Sunday, November 30, 2008

DarkFace Backdoor

Removing DarkFace
Categories: Backdoor,RAT
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.

DarkFace Also known as:

[Kaspersky]Backdoor.Antilam.g1,Backdoor.Delf.hw,Backdoor.Pestdoor.31;
[McAfee]BackDoor-AED;
[F-Prot]security risk or a "backdoor" program;
[Panda]Backdoor Program.LC,Bck/Antilam.g1;
[Computer Associates]Backdoor/Latinus_Server_family

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\mshtml.exe
[%WINDOWS%]\mshtml.exe

How to detect DarkFace:

Files:
[%WINDOWS%]\mshtml.exe
[%WINDOWS%]\mshtml.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing DarkFace:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Activity.Keylogger Spyware Removal instruction
Delf.jk Backdoor Removal instruction
Fictional.Daemon RAT Removal instruction
Alexa BHO Removal instruction

IE.Host Adware

Removing IE.Host
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

How to detect IE.Host:

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\79b498b3e041

Removing IE.Host:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Mail.Notify Trojan Information
Removing Pigeon.AOJ Trojan
Remove Agent.mx Trojan
Ranky.Variant!Trojan Trojan Removal
Doubletrouble Hostile Code Symptoms

SpamToo.U Trojan

Removing SpamToo.U
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\aimsmx.dll
[%SYSTEM%]\aosmx.dll
[%SYSTEM%]\gtalsmx.dll
[%SYSTEM%]\rsvp32_2.dll
[%SYSTEM%]\ymsgsmx.dll
[%SYSTEM%]\aimsmx.dll
[%SYSTEM%]\aosmx.dll
[%SYSTEM%]\gtalsmx.dll
[%SYSTEM%]\rsvp32_2.dll
[%SYSTEM%]\ymsgsmx.dll

How to detect SpamToo.U:

Files:
[%SYSTEM%]\aimsmx.dll
[%SYSTEM%]\aosmx.dll
[%SYSTEM%]\gtalsmx.dll
[%SYSTEM%]\rsvp32_2.dll
[%SYSTEM%]\ymsgsmx.dll
[%SYSTEM%]\aimsmx.dll
[%SYSTEM%]\aosmx.dll
[%SYSTEM%]\gtalsmx.dll
[%SYSTEM%]\rsvp32_2.dll
[%SYSTEM%]\ymsgsmx.dll

Registry Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\WinSock2\Buibert

Removing SpamToo.U:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing SearchClickAds Adware

Illusion Trojan

Removing Illusion
Categories: Trojan,Backdoor,Downloader,Hacker Tool,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.
DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.



Illusion Also known as:

[Kaspersky]Backdoor.VB.jv,Illusion.1328;
[Panda]Backdoor Program,Illusion.1328;
[Computer Associates]Backdoor/VB.jv!Server

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\memory.exe
[%WINDOWS%]\system\memory.exe

How to detect Illusion:

Files:
[%WINDOWS%]\system\memory.exe
[%WINDOWS%]\system\memory.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Illusion:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Doshye Trojan
Vxidl.ACL Trojan Removal instruction
Rbot.Oz Worm Symptoms

DuckToy Backdoor

Removing DuckToy
Categories: Backdoor,RAT
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

DuckToy Also known as:

[Kaspersky]Backdoor.Latinus.d,Backdoor.Ducktoy.101,Backdoor.Ducktoy.111,Backdoor.Antilam.g1,Backdoor.Ducktoy.12,Backdoor.Ducktoy.13,Backdoor.Ducktoy.14;
[McAfee]BackDoor-KF;
[F-Prot]security risk or a "backdoor" program;
[Panda]Backdoor Program,Bck/Ducktoy,Bck/Ducktoy.101,Bck/Aga.A,Bck/Antilam.g1;
[Computer Associates]Backdoor/Latinus.d,Backdoor/Latinus_Server_family,Backdoor/Ducktoy.101,Win32.Ducktoy.101,Backdoor/Ducktoy.111,Win32.Ducktoy.111,Backdoor/DuckToy.12!Client,Backdoor/DuckToy.1.3,Win32.Ducktoy.13,Backdoor/Ducktoy!Server,Win32.Ducktoy.14

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\explorer .exe
[%WINDOWS%]\system36.exe
[%WINDOWS%]\explorer .exe
[%WINDOWS%]\system36.exe

How to detect DuckToy:

Files:
[%WINDOWS%]\explorer .exe
[%WINDOWS%]\system36.exe
[%WINDOWS%]\explorer .exe
[%WINDOWS%]\system36.exe

Removing DuckToy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Bancos.HTY Trojan
Fatal.Connections Trojan Removal
DoctorAdwarePro Ransomware Symptoms
Bancos.HYY Trojan Cleaner

Seresp Trojan

Removing Seresp
Categories: Trojan,Downloader
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

Seresp Also known as:

[Kaspersky]Trojan-Downloader.Win32.Small,Troajn-Downloader.Win32.Small.ddp,Trojan-Downlaoder.Win32.Small.ddp;
[McAfee]AZESearch;
[Other]Win32/Seresp,Win32/Seresp.B,Trojan-Downloader.Win32.Samll.ddp,Win32/Seresp.C,Troajn.Adclicker,Win32/Seresp.D,Win32/Seresp.E,Adware.TrustinPopups

Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\lz0q8801-2006-02-24\crack.exe
[%PROGRAM_FILES%]\TrustIn Contextual\trustincontext.dll
[%SYSTEM%]\mscoriezb.dll
[%WINDOWS%]\3_cad.exe
[%WINDOWS%]\cad_111.exe
[%WINDOWS%]\inetloader.dll
[%PROFILE_TEMP%]\lz0q8801-2006-02-24\crack.exe
[%PROGRAM_FILES%]\TrustIn Contextual\trustincontext.dll
[%SYSTEM%]\mscoriezb.dll
[%WINDOWS%]\3_cad.exe
[%WINDOWS%]\cad_111.exe
[%WINDOWS%]\inetloader.dll

How to detect Seresp:

Files:
[%PROFILE_TEMP%]\lz0q8801-2006-02-24\crack.exe
[%PROGRAM_FILES%]\TrustIn Contextual\trustincontext.dll
[%SYSTEM%]\mscoriezb.dll
[%WINDOWS%]\3_cad.exe
[%WINDOWS%]\cad_111.exe
[%WINDOWS%]\inetloader.dll
[%PROFILE_TEMP%]\lz0q8801-2006-02-24\crack.exe
[%PROGRAM_FILES%]\TrustIn Contextual\trustincontext.dll
[%SYSTEM%]\mscoriezb.dll
[%WINDOWS%]\3_cad.exe
[%WINDOWS%]\cad_111.exe
[%WINDOWS%]\inetloader.dll

Registry Keys:
HKEY_CLASSES_ROOT\bot.clicker
HKEY_CLASSES_ROOT\changerbho.changerbho
HKEY_CLASSES_ROOT\CLSID\{590FFB84-6A29-4797-9C0E-B15DF2C4CDCB}
HKEY_CLASSES_ROOT\clsid\{631f7200-642e-11db-bd13-0800200c9a66}\inprocserver32
HKEY_CLASSES_ROOT\InetLoader.WeeklyExecuter
HKEY_CLASSES_ROOT\interface\{10d3a642-0b03-46ad-b8b0-8d45989a0055}
HKEY_CLASSES_ROOT\interface\{6a367d7c-cb66-4552-a690-38dbf1a6b58a}
HKEY_CLASSES_ROOT\Interface\{81CDDAE8-3B92-4F0D-86C1-8DD5DB6A8471}
HKEY_CLASSES_ROOT\Se_spoof.SpoofBHO
HKEY_CLASSES_ROOT\typelib\{b77fb3ea-6ad0-4543-ab38-10fe7f94e7ec}
HKEY_CLASSES_ROOT\typelib\{fff5e268-6645-42ac-8740-7ef2c8aa8558}
HKEY_CURRENT_USER\software\expand\clicker2
HKEY_CURRENT_USER\software\trustin\weekly executer
HKEY_CLASSES_ROOT\clsid\{1d4c7057-ead2-44c6-ad18-9092905f28f1}
HKEY_CLASSES_ROOT\clsid\{590ffb84-6a29-4797-9c0e-b15df2c4cdcb}
HKEY_CLASSES_ROOT\clsid\{a62d2213-2d9b-4d25-b52d-0bc282501d5b}
HKEY_CLASSES_ROOT\clsid\{a97b5ef1-ca64-466f-ac40-f770ed52db92}
HKEY_CLASSES_ROOT\inetloader.weeklyexecuter
HKEY_CLASSES_ROOT\interface\{81cddae8-3b92-4f0d-86c1-8dd5db6a8471}
HKEY_CLASSES_ROOT\interface\{9e0370d8-19ac4d06-879b-1514ba884199}
HKEY_CLASSES_ROOT\se_spoof.spoofbho
HKEY_CLASSES_ROOT\typelib\{1ebb9141-2ff9-4fc8-ba91-1ce79dde25cf}
HKEY_CLASSES_ROOT\typelib\{efa1ec0f-8359-41b7-a178-7dd6805a0c79}\1.0

Removing Seresp:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Pigeon.AVB Trojan
Atmaca Downloader Removal
Belcaro.GoldenRetriever Spyware Removal
Brontok.DN Worm Symptoms

WinBo32 Trojan

Removing WinBo32
Categories: Trojan,Adware
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.


Visible Symptoms:
Files in system folders:
[%WINDOWS%]\mbop1-0-3b.exe
[%WINDOWS%]\syscheckbop32.exe
[%WINDOWS%]\mbop1-0-3b.exe
[%WINDOWS%]\syscheckbop32.exe

How to detect WinBo32:

Files:
[%WINDOWS%]\mbop1-0-3b.exe
[%WINDOWS%]\syscheckbop32.exe
[%WINDOWS%]\mbop1-0-3b.exe
[%WINDOWS%]\syscheckbop32.exe

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing WinBo32:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Fox RAT Information
Removing DeskAd.Service Adware
KidLogger Spyware Symptoms
Remove Ljjw Trojan
Remove SillyDl.ATT Downloader

AntiSpyLab Ransomware

Removing AntiSpyLab
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe software that encrypts the data
belonging to an individual on a computer, demanding a ransom for its restoration.
Although the field known as cryptovirology predates the term "ransomware".

How to detect AntiSpyLab:

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{77701e16-9bfe-4b63-a5b4-7bd156758a37}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-59D4-4008-9058-080011001200}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77701e16-9bfe-4b63-a5b4-7bd156758a37}

Removing AntiSpyLab:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
PSW.VB.an Trojan Symptoms
Intended.Nuke.Pox Backdoor Cleaner
Remove Stratio.BN Worm

Shootingmenu.Applet Hostile Code

Removing Shootingmenu.Applet
Categories: Hostile Code
Hostile code is any process running on a system that is
not authorized by the system administrator, such as Trojans, viruses, or spyware.

Visible Symptoms:
Files in system folders:
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\60\29d0e33c-77f519c2
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\shootingmenu.class-2eb3f7e2-3cc3d25c.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\shootingmenu.class-2eb3f7e2-5c186360.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\shootingmenu.class-2eb3f7e2-6da91a91.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\shootingmenu.class-2fe3958b-2aace4bf.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\shootingmenu.class-73ff83d0-599d584f.class
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\60\29d0e33c-77f519c2
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\shootingmenu.class-2eb3f7e2-3cc3d25c.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\shootingmenu.class-2eb3f7e2-5c186360.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\shootingmenu.class-2eb3f7e2-6da91a91.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\shootingmenu.class-2fe3958b-2aace4bf.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\shootingmenu.class-73ff83d0-599d584f.class

How to detect Shootingmenu.Applet:

Files:
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\60\29d0e33c-77f519c2
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\shootingmenu.class-2eb3f7e2-3cc3d25c.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\shootingmenu.class-2eb3f7e2-5c186360.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\shootingmenu.class-2eb3f7e2-6da91a91.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\shootingmenu.class-2fe3958b-2aace4bf.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\shootingmenu.class-73ff83d0-599d584f.class
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\60\29d0e33c-77f519c2
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\shootingmenu.class-2eb3f7e2-3cc3d25c.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\shootingmenu.class-2eb3f7e2-5c186360.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\shootingmenu.class-2eb3f7e2-6da91a91.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\shootingmenu.class-2fe3958b-2aace4bf.class
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\shootingmenu.class-73ff83d0-599d584f.class

Removing Shootingmenu.Applet:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove PS.MPC.Family Trojan
Removing Cuhmap Trojan
HideMBR Trojan Removal
Bancos.GCZ Trojan Removal instruction

USBroot Trojan

Removing USBroot
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

USBroot Also known as:

[Kaspersky]Trojan.Win32.Kolweb.q,Rootkit.Win32.Agent.io;
[McAfee]Generic RootKit.a,Generic Rootkit.a;
[F-Prot]W32/TrojanX.ACFM,W32/Rootkit.ACR,W32/RootkitX.LA;
[Other]Hacktool.Rootkit,VirTool:WinNT/Smallrk.G,W32/Agent.CWZW,TROJ_KOLWEB.Q,W32/Malware.ANFC,Possible_Strat-6,W32/Rootkit.AMV,TROJ_ROOTKIT.ZPP

Visible Symptoms:
Files in system folders:
[%STARTUP%]\.lnk
[%STARTUP%]\_.lnk
[%SYSTEM%]\drivers\ohciusb.sys
[%SYSTEM%]\drivers\ohciusb.syt
[%SYSTEM%]\drivers\ohctusb.sys
[%SYSTEM%]\drivers\ohctusb.syt
[%SYSTEM%]\drivers\ohdusb.sys
[%SYSTEM%]\msmapibx32.exe
[%STARTUP%]\.lnk
[%STARTUP%]\_.lnk
[%SYSTEM%]\drivers\ohciusb.sys
[%SYSTEM%]\drivers\ohciusb.syt
[%SYSTEM%]\drivers\ohctusb.sys
[%SYSTEM%]\drivers\ohctusb.syt
[%SYSTEM%]\drivers\ohdusb.sys
[%SYSTEM%]\msmapibx32.exe

How to detect USBroot:

Files:
[%STARTUP%]\.lnk
[%STARTUP%]\_.lnk
[%SYSTEM%]\drivers\ohciusb.sys
[%SYSTEM%]\drivers\ohciusb.syt
[%SYSTEM%]\drivers\ohctusb.sys
[%SYSTEM%]\drivers\ohctusb.syt
[%SYSTEM%]\drivers\ohdusb.sys
[%SYSTEM%]\msmapibx32.exe
[%STARTUP%]\.lnk
[%STARTUP%]\_.lnk
[%SYSTEM%]\drivers\ohciusb.sys
[%SYSTEM%]\drivers\ohciusb.syt
[%SYSTEM%]\drivers\ohctusb.sys
[%SYSTEM%]\drivers\ohctusb.syt
[%SYSTEM%]\drivers\ohdusb.sys
[%SYSTEM%]\msmapibx32.exe

Registry Keys:
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_ohciusb
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_ohctusb
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_ohdusb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ohciusb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ohctusb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ohdusb

Removing USBroot:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Flyswat Adware Symptoms
SillyDl.DDQ Trojan Removal instruction
Removing Win32.RemoteSOB Trojan
Wussoe Trojan Symptoms

Banker.anv Spyware

Removing Banker.anv
Categories: Spyware
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\media\winework.exe
[%WINDOWS%]\media\winework.exe

How to detect Banker.anv:

Files:
[%WINDOWS%]\media\winework.exe
[%WINDOWS%]\media\winework.exe

Removing Banker.anv:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Stealth.WebSite.Logger Spyware
Removing Libie Trojan

FavoriteMan.FOne BHO

Removing FavoriteMan.FOne
Categories: BHO
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.

FavoriteMan.FOne Also known as:

[Panda]Adware/NetPals

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\fone.dll
[%WINDOWS%]\system\fone.dll
[%SYSTEM%]\fone.dll
[%WINDOWS%]\system\fone.dll

How to detect FavoriteMan.FOne:

Files:
[%SYSTEM%]\fone.dll
[%WINDOWS%]\system\fone.dll
[%SYSTEM%]\fone.dll
[%WINDOWS%]\system\fone.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{00000ef1-0786-4633-87c6-1aa7a44296da}
HKEY_CLASSES_ROOT\f1.organizer
HKEY_CLASSES_ROOT\f1.organizer.1
HKEY_CLASSES_ROOT\typelib\{ef100007-f409-426a-9e7c-cb211f2a9786}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000EF1-0786-4633-87C6-1AA7A44296DA}
HKEY_CLASSES_ROOT\clsid\{000000f1-34e3-4633-87c6-1aa7a44296da}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{000000f1-34e3-4633-87c6-1aa7a44296da}
HKEY_LOCAL_MACHINE\software\classes\clsid\{000000f1-34e3-4633-87c6-1aa7a44296da}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{000000f1-34e3-4633-87c6-1aa7a44296da}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000ef1-0786-4633-87c6-1aa7a44296da}

Removing FavoriteMan.FOne:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Zlob.Fam.VideosCodec Trojan Removal instruction
Bancos.IHA Trojan Removal instruction
Small.cqy Trojan Cleaner
Spilt Trojan Information
BackDoor.AUS Trojan Symptoms

Pigeon.AWE Trojan

Removing Pigeon.AWE
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

How to detect Pigeon.AWE:

Registry Values:
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_*00d6*00b4*00d0*00d0*00cf*00b5*00cd*00b3*00bb*00b9*00d4*00ad*00b9*00a6*00c4*00dc*00a1*00a3_*00d2*00aa*00cd*00a3*00d6*00b9*00b7*00fe*00ce*00f1
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_*00d6*00b4*00d0*00d0*00cf*00b5*00cd*00b3*00bb*00b9*00d4*00ad*00b9*00a6*00c4*00dc*00a1*00a3_*00d2*00aa*00cd*00a3*00d6*00b9*00b7*00fe*00ce*00f1\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_*00d6*00b4*00d0*00d0*00cf*00b5*00cd*00b3*00bb*00b9*00d4*00ad*00b9*00a6*00c4*00dc*00a1*00a3_*00d2*00aa*00cd*00a3*00d6*00b9*00b7*00fe*00ce*00f1\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_*00d6*00b4*00d0*00d0*00cf*00b5*00cd*00b3*00bb*00b9*00d4*00ad*00b9*00a6*00c4*00dc*00a1*00a3_*00d2*00aa*00cd*00a3*00d6*00b9*00b7*00fe*00ce*00f1\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_*00d6*00b4*00d0*00d0*00cf*00b5*00cd*00b3*00bb*00b9*00d4*00ad*00b9*00a6*00c4*00dc*00a1*00a3_*00d2*00aa*00cd*00a3*00d6*00b9*00b7*00fe*00ce*00f1\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_*00d6*00b4*00d0*00d0*00cf*00b5*00cd*00b3*00bb*00b9*00d4*00ad*00b9*00a6*00c4*00dc*00a1*00a3_*00d2*00aa*00cd*00a3*00d6*00b9*00b7*00fe*00ce*00f1\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_*00d6*00b4*00d0*00d0*00cf*00b5*00cd*00b3*00bb*00b9*00d4*00ad*00b9*00a6*00c4*00dc*00a1*00a3_*00d2*00aa*00cd*00a3*00d6*00b9*00b7*00fe*00ce*00f1\0000\control

Removing Pigeon.AWE:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Delfile2.Cab Hostile Code Cleaner
Advanced.Computer.Monitor Spyware Removal
Bancos.GDV Trojan Removal instruction
PStopper Adware Removal instruction
Remove CFour RAT

Downloader Trojan

Removing Downloader
Categories: Trojan,Adware,BHO,Backdoor,RAT,Hijacker,Toolbar,Downloader,Hacker Tool,DoS
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.Trojans-downloaders downloads and installs new malware or adware on the computer.

Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.
DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.



Downloader Also known as:

[Kaspersky]TrojanDownloader.Win32.Minstaller,Trojan.Win32.HLJacker,TrojanDownloader.Win32.Small.f,KeyPress.1212,Quit.555.a,TrojanDownloader.Win32.WebDL.b,Win16.StalkerX.1241,TrojanDownloader.Win32.Apher.e,TrojanDownloader.Win32.WebDL.g,TrojanDownloader.Win32.Apher.gen,TrojanDownloader.Win32.Aphex.030.b,TrojanDownloader.Win32.Aphex.a,TrojanDownloader.Win32.Whomp.10,TrojanDownloader.Win32.MultiDL.23,TrojanDownloader.Win32.Kaizer,TrojanDownloader.Win32.MultiDL.30.a,TrojanDownloader.Win32.MultiDL.30.b,TrojanDownloader.Win32.Zdown.10,TrojanDownloader.Win32.Zdown.11,TrojanDownloader.Win32.NetDown,TrojanDownloader.Win32.Aphex.10.d,TrojanDownloader.Win32.Apher.i,TrojanDownloader.Win32.Hatchet.10,TrojanDownloader.Win32.Hatchet.10.a,TrojanDownloader.Win32.Delf.i,TrojanDownloader.Win32.SALite.10,TrojanDownloader.Win32.Injecter,TrojanDownloader.Win32.SALite.11,TrojanDownloader.Win32.Aphex.020,TrojanDownloader.Win32.Zdown.12,TrojanDownloader.Win32.WebDL.d,TrojanDownloader.Win32.Dsweb.10,TrojanDownloader.Win32.IMCdown,Trojan-Dropper.Win32.Agent.hl;
[Eset]Win32/Autoupder trojan,Win32/TrojanDownloader.Minstaller trojan,Win32/AimJacker.20 trojan,Win32/AimJacker.20.Server trojan,Win32/Small.F trojan,Win32/TrojanDownloader.Apher.030 trojan,Win32/TrojanDownloader.MultiDL.23 trojan;
[McAfee]Downloader-W,Downloader-Z,Downloader-Z.cfg,Downloader-B,Keypress.1228,Quit,Stalker.dr,Downloader-R,Downloader-AE,Downloader-AP,Downloader-AP.cfg,Downloader-BP,Downloader-BT,Downloader-CB,Downloader-AE.cfg,Downloader-BU,Downloader-AX,Downloader-CM,Downloader-CP,Downloader-CV,Downloader-Q,DownLoader,Downloader-AF,DownLoader-F,Downloader-RK,Downloader-RE,Downloader-ZQ,Downloader-IQ,Downloader.EV,Downloader-YO,Downloader-VF;
[F-Prot]destructive program,security risk or a "backdoor" program,Quit.555.B,virus dropper,security risk named W32/Kaizer.A,security risk named W32/UploadRem.tojan.A,security risk named W32/CIDownloader.A,virus construction tool,security risk named W32/SDdownloader.A,W32/Downloader.XR,W32/Mediket.B@dl,W32/FakeAlert.D;
[Panda]Trojan Horse,Trojan Horse.LC,Win/StalkerX.Drop,Trj/Downloader.Gen,Trj/W32.Apher,Adware/Sqwire,Spyware/CommonName,Trj/W32.IMCdown,Trj/Downldr.DsWeb,Trj/W32.WWWPW.A;
[Computer Associates]Win32.MinStaller,Win32/Downloader-W.A.Trojan,Win32/Downloader-W.B.Trojan,Win32/Small.F.1.Downloader.Troja,Win.Stalker,Win/StalkerX.1241,Win32/WebDL!Trojan,Win32.AcidReign.20,Win32/AcidReign.20!Trojan,Win32.Dsweb,Win95/DsWeb!Trojan,Win32.AWeb.030,Win32/AWeb.030.Trojan,Backdoor/DlServer!Downloader,Win32.DlQroj.10,Win32/Aphex.a!Trojan,Win32/Whomp.10!Trojan,Win32.DlQroj.23,Win32/DlQroj.23!Trojan,Win32/Kaizer.A!Trojan,Win32/MultiDL.3.0.A!Trojan,Win32/MultiDL.30.a!Downloader,Win32/DlQroj.30!Trojan,Win32.Zdl.11,Win32/Zdl.11!Trojan,Win32/Zdl.11.Z!Downloader,Win32/NetDown!Downloader,Win32.Aphex.10.D,Win32/Aphex.10.d!Downloader,Win32/Apher.I!Trojan,Win32.HDDL.10,Win32/Hatchet.10!Downloader,Win32.DlOxygene,Win32/DlOxygene.A!Trojan,Win32/Injecter!Downloader,Win32.SALite.11,Anydler,Anydler!Downloader,Anydler.B!Downloader,IMCdown.D!Trojan,Backdoor/DsWeb10!Server,Win32.Dsweb.10,Win32.WPW,Win32/Downloader!Trojan,Win32.AWeb.020,Win32/AWeb.020!Trojan,Win32/Zdl.12!Trojan,Win32.WebDL.D;
[Other]Troj/Sloader-GE,TROJ_DOWNLOADR.B,Win32/TrojanDownloader.Mediket.D,Download.Trojan,TROJ_MEDIKET.A,W32/TopAntiSpyware.G,Trojan.Tabela.G,W32/VBTroj.CDD,Win32/Clspring.FG,Win32/Cavitate.AB,Win32.Cavitate.AA,W32/EliteMediaGroup.A.dropper,elitemediagroup-mediamotor,Adware.Medload

Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\ICD2.tmp\PopCapLoader.dll
[%PROFILE_TEMP%]\mmxsnet.exe
[%PROFILE_TEMP%]\SetRegAcl.dll
[%PROFILE_TEMP%]\temp.fr????
[%PROGRAM_FILES%]\common~2\toolbar\babeie.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnbabe.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnbarie.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnform.exe
[%PROGRAM_FILES%]\common~2\toolbar\createbookmark.htm
[%PROGRAM_FILES%]\common~2\toolbar\createnote.htm
[%PROGRAM_FILES%]\common~2\toolbar\emaillink.htm
[%PROGRAM_FILES%]\common~2\toolbar\navigate.htm
[%PROGRAM_FILES%]\common~2\toolbar\unins.exe
[%PROGRAM_FILES%]\MediaLoads\medialoads\media\channels\groovy\gui\grvpreview.wmv
[%SYSTEM%]\cnins.txt
[%SYSTEM%]\winnet.ini
[%WINDOWS%]\Downloaded Program Files\popcaploader.dll
[%WINDOWS%]\elitepop06.exe
[%WINDOWS%]\elitesix.ocx
[%WINDOWS%]\ms056357710220.exe
[%WINDOWS%]\msiutil.exe
[%WINDOWS%]\sysldr32.exe
[%PROFILE%]\all users.windows\start menu\programs\commonname\commonname desktop 3.0.lnk
[%PROFILE%]\all users.windows\start menu\programs\commonname\commonname toolbar 3.30.lnk
[%PROFILE%]\all users.windows\start menu\programs\commonname\uninstall commonname toolbar 3.30.lnk
[%PROFILE%]\desktop\commonname desktop 3.0.lnk
[%PROGRAM_FILES%]\common~2\toolbar\cnbabeie.exe
[%PROGRAM_FILES%]\common~2\toolbar\newsbar.htm
[%PROGRAM_FILES%]\common~2\toolbar\remove.exe
[%PROGRAM_FILES%]\intern~3\inetkw.dll
[%PROGRAM_FILES%]\intern~3\inetmgr.exe
[%PROGRAM_FILES%]\intern~3\inetsvc.exe
[%PROGRAM_FILES%]\intern~3\unins.exe
[%PROGRAM_FILES%]\wtpxsqpx\cnml.exe
[%PROGRAM_FILES%]\wtpxsqpx\GIwDIshM.dll
[%PROGRAM_FILES%]\wtpxsqpx\GIwDIshM.exe
[%PROGRAM_FILES%]\wtpxsqpx\MhsIDwIG.exe
[%SYSTEM%]\cssrs.scr
[%SYSTEM%]\GIwDIshM.ini
[%SYSTEM%]\msnplus.scr
[%WINDOWS%]\acwwiz.exe
[%PROFILE_TEMP%]\ICD2.tmp\PopCapLoader.dll
[%PROFILE_TEMP%]\mmxsnet.exe
[%PROFILE_TEMP%]\SetRegAcl.dll
[%PROFILE_TEMP%]\temp.fr????
[%PROGRAM_FILES%]\common~2\toolbar\babeie.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnbabe.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnbarie.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnform.exe
[%PROGRAM_FILES%]\common~2\toolbar\createbookmark.htm
[%PROGRAM_FILES%]\common~2\toolbar\createnote.htm
[%PROGRAM_FILES%]\common~2\toolbar\emaillink.htm
[%PROGRAM_FILES%]\common~2\toolbar\navigate.htm
[%PROGRAM_FILES%]\common~2\toolbar\unins.exe
[%PROGRAM_FILES%]\MediaLoads\medialoads\media\channels\groovy\gui\grvpreview.wmv
[%SYSTEM%]\cnins.txt
[%SYSTEM%]\winnet.ini
[%WINDOWS%]\Downloaded Program Files\popcaploader.dll
[%WINDOWS%]\elitepop06.exe
[%WINDOWS%]\elitesix.ocx
[%WINDOWS%]\ms056357710220.exe
[%WINDOWS%]\msiutil.exe
[%WINDOWS%]\sysldr32.exe
[%PROFILE%]\all users.windows\start menu\programs\commonname\commonname desktop 3.0.lnk
[%PROFILE%]\all users.windows\start menu\programs\commonname\commonname toolbar 3.30.lnk
[%PROFILE%]\all users.windows\start menu\programs\commonname\uninstall commonname toolbar 3.30.lnk
[%PROFILE%]\desktop\commonname desktop 3.0.lnk
[%PROGRAM_FILES%]\common~2\toolbar\cnbabeie.exe
[%PROGRAM_FILES%]\common~2\toolbar\newsbar.htm
[%PROGRAM_FILES%]\common~2\toolbar\remove.exe
[%PROGRAM_FILES%]\intern~3\inetkw.dll
[%PROGRAM_FILES%]\intern~3\inetmgr.exe
[%PROGRAM_FILES%]\intern~3\inetsvc.exe
[%PROGRAM_FILES%]\intern~3\unins.exe
[%PROGRAM_FILES%]\wtpxsqpx\cnml.exe
[%PROGRAM_FILES%]\wtpxsqpx\GIwDIshM.dll
[%PROGRAM_FILES%]\wtpxsqpx\GIwDIshM.exe
[%PROGRAM_FILES%]\wtpxsqpx\MhsIDwIG.exe
[%SYSTEM%]\cssrs.scr
[%SYSTEM%]\GIwDIshM.ini
[%SYSTEM%]\msnplus.scr
[%WINDOWS%]\acwwiz.exe

How to detect Downloader:

Files:
[%PROFILE_TEMP%]\ICD2.tmp\PopCapLoader.dll
[%PROFILE_TEMP%]\mmxsnet.exe
[%PROFILE_TEMP%]\SetRegAcl.dll
[%PROFILE_TEMP%]\temp.fr????
[%PROGRAM_FILES%]\common~2\toolbar\babeie.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnbabe.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnbarie.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnform.exe
[%PROGRAM_FILES%]\common~2\toolbar\createbookmark.htm
[%PROGRAM_FILES%]\common~2\toolbar\createnote.htm
[%PROGRAM_FILES%]\common~2\toolbar\emaillink.htm
[%PROGRAM_FILES%]\common~2\toolbar\navigate.htm
[%PROGRAM_FILES%]\common~2\toolbar\unins.exe
[%PROGRAM_FILES%]\MediaLoads\medialoads\media\channels\groovy\gui\grvpreview.wmv
[%SYSTEM%]\cnins.txt
[%SYSTEM%]\winnet.ini
[%WINDOWS%]\Downloaded Program Files\popcaploader.dll
[%WINDOWS%]\elitepop06.exe
[%WINDOWS%]\elitesix.ocx
[%WINDOWS%]\ms056357710220.exe
[%WINDOWS%]\msiutil.exe
[%WINDOWS%]\sysldr32.exe
[%PROFILE%]\all users.windows\start menu\programs\commonname\commonname desktop 3.0.lnk
[%PROFILE%]\all users.windows\start menu\programs\commonname\commonname toolbar 3.30.lnk
[%PROFILE%]\all users.windows\start menu\programs\commonname\uninstall commonname toolbar 3.30.lnk
[%PROFILE%]\desktop\commonname desktop 3.0.lnk
[%PROGRAM_FILES%]\common~2\toolbar\cnbabeie.exe
[%PROGRAM_FILES%]\common~2\toolbar\newsbar.htm
[%PROGRAM_FILES%]\common~2\toolbar\remove.exe
[%PROGRAM_FILES%]\intern~3\inetkw.dll
[%PROGRAM_FILES%]\intern~3\inetmgr.exe
[%PROGRAM_FILES%]\intern~3\inetsvc.exe
[%PROGRAM_FILES%]\intern~3\unins.exe
[%PROGRAM_FILES%]\wtpxsqpx\cnml.exe
[%PROGRAM_FILES%]\wtpxsqpx\GIwDIshM.dll
[%PROGRAM_FILES%]\wtpxsqpx\GIwDIshM.exe
[%PROGRAM_FILES%]\wtpxsqpx\MhsIDwIG.exe
[%SYSTEM%]\cssrs.scr
[%SYSTEM%]\GIwDIshM.ini
[%SYSTEM%]\msnplus.scr
[%WINDOWS%]\acwwiz.exe
[%PROFILE_TEMP%]\ICD2.tmp\PopCapLoader.dll
[%PROFILE_TEMP%]\mmxsnet.exe
[%PROFILE_TEMP%]\SetRegAcl.dll
[%PROFILE_TEMP%]\temp.fr????
[%PROGRAM_FILES%]\common~2\toolbar\babeie.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnbabe.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnbarie.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnform.exe
[%PROGRAM_FILES%]\common~2\toolbar\createbookmark.htm
[%PROGRAM_FILES%]\common~2\toolbar\createnote.htm
[%PROGRAM_FILES%]\common~2\toolbar\emaillink.htm
[%PROGRAM_FILES%]\common~2\toolbar\navigate.htm
[%PROGRAM_FILES%]\common~2\toolbar\unins.exe
[%PROGRAM_FILES%]\MediaLoads\medialoads\media\channels\groovy\gui\grvpreview.wmv
[%SYSTEM%]\cnins.txt
[%SYSTEM%]\winnet.ini
[%WINDOWS%]\Downloaded Program Files\popcaploader.dll
[%WINDOWS%]\elitepop06.exe
[%WINDOWS%]\elitesix.ocx
[%WINDOWS%]\ms056357710220.exe
[%WINDOWS%]\msiutil.exe
[%WINDOWS%]\sysldr32.exe
[%PROFILE%]\all users.windows\start menu\programs\commonname\commonname desktop 3.0.lnk
[%PROFILE%]\all users.windows\start menu\programs\commonname\commonname toolbar 3.30.lnk
[%PROFILE%]\all users.windows\start menu\programs\commonname\uninstall commonname toolbar 3.30.lnk
[%PROFILE%]\desktop\commonname desktop 3.0.lnk
[%PROGRAM_FILES%]\common~2\toolbar\cnbabeie.exe
[%PROGRAM_FILES%]\common~2\toolbar\newsbar.htm
[%PROGRAM_FILES%]\common~2\toolbar\remove.exe
[%PROGRAM_FILES%]\intern~3\inetkw.dll
[%PROGRAM_FILES%]\intern~3\inetmgr.exe
[%PROGRAM_FILES%]\intern~3\inetsvc.exe
[%PROGRAM_FILES%]\intern~3\unins.exe
[%PROGRAM_FILES%]\wtpxsqpx\cnml.exe
[%PROGRAM_FILES%]\wtpxsqpx\GIwDIshM.dll
[%PROGRAM_FILES%]\wtpxsqpx\GIwDIshM.exe
[%PROGRAM_FILES%]\wtpxsqpx\MhsIDwIG.exe
[%SYSTEM%]\cssrs.scr
[%SYSTEM%]\GIwDIshM.ini
[%SYSTEM%]\msnplus.scr
[%WINDOWS%]\acwwiz.exe

Folders:
[%PROGRAM_FILES%]\commonname
[%WINDOWS%]\temp\adware
[%APPDATA%]\commonname
[%COMMON_PROGRAMS%]\CommonName
[%PROGRAMS%]\commonname
[%PROGRAM_FILES%]\common~2\addres~1
[%WINDOWS%]\s5curity

Registry Keys:
HKEY_CLASSES_ROOT\appid\{118a2bfa-5ac7-4d29-beb9-d68f4d2cccab}
HKEY_CLASSES_ROOT\clsid\{2eb3eff2-f707-4ea8-81aa-4b65d2799f31}
HKEY_CLASSES_ROOT\clsid\{4f9ca775-2c5f-4e2a-b157-cb440564f7f4}
HKEY_CLASSES_ROOT\interface\{4f476e6b-1eca-4a3b-845a-505d8892da1a}
HKEY_CLASSES_ROOT\interface\{64809b75-d8c3-4052-a7ad-6a3ecc39218e}
HKEY_CLASSES_ROOT\interface\{8adbbe3e-1841-4708-85df-727ccee6220b}
HKEY_CLASSES_ROOT\interface\{96866cad-7f56-4047-9d41-08322b6b79f3}
HKEY_CLASSES_ROOT\interface\{ed3672d8-19b9-400f-8bed-734e6cc2355f}
HKEY_CLASSES_ROOT\magnet
HKEY_CLASSES_ROOT\typelib\{5830698f-7fc0-40cd-a453-9a0cafdf3a64}
HKEY_CLASSES_ROOT\typelib\{cc364a32-d59b-4e9c-9156-f0050c45005b}
HKEY_CLASSES_ROOT\winnet.update.1
HKEY_CURRENT_USER\software\commonname
HKEY_CURRENT_USER\software\grokster
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\add a page note
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\bookmark this page
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\email this link
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\search using commonname
HKEY_LOCAL_MACHINE\software\classes\appid\winnet.exe
HKEY_LOCAL_MACHINE\software\classes\appid\{118a2bfa-5ac7-4d29-beb9-d68f4d2cccab}
HKEY_LOCAL_MACHINE\software\classes\babeie.handler
HKEY_LOCAL_MACHINE\software\classes\babeie.handler.1
HKEY_LOCAL_MACHINE\software\classes\babeie.helper
HKEY_LOCAL_MACHINE\software\classes\babeie.helper.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{c5941ee5-6dfa-11d8-86b0-0002441a9695}
HKEY_LOCAL_MACHINE\software\classes\interface\{2d0f5208-3198-49a4-86a7-d65e9e582751}
HKEY_LOCAL_MACHINE\software\classes\interface\{8adbbe3e-1841-4708-85df-727ccee6220b}
HKEY_LOCAL_MACHINE\software\classes\protocols\handler\cn
HKEY_LOCAL_MACHINE\software\classes\typelib\{d879d743-e2cc-4161-8034-2234203681c9}
HKEY_LOCAL_MACHINE\software\classes\winnet.update
HKEY_LOCAL_MACHINE\software\classes\winnet.update.1
HKEY_LOCAL_MACHINE\software\commonname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\commonname
HKEY_CLASSES_ROOT\babie.handler.1
HKEY_CLASSES_ROOT\babie.helper.1
HKEY_CLASSES_ROOT\clsid\{046d6ea4-15e3-4b27-8010-45bd78a9219e}
HKEY_CLASSES_ROOT\clsid\{118a2bfa-5ac7-4d29-beb9-d68f4d2cccab}
HKEY_CLASSES_ROOT\clsid\{4f476e6b-1eca-4a3b-845a-505d8892da1a}
HKEY_CLASSES_ROOT\clsid\{53b1b977-193e-4a9f-b9fc-e1dcc24016a1}
HKEY_CLASSES_ROOT\clsid\{541a3704-4320-4e2d-9371-e4a4c9803191}
HKEY_CLASSES_ROOT\clsid\{64809b75-d8c3-4052-a7ad-6a3ecc39218e}
HKEY_CLASSES_ROOT\clsid\{8adbbe3e-1841-4708-85df-727ccee6220b}
HKEY_CLASSES_ROOT\clsid\{a7fe5e20-9866-4c49-b5ed-3991954a2acd}
HKEY_CLASSES_ROOT\clsid\{ac04dc43-28e9-4746-9164-c200a04b8921}
HKEY_CLASSES_ROOT\clsid\{ae6ddeb6-5683-4f5d-ad53-0f93b02a3f93}
HKEY_CLASSES_ROOT\clsid\{c4b81c49-5ea5-490b-af95-04994a4214d4}
HKEY_CLASSES_ROOT\clsid\{fb68cc40-c725-491a-aac3-f37dde794edb}
HKEY_CLASSES_ROOT\dnserr.dnserrobj
HKEY_CLASSES_ROOT\dnserr.dnserrobj.1
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\uninstall\commonname toolbar 3.50_is1
HKEY_CLASSES_ROOT\typelib\{c4b81c49-5ea5-490b-af95-04994a4214d4}
HKEY_CLASSES_ROOT\typelib\{dd0032df-ceef-4e0a-8b75-e4d8861e11e5}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6656b666-992f-4d74-8588-8ca69e97d90c}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\brows
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{046d6ea4-15e3-4b27-8010-45bd78a9219e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\commonname desktop 3.0_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\commonname toolbar 3.1_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\commonname toolbar 3.50_is1

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_CLASSES_ROOT\software\microsoft\internet explorer\toolbar
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Downloader:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
W95.Bumble Trojan Removal
PKings.IEHelper BHO Cleaner

Anarchy.Family Trojan

Removing Anarchy.Family
Categories: Trojan,Backdoor,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Trojans-downloaders downloads and installs new malware or adware on the computer.

These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.

Anarchy.Family Also known as:

[Kaspersky]G2-based;
[Panda]G2.gen,G2-Based.585,Univ;
[Computer Associates]PS-MPC

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\inf\Belt.inf
[%WINDOWS%]\inf\Belt.inf

How to detect Anarchy.Family:

Files:
[%WINDOWS%]\inf\Belt.inf
[%WINDOWS%]\inf\Belt.inf

Removing Anarchy.Family:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
WurldMedia BHO Removal
TrojanDropper.Win32.Delf.cy Trojan Removal

Win32.Secdrop Trojan

Removing Win32.Secdrop
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Win32.Secdrop Also known as:

[Kaspersky]Trojan-Downloader.Win32.Small.aef;
[Panda]Adware/SearchAid

How to detect Win32.Secdrop:

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\amaena.com\www
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\imageservr.com\locator.cdn
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\sysprotect.com\scanner
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\systemdoctor.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\winantivirus.com\www
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\winantiviruspro.com\www
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\winsoftware.com\download.cdn

Removing Win32.Secdrop:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
agent.eb Downloader Symptoms
Remove ActMon Spyware
Wazam Adware Symptoms
Delf.vq Backdoor Information

AFAEnhance Adware

Removing AFAEnhance
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.


Visible Symptoms:
Files in system folders:
[%SYSTEM%]\n.dll
[%WINDOWS%]\system\qbuninstaller.exe
[%WINDOWS%]\system\qb.exe
[%WINDOWS%]\system\qbtool.exe
[%WINDOWS%]\vcmnet11.exe
[%SYSTEM%]\n.dll
[%WINDOWS%]\system\qbuninstaller.exe
[%WINDOWS%]\system\qb.exe
[%WINDOWS%]\system\qbtool.exe
[%WINDOWS%]\vcmnet11.exe

How to detect AFAEnhance:

Files:
[%SYSTEM%]\n.dll
[%WINDOWS%]\system\qbuninstaller.exe
[%WINDOWS%]\system\qb.exe
[%WINDOWS%]\system\qbtool.exe
[%WINDOWS%]\vcmnet11.exe
[%SYSTEM%]\n.dll
[%WINDOWS%]\system\qbuninstaller.exe
[%WINDOWS%]\system\qb.exe
[%WINDOWS%]\system\qbtool.exe
[%WINDOWS%]\vcmnet11.exe

Registry Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WAFAIE
HKEY_CLASSES_ROOT\clsid\{c370527a-24a7-4583-be01-72e59000eb17}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c370527a-24a7-4583-be01-72e59000eb17}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\wafaie

Removing AFAEnhance:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing AOL4Free Trojan
Woldfox Trojan Symptoms

CyberSpy Trojan

Removing CyberSpy
Categories: Trojan,Backdoor,RAT
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.


CyberSpy Also known as:

[Kaspersky]Backdoor.CyberSpy.13.a,Backdoor.CyberSpy.13.b,Backdoor.CyberSpy.85,packed: UPX;
[Eset]Win32/CyberSpy.1_3 trojan,Win32/CyberSpy.1_3.B trojan,Win32/CyberSpy trojan;
[McAfee]BackDoor-NT;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/CyberSpy.13,Bck/CyberSpy.13.B,Backdoor Program,Bck/CyberSpy;
[Computer Associates]Backdoor/CyberSpy_1.3_Server,Win32.Cyberspy.13,Win32/CyberSpy.13!Trojan,Backdoor/CyberSpy.8.5,Backdoor/CyberSpy.D,Backdoor/CyberSpy

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\msgsvr16.exe.exe
[%WINDOWS%]\system\mswincfg32.exe
[%WINDOWS%]\system\~cab001.exe
[%WINDOWS%]\system\msgsvr16.exe.exe
[%WINDOWS%]\system\mswincfg32.exe
[%WINDOWS%]\system\~cab001.exe

How to detect CyberSpy:

Files:
[%WINDOWS%]\system\msgsvr16.exe.exe
[%WINDOWS%]\system\mswincfg32.exe
[%WINDOWS%]\system\~cab001.exe
[%WINDOWS%]\system\msgsvr16.exe.exe
[%WINDOWS%]\system\mswincfg32.exe
[%WINDOWS%]\system\~cab001.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing CyberSpy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
NetMedia.com Tracking Cookie Removal instruction

Bloon Trojan

Removing Bloon
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Bloon Also known as:

[Kaspersky]AdWare.Win32.Msnagent.b;
[McAfee]AdClicker-BW;
[Other]Win32/Bloon.V,Adware.WinProtect

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\pppcgm.exe
[%SYSTEM%]\{EB553BDA-B36E-41EB-A605-F44C2AB1C37D}.exe
[%WINDOWS%]\Help\SPAlert.chm
[%SYSTEM%]\pppcgm.exe
[%SYSTEM%]\{EB553BDA-B36E-41EB-A605-F44C2AB1C37D}.exe
[%WINDOWS%]\Help\SPAlert.chm

How to detect Bloon:

Files:
[%SYSTEM%]\pppcgm.exe
[%SYSTEM%]\{EB553BDA-B36E-41EB-A605-F44C2AB1C37D}.exe
[%WINDOWS%]\Help\SPAlert.chm
[%SYSTEM%]\pppcgm.exe
[%SYSTEM%]\{EB553BDA-B36E-41EB-A605-F44C2AB1C37D}.exe
[%WINDOWS%]\Help\SPAlert.chm

Removing Bloon:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Hotbar.ShopperReports Adware Cleaner
Remove SillyDl.CGU Trojan

Freddy Trojan

Removing Freddy
Categories: Trojan,Backdoor,RAT,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.
Trojans-downloaders downloads and installs new malware or adware on the computer.

DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.



Freddy Also known as:

[Kaspersky]Backdoor.Freddy.03,Backdoor.Freddy.02.a,Backdoor.Freddy.02.b,Backdoor.Freddy.03.b,Backdoor.Freddy.2001,Backdoor.Win32.Freddy.02.a;
[Eset]Win32/Freddy.02.A trojan;
[McAfee]BackDoor-JX,Generic;
[F-Prot]security risk or a "backdoor" program;
[Panda]Backdoor Program,Bck/FrediK.b3,Bck/Freddy,Bck/Freddy.03.b,Bck/FrediK.b2,Trojan Horse.LC,Freddy;
[Computer Associates]Backdoor/Freddy,Backdoor/Freddy.02.a!Dropper,Backdoor/Freddy.02.b!Server,Win32.Freddy.02.A,Win32.Joiner.R,Win32/Joiner.R!Trojan,Freddy

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\temp\micronet.dll
[%WINDOWS%]\winapi.exe
[%WINDOWS%]\temp\micronet.dll
[%WINDOWS%]\winapi.exe

How to detect Freddy:

Files:
[%WINDOWS%]\temp\micronet.dll
[%WINDOWS%]\winapi.exe
[%WINDOWS%]\temp\micronet.dll
[%WINDOWS%]\winapi.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Freddy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Win.Wormtroj Trojan

SurfAccuracy Adware

Removing SurfAccuracy
Categories: Adware,Downloader
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Trojans-downloaders downloads and installs new malware or adware on the computer.


SurfAccuracy Also known as:

[Kaspersky]Trojan-Downloader.Win32.IstBar.oz,AdWare.Win32.SurfAccuracy.d;
[Other]Win32/SurfAccuracy.CFX,Adware.SurfAccuracy

Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\ffcomponent.prod.v1000001.09fev2007.dll.d30d4a1b47483ec718ea41c66a8491c8
[%PROFILE_TEMP%]\SAcc.prod.v1148.01fev2006.exe.b27601ab4bce8e2f4658d8177fdb3ecf
[%PROFILE_TEMP%]\SAcc.prod.v1190.15fev2007.exe.acdec9dc7509ffcd5aeeb1e6095ec5b5
[%PROFILE_TEMP%]\uninstall.exe
[%PROFILE_TEMP%]\updater.exe
[%PROFILE_TEMP%]\updater.prod.V101168.04avr2007.exe.065faba332214522c7e10197726c0106
[%PROFILE_TEMP%]\updater.prod.V101168.18jan2007.exe.065faba332214522c7e10197726c0106
[%PROFILE_TEMP%]\updater.prod.V101168.26jan2007.exe.065faba332214522c7e10197726c0106
[%PROGRAM_FILES%]\Mozilla Firefox\components\ffcomponent.dll
[%PROGRAM_FILES%]\SurfAccuracy\SAcc.exe
[%WINDOWS%]\iwkyaenp.exe
[%PROFILE_TEMP%]\ffcomponent.prod.v1000001.09fev2007.dll.d30d4a1b47483ec718ea41c66a8491c8
[%PROFILE_TEMP%]\SAcc.prod.v1148.01fev2006.exe.b27601ab4bce8e2f4658d8177fdb3ecf
[%PROFILE_TEMP%]\SAcc.prod.v1190.15fev2007.exe.acdec9dc7509ffcd5aeeb1e6095ec5b5
[%PROFILE_TEMP%]\uninstall.exe
[%PROFILE_TEMP%]\updater.exe
[%PROFILE_TEMP%]\updater.prod.V101168.04avr2007.exe.065faba332214522c7e10197726c0106
[%PROFILE_TEMP%]\updater.prod.V101168.18jan2007.exe.065faba332214522c7e10197726c0106
[%PROFILE_TEMP%]\updater.prod.V101168.26jan2007.exe.065faba332214522c7e10197726c0106
[%PROGRAM_FILES%]\Mozilla Firefox\components\ffcomponent.dll
[%PROGRAM_FILES%]\SurfAccuracy\SAcc.exe
[%WINDOWS%]\iwkyaenp.exe

How to detect SurfAccuracy:

Files:
[%PROFILE_TEMP%]\ffcomponent.prod.v1000001.09fev2007.dll.d30d4a1b47483ec718ea41c66a8491c8
[%PROFILE_TEMP%]\SAcc.prod.v1148.01fev2006.exe.b27601ab4bce8e2f4658d8177fdb3ecf
[%PROFILE_TEMP%]\SAcc.prod.v1190.15fev2007.exe.acdec9dc7509ffcd5aeeb1e6095ec5b5
[%PROFILE_TEMP%]\uninstall.exe
[%PROFILE_TEMP%]\updater.exe
[%PROFILE_TEMP%]\updater.prod.V101168.04avr2007.exe.065faba332214522c7e10197726c0106
[%PROFILE_TEMP%]\updater.prod.V101168.18jan2007.exe.065faba332214522c7e10197726c0106
[%PROFILE_TEMP%]\updater.prod.V101168.26jan2007.exe.065faba332214522c7e10197726c0106
[%PROGRAM_FILES%]\Mozilla Firefox\components\ffcomponent.dll
[%PROGRAM_FILES%]\SurfAccuracy\SAcc.exe
[%WINDOWS%]\iwkyaenp.exe
[%PROFILE_TEMP%]\ffcomponent.prod.v1000001.09fev2007.dll.d30d4a1b47483ec718ea41c66a8491c8
[%PROFILE_TEMP%]\SAcc.prod.v1148.01fev2006.exe.b27601ab4bce8e2f4658d8177fdb3ecf
[%PROFILE_TEMP%]\SAcc.prod.v1190.15fev2007.exe.acdec9dc7509ffcd5aeeb1e6095ec5b5
[%PROFILE_TEMP%]\uninstall.exe
[%PROFILE_TEMP%]\updater.exe
[%PROFILE_TEMP%]\updater.prod.V101168.04avr2007.exe.065faba332214522c7e10197726c0106
[%PROFILE_TEMP%]\updater.prod.V101168.18jan2007.exe.065faba332214522c7e10197726c0106
[%PROFILE_TEMP%]\updater.prod.V101168.26jan2007.exe.065faba332214522c7e10197726c0106
[%PROGRAM_FILES%]\Mozilla Firefox\components\ffcomponent.dll
[%PROGRAM_FILES%]\SurfAccuracy\SAcc.exe
[%WINDOWS%]\iwkyaenp.exe

Folders:
[%PROGRAM_FILES%]\surfaccuracy

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\sacc
HKEY_LOCAL_MACHINE\software\sacc

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing SurfAccuracy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.AVSL Trojan Removal

Adware.Cinmus Trojan

Removing Adware.Cinmus
Categories: Trojan,Adware
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

Adware.Cinmus Also known as:

[Kaspersky]AdWare.Win32.Cinmus.a,AdWare.Win32.Cinmus.b;
[McAfee]Adware.Cinmus,Adware-Cinmus;
[Other]Cinmus.AA.dropper,Trojan:Win32/Cinmeng,Trojan.Cinmeng

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\drivers\acpidisk.sys
[%SYSTEM%]\mprmsgse.axz
[%SYSTEM%]\mscpx32r.det
[%PROFILE_TEMP%]\acpidisk.sys
[%PROFILE_TEMP%]\DoSSSetup.dll
[%SYSTEM%]\mallgoo2.dll
[%SYSTEM%]\OLD65.tmp
[%SYSTEM%]\scrsys061130.scr
[%SYSTEM%]\scrsys16_061130.scr
[%SYSTEM%]\webhit.ini
[%SYSTEM%]\webhit.ini.tmp
[%SYSTEM%]\windown1.exe
[%SYSTEM%]\winsys16_061130.dll
[%SYSTEM%]\winsys32_061130.dll
[%WINDOWS%]\Temp\~my1.tmp
[%WINDOWS%]\w1\ad107.exe
[%WINDOWS%]\w1\bind_50016.exe
[%WINDOWS%]\w1\dodolook082.exe
[%WINDOWS%]\w1\w1.exe
[%WINDOWS%]\windown1\ad107.exe
[%WINDOWS%]\windown1\dodolook082.exe
[%WINDOWS%]\windown1\tshz134.exe
[%SYSTEM%]\drivers\acpidisk.sys
[%SYSTEM%]\mprmsgse.axz
[%SYSTEM%]\mscpx32r.det
[%PROFILE_TEMP%]\acpidisk.sys
[%PROFILE_TEMP%]\DoSSSetup.dll
[%SYSTEM%]\mallgoo2.dll
[%SYSTEM%]\OLD65.tmp
[%SYSTEM%]\scrsys061130.scr
[%SYSTEM%]\scrsys16_061130.scr
[%SYSTEM%]\webhit.ini
[%SYSTEM%]\webhit.ini.tmp
[%SYSTEM%]\windown1.exe
[%SYSTEM%]\winsys16_061130.dll
[%SYSTEM%]\winsys32_061130.dll
[%WINDOWS%]\Temp\~my1.tmp
[%WINDOWS%]\w1\ad107.exe
[%WINDOWS%]\w1\bind_50016.exe
[%WINDOWS%]\w1\dodolook082.exe
[%WINDOWS%]\w1\w1.exe
[%WINDOWS%]\windown1\ad107.exe
[%WINDOWS%]\windown1\dodolook082.exe
[%WINDOWS%]\windown1\tshz134.exe

How to detect Adware.Cinmus:

Files:
[%SYSTEM%]\drivers\acpidisk.sys
[%SYSTEM%]\mprmsgse.axz
[%SYSTEM%]\mscpx32r.det
[%PROFILE_TEMP%]\acpidisk.sys
[%PROFILE_TEMP%]\DoSSSetup.dll
[%SYSTEM%]\mallgoo2.dll
[%SYSTEM%]\OLD65.tmp
[%SYSTEM%]\scrsys061130.scr
[%SYSTEM%]\scrsys16_061130.scr
[%SYSTEM%]\webhit.ini
[%SYSTEM%]\webhit.ini.tmp
[%SYSTEM%]\windown1.exe
[%SYSTEM%]\winsys16_061130.dll
[%SYSTEM%]\winsys32_061130.dll
[%WINDOWS%]\Temp\~my1.tmp
[%WINDOWS%]\w1\ad107.exe
[%WINDOWS%]\w1\bind_50016.exe
[%WINDOWS%]\w1\dodolook082.exe
[%WINDOWS%]\w1\w1.exe
[%WINDOWS%]\windown1\ad107.exe
[%WINDOWS%]\windown1\dodolook082.exe
[%WINDOWS%]\windown1\tshz134.exe
[%SYSTEM%]\drivers\acpidisk.sys
[%SYSTEM%]\mprmsgse.axz
[%SYSTEM%]\mscpx32r.det
[%PROFILE_TEMP%]\acpidisk.sys
[%PROFILE_TEMP%]\DoSSSetup.dll
[%SYSTEM%]\mallgoo2.dll
[%SYSTEM%]\OLD65.tmp
[%SYSTEM%]\scrsys061130.scr
[%SYSTEM%]\scrsys16_061130.scr
[%SYSTEM%]\webhit.ini
[%SYSTEM%]\webhit.ini.tmp
[%SYSTEM%]\windown1.exe
[%SYSTEM%]\winsys16_061130.dll
[%SYSTEM%]\winsys32_061130.dll
[%WINDOWS%]\Temp\~my1.tmp
[%WINDOWS%]\w1\ad107.exe
[%WINDOWS%]\w1\bind_50016.exe
[%WINDOWS%]\w1\dodolook082.exe
[%WINDOWS%]\w1\w1.exe
[%WINDOWS%]\windown1\ad107.exe
[%WINDOWS%]\windown1\dodolook082.exe
[%WINDOWS%]\windown1\tshz134.exe

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{385ab8c6-fb22-4d17-8834-064e2ba0a6f0}
HKEY_CLASSES_ROOT\interface\{385ab8c4-fb22-4d17-8834-064e2ba0a6f0}
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_acpidisk
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\acpidisk
HKEY_CLASSES_ROOT\clsid\{3b30b48f-617d-4f73-a20f-d3d54357f103}
HKEY_CLASSES_ROOT\typelib\{267d696c-5b9b-44d5-b467-684b01ebd665}
HKEY_LOCAL_MACHINE\software\microsoft\idscnp
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3b30b48f-617d-4f73-a20f-d3d54357f103}

Removing Adware.Cinmus:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Reichnet Backdoor Cleaner

SpyMon Spyware

Removing SpyMon
Categories: Spyware
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

How to detect SpyMon:

Folders:
[%PROGRAM_FILES%]\spymon

Registry Keys:
HKEY_LOCAL_MACHINE\software\spymon

Removing SpyMon:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Pigeon.AVIK Trojan
Windows.NT.2K.Privilege.Breaker Trojan Symptoms
BootDr245 Trojan Symptoms

StartPage.fx Hijacker

Removing StartPage.fx
Categories: Hijacker
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\iefeatures.exe
[%WINDOWS%]\system\iefeatures.exe

How to detect StartPage.fx:

Files:
[%WINDOWS%]\system\iefeatures.exe
[%WINDOWS%]\system\iefeatures.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing StartPage.fx:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
MsgGhost Trojan Symptoms
Remove UCmore Adware

SpyLax Adware

Removing SpyLax
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

Visible Symptoms:
Files in system folders:
[%COMMON_DESKTOPDIRECTORY%]\SpyLax v2.0.lnk
[%COMMON_DESKTOPDIRECTORY%]\SpyLax v2.0.lnk

How to detect SpyLax:

Files:
[%COMMON_DESKTOPDIRECTORY%]\SpyLax v2.0.lnk
[%COMMON_DESKTOPDIRECTORY%]\SpyLax v2.0.lnk

Folders:
[%PROGRAM_FILES%]\SpyLax
[%PROGRAMS%]\Spy Lax v2.0

Registry Keys:
HKEY_CURRENT_USER\software\vb and vba program settings\sd-app-name-v2.0
HKEY_CURRENT_USER\software\vb and vba program settings\spylax
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\spy lax v2.0
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spy lax v2.0

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing SpyLax:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing pokeradnetwork.com Tracking Cookie
Delf.is Backdoor Symptoms
Remove Yar Adware
Pigeon.EVA Trojan Information
Hort Trojan Information

Majesty RAT

Removing Majesty
Categories: RAT
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.

Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES_COMMON%]\msorfce.exe
[%WINDOWS%]\msorfce.exe
[%PROGRAM_FILES_COMMON%]\msorfce.exe
[%WINDOWS%]\msorfce.exe

How to detect Majesty:

Files:
[%PROGRAM_FILES_COMMON%]\msorfce.exe
[%WINDOWS%]\msorfce.exe
[%PROGRAM_FILES_COMMON%]\msorfce.exe
[%WINDOWS%]\msorfce.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Majesty:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Vxidl.ACC Trojan Removal instruction
Wired.com Tracking Cookie Symptoms

Adult.Material Adware

Removing Adult.Material
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

How to detect Adult.Material:

Registry Keys:
HKEY_CLASSES_ROOT\typelib\{ce7c3cf0-4b15-11d1-abed-709549c10001}

Removing Adult.Material:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Small.na Trojan Removal instruction
Removing Warmaker.mp Trojan
Remove Meats Trojan
Talpalk Trojan Cleaner

Diego Backdoor

Removing Diego
Categories: Backdoor,RAT
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.

Diego Also known as:

[Kaspersky]Backdoor.Diego;
[McAfee]BackDoor-RM;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/Diego;
[Computer Associates]Backdoor/Diego!Server

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\microsoftdll.exe
[%WINDOWS%]\system\microsoftdll.exe

How to detect Diego:

Files:
[%WINDOWS%]\system\microsoftdll.exe
[%WINDOWS%]\system\microsoftdll.exe

Removing Diego:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SillyDl.CQD Trojan Information
CWS.SmartSearch Hijacker Removal instruction

ID.Horse.Remover Backdoor

Removing ID.Horse.Remover
Categories: Backdoor
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.

ID.Horse.Remover Also known as:

[Kaspersky]Backdoor.Olinger;
[Panda]Backdoor Program;
[Computer Associates]Backdoor/Olinger

How to detect ID.Horse.Remover:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing ID.Horse.Remover:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
W112.hitbox.Tracking.Cookie Tracking Cookie Removal instruction
Sasser.B Worm Removal instruction
Pigeon.AWIV Trojan Cleaner

Burgspill Trojan

Removing Burgspill
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Burgspill Also known as:

[Kaspersky]Trojan-Downloader.Win32.Delf.djg,Trojan-Downloader.Win32.Zlob.fee,Trojan-Downloader.Win32.Delf.djl,Trojan-Downloader.Win32.Delf.dke,Trojan-Downloader.Win32.Delf.dkk;
[McAfee]Generic Downloader.c;
[F-Prot]W32/NewMalware-LSU-based!Maximus;
[Other]Mal/DelpDldr-E,Trojan-Downloader.Win32.Delf.cwv,Trojan:Win32/Delflob.I

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\oggview32.dll
[%WINDOWS%]\pmspl.dll
[%WINDOWS%]\windivx.dll
[%WINDOWS%]\oggview32.dll
[%WINDOWS%]\pmspl.dll
[%WINDOWS%]\windivx.dll

How to detect Burgspill:

Files:
[%WINDOWS%]\oggview32.dll
[%WINDOWS%]\pmspl.dll
[%WINDOWS%]\windivx.dll
[%WINDOWS%]\oggview32.dll
[%WINDOWS%]\pmspl.dll
[%WINDOWS%]\windivx.dll

Registry Keys:
HKEY_CURRENT_USER\software\microsoft\clock2
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{819efd78-6fd4-42ef-9030-f6dab24bb9f0}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{819efd78-6fd4-42ef-9030-f6dab24bb9f0}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ff5137b5-c506-4d9b-8682-e0be4675b899}

Registry Values:
HKEY_CURRENT_USER\software\microsoft\bind
HKEY_CURRENT_USER\software\microsoft\bind

Removing Burgspill:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Sypofox Trojan