Kill Computer Virus: 11/05/08

Wednesday, November 5, 2008

YDMusic Trojan

How To Remove Remove YDMusic?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

YDMusic is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

YDMusic Symptoms:

Registry Keys: HKEY_CLASSES_ROOT\clsid\{3e3db7f8-b26e-4a20-9749-cd3a92544108} HKEY_CLASSES_ROOT\interface\{e878fa6f-eeed-40de-81d4-df4a176bf6e1} HKEY_CLASSES_ROOT\typelib\{0e50173f-b6d3-4471-9454-f1f0dc8b8a6e} HKEY_CLASSES_ROOT\ydmusic.toolband HKEY_CLASSES_ROOT\ydmusic.toolband.1

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

RedV Tracking Cookie

How To Remove Remove RedV?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

RedV is dangerous virus:
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

If you fill out forms online with your real name and contact information,
click on banners and then purchase an item, or fill out sweepstakes or contests forms,
then it's possible that major online advertisers know your name and have associated it
with your IP address and other information.

RedV Symptoms:

Files: [%FAVORITES%]\sportsbook.url [%DESKTOP%]\free website.url [%DESKTOP%]\grokster.lnk [%DESKTOP%]\guardster.url [%FAVORITES%]\casino.url [%PROFILE%]\start menu\casino.url [%PROFILE%]\start menu\sportsbook.url [%SYSTEM%]\ielib.dll [%WINDOWS%]\system\ielib.dll [%FAVORITES%]\sportsbook.url [%DESKTOP%]\free website.url [%DESKTOP%]\grokster.lnk [%DESKTOP%]\guardster.url [%FAVORITES%]\casino.url [%PROFILE%]\start menu\casino.url [%PROFILE%]\start menu\sportsbook.url [%SYSTEM%]\ielib.dll [%WINDOWS%]\system\ielib.dll

Folders: [%PROGRAM_FILES%]\redv protector suite

Registry Keys: HKEY_CLASSES_ROOT\clsid\{9c777253-3e17-42d6-897a-11b8617a8f7c} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{9c777253-3e17-42d6-897a-11b8617a8f7c} HKEY_CURRENT_USER\software\redv.net HKEY_LOCAL_MACHINE\software\classes\clsid\{9c777253-3e17-42d6-897a-11b8617a8f7c} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9c777253-3e17-42d6-897a-11b8617a8f7c}

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Haunted Trojan

How To Remove Remove Haunted?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Haunted is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Haunted Symptoms:

Files: [%PROFILE_TEMP%]\exorcism.EXE [%PROFILE_TEMP%]\hauntpc.exe [%PROFILE_TEMP%]\exorcism.EXE [%PROFILE_TEMP%]\hauntpc.exe

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Justas Trojan

How To Remove Remove Justas?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Justas is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.

Justas It also known as:


[Kaspersky]Trojan.PSW.Justas.b,Trojan.PSW.Justas.config;
[McAfee]Justas;
[F-Prot]destructive program,security risk or a "backdoor" program;
[Panda]Trj/PSW.Justas,Trj/PSW.Justas.B;
[Computer Associates]Win32.PSW.Justas.b,Win95/Justas!Trojan,Win95/Justas-B!Trojan

Justas Symptoms:

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Obnar Trojan

How To Remove Remove Obnar?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Obnar is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Obnar It also known as:


[Kaspersky]Trojan-CLicker.Win32.Agent.iq,Trojan-Clicker.Win32.VB.ph;
[McAfee]AdClicker-C.gen;
[Other]Win32/Obnar.B,Win32/Obnar.C,Win32/Obnar,TrojanClicker.Adintricate

Obnar Symptoms:

Files: [%PROFILE_TEMP%]\hj1.exe [%PROFILE_TEMP%]\ktexec.exe [%SYSTEM%]\spool\cmd.exe [%PROFILE_TEMP%]\hj1.exe [%PROFILE_TEMP%]\ktexec.exe [%SYSTEM%]\spool\cmd.exe

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

AlwaysUpdateNews Adware

How To Remove Remove AlwaysUpdateNews?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

AlwaysUpdateNews is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

AlwaysUpdateNews Symptoms:

Folders: [%SYSTEM%]\newmsrdk

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Deepdo Toolbar

How To Remove Remove Deepdo?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Deepdo is dangerous virus:
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

Deepdo It also known as:


[Kaspersky]AdWare.Win32.BHO.cj;
[Other]Trojan:Win32/Deepdo

Deepdo Symptoms:

Folders: [%PROGRAM_FILES%]\Deepdo\DeepdoBar

Registry Keys: HKEY_CLASSES_ROOT\clsid\{00be86f6-2e61-4c1e-a36b-ae233ee21fa1} HKEY_CLASSES_ROOT\clsid\{34ab74c4-dc63-40f6-ae0d-47496174cff5} HKEY_CLASSES_ROOT\clsid\{76330a0d-617f-463a-97c1-16250dd664d9} HKEY_CLASSES_ROOT\clsid\{cd8bfe70-5809-4c73-9eee-e5672c2b79d7} HKEY_CLASSES_ROOT\clsid\{f91e7727-37b1-45fb-8858-34b7d072f336} HKEY_CLASSES_ROOT\clsid\{fdf853fa-7837-435f-b17e-601adfbce20c} HKEY_CLASSES_ROOT\deepdo.deepdoobj HKEY_CLASSES_ROOT\favblock.favhook HKEY_CLASSES_ROOT\interface\{00bf6af0-dce7-4094-bf89-616dbdfa3eaa} HKEY_CLASSES_ROOT\interface\{31fe45f2-0659-4d0b-9cf4-0fdc9a1dc596} HKEY_CLASSES_ROOT\interface\{679f8052-0a5b-4668-8436-abcb8e589767} HKEY_CLASSES_ROOT\interface\{72c4c83d-9d4c-4bf7-871e-c8bd671729b1} HKEY_CLASSES_ROOT\interface\{f903692e-b5ac-4910-8fb1-18552eefccd4} HKEY_CLASSES_ROOT\toolband.deepdo HKEY_CLASSES_ROOT\typelib\{30399fff-45aa-45ae-84d6-fe3f45ff6759} HKEY_CLASSES_ROOT\typelib\{e23e92d9-3e6d-4578-9e08-c312d7a340ee} HKEY_CURRENT_USER\software\deepdo\toolbar HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\&deepdo serach HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{cd8bfe70-5809-4c73-9eee-e5672c2b79d7} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{4ccc40af-207e-4d51-bb4d-1c67e04306c5}

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Divago.Surfairy BHO

How To Remove Remove Divago.Surfairy?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Divago.Surfairy is dangerous virus:
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.

Divago.Surfairy Symptoms:

Files: [%SYSTEM%]\surfairypp.dll [%SYSTEM%]\surfairyhlp.dll [%WINDOWS%]\system\surfairyhlp.dll [%WINDOWS%]\system\surfairypp.dll [%SYSTEM%]\surfairypp.dll [%SYSTEM%]\surfairyhlp.dll [%WINDOWS%]\system\surfairyhlp.dll [%WINDOWS%]\system\surfairypp.dll

Registry Keys: HKEY_CLASSES_ROOT\clsid\{e0b9b5fe-b66e-4fb0-a1d9-726f0e743cfd} HKEY_LOCAL_MACHINE\software\classes\clsid\{e0b9b5fe-b66e-4fb0-a1d9-726f0e743cfd} HKEY_CLASSES_ROOT\clsid\{bb9aaaf3-4f8d-48b5-a565-ff3e58433dc2} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{bb9aaaf3-4f8d-48b5-a565-ff3e58433dc2} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{e0b9b5fe-b66e-4fb0-a1d9-726f0e743cfd} HKEY_LOCAL_MACHINE\software\classes\clsid\{bb9aaaf3-4f8d-48b5-a565-ff3e58433dc2} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{bb9aaaf3-4f8d-48b5-a565-ff3e58433dc2} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{e0b9b5fe-b66e-4fb0-a1d9-726f0e743cfd}

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Bancos.IMY Trojan

How To Remove Remove Bancos.IMY?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Bancos.IMY is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Bancos.IMY It also known as:


[Kaspersky]Trojan-PSW.Win32.Gametea.l

Bancos.IMY Symptoms:

Registry Keys: HKEY_CURRENT_USER\symantecfiltercheck

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

QaBar.Adult.Links.Toolband BHO

How To Remove Remove QaBar.Adult.Links.Toolband?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

QaBar.Adult.Links.Toolband is dangerous virus:
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.

QaBar.Adult.Links.Toolband Symptoms:

Files: [%SYSTEM%]\insqcb.ins [%SYSTEM%]\QaBar.dll [%WINDOWS%]\downloaded program files\qabar.dll [%WINDOWS%]\downloaded program files\qabar.inf [%WINDOWS%]\temp\qabar.dll [%WINDOWS%]\temp\qabar.inf [%SYSTEM%]\insqcb.ins [%SYSTEM%]\QaBar.dll [%WINDOWS%]\downloaded program files\qabar.dll [%WINDOWS%]\downloaded program files\qabar.inf [%WINDOWS%]\temp\qabar.dll [%WINDOWS%]\temp\qabar.inf

Registry Keys: HKEY_LOCAL_MACHINE\software\classes\qabar\clsid HKEY_LOCAL_MACHINE\software\classes\qabar\curver HKEY_CLASSES_ROOT\clsid\{6d7d135e-f7c2-4a27-a87c-c0dfeb3a628f} HKEY_CLASSES_ROOT\clsid\{d02ee3a0-1881-419f-a5ed-737223463292} HKEY_CLASSES_ROOT\clsid\{d1320cbb-403d-483d-ae9a-688960a96977} HKEY_LOCAL_MACHINE\software\classes\qabar.adultsearch\clsid HKEY_LOCAL_MACHINE\software\classes\qabar.adultsearch\curver

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Haxdoor.cu Backdoor

How To Remove Remove Haxdoor.cu?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Haxdoor.cu is dangerous virus:
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.

Haxdoor.cu Symptoms:

Registry Keys: HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avpx32 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\avpx32.sys HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\avpx64.sys HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network\avpx32.sys HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network\avpx64.sys HKEY_LOCAL_MACHINE\system\currentcontrolset\services\avpx32 HKEY_LOCAL_MACHINE\system\currentcontrolset\services\avpx64

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Digital.Spy Backdoor

How To Remove Remove Digital.Spy?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Digital.Spy is dangerous virus:
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Digital.Spy It also known as:


[Kaspersky]Backdoor.Digispy,HackTool.Win32.Evigen;
[McAfee]New BackDoor1;
[Panda]Hacktool Program;
[Computer Associates]Backdoor/Digispy!Server

Digital.Spy Symptoms:

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Kill Computer Virus

Wednesday, November 5, 2008

YDMusic Trojan

YDMusic Symptoms:

RedV Tracking Cookie

RedV Symptoms:

Haunted Trojan

Haunted Symptoms:

Justas Trojan

Justas Symptoms:

Obnar Trojan

Obnar Symptoms:

AlwaysUpdateNews Adware

AlwaysUpdateNews Symptoms:

Deepdo Toolbar

Deepdo Symptoms:

Divago.Surfairy BHO

Divago.Surfairy Symptoms:

Bancos.IMY Trojan

Bancos.IMY Symptoms:

QaBar.Adult.Links.Toolband BHO

QaBar.Adult.Links.Toolband Symptoms:

Haxdoor.cu Backdoor

Haxdoor.cu Symptoms:

Digital.Spy Backdoor

Digital.Spy Symptoms:

Blog Archive

About Me