Thursday, December 4, 2008

SillyDl.CBH Downloader

How To Remove SillyDl.CBH?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
SillyDl.CBH is dangerous virus:
Trojans-downloaders downloads and installs new malware or adware on the computer.



SillyDl.CBH It also known as:

[Kaspersky]Trojan-Downloader.Win32.Delf.bcc;
[Other]Win32/SillyDl.CBH

SillyDl.CBH Symptoms:

Files:
[%SYSTEM%]\update\Update.exe
[%SYSTEM%]\update\Update.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing Small.ci Downloader

FFToolbar Toolbar

How To Remove FFToolbar?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
FFToolbar is dangerous virus:
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.


FFToolbar Symptoms:

Files:
[%SYSTEM%]\preuninstallff.exe
[%SYSTEM%]\showff.exe
[%WINDOWS%]\cjet.exe
[%WINDOWS%]\nne.bin
[%WINDOWS%]\nnmgr.dat
[%WINDOWS%]\nnmgr.exe
[%WINDOWS%]\nnmgr.ocx
[%WINDOWS%]\nnv.bin
[%WINDOWS%]\omi.dll
[%SYSTEM%]\preuninstallff.exe
[%SYSTEM%]\showff.exe
[%WINDOWS%]\cjet.exe
[%WINDOWS%]\nne.bin
[%WINDOWS%]\nnmgr.dat
[%WINDOWS%]\nnmgr.exe
[%WINDOWS%]\nnmgr.ocx
[%WINDOWS%]\nnv.bin
[%WINDOWS%]\omi.dll

Folders:
[%PROGRAM_FILES%]\fastfinder
[%PROGRAM_FILES%]\fftoolbar toolbar

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{34ef5b1c-52cb-400b-8b7c-f787018b3826}
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-86ff-fd60bb9aae3b}
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-86ff-fd60bb9aae3c}
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-86ff-fd60bb9aae3d}
HKEY_CLASSES_ROOT\fftoolbar.fftoolbar
HKEY_CLASSES_ROOT\fftoolbar.fftoolbarmenu button
HKEY_CLASSES_ROOT\fftoolbar.fftoolbartoggle button
HKEY_CLASSES_ROOT\interface\{e9d8697e-bea9-4170-84f3-509ad2a11951}
HKEY_CLASSES_ROOT\typelib\{3cd9d85e-1ff2-4bf7-a113-6669b8d1e676}
HKEY_CLASSES_ROOT\urllauncher.urllaunchercontrol
HKEY_CLASSES_ROOT\urllauncher.urllaunchercontrol.1
HKEY_CURRENT_USER\fastfinder
HKEY_CURRENT_USER\fftoolbar toolbar
HKEY_LOCAL_MACHINE\software\cjet
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4e7bd74f-2b8d-469e-86ff-fd60bb9aae3b}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\fastfinder
HKEY_LOCAL_MACHINE\software\nnmgr

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
VirusRanger Ransomware Cleaner
Remove Norsd Trojan
Adinf Trojan Removal
Removing Stration Trojan

Fixer.AntiSpy Trojan

How To Remove Fixer.AntiSpy?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Fixer.AntiSpy is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.


Fixer.AntiSpy Symptoms:

Files:
[%DESKTOP%]\FixerAntispy.lnk
[%DESKTOP%]\FixerAntispyInstaller.exe
[%DESKTOP%]\FixerAntispy.lnk
[%DESKTOP%]\FixerAntispyInstaller.exe

Folders:
[%PROGRAMS%]\Fixer Antispy
[%PROGRAM_FILES%]\Fixer Antispy

Registry Keys:
HKEY_CURRENT_USER\software\fixer antispy
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\fixer antispy

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Haxdoor.Rootkit Trojan Information
Remove AdClicker Trojan
FTP.AFtp Trojan Removal instruction
Key.Thief.Key.Serv Spyware Removal

Adload Trojan

How To Remove Adload?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Adload is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.


Adload Symptoms:

Files:
[%SYSTEM%]\kky32.dll
[%SYSTEM%]\kky32.dll

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run, windll (kky32.dll)=rundll32.exe [%SYSTEM%]\kky32.dll


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Delfile1.Cab Hostile Code Information
Removing Pigeon.ESD Trojan

Generic Trojan

How To Remove Generic?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Generic is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.
Trojans-downloaders downloads and installs new malware or adware on the computer.

Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.


Generic It also known as:

[Kaspersky]Trojan.PSW.Barrio.305,Trojan.PSW.Barrio.306,Trojan.PSW.Barrio.310,Trojan.Win32.HPMail.001a,Trojan.Win32.Ume,Trojan.Win32.MSNCookier.25,Trojan.IRC.Noob.31,Trojan.PSW.Rit,Trojan.PSW.M2.145,Trojan.AOL.TDS.a,Trojan.AOL.TDS.b,Trojan.PSW.M2.14,Trojan.PSW.M2.14.a,Trojan.PSW.PM.a,Nuker.Win32.Newker.10,Trojan.PSW.Needinfo.b,Trojan.PSW.Stealth.219,Trojan.Win32.MSN.GhostToolz.a,Trojan.Win32.MSN.GhostToolz.b,Trojan.PSW.HotmailHacker,TrojanDownloader.Win32.Wintrim.l,Burger.int.a,Trojan-Proxy.Win32.Dlena.ad;
[Eset]Win32/HPMail.001.A trojan,Win32/PSW.Barrio.305 trojan,Win32/PSW.Barrio.306 trojan,Win32/PSW.Barrio.31 trojan,Win32/TDS.Muerte trojan,Win32/TDS.4F trojan;
[McAfee]Generic,Generic trojan,PWS-M2,PWS-FF,Generic Dialer,New BackDoor1,Generic VB,PornDial-167,Generic.f,Generic.b;
[F-Prot]destructive program,security risk or a "backdoor" program,security risk named W32/Hhxmsn.A;
[Panda]Trj/HPTeam.02.B,Trj/PSW.Barrio.305,Bck/FruitCake,Trojan Horse,Trj/MSNCookie.25,Trj/IRC.Noob.31,Trj/W32.StuKach,Trj/PSW.M2.145,Trojan Horse.LC,Trj/AOL.TDS.a,Trj/AOL.TDS.b,Trj/M2.1.4.B,Trj/PSW.PM.A,Dialer.Gen,Dialer.AK,Trj/Bandeja,Trj/W32.GhostToolz,Virus Constructor,Dialer.KQ,Trj/HotmailHack.B,Trj/PSW.HotmailHack,Bck/Undetected.1.1,Bck/Undetected.2.2,Bck/ShadowPhyre.212,Bck/Exploiter.1.3d,File Bug;
[Computer Associates]Win32/Asp.K!PWS!Trojan,Win32/HPMail.001a!Trojan,Win32/PWS.Barrio.306.Trojan,Win32/PWS.Barrio.31.Trojan,Backdoor/FruitCake,Win32/Ume!Trojan,Win32.MSNCookier.25,Win32/MSNCookier.25!Trojan,Win32/Noob.31!Trojan,Win32.PSW.M2.145,Win32/M2.1.4.5!Trojan,Win32/M2.1_45!PWS!Trojan,Win32/M2.145!PWS!Trojan,Win32/AOL.TDS.a!Trojan,Win32/AOL.TDS.b!Trojan,Win32.PSW.M2.14,Win32/M2.1_4!PWS!Trojan,Win32/M2.1_4c!PWS!Trojan,Win32/M2.14!PWS!Trojan,Win32/X-Finder!Trojan,Win32/Needinfo.b!PWS!Trojan,Win32/Bandeja!Trojan,Win32/MSN.GhostToolz.a!Trojan,Win32/MSN.GhostToolz.b!Trojan,Backdoor/HotmailHacker!Server,Win32.Hhxmsn.A,Backdoor/TDS.Muerte.b,Win32.TDS.11,Backdoor/TDS.4F,Win32.TDS.22;
[Other]Dialer,Win32/Ilomo.D,Trojan.Horse,Trojan:Win32/Killwin.AD,Trojan-BAT.KillWin.ar,Trojan Horse,W32/Dlena.ET

Generic Symptoms:

Files:
[%WINDOWS%]\system\conmng.exe
[%WINDOWS%]\system\conmng.exe

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{69a4f9ff-e915-11d5-a9f1-009099104002}
HKEY_CLASSES_ROOT\clsid\{9e7138ee-4e7b-11d5-94ef-006008a4ed7f}


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Bat.Wavefunc.Wise Trojan Symptoms
WinRemoteShell Backdoor Removal
Remove Overnet Worm

Ugogo88 Downloader

How To Remove Ugogo88?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Ugogo88 is dangerous virus:
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.


Ugogo88 It also known as:

[Kaspersky]Trojan-Downloader.Win32.Small.csr;
[Other]Win32/SillyDl.AVA

Ugogo88 Symptoms:

Files:
[%SYSTEM%]\adoax.axd
[%WINDOWS%]\stdie.dll
[%SYSTEM%]\adoax.axd
[%WINDOWS%]\stdie.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{a3803141-3cf5-4d66-b7ea-8d2674fe152c}
HKEY_CLASSES_ROOT\typelib\{9fd6c9e2-54f8-48a9-bef6-964f9c221ae4}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{a3803141-3cf5-4d66-b7ea-8d2674fe152c}


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
IRC.Zapchast Backdoor Information
IRCBot Trojan Cleaner
SkyRat RAT Cleaner
Remove Lookup.Abeb BHO

Chinese_Keywords Adware

How To Remove Chinese_Keywords?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Chinese_Keywords is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits


Chinese_Keywords Symptoms:

Files:
[%PROGRAM_FILES%]\3721\Helper.dll
[%WINDOWS%]\downlo~1\cnshook.dll
[%PROGRAM_FILES%]\3721\Helper.dll
[%WINDOWS%]\downlo~1\cnshook.dll

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{D157330A-9EF3-49F8-9A67-4141AC41ADD4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D157330A-9EF3-49F8-9A67-4141AC41ADD4}


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
WowPWS.AW Trojan Removal instruction
TrojanSpy.Win32.RedKod Trojan Symptoms
Removing FakeAlert.Adobepnl Trojan
CSL.pre Trojan Removal
Bancos.IDV Trojan Removal instruction

Look2Me.ab Adware

How To Remove Look2Me.ab?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Look2Me.ab is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.



Look2Me.ab Symptoms:

Files:
[%SYSTEM%]\ALKRNL32.DLL
[%SYSTEM%]\ALKRNL32.DLL


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing Marlboro Trojan
Puper.dll Trojan Removal instruction
Remove Best.search Adware
KD Adware Removal

GameBar Adware

How To Remove GameBar?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
GameBar is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

GameBar Symptoms:

Files:
[%SYSTEM%]\gamebar.dll
[%WINDOWS%]\system\gamebar.dll
[%SYSTEM%]\gamebar.dll
[%WINDOWS%]\system\gamebar.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-c0ff-fd69b994bd7d}
HKEY_LOCAL_MACHINE\software\classes\clsid\{4e7bd74f-2b8d-469e-c0ff-fd69b994bd7d}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove immobilienscout24.de Tracking Cookie

AntiLamer.Light Trojan

How To Remove AntiLamer.Light?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
AntiLamer.Light is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.


AntiLamer.Light It also known as:

[Kaspersky]Trojan.PSW.AlLight.201;
[Eset]Win32/PSW.AlLight.201 trojan;
[Panda]Trj/PSW.AlLight,Dialer.DQ;
[Computer Associates]Win32.AntilamLite.201,Win32/PSW.AlLight.201.Trojan

AntiLamer.Light Symptoms:

Files:
[%WINDOWS%]\runwin32.exe
[%DESKTOP%]\5-1-14-24.lnk
[%PROFILE%]\administrator\start menu\5-1-14-24.lnk
[%PROFILE%]\administrator\start menu\programs\5-1-14-24.lnk
[%WINDOWS%]\system\runwin.exe
[%WINDOWS%]\system\runwindows32.exe
[%WINDOWS%]\runwin32.exe
[%DESKTOP%]\5-1-14-24.lnk
[%PROFILE%]\administrator\start menu\5-1-14-24.lnk
[%PROFILE%]\administrator\start menu\programs\5-1-14-24.lnk
[%WINDOWS%]\system\runwin.exe
[%WINDOWS%]\system\runwindows32.exe

Folders:
[%PROGRAM_FILES%]\websx

Registry Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7589EEE6-E336-11D4-8A7E-EE1D971D9B47}
HKEY_LOCAL_MACHINE\software\classes\acontixcontrol
HKEY_LOCAL_MACHINE\software\classes\clsid\{7589eee6-e336-11d4-8a7e-ee1d971d9b47}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{7589eee6-e336-11d4-8a7e-ee1d971d9b47}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/acontix.ocx
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/acontix.ocx
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\window
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows
HKEY_LOCAL_MACHINE\software\anti-lamer backdoor
HKEY_LOCAL_MACHINE\software\anti-lamer backdoor
HKEY_LOCAL_MACHINE\software\anti-lamer backdoor
HKEY_LOCAL_MACHINE\software\anti-lamer backdoor
HKEY_LOCAL_MACHINE\software\anti-lamer backdoor
HKEY_LOCAL_MACHINE\software\anti-lamer backdoor
HKEY_LOCAL_MACHINE\software\anti-lamer backdoor
HKEY_LOCAL_MACHINE\software\anti-lamer backdoor
HKEY_LOCAL_MACHINE\software\antilamer backdoor
HKEY_LOCAL_MACHINE\software\antilamer backdoor
HKEY_LOCAL_MACHINE\software\antilamer backdoor
HKEY_LOCAL_MACHINE\software\antilamer backdoor
HKEY_LOCAL_MACHINE\software\antilamer backdoor
HKEY_LOCAL_MACHINE\software\antilamer backdoor
HKEY_LOCAL_MACHINE\software\antilamer backdoor
HKEY_LOCAL_MACHINE\software\antilamer backdoor
HKEY_LOCAL_MACHINE\software\antilamer backdoor
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\keyconfig
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\keyconfig
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\keyconfig
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\keyconfig
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\keyconfig
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\keyconfig
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\keyconfig
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\keyconfig
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\keyconfig
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/acontix.ocx
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/acontix.ocx
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\5-1-14-24
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\5-1-14-24
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\5-1-14-24


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing Remote.Desktop RAT

PacerD Adware

How To Remove PacerD?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
PacerD is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.



PacerD Symptoms:

Files:
[%SYSTEM%]\202_app13.exe
[%SYSTEM%]\popoops2.dll
[%SYSTEM%]\swlad1.dll
[%SYSTEM%]\202_app13.exe
[%SYSTEM%]\popoops2.dll
[%SYSTEM%]\swlad1.dll

Registry Keys:
HKEY_CURRENT_USER\software\apd123

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
System.Spy Trojan Removal instruction
Bancos.HCB Trojan Removal
Virus.Killer Trojan Information

SpyDefender.Pro Ransomware

How To Remove SpyDefender.Pro?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
SpyDefender.Pro is dangerous virus:
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.

If the victim opens/executes the attachment, the program encrypts
a number of files on the victim's computer. A ransom note is then left behind for the victim.

The victim will be unable to open the encrypted files without the correct decryption key.
Once the ransom demanded in the ransom note is paid, the cracker may (or may not)
send the decryption key, enabling decryption of the "kidnapped" files.


SpyDefender.Pro Symptoms:

Files:
[%DESKTOP%]\SpyDefender Pro.lnk
[%DESKTOP%]\SpyDefender Pro.lnk
[%DESKTOP%]\SpyDefender Pro.lnk
[%DESKTOP%]\SpyDefender Pro.lnk

Folders:
[%PROGRAM_FILES%]\SpyDefender Pro
[%PROGRAMS%]\SpyDefender Pro

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spydefender pro_is1


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove Bancos.GSL Trojan
Removing myx.net Tracking Cookie
Agent.aq Backdoor Cleaner
Pigeon.ANE Trojan Symptoms
XXXDial Adware Cleaner

CurePCSolution Adware

How To Remove CurePCSolution?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
CurePCSolution is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.



CurePCSolution Symptoms:

Files:
[%COMMON_DESKTOPDIRECTORY%]\Start CurePCSolution.lnk
[%COMMON_STARTUP%]\Start CurePCSolution.exe.lnk
[%COMMON_DESKTOPDIRECTORY%]\Start CurePCSolution.lnk
[%COMMON_STARTUP%]\Start CurePCSolution.exe.lnk

Folders:
[%COMMON_PROGRAMS%]\CurePCSolution
[%PROGRAM_FILES%]\CurePCSolution


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
VioClicks.com Tracking Cookie Information
EZSearch Adware Removal instruction
SvcHoster Trojan Removal
Crackerbox Trojan Cleaner

Bancos.IJD Trojan

How To Remove Bancos.IJD?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Bancos.IJD is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.


Bancos.IJD It also known as:

[Kaspersky]Trojan-Spy.Win32.Banker.bct;
[McAfee]PWS-Banker.gen.bb

Bancos.IJD Symptoms:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
INF.Bayda Trojan Information
Izram Backdoor Cleaner
Remove Petribot.AHZ Trojan

ADBreak BHO

How To Remove ADBreak?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
ADBreak is dangerous virus:
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.


ADBreak It also known as:

[Kaspersky]Backdoor.WbeCheck.a;
[Eset]Win32/PSW.WbeCheck.A trojan;
[McAfee]Floid.dr;
[F-Prot]security risk or a "backdoor" program;
[Panda]Backdoor Program;
[Computer Associates]Win32.WbeCheck,Win32/WbeCheck!Trojan

ADBreak Symptoms:

Files:
[%WINDOWS%]\cbinst$.exe
[%WINDOWS%]\hcwprn.exe
[%WINDOWS%]\kkcomp.dll
[%WINDOWS%]\kkcomp.exe
[%WINDOWS%]\kvnab$.exe
[%WINDOWS%]\kvnab.dll
[%WINDOWS%]\kvnab.exe
[%WINDOWS%]\liqad.dll
[%WINDOWS%]\liqad.exe
[%WINDOWS%]\liqui.dll
[%WINDOWS%]\liqui.exe
[%WINDOWS%]\pbsysie.dll
[%WINDOWS%]\settn.dll
[%WINDOWS%]\wbeCheck.exe
[%WINDOWS%]\xadbrk.dll
[%WINDOWS%]\xadbrk.exe
[%SYSTEM%]\fhfmm.dll
[%WINDOWS%]\exrem.ini
[%WINDOWS%]\kkcomp.old
[%WINDOWS%]\kkcomp.tmp
[%WINDOWS%]\kvnab.ini
[%WINDOWS%]\kvnab.old
[%WINDOWS%]\kvnab.tmp
[%WINDOWS%]\liqad$.exe
[%WINDOWS%]\liqad.ini
[%WINDOWS%]\liqad.old
[%WINDOWS%]\liqad.tmp
[%WINDOWS%]\liqui.txt
[%WINDOWS%]\liqui1.tmp
[%WINDOWS%]\liqui2.tmp
[%WINDOWS%]\liqui3.tmp
[%WINDOWS%]\ltosie.old
[%WINDOWS%]\odidbu.in
[%WINDOWS%]\odidbu.ini
[%WINDOWS%]\plotpp.tmp
[%WINDOWS%]\system\fhfmm.dll
[%WINDOWS%]\wbecheck.exe
[%WINDOWS%]\wbecheck.old
[%WINDOWS%]\wbecheck.tmp
[%WINDOWS%]\xabrk.dll
[%WINDOWS%]\xadbrk1.tmp
[%WINDOWS%]\xadbrk2.tmp
[%WINDOWS%]\xadbrk3.tmp
[%WINDOWS%]\cbinst$.exe
[%WINDOWS%]\hcwprn.exe
[%WINDOWS%]\kkcomp.dll
[%WINDOWS%]\kkcomp.exe
[%WINDOWS%]\kvnab$.exe
[%WINDOWS%]\kvnab.dll
[%WINDOWS%]\kvnab.exe
[%WINDOWS%]\liqad.dll
[%WINDOWS%]\liqad.exe
[%WINDOWS%]\liqui.dll
[%WINDOWS%]\liqui.exe
[%WINDOWS%]\pbsysie.dll
[%WINDOWS%]\settn.dll
[%WINDOWS%]\wbeCheck.exe
[%WINDOWS%]\xadbrk.dll
[%WINDOWS%]\xadbrk.exe
[%SYSTEM%]\fhfmm.dll
[%WINDOWS%]\exrem.ini
[%WINDOWS%]\kkcomp.old
[%WINDOWS%]\kkcomp.tmp
[%WINDOWS%]\kvnab.ini
[%WINDOWS%]\kvnab.old
[%WINDOWS%]\kvnab.tmp
[%WINDOWS%]\liqad$.exe
[%WINDOWS%]\liqad.ini
[%WINDOWS%]\liqad.old
[%WINDOWS%]\liqad.tmp
[%WINDOWS%]\liqui.txt
[%WINDOWS%]\liqui1.tmp
[%WINDOWS%]\liqui2.tmp
[%WINDOWS%]\liqui3.tmp
[%WINDOWS%]\ltosie.old
[%WINDOWS%]\odidbu.in
[%WINDOWS%]\odidbu.ini
[%WINDOWS%]\plotpp.tmp
[%WINDOWS%]\system\fhfmm.dll
[%WINDOWS%]\wbecheck.exe
[%WINDOWS%]\wbecheck.old
[%WINDOWS%]\wbecheck.tmp
[%WINDOWS%]\xabrk.dll
[%WINDOWS%]\xadbrk1.tmp
[%WINDOWS%]\xadbrk2.tmp
[%WINDOWS%]\xadbrk3.tmp

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}
HKEY_CLASSES_ROOT\clsid\{00000012-890e-4aac-afd9-eff6954a34dd}
HKEY_CURRENT_USER\software\opendata
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}
HKEY_CURRENT_USER\software\adbreak
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\search
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing Email.Spy.Pro Spyware
Andromed Trojan Symptoms
Remove Banker.abg Spyware

Banker.CIY Trojan

How To Remove Banker.CIY?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Banker.CIY is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.


Banker.CIY It also known as:

[Kaspersky]Trojan-Spy.Win32.Banker.cgi;
[McAfee]PWS-Banker.gen.g;
[Panda]Trj/Banbra.DPS;
[Other]W32/Banker.BDQL,TrojanSpy:Win32/Banker!92B2,Infostealer.Banpaes

Banker.CIY Symptoms:

Files:
[%COMMON_STARTUP%]\cica.scr
[%SYSTEM%]\cica.scr
[%COMMON_STARTUP%]\cica.scr
[%SYSTEM%]\cica.scr

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Prowler Trojan Information
Sabotage Trojan Information
Townews Adware Removal
REG.Badmin Trojan Removal instruction
Keylog.Dafunk Trojan Removal instruction

Frapes Backdoor

How To Remove Frapes?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Frapes is dangerous virus:
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.


Frapes It also known as:

[Kaspersky]Backdoor.Frapes;
[McAfee]Generic BackDoor.b;
[F-Prot]security risk or a "backdoor" program;
[Panda]Backdoor Program,Bck/Frapes;
[Computer Associates]Backdoor/Frape.A!Server,Win32.Frapes.09

Frapes Symptoms:

Files:
[%PROGRAM_FILES%]\hellas.exe
[%PROGRAM_FILES%]\hellas.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove Popuper Adware
Remove Sinis.BrowserHelper Trojan
Remove Dipti Backdoor
PSW.Bancos Trojan Symptoms

Netpumper Adware

How To Remove Netpumper?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Netpumper is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits


Netpumper Symptoms:

Files:
[%PROGRAM_FILES%]\NetPumper\NetPumper.exe
[%PROGRAM_FILES%]\NetPumper\NetPumperIEProxy.exe
[%PROGRAM_FILES%]\NetPumper\NetPumperNNProxy.dll
[%PROGRAM_FILES%]\NetPumper\NPNetPumper_Application.dll
[%PROGRAM_FILES%]\NetPumper\NPNetPumper_Audio.dll
[%PROGRAM_FILES%]\NetPumper\NPNetPumper_Video.dll
[%PROGRAM_FILES%]\NetPumper\shutdown.exe
[%PROGRAM_FILES%]\NetPumper\TurnLog.exe
[%PROGRAM_FILES%]\NetPumper\NetPumper.exe
[%PROGRAM_FILES%]\NetPumper\NetPumperIEProxy.exe
[%PROGRAM_FILES%]\NetPumper\NetPumperNNProxy.dll
[%PROGRAM_FILES%]\NetPumper\NPNetPumper_Application.dll
[%PROGRAM_FILES%]\NetPumper\NPNetPumper_Audio.dll
[%PROGRAM_FILES%]\NetPumper\NPNetPumper_Video.dll
[%PROGRAM_FILES%]\NetPumper\shutdown.exe
[%PROGRAM_FILES%]\NetPumper\TurnLog.exe

Folders:
[%APPDATA%]\NetPumper
[%COMMON_PROGRAMS%]\NetPumper
[%PROGRAM_FILES%]\NetPumper

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{1aa406ab-f581-42ab-b4d1-31d2e13819ef}
HKEY_CLASSES_ROOT\clsid\{e19b133d-184e-4bba-8a70-38489c9dd31b}
HKEY_CLASSES_ROOT\interface\{056738ed-e15c-11d6-b876-0050bf5d85c7}
HKEY_CLASSES_ROOT\interface\{a8b0f390-e6bf-4027-a4d4-1e4363f5e27b}
HKEY_CLASSES_ROOT\interface\{a9e33220-0b05-11d7-88d2-444553540000}
HKEY_CLASSES_ROOT\interface\{e0abbf96-17dc-44ca-96d0-6217064a97ba}
HKEY_CLASSES_ROOT\mime\database\content type\application\x-netpumper-detector
HKEY_CLASSES_ROOT\netpumper.addurl
HKEY_CLASSES_ROOT\netpumpernnproxy.netscapeinterface
HKEY_CLASSES_ROOT\typelib\{1145a909-a836-44b8-b03a-48d858b0f43e}
HKEY_CLASSES_ROOT\typelib\{f7258f6e-9f60-49c0-8c82-f0a0993d68e0}
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\download with netpumper
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\netpumper_is1
HKEY_LOCAL_MACHINE\software\netpumper

Registry Values:
HKEY_CLASSES_ROOT\.xnpd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CLASSES_ROOT\.xnpd
HKEY_CURRENT_USER\software\netscape\netscape navigator\automation protocols
HKEY_CURRENT_USER\software\netscape\netscape navigator\automation protocols
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
ringsworld.com Tracking Cookie Removal instruction
Pigeon.AVKB Trojan Symptoms
Vxidl.AUB Trojan Removal instruction
CmdService Adware Removal instruction
Bancos.BND Trojan Symptoms

Fatlis Trojan

How To Remove Fatlis?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Fatlis is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.


Fatlis Symptoms:

Files:
[%SYSTEM%]\replace.dll
[%SYSTEM%]\replace.dll

Registry Keys:
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\autoupgrade


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Uboot Trojan Removal
Small.ja Downloader Removal
Removing FireSpy.A Trojan
Vxidl.ASQ Trojan Information
Lizards.Tail Spyware Symptoms

AdStation Adware

How To Remove AdStation?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
AdStation is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits


AdStation Symptoms:

Folders:
[%SYSTEM%]\adstation

Registry Keys:
HKEY_LOCAL_MACHINE\software\adncommunication\adstation


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Zasil Trojan Cleaner
Vxidl.AJY Trojan Removal instruction
SillyDl.DIB Downloader Symptoms
QZap174 Trojan Information

BazookaBar BHO

How To Remove BazookaBar?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
BazookaBar is dangerous virus:
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.


BazookaBar Symptoms:

Folders:
[%PROGRAM_FILES%]\bazookabar

Registry Keys:
HKEY_CLASSES_ROOT\bazookabar.bazookabarband
HKEY_CLASSES_ROOT\bazookabar.bazookabarband.1
HKEY_CLASSES_ROOT\clsid\{7891da15-428e-11d7-bcc1-00a024831a8c}
HKEY_CLASSES_ROOT\interface\{d4242dc5-1aef-46c1-a09a-9136e5f9871e}
HKEY_LOCAL_MACHINE\software\classes\clsid\{7891da15-428e-11d7-bcc1-00a024831a8c}
HKEY_LOCAL_MACHINE\software\classes\interface\{d4242dc5-1aef-46c1-a09a-9136e5f9871e}
HKEY_LOCAL_MACHINE\software\classes\typelib\{dcb8f6ad-65fd-42bf-b0f8-549fcfe717c0}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bazookabar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bazookabar


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing Pigeon.ESY Trojan
Remove Pigeon.ECV Trojan
Doomsday Trojan Removal instruction
Remove SillyDl.ABB Downloader

AmberValletta Trojan

How To Remove AmberValletta?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
AmberValletta is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.


AmberValletta Symptoms:

Files:
[%DESKTOP%]\ambervalletta1.jpg
[%PROFILE%]\Recent\Amber Valletta.lnk
[%PROFILE%]\Recent\ambervalletta1.zip.lnk
[%PROGRAMS%]\FileSubmit\Install Amber Valletta.lnk
[%PROGRAMS%]\FileSubmit\Uninstall Amber Valletta.lnk
[%DESKTOP%]\ambervalletta1.jpg
[%PROFILE%]\Recent\Amber Valletta.lnk
[%PROFILE%]\Recent\ambervalletta1.zip.lnk
[%PROGRAMS%]\FileSubmit\Install Amber Valletta.lnk
[%PROGRAMS%]\FileSubmit\Uninstall Amber Valletta.lnk

Folders:
[%PROGRAM_FILES%]\FileSubmit

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\amber valletta

Registry Values:
HKEY_CURRENT_USER\software\nico mak computing\winzip\filemenu


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
TFactory Downloader Information
RCPrograms Adware Removal instruction
BAT.Vr Trojan Removal instruction
Puper.dll Trojan Symptoms
Pigeon.ADR Trojan Removal

Virus Trojan

How To Remove Virus?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Virus is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
DoS trojans conduct attacks from a single computer with the consent of the user.


Virus It also known as:

[Kaspersky]VirusB.1000.a,Virus90;
[Panda]Testvirus.1000,90 (847);
[Computer Associates]Test Virus B1.4,Virus 90

Virus Symptoms:

Files:
[%PROFILE_TEMP%]\MSView.dll
[%PROFILE_TEMP%]\nsh_115.exe
[%WINDOWS%]\wininit.ini
[%PROFILE_TEMP%]\MSView.dll
[%PROFILE_TEMP%]\nsh_115.exe
[%WINDOWS%]\wininit.ini

Registry Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffd2825e-0785-40c5-9a41-518f53a8261f}
HKEY_LOCAL_MACHINE\SOFTWARE\RespondMiter
HKEY_LOCAL_MACHINE\SOFTWARE\Transponder


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Webtool.Web.Cleaner Adware Removal instruction
Pigeon.ATQ Trojan Symptoms
ASXLoad Trojan Removal
Zinx Spyware Symptoms

SearchForIt Hijacker

How To Remove SearchForIt?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
SearchForIt is dangerous virus:
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.


SearchForIt It also known as:

[Kaspersky]Trojan.Win32.StartPage.ey

SearchForIt Symptoms:

Files:
[%SYSTEM%]\ca2.dll
[%SYSTEM%]\replacesearch.dll
[%SYSTEM%]\ca2.dll
[%SYSTEM%]\replacesearch.dll


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Adware.NDotNet Adware Removal
Spidoor Trojan Information
Lizards.Tail Spyware Information
Removing triplemind.com Tracking Cookie

Yewbmoat Trojan

How To Remove Yewbmoat?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Yewbmoat is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.


Yewbmoat It also known as:

[Kaspersky]Trojan-Downlaoder.Win32.Delf.azy,Bakckdoor.Win32.Small.or,Backdoor.Win32.Small.or,Trojan-Proxy.Win32.Delf.cc,Trojan-Proxy.Win32.Delf.db,Trojan-Spy.Win32.Delf.ait;
[McAfee]Multidropper-JD;
[Other]Win32/Yewbmoat.A,Win32/Yewbmoat.B,Win32/Yewbmoat,Backdoor.Sdbot,Win32/Yewbmoat.E,Win32/Yewbmoat.G,Backdoor.Trojan,Troj/Delf-EYS,BKDR_GRAYBIR.DJ

Yewbmoat Symptoms:

Files:
[%WINDOWS%]\drmclient32.dll
[%WINDOWS%]\fmideploy.exe
[%WINDOWS%]\gmflpr32.dll
[%WINDOWS%]\ntmaspi32.dll
[%WINDOWS%]\stclient.ini
[%PROFILE_TEMP%]\utislcomutil59.exe
[%WINDOWS%]\cmflpr32.dll
[%WINDOWS%]\fsclient32.dll
[%WINDOWS%]\iasrecst.exe
[%WINDOWS%]\kbdfi32.dll
[%WINDOWS%]\mcithread.dll
[%WINDOWS%]\msiutil.exe
[%WINDOWS%]\netcfgx32.exe
[%WINDOWS%]\system\lprhelp32.dll
[%WINDOWS%]\drmclient32.dll
[%WINDOWS%]\fmideploy.exe
[%WINDOWS%]\gmflpr32.dll
[%WINDOWS%]\ntmaspi32.dll
[%WINDOWS%]\stclient.ini
[%PROFILE_TEMP%]\utislcomutil59.exe
[%WINDOWS%]\cmflpr32.dll
[%WINDOWS%]\fsclient32.dll
[%WINDOWS%]\iasrecst.exe
[%WINDOWS%]\kbdfi32.dll
[%WINDOWS%]\mcithread.dll
[%WINDOWS%]\msiutil.exe
[%WINDOWS%]\netcfgx32.exe
[%WINDOWS%]\system\lprhelp32.dll

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\intel audio studio v2.0
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\microsoft keyboard enhance v2.0
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\paradyne adsl network driver v2.3

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion
HKEY_CURRENT_USER\software\microsoft\windows\currentversion
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion
HKEY_CURRENT_USER\software\microsoft\windows\currentversion
HKEY_CURRENT_USER\software\microsoft\windows\currentversion
HKEY_CURRENT_USER\software\microsoft\windows\currentversion
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\microsoft windows visual v2.0


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
SillyDl.CKE Trojan Information
Gone Backdoor Cleaner
Remove Adware.Ezula Adware

Danmec Trojan

How To Remove Danmec?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Danmec is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.


Danmec It also known as:

[Kaspersky]Backdoor.Win32.Rbot.bkz,Trojan.Win32.Agent.xm,Trojan-Proxy.Win32.Agent.hx,Backdoor.Win32.Agent.aju,Trojan-Dropper.Win32.Small.aus,Backdoor.Win32.Agent.crk;
[F-Prot]W32/Proxy.JK;
[Other]Win32/Danmec!generic,Trojan.Proxy.RemLoad.B,Trojan.MulDrop.3098,W32.Mytob@mm,Win32/Danmec.F,Trojan.Danmec,W32/Agent.LDE,Troj/Agent-JV,Win32/Danmec.W,Troj/Danmec-V,Win32/Danmec.Y,Malware.BGBC,TROJ_DROPPER.KAP,Troj/Agent-GGA

Danmec Symptoms:

Files:
[%SYSTEM%]\aspimgr.exe
[%WINDOWS%]\s32.txt
[%WINDOWS%]\ws386.ini
[%SYSTEM%]\aspi183287.exe
[%WINDOWS%]\db32.txt
[%SYSTEM%]\aspimgr.exe
[%WINDOWS%]\s32.txt
[%WINDOWS%]\ws386.ini
[%SYSTEM%]\aspi183287.exe
[%WINDOWS%]\db32.txt

Registry Keys:
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_aspimgr
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\aspimgr
HKEY_CURRENT_USER\software\microsoft\sft
HKEY_LOCAL_MACHINE\software\microsoft\sft
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_aspi113210
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\aspi113210

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing VB.vh Backdoor
Sgfingerd Trojan Cleaner

EGroup Adware

How To Remove EGroup?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
EGroup is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits


EGroup It also known as:

[Other]Adware.InstantAccess,eGroup

EGroup Symptoms:

Files:
[%SYSTEM%]\eglivecam_1028.dll
[%SYSTEM%]\ia.dll
[%SYSTEM%]\LiveService_5.dll
[%SYSTEM%]\mseggrpid.dll
[%WINDOWS%]\downloaded program files\egdhtml.inf
[%WINDOWS%]\downloaded program files\egdhtml_pack.inf
[%WINDOWS%]\downloaded program files\ia.inf
[%WINDOWS%]\downloaded program files\ieaccess2.inf
[%WINDOWS%]\tmlpcert2005
[%PROFILE%]\spesial.nils1\start-meny\instant access.lnk
[%SYSTEM%]\egdhtml_1017.dll
[%SYSTEM%]\egdhtml_1019.dll
[%SYSTEM%]\egdhtml_1021.dll
[%SYSTEM%]\egdial.dll
[%SYSTEM%]\eghtmldialer.dll
[%SYSTEM%]\liveservice_5.dll
[%WINDOWS%]\access.exe
[%WINDOWS%]\downloaded program files\eghtmldialer.inf
[%WINDOWS%]\start menu\instant access.lnk
[%WINDOWS%]\system\egdial.dll
[%WINDOWS%]\system\eghtmldialer.dll
[%SYSTEM%]\eglivecam_1028.dll
[%SYSTEM%]\ia.dll
[%SYSTEM%]\LiveService_5.dll
[%SYSTEM%]\mseggrpid.dll
[%WINDOWS%]\downloaded program files\egdhtml.inf
[%WINDOWS%]\downloaded program files\egdhtml_pack.inf
[%WINDOWS%]\downloaded program files\ia.inf
[%WINDOWS%]\downloaded program files\ieaccess2.inf
[%WINDOWS%]\tmlpcert2005
[%PROFILE%]\spesial.nils1\start-meny\instant access.lnk
[%SYSTEM%]\egdhtml_1017.dll
[%SYSTEM%]\egdhtml_1019.dll
[%SYSTEM%]\egdhtml_1021.dll
[%SYSTEM%]\egdial.dll
[%SYSTEM%]\eghtmldialer.dll
[%SYSTEM%]\liveservice_5.dll
[%WINDOWS%]\access.exe
[%WINDOWS%]\downloaded program files\eghtmldialer.inf
[%WINDOWS%]\start menu\instant access.lnk
[%WINDOWS%]\system\egdial.dll
[%WINDOWS%]\system\eghtmldialer.dll

Folders:
[%WINDOWS%]\eghtmldialer
[%WINDOWS%]\egroup
[%WINDOWS%]\dialpass

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{486e48b5-abf2-42bb-a327-2679df3fb822}
HKEY_CLASSES_ROOT\clsid\{b843da96-2b2d-447e-90ab-b92929aa11af}
HKEY_CLASSES_ROOT\eghtmldialer.htmldialer
HKEY_CLASSES_ROOT\eghtmldialer.htmldialer.1
HKEY_CLASSES_ROOT\interface\{62bfaec2-82a5-4117-a98b-fea89413d924}
HKEY_CLASSES_ROOT\interface\{81c2f7f3-f930-455e-9aa5-0876d387c787}
HKEY_CLASSES_ROOT\interface\{901166a5-f137-4b27-bc4c-ca611debdced}
HKEY_CLASSES_ROOT\typelib\{7699aef9-f83a-44fa-b374-aa02cedf247d}
HKEY_CURRENT_USER\software\egroup
HKEY_LOCAL_MACHINE\software\classes\clsid\{50ad557e-3426-41fd-afdd-2af39bb1c387}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{50AD557E-3426-41FD-AFDD-2AF39BB1C387}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:\windows\system32\egdhtml_1021.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\instant access
HKEY_CLASSES_ROOT\clsid\{2abe804b-4d3a-41bf-a172-304627874b45}
HKEY_CLASSES_ROOT\egdhtml.egdialhtml
HKEY_CLASSES_ROOT\egdhtml.egdialhtml.1
HKEY_CLASSES_ROOT\egdialobject.egdial
HKEY_CLASSES_ROOT\egdialobject.egdial.1
HKEY_CLASSES_ROOT\interface\{2f668a6d-2ec7-4e3a-a485-819e210738d6}
HKEY_CLASSES_ROOT\nsconfig.nsbrowserconfig.2
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{486e48b5-abf2-42bb-a327-2679df3fb822}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{50ad557e-3426-41fd-afdd-2af39bb1c387}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{94742e3f-d9a1-4780-9a87-2ffa43655da2}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{b843da96-2b2d-447e-90ab-b92929aa11af}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]\egdhtml_1021.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]\eghtmldialer.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\system\egdhtml_1021.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\system\eghtmldialer.dll
HKEY_USERS\.default\software\egdhtml

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/eglivecam_1028.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]/eglivecam_1028.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]/eglivecam_1028.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/conflict.3/navinst2.ocx
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/conflict.3/navinst2.ocx
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_USERS\.default\remoteaccess\addresses
HKEY_USERS\.default\software\microsoft\windows\currentversion\wintrust\trust providers\software publishing\trust database\0


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Badpapots Downloader Removal instruction
Remove Alma Trojan
DeUpgrade Trojan Cleaner
Phantom.of.the.Keyboard Spyware Removal
Removing RemoteSaucer Backdoor

Aornum Adware

How To Remove Aornum?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Aornum is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

Aornum Symptoms:

Files:
[%SYSTEM%]\i1srchas.dll
[%WINDOWS%]\aornidle.dll
[%WINDOWS%]\aornum.exe
[%WINDOWS%]\aornumax.dll
[%WINDOWS%]\system\i1srchas.dll
[%SYSTEM%]\i1srchas.dll
[%WINDOWS%]\aornidle.dll
[%WINDOWS%]\aornum.exe
[%WINDOWS%]\aornumax.dll
[%WINDOWS%]\system\i1srchas.dll

Folders:
[%PROGRAM_FILES%]\ornum

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{70522fa2-4656-11d5-b0e9-0050dac24e8f}
HKEY_CLASSES_ROOT\clsid\{08e1c8e1-e565-44fc-a766-c9539bb3abb7}
HKEY_CLASSES_ROOT\clsid\{910e7499-6311-4843-8eb0-0100a7955a1f}
HKEY_CLASSES_ROOT\clsid\{9c813b33-52a2-466d-8c51-eb4189c1ff98}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{08e1c8e1-e565-44fc-a766-c9539bb3abb7}
HKEY_CLASSES_ROOT\typelib\{08e1c8e1-e565-44fc-a766-c9539bb3abb7}
HKEY_CURRENT_USER\software\aornum
HKEY_CURRENT_USER\software\tensoft

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove KeyLog.Powered Spyware
Remove Pot Trojan
Removing Delf.av Trojan

Dimbus Backdoor

How To Remove Dimbus?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Dimbus is dangerous virus:
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.


Dimbus It also known as:

[Kaspersky]Backdoor.Dimbus.10;
[Panda]Bck/Dimbus,Bck/Dimbus.10;
[Computer Associates]Backdoor/Dimbus.10!Server,Win32.Dimbus.10

Dimbus Symptoms:

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Danschl Trojan Removal instruction
Removing Zlob.Fam.Image ActiveX Object Trojan
XoloX Worm Symptoms

Nuvens Trojan

How To Remove Nuvens?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Nuvens is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits


Nuvens It also known as:

[Kaspersky]Trojan-Dropper.Win32.Agent.aue,Trojan-Downloader.Win32.Zlob.aaz,Trojan-Downloader.Win32.Zlob.aua,Trojan-Downloader.Win32.Zlob.asf,Trojan-Downlaoder.Win32.Zlob.asd,Trojan-Downloader.Win32.Zlob.bed,Trojan-downloader.Win32.Zlob.bon,Trojan-Downloader.Win32.Zlob.drd;
[McAfee]Puper.dr;
[F-Prot]W32/Zlob.XA;
[Other]Win32/Nuvens.G,Win32/Nuvens.L,Win32/Nuvens.F,Win32/Nuevens.AG,Trojan.Emcodec,Win32/Nuvens.AM,Win32/Nuvens.AL,Win32/Nuvens.C,Trojan.Zlob,Win32/Nuvens.D,Win32.Nuvens.AS,W32/ZlobNS.gen9,Win32/Nuvens.AW,Win32/Nuvens.BD,Win32/Nuvens.AZ,Win32/Nuvens.BB,Win32/Nuvens.BI,Win32/Nuvens.BJ,Win32/Nuvens.BG,Win32/Nuvens.BH,Troj/Zlob-VP,TROJ_ZLOB.BEJ,Win32/Nuvens.U,Win32/Nuvens.CU,Trojan-Downloader.Zlob.Media-Codec,W32/Zlob.AEZS,Troj/Zlobun-Gen,Win32/Nuvens.CH,Win32/Nuvens.DA,Win32/Nuvens.DD,Win32/Nuvens.DE,Win32/Nuvens.DH,Win32/Nuvens.FW,Win32/Nuvens.FX,Win32/Nuvens.FZ,TROJ_ZLOB.DEM,Mal/Zlob-A,Win32/Nuvens.EH,DNSChanger.gen10,TROJ_ZLOB.DOB,Win32/Nuvens.PE,TrojanDownloader:Win32/Zlob.gen!dll,TROJ_ZLOB.EDH,Troj/Zlobar-Fam,Win32/Nuvens.PG,Win32/Nuvens.PH,Trojan:Win32/Zlob.ZWC,Troj/Zlob-AGJ,TrojanDownloader:Win32/Zlob.gen!AL

Nuvens Symptoms:

Files:
[%COMMON_DESKTOPDIRECTORY%]\Online Security Guide.url
[%COMMON_DESKTOPDIRECTORY%]\Security Troubleshooting.url
[%COMMON_STARTMENU%]\Online Security Guide.url
[%COMMON_STARTMENU%]\Security Troubleshooting.url
[%PROGRAM_FILES%]\AOL Toolbar\toolbar.dll
[%PROGRAM_FILES%]\PaintingRoom\paintingroomclasses.dll
[%PROGRAM_FILES%]\PCODEC\uninst.exe
[%PROGRAM_FILES%]\Video ActiveX Object\uninst.exe
[%SYSTEM%]\update26313404.exe
[%SYSTEM%]\vcodec.exe
[%DESKTOP%]\PornMag Pass.lnk
[%DESKTOP%]\PornPass Manager.lnk
[%SYSTEM%]\sttwrd.dll
[%COMMON_DESKTOPDIRECTORY%]\Online Security Guide.url
[%COMMON_DESKTOPDIRECTORY%]\Security Troubleshooting.url
[%COMMON_STARTMENU%]\Online Security Guide.url
[%COMMON_STARTMENU%]\Security Troubleshooting.url
[%PROGRAM_FILES%]\AOL Toolbar\toolbar.dll
[%PROGRAM_FILES%]\PaintingRoom\paintingroomclasses.dll
[%PROGRAM_FILES%]\PCODEC\uninst.exe
[%PROGRAM_FILES%]\Video ActiveX Object\uninst.exe
[%SYSTEM%]\update26313404.exe
[%SYSTEM%]\vcodec.exe
[%DESKTOP%]\PornMag Pass.lnk
[%DESKTOP%]\PornPass Manager.lnk
[%SYSTEM%]\sttwrd.dll

Folders:
[%PROGRAM_FILES%]\Gold Codec
[%PROGRAM_FILES%]\Image ActiveX Access
[%PROGRAM_FILES%]\IntCodec
[%PROGRAM_FILES%]\iVideoCodec
[%PROGRAM_FILES%]\MMediaCodec
[%PROGRAM_FILES%]\MPVIDEOCODEC
[%PROGRAM_FILES%]\Online Image Add-on
[%PROGRAM_FILES%]\paintingroom
[%PROGRAM_FILES%]\PornMag Pass
[%PROGRAM_FILES%]\PornPass Manager
[%PROGRAM_FILES%]\QualityCodec
[%PROGRAM_FILES%]\SoftCodec
[%PROGRAM_FILES%]\StrCodec
[%PROGRAM_FILES%]\Video ActiveX Access
[%PROGRAM_FILES%]\Video ActiveX Object
[%PROGRAM_FILES%]\VideoCompressionCodec
[%PROGRAM_FILES%]\VideoKeyCodec
[%PROGRAM_FILES%]\VideosCodec
[%PROGRAMS%]\Gold Codec
[%PROGRAMS%]\IntCodec
[%PROGRAMS%]\PornMag Pass
[%PROGRAMS%]\PornPass Manager
[%PROGRAM_FILES%]\Brain Codec

Registry Keys:
HKEY_CLASSES_ROOT\AVZipEnchancer.Chl
HKEY_CLASSES_ROOT\clsid\{fe8aca46-adf0-4785-b550-89762dc330e6}
HKEY_CLASSES_ROOT\codecssoftwarepackage.chl
HKEY_CLASSES_ROOT\emediacodek.chl
HKEY_CLASSES_ROOT\imageactivexobject.chl
HKEY_CLASSES_ROOT\interface\{e29be7f1-e2d8-4036-91ce-c3f8aac42495}
HKEY_CLASSES_ROOT\paintingroomclasses.animatedicon
HKEY_CLASSES_ROOT\paintingroomclasses.animatedicon.1
HKEY_CLASSES_ROOT\typelib\{979c2ead-48cb-454a-adfa-a123158dd508}
HKEY_CLASSES_ROOT\videoaxobject.chl
HKEY_CLASSES_ROOT\VSEnchancer.Chl
HKEY_CURRENT_USER\Software\Internet Security
HKEY_CURRENT_USER\Software\Online Add-on
HKEY_CURRENT_USER\software\paintingroom
HKEY_CURRENT_USER\Software\PornMag Pass
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iVideoCodec
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MMediaCodec
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPVIDEOCODEC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PornMag Pass
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PornPass Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QualityCodec
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftCodec
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\strCodec
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video AX Object
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoCompressionCodec
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoKeyCodec
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideosCodec
HKEY_LOCAL_MACHINE\software\paintingroom
HKEY_CLASSES_ROOT\avzipenchancer.chl
HKEY_CLASSES_ROOT\clsid\{f0c5ef8b-f4bb-4612-9ea8-361fff3da3d5}
HKEY_CLASSES_ROOT\imageactivexobject
HKEY_CLASSES_ROOT\videoaccessactivex.chl
HKEY_CLASSES_ROOT\vsenchancer.chl
HKEY_CURRENT_USER\software\online add-on
HKEY_CURRENT_USER\software\pornmag pass
HKEY_CURRENT_USER\software\\internet security
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\brain codec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\image activex solution
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ivideocodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\mmediacodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\mpvideocodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pornmag pass
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pornpass manager
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\qualitycodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\softcodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\strcodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\video activex object
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\video add-on
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\video ax object
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\videocompressioncodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\videokeycodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\videoscodec

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\intcodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\intcodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\intcodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\intcodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\intcodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\intcodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\intcodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pcodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pcodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pcodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pcodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pcodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pcodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pcodec
HKEY_CURRENT_USER\software\security tools
HKEY_CURRENT_USER\software\security tools
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\intcodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\intcodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\intcodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\intcodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\intcodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\intcodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\intcodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pcodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pcodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pcodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pcodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pcodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pcodec
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pcodec


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Lufoure Trojan Information

Aboutblank Trojan

How To Remove Aboutblank?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Aboutblank is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.


Aboutblank It also known as:

[Kaspersky]Backdoor.Agent.ac,Trojan.Win32.StartPage.ix;
[Eset]Win32/Agent.AC trojan,Win32/StartPage.IX trojan;
[Panda]Bck/Agent.E,Trj/StartPage.FH;
[Computer Associates]Win32.Mersting.B,Win32.Startpage.FZ,Win32/DlMersting.BA.30720!Trojan,Win32/Mersting.B!DLL!Trojan

Aboutblank Symptoms:

Files:
[%WINDOWS%]\svhost.exe
[%PROGRAM_FILES%]\ISSS\ZILLAbar\ZILLAbar.dll
[%SYSTEM%]\jjjhk.dll
[%SYSTEM%]\newkh.dll
[%SYSTEM%]\rzwqb.dll
[%WINDOWS%]\ausjn.dll
[%SYSTEM%]\cbme.dll
[%SYSTEM%]\xea2108l.9zt
[%WINDOWS%]\system\achpjba.dll
[%WINDOWS%]\system\wdm.dll
[%WINDOWS%]\svhost.exe
[%PROGRAM_FILES%]\ISSS\ZILLAbar\ZILLAbar.dll
[%SYSTEM%]\jjjhk.dll
[%SYSTEM%]\newkh.dll
[%SYSTEM%]\rzwqb.dll
[%WINDOWS%]\ausjn.dll
[%SYSTEM%]\cbme.dll
[%SYSTEM%]\xea2108l.9zt
[%WINDOWS%]\system\achpjba.dll
[%WINDOWS%]\system\wdm.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{06abaa2d-34ab-4902-a326-409bd9b9a7a5}
HKEY_CLASSES_ROOT\clsid\{b664647f-efd5-4837-a810-a807139107e5}
HKEY_CLASSES_ROOT\clsid\{ce6a1268-9cc9-4ba3-8657-fe1132906cc4}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{b664647f-efd5-4837-a810-a807139107e5}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search
HKEY_CLASSES_ROOT\protocols\filter\text/html
HKEY_CLASSES_ROOT\protocols\filter\text/plain
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
BrowserAid.SearchandClick BHO Removal instruction

Win.Spy Spyware

How To Remove Win.Spy?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Win.Spy is dangerous virus:
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.


Win.Spy Symptoms:

Files:
[%WINDOWS%]\winsys.exe
[%WINDOWS%]\winsys.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
SpyAxe Trojan Removal
Pigeon.AJM Trojan Cleaner