Sunday, November 23, 2008

NetworkEssentials BHO

How To Remove NetworkEssentials?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
NetworkEssentials is dangerous virus:
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.


NetworkEssentials It also known as:

[Kaspersky]TrojanDownloader.Win32.Realtens.f;
[Other]orkEssentials

NetworkEssentials Symptoms:

Files:
[%WINDOWS%]\digital signature 20020604.htm
[%WINDOWS%]\digital signature 20021024.htm
[%WINDOWS%]\digital signature 20030603.htm
[%WINDOWS%]\digital signature 20030604.htm
[%WINDOWS%]\digital signature 20031202.htm
[%WINDOWS%]\digital signature 20031215.htm
[%WINDOWS%]\digital signature 20031218.htm
[%WINDOWS%]\digital signature 20031222.htm
[%WINDOWS%]\digital signature 20020604.htm
[%WINDOWS%]\digital signature 20021024.htm
[%WINDOWS%]\digital signature 20030603.htm
[%WINDOWS%]\digital signature 20030604.htm
[%WINDOWS%]\digital signature 20031202.htm
[%WINDOWS%]\digital signature 20031215.htm
[%WINDOWS%]\digital signature 20031218.htm
[%WINDOWS%]\digital signature 20031222.htm

Folders:
[%PROGRAM_FILES%]\recommended hotfix - 421701d
[%PROGRAM_FILES%]\network essentials
[%PROGRAM_FILES%]\networ~1\v16

Registry Keys:
HKEY_CLASSES_ROOT\appid\hp.exe
HKEY_CLASSES_ROOT\appid\{c81cff28-6df1-402f-b78c-d9493ef59882}
HKEY_CLASSES_ROOT\clsid\{e79061ba-b6e7-4a9d-a07c-c3cb561013b4}
HKEY_CLASSES_ROOT\hp.hopper
HKEY_CLASSES_ROOT\hp.hopper.1
HKEY_CLASSES_ROOT\interface\{1423903e-86cc-4470-8ab0-257c10d77d45}
HKEY_CLASSES_ROOT\interface\{4dea7ca1-3372-4204-937c-2dd4a6ed6562}
HKEY_CLASSES_ROOT\sp.smartpops
HKEY_CLASSES_ROOT\sp.smartpops.1
HKEY_CLASSES_ROOT\typelib\{47350d97-09e9-4590-864e-3431da53bf37}
HKEY_CLASSES_ROOT\typelib\{fa777197-4bf7-4aa9-a088-a0d803198de0}
HKEY_CURRENT_USER\software\activeinstall
HKEY_CURRENT_USER\software\hopper
HKEY_CURRENT_USER\software\updater
HKEY_CURRENT_USER\software\webinstall
HKEY_LOCAL_MACHINE\software\classes\appid\{c81cff28-6df1-402f-b78c-d9493ef59882}
HKEY_LOCAL_MACHINE\software\classes\clsid\{e79061ba-b6e7-4a9d-a07c-c3cb561013b4}
HKEY_LOCAL_MACHINE\software\classes\hp.hopper
HKEY_LOCAL_MACHINE\software\classes\hp.hopper.1
HKEY_LOCAL_MACHINE\software\classes\interface\{1423903e-86cc-4470-8ab0-257c10d77d45}
HKEY_LOCAL_MACHINE\software\classes\interface\{4dea7ca1-3372-4204-937c-2dd4a6ed6562}
HKEY_LOCAL_MACHINE\software\classes\interface\{a42dc659-33b5-409e-a433-650ac42ecca4}
HKEY_LOCAL_MACHINE\software\classes\interface\{a8516f49-8046-4295-8ee9-c59d5041c9e2}
HKEY_LOCAL_MACHINE\software\classes\interface\{fb82ccd5-174b-4379-bc37-72d9b5adaeda}
HKEY_LOCAL_MACHINE\software\classes\sp.smartpops
HKEY_LOCAL_MACHINE\software\classes\sp.smartpops.1
HKEY_LOCAL_MACHINE\software\classes\typelib\{47350d97-09e9-4590-864e-3431da53bf37}
HKEY_LOCAL_MACHINE\software\classes\typelib\{fa777197-4bf7-4aa9-a088-a0d803198de0}
HKEY_CLASSES_ROOT\clsid\{1423903e-86cc-4470-8ab0-257c10d77d45}
HKEY_CLASSES_ROOT\clsid\{47350d97-09e9-4590-864e-3431da53bf37}
HKEY_CLASSES_ROOT\clsid\{4dea7ca1-3372-4204-937c-2dd4a6ed6562}
HKEY_CLASSES_ROOT\clsid\{a42dc659-33b5-409e-a433-650ac42ecca4}
HKEY_CLASSES_ROOT\clsid\{a8516f49-8046-4295-8ee9-c59d5041c9e2}
HKEY_CLASSES_ROOT\clsid\{c81cff28-6df1-402f-b78c-d9493ef59882}
HKEY_CLASSES_ROOT\clsid\{d5c778f1-cf13-4e70-adf0-45a953e7cb8b}
HKEY_CLASSES_ROOT\clsid\{fa777197-4bf7-4aa9-a088-a0d803198de0}
HKEY_CLASSES_ROOT\clsid\{fb82ccd5-174b-4379-bc37-72d9b5adaeda}
HKEY_CURRENT_USER\software\medialoads enhanced
HKEY_LOCAL_MACHINE\software\classes\clsid\{0421701d-cf13-4e70-adf0-45a953e7cb8b}
HKEY_LOCAL_MACHINE\software\classes\clsid\{d5c778f1-cf13-4e70-adf0-45a953e7cb8b}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d5c778f1-cf13-4e70-adf0-45a953e7cb8b}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\network essentials

Registry Values:
HKEY_CLASSES_ROOT\interface\{a42c0ef4-1c76-43cc-989f-eadc7e4b755d}\typelib
HKEY_LOCAL_MACHINE\software\classes\appid\hp.exe
HKEY_CLASSES_ROOT\interface\{014da6c4-189f-421a-88cd-07cfe51cff10}\typelib
HKEY_CLASSES_ROOT\interface\{014da6c6-189f-421a-88cd-07cfe51cff10}\typelib
HKEY_CLASSES_ROOT\interface\{0cfc2012-205b-4e00-9417-35822237c52c}\typelib
HKEY_CLASSES_ROOT\interface\{4fe82ba0-9335-4d4e-8e98-76409a88f2c1}\typelib
HKEY_CLASSES_ROOT\interface\{5ec4d98f-ccf4-47b0-8c92-45b764a602a6}\typelib
HKEY_CLASSES_ROOT\interface\{a42c0ef4-1c76-43cc-989f-eadc7e4b755d}\typelib
HKEY_CLASSES_ROOT\interface\{ace5b10b-92a3-4103-8583-3684bb09409f}\typelib
HKEY_CLASSES_ROOT\interface\{bf24078b-dcea-4b4c-a56d-589592c500fc}\typelib
HKEY_CLASSES_ROOT\interface\{e4a5b138-6be5-4a0d-a5c3-d2de4a62ebdc}\typelib
HKEY_LOCAL_MACHINE\software\classes\appid\hp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove Dratawl Trojan
Removing Aiesnap Adware
Removing WordMacro.GoodNight Trojan

No comments: