Kill Computer Virus: 11/09/08

Sunday, November 9, 2008

BlockChecker Adware

How To Remove BlockChecker?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

BlockChecker is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

BlockChecker Symptoms:

Files: [%PROGRAM_FILES%]\Block Checker\Block Checker.exe [%PROGRAM_FILES%]\Block Checker\block-checker.exe [%PROGRAM_FILES%]\Block Checker\Block Checker.exe [%PROGRAM_FILES%]\Block Checker\block-checker.exe

Folders: [%PROGRAM_FILES%]\block checker [%PROGRAMS%]\block checker

Registry Keys: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\block checker

Registry Values: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

NetControl Spyware

How To Remove NetControl?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

NetControl is dangerous virus:
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.

NetControl Symptoms:

Files: [%WINDOWS%]\system\netserv.exe [%WINDOWS%]\system\netserv.exe

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Xtractor.Plus Adware

How To Remove Xtractor.Plus?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Xtractor.Plus is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

Xtractor.Plus Symptoms:

Files: [%WINDOWS%]\hhs.url [%WINDOWS%]\hhs.url

Folders: [%DESKTOP%]\xtractor plus.lnk [%PROGRAMS%]\xtractor plus 3.6 [%PROGRAM_FILES%]\xtractor plus

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Banbra.dq Spyware

How To Remove Banbra.dq?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Banbra.dq is dangerous virus:
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Banbra.dq Symptoms:

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

ServU.based Backdoor

How To Remove ServU.based?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

ServU.based is dangerous virus:
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

ServU.based Symptoms:

Registry Keys: HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_ssdpcl HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ssdpcl

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

TrafficHog Adware

How To Remove TrafficHog?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

TrafficHog is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.

TrafficHog Symptoms:

Files: [%SYSTEM%]\winalot32.dll [%SYSTEM%]\winalot32.dll

Registry Keys: HKEY_CLASSES_ROOT\clsid\{086cefd5-a88d-4981-8915-d51f04360ed1} HKEY_CLASSES_ROOT\interface\{90ccdcb0-c9e5-4dc0-b791-a1111d37af9d} HKEY_CLASSES_ROOT\interface\{967b8a74-4063-49ab-95d4-e3d25308ec66} HKEY_CLASSES_ROOT\interface\{a19ac0c8-24c1-43c9-8f7c-449e931df473} HKEY_CLASSES_ROOT\interface\{da8fe493-49a2-44f6-b4aa-e58cafc7ffdf} HKEY_CLASSES_ROOT\interface\{fab925c1-16b6-4de1-bfca-880fbeafe584} HKEY_CLASSES_ROOT\interface\{fb3daa1e-3236-4b43-9c19-64f57eb9c019} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{086cefd5-a88d-4981-8915-d51f04360ed1}

Registry Values: HKEY_CURRENT_USER\software\traffichog HKEY_CURRENT_USER\software\traffichog

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

KeyLog.JanNet Trojan

How To Remove KeyLog.JanNet?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

KeyLog.JanNet is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

KeyLog.JanNet It also known as:


[Kaspersky]Trojan.Spy.Janet.420,TrojanSpy.Win32.Janet.420,Trojan.Spy.Janet.30,TrojanSpy.Win32.Janet.30;
[McAfee]KeyLog-JanNet;
[F-Prot]security risk or a "backdoor" program;
[Panda]Trj/Spy.Janet.420,Trojan Horse;
[Computer Associates]Win32.Janet.420,Win32/Janet.420!Trojan,Win32/Janet.30!Spy!Trojan

KeyLog.JanNet Symptoms:

Files: [%WINDOWS%]\system\jwin.txt [%WINDOWS%]\system\win2k2.exe [%WINDOWS%]\winlog.dat [%WINDOWS%]\system\jwin.txt [%WINDOWS%]\system\win2k2.exe [%WINDOWS%]\winlog.dat

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Cobfinn Trojan

How To Remove Cobfinn?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Cobfinn is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Cobfinn It also known as:


[Kaspersky]Backdoor.Win32.ShBot.a,Backdoor.Win32.ShBot.b;
[McAfee]BackDoor-CYL;
[Other]Win32/Cobfinn.I,Backdoor.Shellbot,BackDoor-CYL,Win32/Cobfinn.H

Cobfinn Symptoms:

Files: [%WINDOWS%]\system\svchctrl.dll [%WINDOWS%]\system\svchctrl.exe [%WINDOWS%]\system\svchostw.dll [%WINDOWS%]\system\svchostw.exe [%WINDOWS%]\system\svchctrl.dll [%WINDOWS%]\system\svchctrl.exe [%WINDOWS%]\system\svchostw.dll [%WINDOWS%]\system\svchostw.exe

Registry Keys: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellbotr HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellbot

Registry Values: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Stealth.Keylogger Spyware

How To Remove Stealth.Keylogger?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Stealth.Keylogger is dangerous virus:
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

Stealth.Keylogger Symptoms:

Files: [%COMMON_APPDATA%]\SysMon\Logs\TestEmail.xml [%COMMON_APPDATA%]\SysMon\Logs\TestReport.xml [%COMMON_APPDATA%]\WinKey\SystemKeyUninstaller.exe [%APPDATA%]\WinKey\Logs\SysAggregatedLog.xsl [%APPDATA%]\WinKey\Logs\SysAllDaySysApplications.xsl [%APPDATA%]\WinKey\Logs\SysAllDaySysClipboardMonitor.xsl [%APPDATA%]\WinKey\Logs\SysAllDaySysFileMonitor.xsl [%APPDATA%]\WinKey\Logs\SysAllDaySysKeyLogger.xsl [%APPDATA%]\WinKey\Logs\SysAllDaySysMessenger.xsl [%APPDATA%]\WinKey\Logs\SysAllDaySysPrinterMonitor.xsl [%APPDATA%]\WinKey\Logs\SysAllDaySysScreenShot.xsl [%APPDATA%]\WinKey\Logs\SysAllDaySysWeb.xsl [%APPDATA%]\WinKey\Logs\SysApplications.xsl [%APPDATA%]\WinKey\Logs\SysApplications_20061127.xmm [%APPDATA%]\WinKey\Logs\SysClipboardMonitor.xsl [%APPDATA%]\WinKey\Logs\SysClipboardMonitor_20061127.xmm [%APPDATA%]\WinKey\Logs\SysFileMonitor.xsl [%APPDATA%]\WinKey\Logs\SysGlobalLog.xsl [%APPDATA%]\WinKey\Logs\SysKeyLogger.xsl [%APPDATA%]\WinKey\Logs\SysKeyLogger_20061127.xmm [%APPDATA%]\WinKey\Logs\SysMessenger.xsl [%APPDATA%]\WinKey\Logs\Syspict_140420061127.jpg [%APPDATA%]\WinKey\Logs\SysPrinterMonitor.xsl [%APPDATA%]\WinKey\Logs\SysScreenShot.xsl [%APPDATA%]\WinKey\Logs\SysScreenShot_20061127.xmm [%APPDATA%]\WinKey\Logs\SystemKeybk.bmp [%APPDATA%]\WinKey\Logs\SysWeb.xsl [%APPDATA%]\WinKey\Logs\TestEmail.xml [%APPDATA%]\WinKey\SysScrCap.exe [%APPDATA%]\WinKey\SysSMTPSender.exe [%APPDATA%]\WinKey\SystemKey.exe [%APPDATA%]\WinKey\SystemKeyHelp.chm [%APPDATA%]\WinKey\SystemKeyUninstaller.exe [%APPDATA%]\WinKey\WinKey.dll [%APPDATA%]\WinKey\xcacls.exe [%WINDOWS%]\SKUninstaller.exe [%COMMON_APPDATA%]\SysMon\Logs\TestEmail.xml [%COMMON_APPDATA%]\SysMon\Logs\TestReport.xml [%COMMON_APPDATA%]\WinKey\SystemKeyUninstaller.exe [%APPDATA%]\WinKey\Logs\SysAggregatedLog.xsl [%APPDATA%]\WinKey\Logs\SysAllDaySysApplications.xsl [%APPDATA%]\WinKey\Logs\SysAllDaySysClipboardMonitor.xsl [%APPDATA%]\WinKey\Logs\SysAllDaySysFileMonitor.xsl [%APPDATA%]\WinKey\Logs\SysAllDaySysKeyLogger.xsl [%APPDATA%]\WinKey\Logs\SysAllDaySysMessenger.xsl [%APPDATA%]\WinKey\Logs\SysAllDaySysPrinterMonitor.xsl [%APPDATA%]\WinKey\Logs\SysAllDaySysScreenShot.xsl [%APPDATA%]\WinKey\Logs\SysAllDaySysWeb.xsl [%APPDATA%]\WinKey\Logs\SysApplications.xsl [%APPDATA%]\WinKey\Logs\SysApplications_20061127.xmm [%APPDATA%]\WinKey\Logs\SysClipboardMonitor.xsl [%APPDATA%]\WinKey\Logs\SysClipboardMonitor_20061127.xmm [%APPDATA%]\WinKey\Logs\SysFileMonitor.xsl [%APPDATA%]\WinKey\Logs\SysGlobalLog.xsl [%APPDATA%]\WinKey\Logs\SysKeyLogger.xsl [%APPDATA%]\WinKey\Logs\SysKeyLogger_20061127.xmm [%APPDATA%]\WinKey\Logs\SysMessenger.xsl [%APPDATA%]\WinKey\Logs\Syspict_140420061127.jpg [%APPDATA%]\WinKey\Logs\SysPrinterMonitor.xsl [%APPDATA%]\WinKey\Logs\SysScreenShot.xsl [%APPDATA%]\WinKey\Logs\SysScreenShot_20061127.xmm [%APPDATA%]\WinKey\Logs\SystemKeybk.bmp [%APPDATA%]\WinKey\Logs\SysWeb.xsl [%APPDATA%]\WinKey\Logs\TestEmail.xml [%APPDATA%]\WinKey\SysScrCap.exe [%APPDATA%]\WinKey\SysSMTPSender.exe [%APPDATA%]\WinKey\SystemKey.exe [%APPDATA%]\WinKey\SystemKeyHelp.chm [%APPDATA%]\WinKey\SystemKeyUninstaller.exe [%APPDATA%]\WinKey\WinKey.dll [%APPDATA%]\WinKey\xcacls.exe [%WINDOWS%]\SKUninstaller.exe

Folders: [%APPDATA%]\SystemKey [%WINDOWS%]\ASK

Registry Keys: HKEY_LOCAL_MACHINE\software\winkey HKEY_LOCAL_MACHINE\software\ask HKEY_LOCAL_MACHINE\software\systemkey

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Gpcode Trojan

How To Remove Gpcode?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Gpcode is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Gpcode Symptoms:

Registry Values: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Sexy.Hot Dialer

How To Remove Sexy.Hot?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Sexy.Hot is dangerous virus:
A Dialer Program is a program that
uses the computer's modem to dial telephone numbers,
often without the user's knowledge and consent.

Sexy.Hot Symptoms:

Registry Values: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

DyFuCa Internet Optimizer Adware

How To Remove DyFuCa Internet Optimizer?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

DyFuCa Internet Optimizer is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.

DyFuCa Internet Optimizer Symptoms:

Registry Keys: HKEY_CLASSES_ROOT\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

MalwareMonitor Ransomware

How To Remove MalwareMonitor?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

MalwareMonitor is dangerous virus:
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.

If the victim opens/executes the attachment, the program encrypts
a number of files on the victim's computer. A ransom note is then left behind for the victim.

The victim will be unable to open the encrypted files without the correct decryption key.
Once the ransom demanded in the ransom note is paid, the cracker may (or may not)
send the decryption key, enabling decryption of the "kidnapped" files.

MalwareMonitor Symptoms:

Files: [%DESKTOP%]\MalwareMonitor.lnk [%DESKTOP%]\MalwareMonitorSetup.exe [%DESKTOP%]\MalwareMonitor.lnk [%DESKTOP%]\MalwareMonitorSetup.exe

Folders: [%PROGRAMS%]\MalwareMonitor [%PROGRAM_FILES%]\MalwareMonitor

Registry Keys: HKEY_CURRENT_USER\software\malwaremonitor HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\malwaremonitor

Registry Values: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Meredrop Trojan

How To Remove Meredrop?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Meredrop is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Meredrop It also known as:


[Kaspersky]Hoax.Win32.Agent.b;
[Other]ErrorSafe,Trojan:Win32/Meredrop

Meredrop Symptoms:

Files: [%PROGRAM_FILES%]\WinMsg\uinst.exe [%PROGRAM_FILES%]\WinMsg\uinst.exe

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

SillyDl.AQZ Trojan

How To Remove SillyDl.AQZ?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

SillyDl.AQZ is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

SillyDl.AQZ It also known as:


[Kaspersky]Trojan-Downloader.Win32.Agent.xv;
[McAfee]Downloader-AGM;
[Other]Downloader.Trojan,Troj/DownLdr-IO

SillyDl.AQZ Symptoms:

Files: [%PROFILE_TEMP%]\mdm.exe [%PROFILE_TEMP%]\mdm.ex [%PROFILE_TEMP%]\mdm.exe [%PROFILE_TEMP%]\mdm.ex

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

CWS.PayForTraffic.net BHO

How To Remove CWS.PayForTraffic.net?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

CWS.PayForTraffic.net is dangerous virus:
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

CWS.PayForTraffic.net Symptoms:

Files: [%SYSTEM%]\msole.dll [%WINDOWS%]\system\msole.dll [%SYSTEM%]\msole.dll [%WINDOWS%]\system\msole.dll

Registry Keys: HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} HKEY_LOCAL_MACHINE\software\classes\clsid\{98dbbf16-ca43-4c33-be80-99e6694468a4} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

MyNetProtector Trojan

How To Remove MyNetProtector?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

MyNetProtector is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

MyNetProtector Symptoms:

Files: [%DESKTOP%]\mnpantispy.lnk [%DESKTOP%]\mnpassetup001.exe [%PROGRAMS%]\mnpantispy.lnk [%SYSTEM%]\bnssys32.exe [%SYSTEM%]\mnpasuninstall.exe [%SYSTEM%]\nssys32.exe [%DESKTOP%]\mnpantispy.lnk [%DESKTOP%]\mnpassetup001.exe [%PROGRAMS%]\mnpantispy.lnk [%SYSTEM%]\bnssys32.exe [%SYSTEM%]\mnpasuninstall.exe [%SYSTEM%]\nssys32.exe

Folders: [%PROGRAM_FILES%]\mnpantispy

Registry Keys: HKEY_CURRENT_USER\software\mnpantispy HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\mnpantispy

Registry Values: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Refikey Downloader

How To Remove Refikey?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Refikey is dangerous virus:
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

Refikey It also known as:


[Kaspersky]Trojan-Downloader.Win32.Small.dwc;
[McAfee]Generic Downloader;
[Other]Downloader.Trojan,TrojanDownloader:Win32/Small!B129

Refikey Symptoms:

Files: [%PROGRAM_FILES_COMMON%]\commgr32.dll [%PROGRAM_FILES_COMMON%]\commgr32.dll

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

LolaWeb.Winhost Trojan

How To Remove LolaWeb.Winhost?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

LolaWeb.Winhost is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

LolaWeb.Winhost Symptoms:

Registry Values: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Paq.Keylog.Common.Components Spyware

How To Remove Paq.Keylog.Common.Components?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Paq.Keylog.Common.Components is dangerous virus:
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

Paq.Keylog.Common.Components Symptoms:

Files: [%DESKTOP%]\Paq Keylog.lnk [%DESKTOP%]\Paq Keylog.lnk

Registry Keys: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\paq keylog_is1

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

TrojanDownloader.Win32.Lalus Trojan

How To Remove TrojanDownloader.Win32.Lalus?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

TrojanDownloader.Win32.Lalus is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

TrojanDownloader.Win32.Lalus It also known as:


[Panda]Adware/DownloadPlus,Trj/Ratwu.B

TrojanDownloader.Win32.Lalus Symptoms:

Files: [%PROFILE_TEMP%]\msgcenter_lminv1.exe [%PROFILE_TEMP%]\msgcenter_lminv1.exe

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Webmoner Spyware

How To Remove Webmoner?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Webmoner is dangerous virus:
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.

Webmoner Symptoms:

Registry Keys: HKEY_CURRENT_USER\software\nirsoft\mailpassview

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Hacker.ag Adware

How To Remove Hacker.ag?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Hacker.ag is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

Hacker.ag Symptoms:

Files: [%WINDOWS%]\coder.ini [%WINDOWS%]\coder.ini

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

KaZaA Worm

How To Remove KaZaA?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

KaZaA is dangerous virus:
Worms can be classified by installation method, launch method and finally according
to characteristics standard to all malware: polymorphism, stealth etc.

Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.

KaZaA It also known as:


[Panda]Adware/BrilliantDigital,Adware/Medload,Adware/TopMoxie

KaZaA Symptoms:

Files: [%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Launch Kazaa.lnk [%DESKTOP%]\kazaa media desktop.lnk [%DESKTOP%]\kazaa promotions.url [%DESKTOP%]\kazaa shop.lnk [%DESKTOP%]\kazaa shop.url [%DESKTOP%]\Kazaa.lnk [%DESKTOP%]\kazaalite.lnk [%DESKTOP%]\kazaa_setup.exe [%DESKTOP%]\kazza.lnk [%DESKTOP%]\kli.lnk [%DESKTOP%]\kza.lnk [%DESKTOP%]\my shared folder.lnk [%DESKTOP%]\my shared folder.url [%DESKTOP%]\play poker now!.lnk [%DESKTOP%]\your free casino chips!.lnk [%PROFILE%]\administrator\start menu\programs\altnet\peer points manager.lnk [%PROFILE_TEMP%]\altnet\adm25.dll [%PROFILE_TEMP%]\altnet\admdata.dll [%PROFILE_TEMP%]\altnet\admdloader.dll [%PROFILE_TEMP%]\altnet\admfdi.dll [%PROFILE_TEMP%]\altnet\atl.dll [%PROFILE_TEMP%]\altnet\msvcirt.dll [%PROFILE_TEMP%]\altnet\setup.exe [%PROFILE_TEMP%]\p2psetup.exe [%PROGRAMS%]\kazaa media desktop\kazaa media desktop.lnk [%PROGRAMS%]\kazaa.lnk [%PROGRAMS%]\kazaaliyr.lnk [%PROGRAMS%]\kza.lnk [%SYSTEM%]\bifq5x5n.exe [%SYSTEM%]\cd_clint.dll [%SYSTEM%]\irqy.exe [%SYSTEM%]\marshal.dll [%SYSTEM%]\p2p networking v125.cpl [%SYSTEM%]\p2pnetworking.exe [%WINDOWS%]\cache371\b_371_0_1_586300.htm [%WINDOWS%]\cache371\b_371_0_1_589300.htm [%WINDOWS%]\cache371\b_371_0_1_589500.htm [%WINDOWS%]\cache371\b_371_0_1_589600.htm [%WINDOWS%]\cache371\b_371_0_1_591900.htm [%WINDOWS%]\cache371\b_371_0_1_592000.htm [%WINDOWS%]\cache371\b_371_0_1_592200.htm [%WINDOWS%]\cache371\b_371_0_1_646000.htm [%WINDOWS%]\cache371\b_371_0_1_648100.htm [%WINDOWS%]\cache371\b_371_0_1_664000.htm [%WINDOWS%]\cache371\b_371_0_1_668500.htm [%WINDOWS%]\cache371\b_371_0_1_737400.htm [%WINDOWS%]\cache371\b_371_0_1_775900.htm [%WINDOWS%]\cache371\b_371_0_1_794100.htm [%WINDOWS%]\cache371\b_371_2_1_536000.htm [%WINDOWS%]\cache371\b_371_2_1_566600.htm [%WINDOWS%]\cache371\b_371_2_1_567900.htm [%WINDOWS%]\cache371\b_371_2_1_574200.htm [%WINDOWS%]\cache371\b_371_2_1_576200.htm [%WINDOWS%]\cache371\b_371_2_1_577800.htm [%WINDOWS%]\cache371\b_371_2_1_593200.htm [%WINDOWS%]\cache371\b_371_2_1_635400.htm [%WINDOWS%]\cache371\b_371_2_1_649800.htm [%WINDOWS%]\cache371\b_371_2_1_655600.htm [%WINDOWS%]\cache371\b_371_2_1_662100.htm [%WINDOWS%]\cache371\b_371_2_1_663900.htm [%WINDOWS%]\cache371\b_371_2_1_667100.htm [%WINDOWS%]\cache371\b_371_2_1_738900.htm [%WINDOWS%]\cache371\b_371_2_1_739900.htm [%WINDOWS%]\cache371\b_371_2_1_746100.htm [%WINDOWS%]\cache371\b_371_2_1_755100.htm [%WINDOWS%]\cache371\b_371_2_1_755600.htm [%WINDOWS%]\cache371\b_371_2_1_756100.htm [%WINDOWS%]\cache371\b_371_2_1_775400.htm [%WINDOWS%]\cache371\b_371_2_1_777800.htm [%WINDOWS%]\cache371\b_371_2_2_568100.htm [%WINDOWS%]\cache371\b_371_2_2_570100.htm [%WINDOWS%]\cache371\b_371_2_2_572300.htm [%WINDOWS%]\cache371\b_371_2_2_573900.htm [%WINDOWS%]\cache371\b_371_2_2_576000.htm [%WINDOWS%]\cache371\b_371_2_2_649600.htm [%WINDOWS%]\cache371\b_371_2_2_703900.htm [%WINDOWS%]\cache371\b_371_2_2_712000.htm [%WINDOWS%]\cache371\b_371_2_2_730800.htm [%WINDOWS%]\cache371\b_371_2_2_731300.htm [%WINDOWS%]\cache371\b_371_2_2_778600.htm [%WINDOWS%]\cache371\b_371_2_3_519700.htm [%WINDOWS%]\cache371\b_371_2_3_532200.htm [%WINDOWS%]\cache371\b_371_2_3_558300.htm [%WINDOWS%]\cache371\b_371_2_3_563900.htm [%WINDOWS%]\cache371\b_371_2_3_588100.htm [%WINDOWS%]\cache371\b_371_2_3_642300.htm [%WINDOWS%]\cache371\b_371_2_3_670700.htm [%WINDOWS%]\cache371\b_371_2_3_679500.htm [%WINDOWS%]\cache371\b_371_2_3_778600.htm [%WINDOWS%]\cache371\b_500600.htm [%WINDOWS%]\cache371\b_501000.htm [%WINDOWS%]\cache371\b_525900.htm [%WINDOWS%]\cache371\b_604700.htm [%WINDOWS%]\cache371\b_605600.htm [%WINDOWS%]\cache371\b_605800.htm [%WINDOWS%]\cache371\b_647400.htm [%WINDOWS%]\cache371\b_647800.htm [%WINDOWS%]\cache371\b_670300.htm [%WINDOWS%]\cache371\b_727700.htm [%WINDOWS%]\cache371\b_743700.htm [%WINDOWS%]\cache371\b_753400.htm [%WINDOWS%]\cache371\b_754300.htm [%WINDOWS%]\cache371\b_775700.htm [%WINDOWS%]\cache371\b_790700.htm [%WINDOWS%]\cache371\t_b_371_0_1_591900.htm [%WINDOWS%]\cache371\t_b_371_0_1_592000.htm [%WINDOWS%]\cache371\t_b_371_0_1_592200.htm [%WINDOWS%]\cache371\t_b_371_2_1_574200.htm [%WINDOWS%]\cache371\t_b_371_2_1_576200.htm [%WINDOWS%]\cache371\t_b_371_2_1_635400.htm [%WINDOWS%]\cache371\t_b_371_2_1_662100.htm [%WINDOWS%]\cache371\t_b_371_2_1_775400.htm [%WINDOWS%]\cache371\t_b_371_2_2_712000.htm [%WINDOWS%]\cache371\t_b_371_2_2_778600.htm [%WINDOWS%]\cache371\t_b_371_2_3_558300.htm [%WINDOWS%]\cache371\t_b_371_2_3_642300.htm [%WINDOWS%]\cache371\t_b_500600.htm [%WINDOWS%]\cache371\t_b_525900.htm [%WINDOWS%]\cache371\t_b_604700.htm [%WINDOWS%]\cache371\t_b_647400.htm [%WINDOWS%]\cache371\t_b_647800.htm [%WINDOWS%]\cache371\t_b_670300.htm [%WINDOWS%]\cache371\t_b_727700.htm [%WINDOWS%]\cache371\t_b_743700.htm [%WINDOWS%]\cache371\t_b_753400.htm [%WINDOWS%]\cache371\t_b_754300.htm [%WINDOWS%]\cache371\t_b_775700.htm [%WINDOWS%]\cache371\t_b_790700.htm [%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Launch Kazaa.lnk [%DESKTOP%]\kazaa media desktop.lnk [%DESKTOP%]\kazaa promotions.url [%DESKTOP%]\kazaa shop.lnk [%DESKTOP%]\kazaa shop.url [%DESKTOP%]\Kazaa.lnk [%DESKTOP%]\kazaalite.lnk [%DESKTOP%]\kazaa_setup.exe [%DESKTOP%]\kazza.lnk [%DESKTOP%]\kli.lnk [%DESKTOP%]\kza.lnk [%DESKTOP%]\my shared folder.lnk [%DESKTOP%]\my shared folder.url [%DESKTOP%]\play poker now!.lnk [%DESKTOP%]\your free casino chips!.lnk [%PROFILE%]\administrator\start menu\programs\altnet\peer points manager.lnk [%PROFILE_TEMP%]\altnet\adm25.dll [%PROFILE_TEMP%]\altnet\admdata.dll [%PROFILE_TEMP%]\altnet\admdloader.dll [%PROFILE_TEMP%]\altnet\admfdi.dll [%PROFILE_TEMP%]\altnet\atl.dll [%PROFILE_TEMP%]\altnet\msvcirt.dll [%PROFILE_TEMP%]\altnet\setup.exe [%PROFILE_TEMP%]\p2psetup.exe [%PROGRAMS%]\kazaa media desktop\kazaa media desktop.lnk [%PROGRAMS%]\kazaa.lnk [%PROGRAMS%]\kazaaliyr.lnk [%PROGRAMS%]\kza.lnk [%SYSTEM%]\bifq5x5n.exe [%SYSTEM%]\cd_clint.dll [%SYSTEM%]\irqy.exe [%SYSTEM%]\marshal.dll [%SYSTEM%]\p2p networking v125.cpl [%SYSTEM%]\p2pnetworking.exe [%WINDOWS%]\cache371\b_371_0_1_586300.htm [%WINDOWS%]\cache371\b_371_0_1_589300.htm [%WINDOWS%]\cache371\b_371_0_1_589500.htm [%WINDOWS%]\cache371\b_371_0_1_589600.htm [%WINDOWS%]\cache371\b_371_0_1_591900.htm [%WINDOWS%]\cache371\b_371_0_1_592000.htm [%WINDOWS%]\cache371\b_371_0_1_592200.htm [%WINDOWS%]\cache371\b_371_0_1_646000.htm [%WINDOWS%]\cache371\b_371_0_1_648100.htm [%WINDOWS%]\cache371\b_371_0_1_664000.htm [%WINDOWS%]\cache371\b_371_0_1_668500.htm [%WINDOWS%]\cache371\b_371_0_1_737400.htm [%WINDOWS%]\cache371\b_371_0_1_775900.htm [%WINDOWS%]\cache371\b_371_0_1_794100.htm [%WINDOWS%]\cache371\b_371_2_1_536000.htm [%WINDOWS%]\cache371\b_371_2_1_566600.htm [%WINDOWS%]\cache371\b_371_2_1_567900.htm [%WINDOWS%]\cache371\b_371_2_1_574200.htm [%WINDOWS%]\cache371\b_371_2_1_576200.htm [%WINDOWS%]\cache371\b_371_2_1_577800.htm [%WINDOWS%]\cache371\b_371_2_1_593200.htm [%WINDOWS%]\cache371\b_371_2_1_635400.htm [%WINDOWS%]\cache371\b_371_2_1_649800.htm [%WINDOWS%]\cache371\b_371_2_1_655600.htm [%WINDOWS%]\cache371\b_371_2_1_662100.htm [%WINDOWS%]\cache371\b_371_2_1_663900.htm [%WINDOWS%]\cache371\b_371_2_1_667100.htm [%WINDOWS%]\cache371\b_371_2_1_738900.htm [%WINDOWS%]\cache371\b_371_2_1_739900.htm [%WINDOWS%]\cache371\b_371_2_1_746100.htm [%WINDOWS%]\cache371\b_371_2_1_755100.htm [%WINDOWS%]\cache371\b_371_2_1_755600.htm [%WINDOWS%]\cache371\b_371_2_1_756100.htm [%WINDOWS%]\cache371\b_371_2_1_775400.htm [%WINDOWS%]\cache371\b_371_2_1_777800.htm [%WINDOWS%]\cache371\b_371_2_2_568100.htm [%WINDOWS%]\cache371\b_371_2_2_570100.htm [%WINDOWS%]\cache371\b_371_2_2_572300.htm [%WINDOWS%]\cache371\b_371_2_2_573900.htm [%WINDOWS%]\cache371\b_371_2_2_576000.htm [%WINDOWS%]\cache371\b_371_2_2_649600.htm [%WINDOWS%]\cache371\b_371_2_2_703900.htm [%WINDOWS%]\cache371\b_371_2_2_712000.htm [%WINDOWS%]\cache371\b_371_2_2_730800.htm [%WINDOWS%]\cache371\b_371_2_2_731300.htm [%WINDOWS%]\cache371\b_371_2_2_778600.htm [%WINDOWS%]\cache371\b_371_2_3_519700.htm [%WINDOWS%]\cache371\b_371_2_3_532200.htm [%WINDOWS%]\cache371\b_371_2_3_558300.htm [%WINDOWS%]\cache371\b_371_2_3_563900.htm [%WINDOWS%]\cache371\b_371_2_3_588100.htm [%WINDOWS%]\cache371\b_371_2_3_642300.htm [%WINDOWS%]\cache371\b_371_2_3_670700.htm [%WINDOWS%]\cache371\b_371_2_3_679500.htm [%WINDOWS%]\cache371\b_371_2_3_778600.htm [%WINDOWS%]\cache371\b_500600.htm [%WINDOWS%]\cache371\b_501000.htm [%WINDOWS%]\cache371\b_525900.htm [%WINDOWS%]\cache371\b_604700.htm [%WINDOWS%]\cache371\b_605600.htm [%WINDOWS%]\cache371\b_605800.htm [%WINDOWS%]\cache371\b_647400.htm [%WINDOWS%]\cache371\b_647800.htm [%WINDOWS%]\cache371\b_670300.htm [%WINDOWS%]\cache371\b_727700.htm [%WINDOWS%]\cache371\b_743700.htm [%WINDOWS%]\cache371\b_753400.htm [%WINDOWS%]\cache371\b_754300.htm [%WINDOWS%]\cache371\b_775700.htm [%WINDOWS%]\cache371\b_790700.htm [%WINDOWS%]\cache371\t_b_371_0_1_591900.htm [%WINDOWS%]\cache371\t_b_371_0_1_592000.htm [%WINDOWS%]\cache371\t_b_371_0_1_592200.htm [%WINDOWS%]\cache371\t_b_371_2_1_574200.htm [%WINDOWS%]\cache371\t_b_371_2_1_576200.htm [%WINDOWS%]\cache371\t_b_371_2_1_635400.htm [%WINDOWS%]\cache371\t_b_371_2_1_662100.htm [%WINDOWS%]\cache371\t_b_371_2_1_775400.htm [%WINDOWS%]\cache371\t_b_371_2_2_712000.htm [%WINDOWS%]\cache371\t_b_371_2_2_778600.htm [%WINDOWS%]\cache371\t_b_371_2_3_558300.htm [%WINDOWS%]\cache371\t_b_371_2_3_642300.htm [%WINDOWS%]\cache371\t_b_500600.htm [%WINDOWS%]\cache371\t_b_525900.htm [%WINDOWS%]\cache371\t_b_604700.htm [%WINDOWS%]\cache371\t_b_647400.htm [%WINDOWS%]\cache371\t_b_647800.htm [%WINDOWS%]\cache371\t_b_670300.htm [%WINDOWS%]\cache371\t_b_727700.htm [%WINDOWS%]\cache371\t_b_743700.htm [%WINDOWS%]\cache371\t_b_753400.htm [%WINDOWS%]\cache371\t_b_754300.htm [%WINDOWS%]\cache371\t_b_775700.htm [%WINDOWS%]\cache371\t_b_790700.htm

Folders: [%PROFILE%]\start menu\programs\kazaa media desktop [%PROFILE_TEMP%]\admcache [%PROGRAMS%]\kazaa [%PROGRAM_FILES%]\kazaa [%WINDOWS%]\browserxtras\pn [%WINDOWS%]\cache329

Registry Keys: HKEY_CLASSES_ROOT\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76} HKEY_CLASSES_ROOT\clsid\{726c99d0-50c5-404f-9efd-7b2834dfed50} HKEY_CLASSES_ROOT\clsid\{f78b32d6-d6d8-4137-a18f-91ebe1a4aedb} HKEY_CURRENT_USER\software\kazaa HKEY_CURRENT_USER\software\kazaa tmp 0 HKEY_LOCAL_MACHINE\software\classes\adm.adm HKEY_LOCAL_MACHINE\software\classes\adm.adm.1 HKEY_LOCAL_MACHINE\software\classes\adm25.adm25 HKEY_LOCAL_MACHINE\software\classes\adm25.adm25.1 HKEY_LOCAL_MACHINE\software\classes\adm4.adm4 HKEY_LOCAL_MACHINE\software\classes\adm4.adm4.1 HKEY_LOCAL_MACHINE\software\classes\appid\{8b0fef15-54dc-49f5-8377-8172de975f75} HKEY_LOCAL_MACHINE\software\classes\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62} HKEY_LOCAL_MACHINE\software\classes\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76} HKEY_LOCAL_MACHINE\software\classes\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0} HKEY_LOCAL_MACHINE\software\classes\jcde_stack HKEY_LOCAL_MACHINE\software\classes\jcde_stack.1 HKEY_LOCAL_MACHINE\software\classes\signingmodule.signingmodule HKEY_LOCAL_MACHINE\software\classes\signingmodule.signingmodule.1 HKEY_LOCAL_MACHINE\software\classes\webp2pinstaller.installer HKEY_LOCAL_MACHINE\software\classes\webp2pinstaller.installer.1 HKEY_LOCAL_MACHINE\software\kazaa HKEY_LOCAL_MACHINE\software\lcaleb HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\kazaa HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\kza HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\kazaa HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\kli HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\kza HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{01083175-01cc-42aa-9090-81dd0f88f28f} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{38c76428-6c9c-4cc6-b747-3ab6a4770225} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{726c99d0-50c5-404f-9efd-7b2834dfed50} HKEY_LOCAL_MACHINE\software\sharman networks ltd

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{548d52a1-5620-4c11-8fa7-b95404fd9fcd} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{548d52a1-5620-4c11-8fa7-b95404fd9fcd} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{548d52a1-5620-4c11-8fa7-b95404fd9fcd} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{548d52a1-5620-4c11-8fa7-b95404fd9fcd} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{548d52a1-5620-4c11-8fa7-b95404fd9fcd} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{548d52a1-5620-4c11-8fa7-b95404fd9fcd} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{548d52a1-5620-4c11-8fa7-b95404fd9fcd} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{548d52a1-5620-4c11-8fa7-b95404fd9fcd} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{548d52a1-5620-4c11-8fa7-b95404fd9fcd} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{548d52a1-5620-4c11-8fa7-b95404fd9fcd}

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

WebD Trojan

How To Remove WebD?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

WebD is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

WebD Symptoms:

Files: [%WINDOWS%]\webd.exe [%WINDOWS%]\webd.exe

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Swaptor Worm

How To Remove Swaptor?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Swaptor is dangerous virus:
Worms can be classified by installation method, launch method and finally according
to characteristics standard to all malware: polymorphism, stealth etc.

Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.

Swaptor Symptoms:

Files: [%PROGRAMS%]\swaptor\swaptor.lnk [%PROGRAMS%]\swaptor\swaptor.lnk

Folders: [%DESKTOP%]\swaptor.lnk [%PROFILE%]\start menu\programs\swaptor [%PROGRAM_FILES%]\swaptor

Registry Keys: HKEY_CURRENT_USER\software\filenavigator_26 HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\swaptor HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\swaptor HKEY_LOCAL_MACHINE\software\swaptor HKEY_LOCAL_MACHINE\software\wise solutions\wise installation system\repair\[%PROGRAM_FILES%]\swaptor\install.log

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

FixThemNow Ransomware

How To Remove FixThemNow?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

FixThemNow is dangerous virus:
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe software that encrypts the data
belonging to an individual on a computer, demanding a ransom for its restoration.
Although the field known as cryptovirology predates the term "ransomware".

FixThemNow Symptoms:

Files: [%DESKTOP%]\FixThemNow.lnk [%PROFILE_TEMP%]\NI.UGES_0001_N122M2111\settings.ini [%PROFILE_TEMP%]\NI.UGES_0001_N122M2111\setup.exe [%PROFILE_TEMP%]\NI.UGES_0001_N122M2111\setup.len [%DESKTOP%]\FixThemNow.lnk [%PROFILE_TEMP%]\NI.UGES_0001_N122M2111\settings.ini [%PROFILE_TEMP%]\NI.UGES_0001_N122M2111\setup.exe [%PROFILE_TEMP%]\NI.UGES_0001_N122M2111\setup.len

Folders: [%APPDATA%]\fixthemnow\Data [%COMMON_PROGRAMS%]\FixThemNow [%PROGRAM_FILES%]\FixThemNow [%PROGRAM_FILES_COMMON%]\FixThemNow

Registry Keys: HKEY_CURRENT_USER\software\fixthemnow

Registry Values: HKEY_LOCAL_MACHINE\software\fixthemnow HKEY_LOCAL_MACHINE\software\fixthemnow HKEY_LOCAL_MACHINE\software\fixthemnow HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Exploider Adware

How To Remove Exploider?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Exploider is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

Exploider Symptoms:

Files: [%WINDOWS%]\shchost.exe [%WINDOWS%]\shchost.exe

Registry Values: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

SearchPack Adware

How To Remove SearchPack?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

SearchPack is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

SearchPack Symptoms:

Files: [%PROGRAM_FILES%]\SPack\SearchWebUpdater.exe [%PROGRAM_FILES%]\SPack\SearchWebUpdater.exe

Folders: [%PROGRAM_FILES%]\SPack

Registry Keys: HKEY_CLASSES_ROOT\CLSID\{B7DB0D67-19DB-4999-A9B7-70012FB7A573} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B7DB0D67-19DB-4999-A9B7-70012FB7A573}

Registry Values: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

ElitemediaPop Adware

How To Remove ElitemediaPop?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

ElitemediaPop is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

ElitemediaPop Symptoms:

Files: [%WINDOWS%]\unstall.exe [%WINDOWS%]\unstall.exe

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Trojan Guarder Gold Adware

How To Remove Trojan Guarder Gold?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Trojan Guarder Gold is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Trojan Guarder Gold Symptoms:

Files: [%COMMON_STARTUP%]\Trojan Guarder Gold Version.lnk [%COMMON_STARTUP%]\Trojan Guarder Gold Version.lnk

Folders: [%PROGRAM_FILES%]\Trojan Guarder Gold Version

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

TrojanDownloader.Win32.Turown Hijacker

How To Remove TrojanDownloader.Win32.Turown?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

TrojanDownloader.Win32.Turown is dangerous virus:
When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

TrojanDownloader.Win32.Turown It also known as:


[Kaspersky]TrojanDownloader.Win32.Turown.c;
[Panda]Adware/IEDriver;
[Computer Associates]Win32.Startpage.AY,Win32.Startpage.JK!downloader,Win32/SearchBar.A!Trojan,Win32/SearchBar.sb!Downloader

TrojanDownloader.Win32.Turown Symptoms:

Files: [%PROFILE_TEMP%]\ckz3f3b55cc\Files\vi.tty [%SYSTEM%]\sub.dll [%PROFILE_TEMP%]\ckz3f3b55cc\Files\vi.tty [%SYSTEM%]\sub.dll

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Quick.Launch Spyware

How To Remove Quick.Launch?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Quick.Launch is dangerous virus:
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

Quick.Launch Symptoms:

Files: [%DESKTOP%]\Quick Launch.lnk [%DESKTOP%]\Quick Launch.lnk

Folders: [%PROGRAM_FILES%]\Quick Launch [%PROGRAMS%]\Quick Launch

Registry Keys: HKEY_CURRENT_USER\software\local appwizard-generated applications\keystroke HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\quick launch shortcut_is1

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Delf Trojan

How To Remove Delf?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Delf is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.
DoS trojans conduct attacks from a single computer with the consent of the user.

Delf It also known as:


[Kaspersky]Backdoor.Delf.u,Backdoor.Delf.k,Trojan-Clicker.Win32.Delf.ha,Trojan-Clicker.Win32.Delf.gw,Trojan-Dropper.Win32.Delf.gd,Trojan-PWS.Win32.Delf.lc,Trojan-Spy.Win32.Delf.nt,Trojan-Downloader.Win32.Delf.kc,Trojan-Downloader.Win32.Delf.vm,Trojan-PSW.Win32.Delf.qx,Trojan-Dropper.Win32.Delf.aea,Trojan-Downloader.Win32.Delf.axx,Trojan-Downloader.Win32.Delf.bge,Backdoor.Win32.Delf.aom,Trojan-Downloader.Win32.Delf.cty,Trojan.Generic;
[Eset]Win32/Delf.GR trojan,Win32/Netso.A trojan,Win32/Delf.GE trojan,Win32/Delf.IF trojan,Win32/Delf.JO trojan,Win32/Delf.AJ trojan,Win32/Delf.IU trojan,Win32/Delf.AB trojan,Win32/Delf.G trojan,Win32/Delf.I trojan,Win32/Delf.J trojan,Win32/Delf.L trojan,Win32/Delf.CO trojan;
[McAfee]BackDoor-SY,The-CID,BackDoor-ARR.dr,Downloader-AWI,Generic Downloader.c,Generic PWS,Generic BackDoor;
[F-Prot]security risk or a "backdoor" program,W32/Dropper.WJ,W32/Downloader2.DUS,W32/Dropper.EMO,W32/Downloader.CFYE,W32/Downldr2.AIIS;
[Panda]Backdoor Program,Bck/Delf.K,Backdoor Program.LC,Trojan Horse.LC,Trj/Delf.T,Trj/Downloader.JE,Trojan Horse,Trj/PSW.Delf.D.dll,Trj/PSW.Delf,Trj/PSW.Delf.b,Trj/Lineage.DNW;
[Computer Associates]Backdoor/Carved,Win32.Carved,Backdoor/Delf.K,Backdoor/Delf.GR,Backdoor/Delf.gr!Server,Backdoor/Delf.GU,Backdoor/Delf.GZ,Backdoor/Delf.GE!Server,Backdoor/Delf,Backdoor/Delf!Server,Backdoor/Delf.JQ,Win32/Delf.AM!Trojan,Win32/Delf.AJ!Trojan,Win32/Delf.AK!Trojan,Win32/Delf.m!Spy!Trojan,Win32/Delf.AL!Downloader,Backdoor/Delf.IU,Win32/Delf.BB!PWS!Trojan,Backdoor/Delf.AB,Backdoor/Delf.g,Backdoor/Delf.i,Backdoor/Delf.j,Backdoor/Delf.JP,Win32/Delf.D!PWS!Trojan,Win32/Delf.V!Trojan,Win32/Delf.t!Spy!Trojan,Win32/Delf.O!PWS!Trojan,Backdoor/Delf.l,Win32/Delf.AI!PWS!Trojan,Win32/Delf.B!PWS!Trojan,Win32/Delf.V!Joiner,Backdoor/Delf.A,Win32.Mite,Win32/Notifier.Delf.d!Trojan;
[Other]-Managers DEMO,W32/DLoader.BJEV,Troj/Delf-DXK,Generic Delphi,Troj/Delf-DVK,W32/Delf.LWF,W32/Delf.NJJ,W32/Delf.AFFJ,W32/DLoader.OKP,W32/Delf.AHPH,Trojan:Win32/Delf.B,TROJ_DELF.GUE,Trojan.Dropper,Troj/Maran-Gen,Downloader.Delf.bge,W32/Malware.LYY,TROJ_DELF.EYN,W32/Delf.AIAY,Backdoor.Trojan,W32/Delf.AZWL.dropper,Mal/DelpDldr-B,W32.Pifio,TROJ_DELF.NPF,W32/Malware

Delf Symptoms:

Files: [%SYSTEM%]\kf1media.dll [%SYSTEM%]\pathname.dll [%WINDOWS%]\crat.dll [%PROFILE_TEMP%]\cy.dll [%PROFILE_TEMP%]\cy.exe [%PROFILE_TEMP%]\Haif1-20.jpg [%PROFILE_TEMP%]\MyPic.exe [%PROFILE_TEMP%]\RAVWM.EXE [%PROFILE_TEMP%]\wmptool.exe [%SYSTEM%]\DirectX10.dll [%SYSTEM%]\drivers\8761CCDC.sys [%SYSTEM%]\gdmoyi32.dll [%SYSTEM%]\gdmsi32.dll [%SYSTEM%]\gdwli32.dll [%SYSTEM%]\hursax.dll [%SYSTEM%]\kawdeaz.exe [%SYSTEM%]\kawdezy.dll [%SYSTEM%]\KVBatch01.dll [%SYSTEM%]\kvdxjis.exe [%SYSTEM%]\kvdxjma.dll [%SYSTEM%]\kvdxsiis.exe [%SYSTEM%]\kvdxsima.dll [%SYSTEM%]\pathname.exe [%SYSTEM%]\ratbjpi.dll [%SYSTEM%]\ratbjtl.exe [%SYSTEM%]\RAVWM429.dll [%SYSTEM%]\sidjdaz.exe [%SYSTEM%]\sidjdzy.dll [%SYSTEM%]\videodevice.dll [%SYSTEM%]\ziouhx.dll [%WINDOWS%]\49400WL.DLL [%WINDOWS%]\Fonts\ardaase.fon [%WINDOWS%]\Fonts\ardasase.fon [%WINDOWS%]\Fonts\cadaafx.fon [%WINDOWS%]\Fonts\chtiaur.fon [%WINDOWS%]\Fonts\enweafx.fon [%WINDOWS%]\Fonts\kawdecs.dll [%WINDOWS%]\Fonts\kvdxjcf.dll [%WINDOWS%]\Fonts\kvdxsicf.dll [%WINDOWS%]\Fonts\ratbjni.dll [%WINDOWS%]\Fonts\sidjdcs.dll [%WINDOWS%]\videoarchivio[1].exe [%WINDOWS%]\wmptool.exe [%SYSTEM%]\kf1media.dll [%SYSTEM%]\pathname.dll [%WINDOWS%]\crat.dll [%PROFILE_TEMP%]\cy.dll [%PROFILE_TEMP%]\cy.exe [%PROFILE_TEMP%]\Haif1-20.jpg [%PROFILE_TEMP%]\MyPic.exe [%PROFILE_TEMP%]\RAVWM.EXE [%PROFILE_TEMP%]\wmptool.exe [%SYSTEM%]\DirectX10.dll [%SYSTEM%]\drivers\8761CCDC.sys [%SYSTEM%]\gdmoyi32.dll [%SYSTEM%]\gdmsi32.dll [%SYSTEM%]\gdwli32.dll [%SYSTEM%]\hursax.dll [%SYSTEM%]\kawdeaz.exe [%SYSTEM%]\kawdezy.dll [%SYSTEM%]\KVBatch01.dll [%SYSTEM%]\kvdxjis.exe [%SYSTEM%]\kvdxjma.dll [%SYSTEM%]\kvdxsiis.exe [%SYSTEM%]\kvdxsima.dll [%SYSTEM%]\pathname.exe [%SYSTEM%]\ratbjpi.dll [%SYSTEM%]\ratbjtl.exe [%SYSTEM%]\RAVWM429.dll [%SYSTEM%]\sidjdaz.exe [%SYSTEM%]\sidjdzy.dll [%SYSTEM%]\videodevice.dll [%SYSTEM%]\ziouhx.dll [%WINDOWS%]\49400WL.DLL [%WINDOWS%]\Fonts\ardaase.fon [%WINDOWS%]\Fonts\ardasase.fon [%WINDOWS%]\Fonts\cadaafx.fon [%WINDOWS%]\Fonts\chtiaur.fon [%WINDOWS%]\Fonts\enweafx.fon [%WINDOWS%]\Fonts\kawdecs.dll [%WINDOWS%]\Fonts\kvdxjcf.dll [%WINDOWS%]\Fonts\kvdxsicf.dll [%WINDOWS%]\Fonts\ratbjni.dll [%WINDOWS%]\Fonts\sidjdcs.dll [%WINDOWS%]\videoarchivio[1].exe [%WINDOWS%]\wmptool.exe

Registry Keys: HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_pcidown HKEY_LOCAL_MACHINE\system\currentcontrolset\services\pcidown HKEY_CLASSES_ROOT\clsid\{09f8a0eb-ed61-4714-b0ad-7eaff5361a8b} HKEY_CLASSES_ROOT\clsid\{48847374-8323-fadc-b443-4732abcd3784} HKEY_CLASSES_ROOT\clsid\{58907901-1416-3389-9981-372178569985} HKEY_CLASSES_ROOT\clsid\{9d561258-45f3-a451-f908-a258458226d9} HKEY_CLASSES_ROOT\clsid\{a12c8d43-ac10-4c17-9136-e3e2fc9b3d21} HKEY_CLASSES_ROOT\clsid\{a6650011-3344-6688-4899-345fabcd156a} HKEY_CLASSES_ROOT\clsid\{ac87a354-abc3-dede-ff33-3213fd7447ca} HKEY_CLASSES_ROOT\clsid\{c51c4afb-8a3a-6c1e-ba41-c20f02940603} HKEY_CLASSES_ROOT\clsid\{f2cea371-1442-4f42-900f-97c479f406db} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{fad11f89-f11e-4a15-92fb-6f0edc4c8d59}

Registry Values: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

RegistrySmart Ransomware

How To Remove RegistrySmart?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

RegistrySmart is dangerous virus:
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe software that encrypts the data
belonging to an individual on a computer, demanding a ransom for its restoration.
Although the field known as cryptovirology predates the term "ransomware".

RegistrySmart Symptoms:

Files: [%COMMON_DESKTOPDIRECTORY%]\RegistrySmart.lnk [%DESKTOP%]\RegistrySmart.lnk [%COMMON_DESKTOPDIRECTORY%]\RegistrySmart.lnk [%DESKTOP%]\RegistrySmart.lnk

Folders: [%APPDATA%]\RegistrySmart [%COMMON_PROGRAMS%]\RegistrySmart [%PROGRAMS%]\RegistrySmart [%PROGRAM_FILES%]\RegistrySmart

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

GloboSearch Trojan

How To Remove GloboSearch?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

GloboSearch is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

GloboSearch Symptoms:

Files: [%SYSTEM%]\popup_bl.dll [%SYSTEM%]\systr.dll [%SYSTEM%]\popup_bl.dll [%SYSTEM%]\systr.dll

Registry Keys: HKEY_CLASSES_ROOT\clsid\{28f65fcb-d130-11d8-ba48-8be0c49af370} HKEY_CLASSES_ROOT\clsid\{cf70455e-edc1-4067-b824-cd0314bc3b2e} HKEY_CLASSES_ROOT\interface\{05aae5e5-47a1-4f65-8c32-8913ead54dbf} HKEY_CLASSES_ROOT\interface\{28f65fca-d130-11d8-ba48-8be0c49af370} HKEY_CLASSES_ROOT\interface\{a77bd0a1-a8fa-48c0-8fff-5a4ddcad4581} HKEY_CLASSES_ROOT\popup_bl.bl HKEY_CLASSES_ROOT\popup_bl.bl.1 HKEY_CLASSES_ROOT\popup_bl.onclick HKEY_CLASSES_ROOT\popup_bl.onclick.1 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{28f65fcb-d130-11d8-ba48-8be0c49af370}

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Farmmext Adware

How To Remove Farmmext?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Farmmext is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Farmmext It also known as:


[Kaspersky]Trojan-Downloader.Win32.Stubby.c;
[Panda]Adware/IPInsight;
[Computer Associates]Win32.SillyDl.DG,Win32/SillyDl.69632!Trojan

Farmmext Symptoms:

Files: [%PROFILE_TEMP%]\farmmext.inf [%PROFILE_TEMP%]\THI11CA.tmp\farmmext.inf [%PROFILE_TEMP%]\THI11CA.tmp\farmmext.ini [%PROFILE_TEMP%]\THI1276.tmp\farmmext.inf [%PROFILE_TEMP%]\THI1276.tmp\farmmext.ini [%PROFILE_TEMP%]\THI12B9.tmp\farmmext.inf [%PROFILE_TEMP%]\THI12B9.tmp\farmmext.ini [%PROFILE_TEMP%]\THI13B.tmp\farmmext.inf [%PROFILE_TEMP%]\THI13B.tmp\farmmext.ini [%PROFILE_TEMP%]\THI1639.tmp\farmmext.inf [%PROFILE_TEMP%]\THI1639.tmp\farmmext.ini [%PROFILE_TEMP%]\THI17A7.tmp\farmmext.inf [%PROFILE_TEMP%]\THI17A7.tmp\farmmext.ini [%PROFILE_TEMP%]\THI195B.tmp\farmmext.inf [%PROFILE_TEMP%]\THI195B.tmp\farmmext.ini [%PROFILE_TEMP%]\THI1A7E.tmp\farmmext.inf [%PROFILE_TEMP%]\THI1A7E.tmp\farmmext.ini [%PROFILE_TEMP%]\THI1B0.tmp\farmmext.inf [%PROFILE_TEMP%]\THI1B0.tmp\farmmext.ini [%PROFILE_TEMP%]\THI1B0E.tmp\farmmext.inf [%PROFILE_TEMP%]\THI1B0E.tmp\farmmext.ini [%PROFILE_TEMP%]\THI1C40.tmp\farmmext.inf [%PROFILE_TEMP%]\THI1C40.tmp\farmmext.ini [%PROFILE_TEMP%]\THI1C48.tmp\farmmext.inf [%PROFILE_TEMP%]\THI1C48.tmp\farmmext.ini [%PROFILE_TEMP%]\THI1EE1.tmp\farmmext.inf [%PROFILE_TEMP%]\THI1EE1.tmp\farmmext.ini [%PROFILE_TEMP%]\THI2494.tmp\farmmext.inf [%PROFILE_TEMP%]\THI2494.tmp\farmmext.ini [%PROFILE_TEMP%]\THI2645.tmp\farmmext.inf [%PROFILE_TEMP%]\THI2645.tmp\farmmext.ini [%PROFILE_TEMP%]\THI268E.tmp\farmmext.inf [%PROFILE_TEMP%]\THI268E.tmp\farmmext.ini [%PROFILE_TEMP%]\THI27B4.tmp\farmmext.inf [%PROFILE_TEMP%]\THI27B4.tmp\farmmext.ini [%PROFILE_TEMP%]\THI280A.tmp\farmmext.inf [%PROFILE_TEMP%]\THI280A.tmp\farmmext.ini [%PROFILE_TEMP%]\THI29E6.tmp\farmmext.inf [%PROFILE_TEMP%]\THI29E6.tmp\farmmext.ini [%PROFILE_TEMP%]\THI2C53.tmp\farmmext.inf [%PROFILE_TEMP%]\THI2C53.tmp\farmmext.ini [%PROFILE_TEMP%]\THI2C64.tmp\farmmext.inf [%PROFILE_TEMP%]\THI2C64.tmp\farmmext.ini [%PROFILE_TEMP%]\THI2CBD.tmp\farmmext.inf [%PROFILE_TEMP%]\THI2D04.tmp\farmmext.inf [%PROFILE_TEMP%]\THI2D04.tmp\farmmext.ini [%PROFILE_TEMP%]\THI2EE6.tmp\farmmext.inf [%PROFILE_TEMP%]\THI2EE6.tmp\farmmext.ini [%PROFILE_TEMP%]\THI2EF9.tmp\farmmext.inf [%PROFILE_TEMP%]\THI2F85.tmp\farmmext.inf [%PROFILE_TEMP%]\THI2F85.tmp\farmmext.ini [%PROFILE_TEMP%]\THI3064.tmp\farmmext.inf [%PROFILE_TEMP%]\THI3064.tmp\farmmext.ini [%PROFILE_TEMP%]\THI3271.tmp\farmmext.inf [%PROFILE_TEMP%]\THI3271.tmp\farmmext.ini [%PROFILE_TEMP%]\THI354A.tmp\farmmext.inf [%PROFILE_TEMP%]\THI354A.tmp\farmmext.ini [%PROFILE_TEMP%]\THI3574.tmp\farmmext.inf [%PROFILE_TEMP%]\THI3574.tmp\farmmext.ini [%PROFILE_TEMP%]\THI3807.tmp\farmmext.inf [%PROFILE_TEMP%]\THI3807.tmp\farmmext.ini [%PROFILE_TEMP%]\THI3843.tmp\farmmext.inf [%PROFILE_TEMP%]\THI3843.tmp\farmmext.ini [%PROFILE_TEMP%]\THI3C83.tmp\farmmext.inf [%PROFILE_TEMP%]\THI3C83.tmp\farmmext.ini [%PROFILE_TEMP%]\THI3D78.tmp\farmmext.inf [%PROFILE_TEMP%]\THI3D78.tmp\farmmext.ini [%PROFILE_TEMP%]\THI4007.tmp\farmmext.inf [%PROFILE_TEMP%]\THI4007.tmp\farmmext.ini [%PROFILE_TEMP%]\THI4072.tmp\farmmext.inf [%PROFILE_TEMP%]\THI4072.tmp\farmmext.ini [%PROFILE_TEMP%]\THI417D.tmp\farmmext.inf [%PROFILE_TEMP%]\THI417D.tmp\farmmext.ini [%PROFILE_TEMP%]\THI418F.tmp\farmmext.inf [%PROFILE_TEMP%]\THI418F.tmp\farmmext.ini [%PROFILE_TEMP%]\THI41CB.tmp\farmmext.inf [%PROFILE_TEMP%]\THI41CB.tmp\farmmext.ini [%PROFILE_TEMP%]\THI4261.tmp\farmmext.inf [%PROFILE_TEMP%]\THI4261.tmp\farmmext.ini [%PROFILE_TEMP%]\THI43FD.tmp\farmmext.inf [%PROFILE_TEMP%]\THI43FD.tmp\farmmext.ini [%PROFILE_TEMP%]\THI4480.tmp\farmmext.inf [%PROFILE_TEMP%]\THI4480.tmp\farmmext.ini [%PROFILE_TEMP%]\THI44E6.tmp\farmmext.inf [%PROFILE_TEMP%]\THI44E6.tmp\farmmext.ini [%PROFILE_TEMP%]\THI4543.tmp\farmmext.inf [%PROFILE_TEMP%]\THI4543.tmp\farmmext.ini [%PROFILE_TEMP%]\THI470F.tmp\farmmext.inf [%PROFILE_TEMP%]\THI470F.tmp\farmmext.ini [%PROFILE_TEMP%]\THI475D.tmp\farmmext.inf [%PROFILE_TEMP%]\THI475D.tmp\farmmext.ini [%PROFILE_TEMP%]\THI4922.tmp\farmmext.inf [%PROFILE_TEMP%]\THI4922.tmp\farmmext.ini [%PROFILE_TEMP%]\THI4B42.tmp\farmmext.inf [%PROFILE_TEMP%]\THI4D87.tmp\farmmext.inf [%PROFILE_TEMP%]\THI4D87.tmp\farmmext.ini [%PROFILE_TEMP%]\THI501F.tmp\farmmext.inf [%PROFILE_TEMP%]\THI501F.tmp\farmmext.ini [%PROFILE_TEMP%]\THI5193.tmp\farmmext.inf [%PROFILE_TEMP%]\THI5193.tmp\farmmext.ini [%PROFILE_TEMP%]\THI53EE.tmp\farmmext.inf [%PROFILE_TEMP%]\THI53EE.tmp\farmmext.ini [%PROFILE_TEMP%]\THI5B0D.tmp\farmmext.inf [%PROFILE_TEMP%]\THI5B0D.tmp\farmmext.ini [%PROFILE_TEMP%]\THI5BDF.tmp\farmmext.inf [%PROFILE_TEMP%]\THI5BDF.tmp\farmmext.ini [%PROFILE_TEMP%]\THI5C10.tmp\farmmext.inf [%PROFILE_TEMP%]\THI5C10.tmp\farmmext.ini [%PROFILE_TEMP%]\THI5C30.tmp\farmmext.inf [%PROFILE_TEMP%]\THI5C30.tmp\farmmext.ini [%PROFILE_TEMP%]\THI5CBD.tmp\farmmext.inf [%PROFILE_TEMP%]\THI5CBD.tmp\farmmext.ini [%PROFILE_TEMP%]\THI5EA6.tmp\farmmext.inf [%PROFILE_TEMP%]\THI5EA6.tmp\farmmext.ini [%PROFILE_TEMP%]\THI5F2E.tmp\farmmext.inf [%PROFILE_TEMP%]\THI5F2E.tmp\farmmext.ini [%PROFILE_TEMP%]\THI6021.tmp\farmmext.inf [%PROFILE_TEMP%]\THI6021.tmp\farmmext.ini [%PROFILE_TEMP%]\THI608E.tmp\farmmext.inf [%PROFILE_TEMP%]\THI608E.tmp\farmmext.ini [%PROFILE_TEMP%]\THI62F6.tmp\farmmext.inf [%PROFILE_TEMP%]\THI62F6.tmp\farmmext.ini [%PROFILE_TEMP%]\THI6346.tmp\farmmext.inf [%PROFILE_TEMP%]\THI6346.tmp\farmmext.ini [%PROFILE_TEMP%]\THI66D7.tmp\farmmext.inf [%PROFILE_TEMP%]\THI67.tmp\farmmext.inf [%PROFILE_TEMP%]\THI67.tmp\farmmext.ini [%PROFILE_TEMP%]\THI670B.tmp\farmmext.inf [%PROFILE_TEMP%]\THI6763.tmp\farmmext.inf [%PROFILE_TEMP%]\THI6763.tmp\farmmext.ini [%PROFILE_TEMP%]\THI67F.tmp\farmmext.inf [%PROFILE_TEMP%]\THI67F.tmp\farmmext.ini [%PROFILE_TEMP%]\THI681D.tmp\farmmext.inf [%PROFILE_TEMP%]\THI681D.tmp\farmmext.ini [%PROFILE_TEMP%]\THI6A2F.tmp\farmmext.inf [%PROFILE_TEMP%]\THI6A2F.tmp\farmmext.ini [%PROFILE_TEMP%]\THI6ADE.tmp\farmmext.inf [%PROFILE_TEMP%]\THI6ADE.tmp\farmmext.ini [%PROFILE_TEMP%]\THI6B14.tmp\farmmext.inf [%PROFILE_TEMP%]\THI6B14.tmp\farmmext.ini [%PROFILE_TEMP%]\THI71E6.tmp\farmmext.inf [%PROFILE_TEMP%]\THI71E6.tmp\farmmext.ini [%PROFILE_TEMP%]\THI71E9.tmp\farmmext.inf [%PROFILE_TEMP%]\THI71E9.tmp\farmmext.ini [%PROFILE_TEMP%]\THI7218.tmp\farmmext.inf [%PROFILE_TEMP%]\THI7218.tmp\farmmext.ini [%PROFILE_TEMP%]\THI7543.tmp\farmmext.inf [%PROFILE_TEMP%]\THI7543.tmp\farmmext.ini [%PROFILE_TEMP%]\THI7676.tmp\farmmext.inf [%PROFILE_TEMP%]\THI7676.tmp\farmmext.ini [%PROFILE_TEMP%]\THI76D5.tmp\farmmext.inf [%PROFILE_TEMP%]\THI76D5.tmp\farmmext.ini [%PROFILE_TEMP%]\THI76F3.tmp\farmmext.inf [%PROFILE_TEMP%]\THI76F3.tmp\farmmext.ini [%PROFILE_TEMP%]\THI7849.tmp\farmmext.inf [%PROFILE_TEMP%]\THI7849.tmp\farmmext.ini [%PROFILE_TEMP%]\THI78BC.tmp\farmmext.inf [%PROFILE_TEMP%]\THI78BC.tmp\farmmext.ini [%PROFILE_TEMP%]\THI7B67.tmp\farmmext.inf [%PROFILE_TEMP%]\THI7B67.tmp\farmmext.ini [%PROFILE_TEMP%]\THI7C25.tmp\farmmext.inf [%PROFILE_TEMP%]\THI7C25.tmp\farmmext.ini [%PROFILE_TEMP%]\THI7F49.tmp\farmmext.inf [%PROFILE_TEMP%]\THI7F49.tmp\farmmext.ini [%PROFILE_TEMP%]\THIB3B.tmp\farmmext.inf [%PROFILE_TEMP%]\THIB3B.tmp\farmmext.ini [%PROFILE_TEMP%]\THIBCC.tmp\farmmext.inf [%PROFILE_TEMP%]\THIBCC.tmp\farmmext.ini [%PROFILE_TEMP%]\THID4E.tmp\farmmext.inf [%PROFILE_TEMP%]\THID4E.tmp\farmmext.ini [%PROFILE_TEMP%]\THIEB4.tmp\farmmext.inf [%PROFILE_TEMP%]\THIEB4.tmp\farmmext.ini [%PROFILE_TEMP%]\THIFC4.tmp\farmmext.inf [%PROFILE_TEMP%]\THIFC4.tmp\farmmext.ini [%WINDOWS%]\farmmext.ini [%WINDOWS%]\inf\farmmext.inf [%PROFILE_TEMP%]\thi3dc7.tmp\farmmext.inf [%PROFILE_TEMP%]\thi3dc7.tmp\farmmext.ini [%WINDOWS%]\farmmext.exe [%WINDOWS%]\lastgood\farmmext.exe [%WINDOWS%]\lastgood\farmmext.ini [%PROFILE_TEMP%]\farmmext.inf [%PROFILE_TEMP%]\THI11CA.tmp\farmmext.inf [%PROFILE_TEMP%]\THI11CA.tmp\farmmext.ini [%PROFILE_TEMP%]\THI1276.tmp\farmmext.inf [%PROFILE_TEMP%]\THI1276.tmp\farmmext.ini [%PROFILE_TEMP%]\THI12B9.tmp\farmmext.inf [%PROFILE_TEMP%]\THI12B9.tmp\farmmext.ini [%PROFILE_TEMP%]\THI13B.tmp\farmmext.inf [%PROFILE_TEMP%]\THI13B.tmp\farmmext.ini [%PROFILE_TEMP%]\THI1639.tmp\farmmext.inf [%PROFILE_TEMP%]\THI1639.tmp\farmmext.ini [%PROFILE_TEMP%]\THI17A7.tmp\farmmext.inf [%PROFILE_TEMP%]\THI17A7.tmp\farmmext.ini [%PROFILE_TEMP%]\THI195B.tmp\farmmext.inf [%PROFILE_TEMP%]\THI195B.tmp\farmmext.ini [%PROFILE_TEMP%]\THI1A7E.tmp\farmmext.inf [%PROFILE_TEMP%]\THI1A7E.tmp\farmmext.ini [%PROFILE_TEMP%]\THI1B0.tmp\farmmext.inf [%PROFILE_TEMP%]\THI1B0.tmp\farmmext.ini [%PROFILE_TEMP%]\THI1B0E.tmp\farmmext.inf [%PROFILE_TEMP%]\THI1B0E.tmp\farmmext.ini [%PROFILE_TEMP%]\THI1C40.tmp\farmmext.inf [%PROFILE_TEMP%]\THI1C40.tmp\farmmext.ini [%PROFILE_TEMP%]\THI1C48.tmp\farmmext.inf [%PROFILE_TEMP%]\THI1C48.tmp\farmmext.ini [%PROFILE_TEMP%]\THI1EE1.tmp\farmmext.inf [%PROFILE_TEMP%]\THI1EE1.tmp\farmmext.ini [%PROFILE_TEMP%]\THI2494.tmp\farmmext.inf [%PROFILE_TEMP%]\THI2494.tmp\farmmext.ini [%PROFILE_TEMP%]\THI2645.tmp\farmmext.inf [%PROFILE_TEMP%]\THI2645.tmp\farmmext.ini [%PROFILE_TEMP%]\THI268E.tmp\farmmext.inf [%PROFILE_TEMP%]\THI268E.tmp\farmmext.ini [%PROFILE_TEMP%]\THI27B4.tmp\farmmext.inf [%PROFILE_TEMP%]\THI27B4.tmp\farmmext.ini [%PROFILE_TEMP%]\THI280A.tmp\farmmext.inf [%PROFILE_TEMP%]\THI280A.tmp\farmmext.ini [%PROFILE_TEMP%]\THI29E6.tmp\farmmext.inf [%PROFILE_TEMP%]\THI29E6.tmp\farmmext.ini [%PROFILE_TEMP%]\THI2C53.tmp\farmmext.inf [%PROFILE_TEMP%]\THI2C53.tmp\farmmext.ini [%PROFILE_TEMP%]\THI2C64.tmp\farmmext.inf [%PROFILE_TEMP%]\THI2C64.tmp\farmmext.ini [%PROFILE_TEMP%]\THI2CBD.tmp\farmmext.inf [%PROFILE_TEMP%]\THI2D04.tmp\farmmext.inf [%PROFILE_TEMP%]\THI2D04.tmp\farmmext.ini [%PROFILE_TEMP%]\THI2EE6.tmp\farmmext.inf [%PROFILE_TEMP%]\THI2EE6.tmp\farmmext.ini [%PROFILE_TEMP%]\THI2EF9.tmp\farmmext.inf [%PROFILE_TEMP%]\THI2F85.tmp\farmmext.inf [%PROFILE_TEMP%]\THI2F85.tmp\farmmext.ini [%PROFILE_TEMP%]\THI3064.tmp\farmmext.inf [%PROFILE_TEMP%]\THI3064.tmp\farmmext.ini [%PROFILE_TEMP%]\THI3271.tmp\farmmext.inf [%PROFILE_TEMP%]\THI3271.tmp\farmmext.ini [%PROFILE_TEMP%]\THI354A.tmp\farmmext.inf [%PROFILE_TEMP%]\THI354A.tmp\farmmext.ini [%PROFILE_TEMP%]\THI3574.tmp\farmmext.inf [%PROFILE_TEMP%]\THI3574.tmp\farmmext.ini [%PROFILE_TEMP%]\THI3807.tmp\farmmext.inf [%PROFILE_TEMP%]\THI3807.tmp\farmmext.ini [%PROFILE_TEMP%]\THI3843.tmp\farmmext.inf [%PROFILE_TEMP%]\THI3843.tmp\farmmext.ini [%PROFILE_TEMP%]\THI3C83.tmp\farmmext.inf [%PROFILE_TEMP%]\THI3C83.tmp\farmmext.ini [%PROFILE_TEMP%]\THI3D78.tmp\farmmext.inf [%PROFILE_TEMP%]\THI3D78.tmp\farmmext.ini [%PROFILE_TEMP%]\THI4007.tmp\farmmext.inf [%PROFILE_TEMP%]\THI4007.tmp\farmmext.ini [%PROFILE_TEMP%]\THI4072.tmp\farmmext.inf [%PROFILE_TEMP%]\THI4072.tmp\farmmext.ini [%PROFILE_TEMP%]\THI417D.tmp\farmmext.inf [%PROFILE_TEMP%]\THI417D.tmp\farmmext.ini [%PROFILE_TEMP%]\THI418F.tmp\farmmext.inf [%PROFILE_TEMP%]\THI418F.tmp\farmmext.ini [%PROFILE_TEMP%]\THI41CB.tmp\farmmext.inf [%PROFILE_TEMP%]\THI41CB.tmp\farmmext.ini [%PROFILE_TEMP%]\THI4261.tmp\farmmext.inf [%PROFILE_TEMP%]\THI4261.tmp\farmmext.ini [%PROFILE_TEMP%]\THI43FD.tmp\farmmext.inf [%PROFILE_TEMP%]\THI43FD.tmp\farmmext.ini [%PROFILE_TEMP%]\THI4480.tmp\farmmext.inf [%PROFILE_TEMP%]\THI4480.tmp\farmmext.ini [%PROFILE_TEMP%]\THI44E6.tmp\farmmext.inf [%PROFILE_TEMP%]\THI44E6.tmp\farmmext.ini [%PROFILE_TEMP%]\THI4543.tmp\farmmext.inf [%PROFILE_TEMP%]\THI4543.tmp\farmmext.ini [%PROFILE_TEMP%]\THI470F.tmp\farmmext.inf [%PROFILE_TEMP%]\THI470F.tmp\farmmext.ini [%PROFILE_TEMP%]\THI475D.tmp\farmmext.inf [%PROFILE_TEMP%]\THI475D.tmp\farmmext.ini [%PROFILE_TEMP%]\THI4922.tmp\farmmext.inf [%PROFILE_TEMP%]\THI4922.tmp\farmmext.ini [%PROFILE_TEMP%]\THI4B42.tmp\farmmext.inf [%PROFILE_TEMP%]\THI4D87.tmp\farmmext.inf [%PROFILE_TEMP%]\THI4D87.tmp\farmmext.ini [%PROFILE_TEMP%]\THI501F.tmp\farmmext.inf [%PROFILE_TEMP%]\THI501F.tmp\farmmext.ini [%PROFILE_TEMP%]\THI5193.tmp\farmmext.inf [%PROFILE_TEMP%]\THI5193.tmp\farmmext.ini [%PROFILE_TEMP%]\THI53EE.tmp\farmmext.inf [%PROFILE_TEMP%]\THI53EE.tmp\farmmext.ini [%PROFILE_TEMP%]\THI5B0D.tmp\farmmext.inf [%PROFILE_TEMP%]\THI5B0D.tmp\farmmext.ini [%PROFILE_TEMP%]\THI5BDF.tmp\farmmext.inf [%PROFILE_TEMP%]\THI5BDF.tmp\farmmext.ini [%PROFILE_TEMP%]\THI5C10.tmp\farmmext.inf [%PROFILE_TEMP%]\THI5C10.tmp\farmmext.ini [%PROFILE_TEMP%]\THI5C30.tmp\farmmext.inf [%PROFILE_TEMP%]\THI5C30.tmp\farmmext.ini [%PROFILE_TEMP%]\THI5CBD.tmp\farmmext.inf [%PROFILE_TEMP%]\THI5CBD.tmp\farmmext.ini [%PROFILE_TEMP%]\THI5EA6.tmp\farmmext.inf [%PROFILE_TEMP%]\THI5EA6.tmp\farmmext.ini [%PROFILE_TEMP%]\THI5F2E.tmp\farmmext.inf [%PROFILE_TEMP%]\THI5F2E.tmp\farmmext.ini [%PROFILE_TEMP%]\THI6021.tmp\farmmext.inf [%PROFILE_TEMP%]\THI6021.tmp\farmmext.ini [%PROFILE_TEMP%]\THI608E.tmp\farmmext.inf [%PROFILE_TEMP%]\THI608E.tmp\farmmext.ini [%PROFILE_TEMP%]\THI62F6.tmp\farmmext.inf [%PROFILE_TEMP%]\THI62F6.tmp\farmmext.ini [%PROFILE_TEMP%]\THI6346.tmp\farmmext.inf [%PROFILE_TEMP%]\THI6346.tmp\farmmext.ini [%PROFILE_TEMP%]\THI66D7.tmp\farmmext.inf [%PROFILE_TEMP%]\THI67.tmp\farmmext.inf [%PROFILE_TEMP%]\THI67.tmp\farmmext.ini [%PROFILE_TEMP%]\THI670B.tmp\farmmext.inf [%PROFILE_TEMP%]\THI6763.tmp\farmmext.inf [%PROFILE_TEMP%]\THI6763.tmp\farmmext.ini [%PROFILE_TEMP%]\THI67F.tmp\farmmext.inf [%PROFILE_TEMP%]\THI67F.tmp\farmmext.ini [%PROFILE_TEMP%]\THI681D.tmp\farmmext.inf [%PROFILE_TEMP%]\THI681D.tmp\farmmext.ini [%PROFILE_TEMP%]\THI6A2F.tmp\farmmext.inf [%PROFILE_TEMP%]\THI6A2F.tmp\farmmext.ini [%PROFILE_TEMP%]\THI6ADE.tmp\farmmext.inf [%PROFILE_TEMP%]\THI6ADE.tmp\farmmext.ini [%PROFILE_TEMP%]\THI6B14.tmp\farmmext.inf [%PROFILE_TEMP%]\THI6B14.tmp\farmmext.ini [%PROFILE_TEMP%]\THI71E6.tmp\farmmext.inf [%PROFILE_TEMP%]\THI71E6.tmp\farmmext.ini [%PROFILE_TEMP%]\THI71E9.tmp\farmmext.inf [%PROFILE_TEMP%]\THI71E9.tmp\farmmext.ini [%PROFILE_TEMP%]\THI7218.tmp\farmmext.inf [%PROFILE_TEMP%]\THI7218.tmp\farmmext.ini [%PROFILE_TEMP%]\THI7543.tmp\farmmext.inf [%PROFILE_TEMP%]\THI7543.tmp\farmmext.ini [%PROFILE_TEMP%]\THI7676.tmp\farmmext.inf [%PROFILE_TEMP%]\THI7676.tmp\farmmext.ini [%PROFILE_TEMP%]\THI76D5.tmp\farmmext.inf [%PROFILE_TEMP%]\THI76D5.tmp\farmmext.ini [%PROFILE_TEMP%]\THI76F3.tmp\farmmext.inf [%PROFILE_TEMP%]\THI76F3.tmp\farmmext.ini [%PROFILE_TEMP%]\THI7849.tmp\farmmext.inf [%PROFILE_TEMP%]\THI7849.tmp\farmmext.ini [%PROFILE_TEMP%]\THI78BC.tmp\farmmext.inf [%PROFILE_TEMP%]\THI78BC.tmp\farmmext.ini [%PROFILE_TEMP%]\THI7B67.tmp\farmmext.inf [%PROFILE_TEMP%]\THI7B67.tmp\farmmext.ini [%PROFILE_TEMP%]\THI7C25.tmp\farmmext.inf [%PROFILE_TEMP%]\THI7C25.tmp\farmmext.ini [%PROFILE_TEMP%]\THI7F49.tmp\farmmext.inf [%PROFILE_TEMP%]\THI7F49.tmp\farmmext.ini [%PROFILE_TEMP%]\THIB3B.tmp\farmmext.inf [%PROFILE_TEMP%]\THIB3B.tmp\farmmext.ini [%PROFILE_TEMP%]\THIBCC.tmp\farmmext.inf [%PROFILE_TEMP%]\THIBCC.tmp\farmmext.ini [%PROFILE_TEMP%]\THID4E.tmp\farmmext.inf [%PROFILE_TEMP%]\THID4E.tmp\farmmext.ini [%PROFILE_TEMP%]\THIEB4.tmp\farmmext.inf [%PROFILE_TEMP%]\THIEB4.tmp\farmmext.ini [%PROFILE_TEMP%]\THIFC4.tmp\farmmext.inf [%PROFILE_TEMP%]\THIFC4.tmp\farmmext.ini [%WINDOWS%]\farmmext.ini [%WINDOWS%]\inf\farmmext.inf [%PROFILE_TEMP%]\thi3dc7.tmp\farmmext.inf [%PROFILE_TEMP%]\thi3dc7.tmp\farmmext.ini [%WINDOWS%]\farmmext.exe [%WINDOWS%]\lastgood\farmmext.exe [%WINDOWS%]\lastgood\farmmext.ini

Registry Values: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Small.bug Downloader

How To Remove Small.bug?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Small.bug is dangerous virus:
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

Small.bug Symptoms:

Files: [%SYSTEM%]\a1\rarndrll2.exe [%SYSTEM%]\c3\dnslook11.exe [%SYSTEM%]\f1\dnslook11.exe [%SYSTEM%]\frd1\dnslook11.exe [%SYSTEM%]\rev1\logidndr1.exe [%WINDOWS%]\MTE3NDI6ODoxNg.exe [%SYSTEM%]\a1\rarndrll2.exe [%SYSTEM%]\c3\dnslook11.exe [%SYSTEM%]\f1\dnslook11.exe [%SYSTEM%]\frd1\dnslook11.exe [%SYSTEM%]\rev1\logidndr1.exe [%WINDOWS%]\MTE3NDI6ODoxNg.exe

Registry Values: HKEY_LOCAL_MACHINE\SOFTWARE\Policies HKEY_LOCAL_MACHINE\SOFTWARE\Policies HKEY_LOCAL_MACHINE\SOFTWARE\Policies HKEY_LOCAL_MACHINE\SOFTWARE\Policies HKEY_LOCAL_MACHINE\SOFTWARE\Policies HKEY_LOCAL_MACHINE\SOFTWARE\Policies HKEY_LOCAL_MACHINE\SOFTWARE\Policies HKEY_LOCAL_MACHINE\SOFTWARE\Policies HKEY_LOCAL_MACHINE\SOFTWARE\Policies HKEY_LOCAL_MACHINE\SOFTWARE\Policies HKEY_LOCAL_MACHINE\SOFTWARE\Policies HKEY_LOCAL_MACHINE\SOFTWARE\Policies HKEY_LOCAL_MACHINE\SOFTWARE\Policies HKEY_LOCAL_MACHINE\software\policies HKEY_LOCAL_MACHINE\SOFTWARE\Policies HKEY_LOCAL_MACHINE\software\policies

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

EXact.Advertising Adware

How To Remove EXact.Advertising?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

EXact.Advertising is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

EXact.Advertising Symptoms:

Files: [%PROGRAM_FILES%]\NaviSearch\bin\nls.exe [%SYSTEM%]\exclean.exe [%SYSTEM%]\exdl.exe [%SYSTEM%]\exdl1.exe [%SYSTEM%]\FYI\uhoetaligi.dll [%SYSTEM%]\FYI\uhoetaligi.exe [%SYSTEM%]\mqexdlm.srg [%SYSTEM%]\msbe.dll [%SYSTEM%]\exdl0.exe [%SYSTEM%]\exdl3.exe [%SYSTEM%]\msxct.exe [%WINDOWS%]\exdl.exe [%WINDOWS%]\installer_siac.exe [%PROGRAM_FILES%]\NaviSearch\bin\nls.exe [%SYSTEM%]\exclean.exe [%SYSTEM%]\exdl.exe [%SYSTEM%]\exdl1.exe [%SYSTEM%]\FYI\uhoetaligi.dll [%SYSTEM%]\FYI\uhoetaligi.exe [%SYSTEM%]\mqexdlm.srg [%SYSTEM%]\msbe.dll [%SYSTEM%]\exdl0.exe [%SYSTEM%]\exdl3.exe [%SYSTEM%]\msxct.exe [%WINDOWS%]\exdl.exe [%WINDOWS%]\installer_siac.exe

Registry Keys: HKEY_CLASSES_ROOT\adp.urlcatcher HKEY_CLASSES_ROOT\adp.urlcatcher.1 HKEY_CLASSES_ROOT\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{aeecbfda-12fa-4881-bdce-8c3e1ce4b344} HKEY_LOCAL_MACHINE\software\exactutil HKEY_LOCAL_MACHINE\software\classes\clsid\{0a8ce102-fa03-4612-9bee-7fe5452f4cb1}

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Sunday, November 9, 2008

BlockChecker Symptoms:

NetControl Symptoms:

Xtractor.Plus Symptoms:

Banbra.dq Symptoms:

ServU.based Symptoms:

TrafficHog Symptoms:

KeyLog.JanNet Symptoms:

Cobfinn Symptoms:

Stealth.Keylogger Symptoms:

Gpcode Symptoms:

Sexy.Hot Symptoms:

DyFuCa Internet Optimizer Symptoms:

MalwareMonitor Symptoms:

Meredrop Symptoms:

SillyDl.AQZ Symptoms:

CWS.PayForTraffic.net Symptoms:

MyNetProtector Symptoms:

Refikey Symptoms:

LolaWeb.Winhost Symptoms:

Paq.Keylog.Common.Components Symptoms:

TrojanDownloader.Win32.Lalus Symptoms:

Webmoner Symptoms:

Hacker.ag Symptoms:

KaZaA Symptoms:

WebD Symptoms:

Swaptor Symptoms:

FixThemNow Symptoms:

Exploider Symptoms:

SearchPack Symptoms:

ElitemediaPop Symptoms:

Trojan Guarder Gold Symptoms:

TrojanDownloader.Win32.Turown Symptoms:

Quick.Launch Symptoms:

Delf Symptoms:

RegistrySmart Symptoms:

GloboSearch Symptoms:

Farmmext Symptoms:

Small.bug Symptoms:

EXact.Advertising Symptoms:

Blog Archive

About Me