Tuesday, December 9, 2008

Generic.PWS Trojan

How To Remove Generic.PWS?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Generic.PWS is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.


Generic.PWS It also known as:

[Kaspersky]Trojan.PSW.VB.e,Trojan.PSW.VB.k,Trojan.PSW.Legendmir.12,Trojan-PSW.Win32.Lmir.12,Trojan-Spy.Win32.Small.gg,Trojan-Spy.Win32.Agent.pp;
[McAfee]Generic PWS,Generic PWS.b,Generic PWS.a,Generic PWS.x,Generic PWS.o,Generic.PWS.g;
[F-Prot]security risk or a "backdoor" program,destructive program;
[Panda]Trojan Horse;
[Computer Associates]Win32/ICQpassStealer!Trojan;
[Other]Trojan.Win32.Kolweb.a,Trojan Horse,Infostealer.Marlap.C,TSPY_MARLAP.E,Win32/Teepyoo,Infostealer,Win32/Teepyoo.A,Win32/Iinun.A,Trojan-PSW.Win32.Agent.gq,Win32/Lemir.HY,Win32/Gypinks.E,Troj/WOW-JT,Trojan.PWStealer.BD36EB31

Generic.PWS Symptoms:

Files:
[%PROFILE_TEMP%]\glx2.sys
[%SYSTEM%]\6nmaj.exe
[%SYSTEM%]\glx2.sys
[%SYSTEM%]\ug6dayh.dll
[%WINDOWS%]\glx2.sys
[%PROFILE_TEMP%]\glx2.sys
[%SYSTEM%]\6nmaj.exe
[%SYSTEM%]\glx2.sys
[%SYSTEM%]\ug6dayh.dll
[%WINDOWS%]\glx2.sys

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{4a25d-449-2baa-4426-a992-d18ca70cf5a9}
HKEY_CLASSES_ROOT\clsid\{fa040b34-fbe9-4bef-9d85-f90becaaca99}
HKEY_CURRENT_USER\software\dcioc
HKEY_CURRENT_USER\software\qe0

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
pi24.com Tracking Cookie Symptoms
Swizzor.bu Downloader Removal instruction
Bancos.GEN Trojan Information
Pigeon.EYS Trojan Symptoms

Bancos.AAF Trojan

How To Remove Bancos.AAF?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Bancos.AAF is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.


Bancos.AAF It also known as:

[Kaspersky]Trojan-Spy.Win32.Banker.cfo;
[McAfee]PWS-Banker

Bancos.AAF Symptoms:

Files:
[%COMMON_STARTUP%]\winupdbc.exe
[%SYSTEM%]\winupdbc.exe
[%WINDOWS%]\Tasks\startt.job
[%COMMON_STARTUP%]\winupdbc.exe
[%SYSTEM%]\winupdbc.exe
[%WINDOWS%]\Tasks\startt.job

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Sup Trojan Cleaner
Sharal Trojan Removal

ACXInstall Adware

How To Remove ACXInstall?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
ACXInstall is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.


ACXInstall Symptoms:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{a4a435cf-3583-11d4-91bd-0048546a1450}


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
FreeWire Worm Cleaner
Java.ByteVerify Trojan Removal instruction

findthewebsiteyouneed.com Hijacker

How To Remove findthewebsiteyouneed.com?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
findthewebsiteyouneed.com is dangerous virus:
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.


findthewebsiteyouneed.com Symptoms:

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{29DD1EA6-1FDA-44A4-B083-C9900547BC48}
HKEY_CLASSES_ROOT\CLSID\{5F1ABCDB-A875-46c1-8345-B72A4567E486}
HKEY_CLASSES_ROOT\CLSID\{FC2493D6-A673-49FE-A2EE-EFE03E95C27C}
HKEY_CLASSES_ROOT\GoRSDN.ContextItem
HKEY_CLASSES_ROOT\GoRSDN.ContextItem.1
HKEY_CLASSES_ROOT\Interface\{7B9A715E-9D87-4C21-BF9E-F914F2FA953F}
HKEY_CLASSES_ROOT\Interface\{7C479D09-1280-41D2-945F-2377736B8CF7}
HKEY_CLASSES_ROOT\Interface\{EAF2CCEE-21A1-4203-9F36-4929FD104D43}
HKEY_CLASSES_ROOT\Pugi.PugiObj
HKEY_CLASSES_ROOT\Pugi.PugiObj.1
HKEY_CLASSES_ROOT\ToolBand.hits
HKEY_CLASSES_ROOT\ToolBand.hits.1
HKEY_CLASSES_ROOT\Typelib\{6D3F5DE4-E980-4407-A10F-9AC771ABAAE6}
HKEY_CURRENT_USER\Software\DotComToolbar

Registry Values:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Fun.Factory Backdoor Removal

Fav Trojan

How To Remove Fav?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Fav is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.


Fav It also known as:

[Kaspersky]Trojan.JS.Fav.a;
[Panda]Trj/JS.Fav;
[Computer Associates]VBS/Suicide!Worm

Fav Symptoms:

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
SillyDl.CGB Trojan Information
SearchClickAds Adware Symptoms
RelevantKnowledge Spyware Cleaner
Netpocalypse Backdoor Information
Vxidl.BEW Trojan Removal

Aditer Trojan

How To Remove Aditer?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Aditer is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.



Aditer It also known as:

[Kaspersky]Trojan.Win32.Aditer.b,Trojan.Win32.Aditer;
[Panda]Trojan Horse;
[Computer Associates]Win32/Aditer.74754!Trojan;
[Other]Win32/Aditer.B

Aditer Symptoms:

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
VBS.Generator Worm Removal
Realtens Downloader Removal
Tool.AVP4SRU Trojan Removal
Miskur Trojan Removal

Leszcz RAT

How To Remove Leszcz?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Leszcz is dangerous virus:
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.


Leszcz Symptoms:

Files:
[%WINDOWS%]\viva.exe
[%WINDOWS%]\viva.exe


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
BackDoor.AMQ Trojan Symptoms
Claria.Precision.Time Adware Removal
WWWcount Trojan Cleaner
Pigeon.AVMD Trojan Information
Removing Pigeon.AVBS Trojan

Armageddon Trojan

How To Remove Armageddon?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Armageddon is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.


Armageddon It also known as:

[Kaspersky]Backdoor.Armageddon,Backdoor.Armageddon.10,Trojan.Win32.Small.i,TrojanNotifier.Win32.EES.a;
[Eset]Win32/Armageddon trojan,Win32/TrojanNotifier.EES.A trojan;
[McAfee]MultiPager-A;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/Armageddon,Trj/W32.Notifier,Trojan Horse,Adware/Madfinder,Spyware/ClientMan,Trj/Small.AQ;
[Computer Associates]Backdoor/Armageddon.B,Win32.Armageddon,Backdoor/Armageddon.20!Server,Win32/otifier/Win32.EES.a!Trojan,Win32.Madfind.A,Win32.Siboco.B,Win32/MadFind!Trojan,Win32/MadFind.BH!Trojan,Win32/Siboco.B!Trojan

Armageddon Symptoms:

Files:
[%SYSTEM%]\msdaim.dll
[%SYSTEM%]\msibkd.dll
[%SYSTEM%]\msjfbl.dll
[%SYSTEM%]\mskhhe.dll
[%SYSTEM%]\msnkmi.dll
[%WINDOWS%]\cachelut.dat
[%WINDOWS%]\words.lst
[%DESKTOP%]\setup_jalapeno.exe
[%PROFILE%]\applic~1\iestcrmfrood.dll
[%PROFILE_TEMP%]\mskhhe.dll
[%PROFILE_TEMP%]\mskpkc.dll
[%SYSTEM%]\disable.dll
[%SYSTEM%]\disable1.dll
[%SYSTEM%]\elitejho32.exe
[%SYSTEM%]\msawindows.exe
[%SYSTEM%]\mscdka.dll
[%SYSTEM%]\mseclk.dll
[%SYSTEM%]\msedah.dll
[%SYSTEM%]\mseffm.dll
[%SYSTEM%]\msfaol.dll
[%SYSTEM%]\mskceo.dll
[%SYSTEM%]\mskpkc.dll
[%SYSTEM%]\msobfl.dll
[%WINDOWS%]\downloaded program files\disable.dll
[%WINDOWS%]\downloaded program files\disable1.dll
[%WINDOWS%]\exeldr.exe
[%WINDOWS%]\msdm.exe
[%WINDOWS%]\system\disable.dll
[%WINDOWS%]\system\disable1.dll
[%WINDOWS%]\system\mscdka.dll
[%WINDOWS%]\system\mseffm.dll
[%WINDOWS%]\system\msobfl.dll
[%WINDOWS%]\system\notify.exe
[%SYSTEM%]\msdaim.dll
[%SYSTEM%]\msibkd.dll
[%SYSTEM%]\msjfbl.dll
[%SYSTEM%]\mskhhe.dll
[%SYSTEM%]\msnkmi.dll
[%WINDOWS%]\cachelut.dat
[%WINDOWS%]\words.lst
[%DESKTOP%]\setup_jalapeno.exe
[%PROFILE%]\applic~1\iestcrmfrood.dll
[%PROFILE_TEMP%]\mskhhe.dll
[%PROFILE_TEMP%]\mskpkc.dll
[%SYSTEM%]\disable.dll
[%SYSTEM%]\disable1.dll
[%SYSTEM%]\elitejho32.exe
[%SYSTEM%]\msawindows.exe
[%SYSTEM%]\mscdka.dll
[%SYSTEM%]\mseclk.dll
[%SYSTEM%]\msedah.dll
[%SYSTEM%]\mseffm.dll
[%SYSTEM%]\msfaol.dll
[%SYSTEM%]\mskceo.dll
[%SYSTEM%]\mskpkc.dll
[%SYSTEM%]\msobfl.dll
[%WINDOWS%]\downloaded program files\disable.dll
[%WINDOWS%]\downloaded program files\disable1.dll
[%WINDOWS%]\exeldr.exe
[%WINDOWS%]\msdm.exe
[%WINDOWS%]\system\disable.dll
[%WINDOWS%]\system\disable1.dll
[%WINDOWS%]\system\mscdka.dll
[%WINDOWS%]\system\mseffm.dll
[%WINDOWS%]\system\msobfl.dll
[%WINDOWS%]\system\notify.exe

Folders:
[%PROGRAM_FILES%]\clientman

Registry Keys:
HKEY_CLASSES_ROOT\appid\{026e4b83-1bf7-41cb-8233-4af35341bc69}
HKEY_CLASSES_ROOT\CLSID\{447160CD-ECF5-4EA2-8A8A-1F70CA363F85}
HKEY_CLASSES_ROOT\interface\{a7370377-e217-4467-8448-9845270cd4a3}
HKEY_CLASSES_ROOT\urlcli.urlcliobj
HKEY_CLASSES_ROOT\urlcli.urlcliobj.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{447160cd-ecf5-4ea2-8a8a-1f70ca363f85}
HKEY_LOCAL_MACHINE\software\classes\clsid\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{447160CD-ECF5-4EA2-8A8A-1F70CA363F85}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}
HKEY_CLASSES_ROOT\clsid\{00a0a40c-f432-4c59-ba11-b25d142c7ab7}
HKEY_CLASSES_ROOT\clsid\{0982868c-47f0-4efb-a664-c7b0b1015808}
HKEY_CLASSES_ROOT\clsid\{0ba1c6eb-d062-4e37-9db5-b07743276324}
HKEY_CLASSES_ROOT\clsid\{166348f1-2c41-4c9f-86bb-eb2b8ade030c}
HKEY_CLASSES_ROOT\clsid\{25f7fa20-3fc3-11d7-b487-00d05990014c}
HKEY_CLASSES_ROOT\clsid\{447160cd-ecf5-4ea2-8a8a-1f70ca363f85}
HKEY_CLASSES_ROOT\clsid\{5ed50735-b0d9-47c6-9774-02dd8e6fe053}
HKEY_CLASSES_ROOT\clsid\{94927a13-4aaa-476a-989d-392456427688}
HKEY_CLASSES_ROOT\clsid\{96be1d9a-9e54-4344-a27a-37c088d64fb4}
HKEY_CLASSES_ROOT\clsid\{a097840a-61f8-4b89-8693-f68f641cc838}
HKEY_CLASSES_ROOT\clsid\{ba77911b-a393-4a2e-b5b5-5b8ed17d7b43}
HKEY_CLASSES_ROOT\clsid\{cc916b4b-be44-4026-a19d-8c74bbd23361}
HKEY_CLASSES_ROOT\clsid\{f76fda04-87fa-4717-91f6-4bb5be9fd2bb}
HKEY_CLASSES_ROOT\dnsrep.dnsrepobj
HKEY_CLASSES_ROOT\dnsrep.dnsrepobj.1
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00a0a40c-f432-4c59-ba11-b25d142c7ab7}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{0982868c-47f0-4efb-a664-c7b0b1015808}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{0ba1c6eb-d062-4e37-9db5-b07743276324}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{166348f1-2c41-4c9f-86bb-eb2b8ade030c}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{25f7fa20-3fc3-11d7-b487-00d05990014c}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{447160cd-ecf5-4ea2-8a8a-1f70ca363f85}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{5ed50735-b0d9-47c6-9774-02dd8e6fe053}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{94927a13-4aaa-476a-989d-392456427688}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{96be1d9a-9e54-4344-a27a-37c088d64fb4}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{a097840a-61f8-4b89-8693-f68f641cc838}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{ba77911b-a393-4a2e-b5b5-5b8ed17d7b43}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{cc916b4b-be44-4026-a19d-8c74bbd23361}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb}
HKEY_CLASSES_ROOT\typelib\{a1a986e7-7674-4d8b-8081-e422fdb8480b}
HKEY_CURRENT_USER\software\climan
HKEY_CURRENT_USER\software\ipend
HKEY_LOCAL_MACHINE\software\classes\clsid\{00a0a40c-f432-4c59-ba11-b25d142c7ab7}
HKEY_LOCAL_MACHINE\software\classes\clsid\{0982868c-47f0-4efb-a664-c7b0b1015808}
HKEY_LOCAL_MACHINE\software\classes\clsid\{0ba1c6eb-d062-4e37-9db5-b07743276324}
HKEY_LOCAL_MACHINE\software\classes\clsid\{166348f1-2c41-4c9f-86bb-eb2b8ade030c}
HKEY_LOCAL_MACHINE\software\classes\clsid\{25f7fa20-3fc3-11d7-b487-00d05990014c}
HKEY_LOCAL_MACHINE\software\classes\clsid\{5ed50735-b0d9-47c6-9774-02dd8e6fe053}
HKEY_LOCAL_MACHINE\software\classes\clsid\{94927a13-4aaa-476a-989d-392456427688}
HKEY_LOCAL_MACHINE\software\classes\clsid\{96be1d9a-9e54-4344-a27a-37c088d64fb4}
HKEY_LOCAL_MACHINE\software\classes\clsid\{a097840a-61f8-4b89-8693-f68f641cc838}
HKEY_LOCAL_MACHINE\software\classes\clsid\{ba77911b-a393-4a2e-b5b5-5b8ed17d7b43}
HKEY_LOCAL_MACHINE\software\classes\clsid\{cc916b4b-be44-4026-a19d-8c74bbd23361}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00a0a40c-f432-4c59-ba11-b25d142c7ab7}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0982868c-47f0-4efb-a664-c7b0b1015808}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0ba1c6eb-d062-4e37-9db5-b07743276324}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{166348f1-2c41-4c9f-86bb-eb2b8ade030c}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{25f7fa20-3fc3-11d7-b487-00d05990014c}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{447160cd-ecf5-4ea2-8a8a-1f70ca363f85}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5ed50735-b0d9-47c6-9774-02dd8e6fe053}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{94927a13-4aaa-476a-989d-392456427688}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{96be1d9a-9e54-4344-a27a-37c088d64fb4}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{a097840a-61f8-4b89-8693-f68f641cc838}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ba77911b-a393-4a2e-b5b5-5b8ed17d7b43}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{cc916b4b-be44-4026-a19d-8c74bbd23361}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb}

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
MailSpam.Aenima DoS Removal instruction
Removing Bancos.FXX Trojan
TrojanDownloader.Win32.Small.kq Downloader Information

Eziin Adware

How To Remove Eziin?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Eziin is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.


Eziin Symptoms:

Files:
[%SYSTEM%]\clienttimer.exe
[%SYSTEM%]\popclient.exe
[%SYSTEM%]\system_ct.exe
[%SYSTEM%]\system_pp.exe
[%SYSTEM%]\system_tp.exe
[%SYSTEM%]\clienttimer.exe
[%SYSTEM%]\popclient.exe
[%SYSTEM%]\system_ct.exe
[%SYSTEM%]\system_pp.exe
[%SYSTEM%]\system_tp.exe

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\ezion

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\security
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
SillyMonkey.Prank Trojan Removal

Home.Watcher Spyware

How To Remove Home.Watcher?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Home.Watcher is dangerous virus:
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.


Home.Watcher Symptoms:

Folders:
[%PROGRAM_FILES%]\deletedfileanalysisutility

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{a1e7de44-6291-11d1-a7ea-006008060078}
HKEY_CLASSES_ROOT\clsid\{b22d0a72-6291-11d1-a7ea-006008060078}
HKEY_CLASSES_ROOT\clsid\{b4267cfa-6291-11d1-a7ea-006008060078}
HKEY_LOCAL_MACHINE\software\classes\appid\{a1e7de44-6291-11d1-a7ea-006008060078}
HKEY_LOCAL_MACHINE\software\classes\appid\{b22d0a72-6291-11d1-a7ea-006008060078}
HKEY_LOCAL_MACHINE\software\classes\appid\{b4267cfa-6291-11d1-a7ea-006008060078}
HKEY_LOCAL_MACHINE\software\classes\clsid\{a1e7de44-6291-11d1-a7ea-006008060078}
HKEY_LOCAL_MACHINE\software\classes\clsid\{b22d0a72-6291-11d1-a7ea-006008060078}
HKEY_LOCAL_MACHINE\software\classes\clsid\{b4267cfa-6291-11d1-a7ea-006008060078}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\deletedfileanalysisutility

Registry Values:
HKEY_LOCAL_MACHINE\software\classes\appid\delutil.exe
HKEY_LOCAL_MACHINE\software\classes\appid\udfat.exe
HKEY_LOCAL_MACHINE\software\classes\appid\udntfs.exe
HKEY_LOCAL_MACHINE\software\executive software\deletedfileanalysisutility
HKEY_LOCAL_MACHINE\software\executive software\deletedfileanalysisutility
HKEY_LOCAL_MACHINE\software\executive software\deletedfileanalysisutility\2.1


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove Telnet.Junkie Trojan

Calknil Trojan

How To Remove Calknil?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Calknil is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.


Calknil It also known as:

[Kaspersky]Backdoor.Win32.VB.bbx;
[Other]Win32/Calknil.A

Calknil Symptoms:

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{b2e996c3-dfe0-ac08-a0e5-a9dc688dfa0f}


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Disk.Kill Trojan Removal instruction
Removing Vxidl.AHJ Trojan
Bancos.GSL Trojan Symptoms

Desktop.Advisor Spyware

How To Remove Desktop.Advisor?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Desktop.Advisor is dangerous virus:
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.


Desktop.Advisor Symptoms:

Folders:
[%PROGRAMS%]\ALDESI Desktop Adviser
[%PROGRAM_FILES%]\ALDESI Desktop Adviser

Registry Keys:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\aldesi desktop adviser
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\aldesi desktop adviser

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing Win32.PSW.Barrio Trojan

AdServerNow Adware

How To Remove AdServerNow?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
AdServerNow is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.



AdServerNow Symptoms:

Files:
[%SYSTEM%]\adservernow.exe
[%SYSTEM%]\adservernow.exe

Registry Keys:
HKEY_LOCAL_MACHINE\software\adservernow
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{595acdcc-d4f4-43a4-8155-dd7eb1ca5dc0}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\adservernow


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing MNPol Adware
Removing Bancos.GND Trojan

Tonlorm Trojan

How To Remove Tonlorm?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Tonlorm is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.


Tonlorm It also known as:

[Kaspersky]Trojan.Win32.Agent.aqo;
[Other]Win32/Tonlorm.A,Trojan Horse,W32/Agent.BTXA,Mal/Heuri-D

Tonlorm Symptoms:

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{75f5dd2a-58e3-48a6-ab94-53632157e17e}


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Pigeon.AVSC Trojan Cleaner
Fakeb RAT Removal
Remove Clicker.Y Trojan
ICQStalker Trojan Information

Agent.BJO Downloader

How To Remove Agent.BJO?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Agent.BJO is dangerous virus:
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.


Agent.BJO It also known as:

[Kaspersky]Trojan-Downloader.Win32.Agent.bjo;
[McAfee]Generic Downloader.ab;
[Other]W32/Agent.BNOT

Agent.BJO Symptoms:

Files:
[%PROFILE_TEMP%]\hmbm.exe
[%WINDOWS%]\smanager.7.exe
[%PROFILE_TEMP%]\hmbm.exe
[%WINDOWS%]\smanager.7.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
PolyEngine.Win32.EXPO Trojan Removal instruction
Pigeon.ARF Trojan Cleaner
Donn.B!downloader Trojan Symptoms
Charaho Trojan Removal
PicsFactory Toolbar Cleaner

IstBar.ak Downloader

How To Remove IstBar.ak?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
IstBar.ak is dangerous virus:
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.


IstBar.ak Symptoms:

Files:
[%PROGRAM_FILES%]\rbenhance\rbenh.exe
[%PROGRAM_FILES%]\rbenhance\rbenh.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing CyberPaky Trojan
Remove Zlob.ad Downloader
Agent.dm Downloader Removal
TrojanDownloader.Win32.Agent.nj Downloader Information
Delemon Trojan Removal instruction

CursorCentral Trojan

How To Remove CursorCentral?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
CursorCentral is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.


CursorCentral Symptoms:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Blabag Trojan Removal instruction

Golid Trojan

How To Remove Golid?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Golid is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.


Golid It also known as:

[Kaspersky]Trojan.WIn32.Agent.aw;
[McAfee]Downloader-VA;
[Panda]Adware/Iagold;
[Computer Associates]Win32/Golid!Trojan;
[Other]W32/Agent.BCD

Golid Symptoms:

Files:
[%SYSTEM%]\d15.0xe
[%SYSTEM%]\d15.exe
[%SYSTEM%]\drivers\wsgutrkn.sys
[%SYSTEM%]\GoGo9CP.0ll
[%SYSTEM%]\ndesjcoq6.exe
[%SYSTEM%]\drivers\kjjivgjs.sys
[%SYSTEM%]\qgwyaicl6.exe
[%SYSTEM%]\d15.0xe
[%SYSTEM%]\d15.exe
[%SYSTEM%]\drivers\wsgutrkn.sys
[%SYSTEM%]\GoGo9CP.0ll
[%SYSTEM%]\ndesjcoq6.exe
[%SYSTEM%]\drivers\kjjivgjs.sys
[%SYSTEM%]\qgwyaicl6.exe


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Nimda.A@mm Trojan Information
Remove Win32.TrojanClicker.Stomcc Trojan

ShopNavSearch.Srng BHO

How To Remove ShopNavSearch.Srng?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
ShopNavSearch.Srng is dangerous virus:
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.


ShopNavSearch.Srng Symptoms:

Files:
[%SYSTEM%]\ie_spy.dll
[%SYSTEM%]\snhelper.dll
[%WINDOWS%]\system\ie_spy.dll
[%WINDOWS%]\system\snhelper.dll
[%SYSTEM%]\ie_spy.dll
[%SYSTEM%]\snhelper.dll
[%WINDOWS%]\system\ie_spy.dll
[%WINDOWS%]\system\snhelper.dll

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-C0FB-EF60B19DB42E}
HKEY_LOCAL_MACHINE\software\classes\clsid\{4e7bd74f-2b8d-469e-c0fb-ef60b19db42e}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-C0FB-EF60B19DB42E}
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-c0fb-ef60b19db42e}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{14b3d246-6274-40b5-8d50-6c2ade2ab29b}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{4e7bd74f-2b8d-469e-c0fb-ef60b19db42e}
HKEY_LOCAL_MACHINE\software\classes\clsid\{14b3d246-6274-40b5-8d50-6c2ade2ab29b}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4e7bd74f-2b8d-469e-c0fb-ef60b19db42e}


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing Torment.Remote Backdoor
SillyDl.CLY Trojan Removal instruction
Wingkill Trojan Removal instruction
Win32.Drox Trojan Symptoms

Feist Trojan

How To Remove Feist?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Feist is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.


Feist It also known as:

[Panda]Feist;
[Computer Associates]Feist

Feist Symptoms:

Registry Keys:
HKEY_LOCAL_MACHINE\software\classes\interface\{0f2a4adc-dabf-4980-8db4-19f67d7b1f95}
HKEY_LOCAL_MACHINE\software\classes\interface\{96b3b1b9-a510-4603-bd66-2bb2c9f21542}
HKEY_LOCAL_MACHINE\software\classes\swrt01.rt

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\cryptography\services


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Addshare Trojan Removal instruction

Small.ev Trojan

How To Remove Small.ev?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Small.ev is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.


Small.ev Symptoms:

Registry Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Uninstall
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\desktop uninstall

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove XXXSoft Trojan
Backdoor.Kronical.Server Trojan Removal instruction
ugo.com Tracking Cookie Removal instruction
Agent.cp Downloader Cleaner
Remove Pigeon.APH Trojan

Daesdu Trojan

How To Remove Daesdu?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Daesdu is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.


Daesdu It also known as:

[Kaspersky]Trojan-Downloader.Win32.VB.bwp;
[Other]W32/DLoader.ENKY

Daesdu Symptoms:

Files:
[%SYSTEM%]\jofstvyt.sbin
[%SYSTEM%]\lwinupdate.exe
[%SYSTEM%]\prrbpgbr.sys
[%SYSTEM%]\rwuwin32.drv
[%SYSTEM%]\jofstvyt.sbin
[%SYSTEM%]\lwinupdate.exe
[%SYSTEM%]\prrbpgbr.sys
[%SYSTEM%]\rwuwin32.drv


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove Bancos.HRZ Trojan

Crushpy Trojan

How To Remove Crushpy?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Crushpy is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.


Crushpy It also known as:

[Kaspersky]Trojan-Downloader.Win32.Bojo.r,Trojan-Downloader.Win32.AGent.hat,Trojan-Downloader.Win32.Agent.gyl;
[McAfee]FakeAlert-S.dll,FakeAlert-W,Downloader.gen.a;
[F-Prot]W32/Downldr2.AUXO;
[Other]Win32/Crushpy.J,Troj/Renos-AF,Mal/Generic-A,TrojanDownloader:Win32/Renos,ExpertAntivirus,W32/DLoader.EWET,Crushpy.L

Crushpy Symptoms:

Files:
[%PROFILE_TEMP%]\temp.fr????
[%SYSTEM%]\cqsfk.dll3
[%SYSTEM%]\zkpssqa.dll
[%SYSTEM%]\wupeng.exe
[%PROFILE_TEMP%]\temp.fr????
[%SYSTEM%]\cqsfk.dll3
[%SYSTEM%]\zkpssqa.dll
[%SYSTEM%]\wupeng.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
SillyDl.AOO Trojan Cleaner
Remove Pigeon.AKG Trojan
Caiijing Trojan Cleaner

AdDestroyer Adware

How To Remove AdDestroyer?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
AdDestroyer is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits


AdDestroyer It also known as:

[Panda]Adware/AdDestroyer;
[Other]Adware.AdDestroyer

AdDestroyer Symptoms:

Files:
[%STARTUP%]\addestroyer.lnk
[%SYSTEM%]\popoops.dll
[%SYSTEM%]\popoops2.dll
[%SYSTEM%]\swlad1.dll
[%SYSTEM%]\swlad2.dll
[%SYSTEM%]\SWRT01.dll
[%SYSTEM%]\swrt01.dll
[%SYSTEM%]\trans.exe
[%STARTUP%]\addestroyer.lnk
[%SYSTEM%]\popoops.dll
[%SYSTEM%]\popoops2.dll
[%SYSTEM%]\swlad1.dll
[%SYSTEM%]\swlad2.dll
[%SYSTEM%]\SWRT01.dll
[%SYSTEM%]\swrt01.dll
[%SYSTEM%]\trans.exe

Folders:
[%PROGRAM_FILES%]\addestroyer
[%STARTMENU%]\programs\addestroyer
[%APPDATA%]\addestroyer
[%PROFILE%]\start menu\programs\addestroyer

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{417386c3-8d4a-4611-9b91-e57e89d603ac}
HKEY_CLASSES_ROOT\clsid\{d52433a9-a44c-43ab-a013-24b3c756dd2b}
HKEY_CLASSES_ROOT\interface\{10d7db96-56dc-4617-8eab-ec506abe6c7e}
HKEY_CLASSES_ROOT\interface\{6cdc3337-01f7-4a79-a4af-0b19303cc0be}
HKEY_CLASSES_ROOT\interface\{795398d0-dc2f-4118-a69c-592273ba9c2b}
HKEY_CLASSES_ROOT\interface\{b288f21c-a144-4ca2-9b70-8afa1fae4b06}
HKEY_CLASSES_ROOT\popoops2.popoops
HKEY_CLASSES_ROOT\swlad1.swlad
HKEY_CLASSES_ROOT\typelib\{d0c29a75-7146-4737-98ee-bc4d7cf44af9}
HKEY_CLASSES_ROOT\typelib\{e0d3b292-a0b0-4640-975c-2f882e039f52}
HKEY_CURRENT_USER\software\vb and vba program settings\addestroyer
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\addestroyer
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\addestroyer

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\pgtools
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/hdplugin1018.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/hdplugin1018.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pgate
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pgate
HKEY_LOCAL_MACHINE\software\dtlbne
HKEY_LOCAL_MACHINE\software\dtlbne
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\pgtools
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/hdplugin1018.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/hdplugin1018.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pgate
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pgate


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove Bancos.HZP Trojan

BFGhost Trojan

How To Remove BFGhost?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
BFGhost is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.



BFGhost It also known as:

[Kaspersky]Backdoor.DKangel.10;
[Eset]Win32/DKangel.10 trojan;
[Computer Associates]Backdoor/DKangel.10.Server

BFGhost Symptoms:

Files:
[%WINDOWS%]\conime.exe
[%WINDOWS%]\system\regsys.vxd
[%WINDOWS%]\system\service.dll
[%WINDOWS%]\conime.exe
[%WINDOWS%]\system\regsys.vxd
[%WINDOWS%]\system\service.dll


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Puver Trojan Removal instruction
BrainSpy RAT Removal

Shpiel Trojan

How To Remove Shpiel?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Shpiel is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.



Shpiel It also known as:

[Kaspersky]Backdoor.Win32.Delf.alg;
[McAfee]Generic BackDoor.d;
[F-Prot]W32/Backdoor.HPQ;
[Other]Win32/Shpiel.A,Backdoor.Trojan,W32/Delf.DAQ,Troj/Shpiel-A

Shpiel Symptoms:

Files:
[%SYSTEM%]\winsress.exe
[%SYSTEM%]\winsress.exe

Registry Keys:
HKEY_LOCAL_MACHINE\software\msnspieluhr

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
BigJack Trojan Cleaner
Remove Small.adb Downloader
Emptybase Trojan Information
Removing Pigeon.AVQQ Trojan

Helios Trojan

How To Remove Helios?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Helios is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.


Helios It also known as:

[Kaspersky]Backdoor.Helios.408,Backdoor.Helios.15,Backdoor.Helios.16,Backdoor.Helios.14,Backdoor.Helios.13,Backdoor.Helios.22,Backdoor.Helibot.10,Backdoor.Helios.24,Backdoor.Helios.25,Backdoor.Helios.17,TrojanDropper.Win32.HeliosBinder.10.a,TrojanDropper.Win32.HeliosBinder.10.b,Backdoor.Helios.30;
[McAfee]BackDoor-ABB,SennaSpy2001;
[F-Prot]security risk or a "backdoor" program;
[Panda]Backdoor Program,Backdoor Program.LC,Bck/Helios.14,Bck/Helios.13,Bck/Helios,Bck/Helios.25,Bck/Helios.15,Trj/W32.HeliosBind;
[Computer Associates]Backdoor/Helios.408,Backdoor/Helios.408!Client,Backdoor/Helios.408!Server,Backdoor/Helios.15!Client,Backdoor/Helios.15!Server,Backdoor/Helios.16!Client,Backdoor/Helios.16!Server,Backdoor/Helios.14!Client,Backdoor/Helios.14!Server,Backdoor/Helios.13!Client,Backdoor/Helios.13!Server,Backdoor/Helios.2.2,Backdoor/Helios.22,Backdoor/Helibot.10,Backdoor/Helios.3_0!Plugin,Win32.Helios.30.plugin,Backdoor/Helios.17!Client,Backdoor/Helios.17!Server,Win32.Helios.10.C,Backdoor/Helios.30,Win32.Helios.30

Helios Symptoms:

Files:
[%WINDOWS%]\system\scanstartup.exe
[%WINDOWS%]\system\scanstartup.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\new-server
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\scanstartup
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
TheRat Trojan Removal instruction
Remove Wotron.worm.kit Trojan
Remove Trojan.Dropper.Win32.VB.fz Trojan
Remove Bancos.GML Trojan

Swizzor Trojan

How To Remove Swizzor?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Swizzor is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.


Swizzor It also known as:

[Kaspersky]AdWare.Win32.Lop,AdWare.Win32.Lop.bb,Adware.Win32.Lop.ag,Trojan-Downloader.Win32.Swizzor.dv,AdWare.Win32.Lop.ag,Trojan.Win32.Obfuscated.en;
[McAfee]Swizzor,Swizzor.gen,Downloader-BCM,Swizzor.gen.a;
[Panda]Adware/Lop,Trojan Horse;
[Computer Associates]Win32.Swizzor,Win32/Swizzor.10680!Downloader,Win32/Swizzor.b!Downloader,Win32/Swizzor.D!Downloader;
[Other]Win32/Swizzor,Adware.Lop,TROJ_SWIZZOR,C2.Lop,lopdotcom,TROJ_SWIZZOR.BA,Adware.Lop!dl,Win32/Swizzor.PR,Win32/Swizzor.QG,Trojan:Win32/Anomaly.gen,Win32/Swizzor.QF,Win32/Swizzor.QH,Win32/Swizzor.QI,Win32/Swizzor.QJ,Win32/Swizzor.QV,Troj/Swizic-B,Win32/Swizzor.SJ,Trojan:Win32/C2Lop.C,Mal/Swizzor-B

Swizzor Symptoms:

Files:
[%APPDATA%]\01ACIDSECOND\ctyordzi.exe
[%APPDATA%]\Help Stupid Comp\fptlqgnu.exe
[%APPDATA%]\Hide Amok Joy\dncpxekv.exe
[%APPDATA%]\Hide Amok Joy\dxqdnnbs.exe
[%APPDATA%]\Hide Amok Joy\ikhuzxfh.exe
[%APPDATA%]\Hide Amok Joy\kddczdny.exe
[%APPDATA%]\Hide Amok Joy\xorvputf.exe
[%APPDATA%]\LOGIDOLROAM\troshemh.exe
[%APPDATA%]\UPLOCKS\rlggvcbr.exe
[%COMMON_APPDATA%]\Barb plus chic wait\REGS JUNK.exe
[%PROFILE_TEMP%]\bis508.exe
[%PROFILE_TEMP%]\bis7D2.exe
[%PROFILE_TEMP%]\pft20~tmp\PatchWr.exe
[%PROFILE_TEMP%]\pft22~tmp\PatchWr.exe
[%PROFILE_TEMP%]\pft2A~tmp\PatchWr.exe
[%PROFILE_TEMP%]\pft2C~tmp\PatchWr.exe
[%PROFILE_TEMP%]\pft3~tmp\PatchWr.exe
[%PROFILE_TEMP%]\Temporary Directory 1 for paint brushes Bittorrent downloader.zip\BitDownload fastets Bittorrent downloader.exe
[%APPDATA%]\admindeafacidtrust\browseamen.exe
[%APPDATA%]\idolonceprogrambits\battons.exe
[%APPDATA%]\Manager Window Jump Dent\Data Up.exe
[%APPDATA%]\Manager Window Jump Dent\realfor.exe
[%APPDATA%]\Manager Window Jump Dent\Regs Eggs.exe
[%APPDATA%]\Manager Window Jump Dent\SendDogWma
[%APPDATA%]\software book style vc\bash mags.exe
[%APPDATA%]\thunk plus chin defy\cash multi.exe
[%DESKTOP%]\htmato1857.exe
[%PROFILE%]\Lokala inst%E4llningar\Temp\bis508.exe
[%PROFILE%]\programdata\chinwarnintracool\hidelive.exe
[%PROFILE_TEMP%]\6bd5111a.exe
[%PROFILE_TEMP%]\aade6.exe
[%PROFILE_TEMP%]\afa6d429.exe
[%PROFILE_TEMP%]\atf\{242138dd-69ce-4398-bd64-0d69f431f913}.html
[%PROFILE_TEMP%]\atf\{3130c779-0937-4bb6-b4a6-9d0e811dceb3}.html
[%PROFILE_TEMP%]\atf\{624598b8-6f55-4bec-ab5b-062219915c18}.html
[%PROFILE_TEMP%]\atf\{ad27eb9d-9bac-4c25-96e1-2764303a375e}.html
[%PROFILE_TEMP%]\rem33.exe
[%PROFILE_TEMP%]\sta33.exe
[%PROFILE_TEMP%]\sta36.exe
[%PROFILE_TEMP%]\sta3c.exe
[%PROFILE_TEMP%]\sta3d.exe
[%PROFILE_TEMP%]\sta4d.exe
[%PROFILE_TEMP%]\sta6.exe
[%PROFILE_TEMP%]\sta79.exe
[%PROGRAM_FILES%]\16ford~1\fileteam.exe
[%PROGRAM_FILES%]\1bodyr~1\eqstupid.exe
[%PROGRAM_FILES%]\1bodyr~1\free.exe
[%PROGRAM_FILES%]\1bodyr~1\ggusdvjz.exe
[%PROGRAM_FILES%]\1bodyr~1\hadddwlv.exe
[%PROGRAM_FILES%]\1bodyr~1\jhigxeqo.exe
[%PROGRAM_FILES%]\1bodyr~1\pile name.exe
[%PROGRAM_FILES%]\1bodyr~1\poke else each.exe
[%PROGRAM_FILES%]\1bodyr~1\start rdr extra.exe
[%PROGRAM_FILES%]\1bodyr~1\xajvwrgu.exe
[%PROGRAM_FILES%]\1bodyr~1\zxzxpzpp.exe
[%PROGRAM_FILES%]\active~1\29525.exe
[%PROGRAM_FILES%]\barbba~1\keeppoke.exe
[%PROGRAM_FILES%]\bikeway\build trust.exe
[%PROGRAM_FILES%]\bluebi~1\audio tick.exe
[%PROGRAM_FILES%]\bluebi~1\daadjpqg.exe
[%PROGRAM_FILES%]\bluebi~1\ford bore date.exe
[%PROGRAM_FILES%]\bluebi~1\kbelhpmz.exe
[%PROGRAM_FILES%]\bluebi~1\lsfjwaej.exe
[%PROGRAM_FILES%]\bluebi~1\ndpgfokf.exe
[%PROGRAM_FILES%]\bluebi~1\rdr file glue.exe
[%PROGRAM_FILES%]\bluebi~1\winsaveaboutpoll.exe
[%PROGRAM_FILES%]\bluebi~1\zkumfamz.exe
[%PROGRAM_FILES%]\cakeju~1\iso setup.exe
[%PROGRAM_FILES%]\cityai~1\bookbitsdefault.exe
[%PROGRAM_FILES%]\cityai~1\imwmkspe.exe
[%PROGRAM_FILES%]\cityai~1\ncqlzyym.exe
[%PROGRAM_FILES%]\cityai~1\ooze part hold.exe
[%PROGRAM_FILES%]\cityai~1\yfieiddw.exe
[%PROGRAM_FILES%]\creati~1\jolcbvin.exe
[%PROGRAM_FILES%]\creati~1\kqxpkink.exe
[%PROGRAM_FILES%]\creati~1\mvxyvrzj.exe
[%PROGRAM_FILES%]\creati~1\qopaqzng.exe
[%PROGRAM_FILES%]\creati~1\tfgymvdd.exe
[%PROGRAM_FILES%]\creati~1\vpdbyqfl.exe
[%PROGRAM_FILES%]\debugs~1\fork error default.exe
[%PROGRAM_FILES%]\debugs~1\help safe copy.exe
[%PROGRAM_FILES%]\debugs~1\vdtjkxjx.exe
[%PROGRAM_FILES%]\defaul~1\gfkfexhs.exe
[%PROGRAM_FILES%]\defaul~1\ggmmxtuh.exe
[%PROGRAM_FILES%]\defaul~1\intrastop.exe
[%PROGRAM_FILES%]\defaul~1\kobmaahh.exe
[%PROGRAM_FILES%]\defaul~1\kyqmurlq.exe
[%PROGRAM_FILES%]\defaul~1\lite cake loud.exe
[%PROGRAM_FILES%]\defaul~1\pkajulyt.exe
[%PROGRAM_FILES%]\draw2\corn bold media.exe
[%PROGRAM_FILES%]\driveg~1\exitgreyhtm.exe
[%PROGRAM_FILES%]\driveg~1\mixmfcd.exe
[%PROGRAM_FILES%]\filmfi~1\808.exe
[%PROGRAM_FILES%]\filmfi~1\bows 2 ante.bin
[%PROGRAM_FILES%]\filmfi~1\global cdrom.dll
[%PROGRAM_FILES%]\freein~1\army load aim byte.exe
[%PROGRAM_FILES%]\freein~1\bendaceproc.exe
[%PROGRAM_FILES%]\freein~1\bytemess.exe
[%PROGRAM_FILES%]\freein~1\ford seek okay gram.exe
[%PROGRAM_FILES%]\freein~1\heroxfbu.exe
[%PROGRAM_FILES%]\freein~1\ljkpaigp.exe
[%PROGRAM_FILES%]\freein~1\xyq.exe
[%PROGRAM_FILES%]\funkba~1\cwhmzwhu.exe
[%PROGRAM_FILES%]\funkba~1\drenahjr.exe
[%PROGRAM_FILES%]\funkba~1\exit show.exe
[%PROGRAM_FILES%]\funkba~1\lite eq safe.exe
[%PROGRAM_FILES%]\funkba~1\urixtdvk.exe
[%PROGRAM_FILES%]\global~1\browse glue.exe
[%PROGRAM_FILES%]\global~1\first move rdr.exe
[%PROGRAM_FILES%]\greyreal\idplomza.exe
[%PROGRAM_FILES%]\intert~1\each beep.exe
[%PROGRAM_FILES%]\isochi~1\pile default.exe
[%PROGRAM_FILES%]\jugsse~1\4623.exe
[%PROGRAM_FILES%]\jugsse~1\more roam.dll
[%PROGRAM_FILES%]\junkst~1\ gre sof .bin
[%PROGRAM_FILES%]\junkst~1\ gre sof soft.bin
[%PROGRAM_FILES%]\junkst~1\capi grey soft.bin
[%PROGRAM_FILES%]\junkst~1\cast grey rey.bin
[%PROGRAM_FILES%]\junkst~1\cast grey soft.bin
[%PROGRAM_FILES%]\junkst~1\cast grey.bin
[%PROGRAM_FILES%]\junkst~1\cast soft.bin
[%PROGRAM_FILES%]\junkst~1\cast.bin
[%PROGRAM_FILES%]\junkst~1\castcgre gsof soft.bin
[%PROGRAM_FILES%]\junkst~1\castmapi soft.bin
[%PROGRAM_FILES%]\junkst~1\castmgrey soft.bin
[%PROGRAM_FILES%]\junkst~1\csof .bin
[%PROGRAM_FILES%]\junkst~1\dent soft.bin
[%PROGRAM_FILES%]\junkst~1\dentmapi grey soft.bin
[%PROGRAM_FILES%]\junkst~1\dentmapit.bin
[%PROGRAM_FILES%]\junkst~1\filmpeak.dll
[%PROGRAM_FILES%]\junkst~1\junk stey.bin
[%PROGRAM_FILES%]\junkst~1\mapi.bin
[%PROGRAM_FILES%]\loadroad\11739.exe
[%PROGRAM_FILES%]\loadroad\13793.exe
[%PROGRAM_FILES%]\loadroad\cast idle.dll
[%PROGRAM_FILES%]\mailin~1\bend axis.exe
[%PROGRAM_FILES%]\mediao~1\browse bows.exe
[%PROGRAM_FILES%]\memosi~1\bgbdhyvc.exe
[%PROGRAM_FILES%]\memosi~1\debug platform one.exe
[%PROGRAM_FILES%]\memosi~1\downloadkeepbleh.exe
[%PROGRAM_FILES%]\objcdrom\extra slow dvd.exe
[%PROGRAM_FILES%]\objcdrom\mdhhwkfg.exe
[%PROGRAM_FILES%]\onesoa~1\nxmukvvg.exe
[%PROGRAM_FILES%]\oozejo~1\save real.exe
[%PROGRAM_FILES%]\ownssi~1\city title.exe
[%PROGRAM_FILES%]\play audio dupe\1 jugs default.exe
[%PROGRAM_FILES%]\play audio dupe\about pile stupid.exe
[%PROGRAM_FILES%]\play audio dupe\cwinsemt.exe
[%PROGRAM_FILES%]\pollpopfour\bitsplaygrid.exe
[%PROGRAM_FILES%]\pollpopfour\each cdrom memo.exe
[%PROGRAM_FILES%]\pollpopfour\fwpesprd.exe
[%PROGRAM_FILES%]\progra~1\aim dash noun.exe
[%PROGRAM_FILES%]\progra~1\kvfnegjg.exe
[%PROGRAM_FILES%]\progra~1\mfxfwvrw.exe
[%PROGRAM_FILES%]\progra~1\ohukvvyx.exe
[%PROGRAM_FILES%]\progra~1\sect name.exe
[%PROGRAM_FILES%]\progra~1\suoplcpo.exe
[%PROGRAM_FILES%]\progra~1\weqqtqdv.exe
[%PROGRAM_FILES%]\refpin~1\findphone.exe
[%PROGRAM_FILES%]\saveba~1\setup close.exe
[%PROGRAM_FILES%]\second~1\ace tray.exe
[%PROGRAM_FILES%]\second~1\grid gpl.exe
[%PROGRAM_FILES%]\sectmp~1\aim math heart.exe
[%PROGRAM_FILES%]\sectmp~1\bookslow.exe
[%PROGRAM_FILES%]\sectmp~1\drikyzgm.exe
[%PROGRAM_FILES%]\sectmp~1\gozczace.exe
[%PROGRAM_FILES%]\sectmp~1\mfokxciu.exe
[%PROGRAM_FILES%]\sectmp~1\otyygomn.exe
[%PROGRAM_FILES%]\sectmp~1\pdwwooqk.exe
[%PROGRAM_FILES%]\sectmp~1\wmsvbohb.exe
[%PROGRAM_FILES%]\sectmp~1\wsmtdolv.exe
[%PROGRAM_FILES%]\sectmp~1\xysuncaw.exe
[%PROGRAM_FILES%]\sectmp~1\ybyncovt.exe
[%PROGRAM_FILES%]\shimbo~1\15898.exe
[%PROGRAM_FILES%]\shimbo~1\bike poke.dll
[%PROGRAM_FILES%]\shimbo~1\fileoozegreat.bin
[%PROGRAM_FILES%]\softwa~1\1067.exe
[%PROGRAM_FILES%]\softwa~1\13163.exe
[%PROGRAM_FILES%]\softwa~1\14053.exe
[%PROGRAM_FILES%]\softwa~1\15638.exe
[%PROGRAM_FILES%]\softwa~1\16037.exe
[%PROGRAM_FILES%]\softwa~1\19842.exe
[%PROGRAM_FILES%]\softwa~1\208.exe
[%PROGRAM_FILES%]\softwa~1\24760.exe
[%PROGRAM_FILES%]\softwa~1\26151.exe
[%PROGRAM_FILES%]\softwa~1\30904.exe
[%PROGRAM_FILES%]\softwa~1\4817.exe
[%PROGRAM_FILES%]\softwa~1\9032.exe
[%PROGRAM_FILES%]\softwa~1\city.bin
[%PROGRAM_FILES%]\softwa~1\citycity.bin
[%PROGRAM_FILES%]\softwa~1\cityfordmathcity.bin
[%PROGRAM_FILES%]\softwa~1\citymathcity.bin
[%PROGRAM_FILES%]\softwa~1\fitymathcity.bin
[%PROGRAM_FILES%]\softwa~1\fordmathcity.bin
[%PROGRAM_FILES%]\softwa~1\setup time.dll
[%PROGRAM_FILES%]\softwa~1\softwarecity.bin
[%PROGRAM_FILES%]\softwa~1\wave wait.dll
[%PROGRAM_FILES%]\thirda~1\ahlrfsoy.exe
[%PROGRAM_FILES%]\thirda~1\anntabrs.exe
[%PROGRAM_FILES%]\thirda~1\eyednnkm.exe
[%PROGRAM_FILES%]\thirda~1\lniegfer.exe
[%PROGRAM_FILES%]\thirda~1\lvwvyqst.exe
[%PROGRAM_FILES%]\thirda~1\mqplzhkn.exe
[%PROGRAM_FILES%]\thirda~1\wgjtoczo.exe
[%PROGRAM_FILES%]\thirda~1\yyjsckss.exe
[%PROGRAM_FILES%]\view16\burnsetup.exe
[%APPDATA%]\01ACIDSECOND\ctyordzi.exe
[%APPDATA%]\Help Stupid Comp\fptlqgnu.exe
[%APPDATA%]\Hide Amok Joy\dncpxekv.exe
[%APPDATA%]\Hide Amok Joy\dxqdnnbs.exe
[%APPDATA%]\Hide Amok Joy\ikhuzxfh.exe
[%APPDATA%]\Hide Amok Joy\kddczdny.exe
[%APPDATA%]\Hide Amok Joy\xorvputf.exe
[%APPDATA%]\LOGIDOLROAM\troshemh.exe
[%APPDATA%]\UPLOCKS\rlggvcbr.exe
[%COMMON_APPDATA%]\Barb plus chic wait\REGS JUNK.exe
[%PROFILE_TEMP%]\bis508.exe
[%PROFILE_TEMP%]\bis7D2.exe
[%PROFILE_TEMP%]\pft20~tmp\PatchWr.exe
[%PROFILE_TEMP%]\pft22~tmp\PatchWr.exe
[%PROFILE_TEMP%]\pft2A~tmp\PatchWr.exe
[%PROFILE_TEMP%]\pft2C~tmp\PatchWr.exe
[%PROFILE_TEMP%]\pft3~tmp\PatchWr.exe
[%PROFILE_TEMP%]\Temporary Directory 1 for paint brushes Bittorrent downloader.zip\BitDownload fastets Bittorrent downloader.exe
[%APPDATA%]\admindeafacidtrust\browseamen.exe
[%APPDATA%]\idolonceprogrambits\battons.exe
[%APPDATA%]\Manager Window Jump Dent\Data Up.exe
[%APPDATA%]\Manager Window Jump Dent\realfor.exe
[%APPDATA%]\Manager Window Jump Dent\Regs Eggs.exe
[%APPDATA%]\Manager Window Jump Dent\SendDogWma
[%APPDATA%]\software book style vc\bash mags.exe
[%APPDATA%]\thunk plus chin defy\cash multi.exe
[%DESKTOP%]\htmato1857.exe
[%PROFILE%]\Lokala inst%E4llningar\Temp\bis508.exe
[%PROFILE%]\programdata\chinwarnintracool\hidelive.exe
[%PROFILE_TEMP%]\6bd5111a.exe
[%PROFILE_TEMP%]\aade6.exe
[%PROFILE_TEMP%]\afa6d429.exe
[%PROFILE_TEMP%]\atf\{242138dd-69ce-4398-bd64-0d69f431f913}.html
[%PROFILE_TEMP%]\atf\{3130c779-0937-4bb6-b4a6-9d0e811dceb3}.html
[%PROFILE_TEMP%]\atf\{624598b8-6f55-4bec-ab5b-062219915c18}.html
[%PROFILE_TEMP%]\atf\{ad27eb9d-9bac-4c25-96e1-2764303a375e}.html
[%PROFILE_TEMP%]\rem33.exe
[%PROFILE_TEMP%]\sta33.exe
[%PROFILE_TEMP%]\sta36.exe
[%PROFILE_TEMP%]\sta3c.exe
[%PROFILE_TEMP%]\sta3d.exe
[%PROFILE_TEMP%]\sta4d.exe
[%PROFILE_TEMP%]\sta6.exe
[%PROFILE_TEMP%]\sta79.exe
[%PROGRAM_FILES%]\16ford~1\fileteam.exe
[%PROGRAM_FILES%]\1bodyr~1\eqstupid.exe
[%PROGRAM_FILES%]\1bodyr~1\free.exe
[%PROGRAM_FILES%]\1bodyr~1\ggusdvjz.exe
[%PROGRAM_FILES%]\1bodyr~1\hadddwlv.exe
[%PROGRAM_FILES%]\1bodyr~1\jhigxeqo.exe
[%PROGRAM_FILES%]\1bodyr~1\pile name.exe
[%PROGRAM_FILES%]\1bodyr~1\poke else each.exe
[%PROGRAM_FILES%]\1bodyr~1\start rdr extra.exe
[%PROGRAM_FILES%]\1bodyr~1\xajvwrgu.exe
[%PROGRAM_FILES%]\1bodyr~1\zxzxpzpp.exe
[%PROGRAM_FILES%]\active~1\29525.exe
[%PROGRAM_FILES%]\barbba~1\keeppoke.exe
[%PROGRAM_FILES%]\bikeway\build trust.exe
[%PROGRAM_FILES%]\bluebi~1\audio tick.exe
[%PROGRAM_FILES%]\bluebi~1\daadjpqg.exe
[%PROGRAM_FILES%]\bluebi~1\ford bore date.exe
[%PROGRAM_FILES%]\bluebi~1\kbelhpmz.exe
[%PROGRAM_FILES%]\bluebi~1\lsfjwaej.exe
[%PROGRAM_FILES%]\bluebi~1\ndpgfokf.exe
[%PROGRAM_FILES%]\bluebi~1\rdr file glue.exe
[%PROGRAM_FILES%]\bluebi~1\winsaveaboutpoll.exe
[%PROGRAM_FILES%]\bluebi~1\zkumfamz.exe
[%PROGRAM_FILES%]\cakeju~1\iso setup.exe
[%PROGRAM_FILES%]\cityai~1\bookbitsdefault.exe
[%PROGRAM_FILES%]\cityai~1\imwmkspe.exe
[%PROGRAM_FILES%]\cityai~1\ncqlzyym.exe
[%PROGRAM_FILES%]\cityai~1\ooze part hold.exe
[%PROGRAM_FILES%]\cityai~1\yfieiddw.exe
[%PROGRAM_FILES%]\creati~1\jolcbvin.exe
[%PROGRAM_FILES%]\creati~1\kqxpkink.exe
[%PROGRAM_FILES%]\creati~1\mvxyvrzj.exe
[%PROGRAM_FILES%]\creati~1\qopaqzng.exe
[%PROGRAM_FILES%]\creati~1\tfgymvdd.exe
[%PROGRAM_FILES%]\creati~1\vpdbyqfl.exe
[%PROGRAM_FILES%]\debugs~1\fork error default.exe
[%PROGRAM_FILES%]\debugs~1\help safe copy.exe
[%PROGRAM_FILES%]\debugs~1\vdtjkxjx.exe
[%PROGRAM_FILES%]\defaul~1\gfkfexhs.exe
[%PROGRAM_FILES%]\defaul~1\ggmmxtuh.exe
[%PROGRAM_FILES%]\defaul~1\intrastop.exe
[%PROGRAM_FILES%]\defaul~1\kobmaahh.exe
[%PROGRAM_FILES%]\defaul~1\kyqmurlq.exe
[%PROGRAM_FILES%]\defaul~1\lite cake loud.exe
[%PROGRAM_FILES%]\defaul~1\pkajulyt.exe
[%PROGRAM_FILES%]\draw2\corn bold media.exe
[%PROGRAM_FILES%]\driveg~1\exitgreyhtm.exe
[%PROGRAM_FILES%]\driveg~1\mixmfcd.exe
[%PROGRAM_FILES%]\filmfi~1\808.exe
[%PROGRAM_FILES%]\filmfi~1\bows 2 ante.bin
[%PROGRAM_FILES%]\filmfi~1\global cdrom.dll
[%PROGRAM_FILES%]\freein~1\army load aim byte.exe
[%PROGRAM_FILES%]\freein~1\bendaceproc.exe
[%PROGRAM_FILES%]\freein~1\bytemess.exe
[%PROGRAM_FILES%]\freein~1\ford seek okay gram.exe
[%PROGRAM_FILES%]\freein~1\heroxfbu.exe
[%PROGRAM_FILES%]\freein~1\ljkpaigp.exe
[%PROGRAM_FILES%]\freein~1\xyq.exe
[%PROGRAM_FILES%]\funkba~1\cwhmzwhu.exe
[%PROGRAM_FILES%]\funkba~1\drenahjr.exe
[%PROGRAM_FILES%]\funkba~1\exit show.exe
[%PROGRAM_FILES%]\funkba~1\lite eq safe.exe
[%PROGRAM_FILES%]\funkba~1\urixtdvk.exe
[%PROGRAM_FILES%]\global~1\browse glue.exe
[%PROGRAM_FILES%]\global~1\first move rdr.exe
[%PROGRAM_FILES%]\greyreal\idplomza.exe
[%PROGRAM_FILES%]\intert~1\each beep.exe
[%PROGRAM_FILES%]\isochi~1\pile default.exe
[%PROGRAM_FILES%]\jugsse~1\4623.exe
[%PROGRAM_FILES%]\jugsse~1\more roam.dll
[%PROGRAM_FILES%]\junkst~1\ gre sof .bin
[%PROGRAM_FILES%]\junkst~1\ gre sof soft.bin
[%PROGRAM_FILES%]\junkst~1\capi grey soft.bin
[%PROGRAM_FILES%]\junkst~1\cast grey rey.bin
[%PROGRAM_FILES%]\junkst~1\cast grey soft.bin
[%PROGRAM_FILES%]\junkst~1\cast grey.bin
[%PROGRAM_FILES%]\junkst~1\cast soft.bin
[%PROGRAM_FILES%]\junkst~1\cast.bin
[%PROGRAM_FILES%]\junkst~1\castcgre gsof soft.bin
[%PROGRAM_FILES%]\junkst~1\castmapi soft.bin
[%PROGRAM_FILES%]\junkst~1\castmgrey soft.bin
[%PROGRAM_FILES%]\junkst~1\csof .bin
[%PROGRAM_FILES%]\junkst~1\dent soft.bin
[%PROGRAM_FILES%]\junkst~1\dentmapi grey soft.bin
[%PROGRAM_FILES%]\junkst~1\dentmapit.bin
[%PROGRAM_FILES%]\junkst~1\filmpeak.dll
[%PROGRAM_FILES%]\junkst~1\junk stey.bin
[%PROGRAM_FILES%]\junkst~1\mapi.bin
[%PROGRAM_FILES%]\loadroad\11739.exe
[%PROGRAM_FILES%]\loadroad\13793.exe
[%PROGRAM_FILES%]\loadroad\cast idle.dll
[%PROGRAM_FILES%]\mailin~1\bend axis.exe
[%PROGRAM_FILES%]\mediao~1\browse bows.exe
[%PROGRAM_FILES%]\memosi~1\bgbdhyvc.exe
[%PROGRAM_FILES%]\memosi~1\debug platform one.exe
[%PROGRAM_FILES%]\memosi~1\downloadkeepbleh.exe
[%PROGRAM_FILES%]\objcdrom\extra slow dvd.exe
[%PROGRAM_FILES%]\objcdrom\mdhhwkfg.exe
[%PROGRAM_FILES%]\onesoa~1\nxmukvvg.exe
[%PROGRAM_FILES%]\oozejo~1\save real.exe
[%PROGRAM_FILES%]\ownssi~1\city title.exe
[%PROGRAM_FILES%]\play audio dupe\1 jugs default.exe
[%PROGRAM_FILES%]\play audio dupe\about pile stupid.exe
[%PROGRAM_FILES%]\play audio dupe\cwinsemt.exe
[%PROGRAM_FILES%]\pollpopfour\bitsplaygrid.exe
[%PROGRAM_FILES%]\pollpopfour\each cdrom memo.exe
[%PROGRAM_FILES%]\pollpopfour\fwpesprd.exe
[%PROGRAM_FILES%]\progra~1\aim dash noun.exe
[%PROGRAM_FILES%]\progra~1\kvfnegjg.exe
[%PROGRAM_FILES%]\progra~1\mfxfwvrw.exe
[%PROGRAM_FILES%]\progra~1\ohukvvyx.exe
[%PROGRAM_FILES%]\progra~1\sect name.exe
[%PROGRAM_FILES%]\progra~1\suoplcpo.exe
[%PROGRAM_FILES%]\progra~1\weqqtqdv.exe
[%PROGRAM_FILES%]\refpin~1\findphone.exe
[%PROGRAM_FILES%]\saveba~1\setup close.exe
[%PROGRAM_FILES%]\second~1\ace tray.exe
[%PROGRAM_FILES%]\second~1\grid gpl.exe
[%PROGRAM_FILES%]\sectmp~1\aim math heart.exe
[%PROGRAM_FILES%]\sectmp~1\bookslow.exe
[%PROGRAM_FILES%]\sectmp~1\drikyzgm.exe
[%PROGRAM_FILES%]\sectmp~1\gozczace.exe
[%PROGRAM_FILES%]\sectmp~1\mfokxciu.exe
[%PROGRAM_FILES%]\sectmp~1\otyygomn.exe
[%PROGRAM_FILES%]\sectmp~1\pdwwooqk.exe
[%PROGRAM_FILES%]\sectmp~1\wmsvbohb.exe
[%PROGRAM_FILES%]\sectmp~1\wsmtdolv.exe
[%PROGRAM_FILES%]\sectmp~1\xysuncaw.exe
[%PROGRAM_FILES%]\sectmp~1\ybyncovt.exe
[%PROGRAM_FILES%]\shimbo~1\15898.exe
[%PROGRAM_FILES%]\shimbo~1\bike poke.dll
[%PROGRAM_FILES%]\shimbo~1\fileoozegreat.bin
[%PROGRAM_FILES%]\softwa~1\1067.exe
[%PROGRAM_FILES%]\softwa~1\13163.exe
[%PROGRAM_FILES%]\softwa~1\14053.exe
[%PROGRAM_FILES%]\softwa~1\15638.exe
[%PROGRAM_FILES%]\softwa~1\16037.exe
[%PROGRAM_FILES%]\softwa~1\19842.exe
[%PROGRAM_FILES%]\softwa~1\208.exe
[%PROGRAM_FILES%]\softwa~1\24760.exe
[%PROGRAM_FILES%]\softwa~1\26151.exe
[%PROGRAM_FILES%]\softwa~1\30904.exe
[%PROGRAM_FILES%]\softwa~1\4817.exe
[%PROGRAM_FILES%]\softwa~1\9032.exe
[%PROGRAM_FILES%]\softwa~1\city.bin
[%PROGRAM_FILES%]\softwa~1\citycity.bin
[%PROGRAM_FILES%]\softwa~1\cityfordmathcity.bin
[%PROGRAM_FILES%]\softwa~1\citymathcity.bin
[%PROGRAM_FILES%]\softwa~1\fitymathcity.bin
[%PROGRAM_FILES%]\softwa~1\fordmathcity.bin
[%PROGRAM_FILES%]\softwa~1\setup time.dll
[%PROGRAM_FILES%]\softwa~1\softwarecity.bin
[%PROGRAM_FILES%]\softwa~1\wave wait.dll
[%PROGRAM_FILES%]\thirda~1\ahlrfsoy.exe
[%PROGRAM_FILES%]\thirda~1\anntabrs.exe
[%PROGRAM_FILES%]\thirda~1\eyednnkm.exe
[%PROGRAM_FILES%]\thirda~1\lniegfer.exe
[%PROGRAM_FILES%]\thirda~1\lvwvyqst.exe
[%PROGRAM_FILES%]\thirda~1\mqplzhkn.exe
[%PROGRAM_FILES%]\thirda~1\wgjtoczo.exe
[%PROGRAM_FILES%]\thirda~1\yyjsckss.exe
[%PROGRAM_FILES%]\view16\burnsetup.exe

Folders:
[%APPDATA%]\bleh platform drive internet
[%APPDATA%]\JOY FACE MAPI COPY
[%PROGRAM_FILES%]\movefi~1

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{3ac077e2-a87a-3582-08b6-69863ce5bd2c}
HKEY_CLASSES_ROOT\clsid\{66eab452-800a-7bea-d068-c668c39d3ffb}
HKEY_CLASSES_ROOT\clsid\{751fabe0-61cf-96bf-aa53-9a328fbf459b}
HKEY_CLASSES_ROOT\clsid\{94ac8427-47d0-0328-8060-ab65bc1c0479}
HKEY_CLASSES_ROOT\clsid\{97d65e0c-f28c-051a-cec2-299b0094c1f2}
HKEY_CLASSES_ROOT\clsid\{de16043e-fed8-a12d-2409-8cd31b31de21}
HKEY_CURRENT_USER\clsid\{2bd12782-9db1-029b-8d03-2f0596305555}
HKEY_CURRENT_USER\clsid\{8e474554-79aa-115a-66d8-5fedecb66be8}
HKEY_CURRENT_USER\software\classes\clsid\{2bd12782-9db1-029b-8d03-2f0596305555}
HKEY_CURRENT_USER\software\classes\clsid\{8e474554-79aa-115a-66d8-5fedecb66be8}
HKEY_LOCAL_MACHINE\software\classes\clsid\{3ac077e2-a87a-3582-08b6-69863ce5bd2c}
HKEY_LOCAL_MACHINE\software\classes\clsid\{66eab452-800a-7bea-d068-c668c39d3ffb}
HKEY_LOCAL_MACHINE\software\classes\clsid\{751fabe0-61cf-96bf-aa53-9a328fbf459b}
HKEY_LOCAL_MACHINE\software\classes\clsid\{97d65e0c-f28c-051a-cec2-299b0094c1f2}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{751fabe0-61cf-96bf-aa53-9a328fbf459b}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{94ac8427-47d0-0328-8060-ab65bc1c0479}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{97d65e0c-f28c-051a-cec2-299b0094c1f2}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c2ba8382-9a35-cfbc-3907-c39d72a572ad}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{de16043e-fed8-a12d-2409-8cd31b31de21}

Registry Values:
HKEY_CLASSES_ROOT\clsid\{c2ba8382-9a35-cfbc-3907-c39d72a572ad}
HKEY_CLASSES_ROOT\clsid\{c2ba8382-9a35-cfbc-3907-c39d72a572ad}\inprocserver32
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Contempt Trojan Removal instruction