symptoms</a><br/><a href="http://trojan-list-81.blogspot.com/2009/01/paszczus-trojan.html">Paszczus Trojan Information</a><br/><a href="http://remove-listing-pc.blogspot.com/2009/01/sillydlcof-trojan.html">SillyDl.COF Trojan Symptoms</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-810992417012467656?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-21293851905323814082009-02-03T00:31:00.001-08:002009-02-03T00:31:24.941-08:00Removing Kzmmultitv.class <br/><strong>Categories:</strong> Trojan<br/><em>This loose category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/> <br />Multi-purpose Trojans are also included in this group, as some virus writers <br />create multi-functional Trojans rather than Trojan packs.<br/></em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%APPDATA%]\Sun\Java\Deployment\cache\6.0\27\3966f95b-1c21ba47<br/>[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\KzmMultiTV.class-32126837-2a334ffd.class<br/>[%APPDATA%]\Sun\Java\Deployment\cache\6.0\27\3966f95b-1c21ba47<br/>[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\KzmMultiTV.class-32126837-2a334ffd.class </CODE> <p><h2>How to detect Kzmmultitv.class:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%APPDATA%]\Sun\Java\Deployment\cache\6.0\27\3966f95b-1c21ba47<br/>[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\KzmMultiTV.class-32126837-2a334ffd.class<br/>[%APPDATA%]\Sun\Java\Deployment\cache\6.0\27\3966f95b-1c21ba47<br/>[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\KzmMultiTV.class-32126837-2a334ffd.class </CODE> </p> <p> <h2>Removing Kzmmultitv.class:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-description-blog.blogspot.com/2009/01/backdoorslackbot-backdoor.html">Backdoor.Slackbot Backdoor Removal instruction</a><br/><a href="http://malware-list-info.blogspot.com/2009/01/puddy-trojan.html">Removing Puddy Trojan</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-2129385190532381408?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-58636972680293256422009-02-02T22:27:00.001-08:002009-02-02T22:27:40.221-08:00Removing MS06 <br/><strong>Categories:</strong> Trojan,Hacker Tool<br/><em>This loose category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/> <br />Multi-purpose Trojans are also included in this group, as some virus writers <br />create multi-functional Trojans rather than Trojan packs.<br/>Exploits use vulnerabilities in operating systems and applications to achieve the same result.<br/></em><hr/><string>MS06 Also known as:</strong><br/><code><br/>[Other]VBS/MS06-014!exploit</code><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%INTERNET_CACHE%]\Content.IE5\45AV45Q3\count[3].htm<br/>[%INTERNET_CACHE%]\Content.IE5\C3RVUOH5\count[1].htm<br/>[%INTERNET_CACHE%]\Content.IE5\45AV45Q3\count[3].htm<br/>[%INTERNET_CACHE%]\Content.IE5\C3RVUOH5\count[1].htm </CODE> <p><h2>How to detect MS06:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%INTERNET_CACHE%]\Content.IE5\45AV45Q3\count[3].htm<br/>[%INTERNET_CACHE%]\Content.IE5\C3RVUOH5\count[1].htm<br/>[%INTERNET_CACHE%]\Content.IE5\45AV45Q3\count[3].htm<br/>[%INTERNET_CACHE%]\Content.IE5\C3RVUOH5\count[1].htm </CODE> </p> <p> <h2>Removing MS06:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-70.blogspot.com/2009/01/pigeondsg-trojan.html">Pigeon.DSG Trojan Removal</a><br/><a href="http://trojan-list-97.blogspot.com/2009/01/lithiumserver-backdoor.html">Lithium.server Backdoor Removal</a><br/><a href="http://virusinfo-3335.blogspot.com/2009/02/pigeonavau-trojan.html">Pigeon.AVAU Trojan Symptoms</a><br/><a href="http://trojan-list-95.blogspot.com/2009/01/satcah-trojan.html">Satcah Trojan Removal</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-5863697268029325642?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-74714678365506104462009-02-02T22:03:00.001-08:002009-02-02T22:03:47.449-08:00Removing SillyDl.DLK <br/><strong>Categories:</strong> Trojan<br/><em>This loose category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/> <br />Multi-purpose Trojans are also included in this group, as some virus writers <br />create multi-functional Trojans rather than Trojan packs.<br/></em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%SYSTEM%]\ctfmona.exe<br/>[%SYSTEM%]\ctfmona.exe </CODE> <p><h2>How to detect SillyDl.DLK:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%SYSTEM%]\ctfmona.exe<br/>[%SYSTEM%]\ctfmona.exe </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\software notifier<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run </CODE> </p> <p> <h2>Removing SillyDl.DLK:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://info-blog-protect.blogspot.com/2009/01/fawx-dos.html">Fawx DoS Removal</a><br/><a href="http://spyware-list-infections.blogspot.com/2009/01/intellitracker-tracking-cookie.html">Intelli.tracker Tracking Cookie Information</a><br/><a href="http://virusinfo-0610.blogspot.com/2009/01/180search-assistant-spyware.html">180Search Assistant Spyware Cleaner</a><br/><a href="http://trojan-list-13.blogspot.com/2009/01/trojandownloaderwin32swizzorbh.html">TrojanDownloader.Win32.Swizzor.bh Downloader Removal instruction</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-7471467836550610446?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-71223977827364188262009-02-02T21:43:00.001-08:002009-02-02T21:43:22.766-08:00Removing Jakposh <br/><strong>Categories:</strong> Trojan,Hijacker<br/><em>This loose category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/> <br />Multi-purpose Trojans are also included in this group, as some virus writers <br />create multi-functional Trojans rather than Trojan packs.<br/>A desktop hijacker replaces the desktop wallpaper with advertising <br />for products and services on the desktop.<br/></em><hr/><string>Jakposh Also known as:</strong><br/><code><br/>[Kaspersky]Trojan-Clicker.Win32.Agent.hz;<br/>[McAfee]Adware-LugSearch;<br/>[F-Prot]W32/Trojan.AGCF;<br/>[Other]Trojan.Jakposh,Troj/Agent-DMT,Win32/Jakposh.C,Trojan.Adclicker,TrojanClicker:Win32/Agent!4276</code><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%SYSTEM%]\82541744.dll<br/>[%SYSTEM%]\82541744.dll </CODE> <p><h2>How to detect Jakposh:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%SYSTEM%]\82541744.dll<br/>[%SYSTEM%]\82541744.dll </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run </CODE> </p> <p> <h2>Removing Jakposh:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://keylogger-listing-protection.blogspot.com/2009/01/vxidlbee-trojan.html">Removing Vxidl.BEE Trojan</a><br/><a href="http://malware-list-info.blogspot.com/2009/01/lyusane-trojan.html">Removing Lyusane Trojan</a><br/><a href="http://virusinfo-0444.blogspot.com/2009/01/bdirect-trojan.html">BDirect Trojan Information</a><br/><a href="http://virusinfo-4529.blogspot.com/2009/02/vb11176-trojan.html">Removing VB11176 Trojan</a><br/><a href="http://trojan-list-53.blogspot.com/2009/01/zdl-trojan.html">Zdl Trojan Cleaner</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-7122397782736418826?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-16304896482963562722009-02-02T21:31:00.001-08:002009-02-02T21:31:50.999-08:00Removing Crystalys.Media <br/><strong>Categories:</strong> Toolbar<br/><em>Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.</em> <p><h2>How to detect Crystalys.Media:</h2></p> <p><strong>Folders:</strong> <CODE> <br/>[%PROGRAMS%]\Crystalys Media </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\crystalys media internet assistant </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\crystalys media<br/>HKEY_LOCAL_MACHINE\software\crystalys media<br/>HKEY_LOCAL_MACHINE\software\crystalys media<br/>HKEY_LOCAL_MACHINE\software\crystalys media<br/>HKEY_LOCAL_MACHINE\software\crystalys media<br/>HKEY_LOCAL_MACHINE\software\crystalys media<br/>HKEY_LOCAL_MACHINE\software\crystalys media<br/>HKEY_LOCAL_MACHINE\software\crystalys media<br/>HKEY_LOCAL_MACHINE\software\crystalys media<br/>HKEY_LOCAL_MACHINE\software\crystalys media<br/>HKEY_LOCAL_MACHINE\software\crystalys media<br/>HKEY_LOCAL_MACHINE\software\crystalys media<br/>HKEY_LOCAL_MACHINE\software\crystalys media<br/>HKEY_LOCAL_MACHINE\software\crystalys media<br/>HKEY_LOCAL_MACHINE\software\crystalys media<br/>HKEY_LOCAL_MACHINE\software\crystalys media<br/>HKEY_LOCAL_MACHINE\software\crystalys media<br/>HKEY_LOCAL_MACHINE\software\crystalys media<br/>HKEY_LOCAL_MACHINE\software\crystalys media<br/>HKEY_LOCAL_MACHINE\software\crystalys media<br/>HKEY_LOCAL_MACHINE\software\crystalys media<br/>HKEY_LOCAL_MACHINE\software\crystalys media<br/>HKEY_LOCAL_MACHINE\software\crystalys media<br/>HKEY_LOCAL_MACHINE\software\crystalys media<br/>HKEY_LOCAL_MACHINE\software\crystalys media<br/>HKEY_LOCAL_MACHINE\software\crystalys media<br/>HKEY_LOCAL_MACHINE\software\crystalys media<br/>HKEY_LOCAL_MACHINE\software\crystalys media<br/>HKEY_LOCAL_MACHINE\software\crystalys media<br/>HKEY_LOCAL_MACHINE\software\crystalys media </CODE> </p> <p> <h2>Removing Crystalys.Media:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://info-blog-protect.blogspot.com/2009/01/bancosgfj-trojan.html">Removing Bancos.GFJ Trojan</a><br/><a href="http://trojan-list-25.blogspot.com/2009/02/bancoshko-trojan.html">Bancos.HKO Trojan Removal instruction</a><br/><a href="http://viruslist-malware-infections.blogspot.com/2009/01/esyndicate-adware.html">Removing ESyndicate Adware</a><br/><a href="http://trojan-list-64.blogspot.com/2009/01/ircaladinz-backdoor_22.html">Removing IRC.Aladinz Backdoor</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-1630489648296356272?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-28425648973153105772009-02-02T20:31:00.001-08:002009-02-02T20:31:17.772-08:00Removing Messenger.Blocker <br/><strong>Categories:</strong> Ransomware<br/><em>A <strong>cryptovirus, cryptotrojan or cryptoworm</strong> is a type of <br />malware that encrypts the data belonging to an individual on a computer, <br />demanding a ransom for its restoration.<br/> <br />The term ransomware is commonly used to describe software that encrypts the data <br />belonging to an individual on a computer, demanding a ransom for its restoration. <br />Although the field known as cryptovirology predates the term "ransomware".<br/></em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%FAVORITES%]\Messenger Blocker.url<br/>[%FAVORITES%]\Messenger Blocker.url </CODE> <p><h2>How to detect Messenger.Blocker:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%FAVORITES%]\Messenger Blocker.url<br/>[%FAVORITES%]\Messenger Blocker.url </CODE> </p> <p><strong>Folders:</strong> <CODE> <br/>[%COMMON_PROGRAMS%]\Messenger Blocker<br/>[%PROGRAM_FILES%]\MBlocker </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run </CODE> </p> <p> <h2>Removing Messenger.Blocker:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-87.blogspot.com/2009/01/agentbj-downloader.html">Removing Agent.bj Downloader</a><br/><a href="http://viruslist-malware-infections.blogspot.com/2009/01/vxidlavh-trojan.html">Removing Vxidl.AVH Trojan</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-2842564897315310577?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-87807375618934412812009-02-02T20:27:00.001-08:002009-02-02T20:27:43.125-08:00Removing Winlogon Malware <br/><strong>Categories:</strong> Malware<br/><em>Malware includes a range of programs that do not threaten computers directly, <br />but are used to create viruses or Trojans, or used to carry out illegal activities <br />such as DoS attacks and breaking into other computers. </em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%SYSTEM%]\explorer.dll<br/>[%SYSTEM%]\iexplorer.dll<br/>[%SYSTEM%]\j40s0ed7eh0.dll<br/>[%SYSTEM%]\req.dat<br/>[%SYSTEM%]\ssldr32.dll<br/>[%SYSTEM%]\winbug32.dll<br/>[%SYSTEM%]\wineil32.dll<br/>[%SYSTEM%]\winfon32.dll<br/>[%SYSTEM%]\wingsa32.dll<br/>[%SYSTEM%]\winhab32.dll<br/>[%SYSTEM%]\winhfp32.dll<br/>[%SYSTEM%]\winjgf32.dll<br/>[%SYSTEM%]\winmmt32.dll<br/>[%SYSTEM%]\winowl32.dll<br/>[%SYSTEM%]\winpsa32.dll<br/>[%SYSTEM%]\winrge32.dll<br/>[%SYSTEM%]\wintts32.dll<br/>[%SYSTEM%]\winvhi32.dll<br/>[%SYSTEM%]\winwly32.dll<br/>[%SYSTEM%]\winysc32.dll<br/>[%SYSTEM%]\winzwr32.dll<br/>[%SYSTEM%]\yvpp01.dll<br/>[%WINDOWS%]\$NtUninstallKB823559$\run.dll<br/>[%SYSTEM%]\explorer.dll<br/>[%SYSTEM%]\iexplorer.dll<br/>[%SYSTEM%]\j40s0ed7eh0.dll<br/>[%SYSTEM%]\req.dat<br/>[%SYSTEM%]\ssldr32.dll<br/>[%SYSTEM%]\winbug32.dll<br/>[%SYSTEM%]\wineil32.dll<br/>[%SYSTEM%]\winfon32.dll<br/>[%SYSTEM%]\wingsa32.dll<br/>[%SYSTEM%]\winhab32.dll<br/>[%SYSTEM%]\winhfp32.dll<br/>[%SYSTEM%]\winjgf32.dll<br/>[%SYSTEM%]\winmmt32.dll<br/>[%SYSTEM%]\winowl32.dll<br/>[%SYSTEM%]\winpsa32.dll<br/>[%SYSTEM%]\winrge32.dll<br/>[%SYSTEM%]\wintts32.dll<br/>[%SYSTEM%]\winvhi32.dll<br/>[%SYSTEM%]\winwly32.dll<br/>[%SYSTEM%]\winysc32.dll<br/>[%SYSTEM%]\winzwr32.dll<br/>[%SYSTEM%]\yvpp01.dll<br/>[%WINDOWS%]\$NtUninstallKB823559$\run.dll </CODE> <p><h2>How to detect Winlogon Malware:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%SYSTEM%]\explorer.dll<br/>[%SYSTEM%]\iexplorer.dll<br/>[%SYSTEM%]\j40s0ed7eh0.dll<br/>[%SYSTEM%]\req.dat<br/>[%SYSTEM%]\ssldr32.dll<br/>[%SYSTEM%]\winbug32.dll<br/>[%SYSTEM%]\wineil32.dll<br/>[%SYSTEM%]\winfon32.dll<br/>[%SYSTEM%]\wingsa32.dll<br/>[%SYSTEM%]\winhab32.dll<br/>[%SYSTEM%]\winhfp32.dll<br/>[%SYSTEM%]\winjgf32.dll<br/>[%SYSTEM%]\winmmt32.dll<br/>[%SYSTEM%]\winowl32.dll<br/>[%SYSTEM%]\winpsa32.dll<br/>[%SYSTEM%]\winrge32.dll<br/>[%SYSTEM%]\wintts32.dll<br/>[%SYSTEM%]\winvhi32.dll<br/>[%SYSTEM%]\winwly32.dll<br/>[%SYSTEM%]\winysc32.dll<br/>[%SYSTEM%]\winzwr32.dll<br/>[%SYSTEM%]\yvpp01.dll<br/>[%WINDOWS%]\$NtUninstallKB823559$\run.dll<br/>[%SYSTEM%]\explorer.dll<br/>[%SYSTEM%]\iexplorer.dll<br/>[%SYSTEM%]\j40s0ed7eh0.dll<br/>[%SYSTEM%]\req.dat<br/>[%SYSTEM%]\ssldr32.dll<br/>[%SYSTEM%]\winbug32.dll<br/>[%SYSTEM%]\wineil32.dll<br/>[%SYSTEM%]\winfon32.dll<br/>[%SYSTEM%]\wingsa32.dll<br/>[%SYSTEM%]\winhab32.dll<br/>[%SYSTEM%]\winhfp32.dll<br/>[%SYSTEM%]\winjgf32.dll<br/>[%SYSTEM%]\winmmt32.dll<br/>[%SYSTEM%]\winowl32.dll<br/>[%SYSTEM%]\winpsa32.dll<br/>[%SYSTEM%]\winrge32.dll<br/>[%SYSTEM%]\wintts32.dll<br/>[%SYSTEM%]\winvhi32.dll<br/>[%SYSTEM%]\winwly32.dll<br/>[%SYSTEM%]\winysc32.dll<br/>[%SYSTEM%]\winzwr32.dll<br/>[%SYSTEM%]\yvpp01.dll<br/>[%WINDOWS%]\$NtUninstallKB823559$\run.dll </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\artm_newreg<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\BITS<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\browsela<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\debugg<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\directpt<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\explorer<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gatexkey<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gdiwxp<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gs<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Hints<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hpprintx<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\htproc<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ideusr50<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Installer<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lanH32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msgnap<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msupdate<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Nls<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OemStartMenuData<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pptp16<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reliability<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\req<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Run<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnce<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnceEx<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensSrv<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\seppgs<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SharedDlls<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellServiceObjectDelayLoad<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssldr<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\st3<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\style2<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\URL<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vistax<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\welcome<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winbug32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WindowsUpdate<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wineil32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winexz32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winfon32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wingsa32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winhab32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winhfp32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winjgf32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winjyp32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winkvh32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winmfu32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winmhw32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winmiu32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winmmt32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winnjx32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winowl32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winpsa32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrge32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrgq32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrnt32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrvc32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrzf32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winsdr32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winstu32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wintfj32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wintts32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winuns32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winuqw32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winvhi32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winwil32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winwly32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winxtn32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winysc32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzdn32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzwr32<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ydsvgd<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yvpp01 </CODE> </p> <p> <h2>Removing Winlogon Malware:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-88.blogspot.com/2009/01/sillydlcfr-trojan.html">Removing SillyDl.CFR Trojan</a><br/><a href="http://trojan-list-59.blogspot.com/2009/01/pigeonadn-trojan.html">Pigeon.ADN Trojan Symptoms</a><br/><a href="http://trojan-list-81.blogspot.com/2009/01/vbfk-trojan.html">VB.fk Trojan Cleaner</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-8780737561893441281?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-6182157204023406122009-02-02T19:19:00.001-08:002009-02-02T19:19:13.260-08:00Removing TX <br/><strong>Categories:</strong> Adware,BHO,RAT<br/><em>Adware are programs that facilitate delivery for advertising content <br />to the user and in some cases gather information from the user's computer. <br /><br/> The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website. <br />As this information is entered by the user, it is captured by the BHO and sent back to the attacker.<br/>Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on <br />April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack. <br /><br/></em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%SYSTEM%]\apphelp32.dll<br/>[%SYSTEM%]\asferror32.dll<br/>[%SYSTEM%]\asycfilt32.dll<br/>[%SYSTEM%]\athprxy32.dll<br/>[%SYSTEM%]\ati2dvaa32.dll<br/>[%SYSTEM%]\ati2dvag32.dll<br/>[%SYSTEM%]\audiosrv32.dll<br/>[%SYSTEM%]\autodisc32.dll<br/>[%SYSTEM%]\avifile32.dll<br/>[%SYSTEM%]\avisynthex32.dll<br/>[%SYSTEM%]\aviwrap32.dll<br/>[%SYSTEM%]\browserad.dll<br/>[%WINDOWS%]\system\apphelp32.dll<br/>[%WINDOWS%]\system\asferror32.dll<br/>[%WINDOWS%]\system\asycfilt32.dll<br/>[%WINDOWS%]\system\athprxy32.dll<br/>[%WINDOWS%]\system\ati2dvaa32.dll<br/>[%WINDOWS%]\system\ati2dvag32.dll<br/>[%WINDOWS%]\system\audiosrv32.dll<br/>[%WINDOWS%]\system\autodisc32.dll<br/>[%WINDOWS%]\system\avifile32.dll<br/>[%WINDOWS%]\system\avisynthex32.dll<br/>[%WINDOWS%]\system\aviwrap32.dll<br/>[%WINDOWS%]\system\browserad.dll<br/>[%SYSTEM%]\apphelp32.dll<br/>[%SYSTEM%]\asferror32.dll<br/>[%SYSTEM%]\asycfilt32.dll<br/>[%SYSTEM%]\athprxy32.dll<br/>[%SYSTEM%]\ati2dvaa32.dll<br/>[%SYSTEM%]\ati2dvag32.dll<br/>[%SYSTEM%]\audiosrv32.dll<br/>[%SYSTEM%]\autodisc32.dll<br/>[%SYSTEM%]\avifile32.dll<br/>[%SYSTEM%]\avisynthex32.dll<br/>[%SYSTEM%]\aviwrap32.dll<br/>[%SYSTEM%]\browserad.dll<br/>[%WINDOWS%]\system\apphelp32.dll<br/>[%WINDOWS%]\system\asferror32.dll<br/>[%WINDOWS%]\system\asycfilt32.dll<br/>[%WINDOWS%]\system\athprxy32.dll<br/>[%WINDOWS%]\system\ati2dvaa32.dll<br/>[%WINDOWS%]\system\ati2dvag32.dll<br/>[%WINDOWS%]\system\audiosrv32.dll<br/>[%WINDOWS%]\system\autodisc32.dll<br/>[%WINDOWS%]\system\avifile32.dll<br/>[%WINDOWS%]\system\avisynthex32.dll<br/>[%WINDOWS%]\system\aviwrap32.dll<br/>[%WINDOWS%]\system\browserad.dll </CODE> <p><h2>How to detect TX:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%SYSTEM%]\apphelp32.dll<br/>[%SYSTEM%]\asferror32.dll<br/>[%SYSTEM%]\asycfilt32.dll<br/>[%SYSTEM%]\athprxy32.dll<br/>[%SYSTEM%]\ati2dvaa32.dll<br/>[%SYSTEM%]\ati2dvag32.dll<br/>[%SYSTEM%]\audiosrv32.dll<br/>[%SYSTEM%]\autodisc32.dll<br/>[%SYSTEM%]\avifile32.dll<br/>[%SYSTEM%]\avisynthex32.dll<br/>[%SYSTEM%]\aviwrap32.dll<br/>[%SYSTEM%]\browserad.dll<br/>[%WINDOWS%]\system\apphelp32.dll<br/>[%WINDOWS%]\system\asferror32.dll<br/>[%WINDOWS%]\system\asycfilt32.dll<br/>[%WINDOWS%]\system\athprxy32.dll<br/>[%WINDOWS%]\system\ati2dvaa32.dll<br/>[%WINDOWS%]\system\ati2dvag32.dll<br/>[%WINDOWS%]\system\audiosrv32.dll<br/>[%WINDOWS%]\system\autodisc32.dll<br/>[%WINDOWS%]\system\avifile32.dll<br/>[%WINDOWS%]\system\avisynthex32.dll<br/>[%WINDOWS%]\system\aviwrap32.dll<br/>[%WINDOWS%]\system\browserad.dll<br/>[%SYSTEM%]\apphelp32.dll<br/>[%SYSTEM%]\asferror32.dll<br/>[%SYSTEM%]\asycfilt32.dll<br/>[%SYSTEM%]\athprxy32.dll<br/>[%SYSTEM%]\ati2dvaa32.dll<br/>[%SYSTEM%]\ati2dvag32.dll<br/>[%SYSTEM%]\audiosrv32.dll<br/>[%SYSTEM%]\autodisc32.dll<br/>[%SYSTEM%]\avifile32.dll<br/>[%SYSTEM%]\avisynthex32.dll<br/>[%SYSTEM%]\aviwrap32.dll<br/>[%SYSTEM%]\browserad.dll<br/>[%WINDOWS%]\system\apphelp32.dll<br/>[%WINDOWS%]\system\asferror32.dll<br/>[%WINDOWS%]\system\asycfilt32.dll<br/>[%WINDOWS%]\system\athprxy32.dll<br/>[%WINDOWS%]\system\ati2dvaa32.dll<br/>[%WINDOWS%]\system\ati2dvag32.dll<br/>[%WINDOWS%]\system\audiosrv32.dll<br/>[%WINDOWS%]\system\autodisc32.dll<br/>[%WINDOWS%]\system\avifile32.dll<br/>[%WINDOWS%]\system\avisynthex32.dll<br/>[%WINDOWS%]\system\aviwrap32.dll<br/>[%WINDOWS%]\system\browserad.dll </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\clsid\{00000000-0000-5dfc-5652-1705043f6518}<br/>HKEY_CLASSES_ROOT\clsid\{00000000-0000-7ebf-57c6-0bae047ea682}<br/>HKEY_CLASSES_ROOT\clsid\{00000000-0001-0345-2280-0287f27a63ee}<br/>HKEY_CLASSES_ROOT\clsid\{00000000-0001-1dbe-075a-39ec04bd88af}<br/>HKEY_CLASSES_ROOT\clsid\{00000000-0001-f7a6-1f38-0204019e355e}<br/>HKEY_CLASSES_ROOT\clsid\{00000000-0002-53d4-0622-35ea0235778e}<br/>HKEY_CLASSES_ROOT\clsid\{00000000-0008-d357-0798-004401965d4a}<br/>HKEY_CLASSES_ROOT\clsid\{00000000-0009-1c42-7d61-6cff050894a7}<br/>HKEY_CLASSES_ROOT\clsid\{00000000-0015-bd9c-263a-493001ba0c6c}<br/>HKEY_CLASSES_ROOT\clsid\{00000000-0033-c1ac-0e62-0c1f0537605d}<br/>HKEY_CLASSES_ROOT\clsid\{00000000-008c-1e65-6aa6-3a270279f027}<br/>HKEY_CLASSES_ROOT\clsid\{00000000-00fa-71ed-4aba-348801baa0a9}<br/>HKEY_CLASSES_ROOT\clsid\{00000000-0c95-b1f8-547a-405204d6961a}<br/>HKEY_CLASSES_ROOT\interface\{00387fb8-4a60-5f01-44bf-1e5143bd1781}<br/>HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0000-5dfc-5652-1705043f6518}<br/>HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0000-7ebf-57c6-0bae047ea682}<br/>HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0001-0345-2280-0287f27a63ee}<br/>HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0001-1dbe-075a-39ec04bd88af}<br/>HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0001-f7a6-1f38-0204019e355e}<br/>HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0002-53d4-0622-35ea0235778e}<br/>HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0008-d357-0798-004401965d4a}<br/>HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0009-1c42-7d61-6cff050894a7}<br/>HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0015-bd9c-263a-493001ba0c6c}<br/>HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0033-c1ac-0e62-0c1f0537605d}<br/>HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-008c-1e65-6aa6-3a270279f027}<br/>HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-00fa-71ed-4aba-348801baa0a9}<br/>HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0c95-b1f8-547a-405204d6961a}<br/>HKEY_CLASSES_ROOT\typelib\{1e5534b7-22be-2828-4397-5fb302849962}<br/>HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-0000-5dfc-5652-1705043f6518}<br/>HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-0000-7ebf-57c6-0bae047ea682}<br/>HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-0001-0345-2280-0287f27a63ee}<br/>HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-0001-1dbe-075a-39ec04bd88af}<br/>HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-0001-f7a6-1f38-0204019e355e}<br/>HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-0002-53d4-0622-35ea0235778e}<br/>HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-0008-d357-0798-004401965d4a}<br/>HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-0009-1c42-7d61-6cff050894a7}<br/>HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-0015-bd9c-263a-493001ba0c6c}<br/>HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-0033-c1ac-0e62-0c1f0537605d}<br/>HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-008c-1e65-6aa6-3a270279f027}<br/>HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-00fa-71ed-4aba-348801baa0a9}<br/>HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-0c95-b1f8-547a-405204d6961a}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0000-5dfc-5652-1705043f6518}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0000-7ebf-57c6-0bae047ea682}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0001-0345-2280-0287f27a63ee}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0001-1dbe-075a-39ec04bd88af}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0001-f7a6-1f38-0204019e355e}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0002-53d4-0622-35ea0235778e}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0008-d357-0798-004401965d4a}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0009-1c42-7d61-6cff050894a7}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0015-bd9c-263a-493001ba0c6c}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0033-c1ac-0e62-0c1f0537605d}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-008c-1e65-6aa6-3a270279f027}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-00fa-71ed-4aba-348801baa0a9}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0c95-b1f8-547a-405204d6961a} </CODE> </p> <p> <h2>Removing TX:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-45.blogspot.com/2009/01/dagger-backdoor.html">Dagger Backdoor Removal instruction</a><br/><a href="http://ridethe-pc-info.blogspot.com/2009/01/viennafog-trojan.html">Vienna.Fog Trojan Removal</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-618215720402340612?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-61888082653045989312009-02-02T19:00:00.001-08:002009-02-02T19:00:18.752-08:00Removing AgoBot.ST <br/><strong>Categories:</strong> Worm<br/><em>Worms can be classified according to the propagation method they use, <br />i.e. how they deliver copies of themselves to new victim machines. <br />Worms can also be classified by installation method, launch method and finally according <br />to characteristics standard to all malware: polymorphism, stealth etc.<br/> <br />Many of the worms which managed to cause significant outbreaks use more then <br />one propagation method as well as more than one infection technique. <br />The methods are listed separately below.<br/></em> <p><h2>How to detect AgoBot.ST:</h2></p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run </CODE> </p> <p> <h2>Removing AgoBot.ST:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://virusinfo-3329.blogspot.com/2009/01/pigeonavur-trojan.html">Pigeon.AVUR Trojan Cleaner</a><br/><a href="http://trojan-list-01.blogspot.com/2009/02/pigeonemg-trojan.html">Pigeon.EMG Trojan Cleaner</a><br/><a href="http://trojan-list-81.blogspot.com/2009/01/bancosgjb-trojan.html">Bancos.GJB Trojan Cleaner</a><br/><a href="http://trojan-list-26.blogspot.com/2009/01/medbannercom-tracking-cookie.html">Removing medbanner.com Tracking Cookie</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-6188808265304598931?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-7206755886702756202009-02-02T18:09:00.001-08:002009-02-02T18:09:24.436-08:00Removing Pcclient <br/><strong>Categories:</strong> Trojan,Backdoor<br/><em>This loose category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/> <br />Multi-purpose Trojans are also included in this group, as some virus writers <br />create multi-functional Trojans rather than Trojan packs.<br/>Backdoors are used by virus writers to detect and download confidential information, <br />execute malicious code, destroy data, include the machine in bot networks and so forth. <br /><br/></em><hr/><string>Pcclient Also known as:</strong><br/><code><br/>[Kaspersky]Trojan.Win32.Pakes,Backdoor.Win32.PcClient.gg,Backdoor.Win32.Pcclient.ty,Backdoor.Win32.PCClient.vr,Backdoor.Win32.Pcclient.ii,Backdoor.Win32.PcClient.fc,Backdoor.Win32.PcClient.wi,Backdoor.Win32.PcClient.aai;<br/>[Eset]Win32/PcClient.B trojan;<br/>[McAfee]BackDoor-CKB,Backdoor-CKB.gen;<br/>[Computer Associates]Win32.Pcclient.B,Win32/PcClient.Trojan;<br/>[Other]Win32/Pcclient.BA,Win32/PcClient.GG!Trojan,Backdoor.Formador,Troj/Bckdr-HRX,Win32/Pcclient.BD,win32/Pcclient.BC,Win32/Pcclient!generic,Win32/Pcclient.BJ,Backdoor.Pcclient.B,Win32/Pcclient.BH,Win32/Pcclient.BO,Win32.Pcclient.CD</code><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%RECYCLER%]\autorun.exe<br/>[%SYSTEM%]\autorun3.exe<br/>[%SYSTEM%]\KOfcpfwSvcs.exe<br/>[%SYSTEM%]\OfcpfwSvcs.exe<br/>[%DESKTOP%]\My Lockbox.lnk<br/>[%PROGRAM_FILES%]\xerox\folderlockbox.exe<br/>[%SYSTEM%]\drivers\mprifl.sys<br/>[%SYSTEM%]\drivers\Yrfzvmec.sys<br/>[%SYSTEM%]\Xubkmwau.d1l<br/>[%SYSTEM%]\Xubkmwau.sys<br/>[%SYSTEM%]\Yrfzvmec.d1l<br/>[%RECYCLER%]\autorun.exe<br/>[%SYSTEM%]\autorun3.exe<br/>[%SYSTEM%]\KOfcpfwSvcs.exe<br/>[%SYSTEM%]\OfcpfwSvcs.exe<br/>[%DESKTOP%]\My Lockbox.lnk<br/>[%PROGRAM_FILES%]\xerox\folderlockbox.exe<br/>[%SYSTEM%]\drivers\mprifl.sys<br/>[%SYSTEM%]\drivers\Yrfzvmec.sys<br/>[%SYSTEM%]\Xubkmwau.d1l<br/>[%SYSTEM%]\Xubkmwau.sys<br/>[%SYSTEM%]\Yrfzvmec.d1l </CODE> <p><h2>How to detect Pcclient:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%RECYCLER%]\autorun.exe<br/>[%SYSTEM%]\autorun3.exe<br/>[%SYSTEM%]\KOfcpfwSvcs.exe<br/>[%SYSTEM%]\OfcpfwSvcs.exe<br/>[%DESKTOP%]\My Lockbox.lnk<br/>[%PROGRAM_FILES%]\xerox\folderlockbox.exe<br/>[%SYSTEM%]\drivers\mprifl.sys<br/>[%SYSTEM%]\drivers\Yrfzvmec.sys<br/>[%SYSTEM%]\Xubkmwau.d1l<br/>[%SYSTEM%]\Xubkmwau.sys<br/>[%SYSTEM%]\Yrfzvmec.d1l<br/>[%RECYCLER%]\autorun.exe<br/>[%SYSTEM%]\autorun3.exe<br/>[%SYSTEM%]\KOfcpfwSvcs.exe<br/>[%SYSTEM%]\OfcpfwSvcs.exe<br/>[%DESKTOP%]\My Lockbox.lnk<br/>[%PROGRAM_FILES%]\xerox\folderlockbox.exe<br/>[%SYSTEM%]\drivers\mprifl.sys<br/>[%SYSTEM%]\drivers\Yrfzvmec.sys<br/>[%SYSTEM%]\Xubkmwau.d1l<br/>[%SYSTEM%]\Xubkmwau.sys<br/>[%SYSTEM%]\Yrfzvmec.d1l </CODE> </p> <p><strong>Folders:</strong> <CODE> <br/>[%PROGRAMS%]\Folder Lockbox<br/>[%PROGRAMS%]\My Lockbox<br/>[%PROGRAM_FILES%]\Folder Lockbox<br/>[%PROGRAM_FILES%]\My Lockbox </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\clsid\{1627e1fe-69fa-4943-9d87-2a40de9075bf}<br/>HKEY_CLASSES_ROOT\flockbox.dochostuihandler<br/>HKEY_CURRENT_USER\software\fspro labs\folder lockbox<br/>HKEY_LOCAL_MACHINE\software\fspro labs\folder lockbox<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\folder lockbox_is1<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\my lockbox_is1<br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_mprifl<br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_yrfzvmec<br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\services\mprifl<br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\services\xubkmwau<br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\services\yrfzvmec </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run </CODE> </p> <p> <h2>Removing Pcclient:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-30.blogspot.com/2009/01/exitwinpredator-trojan.html">Exit.Win.Predator Trojan Information</a><br/><a href="http://computer-protect-virus.blogspot.com/2009/02/pigeonavfm-trojan.html">Remove Pigeon.AVFM Trojan</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-720675588670275620?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-68639196008394811252009-02-02T17:16:00.001-08:002009-02-02T17:16:44.463-08:00Removing NewAds <br/><strong>Categories:</strong> Adware<br/><em>Adware are programs that facilitate delivery for advertising content <br />to the user and in some cases gather information from the user's computer. <br /><br/> </em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%SYSTEM%]\BattyRun.dll<br/>[%SYSTEM%]\BattyRun.dll </CODE> <p><h2>How to detect NewAds:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%SYSTEM%]\BattyRun.dll<br/>[%SYSTEM%]\BattyRun.dll </CODE> </p> <p><strong>Folders:</strong> <CODE> <br/>[%PROGRAM_FILES%]\batty<br/>[%PROGRAM_FILES%]\AdSponsor<br/>[%PROGRAM_FILES%]\Exolon<br/>[%PROGRAM_FILES%]\PSupport </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\adband.bandbho<br/>HKEY_CLASSES_ROOT\adband.bandbho.1<br/>HKEY_CLASSES_ROOT\adband.bandimpl<br/>HKEY_CLASSES_ROOT\adband.bandimpl.1<br/>HKEY_CLASSES_ROOT\appid\adband.dll<br/>HKEY_CLASSES_ROOT\appid\{36946a0a-05a1-4cf7-934b-270571338e55}<br/>HKEY_CLASSES_ROOT\typelib\{1b8b502e-455b-4022-be27-736d9f808a18}<br/>HKEY_CLASSES_ROOT\typelib\{d5599fae-28aa-4c2b-a29c-6c0cd5b245aa}<br/>HKEY_CLASSES_ROOT\clsid\{04dcb17c-ab45-83ad-a86a-6dfb90277939}<br/>HKEY_CLASSES_ROOT\clsid\{2bc9c452-bb57-4896-a9a2-64611e06c5aa}<br/>HKEY_CLASSES_ROOT\clsid\{6ca1c00b-90fc-4f3e-911f-95306aba43aa}<br/>HKEY_CLASSES_ROOT\clsid\{994d478a-45d0-4db4-ae28-738b1e346f99}<br/>HKEY_CURRENT_USER\software\adsponsor<br/>HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{04dcb17c-ab45-83ad-a86a-6dfb90277939}<br/>HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{6ca1c00b-90fc-4f3e-911f-95306aba43aa}<br/>HKEY_CURRENT_USER\software\padsysassistant<br/>HKEY_CURRENT_USER\software\psupport<br/>HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\explorer bars\{2bc9c452-bb57-4896-a9a2-64611e06c5aa}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{04dcb17c-ab45-83ad-a86a-6dfb90277939}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6ca1c00b-90fc-4f3e-911f-95306aba43aa}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\adsponsor </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\protocols\filter\text/html </CODE> </p> <p> <h2>Removing NewAds:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-67.blogspot.com/2009/01/blubster-worm.html">Remove Blubster Worm</a><br/><a href="http://trojan-list-68.blogspot.com/2009/01/agobotad-trojan.html">Agobot.ad Trojan Information</a><br/><a href="http://trojan-list-39.blogspot.com/2009/01/sillydlczf-trojan.html">SillyDl.CZF Trojan Removal</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-6863919600839481125?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-37957351577358463832009-02-02T17:00:00.001-08:002009-02-02T17:00:01.539-08:00Removing Abetear <br/><strong>Categories:</strong> Trojan,Adware<br/><em>This loose category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/> <br />Multi-purpose Trojans are also included in this group, as some virus writers <br />create multi-functional Trojans rather than Trojan packs.<br/>Adware are programs that facilitate delivery for advertising content <br />to the user and in some cases gather information from the user's computer. <br /><br/> </em><hr/><string>Abetear Also known as:</strong><br/><code><br/>[Kaspersky]Trojan.Win32.Agent.aoy,Trojan.Win32.Agent.bck;<br/>[F-Prot]W32/Trojan.CGOY;<br/>[Other]Win32/Abetear.A,Trojan.Vundo,Trojan:Win32/Fotomoto.A,Win32/Abetear.B,W32/Agent.BUYH,Troj/Agent-FXL,Win32/Abetear.C,W32/Agent.BWQY,Win32/Abetear.G,Trojan:Win32/Agent.AGA,Troj/Bckdr-QJL,W32/Vundo.dam</code><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%APPDATA%]\tmp2.tmp.exe<br/>[%APPDATA%]\tmp4.tmp.exe<br/>[%SYSTEM%]\qwerty12.exe<br/>[%APPDATA%]\tmp2.tmp.exe<br/>[%APPDATA%]\tmp4.tmp.exe<br/>[%SYSTEM%]\qwerty12.exe </CODE> <p><h2>How to detect Abetear:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%APPDATA%]\tmp2.tmp.exe<br/>[%APPDATA%]\tmp4.tmp.exe<br/>[%SYSTEM%]\qwerty12.exe<br/>[%APPDATA%]\tmp2.tmp.exe<br/>[%APPDATA%]\tmp4.tmp.exe<br/>[%SYSTEM%]\qwerty12.exe </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\domainservice<br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_domainservice<br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\services\domainservice </CODE> </p> <p> <h2>Removing Abetear:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://virusinfo-2044.blogspot.com/2009/02/angrychair-trojan.html">AngryChair Trojan Removal</a><br/><a href="http://trojanpedia-infections-keylogger.blogspot.com/2009/01/oplads-trojan.html">Removing Oplads Trojan</a><br/><a href="http://virusinfo-2942.blogspot.com/2009/02/rauser-trojan.html">Rauser Trojan Cleaner</a><br/><a href="http://virusinfo-4713.blogspot.com/2009/02/easysearch-adware.html">EasySearch Adware Removal instruction</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-3795735157735846383?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-32908261797125710332009-02-02T16:48:00.001-08:002009-02-02T16:48:44.825-08:00Removing Ofpo <br/><strong>Categories:</strong> Trojan<br/><em>This category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/></em><hr/><string>Ofpo Also known as:</strong><br/><code><br/>[Kaspersky]Rootkit.Win32.Agent.cf;<br/>[Other]WIn32/Ofpo,Hacktool.Rootkit,Win32.Ofpo.C</code><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%SYSTEM%]\ntio256.sys<br/>[%SYSTEM%]\ntio256.sys<br/>[%SYSTEM%]\poof<br/>[%SYSTEM%]\ntio256.sys<br/>[%SYSTEM%]\ntio256.sys<br/>[%SYSTEM%]\poof </CODE> <p><h2>How to detect Ofpo:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%SYSTEM%]\ntio256.sys<br/>[%SYSTEM%]\ntio256.sys<br/>[%SYSTEM%]\poof<br/>[%SYSTEM%]\ntio256.sys<br/>[%SYSTEM%]\ntio256.sys<br/>[%SYSTEM%]\poof </CODE> </p> <p> <h2>Removing Ofpo:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-14.blogspot.com/2009/01/wonder-spyware.html">Wonder Spyware Symptoms</a><br/><a href="http://trojan-list-19.blogspot.com/2009/01/wanderer-trojan.html">Wanderer Trojan Symptoms</a><br/><a href="http://virusinfo-3526.blogspot.com/2009/01/unclassified-trojan.html">Removing Unclassified Trojan</a><br/><a href="http://trojan-list-16.blogspot.com/2009/01/bancosgps-trojan.html">Bancos.GPS Trojan Information</a><br/><a href="http://trojan-list-48.blogspot.com/2009/01/pswjiakong-trojan.html">Remove PSW.Jiakong Trojan</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-3290826179712571033?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-31580686845113070462009-02-02T16:39:00.001-08:002009-02-02T16:39:41.890-08:00Removing Netster.Smart.Browse <br/><strong>Categories:</strong> BHO,Toolbar<br/><em>As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and <br />sent back to the attacker. <br />Typically, keyloggers of this type will send the stolen information back to the attacker via email <br />or HTTP POST, which can appear suspicious.Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.</em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%PROFILE%]\netster.dll<br/>[%SYSTEM%]\netster.dll<br/>[%SYSTEM%]\_netster.dll<br/>[%WINDOWS%]\system\netster.dll<br/>[%WINDOWS%]\system\_netster.dll<br/>[%PROFILE%]\netster.dll<br/>[%SYSTEM%]\netster.dll<br/>[%SYSTEM%]\_netster.dll<br/>[%WINDOWS%]\system\netster.dll<br/>[%WINDOWS%]\system\_netster.dll </CODE> <p><h2>How to detect Netster.Smart.Browse:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%PROFILE%]\netster.dll<br/>[%SYSTEM%]\netster.dll<br/>[%SYSTEM%]\_netster.dll<br/>[%WINDOWS%]\system\netster.dll<br/>[%WINDOWS%]\system\_netster.dll<br/>[%PROFILE%]\netster.dll<br/>[%SYSTEM%]\netster.dll<br/>[%SYSTEM%]\_netster.dll<br/>[%WINDOWS%]\system\netster.dll<br/>[%WINDOWS%]\system\_netster.dll </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\clsid\{359f7e49-1ea0-4671-92e9-61e32fe25c5e}<br/>HKEY_CLASSES_ROOT\clsid\{856d6a8e-a24c-498a-a55a-2b25c606a6b4}<br/>HKEY_CLASSES_ROOT\clsid\{acc63168-5876-439b-95bc-3bae59ca860c}<br/>HKEY_CLASSES_ROOT\clsid\{b98f79f4-3619-49fb-a7e7-b737e58c5727}<br/>HKEY_CLASSES_ROOT\interface\{aa644580-8f8a-4f8b-9263-42e14c7c2fcb}<br/>HKEY_CLASSES_ROOT\interface\{b4fadc3f-7c5f-4fc8-a050-dbeb2c119dd5}<br/>HKEY_CLASSES_ROOT\interface\{eed9bcbf-d40e-408f-8080-e4afc9fddb36}<br/>HKEY_CLASSES_ROOT\interface\{f5619700-a76a-462b-abdd-6372ff10eab7}<br/>HKEY_CLASSES_ROOT\netster.bho<br/>HKEY_CLASSES_ROOT\netster.bho.1<br/>HKEY_CLASSES_ROOT\netster.initscript<br/>HKEY_CLASSES_ROOT\netster.initscript.1<br/>HKEY_CLASSES_ROOT\netster.netsterband<br/>HKEY_CLASSES_ROOT\netster.netsterband.1<br/>HKEY_CLASSES_ROOT\netster.netsterph<br/>HKEY_CLASSES_ROOT\netster.netsterph.1<br/>HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{b98f79f4-3619-49fb-a7e7-b737e58c5727}<br/>HKEY_CLASSES_ROOT\typelib\{e1c643a6-8b7b-4f28-b652-f712fe4f7402}<br/>HKEY_LOCAL_MACHINE\software\classes\clsid\{856d6a8e-a24c-498a-a55a-2b25c606a6b4}<br/>HKEY_LOCAL_MACHINE\software\classes\clsid\{b98f79f4-3619-49fb-a7e7-b737e58c5727}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{b98f79f4-3619-49fb-a7e7-b737e58c5727}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{856d6a8e-a24c-498a-a55a-2b25c606a6b4}<br/>HKEY_LOCAL_MACHINE\software\netster </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar </CODE> </p> <p> <h2>Removing Netster.Smart.Browse:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-21.blogspot.com/2009/01/sranda-trojan.html">Removing Sranda Trojan</a><br/><a href="http://trojan-list-67.blogspot.com/2009/01/dowqueaaj-trojan.html">Remove Dowque.AAJ Trojan</a><br/><a href="http://malware-info.blogspot.com/2009/01/lookup-adware.html">Lookup Adware Removal</a><br/><a href="http://trojan-list-96.blogspot.com/2009/01/filebackup-hostile-code.html">File.Backup Hostile Code Removal</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-3158068684511307046?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-24659697569630459892009-02-02T16:16:00.001-08:002009-02-02T16:16:01.233-08:00Removing WinFetcher <br/><strong>Categories:</strong> Adware<br/><em>Adware are programs that facilitate delivery for advertising content <br />to the user and in some cases gather information from the user's computer. <br /><br/> </em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%PROFILE_TEMP%]\WM_FUINS.bat<br/>[%PROFILE_TEMP%]\update_1.exe<br/>[%WINDOWS%]\temp\nr1beo9r.dll<br/>[%WINDOWS%]\temp\nr1beo9r.exe<br/>[%WINDOWS%]\temp\winwildapp.exe<br/>[%WINDOWS%]\temp\_istmp4.dir\_istmp0.dir\29389bdd.dll<br/>[%PROFILE_TEMP%]\WM_FUINS.bat<br/>[%PROFILE_TEMP%]\update_1.exe<br/>[%WINDOWS%]\temp\nr1beo9r.dll<br/>[%WINDOWS%]\temp\nr1beo9r.exe<br/>[%WINDOWS%]\temp\winwildapp.exe<br/>[%WINDOWS%]\temp\_istmp4.dir\_istmp0.dir\29389bdd.dll </CODE> <p><h2>How to detect WinFetcher:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%PROFILE_TEMP%]\WM_FUINS.bat<br/>[%PROFILE_TEMP%]\update_1.exe<br/>[%WINDOWS%]\temp\nr1beo9r.dll<br/>[%WINDOWS%]\temp\nr1beo9r.exe<br/>[%WINDOWS%]\temp\winwildapp.exe<br/>[%WINDOWS%]\temp\_istmp4.dir\_istmp0.dir\29389bdd.dll<br/>[%PROFILE_TEMP%]\WM_FUINS.bat<br/>[%PROFILE_TEMP%]\update_1.exe<br/>[%WINDOWS%]\temp\nr1beo9r.dll<br/>[%WINDOWS%]\temp\nr1beo9r.exe<br/>[%WINDOWS%]\temp\winwildapp.exe<br/>[%WINDOWS%]\temp\_istmp4.dir\_istmp0.dir\29389bdd.dll </CODE> </p> <p><strong>Folders:</strong> <CODE> <br/>[%PROFILE_TEMP%]\winwildapp.exe </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\wildmedia </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run </CODE> </p> <p> <h2>Removing WinFetcher:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-42.blogspot.com/2009/01/vxidlbfn-trojan.html">Vxidl.BFN Trojan Removal instruction</a><br/><a href="http://trojan-list-92.blogspot.com/2009/01/agobotaz-trojan.html">Removing Agobot.az Trojan</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-2465969756963045989?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-57595944806806876792009-02-02T15:43:00.001-08:002009-02-02T15:43:36.615-08:00Removing Brave.A <br/><strong>Categories:</strong> Trojan<br/><em>This category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/></em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%SYSTEM%]\adirss.exe<br/>[%SYSTEM%]\adirss.exe </CODE> <p><h2>How to detect Brave.A:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%SYSTEM%]\adirss.exe<br/>[%SYSTEM%]\adirss.exe </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run </CODE> </p> <p> <h2>Removing Brave.A:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojanpedia-infections-keylogger.blogspot.com/2009/01/bancoshgx-trojan.html">Bancos.HGX Trojan Removal</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-5759594480680687679?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-71031332078591981842009-02-02T14:47:00.001-08:002009-02-02T14:47:31.958-08:00Removing WinADiscount <br/><strong>Categories:</strong> Adware<br/><em>Adware are programs that facilitate delivery for <strong>advertising content</strong> <br />to the user and in some cases gather information from the user's computer, <br />including information related to Internet browser usage or other computer habits<br/> </em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%PROGRAM_FILES%]\winadiscount\cache\adwin.exe<br/>[%PROGRAM_FILES%]\winadiscount\cache\bundle.cfg<br/>[%PROGRAM_FILES%]\winadiscount\cache\combosearch_button_1.acs<br/>[%PROGRAM_FILES%]\winadiscount\cache\eraser001.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\hide002.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\logo.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\movies001.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\popupblocker002.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\search013.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\searchresults.xsl<br/>[%PROGRAM_FILES%]\winadiscount\cache\shopping004.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\sk.ini<br/>[%PROGRAM_FILES%]\winadiscount\cache\skbho.dll<br/>[%PROGRAM_FILES%]\winadiscount\cache\uninstall001.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\weather003.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\winadiscounttb0401.cfg<br/>[%PROGRAM_FILES%]\winadiscount\toolbar.ini<br/>[%PROGRAM_FILES%]\winadiscount\uninstall.exe<br/>[%PROGRAM_FILES%]\winadiscount\winadiscount.dll<br/>[%PROGRAM_FILES%]\winadiscount\cache\adwin.exe<br/>[%PROGRAM_FILES%]\winadiscount\cache\bundle.cfg<br/>[%PROGRAM_FILES%]\winadiscount\cache\combosearch_button_1.acs<br/>[%PROGRAM_FILES%]\winadiscount\cache\eraser001.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\hide002.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\logo.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\movies001.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\popupblocker002.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\search013.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\searchresults.xsl<br/>[%PROGRAM_FILES%]\winadiscount\cache\shopping004.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\sk.ini<br/>[%PROGRAM_FILES%]\winadiscount\cache\skbho.dll<br/>[%PROGRAM_FILES%]\winadiscount\cache\uninstall001.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\weather003.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\winadiscounttb0401.cfg<br/>[%PROGRAM_FILES%]\winadiscount\toolbar.ini<br/>[%PROGRAM_FILES%]\winadiscount\uninstall.exe<br/>[%PROGRAM_FILES%]\winadiscount\winadiscount.dll </CODE> <p><h2>How to detect WinADiscount:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%PROGRAM_FILES%]\winadiscount\cache\adwin.exe<br/>[%PROGRAM_FILES%]\winadiscount\cache\bundle.cfg<br/>[%PROGRAM_FILES%]\winadiscount\cache\combosearch_button_1.acs<br/>[%PROGRAM_FILES%]\winadiscount\cache\eraser001.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\hide002.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\logo.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\movies001.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\popupblocker002.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\search013.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\searchresults.xsl<br/>[%PROGRAM_FILES%]\winadiscount\cache\shopping004.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\sk.ini<br/>[%PROGRAM_FILES%]\winadiscount\cache\skbho.dll<br/>[%PROGRAM_FILES%]\winadiscount\cache\uninstall001.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\weather003.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\winadiscounttb0401.cfg<br/>[%PROGRAM_FILES%]\winadiscount\toolbar.ini<br/>[%PROGRAM_FILES%]\winadiscount\uninstall.exe<br/>[%PROGRAM_FILES%]\winadiscount\winadiscount.dll<br/>[%PROGRAM_FILES%]\winadiscount\cache\adwin.exe<br/>[%PROGRAM_FILES%]\winadiscount\cache\bundle.cfg<br/>[%PROGRAM_FILES%]\winadiscount\cache\combosearch_button_1.acs<br/>[%PROGRAM_FILES%]\winadiscount\cache\eraser001.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\hide002.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\logo.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\movies001.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\popupblocker002.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\search013.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\searchresults.xsl<br/>[%PROGRAM_FILES%]\winadiscount\cache\shopping004.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\sk.ini<br/>[%PROGRAM_FILES%]\winadiscount\cache\skbho.dll<br/>[%PROGRAM_FILES%]\winadiscount\cache\uninstall001.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\weather003.bmp<br/>[%PROGRAM_FILES%]\winadiscount\cache\winadiscounttb0401.cfg<br/>[%PROGRAM_FILES%]\winadiscount\toolbar.ini<br/>[%PROGRAM_FILES%]\winadiscount\uninstall.exe<br/>[%PROGRAM_FILES%]\winadiscount\winadiscount.dll </CODE> </p> <p><strong>Folders:</strong> <CODE> <br/>[%PROGRAM_FILES%]\winadiscount\cache\newcfg </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\clsid\{4961a993-7f48-4c50-a30e-d597ac571707}<br/>HKEY_CURRENT_USER\software\winadiscount\config<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4961a993-7f48-4c50-a30e-d597ac571707}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4e7bd74f-2b8d-469e-87be-a334b786b339} </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-87be-a334b786b339}\inprocserver32<br/>HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-87be-a334b786b33a}\inprocserver32<br/>HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-87be-a334b786b33b}\inprocserver32<br/>HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser<br/>HKEY_CURRENT_USER\software\winadiscount<br/>HKEY_CURRENT_USER\software\winadiscount<br/>HKEY_CURRENT_USER\software\winadiscount<br/>HKEY_CURRENT_USER\software\winadiscount<br/>HKEY_CURRENT_USER\software\winadiscount<br/>HKEY_CURRENT_USER\software\winadiscount<br/>HKEY_CURRENT_USER\software\winadiscount<br/>HKEY_CURRENT_USER\software\winadiscount<br/>HKEY_CURRENT_USER\software\winadiscount<br/>HKEY_CURRENT_USER\software\winadiscount<br/>HKEY_CURRENT_USER\software\winadiscount<br/>HKEY_CURRENT_USER\software\winadiscount<br/>HKEY_CURRENT_USER\software\winadiscount<br/>HKEY_CURRENT_USER\software\winadiscount\ages<br/>HKEY_CURRENT_USER\software\winadiscount\ages<br/>HKEY_CURRENT_USER\software\winadiscount\ages<br/>HKEY_CURRENT_USER\software\winadiscount\options<br/>HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\winadiscount<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\winadiscount </CODE> </p> <p> <h2>Removing WinADiscount:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-98.blogspot.com/2009/02/inserviceja-downloader.html">INService.ja Downloader Removal instruction</a><br/><a href="http://trojan-list-19.blogspot.com/2009/01/toolband-bho.html">toolband BHO Removal instruction</a><br/><a href="http://trojan-list-57.blogspot.com/2009/01/stealthwebpagerecorder-spyware.html">Remove Stealth.Web.Page.Recorder Spyware</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-7103133207859198184?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-64775394890307509922009-02-02T14:27:00.001-08:002009-02-02T14:27:36.580-08:00Removing KCGame <br/><strong>Categories:</strong> RAT<br/><em>Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on <br />April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack. <br /><br/></em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%WINDOWS%]\system\winsys.exe<br/>[%WINDOWS%]\system\y!.ocx<br/>[%WINDOWS%]\system\winsys.exe<br/>[%WINDOWS%]\system\y!.ocx </CODE> <p><h2>How to detect KCGame:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%WINDOWS%]\system\winsys.exe<br/>[%WINDOWS%]\system\y!.ocx<br/>[%WINDOWS%]\system\winsys.exe<br/>[%WINDOWS%]\system\y!.ocx </CODE> </p> <p> <h2>Removing KCGame:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-15.blogspot.com/2009/01/fakeloginforyahoo-trojan.html">Fake.login.for.Yahoo! Trojan Information</a><br/><a href="http://trojan-list-10.blogspot.com/2009/01/archive-trojan.html">Archive Trojan Symptoms</a><br/><a href="http://malware-info.blogspot.com/2009/01/netcontrol-spyware.html">Removing NetControl Spyware</a><br/><a href="http://virusinfo-0108.blogspot.com/2009/01/vbsflood-trojan.html">VBS.Flood Trojan Removal instruction</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-6477539489030750992?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-84352061471657881522009-02-02T14:00:00.001-08:002009-02-02T14:00:13.190-08:00Removing AntiLamer <br/><strong>Categories:</strong> Trojan,Backdoor,RAT<br/><em>This category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/><strong>Backdoors are the most dangerous type of Trojans</strong> and the most popular. <br /><strong>Backdoors open infected machines</strong> to external control via Internet. <br />They function in the same way as legal remote administration programs used by system administrators. <br />This makes them difficult to detect.<br/> <br /><strong>Backdoors</strong> are installed and launched without the consent of the user of computer. <br />Often the backdoor will not be visible in the log of active programs.<br/> <br />Once a backdoor has been successfully launched, the computer is wide open. <br />Backdoor functions can include:<br/> <br /> <ul> <br /> <li> Launching/ deleting files</li> <br /> <li> Sending/ receiving files</li> <br /> <li> Deleting data</li> <br /> <li> Displaying notification</li> <br /> <li> Rebooting the machine</li> <br /> <li> Executing files</li> <br /> </ul> <br /><br/> <br /><strong>Backdoors are used by virus writers to detect and download confidential information</strong>, <br />execute malicious code, destroy data, include the machine in bot networks and so forth. <br />Backdoors combine the functionality of most other types of in one package.<br/> <br />Backdoors have one especially dangerous sub-class: variants that can propagate like worms. <br/>Many trojans and backdoors now have <strong>remote administration capabilities</strong> <br />allowing an individual to control the victim's computer. <br />Many times a file called the server must be opened on the victim's computer before <br />the trojan can have access to it.<br/> <br />These are generally sent through email, P2P file sharing software, <br />and in internet downloads. They are usually disguised as a legitimate program or file. <br />Many server files will display a fake error message when opened, to make it seem like it didn't open. <br />Some will also kill antivirus and firewall software.<br/> <br />Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on <br />April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack. <br />They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray, <br />and swap mouse buttons. However, they can be quite hard to remove.<br/></em><hr/><string>AntiLamer Also known as:</strong><br/><code><br/>[Kaspersky]Backdoor.Antilam.13.b,Backdoor.Antilam.14.a,Backdoor.Antilam.14.c,Backdoor.FC.a,TrojanDropper.Win32.ZomJoiner.10,Backdoor.Antilam.20.a,Backdoor.Antilam.20.k,Backdoor.Antilam.11,Backdoor.Antilam.g1,Backdoor.Antilam.20.l,Backdoor.Antilam.20.m,Backdoor.Antilam.14.b;<br/>[Eset]Win32/Antilam.13.B trojan,Win32/Antilam.14.A trojan,Win32/Antilam.14.C trojan,Win32/TrojanDropper.Antivirus.10 trojan,Win32/Antilam.20 trojan,Win32/Antilam.20.K trojan,Win32/Antilam.20.L trojan,Win32/Antilam.20.M trojan,Win32/Antilam.14.B trojan;<br/>[McAfee]BackDoor-AED,MultiDropper-DN.cfg,BackDoor-AJW;<br/>[F-Prot]security risk or a "backdoor" program,security risk named W32/AntiLam.B;<br/>[Panda]Backdoor Program,Bck/Antilam,Bck/AntiLam.14,Trojan Horse,Bck/Antilam.F;<br/>[Computer Associates]Backdoor/Latinus Server family,Win32.Antilam.13.B,Backdoor/Antilam.14.c,Win32.Antilam.14,Backdoor/Antilam.20,Backdoor/Antilam.20.k,Backdoor/AntiLamer Server family,Win32.Antilam.20,Backdoor/AntiLam,Backdoor/Antilam.20.m,Win32.Antilam.D,Win32/Antilam.14!Trojan</code> <p><h2>How to detect AntiLamer:</h2></p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run </CODE> </p> <p> <h2>Removing AntiLamer:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-23.blogspot.com/2009/01/advsearch-adware.html">AdvSearch Adware Information</a><br/><a href="http://trojan-list-40.blogspot.com/2009/01/aimwatch-trojan.html">AIM.Watch Trojan Removal instruction</a><br/><a href="http://trojan-list-04.blogspot.com/2009/01/nympho-trojan.html">Remove Nympho Trojan</a><br/><a href="http://trojan-list-51.blogspot.com/2009/01/pingserver-rat.html">Ping.Server RAT Removal instruction</a><br/><a href="http://trojan-list-47.blogspot.com/2009/01/pigeoneki-trojan.html">Removing Pigeon.EKI Trojan</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-8435206147165788152?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-36182473114880634172009-02-02T13:35:00.001-08:002009-02-02T13:35:38.405-08:00Removing Deskbar <br/><strong>Categories:</strong> Adware,Hijacker,Toolbar<br/><em>Adware are programs that facilitate delivery for advertising content <br />to the user and in some cases gather information from the user's computer. <br /><br/> <strong>Hijackers are software programs that modify users' default browser home page</strong>, <br />search settings, error page settings, or desktop wallpaper without adequate notice, disclosure, <br />or user consent.<br/> <br />When the default home page is hijacked, the browser opens to the web page set by the hijacker <br />instead of the user's designated home page. In some cases, the hijacker may block users from <br />restoring their desired home page.<br/> <br />A <strong>search hijacker</strong> redirects search results to other pages and may <br />transmit search and browsing data to unknown servers. An error page hijacker directs <br />the browser to another page, usually an advertising page, instead of the usual error <br />page when the requested URL is not found.<br/> <br />A <strong>desktop hijacker</strong> replaces the desktop wallpaper with advertising <br />for products and services on the desktop.<br/> <br />Hijackers take control of various parts of your web browser, including your home page, <br />search pages, and search bar. They may also redirect you to certain sites should you <br />mistype an address or prevent you from going to a website they would rather you not, <br />such as sites that combat malware. Some will even redirect you to their own search engine <br />when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.<br/>Toolbar presents itself as a <strong>helpful add-on for Internet Explorer</strong> but it is a real pest. <br />It replaces your start page, continuosly open a number of pop up windows and so on. <br/> </em><hr/><string>Deskbar Also known as:</strong><br/><code><br/>[Other]desktop bar,Adware.Look2Me</code><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpyLocked 3.1.lnk<br/>[%DESKTOP%]\SpyLocked.lnk<br/>[%PROGRAM_FILES%]\DeskAlerts\deskbar.dll<br/>[%PROGRAM_FILES%]\Deskbar\deskbar.dll<br/>[%STARTMENU%]\SpyLocked 3.1.lnk<br/>[%SYSTEM%]\Deskbar\deskbar.dll<br/>[%SYSTEM%]\Favorites\deskbar.dll<br/>[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpyLocked 3.1.lnk<br/>[%DESKTOP%]\SpyLocked.lnk<br/>[%PROGRAM_FILES%]\DeskAlerts\deskbar.dll<br/>[%PROGRAM_FILES%]\Deskbar\deskbar.dll<br/>[%STARTMENU%]\SpyLocked 3.1.lnk<br/>[%SYSTEM%]\Deskbar\deskbar.dll<br/>[%SYSTEM%]\Favorites\deskbar.dll </CODE> <p><h2>How to detect Deskbar:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpyLocked 3.1.lnk<br/>[%DESKTOP%]\SpyLocked.lnk<br/>[%PROGRAM_FILES%]\DeskAlerts\deskbar.dll<br/>[%PROGRAM_FILES%]\Deskbar\deskbar.dll<br/>[%STARTMENU%]\SpyLocked 3.1.lnk<br/>[%SYSTEM%]\Deskbar\deskbar.dll<br/>[%SYSTEM%]\Favorites\deskbar.dll<br/>[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpyLocked 3.1.lnk<br/>[%DESKTOP%]\SpyLocked.lnk<br/>[%PROGRAM_FILES%]\DeskAlerts\deskbar.dll<br/>[%PROGRAM_FILES%]\Deskbar\deskbar.dll<br/>[%STARTMENU%]\SpyLocked 3.1.lnk<br/>[%SYSTEM%]\Deskbar\deskbar.dll<br/>[%SYSTEM%]\Favorites\deskbar.dll </CODE> </p> <p><strong>Folders:</strong> <CODE> <br/>[%PROGRAMS%]\SpyLocked<br/>[%PROGRAM_FILES%]\SpyLocked<br/>[%PROGRAM_FILES%]\Deskbar </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\CLSID\{1F101905-C9C7-4B92-BDE6-4F8E76C5A7DB}<br/>HKEY_CLASSES_ROOT\CLSID\{5121B863-FAE8-4935-BA76-0ABE0239AECA}<br/>HKEY_CLASSES_ROOT\CLSID\{652383EE-CA01-4aec-A763-50A08062AC58}<br/>HKEY_CLASSES_ROOT\CLSID\{65E03378-E22E-4F50-BE9D-588A889B24C9}<br/>HKEY_CLASSES_ROOT\CLSID\{67A8D847-B79F-403e-8D2B-D2CADE3A967F}<br/>HKEY_CLASSES_ROOT\CLSID\{69DACF5A-70EF-4363-A036-89450346121F}<br/>HKEY_CLASSES_ROOT\CLSID\{9DD77D09-901B-4af0-8F89-812950DB6FF2}<br/>HKEY_CLASSES_ROOT\clsid\{a8b28872-3324-4cd2-8aa3-7d555c872d96}<br/>HKEY_CLASSES_ROOT\CLSID\{CC79522A-9E3B-4bc9-9218-D95EC5DA5349}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C5B5226-045D-4A46-B4FC-228B0891FEEC}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{314120E4-5A05-492C-9BF2-22558CF0F202}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{392D4A36-6ADF-4A99-A820-3014A53E62E3}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3BF6C840-4D12-4FB5-88A2-E2BC03461DC2}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{42F16135-D0A4-43A2-990C-27FCABD9C19F}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{43DF1CEE-70B3-4E2D-A740-4AC468786207}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5CA1A9F6-10F8-4008-B884-755B25B6848A}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{630CBF61-54CC-4AC3-97B0-D4071345807C}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AFB5B8E-ACFD-4489-91B3-DAA1388A31EC}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{815B01A0-BF97-41E9-ACF2-32B76F98A960}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C5BF4465-5322-462F-B41F-459F649F3996}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E4703CF2-7F82-4AD7-B317-8EC1CBC9B619}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E9817993-83FF-4343-B14E-6CDFB378B21D}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EDE2A2B4-B1CB-4BF8-93D1-154E49284A71}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F5D23930-23C6-440E-AB55-D019E1171539}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{50450F27-B90B-422B-A4C9-5EC5A5B78001}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyLocked.exe<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F101905-C9C7-4B92-BDE6-4F8E76C5A7DB}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5121B863-FAE8-4935-BA76-0ABE0239AECA}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{652383EE-CA01-4aec-A763-50A08062AC58}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65E03378-E22E-4F50-BE9D-588A889B24C9}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67A8D847-B79F-403e-8D2B-D2CADE3A967F}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69DACF5A-70EF-4363-A036-89450346121F}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9DD77D09-901B-4af0-8F89-812950DB6FF2}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8B28872-3324-4CD2-8AA3-7D555C872D96}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC79522A-9E3B-4bc9-9218-D95EC5DA5349}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyLocked<br/>HKEY_LOCAL_MACHINE\SOFTWARE\SpyLocked<br/>HKEY_CLASSES_ROOT\clsid\{d7cc80d4-376c-4586-b023-4f35c2ceb28e}<br/>HKEY_CLASSES_ROOT\clsid\{d8c2d4b4-eeaf-4ec4-b1f8-9b6ed15d5a38}<br/>HKEY_CLASSES_ROOT\dbtb00001.dbtb00001<br/>HKEY_CLASSES_ROOT\dbtb00001.dbtb00001.1<br/>HKEY_CLASSES_ROOT\dbtb00001.deskbar<br/>HKEY_CLASSES_ROOT\dbtb00001.deskbar.1<br/>HKEY_CLASSES_ROOT\dbtb00001.deskbarbho<br/>HKEY_CLASSES_ROOT\dbtb00001.deskbarbho.1<br/>HKEY_CLASSES_ROOT\dbtb00001.deskbarenabler<br/>HKEY_CLASSES_ROOT\dbtb00001.deskbarenabler.1<br/>HKEY_CLASSES_ROOT\interface\{8f15b157-40d9-4b20-8d3b-b1f8b475b58d}<br/>HKEY_CLASSES_ROOT\interface\{a0881aa1-68be-41ac-9c0d-4c8a69c6c72c}<br/>HKEY_CLASSES_ROOT\interface\{e827ffd9-95d1-4b49-beb3-5d49e688c108}<br/>HKEY_CLASSES_ROOT\typelib\{a4c8f181-6cdb-4dcc-9fc9-bb9933c81e1f}<br/>HKEY_CURRENT_USER\software\dbtb00001<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{a8b28872-3324-4cd2-8aa3-7d555c872d96}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\dbtb00001.dbtb00001deskbar </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks </CODE> </p> <p> <h2>Removing Deskbar:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-62.blogspot.com/2009/01/palremover-ransomware.html">pal.remover Ransomware Cleaner</a><br/><a href="http://virusinfo-4832.blogspot.com/2009/01/pcremotecontrol-rat.html">PC.Remote.Control RAT Removal instruction</a><br/><a href="http://virusinfo-3403.blogspot.com/2009/02/sillydlcpd-trojan.html">SillyDl.CPD Trojan Cleaner</a><br/><a href="http://virusinfo-2228.blogspot.com/2009/01/haxspy-trojan.html">Remove Haxspy Trojan</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-3618247311488063417?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-30508048029289464472009-02-02T13:27:00.001-08:002009-02-02T13:27:33.175-08:00Removing Zlob.Fam.ProtectionBar <br/><strong>Categories:</strong> Trojan,Popups<br/><em>This loose category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/> <br />Multi-purpose Trojans are also included in this group, as some virus writers <br />create multi-functional Trojans rather than Trojan packs.<br/>Adware is the class of programs that <strong>place advertisements on your screen</strong>. <br />These may be in the form of pop-ups, pop-unders, advertisements embedded in programs, <br />advertisements placed on top of ads in web sites, or any other way the authors can <br />think of showing you an ad.<br/> <br />The pop-ups generally will not be stopped by pop-up stoppers, and often are <br />not dependent on your having Internet Explorer open. <br />They may show up when you are playing a game, writing a document, listening to music, <br />or anything else. Should you be surfing, the advertisements will often be related to <br />the web page you are viewing. <br/></em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%PROGRAM_FILES%]\Brain Codec\iesplugin.dll<br/>[%PROGRAM_FILES%]\Gold Codec\iesplugin.dll<br/>[%PROGRAM_FILES%]\Gold Codec\isaddon.dll<br/>[%PROGRAM_FILES%]\Image Access ActiveX Object\iesplugin.dll<br/>[%PROGRAM_FILES%]\Image Access ActiveX Object\isadd.dll<br/>[%PROGRAM_FILES%]\Image ActiveX Access\iesplg.dll<br/>[%PROGRAM_FILES%]\Image ActiveX Object\iesplugin.dll<br/>[%PROGRAM_FILES%]\Image ActiveX Object\isadd.dll<br/>[%PROGRAM_FILES%]\Image ActiveX Object\isaddon.dll<br/>[%PROGRAM_FILES%]\Image AX Object\bpvol.dll<br/>[%PROGRAM_FILES%]\Image AX Object\splug.dll<br/>[%PROGRAM_FILES%]\IntCodec\iesplugin.dll<br/>[%PROGRAM_FILES%]\Internet Security\iesplugin.dll<br/>[%PROGRAM_FILES%]\Internet Security\isadd.dll<br/>[%PROGRAM_FILES%]\iVideoCodec\isaddon.dll<br/>[%PROGRAM_FILES%]\Key Generator\iesplugin.dll<br/>[%PROGRAM_FILES%]\Key Generator\isadd.dll<br/>[%PROGRAM_FILES%]\Key Generator\isaddon.dll<br/>[%PROGRAM_FILES%]\Media-Codec\iesplugin.dll<br/>[%PROGRAM_FILES%]\Media-Codec\isaddon.dll<br/>[%PROGRAM_FILES%]\MediaCodec\isaddon.dll<br/>[%PROGRAM_FILES%]\MMediaCodec\iesplugin.dll<br/>[%PROGRAM_FILES%]\MMediaCodec\isaddon.dll<br/>[%PROGRAM_FILES%]\PCODEC\iesplugin.dll<br/>[%PROGRAM_FILES%]\Perfect Codec\iesplugin.dll<br/>[%PROGRAM_FILES%]\Perfect Codec\isaddon.dll<br/>[%PROGRAM_FILES%]\Protection Tools\bpvol.dll<br/>[%PROGRAM_FILES%]\Protection Tools\splug.dll<br/>[%PROGRAM_FILES%]\QualityCodec\iesplugin.dll<br/>[%PROGRAM_FILES%]\QualityCodec\isaddon.dll<br/>[%PROGRAM_FILES%]\Security Tools\iesplg.dll<br/>[%PROGRAM_FILES%]\strCodec\iesplugin.dll<br/>[%PROGRAM_FILES%]\strCodec\isaddon.dll<br/>[%PROGRAM_FILES%]\VidCodecs\isaddon.dll<br/>[%PROGRAM_FILES%]\Video Access ActiveX Object\iesplugin.dll<br/>[%PROGRAM_FILES%]\Video Access ActiveX Object\isadd.dll<br/>[%PROGRAM_FILES%]\Video ActiveX Access\iesbpl.dll<br/>[%PROGRAM_FILES%]\Video ActiveX Access\iesplg.dll<br/>[%PROGRAM_FILES%]\Video ActiveX Object\iesplugin.dll<br/>[%PROGRAM_FILES%]\Video ActiveX Object\isadd.dll<br/>[%PROGRAM_FILES%]\Video ActiveX Object\isaddon.dll<br/>[%PROGRAM_FILES%]\Video AX Object\bpvol.dll<br/>[%PROGRAM_FILES%]\Video AX Object\splug.dll<br/>[%PROGRAM_FILES%]\VideoKeyCodec\isaddon.dll<br/>[%SYSTEM%]\iesplg.dll<br/>[%PROGRAM_FILES%]\Brain Codec\iesplugin.dll<br/>[%PROGRAM_FILES%]\Gold Codec\iesplugin.dll<br/>[%PROGRAM_FILES%]\Gold Codec\isaddon.dll<br/>[%PROGRAM_FILES%]\Image Access ActiveX Object\iesplugin.dll<br/>[%PROGRAM_FILES%]\Image Access ActiveX Object\isadd.dll<br/>[%PROGRAM_FILES%]\Image ActiveX Access\iesplg.dll<br/>[%PROGRAM_FILES%]\Image ActiveX Object\iesplugin.dll<br/>[%PROGRAM_FILES%]\Image ActiveX Object\isadd.dll<br/>[%PROGRAM_FILES%]\Image ActiveX Object\isaddon.dll<br/>[%PROGRAM_FILES%]\Image AX Object\bpvol.dll<br/>[%PROGRAM_FILES%]\Image AX Object\splug.dll<br/>[%PROGRAM_FILES%]\IntCodec\iesplugin.dll<br/>[%PROGRAM_FILES%]\Internet Security\iesplugin.dll<br/>[%PROGRAM_FILES%]\Internet Security\isadd.dll<br/>[%PROGRAM_FILES%]\iVideoCodec\isaddon.dll<br/>[%PROGRAM_FILES%]\Key Generator\iesplugin.dll<br/>[%PROGRAM_FILES%]\Key Generator\isadd.dll<br/>[%PROGRAM_FILES%]\Key Generator\isaddon.dll<br/>[%PROGRAM_FILES%]\Media-Codec\iesplugin.dll<br/>[%PROGRAM_FILES%]\Media-Codec\isaddon.dll<br/>[%PROGRAM_FILES%]\MediaCodec\isaddon.dll<br/>[%PROGRAM_FILES%]\MMediaCodec\iesplugin.dll<br/>[%PROGRAM_FILES%]\MMediaCodec\isaddon.dll<br/>[%PROGRAM_FILES%]\PCODEC\iesplugin.dll<br/>[%PROGRAM_FILES%]\Perfect Codec\iesplugin.dll<br/>[%PROGRAM_FILES%]\Perfect Codec\isaddon.dll<br/>[%PROGRAM_FILES%]\Protection Tools\bpvol.dll<br/>[%PROGRAM_FILES%]\Protection Tools\splug.dll<br/>[%PROGRAM_FILES%]\QualityCodec\iesplugin.dll<br/>[%PROGRAM_FILES%]\QualityCodec\isaddon.dll<br/>[%PROGRAM_FILES%]\Security Tools\iesplg.dll<br/>[%PROGRAM_FILES%]\strCodec\iesplugin.dll<br/>[%PROGRAM_FILES%]\strCodec\isaddon.dll<br/>[%PROGRAM_FILES%]\VidCodecs\isaddon.dll<br/>[%PROGRAM_FILES%]\Video Access ActiveX Object\iesplugin.dll<br/>[%PROGRAM_FILES%]\Video Access ActiveX Object\isadd.dll<br/>[%PROGRAM_FILES%]\Video ActiveX Access\iesbpl.dll<br/>[%PROGRAM_FILES%]\Video ActiveX Access\iesplg.dll<br/>[%PROGRAM_FILES%]\Video ActiveX Object\iesplugin.dll<br/>[%PROGRAM_FILES%]\Video ActiveX Object\isadd.dll<br/>[%PROGRAM_FILES%]\Video ActiveX Object\isaddon.dll<br/>[%PROGRAM_FILES%]\Video AX Object\bpvol.dll<br/>[%PROGRAM_FILES%]\Video AX Object\splug.dll<br/>[%PROGRAM_FILES%]\VideoKeyCodec\isaddon.dll<br/>[%SYSTEM%]\iesplg.dll </CODE> <p><h2>How to detect Zlob.Fam.ProtectionBar:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%PROGRAM_FILES%]\Brain Codec\iesplugin.dll<br/>[%PROGRAM_FILES%]\Gold Codec\iesplugin.dll<br/>[%PROGRAM_FILES%]\Gold Codec\isaddon.dll<br/>[%PROGRAM_FILES%]\Image Access ActiveX Object\iesplugin.dll<br/>[%PROGRAM_FILES%]\Image Access ActiveX Object\isadd.dll<br/>[%PROGRAM_FILES%]\Image ActiveX Access\iesplg.dll<br/>[%PROGRAM_FILES%]\Image ActiveX Object\iesplugin.dll<br/>[%PROGRAM_FILES%]\Image ActiveX Object\isadd.dll<br/>[%PROGRAM_FILES%]\Image ActiveX Object\isaddon.dll<br/>[%PROGRAM_FILES%]\Image AX Object\bpvol.dll<br/>[%PROGRAM_FILES%]\Image AX Object\splug.dll<br/>[%PROGRAM_FILES%]\IntCodec\iesplugin.dll<br/>[%PROGRAM_FILES%]\Internet Security\iesplugin.dll<br/>[%PROGRAM_FILES%]\Internet Security\isadd.dll<br/>[%PROGRAM_FILES%]\iVideoCodec\isaddon.dll<br/>[%PROGRAM_FILES%]\Key Generator\iesplugin.dll<br/>[%PROGRAM_FILES%]\Key Generator\isadd.dll<br/>[%PROGRAM_FILES%]\Key Generator\isaddon.dll<br/>[%PROGRAM_FILES%]\Media-Codec\iesplugin.dll<br/>[%PROGRAM_FILES%]\Media-Codec\isaddon.dll<br/>[%PROGRAM_FILES%]\MediaCodec\isaddon.dll<br/>[%PROGRAM_FILES%]\MMediaCodec\iesplugin.dll<br/>[%PROGRAM_FILES%]\MMediaCodec\isaddon.dll<br/>[%PROGRAM_FILES%]\PCODEC\iesplugin.dll<br/>[%PROGRAM_FILES%]\Perfect Codec\iesplugin.dll<br/>[%PROGRAM_FILES%]\Perfect Codec\isaddon.dll<br/>[%PROGRAM_FILES%]\Protection Tools\bpvol.dll<br/>[%PROGRAM_FILES%]\Protection Tools\splug.dll<br/>[%PROGRAM_FILES%]\QualityCodec\iesplugin.dll<br/>[%PROGRAM_FILES%]\QualityCodec\isaddon.dll<br/>[%PROGRAM_FILES%]\Security Tools\iesplg.dll<br/>[%PROGRAM_FILES%]\strCodec\iesplugin.dll<br/>[%PROGRAM_FILES%]\strCodec\isaddon.dll<br/>[%PROGRAM_FILES%]\VidCodecs\isaddon.dll<br/>[%PROGRAM_FILES%]\Video Access ActiveX Object\iesplugin.dll<br/>[%PROGRAM_FILES%]\Video Access ActiveX Object\isadd.dll<br/>[%PROGRAM_FILES%]\Video ActiveX Access\iesbpl.dll<br/>[%PROGRAM_FILES%]\Video ActiveX Access\iesplg.dll<br/>[%PROGRAM_FILES%]\Video ActiveX Object\iesplugin.dll<br/>[%PROGRAM_FILES%]\Video ActiveX Object\isadd.dll<br/>[%PROGRAM_FILES%]\Video ActiveX Object\isaddon.dll<br/>[%PROGRAM_FILES%]\Video AX Object\bpvol.dll<br/>[%PROGRAM_FILES%]\Video AX Object\splug.dll<br/>[%PROGRAM_FILES%]\VideoKeyCodec\isaddon.dll<br/>[%SYSTEM%]\iesplg.dll<br/>[%PROGRAM_FILES%]\Brain Codec\iesplugin.dll<br/>[%PROGRAM_FILES%]\Gold Codec\iesplugin.dll<br/>[%PROGRAM_FILES%]\Gold Codec\isaddon.dll<br/>[%PROGRAM_FILES%]\Image Access ActiveX Object\iesplugin.dll<br/>[%PROGRAM_FILES%]\Image Access ActiveX Object\isadd.dll<br/>[%PROGRAM_FILES%]\Image ActiveX Access\iesplg.dll<br/>[%PROGRAM_FILES%]\Image ActiveX Object\iesplugin.dll<br/>[%PROGRAM_FILES%]\Image ActiveX Object\isadd.dll<br/>[%PROGRAM_FILES%]\Image ActiveX Object\isaddon.dll<br/>[%PROGRAM_FILES%]\Image AX Object\bpvol.dll<br/>[%PROGRAM_FILES%]\Image AX Object\splug.dll<br/>[%PROGRAM_FILES%]\IntCodec\iesplugin.dll<br/>[%PROGRAM_FILES%]\Internet Security\iesplugin.dll<br/>[%PROGRAM_FILES%]\Internet Security\isadd.dll<br/>[%PROGRAM_FILES%]\iVideoCodec\isaddon.dll<br/>[%PROGRAM_FILES%]\Key Generator\iesplugin.dll<br/>[%PROGRAM_FILES%]\Key Generator\isadd.dll<br/>[%PROGRAM_FILES%]\Key Generator\isaddon.dll<br/>[%PROGRAM_FILES%]\Media-Codec\iesplugin.dll<br/>[%PROGRAM_FILES%]\Media-Codec\isaddon.dll<br/>[%PROGRAM_FILES%]\MediaCodec\isaddon.dll<br/>[%PROGRAM_FILES%]\MMediaCodec\iesplugin.dll<br/>[%PROGRAM_FILES%]\MMediaCodec\isaddon.dll<br/>[%PROGRAM_FILES%]\PCODEC\iesplugin.dll<br/>[%PROGRAM_FILES%]\Perfect Codec\iesplugin.dll<br/>[%PROGRAM_FILES%]\Perfect Codec\isaddon.dll<br/>[%PROGRAM_FILES%]\Protection Tools\bpvol.dll<br/>[%PROGRAM_FILES%]\Protection Tools\splug.dll<br/>[%PROGRAM_FILES%]\QualityCodec\iesplugin.dll<br/>[%PROGRAM_FILES%]\QualityCodec\isaddon.dll<br/>[%PROGRAM_FILES%]\Security Tools\iesplg.dll<br/>[%PROGRAM_FILES%]\strCodec\iesplugin.dll<br/>[%PROGRAM_FILES%]\strCodec\isaddon.dll<br/>[%PROGRAM_FILES%]\VidCodecs\isaddon.dll<br/>[%PROGRAM_FILES%]\Video Access ActiveX Object\iesplugin.dll<br/>[%PROGRAM_FILES%]\Video Access ActiveX Object\isadd.dll<br/>[%PROGRAM_FILES%]\Video ActiveX Access\iesbpl.dll<br/>[%PROGRAM_FILES%]\Video ActiveX Access\iesplg.dll<br/>[%PROGRAM_FILES%]\Video ActiveX Object\iesplugin.dll<br/>[%PROGRAM_FILES%]\Video ActiveX Object\isadd.dll<br/>[%PROGRAM_FILES%]\Video ActiveX Object\isaddon.dll<br/>[%PROGRAM_FILES%]\Video AX Object\bpvol.dll<br/>[%PROGRAM_FILES%]\Video AX Object\splug.dll<br/>[%PROGRAM_FILES%]\VideoKeyCodec\isaddon.dll<br/>[%SYSTEM%]\iesplg.dll </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\CLSID\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}<br/>HKEY_CLASSES_ROOT\CLSID\{184746EC-9E9D-4C7D-B9E7-9039EBD801A9}<br/>HKEY_CLASSES_ROOT\CLSID\{192c5b4a-3efd-40c7-9f99-c472deb8efc0}<br/>HKEY_CLASSES_ROOT\CLSID\{1a1ddc19-5893-43ab-a73f-f41a0f34d115}<br/>HKEY_CLASSES_ROOT\CLSID\{1a29a79a-b9c8-44a9-bedf-7fadde3cf33f}<br/>HKEY_CLASSES_ROOT\CLSID\{202a961f-23ae-42b1-9505-ffe3c818d717}<br/>HKEY_CLASSES_ROOT\CLSID\{274c0420-ebe0-4f1d-b473-edd1aa9b85dd}<br/>HKEY_CLASSES_ROOT\CLSID\{2810fba5-55ec-4bee-8263-0e2fa5883768}<br/>HKEY_CLASSES_ROOT\CLSID\{31615D5C-5126-448A-818A-A7CDFEE85A9B}<br/>HKEY_CLASSES_ROOT\CLSID\{36ADA89D-2440-4DC4-820A-3A05E8630935}<br/>HKEY_CLASSES_ROOT\CLSID\{44d22a64-2399-4edf-8b32-f2c729c1e8a7}<br/>HKEY_CLASSES_ROOT\CLSID\{4734044c-7427-43d8-adbe-df942e52bef2}<br/>HKEY_CLASSES_ROOT\CLSID\{479fd0cf-5be9-4c63-8cda-b6d371c67bd5}<br/>HKEY_CLASSES_ROOT\CLSID\{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2}<br/>HKEY_CLASSES_ROOT\CLSID\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}<br/>HKEY_CLASSES_ROOT\CLSID\{74a49269-9779-48b4-a0e6-3a5af2a3ade6}<br/>HKEY_CLASSES_ROOT\CLSID\{7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8}<br/>HKEY_CLASSES_ROOT\CLSID\{7b4d79df-9ef0-429d-a0e9-d9b138c6a53b}<br/>HKEY_CLASSES_ROOT\CLSID\{84938242-5C5B-4A55-B6B9-A1507543B418}<br/>HKEY_CLASSES_ROOT\CLSID\{860c2f6b-ca82-4282-9187-beccbb66f0af}<br/>HKEY_CLASSES_ROOT\CLSID\{8aed5df3-6e0b-4930-b1a5-f8aa8d757497}<br/>HKEY_CLASSES_ROOT\CLSID\{8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d}<br/>HKEY_CLASSES_ROOT\CLSID\{96ebbe6a-2864-4345-b32b-26ee9be524b5}<br/>HKEY_CLASSES_ROOT\CLSID\{a2595f37-48d0-46a1-9b51-478591a97764}<br/>HKEY_CLASSES_ROOT\CLSID\{A6ACAE64-F798-4930-AD86-BD3FB32038DB}<br/>HKEY_CLASSES_ROOT\CLSID\{ae18da4e-be15-4925-81bb-890c04af0200}<br/>HKEY_CLASSES_ROOT\CLSID\{bf1ced2c-4b3f-4079-a330-864eda5a4cff}<br/>HKEY_CLASSES_ROOT\CLSID\{d1ac752e-883f-4ed8-8828-b618c3a72152}<br/>HKEY_CLASSES_ROOT\CLSID\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}<br/>HKEY_CLASSES_ROOT\CLSID\{d869742a-e5d2-4624-96c7-aae26170665e}<br/>HKEY_CLASSES_ROOT\CLSID\{F0993251-2512-4710-AF6E-0A13EA199D02}<br/>HKEY_CLASSES_ROOT\CLSID\{f7d40011-29bb-43eb-9c97-875ce89e9e36}<br/>HKEY_CLASSES_ROOT\CLSID\{fe2d25c1-c1db-4b5e-9390-af1cb5302f32}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{f7d40011-29bb-43eb-9c97-875ce89e9e36}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{184746EC-9E9D-4C7D-B9E7-9039EBD801A9}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{192c5b4a-3efd-40c7-9f99-c472deb8efc0}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a1ddc19-5893-43ab-a73f-f41a0f34d115}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{202a961f-23ae-42b1-9505-ffe3c818d717}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{274c0420-ebe0-4f1d-b473-edd1aa9b85dd}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2810fba5-55ec-4bee-8263-0e2fa5883768}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36ADA89D-2440-4DC4-820A-3A05E8630935}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4734044c-7427-43d8-adbe-df942e52bef2}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{479fd0cf-5be9-4c63-8cda-b6d371c67bd5}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b4d79df-9ef0-429d-a0e9-d9b138c6a53b}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d}<br/>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a2595f37-48d0-46a1-9b51-478591a97764}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6ACAE64-F798-4930-AD86-BD3FB32038DB}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ae18da4e-be15-4925-81bb-890c04af0200}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d869742a-e5d2-4624-96c7-aae26170665e}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f7d40011-29bb-43eb-9c97-875ce89e9e36}<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fe2d25c1-c1db-4b5e-9390-af1cb5302f32}<br/>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On<br/>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCODEC<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar </CODE> </p> <p> <h2>Removing Zlob.Fam.ProtectionBar:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-83.blogspot.com/2009/01/win32incommander-trojan.html">Win32.InCommander Trojan Information</a><br/><a href="http://info-blog-protect.blogspot.com/2009/01/iebar-hijacker.html">IEBAR Hijacker Removal instruction</a><br/><a href="http://viruslist-a.blogspot.com/2009/01/pigeonehb-trojan.html">Pigeon.EHB Trojan Removal</a><br/><a href="http://trojan-list-42.blogspot.com/2009/01/tequila-trojan.html">Removing Tequila Trojan</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-3050804802928946447?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-8765637400744264222009-02-02T12:51:00.001-08:002009-02-02T12:51:11.224-08:00Removing Ebates.MoneyMaker <br/><strong>Categories:</strong> Adware,Hacker Tool<br/><em>Adware are programs that facilitate delivery for advertising content <br />to the user and in some cases gather information from the user's computer. <br /><br/> Hacker Tools are designed to penetrate remote computers <br />in order to use them as zombies or to download other malicious programs to computer.<br/></em><hr/><string>Ebates.MoneyMaker Also known as:</strong><br/><code><br/>[Panda]Adware/MoeMoney,Adware/TopMoxie,HackTool/Jkill.A</code><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%PROFILE_TEMP%]\djebmm350.exe<br/>[%PROFILE_TEMP%]\temp.fr????\Ap350\psid399.dat<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_counv.htm<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_couyv.htm<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_non.htm<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_nv.htm<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\pref350a_dis.htm<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\scri350a.htm<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\spec350a_yv.htm<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_0.dat<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_2.dat<br/>[%PROFILE_TEMP%]\THI11E0.tmp\TRebates.exe<br/>[%PROFILE_TEMP%]\THI2BE3.tmp\TRebates.exe<br/>[%PROFILE_TEMP%]\THI376A.tmp\MMaker4b.exe<br/>[%PROFILE_TEMP%]\THI575D.tmp\TRebates.exe<br/>[%PROFILE_TEMP%]\THI76A.tmp\MMaker4b.exe<br/>[%PROGRAM_FILES%]\couponsandoffers\System\Code\o.class<br/>[%PROGRAM_FILES%]\couponsandoffers\System\Temp\couponsandoffers.exe<br/>[%PROGRAM_FILES%]\LimeShop\Popup.exe<br/>[%DESKTOP%]\earn money.lnk<br/>[%PROFILE_TEMP%]\ebatesmoemoneymaker.exe<br/>[%PROGRAM_FILES%]\care2gtu\popup.exe<br/>[%PROGRAM_FILES%]\couponsandoffers\couponsandoffers1.exe<br/>[%STARTMENU%]\casino.url<br/>[%WINDOWS%]\dkry.exe<br/>[%PROFILE_TEMP%]\djebmm350.exe<br/>[%PROFILE_TEMP%]\temp.fr????\Ap350\psid399.dat<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_counv.htm<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_couyv.htm<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_non.htm<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_nv.htm<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\pref350a_dis.htm<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\scri350a.htm<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\spec350a_yv.htm<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_0.dat<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_2.dat<br/>[%PROFILE_TEMP%]\THI11E0.tmp\TRebates.exe<br/>[%PROFILE_TEMP%]\THI2BE3.tmp\TRebates.exe<br/>[%PROFILE_TEMP%]\THI376A.tmp\MMaker4b.exe<br/>[%PROFILE_TEMP%]\THI575D.tmp\TRebates.exe<br/>[%PROFILE_TEMP%]\THI76A.tmp\MMaker4b.exe<br/>[%PROGRAM_FILES%]\couponsandoffers\System\Code\o.class<br/>[%PROGRAM_FILES%]\couponsandoffers\System\Temp\couponsandoffers.exe<br/>[%PROGRAM_FILES%]\LimeShop\Popup.exe<br/>[%DESKTOP%]\earn money.lnk<br/>[%PROFILE_TEMP%]\ebatesmoemoneymaker.exe<br/>[%PROGRAM_FILES%]\care2gtu\popup.exe<br/>[%PROGRAM_FILES%]\couponsandoffers\couponsandoffers1.exe<br/>[%STARTMENU%]\casino.url<br/>[%WINDOWS%]\dkry.exe </CODE> <p><h2>How to detect Ebates.MoneyMaker:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%PROFILE_TEMP%]\djebmm350.exe<br/>[%PROFILE_TEMP%]\temp.fr????\Ap350\psid399.dat<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_counv.htm<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_couyv.htm<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_non.htm<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_nv.htm<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\pref350a_dis.htm<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\scri350a.htm<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\spec350a_yv.htm<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_0.dat<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_2.dat<br/>[%PROFILE_TEMP%]\THI11E0.tmp\TRebates.exe<br/>[%PROFILE_TEMP%]\THI2BE3.tmp\TRebates.exe<br/>[%PROFILE_TEMP%]\THI376A.tmp\MMaker4b.exe<br/>[%PROFILE_TEMP%]\THI575D.tmp\TRebates.exe<br/>[%PROFILE_TEMP%]\THI76A.tmp\MMaker4b.exe<br/>[%PROGRAM_FILES%]\couponsandoffers\System\Code\o.class<br/>[%PROGRAM_FILES%]\couponsandoffers\System\Temp\couponsandoffers.exe<br/>[%PROGRAM_FILES%]\LimeShop\Popup.exe<br/>[%DESKTOP%]\earn money.lnk<br/>[%PROFILE_TEMP%]\ebatesmoemoneymaker.exe<br/>[%PROGRAM_FILES%]\care2gtu\popup.exe<br/>[%PROGRAM_FILES%]\couponsandoffers\couponsandoffers1.exe<br/>[%STARTMENU%]\casino.url<br/>[%WINDOWS%]\dkry.exe<br/>[%PROFILE_TEMP%]\djebmm350.exe<br/>[%PROFILE_TEMP%]\temp.fr????\Ap350\psid399.dat<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_counv.htm<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_couyv.htm<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_non.htm<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\popo350a_nv.htm<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\pref350a_dis.htm<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\scri350a.htm<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Html\spec350a_yv.htm<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_0.dat<br/>[%PROFILE_TEMP%]\temp.fr????\Sy350\Sy350\350_2.dat<br/>[%PROFILE_TEMP%]\THI11E0.tmp\TRebates.exe<br/>[%PROFILE_TEMP%]\THI2BE3.tmp\TRebates.exe<br/>[%PROFILE_TEMP%]\THI376A.tmp\MMaker4b.exe<br/>[%PROFILE_TEMP%]\THI575D.tmp\TRebates.exe<br/>[%PROFILE_TEMP%]\THI76A.tmp\MMaker4b.exe<br/>[%PROGRAM_FILES%]\couponsandoffers\System\Code\o.class<br/>[%PROGRAM_FILES%]\couponsandoffers\System\Temp\couponsandoffers.exe<br/>[%PROGRAM_FILES%]\LimeShop\Popup.exe<br/>[%DESKTOP%]\earn money.lnk<br/>[%PROFILE_TEMP%]\ebatesmoemoneymaker.exe<br/>[%PROGRAM_FILES%]\care2gtu\popup.exe<br/>[%PROGRAM_FILES%]\couponsandoffers\couponsandoffers1.exe<br/>[%STARTMENU%]\casino.url<br/>[%WINDOWS%]\dkry.exe </CODE> </p> <p><strong>Folders:</strong> <CODE> <br/>[%PROGRAM_FILES%]\ebatesmoemoneymaker<br/>[%PROGRAM_FILES%]\ebates_moemoneymaker<br/>[%PROGRAM_FILES%]\webrebates<br/>[%PROGRAM_FILES%]\websearch </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{6685509E-B47B-4f47-8E16-9A5F3A62F683}<br/>HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{7F241C00-DAB6-11d5-AAA8-0001028DF1BC}<br/>HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\ebates<br/>HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{6685509e-b47b-4f47-8e16-9a5f3a62f683}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\ebatesver2.xml<br/>HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping\{6685509e-b47b-4f47-8e16-9a5f3a62f683}<br/>HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping\{7f241c00-dab6-11d5-aaa8-0001028df1bc}<br/>HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\{6685509e-b47b-4f47-8e16-9a5f3a62f683}<br/>HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\{7f241c00-dab6-11d5-aaa8-0001028df1bc}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ebatesver2.xml </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping<br/>HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run<br/>HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run </CODE> </p> <p> <h2>Removing Ebates.MoneyMaker:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://virusinfo-0329.blogspot.com/2009/02/pigeonawy-trojan.html">Remove Pigeon.AWY Trojan</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-876563740074426422?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-16997509723669242652009-02-02T12:11:00.001-08:002009-02-02T12:11:22.269-08:00Removing Myss.Variant <br/><strong>Categories:</strong> Adware,Spyware,Hijacker<br/><em>Adware are programs that facilitate delivery for advertising content <br />to the user and in some cases gather information from the user's computer. <br /><br/> Spyware is computer software that is installed surreptitiously on a personal computer <br />to <intercept or take partial control over the user's interaction <br />with the computer, without the user's informed consent.<br/>A desktop hijacker replaces the desktop wallpaper with advertising <br />for products and services on the desktop.<br/></em><hr/><string>Myss.Variant Also known as:</strong><br/><code><br/>[Computer Associates]Win32/Myss.Variant!Trojan</code><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%SYSTEM%]\spchost.exe<br/>[%SYSTEM%]\stfer32.dll<br/>[%WINDOWS%]\srchost.exe<br/>[%SYSTEM%]\spchost.exe<br/>[%SYSTEM%]\stfer32.dll<br/>[%WINDOWS%]\srchost.exe </CODE> <p><h2>How to detect Myss.Variant:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%SYSTEM%]\spchost.exe<br/>[%SYSTEM%]\stfer32.dll<br/>[%WINDOWS%]\srchost.exe<br/>[%SYSTEM%]\spchost.exe<br/>[%SYSTEM%]\stfer32.dll<br/>[%WINDOWS%]\srchost.exe </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run </CODE> </p> <p> <h2>Removing Myss.Variant:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://protect-trojan-info.blogspot.com/2009/01/anticad-trojan.html">Anticad Trojan Removal instruction</a><br/><a href="http://trojan-list-16.blogspot.com/2009/01/win32botten-trojan.html">Win32.Botten Trojan Removal instruction</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-1699750972366924265?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-33174180023555534562009-02-02T12:00:00.001-08:002009-02-02T12:00:09.380-08:00Removing Procin <br/><strong>Categories:</strong> Trojan<br/><em>This category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/></em><hr/><string>Procin Also known as:</strong><br/><code><br/>[Kaspersky]Trojan-Spy.Win32.Sters.y;<br/>[Other]Win32/Procin.E,Infostealer</code><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%WINDOWS%]\winlogon.exe<br/>[%WINDOWS%]\winlogon.exe </CODE> <p><h2>How to detect Procin:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%WINDOWS%]\winlogon.exe<br/>[%WINDOWS%]\winlogon.exe </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run </CODE> </p> <p> <h2>Removing Procin:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://malwarepedia-protect-listing.blogspot.com/2009/01/litesocks-backdoor.html">Lite.SOCKS Backdoor Removal instruction</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-3317418002355553456?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-76539568636796172092009-02-02T11:23:00.001-08:002009-02-02T11:23:21.853-08:00Removing User.Logger <br/><strong>Categories:</strong> Spyware<br/><em>Spyware can even change computer settings, resulting in slow connection speeds, <br />different home pages, and loss of Internet or other programs. <br />In an attempt to increase the understanding of spyware, a more formal classification <br />of its included software types is captured under the term privacy-invasive software. <br/></em> <p><h2>How to detect User.Logger:</h2></p> <p><strong>Folders:</strong> <CODE> <br/>[%PROGRAM_FILES%]\User Logger<br/>[%PROGRAMS%]\User Logger </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\user logger_is1 </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run </CODE> </p> <p> <h2>Removing User.Logger:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-09.blogspot.com/2009/01/vxidlazz-trojan.html">Vxidl.AZZ Trojan Cleaner</a><br/><a href="http://kill-computer-virus.blogspot.com/2009/01/security-toolbar.html">Removing Security Toolbar</a><br/><a href="http://viruslist-d.blogspot.com/2009/01/bancosfzu-trojan.html">Bancos.FZU Trojan Removal instruction</a><br/><a href="http://trojan-list-34.blogspot.com/2009/01/netdevilcginotify-trojan.html">Removing Net.Devil.CGI.Notify Trojan</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-7653956863679617209?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-59600712417344232612009-02-02T10:43:00.001-08:002009-02-02T10:43:12.999-08:00Removing BKW <br/><strong>Categories:</strong> Trojan<br/><em>This loose category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/> <br />Multi-purpose Trojans are also included in this group, as some virus writers <br />create multi-functional Trojans rather than Trojan packs.<br/></em><hr/><string>BKW Also known as:</strong><br/><code><br/>[F-Prot]W32/TrojanX.ABXD;<br/>[Other]Trojan.Dropper,Malware.AWGD,TROJ_VB.FBV,Mal/Generic-A</code><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%PROFILE_TEMP%]\RBvBm1066.exe<br/>[%SYSTEM%]\vMW03a\vMW03a1066.exe<br/>[%PROFILE_TEMP%]\RBvBm1066.exe<br/>[%SYSTEM%]\vMW03a\vMW03a1066.exe </CODE> <p><h2>How to detect BKW:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%PROFILE_TEMP%]\RBvBm1066.exe<br/>[%SYSTEM%]\vMW03a\vMW03a1066.exe<br/>[%PROFILE_TEMP%]\RBvBm1066.exe<br/>[%SYSTEM%]\vMW03a\vMW03a1066.exe </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce </CODE> </p> <p> <h2>Removing BKW:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://kill-computer-virus.blogspot.com/2009/01/glieder-trojan.html">Glieder Trojan Removal</a><br/><a href="http://trojan-list-27.blogspot.com/2009/01/cdenor-trojan_25.html">Cdenor Trojan Information</a><br/><a href="http://trojan-list-72.blogspot.com/2009/01/battiny-trojan.html">Bat.Tiny Trojan Cleaner</a><br/><a href="http://trojan-list-36.blogspot.com/2009/01/internet-explorer-settings-hijacker.html">Remove Internet Explorer Settings Hijacker Hijacker</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-5960071241734423261?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-22958966206466964032009-02-02T08:03:00.001-08:002009-02-02T08:03:07.594-08:00Removing AdLogix.Zamingo <br/><strong>Categories:</strong> BHO<br/><em>The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website. <br />As this information is entered by the user, it is captured by the BHO and sent back to the attacker.<br/></em> <p><h2>How to detect AdLogix.Zamingo:</h2></p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0b90aa1b-f649-44c3-9fd3-736c332cbbcf} </CODE> </p> <p> <h2>Removing AdLogix.Zamingo:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://details-pc-keylogger.blogspot.com/2009/01/webstatnet-tracking-cookie.html">webstat.net Tracking Cookie Removal</a><br/><a href="http://trojan-list-58.blogspot.com/2009/01/tvi-backdoor.html">Removing TVI Backdoor</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-2295896620646696403?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-79757817988207596762009-02-02T07:47:00.001-08:002009-02-02T07:47:39.631-08:00Removing QBar <br/><strong>Categories:</strong> Adware<br/><em>Adware are programs that facilitate delivery for advertising content <br />to the user and in some cases gather information from the user's computer. <br /><br/> </em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%SYSTEM%]\qbup.qup<br/>[%SYSTEM%]\qbup.qup </CODE> <p><h2>How to detect QBar:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%SYSTEM%]\qbup.qup<br/>[%SYSTEM%]\qbup.qup </CODE> </p> <p><strong>Folders:</strong> <CODE> <br/>[%PROGRAM_FILES%]\qbar </CODE> </p> <p> <h2>Removing QBar:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://viruslist-d.blogspot.com/2009/01/aupdate-adware.html">AUpdate Adware Removal instruction</a><br/><a href="http://trojanpedia-infections-keylogger.blogspot.com/2009/01/trojandropperwin32vbau-trojan.html">TrojanDropper.Win32.VB.au Trojan Removal</a><br/><a href="http://trojan-list-03.blogspot.com/2009/01/jerusalemmummy-trojan.html">Removing Jerusalem.Mummy Trojan</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-7975781798820759676?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-76457995396778822622009-02-02T07:03:00.001-08:002009-02-02T07:03:38.214-08:00Removing Clandestine <br/><strong>Categories:</strong> Trojan,Backdoor,RAT<br/><em>This loose category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/> <br />Multi-purpose Trojans are also included in this group, as some virus writers <br />create multi-functional Trojans rather than Trojan packs.<br/>Backdoors are the most dangerous type of Trojans and the most popular. <br />Backdoors open infected machines to external control via Internet. <br />Often the backdoor will not be visible in the log of active programs.<br/>Many trojans and backdoors now have <strong>remote administration capabilities</strong> <br />allowing an individual to control the victim's computer. <br />Many times a file called the server must be opened on the victim's computer before <br />the trojan can have access to it.<br/> <br />These are generally sent through email, P2P file sharing software, <br />and in internet downloads. They are usually disguised as a legitimate program or file. <br />Many server files will display a fake error message when opened, to make it seem like it didn't open. <br />Some will also kill antivirus and firewall software.<br/> <br />Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on <br />April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack. <br />They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray, <br />and swap mouse buttons. However, they can be quite hard to remove.<br/></em><hr/><string>Clandestine Also known as:</strong><br/><code><br/>[Kaspersky]Backdoor.Clindestine.10,Backdoor.ScreenGrab,Backdoor.Clindestine.152.a;<br/>[Eset]Win32/Clindestine.10.Server trojan;<br/>[McAfee]Backdoor-SK,BackDoor-SQ;<br/>[F-Prot]security risk or a "backdoor" program;<br/>[Panda]Bck/Clandestine.10,Bck/ScreenGrab,Backdoor Program;<br/>[Computer Associates]Backdoor/Canvas!Server,Backdoor/Clindestine.10!Server,Backdoor/Clindestine.1.5.2.A</code><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%WINDOWS%]\system\remoto.exe<br/>[%WINDOWS%]\system\win32.exe<br/>[%WINDOWS%]\system\remoto.exe<br/>[%WINDOWS%]\system\win32.exe </CODE> <p><h2>How to detect Clandestine:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%WINDOWS%]\system\remoto.exe<br/>[%WINDOWS%]\system\win32.exe<br/>[%WINDOWS%]\system\remoto.exe<br/>[%WINDOWS%]\system\win32.exe </CODE> </p> <p> <h2>Removing Clandestine:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-83.blogspot.com/2009/01/vbsdelfile-trojan.html">VBS.DelFile Trojan Information</a><br/><a href="http://details-pc-keylogger.blogspot.com/2009/01/sinteridown-downloader.html">Removing SinteriDown Downloader</a><br/><a href="http://details-pc-keylogger.blogspot.com/2009/01/garden-tracking-cookie.html">Garden Tracking Cookie Removal instruction</a><br/><a href="http://viruslist-d.blogspot.com/2009/02/dluca-trojan.html">Removing Dluca Trojan</a><br/><a href="http://trojan-list-22.blogspot.com/2009/01/filevectorclass-trojan.html">Filevector.class Trojan Removal instruction</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-7645799539677882262?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-49409129307481586862009-02-02T04:07:00.001-08:002009-02-02T04:07:07.409-08:00Removing VeryCD <br/><strong>Categories:</strong> Toolbar<br/><em>Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.</em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%DESKTOP%]\YOK³¬¼¶ËÑË÷.lnk<br/>[%DESKTOP%]\YOK³¬¼¶ËÑË÷.lnk </CODE> <p><h2>How to detect VeryCD:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%DESKTOP%]\YOK³¬¼¶ËÑË÷.lnk<br/>[%DESKTOP%]\YOK³¬¼¶ËÑË÷.lnk </CODE> </p> <p><strong>Folders:</strong> <CODE> <br/>[%PROGRAM_FILES%]\YOK.com </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\CLSID\{75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688}<br/>HKEY_CLASSES_ROOT\clsid\{88351cef-bac0-4a9b-8380-31a173e2926f}<br/>HKEY_CLASSES_ROOT\clsid\{a29f7f71-dcdb-412d-b19a-2002dc966e33}<br/>HKEY_CLASSES_ROOT\CLSID\{F869BB38-FFEF-4589-B986-610B7AD0ADA2}<br/>HKEY_CLASSES_ROOT\interface\{3020099a-d1ef-4bb5-bca5-63cd8d110233}<br/>HKEY_CLASSES_ROOT\interface\{3a42c888-43d4-4bce-b3bc-99e5e15c631c}<br/>HKEY_CLASSES_ROOT\interface\{5bf5a044-328c-42ca-8edb-c513a4a49c69}<br/>HKEY_CLASSES_ROOT\interface\{8a74c2af-d08c-41e4-b6c0-11f1c7ed86a5}<br/>HKEY_CLASSES_ROOT\typelib\{7b18218b-2551-4f18-b94d-10d7ca4c14ec}<br/>HKEY_CLASSES_ROOT\yoktoolbar.band<br/>HKEY_CLASSES_ROOT\yoktoolbar.band.1<br/>HKEY_CLASSES_ROOT\yoktoolbar.contextsearch<br/>HKEY_CLASSES_ROOT\yoktoolbar.contextsearch.1<br/>HKEY_CLASSES_ROOT\yoktoolbar.yoktoolbarbho<br/>HKEY_CLASSES_ROOT\yoktoolbar.yoktoolbarbho.1<br/>HKEY_CURRENT_USER\software\yok<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688}<br/>HKEY_LOCAL_MACHINE\software\yok<br/>HKEY_LOCAL_MACHINE\system\yserialnumber<br/>HKEY_CLASSES_ROOT\clsid\{564cb59a-2813-4cee-b387-03d85322b54d}<br/>HKEY_CLASSES_ROOT\clsid\{75fe2b5a-d3a4-4efa-ac11-adc9c9459688}<br/>HKEY_CLASSES_ROOT\clsid\{7d0e8987-ba21-483a-b1ac-149da2f39a5a}<br/>HKEY_CLASSES_ROOT\clsid\{f869bb38-ffef-4589-b986-610b7ad0ada2}<br/>HKEY_CLASSES_ROOT\interface\{7772d684-fdc9-46d1-8b1a-977eb5596a2a}<br/>HKEY_CLASSES_ROOT\interface\{9e3cddf5-b0a7-43fb-a882-b6b177fd4f01}<br/>HKEY_CLASSES_ROOT\interface\{bf9920a4-f4fd-4a14-92e6-3043a31c7abe}<br/>HKEY_CLASSES_ROOT\yoktoolbar<br/>HKEY_CLASSES_ROOT\yoktoolbar.yokcommband<br/>HKEY_CLASSES_ROOT\yoktoolbar.yokcommband.1<br/>HKEY_CLASSES_ROOT\yoktoolbar.yokhttpfilter<br/>HKEY_CLASSES_ROOT\yoktoolbar.yokhttpfilter.1<br/>HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{f869bb38-ffef-4589-b986-610b7ad0ada2}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{75fe2b5a-d3a4-4efa-ac11-adc9c9459688}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\yok.supersearch </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\appid\yoktoolbar.dll<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run </CODE> </p> <p> <h2>Removing VeryCD:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-11.blogspot.com/2009/01/svug50megs-tracking-cookie.html">Svug.50megs Tracking Cookie Cleaner</a><br/><a href="http://computer-protect-virus.blogspot.com/2009/01/cwsiefeads-hijacker.html">CWS.IEFeads Hijacker Symptoms</a><br/><a href="http://virusinfo-1008.blogspot.com/2009/01/win32ntrootkit-backdoor.html">Win32.NTRootKit Backdoor Symptoms</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-4940912930748158686?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-72458878188172514782009-02-02T03:03:00.001-08:002009-02-02T03:03:25.830-08:00Removing DFch <br/><strong>Categories:</strong> Backdoor,RAT<br/><em>Backdoors are the most dangerous type of Trojans and the most popular. <br />Backdoors open infected machines to external control via Internet. <br />Often the backdoor will not be visible in the log of active programs.<br/>Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on <br />April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack. <br /><br/></em><hr/><string>DFch Also known as:</strong><br/><code><br/>[Kaspersky]Backdoor.Grisch.01.a;<br/>[Panda]Bck/Grisch.01;<br/>[Computer Associates]Backdoor/Grish.0_1,Win32.Grisch.01.A;<br/>[Other]Grisch</code><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%WINDOWS%]\iosyss.exe<br/>[%WINDOWS%]\iosyss.exe </CODE> <p><h2>How to detect DFch:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%WINDOWS%]\iosyss.exe<br/>[%WINDOWS%]\iosyss.exe </CODE> </p> <p> <h2>Removing DFch:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-74.blogspot.com/2009/01/jsms06-trojan.html">JS.MS06 Trojan Removal instruction</a><br/><a href="http://viruslist-d.blogspot.com/2009/01/opalcot-trojan.html">Opalcot Trojan Symptoms</a><br/><a href="http://trojan-list-16.blogspot.com/2009/01/pwspexp-trojan.html">PWS.Pexp Trojan Symptoms</a><br/><a href="http://trojan-list-40.blogspot.com/2009/01/100hot-tracking-cookie.html">Remove 100hot Tracking Cookie</a><br/><a href="http://trojan-list-34.blogspot.com/2009/01/pigeonefr-trojan.html">Pigeon.EFR Trojan Cleaner</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-7245887818817251478?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-12473364574095747572009-02-02T02:03:00.001-08:002009-02-02T02:03:06.772-08:00Removing NewAds <br/><strong>Categories:</strong> Adware<br/><em>Adware are programs that facilitate delivery for advertising content <br />to the user and in some cases gather information from the user's computer. <br /><br/> </em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%SYSTEM%]\BattyRun.dll<br/>[%SYSTEM%]\BattyRun.dll </CODE> <p><h2>How to detect NewAds:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%SYSTEM%]\BattyRun.dll<br/>[%SYSTEM%]\BattyRun.dll </CODE> </p> <p><strong>Folders:</strong> <CODE> <br/>[%PROGRAM_FILES%]\batty<br/>[%PROGRAM_FILES%]\AdSponsor<br/>[%PROGRAM_FILES%]\Exolon<br/>[%PROGRAM_FILES%]\PSupport </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\adband.bandbho<br/>HKEY_CLASSES_ROOT\adband.bandbho.1<br/>HKEY_CLASSES_ROOT\adband.bandimpl<br/>HKEY_CLASSES_ROOT\adband.bandimpl.1<br/>HKEY_CLASSES_ROOT\appid\adband.dll<br/>HKEY_CLASSES_ROOT\appid\{36946a0a-05a1-4cf7-934b-270571338e55}<br/>HKEY_CLASSES_ROOT\typelib\{1b8b502e-455b-4022-be27-736d9f808a18}<br/>HKEY_CLASSES_ROOT\typelib\{d5599fae-28aa-4c2b-a29c-6c0cd5b245aa}<br/>HKEY_CLASSES_ROOT\clsid\{04dcb17c-ab45-83ad-a86a-6dfb90277939}<br/>HKEY_CLASSES_ROOT\clsid\{2bc9c452-bb57-4896-a9a2-64611e06c5aa}<br/>HKEY_CLASSES_ROOT\clsid\{6ca1c00b-90fc-4f3e-911f-95306aba43aa}<br/>HKEY_CLASSES_ROOT\clsid\{994d478a-45d0-4db4-ae28-738b1e346f99}<br/>HKEY_CURRENT_USER\software\adsponsor<br/>HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{04dcb17c-ab45-83ad-a86a-6dfb90277939}<br/>HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{6ca1c00b-90fc-4f3e-911f-95306aba43aa}<br/>HKEY_CURRENT_USER\software\padsysassistant<br/>HKEY_CURRENT_USER\software\psupport<br/>HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\explorer bars\{2bc9c452-bb57-4896-a9a2-64611e06c5aa}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{04dcb17c-ab45-83ad-a86a-6dfb90277939}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6ca1c00b-90fc-4f3e-911f-95306aba43aa}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\adsponsor </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\protocols\filter\text/html </CODE> </p> <p> <h2>Removing NewAds:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://remove-listing-pc.blogspot.com/2009/01/notpest-adware.html">NOT.Pest Adware Removal instruction</a><br/><a href="http://trojan-list-63.blogspot.com/2009/01/napsterhack-trojan.html">Napster.Hack Trojan Removal</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-1247336457409574757?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-24240306937216741132009-02-02T01:52:00.001-08:002009-02-02T01:52:14.961-08:00Removing Moses <br/><strong>Categories:</strong> Backdoor,RAT<br/><em>Backdoors are the most dangerous type of Trojans and the most popular. <br />Backdoors open infected machines to external control via Internet. <br />Often the backdoor will not be visible in the log of active programs.<br/>Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on <br />April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack. <br /><br/></em><hr/><string>Moses Also known as:</strong><br/><code><br/>[Kaspersky]Backdoor.Moses.115,Backdoor.Win32.Moses.115;<br/>[McAfee]BackDoor-PA;<br/>[F-Prot]security risk or a "backdoor" program;<br/>[Panda]Bck/Moses.115;<br/>[Computer Associates]Win32.Moses.115,Backdoor/Moses.115,Backdoor/Moses.115!Installer</code><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%WINDOWS%]\system\userprof.dll<br/>[%WINDOWS%]\system\userprof.dll </CODE> <p><h2>How to detect Moses:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%WINDOWS%]\system\userprof.dll<br/>[%WINDOWS%]\system\userprof.dll </CODE> </p> <p> <h2>Removing Moses:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojanpedia-infections-keylogger.blogspot.com/2009/01/pigeonakj-trojan.html">Pigeon.AKJ Trojan Symptoms</a><br/><a href="http://trojan-list-20.blogspot.com/2009/01/shadow-trojan.html">Shadow Trojan Information</a><br/><a href="http://trojan-list-33.blogspot.com/2009/01/hates-trojan.html">Hates Trojan Cleaner</a><br/><a href="http://trojan-list-82.blogspot.com/2009/01/sillydldaf-trojan.html">Remove SillyDl.DAF Trojan</a><br/><a href="http://trojan-list-09.blogspot.com/2009/01/versiontrackercom-tracking-cookie.html">versiontracker.com Tracking Cookie Cleaner</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-2424030693721674113?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-54116717214578827922009-02-01T23:59:00.001-08:002009-02-01T23:59:58.520-08:00Removing GuardCenter <br/><strong>Categories:</strong> Ransomware<br/><em>The term ransomware is commonly used to describe such software, <br />although the field known as cryptovirology predates the term "ransomware".<br/> <br />This type of ransom attack can be accomplished by (for example) attaching <br />a specially crafted file/program to an e-mail message and sending this to the victim.<br/></em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%DESKTOP%]\GuardCenter.lnk<br/>[%DESKTOP%]\GuardCenter.lnk </CODE> <p><h2>How to detect GuardCenter:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%DESKTOP%]\GuardCenter.lnk<br/>[%DESKTOP%]\GuardCenter.lnk </CODE> </p> <p><strong>Folders:</strong> <CODE> <br/>[%PROGRAMS%]\GuardCenter<br/>[%PROGRAM_FILES%]\GuardCenter </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CURRENT_USER\software\guardcenter<br/>HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\guardcenter<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\guardcenter </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run </CODE> </p> <p> <h2>Removing GuardCenter:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-72.blogspot.com/2009/02/vbsbogus-trojan.html">VBS.Bogus Trojan Information</a><br/><a href="http://trojan-list-73.blogspot.com/2009/01/bancosgig-trojan.html">Bancos.GIG Trojan Symptoms</a><br/><a href="http://virusinfo-3339.blogspot.com/2009/02/banloadbba-trojan.html">Remove Banload.BBA Trojan</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-5411671721457882792?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-44437280188094186022009-02-01T21:39:00.001-08:002009-02-01T21:39:29.154-08:00Removing PigSearch <br/><strong>Categories:</strong> Trojan,Adware<br/><em>This category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/>Adware are programs that facilitate delivery for <strong>advertising content</strong> <br />to the user and in some cases gather information from the user's computer, <br />including information related to Internet browser usage or other computer habits<br/> </em><hr/><string>PigSearch Also known as:</strong><br/><code><br/>[Kaspersky]AdWare.Win32.WSearch.j,Trojan-Downloader.Win32.AdLoad.ji;<br/>[McAfee]Adware-PigSearch;<br/>[Other]Adware.PigSearch,W32/Adload.FPQ</code><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%SYSTEM%]\CharSet.dll<br/>[%SYSTEM%]\CreateDomTree.dll<br/>[%SYSTEM%]\drivers\mspcidrv.sys<br/>[%SYSTEM%]\CharSet.dll<br/>[%SYSTEM%]\CreateDomTree.dll<br/>[%SYSTEM%]\drivers\mspcidrv.sys </CODE> <p><h2>How to detect PigSearch:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%SYSTEM%]\CharSet.dll<br/>[%SYSTEM%]\CreateDomTree.dll<br/>[%SYSTEM%]\drivers\mspcidrv.sys<br/>[%SYSTEM%]\CharSet.dll<br/>[%SYSTEM%]\CreateDomTree.dll<br/>[%SYSTEM%]\drivers\mspcidrv.sys </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\CLSID\{8E25AC4A-B129-451B-BEE2-3B510BB751DA}<br/>HKEY_CLASSES_ROOT\ntdll32.advance<br/>HKEY_CLASSES_ROOT\ntdll32.advance.1<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E25AC4A-B129-451B-BEE2-3B510BB751DA}<br/>HKEY_CLASSES_ROOT\clsid\{8e25ac4a-b129-451b-bee2-3b510bb751da}<br/>HKEY_CLASSES_ROOT\clsid\{d0903a3b-f0ea-434a-9742-98c5335c7946}<br/>HKEY_CLASSES_ROOT\iehelper.bho<br/>HKEY_CLASSES_ROOT\iehelper.bho.1<br/>HKEY_CLASSES_ROOT\interface\{900f9840-be29-48cc-8a4e-acad94164139}<br/>HKEY_CLASSES_ROOT\typelib\{8899d7f9-c544-4bab-8cdc-d16c9d6b3af4}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8e25ac4a-b129-451b-bee2-3b510bb751da}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d0903a3b-f0ea-434a-9742-98c5335c7946}<br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_mspcidrv<br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\services\mspcidrv </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\services\internet connection manager<br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\services\internet connection manager<br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\services\internet connection manager<br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\services\internet connection manager<br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\services\internet connection manager<br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\services\internet connection manager<br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\services\internet connection manager<br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\services\internet connection manager\security<br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\services\mspath </CODE> </p> <p> <h2>Removing PigSearch:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-54.blogspot.com/2009/01/loseexec-trojan.html">LoseExec Trojan Information</a><br/><a href="http://trojan-list-00.blogspot.com/2009/01/sillydlctu-trojan.html">Remove SillyDl.CTU Trojan</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-4443728018809418602?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-64979491206453194792009-02-01T21:19:00.001-08:002009-02-01T21:19:38.753-08:00Removing TrojanClicker.Win32.Delf.ab <br/><strong>Categories:</strong> Trojan,Adware<br/><em>This category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/>Adware are programs that facilitate delivery for <strong>advertising content</strong> <br />to the user and in some cases gather information from the user's computer, <br />including information related to Internet browser usage or other computer habits<br/> </em><hr/><string>TrojanClicker.Win32.Delf.ab Also known as:</strong><br/><code><br/>[Panda]Trj/Clicker.S</code><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%WINDOWS%]\bvm202.dll<br/>[%WINDOWS%]\bvm202.dll </CODE> <p><h2>How to detect TrojanClicker.Win32.Delf.ab:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%WINDOWS%]\bvm202.dll<br/>[%WINDOWS%]\bvm202.dll </CODE> </p> <p> <h2>Removing TrojanClicker.Win32.Delf.ab:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://viruslist-3337.blogspot.com/2009/01/asshole-trojan.html">Remove Asshole Trojan</a><br/><a href="http://trojan-list-37.blogspot.com/2009/01/uniq-trojan.html">Uniq Trojan Cleaner</a><br/><a href="http://trojan-list-65.blogspot.com/2009/01/exefwrapper-trojan.html">ExefWrapper Trojan Removal</a><br/><a href="http://virusinfo-1036.blogspot.com/2009/01/win32formmail-dos.html">Win32.FormMail DoS Removal</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-6497949120645319479?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-64964042503350386122009-02-01T18:11:00.001-08:002009-02-01T18:11:36.592-08:00Removing Comet <br/><strong>Categories:</strong> Adware<br/><em>Adware are programs that facilitate delivery for advertising content <br />to the user and in some cases gather information from the user's computer. <br /><br/> </em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%MYPICTURES%]\Funstuff\sinstaller2.exe<br/>[%PROGRAM_FILES%]\Screensavers.com\SSSInst\bin\SSSInst.dll<br/>[%PROGRAM_FILES%]\Screensavers.com\SSSInst\temp\pltbinst.exe<br/>[%MYPICTURES%]\Funstuff\sinstaller2.exe<br/>[%PROGRAM_FILES%]\Screensavers.com\SSSInst\bin\SSSInst.dll<br/>[%PROGRAM_FILES%]\Screensavers.com\SSSInst\temp\pltbinst.exe </CODE> <p><h2>How to detect Comet:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%MYPICTURES%]\Funstuff\sinstaller2.exe<br/>[%PROGRAM_FILES%]\Screensavers.com\SSSInst\bin\SSSInst.dll<br/>[%PROGRAM_FILES%]\Screensavers.com\SSSInst\temp\pltbinst.exe<br/>[%MYPICTURES%]\Funstuff\sinstaller2.exe<br/>[%PROGRAM_FILES%]\Screensavers.com\SSSInst\bin\SSSInst.dll<br/>[%PROGRAM_FILES%]\Screensavers.com\SSSInst\temp\pltbinst.exe </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\CLSID\{722D2939-A14A-41A9-9EAC-AB8F4E295819}<br/>HKEY_CLASSES_ROOT\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}<br/>HKEY_CLASSES_ROOT\interface\{760aca60-79c3-4875-9d19-b14a5b3fea77}<br/>HKEY_CLASSES_ROOT\interface\{883ea659-ed80-46f9-9ed2-83327f67789f}<br/>HKEY_CLASSES_ROOT\interface\{b64c73d7-459e-4816-91f9-1348f8e36984}<br/>HKEY_CLASSES_ROOT\screensaversinstaller.installer<br/>HKEY_CLASSES_ROOT\screensaversinstaller.sinstaller<br/>HKEY_CLASSES_ROOT\typelib\{0ab5b0d8-2b74-4c1c-8fa4-e52550b8b45b}<br/>HKEY_CLASSES_ROOT\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819} </CODE> </p> <p> <h2>Removing Comet:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-18.blogspot.com/2009/01/smarttags-bho.html">Removing SmartTags BHO</a><br/><a href="http://trojan-list-07.blogspot.com/2009/01/win95cih-trojan.html">Win95.CIH Trojan Symptoms</a><br/><a href="http://trojanpedia-viruslist-list.blogspot.com/2009/01/pigeonepi-trojan.html">Removing Pigeon.EPI Trojan</a><br/><a href="http://malwarepedia-protect-listing.blogspot.com/2009/01/win32inteter-trojan.html">Win32.Inteter Trojan Symptoms</a><br/><a href="http://viruslist-c.blogspot.com/2009/01/netspy-backdoor.html">Remove Net.Spy Backdoor</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-6496404250335038612?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-37517153513560897092009-02-01T16:06:00.001-08:002009-02-01T16:06:59.778-08:00Removing Wosrist <br/><strong>Categories:</strong> Trojan,Adware,Hijacker,Downloader<br/><em>This loose category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/> <br />Multi-purpose Trojans are also included in this group, as some virus writers <br />create multi-functional Trojans rather than Trojan packs.<br/>Adware are programs that facilitate delivery for <strong>advertising content</strong> <br />to the user and in some cases gather information from the user's computer, <br />including information related to Internet browser usage or other computer habits<br/> Hijackers take control of various parts of your web browser, including your home page, <br />search pages, and search bar. They may also redirect you to certain sites should you <br />mistype an address or prevent you from going to a website they would rather you not, <br />such as sites that combat malware. Some will even redirect you to their own search engine <br />when you attempt a search.<br/>The downloader either launches the new malware or registers it to enable autorun <br />according to the local operating system requirements.<br/></em><hr/><string>Wosrist Also known as:</strong><br/><code><br/>[Kaspersky]Trojan-Downloader.Win32.Agent.baw,Trojan-Spy.Win32.Agent.oy;<br/>[Other]Troj/DwnLdr-FVD,Win32/Wosrist.A,Downloader,Win32.Wosrist.B,Infostealer</code><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%WINDOWS%]\iexpl0re.exe<br/>[%SYSTEM%]\aelupsvc32.dll<br/>[%SYSTEM%]\drivers\wsfit32.sys<br/>[%SYSTEM%]\exmple.dll<br/>[%SYSTEM%]\sexmple.exe<br/>[%WINDOWS%]\system\Setup-238.exe<br/>[%WINDOWS%]\iexpl0re.exe<br/>[%SYSTEM%]\aelupsvc32.dll<br/>[%SYSTEM%]\drivers\wsfit32.sys<br/>[%SYSTEM%]\exmple.dll<br/>[%SYSTEM%]\sexmple.exe<br/>[%WINDOWS%]\system\Setup-238.exe </CODE> <p><h2>How to detect Wosrist:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%WINDOWS%]\iexpl0re.exe<br/>[%SYSTEM%]\aelupsvc32.dll<br/>[%SYSTEM%]\drivers\wsfit32.sys<br/>[%SYSTEM%]\exmple.dll<br/>[%SYSTEM%]\sexmple.exe<br/>[%WINDOWS%]\system\Setup-238.exe<br/>[%WINDOWS%]\iexpl0re.exe<br/>[%SYSTEM%]\aelupsvc32.dll<br/>[%SYSTEM%]\drivers\wsfit32.sys<br/>[%SYSTEM%]\exmple.dll<br/>[%SYSTEM%]\sexmple.exe<br/>[%WINDOWS%]\system\Setup-238.exe </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_wsfit32<br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wsfit32 </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_CURRENT_USER\software\microsoft\windows\currentversion<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run </CODE> </p> <p> <h2>Removing Wosrist:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://details-list-pc.blogspot.com/2009/01/bionix-trojan.html">Remove Bionix Trojan</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-3751715351356089709?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-6893188239492740172009-02-01T14:15:00.001-08:002009-02-01T14:15:36.194-08:00Removing SpyAnytime.PC.Spy <br/><strong>Categories:</strong> Spyware<br/><em>Spyware is computer software that is installed surreptitiously on a personal computer <br />to <intercept or take partial control over the user's interaction <br />with the computer, without the user's informed consent.<br/></em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%SYSTEM%]\keybhook.dll<br/>[%SYSTEM%]\sa2help.chm<br/>[%SYSTEM%]\sysmgr32.dat<br/>[%DESKTOP%]\spyanytime pc spy.lnk<br/>[%SYSTEM%]\sa2.lnk<br/>[%WINDOWS%]\desktop\spyanytime pc spy.lnk<br/>[%WINDOWS%]\start menu\programs\spyanytime pc spy online faq.lnk<br/>[%SYSTEM%]\keybhook.dll<br/>[%SYSTEM%]\sa2help.chm<br/>[%SYSTEM%]\sysmgr32.dat<br/>[%DESKTOP%]\spyanytime pc spy.lnk<br/>[%SYSTEM%]\sa2.lnk<br/>[%WINDOWS%]\desktop\spyanytime pc spy.lnk<br/>[%WINDOWS%]\start menu\programs\spyanytime pc spy online faq.lnk </CODE> <p><h2>How to detect SpyAnytime.PC.Spy:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%SYSTEM%]\keybhook.dll<br/>[%SYSTEM%]\sa2help.chm<br/>[%SYSTEM%]\sysmgr32.dat<br/>[%DESKTOP%]\spyanytime pc spy.lnk<br/>[%SYSTEM%]\sa2.lnk<br/>[%WINDOWS%]\desktop\spyanytime pc spy.lnk<br/>[%WINDOWS%]\start menu\programs\spyanytime pc spy online faq.lnk<br/>[%SYSTEM%]\keybhook.dll<br/>[%SYSTEM%]\sa2help.chm<br/>[%SYSTEM%]\sysmgr32.dat<br/>[%DESKTOP%]\spyanytime pc spy.lnk<br/>[%SYSTEM%]\sa2.lnk<br/>[%WINDOWS%]\desktop\spyanytime pc spy.lnk<br/>[%WINDOWS%]\start menu\programs\spyanytime pc spy online faq.lnk </CODE> </p> <p><strong>Folders:</strong> <CODE> <br/>[%PROGRAM_FILES_COMMON%]\microsoft shared\dao\system<br/>[%APPDATA%]\sysdata<br/>[%PROGRAMS%]\spyanytime pc spy<br/>[%PROGRAM_FILES%]\common files\microsoft shared\dao\system<br/>[%PROGRAM_FILES%]\waresight<br/>[%PROGRAM_FILES_COMMON%]\sysdata </CODE> </p> <p> <h2>Removing SpyAnytime.PC.Spy:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-41.blogspot.com/2009/01/directadsmcafee-tracking-cookie.html">DirectAds.McAfee Tracking Cookie Cleaner</a><br/><a href="http://details-list-pc.blogspot.com/2009/01/sillydlckn-trojan.html">SillyDl.CKN Trojan Information</a><br/><a href="http://details-protect-pc.blogspot.com/2009/01/elfchsh30rootkittrojan-trojan.html">ELF.Chsh.30!Rootkit!Trojan Trojan Symptoms</a><br/><a href="http://trojan-list-16.blogspot.com/2009/01/linksponsorcom-tracking-cookie.html">Remove LinkSponsor.com Tracking Cookie</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-689318823949274017?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-64744169111518539312009-02-01T12:27:00.001-08:002009-02-01T12:27:50.913-08:00Removing Pigeon.AWE <br/><strong>Categories:</strong> Trojan<br/><em>This loose category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/> <br />Multi-purpose Trojans are also included in this group, as some virus writers <br />create multi-functional Trojans rather than Trojan packs.<br/></em> <p><h2>How to detect Pigeon.AWE:</h2></p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_*00d6*00b4*00d0*00d0*00cf*00b5*00cd*00b3*00bb*00b9*00d4*00ad*00b9*00a6*00c4*00dc*00a1*00a3_*00d2*00aa*00cd*00a3*00d6*00b9*00b7*00fe*00ce*00f1<br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_*00d6*00b4*00d0*00d0*00cf*00b5*00cd*00b3*00bb*00b9*00d4*00ad*00b9*00a6*00c4*00dc*00a1*00a3_*00d2*00aa*00cd*00a3*00d6*00b9*00b7*00fe*00ce*00f1\0000<br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_*00d6*00b4*00d0*00d0*00cf*00b5*00cd*00b3*00bb*00b9*00d4*00ad*00b9*00a6*00c4*00dc*00a1*00a3_*00d2*00aa*00cd*00a3*00d6*00b9*00b7*00fe*00ce*00f1\0000<br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_*00d6*00b4*00d0*00d0*00cf*00b5*00cd*00b3*00bb*00b9*00d4*00ad*00b9*00a6*00c4*00dc*00a1*00a3_*00d2*00aa*00cd*00a3*00d6*00b9*00b7*00fe*00ce*00f1\0000<br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_*00d6*00b4*00d0*00d0*00cf*00b5*00cd*00b3*00bb*00b9*00d4*00ad*00b9*00a6*00c4*00dc*00a1*00a3_*00d2*00aa*00cd*00a3*00d6*00b9*00b7*00fe*00ce*00f1\0000<br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_*00d6*00b4*00d0*00d0*00cf*00b5*00cd*00b3*00bb*00b9*00d4*00ad*00b9*00a6*00c4*00dc*00a1*00a3_*00d2*00aa*00cd*00a3*00d6*00b9*00b7*00fe*00ce*00f1\0000<br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_*00d6*00b4*00d0*00d0*00cf*00b5*00cd*00b3*00bb*00b9*00d4*00ad*00b9*00a6*00c4*00dc*00a1*00a3_*00d2*00aa*00cd*00a3*00d6*00b9*00b7*00fe*00ce*00f1\0000\control </CODE> </p> <p> <h2>Removing Pigeon.AWE:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-77.blogspot.com/2009/01/pigeonedz-trojan.html">Pigeon.EDZ Trojan Symptoms</a><br/><a href="http://viruslist-d.blogspot.com/2009/01/mixmarketbiz-tracking-cookie.html">mixmarket.biz Tracking Cookie Removal</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-6474416911151853931?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-30071891007794012082009-02-01T12:00:00.001-08:002009-02-01T12:00:16.416-08:00Removing Key.Captor <br/><strong>Categories:</strong> Spyware<br/><em>Spyware is computer software that is installed surreptitiously on a personal computer <br />to <strong>intercept or take partial control</strong> over the user's interaction <br />with the computer, without the user's informed consent.<br/> <br />While the term spyware suggests software that secretly monitors the user's behavior, <br />the functions of spyware extend well beyond simple monitoring.<br/> <br />Spyware programs can collect various types of personal information, <br />such as Internet surfing habit, sites that have been visited, <br />but can also interfere with user control of the computer in other ways, <br />such as installing additional software, redirecting Web browser activity, <br />accessing websites blindly that will cause more harmful viruses, <br />or diverting advertising revenue to a third party.<br/> <br />Spyware can even change computer settings, resulting in slow connection speeds, <br />different home pages, and loss of Internet or other programs. <br />In an attempt to increase the understanding of spyware, a more formal classification <br />of its included software types is captured under the term privacy-invasive software. <br/></em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%WINDOWS%]\spysplash.dat<br/>[%WINDOWS%]\spysplash.dat </CODE> <p><h2>How to detect Key.Captor:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%WINDOWS%]\spysplash.dat<br/>[%WINDOWS%]\spysplash.dat </CODE> </p> <p><strong>Folders:</strong> <CODE> <br/>[%PROGRAMS%]\Keycaptor<br/>[%PROGRAM_FILES%]\KeyCaptor </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall </CODE> </p> <p> <h2>Removing Key.Captor:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://malware-info.blogspot.com/2009/01/win32bankerckj-trojan.html">Win32.Banker.ckj Trojan Removal</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-3007189100779401208?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-2919451513994023552009-02-01T11:43:00.001-08:002009-02-01T11:43:28.929-08:00Removing CFour <br/><strong>Categories:</strong> RAT<br/><em>Many trojans and backdoors now have <strong>remote administration capabilities</strong> <br />allowing an individual to control the victim's computer. <br />Many times a file called the server must be opened on the victim's computer before <br />the trojan can have access to it.<br/> <br />These are generally sent through email, P2P file sharing software, <br />and in internet downloads. They are usually disguised as a legitimate program or file. <br />Many server files will display a fake error message when opened, to make it seem like it didn't open. <br />Some will also kill antivirus and firewall software.<br/> <br />Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on <br />April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack. <br />They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray, <br />and swap mouse buttons. However, they can be quite hard to remove.<br/></em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%WINDOWS%]\system\c4.exe<br/>[%WINDOWS%]\system\c4.exe </CODE> <p><h2>How to detect CFour:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%WINDOWS%]\system\c4.exe<br/>[%WINDOWS%]\system\c4.exe </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices </CODE> </p> <p> <h2>Removing CFour:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-95.blogspot.com/2009/01/anyplay-adware.html">Anyplay Adware Information</a><br/><a href="http://trojan-malwarepedia-info.blogspot.com/2009/02/backdoordeathserverfamily-trojan.html">Removing Backdoor.Death.Server.family Trojan</a><br/><a href="http://trojan-list-11.blogspot.com/2009/01/vclheevahava-trojan.html">VCL.Heevahava Trojan Cleaner</a><br/><a href="http://trojan-list-95.blogspot.com/2009/01/bancoshzo-trojan.html">Bancos.HZO Trojan Removal instruction</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-291945151399402355?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-22021504748987361562009-02-01T10:59:00.001-08:002009-02-01T10:59:42.513-08:00Removing Neol <br/><strong>Categories:</strong> Backdoor<br/><em><strong>Backdoors are the most dangerous type of Trojans</strong> and the most popular. <br /><strong>Backdoors open infected machines</strong> to external control via Internet. <br />They function in the same way as legal remote administration programs used by system administrators. <br />This makes them difficult to detect.<br/> <br /><strong>Backdoors</strong> are installed and launched without the consent of the user of computer. <br />Often the backdoor will not be visible in the log of active programs.<br/> <br />Once a backdoor has been successfully launched, the computer is wide open. <br />Backdoor functions can include:<br/> <br /> <ul> <br /> <li> Launching/ deleting files</li> <br /> <li> Sending/ receiving files</li> <br /> <li> Deleting data</li> <br /> <li> Displaying notification</li> <br /> <li> Rebooting the machine</li> <br /> <li> Executing files</li> <br /> </ul> <br /><br/> <br /><strong>Backdoors are used by virus writers to detect and download confidential information</strong>, <br />execute malicious code, destroy data, include the machine in bot networks and so forth. <br />Backdoors combine the functionality of most other types of in one package.<br/> <br />Backdoors have one especially dangerous sub-class: variants that can propagate like worms. <br/></em> <p><h2>How to detect Neol:</h2></p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run </CODE> </p> <p> <h2>Removing Neol:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://ridethe-pc-info.blogspot.com/2009/01/phishbankaub-trojan.html">Removing Phishbank.AUB Trojan</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-2202150474898736156?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-28720295650203805812009-02-01T10:31:00.001-08:002009-02-01T10:31:47.398-08:00Removing BHOMoneyGainer <br/><strong>Categories:</strong> Adware<br/><em>Adware are programs that facilitate delivery for advertising content <br />to the user and in some cases gather information from the user's computer. <br /><br/> </em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%WINDOWS%]\shginasn.xml<br/>[%WINDOWS%]\shginasn.xml </CODE> <p><h2>How to detect BHOMoneyGainer:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%WINDOWS%]\shginasn.xml<br/>[%WINDOWS%]\shginasn.xml </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\bookmark.bhomoneygainer<br/>HKEY_CLASSES_ROOT\bookmark.bhomoneygainer.1<br/>HKEY_CLASSES_ROOT\CLSID\{C815ACE8-3DBF-4FFD-8231-AB1D21E8B7EE}<br/>HKEY_CLASSES_ROOT\interface\{feaa3402-e101-4abd-9337-bdeefc6d29ca}<br/>HKEY_CLASSES_ROOT\typelib\{27195441-54b0-4dd3-820c-699ac3ef8d37}<br/>HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{c815ace8-3dbf-4ffd-8231-ab1d21e8b7ee}<br/>HKEY_LOCAL_MACHINE\software\iasadc<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C815ACE8-3DBF-4FFD-8231-AB1D21E8B7EE}<br/>HKEY_CLASSES_ROOT\clsid\{c815ace8-3dbf-4ffd-8231-ab1d21e8b7ee}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c815ace8-3dbf-4ffd-8231-ab1d21e8b7ee} </CODE> </p> <p> <h2>Removing BHOMoneyGainer:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://virusinfo-1538.blogspot.com/2009/02/akosh-trojan.html">Remove Akosh Trojan</a><br/><a href="http://trojan-list-11.blogspot.com/2009/01/win32haxdoor-trojan.html">Removing Win32.Haxdoor Trojan</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-2872029565020380581?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-77703124502546022792009-02-01T10:23:00.001-08:002009-02-01T10:23:13.046-08:00Removing PerMedia <br/><strong>Categories:</strong> Adware,BHO<br/><em>Adware are programs that facilitate delivery for advertising content <br />to the user and in some cases gather information from the user's computer. <br /><br/> <strong>BHO (Browser Helper Object) Trojan</strong>. <br />The BHO waits for the user to post personal information to a monitored website. <br />As this information is entered by the user, it is captured by the BHO and sent back to the attacker. <br />The method of network transport used by the attacker makes this Trojan unique. <br />Typically, keyloggers of this type will send the stolen information back to the attacker via email <br />or HTTP POST, which can appear suspicious. <br />Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into <br />the data section of an ICMP ping packet." explained the company.<br/></em> <p><h2>How to detect PerMedia:</h2></p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\clsid\{8cdc6a46-08ab-435b-a3fa-7cc00e74ec9f} </CODE> </p> <p> <h2>Removing PerMedia:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://virusinfo-1005.blogspot.com/2009/01/fdoskrate-dos.html">Removing FDoS.Krate DoS</a><br/><a href="http://trojan-list-02.blogspot.com/2009/01/gayol-backdoor.html">GayOL Backdoor Information</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-7770312450254602279?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-67884422433592921912009-02-01T08:47:00.001-08:002009-02-01T08:47:16.988-08:00Removing Yazzle <br/><strong>Categories:</strong> Adware<br/><em>Adware are programs that facilitate delivery for advertising content <br />to the user and in some cases gather information from the user's computer. <br /><br/> </em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%SYSTEM%]\mfc42.dll<br/>[%SYSTEM%]\msvcrt.dll<br/>[%SYSTEM%]\olepro32.dll<br/>[%SYSTEM%]\mfc42.dll<br/>[%SYSTEM%]\msvcrt.dll<br/>[%SYSTEM%]\olepro32.dll </CODE> <p><h2>How to detect Yazzle:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%SYSTEM%]\mfc42.dll<br/>[%SYSTEM%]\msvcrt.dll<br/>[%SYSTEM%]\olepro32.dll<br/>[%SYSTEM%]\mfc42.dll<br/>[%SYSTEM%]\msvcrt.dll<br/>[%SYSTEM%]\olepro32.dll </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{74CD40EA-EF77-4BAD-808A-B5982DA73F20} </CODE> </p> <p> <h2>Removing Yazzle:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://virusinfo-4138.blogspot.com/2009/02/vbfu-trojan.html">Remove VB.fu Trojan</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-6788442243359292191?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-23464659488723097282009-02-01T07:59:00.001-08:002009-02-01T07:59:43.777-08:00Removing Randex.E <br/><strong>Categories:</strong> Trojan<br/><em>This category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/></em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%PROFILE%]\cmd.exe<br/>[%PROFILE%]\start<br/>[%PROFILE%]\cmd.exe<br/>[%PROFILE%]\start </CODE> <p><h2>How to detect Randex.E:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%PROFILE%]\cmd.exe<br/>[%PROFILE%]\start<br/>[%PROFILE%]\cmd.exe<br/>[%PROFILE%]\start </CODE> </p> <p> <h2>Removing Randex.E:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-96.blogspot.com/2009/01/dowqueafe-trojan.html">Dowque.AFE Trojan Information</a><br/><a href="http://protect-kill-infections.blogspot.com/2009/01/countomatcom-tracking-cookie.html">Removing countomat.com Tracking Cookie</a><br/><a href="http://details-protect-pc.blogspot.com/2009/01/bombing-trojan.html">Bombing Trojan Cleaner</a><br/><a href="http://malware-info.blogspot.com/2009/01/zhong-adware.html">Zhong Adware Information</a><br/><a href="http://trojan-list-81.blogspot.com/2009/01/qdial-adware.html">Removing Qdial Adware</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-2346465948872309728?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-49257459735146173872009-02-01T07:31:00.001-08:002009-02-01T07:31:30.063-08:00Removing Tatss <br/><strong>Categories:</strong> Adware<br/><em>Adware are programs that facilitate delivery for <strong>advertising content</strong> <br />to the user and in some cases gather information from the user's computer, <br />including information related to Internet browser usage or other computer habits<br/> </em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%SYSTEM%]\pgtools\init.dll<br/>[%SYSTEM%]\pgtools\tataccess.ocx<br/>[%SYSTEM%]\pgtools\tatss.dll<br/>[%SYSTEM%]\pgtools\tatss.exe<br/>[%SYSTEM%]\pgtools\init.dll<br/>[%SYSTEM%]\pgtools\tataccess.ocx<br/>[%SYSTEM%]\pgtools\tatss.dll<br/>[%SYSTEM%]\pgtools\tatss.exe </CODE> <p><h2>How to detect Tatss:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%SYSTEM%]\pgtools\init.dll<br/>[%SYSTEM%]\pgtools\tataccess.ocx<br/>[%SYSTEM%]\pgtools\tatss.dll<br/>[%SYSTEM%]\pgtools\tatss.exe<br/>[%SYSTEM%]\pgtools\init.dll<br/>[%SYSTEM%]\pgtools\tataccess.ocx<br/>[%SYSTEM%]\pgtools\tatss.dll<br/>[%SYSTEM%]\pgtools\tatss.exe </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run </CODE> </p> <p> <h2>Removing Tatss:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-59.blogspot.com/2009/01/dp2dlb-trojan.html">DP2DLB Trojan Information</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-4925745973514617387?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-25810325288138561392009-02-01T07:14:00.001-08:002009-02-01T07:14:59.789-08:00Removing Kongrid <br/><strong>Categories:</strong> Trojan<br/><em>This loose category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/> <br />Multi-purpose Trojans are also included in this group, as some virus writers <br />create multi-functional Trojans rather than Trojan packs.<br/></em><hr/><string>Kongrid Also known as:</strong><br/><code><br/>[Kaspersky]Trojan.Win32.Agent.ado,Virus.Win32.Agent.l;<br/>[McAfee]BackDoor-DIQ,W32/Generic.y;<br/>[Other]Win32/Kongrid.A,Backdoor:Win32/Difeqs.gen,W32/Agent.AWLA,W32.SillyFDC,Worm:Win32/SillyFDC,WORM_SILLYFDC.BN</code><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%SYSTEM%]\cologsver.exe<br/>[%SYSTEM%]\cscripts.exe<br/>[%SYSTEM%]\xbox.dll<br/>[%SYSTEM%]\cologsver.exe<br/>[%SYSTEM%]\cscripts.exe<br/>[%SYSTEM%]\xbox.dll </CODE> <p><h2>How to detect Kongrid:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%SYSTEM%]\cologsver.exe<br/>[%SYSTEM%]\cscripts.exe<br/>[%SYSTEM%]\xbox.dll<br/>[%SYSTEM%]\cologsver.exe<br/>[%SYSTEM%]\cscripts.exe<br/>[%SYSTEM%]\xbox.dll </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{72637363-7069-7374-652e-336d65747300} </CODE> </p> <p> <h2>Removing Kongrid:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://virusinfo-3726.blogspot.com/2009/01/win32vbgf-trojan.html">Win32.VB.gf Trojan Information</a><br/><a href="http://trojan-list-60.blogspot.com/2009/01/squatter-trojan.html">Squatter Trojan Symptoms</a><br/><a href="http://trojan-list-27.blogspot.com/2009/01/jura6235-trojan.html">Jura6235 Trojan Cleaner</a><br/><a href="http://trojan-description-blog.blogspot.com/2009/01/desktopauthority-rat.html">Desktop.Authority RAT Information</a><br/><a href="http://trojan-list-63.blogspot.com/2009/01/andum-trojan.html">Andum Trojan Removal instruction</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-2581032528813856139?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-81557930405988801842009-02-01T06:51:00.001-08:002009-02-01T06:51:39.363-08:00Removing ahv <br/><strong>Categories:</strong> Downloader<br/><em>The downloader either launches the new malware or registers it to enable autorun <br />according to the local operating system requirements.<br/></em> <p><h2>How to detect ahv:</h2></p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run, w034b6b0.dll=rundll32.exe w034b6b0.dll<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run, w07124c8.dll=rundll32.exe w07124c8.dll </CODE> </p> <p> <h2>Removing ahv:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://remove-malware.blogspot.com/2009/01/aolimspammer-trojan.html">Remove AolImSpammer Trojan</a><br/><a href="http://trojan-list-24.blogspot.com/2009/01/pigeonavpm-trojan.html">Pigeon.AVPM Trojan Removal instruction</a><br/><a href="http://trojan-list-47.blogspot.com/2009/01/sillydlcid-downloader.html">Removing SillyDl.CID Downloader</a><br/><a href="http://trojan-list-55.blogspot.com/2009/01/sensiscomau-tracking-cookie.html">Removing sensis.com.au Tracking Cookie</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-8155793040598880184?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-86238276225096345282009-02-01T06:16:00.001-08:002009-02-01T06:16:08.207-08:00Removing Freddy.ASE <br/><strong>Categories:</strong> RAT<br/><em>Many trojans and backdoors now have remote administration capabilities <br />allowing an individual to control the victim's computer. <br />Many times a file called the server must be opened on the victim's computer before <br />the trojan can have access to it.<br/> <br />These are generally sent through email, P2P file sharing software, <br />and in internet downloads. They are usually disguised as a legitimate program or file. <br />Many server files will display a fake error message when opened, to make it seem like it didn't open. <br />Some will also kill antivirus and firewall software.<br/></em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%WINDOWS%]\wintool.exe<br/>[%WINDOWS%]\wintool.exe </CODE> <p><h2>How to detect Freddy.ASE:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%WINDOWS%]\wintool.exe<br/>[%WINDOWS%]\wintool.exe </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run </CODE> </p> <p> <h2>Removing Freddy.ASE:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-description-blog.blogspot.com/2009/01/nulware-spyware.html">Nulware Spyware Symptoms</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-8623827622509634528?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-68022095905672717032009-02-01T06:00:00.001-08:002009-02-01T06:00:28.355-08:00Removing Zlob.Fam.VideoAccess <br/><strong>Categories:</strong> Trojan,Popups<br/><em>This category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/>Adware is the class of programs that <strong>place advertisements on your screen</strong>. <br />These may be in the form of pop-ups, pop-unders, advertisements embedded in programs, <br />advertisements placed on top of ads in web sites, or any other way the authors can <br />think of showing you an ad.<br/> <br />The pop-ups generally will not be stopped by pop-up stoppers, and often are <br />not dependent on your having Internet Explorer open. <br />They may show up when you are playing a game, writing a document, listening to music, <br />or anything else. Should you be surfing, the advertisements will often be related to <br />the web page you are viewing. <br/></em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%PROGRAMS%]\VideoAccess\Uninstall.lnk<br/>[%PROGRAM_FILES%]\VideoAccess\Uninstall.exe<br/>[%PROGRAMS%]\VideoAccess\Uninstall.lnk<br/>[%PROGRAM_FILES%]\VideoAccess\Uninstall.exe </CODE> <p><h2>How to detect Zlob.Fam.VideoAccess:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%PROGRAMS%]\VideoAccess\Uninstall.lnk<br/>[%PROGRAM_FILES%]\VideoAccess\Uninstall.exe<br/>[%PROGRAMS%]\VideoAccess\Uninstall.lnk<br/>[%PROGRAM_FILES%]\VideoAccess\Uninstall.exe </CODE> </p> <p><strong>Folders:</strong> <CODE> <br/>[%PROGRAMS%]\VideoAccess<br/>[%PROGRAM_FILES%]\VideoAccess </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\VideoAccess<br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoAccess </CODE> </p> <p> <h2>Removing Zlob.Fam.VideoAccess:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://viruslist-viruspedia-list.blogspot.com/2009/01/pigeonefd-trojan.html">Pigeon.EFD Trojan Removal</a><br/><a href="http://trojan-list-90.blogspot.com/2009/01/bancosfvk-trojan.html">Bancos.FVK Trojan Removal</a><br/><a href="http://trojan-list-14.blogspot.com/2009/01/nucscansabine-trojan.html">Remove NucScan.Sabine Trojan</a><br/><a href="http://trojan-list-55.blogspot.com/2009/01/ackcmd-trojan.html">Ack.Cmd Trojan Information</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-6802209590567271703?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-58600757437691944342009-02-01T05:35:00.001-08:002009-02-01T05:35:23.599-08:00Removing InclinedRoad <br/><strong>Categories:</strong> RAT<br/><em>Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on <br />April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack. <br /><br/></em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%WINDOWS%]\system\inclinedroad.exe<br/>[%WINDOWS%]\system\winroad.exe<br/>[%WINDOWS%]\system\inclinedroad.exe<br/>[%WINDOWS%]\system\winroad.exe </CODE> <p><h2>How to detect InclinedRoad:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%WINDOWS%]\system\inclinedroad.exe<br/>[%WINDOWS%]\system\winroad.exe<br/>[%WINDOWS%]\system\inclinedroad.exe<br/>[%WINDOWS%]\system\winroad.exe </CODE> </p> <p> <h2>Removing InclinedRoad:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://remove-listing-pc.blogspot.com/2009/01/bvi-trojan.html">BVI Trojan Removal instruction</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-5860075743769194434?