Monday, October 20, 2008

Vendsrow Downloader

Removing Vendsrow
Categories: Downloader
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

Vendsrow Also known as:

[Kaspersky]Trojan-Downloader.Win32.Agent.axd

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\winna.exe
[%WINDOWS%]\winpea.dll
[%SYSTEM%]\winna.exe
[%WINDOWS%]\winpea.dll

How to detect Vendsrow:

Files:
[%SYSTEM%]\winna.exe
[%WINDOWS%]\winpea.dll
[%SYSTEM%]\winna.exe
[%WINDOWS%]\winpea.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{981a5ac8-0f97-4d00-a627-7fec65e2f73e}

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing Vendsrow:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing VividKeyLogger Spyware
Remove Win32.TrojanDownloader.Keenval Trojan
Badmin Trojan Symptoms
Qoologic Trojan Removal instruction
Small.B Trojan Removal

CleverIEHooker BHO

Removing CleverIEHooker
Categories: BHO,Hijacker,Toolbar
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\jeired.dll
[%SYSTEM%]\tvmbho.dll
[%WINDOWS%]\jeired.dll
[%WINDOWS%]\system\jeired.dll
[%WINDOWS%]\system\tvmbho.dll
[%SYSTEM%]\jeired.dll
[%SYSTEM%]\tvmbho.dll
[%WINDOWS%]\jeired.dll
[%WINDOWS%]\system\jeired.dll
[%WINDOWS%]\system\tvmbho.dll

How to detect CleverIEHooker:

Files:
[%SYSTEM%]\jeired.dll
[%SYSTEM%]\tvmbho.dll
[%WINDOWS%]\jeired.dll
[%WINDOWS%]\system\jeired.dll
[%WINDOWS%]\system\tvmbho.dll
[%SYSTEM%]\jeired.dll
[%SYSTEM%]\tvmbho.dll
[%WINDOWS%]\jeired.dll
[%WINDOWS%]\system\jeired.dll
[%WINDOWS%]\system\tvmbho.dll

Registry Keys:
HKEY_CLASSES_ROOT\interface\{707e6f76-9ffb-4920-a976-ea101271bc25}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{707e6f76-9ffb-4920-a976-ea101271bc25}
HKEY_CLASSES_ROOT\typelib\{707e6f76-9ffb-4920-a976-ea101271bc25}
HKEY_LOCAL_MACHINE\software\classes\clsid\{707e6f76-9ffb-4920-a976-ea101271bc25}
HKEY_LOCAL_MACHINE\software\classes\typelib\{707e6f76-9ffb-4920-a976-ea101271bc25}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{707e6f76-9ffb-4920-a976-ea101271bc25}

Removing CleverIEHooker:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Zlob.Fam.Protection Tools Trojan
InCommand Trojan Symptoms
IncrediFind Hijacker Cleaner
small.awd Downloader Removal
BullsEye.Network Adware Symptoms

IconDrop Trojan

Removing IconDrop
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

IconDrop Also known as:

[Other]Desktop

Visible Symptoms:
Files in system folders:
[%COMMON_DESKTOPDIRECTORY%]\Free Games.lnk
[%WINDOWS%]\icond.exe
[%COMMON_DESKTOPDIRECTORY%]\Bonus Ringtones.lnk
[%COMMON_DESKTOPDIRECTORY%]\Dating.lnk
[%COMMON_DESKTOPDIRECTORY%]\Reality Videos.lnk
[%COMMON_DESKTOPDIRECTORY%]\Free Games.lnk
[%WINDOWS%]\icond.exe
[%COMMON_DESKTOPDIRECTORY%]\Bonus Ringtones.lnk
[%COMMON_DESKTOPDIRECTORY%]\Dating.lnk
[%COMMON_DESKTOPDIRECTORY%]\Reality Videos.lnk

How to detect IconDrop:

Files:
[%COMMON_DESKTOPDIRECTORY%]\Free Games.lnk
[%WINDOWS%]\icond.exe
[%COMMON_DESKTOPDIRECTORY%]\Bonus Ringtones.lnk
[%COMMON_DESKTOPDIRECTORY%]\Dating.lnk
[%COMMON_DESKTOPDIRECTORY%]\Reality Videos.lnk
[%COMMON_DESKTOPDIRECTORY%]\Free Games.lnk
[%WINDOWS%]\icond.exe
[%COMMON_DESKTOPDIRECTORY%]\Bonus Ringtones.lnk
[%COMMON_DESKTOPDIRECTORY%]\Dating.lnk
[%COMMON_DESKTOPDIRECTORY%]\Reality Videos.lnk

Folders:
[%PROGRAM_FILES%]\Icon Drop
[%APPDATA%]\Tarma Installer

Registry Keys:
HKEY_LOCAL_MACHINE\software\tarma installer

Removing IconDrop:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
ShopNav BHO Symptoms
Caiijing Trojan Information
IGetNet.Keywords BHO Symptoms
Remove VirusBursters Ransomware
Removing TrojanDownloader.Win32.Small.fi Trojan

Zlob.Fam.MPVideoCodec Trojan

Removing Zlob.Fam.MPVideoCodec
Categories: Trojan,Popups
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware is the class of programs that place advertisements on your screen.
These may be in the form of pop-ups, pop-unders, advertisements embedded in programs,
advertisements placed on top of ads in web sites, or any other way the authors can
think of showing you an ad.

The pop-ups generally will not be stopped by pop-up stoppers, and often are
not dependent on your having Internet Explorer open.
They may show up when you are playing a game, writing a document, listening to music,
or anything else. Should you be surfing, the advertisements will often be related to
the web page you are viewing.

Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\MPVIDEOCODEC\iesuninst.exe
[%PROGRAM_FILES%]\MPVIDEOCODEC\isamini.exe
[%PROGRAM_FILES%]\MPVIDEOCODEC\isamonitor.exe
[%PROGRAM_FILES%]\MPVIDEOCODEC\isauninst.exe
[%PROGRAM_FILES%]\MPVIDEOCODEC\ot.ico
[%PROGRAM_FILES%]\MPVIDEOCODEC\pmmon.exe
[%PROGRAM_FILES%]\MPVIDEOCODEC\pmsngr.exe
[%PROGRAM_FILES%]\MPVIDEOCODEC\pmuninst.exe
[%PROGRAM_FILES%]\MPVIDEOCODEC\ts.ico
[%PROGRAM_FILES%]\MPVIDEOCODEC\uninst.exe
[%PROGRAM_FILES%]\MPVIDEOCODEC\iesuninst.exe
[%PROGRAM_FILES%]\MPVIDEOCODEC\isamini.exe
[%PROGRAM_FILES%]\MPVIDEOCODEC\isamonitor.exe
[%PROGRAM_FILES%]\MPVIDEOCODEC\isauninst.exe
[%PROGRAM_FILES%]\MPVIDEOCODEC\ot.ico
[%PROGRAM_FILES%]\MPVIDEOCODEC\pmmon.exe
[%PROGRAM_FILES%]\MPVIDEOCODEC\pmsngr.exe
[%PROGRAM_FILES%]\MPVIDEOCODEC\pmuninst.exe
[%PROGRAM_FILES%]\MPVIDEOCODEC\ts.ico
[%PROGRAM_FILES%]\MPVIDEOCODEC\uninst.exe

How to detect Zlob.Fam.MPVideoCodec:

Files:
[%PROGRAM_FILES%]\MPVIDEOCODEC\iesuninst.exe
[%PROGRAM_FILES%]\MPVIDEOCODEC\isamini.exe
[%PROGRAM_FILES%]\MPVIDEOCODEC\isamonitor.exe
[%PROGRAM_FILES%]\MPVIDEOCODEC\isauninst.exe
[%PROGRAM_FILES%]\MPVIDEOCODEC\ot.ico
[%PROGRAM_FILES%]\MPVIDEOCODEC\pmmon.exe
[%PROGRAM_FILES%]\MPVIDEOCODEC\pmsngr.exe
[%PROGRAM_FILES%]\MPVIDEOCODEC\pmuninst.exe
[%PROGRAM_FILES%]\MPVIDEOCODEC\ts.ico
[%PROGRAM_FILES%]\MPVIDEOCODEC\uninst.exe
[%PROGRAM_FILES%]\MPVIDEOCODEC\iesuninst.exe
[%PROGRAM_FILES%]\MPVIDEOCODEC\isamini.exe
[%PROGRAM_FILES%]\MPVIDEOCODEC\isamonitor.exe
[%PROGRAM_FILES%]\MPVIDEOCODEC\isauninst.exe
[%PROGRAM_FILES%]\MPVIDEOCODEC\ot.ico
[%PROGRAM_FILES%]\MPVIDEOCODEC\pmmon.exe
[%PROGRAM_FILES%]\MPVIDEOCODEC\pmsngr.exe
[%PROGRAM_FILES%]\MPVIDEOCODEC\pmuninst.exe
[%PROGRAM_FILES%]\MPVIDEOCODEC\ts.ico
[%PROGRAM_FILES%]\MPVIDEOCODEC\uninst.exe

Folders:
[%PROGRAM_FILES%]\MPVIDEOCODEC

Registry Keys:
HKEY_CLASSES_ROOT\emediacodek.chl
HKEY_CLASSES_ROOT\VSEnchancer.Chl
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EMediaCodek.Chl
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VSEnchancer.Chl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPVIDEOCODEC

Removing Zlob.Fam.MPVideoCodec:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing AntiSpyware.Soldier Adware
Removing IGetNet.Keywords BHO
Immunizr Ransomware Removal
Remove IBar.cn Toolbar
Meridian Adware Removal instruction

TypeTeller Spyware

Removing TypeTeller
Categories: Spyware
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Visible Symptoms:
Files in system folders:
[%DESKTOP%]\typeteller\typeteller.dll
[%DESKTOP%]\typeteller\typeteller.exe
[%DESKTOP%]\typeteller\typeteller.txt
[%PROFILE%]\Recent\typeteller.lnk
[%DESKTOP%]\typeteller\typeteller.dll
[%DESKTOP%]\typeteller\typeteller.exe
[%DESKTOP%]\typeteller\typeteller.txt
[%PROFILE%]\Recent\typeteller.lnk

How to detect TypeTeller:

Files:
[%DESKTOP%]\typeteller\typeteller.dll
[%DESKTOP%]\typeteller\typeteller.exe
[%DESKTOP%]\typeteller\typeteller.txt
[%PROFILE%]\Recent\typeteller.lnk
[%DESKTOP%]\typeteller\typeteller.dll
[%DESKTOP%]\typeteller\typeteller.exe
[%DESKTOP%]\typeteller\typeteller.txt
[%PROFILE%]\Recent\typeteller.lnk

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing TypeTeller:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
MyTool Adware Removal instruction
Renmog Trojan Removal
MetaDirect Adware Removal
Remove Win32.Qoologic Trojan
Remove ZSearch BHO

VirusBursters Ransomware

Removing VirusBursters
Categories: Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.

If the victim opens/executes the attachment, the program encrypts
a number of files on the victim's computer. A ransom note is then left behind for the victim.

The victim will be unable to open the encrypted files without the correct decryption key.
Once the ransom demanded in the ransom note is paid, the cracker may (or may not)
send the decryption key, enabling decryption of the "kidnapped" files.

