Thursday, November 13, 2008

IntermixMedia.PowerSearch BHO

How To Remove IntermixMedia.PowerSearch?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
IntermixMedia.PowerSearch is dangerous virus:
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

IntermixMedia.PowerSearch Symptoms:

Files:
[%PROGRAM_FILES%]\powers~1\toolbar\pwrs0102.dll
[%SYSTEM%]\flgobar.dll
[%SYSTEM%]\infobar.dll
[%SYSTEM%]\pwrs0102.dll
[%SYSTEM%]\pwrs0104.dll
[%SYSTEM%]\pwrs0108.dll
[%SYSTEM%]\pwrs0rbi.dll
[%SYSTEM%]\pwrsaimf.dll
[%SYSTEM%]\pwrsbikd.dll
[%SYSTEM%]\pwrsc032.dll
[%SYSTEM%]\pwrscuz3.dll
[%SYSTEM%]\pwrscznc.dll
[%SYSTEM%]\pwrsqsim.dll
[%SYSTEM%]\pwrswmda.dll
[%SYSTEM%]\searchbr.dll
[%WINDOWS%]\system\flgobar.dll
[%WINDOWS%]\system\infobar.dll
[%WINDOWS%]\system\pwrs0102.dll
[%WINDOWS%]\system\pwrs0104.dll
[%WINDOWS%]\system\pwrs0108.dll
[%WINDOWS%]\system\pwrs0rbi.dll
[%WINDOWS%]\system\pwrsaimf.dll
[%WINDOWS%]\system\pwrsbikd.dll
[%WINDOWS%]\system\pwrsc032.dll
[%WINDOWS%]\system\pwrscuz3.dll
[%WINDOWS%]\system\pwrscznc.dll
[%WINDOWS%]\system\pwrsqsim.dll
[%WINDOWS%]\system\pwrswmda.dll
[%WINDOWS%]\system\searchbr.dll
[%PROGRAM_FILES%]\powers~1\toolbar\pwrs0102.dll
[%SYSTEM%]\flgobar.dll
[%SYSTEM%]\infobar.dll
[%SYSTEM%]\pwrs0102.dll
[%SYSTEM%]\pwrs0104.dll
[%SYSTEM%]\pwrs0108.dll
[%SYSTEM%]\pwrs0rbi.dll
[%SYSTEM%]\pwrsaimf.dll
[%SYSTEM%]\pwrsbikd.dll
[%SYSTEM%]\pwrsc032.dll
[%SYSTEM%]\pwrscuz3.dll
[%SYSTEM%]\pwrscznc.dll
[%SYSTEM%]\pwrsqsim.dll
[%SYSTEM%]\pwrswmda.dll
[%SYSTEM%]\searchbr.dll
[%WINDOWS%]\system\flgobar.dll
[%WINDOWS%]\system\infobar.dll
[%WINDOWS%]\system\pwrs0102.dll
[%WINDOWS%]\system\pwrs0104.dll
[%WINDOWS%]\system\pwrs0108.dll
[%WINDOWS%]\system\pwrs0rbi.dll
[%WINDOWS%]\system\pwrsaimf.dll
[%WINDOWS%]\system\pwrsbikd.dll
[%WINDOWS%]\system\pwrsc032.dll
[%WINDOWS%]\system\pwrscuz3.dll
[%WINDOWS%]\system\pwrscznc.dll
[%WINDOWS%]\system\pwrsqsim.dll
[%WINDOWS%]\system\pwrswmda.dll
[%WINDOWS%]\system\searchbr.dll

Folders:
[%PROGRAM_FILES%]\powersearch
[%PROGRAM_FILES%]\powersoft\toolbar

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{bbbe1c1a-89f7-4af6-abd1-f8fbcfa47408}
HKEY_CLASSES_ROOT\accent-graphics.powersearch.2.0
HKEY_CLASSES_ROOT\clsid\{47801270-3ce6-434f-8e71-75b7e0cd64b2}
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-a08d-8f6fa787ad2d}
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-a08e-8e1ca787ad2d}
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-a1e4-ea6fa787ad2d}
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-a68e-8e1ca787ad2d}
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-aa8e-8e1ca787ad2d}
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-c0fc-f378a787ad2d}
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-c0fc-f76fa694bf2e}
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-c0ff-fd63b29bb37d}
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-c0ff-fd63b399bc7d}
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-d1f0-e56fa787ad2d}
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-d3fa-f27ba787ad2d}
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-d4f3-f66da787ad2d}
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-d6f5-f66ea787ad2d}
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-dbfc-ed1ca787ad2d}
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-dff7-ec7da787ad2d}
HKEY_CLASSES_ROOT\clsid\{5154cbed-e3ea-4bf6-90c9-32776282076b}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{4e7bd74f-2b8d-469e-c0fc-f76fa694bf2e}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{4e7bd74f-2b8d-469e-d6f5-f66ea787ad2d}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{4e7bd74f-2b8d-469e-dff7-ec7da787ad2d}
HKEY_CLASSES_ROOT\toolband.xbtb03439
HKEY_CLASSES_ROOT\toolband.xbtb03439.1
HKEY_CLASSES_ROOT\typelib\{d737944e-4270-4774-b3ce-062fa7369a23}
HKEY_CLASSES_ROOT\xbtb03439.ietoolbar
HKEY_CLASSES_ROOT\xbtb03439.ietoolbar.1
HKEY_CLASSES_ROOT\xbtb03439.xbtb03439.1
HKEY_CURRENT_USER\software\xbtb03439\toolbar
HKEY_LOCAL_MACHINE\software\classes\clsid\{4e7bd74f-2b8d-469e-a08d-8f6fa787ad2d}
HKEY_LOCAL_MACHINE\software\classes\clsid\{4e7bd74f-2b8d-469e-a08e-8e1ca787ad2d}
HKEY_LOCAL_MACHINE\software\classes\clsid\{4e7bd74f-2b8d-469e-a1e4-ea6fa787ad2d}
HKEY_LOCAL_MACHINE\software\classes\clsid\{4e7bd74f-2b8d-469e-a68e-8e1ca787ad2d}
HKEY_LOCAL_MACHINE\software\classes\clsid\{4e7bd74f-2b8d-469e-aa8e-8e1ca787ad2d}
HKEY_LOCAL_MACHINE\software\classes\clsid\{4e7bd74f-2b8d-469e-c0fc-f378a787ad2d}
HKEY_LOCAL_MACHINE\software\classes\clsid\{4e7bd74f-2b8d-469e-c0fc-f76fa694bf2e}
HKEY_LOCAL_MACHINE\software\classes\clsid\{4e7bd74f-2b8d-469e-c0ff-fd63b29bb37d}
HKEY_LOCAL_MACHINE\software\classes\clsid\{4e7bd74f-2b8d-469e-d1f0-e56fa787ad2d}
HKEY_LOCAL_MACHINE\software\classes\clsid\{4e7bd74f-2b8d-469e-d3fa-f27ba787ad2d}
HKEY_LOCAL_MACHINE\software\classes\clsid\{4e7bd74f-2b8d-469e-d4f3-f66da787ad2d}
HKEY_LOCAL_MACHINE\software\classes\clsid\{4e7bd74f-2b8d-469e-d6f5-f66ea787ad2d}
HKEY_LOCAL_MACHINE\software\classes\clsid\{4e7bd74f-2b8d-469e-dbfc-ed1ca787ad2d}
HKEY_LOCAL_MACHINE\software\classes\clsid\{4e7bd74f-2b8d-469e-dff7-ec7da787ad2d}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5629aaa8-dad0-493d-b8a7-fe3e0b06be37}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4e7bd74f-2b8d-469e-c0fc-f76fa694bf2e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4e7bd74f-2b8d-469e-dff7-ec7da787ad2d}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\powersearch_toolbar.dll

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/about.html
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/basis.xml
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/error.html
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/logo.bmp
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/nav.bmp
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/options.html
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/toolbar.crc
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/version.txt

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)