Monday, January 26, 2009

Sogou Trojan

How To Remove Sogou?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Sogou is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

Sogou It also known as:

[Kaspersky]AdWare.Win32.BHO.av;
[McAfee]AdClicker-BJ;
[Other]Trojan-Sogou.A

Sogou Symptoms:

Files:
[%SYSTEM%]\comploader.dll
[%SYSTEM%]\socul.dll
[%SYSTEM%]\SODAHK.DLL
[%SYSTEM%]\temp.exe
[%SYSTEM%]\unsocul.exe
[%PROFILE_TEMP%]\ad948.exe
[%SYSTEM%]\drivers\HttpReq.dll
[%SYSTEM%]\drivers\so.exe
[%SYSTEM%]\drivers\spoolsv.dll
[%SYSTEM%]\drivers\System.ini
[%SYSTEM%]\drivers\WEBDLL.DLL
[%WINDOWS%]\Temp\so28.exe
[%SYSTEM%]\comploader.dll
[%SYSTEM%]\socul.dll
[%SYSTEM%]\SODAHK.DLL
[%SYSTEM%]\temp.exe
[%SYSTEM%]\unsocul.exe
[%PROFILE_TEMP%]\ad948.exe
[%SYSTEM%]\drivers\HttpReq.dll
[%SYSTEM%]\drivers\so.exe
[%SYSTEM%]\drivers\spoolsv.dll
[%SYSTEM%]\drivers\System.ini
[%SYSTEM%]\drivers\WEBDLL.DLL
[%WINDOWS%]\Temp\so28.exe