Visible Symptoms:
Files in system folders:
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Virus-Bursters 6.2.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Virus-Bursters 6.3.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\VirusBursters 6.2.lnk
[%DESKTOP%]\Virus-Bursters.lnk
[%DESKTOP%]\VirusBursters.lnk
[%PROFILE%]\cmd.exe
[%PROFILE%]\start
[%PROGRAMS%]\VirusBursters\Uninstall VirusBursters 6.2.lnk
[%PROGRAMS%]\VirusBursters\VirusBursters 6.2 Website.lnk
[%PROGRAMS%]\VirusBursters\VirusBursters 6.2.lnk
[%STARTMENU%]\Virus-Bursters 6.2.lnk
[%STARTMENU%]\Virus-Bursters 6.3.lnk
[%STARTMENU%]\VirusBursters 6.2.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Virus-Bursters 6.2.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Virus-Bursters 6.3.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\VirusBursters 6.2.lnk
[%DESKTOP%]\Virus-Bursters.lnk
[%DESKTOP%]\VirusBursters.lnk
[%PROFILE%]\cmd.exe
[%PROFILE%]\start
[%PROGRAMS%]\VirusBursters\Uninstall VirusBursters 6.2.lnk
[%PROGRAMS%]\VirusBursters\VirusBursters 6.2 Website.lnk
[%PROGRAMS%]\VirusBursters\VirusBursters 6.2.lnk
[%STARTMENU%]\Virus-Bursters 6.2.lnk
[%STARTMENU%]\Virus-Bursters 6.3.lnk
[%STARTMENU%]\VirusBursters 6.2.lnk

How to detect VirusBursters:

Files:
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Virus-Bursters 6.2.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Virus-Bursters 6.3.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\VirusBursters 6.2.lnk
[%DESKTOP%]\Virus-Bursters.lnk
[%DESKTOP%]\VirusBursters.lnk
[%PROFILE%]\cmd.exe
[%PROFILE%]\start
[%PROGRAMS%]\VirusBursters\Uninstall VirusBursters 6.2.lnk
[%PROGRAMS%]\VirusBursters\VirusBursters 6.2 Website.lnk
[%PROGRAMS%]\VirusBursters\VirusBursters 6.2.lnk
[%STARTMENU%]\Virus-Bursters 6.2.lnk
[%STARTMENU%]\Virus-Bursters 6.3.lnk
[%STARTMENU%]\VirusBursters 6.2.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Virus-Bursters 6.2.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Virus-Bursters 6.3.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\VirusBursters 6.2.lnk
[%DESKTOP%]\Virus-Bursters.lnk
[%DESKTOP%]\VirusBursters.lnk
[%PROFILE%]\cmd.exe
[%PROFILE%]\start
[%PROGRAMS%]\VirusBursters\Uninstall VirusBursters 6.2.lnk
[%PROGRAMS%]\VirusBursters\VirusBursters 6.2 Website.lnk
[%PROGRAMS%]\VirusBursters\VirusBursters 6.2.lnk
[%STARTMENU%]\Virus-Bursters 6.2.lnk
[%STARTMENU%]\Virus-Bursters 6.3.lnk
[%STARTMENU%]\VirusBursters 6.2.lnk

Folders:
[%PROGRAMS%]\Virus-Bursters
[%PROGRAMS%]\VirusBursters
[%PROGRAM_FILES%]\Virus-Bursters
[%PROGRAM_FILES%]\VirusBursters

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}
HKEY_CLASSES_ROOT\Interface\{02313722-BB43-4C84-80A2-7CEDFC3F8560}
HKEY_CLASSES_ROOT\Interface\{0249BEB1-A2AA-45A3-9EC5-95D9C4A40A62}
HKEY_CLASSES_ROOT\Interface\{0354A901-C606-4DCC-8EA3-4F3383ECE67C}
HKEY_CLASSES_ROOT\Interface\{082DA6AF-F994-4C6C-A2B0-DFC3B3FF540A}
HKEY_CLASSES_ROOT\Interface\{0A03153E-AE2A-47FE-BBA3-3333C0EEEB86}
HKEY_CLASSES_ROOT\Interface\{0C9A71B1-8A8A-48A1-AA3F-0C83CE1C0BBD}
HKEY_CLASSES_ROOT\Interface\{0EF25077-DA22-4FF2-B6FF-6FC1C26F5740}
HKEY_CLASSES_ROOT\Interface\{11ED5DDF-90D0-45C1-BE2B-C9C4F98CCFE2}
HKEY_CLASSES_ROOT\Interface\{13854DA2-8414-4007-9693-2B6E6002520E}
HKEY_CLASSES_ROOT\Interface\{150D28AC-7C2D-4B57-B837-C74DCE7CC728}
HKEY_CLASSES_ROOT\Interface\{1FEB28BA-21B6-46F3-948A-D7CA11654FE9}
HKEY_CLASSES_ROOT\Interface\{276D86B8-010B-4576-8444-9A670070A3F4}
HKEY_CLASSES_ROOT\Interface\{2D9CAF75-4B36-455B-ADEF-0CFD7ADF3154}
HKEY_CLASSES_ROOT\Interface\{340B5D33-4A0C-4673-94FA-B88ECC48773E}
HKEY_CLASSES_ROOT\Interface\{38CD62AA-98AC-4B47-9CB8-8E1F108AD32F}
HKEY_CLASSES_ROOT\Interface\{41F834DA-AF4B-4C04-BD2E-9FA131FF39E5}
HKEY_CLASSES_ROOT\Interface\{453B991D-6B23-48CF-A3B0-2214F437CCB0}
HKEY_CLASSES_ROOT\Interface\{48CE44BF-E439-46DE-8CD8-88CB5B3D6D6E}
HKEY_CLASSES_ROOT\Interface\{4F7FA7BF-007C-46E6-A49C-B8E7373C046E}
HKEY_CLASSES_ROOT\Interface\{52B75F3F-0016-4002-9A3A-B68BC9501ED1}
HKEY_CLASSES_ROOT\Interface\{5AC65D7D-C00C-47A4-83F7-F81073C39B25}
HKEY_CLASSES_ROOT\Interface\{5F412259-081E-4B21-815D-93AE1E71AE95}
HKEY_CLASSES_ROOT\Interface\{657D5DE0-6497-4040-B604-F38C9411F64D}
HKEY_CLASSES_ROOT\Interface\{6DDA751B-CA62-41C6-B622-EA4B4C2E51F8}
HKEY_CLASSES_ROOT\Interface\{78EA0C93-1AAA-4922-84F0-42CBA685F6BC}
HKEY_CLASSES_ROOT\Interface\{7CAEFBCD-55A9-4A68-AA02-E69B12B3BE57}
HKEY_CLASSES_ROOT\Interface\{887D7071-FB68-49F6-A77C-E12D0A83BF91}
HKEY_CLASSES_ROOT\Interface\{88BDD61D-AC47-4D9E-A3ED-1CAA575593E6}
HKEY_CLASSES_ROOT\Interface\{898272CF-3ACE-4A7B-98FA-9EB8DB8B26DC}
HKEY_CLASSES_ROOT\Interface\{8A7D5862-7B00-4270-B456-CDC6779A79DD}
HKEY_CLASSES_ROOT\Interface\{8CBF5BAC-E609-4863-ABC9-68A7BD13B1D0}
HKEY_CLASSES_ROOT\Interface\{940664C7-DE44-4B8F-A05D-FD70CAB75F2C}
HKEY_CLASSES_ROOT\Interface\{9981DDEF-81C4-4CC8-A5F2-62A7912D8037}
HKEY_CLASSES_ROOT\Interface\{9CB68DF7-F336-45A2-BDE2-5DCA3998986F}
HKEY_CLASSES_ROOT\Interface\{9ECEF347-16E8-45B3-BB6D-AE9DDFC4EC11}
HKEY_CLASSES_ROOT\Interface\{9EE20753-220C-4A2C-87DC-F86FB78F3774}
HKEY_CLASSES_ROOT\Interface\{A09DFAEF-BFA3-47CA-9479-D7EC79342146}
HKEY_CLASSES_ROOT\Interface\{A4BB2045-C8B4-4A9F-B509-7A626797B961}
HKEY_CLASSES_ROOT\Interface\{B4BB620F-3AE7-4910-8171-F9FC8120D9EF}
HKEY_CLASSES_ROOT\Interface\{B70B489C-F0D5-4DD9-A2BA-9B6DBCF5090A}
HKEY_CLASSES_ROOT\Interface\{B7512CD1-CFDE-4498-ADBD-14B38062A478}
HKEY_CLASSES_ROOT\Interface\{B889DE48-EC10-4278-B3FF-76FEB7449215}
HKEY_CLASSES_ROOT\Interface\{BED38B7D-66E0-47B2-A7EF-8682B62828D6}
HKEY_CLASSES_ROOT\Interface\{C9CA446E-0484-4647-BBF0-3C129C42047C}
HKEY_CLASSES_ROOT\Interface\{CABABC4B-5B0F-4297-9D85-72E93616ED55}
HKEY_CLASSES_ROOT\Interface\{CCA1E17E-2BEE-4D53-8D00-7ADB5B35145A}
HKEY_CLASSES_ROOT\Interface\{CF1D16BA-2CE6-429A-A63A-3CF44D81A950}
HKEY_CLASSES_ROOT\Interface\{D7DE2292-04DD-48FC-B250-5E9BFE6BB959}
HKEY_CLASSES_ROOT\Interface\{D838D7A3-1551-4B32-BF7A-7F4F769BB885}
HKEY_CLASSES_ROOT\Interface\{D87A739B-AD9A-4973-B8C5-9D55B3EC0401}
HKEY_CLASSES_ROOT\Interface\{E1751F23-00E6-4F6C-AD78-CA7D8A96FD3E}
HKEY_CLASSES_ROOT\Interface\{E56B4B91-E548-4E89-97AC-E9630D22A2E2}
HKEY_CLASSES_ROOT\Interface\{EC6921C1-F723-49C9-B760-274DE8238ED6}
HKEY_CLASSES_ROOT\Interface\{ED639B1F-1B3F-473F-BD8D-6DE9C2D1972A}
HKEY_CLASSES_ROOT\Interface\{F9B659A0-6F32-4D69-A7D0-29A0B8CDDC16}
HKEY_CLASSES_ROOT\Interface\{FA13560C-D18C-4BE6-AE80-EBEFC6E5AD3C}
HKEY_CLASSES_ROOT\Interface\{FC105E0D-AE24-43F2-89AA-E8AB8F96EF6E}
HKEY_CLASSES_ROOT\Interface\{FD99520A-E900-4F8D-9092-22705622D2D2}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virus-bursters.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virusbursters.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virus-Bursters
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBursters
HKEY_LOCAL_MACHINE\SOFTWARE\Virus-Bursters
HKEY_LOCAL_MACHINE\SOFTWARE\VirusBursters

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Removing VirusBursters:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Ulysses Trojan
Badmin Trojan Symptoms
Remove Downloader.ACV Adware
GoSocks Trojan Removal instruction
Zlob.Fam.Protection Tools Trojan Cleaner

Satiloler Trojan

Removing Satiloler
Categories: Trojan,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES_COMMON%]\system\lsass.exe
[%PROGRAM_FILES_COMMON%]\system\lsass.exe

How to detect Satiloler:

Files:
[%PROGRAM_FILES_COMMON%]\system\lsass.exe
[%PROGRAM_FILES_COMMON%]\system\lsass.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Satiloler:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Insult.Media Backdoor Symptoms
Immunizr Ransomware Cleaner
Bancos.IOC Trojan Removal
Essgol Trojan Removal
TrojanDownloader.Win32.Rameh Trojan Removal instruction

StartPage.zy Hijacker

Removing StartPage.zy
Categories: Hijacker
A Search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

How to detect StartPage.zy:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing StartPage.zy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
IncrediFind Hijacker Removal instruction
BTV Trojan Removal
Small.ct Backdoor Removal instruction
Remove Danton Trojan
Remove SubSearch Adware

Win32.TrojanDownloader.Keenval Trojan

Removing Win32.TrojanDownloader.Keenval
Categories: Trojan,Downloader
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

Win32.TrojanDownloader.Keenval Also known as:

[Eset]Win32/TrojanDownloader.Keenval.A trojan,Win32/TrojanDownloader.Keenval.C trojan,Win32/TrojanDownloader.Keenval.E trojan;
[Panda]Adware/KeenValue

How to detect Win32.TrojanDownloader.Keenval:

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Win32.TrojanDownloader.Keenval:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
DomainHelper Adware Information
Shorty.Gopher Adware Removal
Win32.TrojanDownloader.Qoologic Downloader Removal
ForBot Trojan Symptoms
Error.Digger Ransomware Removal instruction