Friday, November 21, 2008

IntermixMedia.KeenValue Adware

How To Remove IntermixMedia.KeenValue?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
IntermixMedia.KeenValue is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.A Search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
IntermixMedia.KeenValue It also known as:

[Kaspersky]TrojanDownloader.Win32.Keenval;
[Eset]Win32/TrojanDownloader.Keenval.E trojan;
[Panda]Adware/EUniverse,Adware/KeenValue

IntermixMedia.KeenValue Symptoms:

Files:
[%APPDATA%]\Musicmatch\Plugins\Portables\LyraHD_4\LyraHDD\Thomson\mp3.exe
[%PROFILE_TEMP%]\kvlhookwin.dll
[%PROFILE_TEMP%]\LyraHD\mp3.exe
[%PROFILE_TEMP%]\perfectnavUninstall.exe
[%PROFILE_TEMP%]\polmx3.inf
[%PROFILE_TEMP%]\sui.exe
[%PROGRAM_FILES%]\MUSICMATCH\MUSICMATCH Jukebox\Plugins\Portables\LyraHD_4\LyraHDD\Thomson\mp3.exe
[%PROGRAM_FILES_COMMON%]\SearchUpgrader\system.cfg
[%WINDOWS%]\inf\polmx3.inf
[%PROGRAMS%]\screensavers\jalapeno\configure screensaver.lnk
[%PROGRAMS%]\screensavers\jalapeno\uninstall.lnk
[%PROGRAM_FILES%]\screensavers\jalapeno\keenvalueinstall_99.exe
[%PROGRAM_FILES%]\screensavers\jalapeno\regw.exe
[%PROGRAM_FILES%]\screensavers\jalapeno\setup_flowgobar_with_track.exe
[%PROGRAM_FILES%]\screensavers\jalapeno\setup_incredifind_screensaver_with_track.exe
[%PROGRAM_FILES%]\screensavers\jalapeno\tipb.exe
[%PROGRAM_FILES%]\screensavers\jalapeno\uninstall.exe
[%STARTUP%]\keenvalue.lnk
[%SYSTEM%]\jalapeno.scr
[%SYSTEM%]\perfectnavbho.dll
[%WINDOWS%]\start menu\programs\startup\keenvalue.lnk
[%WINDOWS%]\system\perfectnavbho.dll
[%APPDATA%]\Musicmatch\Plugins\Portables\LyraHD_4\LyraHDD\Thomson\mp3.exe
[%PROFILE_TEMP%]\kvlhookwin.dll
[%PROFILE_TEMP%]\LyraHD\mp3.exe
[%PROFILE_TEMP%]\perfectnavUninstall.exe
[%PROFILE_TEMP%]\polmx3.inf
[%PROFILE_TEMP%]\sui.exe
[%PROGRAM_FILES%]\MUSICMATCH\MUSICMATCH Jukebox\Plugins\Portables\LyraHD_4\LyraHDD\Thomson\mp3.exe
[%PROGRAM_FILES_COMMON%]\SearchUpgrader\system.cfg
[%WINDOWS%]\inf\polmx3.inf
[%PROGRAMS%]\screensavers\jalapeno\configure screensaver.lnk
[%PROGRAMS%]\screensavers\jalapeno\uninstall.lnk
[%PROGRAM_FILES%]\screensavers\jalapeno\keenvalueinstall_99.exe
[%PROGRAM_FILES%]\screensavers\jalapeno\regw.exe
[%PROGRAM_FILES%]\screensavers\jalapeno\setup_flowgobar_with_track.exe
[%PROGRAM_FILES%]\screensavers\jalapeno\setup_incredifind_screensaver_with_track.exe
[%PROGRAM_FILES%]\screensavers\jalapeno\tipb.exe
[%PROGRAM_FILES%]\screensavers\jalapeno\uninstall.exe
[%STARTUP%]\keenvalue.lnk
[%SYSTEM%]\jalapeno.scr
[%SYSTEM%]\perfectnavbho.dll
[%WINDOWS%]\start menu\programs\startup\keenvalue.lnk
[%WINDOWS%]\system\perfectnavbho.dll

Folders:
[%PROGRAM_FILES%]\bho
[%PROGRAM_FILES_COMMON%]\updater
[%PROGRAM_FILES_COMMON%]\updmgr
[%PROGRAM_FILES%]\perfectnav
[%PROGRAM_FILES%]\perfec~1\bho
[%PROGRAM_FILES%]\common files\updater
[%PROGRAM_FILES%]\common files\updmgr

Registry Keys:
HKEY_CLASSES_ROOT\bho.perfectnavbho
HKEY_CLASSES_ROOT\bho.perfectnavbho.1
HKEY_CLASSES_ROOT\typelib\{de289bfa-737b-4abb-a4ec-f8753551b875}
HKEY_LOCAL_MACHINE\software\classes\clsid\{00d6a7e7-4a97-456f-848a-3b75bf7554d7}
HKEY_LOCAL_MACHINE\software\perfectnav
HKEY_CLASSES_ROOT\bho.eunivbho.1
HKEY_CLASSES_ROOT\clsid\{269b6797-664e-48aa-b283-b012bdf6e525}
HKEY_CLASSES_ROOT\flgobar.flgobar
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{269b6797-664e-48aa-b283-b012bdf6e525}
HKEY_LOCAL_MACHINE\interface\{eabbb49a-4d7b-415b-8250-15c3b854e9ff}
HKEY_LOCAL_MACHINE\software\classes\clsid\{01cd4dda-166d-4831-a373-accc27e1bb9d}
HKEY_LOCAL_MACHINE\software\classes\clsid\{269b6797-664e-48aa-b283-b012bdf6e525}
HKEY_LOCAL_MACHINE\software\classes\clsid\{4e7bd74f-2b8d-469e-c0ff-fd63b399bc7d}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{01cd4dda-166d-4831-a373-accc27e1bb9d}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{269b6797-664e-48aa-b283-b012bdf6e525}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\xbtb03439.xbtb03439toolbar
HKEY_LOCAL_MACHINE\software\{f08555af-9cc3-11d2-aa8e-000000000000}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\flowgobar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\flowgobar
HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks
HKEY_LOCAL_MACHINE\software\kasperskylab\components\101\standalone
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\flowgobar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\flowgobar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\jalapeno screensaver
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\jalapeno screensaver
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\jalapeno screensaver

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
SillyDl.BIT Trojan Removal
Removing Quebus Backdoor
AXPlayer.Spy Trojan Removal

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)