Kill Computer Virus: 01/21/09

Wednesday, January 21, 2009

SearchNet Trojan

How To Remove SearchNet?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

SearchNet is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

SearchNet It also known as:


[Kaspersky]Trojan-Spy.Win32.Agent.iw,AdWare.Win32.BHO.ls;
[McAfee]SearchNet;
[Other]Win32/SearchNet.D,Adware.PigSearch,Adware.Rugo

SearchNet Symptoms:

Files: [%SYSTEM%]\drivers\FAD.sys [%SYSTEM%]\ntsvrs.exe [%PROFILE_TEMP%]\lokv.exe [%PROFILE_TEMP%]\u4hq.exe [%SYSTEM%]\drivers\Anfad.sys [%SYSTEM%]\drivers\svq0hve.sys [%SYSTEM%]\drivers\xcvmp7.sys [%SYSTEM%]\ServeHost.dat [%SYSTEM%]\ServeHost.exe [%SYSTEM%]\drivers\FAD.sys [%SYSTEM%]\ntsvrs.exe [%PROFILE_TEMP%]\lokv.exe [%PROFILE_TEMP%]\u4hq.exe [%SYSTEM%]\drivers\Anfad.sys [%SYSTEM%]\drivers\svq0hve.sys [%SYSTEM%]\drivers\xcvmp7.sys [%SYSTEM%]\ServeHost.dat [%SYSTEM%]\ServeHost.exe

Folders: [%PROGRAM_FILES%]\SearchNet [%PROGRAM_FILES%]\ZSXZ

Registry Keys: HKEY_CLASSES_ROOT\typelib\{690e010b-042a-4973-87a8-485deb8bdf68} HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{2a0176fe-008b-4706-90f5-bba532a49731} HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{3ce496d1-1746-41cd-9489-3c0b93df10e2} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zsxz HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers\0\hashes\{04152c5b-7ca9-4bb1-8077-5ea42f787eb8} HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers\0\hashes\{515bafd0-86a0-4b2a-9dfe-4440bf60c355} HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers\0\hashes\{5c20c0e0-9a22-424f-92c8-6f408563ce98} HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers\0\hashes\{93506e82-31e9-47b4-901e-2d04d6aa3b86} HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers\0\hashes\{b9b553a9-77ff-44de-8c24-fe88ccdc4e93} HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers\0\hashes\{c8a82950-abe8-4b7d-a5de-19c249a9cfac} HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers\0\hashes\{cf3780c4-33ba-44bd-981f-e37940887d8b} HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_fad HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_remote_log HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\remote log HKEY_LOCAL_MACHINE\system\currentcontrolset\services\fad HKEY_CLASSES_ROOT\clsid\{3ce496d1-1746-41cd-9489-3c0b93df10e2} HKEY_CLASSES_ROOT\iehpr.intercept HKEY_CLASSES_ROOT\iehpr.intercept.1 HKEY_CLASSES_ROOT\interface\{52bea5f9-7e3f-490a-b7e8-9bd5dddee5df} HKEY_CLASSES_ROOT\typelib\{158919d3-4cab-4109-9755-9ae794d5b2de} HKEY_CLASSES_ROOT\typelib\{4a8976fe-144e-4742-8e49-d6cd3b140fd1} HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cdnup.exe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3ce496d1-1746-41cd-9489-3c0b93df10e2} HKEY_LOCAL_MACHINE\software\searchnet HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_anfad HKEY_LOCAL_MACHINE\system\currentcontrolset\services\anfad HKEY_LOCAL_MACHINE\system\currentcontrolset\services\remote log

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Pigeon.EHG Trojan Information
Remove AcidShiver.Kor Trojan
Small.yd Trojan Removal instruction
Belio Trojan Cleaner

Bugsprey Backdoor

How To Remove Bugsprey?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Bugsprey is dangerous virus:
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:

Launching/ deleting files

Sending/ receiving files

Deleting data

Displaying notification

Rebooting the machine

Executing files

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Bugsprey It also known as:


[Kaspersky]Backdoor.Win32.Delf.ang;
[Other]Win32/Bugsprey,Win32/Bugsprey.A,Trojan Horse

Bugsprey Symptoms:

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Di.Nuke Trojan Symptoms
W95.Henky.Adonai Trojan Removal instruction

WebBuying Adware

How To Remove WebBuying?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

WebBuying is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.

WebBuying Symptoms:

Files: [%PROGRAM_FILES%]\Web Buying\v1.6.8\webbuying.dll [%PROGRAM_FILES%]\Web Buying\v1.7.4\webbuying.exe [%PROGRAM_FILES%]\Web Buying\v1.7.8\webbuying.exe [%PROGRAM_FILES%]\Web Buying\v1.8.0\webbuying.exe [%PROGRAM_FILES%]\Web Buying\v1.8.1\webbuying.exe [%PROGRAM_FILES%]\Web Buying\v1.8.2\webbuying.exe [%PROGRAM_FILES%]\Web Buying\v1.8.5\webbuying.exe [%PROGRAM_FILES%]\Web Buying\v1.8.6\webbuying.exe [%PROGRAM_FILES%]\Web Buying\v1.6.8\webbuying.dll [%PROGRAM_FILES%]\Web Buying\v1.7.4\webbuying.exe [%PROGRAM_FILES%]\Web Buying\v1.7.8\webbuying.exe [%PROGRAM_FILES%]\Web Buying\v1.8.0\webbuying.exe [%PROGRAM_FILES%]\Web Buying\v1.8.1\webbuying.exe [%PROGRAM_FILES%]\Web Buying\v1.8.2\webbuying.exe [%PROGRAM_FILES%]\Web Buying\v1.8.5\webbuying.exe [%PROGRAM_FILES%]\Web Buying\v1.8.6\webbuying.exe

Folders: [%PROGRAM_FILES%]\Web Buying

Registry Keys: HKEY_CLASSES_ROOT\CLSID\{C318CD44-E327-4377-A28E-6EC16A921AE8} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C318CD44-E327-4377-A28E-6EC16A921AE8}

Registry Values: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Pigeon.BAE Trojan Cleaner

Ranky.du Trojan

How To Remove Ranky.du?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Ranky.du is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Ranky.du Symptoms:

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remote.Administrator RAT Cleaner
Pigeon.AVSW Trojan Removal instruction

FakeAlert.Adobepnl Trojan

How To Remove FakeAlert.Adobepnl?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

FakeAlert.Adobepnl is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

FakeAlert.Adobepnl It also known as:


[Kaspersky]Hoax.Win32.Renos.dm

FakeAlert.Adobepnl Symptoms:

Registry Keys: HKEY_CLASSES_ROOT\clsid\{2513a321-cb50-4c5f-91c5-80342afacfb1}\implemented categories HKEY_CLASSES_ROOT\clsid\{2513a321-cb50-4c5f-91c5-80342afacfb1}\programmable HKEY_CLASSES_ROOT\TypeLib\{B8CE2641-0F08-43A1-8F28-3AE65B395CB3} HKEY_CLASSES_ROOT\typelib\{b8ce2641-0f08-43a1-8f28-3ae65b395cb3}

Registry Values: HKEY_CLASSES_ROOT\clsid\{2513a321-cb50-4c5f-91c5-80342afacfb1}\inprocserver32

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Vxidl.AZB Trojan Information
EXWin Trojan Removal instruction
SillyDl.CYU Trojan Cleaner
War.modified RAT Removal instruction

KaZaa.Lite Worm

How To Remove KaZaa.Lite?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

KaZaa.Lite is dangerous virus:
Worms can be classified according to the propagation method they use,
i.e. how they deliver copies of themselves to new victim machines.
Worms can also be classified by installation method, launch method and finally according
to characteristics standard to all malware: polymorphism, stealth etc.

Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.
The methods are listed separately below.

KaZaa.Lite Symptoms:

Files: [%PROGRAMS%]\kazaalite.lnk [%PROGRAMS%]\kli.lnk [%PROGRAMS%]\kazaalite.lnk [%PROGRAMS%]\kli.lnk

Registry Keys: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\kazaalite HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\kazaalite

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
ExploreZip.pack Worm Information
Fearlexp Trojan Removal
Panther Hacker Tool Information

Tokid Trojan

How To Remove Tokid?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Tokid is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Tokid It also known as:


[Kaspersky]Trojan-Downloader.Win32.Agent.alo,Trojan-Downloader.Win32.Agent.alu;
[Other]Troj/Kaos-E,TROJ_AGENT.AGP,trojan-downloader-winman,Win32/Tokid.A

Tokid Symptoms:

Registry Values: HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_winmanupdater HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_winmanupdater\0000 HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_winmanupdater\0000 HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_winmanupdater\0000 HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_winmanupdater\0000 HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_winmanupdater\0000 HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_winmanupdater\0000 HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_winmanupdater HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_winmanupdater\0000 HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_winmanupdater\0000 HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_winmanupdater\0000 HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_winmanupdater\0000 HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_winmanupdater\0000 HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_winmanupdater\0000 HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_winmanupdater\0000\control HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_winmanupdater\0000\control HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winmanupdater HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winmanupdater HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winmanupdater HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winmanupdater HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winmanupdater HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winmanupdater HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winmanupdater HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winmanupdater HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winmanupdater\enum HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winmanupdater\enum HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winmanupdater\enum HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winmanupdater\security

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Razor.Wintrinoo DoS Removal
Removing Vxidl.AET Trojan
Removing Grapje Trojan
Vxidl.AKS Trojan Removal

Osctr Trojan

How To Remove Osctr?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Osctr is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Osctr It also known as:


[Kaspersky]Backdoor.Win32.Agent.aiu;
[Other]Win32/Osctr,Win32/Osctr!generic

Osctr Symptoms:

Files: [%SYSTEM%]\drivers\vissv.sys [%SYSTEM%]\sescmgr.exe [%SYSTEM%]\drivers\vissv.sys [%SYSTEM%]\sescmgr.exe

Registry Keys: HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_vissv HKEY_LOCAL_MACHINE\system\currentcontrolset\services\vissv

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
IRC.Cloner Trojan Information

PWS.Mafia Trojan

How To Remove PWS.Mafia?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

PWS.Mafia is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

PWS.Mafia It also known as:


[Kaspersky]Trojan-PSW.Win32.Bumaf.c;
[McAfee]PWS-Mafia;
[Other]Infostealer.Salira

PWS.Mafia Symptoms:

Files: [%SYSTEM%]\winrarshell32.exe [%WINDOWS%]\backup.exe [%SYSTEM%]\winrarshell32.exe [%WINDOWS%]\backup.exe

Registry Keys: HKEY_CURRENT_USER\software\bgm

Registry Values: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
ZZMM Trojan Removal

DyFuCa Internet Optimizer Adware

How To Remove DyFuCa Internet Optimizer?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

DyFuCa Internet Optimizer is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.

DyFuCa Internet Optimizer Symptoms:

Registry Keys: HKEY_CLASSES_ROOT\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Pigeon.ADY Trojan Information
Bancos.INV Trojan Removal
Ascend.foo.denial.of.service DoS Removal
Remove Nozonedata Tracking Cookie
Removing Is.My.Mate.Cheating.Online Spyware

PeopleOnPage Hijacker

How To Remove PeopleOnPage?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

PeopleOnPage is dangerous virus:
A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

PeopleOnPage It also known as:


[Panda]Adware/Envolo

PeopleOnPage Symptoms:

Files: [%PROFILE_TEMP%]\autoupdate0\auto_update_install.exe [%PROFILE_TEMP%]\auf0.exe [%PROFILE_TEMP%]\AutoUpdate0\setup.inf [%PROFILE_TEMP%]\AutoUpdate1\setup.inf [%SYSTEM%]\auto_update_uninstall.exe [%SYSTEM%]\auto_update_uninstall.log [%WINDOWS%]\Temp\AutoUpdate1\setup.inf [%PROFILE%]\locals~1\temp\autoupdate0\auto_update_install.exe [%PROGRAM_FILES%]\stomps~1\spywar~1\tempfiles\libexpat.dll [%SYSTEM%]\bi5.exe [%WINDOWS%]\downloaded program files\activeinstall2.inf [%WINDOWS%]\downloaded program files\aprload.exe [%WINDOWS%]\downloaded program files\load.exe [%WINDOWS%]\windows\system32\auto_update_uninstall.exe [%PROFILE_TEMP%]\autoupdate0\auto_update_install.exe [%PROFILE_TEMP%]\auf0.exe [%PROFILE_TEMP%]\AutoUpdate0\setup.inf [%PROFILE_TEMP%]\AutoUpdate1\setup.inf [%SYSTEM%]\auto_update_uninstall.exe [%SYSTEM%]\auto_update_uninstall.log [%WINDOWS%]\Temp\AutoUpdate1\setup.inf [%PROFILE%]\locals~1\temp\autoupdate0\auto_update_install.exe [%PROGRAM_FILES%]\stomps~1\spywar~1\tempfiles\libexpat.dll [%SYSTEM%]\bi5.exe [%WINDOWS%]\downloaded program files\activeinstall2.inf [%WINDOWS%]\downloaded program files\aprload.exe [%WINDOWS%]\downloaded program files\load.exe [%WINDOWS%]\windows\system32\auto_update_uninstall.exe

Folders: [%PROGRAM_FILES%]\autoupdate

Registry Keys: HKEY_LOCAL_MACHINE\Software\AutoLoader HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\autoupdate HKEY_CLASSES_ROOT\clsid\{a1558b18-f76c-40fe-b358-9e47449f3cfe} HKEY_CLASSES_ROOT\clsid\{b3be5046-8197-48fb-b89f-7c767316d03c} HKEY_CLASSES_ROOT\popad.server HKEY_CLASSES_ROOT\popad.server.1 HKEY_CURRENT_USER\software\microsoft\internet explorer\explorer bars\{8023a3e7-ab95-4c23-8313-0be9842cc70e} HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser\{645fd3bc-c314-4f7a-9d2e-64d62a0fdd78} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\monpop.exe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\amserver HKEY_USERS\.default\software\microsoft\internet explorer\explorer bars\{8023a3e7-ab95-4c23-8313-0be9842cc70e} HKEY_USERS\.default\software\pop

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/aprload.bin HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/aprload.bin HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/load.exe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/load.exe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls HKEY_USERS\.default\software\microsoft\internet explorer\toolbar\webbrowser

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove Psycho.Derek Spyware
Remove imedia.co.il Tracking Cookie
ICQ.Patch Trojan Removal
Ilomo Trojan Information
PHP.Liquid Trojan Cleaner

AdClicker Trojan

How To Remove AdClicker?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

AdClicker is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
DoS trojans conduct attacks from a single computer with the consent of the user.

AdClicker It also known as:


[Kaspersky]Backdoor.Assasin.11,Backdoor.BladeRunner,Backdoor.BO2K.10,Backdoor.DSNX.05.a,Backdoor.IRC.Xenozbot,Backdoor.Lithium.102,Backdoor.NetDevil.15,Backdoor.Nightmare.21,Backdoor.Optix.Pro.11,Backdoor.Psychward.10,Backdoor.Ptakks.R1,Backdoor.R3C.a,Backdoor.SdBot.gen,Backdoor.Slackbot.a,Backdoor.Stretch,Backdoor.Y3KRat.16,DDoS.Win32.Kozog,Exploit.CodeBaseExec,Exploit.IFrame.FileDownload,I-Worm.Klez.gen,I-Worm.LoveLetter,I-Worm.Magistr.a,I-Worm.Nimda,I-Worm.Pimaf,Joke.Win32.Stript,Macro.Office.Melissa-based,Macro.Word97.Marker-based,not-virus:Joke.Win32.Stript,Rape.2887,Trojan.IRC.Gribble,Trojan.PSW.VB.l,Trojan.VBS.PingBash.b,Trojan.Win32.Fastcounter,Trojan.Win32.KeyPanic.d,Trojan.WinNT.Reboot,TrojanDownloader.Win32.Aphex.020,TrojanDownloader.Win32.Aphex.10.d,TrojanDropper.Win32.Delf.an,TrojanDropper.Win32.Delf.w,TrojanDropper.Win32.FC.a,TrojanDropper.Win32.Small.o.gen,TrojanDropper.Win32.Sobig,TrojanDropper.Win32.Yabinder.20,TrojanSpy.Win32.DiabloKeys.22.b,Whale.b,TrojanClicker.Win32.NetBuie.h,TrojanClicker.Win32.NetBuie.e,Trojan-Clicker.Win32.VB.nd,Trojan-Clicker.Win32.VB.np,Trojan-Clicker.Win32.Small.fd,Trojan-Downloader.Win32.Mudrop.bq,Trojan-Clicker.Win32.VB.pg,Trojan-Clicker.Win32.Small.lt,Trojan-Clicker.Win32.Delf.gc,Trojan-Clicker.Win32.VB.ft,Trojan-Clicker.Win32.Small.ml,Trojan-Clicker.Win32.Small.mi,Trojan-clicker.Win32.Small.mi,Trojan-Dropper.Win32.Small.atr,Trojan.Win32.BHO.p,Trojan-Clicker.Win32.BHO.f,Trojan-Clicker.Win32.Agent.ii,Trojan-CLicker.Win32.Agent.ij,Trojan-Downloader.Win32.Agent.bbc,AdWare.Win32.Agent.bn,Trojan-Clicker.Win32.VB.py,AdWare.Win32.Delf.g,Trojan-Clicker.Win32.Delf.gl,Trojan-Clicker.Win32.VB.rg,Trojan-Clicker.Win32.Agent.jp,Trojan-Clicker.Win32.Delf.fu,Trojan-Clicker.Win32.Agent.lp,Trojan-Clicker.Win32.Small.It,Packed.Win32.CPEX-based.f,Trojan.Win32.BHO.adh,Trojan-Clicker.Win32.VB.wf,Backdoor.Win32.Delf.afe;
[Eset]Win32/BO.2_1 trojan,Win32/Optix.Pro.11 trojan,Win32/R3C trojan,Win32/Stretch trojan,WinNT/Reboot.A trojan;
[McAfee]AdClicker-C,BackDoor-AG,BackDoor-AGS,BackDoor-CA,BackDoor-KL,BackDoor-LG,BackDoor-RP.svr,BackDoor-Z,DDoS-Kozirog,DDoS-Slack,IRC-Sdbot,KeyPanic,Orifice2K,Scared joke,Univ/r,W32/Magistr,AdClicker-EJ,AdClicker.DY,AdClicker-CM,Adware-PurityScan,AdClicker-EO,Generic AdClicker.c,Generic AdClicker.a,AdClicker-ER,AdClicker-EQ,AdClicker-ET.dll,AdClicker-FC,Generic AdClicker.b,Puper,AdClicker-FP,Generic.ei;
[F-Prot]destructive program,joke program,Rape.2887,security risk or a "backdoor" program,W32/Backdoor.BladeRunner,W32/Bo2K.114618,W32/Adware.HOV,W32/Adware.HMB,W32/Trojan.ACMA,W32/Trojan.AFJK;
[Panda]Backdoor Program,Bck/Assasin.11,Bck/IRC.SdBot,Bck/Lithium,Bck/MsnPassRipper,Bck/Nightmare.2.1,Bck/Optix,Bck/Psychward.10,Bck/PtAkkS,Bck/R3C,Bck/SdBot,Bck/Sdbot.LI,Bck/Slackbot,Bck/Stretch,Bck/Xenozbot,DDoS.Win32.Kozog,Exploit/iFrame,Joke/Stript,JS/Fortnight@M,JS/Kak.Worm,Rape.1Stgen,Stoned.Torm,Trj/Avill,Trj/FC,Trj/KeyPanic.C,Trj/Spy.Gen,Trj/W32.Sobig,Trojan Horse,Trojan Horse.LC,VBS/LoveLetter.Unk,W32/Delo,W32/Disemboweler,W32/Spybot.gen.worm,W97M/Marker.AO,W97M/Marker.D,W97M/Melissa.A,Whale Mutant 30,Worm Generic,Worm Generic.LC,Trj/W32.Netbuie,Trj/W32.Scorpo;
[Computer Associates]Backdoor/Ama,Backdoor/Assasin!Server,Backdoor/Assasin.11,Backdoor/CA,Backdoor/DiabloKeys.22.C!Server,Backdoor/ICM!Server,Backdoor/Lithium.102,Backdoor/Netdevil_Server_family,Backdoor/Ptakks.R1.B!Server,Backdoor/Sdbot.04.B,Backdoor/Sdbot.05,Backdoor/Sdbot.B!Server,Backdoor/Slackbot,Backdoor/Y3KRat_Server_family,Backdoor/Zasil!Dropper,JS.JBGRC.A,JS.Kak,JScript/LipReffs!Worm,Rap.2887.T,Rape.2887,VBS.JBGRC.A,VBS.LoveLetter.V,VBS/GRC_Flooder!Trojan,VBS/LoveLetter.Variant!Worm,W97M/Marker.AJ,W97M/Marker.C,W97M/Melissa,Whale 00,Whale-2,Win.Kozog,Win32.Aphex.10.D,Win32.Assasin.B,Win32.BackOrifice2000.11,Win32.DiabloKeys.22.C,Win32.Inpect.10,Win32.Magistr.24876,Win32.NetDevil.15,Win32.Nimda.A,Win32.Pimaf,Win32.PSW.MSNCrack,Win32.Ptakks.G,Win32.Sdbot,Win32.Sdbot.EA,Win32.Small.O,Win32.Thresys.18,Win32.TrojanRunner.I,Win32.TrojanRunner.L,Win32.Xenoz.10.B,Win32/Aphex.10.d!Trojan,Win32/KeyPanic.A!Trojan,Win32/Kozog!Trojan,Win32/Magistr!Corrupted,Win32/MSNCrack!PWS!Trojan,Win32/MultiDropper.AF-0!Dropper,Win32/Nimda.A.Email!Worm,Win32/Pimaf.A!Worm,Win32/Rebohon!Trojan,Win32/SDBot!Backdoor!Server.Vari,Win32/Small.O!Joiner,Win32/Small.O3!Joiner,Win32/Thresys.18!Trojan,Win32/TrojanRunner.L!Trojan,Win32/Yab2000!Joiner,Word97Macro/Marker.C,Word97Macro/Marker.D,Word97Macro/Melissa.A:mm,WScript/Kak.A!Worm,WScript/Kak.A.Reg!Worm,Win32/StealthXP!PWS!Trojan;
[Other]Trojan.IEMax,W32/Adclicker.IM,TROJ_VB.SR,Win32/Fursto.G,Trojan-Spy.Win32.Small.ez,visfx,W32/Adclicker.BA,Downloader,Trojan.Adclicker,Trojan.AdClicker,Trojan.Agent.DDW,Trojan.Dropper,Generic.AdClicker.b,Win32/AdClicker.Q,BrowserModifier:Win32/My123,Adware.AdSupport,W32/AdClicker.UR,Troj/AdClicker-DY,Mal/Packer,Win32/AdClicker.AB,Win32/AdClicker.AA,W32/AdClicker.AJE,Trojan Horse,TrojanClicker:Win32/Agent!AF53,TROJ_AGENT.PSQ,Troj/Agent-FMK,Trojan-Clicker.Win32.Agent.jp,elitemediagroup-mediamotor,Win32/AdClicker.BF,Mal/Generic-A,W32/Agent.CRYB,W32/Luder.gen1,TROJ_ADCLICKE.BO,Trojan-Clicker.Win32.Small.It,New Malware.db,Win32/AdClicker.BS,Trojan:Win32/Lowzones.GS,Win32/AdClicker.BQ,Win32/AdClicker.BR,TrojanClicker:Win32/VB.JO

AdClicker Symptoms:

Files: [%DESKTOP%]\blank.js [%INTERNET_CACHE%]\content.ie5\OX6Z4DAZ\blank[1].js [%PROFILE_TEMP%]\agentsys.exe [%PROGRAM_FILES%]\Microsoft Security Adviser\mssadv.exe [%SYSTEM%]\navshext.dll [%WINDOWS%]\banmanpro.exe [%WINDOWS%]\dh.ini [%WINDOWS%]\iempg2.0ll [%WINDOWS%]\mssadv.dll [%WINDOWS%]\offun.exe [%WINDOWS%]\osa9.exe [%DESKTOP%]\eachnet.lnk [%FAVORITES%]\eachnet.url [%PROGRAMS%]\eachnet\eachnet.lnk [%SYSTEM%]\adobemgr.exe [%SYSTEM%]\fqc.exe [%SYSTEM%]\ink.exe [%SYSTEM%]\KAV.EXE [%SYSTEM%]\KIE.dll [%SYSTEM%]\phishingFix.exe [%SYSTEM%]\viu.exe [%WINDOWS%]\age.html [%WINDOWS%]\hro.exe [%WINDOWS%]\mmkyybx.exe [%WINDOWS%]\mmkyybxA.exe [%WINDOWS%]\mylqmyl.exe [%WINDOWS%]\mylqmylA.exe [%DESKTOP%]\blank.js [%INTERNET_CACHE%]\content.ie5\OX6Z4DAZ\blank[1].js [%PROFILE_TEMP%]\agentsys.exe [%PROGRAM_FILES%]\Microsoft Security Adviser\mssadv.exe [%SYSTEM%]\navshext.dll [%WINDOWS%]\banmanpro.exe [%WINDOWS%]\dh.ini [%WINDOWS%]\iempg2.0ll [%WINDOWS%]\mssadv.dll [%WINDOWS%]\offun.exe [%WINDOWS%]\osa9.exe [%DESKTOP%]\eachnet.lnk [%FAVORITES%]\eachnet.url [%PROGRAMS%]\eachnet\eachnet.lnk [%SYSTEM%]\adobemgr.exe [%SYSTEM%]\fqc.exe [%SYSTEM%]\ink.exe [%SYSTEM%]\KAV.EXE [%SYSTEM%]\KIE.dll [%SYSTEM%]\phishingFix.exe [%SYSTEM%]\viu.exe [%WINDOWS%]\age.html [%WINDOWS%]\hro.exe [%WINDOWS%]\mmkyybx.exe [%WINDOWS%]\mmkyybxA.exe [%WINDOWS%]\mylqmyl.exe [%WINDOWS%]\mylqmylA.exe

Folders: [%PROGRAM_FILES%]\eachnet

Registry Keys: HKEY_CLASSES_ROOT\CLSID\{3CF67E17-3AF1-4813-88B9-F3B2490D2216} HKEY_CLASSES_ROOT\iebho.bhoobj HKEY_CLASSES_ROOT\iebho.bhoobj.1 HKEY_CLASSES_ROOT\interface\{f73cd02b-51c0-4415-b9ae-f1a005a4ebd3} HKEY_CLASSES_ROOT\typelib\{7ea8c35c-c47e-4cd2-8d9b-12638be27dfa} HKEY_CURRENT_USER\software\install HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CF67E17-3AF1-4813-88B9-F3B2490D2216} HKEY_CLASSES_ROOT\clsid\{3cf67e17-3af1-4813-88b9-f3b2490d2216} HKEY_CLASSES_ROOT\clsid\{8298d101-f992-43b7-8eca-5052d885b996} HKEY_CLASSES_ROOT\mewin.iehelper HKEY_CLASSES_ROOT\rs.tdownload HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{ffb2385e-e812-4091-8c12-2370dc67f769} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3cf67e17-3af1-4813-88b9-f3b2490d2216} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3d898c55-74cc-4b7c-b5f1-45913f368388} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8298d101-f992-43b7-8eca-5052d885b996} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\eachnet HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{17d11c4c-a70f-cd05-621a-8a2278497a17} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{70883937-61a2-ffdf-f1f6-c8e81c701b87} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ddc355f2-a63c-1eca-c0aa-8d4add1494ff} HKEY_LOCAL_MACHINE\software\mspalnt

Registry Values: HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\aol HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\aol HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\aol HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\aol HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\aol HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\aol HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\aol HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\aol HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\aol HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\aol HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\aol HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\aol HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\aol HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\msn HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\msn HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\msn HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\msn HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\msn HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\msn HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\msn HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\msn HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\msn HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\msn HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\msn HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\msn HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\msn HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\yahoo HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\yahoo HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\yahoo HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\yahoo HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\yahoo HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\yahoo HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\yahoo HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\yahoo HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\yahoo HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\yahoo HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\yahoo HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\yahoo HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\yahoo HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\aol HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\aol HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\msn HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\msn HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\yahoo HKEY_CURRENT_USER\software\vb and vba program settings\imadvertiser\yahoo HKEY_LOCAL_MACHINE\software\eachnet HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
BackDoor.CZO Backdoor Removal
Ovason RAT Removal

CaiShow Adware

How To Remove CaiShow?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

CaiShow is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

CaiShow It also known as:


[Kaspersky]AdWare.Win32.Dm.e;
[Other]Adware.Caishow

CaiShow Symptoms:

Files: [%PROFILE_TEMP%]\caishow.exe [%PROGRAM_FILES%]\Internet Explorer\PLUGINS\caishow.exe [%SYSTEM%]\caishow.exe [%PROFILE_TEMP%]\caishow.exe [%PROGRAM_FILES%]\Internet Explorer\PLUGINS\caishow.exe [%SYSTEM%]\caishow.exe

Folders: [%PROGRAM_FILES%]\CaiShow Tech

Registry Keys: HKEY_CLASSES_ROOT\appid\browerhelpermfc.dll HKEY_CLASSES_ROOT\appid\my.dll HKEY_CLASSES_ROOT\appid\ssoaddionalindical.dll HKEY_CLASSES_ROOT\appid\{18e8c855-ff2e-4beb-b9d2-e7b25af92a48} HKEY_CLASSES_ROOT\appid\{37bc804e-e26b-4d09-836f-ac15fc0c253e} HKEY_CLASSES_ROOT\appid\{fbb4d7ba-ccd3-457d-beff-f3b1757bd6b1} HKEY_CLASSES_ROOT\browerhelpermfc.caishowbh HKEY_CLASSES_ROOT\browerhelpermfc.caishowbh.1 HKEY_CLASSES_ROOT\clsid\{dd6c4862-4bf9-48ce-bd27-9838e30d3dd5} HKEY_CLASSES_ROOT\interface\{315420b2-e5c8-4e7b-b812-6676ba4f30ce} HKEY_CLASSES_ROOT\interface\{6ca6de10-8705-4e1b-9117-bcfa5bece14b} HKEY_CLASSES_ROOT\interface\{ce98ad53-16f1-48d3-9208-1203aa19f77e} HKEY_CLASSES_ROOT\interface\{d32d8a55-a21a-4237-b8bb-5a5ebee6746d} HKEY_CLASSES_ROOT\interface\{dbd14208-5f2f-40b8-8d97-6de44c1d2e3d} HKEY_CLASSES_ROOT\interface\{dc616c5a-3bd6-4774-9823-f20802655811} HKEY_CLASSES_ROOT\interface\{f6ce85c8-99e7-49f5-a1a2-03ffc4ff09a5} HKEY_CLASSES_ROOT\my.netaccelerate HKEY_CLASSES_ROOT\my.netaccelerate.1 HKEY_CLASSES_ROOT\ssoaddionalindical.identify HKEY_CLASSES_ROOT\ssoaddionalindical.identify.1 HKEY_CLASSES_ROOT\typelib\{1f805a43-0e95-4245-8eaf-9271d520722a} HKEY_CLASSES_ROOT\typelib\{73d53d7b-66df-419b-9b44-cf3f42adf5c9} HKEY_CLASSES_ROOT\typelib\{864f198d-6568-4686-b4f5-4a970b85e58b} HKEY_CLASSES_ROOT\typelib\{89a99589-82b0-4983-a882-e8d8db3da5c7} HKEY_CLASSES_ROOT\typelib\{cebe027d-5423-41b8-af51-9f1c22557cc6} HKEY_CLASSES_ROOT\typelib\{d0581d47-e3cb-402d-b8a6-5f8561b2a36c} HKEY_CURRENT_USER\software\classes\download.download HKEY_CURRENT_USER\software\classes\download.download.1 HKEY_CURRENT_USER\software\microsoft\installer\upgradecodes\51d767ec8af379d43b3e631a28e7def7 HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{3af40cb8-b3ba-4e2d-8968-4bf8db172997} HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{5673a7c0-95cc-4646-bb07-3bd71234cef9} HKEY_LOCAL_MACHINE\software\caishow HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\upgradecodes\51d767ec8af379d43b3e631a28e7def7 HKEY_CLASSES_ROOT\clsid\{3af40cb8-b3ba-4e2d-8968-4bf8db172997} HKEY_CLASSES_ROOT\clsid\{5673a7c0-95cc-4646-bb07-3bd71234cef9} HKEY_CURRENT_USER\software\classes\appid\download.dll HKEY_CURRENT_USER\software\classes\appid\mmsfactory.dll HKEY_CURRENT_USER\software\classes\appid\mmssend.dll HKEY_CURRENT_USER\software\classes\appid\{22a36e6e-07cb-4851-aa84-5fc1ca73a1de} HKEY_CURRENT_USER\software\classes\appid\{88abd365-12ae-44e7-8450-da5c3653325b} HKEY_CURRENT_USER\software\classes\appid\{f375f726-23d3-4179-9ca2-54fe6e490879} HKEY_CURRENT_USER\software\classes\clsid\{0e6e0b51-0300-4ae2-b6c4-f4efe33a33b2} HKEY_CURRENT_USER\software\classes\clsid\{32f64094-a155-4554-8753-e5e267a8c002} HKEY_CURRENT_USER\software\classes\clsid\{6abb6c58-feb7-43ae-946a-af05d074f493} HKEY_CURRENT_USER\software\classes\interface\{315420b2-e5c8-4e7b-b812-6676ba4f30ce} HKEY_CURRENT_USER\software\classes\interface\{dbd14208-5f2f-40b8-8d97-6de44c1d2e3d} HKEY_CURRENT_USER\software\classes\interface\{dc616c5a-3bd6-4774-9823-f20802655811} HKEY_CURRENT_USER\software\classes\interface\{f6ce85c8-99e7-49f5-a1a2-03ffc4ff09a5} HKEY_CURRENT_USER\software\classes\mmsfactory.send HKEY_CURRENT_USER\software\classes\mmsfactory.send.1 HKEY_CURRENT_USER\software\classes\mmssend.send HKEY_CURRENT_USER\software\classes\mmssend.send.1 HKEY_CURRENT_USER\software\microsoft\installer\features\8d15efaff3f76694e8331e3d97fe51d7 HKEY_CURRENT_USER\software\microsoft\installer\products\8d15efaff3f76694e8331e3d97fe51d7 HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\[chinese characters] HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3af40cb8-b3ba-4e2d-8968-4bf8db172997} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5673a7c0-95cc-4646-bb07-3bd71234cef9} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\14aa5729dada23d2f57c1c2297718ac2 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\[user sid]\products\8d15efaff3f76694e8331e3d97fe51d7

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders HKEY_CLASSES_ROOT\appid\download.dll HKEY_CLASSES_ROOT\appid\mmsfactory.dll HKEY_CLASSES_ROOT\appid\mmssend.dll HKEY_CURRENT_USER\appid\download.dll HKEY_CURRENT_USER\appid\mmsfactory.dll HKEY_CURRENT_USER\appid\mmssend.dll HKEY_CURRENT_USER\clsid\{0e6e0b51-0300-4ae2-b6c4-f4efe33a33b2}\inprocserver32 HKEY_CURRENT_USER\clsid\{32f64094-a155-4554-8753-e5e267a8c002}\inprocserver32 HKEY_CURRENT_USER\clsid\{6abb6c58-feb7-43ae-946a-af05d074f493}\inprocserver32 HKEY_CURRENT_USER\interface\{315420b2-e5c8-4e7b-b812-6676ba4f30ce}\typelib HKEY_CURRENT_USER\interface\{dbd14208-5f2f-40b8-8d97-6de44c1d2e3d}\typelib HKEY_CURRENT_USER\interface\{dc616c5a-3bd6-4774-9823-f20802655811}\typelib HKEY_CURRENT_USER\interface\{f6ce85c8-99e7-49f5-a1a2-03ffc4ff09a5}\typelib HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
TrojanDownloader.Win32.Agent.au Trojan Symptoms
Justas Trojan Removal instruction
Remove Bancos.GJB Trojan
Removing Systemdo Trojan
Nerte.Server.family Trojan Cleaner

Monker Adware

How To Remove Monker?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Monker is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

Monker It also known as:


[Kaspersky]AdWare.Win32.Monker.a,Adware.Win32.Monker

Monker Symptoms:

Registry Keys: HKEY_CURRENT_USER\software\awp

Registry Values: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
TrojanDownloader.Win32.SMW Trojan Symptoms

Dechiver Trojan

How To Remove Dechiver?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Dechiver is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

Dechiver It also known as:


[Kaspersky]Trojan-Downlaoder.Win32.VB.avj;
[Other]Win32/Dechiver

Dechiver Symptoms:

Files: [%SYSTEM%]\nowenvir.exe [%SYSTEM%]\nowenvir.exe

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Cabronator.12b Backdoor Removal instruction
clicktracks.com Tracking Cookie Cleaner
Elotus Trojan Symptoms
Bancos.HFR Trojan Symptoms
Removing Trail.Of.Destruction Spyware

SillyDl.CKI Downloader

How To Remove SillyDl.CKI?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

SillyDl.CKI is dangerous virus:
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

SillyDl.CKI It also known as:


[Kaspersky]Trojan-Downloader.Win32.Agent.xq;
[Other]Win32/SillyDl.CKI

SillyDl.CKI Symptoms:

Files: [%WINDOWS%]\csvhost.exe [%WINDOWS%]\csvhost.exe

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
SillyDl.BCW Trojan Removal instruction
Removing FakeSub7!Spy!Trojan Trojan

AdFly Adware

How To Remove AdFly?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

AdFly is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

AdFly It also known as:


[Other]Trojan.Agent.SpyFly.A,Backdoor.Symfly

AdFly Symptoms:

Files: [%SYSTEM%]\COMAdEvent.dll [%SYSTEM%]\COMBoHEvent.dll [%SYSTEM%]\COMEventHelper.dll [%SYSTEM%]\COMAdEvent.dll [%SYSTEM%]\COMBoHEvent.dll [%SYSTEM%]\COMEventHelper.dll

Registry Keys: HKEY_CLASSES_ROOT\clsid\{1b84ddf4-71b2-4ad3-a066-81e7eb292fbb} HKEY_CLASSES_ROOT\clsid\{881f6f06-4620-4070-ad05-bd77d4c56661} HKEY_CLASSES_ROOT\clsid\{c61a70f3-505e-4b90-916f-627a8706b4bc} HKEY_CLASSES_ROOT\interface\{468262b9-8400-4a49-b2e5-ce8550eb1347}

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Pigeon.AVKX Trojan Cleaner

Meridian Adware

How To Remove Meridian?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Meridian is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.

Meridian Symptoms:

Files: [%WINDOWS%]\system\myaccess.dll [%WINDOWS%]\system\myaccess.dll

Registry Keys: HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{fa79fa22-8db3-43d1-997b-6dbfd8845569} HKEY_LOCAL_MACHINE\software\classes\clsid\{fa79fa22-8db3-43d1-997b-6dbfd8845569}

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
SearchSeekFind Adware Cleaner
Removing Z1.Adserver.com Tracking Cookie
Netpumper Adware Removal
rpc3 Trojan Cleaner
VBS.Solow.C Worm Symptoms

Cygo Adware

How To Remove Cygo?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Cygo is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Cygo Symptoms:

Registry Values: HKEY_CLASSES_ROOT\clsid\{7ac4f3d3-c0a7-4f1b-988d-3182d6402650}\inprocserver32 HKEY_CLASSES_ROOT\interface\{b3f16c8b-2ad8-4cbb-8a10-b7985a80a247}\typelib

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Bancos.GXM Trojan Information
Pigeon.AVUP Trojan Information
Friend.Msvrl Hijacker Removal
Removing Secure32 Trojan
Vxidl.ASY Trojan Cleaner

TrojanDownloader.Win32.Rameh Trojan

How To Remove TrojanDownloader.Win32.Rameh?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

TrojanDownloader.Win32.Rameh is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

TrojanDownloader.Win32.Rameh It also known as:


[Panda]Trj/Rameh.A

TrojanDownloader.Win32.Rameh Symptoms:

Files: [%SYSTEM%]\arb1tal.dll [%SYSTEM%]\arb1tal.dll

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing Win32.Spy.Conspy Trojan

IESEARCHBAR Adware

How To Remove IESEARCHBAR?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

IESEARCHBAR is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

IESEARCHBAR It also known as:


[Panda]Adware/BlazeFind

IESEARCHBAR Symptoms:

Registry Values: HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove Pigeon.AUL Trojan
Removing TrojanSpy.Win32.Delf.ar Trojan

Frethog.AES Trojan

How To Remove Frethog.AES?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Frethog.AES is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Frethog.AES It also known as:


[Kaspersky]Trojan-PSW.Win32.Nilage.bty;
[Other]Infostealer.Gampass

Frethog.AES Symptoms:

Registry Keys: HKEY_CLASSES_ROOT\clsid\{52b1b604-a461-42e0-9801-be06a5b05362}

Registry Values: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Bancos.GXI Trojan Information
Deltaclick BHO Cleaner
Remove Bancos.HL!downloader Trojan
SillyDl.CWK Trojan Removal instruction

AdwareRemover2007 Ransomware

How To Remove AdwareRemover2007?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

AdwareRemover2007 is dangerous virus:
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.

If the victim opens/executes the attachment, the program encrypts
a number of files on the victim's computer. A ransom note is then left behind for the victim.

The victim will be unable to open the encrypted files without the correct decryption key.
Once the ransom demanded in the ransom note is paid, the cracker may (or may not)
send the decryption key, enabling decryption of the "kidnapped" files.

AdwareRemover2007 Symptoms:

Files: [%DESKTOP%]\AdwareRemover2007.lnk [%DESKTOP%]\AdwareRemover2007.lnk

Folders: [%PROGRAMS%]\AdwareRemover2007 [%PROGRAM_FILES%]\AdwareRemover2007

Registry Keys: HKEY_CURRENT_USER\software\adwareremover2007 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\adwareremover2007

Registry Values: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
IRC.IRCKill DoS Information
Win32.Plexus Trojan Removal instruction
Second.Sight Spyware Symptoms
Remove Ulysses.Server Backdoor

Emerleox Trojan

How To Remove Emerleox?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

Emerleox is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Emerleox It also known as:


[Kaspersky]TrojanSpy.Win32.Sisie.c;
[Eset]Win32/Spy.Sisie.C trojan;
[Panda]Trj/Narod.B;
[Computer Associates]Win32/Emerleox!PWS!DLL!Trojan,Win32.DKS.M;
[Other]Win32/Emerleox!generic,INF/Emerleox.AH

Emerleox Symptoms:

Files: [%SYSTEM%]\Autorun.Vinf [%SYSTEM%]\Autorun.Vinf

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Bancos.GXI Trojan Removal
Cygox Adware Information
Remove Backdoor.SatanzCrew!Server Backdoor
Carequinha Backdoor Symptoms
Removing Nedsym Trojan

with.Netware.xs.TTS DoS

How To Remove with.Netware.xs.TTS?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.

with.Netware.xs.TTS is dangerous virus:
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.

with.Netware.xs.TTS Symptoms:

Files: [%WINDOWS%]\system\tcposmod.exe [%WINDOWS%]\tcposmod.exe [%WINDOWS%]\system\tcposmod.exe [%WINDOWS%]\tcposmod.exe

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing NJStar.Asian.Explorer BHO

Wednesday, January 21, 2009

SearchNet Symptoms:

Bugsprey Symptoms:

WebBuying Symptoms:

Ranky.du Symptoms:

FakeAlert.Adobepnl Symptoms:

KaZaa.Lite Symptoms:

Tokid Symptoms:

Osctr Symptoms:

PWS.Mafia Symptoms:

DyFuCa Internet Optimizer Symptoms:

PeopleOnPage Symptoms:

AdClicker Symptoms:

CaiShow Symptoms:

Monker Symptoms:

Dechiver Symptoms:

SillyDl.CKI Symptoms:

AdFly Symptoms:

Meridian Symptoms:

Cygo Symptoms:

TrojanDownloader.Win32.Rameh Symptoms:

IESEARCHBAR Symptoms:

Frethog.AES Symptoms:

AdwareRemover2007 Symptoms:

Emerleox Symptoms:

with.Netware.xs.TTS Symptoms:

Blog Archive

About Me