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-86756393759285468912009-02-01T05:18:00.001-08:002009-02-01T05:18:55.476-08:00Removing VNC <br/><strong>Categories:</strong> RAT<br/><em>Many trojans and backdoors now have <strong>remote administration capabilities</strong> <br />allowing an individual to control the victim's computer. <br />Many times a file called the server must be opened on the victim's computer before <br />the trojan can have access to it.<br/> <br />These are generally sent through email, P2P file sharing software, <br />and in internet downloads. They are usually disguised as a legitimate program or file. <br />Many server files will display a fake error message when opened, to make it seem like it didn't open. <br />Some will also kill antivirus and firewall software.<br/> <br />Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on <br />April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack. <br />They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray, <br />and swap mouse buttons. However, they can be quite hard to remove.<br/></em><hr/><string>VNC Also known as:</strong><br/><code><br/>[Kaspersky]RemoteAdmin.Win32.WinVNC.4</code><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%COMMON_PROGRAMS%]\RealVNC\VNC Server 4 (Service-Mode)\Set License Key.lnk<br/>[%COMMON_PROGRAMS%]\RealVNC\VNC Viewer 4\Run Listening VNC Viewer.lnk<br/>[%COMMON_PROGRAMS%]\RealVNC\VNC Viewer 4\Run VNC Viewer.lnk<br/>[%DESKTOP%]\vnc viewer 4.lnk<br/>[%DESKTOP%]\vnc viewer.lnk<br/>[%COMMON_PROGRAMS%]\RealVNC\VNC Server 4 (Service-Mode)\Set License Key.lnk<br/>[%COMMON_PROGRAMS%]\RealVNC\VNC Viewer 4\Run Listening VNC Viewer.lnk<br/>[%COMMON_PROGRAMS%]\RealVNC\VNC Viewer 4\Run VNC Viewer.lnk<br/>[%DESKTOP%]\vnc viewer 4.lnk<br/>[%DESKTOP%]\vnc viewer.lnk </CODE> <p><h2>How to detect VNC:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%COMMON_PROGRAMS%]\RealVNC\VNC Server 4 (Service-Mode)\Set License Key.lnk<br/>[%COMMON_PROGRAMS%]\RealVNC\VNC Viewer 4\Run Listening VNC Viewer.lnk<br/>[%COMMON_PROGRAMS%]\RealVNC\VNC Viewer 4\Run VNC Viewer.lnk<br/>[%DESKTOP%]\vnc viewer 4.lnk<br/>[%DESKTOP%]\vnc viewer.lnk<br/>[%COMMON_PROGRAMS%]\RealVNC\VNC Server 4 (Service-Mode)\Set License Key.lnk<br/>[%COMMON_PROGRAMS%]\RealVNC\VNC Viewer 4\Run Listening VNC Viewer.lnk<br/>[%COMMON_PROGRAMS%]\RealVNC\VNC Viewer 4\Run VNC Viewer.lnk<br/>[%DESKTOP%]\vnc viewer 4.lnk<br/>[%DESKTOP%]\vnc viewer.lnk </CODE> </p> <p><strong>Folders:</strong> <CODE> <br/>[%PROGRAMS%]\realvnc<br/>[%PROGRAM_FILES%]\realvnc </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\realvnc_is1<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\winvnc_is1<br/>HKEY_LOCAL_MACHINE\software\realvnc<br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\winvnc4<br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winvnc4 </CODE> </p> <p> <h2>Removing VNC:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://malwarepedia-protect-listing.blogspot.com/2009/01/lockdirs-trojan.html">Lockdirs Trojan Removal instruction</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-8675639375928546891?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-47048847702887187552009-02-01T04:51:00.001-08:002009-02-01T04:51:26.591-08:00Removing SystemSleuth <br/><strong>Categories:</strong> Spyware<br/><em>Spyware programs can collect various types of personal information, <br />such as Internet surfing habit, sites that have been visited, <br />but can also interfere with user control of the computer in other ways, <br />such as installing additional software, redirecting Web browser activity, <br />accessing websites blindly that will cause more harmful viruses, <br />or diverting advertising revenue to a third party.<br/></em> <p><h2>How to detect SystemSleuth:</h2></p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CURRENT_USER\software\microsoft\installer\products\550e28ff89756b140a7ac6ee275e2c49<br/>HKEY_CURRENT_USER\software\microsoft\installer\upgradecodes\35dd57b63ac91b249aa3c668e74bd75e<br/>HKEY_LOCAL_MACHINE\software\divine downloads<br/>HKEY_LOCAL_MACHINE\software\rebrandsoftware\computer monitor keylogger </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run </CODE> </p> <p> <h2>Removing SystemSleuth:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://virusinfo-4138.blogspot.com/2009/01/vxidlatv-trojan.html">Vxidl.ATV Trojan Symptoms</a><br/><a href="http://trojan-list-90.blogspot.com/2009/01/win32prodex-trojan.html">Win32.Prodex Trojan Removal</a><br/><a href="http://trojan-list-74.blogspot.com/2009/01/osxcosmac-trojan.html">Removing OSX.Cosmac Trojan</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-4704884770288718755?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-2043308025817170932009-02-01T04:27:00.001-08:002009-02-01T04:27:51.587-08:00Removing INetSpeak <br/><strong>Categories:</strong> Trojan,Adware,BHO<br/><em>This category includes a variety of Trojans that damage victim machines or <br />threaten data integrity, or impair the functioning of the victim machine.<br/>Adware are programs that facilitate delivery for advertising content <br />to the user and in some cases gather information from the user's computer. <br /><br/> <strong>BHO (Browser Helper Object) Trojan</strong>. <br />The BHO waits for the user to post personal information to a monitored website. <br />As this information is entered by the user, it is captured by the BHO and sent back to the attacker. <br />The method of network transport used by the attacker makes this Trojan unique. <br />Typically, keyloggers of this type will send the stolen information back to the attacker via email <br />or HTTP POST, which can appear suspicious. <br />Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into <br />the data section of an ICMP ping packet." explained the company.<br/></em><hr/><string>INetSpeak Also known as:</strong><br/><code><br/>[Kaspersky]Trojan.Win32.Toras.b</code><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%PROGRAM_FILES%]\accele~1\anti-v~1\email_update.exe<br/>[%SYSTEM%]\bho.dll<br/>[%WINDOWS%]\Downloaded Program Files\BHO.INF<br/>[%FAVORITES%]\maria.lnk<br/>[%PROFILE%]\administrator\start menu\programs\musicmagnet\uninstall.lnk<br/>[%PROGRAMS%]\musicmagnet\music magnet.lnk<br/>[%PROGRAMS%]\musicmagnet\uninstall.lnk<br/>[%PROGRAM_FILES%]\internet explorer\boombar.dll<br/>[%PROGRAM_FILES%]\internet explorer\iexplorr11.dll<br/>[%PROGRAM_FILES%]\internet explorer\iexplorr22.dll<br/>[%PROGRAM_FILES%]\internet explorer\iexplorr23.dll<br/>[%SYSTEM%]\windowsie.dll<br/>[%WINDOWS%]\system\bho.dll<br/>[%WINDOWS%]\system\windowsie.dll<br/>[%WINDOWS%]\windowsie.dll<br/>[%WINDOWS%]\winietoolbar.ini<br/>[%PROGRAM_FILES%]\accele~1\anti-v~1\email_update.exe<br/>[%SYSTEM%]\bho.dll<br/>[%WINDOWS%]\Downloaded Program Files\BHO.INF<br/>[%FAVORITES%]\maria.lnk<br/>[%PROFILE%]\administrator\start menu\programs\musicmagnet\uninstall.lnk<br/>[%PROGRAMS%]\musicmagnet\music magnet.lnk<br/>[%PROGRAMS%]\musicmagnet\uninstall.lnk<br/>[%PROGRAM_FILES%]\internet explorer\boombar.dll<br/>[%PROGRAM_FILES%]\internet explorer\iexplorr11.dll<br/>[%PROGRAM_FILES%]\internet explorer\iexplorr22.dll<br/>[%PROGRAM_FILES%]\internet explorer\iexplorr23.dll<br/>[%SYSTEM%]\windowsie.dll<br/>[%WINDOWS%]\system\bho.dll<br/>[%WINDOWS%]\system\windowsie.dll<br/>[%WINDOWS%]\windowsie.dll<br/>[%WINDOWS%]\winietoolbar.ini </CODE> <p><h2>How to detect INetSpeak:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%PROGRAM_FILES%]\accele~1\anti-v~1\email_update.exe<br/>[%SYSTEM%]\bho.dll<br/>[%WINDOWS%]\Downloaded Program Files\BHO.INF<br/>[%FAVORITES%]\maria.lnk<br/>[%PROFILE%]\administrator\start menu\programs\musicmagnet\uninstall.lnk<br/>[%PROGRAMS%]\musicmagnet\music magnet.lnk<br/>[%PROGRAMS%]\musicmagnet\uninstall.lnk<br/>[%PROGRAM_FILES%]\internet explorer\boombar.dll<br/>[%PROGRAM_FILES%]\internet explorer\iexplorr11.dll<br/>[%PROGRAM_FILES%]\internet explorer\iexplorr22.dll<br/>[%PROGRAM_FILES%]\internet explorer\iexplorr23.dll<br/>[%SYSTEM%]\windowsie.dll<br/>[%WINDOWS%]\system\bho.dll<br/>[%WINDOWS%]\system\windowsie.dll<br/>[%WINDOWS%]\windowsie.dll<br/>[%WINDOWS%]\winietoolbar.ini<br/>[%PROGRAM_FILES%]\accele~1\anti-v~1\email_update.exe<br/>[%SYSTEM%]\bho.dll<br/>[%WINDOWS%]\Downloaded Program Files\BHO.INF<br/>[%FAVORITES%]\maria.lnk<br/>[%PROFILE%]\administrator\start menu\programs\musicmagnet\uninstall.lnk<br/>[%PROGRAMS%]\musicmagnet\music magnet.lnk<br/>[%PROGRAMS%]\musicmagnet\uninstall.lnk<br/>[%PROGRAM_FILES%]\internet explorer\boombar.dll<br/>[%PROGRAM_FILES%]\internet explorer\iexplorr11.dll<br/>[%PROGRAM_FILES%]\internet explorer\iexplorr22.dll<br/>[%PROGRAM_FILES%]\internet explorer\iexplorr23.dll<br/>[%SYSTEM%]\windowsie.dll<br/>[%WINDOWS%]\system\bho.dll<br/>[%WINDOWS%]\system\windowsie.dll<br/>[%WINDOWS%]\windowsie.dll<br/>[%WINDOWS%]\winietoolbar.ini </CODE> </p> <p><strong>Folders:</strong> <CODE> <br/>[%DESKTOP%]\music magnet.lnk<br/>[%PROFILE%]\start menu\programs\musicmagnet<br/>[%PROGRAM_FILES%]\mm050102<br/>[%PROGRAM_FILES%]\mm052202<br/>[%PROGRAM_FILES%]\musicmagnet </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CLASSES_ROOT\bho42602.clsinetspeak<br/>HKEY_CLASSES_ROOT\clsid\{2e12b523-3d4c-4fac-9b04-0376a8f5e879}<br/>HKEY_CLASSES_ROOT\clsid\{c389f2cf-26ed-11d5-a212-004005f6feb6}<br/>HKEY_CLASSES_ROOT\clsid\{d6862a22-1dd6-11d3-bb7c-444553540000}<br/>HKEY_CLASSES_ROOT\interface\{d16f4f72-24df-4775-b444-167af5b30620}<br/>HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{2e12b523-3d4c-4fac-9b04-0376a8f5e879}<br/>HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{d6862a22-1dd6-11d3-bb7c-444553540000}<br/>HKEY_LOCAL_MACHINE\software\classes\bho42602.clsdockwindow<br/>HKEY_LOCAL_MACHINE\software\classes\bho42602.clsinetspeak<br/>HKEY_LOCAL_MACHINE\software\classes\clsid\{236826b1-8fdb-4d3c-8f70-e154f874703d}<br/>HKEY_LOCAL_MACHINE\software\classes\clsid\{2e12b523-3d4c-4fac-9b04-0376a8f5e879}<br/>HKEY_LOCAL_MACHINE\software\classes\clsid\{4cf5275b-cdbc-11d3-a8af-0090279a5978}<br/>HKEY_LOCAL_MACHINE\software\classes\clsid\{d6862a22-1dd6-11d3-bb7c-444553540000}<br/>HKEY_LOCAL_MACHINE\software\classes\interface\{072d14ef-99b6-49dd-9be5-76142727b7ac}<br/>HKEY_LOCAL_MACHINE\software\classes\interface\{4b191b11-a44c-4d42-b4ac-6fcd5f61587c}<br/>HKEY_LOCAL_MACHINE\software\classes\interface\{943f44c0-44da-40d5-98d7-9aac4c15c603}<br/>HKEY_LOCAL_MACHINE\software\classes\interface\{d16f4f72-24df-4775-b444-167af5b30620}<br/>HKEY_LOCAL_MACHINE\software\classes\typelib\{d6862a20-1dd6-11d3-bb7c-444553540000}<br/>HKEY_LOCAL_MACHINE\software\classes\windowsie.clsdw<br/>HKEY_LOCAL_MACHINE\software\classes\windowsie.clsis<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2e12b523-3d4c-4fac-9b04-0376a8f5e879}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d6862a22-1dd6-11d3-bb7c-444553540000}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\musicmagnet </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\classes\bho426022<br/>HKEY_LOCAL_MACHINE\software\classes\windowsie<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\windowsie<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\windowsie<br/>HKEY_LOCAL_MACHINE\software\nsis_musicmagnet </CODE> </p> <p> <h2>Removing INetSpeak:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-95.blogspot.com/2009/01/antischooltef-trojan.html">Anti.School.Tef Trojan Cleaner</a><br/><a href="http://trojan-list-09.blogspot.com/2009/01/yayaveratl-adware.html">YayaVerAtl Adware Removal instruction</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-204330802581717093?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-65143679334266433782009-02-01T03:35:00.001-08:002009-02-01T03:35:30.633-08:00Removing Super.Killer <br/><strong>Categories:</strong> Ransomware<br/><em>A <strong>cryptovirus, cryptotrojan or cryptoworm</strong> is a type of <br />malware that encrypts the data belonging to an individual on a computer, <br />demanding a ransom for its restoration.<br/> <br />The term ransomware is commonly used to describe software that encrypts the data <br />belonging to an individual on a computer, demanding a ransom for its restoration. <br />Although the field known as cryptovirology predates the term "ransomware".<br/></em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%DESKTOP%]\SuperSpywareKiller.lnk<br/>[%DESKTOP%]\SuperSpywareKiller.lnk </CODE> <p><h2>How to detect Super.Killer:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%DESKTOP%]\SuperSpywareKiller.lnk<br/>[%DESKTOP%]\SuperSpywareKiller.lnk </CODE> </p> <p><strong>Folders:</strong> <CODE> <br/>[%COMMON_PROGRAMS%]\SuperSpywareKiller<br/>[%PROGRAM_FILES%]\SuperSpywareKiller </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CURRENT_USER\software\spywarekiller<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\superspywarekiller_is1 </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run </CODE> </p> <p> <h2>Removing Super.Killer:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://virusinfo-2217.blogspot.com/2009/01/bigbot-backdoor.html">Bigbot Backdoor Symptoms</a><br/><a href="http://trojan-list-14.blogspot.com/2009/01/monabomber-rat.html">MonaBomber RAT Removal instruction</a><br/><a href="http://trojan-description-blog.blogspot.com/2009/01/commissionjunctioncom-tracking-cookie.html">Remove Commission.Junction.com Tracking Cookie</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-6514367933426643378?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-62942142840772357222009-02-01T02:43:00.001-08:002009-02-01T02:43:05.929-08:00Removing Easy.Keyboard.Logger <br/><strong>Categories:</strong> Spyware<br/><em>Spyware is computer software that is installed surreptitiously on a personal computer <br />to <intercept or take partial control over the user's interaction <br />with the computer, without the user's informed consent.<br/></em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%PROFILE_TEMP%]\EasyKeylog.txt<br/>[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Easy Keyboard Logger.lnk<br/>[%DESKTOP%]\Easy Keyboard Logger.lnk<br/>[%PROFILE_TEMP%]\EasyKeylog.txt<br/>[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Easy Keyboard Logger.lnk<br/>[%DESKTOP%]\Easy Keyboard Logger.lnk </CODE> <p><h2>How to detect Easy.Keyboard.Logger:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%PROFILE_TEMP%]\EasyKeylog.txt<br/>[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Easy Keyboard Logger.lnk<br/>[%DESKTOP%]\Easy Keyboard Logger.lnk<br/>[%PROFILE_TEMP%]\EasyKeylog.txt<br/>[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Easy Keyboard Logger.lnk<br/>[%DESKTOP%]\Easy Keyboard Logger.lnk </CODE> </p> <p><strong>Folders:</strong> <CODE> <br/>[%PROGRAM_FILES%]\Easy Keyboard Logger<br/>[%PROGRAMS%]\Easy Keyboard Logger </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_CURRENT_USER\software\ekl<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy keyboard logger_is1<br/>HKEY_LOCAL_MACHINE\software\softsaga easy keyboard logger </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run </CODE> </p> <p> <h2>Removing Easy.Keyboard.Logger:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-33.blogspot.com/2009/01/delalot-trojan.html">Delalot Trojan Symptoms</a><br/><a href="http://trojan-list-16.blogspot.com/2009/01/radr-trojan.html">RA.dr Trojan Removal instruction</a><br/><a href="http://trojan-list-39.blogspot.com/2009/01/ntrc-backdoor.html">Removing NTRC Backdoor</a><br/><a href="http://trojan-list-22.blogspot.com/2009/01/computer-key-logger-spyware.html">Computer Key Logger Spyware Information</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-6294214284077235722?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-14160847676395708942009-02-01T01:47:00.001-08:002009-02-01T01:47:22.627-08:00Removing WinSession.Logger <br/><strong>Categories:</strong> Spyware<br/><em>Spyware is computer software that is installed surreptitiously on a personal computer <br />to <strong>intercept or take partial control</strong> over the user's interaction <br />with the computer, without the user's informed consent.<br/> <br />While the term spyware suggests software that secretly monitors the user's behavior, <br />the functions of spyware extend well beyond simple monitoring.<br/> <br />Spyware programs can collect various types of personal information, <br />such as Internet surfing habit, sites that have been visited, <br />but can also interfere with user control of the computer in other ways, <br />such as installing additional software, redirecting Web browser activity, <br />accessing websites blindly that will cause more harmful viruses, <br />or diverting advertising revenue to a third party.<br/> <br />Spyware can even change computer settings, resulting in slow connection speeds, <br />different home pages, and loss of Internet or other programs. <br />In an attempt to increase the understanding of spyware, a more formal classification <br />of its included software types is captured under the term privacy-invasive software. <br/></em><hr/><strong>Visible Symptoms:</strong> <br/>Files in system folders:<CODE> <br/>[%DESKTOP%]\ws logger.lnk<br/>[%SYSTEM%]\9500\svchost.exe<br/>[%SYSTEM%]\bootldr.exe<br/>[%SYSTEM%]\conwxrl.bin<br/>[%SYSTEM%]\delservicew.exe<br/>[%SYSTEM%]\digiwin.dll<br/>[%SYSTEM%]\exwin32m.exe<br/>[%SYSTEM%]\nxkernel32.dll<br/>[%SYSTEM%]\Old_date32.dll<br/>[%SYSTEM%]\svclsv.exe<br/>[%SYSTEM%]\unicode_digi.dll<br/>[%SYSTEM%]\xwboot.exe<br/>[%DESKTOP%]\ws logger.lnk<br/>[%SYSTEM%]\9500\svchost.exe<br/>[%SYSTEM%]\bootldr.exe<br/>[%SYSTEM%]\conwxrl.bin<br/>[%SYSTEM%]\delservicew.exe<br/>[%SYSTEM%]\digiwin.dll<br/>[%SYSTEM%]\exwin32m.exe<br/>[%SYSTEM%]\nxkernel32.dll<br/>[%SYSTEM%]\Old_date32.dll<br/>[%SYSTEM%]\svclsv.exe<br/>[%SYSTEM%]\unicode_digi.dll<br/>[%SYSTEM%]\xwboot.exe </CODE> <p><h2>How to detect WinSession.Logger:</h2></p> <p><strong>Files:</strong> <CODE> <br/>[%DESKTOP%]\ws logger.lnk<br/>[%SYSTEM%]\9500\svchost.exe<br/>[%SYSTEM%]\bootldr.exe<br/>[%SYSTEM%]\conwxrl.bin<br/>[%SYSTEM%]\delservicew.exe<br/>[%SYSTEM%]\digiwin.dll<br/>[%SYSTEM%]\exwin32m.exe<br/>[%SYSTEM%]\nxkernel32.dll<br/>[%SYSTEM%]\Old_date32.dll<br/>[%SYSTEM%]\svclsv.exe<br/>[%SYSTEM%]\unicode_digi.dll<br/>[%SYSTEM%]\xwboot.exe<br/>[%DESKTOP%]\ws logger.lnk<br/>[%SYSTEM%]\9500\svchost.exe<br/>[%SYSTEM%]\bootldr.exe<br/>[%SYSTEM%]\conwxrl.bin<br/>[%SYSTEM%]\delservicew.exe<br/>[%SYSTEM%]\digiwin.dll<br/>[%SYSTEM%]\exwin32m.exe<br/>[%SYSTEM%]\nxkernel32.dll<br/>[%SYSTEM%]\Old_date32.dll<br/>[%SYSTEM%]\svclsv.exe<br/>[%SYSTEM%]\unicode_digi.dll<br/>[%SYSTEM%]\xwboot.exe </CODE> </p> <p><strong>Folders:</strong> <CODE> <br/>[%PROGRAMS%]\WinSession Logger<br/>[%PROGRAM_FILES%]\wlogs<br/>[%PROGRAM_FILES%]\wslogger </CODE> </p> <p><strong>Registry Keys:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\mcap4_software<br/>HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ebt9l2db0-b607-11d2-9cbd-0000f87a369e}<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\winsession logger_is1<br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\services\subsystem64r </CODE> </p> <p><strong>Registry Values:</strong> <CODE> <br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run<br/>HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run<br/>HKEY_LOCAL_MACHINE\software\msc_software </CODE> </p> <p> <h2>Removing WinSession.Logger:</h2></p><p><p>You can download trial version of "Exterminate-It" antivirus software <a href="http://ihitec.com/t.php?path=av-dl/m-i/1" rel="nofollow">here</a>, to check your computer instantly.</p>Or <a href="http://ihitec.com/t.php?path=av-buy/m-i/1" rel="nofollow">buy it</a> to remove ALL viruses from your computer.<hr/><p>Also Be Aware of the Following Threats:<br/><a href="http://trojan-list-09.blogspot.com/2009/01/lameness-trojan.html">Lameness Trojan Cleaner</a><br/><a href="http://ridethe-pc-info.blogspot.com/2009/01/bancosgyr-trojan.html">Bancos.GYR Trojan Removal</a><br/><a href="http://virusinfo-0929.blogspot.com/2009/01/sillydldme-trojan.html">SillyDl.DME Trojan Symptoms</a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1481876143551850049-1416084767639570894?l=malware-info.blogspot.com' alt='' /></div>Andres Damianhttp://www.blogger.com/profile/09684340360941054571noreply@blogger.com0tag:blogger.com,1999:blog-1481876143551850049.post-72656033808450659842009-02-01T01:24:00.001-08:002009-02-01T01:24:34.624-08:00Removing SpywareRemover <br/><strong>Categories:</strong> Ransomware<br/><em>A <strong>cryptovirus, cryptotrojan or cryptoworm</strong> is a type of <br />malware that encrypts the data belonging to an individual on a computer, <br />demanding a ransom for its restoration.<br/> <br />The term ransom