Saturday, November 29, 2008

SpyHeal Trojan

How To Remove SpyHeal?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
SpyHeal is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe software that encrypts the data
belonging to an individual on a computer, demanding a ransom for its restoration.
Although the field known as cryptovirology predates the term "ransomware".

SpyHeal Symptoms:

Files:
[%DESKTOP%]\SpyHeal.lnk
[%PROGRAM_FILES%]\SH\SpyHeal 3.1\SpyHeal 3.1.url
[%PROGRAM_FILES%]\SpyHeal\SpyHeal.exe
[%PROGRAM_FILES%]\SpyHeal\SpyHeal.url
[%STARTMENU%]\SpyHeal 2.1.lnk
[%DESKTOP%]\SpyHeal 2.6.lnk
[%DESKTOP%]\SpyHeal 3.8.lnk
[%DESKTOP%]\SpyHealer.lnk
[%DESKTOP%]\SpyHeals.lnk
[%PROGRAM_FILES%]\SpyHeal\antispy.sh
[%PROGRAM_FILES%]\SpyHeal\antispy.sh.old
[%PROGRAM_FILES%]\SpyHeal\blacklist.txt
[%PROGRAM_FILES%]\SpyHeal\ignored.lst
[%PROGRAM_FILES%]\SpyHeal\Lang\English.ini
[%PROGRAM_FILES%]\SpyHeal\msvcp71.dll
[%PROGRAM_FILES%]\SpyHeal\msvcr71.dll
[%PROGRAM_FILES%]\SpyHeal\sdebug.log
[%PROGRAM_FILES%]\SpyHeal\sq.ini
[%PROGRAM_FILES%]\SpyHeal\uninst.exe
[%STARTMENU%]\SpyHeal 2.5.lnk
[%STARTMENU%]\SpyHeal 2.6.lnk
[%STARTMENU%]\SpyHeal 2.7.lnk
[%STARTMENU%]\SpyHeal 2.9.lnk
[%STARTMENU%]\SpyHeal 3.3.lnk
[%STARTMENU%]\SpyHeal 3.5.lnk
[%STARTMENU%]\SpyHeal 3.8.lnk
[%STARTMENU%]\SpyHealer 2.2.lnk
[%STARTMENU%]\SpyHeals 2.3.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpyHeal 4.1.lnk
[%DESKTOP%]\SpyHeal 2.1\EULA SpyHeal 2.1.txt
[%DESKTOP%]\SpyHeal 4.1.lnk
[%DESKTOP%]\SpyHeal.lnk
[%PROFILE%]\Recent\EULA SpyHeal 2.1.txt.lnk
[%PROFILE%]\Recent\SpyHeal 2.1.lnk
[%PROFILE_TEMP%]\SHealLang.ini
[%PROGRAMS%]\SpyHeal 4.1\SpyHeal 4.1 Website.lnk
[%PROGRAMS%]\SpyHeal 4.1\SpyHeal 4.1.lnk
[%PROGRAMS%]\SpyHeal 4.1\Uninstall SpyHeal 4.1.lnk
[%PROGRAM_FILES%]\SpyHeal 4.1\antispy.sh
[%PROGRAM_FILES%]\SpyHeal 4.1\blacklist.txt
[%PROGRAM_FILES%]\SpyHeal 4.1\Lang\English.ini
[%PROGRAM_FILES%]\SpyHeal 4.1\msvcp71.dll
[%PROGRAM_FILES%]\SpyHeal 4.1\msvcr71.dll
[%PROGRAM_FILES%]\SpyHeal 4.1\SpyHeal 4.1.exe
[%PROGRAM_FILES%]\SpyHeal 4.1\SpyHeal 4.1.url
[%PROGRAM_FILES%]\SpyHeal 4.1\sq.ini
[%PROGRAM_FILES%]\SpyHeal 4.1\uninst.exe
[%STARTMENU%]\SpyHeal 4.1.lnk
[%DESKTOP%]\SpyHeal.lnk
[%PROGRAM_FILES%]\SH\SpyHeal 3.1\SpyHeal 3.1.url
[%PROGRAM_FILES%]\SpyHeal\SpyHeal.exe
[%PROGRAM_FILES%]\SpyHeal\SpyHeal.url
[%STARTMENU%]\SpyHeal 2.1.lnk
[%DESKTOP%]\SpyHeal 2.6.lnk
[%DESKTOP%]\SpyHeal 3.8.lnk
[%DESKTOP%]\SpyHealer.lnk
[%DESKTOP%]\SpyHeals.lnk
[%PROGRAM_FILES%]\SpyHeal\antispy.sh
[%PROGRAM_FILES%]\SpyHeal\antispy.sh.old
[%PROGRAM_FILES%]\SpyHeal\blacklist.txt
[%PROGRAM_FILES%]\SpyHeal\ignored.lst
[%PROGRAM_FILES%]\SpyHeal\Lang\English.ini
[%PROGRAM_FILES%]\SpyHeal\msvcp71.dll
[%PROGRAM_FILES%]\SpyHeal\msvcr71.dll
[%PROGRAM_FILES%]\SpyHeal\sdebug.log
[%PROGRAM_FILES%]\SpyHeal\sq.ini
[%PROGRAM_FILES%]\SpyHeal\uninst.exe
[%STARTMENU%]\SpyHeal 2.5.lnk
[%STARTMENU%]\SpyHeal 2.6.lnk
[%STARTMENU%]\SpyHeal 2.7.lnk
[%STARTMENU%]\SpyHeal 2.9.lnk
[%STARTMENU%]\SpyHeal 3.3.lnk
[%STARTMENU%]\SpyHeal 3.5.lnk
[%STARTMENU%]\SpyHeal 3.8.lnk
[%STARTMENU%]\SpyHealer 2.2.lnk
[%STARTMENU%]\SpyHeals 2.3.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpyHeal 4.1.lnk
[%DESKTOP%]\SpyHeal 2.1\EULA SpyHeal 2.1.txt
[%DESKTOP%]\SpyHeal 4.1.lnk
[%DESKTOP%]\SpyHeal.lnk
[%PROFILE%]\Recent\EULA SpyHeal 2.1.txt.lnk
[%PROFILE%]\Recent\SpyHeal 2.1.lnk
[%PROFILE_TEMP%]\SHealLang.ini
[%PROGRAMS%]\SpyHeal 4.1\SpyHeal 4.1 Website.lnk
[%PROGRAMS%]\SpyHeal 4.1\SpyHeal 4.1.lnk
[%PROGRAMS%]\SpyHeal 4.1\Uninstall SpyHeal 4.1.lnk
[%PROGRAM_FILES%]\SpyHeal 4.1\antispy.sh
[%PROGRAM_FILES%]\SpyHeal 4.1\blacklist.txt
[%PROGRAM_FILES%]\SpyHeal 4.1\Lang\English.ini
[%PROGRAM_FILES%]\SpyHeal 4.1\msvcp71.dll
[%PROGRAM_FILES%]\SpyHeal 4.1\msvcr71.dll
[%PROGRAM_FILES%]\SpyHeal 4.1\SpyHeal 4.1.exe
[%PROGRAM_FILES%]\SpyHeal 4.1\SpyHeal 4.1.url
[%PROGRAM_FILES%]\SpyHeal 4.1\sq.ini
[%PROGRAM_FILES%]\SpyHeal 4.1\uninst.exe
[%STARTMENU%]\SpyHeal 4.1.lnk

Folders:
[%PROGRAMS%]\SpyHeal
[%PROGRAM_FILES%]\SpyHeal
[%PROGRAMS%]\SpyHeal 2.5
[%PROGRAMS%]\SpyHeal 2.6
[%PROGRAMS%]\SpyHeal 3.3
[%PROGRAMS%]\SpyHeal 3.5
[%PROGRAMS%]\SpyHeal 3.7
[%PROGRAMS%]\SpyHeal 3.8
[%PROGRAMS%]\SpyHealer
[%PROGRAMS%]\SpyHeals
[%PROGRAM_FILES%]\SpyHealer
[%PROGRAM_FILES%]\SpyHeals
[%STARTMENU%]\Programs\SpyHeal 2.6
[%PROGRAM_FILES%]\SpyHeal 4.1\Logs
[%PROGRAM_FILES%]\SpyHeal 4.1\Quarantine

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{96E6B1C3-B5D0-89CC-4909-92D85A48B1A0}
HKEY_CLASSES_ROOT\Interface\{0EBCA7C4-AA97-4B47-99D7-4932A73E9198}
HKEY_CLASSES_ROOT\Interface\{16640BA0-193C-4BD5-882B-F92D6EF82156}
HKEY_CLASSES_ROOT\Interface\{2A041B9C-44AC-47FF-9399-CB8AEEF1CFE8}
HKEY_CLASSES_ROOT\Interface\{4DFFBEAB-DB11-4602-A3E8-0454ED3F928B}
HKEY_CLASSES_ROOT\Interface\{57DD6CFE-ABDB-46C2-92EB-316A5F499167}
HKEY_CLASSES_ROOT\Interface\{690D2910-BFD6-47D3-A96C-13E6BA2935E8}
HKEY_CLASSES_ROOT\Interface\{8407F578-6FA7-446A-8852-53E6A147472E}
HKEY_CLASSES_ROOT\Interface\{85A126D1-2706-443D-9979-8841A1C5B482}
HKEY_CLASSES_ROOT\Interface\{B11E589E-9A82-40EF-9777-8E13553F83D4}
HKEY_CLASSES_ROOT\Interface\{C2E39865-E9E9-462F-87CB-9A09CEB4795F}
HKEY_CLASSES_ROOT\Interface\{E12E00DE-9BE2-486C-A9F1-19730F93807E}
HKEY_CLASSES_ROOT\Interface\{EBDD9FB9-3A6C-4DA2-B0A9-D117528D4040}
HKEY_CLASSES_ROOT\Interface\{ED33F056-D246-4FF2-8D2A-D9F3938753BF}
HKEY_CLASSES_ROOT\Interface\{EFC68768-18B9-4930-9643-F6DD7AA60A71}
HKEY_CLASSES_ROOT\Interface\{F5EC0F1E-A3EB-49EA-BD87-989899B6E1C9}
HKEY_CLASSES_ROOT\Interface\{FEB6CDEC-70F6-4D2B-BCA4-1AB3BCDCC513}
HKEY_CLASSES_ROOT\TypeLib\{A48995B0-2BB5-4246-B0EA-55B2FFCF9129}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyHeal.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHeal
HKEY_LOCAL_MACHINE\SOFTWARE\SpyHeal
HKEY_CLASSES_ROOT\clsid\{96e6b1c3-b5d0-89cc-4909-92d85a48b1a0}
HKEY_CLASSES_ROOT\interface\{0ebca7c4-aa97-4b47-99d7-4932a73e9198}
HKEY_CLASSES_ROOT\interface\{16640ba0-193c-4bd5-882b-f92d6ef82156}
HKEY_CLASSES_ROOT\interface\{2a041b9c-44ac-47ff-9399-cb8aeef1cfe8}
HKEY_CLASSES_ROOT\interface\{4dffbeab-db11-4602-a3e8-0454ed3f928b}
HKEY_CLASSES_ROOT\interface\{57dd6cfe-abdb-46c2-92eb-316a5f499167}
HKEY_CLASSES_ROOT\interface\{690d2910-bfd6-47d3-a96c-13e6ba2935e8}
HKEY_CLASSES_ROOT\interface\{8407f578-6fa7-446a-8852-53e6a147472e}
HKEY_CLASSES_ROOT\interface\{85a126d1-2706-443d-9979-8841a1c5b482}
HKEY_CLASSES_ROOT\interface\{b11e589e-9a82-40ef-9777-8e13553f83d4}
HKEY_CLASSES_ROOT\interface\{c2e39865-e9e9-462f-87cb-9a09ceb4795f}
HKEY_CLASSES_ROOT\interface\{e12e00de-9be2-486c-a9f1-19730f93807e}
HKEY_CLASSES_ROOT\interface\{ebdd9fb9-3a6c-4da2-b0a9-d117528d4040}
HKEY_CLASSES_ROOT\interface\{ed33f056-d246-4ff2-8d2a-d9f3938753bf}
HKEY_CLASSES_ROOT\interface\{efc68768-18b9-4930-9643-f6dd7aa60a71}
HKEY_CLASSES_ROOT\interface\{f5ec0f1e-a3eb-49ea-bd87-989899b6e1c9}
HKEY_CLASSES_ROOT\interface\{feb6cdec-70f6-4d2b-bca4-1ab3bcdcc513}
HKEY_CLASSES_ROOT\typelib\{a48995b0-2bb5-4246-b0ea-55b2ffcf9129}
HKEY_CLASSES_ROOT\typelib\{b5bb175a-f6fd-40a6-b5e0-b837c85e179f}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\spyheal.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spyheal
HKEY_LOCAL_MACHINE\software\spyheal

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CLASSES_ROOT\interface\{017dca88-9177-4964-b050-ea031d039c65}\typelib
HKEY_CLASSES_ROOT\interface\{18de3b2f-e40d-4a18-81d9-1c8f6d61eb18}\typelib
HKEY_CLASSES_ROOT\interface\{3d3fd8af-184a-4a53-973c-c024de36b2a8}\typelib
HKEY_CLASSES_ROOT\interface\{3d60204a-83ec-4762-82d2-49fa5f2bb573}\typelib
HKEY_CLASSES_ROOT\interface\{49960eb0-77e3-4ef8-81bc-8d77d6c31256}\typelib
HKEY_CLASSES_ROOT\interface\{4cbcb1d2-228c-4c77-9781-acb467f7a7e1}\typelib
HKEY_CLASSES_ROOT\interface\{50b78005-6415-4b57-9fa2-f0ff6fc40637}\typelib
HKEY_CLASSES_ROOT\interface\{510d6210-8546-4823-bb06-13b5dfaad296}\typelib
HKEY_CLASSES_ROOT\interface\{7bc4871f-d412-473e-b6df-1cc138cbc9e1}\typelib
HKEY_CLASSES_ROOT\interface\{a923a22b-1af9-4a10-83fa-445dce8e993a}\typelib
HKEY_CLASSES_ROOT\interface\{a9f6d026-6cfd-49e6-8917-a24e3fb8c092}\typelib
HKEY_CLASSES_ROOT\interface\{b4d4a4c6-6f95-4fe4-9d56-6e595ab38e9e}\typelib
HKEY_CLASSES_ROOT\interface\{b8475f03-ce7b-4912-bf07-6032db9c6b03}\typelib
HKEY_CLASSES_ROOT\interface\{c4e5a4c8-903e-4825-9ec7-1550cfe28443}\typelib
HKEY_CLASSES_ROOT\interface\{c7a36685-3a80-4fc0-a771-7f1a14774b26}\typelib
HKEY_CLASSES_ROOT\interface\{f6a45adc-3007-4081-85e9-714e1662a2ee}\typelib
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Duwende Trojan Symptoms

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)