Removing Downloader
Categories: Trojan,Adware,BHO,Backdoor,RAT,Hijacker,Toolbar,Downloader,Hacker Tool,DoS
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.
Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.
Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:
- Launching/ deleting files
- Sending/ receiving files
- Deleting data
- Displaying notification
- Rebooting the machine
- Executing files
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.
When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.
A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.
A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.
Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.
DoS trojans conduct such attacks from a single computer with the consent of the user.
Worms can carry a DoS procedure as part of their payload.
Downloader Also known as:
[Kaspersky]TrojanDownloader.Win32.Minstaller,Trojan.Win32.HLJacker,TrojanDownloader.Win32.Small.f,KeyPress.1212,Quit.555.a,TrojanDownloader.Win32.WebDL.b,Win16.StalkerX.1241,TrojanDownloader.Win32.Apher.e,TrojanDownloader.Win32.WebDL.g,TrojanDownloader.Win32.Apher.gen,TrojanDownloader.Win32.Aphex.030.b,TrojanDownloader.Win32.Aphex.a,TrojanDownloader.Win32.Whomp.10,TrojanDownloader.Win32.MultiDL.23,TrojanDownloader.Win32.Kaizer,TrojanDownloader.Win32.MultiDL.30.a,TrojanDownloader.Win32.MultiDL.30.b,TrojanDownloader.Win32.Zdown.10,TrojanDownloader.Win32.Zdown.11,TrojanDownloader.Win32.NetDown,TrojanDownloader.Win32.Aphex.10.d,TrojanDownloader.Win32.Apher.i,TrojanDownloader.Win32.Hatchet.10,TrojanDownloader.Win32.Hatchet.10.a,TrojanDownloader.Win32.Delf.i,TrojanDownloader.Win32.SALite.10,TrojanDownloader.Win32.Injecter,TrojanDownloader.Win32.SALite.11,TrojanDownloader.Win32.Aphex.020,TrojanDownloader.Win32.Zdown.12,TrojanDownloader.Win32.WebDL.d,TrojanDownloader.Win32.Dsweb.10,TrojanDownloader.Win32.IMCdown,Trojan-Dropper.Win32.Agent.hl;
[Eset]Win32/Autoupder trojan,Win32/TrojanDownloader.Minstaller trojan,Win32/AimJacker.20 trojan,Win32/AimJacker.20.Server trojan,Win32/Small.F trojan,Win32/TrojanDownloader.Apher.030 trojan,Win32/TrojanDownloader.MultiDL.23 trojan;
[McAfee]Downloader-W,Downloader-Z,Downloader-Z.cfg,Downloader-B,Keypress.1228,Quit,Stalker.dr,Downloader-R,Downloader-AE,Downloader-AP,Downloader-AP.cfg,Downloader-BP,Downloader-BT,Downloader-CB,Downloader-AE.cfg,Downloader-BU,Downloader-AX,Downloader-CM,Downloader-CP,Downloader-CV,Downloader-Q,DownLoader,Downloader-AF,DownLoader-F,Downloader-RK,Downloader-RE,Downloader-ZQ,Downloader-IQ,Downloader.EV,Downloader-YO,Downloader-VF;
[F-Prot]destructive program,security risk or a "backdoor" program,Quit.555.B,virus dropper,security risk named W32/Kaizer.A,security risk named W32/UploadRem.tojan.A,security risk named W32/CIDownloader.A,virus construction tool,security risk named W32/SDdownloader.A,W32/Downloader.XR,W32/Mediket.B@dl,W32/FakeAlert.D;
[Panda]Trojan Horse,Trojan Horse.LC,Win/StalkerX.Drop,Trj/Downloader.Gen,Trj/W32.Apher,Adware/Sqwire,Spyware/CommonName,Trj/W32.IMCdown,Trj/Downldr.DsWeb,Trj/W32.WWWPW.A;
[Computer Associates]Win32.MinStaller,Win32/Downloader-W.A.Trojan,Win32/Downloader-W.B.Trojan,Win32/Small.F.1.Downloader.Troja,Win.Stalker,Win/StalkerX.1241,Win32/WebDL!Trojan,Win32.AcidReign.20,Win32/AcidReign.20!Trojan,Win32.Dsweb,Win95/DsWeb!Trojan,Win32.AWeb.030,Win32/AWeb.030.Trojan,Backdoor/DlServer!Downloader,Win32.DlQroj.10,Win32/Aphex.a!Trojan,Win32/Whomp.10!Trojan,Win32.DlQroj.23,Win32/DlQroj.23!Trojan,Win32/Kaizer.A!Trojan,Win32/MultiDL.3.0.A!Trojan,Win32/MultiDL.30.a!Downloader,Win32/DlQroj.30!Trojan,Win32.Zdl.11,Win32/Zdl.11!Trojan,Win32/Zdl.11.Z!Downloader,Win32/NetDown!Downloader,Win32.Aphex.10.D,Win32/Aphex.10.d!Downloader,Win32/Apher.I!Trojan,Win32.HDDL.10,Win32/Hatchet.10!Downloader,Win32.DlOxygene,Win32/DlOxygene.A!Trojan,Win32/Injecter!Downloader,Win32.SALite.11,Anydler,Anydler!Downloader,Anydler.B!Downloader,IMCdown.D!Trojan,Backdoor/DsWeb10!Server,Win32.Dsweb.10,Win32.WPW,Win32/Downloader!Trojan,Win32.AWeb.020,Win32/AWeb.020!Trojan,Win32/Zdl.12!Trojan,Win32.WebDL.D;
[Other]Troj/Sloader-GE,TROJ_DOWNLOADR.B,Win32/TrojanDownloader.Mediket.D,Download.Trojan,TROJ_MEDIKET.A,W32/TopAntiSpyware.G,Trojan.Tabela.G,W32/VBTroj.CDD,Win32/Clspring.FG,Win32/Cavitate.AB,Win32.Cavitate.AA,W32/EliteMediaGroup.A.dropper,elitemediagroup-mediamotor,Adware.Medload
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\ICD2.tmp\PopCapLoader.dll
[%PROFILE_TEMP%]\mmxsnet.exe
[%PROFILE_TEMP%]\SetRegAcl.dll
[%PROFILE_TEMP%]\temp.fr????
[%PROGRAM_FILES%]\common~2\toolbar\babeie.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnbabe.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnbarie.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnform.exe
[%PROGRAM_FILES%]\common~2\toolbar\createbookmark.htm
[%PROGRAM_FILES%]\common~2\toolbar\createnote.htm
[%PROGRAM_FILES%]\common~2\toolbar\emaillink.htm
[%PROGRAM_FILES%]\common~2\toolbar\navigate.htm
[%PROGRAM_FILES%]\common~2\toolbar\unins.exe
[%PROGRAM_FILES%]\MediaLoads\medialoads\media\channels\groovy\gui\grvpreview.wmv
[%SYSTEM%]\cnins.txt
[%SYSTEM%]\winnet.ini
[%WINDOWS%]\Downloaded Program Files\popcaploader.dll
[%WINDOWS%]\elitepop06.exe
[%WINDOWS%]\elitesix.ocx
[%WINDOWS%]\ms056357710220.exe
[%WINDOWS%]\msiutil.exe
[%WINDOWS%]\sysldr32.exe
[%PROFILE%]\all users.windows\start menu\programs\commonname\commonname desktop 3.0.lnk
[%PROFILE%]\all users.windows\start menu\programs\commonname\commonname toolbar 3.30.lnk
[%PROFILE%]\all users.windows\start menu\programs\commonname\uninstall commonname toolbar 3.30.lnk
[%PROFILE%]\desktop\commonname desktop 3.0.lnk
[%PROGRAM_FILES%]\common~2\toolbar\cnbabeie.exe
[%PROGRAM_FILES%]\common~2\toolbar\newsbar.htm
[%PROGRAM_FILES%]\common~2\toolbar\remove.exe
[%PROGRAM_FILES%]\intern~3\inetkw.dll
[%PROGRAM_FILES%]\intern~3\inetmgr.exe
[%PROGRAM_FILES%]\intern~3\inetsvc.exe
[%PROGRAM_FILES%]\intern~3\unins.exe
[%PROGRAM_FILES%]\wtpxsqpx\cnml.exe
[%PROGRAM_FILES%]\wtpxsqpx\GIwDIshM.dll
[%PROGRAM_FILES%]\wtpxsqpx\GIwDIshM.exe
[%PROGRAM_FILES%]\wtpxsqpx\MhsIDwIG.exe
[%SYSTEM%]\cssrs.scr
[%SYSTEM%]\GIwDIshM.ini
[%SYSTEM%]\msnplus.scr
[%WINDOWS%]\acwwiz.exe
[%PROFILE_TEMP%]\ICD2.tmp\PopCapLoader.dll
[%PROFILE_TEMP%]\mmxsnet.exe
[%PROFILE_TEMP%]\SetRegAcl.dll
[%PROFILE_TEMP%]\temp.fr????
[%PROGRAM_FILES%]\common~2\toolbar\babeie.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnbabe.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnbarie.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnform.exe
[%PROGRAM_FILES%]\common~2\toolbar\createbookmark.htm
[%PROGRAM_FILES%]\common~2\toolbar\createnote.htm
[%PROGRAM_FILES%]\common~2\toolbar\emaillink.htm
[%PROGRAM_FILES%]\common~2\toolbar\navigate.htm
[%PROGRAM_FILES%]\common~2\toolbar\unins.exe
[%PROGRAM_FILES%]\MediaLoads\medialoads\media\channels\groovy\gui\grvpreview.wmv
[%SYSTEM%]\cnins.txt
[%SYSTEM%]\winnet.ini
[%WINDOWS%]\Downloaded Program Files\popcaploader.dll
[%WINDOWS%]\elitepop06.exe
[%WINDOWS%]\elitesix.ocx
[%WINDOWS%]\ms056357710220.exe
[%WINDOWS%]\msiutil.exe
[%WINDOWS%]\sysldr32.exe
[%PROFILE%]\all users.windows\start menu\programs\commonname\commonname desktop 3.0.lnk
[%PROFILE%]\all users.windows\start menu\programs\commonname\commonname toolbar 3.30.lnk
[%PROFILE%]\all users.windows\start menu\programs\commonname\uninstall commonname toolbar 3.30.lnk
[%PROFILE%]\desktop\commonname desktop 3.0.lnk
[%PROGRAM_FILES%]\common~2\toolbar\cnbabeie.exe
[%PROGRAM_FILES%]\common~2\toolbar\newsbar.htm
[%PROGRAM_FILES%]\common~2\toolbar\remove.exe
[%PROGRAM_FILES%]\intern~3\inetkw.dll
[%PROGRAM_FILES%]\intern~3\inetmgr.exe
[%PROGRAM_FILES%]\intern~3\inetsvc.exe
[%PROGRAM_FILES%]\intern~3\unins.exe
[%PROGRAM_FILES%]\wtpxsqpx\cnml.exe
[%PROGRAM_FILES%]\wtpxsqpx\GIwDIshM.dll
[%PROGRAM_FILES%]\wtpxsqpx\GIwDIshM.exe
[%PROGRAM_FILES%]\wtpxsqpx\MhsIDwIG.exe
[%SYSTEM%]\cssrs.scr
[%SYSTEM%]\GIwDIshM.ini
[%SYSTEM%]\msnplus.scr
[%WINDOWS%]\acwwiz.exe
How to detect Downloader:
Files:
[%PROFILE_TEMP%]\ICD2.tmp\PopCapLoader.dll
[%PROFILE_TEMP%]\mmxsnet.exe
[%PROFILE_TEMP%]\SetRegAcl.dll
[%PROFILE_TEMP%]\temp.fr????
[%PROGRAM_FILES%]\common~2\toolbar\babeie.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnbabe.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnbarie.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnform.exe
[%PROGRAM_FILES%]\common~2\toolbar\createbookmark.htm
[%PROGRAM_FILES%]\common~2\toolbar\createnote.htm
[%PROGRAM_FILES%]\common~2\toolbar\emaillink.htm
[%PROGRAM_FILES%]\common~2\toolbar\navigate.htm
[%PROGRAM_FILES%]\common~2\toolbar\unins.exe
[%PROGRAM_FILES%]\MediaLoads\medialoads\media\channels\groovy\gui\grvpreview.wmv
[%SYSTEM%]\cnins.txt
[%SYSTEM%]\winnet.ini
[%WINDOWS%]\Downloaded Program Files\popcaploader.dll
[%WINDOWS%]\elitepop06.exe
[%WINDOWS%]\elitesix.ocx
[%WINDOWS%]\ms056357710220.exe
[%WINDOWS%]\msiutil.exe
[%WINDOWS%]\sysldr32.exe
[%PROFILE%]\all users.windows\start menu\programs\commonname\commonname desktop 3.0.lnk
[%PROFILE%]\all users.windows\start menu\programs\commonname\commonname toolbar 3.30.lnk
[%PROFILE%]\all users.windows\start menu\programs\commonname\uninstall commonname toolbar 3.30.lnk
[%PROFILE%]\desktop\commonname desktop 3.0.lnk
[%PROGRAM_FILES%]\common~2\toolbar\cnbabeie.exe
[%PROGRAM_FILES%]\common~2\toolbar\newsbar.htm
[%PROGRAM_FILES%]\common~2\toolbar\remove.exe
[%PROGRAM_FILES%]\intern~3\inetkw.dll
[%PROGRAM_FILES%]\intern~3\inetmgr.exe
[%PROGRAM_FILES%]\intern~3\inetsvc.exe
[%PROGRAM_FILES%]\intern~3\unins.exe
[%PROGRAM_FILES%]\wtpxsqpx\cnml.exe
[%PROGRAM_FILES%]\wtpxsqpx\GIwDIshM.dll
[%PROGRAM_FILES%]\wtpxsqpx\GIwDIshM.exe
[%PROGRAM_FILES%]\wtpxsqpx\MhsIDwIG.exe
[%SYSTEM%]\cssrs.scr
[%SYSTEM%]\GIwDIshM.ini
[%SYSTEM%]\msnplus.scr
[%WINDOWS%]\acwwiz.exe
[%PROFILE_TEMP%]\ICD2.tmp\PopCapLoader.dll
[%PROFILE_TEMP%]\mmxsnet.exe
[%PROFILE_TEMP%]\SetRegAcl.dll
[%PROFILE_TEMP%]\temp.fr????
[%PROGRAM_FILES%]\common~2\toolbar\babeie.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnbabe.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnbarie.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnform.exe
[%PROGRAM_FILES%]\common~2\toolbar\createbookmark.htm
[%PROGRAM_FILES%]\common~2\toolbar\createnote.htm
[%PROGRAM_FILES%]\common~2\toolbar\emaillink.htm
[%PROGRAM_FILES%]\common~2\toolbar\navigate.htm
[%PROGRAM_FILES%]\common~2\toolbar\unins.exe
[%PROGRAM_FILES%]\MediaLoads\medialoads\media\channels\groovy\gui\grvpreview.wmv
[%SYSTEM%]\cnins.txt
[%SYSTEM%]\winnet.ini
[%WINDOWS%]\Downloaded Program Files\popcaploader.dll
[%WINDOWS%]\elitepop06.exe
[%WINDOWS%]\elitesix.ocx
[%WINDOWS%]\ms056357710220.exe
[%WINDOWS%]\msiutil.exe
[%WINDOWS%]\sysldr32.exe
[%PROFILE%]\all users.windows\start menu\programs\commonname\commonname desktop 3.0.lnk
[%PROFILE%]\all users.windows\start menu\programs\commonname\commonname toolbar 3.30.lnk
[%PROFILE%]\all users.windows\start menu\programs\commonname\uninstall commonname toolbar 3.30.lnk
[%PROFILE%]\desktop\commonname desktop 3.0.lnk
[%PROGRAM_FILES%]\common~2\toolbar\cnbabeie.exe
[%PROGRAM_FILES%]\common~2\toolbar\newsbar.htm
[%PROGRAM_FILES%]\common~2\toolbar\remove.exe
[%PROGRAM_FILES%]\intern~3\inetkw.dll
[%PROGRAM_FILES%]\intern~3\inetmgr.exe
[%PROGRAM_FILES%]\intern~3\inetsvc.exe
[%PROGRAM_FILES%]\intern~3\unins.exe
[%PROGRAM_FILES%]\wtpxsqpx\cnml.exe
[%PROGRAM_FILES%]\wtpxsqpx\GIwDIshM.dll
[%PROGRAM_FILES%]\wtpxsqpx\GIwDIshM.exe
[%PROGRAM_FILES%]\wtpxsqpx\MhsIDwIG.exe
[%SYSTEM%]\cssrs.scr
[%SYSTEM%]\GIwDIshM.ini
[%SYSTEM%]\msnplus.scr
[%WINDOWS%]\acwwiz.exe
Folders:
[%PROGRAM_FILES%]\commonname
[%WINDOWS%]\temp\adware
[%APPDATA%]\commonname
[%COMMON_PROGRAMS%]\CommonName
[%PROGRAMS%]\commonname
[%PROGRAM_FILES%]\common~2\addres~1
[%WINDOWS%]\s5curity
Registry Keys:
HKEY_CLASSES_ROOT\appid\{118a2bfa-5ac7-4d29-beb9-d68f4d2cccab}
HKEY_CLASSES_ROOT\clsid\{2eb3eff2-f707-4ea8-81aa-4b65d2799f31}
HKEY_CLASSES_ROOT\clsid\{4f9ca775-2c5f-4e2a-b157-cb440564f7f4}
HKEY_CLASSES_ROOT\interface\{4f476e6b-1eca-4a3b-845a-505d8892da1a}
HKEY_CLASSES_ROOT\interface\{64809b75-d8c3-4052-a7ad-6a3ecc39218e}
HKEY_CLASSES_ROOT\interface\{8adbbe3e-1841-4708-85df-727ccee6220b}
HKEY_CLASSES_ROOT\interface\{96866cad-7f56-4047-9d41-08322b6b79f3}
HKEY_CLASSES_ROOT\interface\{ed3672d8-19b9-400f-8bed-734e6cc2355f}
HKEY_CLASSES_ROOT\magnet
HKEY_CLASSES_ROOT\typelib\{5830698f-7fc0-40cd-a453-9a0cafdf3a64}
HKEY_CLASSES_ROOT\typelib\{cc364a32-d59b-4e9c-9156-f0050c45005b}
HKEY_CLASSES_ROOT\winnet.update.1
HKEY_CURRENT_USER\software\commonname
HKEY_CURRENT_USER\software\grokster
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\add a page note
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\bookmark this page
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\email this link
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\search using commonname
HKEY_LOCAL_MACHINE\software\classes\appid\winnet.exe
HKEY_LOCAL_MACHINE\software\classes\appid\{118a2bfa-5ac7-4d29-beb9-d68f4d2cccab}
HKEY_LOCAL_MACHINE\software\classes\babeie.handler
HKEY_LOCAL_MACHINE\software\classes\babeie.handler.1
HKEY_LOCAL_MACHINE\software\classes\babeie.helper
HKEY_LOCAL_MACHINE\software\classes\babeie.helper.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{c5941ee5-6dfa-11d8-86b0-0002441a9695}
HKEY_LOCAL_MACHINE\software\classes\interface\{2d0f5208-3198-49a4-86a7-d65e9e582751}
HKEY_LOCAL_MACHINE\software\classes\interface\{8adbbe3e-1841-4708-85df-727ccee6220b}
HKEY_LOCAL_MACHINE\software\classes\protocols\handler\cn
HKEY_LOCAL_MACHINE\software\classes\typelib\{d879d743-e2cc-4161-8034-2234203681c9}
HKEY_LOCAL_MACHINE\software\classes\winnet.update
HKEY_LOCAL_MACHINE\software\classes\winnet.update.1
HKEY_LOCAL_MACHINE\software\commonname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\commonname
HKEY_CLASSES_ROOT\babie.handler.1
HKEY_CLASSES_ROOT\babie.helper.1
HKEY_CLASSES_ROOT\clsid\{046d6ea4-15e3-4b27-8010-45bd78a9219e}
HKEY_CLASSES_ROOT\clsid\{118a2bfa-5ac7-4d29-beb9-d68f4d2cccab}
HKEY_CLASSES_ROOT\clsid\{4f476e6b-1eca-4a3b-845a-505d8892da1a}
HKEY_CLASSES_ROOT\clsid\{53b1b977-193e-4a9f-b9fc-e1dcc24016a1}
HKEY_CLASSES_ROOT\clsid\{541a3704-4320-4e2d-9371-e4a4c9803191}
HKEY_CLASSES_ROOT\clsid\{64809b75-d8c3-4052-a7ad-6a3ecc39218e}
HKEY_CLASSES_ROOT\clsid\{8adbbe3e-1841-4708-85df-727ccee6220b}
HKEY_CLASSES_ROOT\clsid\{a7fe5e20-9866-4c49-b5ed-3991954a2acd}
HKEY_CLASSES_ROOT\clsid\{ac04dc43-28e9-4746-9164-c200a04b8921}
HKEY_CLASSES_ROOT\clsid\{ae6ddeb6-5683-4f5d-ad53-0f93b02a3f93}
HKEY_CLASSES_ROOT\clsid\{c4b81c49-5ea5-490b-af95-04994a4214d4}
HKEY_CLASSES_ROOT\clsid\{fb68cc40-c725-491a-aac3-f37dde794edb}
HKEY_CLASSES_ROOT\dnserr.dnserrobj
HKEY_CLASSES_ROOT\dnserr.dnserrobj.1
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\uninstall\commonname toolbar 3.50_is1
HKEY_CLASSES_ROOT\typelib\{c4b81c49-5ea5-490b-af95-04994a4214d4}
HKEY_CLASSES_ROOT\typelib\{dd0032df-ceef-4e0a-8b75-e4d8861e11e5}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6656b666-992f-4d74-8588-8ca69e97d90c}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\brows
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{046d6ea4-15e3-4b27-8010-45bd78a9219e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\commonname desktop 3.0_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\commonname toolbar 3.1_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\commonname toolbar 3.50_is1
Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_CLASSES_ROOT\software\microsoft\internet explorer\toolbar
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
Removing Downloader:
You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.
Or buy it to remove ALL viruses from your computer.
Also Be Aware of the Following Threats:
Zlob.Fam.WinMediaCodec Trojan Information
Keylogger Trojan Cleaner