Saturday, November 22, 2008

IEBAR Hijacker

How To Remove IEBAR?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
IEBAR is dangerous virus:
When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

IEBAR Symptoms:

Files:
[%WINDOWS%]\Downloaded Program Files\barhelp24.0.dll
[%WINDOWS%]\Downloaded Program Files\iebar.inf
[%WINDOWS%]\Downloaded Program Files\iebar23.0.dll
[%WINDOWS%]\Downloaded Program Files\barhelp24.0.dll
[%WINDOWS%]\Downloaded Program Files\iebar.inf
[%WINDOWS%]\Downloaded Program Files\iebar23.0.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{56a7dc70-e102-4408-a34a-ae06fef01586}
HKEY_CURRENT_USER\software\hdt
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{56a7dc70-e102-4408-a34a-ae06fef01586}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{b1d147e7-873e-4909-8127-695d9bb78728}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{56a7dc70-e102-4408-a34a-ae06fef01586}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:\windows\downloaded program files\barhelp24.0.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:\windows\downloaded program files\iebar23.0.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:\windows\downloaded program files\toolbar.bmp
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:\windows\downloaded program files\winio.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:\windows\downloaded program files\winio.sys
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:\windows\downloaded program files\winio.vxd
HKEY_CLASSES_ROOT\clsid\{3b076ce5-601e-4a74-9548-4197fd5b4b1e}
HKEY_CLASSES_ROOT\clsid\{b1d147e7-873e-4909-8127-695d9bb78728}
HKEY_CLASSES_ROOT\downloadbho.t2bho
HKEY_CLASSES_ROOT\downloadbho.t2bho.1
HKEY_CLASSES_ROOT\interface\{5e186ddb-6152-4c73-a7d4-4899140178e9}
HKEY_CLASSES_ROOT\interface\{691cc615-cd3f-41ff-920d-60769d3dcf5b}
HKEY_CLASSES_ROOT\interface\{9aaabfe1-22a9-4e0d-8f4a-48b9696a199b}
HKEY_CLASSES_ROOT\interface\{b93a0050-ac9e-4609-b55b-a4064bfd0059}
HKEY_CLASSES_ROOT\lanbar3.multimediasite
HKEY_CLASSES_ROOT\lanbar3.multimediasite.1
HKEY_CLASSES_ROOT\lan_bar.lan_barobj
HKEY_CLASSES_ROOT\lan_bar.lan_barobj.1
HKEY_CLASSES_ROOT\typelib\{1f77f67e-bd08-4932-af5a-15fd532eedb1}
HKEY_CLASSES_ROOT\typelib\{e35306d7-b44c-4530-a2ce-94c60f8cc4dc}
HKEY_CURRENT_USER\software\lan\lanbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{b1d147e7-873e-4909-8127-695d9bb78728}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\barhelp24.0.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\iebar23.0.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\toolbar.bmp
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\urlinfo.xml
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\winio.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\winio.sys
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\winio.vxd
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\lanbar

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/hdtbar.xml
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/hdtbar.xml
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove Zhongsou Adware
Tactslay Trojan Cleaner
Removing LIGHTS Trojan
SillyDl.CFQ Downloader Removal

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)