Trojan List 45: January 2009

Saturday, January 31, 2009

Win32.Messenger Malware

Win32.Messenger description:
Win32.Messenger Category:Malware
Malware includes a range of programs that do not threaten computers directly,
but are used to create viruses or Trojans, or used to carry out illegal activities
such as DoS attacks and breaking into other computers.

Detection Win32.Messenger :

Win32.Messenger Folders:
[%PROGRAM_FILES%]\Win32coMessenger

Removing Win32.Messenger:

you can run trial version of ExterminateIt, or remove Win32.Messenger manually.

To completely manually remove Win32.Messenger malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Win32.Messenger.

Win32.Naldem Trojan

Click here to remove Win32.Naldem malware

Win32.Naldem description:
Win32.Naldem Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Win32.Naldem:

you can run trial version of ExterminateIt, or remove Win32.Naldem manually.

To completely manually remove Win32.Naldem malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Win32.Naldem.

Arsd Trojan

Arsd description:
Arsd Category:Trojan,Backdoor,RAT
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Detection Arsd :

Arsd Files:
[%WINDOWS%]\arsd.exe
[%WINDOWS%]\arsd.exe

Removing Arsd:

you can run trial version of ExterminateIt, or remove Arsd manually.

To completely manually remove Arsd malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Arsd.

Pigeon.EFC Trojan

Pigeon.EFC description:
Pigeon.EFC Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Pigeon.EFC:

you can run trial version of ExterminateIt, or remove Pigeon.EFC manually.

To completely manually remove Pigeon.EFC malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.EFC.

Bancos.GTL Trojan

Bancos.GTL description:
Bancos.GTL Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Bancos.GTL:

you can run trial version of ExterminateIt, or remove Bancos.GTL manually.

To completely manually remove Bancos.GTL malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.GTL.

rute Downloader

rute description:
rute Category:Downloader
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

Removing rute:

you can run trial version of ExterminateIt, or remove rute manually.

To completely manually remove rute malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with rute.

Ultimate.Defender Trojan

Click here to remove Ultimate.Defender malware

Ultimate.Defender description:
Ultimate.Defender Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Detection Ultimate.Defender :

Ultimate.Defender Files:
[%DESKTOP%]\ultimate defender.lnk
[%DESKTOP%]\ultimate defender.pkg
[%DESKTOP%]\ultimate defender.lnk
[%DESKTOP%]\ultimate defender.pkg

Ultimate.Defender Folders:
[%APPDATA%]\ultimate defender
[%COMMON_STARTMENU%]\Ultimate Defender
[%PROGRAM_FILES%]\ultimate defender
[%COMMON_PROGRAMS%]\Ultimate Defender
[%PROFILE%]\start menu\ultimate defender

Ultimate.Defender Registry Keys:
HKEY_CURRENT_USER\software\ultimate defender
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ultimate defender
HKEY_LOCAL_MACHINE\software\ultimate defender

Ultimate.Defender Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Ultimate.Defender:

you can run trial version of ExterminateIt, or remove Ultimate.Defender manually.

To completely manually remove Ultimate.Defender malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Ultimate.Defender.

Dismowbot Trojan

Dismowbot description:
Dismowbot Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Dismowbot:

you can run trial version of ExterminateIt, or remove Dismowbot manually.

To completely manually remove Dismowbot malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Dismowbot.

JS.WindowBomb Trojan

Click here to remove JS.WindowBomb malware

JS.WindowBomb description:
JS.WindowBomb Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing JS.WindowBomb:

you can run trial version of ExterminateIt, or remove JS.WindowBomb manually.

To completely manually remove JS.WindowBomb malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with JS.WindowBomb.

Bancos.GHG Trojan

Bancos.GHG description:
Bancos.GHG Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Bancos.GHG:

you can run trial version of ExterminateIt, or remove Bancos.GHG manually.

To completely manually remove Bancos.GHG malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.GHG.

Win32.Wuloit Trojan

Click here to remove Win32.Wuloit malware

Win32.Wuloit description:
Win32.Wuloit Category:Trojan,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Removing Win32.Wuloit:

you can run trial version of ExterminateIt, or remove Win32.Wuloit manually.

To completely manually remove Win32.Wuloit malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Win32.Wuloit.

Pigeon.ETI Trojan

Pigeon.ETI description:
Pigeon.ETI Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Pigeon.ETI:

you can run trial version of ExterminateIt, or remove Pigeon.ETI manually.

To completely manually remove Pigeon.ETI malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.ETI.

Friday, January 30, 2009

Bancos.FYH Trojan

Bancos.FYH description:
Bancos.FYH Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Bancos.FYH:

you can run trial version of ExterminateIt, or remove Bancos.FYH manually.

To completely manually remove Bancos.FYH malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.FYH.

Late.Night Trojan

Late.Night description:
Late.Night Category:Trojan,Backdoor,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

Removing Late.Night:

you can run trial version of ExterminateIt, or remove Late.Night manually.

To completely manually remove Late.Night malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Late.Night.

Vxidl.BBK Trojan

Vxidl.BBK description:
Vxidl.BBK Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Vxidl.BBK:

you can run trial version of ExterminateIt, or remove Vxidl.BBK manually.

To completely manually remove Vxidl.BBK malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Vxidl.BBK.

Bancos.HNH Trojan

Bancos.HNH description:
Bancos.HNH Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Bancos.HNH:

you can run trial version of ExterminateIt, or remove Bancos.HNH manually.

To completely manually remove Bancos.HNH malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.HNH.

cityofcairns.com Tracking Cookie

Click here to remove cityofcairns.com malware

cityofcairns.com description:
cityofcairns.com Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

If you fill out forms online with your real name and contact information,
click on banners and then purchase an item, or fill out sweepstakes or contests forms,
then it's possible that major online advertisers know your name and have associated it
with your IP address and other information.

Removing cityofcairns.com:

you can run trial version of ExterminateIt, or remove cityofcairns.com manually.

To completely manually remove cityofcairns.com malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with cityofcairns.com.

System.Pro Spyware

System.Pro description:
System.Pro Category:Spyware
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

Detection System.Pro :

System.Pro Files:
[%WINDOWS%]\runprf32.exe
[%WINDOWS%]\spinsavc.exe
[%DESKTOP%]\systemsurveillancepro.htm
[%DESKTOP%]\SystemSurvPro.htm
[%PROFILE%]\Local Settings\Desktop\SystemSurveillancePro.htm
[%PROGRAMS%]\System Surveillance Pro 4.8\Help Manual.lnk
[%PROGRAMS%]\System Surveillance Pro 4.8\SSPro Data Viewer.lnk
[%PROGRAMS%]\System Surveillance Pro 4.8\Uninstall SSPro.lnk
[%WINDOWS%]\ordpix.dll
[%WINDOWS%]\sspro.cnt
[%WINDOWS%]\sspro.hlp
[%WINDOWS%]\sysural.dll
[%WINDOWS%]\sysurbl.dll
[%WINDOWS%]\runprf32.exe
[%WINDOWS%]\spinsavc.exe
[%DESKTOP%]\systemsurveillancepro.htm
[%DESKTOP%]\SystemSurvPro.htm
[%PROFILE%]\Local Settings\Desktop\SystemSurveillancePro.htm
[%PROGRAMS%]\System Surveillance Pro 4.8\Help Manual.lnk
[%PROGRAMS%]\System Surveillance Pro 4.8\SSPro Data Viewer.lnk
[%PROGRAMS%]\System Surveillance Pro 4.8\Uninstall SSPro.lnk
[%WINDOWS%]\ordpix.dll
[%WINDOWS%]\sspro.cnt
[%WINDOWS%]\sspro.hlp
[%WINDOWS%]\sysural.dll
[%WINDOWS%]\sysurbl.dll

System.Pro Folders:
[%WINDOWS%]\fontinfo
[%PROGRAMS%]\system surveillance pro
[%WINDOWS%]\fontview

System.Pro Registry Keys:
HKEY_CLASSES_ROOT\.zzr
HKEY_CLASSES_ROOT\clsid\{91b066b2-be0d-42bf-bedd-f9dfdbb29236}\implemented categories
HKEY_CLASSES_ROOT\sspro
HKEY_CLASSES_ROOT\sspro.document
HKEY_CLASSES_ROOT\survservices.datablockmanipulation
HKEY_CLASSES_ROOT\survservices.datainterface
HKEY_CLASSES_ROOT\survservices.declarations
HKEY_CLASSES_ROOT\survservices.general
HKEY_CLASSES_ROOT\clsid\{457107e0-4551-11d5-be6f-ae127dee6059}
HKEY_CLASSES_ROOT\clsid\{47643398-a2f7-422b-9fcc-e5540b1eeb05}
HKEY_CLASSES_ROOT\clsid\{95e6c67a-f1e0-48ef-b0cd-3d72b23fb558}
HKEY_CLASSES_ROOT\clsid\{9df88e2d-bc3e-4524-b5d0-1c49557427a4}
HKEY_CLASSES_ROOT\clsid\{b540c664-b279-4702-83b6-813c9552148f}
HKEY_CLASSES_ROOT\interface\{2074d3f5-5d94-4468-b0d4-6388666aa3e3}
HKEY_CLASSES_ROOT\interface\{453706df-465b-11d5-be6f-c0e46d415558}
HKEY_CLASSES_ROOT\interface\{453706e7-465b-11d5-be6f-c0e46d415558}
HKEY_CLASSES_ROOT\interface\{dac453d4-86ad-4dbe-8d44-2b88c376bbe3}
HKEY_CLASSES_ROOT\interface\{dda8b302-e846-4e1f-818d-0b701f969f9b}
HKEY_CLASSES_ROOT\interface\{f127d096-0939-418e-b579-ce7e40eb6a8a}
HKEY_CLASSES_ROOT\picscroll.cpvpicscroll
HKEY_CLASSES_ROOT\typelib\{3b8554df-2818-4d24-bf82-c7ee3f9af3b5}
HKEY_CLASSES_ROOT\typelib\{457107de-4551-11d5-be6f-ae127dee6059}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\system surveillance pro~
HKEY_CURRENT_USER\software\vb and vba program settings\sspro

System.Pro Registry Values:
HKEY_CLASSES_ROOT\clsid\{d46bd5cb-2360-4f5f-8793-5f4ae775ec44}\inprocserver32
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing System.Pro:

you can run trial version of ExterminateIt, or remove System.Pro manually.

To completely manually remove System.Pro malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with System.Pro.

ebgames.com Tracking Cookie

Click here to remove ebgames.com malware

ebgames.com description:
ebgames.com Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

If you fill out forms online with your real name and contact information,
click on banners and then purchase an item, or fill out sweepstakes or contests forms,
then it's possible that major online advertisers know your name and have associated it
with your IP address and other information.

Removing ebgames.com:

you can run trial version of ExterminateIt, or remove ebgames.com manually.

To completely manually remove ebgames.com malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with ebgames.com.

WinxDefender Ransomware

Click here to remove WinxDefender malware

WinxDefender description:
WinxDefender Category:Ransomware
The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.

Detection WinxDefender :

WinxDefender Files:
[%DESKTOP%]\WinXDefender.lnk
[%DESKTOP%]\WinXDefender.lnk

WinxDefender Folders:
[%APPDATA%]\WinXDefender
[%COMMON_PROGRAMS%]\WinXDefender
[%PROGRAM_FILES%]\WinXDefender

WinxDefender Registry Keys:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\winxdefender

WinxDefender Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing WinxDefender:

you can run trial version of ExterminateIt, or remove WinxDefender manually.

To completely manually remove WinxDefender malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with WinxDefender.

Thursday, January 29, 2009

Dagger Backdoor

Dagger description:
Dagger Category:Backdoor,RAT
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.

Detection Dagger :

Dagger Files:
[%WINDOWS%]\system\manager.exe
[%WINDOWS%]\system\manager.exe

Dagger Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Dagger:

you can run trial version of ExterminateIt, or remove Dagger manually.

To completely manually remove Dagger malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Dagger.

doubleclick.net Tracking Cookie

Click here to remove doubleclick.net malware

doubleclick.net description:
doubleclick.net Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

If you fill out forms online with your real name and contact information,
click on banners and then purchase an item, or fill out sweepstakes or contests forms,
then it's possible that major online advertisers know your name and have associated it
with your IP address and other information.

Removing doubleclick.net:

you can run trial version of ExterminateIt, or remove doubleclick.net manually.

To completely manually remove doubleclick.net malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with doubleclick.net.

TrojanDownloader.Win32.Glukonat Downloader

Click here to remove TrojanDownloader.Win32.Glukonat malware

TrojanDownloader.Win32.Glukonat description:
TrojanDownloader.Win32.Glukonat Category:Downloader
Trojans-downloaders downloads and installs new malware or adware on the computer.

Removing TrojanDownloader.Win32.Glukonat:

you can run trial version of ExterminateIt, or remove TrojanDownloader.Win32.Glukonat manually.

To completely manually remove TrojanDownloader.Win32.Glukonat malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with TrojanDownloader.Win32.Glukonat.

Remu Trojan

Remu description:
Remu Category:Trojan,Backdoor,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.

Removing Remu:

you can run trial version of ExterminateIt, or remove Remu manually.

To completely manually remove Remu malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Remu.

Win32.Homepage Trojan

Click here to remove Win32.Homepage malware

Win32.Homepage description:
Win32.Homepage Category:Trojan,Hijacker
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search.

Removing Win32.Homepage:

you can run trial version of ExterminateIt, or remove Win32.Homepage manually.

To completely manually remove Win32.Homepage malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Win32.Homepage.

Pigeon.DSH Trojan

Pigeon.DSH description:
Pigeon.DSH Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Detection Pigeon.DSH :

Pigeon.DSH Files:
[%SYSTEM%]\csrssar
[%SYSTEM%]\csrssar

Pigeon.DSH Registry Keys:
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_remate_run_rpc_(asp)
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\remate run rpc (asp)

Removing Pigeon.DSH:

you can run trial version of ExterminateIt, or remove Pigeon.DSH manually.

To completely manually remove Pigeon.DSH malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.DSH.

Vxidl.AMO Trojan

Vxidl.AMO description:
Vxidl.AMO Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Vxidl.AMO:

you can run trial version of ExterminateIt, or remove Vxidl.AMO manually.

To completely manually remove Vxidl.AMO malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Vxidl.AMO.

Hail Trojan

Hail description:
Hail Category:Trojan,Backdoor,Downloader,DoS
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

Removing Hail:

you can run trial version of ExterminateIt, or remove Hail manually.

To completely manually remove Hail malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Hail.

Flyswat Adware

Flyswat description:
Flyswat Category:Adware,BHO
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.

Detection Flyswat :

Flyswat Files:
[%PROGRAM_FILES%]\netcaptor\flylib.dll
[%SYSTEM%]\flylib.dll
[%WINDOWS%]\system\flylib.dll
[%PROGRAM_FILES%]\netcaptor\flylib.dll
[%SYSTEM%]\flylib.dll
[%WINDOWS%]\system\flylib.dll

Flyswat Registry Keys:
HKEY_CLASSES_ROOT\clsid\{58ed1294-990e-11d3-af63-00e01898ddda}
HKEY_CLASSES_ROOT\clsid\{82b98006-7a56-11d2-a26f-00c04f962769}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{82b98006-7a56-11d2-a26f-00c04f962769}
HKEY_LOCAL_MACHINE\software\classes\clsid\{82b98006-7a56-11d2-a26f-00c04f962769}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{82b98006-7a56-11d2-a26f-00c04f962769}

Removing Flyswat:

you can run trial version of ExterminateIt, or remove Flyswat manually.

To completely manually remove Flyswat malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Flyswat.

RPack Trojan

RPack description:
RPack Category:Trojan,Backdoor
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:

Launching/ deleting files

Sending/ receiving files

Deleting data

Displaying notification

Rebooting the machine

Executing files

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Removing RPack:

you can run trial version of ExterminateIt, or remove RPack manually.

To completely manually remove RPack malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with RPack.

Yafo Trojan

Yafo description:
Yafo Category:Trojan,Backdoor,Downloader,DoS
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

Removing Yafo:

you can run trial version of ExterminateIt, or remove Yafo manually.

To completely manually remove Yafo malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Yafo.

Wyrviouss.Invisible Trojan

Click here to remove Wyrviouss.Invisible malware

Wyrviouss.Invisible description:
Wyrviouss.Invisible Category:Trojan,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Removing Wyrviouss.Invisible:

you can run trial version of ExterminateIt, or remove Wyrviouss.Invisible manually.

To completely manually remove Wyrviouss.Invisible malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Wyrviouss.Invisible.

Tfd.cFlooder DoS

Click here to remove Tfd.cFlooder malware

Tfd.cFlooder description:
Tfd.cFlooder Category:DoS
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.

Removing Tfd.cFlooder:

you can run trial version of ExterminateIt, or remove Tfd.cFlooder manually.

To completely manually remove Tfd.cFlooder malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Tfd.cFlooder.

Netscreen RAT

Netscreen description:
Netscreen Category:RAT
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.

Detection Netscreen :

Netscreen Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing Netscreen:

you can run trial version of ExterminateIt, or remove Netscreen manually.

To completely manually remove Netscreen malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Netscreen.

Wednesday, January 28, 2009

Snivelex Trojan

Snivelex description:
Snivelex Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Snivelex:

you can run trial version of ExterminateIt, or remove Snivelex manually.

To completely manually remove Snivelex malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Snivelex.

Compain Trojan

Compain description:
Compain Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Compain:

you can run trial version of ExterminateIt, or remove Compain manually.

To completely manually remove Compain malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Compain.

Netministrator Spyware

Click here to remove Netministrator malware

Netministrator description:
Netministrator Category:Spyware,Backdoor,RAT
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:

Launching/ deleting files

Sending/ receiving files

Deleting data

Displaying notification

Rebooting the machine

Executing files

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.

Removing Netministrator:

you can run trial version of ExterminateIt, or remove Netministrator manually.

To completely manually remove Netministrator malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Netministrator.

BL Trojan

BL description:
BL Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Detection BL :

BL Files:
[%STARTUP%]\imfe.exe
[%SYSTEM%]\igfxsvc.exe
[%SYSTEM%]\spoolw.exe
[%WINDOWS%]\1001319843.exe
[%WINDOWS%]\1005384546.exe
[%WINDOWS%]\1009449593.exe
[%WINDOWS%]\1013502546.exe
[%WINDOWS%]\1017514140.exe
[%WINDOWS%]\1021521828.exe
[%WINDOWS%]\1025528312.exe
[%WINDOWS%]\1029540156.exe
[%WINDOWS%]\1033547906.exe
[%WINDOWS%]\1037666906.exe
[%WINDOWS%]\1041692718.exe
[%WINDOWS%]\1045698609.exe
[%WINDOWS%]\1049704031.exe
[%WINDOWS%]\1053710187.exe
[%WINDOWS%]\1057760046.exe
[%WINDOWS%]\1061794218.exe
[%WINDOWS%]\1065804265.exe
[%WINDOWS%]\1069809906.exe
[%WINDOWS%]\823008343.exe
[%WINDOWS%]\827109921.exe
[%WINDOWS%]\831197953.exe
[%WINDOWS%]\835303781.exe
[%WINDOWS%]\839390562.exe
[%WINDOWS%]\843490531.exe
[%WINDOWS%]\847554765.exe
[%WINDOWS%]\851608406.exe
[%WINDOWS%]\855615421.exe
[%WINDOWS%]\859635843.exe
[%WINDOWS%]\867757859.exe
[%WINDOWS%]\871776218.exe
[%WINDOWS%]\875783578.exe
[%WINDOWS%]\879793640.exe
[%WINDOWS%]\883800187.exe
[%WINDOWS%]\887908890.exe
[%WINDOWS%]\891932656.exe
[%WINDOWS%]\895971281.exe
[%WINDOWS%]\899977546.exe
[%WINDOWS%]\903983875.exe
[%WINDOWS%]\907989640.exe
[%WINDOWS%]\911995734.exe
[%WINDOWS%]\916001500.exe
[%WINDOWS%]\920007453.exe
[%WINDOWS%]\924014296.exe
[%WINDOWS%]\928020500.exe
[%WINDOWS%]\932033656.exe
[%WINDOWS%]\936081812.exe
[%WINDOWS%]\940201625.exe
[%WINDOWS%]\944309593.exe
[%WINDOWS%]\948431156.exe
[%WINDOWS%]\952599468.exe
[%WINDOWS%]\956750375.exe
[%WINDOWS%]\960779343.exe
[%WINDOWS%]\964788937.exe
[%WINDOWS%]\968795843.exe
[%WINDOWS%]\972831218.exe
[%WINDOWS%]\976943640.exe
[%WINDOWS%]\981022843.exe
[%WINDOWS%]\985081390.exe
[%WINDOWS%]\989138046.exe
[%WINDOWS%]\993195218.exe
[%WINDOWS%]\997254203.exe
[%WINDOWS%]\iexplore_32.exe
[%WINDOWS%]\w32dbg.exe
[%STARTUP%]\imfe.exe
[%SYSTEM%]\igfxsvc.exe
[%SYSTEM%]\spoolw.exe
[%WINDOWS%]\1001319843.exe
[%WINDOWS%]\1005384546.exe
[%WINDOWS%]\1009449593.exe
[%WINDOWS%]\1013502546.exe
[%WINDOWS%]\1017514140.exe
[%WINDOWS%]\1021521828.exe
[%WINDOWS%]\1025528312.exe
[%WINDOWS%]\1029540156.exe
[%WINDOWS%]\1033547906.exe
[%WINDOWS%]\1037666906.exe
[%WINDOWS%]\1041692718.exe
[%WINDOWS%]\1045698609.exe
[%WINDOWS%]\1049704031.exe
[%WINDOWS%]\1053710187.exe
[%WINDOWS%]\1057760046.exe
[%WINDOWS%]\1061794218.exe
[%WINDOWS%]\1065804265.exe
[%WINDOWS%]\1069809906.exe
[%WINDOWS%]\823008343.exe
[%WINDOWS%]\827109921.exe
[%WINDOWS%]\831197953.exe
[%WINDOWS%]\835303781.exe
[%WINDOWS%]\839390562.exe
[%WINDOWS%]\843490531.exe
[%WINDOWS%]\847554765.exe
[%WINDOWS%]\851608406.exe
[%WINDOWS%]\855615421.exe
[%WINDOWS%]\859635843.exe
[%WINDOWS%]\867757859.exe
[%WINDOWS%]\871776218.exe
[%WINDOWS%]\875783578.exe
[%WINDOWS%]\879793640.exe
[%WINDOWS%]\883800187.exe
[%WINDOWS%]\887908890.exe
[%WINDOWS%]\891932656.exe
[%WINDOWS%]\895971281.exe
[%WINDOWS%]\899977546.exe
[%WINDOWS%]\903983875.exe
[%WINDOWS%]\907989640.exe
[%WINDOWS%]\911995734.exe
[%WINDOWS%]\916001500.exe
[%WINDOWS%]\920007453.exe
[%WINDOWS%]\924014296.exe
[%WINDOWS%]\928020500.exe
[%WINDOWS%]\932033656.exe
[%WINDOWS%]\936081812.exe
[%WINDOWS%]\940201625.exe
[%WINDOWS%]\944309593.exe
[%WINDOWS%]\948431156.exe
[%WINDOWS%]\952599468.exe
[%WINDOWS%]\956750375.exe
[%WINDOWS%]\960779343.exe
[%WINDOWS%]\964788937.exe
[%WINDOWS%]\968795843.exe
[%WINDOWS%]\972831218.exe
[%WINDOWS%]\976943640.exe
[%WINDOWS%]\981022843.exe
[%WINDOWS%]\985081390.exe
[%WINDOWS%]\989138046.exe
[%WINDOWS%]\993195218.exe
[%WINDOWS%]\997254203.exe
[%WINDOWS%]\iexplore_32.exe
[%WINDOWS%]\w32dbg.exe

Removing BL:

you can run trial version of ExterminateIt, or remove BL manually.

To completely manually remove BL malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with BL.

Fixob Trojan

Fixob description:
Fixob Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Fixob:

you can run trial version of ExterminateIt, or remove Fixob manually.

To completely manually remove Fixob malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Fixob.

RBackdoor Trojan

RBackdoor description:
RBackdoor Category:Trojan,Backdoor,RAT,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Removing RBackdoor:

you can run trial version of ExterminateIt, or remove RBackdoor manually.

To completely manually remove RBackdoor malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with RBackdoor.

Logho Trojan

Logho description:
Logho Category:Trojan,Downloader
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Trojans-downloaders downloads and installs new malware or adware on the computer.

Detection Logho :

Logho Files:
[%SYSTEM%]\syst1s.exe
[%SYSTEM%]\win_r54.exe
[%SYSTEM%]\syst1s.exe
[%SYSTEM%]\win_r54.exe

Removing Logho:

you can run trial version of ExterminateIt, or remove Logho manually.

To completely manually remove Logho malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Logho.

WinAntiSpyware2006 Downloader

Click here to remove WinAntiSpyware2006 malware

WinAntiSpyware2006 description:
WinAntiSpyware2006 Category:Downloader
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

Removing WinAntiSpyware2006:

you can run trial version of ExterminateIt, or remove WinAntiSpyware2006 manually.

To completely manually remove WinAntiSpyware2006 malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with WinAntiSpyware2006.

Pigeon.EQS Trojan

Pigeon.EQS description:
Pigeon.EQS Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Pigeon.EQS:

you can run trial version of ExterminateIt, or remove Pigeon.EQS manually.

To completely manually remove Pigeon.EQS malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.EQS.

Renos.az Trojan

Renos.az description:
Renos.az Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Renos.az:

you can run trial version of ExterminateIt, or remove Renos.az manually.

To completely manually remove Renos.az malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Renos.az.

Follow.Me Trojan

Follow.Me description:
Follow.Me Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Follow.Me:

you can run trial version of ExterminateIt, or remove Follow.Me manually.

To completely manually remove Follow.Me malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Follow.Me.

Backdoor.Sub7Legend.Server Trojan

Click here to remove Backdoor.Sub7Legend.Server malware

Backdoor.Sub7Legend.Server description:
Backdoor.Sub7Legend.Server Category:Trojan,Backdoor
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Removing Backdoor.Sub7Legend.Server:

you can run trial version of ExterminateIt, or remove Backdoor.Sub7Legend.Server manually.

To completely manually remove Backdoor.Sub7Legend.Server malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Backdoor.Sub7Legend.Server.

End.of Trojan

End.of description:
End.of Category:Trojan,Backdoor,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.

Removing End.of:

you can run trial version of ExterminateIt, or remove End.of manually.

To completely manually remove End.of malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with End.of.

Silver.Dollar Trojan

Click here to remove Silver.Dollar malware

Silver.Dollar description:
Silver.Dollar Category:Trojan,Backdoor,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
DoS trojans conduct attacks from a single computer with the consent of the user.

Removing Silver.Dollar:

you can run trial version of ExterminateIt, or remove Silver.Dollar manually.

To completely manually remove Silver.Dollar malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Silver.Dollar.

Subroot.12!Server Backdoor

Click here to remove Subroot.12!Server malware

Subroot.12!Server description:
Subroot.12!Server Category:Backdoor
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:

Launching/ deleting files

Sending/ receiving files

Deleting data

Displaying notification

Rebooting the machine

Executing files

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Removing Subroot.12!Server:

you can run trial version of ExterminateIt, or remove Subroot.12!Server manually.

To completely manually remove Subroot.12!Server malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Subroot.12!Server.

WinPopup DoS

WinPopup description:
WinPopup Category:DoS
DoS trojans conduct attacks from a single computer with the consent of the user.

Removing WinPopup:

you can run trial version of ExterminateIt, or remove WinPopup manually.

To completely manually remove WinPopup malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with WinPopup.

Surfcomp Adware

Surfcomp description:
Surfcomp Category:Adware,BHO
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.

Detection Surfcomp :

Surfcomp Files:
[%SYSTEM%]\surfcomp.dll
[%SYSTEM%]\surfcomp.dll

Surfcomp Registry Keys:
HKEY_CLASSES_ROOT\clsid\{4145b998-6511-46de-a873-fd1dbd053164}
HKEY_CLASSES_ROOT\interface\{adaba402-85cd-4037-bc74-f4aaa8c7429c}
HKEY_CLASSES_ROOT\plugin.splugin
HKEY_CLASSES_ROOT\plugin.splugin.1
HKEY_CLASSES_ROOT\typelib\{c776869f-7c58-4778-9f55-8a78b6ec7d28}
HKEY_CURRENT_USER\software\surfplugin
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4145b998-6511-46de-a873-fd1dbd053164}

Removing Surfcomp:

you can run trial version of ExterminateIt, or remove Surfcomp manually.

To completely manually remove Surfcomp malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Surfcomp.

Tuesday, January 27, 2009

ICQ.Locked Trojan

ICQ.Locked description:
ICQ.Locked Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing ICQ.Locked:

you can run trial version of ExterminateIt, or remove ICQ.Locked manually.

To completely manually remove ICQ.Locked malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with ICQ.Locked.

Rhapsody Trojan

Rhapsody description:
Rhapsody Category:Trojan,Backdoor,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.

Removing Rhapsody:

you can run trial version of ExterminateIt, or remove Rhapsody manually.

To completely manually remove Rhapsody malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Rhapsody.

SillyDl.CUM Trojan

Click here to remove SillyDl.CUM malware

SillyDl.CUM description:
SillyDl.CUM Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing SillyDl.CUM:

you can run trial version of ExterminateIt, or remove SillyDl.CUM manually.

To completely manually remove SillyDl.CUM malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with SillyDl.CUM.

Bancos.GRM Trojan

Bancos.GRM description:
Bancos.GRM Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Bancos.GRM:

you can run trial version of ExterminateIt, or remove Bancos.GRM manually.

To completely manually remove Bancos.GRM malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.GRM.

KeyGen.PC.OnPoint Trojan

Click here to remove KeyGen.PC.OnPoint malware

KeyGen.PC.OnPoint description:
KeyGen.PC.OnPoint Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing KeyGen.PC.OnPoint:

you can run trial version of ExterminateIt, or remove KeyGen.PC.OnPoint manually.

To completely manually remove KeyGen.PC.OnPoint malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with KeyGen.PC.OnPoint.

Gumbsumb Trojan

Gumbsumb description:
Gumbsumb Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Detection Gumbsumb :

Gumbsumb Files:
[%SYSTEM%]\bdscheca001.dll
[%SYSTEM%]\Cnscheck001.dll
[%SYSTEM%]\Cnscheck100.dll
[%SYSTEM%]\cs1sa1.dll
[%SYSTEM%]\cxscheca001.dll
[%WINDOWS%]\assistse.exe
[%WINDOWS%]\bbs.dll
[%WINDOWS%]\csrsc.exe
[%WINDOWS%]\system\m.EXE
[%WINDOWS%]\system\w.exe
[%WINDOWS%]\system\z.exe
[%SYSTEM%]\bdscheca001.dll
[%SYSTEM%]\Cnscheck001.dll
[%SYSTEM%]\Cnscheck100.dll
[%SYSTEM%]\cs1sa1.dll
[%SYSTEM%]\cxscheca001.dll
[%WINDOWS%]\assistse.exe
[%WINDOWS%]\bbs.dll
[%WINDOWS%]\csrsc.exe
[%WINDOWS%]\system\m.EXE
[%WINDOWS%]\system\w.exe
[%WINDOWS%]\system\z.exe

Gumbsumb Registry Keys:
HKEY_CLASSES_ROOT\clsid\{9a0cfc58-5a6f-41ba-9ffe-4320f4f621ba}
HKEY_CLASSES_ROOT\clsid\{9a0cfc58-5a6f-41ba-9ffe-4320f4f62fb1}
HKEY_CLASSES_ROOT\clsid\{ad0aca58-656f-61da-9dfe-5d20f4f611ba}
HKEY_CLASSES_ROOT\clsid\{bc0cfa58-3a6f-51ba-9efe-b320f4f621ba}

Gumbsumb Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing Gumbsumb:

you can run trial version of ExterminateIt, or remove Gumbsumb manually.

To completely manually remove Gumbsumb malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Gumbsumb.

Arctic RAT

Arctic description:
Arctic Category:RAT
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.

Removing Arctic:

you can run trial version of ExterminateIt, or remove Arctic manually.

To completely manually remove Arctic malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Arctic.

Bancos.ABB Trojan

Bancos.ABB description:
Bancos.ABB Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Detection Bancos.ABB :

Bancos.ABB Files:
[%COMMON_STARTUP%]\Flash.exe
[%COMMON_STARTUP%]\Flash.exe

Removing Bancos.ABB:

you can run trial version of ExterminateIt, or remove Bancos.ABB manually.

To completely manually remove Bancos.ABB malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.ABB.

Macedonia Trojan

Macedonia description:
Macedonia Category:Trojan,Backdoor,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

Removing Macedonia:

you can run trial version of ExterminateIt, or remove Macedonia manually.

To completely manually remove Macedonia malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Macedonia.

kingdomsandcatapults.com Tracking Cookie

Click here to remove kingdomsandcatapults.com malware

kingdomsandcatapults.com description:
kingdomsandcatapults.com Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

If you fill out forms online with your real name and contact information,
click on banners and then purchase an item, or fill out sweepstakes or contests forms,
then it's possible that major online advertisers know your name and have associated it
with your IP address and other information.

Removing kingdomsandcatapults.com:

you can run trial version of ExterminateIt, or remove kingdomsandcatapults.com manually.

To completely manually remove kingdomsandcatapults.com malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with kingdomsandcatapults.com.

Benuti.E!downloader Trojan

Click here to remove Benuti.E!downloader malware

Benuti.E!downloader description:
Benuti.E!downloader Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Benuti.E!downloader:

you can run trial version of ExterminateIt, or remove Benuti.E!downloader manually.

To completely manually remove Benuti.E!downloader malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Benuti.E!downloader.

Vxidl.BCB Trojan

Vxidl.BCB description:
Vxidl.BCB Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Vxidl.BCB:

you can run trial version of ExterminateIt, or remove Vxidl.BCB manually.

To completely manually remove Vxidl.BCB malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Vxidl.BCB.

Vxidl.AWP Trojan

Vxidl.AWP description:
Vxidl.AWP Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Vxidl.AWP:

you can run trial version of ExterminateIt, or remove Vxidl.AWP manually.

To completely manually remove Vxidl.AWP malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Vxidl.AWP.

NHVIP Trojan

NHVIP description:
NHVIP Category:Trojan,Backdoor,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
DoS trojans conduct attacks from a single computer with the consent of the user.

Removing NHVIP:

you can run trial version of ExterminateIt, or remove NHVIP manually.

To completely manually remove NHVIP malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with NHVIP.

Monday, January 26, 2009

RIC Backdoor

RIC description:
RIC Category:Backdoor,RAT
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

Removing RIC:

you can run trial version of ExterminateIt, or remove RIC manually.

To completely manually remove RIC malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with RIC.

Pigeon.AVFM Trojan

Click here to remove Pigeon.AVFM malware

Pigeon.AVFM description:
Pigeon.AVFM Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Pigeon.AVFM:

you can run trial version of ExterminateIt, or remove Pigeon.AVFM manually.

To completely manually remove Pigeon.AVFM malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.AVFM.

QDel121 Trojan

QDel121 description:
QDel121 Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing QDel121:

you can run trial version of ExterminateIt, or remove QDel121 manually.

To completely manually remove QDel121 malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with QDel121.

nozonedata.com Tracking Cookie

Click here to remove nozonedata.com malware

nozonedata.com description:
nozonedata.com Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

If you fill out forms online with your real name and contact information,
click on banners and then purchase an item, or fill out sweepstakes or contests forms,
then it's possible that major online advertisers know your name and have associated it
with your IP address and other information.

Removing nozonedata.com:

you can run trial version of ExterminateIt, or remove nozonedata.com manually.

