Sunday, October 26, 2008

Expext.MetaDirect BHO

How To Remove Remove Expext.MetaDirect?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Expext.MetaDirect is dangerous virus:
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Expext.MetaDirect Symptoms:

Files:
[%SYSTEM%]\expext.dll
[%WINDOWS%]\system\expext.dll
[%SYSTEM%]\expext.dll
[%WINDOWS%]\system\expext.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{23bc1ccf-4be7-497f-b154-6ada68425fbb}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{23bc1ccf-4be7-497f-b154-6ada68425fbb}
HKEY_LOCAL_MACHINE\software\classes\clsid\{23bc1ccf-4be7-497f-b154-6ada68425fbb}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{23bc1ccf-4be7-497f-b154-6ada68425fbb}

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Oboistinn Downloader Removal
ClientMan.bho1 BHO Removal instruction
Ursnif Trojan Removal
IESearch BHO Cleaner
Remove SillyDl.DKZ Downloader

Posted by at No comments:

SillyDL.7QD Trojan

How To Remove Remove SillyDL.7QD?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
SillyDL.7QD is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
SillyDL.7QD It also known as:

[Other]W32/DLoader.BEIC

SillyDL.7QD Symptoms:

Files:
[%WINDOWS%]\Temp\1.exe
[%PROFILE_TEMP%]\ieplorer.exe
[%SYSTEM%]\11683765931.exe
[%SYSTEM%]\drivers\qwwkbo52.sys
[%SYSTEM%]\qwwkbo52.dll
[%SYSTEM%]\s1168376583.web
[%WINDOWS%]\Temp\10565.exe
[%WINDOWS%]\Temp\1.exe
[%PROFILE_TEMP%]\ieplorer.exe
[%SYSTEM%]\11683765931.exe
[%SYSTEM%]\drivers\qwwkbo52.sys
[%SYSTEM%]\qwwkbo52.dll
[%SYSTEM%]\s1168376583.web
[%WINDOWS%]\Temp\10565.exe

Registry Values:
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_qwwkbo52
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_qwwkbo52\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_qwwkbo52\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_qwwkbo52\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_qwwkbo52\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_qwwkbo52\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_qwwkbo52\0000\control
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_qwwkbo52\0000\control
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\qwwkbo52
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\qwwkbo52
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\qwwkbo52
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\qwwkbo52
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\qwwkbo52
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\qwwkbo52
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\qwwkbo52\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\qwwkbo52\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\qwwkbo52\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\qwwkbo52\security

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
TrafficJam Adware Removal instruction
Removing CWS Adware
Infotel.srl Adware Information
Mini.Oblivion Backdoor Information
SrchUpdt Adware Removal instruction

Posted by at No comments:

Rbot.GHJ Worm

How To Remove Remove Rbot.GHJ?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Rbot.GHJ is dangerous virus:
Worms can be classified by installation method, launch method and finally according
to characteristics standard to all malware: polymorphism, stealth etc.

Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.

Rbot.GHJ Symptoms:

Files:
[%SYSTEM%]\bbvmwxxf.hml
[%SYSTEM%]\filesms.fms
[%SYSTEM%]\langeinf.lin
[%SYSTEM%]\nonrunso.ber
[%SYSTEM%]\rubezahl.rub
[%SYSTEM%]\runstop.rst
[%WINDOWS%]\WinSecurity\csrss.PIF
[%WINDOWS%]\WinSecurity\mssock1.dli
[%WINDOWS%]\WinSecurity\mssock2.dli
[%WINDOWS%]\WinSecurity\mssock3.dli
[%WINDOWS%]\WinSecurity\nichtnem.nop
[%WINDOWS%]\WinSecurity\starter.run
[%WINDOWS%]\WinSecurity\sysonce.tst
[%WINDOWS%]\WinSecurity\winmem1.ory
[%WINDOWS%]\WinSecurity\winmem2.ory
[%WINDOWS%]\WinSecurity\winmem3.ory
[%SYSTEM%]\bbvmwxxf.hml
[%SYSTEM%]\filesms.fms
[%SYSTEM%]\langeinf.lin
[%SYSTEM%]\nonrunso.ber
[%SYSTEM%]\rubezahl.rub
[%SYSTEM%]\runstop.rst
[%WINDOWS%]\WinSecurity\csrss.PIF
[%WINDOWS%]\WinSecurity\mssock1.dli
[%WINDOWS%]\WinSecurity\mssock2.dli
[%WINDOWS%]\WinSecurity\mssock3.dli
[%WINDOWS%]\WinSecurity\nichtnem.nop
[%WINDOWS%]\WinSecurity\starter.run
[%WINDOWS%]\WinSecurity\sysonce.tst
[%WINDOWS%]\WinSecurity\winmem1.ory
[%WINDOWS%]\WinSecurity\winmem2.ory
[%WINDOWS%]\WinSecurity\winmem3.ory

Folders:
[%WINDOWS%]\WinSecurity

Registry Values:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
All.In.One.Spy Spyware Symptoms
BEsys Downloader Cleaner
CWS.DNSRelay Hijacker Information
Remove Relevant.Knowledge Spyware
Remove Infotel.srl Adware

Posted by at No comments:

MenaceRescue Ransomware

How To Remove Remove MenaceRescue?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
MenaceRescue is dangerous virus:
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe software that encrypts the data
belonging to an individual on a computer, demanding a ransom for its restoration.
Although the field known as cryptovirology predates the term "ransomware".

MenaceRescue Symptoms:

Files:
[%PROGRAM_FILES%]\MenaceRescue\pgs.exe
[%PROGRAM_FILES%]\MenaceRescue\pgs.exe

Folders:
[%APPDATA%]\MenaceRescue
[%COMMON_PROGRAMS%]\MenaceRescue
[%PROGRAM_FILES%]\MenaceRescue
[%PROGRAM_FILES_COMMON%]\MenaceRescue

Registry Keys:
HKEY_CLASSES_ROOT\AppID\PopupG.DLL
HKEY_CLASSES_ROOT\AppID\{7F7775D5-1EC8-4c0d-9BD7-6F3380959861}
HKEY_CLASSES_ROOT\AVPGIntegrator.IEIntegrator
HKEY_CLASSES_ROOT\AVPGIntegrator.IEIntegrator.1
HKEY_CLASSES_ROOT\CLSID\{C4514FE1-54AA-42f0-B212-BA8065206F8F}
HKEY_CLASSES_ROOT\CLSID\{D3B4C621-6024-410B-9F0F-22CBD6981F5E}
HKEY_CLASSES_ROOT\G.Object
HKEY_CLASSES_ROOT\G.Object.1
HKEY_CLASSES_ROOT\Interface\{D961C9CA-59B3-46DD-9CEE-47714CFE2831}
HKEY_CLASSES_ROOT\TypeLib\{55B49019-E69E-47FD-A67F-F28D83E5B695}
HKEY_CLASSES_ROOT\TypeLib\{7F7775D5-1EC8-4C0D-9BD7-6F3380959861}
HKEY_CURRENT_USER\SOFTWARE\MenaceRescue
HKEY_LOCAL_MACHINE\SOFTWARE\MenaceRescue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UGA6P_is1
HKEY_LOCAL_MACHINE\SOFTWARE\uga6pcw
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPF
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPF

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing Istbar.dr Downloader
NetHack RAT Symptoms
SillyDl.DKZ Downloader Information
Win32.TrojanDropper.Small Trojan Removal
SillyDl.CJM Downloader Information

Posted by at No comments:

DisableKey Adware

How To Remove Remove DisableKey?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
DisableKey is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

DisableKey Symptoms:

Registry Keys:
HKEY_CURRENT_USER\software\adwaredisablekey3
HKEY_LOCAL_MACHINE\software\adwaredisablekey3
HKEY_CLASSES_ROOT\clsid\{4c73246c-b917-d8fd-cf5b-025cdd411be8}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4c73246c-b917-d8fd-cf5b-025cdd411be8}

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
CoolWeb Adware Removal
ClientMan.bho1 BHO Removal
Removing Propo Trojan
Remove Infiltrator Trojan
NetHack RAT Cleaner

Posted by at No comments:
Subscribe to: Posts (Atom)