Folders:
[%APPDATA%]\p4p
[%PROGRAM_FILES%]\P4P
[%PROGRAM_FILES_COMMON%]\CPUSH
[%PROGRAM_FILES_COMMON%]\Sogou PXP

Registry Keys:
HKEY_CLASSES_ROOT\.$p4p$
HKEY_CLASSES_ROOT\.sodamulti
HKEY_CLASSES_ROOT\autolink.autolinkbho
HKEY_CLASSES_ROOT\autolink.autolinkbho.1
HKEY_CLASSES_ROOT\clsid\{08b13a8e-eb71-4421-b417-4ec0995d5bfc}
HKEY_CLASSES_ROOT\CLSID\{0CA51D02-7739-43EA-8D9A-1E8AD4327B03}
HKEY_CLASSES_ROOT\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}
HKEY_CLASSES_ROOT\clsid\{2738a64f-7792-47a2-ae08-dad92c12015e}
HKEY_CLASSES_ROOT\clsid\{34a12a06-48c0-420d-8f11-73552ee9631a}
HKEY_CLASSES_ROOT\clsid\{5aa23b9d-99c0-4a41-a25d-58e806766680}
HKEY_CLASSES_ROOT\clsid\{7fd094e7-c8b9-40bd-9f80-f20a7194d2e6}
HKEY_CLASSES_ROOT\clsid\{81b9a3d6-d79f-403e-939b-4f2be8fd2a34}
HKEY_CLASSES_ROOT\clsid\{8755ce6e-0bf7-4441-8751-fb728941b0b4}
HKEY_CLASSES_ROOT\clsid\{8ab8528f-ac8b-416d-9b84-92d97729c195}
HKEY_CLASSES_ROOT\clsid\{bab1ac41-6ff7-4f2e-a04e-5c592ccfea7d}
HKEY_CLASSES_ROOT\clsid\{cde9eb54-a08e-4570-b748-13f5ddb5781c}
HKEY_CLASSES_ROOT\clsid\{d977d6a9-be13-496d-9be4-175dfac12628}
HKEY_CLASSES_ROOT\CLSID\{DBBB7978-AF21-4EF4-9AD1-B2F4BC75696C}
HKEY_CLASSES_ROOT\clsid\{deee7fe9-3e06-43ee-b04d-18866cd0ad9c}
HKEY_CLASSES_ROOT\clsid\{e03667bc-5eda-4fd8-992c-ed73265afaa0}
HKEY_CLASSES_ROOT\clsid\{f20a9999-11dc-4071-87a9-35191dfddaa6}
HKEY_CLASSES_ROOT\clsid\{f4fb516e-8f16-44fd-ab1d-260c32b7cf9a}
HKEY_CLASSES_ROOT\comploader.loader
HKEY_CLASSES_ROOT\comploader.loader.1
HKEY_CLASSES_ROOT\interface\{09de17b0-a527-4eee-9c6e-2d7c2e9b505f}
HKEY_CLASSES_ROOT\interface\{0ad3ab16-6d0e-4f04-8660-fb1f36bc2dc0}
HKEY_CLASSES_ROOT\interface\{1f4fe513-e22f-4f1f-bb77-b1ed95e434cf}
HKEY_CLASSES_ROOT\interface\{222f56e3-3116-4066-91d4-c3874e71e5dd}
HKEY_CLASSES_ROOT\interface\{23e150c2-00c7-46e6-a968-724d41b051d6}
HKEY_CLASSES_ROOT\interface\{2f685b36-c53a-4653-9231-1dae5736de45}
HKEY_CLASSES_ROOT\interface\{3124ad41-99ee-4e18-a605-ed5ee59466bc}
HKEY_CLASSES_ROOT\interface\{37735f70-d4aa-4aed-99d0-88955c4bd74b}
HKEY_CLASSES_ROOT\interface\{4a2b9ad8-5540-46a3-bbb4-8ded5fb09de8}
HKEY_CLASSES_ROOT\interface\{4e79578b-5f0f-4594-90f9-2c309e59c2bc}
HKEY_CLASSES_ROOT\interface\{50c4cdd9-22d7-49ff-ac6d-7d4d528a3ab2}
HKEY_CLASSES_ROOT\interface\{5484d9fa-6c4f-4c0b-8946-1b8ef15897a4}
HKEY_CLASSES_ROOT\interface\{661b35ba-6035-4f06-a22a-c4cb19f873b2}
HKEY_CLASSES_ROOT\interface\{66df69b7-ad8d-48dd-a4fe-23d336c621a9}
HKEY_CLASSES_ROOT\interface\{6d9a6231-1550-4652-a353-48e2c9194b19}
HKEY_CLASSES_ROOT\interface\{8f31e98c-feac-48e4-b75f-11e6ff8d7f7d}
HKEY_CLASSES_ROOT\interface\{90fd4b8b-ce76-48b8-909e-e4d3844727ab}
HKEY_CLASSES_ROOT\interface\{910c1d35-55b3-4956-a4f9-1460d06f33d4}
HKEY_CLASSES_ROOT\interface\{b87e031d-7b2a-4721-873e-c9be9962d64a}
HKEY_CLASSES_ROOT\interface\{d2a630e4-1ba7-4012-8672-35adbb47aa86}
HKEY_CLASSES_ROOT\interface\{f0b68791-936d-490e-8cd9-a31022b55b35}
HKEY_CLASSES_ROOT\newadpopup.cdlogic
HKEY_CLASSES_ROOT\newadpopup.cdlogic.1
HKEY_CLASSES_ROOT\newadpopup.popupblock
HKEY_CLASSES_ROOT\newadpopup.popupblock.1
HKEY_CLASSES_ROOT\newadpopup.toolbardetector
HKEY_CLASSES_ROOT\newadpopup.toolbardetector.1
HKEY_CLASSES_ROOT\sgsearchhook.sgurlsearhook
HKEY_CLASSES_ROOT\sgsearchhook.sgurlsearhook.1
HKEY_CLASSES_ROOT\sodaiehelper.catch
HKEY_CLASSES_ROOT\sodaiehelper.catch.1
HKEY_CLASSES_ROOT\sogoutb.detector
HKEY_CLASSES_ROOT\sogoutb.detector.1
HKEY_CLASSES_ROOT\sohu.rss
HKEY_CLASSES_ROOT\sohu.rss.1
HKEY_CLASSES_ROOT\sohuda.multidllist
HKEY_CLASSES_ROOT\sohuda.uncompleted
HKEY_CLASSES_ROOT\toolbar.bhoobj
HKEY_CLASSES_ROOT\toolbar.bhoobj.1
HKEY_CLASSES_ROOT\toolbar.clickmonitor
HKEY_CLASSES_ROOT\toolbar.clickmonitor.1
HKEY_CLASSES_ROOT\toolbar.ieextension
HKEY_CLASSES_ROOT\toolbar.ieextension.1
HKEY_CLASSES_ROOT\toolbar.ieplugineb
HKEY_CLASSES_ROOT\toolbar.ieplugineb.1
HKEY_CLASSES_ROOT\toolbar.ieplugintb
HKEY_CLASSES_ROOT\toolbar.ieplugintb.1
HKEY_CLASSES_ROOT\toolbar.popupblock
HKEY_CLASSES_ROOT\toolbar.popupblock.1
HKEY_CLASSES_ROOT\toolbar.wbextension
HKEY_CLASSES_ROOT\toolbar.wbextension.1
HKEY_CLASSES_ROOT\toolbar.wbhost
HKEY_CLASSES_ROOT\toolbar.wbhost.1
HKEY_CLASSES_ROOT\typelib\{201e93ea-c7e1-4849-9985-0d2207a3f528}
HKEY_CLASSES_ROOT\typelib\{4ffb0262-eb74-461f-bbc8-7818df633687}
HKEY_CLASSES_ROOT\typelib\{5478d59a-b281-4f58-ad2e-103474434377}
HKEY_CLASSES_ROOT\typelib\{a4566604-f73b-4dd5-8a21-87e7a808d426}
HKEY_CLASSES_ROOT\typelib\{afb06512-6247-4819-98ca-94fa19c734d7}
HKEY_CLASSES_ROOT\typelib\{d445895c-b621-4d33-9898-4078cd171186}
HKEY_CLASSES_ROOT\typelib\{de2267bd-b163-407f-9e8d-6adec771e7ab}
HKEY_CURRENT_USER\software\cpush
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{0ca51d02-7739-43ea-8d9a-1e8ad4327b03}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{8755ce6e-0bf7-4441-8751-fb728941b0b4}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{dbbb7978-af21-4ef4-9ad1-b2f4bc75696c}
HKEY_CURRENT_USER\software\newpush
HKEY_CURRENT_USER\software\sohu r&d
HKEY_LOCAL_MACHINE\software\cpush
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{8755ce6e-0bf7-4441-8751-fb728941b0b4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CA51D02-7739-43EA-8D9A-1E8AD4327B03}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\contentmatch
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\sogou express
HKEY_LOCAL_MACHINE\software\sohu r&d
HKEY_LOCAL_MACHINE\system\controlset001\enum\root\legacy_p4p_service
HKEY_LOCAL_MACHINE\system\controlset001\services\eventlog\application\p4p service
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_p4p_service
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\p4p service
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\p4p service
HKEY_CLASSES_ROOT\clsid\{0ca51d02-7739-43ea-8d9a-1e8ad4327b03}
HKEY_CLASSES_ROOT\clsid\{9c363d55-07d7-433d-a13e-d9c105202f6f}
HKEY_CLASSES_ROOT\clsid\{acbf9eb9-48c5-4226-9967-2e3247a04510}
HKEY_CLASSES_ROOT\clsid\{dbbb7978-af21-4ef4-9ad1-b2f4bc75696c}
HKEY_CLASSES_ROOT\clsid\{ecf9c696-8018-41b4-8dad-cfd1c732dc61}
HKEY_CLASSES_ROOT\interface\{c6aad6fd-08d3-47f7-a8a2-1d7ef923dad1}
HKEY_CLASSES_ROOT\newadpopup.adlogic
HKEY_CLASSES_ROOT\newadpopup.adlogic.1
HKEY_CLASSES_ROOT\newcocomediumspop.popcoco
HKEY_CLASSES_ROOT\newcocomediumspop.popcoco.1
HKEY_CLASSES_ROOT\newsmultismediumpop.bglogic
HKEY_CLASSES_ROOT\newsmultismediumpop.bglogic.1
HKEY_CLASSES_ROOT\sohudaiehelper.popupblock
HKEY_CLASSES_ROOT\sohudaiehelper.popupblock.1
HKEY_CLASSES_ROOT\typelib\{752c3608-0bd6-4035-83d5-6ce383aed6b4}
HKEY_CLASSES_ROOT\update2.update2
HKEY_LOCAL_MACHINE\software\microsoft\systemcertificates\trustedpublisher\certificates\ce8cc85092072ab48f885db7a9fbb754a33c99e4
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0ca51d02-7739-43ea-8d9a-1e8ad4327b03}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{11f09afd-75ad-4e51-ab43-e09e9351ce16}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9c363d55-07d7-433d-a13e-d9c105202f6f}

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
StealthEye Backdoor Removal instruction

No comments: