Wednesday, January 21, 2009

PeopleOnPage Hijacker

How To Remove PeopleOnPage?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
PeopleOnPage is dangerous virus:
A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.
PeopleOnPage It also known as:

[Panda]Adware/Envolo

PeopleOnPage Symptoms:

Files:
[%PROFILE_TEMP%]\autoupdate0\auto_update_install.exe
[%PROFILE_TEMP%]\auf0.exe
[%PROFILE_TEMP%]\AutoUpdate0\setup.inf
[%PROFILE_TEMP%]\AutoUpdate1\setup.inf
[%SYSTEM%]\auto_update_uninstall.exe
[%SYSTEM%]\auto_update_uninstall.log
[%WINDOWS%]\Temp\AutoUpdate1\setup.inf
[%PROFILE%]\locals~1\temp\autoupdate0\auto_update_install.exe
[%PROGRAM_FILES%]\stomps~1\spywar~1\tempfiles\libexpat.dll
[%SYSTEM%]\bi5.exe
[%WINDOWS%]\downloaded program files\activeinstall2.inf
[%WINDOWS%]\downloaded program files\aprload.exe
[%WINDOWS%]\downloaded program files\load.exe
[%WINDOWS%]\windows\system32\auto_update_uninstall.exe
[%PROFILE_TEMP%]\autoupdate0\auto_update_install.exe
[%PROFILE_TEMP%]\auf0.exe
[%PROFILE_TEMP%]\AutoUpdate0\setup.inf
[%PROFILE_TEMP%]\AutoUpdate1\setup.inf
[%SYSTEM%]\auto_update_uninstall.exe
[%SYSTEM%]\auto_update_uninstall.log
[%WINDOWS%]\Temp\AutoUpdate1\setup.inf
[%PROFILE%]\locals~1\temp\autoupdate0\auto_update_install.exe
[%PROGRAM_FILES%]\stomps~1\spywar~1\tempfiles\libexpat.dll
[%SYSTEM%]\bi5.exe
[%WINDOWS%]\downloaded program files\activeinstall2.inf
[%WINDOWS%]\downloaded program files\aprload.exe
[%WINDOWS%]\downloaded program files\load.exe
[%WINDOWS%]\windows\system32\auto_update_uninstall.exe

Folders:
[%PROGRAM_FILES%]\autoupdate

Registry Keys:
HKEY_LOCAL_MACHINE\Software\AutoLoader
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\autoupdate
HKEY_CLASSES_ROOT\clsid\{a1558b18-f76c-40fe-b358-9e47449f3cfe}
HKEY_CLASSES_ROOT\clsid\{b3be5046-8197-48fb-b89f-7c767316d03c}
HKEY_CLASSES_ROOT\popad.server
HKEY_CLASSES_ROOT\popad.server.1
HKEY_CURRENT_USER\software\microsoft\internet explorer\explorer bars\{8023a3e7-ab95-4c23-8313-0be9842cc70e}
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser\{645fd3bc-c314-4f7a-9d2e-64d62a0fdd78}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\monpop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\amserver
HKEY_USERS\.default\software\microsoft\internet explorer\explorer bars\{8023a3e7-ab95-4c23-8313-0be9842cc70e}
HKEY_USERS\.default\software\pop

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/aprload.bin
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/aprload.bin
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/load.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/load.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_USERS\.default\software\microsoft\internet explorer\toolbar\webbrowser

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove Psycho.Derek Spyware
Remove imedia.co.il Tracking Cookie
ICQ.Patch Trojan Removal
Ilomo Trojan Information
PHP.Liquid Trojan Cleaner

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)