Wednesday, January 21, 2009

Acext Spyware

Removing Acext
Categories: Spyware
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\ie_32.exe
[%WINDOWS%]\ie_32.exe

How to detect Acext:

Files:
[%WINDOWS%]\ie_32.exe
[%WINDOWS%]\ie_32.exe

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing Acext:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing ScreenSpy RAT
Removing Bat.Wnt Trojan
ME.Cluster.RemoteNet RAT Removal
BAT.Filler Trojan Removal
Removing Pigeon.EZM Trojan

XT.Spy Spyware

Removing XT.Spy
Categories: Spyware
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

Visible Symptoms:
Files in system folders:
[%DESKTOP%]\XTS Run.lnk
[%DESKTOP%]\XTS Run.lnk

How to detect XT.Spy:

Files:
[%DESKTOP%]\XTS Run.lnk
[%DESKTOP%]\XTS Run.lnk

Folders:
[%PROGRAMS%]\XTS
[%PROGRAM_FILES%]\XTS

Removing XT.Spy:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SynSpy Backdoor Symptoms
Remove Xexeaw Trojan
Recon RAT Removal

kSite Trojan

Removing kSite
Categories: Trojan,BHO,Hijacker,Downloader
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

kSite Also known as:

[Kaspersky]TrojanDownloader.Win32.Small.aa;
[Eset]Win32/TrojanDownloader.Small.AA trojan

Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\ICD2.tmp\installer.inf
[%WINDOWS%]\TEMP\ICD1.tmp\installer.inf
[%WINDOWS%]\TEMP\ICD2.tmp\installer.inf
[%PROFILE_TEMP%]\ICD2.tmp\installer.inf
[%WINDOWS%]\TEMP\ICD1.tmp\installer.inf
[%WINDOWS%]\TEMP\ICD2.tmp\installer.inf

How to detect kSite:

Files:
[%PROFILE_TEMP%]\ICD2.tmp\installer.inf
[%WINDOWS%]\TEMP\ICD1.tmp\installer.inf
[%WINDOWS%]\TEMP\ICD2.tmp\installer.inf
[%PROFILE_TEMP%]\ICD2.tmp\installer.inf
[%WINDOWS%]\TEMP\ICD1.tmp\installer.inf
[%WINDOWS%]\TEMP\ICD2.tmp\installer.inf

Registry Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A1DC3241-B122-195F-B21A-000000000000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{a1dc3241-b122-195f-b21a-000000000000}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\5.0\cache\extensible cache\mshist012003041020030411
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\fucksite

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\search

Removing kSite:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Icon.Plus DoS Removal
Tm.Logger Spyware Removal
Win32.VB Trojan Removal

Helper Adware

Removing Helper
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

How to detect Helper:

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run

Removing Helper:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
W95.Babylonia Trojan Information
Gollum Trojan Removal instruction

Downloader Trojan

Removing Downloader
Categories: Trojan,Adware,BHO,Backdoor,RAT,Hijacker,Toolbar,Downloader,Hacker Tool,DoS
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.

Downloader Also known as:

[Kaspersky]TrojanDownloader.Win32.Minstaller,Trojan.Win32.HLJacker,TrojanDownloader.Win32.Small.f,KeyPress.1212,Quit.555.a,TrojanDownloader.Win32.WebDL.b,Win16.StalkerX.1241,TrojanDownloader.Win32.Apher.e,TrojanDownloader.Win32.WebDL.g,TrojanDownloader.Win32.Apher.gen,TrojanDownloader.Win32.Aphex.030.b,TrojanDownloader.Win32.Aphex.a,TrojanDownloader.Win32.Whomp.10,TrojanDownloader.Win32.MultiDL.23,TrojanDownloader.Win32.Kaizer,TrojanDownloader.Win32.MultiDL.30.a,TrojanDownloader.Win32.MultiDL.30.b,TrojanDownloader.Win32.Zdown.10,TrojanDownloader.Win32.Zdown.11,TrojanDownloader.Win32.NetDown,TrojanDownloader.Win32.Aphex.10.d,TrojanDownloader.Win32.Apher.i,TrojanDownloader.Win32.Hatchet.10,TrojanDownloader.Win32.Hatchet.10.a,TrojanDownloader.Win32.Delf.i,TrojanDownloader.Win32.SALite.10,TrojanDownloader.Win32.Injecter,TrojanDownloader.Win32.SALite.11,TrojanDownloader.Win32.Aphex.020,TrojanDownloader.Win32.Zdown.12,TrojanDownloader.Win32.WebDL.d,TrojanDownloader.Win32.Dsweb.10,TrojanDownloader.Win32.IMCdown,Trojan-Dropper.Win32.Agent.hl;
[Eset]Win32/Autoupder trojan,Win32/TrojanDownloader.Minstaller trojan,Win32/AimJacker.20 trojan,Win32/AimJacker.20.Server trojan,Win32/Small.F trojan,Win32/TrojanDownloader.Apher.030 trojan,Win32/TrojanDownloader.MultiDL.23 trojan;
[McAfee]Downloader-W,Downloader-Z,Downloader-Z.cfg,Downloader-B,Keypress.1228,Quit,Stalker.dr,Downloader-R,Downloader-AE,Downloader-AP,Downloader-AP.cfg,Downloader-BP,Downloader-BT,Downloader-CB,Downloader-AE.cfg,Downloader-BU,Downloader-AX,Downloader-CM,Downloader-CP,Downloader-CV,Downloader-Q,DownLoader,Downloader-AF,DownLoader-F,Downloader-RK,Downloader-RE,Downloader-ZQ,Downloader-IQ,Downloader.EV,Downloader-YO,Downloader-VF;
[F-Prot]destructive program,security risk or a "backdoor" program,Quit.555.B,virus dropper,security risk named W32/Kaizer.A,security risk named W32/UploadRem.tojan.A,security risk named W32/CIDownloader.A,virus construction tool,security risk named W32/SDdownloader.A,W32/Downloader.XR,W32/Mediket.B@dl,W32/FakeAlert.D;
[Panda]Trojan Horse,Trojan Horse.LC,Win/StalkerX.Drop,Trj/Downloader.Gen,Trj/W32.Apher,Adware/Sqwire,Spyware/CommonName,Trj/W32.IMCdown,Trj/Downldr.DsWeb,Trj/W32.WWWPW.A;
[Computer Associates]Win32.MinStaller,Win32/Downloader-W.A.Trojan,Win32/Downloader-W.B.Trojan,Win32/Small.F.1.Downloader.Troja,Win.Stalker,Win/StalkerX.1241,Win32/WebDL!Trojan,Win32.AcidReign.20,Win32/AcidReign.20!Trojan,Win32.Dsweb,Win95/DsWeb!Trojan,Win32.AWeb.030,Win32/AWeb.030.Trojan,Backdoor/DlServer!Downloader,Win32.DlQroj.10,Win32/Aphex.a!Trojan,Win32/Whomp.10!Trojan,Win32.DlQroj.23,Win32/DlQroj.23!Trojan,Win32/Kaizer.A!Trojan,Win32/MultiDL.3.0.A!Trojan,Win32/MultiDL.30.a!Downloader,Win32/DlQroj.30!Trojan,Win32.Zdl.11,Win32/Zdl.11!Trojan,Win32/Zdl.11.Z!Downloader,Win32/NetDown!Downloader,Win32.Aphex.10.D,Win32/Aphex.10.d!Downloader,Win32/Apher.I!Trojan,Win32.HDDL.10,Win32/Hatchet.10!Downloader,Win32.DlOxygene,Win32/DlOxygene.A!Trojan,Win32/Injecter!Downloader,Win32.SALite.11,Anydler,Anydler!Downloader,Anydler.B!Downloader,IMCdown.D!Trojan,Backdoor/DsWeb10!Server,Win32.Dsweb.10,Win32.WPW,Win32/Downloader!Trojan,Win32.AWeb.020,Win32/AWeb.020!Trojan,Win32/Zdl.12!Trojan,Win32.WebDL.D;
[Other]Troj/Sloader-GE,TROJ_DOWNLOADR.B,Win32/TrojanDownloader.Mediket.D,Download.Trojan,TROJ_MEDIKET.A,W32/TopAntiSpyware.G,Trojan.Tabela.G,W32/VBTroj.CDD,Win32/Clspring.FG,Win32/Cavitate.AB,Win32.Cavitate.AA,W32/EliteMediaGroup.A.dropper,elitemediagroup-mediamotor,Adware.Medload

Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\ICD2.tmp\PopCapLoader.dll
[%PROFILE_TEMP%]\mmxsnet.exe
[%PROFILE_TEMP%]\SetRegAcl.dll
[%PROFILE_TEMP%]\temp.fr????
[%PROGRAM_FILES%]\common~2\toolbar\babeie.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnbabe.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnbarie.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnform.exe
[%PROGRAM_FILES%]\common~2\toolbar\createbookmark.htm
[%PROGRAM_FILES%]\common~2\toolbar\createnote.htm
[%PROGRAM_FILES%]\common~2\toolbar\emaillink.htm
[%PROGRAM_FILES%]\common~2\toolbar\navigate.htm
[%PROGRAM_FILES%]\common~2\toolbar\unins.exe
[%PROGRAM_FILES%]\MediaLoads\medialoads\media\channels\groovy\gui\grvpreview.wmv
[%SYSTEM%]\cnins.txt
[%SYSTEM%]\winnet.ini
[%WINDOWS%]\Downloaded Program Files\popcaploader.dll
[%WINDOWS%]\elitepop06.exe
[%WINDOWS%]\elitesix.ocx
[%WINDOWS%]\ms056357710220.exe
[%WINDOWS%]\msiutil.exe
[%WINDOWS%]\sysldr32.exe
[%PROFILE%]\all users.windows\start menu\programs\commonname\commonname desktop 3.0.lnk
[%PROFILE%]\all users.windows\start menu\programs\commonname\commonname toolbar 3.30.lnk
[%PROFILE%]\all users.windows\start menu\programs\commonname\uninstall commonname toolbar 3.30.lnk
[%PROFILE%]\desktop\commonname desktop 3.0.lnk
[%PROGRAM_FILES%]\common~2\toolbar\cnbabeie.exe
[%PROGRAM_FILES%]\common~2\toolbar\newsbar.htm
[%PROGRAM_FILES%]\common~2\toolbar\remove.exe
[%PROGRAM_FILES%]\intern~3\inetkw.dll
[%PROGRAM_FILES%]\intern~3\inetmgr.exe
[%PROGRAM_FILES%]\intern~3\inetsvc.exe
[%PROGRAM_FILES%]\intern~3\unins.exe
[%PROGRAM_FILES%]\wtpxsqpx\cnml.exe
[%PROGRAM_FILES%]\wtpxsqpx\GIwDIshM.dll
[%PROGRAM_FILES%]\wtpxsqpx\GIwDIshM.exe
[%PROGRAM_FILES%]\wtpxsqpx\MhsIDwIG.exe
[%SYSTEM%]\cssrs.scr
[%SYSTEM%]\GIwDIshM.ini
[%SYSTEM%]\msnplus.scr
[%WINDOWS%]\acwwiz.exe
[%PROFILE_TEMP%]\ICD2.tmp\PopCapLoader.dll
[%PROFILE_TEMP%]\mmxsnet.exe
[%PROFILE_TEMP%]\SetRegAcl.dll
[%PROFILE_TEMP%]\temp.fr????
[%PROGRAM_FILES%]\common~2\toolbar\babeie.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnbabe.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnbarie.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnform.exe
[%PROGRAM_FILES%]\common~2\toolbar\createbookmark.htm
[%PROGRAM_FILES%]\common~2\toolbar\createnote.htm
[%PROGRAM_FILES%]\common~2\toolbar\emaillink.htm
[%PROGRAM_FILES%]\common~2\toolbar\navigate.htm
[%PROGRAM_FILES%]\common~2\toolbar\unins.exe
[%PROGRAM_FILES%]\MediaLoads\medialoads\media\channels\groovy\gui\grvpreview.wmv
[%SYSTEM%]\cnins.txt
[%SYSTEM%]\winnet.ini
[%WINDOWS%]\Downloaded Program Files\popcaploader.dll
[%WINDOWS%]\elitepop06.exe
[%WINDOWS%]\elitesix.ocx
[%WINDOWS%]\ms056357710220.exe
[%WINDOWS%]\msiutil.exe
[%WINDOWS%]\sysldr32.exe
[%PROFILE%]\all users.windows\start menu\programs\commonname\commonname desktop 3.0.lnk
[%PROFILE%]\all users.windows\start menu\programs\commonname\commonname toolbar 3.30.lnk
[%PROFILE%]\all users.windows\start menu\programs\commonname\uninstall commonname toolbar 3.30.lnk
[%PROFILE%]\desktop\commonname desktop 3.0.lnk
[%PROGRAM_FILES%]\common~2\toolbar\cnbabeie.exe
[%PROGRAM_FILES%]\common~2\toolbar\newsbar.htm
[%PROGRAM_FILES%]\common~2\toolbar\remove.exe
[%PROGRAM_FILES%]\intern~3\inetkw.dll
[%PROGRAM_FILES%]\intern~3\inetmgr.exe
[%PROGRAM_FILES%]\intern~3\inetsvc.exe
[%PROGRAM_FILES%]\intern~3\unins.exe
[%PROGRAM_FILES%]\wtpxsqpx\cnml.exe
[%PROGRAM_FILES%]\wtpxsqpx\GIwDIshM.dll
[%PROGRAM_FILES%]\wtpxsqpx\GIwDIshM.exe
[%PROGRAM_FILES%]\wtpxsqpx\MhsIDwIG.exe
[%SYSTEM%]\cssrs.scr
[%SYSTEM%]\GIwDIshM.ini
[%SYSTEM%]\msnplus.scr
[%WINDOWS%]\acwwiz.exe

How to detect Downloader:

Files:
[%PROFILE_TEMP%]\ICD2.tmp\PopCapLoader.dll
[%PROFILE_TEMP%]\mmxsnet.exe
[%PROFILE_TEMP%]\SetRegAcl.dll
[%PROFILE_TEMP%]\temp.fr????
[%PROGRAM_FILES%]\common~2\toolbar\babeie.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnbabe.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnbarie.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnform.exe
[%PROGRAM_FILES%]\common~2\toolbar\createbookmark.htm
[%PROGRAM_FILES%]\common~2\toolbar\createnote.htm
[%PROGRAM_FILES%]\common~2\toolbar\emaillink.htm
[%PROGRAM_FILES%]\common~2\toolbar\navigate.htm
[%PROGRAM_FILES%]\common~2\toolbar\unins.exe
[%PROGRAM_FILES%]\MediaLoads\medialoads\media\channels\groovy\gui\grvpreview.wmv
[%SYSTEM%]\cnins.txt
[%SYSTEM%]\winnet.ini
[%WINDOWS%]\Downloaded Program Files\popcaploader.dll
[%WINDOWS%]\elitepop06.exe
[%WINDOWS%]\elitesix.ocx
[%WINDOWS%]\ms056357710220.exe
[%WINDOWS%]\msiutil.exe
[%WINDOWS%]\sysldr32.exe
[%PROFILE%]\all users.windows\start menu\programs\commonname\commonname desktop 3.0.lnk
[%PROFILE%]\all users.windows\start menu\programs\commonname\commonname toolbar 3.30.lnk
[%PROFILE%]\all users.windows\start menu\programs\commonname\uninstall commonname toolbar 3.30.lnk
[%PROFILE%]\desktop\commonname desktop 3.0.lnk
[%PROGRAM_FILES%]\common~2\toolbar\cnbabeie.exe
[%PROGRAM_FILES%]\common~2\toolbar\newsbar.htm
[%PROGRAM_FILES%]\common~2\toolbar\remove.exe
[%PROGRAM_FILES%]\intern~3\inetkw.dll
[%PROGRAM_FILES%]\intern~3\inetmgr.exe
[%PROGRAM_FILES%]\intern~3\inetsvc.exe
[%PROGRAM_FILES%]\intern~3\unins.exe
[%PROGRAM_FILES%]\wtpxsqpx\cnml.exe
[%PROGRAM_FILES%]\wtpxsqpx\GIwDIshM.dll
[%PROGRAM_FILES%]\wtpxsqpx\GIwDIshM.exe
[%PROGRAM_FILES%]\wtpxsqpx\MhsIDwIG.exe
[%SYSTEM%]\cssrs.scr
[%SYSTEM%]\GIwDIshM.ini
[%SYSTEM%]\msnplus.scr
[%WINDOWS%]\acwwiz.exe
[%PROFILE_TEMP%]\ICD2.tmp\PopCapLoader.dll
[%PROFILE_TEMP%]\mmxsnet.exe
[%PROFILE_TEMP%]\SetRegAcl.dll
[%PROFILE_TEMP%]\temp.fr????
[%PROGRAM_FILES%]\common~2\toolbar\babeie.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnbabe.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnbarie.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnform.exe
[%PROGRAM_FILES%]\common~2\toolbar\createbookmark.htm
[%PROGRAM_FILES%]\common~2\toolbar\createnote.htm
[%PROGRAM_FILES%]\common~2\toolbar\emaillink.htm
[%PROGRAM_FILES%]\common~2\toolbar\navigate.htm
[%PROGRAM_FILES%]\common~2\toolbar\unins.exe
[%PROGRAM_FILES%]\MediaLoads\medialoads\media\channels\groovy\gui\grvpreview.wmv
[%SYSTEM%]\cnins.txt
[%SYSTEM%]\winnet.ini
[%WINDOWS%]\Downloaded Program Files\popcaploader.dll
[%WINDOWS%]\elitepop06.exe
[%WINDOWS%]\elitesix.ocx
[%WINDOWS%]\ms056357710220.exe
[%WINDOWS%]\msiutil.exe
[%WINDOWS%]\sysldr32.exe
[%PROFILE%]\all users.windows\start menu\programs\commonname\commonname desktop 3.0.lnk
[%PROFILE%]\all users.windows\start menu\programs\commonname\commonname toolbar 3.30.lnk
[%PROFILE%]\all users.windows\start menu\programs\commonname\uninstall commonname toolbar 3.30.lnk
[%PROFILE%]\desktop\commonname desktop 3.0.lnk
[%PROGRAM_FILES%]\common~2\toolbar\cnbabeie.exe
[%PROGRAM_FILES%]\common~2\toolbar\newsbar.htm
[%PROGRAM_FILES%]\common~2\toolbar\remove.exe
[%PROGRAM_FILES%]\intern~3\inetkw.dll
[%PROGRAM_FILES%]\intern~3\inetmgr.exe
[%PROGRAM_FILES%]\intern~3\inetsvc.exe
[%PROGRAM_FILES%]\intern~3\unins.exe
[%PROGRAM_FILES%]\wtpxsqpx\cnml.exe
[%PROGRAM_FILES%]\wtpxsqpx\GIwDIshM.dll
[%PROGRAM_FILES%]\wtpxsqpx\GIwDIshM.exe
[%PROGRAM_FILES%]\wtpxsqpx\MhsIDwIG.exe
[%SYSTEM%]\cssrs.scr
[%SYSTEM%]\GIwDIshM.ini
[%SYSTEM%]\msnplus.scr
[%WINDOWS%]\acwwiz.exe

Folders:
[%PROGRAM_FILES%]\commonname
[%WINDOWS%]\temp\adware
[%APPDATA%]\commonname
[%COMMON_PROGRAMS%]\CommonName
[%PROGRAMS%]\commonname
[%PROGRAM_FILES%]\common~2\addres~1
[%WINDOWS%]\s5curity

Registry Keys:
HKEY_CLASSES_ROOT\appid\{118a2bfa-5ac7-4d29-beb9-d68f4d2cccab}
HKEY_CLASSES_ROOT\clsid\{2eb3eff2-f707-4ea8-81aa-4b65d2799f31}
HKEY_CLASSES_ROOT\clsid\{4f9ca775-2c5f-4e2a-b157-cb440564f7f4}
HKEY_CLASSES_ROOT\interface\{4f476e6b-1eca-4a3b-845a-505d8892da1a}
HKEY_CLASSES_ROOT\interface\{64809b75-d8c3-4052-a7ad-6a3ecc39218e}
HKEY_CLASSES_ROOT\interface\{8adbbe3e-1841-4708-85df-727ccee6220b}
HKEY_CLASSES_ROOT\interface\{96866cad-7f56-4047-9d41-08322b6b79f3}
HKEY_CLASSES_ROOT\interface\{ed3672d8-19b9-400f-8bed-734e6cc2355f}
HKEY_CLASSES_ROOT\magnet
HKEY_CLASSES_ROOT\typelib\{5830698f-7fc0-40cd-a453-9a0cafdf3a64}
HKEY_CLASSES_ROOT\typelib\{cc364a32-d59b-4e9c-9156-f0050c45005b}
HKEY_CLASSES_ROOT\winnet.update.1
HKEY_CURRENT_USER\software\commonname
HKEY_CURRENT_USER\software\grokster
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\add a page note
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\bookmark this page
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\email this link
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\search using commonname
HKEY_LOCAL_MACHINE\software\classes\appid\winnet.exe
HKEY_LOCAL_MACHINE\software\classes\appid\{118a2bfa-5ac7-4d29-beb9-d68f4d2cccab}
HKEY_LOCAL_MACHINE\software\classes\babeie.handler
HKEY_LOCAL_MACHINE\software\classes\babeie.handler.1
HKEY_LOCAL_MACHINE\software\classes\babeie.helper
HKEY_LOCAL_MACHINE\software\classes\babeie.helper.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{c5941ee5-6dfa-11d8-86b0-0002441a9695}
HKEY_LOCAL_MACHINE\software\classes\interface\{2d0f5208-3198-49a4-86a7-d65e9e582751}
HKEY_LOCAL_MACHINE\software\classes\interface\{8adbbe3e-1841-4708-85df-727ccee6220b}
HKEY_LOCAL_MACHINE\software\classes\protocols\handler\cn
HKEY_LOCAL_MACHINE\software\classes\typelib\{d879d743-e2cc-4161-8034-2234203681c9}
HKEY_LOCAL_MACHINE\software\classes\winnet.update
HKEY_LOCAL_MACHINE\software\classes\winnet.update.1
HKEY_LOCAL_MACHINE\software\commonname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\commonname
HKEY_CLASSES_ROOT\babie.handler.1
HKEY_CLASSES_ROOT\babie.helper.1
HKEY_CLASSES_ROOT\clsid\{046d6ea4-15e3-4b27-8010-45bd78a9219e}
HKEY_CLASSES_ROOT\clsid\{118a2bfa-5ac7-4d29-beb9-d68f4d2cccab}
HKEY_CLASSES_ROOT\clsid\{4f476e6b-1eca-4a3b-845a-505d8892da1a}
HKEY_CLASSES_ROOT\clsid\{53b1b977-193e-4a9f-b9fc-e1dcc24016a1}
HKEY_CLASSES_ROOT\clsid\{541a3704-4320-4e2d-9371-e4a4c9803191}
HKEY_CLASSES_ROOT\clsid\{64809b75-d8c3-4052-a7ad-6a3ecc39218e}
HKEY_CLASSES_ROOT\clsid\{8adbbe3e-1841-4708-85df-727ccee6220b}
HKEY_CLASSES_ROOT\clsid\{a7fe5e20-9866-4c49-b5ed-3991954a2acd}
HKEY_CLASSES_ROOT\clsid\{ac04dc43-28e9-4746-9164-c200a04b8921}
HKEY_CLASSES_ROOT\clsid\{ae6ddeb6-5683-4f5d-ad53-0f93b02a3f93}
HKEY_CLASSES_ROOT\clsid\{c4b81c49-5ea5-490b-af95-04994a4214d4}
HKEY_CLASSES_ROOT\clsid\{fb68cc40-c725-491a-aac3-f37dde794edb}
HKEY_CLASSES_ROOT\dnserr.dnserrobj
HKEY_CLASSES_ROOT\dnserr.dnserrobj.1
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\uninstall\commonname toolbar 3.50_is1
HKEY_CLASSES_ROOT\typelib\{c4b81c49-5ea5-490b-af95-04994a4214d4}
HKEY_CLASSES_ROOT\typelib\{dd0032df-ceef-4e0a-8b75-e4d8861e11e5}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6656b666-992f-4d74-8588-8ca69e97d90c}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\brows
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{046d6ea4-15e3-4b27-8010-45bd78a9219e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\commonname desktop 3.0_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\commonname toolbar 3.1_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\commonname toolbar 3.50_is1

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_CLASSES_ROOT\software\microsoft\internet explorer\toolbar
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Downloader:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Zlob.Fam.WinMediaCodec Trojan Information
Keylogger Trojan Cleaner

Install Provider Adware

Removing Install Provider
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

How to detect Install Provider:

Folders:
[%PROGRAMS%]\Install Provider
[%PROGRAM_FILES%]\Install Provider

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{BBA0C39A-46D8-436D-BF53-6FB84997BC6E}
HKEY_CLASSES_ROOT\CLSID\{F93C5BFF-16F9-4DC5-B78C-EC46F896EE56}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Install Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBA0C39A-46D8-436D-BF53-6FB84997BC6E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F93C5BFF-16F9-4DC5-B78C-EC46F896EE56}
HKEY_LOCAL_MACHINE\SOFTWARE\Install Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ED7D3DE-6DBE-4516-8712-01B1B64B7057}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Install Provider

Removing Install Provider:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Adware.BDSearch Adware

Massaker Backdoor

Removing Massaker
Categories: Backdoor,RAT
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Massaker Also known as:

[Kaspersky]Backdoor.Massaker.11.a,Backdoor.Massaker.11.c,Backdoor.Massaker.12.a;
[McAfee]BackDoor-YT;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/Massaker.1.2;
[Computer Associates]Backdoor/Massaker.12,Backdoor/Massaker.12.a,Win32.Massaker.12

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\winboot.exe
[%WINDOWS%]\system\winboot.exe

How to detect Massaker:

Files:
[%WINDOWS%]\system\winboot.exe
[%WINDOWS%]\system\winboot.exe

Removing Massaker:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Stealth.Please RAT
AIM.Spy Trojan Cleaner
Darjen Trojan Removal
Bloon Trojan Removal
SillyDL.DDF Trojan Removal

TrojanDownloader.Win32.Small.kq Downloader

Removing TrojanDownloader.Win32.Small.kq
Categories: Downloader
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

TrojanDownloader.Win32.Small.kq Also known as:

[Panda]Adware/SearchAid

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\msopt.dll
[%WINDOWS%]\msopt.dll

How to detect TrojanDownloader.Win32.Small.kq:

Files:
[%WINDOWS%]\msopt.dll
[%WINDOWS%]\msopt.dll

Registry Keys:
HKEY_CLASSES_ROOT\icoo
HKEY_CLASSES_ROOT\protocols\handler\icoo

Registry Values:
HKEY_CURRENT_USER\software\adverts
HKEY_CURRENT_USER\software\adverts

Removing TrojanDownloader.Win32.Small.kq:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Melt Trojan Removal instruction
All.In.One.Telcom Adware Removal instruction
Win32.MoSucker Trojan Cleaner

SpyPartner Spyware

Removing SpyPartner
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\desktop\intellitamper.lnk
[%WINDOWS%]\desktop\intellitamper.lnk

How to detect SpyPartner:

Files:
[%WINDOWS%]\desktop\intellitamper.lnk
[%WINDOWS%]\desktop\intellitamper.lnk

Folders:
[%PROFILE%]\start menu\programs\intellitamper

Removing SpyPartner:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Reversi Trojan Symptoms
Removing Remote.Denial.of.Service.for.CProxy.v3.Service.Pack DoS
YapBrowser Adware Removal
Lop.com.WinActive Spyware Removal instruction

Agent.bh Trojan

Removing Agent.bh
Categories: Trojan,Backdoor
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\sysinfo2033043~1.info
[%SYSTEM%]\sysinfo2033043~1.info

How to detect Agent.bh:

Files:
[%SYSTEM%]\sysinfo2033043~1.info
[%SYSTEM%]\sysinfo2033043~1.info

Registry Keys:
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\logical disk manager provider

Removing Agent.bh:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bancos.GYU Trojan Symptoms

PremiumSearch Adware

Removing PremiumSearch
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

How to detect PremiumSearch:

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\premiumsearch startpage

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4d2d5647-5947-4e55-5453-454d434e5641}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4d2d5647-5947-4e55-5453-454d434e5641}

Removing PremiumSearch:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
adriver.ru Tracking Cookie Removal
Remove Supreme Adware

Overnet Worm

Removing Overnet
Categories: Worm
Worms can be classified by installation method, launch method and finally according
to characteristics standard to all malware: polymorphism, stealth etc.

Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.

How to detect Overnet:

Folders:
[%PROGRAM_FILES%]\overnet

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Overnet:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
PAL.KeyLogPro Spyware Symptoms
Vxidl.AZQ Trojan Removal instruction
Lash Trojan Information
Bancos.HUA Trojan Removal instruction
Remove Cakl Trojan

SillyDl.DNB Trojan

Removing SillyDl.DNB
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

SillyDl.DNB Also known as:

[Kaspersky]Trojan-Downloader.Win32.Small.hcm

How to detect SillyDl.DNB:

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing SillyDl.DNB:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Bat.qn Trojan
Remove Kirasin Trojan

MRA Spyware

Removing MRA
Categories: Spyware,RAT
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

How to detect MRA:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing MRA:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Vxidl.APT Trojan
SecondPower.Multimedia.Speedbar BHO Removal instruction
inleadmedia.dk Tracking Cookie Removal instruction
Pigeon.AWJC Trojan Symptoms
Remove CWS.Ctrlpan Hijacker

Ac4 Downloader

Removing Ac4
Categories: Downloader
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

Ac4 Also known as:

[Kaspersky]trojan-Downloader.Win32.Small.cyh;
[Other]Trojan-Downloader.Small,W32/DLoader.AXYN

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\ac3_0018.exe
[%WINDOWS%]\ac3_0018.exe

How to detect Ac4:

Files:
[%WINDOWS%]\ac3_0018.exe
[%WINDOWS%]\ac3_0018.exe

Removing Ac4:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Spyware.Nuker Trojan Information
Removing SillyDl.DNM Trojan
Sufiage Trojan Information

PersonalMoneyTree Adware

Removing PersonalMoneyTree
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.


Visible Symptoms:
Files in system folders:
[%SYSTEM%]\preuninstallpmt.exe
[%SYSTEM%]\preuninstallpmt.exe

How to detect PersonalMoneyTree:

Files:
[%SYSTEM%]\preuninstallpmt.exe
[%SYSTEM%]\preuninstallpmt.exe

Folders:
[%PROGRAMS%]\personal money tree
[%PROGRAM_FILES%]\personal money tree

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{d1a3a43b-05a1-40cd-834c-053e6c03b258}
HKEY_CLASSES_ROOT\comparishopper.application
HKEY_LOCAL_MACHINE\software\pmt
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\personal money tree
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\personal money tree

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing PersonalMoneyTree:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
AdvSearch Adware Information
Small.iq Downloader Removal instruction
Bentimp Trojan Removal instruction

CasinoRewards Adware

Removing CasinoRewards
Categories: Adware,BHO,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\casinorewardsexplorertoolbar.dll
[%WINDOWS%]\system\casinorewardsexplorertoolbar.dll
[%SYSTEM%]\casinorewardsexplorertoolbar.dll
[%WINDOWS%]\system\casinorewardsexplorertoolbar.dll

How to detect CasinoRewards:

Files:
[%SYSTEM%]\casinorewardsexplorertoolbar.dll
[%WINDOWS%]\system\casinorewardsexplorertoolbar.dll
[%SYSTEM%]\casinorewardsexplorertoolbar.dll
[%WINDOWS%]\system\casinorewardsexplorertoolbar.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{ff905e0c-cfe9-4a90-afff-c13af5d908f0}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{ff905e0c-cfe9-4a90-afff-c13af5d908f0}
HKEY_LOCAL_MACHINE\software\classes\clsid\{ff905e0c-cfe9-4a90-afff-c13af5d908f0}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ff905e0c-cfe9-4a90-afff-c13af5d908f0}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar

Removing CasinoRewards:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
TopText Worm Information
Downhill.Demo RAT Cleaner
Pigeon.AVLO Trojan Symptoms
Removing Nicols.Dropper!Dropper Trojan
Win32.Flooder.MailSpam.KagraTool DoS Information

RBCalc Trojan

Removing RBCalc
Categories: Trojan,Spyware,Backdoor
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\comclg32.dll
[%SYSTEM%]\d3dclsrv.dll
[%SYSTEM%]\ndsdavsrv.sys
[%SYSTEM%]\utlsrv.exe
[%SYSTEM%]\comclg32.dll
[%SYSTEM%]\d3dclsrv.dll
[%SYSTEM%]\ndsdavsrv.sys
[%SYSTEM%]\utlsrv.exe

How to detect RBCalc:

Files:
[%SYSTEM%]\comclg32.dll
[%SYSTEM%]\d3dclsrv.dll
[%SYSTEM%]\ndsdavsrv.sys
[%SYSTEM%]\utlsrv.exe
[%SYSTEM%]\comclg32.dll
[%SYSTEM%]\d3dclsrv.dll
[%SYSTEM%]\ndsdavsrv.sys
[%SYSTEM%]\utlsrv.exe

Registry Keys:
HKEY_LOCAL_MACHINE\system\controlset001\services\ndsdavsrv
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_ndsdavsrv

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing RBCalc:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Backdoor.SubSeven.Server.family Trojan Removal

Win32.Banker.ckj Trojan

Removing Win32.Banker.ckj
Categories: Trojan,Spyware
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\msie.dll
[%WINDOWS%]\msie.dll

How to detect Win32.Banker.ckj:

Files:
[%WINDOWS%]\msie.dll
[%WINDOWS%]\msie.dll

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{00807E17-4329-455C-8516-75FE21E0A681}
HKEY_CLASSES_ROOT\CLSID\{0D79914B-CAC2-4D20-A3D1-325667CDB73B}
HKEY_CLASSES_ROOT\CLSID\{615CE080-9F8C-4400-9889-FCB545849660}
HKEY_CLASSES_ROOT\CLSID\{6D7D1360-BB5F-4AB6-93AA-B5A550EF379C}
HKEY_CLASSES_ROOT\CLSID\{92A176E2-61E5-40B4-8C5A-E74B0B017CE2}
HKEY_CLASSES_ROOT\CLSID\{A4CCC128-44E1-434E-A2A1-8E60756B3819}
HKEY_CLASSES_ROOT\CLSID\{E2554CC3-031C-45A5-89D1-D3DD103B91E3}

Registry Values:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Removing Win32.Banker.ckj:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Y3KRat.Server.family Trojan
Redart Trojan Removal instruction
Removing valuead.com Tracking Cookie
Progenic RAT Symptoms

EScorcher Spyware

Removing EScorcher
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.

Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\escorcher\escorcher.exe
[%PROGRAM_FILES%]\escorcher\escorcher.exe

How to detect EScorcher:

Files:
[%PROGRAM_FILES%]\escorcher\escorcher.exe
[%PROGRAM_FILES%]\escorcher\escorcher.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing EScorcher:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Win32.AVPatch Trojan Symptoms

Vapidab Trojan

Removing Vapidab
Categories: Trojan,Downloader
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

Vapidab Also known as:

[Kaspersky]Hoax.Win32.Renos.kj,Trojan-Downloader.Win32.VB.bql;
[Other]Mal/Emogen-O

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\ace16win.dll
[%SYSTEM%]\dpqaqlqx.bin
[%SYSTEM%]\sznf.ascii
[%SYSTEM%]\vxddsk.exe
[%SYSTEM%]\wml.exe
[%WINDOWS%]\764.exe
[%WINDOWS%]\7search.dll
[%WINDOWS%]\aconti.exe
[%WINDOWS%]\aconti.ini
[%WINDOWS%]\aconti.log
[%WINDOWS%]\aconti.sdb
[%WINDOWS%]\acontidialer.txt
[%WINDOWS%]\adbar.dll
[%WINDOWS%]\daxtime.dll
[%WINDOWS%]\dp0.dll
[%WINDOWS%]\eventlowg.dll
[%WINDOWS%]\flt.dll
[%WINDOWS%]\hotporn.exe
[%WINDOWS%]\jd2002.dll
[%WINDOWS%]\kkcomp$.exe
[%WINDOWS%]\ngd.dll
[%WINDOWS%]\pbar.dll
[%WINDOWS%]\spredirect.dll
[%WINDOWS%]\vxddsk.exe
[%WINDOWS%]\wbeInst$.exe
[%WINDOWS%]\wml.exe
[%WINDOWS%]\xadbrk_.exe
[%WINDOWS%]\xxxvideo.exe
[%SYSTEM%]\ace16win.dll
[%SYSTEM%]\dpqaqlqx.bin
[%SYSTEM%]\sznf.ascii
[%SYSTEM%]\vxddsk.exe
[%SYSTEM%]\wml.exe
[%WINDOWS%]\764.exe
[%WINDOWS%]\7search.dll
[%WINDOWS%]\aconti.exe
[%WINDOWS%]\aconti.ini
[%WINDOWS%]\aconti.log
[%WINDOWS%]\aconti.sdb
[%WINDOWS%]\acontidialer.txt
[%WINDOWS%]\adbar.dll
[%WINDOWS%]\daxtime.dll
[%WINDOWS%]\dp0.dll
[%WINDOWS%]\eventlowg.dll
[%WINDOWS%]\flt.dll
[%WINDOWS%]\hotporn.exe
[%WINDOWS%]\jd2002.dll
[%WINDOWS%]\kkcomp$.exe
[%WINDOWS%]\ngd.dll
[%WINDOWS%]\pbar.dll
[%WINDOWS%]\spredirect.dll
[%WINDOWS%]\vxddsk.exe
[%WINDOWS%]\wbeInst$.exe
[%WINDOWS%]\wml.exe
[%WINDOWS%]\xadbrk_.exe
[%WINDOWS%]\xxxvideo.exe

How to detect Vapidab:

Files:
[%SYSTEM%]\ace16win.dll
[%SYSTEM%]\dpqaqlqx.bin
[%SYSTEM%]\sznf.ascii
[%SYSTEM%]\vxddsk.exe
[%SYSTEM%]\wml.exe
[%WINDOWS%]\764.exe
[%WINDOWS%]\7search.dll
[%WINDOWS%]\aconti.exe
[%WINDOWS%]\aconti.ini
[%WINDOWS%]\aconti.log
[%WINDOWS%]\aconti.sdb
[%WINDOWS%]\acontidialer.txt
[%WINDOWS%]\adbar.dll
[%WINDOWS%]\daxtime.dll
[%WINDOWS%]\dp0.dll
[%WINDOWS%]\eventlowg.dll
[%WINDOWS%]\flt.dll
[%WINDOWS%]\hotporn.exe
[%WINDOWS%]\jd2002.dll
[%WINDOWS%]\kkcomp$.exe
[%WINDOWS%]\ngd.dll
[%WINDOWS%]\pbar.dll
[%WINDOWS%]\spredirect.dll
[%WINDOWS%]\vxddsk.exe
[%WINDOWS%]\wbeInst$.exe
[%WINDOWS%]\wml.exe
[%WINDOWS%]\xadbrk_.exe
[%WINDOWS%]\xxxvideo.exe
[%SYSTEM%]\ace16win.dll
[%SYSTEM%]\dpqaqlqx.bin
[%SYSTEM%]\sznf.ascii
[%SYSTEM%]\vxddsk.exe
[%SYSTEM%]\wml.exe
[%WINDOWS%]\764.exe
[%WINDOWS%]\7search.dll
[%WINDOWS%]\aconti.exe
[%WINDOWS%]\aconti.ini
[%WINDOWS%]\aconti.log
[%WINDOWS%]\aconti.sdb
[%WINDOWS%]\acontidialer.txt
[%WINDOWS%]\adbar.dll
[%WINDOWS%]\daxtime.dll
[%WINDOWS%]\dp0.dll
[%WINDOWS%]\eventlowg.dll
[%WINDOWS%]\flt.dll
[%WINDOWS%]\hotporn.exe
[%WINDOWS%]\jd2002.dll
[%WINDOWS%]\kkcomp$.exe
[%WINDOWS%]\ngd.dll
[%WINDOWS%]\pbar.dll
[%WINDOWS%]\spredirect.dll
[%WINDOWS%]\vxddsk.exe
[%WINDOWS%]\wbeInst$.exe
[%WINDOWS%]\wml.exe
[%WINDOWS%]\xadbrk_.exe
[%WINDOWS%]\xxxvideo.exe

Folders:
[%PROGRAM_FILES%]\e-zshopper
[%SYSTEM%]\acespy

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000012-890e-4aac-afd9-eff6954a34dd}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{12f02779-6d88-4958-8ad3-83c12d86adc7}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53c330d6-a4ab-419b-b45d-fd4411c1fef4}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{54645654-2225-4455-44a1-9f4543d34546}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{a4a435cf-3583-11d4-91bd-0048546a1450}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{e9306072-417e-43e3-81d5-369490beef7c}

Removing Vapidab:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Pigeon.ADN Trojan
Xexeaw Trojan Cleaner
Nabegod Trojan Information
AdServer Tracking Cookie Cleaner
Spilt Trojan Removal

Cram Toolbar Adware

Removing Cram Toolbar
Categories: Adware,BHO,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

How to detect Cram Toolbar:

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{01E69986-A054-4C52-ABE8-EF63DF1C5211}
HKEY_CLASSES_ROOT\CLSID\{1395A06F-EEA0-4445-BA0C-E8B56B48E244}
HKEY_CLASSES_ROOT\Interface\{9D5C62AE-57B0-43C3-BAE4-BA7908DF4386}
HKEY_CLASSES_ROOT\Interface\{F5BB1D9A-DA7B-4C5B-8272-1554B814E97F}
HKEY_CLASSES_ROOT\ToolBand.XBTB00429
HKEY_CLASSES_ROOT\ToolBand.XBTB00429.1
HKEY_CLASSES_ROOT\TypeLib\{256CE99C-D5E1-4ACC-A538-2ED1E2710FAE}
HKEY_CLASSES_ROOT\XBTB00429.IEToolbar
HKEY_CLASSES_ROOT\XBTB00429.IEToolbar.1
HKEY_CLASSES_ROOT\XBTB00429.XBTB00429
HKEY_CLASSES_ROOT\XBTB00429.XBTB00429.1
HKEY_CURRENT_USER\Software\Maxthon
HKEY_CURRENT_USER\software\XBTB00429
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1395A06F-EEA0-4445-BA0C-E8B56B48E244}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\XBTB00429.XBTB00429Toolbar

Removing Cram Toolbar:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Win32.Lioten.B1942 Worm Cleaner
Removing IRC.BBot Backdoor

Small.nm Trojan

Removing Small.nm
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\fwa.exe
[%SYSTEM%]\fwa.exe

How to detect Small.nm:

Files:
[%SYSTEM%]\fwa.exe
[%SYSTEM%]\fwa.exe

Removing Small.nm:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Ness DoS Information
Backdoor.Fluxay Backdoor Removal
Pigeon.AUP Trojan Cleaner
Widget Trojan Cleaner

Mad.Locker DoS

Removing Mad.Locker
Categories: DoS
DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.



Visible Symptoms:
Files in system folders:
[%PROFILE%]\recent\password steal detector.lnk
[%PROFILE%]\recent\password steal detector.lnk

How to detect Mad.Locker:

Files:
[%PROFILE%]\recent\password steal detector.lnk
[%PROFILE%]\recent\password steal detector.lnk

Removing Mad.Locker:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
PDNS.Rem32 RAT Removal
Enles Trojan Information
Theinf.plugin Backdoor Removal instruction
ICQ.Hack Trojan Information
Valsday Trojan Cleaner

MyNetProtector Trojan

Removing MyNetProtector
Categories: Trojan,Adware
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.


Visible Symptoms:
Files in system folders:
[%DESKTOP%]\mnpantispy.lnk
[%DESKTOP%]\mnpassetup001.exe
[%PROGRAMS%]\mnpantispy.lnk
[%SYSTEM%]\bnssys32.exe
[%SYSTEM%]\mnpasuninstall.exe
[%SYSTEM%]\nssys32.exe
[%DESKTOP%]\mnpantispy.lnk
[%DESKTOP%]\mnpassetup001.exe
[%PROGRAMS%]\mnpantispy.lnk
[%SYSTEM%]\bnssys32.exe
[%SYSTEM%]\mnpasuninstall.exe
[%SYSTEM%]\nssys32.exe

How to detect MyNetProtector:

Files:
[%DESKTOP%]\mnpantispy.lnk
[%DESKTOP%]\mnpassetup001.exe
[%PROGRAMS%]\mnpantispy.lnk
[%SYSTEM%]\bnssys32.exe
[%SYSTEM%]\mnpasuninstall.exe
[%SYSTEM%]\nssys32.exe
[%DESKTOP%]\mnpantispy.lnk
[%DESKTOP%]\mnpassetup001.exe
[%PROGRAMS%]\mnpantispy.lnk
[%SYSTEM%]\bnssys32.exe
[%SYSTEM%]\mnpasuninstall.exe
[%SYSTEM%]\nssys32.exe

Folders:
[%PROGRAM_FILES%]\mnpantispy

Registry Keys:
HKEY_CURRENT_USER\software\mnpantispy
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\mnpantispy

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing MyNetProtector:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing HLLW.Ica Worm

Proxy.Daemonize Trojan

Removing Proxy.Daemonize
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Proxy.Daemonize Also known as:

[McAfee]Proxy-Daemonize;
[F-Prot]W32/Daemonize.I,W32/Daemonize.E
[;
[Other]Win32/TrojanProzy.Daemonize.Y,Troj/Daemonize-G,Backdoor.Daemonize,Win32/TrojanProxy.Daemonize.T,W32/Daemonize.T

Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\VVSNInst.exe
[%PROGRAM_FILES%]\Save\ACM.dll
[%PROGRAM_FILES%]\themexp\Themexp.org File\VVSNInst.exe
[%PROGRAM_FILES%]\WhenUSearch\Content~\splash.html
[%PROFILE_TEMP%]\VVSNInst.exe
[%PROGRAM_FILES%]\Save\ACM.dll
[%PROGRAM_FILES%]\themexp\Themexp.org File\VVSNInst.exe
[%PROGRAM_FILES%]\WhenUSearch\Content~\splash.html

How to detect Proxy.Daemonize:

Files:
[%PROFILE_TEMP%]\VVSNInst.exe
[%PROGRAM_FILES%]\Save\ACM.dll
[%PROGRAM_FILES%]\themexp\Themexp.org File\VVSNInst.exe
[%PROGRAM_FILES%]\WhenUSearch\Content~\splash.html
[%PROFILE_TEMP%]\VVSNInst.exe
[%PROGRAM_FILES%]\Save\ACM.dll
[%PROGRAM_FILES%]\themexp\Themexp.org File\VVSNInst.exe
[%PROGRAM_FILES%]\WhenUSearch\Content~\splash.html

Folders:
[%PROGRAMS%]\whenusearch
[%PROGRAM_FILES%]\whenusearch

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{763bd795-24ae-44d7-82d8-f9a1ee799729}
HKEY_CLASSES_ROOT\CLSID\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B}
HKEY_CLASSES_ROOT\interface\{beae14db-a12a-442d-bf77-4644e3661211}
HKEY_CLASSES_ROOT\typelib\{5b061650-38ae-49b4-9f5d-35396b2ceff5}
HKEY_CLASSES_ROOT\typelib\{df901432-1b9f-4f5b-9e56-301c553f9095}
HKEY_CLASSES_ROOT\wuse.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B}
HKEY_LOCAL_MACHINE\software\whenusearch

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Removing Proxy.Daemonize:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pigeon.AVG Trojan Removal

VB Trojan

Removing VB
Categories: Trojan,Adware,Spyware,Backdoor,Hijacker,Downloader,Hacker Tool,DoS
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.

VB Also known as:

[Kaspersky]Trojan.Spy.VB.g,TrojanSpy.Win32.VB.g,TrojanDownloader.Win32.VB.aa;
[Eset]Win32/VB.GN trojan,Win32/VB.KX trojan,Win32/VB.AO trojan,Win32/VB.KP trojan,Win32/VB.IY trojan,Win32/VB.LV trojan,Win32/VB.KC trojan,Win32/VB.BX trojan,Win32/VB.E trojan,Win32/VB.IZ trojan,Win32/VB.KD trojan,Win32/TrojanClicker.VB.P trojan,Win32/VB.JQ trojan,Win32/VB.MG trojan;
[F-Prot]security risk or a "backdoor" program;
[Panda]Backdoor Program,Trojan Horse,Bck/X2a,Backdoor Program.LC,Trj/W32.VB,Trj/VB.N,Trojan Horse.LC,Spyware/Adclicker,Bck/VB.V,Trj/W32.VB.F;
[Computer Associates]Win32/VB.g!Spy!Trojan,Win32/VB.h!Trojan,Win32/VB.M!Spy!Trojan,Backdoor/VB.GN,Backdoor/VB.KX,Backdoor/VB.AO,Backdoor/VB.KP,Win32.Force.161.B,Win32/VB.U!Spy!Trojan,Backdoor/VB.IY,Backdoor/VB.LV!Server,Backdoor/VB.KC,Win32/VB.BS!PWS!Trojan,Win32/VB.r!PWS!Trojan,Win32/VB.AJ.12288!Trojan,Backdoor/VB.BX,Backdoor/VB.E,Backdoor/VB.IZ,Win32/VB.L!Spy!Trojan,Win32/VB.Z!PWS!Trojan,Win32/VB.AV!Trojan,Win32/VB.BH!Trojan,Win32/VB.n!Trojan,Win32/VB.r!Trojan,Win32/VB.x!Trojan,Win32/VB.a!Trojan,Win32/VB.AY!PWS!Trojan,Win32/VB.NU.14336!Trojan,Win32/VB.NZ.28672!Trojan,Win32/VB.AE!PWS!Trojan,Win32/VB.AG!PWS!Trojan,Win32/VB.AW!Binder!Trojan,Win32/VB.A!Exploit!Trojan,Backdoor/VB.258048,Win32/VB.p!Trojan,Backdoor/VB.JQ,Backdoor/VB.OU!Server,Win32/VB.f!Trojan,Win32/VB.w!Trojan,Win32/VB.d!Trojan,Win32/VB.A1!Downloader,Win32/VB.b!Downloader,Win32/VB.y!Trojan,Win32/VB.j!Trojan,Backdoor/VB.77824

Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\thaimeaning4.0\Msstdfmt.dll
[%SYSTEM%]\MSSTDFMT.DLL
[%SYSTEM%]\sendmail.ocx
[%SYSTEM%]\autodiscx32.dll
[%SYSTEM%]\W32SillySpy-CZ.exe
[%PROGRAM_FILES%]\thaimeaning4.0\Msstdfmt.dll
[%SYSTEM%]\MSSTDFMT.DLL
[%SYSTEM%]\sendmail.ocx
[%SYSTEM%]\autodiscx32.dll
[%SYSTEM%]\W32SillySpy-CZ.exe

How to detect VB:

Files:
[%PROGRAM_FILES%]\thaimeaning4.0\Msstdfmt.dll
[%SYSTEM%]\MSSTDFMT.DLL
[%SYSTEM%]\sendmail.ocx
[%SYSTEM%]\autodiscx32.dll
[%SYSTEM%]\W32SillySpy-CZ.exe
[%PROGRAM_FILES%]\thaimeaning4.0\Msstdfmt.dll
[%SYSTEM%]\MSSTDFMT.DLL
[%SYSTEM%]\sendmail.ocx
[%SYSTEM%]\autodiscx32.dll
[%SYSTEM%]\W32SillySpy-CZ.exe

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\klgr

Removing VB:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Small.CZL Trojan

McqUpdater Adware

Removing McqUpdater
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.


McqUpdater Also known as:

[Kaspersky]Trojan-Dropper.Win32.Agent.ath,Trojan-Dwonloader.Win32.Agent.apu;
[Other]Adware.PigSearch,win32/SillyDl.AWL

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\mcUpdate.exe
[%WINDOWS%]\mcUpdate.exe

How to detect McqUpdater:

Files:
[%WINDOWS%]\mcUpdate.exe
[%WINDOWS%]\mcUpdate.exe

Folders:
[%SYSTEM%]\drivers\mcq

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\mcq

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing McqUpdater:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
FDoS.Flooder.IWD Trojan Removal instruction

SubSearch.v22 BHO

Removing SubSearch.v22
Categories: BHO,Hijacker
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
A Search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\msvcn.dll
[%SYSTEM%]\sbsrch_v22.dll
[%WINDOWS%]\system\msvcn.dll
[%WINDOWS%]\system\sbsrch_v22.dll
[%SYSTEM%]\msvcn.dll
[%SYSTEM%]\sbsrch_v22.dll
[%WINDOWS%]\system\msvcn.dll
[%WINDOWS%]\system\sbsrch_v22.dll

How to detect SubSearch.v22:

Files:
[%SYSTEM%]\msvcn.dll
[%SYSTEM%]\sbsrch_v22.dll
[%WINDOWS%]\system\msvcn.dll
[%WINDOWS%]\system\sbsrch_v22.dll
[%SYSTEM%]\msvcn.dll
[%SYSTEM%]\sbsrch_v22.dll
[%WINDOWS%]\system\msvcn.dll
[%WINDOWS%]\system\sbsrch_v22.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{1d870c86-aa3c-4451-81e4-71d480a1a652}
HKEY_CLASSES_ROOT\clsid\{31995c64-cb4d-483e-82c2-ccffe2f66cab}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{1d870c86-aa3c-4451-81e4-71d480a1a652}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{31995c64-cb4d-483e-82c2-ccffe2f66cab}
HKEY_LOCAL_MACHINE\software\classes\clsid\{1d870c86-aa3c-4451-81e4-71d480a1a652}
HKEY_LOCAL_MACHINE\software\classes\clsid\{31995c64-cb4d-483e-82c2-ccffe2f66cab}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1d870c86-aa3c-4451-81e4-71d480a1a652}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{31995c64-cb4d-483e-82c2-ccffe2f66cab}

Removing SubSearch.v22:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Jekt Trojan
Pigeon.AVOU Trojan Removal instruction
Removing TSC Trojan
EXact.Advertising Adware Removal instruction
IIS.WebCart Trojan Information