Trojan List 51: January 2009

Saturday, January 31, 2009

Win32.Killqq Trojan

Click here to remove Win32.Killqq malware

Win32.Killqq description:
Win32.Killqq Category:Trojan,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Removing Win32.Killqq:

you can run trial version of ExterminateIt, or remove Win32.Killqq manually.

To completely manually remove Win32.Killqq malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Win32.Killqq.

E2Give Adware

E2Give description:
E2Give Category:Adware,BHO,Downloader
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
Trojans-downloaders downloads and installs new malware or adware on the computer.

Detection E2Give :

E2Give Files:
[%PROFILE_TEMP%]\ei.exe
[%SYSTEM%]\data.~
[%SYSTEM%]\key.~
[%SYSTEM%]\keylog.~
[%SYSTEM%]\log.~
[%WINDOWS%]\pi1_36.exe
[%PROGRAM_FILES%]\spellaroo\spellaroo\polarspellchecker.dll
[%PROGRAM_FILES%]\spellaroo\spellaroo\spellaroo.exe
[%PROGRAM_FILES%]\spellaroo\spellaroo\spellaroodlg.dll
[%PROGRAM_FILES%]\spellaroo\spellaroo\spellarooh.dll
[%PROGRAM_FILES%]\spellaroo\spellaroo\spellaroor.dll
[%PROGRAM_FILES%]\spellaroo\spellaroo\spellhk.dll
[%SYSTEM%]\iebhos.dll
[%SYSTEM%]\prutqct.exe
[%WINDOWS%]\downloaded program files\ugo20.exe
[%WINDOWS%]\syslasp.dll
[%WINDOWS%]\system\iebhos.dll
[%PROFILE_TEMP%]\ei.exe
[%SYSTEM%]\data.~
[%SYSTEM%]\key.~
[%SYSTEM%]\keylog.~
[%SYSTEM%]\log.~
[%WINDOWS%]\pi1_36.exe
[%PROGRAM_FILES%]\spellaroo\spellaroo\polarspellchecker.dll
[%PROGRAM_FILES%]\spellaroo\spellaroo\spellaroo.exe
[%PROGRAM_FILES%]\spellaroo\spellaroo\spellaroodlg.dll
[%PROGRAM_FILES%]\spellaroo\spellaroo\spellarooh.dll
[%PROGRAM_FILES%]\spellaroo\spellaroo\spellaroor.dll
[%PROGRAM_FILES%]\spellaroo\spellaroo\spellhk.dll
[%SYSTEM%]\iebhos.dll
[%SYSTEM%]\prutqct.exe
[%WINDOWS%]\downloaded program files\ugo20.exe
[%WINDOWS%]\syslasp.dll
[%WINDOWS%]\system\iebhos.dll

E2Give Folders:
[%PROGRAM_FILES%]\e2g
[%PROGRAM_FILES%]\spellaroo\spellaroo\dictionaries

E2Give Registry Keys:
HKEY_CURRENT_USER\software\ptech
HKEY_LOCAL_MACHINE\software\classes\appid\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}
HKEY_LOCAL_MACHINE\software\classes\clsid\{3643abc2-21bf-46b9-b230-f247db0c6fd6}
HKEY_LOCAL_MACHINE\software\classes\iebhos.control.1\clsid
HKEY_LOCAL_MACHINE\software\classes\iebhos.control\clsid
HKEY_LOCAL_MACHINE\software\e2g
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6}
HKEY_CLASSES_ROOT\clsid\{e9041f85-3c18-4a7e-a29d-e24f84b79bf1}
HKEY_CLASSES_ROOT\typelib\{3643abc2-21bf-46b9-b230-f247db0c6fd6}
HKEY_CLASSES_ROOT\typelib\{e9041f85-3c18-4a7e-a29d-e24f84b79bf1}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3643abc2-21bf-46b9-b230-f247db0c6fd6}

E2Give Registry Values:
HKEY_CLASSES_ROOT\clsid\{3643abc2-21bf-46b9-b230-f247db0c6fd6}
HKEY_CLASSES_ROOT\clsid\{3643abc2-21bf-46b9-b230-f247db0c6fd6}\inprocserver32
HKEY_LOCAL_MACHINE\software\classes\appid\iebhos.dll
HKEY_CLASSES_ROOT\appid\iebhos.dll
HKEY_CLASSES_ROOT\clsid\{3643abc2-21bf-46b9-b230-f247db0c6fd6}
HKEY_CLASSES_ROOT\clsid\{3643abc2-21bf-46b9-b230-f247db0c6fd6}
HKEY_CLASSES_ROOT\clsid\{3643abc2-21bf-46b9-b230-f247db0c6fd6}\inprocserver32
HKEY_CURRENT_USER\software\spellaroo\spellaroo
HKEY_CURRENT_USER\software\spellaroo\spellaroo
HKEY_CURRENT_USER\software\spellaroo\spellaroo
HKEY_CURRENT_USER\software\spellaroo\spellaroo
HKEY_CURRENT_USER\software\spellaroo\spellaroo
HKEY_CURRENT_USER\software\spellaroo\spellaroo
HKEY_CURRENT_USER\software\spellaroo\spellaroo\dictionaries\custom
HKEY_CURRENT_USER\software\spellaroo\spellaroo\dictionaries\main
HKEY_LOCAL_MACHINE\software\classes\appid\iebhos.dll
HKEY_LOCAL_MACHINE\software\microsoft\eventsystem\{26c409cc-ae86-11d1-b616-00805fc79216}\subscriptions\{2c87cff4-8f09-4d4c-8949-5231dbebd542}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\e2g plugin
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\e2g plugin
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\e2g plugin
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\e2g plugin
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\e2g plugin
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\e2g plugin
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spellaroo!_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spellaroo!_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spellaroo!_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spellaroo!_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spellaroo!_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spellaroo!_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spellaroo!_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spellaroo!_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spellaroo!_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spellaroo!_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spellaroo!_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spellaroo!_is1

Removing E2Give:

you can run trial version of ExterminateIt, or remove E2Give manually.

To completely manually remove E2Give malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with E2Give.

BPath.com Tracking Cookie

BPath.com description:
BPath.com Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

If you fill out forms online with your real name and contact information,
click on banners and then purchase an item, or fill out sweepstakes or contests forms,
then it's possible that major online advertisers know your name and have associated it
with your IP address and other information.

Removing BPath.com:

you can run trial version of ExterminateIt, or remove BPath.com manually.

To completely manually remove BPath.com malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with BPath.com.

Vxidl.ATJ Trojan

Vxidl.ATJ description:
Vxidl.ATJ Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Vxidl.ATJ:

you can run trial version of ExterminateIt, or remove Vxidl.ATJ manually.

To completely manually remove Vxidl.ATJ malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Vxidl.ATJ.

BackDoor.CMQ Trojan

Click here to remove BackDoor.CMQ malware

BackDoor.CMQ description:
BackDoor.CMQ Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Detection BackDoor.CMQ :

BackDoor.CMQ Files:
[%PROFILE_TEMP%]\ssd32d.exe
[%PROFILE_TEMP%]\ssd32d.exe

Removing BackDoor.CMQ:

you can run trial version of ExterminateIt, or remove BackDoor.CMQ manually.

To completely manually remove BackDoor.CMQ malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with BackDoor.CMQ.

HeyItsMe Trojan

HeyItsMe description:
HeyItsMe Category:Trojan,Backdoor,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Trojans-downloaders downloads and installs new malware or adware on the computer.

DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

Removing HeyItsMe:

you can run trial version of ExterminateIt, or remove HeyItsMe manually.

To completely manually remove HeyItsMe malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with HeyItsMe.

median.hu Tracking Cookie

median.hu description:
median.hu Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

Removing median.hu:

you can run trial version of ExterminateIt, or remove median.hu manually.

To completely manually remove median.hu malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with median.hu.

Lesson Trojan

Lesson description:
Lesson Category:Trojan,Backdoor,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.

Removing Lesson:

you can run trial version of ExterminateIt, or remove Lesson manually.

To completely manually remove Lesson malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Lesson.

Dister Trojan

Dister description:
Dister Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Dister:

you can run trial version of ExterminateIt, or remove Dister manually.

To completely manually remove Dister malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Dister.

Pigeon.AWIW Trojan

Click here to remove Pigeon.AWIW malware

Pigeon.AWIW description:
Pigeon.AWIW Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Pigeon.AWIW:

you can run trial version of ExterminateIt, or remove Pigeon.AWIW manually.

To completely manually remove Pigeon.AWIW malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.AWIW.

Kyrdor Trojan

Kyrdor description:
Kyrdor Category:Trojan,Backdoor
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:

Launching/ deleting files

Sending/ receiving files

Deleting data

Displaying notification

Rebooting the machine

Executing files

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Removing Kyrdor:

you can run trial version of ExterminateIt, or remove Kyrdor manually.

To completely manually remove Kyrdor malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Kyrdor.

Pigeon.AUZO Trojan

Click here to remove Pigeon.AUZO malware

Pigeon.AUZO description:
Pigeon.AUZO Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Pigeon.AUZO:

you can run trial version of ExterminateIt, or remove Pigeon.AUZO manually.

To completely manually remove Pigeon.AUZO malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.AUZO.

Bancos.FXS Trojan

Bancos.FXS description:
Bancos.FXS Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Bancos.FXS:

you can run trial version of ExterminateIt, or remove Bancos.FXS manually.

To completely manually remove Bancos.FXS malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.FXS.

Friday, January 30, 2009

TrojanDropper.Win32.Delf.bw Trojan

Click here to remove TrojanDropper.Win32.Delf.bw malware

TrojanDropper.Win32.Delf.bw description:
TrojanDropper.Win32.Delf.bw Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing TrojanDropper.Win32.Delf.bw:

you can run trial version of ExterminateIt, or remove TrojanDropper.Win32.Delf.bw manually.

To completely manually remove TrojanDropper.Win32.Delf.bw malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with TrojanDropper.Win32.Delf.bw.

Win32.ATHO Trojan

Win32.ATHO description:
Win32.ATHO Category:Trojan,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

Removing Win32.ATHO:

you can run trial version of ExterminateIt, or remove Win32.ATHO manually.

To completely manually remove Win32.ATHO malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Win32.ATHO.

AdFly Adware

AdFly description:
AdFly Category:Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

Detection AdFly :

AdFly Files:
[%SYSTEM%]\COMAdEvent.dll
[%SYSTEM%]\COMBoHEvent.dll
[%SYSTEM%]\COMEventHelper.dll
[%SYSTEM%]\COMAdEvent.dll
[%SYSTEM%]\COMBoHEvent.dll
[%SYSTEM%]\COMEventHelper.dll

AdFly Registry Keys:
HKEY_CLASSES_ROOT\clsid\{1b84ddf4-71b2-4ad3-a066-81e7eb292fbb}
HKEY_CLASSES_ROOT\clsid\{881f6f06-4620-4070-ad05-bd77d4c56661}
HKEY_CLASSES_ROOT\clsid\{c61a70f3-505e-4b90-916f-627a8706b4bc}
HKEY_CLASSES_ROOT\interface\{468262b9-8400-4a49-b2e5-ce8550eb1347}

Removing AdFly:

you can run trial version of ExterminateIt, or remove AdFly manually.

To completely manually remove AdFly malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with AdFly.

Flamemsg Trojan

Flamemsg description:
Flamemsg Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Flamemsg:

you can run trial version of ExterminateIt, or remove Flamemsg manually.

To completely manually remove Flamemsg malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Flamemsg.

Pigeon.AVJP Trojan

Click here to remove Pigeon.AVJP malware

Pigeon.AVJP description:
Pigeon.AVJP Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Pigeon.AVJP:

you can run trial version of ExterminateIt, or remove Pigeon.AVJP manually.

To completely manually remove Pigeon.AVJP malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.AVJP.

FreeScratchCards Hijacker

Click here to remove FreeScratchCards malware

FreeScratchCards description:
FreeScratchCards Category:Hijacker
Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search.

Detection FreeScratchCards :

FreeScratchCards Files:
[%SYSTEM%]\fsc.ini
[%SYSTEM%]\idbrilbs.exe
[%SYSTEM%]\igpgtxbp.exe
[%SYSTEM%]\iniauvpe.dll
[%SYSTEM%]\inrvvmil.exe
[%WINDOWS%]\downloaded program files\install.exe
[%WINDOWS%]\system\fsc.ini
[%WINDOWS%]\system\haocside.dll
[%WINDOWS%]\system\haocside.exe
[%WINDOWS%]\system\haywuywl.exe
[%WINDOWS%]\system\hicvblgb.exe
[%WINDOWS%]\system\tsdezest.exe
[%SYSTEM%]\fsc.ini
[%SYSTEM%]\idbrilbs.exe
[%SYSTEM%]\igpgtxbp.exe
[%SYSTEM%]\iniauvpe.dll
[%SYSTEM%]\inrvvmil.exe
[%WINDOWS%]\downloaded program files\install.exe
[%WINDOWS%]\system\fsc.ini
[%WINDOWS%]\system\haocside.dll
[%WINDOWS%]\system\haocside.exe
[%WINDOWS%]\system\haywuywl.exe
[%WINDOWS%]\system\hicvblgb.exe
[%WINDOWS%]\system\tsdezest.exe

FreeScratchCards Registry Keys:
HKEY_CLASSES_ROOT\clsid\{ed3adb6e-5aa9-41b0-9ddc-6f31a34552be}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{ed3adb6e-5aa9-41b0-9ddc-6f31a34552be}

Removing FreeScratchCards:

you can run trial version of ExterminateIt, or remove FreeScratchCards manually.

To completely manually remove FreeScratchCards malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with FreeScratchCards.

Binary.Text.Scan Trojan

Click here to remove Binary.Text.Scan malware

Binary.Text.Scan description:
Binary.Text.Scan Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Binary.Text.Scan:

you can run trial version of ExterminateIt, or remove Binary.Text.Scan manually.

To completely manually remove Binary.Text.Scan malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Binary.Text.Scan.

Thursday, January 29, 2009

Amenby Trojan

Amenby description:
Amenby Category:Trojan,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Removing Amenby:

you can run trial version of ExterminateIt, or remove Amenby manually.

To completely manually remove Amenby malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Amenby.

IWantNetSex.Shortcut.Creator Trojan

Click here to remove IWantNetSex.Shortcut.Creator malware

IWantNetSex.Shortcut.Creator description:
IWantNetSex.Shortcut.Creator Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing IWantNetSex.Shortcut.Creator:

you can run trial version of ExterminateIt, or remove IWantNetSex.Shortcut.Creator manually.

To completely manually remove IWantNetSex.Shortcut.Creator malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with IWantNetSex.Shortcut.Creator.

MessageLabs Tracking Cookie

Click here to remove MessageLabs malware

MessageLabs description:
MessageLabs Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

If you fill out forms online with your real name and contact information,
click on banners and then purchase an item, or fill out sweepstakes or contests forms,
then it's possible that major online advertisers know your name and have associated it
with your IP address and other information.

Removing MessageLabs:

you can run trial version of ExterminateIt, or remove MessageLabs manually.

To completely manually remove MessageLabs malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with MessageLabs.

REG.HalfWin Trojan

Click here to remove REG.HalfWin malware

REG.HalfWin description:
REG.HalfWin Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing REG.HalfWin:

you can run trial version of ExterminateIt, or remove REG.HalfWin manually.

To completely manually remove REG.HalfWin malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with REG.HalfWin.

WinArpw DoS

WinArpw description:
WinArpw Category:DoS
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.

Removing WinArpw:

you can run trial version of ExterminateIt, or remove WinArpw manually.

To completely manually remove WinArpw malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with WinArpw.

AsS4Ss1n.Beginner RAT

Click here to remove AsS4Ss1n.Beginner malware

AsS4Ss1n.Beginner description:
AsS4Ss1n.Beginner Category:RAT
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Removing AsS4Ss1n.Beginner:

you can run trial version of ExterminateIt, or remove AsS4Ss1n.Beginner manually.

To completely manually remove AsS4Ss1n.Beginner malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with AsS4Ss1n.Beginner.

Munich Trojan

Munich description:
Munich Category:Trojan,Backdoor,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.

Removing Munich:

you can run trial version of ExterminateIt, or remove Munich manually.

To completely manually remove Munich malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Munich.

HackATack Trojan

HackATack description:
HackATack Category:Trojan,Spyware,Backdoor,RAT,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.

Removing HackATack:

you can run trial version of ExterminateIt, or remove HackATack manually.

To completely manually remove HackATack malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with HackATack.

Egg Trojan

Egg description:
Egg Category:Trojan,Backdoor,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

Removing Egg:

you can run trial version of ExterminateIt, or remove Egg manually.

To completely manually remove Egg malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Egg.

Wednesday, January 28, 2009

SillyDl.CNG Trojan

Click here to remove SillyDl.CNG malware

SillyDl.CNG description:
SillyDl.CNG Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing SillyDl.CNG:

you can run trial version of ExterminateIt, or remove SillyDl.CNG manually.

To completely manually remove SillyDl.CNG malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with SillyDl.CNG.

Strange Trojan

Strange description:
Strange Category:Trojan,Backdoor,Downloader,DoS
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:

Launching/ deleting files

Sending/ receiving files

Deleting data

Displaying notification

Rebooting the machine

Executing files

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.

Removing Strange:

you can run trial version of ExterminateIt, or remove Strange manually.

To completely manually remove Strange malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Strange.

Netsnooper.Gold Backdoor

Click here to remove Netsnooper.Gold malware

Netsnooper.Gold description:
Netsnooper.Gold Category:Backdoor,Hacker Tool
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:

Launching/ deleting files

Sending/ receiving files

Deleting data

Displaying notification

Rebooting the machine

Executing files

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.

Removing Netsnooper.Gold:

you can run trial version of ExterminateIt, or remove Netsnooper.Gold manually.

To completely manually remove Netsnooper.Gold malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Netsnooper.Gold.

ViriL.Devil RAT

Click here to remove ViriL.Devil malware

ViriL.Devil description:
ViriL.Devil Category:RAT
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

Removing ViriL.Devil:

you can run trial version of ExterminateIt, or remove ViriL.Devil manually.

To completely manually remove ViriL.Devil malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with ViriL.Devil.

QZap127 Trojan

QZap127 description:
QZap127 Category:Trojan,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.

Removing QZap127:

you can run trial version of ExterminateIt, or remove QZap127 manually.

To completely manually remove QZap127 malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with QZap127.

Persian.Kitty Tracking Cookie

Click here to remove Persian.Kitty malware

Persian.Kitty description:
Persian.Kitty Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

If you fill out forms online with your real name and contact information,
click on banners and then purchase an item, or fill out sweepstakes or contests forms,
then it's possible that major online advertisers know your name and have associated it
with your IP address and other information.

Removing Persian.Kitty:

you can run trial version of ExterminateIt, or remove Persian.Kitty manually.

To completely manually remove Persian.Kitty malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Persian.Kitty.

SillyDl.DCG Trojan

Click here to remove SillyDl.DCG malware

SillyDl.DCG description:
SillyDl.DCG Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing SillyDl.DCG:

you can run trial version of ExterminateIt, or remove SillyDl.DCG manually.

To completely manually remove SillyDl.DCG malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with SillyDl.DCG.

bigmir.net Tracking Cookie

bigmir.net description:
bigmir.net Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

Removing bigmir.net:

you can run trial version of ExterminateIt, or remove bigmir.net manually.

To completely manually remove bigmir.net malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with bigmir.net.

BillsDeath Backdoor

BillsDeath description:
BillsDeath Category:Backdoor
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Removing BillsDeath:

you can run trial version of ExterminateIt, or remove BillsDeath manually.

To completely manually remove BillsDeath malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with BillsDeath.

Pigeon.AWJL Trojan

Click here to remove Pigeon.AWJL malware

Pigeon.AWJL description:
Pigeon.AWJL Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Pigeon.AWJL:

you can run trial version of ExterminateIt, or remove Pigeon.AWJL manually.

To completely manually remove Pigeon.AWJL malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.AWJL.

Omnihttpd Hacker Tool

Omnihttpd description:
Omnihttpd Category:Hacker Tool,DoS
Exploits use vulnerabilities in operating systems and applications to achieve the same result.
DoS trojans conduct attacks from a single computer with the consent of the user.

Removing Omnihttpd:

you can run trial version of ExterminateIt, or remove Omnihttpd manually.

To completely manually remove Omnihttpd malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Omnihttpd.

Pigeon.ADT Trojan

Pigeon.ADT description:
Pigeon.ADT Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Pigeon.ADT:

you can run trial version of ExterminateIt, or remove Pigeon.ADT manually.

To completely manually remove Pigeon.ADT malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.ADT.

Win32.Ais Trojan

Win32.Ais description:
Win32.Ais Category:Trojan,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.

Removing Win32.Ais:

you can run trial version of ExterminateIt, or remove Win32.Ais manually.

To completely manually remove Win32.Ais malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Win32.Ais.

Win32.BrownOrifice Trojan

Click here to remove Win32.BrownOrifice malware

Win32.BrownOrifice description:
Win32.BrownOrifice Category:Trojan,Backdoor
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:

Launching/ deleting files

Sending/ receiving files

Deleting data

Displaying notification

Rebooting the machine

Executing files

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Removing Win32.BrownOrifice:

you can run trial version of ExterminateIt, or remove Win32.BrownOrifice manually.

To completely manually remove Win32.BrownOrifice malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Win32.BrownOrifice.

Bancos.HHI Trojan

Bancos.HHI description:
Bancos.HHI Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Bancos.HHI:

you can run trial version of ExterminateIt, or remove Bancos.HHI manually.

To completely manually remove Bancos.HHI malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.HHI.

VB.bpl Downloader

VB.bpl description:
VB.bpl Category:Downloader
Trojans-downloaders downloads and installs new malware or adware on the computer.

Removing VB.bpl:

you can run trial version of ExterminateIt, or remove VB.bpl manually.

To completely manually remove VB.bpl malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with VB.bpl.

Tuesday, January 27, 2009

Pigeon.AZL Trojan

Pigeon.AZL description:
Pigeon.AZL Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Pigeon.AZL:

you can run trial version of ExterminateIt, or remove Pigeon.AZL manually.

To completely manually remove Pigeon.AZL malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.AZL.

Win32.ShotGun DoS

Click here to remove Win32.ShotGun malware

Win32.ShotGun description:
Win32.ShotGun Category:DoS
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.

Removing Win32.ShotGun:

you can run trial version of ExterminateIt, or remove Win32.ShotGun manually.

To completely manually remove Win32.ShotGun malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Win32.ShotGun.

x86.remote.root Trojan

Click here to remove x86.remote.root malware

x86.remote.root description:
x86.remote.root Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing x86.remote.root:

you can run trial version of ExterminateIt, or remove x86.remote.root manually.

To completely manually remove x86.remote.root malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with x86.remote.root.

Ranck Trojan

Ranck description:
Ranck Category:Trojan,Spyware,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Detection Ranck :

Ranck Files:
[%SYSTEM%]\msp32.exe
[%SYSTEM%]\msp32.exe

Ranck Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Ranck:

you can run trial version of ExterminateIt, or remove Ranck manually.

To completely manually remove Ranck malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Ranck.

Ping.Server RAT

Click here to remove Ping.Server malware

Ping.Server description:
Ping.Server Category:RAT
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.

Removing Ping.Server:

you can run trial version of ExterminateIt, or remove Ping.Server manually.

To completely manually remove Ping.Server malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Ping.Server.

Phishbank.AUB Trojan

Click here to remove Phishbank.AUB malware

Phishbank.AUB description:
Phishbank.AUB Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Phishbank.AUB:

you can run trial version of ExterminateIt, or remove Phishbank.AUB manually.

To completely manually remove Phishbank.AUB malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Phishbank.AUB.

Mansund Trojan

Mansund description:
Mansund Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Mansund:

you can run trial version of ExterminateIt, or remove Mansund manually.

To completely manually remove Mansund malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Mansund.

Micreg Trojan

Micreg description:
Micreg Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Micreg:

you can run trial version of ExterminateIt, or remove Micreg manually.

To completely manually remove Micreg malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Micreg.

Pigeon.AVC Trojan

Pigeon.AVC description:
Pigeon.AVC Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Pigeon.AVC:

you can run trial version of ExterminateIt, or remove Pigeon.AVC manually.

To completely manually remove Pigeon.AVC malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.AVC.

Upsilonprog Trojan

Click here to remove Upsilonprog malware

Upsilonprog description:
Upsilonprog Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Upsilonprog:

you can run trial version of ExterminateIt, or remove Upsilonprog manually.

To completely manually remove Upsilonprog malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Upsilonprog.

Diskisdead Trojan

Diskisdead description:
Diskisdead Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Diskisdead:

you can run trial version of ExterminateIt, or remove Diskisdead manually.

To completely manually remove Diskisdead malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Diskisdead.

Banker.gen Trojan

Banker.gen description:
Banker.gen Category:Trojan,Spyware
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Removing Banker.gen:

you can run trial version of ExterminateIt, or remove Banker.gen manually.

To completely manually remove Banker.gen malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Banker.gen.

IGMP.Inferno DoS

Click here to remove IGMP.Inferno malware

IGMP.Inferno description:
IGMP.Inferno Category:DoS
DoS trojans conduct attacks from a single computer with the consent of the user.

Removing IGMP.Inferno:

you can run trial version of ExterminateIt, or remove IGMP.Inferno manually.

To completely manually remove IGMP.Inferno malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with IGMP.Inferno.

Bancos.HBL Trojan

Bancos.HBL description:
Bancos.HBL Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Bancos.HBL:

you can run trial version of ExterminateIt, or remove Bancos.HBL manually.

To completely manually remove Bancos.HBL malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.HBL.

SpySender.88i Backdoor

Click here to remove SpySender.88i malware

SpySender.88i description:
SpySender.88i Category:Backdoor,RAT
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.

Removing SpySender.88i:

you can run trial version of ExterminateIt, or remove SpySender.88i manually.

To completely manually remove SpySender.88i malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with SpySender.88i.

Malum.KUM Trojan

Malum.KUM description:
Malum.KUM Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Malum.KUM:

you can run trial version of ExterminateIt, or remove Malum.KUM manually.

To completely manually remove Malum.KUM malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Malum.KUM.

Vxidl.ARD Trojan

Vxidl.ARD description:
Vxidl.ARD Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Vxidl.ARD:

you can run trial version of ExterminateIt, or remove Vxidl.ARD manually.

To completely manually remove Vxidl.ARD malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Vxidl.ARD.

Monday, January 26, 2009

BagleDl.AH Trojan

BagleDl.AH description:
BagleDl.AH Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Detection BagleDl.AH :

BagleDl.AH Files:
[%SYSTEM%]\winlog.exe
[%SYSTEM%]\winlog.exe

BagleDl.AH Registry Values:
HKEY_CURRENT_USER\Software\FirstRRRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

Removing BagleDl.AH:

you can run trial version of ExterminateIt, or remove BagleDl.AH manually.

To completely manually remove BagleDl.AH malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with BagleDl.AH.

SillyDl.CAD Trojan

Click here to remove SillyDl.CAD malware

SillyDl.CAD description:
SillyDl.CAD Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing SillyDl.CAD:

you can run trial version of ExterminateIt, or remove SillyDl.CAD manually.

To completely manually remove SillyDl.CAD malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with SillyDl.CAD.

Exploiter Backdoor

Exploiter description:
Exploiter Category:Backdoor,RAT,Hacker Tool
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Removing Exploiter:

you can run trial version of ExterminateIt, or remove Exploiter manually.

To completely manually remove Exploiter malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Exploiter.

Parasite Trojan

Parasite description:
Parasite Category:Trojan,Backdoor,RAT,Downloader,Hacker Tool,DoS
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:

Launching/ deleting files

Sending/ receiving files

Deleting data

Displaying notification

Rebooting the machine

Executing files

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
Trojans-downloaders downloads and installs new malware or adware on the computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.

Removing Parasite:

you can run trial version of ExterminateIt, or remove Parasite manually.

To completely manually remove Parasite malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Parasite.

PWS.Ritter Trojan

PWS.Ritter description:
PWS.Ritter Category:Trojan,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Removing PWS.Ritter:

you can run trial version of ExterminateIt, or remove PWS.Ritter manually.

To completely manually remove PWS.Ritter malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with PWS.Ritter.

Spector Trojan

Spector description:
Spector Category:Trojan,Spyware
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

Detection Spector :

Spector Files:
[%PROGRAMS%]\spector\spector.lnk
[%SYSTEM%]\netknl.dll
[%SYSTEM%]\netknlhm.dll
[%SYSTEM%]\winnetcl.cnt
[%SYSTEM%]\winnetcl.exe
[%SYSTEM%]\winnetcl.hlp
[%SYSTEM%]\wswinntfp.exe
[%PROGRAMS%]\spector\spector.lnk
[%SYSTEM%]\netknl.dll
[%SYSTEM%]\netknlhm.dll
[%SYSTEM%]\winnetcl.cnt
[%SYSTEM%]\winnetcl.exe
[%SYSTEM%]\winnetcl.hlp
[%SYSTEM%]\wswinntfp.exe

Spector Folders:
[%SYSTEM%]\netext

Spector Registry Keys:
HKEY_CLASSES_ROOT\clsid\{58483a6f-ad93-4d13-a1e2-bcdac4a710a1}
HKEY_CLASSES_ROOT\mapiauthentication.addin
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\spector

Removing Spector:

you can run trial version of ExterminateIt, or remove Spector manually.

To completely manually remove Spector malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Spector.

Mista Trojan

Mista description:
Mista Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Mista:

you can run trial version of ExterminateIt, or remove Mista manually.

To completely manually remove Mista malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Mista.

Pigeon.EUA Trojan

Pigeon.EUA description:
Pigeon.EUA Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Pigeon.EUA:

you can run trial version of ExterminateIt, or remove Pigeon.EUA manually.

To completely manually remove Pigeon.EUA malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.EUA.

DJoiner Trojan

DJoiner description:
DJoiner Category:Trojan,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Removing DJoiner:

you can run trial version of ExterminateIt, or remove DJoiner manually.

To completely manually remove DJoiner malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with DJoiner.

SillyDl.CCB Trojan

Click here to remove SillyDl.CCB malware

SillyDl.CCB description:
SillyDl.CCB Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing SillyDl.CCB:

you can run trial version of ExterminateIt, or remove SillyDl.CCB manually.

To completely manually remove SillyDl.CCB malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with SillyDl.CCB.

Sunday, January 25, 2009

Domination Hacker Tool

Domination description:
Domination Category:Hacker Tool,DoS
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.
DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

Removing Domination:

you can run trial version of ExterminateIt, or remove Domination manually.

To completely manually remove Domination malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Domination.

Pigeon.EHY Trojan

Pigeon.EHY description:
Pigeon.EHY Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Pigeon.EHY:

you can run trial version of ExterminateIt, or remove Pigeon.EHY manually.

To completely manually remove Pigeon.EHY malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.EHY.

Trojanspy.Win32.Banker Spyware

Click here to remove Trojanspy.Win32.Banker malware

Trojanspy.Win32.Banker description:
Trojanspy.Win32.Banker Category:Spyware
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

Removing Trojanspy.Win32.Banker:

you can run trial version of ExterminateIt, or remove Trojanspy.Win32.Banker manually.

To completely manually remove Trojanspy.Win32.Banker malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Trojanspy.Win32.Banker.

SillyDl.AXH Trojan

Click here to remove SillyDl.AXH malware

SillyDl.AXH description:
SillyDl.AXH Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing SillyDl.AXH:

you can run trial version of ExterminateIt, or remove SillyDl.AXH manually.

To completely manually remove SillyDl.AXH malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with SillyDl.AXH.

Bancos.IDP Trojan

Bancos.IDP description:
Bancos.IDP Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Bancos.IDP:

you can run trial version of ExterminateIt, or remove Bancos.IDP manually.

To completely manually remove Bancos.IDP malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.IDP.

StealthEye Backdoor

StealthEye description:
StealthEye Category:Backdoor
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.

Removing StealthEye:

you can run trial version of ExterminateIt, or remove StealthEye manually.

To completely manually remove StealthEye malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with StealthEye.

AOL.Selide Trojan

AOL.Selide description:
AOL.Selide Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing AOL.Selide:

you can run trial version of ExterminateIt, or remove AOL.Selide manually.

To completely manually remove AOL.Selide malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with AOL.Selide.

IRC.Contact Backdoor

Click here to remove IRC.Contact malware

IRC.Contact description:
IRC.Contact Category:Backdoor,RAT,DoS
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:

Launching/ deleting files

Sending/ receiving files

Deleting data

Displaying notification

Rebooting the machine

Executing files

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.

Detection IRC.Contact :

IRC.Contact Files:
[%WINDOWS%]\system\pathname.dll
[%WINDOWS%]\system\system32ex.exe
[%WINDOWS%]\system\pathname.dll
[%WINDOWS%]\system\system32ex.exe

Removing IRC.Contact:

you can run trial version of ExterminateIt, or remove IRC.Contact manually.

To completely manually remove IRC.Contact malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with IRC.Contact.

Pigeon.AVCI Trojan

Click here to remove Pigeon.AVCI malware

Pigeon.AVCI description:
Pigeon.AVCI Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Pigeon.AVCI:

you can run trial version of ExterminateIt, or remove Pigeon.AVCI manually.

To completely manually remove Pigeon.AVCI malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.AVCI.

float Trojan

float description:
float Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing float:

you can run trial version of ExterminateIt, or remove float manually.

To completely manually remove float malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with float.

SysProtect Adware

SysProtect description:
SysProtect Category:Adware,Ransomware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.

If the victim opens/executes the attachment, the program encrypts
a number of files on the victim's computer. A ransom note is then left behind for the victim.

The victim will be unable to open the encrypted files without the correct decryption key.
Once the ransom demanded in the ransom note is paid, the cracker may (or may not)
send the decryption key, enabling decryption of the "kidnapped" files.

Detection SysProtect :

SysProtect Files:
[%PROFILE_TEMP%]\NI.USYP\setup.exe
[%PROFILE_TEMP%]\NI.USYP_0001_N76M1005\setup.exe
[%PROFILE_TEMP%]\SysProtectScannerSetup.exe
[%PROGRAM_FILES%]\ErrorSafe Free\FlFxr15.dll
[%PROGRAM_FILES%]\ERRORS~1\FlFxr15.dll
[%SYSTEM%]\df_kme.exe
[%DESKTOP%]\Install SysProtect .lnk
[%DESKTOP%]\SysProtect.lnk
[%PROFILE_TEMP%]\NI.USYP\setup.exe
[%PROFILE_TEMP%]\NI.USYP_0001_N76M1005\setup.exe
[%PROFILE_TEMP%]\SysProtectScannerSetup.exe
[%PROGRAM_FILES%]\ErrorSafe Free\FlFxr15.dll
[%PROGRAM_FILES%]\ERRORS~1\FlFxr15.dll
[%SYSTEM%]\df_kme.exe
[%DESKTOP%]\Install SysProtect .lnk
[%DESKTOP%]\SysProtect.lnk

SysProtect Folders:
[%PROGRAM_FILES%]\SysProtect Free
[%PROGRAM_FILES%]\SysProtect
[%PROGRAM_FILES_COMMON%]\SysProtect
[%COMMON_PROGRAMS%]\SysProtect Unregistered Version

SysProtect Registry Keys:
HKEY_CLASSES_ROOT\AppID\{4F5E5D72-C915-4f3b-908B-527D064B0FAA}
HKEY_CLASSES_ROOT\CheckProd.CheckProduct
HKEY_CLASSES_ROOT\CLSID\{1640DE0E-75E4-4a83-B5D1-2492BC7EBA8F}
HKEY_CLASSES_ROOT\CLSID\{9E87077C-380C-407d-8DAB-EEDAD95C0A5D}
HKEY_CLASSES_ROOT\CLSID\{CCAABCDD-7C16-4215-B12E-150BFB994CF0}
HKEY_CLASSES_ROOT\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F}
HKEY_CLASSES_ROOT\clsid\{f63e3b76-f82f-46eb-851c-8c0a221686bb}
HKEY_CLASSES_ROOT\flfxr15.flfixer15
HKEY_CLASSES_ROOT\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9}
HKEY_CLASSES_ROOT\interface\{7f4e63c9-f30c-4424-9baf-b6896f5f56c4}
HKEY_CLASSES_ROOT\interface\{f5ac8b35-5b15-4e8f-8046-43858973b495}
HKEY_CLASSES_ROOT\typelib\{7eacf70b-302f-4049-ac68-2d62eb43e473}\1.0
HKEY_CLASSES_ROOT\typelib\{7fa4ec26-6a28-4474-857d-bb05b001c84a}\1.0
HKEY_CLASSES_ROOT\typelib\{96d58666-8f00-4a9d-9389-c17aaa2407c9}\1.0
HKEY_CLASSES_ROOT\typelib\{e79d5e54-81c9-41ae-9d7b-03f1e5a7733d}\1.0
HKEY_CLASSES_ROOT\typelib\{f585cb1f-f17d-4007-a573-b663197ef500}\1.0
HKEY_LOCAL_MACHINE\Software\SysProtect
HKEY_CLASSES_ROOT\AppID\CheckProduct2_1.DLL
HKEY_CLASSES_ROOT\AppID\compclr.dll
HKEY_CLASSES_ROOT\AppID\FFWrapr.DLL
HKEY_CLASSES_ROOT\CheckProd.CheckProduct.1
HKEY_CLASSES_ROOT\ComCleanCore.AppCleaner
HKEY_CLASSES_ROOT\ComCleanCore.CCQuickScan
HKEY_CLASSES_ROOT\ComCleanCore.CCQuickScan.1
HKEY_CLASSES_ROOT\ComCleanCore.FileCleaner
HKEY_CLASSES_ROOT\ComCleanCore.FileCleaner.1
HKEY_CLASSES_ROOT\ComCleanCore.InetCleaner
HKEY_CLASSES_ROOT\ComCleanCore.InetCleaner.1
HKEY_CLASSES_ROOT\ComCleanCore.RegCleaner
HKEY_CLASSES_ROOT\ComCleanCore.RegCleaner.1
HKEY_CLASSES_ROOT\ComCleanCore.SystemCleaner
HKEY_CLASSES_ROOT\ComCleanCore.SystemCleaner.1
HKEY_CLASSES_ROOT\df_fixr.Fixer.1
HKEY_CLASSES_ROOT\TypeLib\{7EACF70B-302F-4049-AC68-2D62EB43E473}
HKEY_CURRENT_USER\Software\SysProtect
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSCAN
HKEY_CLASSES_ROOT\appid\{4f5e5d72-c915-4f3b-908b-527d064b0faa}
HKEY_CLASSES_ROOT\checkprod.checkproduct
HKEY_CLASSES_ROOT\clsid\{1640de0e-75e4-4a83-b5d1-2492bc7eba8f}
HKEY_CLASSES_ROOT\clsid\{9e87077c-380c-407d-8dab-eedad95c0a5d}
HKEY_CLASSES_ROOT\clsid\{ccaabcdd-7c16-4215-b12e-150bfb994cf0}
HKEY_CLASSES_ROOT\clsid\{ef130e77-0a34-4365-bfb7-218fd3ddcd5f}
HKEY_CLASSES_ROOT\interface\{02946fd1-2d99-46e6-a790-3a089714edd9}
HKEY_CURRENT_USER\software\sysprotect free
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\usyp_is1
HKEY_LOCAL_MACHINE\software\sysprotect

SysProtect Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing SysProtect:

you can run trial version of ExterminateIt, or remove SysProtect manually.

To completely manually remove SysProtect malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with SysProtect.

XDel Trojan

XDel description:
XDel Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing XDel:

you can run trial version of ExterminateIt, or remove XDel manually.

To completely manually remove XDel malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with XDel.

gi8n Trojan

gi8n description:
gi8n Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing gi8n:

you can run trial version of ExterminateIt, or remove gi8n manually.

To completely manually remove gi8n malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with gi8n.

VB.tf Trojan

VB.tf description:
VB.tf Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Detection VB.tf :

VB.tf Files:
[%WINDOWS%]\win3208160-15319522006.exe
[%WINDOWS%]\win3208160-15319522006.exe

Removing VB.tf:

you can run trial version of ExterminateIt, or remove VB.tf manually.

To completely manually remove VB.tf malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with VB.tf.

Bancos.GBM Trojan

Bancos.GBM description:
Bancos.GBM Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Bancos.GBM:

you can run trial version of ExterminateIt, or remove Bancos.GBM manually.

To completely manually remove Bancos.GBM malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.GBM.

PasswordAngel Spyware

Click here to remove PasswordAngel malware

PasswordAngel description:
PasswordAngel Category:Spyware
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

Removing PasswordAngel:

you can run trial version of ExterminateIt, or remove PasswordAngel manually.

To completely manually remove PasswordAngel malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with PasswordAngel.

Pigeon.EDX Trojan

Pigeon.EDX description:
Pigeon.EDX Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Pigeon.EDX:

you can run trial version of ExterminateIt, or remove Pigeon.EDX manually.

To completely manually remove Pigeon.EDX malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.EDX.

Saturday, January 24, 2009

PC.DisasterPiece Trojan

Click here to remove PC.DisasterPiece malware

PC.DisasterPiece description:
PC.DisasterPiece Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing PC.DisasterPiece:

you can run trial version of ExterminateIt, or remove PC.DisasterPiece manually.

To completely manually remove PC.DisasterPiece malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with PC.DisasterPiece.

KGB.Keylogger Spyware

Click here to remove KGB.Keylogger malware

KGB.Keylogger description:
KGB.Keylogger Category:Spyware
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

Detection KGB.Keylogger :

KGB.Keylogger Files:
[%PROGRAMS%]\kgb keylogger\buy online!.lnk
[%PROGRAMS%]\kgb keylogger\help.lnk
[%PROGRAMS%]\kgb keylogger\kgb keylogger.lnk
[%PROGRAMS%]\kgb keylogger\uninstall.lnk
[%PROGRAMS%]\kgb keylogger\visit homepage.lnk
[%DESKTOP%]\kgb keylogger.lnk
[%PROGRAMS%]\kgb keylogger\buy online!.lnk
[%PROGRAMS%]\kgb keylogger\help.lnk
[%PROGRAMS%]\kgb keylogger\kgb keylogger.lnk
[%PROGRAMS%]\kgb keylogger\uninstall.lnk
[%PROGRAMS%]\kgb keylogger\visit homepage.lnk
[%DESKTOP%]\kgb keylogger.lnk

KGB.Keylogger Folders:
[%PROGRAM_FILES%]\kgb keylogger

KGB.Keylogger Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\kgb keylogger
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\kgb keylogger
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\kgb keylogger
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\kgb keylogger
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\kgb keylogger
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\kgb keylogger
HKEY_CURRENT_USER\software\kgb keylogger
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\kgb keylogger
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\kgb keylogger
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\kgb keylogger

Removing KGB.Keylogger:

you can run trial version of ExterminateIt, or remove KGB.Keylogger manually.

To completely manually remove KGB.Keylogger malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with KGB.Keylogger.

SillyDl.CFE Trojan

Click here to remove SillyDl.CFE malware

SillyDl.CFE description:
SillyDl.CFE Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing SillyDl.CFE:

you can run trial version of ExterminateIt, or remove SillyDl.CFE manually.

To completely manually remove SillyDl.CFE malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with SillyDl.CFE.

DarkLord.A!Trojan Trojan

Click here to remove DarkLord.A!Trojan malware

DarkLord.A!Trojan description:
DarkLord.A!Trojan Category:Trojan,Worm,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Worms can be classified according to the propagation method they use,
i.e. how they deliver copies of themselves to new victim machines.
Worms can also be classified by installation method, launch method and finally according
to characteristics standard to all malware: polymorphism, stealth etc.

Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.
The methods are listed separately below.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Removing DarkLord.A!Trojan:

you can run trial version of ExterminateIt, or remove DarkLord.A!Trojan manually.

To completely manually remove DarkLord.A!Trojan malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with DarkLord.A!Trojan.

DrAntiSpyware Adware

Click here to remove DrAntiSpyware malware

DrAntiSpyware description:
DrAntiSpyware Category:Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Removing DrAntiSpyware:

you can run trial version of ExterminateIt, or remove DrAntiSpyware manually.

To completely manually remove DrAntiSpyware malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with DrAntiSpyware.

SysInfoMailer Trojan

Click here to remove SysInfoMailer malware

SysInfoMailer description:
SysInfoMailer Category:Trojan,Spyware
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.

Removing SysInfoMailer:

you can run trial version of ExterminateIt, or remove SysInfoMailer manually.

To completely manually remove SysInfoMailer malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with SysInfoMailer.

AegisCOM Spyware

AegisCOM description:
AegisCOM Category:Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.

Removing AegisCOM:

you can run trial version of ExterminateIt, or remove AegisCOM manually.

To completely manually remove AegisCOM malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with AegisCOM.

MultiMPP Adware

MultiMPP description:
MultiMPP Category:Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Removing MultiMPP:

you can run trial version of ExterminateIt, or remove MultiMPP manually.

To completely manually remove MultiMPP malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with MultiMPP.

indexstats.com Tracking Cookie

Click here to remove indexstats.com malware

indexstats.com description:
indexstats.com Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

If you fill out forms online with your real name and contact information,
click on banners and then purchase an item, or fill out sweepstakes or contests forms,
then it's possible that major online advertisers know your name and have associated it
with your IP address and other information.

Removing indexstats.com:

you can run trial version of ExterminateIt, or remove indexstats.com manually.

To completely manually remove indexstats.com malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with indexstats.com.

SMEG.Queeg Trojan

SMEG.Queeg description:
SMEG.Queeg Category:Trojan,Backdoor,Downloader,DoS
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:

Launching/ deleting files

Sending/ receiving files

Deleting data

Displaying notification

Rebooting the machine

Executing files

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Trojans-downloaders downloads and installs new malware or adware on the computer.

DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

Removing SMEG.Queeg:

you can run trial version of ExterminateIt, or remove SMEG.Queeg manually.

To completely manually remove SMEG.Queeg malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with SMEG.Queeg.

Lspp Downloader

Lspp description:
Lspp Category:Downloader
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

Removing Lspp:

you can run trial version of ExterminateIt, or remove Lspp manually.

To completely manually remove Lspp malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Lspp.

Pigeon.EFS Trojan

Pigeon.EFS description:
Pigeon.EFS Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Pigeon.EFS:

you can run trial version of ExterminateIt, or remove Pigeon.EFS manually.

To completely manually remove Pigeon.EFS malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.EFS.

Pigeon.AUZH Trojan

Click here to remove Pigeon.AUZH malware

Pigeon.AUZH description:
Pigeon.AUZH Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Pigeon.AUZH:

you can run trial version of ExterminateIt, or remove Pigeon.AUZH manually.

To completely manually remove Pigeon.AUZH malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.AUZH.

Activity.Keylogger Spyware

Click here to remove Activity.Keylogger malware

Activity.Keylogger description:
Activity.Keylogger Category:Spyware
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

Detection Activity.Keylogger :

Activity.Keylogger Files:
[%DESKTOP%]\activity keylogger.lnk
[%WINDOWS%]\aksettings.ini
[%WINDOWS%]\chatlogs.dll
[%DESKTOP%]\activity keylogger.lnk
[%WINDOWS%]\aksettings.ini
[%WINDOWS%]\chatlogs.dll

Activity.Keylogger Folders:
[%PROGRAMS%]\activity keylogger
[%PROGRAM_FILES%]\activity keylogger

Activity.Keylogger Registry Keys:
HKEY_LOCAL_MACHINE\software\activity keylogger

Activity.Keylogger Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Activity.Keylogger:

you can run trial version of ExterminateIt, or remove Activity.Keylogger manually.

To completely manually remove Activity.Keylogger malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Activity.Keylogger.

Friday, January 23, 2009

Bancos.ICL Trojan

Bancos.ICL description:
Bancos.ICL Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Bancos.ICL:

you can run trial version of ExterminateIt, or remove Bancos.ICL manually.

To completely manually remove Bancos.ICL malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.ICL.

AcidReign Trojan

AcidReign description:
AcidReign Category:Trojan,Downloader
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

Removing AcidReign:

you can run trial version of ExterminateIt, or remove AcidReign manually.

To completely manually remove AcidReign malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with AcidReign.

IEPlugin Adware

IEPlugin description:
IEPlugin Category:Adware,BHO,Hijacker,Downloader
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

Detection IEPlugin :

IEPlugin Files:
[%SYSTEM%]\ieplugin.dll
[%WINDOWS%]\Desktop Toolbar.dsk
[%WINDOWS%]\wdskctl.exe
[%WINDOWS%]\wupdt.exe
[%PROFILE_TEMP%]\systb.dll
[%SYSTEM%]\systb.dll
[%SYSTEM%]\winobject.dll
[%WINDOWS%]\system\ieplugin.dll
[%WINDOWS%]\system\systb.dll
[%WINDOWS%]\system\winobject.dll
[%SYSTEM%]\ieplugin.dll
[%WINDOWS%]\Desktop Toolbar.dsk
[%WINDOWS%]\wdskctl.exe
[%WINDOWS%]\wupdt.exe
[%PROFILE_TEMP%]\systb.dll
[%SYSTEM%]\systb.dll
[%SYSTEM%]\winobject.dll
[%WINDOWS%]\system\ieplugin.dll
[%WINDOWS%]\system\systb.dll
[%WINDOWS%]\system\winobject.dll

IEPlugin Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}
HKEY_CLASSES_ROOT\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}
HKEY_CLASSES_ROOT\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}
HKEY_CLASSES_ROOT\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}
HKEY_CLASSES_ROOT\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}
HKEY_CLASSES_ROOT\IMIToolbar.BottomFrame
HKEY_CLASSES_ROOT\IMIToolbar.BottomFrame.1
HKEY_CLASSES_ROOT\IMIToolbar.LeftFrame
HKEY_CLASSES_ROOT\IMIToolbar.LeftFrame.1
HKEY_CLASSES_ROOT\IMIToolbar.PopupBrowser
HKEY_CLASSES_ROOT\IMIToolbar.PopupBrowser.1
HKEY_CLASSES_ROOT\IMIToolbar.PopupWindow
HKEY_CLASSES_ROOT\IMIToolbar.PopupWindow.1
HKEY_CLASSES_ROOT\Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}
HKEY_CLASSES_ROOT\Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}
HKEY_CLASSES_ROOT\Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}
HKEY_CLASSES_ROOT\Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}
HKEY_CURRENT_USER\Software\dsktb
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}
HKEY_CLASSES_ROOT\clsid\{01f44a8a-8c97-4325-a378-76e68dc4ab2e}
HKEY_CLASSES_ROOT\clsid\{1c896551-8b92-4907-8c06-15db2d1f874a}
HKEY_CLASSES_ROOT\clsid\{556dde35-e955-11d0-a707-000000521958}
HKEY_CLASSES_ROOT\clsid\{914afb33-550b-4bd0-b4ef-8da185504836}
HKEY_CLASSES_ROOT\clsid\{d36f70b1-7df5-4fd4-a765-70ccc8f72cd7}
HKEY_CLASSES_ROOT\clsid\{e2bf1bf3-1fdb-4c93-8874-0b09e71c594c}
HKEY_CLASSES_ROOT\clsid\{f3155057-4c2c-4078-8576-50486693fd49}
HKEY_CLASSES_ROOT\imitoolbar.bottomframe
HKEY_CLASSES_ROOT\imitoolbar.bottomframe.1
HKEY_CLASSES_ROOT\imitoolbar.leftframe
HKEY_CLASSES_ROOT\imitoolbar.leftframe leftframe class
HKEY_CLASSES_ROOT\imitoolbar.leftframe.1
HKEY_CLASSES_ROOT\imitoolbar.leftframe.1 leftframe class
HKEY_CLASSES_ROOT\imitoolbar.popupbrowser
HKEY_CLASSES_ROOT\imitoolbar.popupbrowser popupbrowser class
HKEY_CLASSES_ROOT\imitoolbar.popupbrowser.1
HKEY_CLASSES_ROOT\imitoolbar.popupbrowser.1 popupbrowser class
HKEY_CLASSES_ROOT\imitoolbar.popupwindow
HKEY_CLASSES_ROOT\imitoolbar.popupwindow popupwindow class
HKEY_CLASSES_ROOT\imitoolbar.popupwindow.1
HKEY_CLASSES_ROOT\imitoolbar.popupwindow.1 popupwindow class
HKEY_CLASSES_ROOT\interface\{220959ea-b54c-4201-8df2-1cfac8b59fd7}
HKEY_CLASSES_ROOT\interface\{6a288140-3e1c-4cd9-aac5-e20fdd4f5d64}
HKEY_CLASSES_ROOT\interface\{7371ad3f-c419-4dc0-8e8a-e21fafad53e0}
HKEY_CLASSES_ROOT\interface\{98b2ddba-6da2-4421-af2b-814e98f53649}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{914afb33-550b-4bd0-b4ef-8da185504836}
HKEY_CURRENT_USER\software\dsktb
HKEY_LOCAL_MACHINE\software\classes\clsid\{914afb33-550b-4bd0-b4ef-8da185504836}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{01f44a8a-8c97-4325-a378-76e68dc4ab2e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{914afb33-550b-4bd0-b4ef-8da185504836}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\wupdt.exe

IEPlugin Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\[%WINDOWS%]

Removing IEPlugin:

you can run trial version of ExterminateIt, or remove IEPlugin manually.

To completely manually remove IEPlugin malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with IEPlugin.

Inv.Evil Trojan

Inv.Evil description:
Inv.Evil Category:Trojan,Backdoor,Downloader,DoS
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Trojans-downloaders downloads and installs new malware or adware on the computer.

These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.

Removing Inv.Evil:

you can run trial version of ExterminateIt, or remove Inv.Evil manually.

To completely manually remove Inv.Evil malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Inv.Evil.

Swizzor.aw Downloader

Swizzor.aw description:
Swizzor.aw Category:Downloader
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

Removing Swizzor.aw:

you can run trial version of ExterminateIt, or remove Swizzor.aw manually.

To completely manually remove Swizzor.aw malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Swizzor.aw.

Taladrator Trojan

Taladrator description:
Taladrator Category:Trojan,Backdoor,RAT
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

Removing Taladrator:

you can run trial version of ExterminateIt, or remove Taladrator manually.

To completely manually remove Taladrator malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Taladrator.

Power.Linking.Profits.com BHO

Click here to remove Power.Linking.Profits.com malware

Power.Linking.Profits.com description:
Power.Linking.Profits.com Category:BHO,Toolbar
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

Detection Power.Linking.Profits.com :

Power.Linking.Profits.com Registry Keys:
HKEY_CLASSES_ROOT\clsid\{d6223cbc-a263-4cb1-b35e-1ae40fef3b3b}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{d6223cbc-a263-4cb1-b35e-1ae40fef3b3b}
HKEY_LOCAL_MACHINE\software\classes\clsid\{d6223cbc-a263-4cb1-b35e-1ae40fef3b3b}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d6223cbc-a263-4cb1-b35e-1ae40fef3b3b}

Removing Power.Linking.Profits.com:

you can run trial version of ExterminateIt, or remove Power.Linking.Profits.com manually.

To completely manually remove Power.Linking.Profits.com malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Power.Linking.Profits.com.

BlackStone Trojan

BlackStone description:
BlackStone Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing BlackStone:

you can run trial version of ExterminateIt, or remove BlackStone manually.

To completely manually remove BlackStone malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with BlackStone.

WinPC Trojan

WinPC description:
WinPC Category:Trojan,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Removing WinPC:

you can run trial version of ExterminateIt, or remove WinPC manually.

To completely manually remove WinPC malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with WinPC.

Libnet Trojan

Libnet description:
Libnet Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Libnet:

you can run trial version of ExterminateIt, or remove Libnet manually.

To completely manually remove Libnet malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Libnet.

Inspexep Spyware

Inspexep description:
Inspexep Category:Spyware
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Removing Inspexep:

you can run trial version of ExterminateIt, or remove Inspexep manually.

To completely manually remove Inspexep malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Inspexep.

Stoned.based Trojan

Click here to remove Stoned.based malware

Stoned.based description:
Stoned.based Category:Trojan,Backdoor,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:

Launching/ deleting files

Sending/ receiving files

Deleting data

Displaying notification

Rebooting the machine

Executing files

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

Removing Stoned.based:

you can run trial version of ExterminateIt, or remove Stoned.based manually.

To completely manually remove Stoned.based malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Stoned.based.

Pigeon.AKB Trojan

Pigeon.AKB description:
Pigeon.AKB Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Pigeon.AKB:

you can run trial version of ExterminateIt, or remove Pigeon.AKB manually.

To completely manually remove Pigeon.AKB malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.AKB.

YSnoop Trojan

YSnoop description:
YSnoop Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing YSnoop:

you can run trial version of ExterminateIt, or remove YSnoop manually.

To completely manually remove YSnoop malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with YSnoop.

Nacsher Trojan

Nacsher description:
Nacsher Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Nacsher:

you can run trial version of ExterminateIt, or remove Nacsher manually.

To completely manually remove Nacsher malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Nacsher.

TrojanDownloader.Win32.Small.fz Trojan

Click here to remove TrojanDownloader.Win32.Small.fz malware

TrojanDownloader.Win32.Small.fz description:
TrojanDownloader.Win32.Small.fz Category:Trojan,Downloader
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

Removing TrojanDownloader.Win32.Small.fz:

you can run trial version of ExterminateIt, or remove TrojanDownloader.Win32.Small.fz manually.

To completely manually remove TrojanDownloader.Win32.Small.fz malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with TrojanDownloader.Win32.Small.fz.

Thursday, January 22, 2009

Realbot Trojan

Realbot description:
Realbot Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Realbot:

you can run trial version of ExterminateIt, or remove Realbot manually.

To completely manually remove Realbot malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Realbot.

WebcamNow.Jacker RAT

Click here to remove WebcamNow.Jacker malware

WebcamNow.Jacker description:
WebcamNow.Jacker Category:RAT
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Removing WebcamNow.Jacker:

you can run trial version of ExterminateIt, or remove WebcamNow.Jacker manually.

To completely manually remove WebcamNow.Jacker malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with WebcamNow.Jacker.

SH.Hijack Worm

SH.Hijack description:
SH.Hijack Category:Worm,Hijacker
Worms can be classified by installation method, launch method and finally according
to characteristics standard to all malware: polymorphism, stealth etc.

Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.

Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.

Removing SH.Hijack:

you can run trial version of ExterminateIt, or remove SH.Hijack manually.

To completely manually remove SH.Hijack malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with SH.Hijack.

cyberservicesllc.com Tracking Cookie

Click here to remove cyberservicesllc.com malware

cyberservicesllc.com description:
cyberservicesllc.com Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

Removing cyberservicesllc.com:

you can run trial version of ExterminateIt, or remove cyberservicesllc.com manually.

To completely manually remove cyberservicesllc.com malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with cyberservicesllc.com.

Red.Hacker Trojan

Red.Hacker description:
Red.Hacker Category:Trojan,Hacker Tool,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.
DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

Removing Red.Hacker:

you can run trial version of ExterminateIt, or remove Red.Hacker manually.

To completely manually remove Red.Hacker malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Red.Hacker.

Pigeon.AVIX Trojan

Click here to remove Pigeon.AVIX malware

Pigeon.AVIX description:
Pigeon.AVIX Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Pigeon.AVIX:

you can run trial version of ExterminateIt, or remove Pigeon.AVIX manually.

To completely manually remove Pigeon.AVIX malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.AVIX.

LPEarthLink2.com Tracking Cookie

Click here to remove LPEarthLink2.com malware

LPEarthLink2.com description:
LPEarthLink2.com Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

If you fill out forms online with your real name and contact information,
click on banners and then purchase an item, or fill out sweepstakes or contests forms,
then it's possible that major online advertisers know your name and have associated it
with your IP address and other information.

Removing LPEarthLink2.com:

you can run trial version of ExterminateIt, or remove LPEarthLink2.com manually.

To completely manually remove LPEarthLink2.com malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with LPEarthLink2.com.

Muswn Trojan

Muswn description:
Muswn Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Muswn:

you can run trial version of ExterminateIt, or remove Muswn manually.

To completely manually remove Muswn malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Muswn.

Pigeon.AYI Trojan

Pigeon.AYI description:
Pigeon.AYI Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Pigeon.AYI:

you can run trial version of ExterminateIt, or remove Pigeon.AYI manually.

To completely manually remove Pigeon.AYI malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.AYI.

Pigeon.FAA Trojan

Pigeon.FAA description:
Pigeon.FAA Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Pigeon.FAA:

you can run trial version of ExterminateIt, or remove Pigeon.FAA manually.

To completely manually remove Pigeon.FAA malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.FAA.

Oxon Backdoor

Oxon description:
Oxon Category:Backdoor,RAT
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.

Removing Oxon:

you can run trial version of ExterminateIt, or remove Oxon manually.

To completely manually remove Oxon malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Oxon.

Mecapaw Trojan

Mecapaw description:
Mecapaw Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Detection Mecapaw :

Mecapaw Files:
[%PROFILE%]\wpcem.exe
[%PROFILE%]\wpcem.exe

Removing Mecapaw:

you can run trial version of ExterminateIt, or remove Mecapaw manually.

To completely manually remove Mecapaw malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Mecapaw.

Winny Trojan

Winny description:
Winny Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Winny:

you can run trial version of ExterminateIt, or remove Winny manually.

To completely manually remove Winny malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Winny.

Backdoor.GirlFriend.3!Server Backdoor

Click here to remove Backdoor.GirlFriend.3!Server malware

Backdoor.GirlFriend.3!Server description:
Backdoor.GirlFriend.3!Server Category:Backdoor
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:

Launching/ deleting files

Sending/ receiving files

Deleting data

Displaying notification

Rebooting the machine

Executing files

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Removing Backdoor.GirlFriend.3!Server:

you can run trial version of ExterminateIt, or remove Backdoor.GirlFriend.3!Server manually.

To completely manually remove Backdoor.GirlFriend.3!Server malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Backdoor.GirlFriend.3!Server.

ifrance.com Tracking Cookie

Click here to remove ifrance.com malware

ifrance.com description:
ifrance.com Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

If you fill out forms online with your real name and contact information,
click on banners and then purchase an item, or fill out sweepstakes or contests forms,
then it's possible that major online advertisers know your name and have associated it
with your IP address and other information.

Removing ifrance.com:

you can run trial version of ExterminateIt, or remove ifrance.com manually.

To completely manually remove ifrance.com malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with ifrance.com.

ICMIBS Trojan

ICMIBS description:
ICMIBS Category:Trojan,Backdoor
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Removing ICMIBS:

you can run trial version of ExterminateIt, or remove ICMIBS manually.

To completely manually remove ICMIBS malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with ICMIBS.

SillyDl.CHR Trojan

Click here to remove SillyDl.CHR malware

SillyDl.CHR description:
SillyDl.CHR Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing SillyDl.CHR:

you can run trial version of ExterminateIt, or remove SillyDl.CHR manually.

To completely manually remove SillyDl.CHR malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with SillyDl.CHR.

SpywareWall Adware

Click here to remove SpywareWall malware

SpywareWall description:
SpywareWall Category:Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

Detection SpywareWall :

SpywareWall Files:
[%SYSTEM%]\DrPMon.dll
[%SYSTEM%]\openconf.exe
[%SYSTEM%]\sysmnt.dat
[%WINDOWS%]\dinst.exe
[%WINDOWS%]\dsr.dll
[%WINDOWS%]\dsr.exe
[%WINDOWS%]\svcproc.exe
[%APPDATA%]\nsv\keys.dat
[%PROGRAM_FILES_COMMON%]\microsoft shared\dao\faq.url
[%PROGRAM_FILES_COMMON%]\microsoft shared\dao\svchost.exe\svchost.exe
[%PROGRAM_FILES_COMMON%]\microsoft shared\dao\website.url
[%STARTUP%]\popupwall.lnk
[%SYSTEM%]\drpmon.dll
[%SYSTEM%]\qumgdn.exe
[%SYSTEM%]\rldsregn.exe
[%SYSTEM%]\rndsregs.exe
[%SYSTEM%]\spnping.exe\spnping.exe
[%SYSTEM%]\winuptd.exe
[%SYSTEM%]\ysyssuuz.exe
[%WINDOWS%]\12868461b2545a878a7767e188056a07.ini
[%WINDOWS%]\bundles\spywarewall.exe
[%WINDOWS%]\temp\new105.tmp\upgrade.exe\00008260.exe
[%SYSTEM%]\DrPMon.dll
[%SYSTEM%]\openconf.exe
[%SYSTEM%]\sysmnt.dat
[%WINDOWS%]\dinst.exe
[%WINDOWS%]\dsr.dll
[%WINDOWS%]\dsr.exe
[%WINDOWS%]\svcproc.exe
[%APPDATA%]\nsv\keys.dat
[%PROGRAM_FILES_COMMON%]\microsoft shared\dao\faq.url
[%PROGRAM_FILES_COMMON%]\microsoft shared\dao\svchost.exe\svchost.exe
[%PROGRAM_FILES_COMMON%]\microsoft shared\dao\website.url
[%STARTUP%]\popupwall.lnk
[%SYSTEM%]\drpmon.dll
[%SYSTEM%]\qumgdn.exe
[%SYSTEM%]\rldsregn.exe
[%SYSTEM%]\rndsregs.exe
[%SYSTEM%]\spnping.exe\spnping.exe
[%SYSTEM%]\winuptd.exe
[%SYSTEM%]\ysyssuuz.exe
[%WINDOWS%]\12868461b2545a878a7767e188056a07.ini
[%WINDOWS%]\bundles\spywarewall.exe
[%WINDOWS%]\temp\new105.tmp\upgrade.exe\00008260.exe

SpywareWall Folders:
[%APPDATA%]\linkbho
[%APPDATA%]\spywarewall
[%PROGRAMS%]\popupwall
[%PROGRAMS%]\spywarewall
[%PROGRAM_FILES%]\popupwall
[%PROGRAM_FILES%]\spywarewall

SpywareWall Registry Keys:
HKEY_CLASSES_ROOT\appid\atlbrowser.exe
HKEY_CLASSES_ROOT\atlbrcon.atlbrcon
HKEY_CLASSES_ROOT\typelib\{6600d220-083f-11d6-99de-d172e92ebc2a}
HKEY_CURRENT_USER\Software\inst
HKEY_LOCAL_MACHINE\software\ddate
HKEY_LOCAL_MACHINE\system\controlset001\services\svcproc
HKEY_CLASSES_ROOT\interface\{ca621437-cb64-462a-94c4-0386e6158416}
HKEY_CURRENT_USER\software\inst
HKEY_CURRENT_USER\software\vb and vba program settings\popupwall
HKEY_CURRENT_USER\software\vb and vba program settings\spywarewall
HKEY_LOCAL_MACHINE\software\linkbho
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\popupwall
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spywarewall
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ssw_searchtool
HKEY_LOCAL_MACHINE\software\spywarewall

SpywareWall Registry Values:
HKEY_LOCAL_MACHINE\software\wise solutions\wise installation system\repair
HKEY_LOCAL_MACHINE\software\wise solutions\wise installation system\repair

Removing SpywareWall:

you can run trial version of ExterminateIt, or remove SpywareWall manually.

To completely manually remove SpywareWall malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with SpywareWall.

Wednesday, January 21, 2009

Xspy Spyware

Xspy description:
Xspy Category:Spyware,Backdoor
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Removing Xspy:

you can run trial version of ExterminateIt, or remove Xspy manually.

To completely manually remove Xspy malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Xspy.

Pigeon.AVCE Trojan

Click here to remove Pigeon.AVCE malware

Pigeon.AVCE description:
Pigeon.AVCE Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Pigeon.AVCE:

you can run trial version of ExterminateIt, or remove Pigeon.AVCE manually.

To completely manually remove Pigeon.AVCE malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.AVCE.

Bancos.FUG Trojan

Bancos.FUG description:
Bancos.FUG Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Bancos.FUG:

you can run trial version of ExterminateIt, or remove Bancos.FUG manually.

To completely manually remove Bancos.FUG malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.FUG.

def6.com Tracking Cookie

def6.com description:
def6.com Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

If you fill out forms online with your real name and contact information,
click on banners and then purchase an item, or fill out sweepstakes or contests forms,
then it's possible that major online advertisers know your name and have associated it
with your IP address and other information.

Removing def6.com:

you can run trial version of ExterminateIt, or remove def6.com manually.

To completely manually remove def6.com malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with def6.com.

Vxidl.BBP Trojan

Vxidl.BBP description:
Vxidl.BBP Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Vxidl.BBP:

you can run trial version of ExterminateIt, or remove Vxidl.BBP manually.

To completely manually remove Vxidl.BBP malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Vxidl.BBP.

SillyDl.CNL Trojan

Click here to remove SillyDl.CNL malware

SillyDl.CNL description:
SillyDl.CNL Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing SillyDl.CNL:

you can run trial version of ExterminateIt, or remove SillyDl.CNL manually.

To completely manually remove SillyDl.CNL malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with SillyDl.CNL.

IESecurityPro Spyware

Click here to remove IESecurityPro malware

IESecurityPro description:
IESecurityPro Category:Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.

Detection IESecurityPro :

IESecurityPro Files:
[%PROGRAM_FILES%]\1STINT~1\iesecpro.dll
[%PROGRAM_FILES%]\POPUPB~1\iehelper.dll
[%SYSTEM%]\IEHelper.dll
[%SYSTEM%]\iehelper3.dll
[%PROGRAM_FILES%]\1STINT~1\iesecpro.dll
[%PROGRAM_FILES%]\POPUPB~1\iehelper.dll
[%SYSTEM%]\IEHelper.dll
[%SYSTEM%]\iehelper3.dll

IESecurityPro Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{49E0E0F0-5C30-11D4-945D-000000000000}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49E0E0F0-5C30-11D4-945D-000000000000}

Removing IESecurityPro:

you can run trial version of ExterminateIt, or remove IESecurityPro manually.

To completely manually remove IESecurityPro malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with IESecurityPro.

Tuesday, January 20, 2009

Broadoor Backdoor

Broadoor description:
Broadoor Category:Backdoor
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:

Launching/ deleting files

Sending/ receiving files

Deleting data

Displaying notification

Rebooting the machine

Executing files

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Removing Broadoor:

you can run trial version of ExterminateIt, or remove Broadoor manually.

To completely manually remove Broadoor malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Broadoor.

Floppy Trojan

Floppy description:
Floppy Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Floppy:

you can run trial version of ExterminateIt, or remove Floppy manually.

To completely manually remove Floppy malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Floppy.

Delf.bc Spyware

Delf.bc description:
Delf.bc Category:Spyware
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

Removing Delf.bc:

you can run trial version of ExterminateIt, or remove Delf.bc manually.

To completely manually remove Delf.bc malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Delf.bc.

Win32.Darliz.generic Trojan

Click here to remove Win32.Darliz.generic malware

Win32.Darliz.generic description:
Win32.Darliz.generic Category:Trojan,Adware
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Detection Win32.Darliz.generic :

Win32.Darliz.generic Registry Keys:
HKEY_CLASSES_ROOT\clsid\{2538ff02-a058-1e13-6c70-e22248c1ff57}
HKEY_CLASSES_ROOT\clsid\{2a05abf0-f613-c701-667f-2d0980fffcbe}
HKEY_CLASSES_ROOT\clsid\{6cbdaece-50d0-9bfe-bb29-10a219ca504e}
HKEY_CLASSES_ROOT\clsid\{76983011-b481-a2c5-5284-685fb2c1e9b1}
HKEY_CLASSES_ROOT\clsid\{7772d699-00f5-eaa7-c090-1024312810ae}
HKEY_CLASSES_ROOT\clsid\{a3525824-6377-04f2-27f4-724f12e2421b}
HKEY_CLASSES_ROOT\clsid\{a6370391-273c-5e76-cde1-2241faf76042}
HKEY_CLASSES_ROOT\clsid\{af67e0f5-f97a-303d-dfca-9a810ab49824}
HKEY_CLASSES_ROOT\clsid\{cf9a0246-f472-b355-2e41-478e2553b046}
HKEY_CLASSES_ROOT\clsid\{d8cf5188-b7a0-9c17-7e15-08ab83ebecf1}
HKEY_CLASSES_ROOT\clsid\{da0977a9-f52a-3539-9ca8-b4bcca2e7bed}
HKEY_CLASSES_ROOT\clsid\{f3a43e3a-311e-711c-2702-156cab208432}
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_insixwphwtt
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\insixwphwtt

Win32.Darliz.generic Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet connection wizard
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Win32.Darliz.generic:

you can run trial version of ExterminateIt, or remove Win32.Darliz.generic manually.

To completely manually remove Win32.Darliz.generic malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Win32.Darliz.generic.

Bat.MkDirs Trojan

Bat.MkDirs description:
Bat.MkDirs Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Bat.MkDirs:

you can run trial version of ExterminateIt, or remove Bat.MkDirs manually.

To completely manually remove Bat.MkDirs malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bat.MkDirs.

Generator Trojan

Generator description:
Generator Category:Trojan,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.

Detection Generator :

Generator Files:
[%DESKTOP%]\destripador.exe
[%DESKTOP%]\generador destripador v4.0.exe
[%DESKTOP%]\destripador.exe
[%DESKTOP%]\generador destripador v4.0.exe

Removing Generator:

you can run trial version of ExterminateIt, or remove Generator manually.

To completely manually remove Generator malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Generator.

Monday, January 19, 2009

Pigeon.AWIE Trojan

Click here to remove Pigeon.AWIE malware

Pigeon.AWIE description:
Pigeon.AWIE Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Pigeon.AWIE:

you can run trial version of ExterminateIt, or remove Pigeon.AWIE manually.

To completely manually remove Pigeon.AWIE malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.AWIE.

Vxidl.AIX Trojan

Vxidl.AIX description:
Vxidl.AIX Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Vxidl.AIX:

you can run trial version of ExterminateIt, or remove Vxidl.AIX manually.

To completely manually remove Vxidl.AIX malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Vxidl.AIX.

exit.ad.de Tracking Cookie

exit.ad.de description:
exit.ad.de Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

Removing exit.ad.de:

you can run trial version of ExterminateIt, or remove exit.ad.de manually.

To completely manually remove exit.ad.de malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with exit.ad.de.

WeatherStudio Toolbar

Click here to remove WeatherStudio malware

WeatherStudio description:
WeatherStudio Category:Toolbar
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

Detection WeatherStudio :

WeatherStudio Files:
[%COMMON_PROGRAMS%]\WeatherStudio Desktop.lnk
[%PROGRAM_FILES%]\WeatherStudio348\bin\WeatherStudio348.dll
[%PROGRAM_FILES%]\WeatherStudio348\icons\1524_icon.ico
[%PROGRAM_FILES%]\WeatherStudio348\WeatherStudio348Config.xml
[%PROGRAM_FILES%]\WeatherStudio348\WeatherStudio348Uninstall.exe
[%COMMON_PROGRAMS%]\WeatherStudio Desktop.lnk
[%PROGRAM_FILES%]\WeatherStudio348\bin\WeatherStudio348.dll
[%PROGRAM_FILES%]\WeatherStudio348\icons\1524_icon.ico
[%PROGRAM_FILES%]\WeatherStudio348\WeatherStudio348Config.xml
[%PROGRAM_FILES%]\WeatherStudio348\WeatherStudio348Uninstall.exe

WeatherStudio Folders:
[%APPDATA%]\WeatherStudio Desktop
[%APPDATA%]\WeatherStudio348
[%PROGRAM_FILES%]\WeatherStudio Desktop

WeatherStudio Registry Keys:
HKEY_CLASSES_ROOT\clsid\{15757333-2bca-4b77-a807-d0955132f812}
HKEY_CLASSES_ROOT\clsid\{6f45aea2-9c81-4832-8390-7134102b8de5}
HKEY_CLASSES_ROOT\clsid\{7c2fc77a-af76-4a75-ac16-b02a13829f34}\implemented categories
HKEY_CLASSES_ROOT\clsid\{a7fde125-cebe-400e-8f4d-d2c0708b7d70}\implemented categories
HKEY_CLASSES_ROOT\clsid\{ffdd804f-a7f8-4395-93d2-66a85da2bdab}
HKEY_CURRENT_USER\software\weatherstudio348
HKEY_CURRENT_USER\software\weatherstudiodesktop
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6f45aea2-9c81-4832-8390-7134102b8de5}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ffdd804f-a7f8-4395-93d2-66a85da2bdab}

WeatherStudio Registry Values:
HKEY_CLASSES_ROOT\clsid\{7c2fc77a-af76-4a75-ac16-b02a13829f34}\inprocserver32
HKEY_CLASSES_ROOT\clsid\{a7fde125-cebe-400e-8f4d-d2c0708b7d70}\inprocserver32
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\weatherstudio348
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\weatherstudio348
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\weatherstudio348
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\weatherstudio348

Removing WeatherStudio:

you can run trial version of ExterminateIt, or remove WeatherStudio manually.

To completely manually remove WeatherStudio malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with WeatherStudio.

QQPlus Spyware

QQPlus description:
QQPlus Category:Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.

Removing QQPlus:

you can run trial version of ExterminateIt, or remove QQPlus manually.

To completely manually remove QQPlus malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with QQPlus.

Bancos.GRP Trojan

Bancos.GRP description:
Bancos.GRP Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Bancos.GRP:

you can run trial version of ExterminateIt, or remove Bancos.GRP manually.

To completely manually remove Bancos.GRP malware from your computer, you need to delete the Windows registry keys and registry