Thursday, December 11, 2008

Kuho Trojan

Removing Kuho
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Visible Symptoms:
Files in system folders:
[%APPDATA%]\koboo\conf.dat
[%APPDATA%]\koboo\conf2.dat
[%DESKTOP%]\µçÓ°.url
[%PROGRAMS%]\kuho\kuho.lnk
[%PROGRAM_FILES%]\kuho\data\setup.exe
[%PROGRAM_FILES%]\kuho\ddddl.dll
[%PROGRAM_FILES%]\kuho\dddsetup.exe
[%PROGRAM_FILES%]\kuho\dudupros.exe
[%PROGRAM_FILES%]\kuho\hotsortlist.dat
[%PROGRAM_FILES%]\kuho\kbmedia.dll
[%PROGRAM_FILES%]\kuho\kbskin.dll
[%PROGRAM_FILES%]\kuho\kuho.exe
[%PROGRAM_FILES%]\kuho\lrcsetlst.dat
[%PROGRAM_FILES%]\kuho\mbmon.dll
[%PROGRAM_FILES%]\kuho\mbsched.exe
[%PROGRAM_FILES%]\kuho\mbsearch.dll
[%PROGRAM_FILES%]\kuho\msvcp60.dll
[%PROGRAM_FILES%]\kuho\msvcrt.dll
[%PROGRAM_FILES%]\kuho\pcastctl.dll
[%PROGRAM_FILES%]\kuho\playlist.dat
[%PROGRAM_FILES%]\kuho\repk.exe
[%PROGRAM_FILES%]\kuho\search.dat
[%PROGRAM_FILES%]\kuho\skin.bmp
[%PROGRAM_FILES%]\kuho\skin.ini
[%PROGRAM_FILES%]\kuho\uninst.exe
[%PROGRAM_FILES%]\kuho\webdl.dll
[%STARTUP%]\kuho.lnk
[%APPDATA%]\koboo\conf.dat
[%APPDATA%]\koboo\conf2.dat
[%DESKTOP%]\µçÓ°.url
[%PROGRAMS%]\kuho\kuho.lnk
[%PROGRAM_FILES%]\kuho\data\setup.exe
[%PROGRAM_FILES%]\kuho\ddddl.dll
[%PROGRAM_FILES%]\kuho\dddsetup.exe
[%PROGRAM_FILES%]\kuho\dudupros.exe
[%PROGRAM_FILES%]\kuho\hotsortlist.dat
[%PROGRAM_FILES%]\kuho\kbmedia.dll
[%PROGRAM_FILES%]\kuho\kbskin.dll
[%PROGRAM_FILES%]\kuho\kuho.exe
[%PROGRAM_FILES%]\kuho\lrcsetlst.dat
[%PROGRAM_FILES%]\kuho\mbmon.dll
[%PROGRAM_FILES%]\kuho\mbsched.exe
[%PROGRAM_FILES%]\kuho\mbsearch.dll
[%PROGRAM_FILES%]\kuho\msvcp60.dll
[%PROGRAM_FILES%]\kuho\msvcrt.dll
[%PROGRAM_FILES%]\kuho\pcastctl.dll
[%PROGRAM_FILES%]\kuho\playlist.dat
[%PROGRAM_FILES%]\kuho\repk.exe
[%PROGRAM_FILES%]\kuho\search.dat
[%PROGRAM_FILES%]\kuho\skin.bmp
[%PROGRAM_FILES%]\kuho\skin.ini
[%PROGRAM_FILES%]\kuho\uninst.exe
[%PROGRAM_FILES%]\kuho\webdl.dll
[%STARTUP%]\kuho.lnk

How to detect Kuho:

Files:
[%APPDATA%]\koboo\conf.dat
[%APPDATA%]\koboo\conf2.dat
[%DESKTOP%]\µçÓ°.url
[%PROGRAMS%]\kuho\kuho.lnk
[%PROGRAM_FILES%]\kuho\data\setup.exe
[%PROGRAM_FILES%]\kuho\ddddl.dll
[%PROGRAM_FILES%]\kuho\dddsetup.exe
[%PROGRAM_FILES%]\kuho\dudupros.exe
[%PROGRAM_FILES%]\kuho\hotsortlist.dat
[%PROGRAM_FILES%]\kuho\kbmedia.dll
[%PROGRAM_FILES%]\kuho\kbskin.dll
[%PROGRAM_FILES%]\kuho\kuho.exe
[%PROGRAM_FILES%]\kuho\lrcsetlst.dat
[%PROGRAM_FILES%]\kuho\mbmon.dll
[%PROGRAM_FILES%]\kuho\mbsched.exe
[%PROGRAM_FILES%]\kuho\mbsearch.dll
[%PROGRAM_FILES%]\kuho\msvcp60.dll
[%PROGRAM_FILES%]\kuho\msvcrt.dll
[%PROGRAM_FILES%]\kuho\pcastctl.dll
[%PROGRAM_FILES%]\kuho\playlist.dat
[%PROGRAM_FILES%]\kuho\repk.exe
[%PROGRAM_FILES%]\kuho\search.dat
[%PROGRAM_FILES%]\kuho\skin.bmp
[%PROGRAM_FILES%]\kuho\skin.ini
[%PROGRAM_FILES%]\kuho\uninst.exe
[%PROGRAM_FILES%]\kuho\webdl.dll
[%STARTUP%]\kuho.lnk
[%APPDATA%]\koboo\conf.dat
[%APPDATA%]\koboo\conf2.dat
[%DESKTOP%]\µçÓ°.url
[%PROGRAMS%]\kuho\kuho.lnk
[%PROGRAM_FILES%]\kuho\data\setup.exe
[%PROGRAM_FILES%]\kuho\ddddl.dll
[%PROGRAM_FILES%]\kuho\dddsetup.exe
[%PROGRAM_FILES%]\kuho\dudupros.exe
[%PROGRAM_FILES%]\kuho\hotsortlist.dat
[%PROGRAM_FILES%]\kuho\kbmedia.dll
[%PROGRAM_FILES%]\kuho\kbskin.dll
[%PROGRAM_FILES%]\kuho\kuho.exe
[%PROGRAM_FILES%]\kuho\lrcsetlst.dat
[%PROGRAM_FILES%]\kuho\mbmon.dll
[%PROGRAM_FILES%]\kuho\mbsched.exe
[%PROGRAM_FILES%]\kuho\mbsearch.dll
[%PROGRAM_FILES%]\kuho\msvcp60.dll
[%PROGRAM_FILES%]\kuho\msvcrt.dll
[%PROGRAM_FILES%]\kuho\pcastctl.dll
[%PROGRAM_FILES%]\kuho\playlist.dat
[%PROGRAM_FILES%]\kuho\repk.exe
[%PROGRAM_FILES%]\kuho\search.dat
[%PROGRAM_FILES%]\kuho\skin.bmp
[%PROGRAM_FILES%]\kuho\skin.ini
[%PROGRAM_FILES%]\kuho\uninst.exe
[%PROGRAM_FILES%]\kuho\webdl.dll
[%STARTUP%]\kuho.lnk

Folders:
[%APPDATA%]\koboo\data

Registry Keys:
HKEY_CURRENT_USER\software\dudu

Registry Values:
HKEY_CLASSES_ROOT\interface\{3670b76d-837b-4fdc-b814-678e81f7f9ea}\typelib
HKEY_CLASSES_ROOT\interface\{50548648-5488-4832-8e73-45e02019f4f9}\typelib
HKEY_CLASSES_ROOT\clsid\{7ad13266-7cad-4997-892f-76222be0a39d}\inprocserver32
HKEY_CLASSES_ROOT\clsid\{7dee9d05-fa0a-4416-a6f3-6537d0eab6a6}\inprocserver32
HKEY_CLASSES_ROOT\clsid\{8afce6c6-75d9-494a-a0a9-d80e1726248f}\inprocserver32
HKEY_CLASSES_ROOT\clsid\{af9f7043-ddad-4eda-8fbe-c35802d5ee54}\inprocserver32
HKEY_CLASSES_ROOT\clsid\{e7e2d89b-2702-4d3d-8139-9b6e35dc8750}\inprocserver32
HKEY_CLASSES_ROOT\clsid\{f2f89d78-0450-4ddc-b8fb-4a169204c69d}
HKEY_CLASSES_ROOT\clsid\{f2f89d78-0450-4ddc-b8fb-4a169204c69d}
HKEY_CLASSES_ROOT\interface\{2754914f-18ad-45f1-990f-83f40940e1b1}\typelib
HKEY_CLASSES_ROOT\interface\{3670b76d-837b-4fdc-b814-678e81f7f9ea}\typelib
HKEY_CLASSES_ROOT\interface\{50548648-5488-4832-8e73-45e02019f4f9}\typelib
HKEY_CLASSES_ROOT\interface\{78b96fa7-51b2-4864-bef8-8bfba355b554}\typelib
HKEY_CLASSES_ROOT\interface\{89a75acb-17ed-4ee2-ac80-b65d6b166a6b}\typelib
HKEY_CLASSES_ROOT\interface\{9e9675b0-db79-4069-b562-7ebc60d5eff9}\typelib
HKEY_CLASSES_ROOT\interface\{a3d6ccf7-5996-4a5f-b732-a8ada16a4256}\typelib
HKEY_CLASSES_ROOT\interface\{d12fc2d0-4c86-4ad8-a322-a057b9c17d1b}\typelib
HKEY_CLASSES_ROOT\interface\{f6af1f04-a744-441a-849f-ceab35e20f4e}\typelib
HKEY_CLASSES_ROOT\protocols\handler\koboo
HKEY_CURRENT_USER\software\microsoft\internet explorer\new windows\allow

Removing Kuho:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Mirar Trojan Removal
CWS.IEFeatsIUpdate Hijacker Symptoms

Posted by at No comments:

UltraBar Toolbar

Removing UltraBar
Categories: Toolbar
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\ultrabar.dll
[%SYSTEM%]\ultrabar.dll

How to detect UltraBar:

Files:
[%SYSTEM%]\ultrabar.dll
[%SYSTEM%]\ultrabar.dll

Registry Keys:
HKEY_LOCAL_MACHINE\software\classes\clsid\{7b49a2a5-b45f-46f3-ac60-2578477671ee}

Removing UltraBar:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.AVSX Trojan Information

Posted by at No comments:

CBPplus Adware

Removing CBPplus
Categories: Adware,BHO,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

How to detect CBPplus:

Registry Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBCBAE56-13ED-4548-8093-D7FEE6482C2F}

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar

Removing CBPplus:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.ETY Trojan Removal
Remove IEsl.Cab Hostile Code
Pigeon.AKL Trojan Information
Bancos.HLF Trojan Symptoms

Posted by at No comments:

MagicControl Adware

Removing MagicControl
Categories: Adware,BHO,Toolbar,Downloader
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
MagicControl Also known as:

[Kaspersky]TrojanDownloader.Win32.Wintrim.ac;
[Eset]Win32/TrojanDownloader.Wintrim.AC trojan

How to detect MagicControl:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{d7a82a12-05f5-42d8-b30d-6ef995075d2d}
HKEY_CLASSES_ROOT\clsid\{de614603-6320-4046-a7a7-6a69cec26f14}
HKEY_CLASSES_ROOT\interface\{1ef28cc5-8d97-4310-b71b-ca34ee15b897}
HKEY_CLASSES_ROOT\interface\{43cdad65-aa0d-4701-8108-117f86613b69}
HKEY_CLASSES_ROOT\interface\{6d3f48f4-b40a-4c3f-a95c-85e23c3a8a91}
HKEY_CLASSES_ROOT\magiccontrol.magiccomponent
HKEY_CLASSES_ROOT\magiccontrol.magiccomponent.1
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{de614603-6320-4046-a7a7-6a69cec26f14}
HKEY_LOCAL_MACHINE\software\classes\clsid\{de614603-6320-4046-a7a7-6a69cec26f14}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{de614603-6320-4046-a7a7-6a69cec26f14}

Removing MagicControl:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Vapidab Trojan Cleaner

Posted by at No comments:

Zlob.Fam.iCodecPack Trojan

Removing Zlob.Fam.iCodecPack
Categories: Trojan,Popups
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware is the class of programs that place advertisements on your screen.
These may be in the form of pop-ups, pop-unders, advertisements embedded in programs,
advertisements placed on top of ads in web sites, or any other way the authors can
think of showing you an ad.

The pop-ups generally will not be stopped by pop-up stoppers, and often are
not dependent on your having Internet Explorer open.
They may show up when you are playing a game, writing a document, listening to music,
or anything else. Should you be surfing, the advertisements will often be related to
the web page you are viewing.
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\iCodecPack\iesplugin.dll
[%PROGRAM_FILES%]\iCodecPack\ot.ico
[%PROGRAM_FILES%]\iCodecPack\pmsngr.exe
[%PROGRAM_FILES%]\iCodecPack\pmuninst.exe
[%PROGRAM_FILES%]\iCodecPack\ts.ico
[%PROGRAM_FILES%]\iCodecPack\uninst.exe
[%PROGRAM_FILES%]\iCodecPack\iesplugin.dll
[%PROGRAM_FILES%]\iCodecPack\ot.ico
[%PROGRAM_FILES%]\iCodecPack\pmsngr.exe
[%PROGRAM_FILES%]\iCodecPack\pmuninst.exe
[%PROGRAM_FILES%]\iCodecPack\ts.ico
[%PROGRAM_FILES%]\iCodecPack\uninst.exe

How to detect Zlob.Fam.iCodecPack:

Files:
[%PROGRAM_FILES%]\iCodecPack\iesplugin.dll
[%PROGRAM_FILES%]\iCodecPack\ot.ico
[%PROGRAM_FILES%]\iCodecPack\pmsngr.exe
[%PROGRAM_FILES%]\iCodecPack\pmuninst.exe
[%PROGRAM_FILES%]\iCodecPack\ts.ico
[%PROGRAM_FILES%]\iCodecPack\uninst.exe
[%PROGRAM_FILES%]\iCodecPack\iesplugin.dll
[%PROGRAM_FILES%]\iCodecPack\ot.ico
[%PROGRAM_FILES%]\iCodecPack\pmsngr.exe
[%PROGRAM_FILES%]\iCodecPack\pmuninst.exe
[%PROGRAM_FILES%]\iCodecPack\ts.ico
[%PROGRAM_FILES%]\iCodecPack\uninst.exe

Folders:
[%PROGRAM_FILES%]\iCodecPack

Registry Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iCodecPack

Removing Zlob.Fam.iCodecPack:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Vxidl.AHM Trojan Cleaner

Posted by at No comments:

Smondev Trojan

Removing Smondev
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\SecMon.sys
[%WINDOWS%]\SecMon.sys

How to detect Smondev:

Files:
[%WINDOWS%]\SecMon.sys
[%WINDOWS%]\SecMon.sys

Removing Smondev:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Sim.Keylogger Spyware
Remove RegFreeze.net::RegFreeze Adware

Posted by at No comments:

ZToolbar Adware

Removing ZToolbar
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\bandserv.dll
[%WINDOWS%]\bandserv.dll

How to detect ZToolbar:

Files:
[%WINDOWS%]\bandserv.dll
[%WINDOWS%]\bandserv.dll

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
HKEY_CLASSES_ROOT\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}
HKEY_CLASSES_ROOT\motleyfool.stockbar
HKEY_CLASSES_ROOT\motleyfool.stockbar.1
HKEY_CLASSES_ROOT\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77}
HKEY_CLASSES_ROOT\ZToolbar.activator
HKEY_CLASSES_ROOT\ZToolbar.activator.1
HKEY_CLASSES_ROOT\ZToolbar.ParamWr
HKEY_CLASSES_ROOT\ZToolbar.ParamWr.1
HKEY_CLASSES_ROOT\ZToolbar.StockBar
HKEY_CLASSES_ROOT\ZToolbar.StockBar.1
HKEY_CLASSES_ROOT\Interface\{DCFAB192-4A0E-4720-8E24-70D5F0CB8C39}
HKEY_CLASSES_ROOT\Interface\{F4394F24-163D-430B-B5AF-B68B56031B99}
HKEY_CLASSES_ROOT\clsid\{a6790aa5-c6c7-4bcf-a46d-0fdac4ea90eb}
HKEY_CLASSES_ROOT\clsid\{b75f75b8-93f3-429d-ff34-660b206d897a}
HKEY_CLASSES_ROOT\clsid\{d7bf3304-138b-4dd5-86ee-491bb6a2286c}
HKEY_CLASSES_ROOT\clsid\{fff5092f-7172-4018-827b-fa5868fb0478}
HKEY_CLASSES_ROOT\interface\{6deee498-08cc-43f0-bca0-dbb5a25c9501}
HKEY_CLASSES_ROOT\interface\{dcfab192-4a0e-4720-8e24-70d5f0cb8c39}
HKEY_CLASSES_ROOT\interface\{f4394f24-163d-430b-b5af-b68b56031b99}
HKEY_CLASSES_ROOT\typelib\{84c94803-b5ec-4491-b2be-7b113e013b77}
HKEY_CLASSES_ROOT\ztoolbar.activator
HKEY_CLASSES_ROOT\ztoolbar.activator.1
HKEY_CLASSES_ROOT\ztoolbar.paramwr
HKEY_CLASSES_ROOT\ztoolbar.paramwr.1
HKEY_CLASSES_ROOT\ztoolbar.stockbar
HKEY_CLASSES_ROOT\ztoolbar.stockbar.1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{fff5092f-7172-4018-827b-fa5868fb0478}
HKEY_LOCAL_MACHINE\software\zsearchco

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar

Removing ZToolbar:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Pigeon.AEU Trojan

Posted by at No comments:

INetBar Adware

Removing INetBar
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

How to detect INetBar:

Folders:
[%DESKTOP%]\inetbar starten.lnk
[%PROGRAMS%]\inetcash
[%PROGRAM_FILES%]\inetbar

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\inetbar_is1

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing INetBar:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
CustomToolbar BHO Information
Stardialer Adware Removal

Posted by at No comments:

AdultId Adware

Removing AdultId
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

AdultId Also known as:

[Kaspersky]AdWare.Win32.AdultIt.a,AdWare.Win32.AdultId.a;
[McAfee]Adware-AdultId,Adware-Adultid;
[Other]Adware:Win32/AdultId
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\FileSubmit\stoichkovwpv01.zip\NNWDAC638.EXE
[%PROGRAM_FILES%]\filesubmit\strobelight3dcursors.zip\NNWDAC638.EXE
[%PROGRAM_FILES%]\QuickSearch\QuickSearchBar3_28.dll
[%PROGRAM_FILES%]\FileSubmit\stoichkovwpv01.zip\NNWDAC638.EXE
[%PROGRAM_FILES%]\filesubmit\strobelight3dcursors.zip\NNWDAC638.EXE
[%PROGRAM_FILES%]\QuickSearch\QuickSearchBar3_28.dll

How to detect AdultId:

Files:
[%PROGRAM_FILES%]\FileSubmit\stoichkovwpv01.zip\NNWDAC638.EXE
[%PROGRAM_FILES%]\filesubmit\strobelight3dcursors.zip\NNWDAC638.EXE
[%PROGRAM_FILES%]\QuickSearch\QuickSearchBar3_28.dll
[%PROGRAM_FILES%]\FileSubmit\stoichkovwpv01.zip\NNWDAC638.EXE
[%PROGRAM_FILES%]\filesubmit\strobelight3dcursors.zip\NNWDAC638.EXE
[%PROGRAM_FILES%]\QuickSearch\QuickSearchBar3_28.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{3c368c4a-827f-4f25-9c52-371bdf049912}
HKEY_CLASSES_ROOT\CLSID\{82315A18-6CFB-44a7-BDFD-90E36537C252}
HKEY_CLASSES_ROOT\interface\{141a9a62-342f-4154-a456-d29917e80b45}
HKEY_CLASSES_ROOT\interface\{d9855da1-8ba7-4f08-b138-874ae7a2d2d2}
HKEY_CLASSES_ROOT\quicksearch.desksearchband
HKEY_CLASSES_ROOT\quicksearch.desksearchband.1
HKEY_CLASSES_ROOT\quicksearch.searchband
HKEY_CLASSES_ROOT\quicksearch.searchband.1
HKEY_CLASSES_ROOT\software\classes\quicksearch.searchband
HKEY_CLASSES_ROOT\typelib\{b7620af8-b460-455a-946f-16f8bf52a9ad}
HKEY_CURRENT_USER\software\quicksearch
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82315A18-6CFB-44a7-BDFD-90E36537C252}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\quicksearch toolbar
HKEY_LOCAL_MACHINE\software\quicksearch
HKEY_CLASSES_ROOT\clsid\{613efcd9-1b40-7dd7-cdf5-a6b3cf264e9f}
HKEY_CLASSES_ROOT\clsid\{bef77502-f00b-55e5-0cf7-b6db1af32a15}
HKEY_CLASSES_ROOT\clsid\{c172bb81-b169-37d3-6772-ed188b14fd52}
HKEY_CLASSES_ROOT\interface\{c848d4be-a391-4456-abaa-81e834c77700}
HKEY_CLASSES_ROOT\typelib\{373e0369-863a-4345-bd57-f46dd9a0c4f2}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{613efcd9-1b40-7dd7-cdf5-a6b3cf264e9f}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{bef77502-f00b-55e5-0cf7-b6db1af32a15}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c172bb81-b169-37d3-6772-ed188b14fd52}

