Saturday, January 31, 2009

Win32.Spy.BiSpy Adware

How To Remove Win32.Spy.BiSpy?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Win32.Spy.BiSpy is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.


Win32.Spy.BiSpy It also known as:

[Eset]Win32/Spy.BiSpy.C trojan;
[Panda]Adware/MultiMPP,Adware/Twain-Tech,Spyware/BetterInet

Win32.Spy.BiSpy Symptoms:

Files:
[%PROFILE_TEMP%]\twtini.inf
[%PROFILE_TEMP%]\bi.ini
[%PROFILE_TEMP%]\THI223E.tmp\preInsTT.exe
[%PROFILE_TEMP%]\THI223E.tmp\twaintec.cab
[%PROFILE_TEMP%]\THI223E.tmp\twaintec.dll
[%PROFILE_TEMP%]\THI223E.tmp\twaintec.inf
[%PROFILE_TEMP%]\THI2738.tmp\twaintec.dll
[%PROFILE_TEMP%]\THI369D.tmp\twaintec.inf
[%PROFILE_TEMP%]\THI3896.tmp\twaintec.inf
[%PROFILE_TEMP%]\THI3E25.tmp\twaintec.dll
[%PROFILE_TEMP%]\THI417E.tmp\twaintec.inf
[%PROFILE_TEMP%]\THI52F3.tmp\twaintec.inf
[%PROFILE_TEMP%]\THI5CAB.tmp\twaintec.inf
[%PROFILE_TEMP%]\THI62BF.tmp\preInsTT.exe
[%PROFILE_TEMP%]\THI62BF.tmp\twaintec.dll
[%PROFILE_TEMP%]\THI6A6D.tmp\twaintec.inf
[%PROFILE_TEMP%]\THI6C63.tmp\twaintec.inf
[%PROFILE_TEMP%]\THI76C2.tmp\twaintec.inf
[%PROFILE_TEMP%]\THI7817.tmp\twaintec.inf
[%PROFILE_TEMP%]\THI842.tmp\mxTarget.dll
[%PROFILE_TEMP%]\twaintec.ini
[%PROFILE_TEMP%]\twtini.cab
[%WINDOWS%]\bi.ini
[%WINDOWS%]\Biprep.exe
[%WINDOWS%]\ft1_01_0_279_gepfah.exe
[%WINDOWS%]\inf\twtini.inf
[%WINDOWS%]\msview.ini
[%WINDOWS%]\multimpp.dll
[%WINDOWS%]\mxtarget.ini
[%WINDOWS%]\preInsTT.exe
[%WINDOWS%]\preInsTT.exe_
[%WINDOWS%]\smdat32a.sys
[%WINDOWS%]\smdat32m.sys
[%WINDOWS%]\twaintec.ini
[%WINDOWS%]\wsem218.dll
[%PROFILE%]\locals~1\temp\twtini.inf
[%PROFILE_TEMP%]\mxtarget.dll
[%PROFILE_TEMP%]\oyyilj8kl.exe
[%PROFILE_TEMP%]\preinsmt.exe
[%PROFILE_TEMP%]\thi1206.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi1206.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi13ca.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi15e8.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi15e8.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi168d.tmp\preinstt.exe
[%PROFILE_TEMP%]\thi168d.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi174f.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi1832.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi1832.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi18b1.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi18b1.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi19a6.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi19a6.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi1c5b.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi1c5b.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi1ff4.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi1ff4.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi205e.tmp\mxtarget.inf
[%PROFILE_TEMP%]\thi2096.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi2096.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi23a2.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi23a2.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi23f0.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi23f0.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi2dfe.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi2dfe.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi2eec.tmp\wsebate1.exe
[%PROFILE_TEMP%]\thi3687.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi3687.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi390d.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi3a0.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi3a0.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi3c79.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi4020.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi4020.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi406.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi406.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi40a8.tmp\preinstt.exe
[%PROFILE_TEMP%]\thi40a8.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi43de.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi43de.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi45ff.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi45ff.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi4ceb.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi4ceb.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi4d5b.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi4d5b.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi4e88.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi4e88.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi5213.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi5213.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi53de.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi53de.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi5755.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi5755.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi57dc.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi57dc.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi6046.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi6399.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi6399.tmp\mxtarget.inf
[%PROFILE_TEMP%]\thi6513.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi6513.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi6592.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi6592.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi6688.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi6de0.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi6de0.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi6ea2.tmp\preinstt.exe
[%PROFILE_TEMP%]\thi6ea2.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi6ea2.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi70.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi70.tmp\mxtarget.inf
[%PROFILE_TEMP%]\thi7063.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi7063.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi70b2.tmp\conflict.inf
[%PROFILE_TEMP%]\thi70d0.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi70d0.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi717a.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi717a.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi71ff.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi71ff.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi79a1.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi79a1.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi7caf.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi7caf.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi7d25.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi7d25.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi7fb1.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi7fb1.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi7fc9.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi98a.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi98a.tmp\twaintec.inf
[%PROFILE_TEMP%]\thia1d.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thia1d.tmp\mxtarget.inf
[%PROFILE_TEMP%]\thia59.tmp\twaintec.inf
[%PROFILE_TEMP%]\thib58.tmp\twaintec.dll
[%PROFILE_TEMP%]\thib58.tmp\twaintec.inf
[%PROFILE_TEMP%]\thib6f.tmp\twaintec.dll
[%PROFILE_TEMP%]\thib6f.tmp\twaintec.inf
[%PROFILE_TEMP%]\thib74.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thib74.tmp\preinsmt.exe
[%SYSTEM%]\mxtarget.dll
[%SYSTEM%]\twaintec.dll
[%SYSTEM%]\uduftm.exe
[%WINDOWS%]\biprep.exe
[%WINDOWS%]\cache371\b_371_0_1_585800.htm
[%WINDOWS%]\mxtarget.dll
[%WINDOWS%]\system\mxtarget.dll
[%WINDOWS%]\system\twaintec.dll
[%WINDOWS%]\temp\thi43e2.tmp\preinstt.exe
[%WINDOWS%]\temp\thi43e2.tmp\twaintec.inf
[%WINDOWS%]\temp\thi4487.tmp\preinstt.exe
[%WINDOWS%]\temp\thi4487.tmp\twaintec.inf
[%WINDOWS%]\temp\thi5a9c.tmp\preinstt.exe
[%WINDOWS%]\temp\thi5a9c.tmp\twaintec.inf
[%WINDOWS%]\temp\thi6026.tmp\twaintec.dll
[%WINDOWS%]\temp\thi72ea.tmp\preinstt.exe
[%WINDOWS%]\temp\thi72ea.tmp\twaintec.dll
[%WINDOWS%]\temp\thi72ea.tmp\twaintec.inf
[%WINDOWS%]\urls.bin
[%WINDOWS%]\vurls.bin
[%WINDOWS%]\wast2.exe
[%WINDOWS%]\xgn.exe
[%PROFILE_TEMP%]\twtini.inf
[%PROFILE_TEMP%]\bi.ini
[%PROFILE_TEMP%]\THI223E.tmp\preInsTT.exe
[%PROFILE_TEMP%]\THI223E.tmp\twaintec.cab
[%PROFILE_TEMP%]\THI223E.tmp\twaintec.dll
[%PROFILE_TEMP%]\THI223E.tmp\twaintec.inf
[%PROFILE_TEMP%]\THI2738.tmp\twaintec.dll
[%PROFILE_TEMP%]\THI369D.tmp\twaintec.inf
[%PROFILE_TEMP%]\THI3896.tmp\twaintec.inf
[%PROFILE_TEMP%]\THI3E25.tmp\twaintec.dll
[%PROFILE_TEMP%]\THI417E.tmp\twaintec.inf
[%PROFILE_TEMP%]\THI52F3.tmp\twaintec.inf
[%PROFILE_TEMP%]\THI5CAB.tmp\twaintec.inf
[%PROFILE_TEMP%]\THI62BF.tmp\preInsTT.exe
[%PROFILE_TEMP%]\THI62BF.tmp\twaintec.dll
[%PROFILE_TEMP%]\THI6A6D.tmp\twaintec.inf
[%PROFILE_TEMP%]\THI6C63.tmp\twaintec.inf
[%PROFILE_TEMP%]\THI76C2.tmp\twaintec.inf
[%PROFILE_TEMP%]\THI7817.tmp\twaintec.inf
[%PROFILE_TEMP%]\THI842.tmp\mxTarget.dll
[%PROFILE_TEMP%]\twaintec.ini
[%PROFILE_TEMP%]\twtini.cab
[%WINDOWS%]\bi.ini
[%WINDOWS%]\Biprep.exe
[%WINDOWS%]\ft1_01_0_279_gepfah.exe
[%WINDOWS%]\inf\twtini.inf
[%WINDOWS%]\msview.ini
[%WINDOWS%]\multimpp.dll
[%WINDOWS%]\mxtarget.ini
[%WINDOWS%]\preInsTT.exe
[%WINDOWS%]\preInsTT.exe_
[%WINDOWS%]\smdat32a.sys
[%WINDOWS%]\smdat32m.sys
[%WINDOWS%]\twaintec.ini
[%WINDOWS%]\wsem218.dll
[%PROFILE%]\locals~1\temp\twtini.inf
[%PROFILE_TEMP%]\mxtarget.dll
[%PROFILE_TEMP%]\oyyilj8kl.exe
[%PROFILE_TEMP%]\preinsmt.exe
[%PROFILE_TEMP%]\thi1206.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi1206.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi13ca.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi15e8.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi15e8.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi168d.tmp\preinstt.exe
[%PROFILE_TEMP%]\thi168d.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi174f.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi1832.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi1832.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi18b1.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi18b1.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi19a6.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi19a6.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi1c5b.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi1c5b.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi1ff4.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi1ff4.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi205e.tmp\mxtarget.inf
[%PROFILE_TEMP%]\thi2096.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi2096.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi23a2.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi23a2.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi23f0.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi23f0.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi2dfe.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi2dfe.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi2eec.tmp\wsebate1.exe
[%PROFILE_TEMP%]\thi3687.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi3687.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi390d.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi3a0.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi3a0.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi3c79.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi4020.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi4020.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi406.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi406.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi40a8.tmp\preinstt.exe
[%PROFILE_TEMP%]\thi40a8.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi43de.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi43de.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi45ff.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi45ff.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi4ceb.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi4ceb.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi4d5b.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi4d5b.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi4e88.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi4e88.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi5213.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi5213.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi53de.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi53de.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi5755.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi5755.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi57dc.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi57dc.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi6046.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi6399.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi6399.tmp\mxtarget.inf
[%PROFILE_TEMP%]\thi6513.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi6513.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi6592.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi6592.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi6688.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi6de0.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi6de0.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi6ea2.tmp\preinstt.exe
[%PROFILE_TEMP%]\thi6ea2.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi6ea2.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi70.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi70.tmp\mxtarget.inf
[%PROFILE_TEMP%]\thi7063.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi7063.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi70b2.tmp\conflict.inf
[%PROFILE_TEMP%]\thi70d0.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi70d0.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi717a.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi717a.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi71ff.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi71ff.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi79a1.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi79a1.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi7caf.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi7caf.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi7d25.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi7d25.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi7fb1.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thi7fb1.tmp\preinsmt.exe
[%PROFILE_TEMP%]\thi7fc9.tmp\twaintec.inf
[%PROFILE_TEMP%]\thi98a.tmp\twaintec.dll
[%PROFILE_TEMP%]\thi98a.tmp\twaintec.inf
[%PROFILE_TEMP%]\thia1d.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thia1d.tmp\mxtarget.inf
[%PROFILE_TEMP%]\thia59.tmp\twaintec.inf
[%PROFILE_TEMP%]\thib58.tmp\twaintec.dll
[%PROFILE_TEMP%]\thib58.tmp\twaintec.inf
[%PROFILE_TEMP%]\thib6f.tmp\twaintec.dll
[%PROFILE_TEMP%]\thib6f.tmp\twaintec.inf
[%PROFILE_TEMP%]\thib74.tmp\mxtarget.dll
[%PROFILE_TEMP%]\thib74.tmp\preinsmt.exe
[%SYSTEM%]\mxtarget.dll
[%SYSTEM%]\twaintec.dll
[%SYSTEM%]\uduftm.exe
[%WINDOWS%]\biprep.exe
[%WINDOWS%]\cache371\b_371_0_1_585800.htm
[%WINDOWS%]\mxtarget.dll
[%WINDOWS%]\system\mxtarget.dll
[%WINDOWS%]\system\twaintec.dll
[%WINDOWS%]\temp\thi43e2.tmp\preinstt.exe
[%WINDOWS%]\temp\thi43e2.tmp\twaintec.inf
[%WINDOWS%]\temp\thi4487.tmp\preinstt.exe
[%WINDOWS%]\temp\thi4487.tmp\twaintec.inf
[%WINDOWS%]\temp\thi5a9c.tmp\preinstt.exe
[%WINDOWS%]\temp\thi5a9c.tmp\twaintec.inf
[%WINDOWS%]\temp\thi6026.tmp\twaintec.dll
[%WINDOWS%]\temp\thi72ea.tmp\preinstt.exe
[%WINDOWS%]\temp\thi72ea.tmp\twaintec.dll
[%WINDOWS%]\temp\thi72ea.tmp\twaintec.inf
[%WINDOWS%]\urls.bin
[%WINDOWS%]\vurls.bin
[%WINDOWS%]\wast2.exe
[%WINDOWS%]\xgn.exe

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{000020DD-C72E-4113-AF77-DD56626C6C42}
HKEY_CLASSES_ROOT\interface\{5326b223-dc21-43a4-9b79-635e2d18dcb2}
HKEY_CLASSES_ROOT\twaintecdll.twaintecdllobj
HKEY_CLASSES_ROOT\twaintecdll.twaintecdllobj.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{000020dd-c72e-4113-af77-dd56626c6c42}
HKEY_LOCAL_MACHINE\software\classes\clsid\{386a771c-e96a-421f-8ba7-32f1b706892f}
HKEY_LOCAL_MACHINE\software\classes\twaintecdll.twaintecdllobj.1
HKEY_LOCAL_MACHINE\software\classes\typelib\{72892e8e-75df-4cd2-be11-e9a0077f44a8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000020DD-C72E-4113-AF77-DD56626C6C42}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\twaintec
HKEY_CLASSES_ROOT\clsid\{000020dd-c72e-4113-af77-dd56626c6c42}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{000020dd-c72e-4113-af77-dd56626c6c42}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{0000607d-d204-42c7-8e46-216055bf9918}
HKEY_LOCAL_MACHINE\software\classes\clsid\{0000607d-d204-42c7-8e46-216055bf9918}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{000020dd-c72e-4113-af77-dd56626c6c42}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\system\lastknowngoodrecovery\lastgood
HKEY_LOCAL_MACHINE\system\lastknowngoodrecovery\lastgood
HKEY_LOCAL_MACHINE\system\lastknowngoodrecovery\lastgood
HKEY_LOCAL_MACHINE\system\lastknowngoodrecovery\lastgood
HKEY_LOCAL_MACHINE\system\lastknowngoodrecovery\lastgood
HKEY_LOCAL_MACHINE\system\lastknowngoodrecovery\lastgood


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
adverticum.net Tracking Cookie Cleaner

No comments: