Friday, December 12, 2008

IstBar Trojan

How To Remove IstBar?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
IstBar is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
IstBar It also known as:

[Kaspersky]TrojanDownloader.Win32.IstBar.e,TrojanDownloader.Win32.IstBar.p,TrojanDownloader.Win32.IstBar.t,Trojan-Downloader.Win32.IstBar.gen,Trojan-Downloader.JS.IstBar.ai,Trojan-Downloader.Win32.Small.gl,Trojan-Downlaoder.Win32.IstBar.gen,Trojan-Downloader.Win32.IstBar.pb,Trojan-Downloader.Win32.IstBar.gz;
[McAfee]Adware-ISTbar.dldr;
[Panda]Adware/nCase,Spyware/ISTbar,Trj/W32.IST,Trojan Horse;
[Computer Associates]Win32/IstBar.ce!Downloader,Win32/PMagic.A!Trojan,Win32/IstBar.i!Downloader;
[Other]Win32/Istbar.Y,Adware.Istbar,Win32/ISTbar.BX,Win32/Istbar.CV,Troj/Small-GL,Win32/Istbar.CX,Adware.YourSiteBar

IstBar Symptoms:

Files:
[%FAVORITES%]\fun & games\betting.lnk
[%FAVORITES%]\fun & games\casino palace.lnk
[%FAVORITES%]\fun & games\casino.lnk
[%FAVORITES%]\fun & games\games.lnk
[%FAVORITES%]\fun & games\horoscope.lnk
[%PROFILE_TEMP%]\bb.exe
[%PROFILE_TEMP%]\fKdUCcQ.exe
[%PROFILE_TEMP%]\iinstall.exe
[%PROFILE_TEMP%]\isinst.exe
[%PROFILE_TEMP%]\istsv_.exe
[%PROFILE_TEMP%]\jfgudk.exe
[%PROFILE_TEMP%]\optimize.exe
[%PROFILE_TEMP%]\Rar$EX03.204\YSB_toolBar.exe
[%PROFILE_TEMP%]\Temporary Directory 2 for ----- spyaxe serial.zip\setup.exe
[%PROGRAM_FILES%]\girls25\default.skn
[%PROGRAM_FILES%]\girls25\NaughtyPlayer.exe
[%PROGRAM_FILES%]\girls25\skins\default.skn
[%PROGRAM_FILES%]\Internet Optimizer\optimize.exe
[%PROGRAM_FILES%]\ISTsvc\istsvc.exe
[%SYSTEM%]\70tovmto.ini
[%SYSTEM%]\acsproxy.dll
[%SYSTEM%]\acsproxy.lib
[%SYSTEM%]\ap9h4qmo.ini
[%SYSTEM%]\bln02nqv.exe
[%SYSTEM%]\bln02nqv.ini
[%SYSTEM%]\bw6mds51.ocx
[%SYSTEM%]\chat.dat
[%SYSTEM%]\fwntoolbar.dll
[%SYSTEM%]\gah95on6.ini
[%SYSTEM%]\home.dat
[%SYSTEM%]\imgconv.dll
[%SYSTEM%]\longtimer.ocx
[%SYSTEM%]\mciwndx.ocx
[%SYSTEM%]\olelib.tlb
[%SYSTEM%]\pics.dat
[%SYSTEM%]\trkgif.exe
[%SYSTEM%]\unregister.exe
[%SYSTEM%]\VIC32.DLL
[%SYSTEM%]\videos.dat
[%WINDOWS%]\70tovmto.exe
[%WINDOWS%]\alchem.ini
[%WINDOWS%]\Downloaded Program Files\ISTactivex.dll
[%WINDOWS%]\Downloaded Program Files\ysbactivex.dll
[%WINDOWS%]\ehiuri.exe
[%WINDOWS%]\espam.exe
[%WINDOWS%]\lnuvuhm.exe
[%WINDOWS%]\lrihhxvv.exe
[%WINDOWS%]\naqpbtvc.exe
[%WINDOWS%]\ohjxdbs.exe
[%WINDOWS%]\xcrwtu.exe
[%WINDOWS%]\kjsyjgjo.exe
[%DESKTOP%]\1187662\fmeCa1n.exe
[%DESKTOP%]\free travel voucher.url
[%PROFILE%]\desktop\free amature movie.lnk
[%PROFILE_TEMP%]\bundlersi.exe
[%PROFILE_TEMP%]\ist_install.exe
[%SYSTEM%]\a95kfrhe.ini
[%SYSTEM%]\aenhl3qr.html
[%SYSTEM%]\ap9h4qmo.exe
[%SYSTEM%]\dbm42.exe
[%SYSTEM%]\dgrdntld.exe
[%SYSTEM%]\fpuos7h2.html
[%SYSTEM%]\gamma.exe
[%SYSTEM%]\istbar.dll
[%SYSTEM%]\kmisxk.exe
[%SYSTEM%]\loudc.exe
[%SYSTEM%]\mqtqtz32.exe
[%SYSTEM%]\msyutils.exe
[%SYSTEM%]\nah.exe
[%SYSTEM%]\srchbar.dll
[%WINDOWS%]\downloaded program files\istactivex.dll
[%WINDOWS%]\fon14100.exe
[%WINDOWS%]\fyd.exe
[%WINDOWS%]\msbb.exe
[%WINDOWS%]\nem218.dll
[%WINDOWS%]\system\istbar.dll
[%WINDOWS%]\temp\istbar.dll
[%WINDOWS%]\unstsa3.exe
[%FAVORITES%]\fun & games\betting.lnk
[%FAVORITES%]\fun & games\casino palace.lnk
[%FAVORITES%]\fun & games\casino.lnk
[%FAVORITES%]\fun & games\games.lnk
[%FAVORITES%]\fun & games\horoscope.lnk
[%PROFILE_TEMP%]\bb.exe
[%PROFILE_TEMP%]\fKdUCcQ.exe
[%PROFILE_TEMP%]\iinstall.exe
[%PROFILE_TEMP%]\isinst.exe
[%PROFILE_TEMP%]\istsv_.exe
[%PROFILE_TEMP%]\jfgudk.exe
[%PROFILE_TEMP%]\optimize.exe
[%PROFILE_TEMP%]\Rar$EX03.204\YSB_toolBar.exe
[%PROFILE_TEMP%]\Temporary Directory 2 for ----- spyaxe serial.zip\setup.exe
[%PROGRAM_FILES%]\girls25\default.skn
[%PROGRAM_FILES%]\girls25\NaughtyPlayer.exe
[%PROGRAM_FILES%]\girls25\skins\default.skn
[%PROGRAM_FILES%]\Internet Optimizer\optimize.exe
[%PROGRAM_FILES%]\ISTsvc\istsvc.exe
[%SYSTEM%]\70tovmto.ini
[%SYSTEM%]\acsproxy.dll
[%SYSTEM%]\acsproxy.lib
[%SYSTEM%]\ap9h4qmo.ini
[%SYSTEM%]\bln02nqv.exe
[%SYSTEM%]\bln02nqv.ini
[%SYSTEM%]\bw6mds51.ocx
[%SYSTEM%]\chat.dat
[%SYSTEM%]\fwntoolbar.dll
[%SYSTEM%]\gah95on6.ini
[%SYSTEM%]\home.dat
[%SYSTEM%]\imgconv.dll
[%SYSTEM%]\longtimer.ocx
[%SYSTEM%]\mciwndx.ocx
[%SYSTEM%]\olelib.tlb
[%SYSTEM%]\pics.dat
[%SYSTEM%]\trkgif.exe
[%SYSTEM%]\unregister.exe
[%SYSTEM%]\VIC32.DLL
[%SYSTEM%]\videos.dat
[%WINDOWS%]\70tovmto.exe
[%WINDOWS%]\alchem.ini
[%WINDOWS%]\Downloaded Program Files\ISTactivex.dll
[%WINDOWS%]\Downloaded Program Files\ysbactivex.dll
[%WINDOWS%]\ehiuri.exe
[%WINDOWS%]\espam.exe
[%WINDOWS%]\lnuvuhm.exe
[%WINDOWS%]\lrihhxvv.exe
[%WINDOWS%]\naqpbtvc.exe
[%WINDOWS%]\ohjxdbs.exe
[%WINDOWS%]\xcrwtu.exe
[%WINDOWS%]\kjsyjgjo.exe
[%DESKTOP%]\1187662\fmeCa1n.exe
[%DESKTOP%]\free travel voucher.url
[%PROFILE%]\desktop\free amature movie.lnk
[%PROFILE_TEMP%]\bundlersi.exe
[%PROFILE_TEMP%]\ist_install.exe
[%SYSTEM%]\a95kfrhe.ini
[%SYSTEM%]\aenhl3qr.html
[%SYSTEM%]\ap9h4qmo.exe
[%SYSTEM%]\dbm42.exe
[%SYSTEM%]\dgrdntld.exe
[%SYSTEM%]\fpuos7h2.html
[%SYSTEM%]\gamma.exe
[%SYSTEM%]\istbar.dll
[%SYSTEM%]\kmisxk.exe
[%SYSTEM%]\loudc.exe
[%SYSTEM%]\mqtqtz32.exe
[%SYSTEM%]\msyutils.exe
[%SYSTEM%]\nah.exe
[%SYSTEM%]\srchbar.dll
[%WINDOWS%]\downloaded program files\istactivex.dll
[%WINDOWS%]\fon14100.exe
[%WINDOWS%]\fyd.exe
[%WINDOWS%]\msbb.exe
[%WINDOWS%]\nem218.dll
[%WINDOWS%]\system\istbar.dll
[%WINDOWS%]\temp\istbar.dll
[%WINDOWS%]\unstsa3.exe

Folders:
[%PROGRAM_FILES_COMMON%]\totem shared
[%PROGRAM_FILES%]\istsvc
[%PROGRAM_FILES%]\common files\totem shared
[%PROGRAM_FILES%]\free amature movie
[%PROGRAM_FILES%]\search bar

Registry Keys:
HKEY_CLASSES_ROOT\appid\loaderx.exe
HKEY_CLASSES_ROOT\clsid\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658}
HKEY_CLASSES_ROOT\clsid\{771a1334-6b08-4a6b-aedc-cf994ba2cebe}
HKEY_CLASSES_ROOT\CLSID\{7C559105-9ECF-42b8-B3F7-832E75EDD959}
HKEY_CLASSES_ROOT\clsid\{dc341f1b-ec77-47be-8f58-96e83861cc5a}
HKEY_CLASSES_ROOT\clsid\{ef86873f-04c2-4a95-a373-5703c08efc7b}
HKEY_CLASSES_ROOT\interface\{0e704ba4-c517-4be7-a1cd-c3ffda1e1ffe}
HKEY_CLASSES_ROOT\interface\{90ce74cc-788a-4a00-b38d-cbca08cc9e8f}
HKEY_CLASSES_ROOT\interface\{9388907f-82f5-434d-a941-bb802c6dd7c1}
HKEY_CLASSES_ROOT\interface\{bf06da8e-2beb-4816-9bbd-f7625246e245}
HKEY_CLASSES_ROOT\istactivex.installer
HKEY_CLASSES_ROOT\istactivex.installer.2
HKEY_CLASSES_ROOT\istbar.barobj
HKEY_CLASSES_ROOT\istx.installer.2
HKEY_CLASSES_ROOT\Pugi.PugiObj
HKEY_CLASSES_ROOT\Pugi.PugiObj.1
HKEY_CLASSES_ROOT\testcontentmatchcontrol1.contentmatchtag
HKEY_CLASSES_ROOT\testcontentmatchcontrol1.contentmatchtag.1
HKEY_CLASSES_ROOT\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}
HKEY_CLASSES_ROOT\typelib\{8c752c5e-3c10-4076-af0a-ffc69fa20d1b}
HKEY_CLASSES_ROOT\typelib\{8c752c5e-3c10-4076-af0a-ffc69fa20d1c}
HKEY_CLASSES_ROOT\typelib\{cc257918-f435-4a33-8231-2b8195990cca}
HKEY_CLASSES_ROOT\typelib\{db447818-96b4-40df-8a55-720da496f514}
HKEY_CLASSES_ROOT\typelib\{e9a5b71c-093b-4f34-af07-34fca89ba0df}
HKEY_CLASSES_ROOT\ysbactivex.installer
HKEY_CURRENT_USER\software\ist
HKEY_CURRENT_USER\software\istbar
HKEY_LOCAL_MACHINE\software\classes\clsid\{12398dd6-40aa-4c40-a4ec-a42cfc0de797}
HKEY_LOCAL_MACHINE\software\classes\clsid\{98a8315e-667a-11d5-87a3-bb213c32b44b}
HKEY_LOCAL_MACHINE\software\classes\clsid\{aa8c93e1-7e5f-497e-b67c-cc8fe2a40d3b}
HKEY_LOCAL_MACHINE\software\classes\clsid\{f3e7ff6d-dca1-11d4-95df-00c0dfe9982c}
HKEY_LOCAL_MACHINE\software\classes\imgconv.clsimgconv
HKEY_LOCAL_MACHINE\software\classes\interface\{2ddd90d6-f153-4ea7-a324-4b2d83d1027e}
HKEY_LOCAL_MACHINE\software\classes\interface\{79bf9dcd-c52d-4da8-b15e-ac2a88e96b0a}
HKEY_LOCAL_MACHINE\software\classes\interface\{98a8315d-667a-11d5-87a3-bb213c32b44b}
HKEY_LOCAL_MACHINE\software\classes\interface\{98a8315f-667a-11d5-87a3-bb213c32b44b}
HKEY_LOCAL_MACHINE\software\classes\interface\{996b33c1-8e19-4f4f-ab6c-52a2c523b7d3}
HKEY_LOCAL_MACHINE\software\classes\interface\{9ce15eb5-6b39-4656-9e1f-2d219ee42e0e}
HKEY_LOCAL_MACHINE\software\classes\interface\{d128e6c8-6ae7-4ecd-939e-e2e6ca7d035d}
HKEY_LOCAL_MACHINE\software\classes\istactivex.installer
HKEY_LOCAL_MACHINE\software\classes\istactivex.installer.2
HKEY_LOCAL_MACHINE\software\classes\typelib\{17ed04b9-6c71-11d4-87a3-daa6b6b40e8f}
HKEY_LOCAL_MACHINE\software\classes\typelib\{308a04d3-084d-43aa-a3e6-0d12bcca3ce6}
HKEY_LOCAL_MACHINE\software\classes\typelib\{f3e7ff6b-dca1-11d4-95df-00c0dfe9982c}
HKEY_LOCAL_MACHINE\software\istbar
HKEY_LOCAL_MACHINE\software\istsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{018B7EC3-EECA-11D3-8E71-0000E82C6C0D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{12398DD6-40AA-4C40-A4EC-A42CFC0DE797}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7C559105-9ECF-42B8-B3F7-832E75EDD959}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains\contentmatch.net
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:\windows\downloaded program files\istactivex.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\istbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\istbaristbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\istsvc
HKEY_CLASSES_ROOT\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F}
HKEY_CLASSES_ROOT\clsid\{6fd5192-a97c-4b48-a5d7-2420cfdcfdf2}
HKEY_CLASSES_ROOT\clsid\{7c559105-9ecf-42b8-b3f7-832e75edd959}
HKEY_CLASSES_ROOT\clsid\{faa356e4-d317-42a6-ab41-a3021c6e7d52}
HKEY_CLASSES_ROOT\interface\{dc065fa6-08f9-4c50-99dc-275d16cfc5bd}
HKEY_CLASSES_ROOT\istactivex.installer.1
HKEY_CLASSES_ROOT\istx.installer
HKEY_CLASSES_ROOT\pugi.pugiobj
HKEY_CLASSES_ROOT\pugi.pugiobj.1
HKEY_CLASSES_ROOT\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}
HKEY_CLASSES_ROOT\typelib\{6fd5192-a97c-4b48-a5d7-2420cfdcfdf2}
HKEY_CLASSES_ROOT\typelib\{89a10d64-83bf-41a4-86a3-7aaf1f8f3d1b}
HKEY_CLASSES_ROOT\typelib\{8d038f3d-7a31-42fa-8233-edf3ddd9fc25}
HKEY_CURRENT_USER\software\1stbar
HKEY_CURRENT_USER\software\iesearchbar
HKEY_CURRENT_USER\software\ist_exe_start
HKEY_LOCAL_MACHINE\software\classes\typelib\{7c9e9a74-1922-409e-ab46-e48784336c3a}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{018b7ec3-eeca-11d3-8e71-0000e82c6c0d}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{12398dd6-40aa-4c40-a4ec-a42cfc0de797}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{7c559105-9ecf-42b8-b3f7-832e75edd959}
HKEY_LOCAL_MACHINE\software\microsoft\currentversion\explorer\browser helper objects\{a3fdd654-a057-4971-9844-4ed8e67dbbb8}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\istactivex.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\iesearchbariesearchbar

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\approved
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\wsem update
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\wsem update
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_LOCAL_MACHINE\hardware\resourcemap\pnp manager\pnpmanager
HKEY_LOCAL_MACHINE\hardware\resourcemap\pnp manager\pnpmanager
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\approved
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\70tovmto
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\70tovmto
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\wsem update
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\wsem update

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing Win32.Makecall Trojan

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)