Removing AdultId:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing CWS.conyc Hijacker
Gnayum!PWS!Trojan Trojan Removal instruction

Posted by at No comments:

MicroBillSystems Adware

Removing MicroBillSystems
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

How to detect MicroBillSystems:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{d2fac024-92c0-42e5-a75b-7b4e3915cc50}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing MicroBillSystems:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Adroar Adware

Posted by at No comments:

Wootbot.gen Backdoor

Removing Wootbot.gen
Categories: Backdoor
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

How to detect Wootbot.gen:

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce
HKEY_USERS\.default\software\microsoft\windows\currentversion\run
HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce

Removing Wootbot.gen:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.DZO Trojan Removal

Posted by at No comments:

NETObserve Spyware

Removing NETObserve
Categories: Spyware,RAT
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\temp.eah
[%PROFILE_TEMP%]\temp.eah

How to detect NETObserve:

Files:
[%PROFILE_TEMP%]\temp.eah
[%PROFILE_TEMP%]\temp.eah

Folders:
[%COMMON_PROGRAMS%]\NETObserve 2.98 TRIAL
[%SYSTEM%]\syscfg

Registry Keys:
HKEY_CURRENT_USER\software\exploreanywhere software\no
HKEY_LOCAL_MACHINE\software\exploreanywhere software\no
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\netobserve 2.9
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\netobserve 2.98 trial

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing NETObserve:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove AOL.PS.cc Trojan
Evil.Bot.Server Backdoor Cleaner

Posted by at No comments:

Disable.Task.Manager.Reg.Entry Trojan

Removing Disable.Task.Manager.Reg.Entry
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

How to detect Disable.Task.Manager.Reg.Entry:

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system

Removing Disable.Task.Manager.Reg.Entry:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Hamara Trojan
Removing WebhostExe Adware
Invader Trojan Removal

Posted by at No comments:

AntiVirus.Pro Trojan

Removing AntiVirus.Pro
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Visible Symptoms:
Files in system folders:
[%COMMON_STARTMENU%]\Anti-Virus-Pro\Register Anti-Virus-Pro.lnk
[%COMMON_STARTMENU%]\Anti-Virus-Pro\Start Anti-Virus-Pro.lnk
[%COMMON_STARTMENU%]\Anti-Virus-Pro\Uninstall Anti-Virus-Pro.lnk
[%DESKTOP%]\anti-virus-pro.lnk
[%DESKTOP%]\anti-virus-pro.pkg
[%COMMON_STARTMENU%]\Anti-Virus-Pro\Register Anti-Virus-Pro.lnk
[%COMMON_STARTMENU%]\Anti-Virus-Pro\Start Anti-Virus-Pro.lnk
[%COMMON_STARTMENU%]\Anti-Virus-Pro\Uninstall Anti-Virus-Pro.lnk
[%DESKTOP%]\anti-virus-pro.lnk
[%DESKTOP%]\anti-virus-pro.pkg

How to detect AntiVirus.Pro:

Files:
[%COMMON_STARTMENU%]\Anti-Virus-Pro\Register Anti-Virus-Pro.lnk
[%COMMON_STARTMENU%]\Anti-Virus-Pro\Start Anti-Virus-Pro.lnk
[%COMMON_STARTMENU%]\Anti-Virus-Pro\Uninstall Anti-Virus-Pro.lnk
[%DESKTOP%]\anti-virus-pro.lnk
[%DESKTOP%]\anti-virus-pro.pkg
[%COMMON_STARTMENU%]\Anti-Virus-Pro\Register Anti-Virus-Pro.lnk
[%COMMON_STARTMENU%]\Anti-Virus-Pro\Start Anti-Virus-Pro.lnk
[%COMMON_STARTMENU%]\Anti-Virus-Pro\Uninstall Anti-Virus-Pro.lnk
[%DESKTOP%]\anti-virus-pro.lnk
[%DESKTOP%]\anti-virus-pro.pkg

Folders:
[%APPDATA%]\anti-virus-pro
[%PROGRAM_FILES%]\anti-virus-pro
[%PROFILE%]\start menu\anti-virus-pro

Registry Keys:
HKEY_CURRENT_USER\software\anti-virus-pro\scripts
HKEY_CURRENT_USER\software\anti-virus-pro\scan
HKEY_CURRENT_USER\software\anti-virus-pro\settings
HKEY_CURRENT_USER\software\anti-virus-pro\shield
HKEY_LOCAL_MACHINE\software\anti-virus-pro
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\anti-virus-pro

Registry Values:
HKEY_CURRENT_USER\software\anti-virus-pro
HKEY_CURRENT_USER\software\anti-virus-pro
HKEY_CURRENT_USER\software\anti-virus-pro
HKEY_CURRENT_USER\software\anti-virus-pro
HKEY_CURRENT_USER\software\anti-virus-pro
HKEY_CURRENT_USER\software\anti-virus-pro
HKEY_CURRENT_USER\software\anti-virus-pro
HKEY_CURRENT_USER\software\anti-virus-pro
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing AntiVirus.Pro:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
ScanCool.Server.Client RAT Information
GhostKeyLogger Spyware Removal instruction
Vxidl.BAP Trojan Information
BestsellerAntivirus Ransomware Cleaner

Posted by at No comments:

Acee Trojan

Removing Acee
Categories: Trojan,Downloader
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
Acee Also known as:

[Kaspersky]Trojan-Downloader.Win32.Agent;
[Other]Win32/Acee
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\fnm9fa84.sys
[%SYSTEM%]\jxyee141.dll
[%SYSTEM%]\fnm9fa84.sys
[%SYSTEM%]\jxyee141.dll

How to detect Acee:

Files:
[%SYSTEM%]\fnm9fa84.sys
[%SYSTEM%]\jxyee141.dll
[%SYSTEM%]\fnm9fa84.sys
[%SYSTEM%]\jxyee141.dll

Removing Acee:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Svs Trojan Information
Removing Pigeon.AEL Trojan
Wopla.ac Trojan Removal instruction

Posted by at No comments:

Penfur Trojan

Removing Penfur
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\CsdDriver.sys
[%SYSTEM%]\UpperHost.dll
[%SYSTEM%]\CsdDriver.sys
[%SYSTEM%]\UpperHost.dll

How to detect Penfur:

Files:
[%SYSTEM%]\CsdDriver.sys
[%SYSTEM%]\UpperHost.dll
[%SYSTEM%]\CsdDriver.sys
[%SYSTEM%]\UpperHost.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{523455e4-abcd-abcd-1114-d709add3ddab}
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_csddriver
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\csddriver

Removing Penfur:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Trojan.Downloader.Win32.Small.csn Trojan Removal instruction
Removing Pigeon.EWV Trojan
Bancos.GHG Trojan Symptoms

Posted by at No comments:

FakeAlert.TrojanFactory Trojan

Removing FakeAlert.TrojanFactory
Categories: Trojan,Adware,Downloader
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
FakeAlert.TrojanFactory Also known as:

[Kaspersky]Hoax.Win32.Renos.dm;
[Other]Directrevenue-abetterinternet
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\qjrkvy.exe
[%SYSTEM%]\users32.exe
[%SYSTEM%]\winflash.dll
[%SYSTEM%]\qjrkvy.exe
[%SYSTEM%]\users32.exe
[%SYSTEM%]\winflash.dll

How to detect FakeAlert.TrojanFactory:

Files:
[%SYSTEM%]\qjrkvy.exe
[%SYSTEM%]\users32.exe
[%SYSTEM%]\winflash.dll
[%SYSTEM%]\qjrkvy.exe
[%SYSTEM%]\users32.exe
[%SYSTEM%]\winflash.dll

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{60e2e76b-60e2e76b-60e2e76b-60e2e76b-60e2e76b}
HKEY_CLASSES_ROOT\clsid\{60e2e76b-60e2e76b-60e2e76b-60e2e76b-60e2e76b}

Removing FakeAlert.TrojanFactory:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
AntiOL Trojan Symptoms
Bat.Elf Trojan Cleaner

Posted by at No comments:

Checkinton Downloader

Removing Checkinton
Categories: Downloader
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
Checkinton Also known as:

[Kaspersky]Trojan-Downloader.Win32.Agent.auv
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\jozygcxr.exe
[%PROFILE_TEMP%]\jozygcxr.exe

How to detect Checkinton:

Files:
[%PROFILE_TEMP%]\jozygcxr.exe
[%PROFILE_TEMP%]\jozygcxr.exe

Removing Checkinton:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Enfiltrator.Black.Box Spyware
Removing JScript.Destroyer98 Hacker Tool
API.PM.Bomber Trojan Removal instruction

Posted by at No comments:

Remote.Control Backdoor

Removing Remote.Control
Categories: Backdoor,RAT
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

Remote.Control Also known as:

[Kaspersky]Backdoor.RC,Backdoor.Remotrol.11,Backdoor.Remotcon.10,Backdoor.VB.ey;
[McAfee]BackDoor-FU,BackDoor-APD,BackDoor-AQY.gen;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/Rc,Bck/RC.1.0,Bck/Remotrol.B,Backdoor Program,Backdoor Program.LC;
[Computer Associates]Backdoor/RC!Server,Backdoor/Remotrol.1_1,Backdoor/VB.ey,Backdoor/VB.HU
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\Shareaza\Plugins\MediaPlayer.dll
[%PROGRAM_FILES%]\Shareaza\Plugins\RazaWebHook.dll
[%PROGRAM_FILES%]\Shareaza\Plugins\MediaPlayer.dll
[%PROGRAM_FILES%]\Shareaza\Plugins\RazaWebHook.dll

How to detect Remote.Control:

Files:
[%PROGRAM_FILES%]\Shareaza\Plugins\MediaPlayer.dll
[%PROGRAM_FILES%]\Shareaza\Plugins\RazaWebHook.dll
[%PROGRAM_FILES%]\Shareaza\Plugins\MediaPlayer.dll
[%PROGRAM_FILES%]\Shareaza\Plugins\RazaWebHook.dll

Removing Remote.Control:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Overnet Worm

Posted by at No comments:

123Search Adware

Removing 123Search
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

How to detect 123Search:

Registry Keys:
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\&search the web
HKEY_CLASSES_ROOT\appid\msietk.dll
HKEY_CLASSES_ROOT\appid\stub.dll
HKEY_CLASSES_ROOT\appid\{fe13c80c-919e-4c81-b002-81ea258da804}
HKEY_CLASSES_ROOT\clsid\{727d45c4-2bd1-41d2-b54e-97deaf06ad9a}
HKEY_CLASSES_ROOT\clsid\{a096a159-4e58-45a9-8ee6-b11466851181}
HKEY_CLASSES_ROOT\clsid\{c090dcd2-0339-4c3f-8441-302449b3ed74}
HKEY_CLASSES_ROOT\interface\{41a3effa-7ea8-498f-8048-4b8e2ad66337}
HKEY_CLASSES_ROOT\interface\{e1eb06dc-60fa-414a-9cc3-4e3a81e8c702}
HKEY_CLASSES_ROOT\interface\{fae82565-01f2-44f8-9f14-18d3bb20a411}
HKEY_CLASSES_ROOT\stub.bho
HKEY_CLASSES_ROOT\stub.bho.1
HKEY_CLASSES_ROOT\stub.htmlbar
HKEY_CLASSES_ROOT\stub.htmlbar.1
HKEY_CLASSES_ROOT\stub.toolband
HKEY_CLASSES_ROOT\stub.toolband.1
HKEY_CLASSES_ROOT\typelib\{fe13c80c-919e-4c81-b002-81ea258da804}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{727d45c4-2bd1-41d2-b54e-97deaf06ad9a}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{a096a159-4e58-45a9-8ee6-b11466851181}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{a096a159-4e58-45a9-8ee6-b11466851181}
HKEY_LOCAL_MACHINE\software\searchfu.net

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar

Removing 123Search:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
CWS.LoadAdv Hijacker Removal
Removing NetKillx Backdoor
Removing HTTPStress Downloader

Posted by at No comments:

YahooAssistant Toolbar

Removing YahooAssistant
Categories: Toolbar
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\CoolBar\prodef.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\CoolBar\profile.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\adkiller.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\alert.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\alertnew.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\anitvirus.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\assist.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\clear.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\custheme.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\hilight.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\iefix.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\logo.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\music.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\musiclink.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\musictop.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\picture.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\search.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\searchtop.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\settings.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\yphtb.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\SearchBar\prodef.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\SearchBar\profile.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\SecurityBar\prodef.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\SecurityBar\profile.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\yasbar.dll
[%PROGRAM_FILES%]\Yahoo!\Assistant\yal01.dat
[%PROGRAM_FILES%]\Yahoo!\Assistant\YAlive.dll
[%PROGRAM_FILES%]\Yahoo!\Assistant\yhelper.dll
[%PROGRAM_FILES%]\Yahoo!\Assistant\ylive.exe
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\gouwu.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\Thumbs.db
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\yalive.dll
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\yassistn.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\yassistnsw.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\yalive.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\yalvsw.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\CoolBar\prodef.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\CoolBar\profile.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\adkiller.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\alert.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\alertnew.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\anitvirus.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\assist.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\clear.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\custheme.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\hilight.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\iefix.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\logo.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\music.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\musiclink.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\musictop.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\picture.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\search.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\searchtop.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\settings.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\yphtb.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\SearchBar\prodef.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\SearchBar\profile.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\SecurityBar\prodef.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\SecurityBar\profile.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\yasbar.dll
[%PROGRAM_FILES%]\Yahoo!\Assistant\yal01.dat
[%PROGRAM_FILES%]\Yahoo!\Assistant\YAlive.dll
[%PROGRAM_FILES%]\Yahoo!\Assistant\yhelper.dll
[%PROGRAM_FILES%]\Yahoo!\Assistant\ylive.exe
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\gouwu.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\Thumbs.db
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\yalive.dll
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\yassistn.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\yassistnsw.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\yalive.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\yalvsw.ini

How to detect YahooAssistant:

Files:
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\CoolBar\prodef.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\CoolBar\profile.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\adkiller.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\alert.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\alertnew.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\anitvirus.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\assist.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\clear.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\custheme.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\hilight.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\iefix.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\logo.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\music.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\musiclink.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\musictop.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\picture.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\search.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\searchtop.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\settings.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\yphtb.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\SearchBar\prodef.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\SearchBar\profile.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\SecurityBar\prodef.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\SecurityBar\profile.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\yasbar.dll
[%PROGRAM_FILES%]\Yahoo!\Assistant\yal01.dat
[%PROGRAM_FILES%]\Yahoo!\Assistant\YAlive.dll
[%PROGRAM_FILES%]\Yahoo!\Assistant\yhelper.dll
[%PROGRAM_FILES%]\Yahoo!\Assistant\ylive.exe
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\gouwu.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\Thumbs.db
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\yalive.dll
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\yassistn.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\yassistnsw.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\yalive.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\yalvsw.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\CoolBar\prodef.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\CoolBar\profile.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\adkiller.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\alert.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\alertnew.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\anitvirus.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\assist.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\clear.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\custheme.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\hilight.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\iefix.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\logo.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\music.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\musiclink.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\musictop.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\picture.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\search.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\searchtop.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\settings.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\yphtb.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\SearchBar\prodef.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\SearchBar\profile.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\SecurityBar\prodef.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\SecurityBar\profile.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\yasbar.dll
[%PROGRAM_FILES%]\Yahoo!\Assistant\yal01.dat
[%PROGRAM_FILES%]\Yahoo!\Assistant\YAlive.dll
[%PROGRAM_FILES%]\Yahoo!\Assistant\yhelper.dll
[%PROGRAM_FILES%]\Yahoo!\Assistant\ylive.exe
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\gouwu.bmp
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Images\Thumbs.db
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\yalive.dll
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\yassistn.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\yassistnsw.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\yalive.ini
[%PROGRAM_FILES%]\Yahoo!\Assistant\yalvsw.ini

Folders:
[%PROGRAM_FILES%]\Yahoo!\Assistant\Assist\Update
[%PROGRAM_FILES%]\Yahoo!\Assistant\Update

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{406F94F0-504F-4A40-8DFD-58B0666ABEBD}
HKEY_CLASSES_ROOT\typelib\{4158db95-de71-41ff-bea1-2c3d1c679df1}
HKEY_CLASSES_ROOT\typelib\{9e9914ed-d40b-4b63-ac3b-a22ab9de158f}
HKEY_CURRENT_USER\software\yahoo\assistant
HKEY_CLASSES_ROOT\clsid\{406f94f0-504f-4a40-8dfd-58b0666abebd}

Removing YahooAssistant:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
PowerStrip Adware Symptoms

Posted by at No comments:

Memwatch Trojan

Removing Memwatch
Categories: Trojan,Adware,Backdoor,Downloader
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
Memwatch Also known as:

[Eset]Win32/VB.NB trojan,Win32/VB.NB1 trojan;
[Panda]Adware/MemoryWatcher;
[Computer Associates]Win32.Memwatch.B,Win32/Raquad.B!Trojan,Win32.Memwatch.D,Win32.Memwatch.E,Win32/Memwatch.D!Trojan,Win32/Memwatch.E!Trojan,Win32.Memwatch.C,Win32.Memwatch.A
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\memorywatcher_b.exe
[%WINDOWS%]\emsw.exe
[%PROGRAM_FILES%]\memorywatcher.exe
[%SYSTEM%]\aaf85h.exe
[%SYSTEM%]\atv0h.exe
[%SYSTEM%]\auhgfah.exe
[%SYSTEM%]\bfu3.exe
[%SYSTEM%]\coub.exe
[%SYSTEM%]\cxe0o.exe
[%SYSTEM%]\dkp0h.exe
[%SYSTEM%]\dmfok.exe
[%SYSTEM%]\dsz3fao2.exe
[%SYSTEM%]\eah1q5.exe
[%SYSTEM%]\ekq0h.exe
[%SYSTEM%]\engpl.exe
[%SYSTEM%]\fdst0kpr.exe
[%SYSTEM%]\fmd2nj.exe
[%SYSTEM%]\gbi1r6.exe
[%SYSTEM%]\gdnhxa.exe
[%SYSTEM%]\hcj2s6.exe
[%SYSTEM%]\hnnygk7f.exe
[%SYSTEM%]\idk277.exe
[%SYSTEM%]\ihkc.exe
[%SYSTEM%]\inl641ww.exe
[%SYSTEM%]\iry3r.exe
[%SYSTEM%]\iux1va1z.exe
[%SYSTEM%]\jqvgne.exe
[%SYSTEM%]\kfmj8u3.exe
[%SYSTEM%]\khcwyng.exe
[%SYSTEM%]\lsxi5g.exe
[%SYSTEM%]\mcl7.exe
[%SYSTEM%]\mhok9w3.exe
[%SYSTEM%]\mxe42m.exe
[%SYSTEM%]\ncisp.exe
[%SYSTEM%]\ngioueb1.exe
[%SYSTEM%]\nipl9x4.exe
[%SYSTEM%]\nuzk63g.exe
[%SYSTEM%]\opulcwn3.exe
[%SYSTEM%]\pnkdb03.exe
[%SYSTEM%]\pnzzd.exe
[%SYSTEM%]\qbk7x.exe
[%SYSTEM%]\qjff4.exe
[%SYSTEM%]\qlso0a55.exe
[%SYSTEM%]\qvsy6.exe
[%SYSTEM%]\rpbbf5.exe
[%SYSTEM%]\rydo84km.exe
[%SYSTEM%]\sdelh.exe
[%SYSTEM%]\sgr88me.exe
[%SYSTEM%]\snd2c.exe
[%SYSTEM%]\subsuq.exe
[%SYSTEM%]\tarv.exe
[%SYSTEM%]\upws.exe
[%SYSTEM%]\vchsyjo.exe
[%SYSTEM%]\vuf23s1.exe
[%SYSTEM%]\vwsi.exe
[%SYSTEM%]\wprx.exe
[%SYSTEM%]\wyrgmw.exe
[%SYSTEM%]\xtgcu7.exe
[%SYSTEM%]\zhrcofz.exe
[%SYSTEM%]\zvbyl.exe
[%SYSTEM%]\zyj35w3.exe
[%WINDOWS%]\system\flsla.exe
[%WINDOWS%]\system\jxzw8.exe
[%WINDOWS%]\system\mxy2.exe
[%WINDOWS%]\system\nauzjgh.exe
[%WINDOWS%]\system\vqxt.exe
[%WINDOWS%]\system\xdkd.exe
[%WINDOWS%]\temp\memorywatcher_b.exe
[%PROFILE_TEMP%]\memorywatcher_b.exe
[%WINDOWS%]\emsw.exe
[%PROGRAM_FILES%]\memorywatcher.exe
[%SYSTEM%]\aaf85h.exe
[%SYSTEM%]\atv0h.exe
[%SYSTEM%]\auhgfah.exe
[%SYSTEM%]\bfu3.exe
[%SYSTEM%]\coub.exe
[%SYSTEM%]\cxe0o.exe
[%SYSTEM%]\dkp0h.exe
[%SYSTEM%]\dmfok.exe
[%SYSTEM%]\dsz3fao2.exe
[%SYSTEM%]\eah1q5.exe
[%SYSTEM%]\ekq0h.exe
[%SYSTEM%]\engpl.exe
[%SYSTEM%]\fdst0kpr.exe
[%SYSTEM%]\fmd2nj.exe
[%SYSTEM%]\gbi1r6.exe
[%SYSTEM%]\gdnhxa.exe
[%SYSTEM%]\hcj2s6.exe
[%SYSTEM%]\hnnygk7f.exe
[%SYSTEM%]\idk277.exe
[%SYSTEM%]\ihkc.exe
[%SYSTEM%]\inl641ww.exe
[%SYSTEM%]\iry3r.exe
[%SYSTEM%]\iux1va1z.exe
[%SYSTEM%]\jqvgne.exe
[%SYSTEM%]\kfmj8u3.exe
[%SYSTEM%]\khcwyng.exe
[%SYSTEM%]\lsxi5g.exe
[%SYSTEM%]\mcl7.exe
[%SYSTEM%]\mhok9w3.exe
[%SYSTEM%]\mxe42m.exe
[%SYSTEM%]\ncisp.exe
[%SYSTEM%]\ngioueb1.exe
[%SYSTEM%]\nipl9x4.exe
[%SYSTEM%]\nuzk63g.exe
[%SYSTEM%]\opulcwn3.exe
[%SYSTEM%]\pnkdb03.exe
[%SYSTEM%]\pnzzd.exe
[%SYSTEM%]\qbk7x.exe
[%SYSTEM%]\qjff4.exe
[%SYSTEM%]\qlso0a55.exe
[%SYSTEM%]\qvsy6.exe
[%SYSTEM%]\rpbbf5.exe
[%SYSTEM%]\rydo84km.exe
[%SYSTEM%]\sdelh.exe
[%SYSTEM%]\sgr88me.exe
[%SYSTEM%]\snd2c.exe
[%SYSTEM%]\subsuq.exe
[%SYSTEM%]\tarv.exe
[%SYSTEM%]\upws.exe
[%SYSTEM%]\vchsyjo.exe
[%SYSTEM%]\vuf23s1.exe
[%SYSTEM%]\vwsi.exe
[%SYSTEM%]\wprx.exe
[%SYSTEM%]\wyrgmw.exe
[%SYSTEM%]\xtgcu7.exe
[%SYSTEM%]\zhrcofz.exe
[%SYSTEM%]\zvbyl.exe
[%SYSTEM%]\zyj35w3.exe
[%WINDOWS%]\system\flsla.exe
[%WINDOWS%]\system\jxzw8.exe
[%WINDOWS%]\system\mxy2.exe
[%WINDOWS%]\system\nauzjgh.exe
[%WINDOWS%]\system\vqxt.exe
[%WINDOWS%]\system\xdkd.exe
[%WINDOWS%]\temp\memorywatcher_b.exe

How to detect Memwatch:

Files:
[%PROFILE_TEMP%]\memorywatcher_b.exe
[%WINDOWS%]\emsw.exe
[%PROGRAM_FILES%]\memorywatcher.exe
[%SYSTEM%]\aaf85h.exe
[%SYSTEM%]\atv0h.exe
[%SYSTEM%]\auhgfah.exe
[%SYSTEM%]\bfu3.exe
[%SYSTEM%]\coub.exe
[%SYSTEM%]\cxe0o.exe
[%SYSTEM%]\dkp0h.exe
[%SYSTEM%]\dmfok.exe
[%SYSTEM%]\dsz3fao2.exe
[%SYSTEM%]\eah1q5.exe
[%SYSTEM%]\ekq0h.exe
[%SYSTEM%]\engpl.exe
[%SYSTEM%]\fdst0kpr.exe
[%SYSTEM%]\fmd2nj.exe
[%SYSTEM%]\gbi1r6.exe
[%SYSTEM%]\gdnhxa.exe
[%SYSTEM%]\hcj2s6.exe
[%SYSTEM%]\hnnygk7f.exe
[%SYSTEM%]\idk277.exe
[%SYSTEM%]\ihkc.exe
[%SYSTEM%]\inl641ww.exe
[%SYSTEM%]\iry3r.exe
[%SYSTEM%]\iux1va1z.exe
[%SYSTEM%]\jqvgne.exe
[%SYSTEM%]\kfmj8u3.exe
[%SYSTEM%]\khcwyng.exe
[%SYSTEM%]\lsxi5g.exe
[%SYSTEM%]\mcl7.exe
[%SYSTEM%]\mhok9w3.exe
[%SYSTEM%]\mxe42m.exe
[%SYSTEM%]\ncisp.exe
[%SYSTEM%]\ngioueb1.exe
[%SYSTEM%]\nipl9x4.exe
[%SYSTEM%]\nuzk63g.exe
[%SYSTEM%]\opulcwn3.exe
[%SYSTEM%]\pnkdb03.exe
[%SYSTEM%]\pnzzd.exe
[%SYSTEM%]\qbk7x.exe
[%SYSTEM%]\qjff4.exe
[%SYSTEM%]\qlso0a55.exe
[%SYSTEM%]\qvsy6.exe
[%SYSTEM%]\rpbbf5.exe
[%SYSTEM%]\rydo84km.exe
[%SYSTEM%]\sdelh.exe
[%SYSTEM%]\sgr88me.exe
[%SYSTEM%]\snd2c.exe
[%SYSTEM%]\subsuq.exe
[%SYSTEM%]\tarv.exe
[%SYSTEM%]\upws.exe
[%SYSTEM%]\vchsyjo.exe
[%SYSTEM%]\vuf23s1.exe
[%SYSTEM%]\vwsi.exe
[%SYSTEM%]\wprx.exe
[%SYSTEM%]\wyrgmw.exe
[%SYSTEM%]\xtgcu7.exe
[%SYSTEM%]\zhrcofz.exe
[%SYSTEM%]\zvbyl.exe
[%SYSTEM%]\zyj35w3.exe
[%WINDOWS%]\system\flsla.exe
[%WINDOWS%]\system\jxzw8.exe
[%WINDOWS%]\system\mxy2.exe
[%WINDOWS%]\system\nauzjgh.exe
[%WINDOWS%]\system\vqxt.exe
[%WINDOWS%]\system\xdkd.exe
[%WINDOWS%]\temp\memorywatcher_b.exe
[%PROFILE_TEMP%]\memorywatcher_b.exe
[%WINDOWS%]\emsw.exe
[%PROGRAM_FILES%]\memorywatcher.exe
[%SYSTEM%]\aaf85h.exe
[%SYSTEM%]\atv0h.exe
[%SYSTEM%]\auhgfah.exe
[%SYSTEM%]\bfu3.exe
[%SYSTEM%]\coub.exe
[%SYSTEM%]\cxe0o.exe
[%SYSTEM%]\dkp0h.exe
[%SYSTEM%]\dmfok.exe
[%SYSTEM%]\dsz3fao2.exe
[%SYSTEM%]\eah1q5.exe
[%SYSTEM%]\ekq0h.exe
[%SYSTEM%]\engpl.exe
[%SYSTEM%]\fdst0kpr.exe
[%SYSTEM%]\fmd2nj.exe
[%SYSTEM%]\gbi1r6.exe
[%SYSTEM%]\gdnhxa.exe
[%SYSTEM%]\hcj2s6.exe
[%SYSTEM%]\hnnygk7f.exe
[%SYSTEM%]\idk277.exe
[%SYSTEM%]\ihkc.exe
[%SYSTEM%]\inl641ww.exe
[%SYSTEM%]\iry3r.exe
[%SYSTEM%]\iux1va1z.exe
[%SYSTEM%]\jqvgne.exe
[%SYSTEM%]\kfmj8u3.exe
[%SYSTEM%]\khcwyng.exe
[%SYSTEM%]\lsxi5g.exe
[%SYSTEM%]\mcl7.exe
[%SYSTEM%]\mhok9w3.exe
[%SYSTEM%]\mxe42m.exe
[%SYSTEM%]\ncisp.exe
[%SYSTEM%]\ngioueb1.exe
[%SYSTEM%]\nipl9x4.exe
[%SYSTEM%]\nuzk63g.exe
[%SYSTEM%]\opulcwn3.exe
[%SYSTEM%]\pnkdb03.exe
[%SYSTEM%]\pnzzd.exe
[%SYSTEM%]\qbk7x.exe
[%SYSTEM%]\qjff4.exe
[%SYSTEM%]\qlso0a55.exe
[%SYSTEM%]\qvsy6.exe
[%SYSTEM%]\rpbbf5.exe
[%SYSTEM%]\rydo84km.exe
[%SYSTEM%]\sdelh.exe
[%SYSTEM%]\sgr88me.exe
[%SYSTEM%]\snd2c.exe
[%SYSTEM%]\subsuq.exe
[%SYSTEM%]\tarv.exe
[%SYSTEM%]\upws.exe
[%SYSTEM%]\vchsyjo.exe
[%SYSTEM%]\vuf23s1.exe
[%SYSTEM%]\vwsi.exe
[%SYSTEM%]\wprx.exe
[%SYSTEM%]\wyrgmw.exe
[%SYSTEM%]\xtgcu7.exe
[%SYSTEM%]\zhrcofz.exe
[%SYSTEM%]\zvbyl.exe
[%SYSTEM%]\zyj35w3.exe
[%WINDOWS%]\system\flsla.exe
[%WINDOWS%]\system\jxzw8.exe
[%WINDOWS%]\system\mxy2.exe
[%WINDOWS%]\system\nauzjgh.exe
[%WINDOWS%]\system\vqxt.exe
[%WINDOWS%]\system\xdkd.exe
[%WINDOWS%]\temp\memorywatcher_b.exe

Folders:
[%PROGRAM_FILES%]\memorywatcher

Registry Keys:
HKEY_LOCAL_MACHINE\software\memorywatcher
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\memorywatcher

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\2qcn@364d3eekk
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\46cq6434r8hj77
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Memwatch:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.ESN Trojan Information
HidePE Trojan Symptoms
Pigeon.AVIZ Trojan Symptoms
Snort.Ids.Trinoo DoS Removal instruction

Posted by at No comments:

ToolbarCC BHO

Removing ToolbarCC
Categories: BHO,Toolbar
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

How to detect ToolbarCC:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffa2}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffa2}
HKEY_CLASSES_ROOT\typelib\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffa2}
HKEY_CLASSES_ROOT\typelib\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffa7}
HKEY_LOCAL_MACHINE\software\classes\clsid\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffa2}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffa2}

Removing ToolbarCC:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Example Backdoor Removal instruction
Pigeon.AVB Trojan Removal instruction
Zlob.gAGP Trojan Removal

Posted by at No comments:

CWS.XMLMimeFilter Hijacker

Removing CWS.XMLMimeFilter
Categories: Hijacker
Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\msxmlpp.dll
[%SYSTEM%]\msxmlpp.dll

How to detect CWS.XMLMimeFilter:

Files:
[%SYSTEM%]\msxmlpp.dll
[%SYSTEM%]\msxmlpp.dll

Removing CWS.XMLMimeFilter:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
KeySpect.Pro Spyware Removal
Banker.CNX Trojan Removal
Respondmiter Adware Removal instruction
CWSConyc Adware Removal instruction

Posted by at No comments:

PC.Weasel Spyware

Removing PC.Weasel
Categories: Spyware
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

How to detect PC.Weasel:

Folders:
[%PROGRAM_FILES%]\pc weasel

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pc weasel

Removing PC.Weasel:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
VBS.Noob!Trojan Backdoor Symptoms
Bancos.IBB Trojan Symptoms

Posted by at No comments:

Win32.Ruledor Trojan

Removing Win32.Ruledor
Categories: Trojan,Backdoor
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Win32.Ruledor Also known as:

[Eset]Win32/Ruledor.E trojan;
[Panda]Spyware/ClearSearch
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\clears~1\loader.exe
[%PROGRAM_FILES%]\clears~1\loader.exe

How to detect Win32.Ruledor:

Files:
[%PROGRAM_FILES%]\clears~1\loader.exe
[%PROGRAM_FILES%]\clears~1\loader.exe

Removing Win32.Ruledor:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
IamBigBrother Spyware Information
TrojanDownloader.HTML.Nosuh Trojan Information
TPE.like Trojan Symptoms

Posted by at No comments:

Agent Trojan

This summary is not available. Please click here to view the post.
Posted by at No comments:

TrojanDownloader.Win32.Small.lb Downloader

Removing TrojanDownloader.Win32.Small.lb
Categories: Downloader
Trojans-downloaders downloads and installs new malware or adware on the computer.

TrojanDownloader.Win32.Small.lb Also known as:

[Panda]Adware/SearchAid
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\Internet Explorer\nqesglcr.exe
[%PROGRAM_FILES%]\internet explorer\jvmitiut.exe
[%PROGRAM_FILES%]\Internet Explorer\nqesglcr.exe
[%PROGRAM_FILES%]\internet explorer\jvmitiut.exe

How to detect TrojanDownloader.Win32.Small.lb:

Files:
[%PROGRAM_FILES%]\Internet Explorer\nqesglcr.exe
[%PROGRAM_FILES%]\internet explorer\jvmitiut.exe
[%PROGRAM_FILES%]\Internet Explorer\nqesglcr.exe
[%PROGRAM_FILES%]\internet explorer\jvmitiut.exe

Removing TrojanDownloader.Win32.Small.lb:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Pigeon.ASQ Trojan
Removing Drone Trojan
SillyDl.DER Trojan Information
XCP.Sony.Rootkit.Patch Trojan Cleaner
Friend.Msvrl Hijacker Symptoms

Posted by at No comments:
Subscribe to: Posts (Atom)