Monday, December 1, 2008

QuickButton Trojan

How To Remove QuickButton?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
QuickButton is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.



QuickButton It also known as:

[Kaspersky]Adware.Win32.AdHelper.ay,AdWare.Win32.AdHelper.gen,Trojan-Dwonloader.Win32.QQHelper.gb,Trojan-Downloader.Win32.QQHelper.gen,AdWare.Win32.AdHelper.cz;
[McAfee]Generic Downloader.h,Backdoor-CVM;
[F-Prot]W32/Downloader.AAWI;
[Other]Infostealer,Backdoor.CVM,Trojan-Downloader.win32.QQHelper.ce,Win32/QQHelp.N,Adware.Adhelper,Win32/Sillydl.AHL,Win32/SillyDl.AHL,Win32/QQHelp.J,Win32/QQHelpBP,Downloader

QuickButton Symptoms:

Files:
[%PROGRAM_FILES_COMMON%]\System\Updaterun.exe
[%SYSTEM%]\advport.dll
[%SYSTEM%]\nt.sys
[%SYSTEM%]\Score.txt
[%SYSTEM%]\wbem\ocmor.dat
[%SYSTEM%]\wbem\ocmor.dll
[%PROGRAM_FILES%]\CoolWebsite\QuickLink.dll
[%PROGRAM_FILES%]\CoolWebsite\uninst.exe
[%SYSTEM%]\bind_40255.exe
[%SYSTEM%]\spted.dll
[%SYSTEM%]\wbem\IRJIT.dll
[%PROGRAM_FILES_COMMON%]\System\Updaterun.exe
[%SYSTEM%]\advport.dll
[%SYSTEM%]\nt.sys
[%SYSTEM%]\Score.txt
[%SYSTEM%]\wbem\ocmor.dat
[%SYSTEM%]\wbem\ocmor.dll
[%PROGRAM_FILES%]\CoolWebsite\QuickLink.dll
[%PROGRAM_FILES%]\CoolWebsite\uninst.exe
[%SYSTEM%]\bind_40255.exe
[%SYSTEM%]\spted.dll
[%SYSTEM%]\wbem\IRJIT.dll

Folders:
[%PROGRAM_FILES%]\coolsign
[%PROGRAM_FILES_COMMON%]\UPDAT

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{d1bb7cf4-4463-4e91-88d7-ecc3ce0a13b7}
HKEY_CLASSES_ROOT\quickbutton.quickbtn
HKEY_CLASSES_ROOT\sss1.sss2.1
HKEY_CLASSES_ROOT\{d1bb7cf4-4463-4e91-88d7-ecc3ce0a13b7}
HKEY_LOCAL_MACHINE\software\divnet
HKEY_LOCAL_MACHINE\software\lamp
HKEY_LOCAL_MACHINE\software\microsoft\directoutput
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{1d901067-2529-4a9b-9b6b-7a1db3a44cb5}
HKEY_LOCAL_MACHINE\software\microsoft\studio
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\coolsign
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_barcase
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\barcase
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\barcase
HKEY_CLASSES_ROOT\interface\{0083de51-eb2e-4521-a95c-735d8e563373}
HKEY_CLASSES_ROOT\ssss1.ssss2.1
HKEY_CLASSES_ROOT\typelib\{933db9d6-9447-4efe-aba2-eaf3b309b44c}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d1bb7cf4-4463-4e91-88d7-ecc3ce0a13b7}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\quicklink
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_atwork
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_dateing
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_ipdodrg
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_iunag
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_soscar
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\atwork
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dateing
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\dateing
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\soscar
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ipdodrg
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\iunag
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\soscar

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping
HKEY_CURRENT_USER\software\microsoft\internet explorer\typedurls
HKEY_CURRENT_USER\software\microsoft\internet explorer\typedurls
HKEY_CURRENT_USER\software\microsoft\internet explorer\typedurls
HKEY_CURRENT_USER\software\microsoft\internet explorer\typedurls
HKEY_CURRENT_USER\software\microsoft\internet explorer\typedurls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\license\parameters
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\templates\parameters


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove FDoS.Buwah DoS
Remove Msolob Ransomware

No comments: