Friday, November 28, 2008

PeopleOnPage.Apropos BHO

How To Remove PeopleOnPage.Apropos?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
PeopleOnPage.Apropos is dangerous virus:
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search.

PeopleOnPage.Apropos Symptoms:

Files:
[%PROFILE_TEMP%]\cxtpls_loader.exe
[%PROGRAM_FILES%]\Aprps\libexpat.dll
[%SYSTEM%]\cicmp13n.exe
[%SYSTEM%]\cnekpart.exe
[%SYSTEM%]\subup.exe
[%SYSTEM%]\wmvi32.exe
[%WINDOWS%]\downloaded program files\pop.inf
[%PROFILE%]\apropos_client_loader.exe
[%PROFILE_TEMP%]\wk_122.exe
[%PROFILE_TEMP%]\wk_123.exe
[%PROFILE_TEMP%]\wk_12a.exe
[%PROFILE_TEMP%]\wk_12b.exe
[%PROFILE_TEMP%]\wk_12d.exe
[%PROFILE_TEMP%]\wk_13a.exe
[%PROFILE_TEMP%]\wk_395.exe
[%PROFILE_TEMP%]\~compoundinst0\auto_update_loader.exe
[%SYSTEM%]\internetfeatures.exe
[%SYSTEM%]\ulioci.exe
[%WINDOWS%]\downloaded program files\monpop.exe
[%WINDOWS%]\downloaded program files\mybutton.swf
[%WINDOWS%]\downloaded program files\pop225.dll
[%WINDOWS%]\downloaded program files\pophook4.dll
[%WINDOWS%]\downloaded program files\popsrv225.exe
[%PROFILE_TEMP%]\cxtpls_loader.exe
[%PROGRAM_FILES%]\Aprps\libexpat.dll
[%SYSTEM%]\cicmp13n.exe
[%SYSTEM%]\cnekpart.exe
[%SYSTEM%]\subup.exe
[%SYSTEM%]\wmvi32.exe
[%WINDOWS%]\downloaded program files\pop.inf
[%PROFILE%]\apropos_client_loader.exe
[%PROFILE_TEMP%]\wk_122.exe
[%PROFILE_TEMP%]\wk_123.exe
[%PROFILE_TEMP%]\wk_12a.exe
[%PROFILE_TEMP%]\wk_12b.exe
[%PROFILE_TEMP%]\wk_12d.exe
[%PROFILE_TEMP%]\wk_13a.exe
[%PROFILE_TEMP%]\wk_395.exe
[%PROFILE_TEMP%]\~compoundinst0\auto_update_loader.exe
[%SYSTEM%]\internetfeatures.exe
[%SYSTEM%]\ulioci.exe
[%WINDOWS%]\downloaded program files\monpop.exe
[%WINDOWS%]\downloaded program files\mybutton.swf
[%WINDOWS%]\downloaded program files\pop225.dll
[%WINDOWS%]\downloaded program files\pophook4.dll
[%WINDOWS%]\downloaded program files\popsrv225.exe

Folders:
[%PROFILE_TEMP%]\autoupdate0
[%PROGRAM_FILES%]\aprps
[%PROGRAM_FILES%]\cxtpls
[%APPDATA%]\pop!
[%PROGRAM_FILES%]\aproposclient

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{016235BE-59D4-4CEB-ADD5-E2378282A1D9}
HKEY_CLASSES_ROOT\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212}
HKEY_CLASSES_ROOT\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}
HKEY_CLASSES_ROOT\interface\{a1558b18-f76c-40fe-b358-9e47449f3cfe}
HKEY_CLASSES_ROOT\interface\{a2872b10-39f2-42df-9335-7dd38cf75255}
HKEY_CLASSES_ROOT\interface\{a7d0472e-c1fc-4d8f-aba1-98a7692561bf}
HKEY_CLASSES_ROOT\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}
HKEY_CURRENT_USER\software\apropos
HKEY_LOCAL_MACHINE\software\aprps
HKEY_LOCAL_MACHINE\Software\AutoLoader
HKEY_LOCAL_MACHINE\SOFTWARE\Envolo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{016235BE-59D4-4CEB-ADD5-E2378282A1D9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AproposClient
HKEY_CLASSES_ROOT\apropos.client
HKEY_CLASSES_ROOT\apropos.client.1.1
HKEY_CLASSES_ROOT\clsid\{016235be-59d4-4ceb-add5-e2378282a1d9}
HKEY_CLASSES_ROOT\clsid\{645fd3bc-c314-4f7a-9d2e-64d62a0fdd78}
HKEY_CLASSES_ROOT\clsid\{65c8c1f5-230e-4dc9-9a0d-f3159a5e7778}
HKEY_CLASSES_ROOT\clsid\{8023a3e7-ab95-4c23-8313-0be9842cc70e}
HKEY_CLASSES_ROOT\clsid\{976c4e11-b9c5-4b2b-97ef-f7d06ba4242f}
HKEY_CLASSES_ROOT\clsid\{a2872b10-39f2-42df-9335-7dd38cf75255}
HKEY_CLASSES_ROOT\clsid\{a4a58a2c-b039-432b-8bc1-dca7ac0757dc}
HKEY_CLASSES_ROOT\clsid\{b5ab638f-d76c-415b-a8f2-f3ceac502212}
HKEY_CLASSES_ROOT\clsid\{bc333116-6ea1-40a1-9d07-ecb192db8cea}
HKEY_CLASSES_ROOT\clsid\{d5580d6f-0e5f-4bdb-9cdf-f8ee68beb008}
HKEY_CLASSES_ROOT\interface\{bc333116-6ea1-40a1-9d07-ecb192db8cea}
HKEY_CLASSES_ROOT\pop.server
HKEY_CLASSES_ROOT\pop.server.1
HKEY_CURRENT_USER\software\pop
HKEY_LOCAL_MACHINE\software\apropos
HKEY_LOCAL_MACHINE\software\autoloader
HKEY_LOCAL_MACHINE\software\classes\apropos.client
HKEY_LOCAL_MACHINE\software\classes\apropos.client.1.1
HKEY_LOCAL_MACHINE\software\classes\pop.server\clsid
HKEY_LOCAL_MACHINE\software\classes\pop.server\curver
HKEY_LOCAL_MACHINE\software\cvttsacsmv39
HKEY_LOCAL_MACHINE\software\envolo
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{d5580d6f-0e5f-4bdb-9cdf-f8ee68beb008}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{016235be-59d4-4ceb-add5-e2378282a1d9}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\aprload.bin
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\load.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\pop225.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\pophook4.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\popsrv225.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\aproposclient
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pop
HKEY_LOCAL_MACHINE\software\pop
HKEY_USERS\.default\software\microsoft\windows\currentversion\internet settings\zonemap\domains\apropos-media.com

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CLASSES_ROOT\clsid
HKEY_CURRENT_USER\clsid
HKEY_CURRENT_USER\software\classes\clsid
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\pop
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\pop
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/monpop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/monpop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/pop225.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/pop225.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/pophook4.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/pophook4.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/popsrv225.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/popsrv225.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
SillyDl.CZL Trojan Cleaner
ClickSpring.PurityScan Adware Cleaner
BO2K.Server Trojan Information
PSW.Delf.cf Trojan Symptoms

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)