To completely manually remove nozonedata.com malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with nozonedata.com.

Ieasis Ransomware

Ieasis description:
Ieasis Category:Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.

If the victim opens/executes the attachment, the program encrypts
a number of files on the victim's computer. A ransom note is then left behind for the victim.

The victim will be unable to open the encrypted files without the correct decryption key.
Once the ransom demanded in the ransom note is paid, the cracker may (or may not)
send the decryption key, enabling decryption of the "kidnapped" files.

Detection Ieasis :

Ieasis Files:
[%SYSTEM%]\iea.dll
[%SYSTEM%]\iea.dll

Ieasis Registry Keys:
HKEY_CLASSES_ROOT\appid\{bd4bafb3-3e38-4668-8ec5-ae0118560ac5}
HKEY_CLASSES_ROOT\clsid\{b08d32de-64b2-4137-8345-87293e70d40b}
HKEY_CLASSES_ROOT\ieassistant.assistant
HKEY_CLASSES_ROOT\interface\{b04ff886-12bf-4359-a280-311a94a8663d}
HKEY_CLASSES_ROOT\interface\{e78cbe69-59ed-4f51-93bb-7a040b5df2dc}
HKEY_CURRENT_USER\software\iea
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{b08d32de-64b2-4137-8345-87293e70d40b}

Ieasis Registry Values:
HKEY_CLASSES_ROOT\appid\ieassistant.dll

Removing Ieasis:

you can run trial version of ExterminateIt, or remove Ieasis manually.

To completely manually remove Ieasis malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Ieasis.

Adware.YayaBands Adware

Click here to remove Adware.YayaBands malware

Adware.YayaBands description:
Adware.YayaBands Category:Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

Removing Adware.YayaBands:

you can run trial version of ExterminateIt, or remove Adware.YayaBands manually.

To completely manually remove Adware.YayaBands malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Adware.YayaBands.

Microsoft.Media.Server.Denial.of.Service.Attack DoS

Click here to remove Microsoft.Media.Server.Denial.of.Service.Attack malware

Microsoft.Media.Server.Denial.of.Service.Attack description:
Microsoft.Media.Server.Denial.of.Service.Attack Category:DoS
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.

Removing Microsoft.Media.Server.Denial.of.Service.Attack:

you can run trial version of ExterminateIt, or remove Microsoft.Media.Server.Denial.of.Service.Attack manually.

To completely manually remove Microsoft.Media.Server.Denial.of.Service.Attack malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Microsoft.Media.Server.Denial.of.Service.Attack.

Sex.Niche.Guide Toolbar

Click here to remove Sex.Niche.Guide malware

Sex.Niche.Guide description:
Sex.Niche.Guide Category:Toolbar
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

Detection Sex.Niche.Guide :

Sex.Niche.Guide Folders:
[%PROGRAM_FILES%]\Sex_Niche_Guide

Sex.Niche.Guide Registry Keys:
HKEY_CURRENT_USER\software\sex_niche_guide
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6230e1cb-3c21-4491-b0af-cfcb5dfa3a3d}
HKEY_LOCAL_MACHINE\software\sex_niche_guide

Sex.Niche.Guide Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\sex niche guide toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\sex niche guide toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\sex niche guide toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\sex niche guide toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\sex niche guide toolbar

Removing Sex.Niche.Guide:

you can run trial version of ExterminateIt, or remove Sex.Niche.Guide manually.

To completely manually remove Sex.Niche.Guide malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Sex.Niche.Guide.

Bancos.GNN Trojan

Bancos.GNN description:
Bancos.GNN Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Bancos.GNN:

you can run trial version of ExterminateIt, or remove Bancos.GNN manually.

To completely manually remove Bancos.GNN malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.GNN.

PornTrack.com Tracking Cookie

Click here to remove PornTrack.com malware

PornTrack.com description:
PornTrack.com Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

If you fill out forms online with your real name and contact information,
click on banners and then purchase an item, or fill out sweepstakes or contests forms,
then it's possible that major online advertisers know your name and have associated it
with your IP address and other information.

Removing PornTrack.com:

you can run trial version of ExterminateIt, or remove PornTrack.com manually.

To completely manually remove PornTrack.com malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with PornTrack.com.

Drwup Trojan

Drwup description:
Drwup Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Drwup:

you can run trial version of ExterminateIt, or remove Drwup manually.

To completely manually remove Drwup malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Drwup.

Shutup.syslogd.denial.of.service DoS

Click here to remove Shutup.syslogd.denial.of.service malware

Shutup.syslogd.denial.of.service description:
Shutup.syslogd.denial.of.service Category:DoS
DoS trojans conduct attacks from a single computer with the consent of the user.

Removing Shutup.syslogd.denial.of.service:

you can run trial version of ExterminateIt, or remove Shutup.syslogd.denial.of.service manually.

To completely manually remove Shutup.syslogd.denial.of.service malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Shutup.syslogd.denial.of.service.

VB.aq Backdoor

VB.aq description:
VB.aq Category:Backdoor
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.

Removing VB.aq:

you can run trial version of ExterminateIt, or remove VB.aq manually.

To completely manually remove VB.aq malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with VB.aq.

TrojanDownloader.Win32.Dyfuca.ag Adware

Click here to remove TrojanDownloader.Win32.Dyfuca.ag malware

TrojanDownloader.Win32.Dyfuca.ag description:
TrojanDownloader.Win32.Dyfuca.ag Category:Adware,Downloader
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

Removing TrojanDownloader.Win32.Dyfuca.ag:

you can run trial version of ExterminateIt, or remove TrojanDownloader.Win32.Dyfuca.ag manually.

To completely manually remove TrojanDownloader.Win32.Dyfuca.ag malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with TrojanDownloader.Win32.Dyfuca.ag.

UpdateLoader Adware

Click here to remove UpdateLoader malware

UpdateLoader description:
UpdateLoader Category:Adware,Downloader
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

Detection UpdateLoader :

UpdateLoader Files:
[%WINDOWS%]\downloaded program files\download_ul.dll
[%WINDOWS%]\system\randomiser.exe
[%WINDOWS%]\downloaded program files\download_ul.dll
[%WINDOWS%]\system\randomiser.exe

UpdateLoader Registry Keys:
HKEY_CLASSES_ROOT\clsid\{f7adcfe3-aa28-f99e-e665-b13ac332d249}
HKEY_CLASSES_ROOT\download_ul.downloadul
HKEY_CLASSES_ROOT\download_ul.downloadul.1
HKEY_CLASSES_ROOT\interface\{0c1c2c3c-4c5c-6c7c-8c9c-ccbcccdcecfc}
HKEY_CLASSES_ROOT\typelib\{01b8453a-d3bc-479a-8c7a-0e86f3f4ff18}
HKEY_CLASSES_ROOT\typelib\{0b1b2b3b-4b5b-6b7b-8b9b-bbbbcbdbebfb}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{ae6cefa8-1223-4337-8d94-977268ff9aa0}
HKEY_LOCAL_MACHINE\software\microsoft\ms updates
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\download_ul.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ms updates

UpdateLoader Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls

Removing UpdateLoader:

you can run trial version of ExterminateIt, or remove UpdateLoader manually.

To completely manually remove UpdateLoader malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with UpdateLoader.

SearchNugget Adware

Click here to remove SearchNugget malware

SearchNugget description:
SearchNugget Category:Adware,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

Detection SearchNugget :

SearchNugget Files:
[%WINDOWS%]\downloaded program files\sbar.dll
[%WINDOWS%]\downloaded program files\sbar.dll

SearchNugget Folders:
[%PROGRAM_FILES%]\sbar toolbar
[%PROGRAM_FILES%]\searchnugget toolbar 1.0

SearchNugget Registry Keys:
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-c0ff-fd7ff4d5fa7d}
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-c0ff-fd7ff4d5fa7e}
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-c0ff-fd7ff4d5fa7f}
HKEY_CLASSES_ROOT\sbar.sbar
HKEY_CLASSES_ROOT\sbar.sbarmenu button
HKEY_CLASSES_ROOT\sbar.sbartoggle button
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4e7bd74f-2b8d-469e-c0ff-fd7ff4d5fa7d}

SearchNugget Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\searchnugget toolbar 1.0

Removing SearchNugget:

you can run trial version of ExterminateIt, or remove SearchNugget manually.

To completely manually remove SearchNugget malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with SearchNugget.

Kadir.Basol.Devastator Backdoor

Click here to remove Kadir.Basol.Devastator malware

Kadir.Basol.Devastator description:
Kadir.Basol.Devastator Category:Backdoor,RAT
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:

Launching/ deleting files

Sending/ receiving files

Deleting data

Displaying notification

Rebooting the machine

Executing files

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.

Removing Kadir.Basol.Devastator:

you can run trial version of ExterminateIt, or remove Kadir.Basol.Devastator manually.

To completely manually remove Kadir.Basol.Devastator malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Kadir.Basol.Devastator.

CandyMan Trojan

CandyMan description:
CandyMan Category:Trojan,Backdoor,Downloader,Hacker Tool,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Trojans-downloaders downloads and installs new malware or adware on the computer.

Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.
DoS trojans conduct attacks from a single computer with the consent of the user.

Removing CandyMan:

you can run trial version of ExterminateIt, or remove CandyMan manually.

To completely manually remove CandyMan malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with CandyMan.

Sunday, January 25, 2009

BackDoor.AKZ.gen Trojan

Click here to remove BackDoor.AKZ.gen malware

BackDoor.AKZ.gen description:
BackDoor.AKZ.gen Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing BackDoor.AKZ.gen:

you can run trial version of ExterminateIt, or remove BackDoor.AKZ.gen manually.

To completely manually remove BackDoor.AKZ.gen malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with BackDoor.AKZ.gen.

MailSpam.Shadow Hacker Tool

Click here to remove MailSpam.Shadow malware

MailSpam.Shadow description:
MailSpam.Shadow Category:Hacker Tool,DoS
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.
DoS trojans conduct attacks from a single computer with the consent of the user.

Removing MailSpam.Shadow:

you can run trial version of ExterminateIt, or remove MailSpam.Shadow manually.

To completely manually remove MailSpam.Shadow malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with MailSpam.Shadow.

SillyDl.DEU Trojan

Click here to remove SillyDl.DEU malware

SillyDl.DEU description:
SillyDl.DEU Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing SillyDl.DEU:

you can run trial version of ExterminateIt, or remove SillyDl.DEU manually.

To completely manually remove SillyDl.DEU malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with SillyDl.DEU.

superstats.com Tracking Cookie

Click here to remove superstats.com malware

superstats.com description:
superstats.com Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

Removing superstats.com:

you can run trial version of ExterminateIt, or remove superstats.com manually.

To completely manually remove superstats.com malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with superstats.com.

VB.fz Trojan

VB.fz description:
VB.fz Category:Trojan,Backdoor
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:

Launching/ deleting files

Sending/ receiving files

Deleting data

Displaying notification

Rebooting the machine

Executing files

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Removing VB.fz:

you can run trial version of ExterminateIt, or remove VB.fz manually.

To completely manually remove VB.fz malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with VB.fz.

Bancos.IBI Trojan

Bancos.IBI description:
Bancos.IBI Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Bancos.IBI:

you can run trial version of ExterminateIt, or remove Bancos.IBI manually.

To completely manually remove Bancos.IBI malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.IBI.

Guangwaigirl.53b Backdoor

Click here to remove Guangwaigirl.53b malware

Guangwaigirl.53b description:
Guangwaigirl.53b Category:Backdoor,RAT
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Removing Guangwaigirl.53b:

you can run trial version of ExterminateIt, or remove Guangwaigirl.53b manually.

To completely manually remove Guangwaigirl.53b malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Guangwaigirl.53b.

privatecash.com Tracking Cookie

Click here to remove privatecash.com malware

privatecash.com description:
privatecash.com Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

Removing privatecash.com:

you can run trial version of ExterminateIt, or remove privatecash.com manually.

To completely manually remove privatecash.com malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with privatecash.com.

PWS.Coced Trojan

PWS.Coced description:
PWS.Coced Category:Trojan,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Removing PWS.Coced:

you can run trial version of ExterminateIt, or remove PWS.Coced manually.

To completely manually remove PWS.Coced malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with PWS.Coced.

Pigeon.EBY Trojan

Pigeon.EBY description:
Pigeon.EBY Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Pigeon.EBY:

you can run trial version of ExterminateIt, or remove Pigeon.EBY manually.

To completely manually remove Pigeon.EBY malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.EBY.

nethit.free.nl Tracking Cookie

Click here to remove nethit.free.nl malware

nethit.free.nl description:
nethit.free.nl Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

If you fill out forms online with your real name and contact information,
click on banners and then purchase an item, or fill out sweepstakes or contests forms,
then it's possible that major online advertisers know your name and have associated it
with your IP address and other information.

Removing nethit.free.nl:

you can run trial version of ExterminateIt, or remove nethit.free.nl manually.

To completely manually remove nethit.free.nl malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with nethit.free.nl.

traffic4u.nl Tracking Cookie

Click here to remove traffic4u.nl malware

traffic4u.nl description:
traffic4u.nl Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

If you fill out forms online with your real name and contact information,
click on banners and then purchase an item, or fill out sweepstakes or contests forms,
then it's possible that major online advertisers know your name and have associated it
with your IP address and other information.

Removing traffic4u.nl:

you can run trial version of ExterminateIt, or remove traffic4u.nl manually.

To completely manually remove traffic4u.nl malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with traffic4u.nl.

SillyDl.BZA Trojan

Click here to remove SillyDl.BZA malware

SillyDl.BZA description:
SillyDl.BZA Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing SillyDl.BZA:

you can run trial version of ExterminateIt, or remove SillyDl.BZA manually.

To completely manually remove SillyDl.BZA malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with SillyDl.BZA.

adultrevenueservice.com Tracking Cookie

Click here to remove adultrevenueservice.com malware

adultrevenueservice.com description:
adultrevenueservice.com Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

Removing adultrevenueservice.com:

you can run trial version of ExterminateIt, or remove adultrevenueservice.com manually.

To completely manually remove adultrevenueservice.com malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with adultrevenueservice.com.

Pigeon.AEC Trojan

Pigeon.AEC description:
Pigeon.AEC Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Pigeon.AEC:

you can run trial version of ExterminateIt, or remove Pigeon.AEC manually.

To completely manually remove Pigeon.AEC malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.AEC.

Bancos.HER Trojan

Bancos.HER description:
Bancos.HER Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Bancos.HER:

you can run trial version of ExterminateIt, or remove Bancos.HER manually.

To completely manually remove Bancos.HER malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.HER.

PacerD Adware

PacerD description:
PacerD Category:Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

Detection PacerD :

PacerD Files:
[%SYSTEM%]\202_app13.exe
[%SYSTEM%]\popoops2.dll
[%SYSTEM%]\swlad1.dll
[%SYSTEM%]\202_app13.exe
[%SYSTEM%]\popoops2.dll
[%SYSTEM%]\swlad1.dll

PacerD Registry Keys:
HKEY_CURRENT_USER\software\apd123

PacerD Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing PacerD:

you can run trial version of ExterminateIt, or remove PacerD manually.

To completely manually remove PacerD malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with PacerD.

TrojanDownloader.Win32.Swizzor.bq Downloader

Click here to remove TrojanDownloader.Win32.Swizzor.bq malware

TrojanDownloader.Win32.Swizzor.bq description:
TrojanDownloader.Win32.Swizzor.bq Category:Downloader
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

Removing TrojanDownloader.Win32.Swizzor.bq:

you can run trial version of ExterminateIt, or remove TrojanDownloader.Win32.Swizzor.bq manually.

To completely manually remove TrojanDownloader.Win32.Swizzor.bq malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with TrojanDownloader.Win32.Swizzor.bq.

Bancos.HKY Trojan

Bancos.HKY description:
Bancos.HKY Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Bancos.HKY:

you can run trial version of ExterminateIt, or remove Bancos.HKY manually.

To completely manually remove Bancos.HKY malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.HKY.

Saturday, January 24, 2009

Provder Backdoor

Provder description:
Provder Category:Backdoor
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:

Launching/ deleting files

Sending/ receiving files

Deleting data

Displaying notification

Rebooting the machine

Executing files

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Removing Provder:

you can run trial version of ExterminateIt, or remove Provder manually.

To completely manually remove Provder malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Provder.

StObj32 Trojan

StObj32 description:
StObj32 Category:Trojan,Downloader
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

Removing StObj32:

you can run trial version of ExterminateIt, or remove StObj32 manually.

To completely manually remove StObj32 malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with StObj32.

Pigeon.AGV Trojan

Pigeon.AGV description:
Pigeon.AGV Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Pigeon.AGV:

you can run trial version of ExterminateIt, or remove Pigeon.AGV manually.

To completely manually remove Pigeon.AGV malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.AGV.

Pigeon.AYU Trojan

Pigeon.AYU description:
Pigeon.AYU Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Pigeon.AYU:

you can run trial version of ExterminateIt, or remove Pigeon.AYU manually.

To completely manually remove Pigeon.AYU malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.AYU.

Disable.Task.Manager.Reg.Entry Trojan

Click here to remove Disable.Task.Manager.Reg.Entry malware

Disable.Task.Manager.Reg.Entry description:
Disable.Task.Manager.Reg.Entry Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Detection Disable.Task.Manager.Reg.Entry :

Disable.Task.Manager.Reg.Entry Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system

Removing Disable.Task.Manager.Reg.Entry:

you can run trial version of ExterminateIt, or remove Disable.Task.Manager.Reg.Entry manually.

To completely manually remove Disable.Task.Manager.Reg.Entry malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Disable.Task.Manager.Reg.Entry.

winantivirus.com Tracking Cookie

Click here to remove winantivirus.com malware

winantivirus.com description:
winantivirus.com Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

Removing winantivirus.com:

you can run trial version of ExterminateIt, or remove winantivirus.com manually.

To completely manually remove winantivirus.com malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with winantivirus.com.

Ren.Bat Trojan

Ren.Bat description:
Ren.Bat Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Detection Ren.Bat :

Ren.Bat Files:
[%DESKTOP%]\grl realhidden.lnk
[%DESKTOP%]\grl realhidden.lnk

Ren.Bat Folders:
[%PROGRAMS%]\grl realhidden
[%PROGRAM_FILES%]\grl realhidden

Removing Ren.Bat:

you can run trial version of ExterminateIt, or remove Ren.Bat manually.

To completely manually remove Ren.Bat malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Ren.Bat.

Wiretap.Professional Spyware

Click here to remove Wiretap.Professional malware

Wiretap.Professional description:
Wiretap.Professional Category:Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

Detection Wiretap.Professional :

Wiretap.Professional Folders:
[%SYSTEM%]\recoveryinfo
[%COMMON_PROGRAMS%]\Wiretap Professional
[%PROGRAMS%]\wiretap professional
[%PROGRAM_FILES%]\wiretap professional

Wiretap.Professional Registry Keys:
HKEY_CLASSES_ROOT\applications\scvhost.exe
HKEY_CLASSES_ROOT\clsid\{935fa400-243d-11d3-b06e-857b2ae2be64}
HKEY_CLASSES_ROOT\clsid\{e8b31a72-aace-412d-aa2c-d03fa6fccdef}
HKEY_CLASSES_ROOT\shellexecutehook.tshellexecutehook
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{e8b31a72-aace-412d-aa2c-d03fa6fccdef}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks\{935fa400-243d-11d3-b06e-857b2ae2be64}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\wtp_is1

Wiretap.Professional Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\5291-mdiv

Removing Wiretap.Professional:

you can run trial version of ExterminateIt, or remove Wiretap.Professional manually.

To completely manually remove Wiretap.Professional malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Wiretap.Professional.

Win32.Agent.db Trojan

Click here to remove Win32.Agent.db malware

Win32.Agent.db description:
Win32.Agent.db Category:Trojan,BHO
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.

Detection Win32.Agent.db :

Win32.Agent.db Files:
[%PROFILE%]\LOCAL.EXE
[%PROFILE_TEMP%]\cel90xbe.sys
[%WINDOWS%]\WebAssist.dll
[%PROFILE%]\LOCAL.EXE
[%PROFILE_TEMP%]\cel90xbe.sys
[%WINDOWS%]\WebAssist.dll

Win32.Agent.db Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{85589B5D-D53D-4237-A677-46B82EA275F3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}

Removing Win32.Agent.db:

you can run trial version of ExterminateIt, or remove Win32.Agent.db manually.

To completely manually remove Win32.Agent.db malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Win32.Agent.db.

Pigeon.AVNE Trojan

Click here to remove Pigeon.AVNE malware

Pigeon.AVNE description:
Pigeon.AVNE Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Pigeon.AVNE:

you can run trial version of ExterminateIt, or remove Pigeon.AVNE manually.

To completely manually remove Pigeon.AVNE malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.AVNE.

Pigeon.EFT Trojan

Pigeon.EFT description:
Pigeon.EFT Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Pigeon.EFT:

you can run trial version of ExterminateIt, or remove Pigeon.EFT manually.

To completely manually remove Pigeon.EFT malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.EFT.

Win32.TrojanDownloader.VB.AA3 Downloader

Click here to remove Win32.TrojanDownloader.VB.AA3 malware

Win32.TrojanDownloader.VB.AA3 description:
Win32.TrojanDownloader.VB.AA3 Category:Downloader
Trojans-downloaders downloads and installs new malware or adware on the computer.

Removing Win32.TrojanDownloader.VB.AA3:

you can run trial version of ExterminateIt, or remove Win32.TrojanDownloader.VB.AA3 manually.

To completely manually remove Win32.TrojanDownloader.VB.AA3 malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Win32.TrojanDownloader.VB.AA3.

RemoteWatch Spyware

Click here to remove RemoteWatch malware

RemoteWatch description:
RemoteWatch Category:Spyware,Hacker Tool
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Detection RemoteWatch :

RemoteWatch Files:
[%COMMON_STARTUP%]\remotewatch.lnk
[%PROGRAM_FILES%]\remotewatch\remotewatch.exe
[%PROGRAM_FILES%]\remotewatch\unins000.dat
[%PROGRAM_FILES%]\remotewatch\unins000.exe
[%WINDOWS%]\remotewatch.INI
[%COMMON_STARTUP%]\remotewatch.lnk
[%PROGRAM_FILES%]\remotewatch\remotewatch.exe
[%PROGRAM_FILES%]\remotewatch\unins000.dat
[%PROGRAM_FILES%]\remotewatch\unins000.exe
[%WINDOWS%]\remotewatch.INI

RemoteWatch Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\remotewatch_is1

RemoteWatch Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing RemoteWatch:

you can run trial version of ExterminateIt, or remove RemoteWatch manually.

To completely manually remove RemoteWatch malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with RemoteWatch.

Pigeon.ENY Trojan

Pigeon.ENY description:
Pigeon.ENY Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Pigeon.ENY:

you can run trial version of ExterminateIt, or remove Pigeon.ENY manually.

To completely manually remove Pigeon.ENY malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.ENY.

OC.gro4 Trojan

OC.gro4 description:
OC.gro4 Category:Trojan,Backdoor,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:

Launching/ deleting files

Sending/ receiving files

Deleting data

Displaying notification

Rebooting the machine

Executing files

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

Removing OC.gro4:

you can run trial version of ExterminateIt, or remove OC.gro4 manually.

To completely manually remove OC.gro4 malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with OC.gro4.

Haifa Trojan

Haifa description:
Haifa Category:Trojan,Backdoor,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Trojans-downloaders downloads and installs new malware or adware on the computer.

DoS trojans conduct attacks from a single computer with the consent of the user.

Removing Haifa:

you can run trial version of ExterminateIt, or remove Haifa manually.

To completely manually remove Haifa malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Haifa.

Friday, January 23, 2009

Win32.StartPage.kk Trojan

Click here to remove Win32.StartPage.kk malware

Win32.StartPage.kk description:
Win32.StartPage.kk Category:Trojan,Hijacker
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search.

Removing Win32.StartPage.kk:

you can run trial version of ExterminateIt, or remove Win32.StartPage.kk manually.

To completely manually remove Win32.StartPage.kk malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Win32.StartPage.kk.

TrojanDownloader.Win32.Hatcher Trojan

Click here to remove TrojanDownloader.Win32.Hatcher malware

TrojanDownloader.Win32.Hatcher description:
TrojanDownloader.Win32.Hatcher Category:Trojan,Downloader
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Trojans-downloaders downloads and installs new malware or adware on the computer.

Removing TrojanDownloader.Win32.Hatcher:

you can run trial version of ExterminateIt, or remove TrojanDownloader.Win32.Hatcher manually.

To completely manually remove TrojanDownloader.Win32.Hatcher malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with TrojanDownloader.Win32.Hatcher.

WinEggDrop.Online.Keylogger Trojan

Click here to remove WinEggDrop.Online.Keylogger malware

WinEggDrop.Online.Keylogger description:
WinEggDrop.Online.Keylogger Category:Trojan,Spyware
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Removing WinEggDrop.Online.Keylogger:

you can run trial version of ExterminateIt, or remove WinEggDrop.Online.Keylogger manually.

To completely manually remove WinEggDrop.Online.Keylogger malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with WinEggDrop.Online.Keylogger.

Likha Trojan

Likha description:
Likha Category:Trojan,Backdoor,Downloader,DoS
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Trojans-downloaders downloads and installs new malware or adware on the computer.

DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

Removing Likha:

you can run trial version of ExterminateIt, or remove Likha manually.

To completely manually remove Likha malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Likha.

Bat.Zor Trojan

Bat.Zor description:
Bat.Zor Category:Trojan,Backdoor,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Trojans-downloaders downloads and installs new malware or adware on the computer.

DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

Removing Bat.Zor:

you can run trial version of ExterminateIt, or remove Bat.Zor manually.

To completely manually remove Bat.Zor malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bat.Zor.

Antitime RAT

Antitime description:
Antitime Category:RAT
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Removing Antitime:

you can run trial version of ExterminateIt, or remove Antitime manually.

To completely manually remove Antitime malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Antitime.

SillyDl.CLX Trojan

Click here to remove SillyDl.CLX malware

SillyDl.CLX description:
SillyDl.CLX Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing SillyDl.CLX:

you can run trial version of ExterminateIt, or remove SillyDl.CLX manually.

To completely manually remove SillyDl.CLX malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with SillyDl.CLX.

Friend.Greeting Adware

Click here to remove Friend.Greeting malware

Friend.Greeting description:
Friend.Greeting Category:Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

Removing Friend.Greeting:

you can run trial version of ExterminateIt, or remove Friend.Greeting manually.

To completely manually remove Friend.Greeting malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Friend.Greeting.

Egdi Downloader

Egdi description:
Egdi Category:Downloader
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

Removing Egdi:

you can run trial version of ExterminateIt, or remove Egdi manually.

To completely manually remove Egdi malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Egdi.

Bancos.INN Trojan

Bancos.INN description:
Bancos.INN Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Detection Bancos.INN :

Bancos.INN Files:
[%WINDOWS%]\svc\downcompleto.txt
[%WINDOWS%]\svc\eraumavez.bat
[%WINDOWS%]\svc\downcompleto.txt
[%WINDOWS%]\svc\eraumavez.bat

Bancos.INN Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Bancos.INN:

you can run trial version of ExterminateIt, or remove Bancos.INN manually.

To completely manually remove Bancos.INN malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.INN.

Pigeon.AEX Trojan

Pigeon.AEX description:
Pigeon.AEX Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Pigeon.AEX:

you can run trial version of ExterminateIt, or remove Pigeon.AEX manually.

To completely manually remove Pigeon.AEX malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.AEX.

Killstart Trojan

Killstart description:
Killstart Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Killstart:

you can run trial version of ExterminateIt, or remove Killstart manually.

To completely manually remove Killstart malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Killstart.

Backdoor.MoSucker.plugin Trojan

Click here to remove Backdoor.MoSucker.plugin malware

Backdoor.MoSucker.plugin description:
Backdoor.MoSucker.plugin Category:Trojan,Backdoor
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Removing Backdoor.MoSucker.plugin:

you can run trial version of ExterminateIt, or remove Backdoor.MoSucker.plugin manually.

To completely manually remove Backdoor.MoSucker.plugin malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Backdoor.MoSucker.plugin.

Thursday, January 22, 2009

Deltabar.Deltaclick BHO

Click here to remove Deltabar.Deltaclick malware

Deltabar.Deltaclick description:
Deltabar.Deltaclick Category:BHO,Toolbar
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

Detection Deltabar.Deltaclick :

Deltabar.Deltaclick Files:
[%SYSTEM%]\deltaclick.dll
[%WINDOWS%]\system\deltaclick.dll
[%SYSTEM%]\deltaclick.dll
[%WINDOWS%]\system\deltaclick.dll

Deltabar.Deltaclick Registry Keys:
HKEY_CLASSES_ROOT\clsid\{0fc817c2-3b45-11d4-8340-0050da825906}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{0fc817c2-3b45-11d4-8340-0050da825906}
HKEY_LOCAL_MACHINE\software\classes\clsid\{0fc817c2-3b45-11d4-8340-0050da825906}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0fc817c2-3b45-11d4-8340-0050da825906}

Removing Deltabar.Deltaclick:

you can run trial version of ExterminateIt, or remove Deltabar.Deltaclick manually.

To completely manually remove Deltabar.Deltaclick malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Deltabar.Deltaclick.

Pigeon.AXN Trojan

Pigeon.AXN description:
Pigeon.AXN Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Pigeon.AXN:

you can run trial version of ExterminateIt, or remove Pigeon.AXN manually.

To completely manually remove Pigeon.AXN malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.AXN.

Pigeon.DZR Trojan

Pigeon.DZR description:
Pigeon.DZR Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Pigeon.DZR:

you can run trial version of ExterminateIt, or remove Pigeon.DZR manually.

To completely manually remove Pigeon.DZR malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.DZR.

Unke339 Trojan

Unke339 description:
Unke339 Category:Trojan,Backdoor,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
DoS trojans conduct attacks from a single computer with the consent of the user.

Removing Unke339:

you can run trial version of ExterminateIt, or remove Unke339 manually.

To completely manually remove Unke339 malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Unke339.

Vxidl.AMH Trojan

Vxidl.AMH description:
Vxidl.AMH Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Vxidl.AMH:

you can run trial version of ExterminateIt, or remove Vxidl.AMH manually.

To completely manually remove Vxidl.AMH malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Vxidl.AMH.

SpywareKnight (SpySoldier) Ransomware

Click here to remove SpywareKnight (SpySoldier) malware

SpywareKnight (SpySoldier) description:
SpywareKnight (SpySoldier) Category:Ransomware
The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.

Detection SpywareKnight (SpySoldier) :

SpywareKnight (SpySoldier) Files:
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpywareKnight.lnk
[%SYSTEM%]\asgp32.dll
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpywareKnight.lnk
[%SYSTEM%]\asgp32.dll

SpywareKnight (SpySoldier) Folders:
[%COMMON_PROGRAMS%]\SpywareKnight
[%LOCAL_APPDATA%]\SpySoldier
[%LOCAL_APPDATA%]\SpywareKnight
[%PROGRAM_FILES%]\SpywareKnight

SpywareKnight (SpySoldier) Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{6944D481-DD3D-4252-8992-EBAC37788EB3}
HKEY_CLASSES_ROOT\CLSID\{82B07A2B-F0AF-45FC-BE44-18D83B01EAD9}
HKEY_CLASSES_ROOT\CLSID\{FA5B9933-1AE8-4A8D-9822-B20A6CA2B5EC}
HKEY_CURRENT_USER\Software\SpySoldier
HKEY_CURRENT_USER\Software\SpywareKnight
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6944D481-DD3D-4252-8992-EBAC37788EB3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82B07A2B-F0AF-45FC-BE44-18D83B01EAD9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FA5B9933-1AE8-4A8D-9822-B20A6CA2B5EC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareKnight_is1

Removing SpywareKnight (SpySoldier):

you can run trial version of ExterminateIt, or remove SpywareKnight (SpySoldier) manually.

To completely manually remove SpywareKnight (SpySoldier) malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with SpywareKnight (SpySoldier).

Phishbank.ANK Trojan

Click here to remove Phishbank.ANK malware

Phishbank.ANK description:
Phishbank.ANK Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Phishbank.ANK:

you can run trial version of ExterminateIt, or remove Phishbank.ANK manually.

To completely manually remove Phishbank.ANK malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Phishbank.ANK.

WormTrojan Trojan

WormTrojan description:
WormTrojan Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing WormTrojan:

you can run trial version of ExterminateIt, or remove WormTrojan manually.

To completely manually remove WormTrojan malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with WormTrojan.

Bat.FormatD Trojan

Click here to remove Bat.FormatD malware

Bat.FormatD description:
Bat.FormatD Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Bat.FormatD:

you can run trial version of ExterminateIt, or remove Bat.FormatD manually.

To completely manually remove Bat.FormatD malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bat.FormatD.

InstallVivid Trojan

Click here to remove InstallVivid malware

InstallVivid description:
InstallVivid Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing InstallVivid:

you can run trial version of ExterminateIt, or remove InstallVivid manually.

To completely manually remove InstallVivid malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with InstallVivid.

Vxidl.AYK Trojan

Vxidl.AYK description:
Vxidl.AYK Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Vxidl.AYK:

you can run trial version of ExterminateIt, or remove Vxidl.AYK manually.

To completely manually remove Vxidl.AYK malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Vxidl.AYK.

SkamWerks.Labs Trojan

Click here to remove SkamWerks.Labs malware

SkamWerks.Labs description:
SkamWerks.Labs Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing SkamWerks.Labs:

you can run trial version of ExterminateIt, or remove SkamWerks.Labs manually.

To completely manually remove SkamWerks.Labs malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with SkamWerks.Labs.

Norio Trojan

Norio description:
Norio Category:Trojan,Downloader
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

Removing Norio:

you can run trial version of ExterminateIt, or remove Norio manually.

To completely manually remove Norio malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Norio.

Wednesday, January 21, 2009

Fusion Backdoor

Fusion description:
Fusion Category:Backdoor
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.

Removing Fusion:

you can run trial version of ExterminateIt, or remove Fusion manually.

To completely manually remove Fusion malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Fusion.

NetSonic Adware

NetSonic description:
NetSonic Category:Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

Detection NetSonic :

NetSonic Files:
[%COMMON_PROGRAMS%]\NetSonic\NetSonic.lnk
[%COMMON_PROGRAMS%]\NetSonic\Readme.lnk
[%COMMON_PROGRAMS%]\NetSonic\UnInstall NetSonic.lnk
[%COMMON_STARTUP%]\NetSonic.lnk
[%DESKTOP%]\NetSonic\netsonic.rar
[%PROFILE%]\Recent\netsonic.rar.lnk
[%STARTUP%]\netsonic.lnk
[%WINDOWS%]\NetSonic.w3k
[%WINDOWS%]\netsoniccleanup.exe
[%COMMON_PROGRAMS%]\NetSonic\NetSonic.lnk
[%COMMON_PROGRAMS%]\NetSonic\Readme.lnk
[%COMMON_PROGRAMS%]\NetSonic\UnInstall NetSonic.lnk
[%COMMON_STARTUP%]\NetSonic.lnk
[%DESKTOP%]\NetSonic\netsonic.rar
[%PROFILE%]\Recent\netsonic.rar.lnk
[%STARTUP%]\netsonic.lnk
[%WINDOWS%]\NetSonic.w3k
[%WINDOWS%]\netsoniccleanup.exe

NetSonic Folders:
[%PROGRAMS%]\netsonic
[%PROGRAM_FILES%]\netsonic

NetSonic Registry Keys:
HKEY_CURRENT_USER\software\web3000.com
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\netsonic

Removing NetSonic:

you can run trial version of ExterminateIt, or remove NetSonic manually.

To completely manually remove NetSonic malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with NetSonic.