Saturday, November 15, 2008

Henbang Trojan

How To Remove Henbang?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Henbang is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Henbang It also known as:

[Kaspersky]Adware.Win32.Henbang.r,AdWare.Win32.Hengbang.s,AdWare.Win32.Henbang.q,AdWare.Win32.Henbang.p,AdWare.Win32.Henbang.t;
[McAfee]Adware-Henbang;
[Other]Adware.Henbang

Henbang Symptoms:

Files:
[%DESKTOP%]\henbang secretary.lnk
[%PROFILE%]\start menu\henbang secretary.lnk
[%PROFILE_TEMP%]\hdp\adoc.txt
[%PROGRAMS%]\henbang secretary\henbang secretary.lnk
[%PROGRAMS%]\henbang secretary\readme.lnk
[%SYSTEM%]\drivers\khdap.sys
[%SYSTEM%]\drivers\madbp.sys
[%SYSTEM%]\drivers\pupw.sys
[%SYSTEM%]\drivers\ustqilnr.sys
[%SYSTEM%]\hap.dll
[%SYSTEM%]\hbcf.ini
[%SYSTEM%]\hber.ini
[%SYSTEM%]\hbhap.dll
[%SYSTEM%]\hbhsy.ini
[%SYSTEM%]\hbu.ini
[%SYSTEM%]\hda.ini
[%SYSTEM%]\hdp.ini
[%SYSTEM%]\hdpconfig.ini
[%SYSTEM%]\hsy.ini
[%SYSTEM%]\popcounts.ini
[%SYSTEM%]\unregister.ini
[%SYSTEM%]\webad.dll
[%SYSTEM%]\winhtp.dll
[%WINDOWS%]\hb24065.log
[%WINDOWS%]\hbsetup.log
[%WINDOWS%]\hburl.ini
[%WINDOWS%]\henbang.INI
[%WINDOWS%]\hunt.dll
[%DESKTOP%]\henbang secretary.lnk
[%PROFILE%]\start menu\henbang secretary.lnk
[%PROFILE_TEMP%]\hdp\adoc.txt
[%PROGRAMS%]\henbang secretary\henbang secretary.lnk
[%PROGRAMS%]\henbang secretary\readme.lnk
[%SYSTEM%]\drivers\khdap.sys
[%SYSTEM%]\drivers\madbp.sys
[%SYSTEM%]\drivers\pupw.sys
[%SYSTEM%]\drivers\ustqilnr.sys
[%SYSTEM%]\hap.dll
[%SYSTEM%]\hbcf.ini
[%SYSTEM%]\hber.ini
[%SYSTEM%]\hbhap.dll
[%SYSTEM%]\hbhsy.ini
[%SYSTEM%]\hbu.ini
[%SYSTEM%]\hda.ini
[%SYSTEM%]\hdp.ini
[%SYSTEM%]\hdpconfig.ini
[%SYSTEM%]\hsy.ini
[%SYSTEM%]\popcounts.ini
[%SYSTEM%]\unregister.ini
[%SYSTEM%]\webad.dll
[%SYSTEM%]\winhtp.dll
[%WINDOWS%]\hb24065.log
[%WINDOWS%]\hbsetup.log
[%WINDOWS%]\hburl.ini
[%WINDOWS%]\henbang.INI
[%WINDOWS%]\hunt.dll

Folders:
[%COMMON_PROGRAMS%]\ºÜ°ôÈí¼þ
[%PROGRAMS%]\ºÜ°ôÈí¼þ
[%PROGRAM_FILES%]\HBClient
[%PROGRAM_FILES%]\Henbang Applications

Registry Keys:
HKEY_CLASSES_ROOT\browserassistant.browserhap
HKEY_CLASSES_ROOT\browserassistant.browserhap.1
HKEY_CLASSES_ROOT\clsid\{038318e8-0c2d-4df5-a7af-b4fb373f501e}
HKEY_CLASSES_ROOT\clsid\{2d6f6bff-1796-4779-9ba3-5f20f17e5cea}
HKEY_CLASSES_ROOT\clsid\{3ed9ffda-79db-4b2d-99b7-16ea3c4a3a92}
HKEY_CLASSES_ROOT\clsid\{616d4040-5712-4f0f-bcf1-5c6420a99e14}
HKEY_CLASSES_ROOT\clsid\{ae22afe5-1ef4-4d25-9e23-d2825fb17da1}
HKEY_CLASSES_ROOT\clsid\{aef6f648-78d8-4456-bee7-5ade23d209fd}
HKEY_CLASSES_ROOT\downloadstart.downloadvalue
HKEY_CLASSES_ROOT\downloadstart.downloadvalue.1
HKEY_CLASSES_ROOT\hbhelper.hbactivex
HKEY_CLASSES_ROOT\hbhelper.hbactivex.1
HKEY_CLASSES_ROOT\hbhelper.hbobject
HKEY_CLASSES_ROOT\hbhelper.hbobject.1
HKEY_CLASSES_ROOT\interface\{03cdc6b3-5bc5-4cf4-a0f8-78f7d2a68039}
HKEY_CLASSES_ROOT\interface\{1363f829-37f1-4763-9fba-e8bb564d95ee}
HKEY_CLASSES_ROOT\interface\{71246576-0183-4c11-af74-d377ec2209c4}
HKEY_CLASSES_ROOT\interface\{cf1c62e9-ac73-4647-a99c-d2213ffda728}
HKEY_CLASSES_ROOT\interface\{ef991b92-4308-454c-94bb-e0322a511bab}
HKEY_CLASSES_ROOT\monitor.urlmonitor
HKEY_CLASSES_ROOT\monitor.urlmonitor.1
HKEY_CLASSES_ROOT\typelib\{01fbe0ba-8fdf-4360-8af3-a931ff140cd2}
HKEY_CLASSES_ROOT\typelib\{25e5e3d6-0c5c-44bd-a4be-7a1c1285d1bb}
HKEY_CLASSES_ROOT\typelib\{315a06d6-fca7-45ea-b77d-ee7b90041224}
HKEY_CLASSES_ROOT\typelib\{ae9c1b10-c380-4363-8620-7c6311169baa}
HKEY_CLASSES_ROOT\typelib\{b58a1efb-3dee-4493-93b9-4de3f99c8aee}
HKEY_CLASSES_ROOT\xpwindow.xwindow
HKEY_CLASSES_ROOT\xpwindow.xwindow.1
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{3ed9ffda-79db-4b2d-99b7-16ea3c4a3a92}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{616d4040-5712-4f0f-bcf1-5c6420a99e14}
HKEY_CURRENT_USER\software\microsoft\windows\shellnoroam\muicache\[%PROGRAM_FILES%]\hbclient
HKEY_CURRENT_USER\software\microsoft\windows\shellnoroam\muicache\[%PROGRAM_FILES%]\henban~1\hdp
HKEY_LOCAL_MACHINE\software\hap
HKEY_LOCAL_MACHINE\software\hdp
HKEY_LOCAL_MACHINE\software\henbang applications
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3ed9ffda-79db-4b2d-99b7-16ea3c4a3a92}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{616d4040-5712-4f0f-bcf1-5c6420a99e14}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ae22afe5-1ef4-4d25-9e23-d2825fb17da1}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{aef6f648-78d8-4456-bee7-5ade23d209fd}
HKEY_LOCAL_MACHINE\software\wise solutions\wise installation system\repair\[%PROGRAM_FILES%]\henbang applications\hdp\hbhdp.log\icons

Registry Values:
HKEY_CLASSES_ROOT\appid\{038318e8-0c2d-4df5-a7af-b4fb373f501e}
HKEY_CLASSES_ROOT\interface\{ee7ea3ac-3a3b-4170-abed-56e5efbfcfac}\typelib
HKEY_CURRENT_USER\software\winrar sfx
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run, helperdll=rundll32 [%SYSTEM%]\drivers\pupw.sys
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\hap
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\hap
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\hap
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\hap
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\hapHKEY_CLASSES_ROOT
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\hbhelper
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\hbhelper
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\hbhelper
HKEY_LOCAL_MACHINE\software\richmedia

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove Messenger.Blocker Ransomware
seoinc.com Tracking Cookie Symptoms
W95.Zombie Backdoor Cleaner
SpyBan Trojan Removal instruction
Banload.ap Trojan Removal

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)