Tuesday, January 27, 2009

BestPhrases BHO

How To Remove BestPhrases?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
BestPhrases is dangerous virus:
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.


BestPhrases Symptoms:

Files:
[%SYSTEM%]\bpv1a.dll
[%SYSTEM%]\bpv2s.dll
[%WINDOWS%]\system\bpv1a.dll
[%WINDOWS%]\system\bpv2s.dll
[%SYSTEM%]\bpv1a.dll
[%SYSTEM%]\bpv2s.dll
[%WINDOWS%]\system\bpv1a.dll
[%WINDOWS%]\system\bpv2s.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{e8b4f3aa-9509-4081-9a85-914d5e9bec81}
HKEY_CLASSES_ROOT\clsid\{f4a645d0-d4d5-439e-9dbc-b31bbd9cb890}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{e8b4f3aa-9509-4081-9a85-914d5e9bec81}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{f4a645d0-d4d5-439e-9dbc-b31bbd9cb890}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{e8b4f3aa-9509-4081-9a85-914d5e9bec81}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{f4a645d0-d4d5-439e-9dbc-b31bbd9cb890}


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing Bancos.GLK Trojan
Piratos Adware Removal instruction
MkDirs Trojan Removal instruction

Cosiam Trojan

How To Remove Cosiam?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Cosiam is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.


Cosiam It also known as:

[Kaspersky]Trojan-Proxy.Win32.Small.bp;
[McAfee]W32/ProxyAgent.AS;
[Other]Troj/Small-BFZ,Trojan.vxgame

Cosiam Symptoms:

Files:
[%SYSTEM%]\thematrixhasyou.exe
[%SYSTEM%]\thematrixhasyou.exe


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove Backdoor.XHX.Server Backdoor

BTV Trojan

How To Remove BTV?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
BTV is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.


BTV It also known as:

[Kaspersky]Trojan.Win32.Small.an;
[Panda]Adware/RVP,Dialer.LJ

BTV Symptoms:

Folders:
[%PROGRAM_FILES%]\diallerprogram
[%PROGRAM_FILES%]\btv


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing vml.com Tracking Cookie
Remove Intrep Trojan
Formicbot Trojan Information
Joe's.Demise Trojan Removal

Agent.oo Backdoor

How To Remove Agent.oo?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Agent.oo is dangerous virus:
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.


Agent.oo Symptoms:

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Pigeon.EVL Trojan Removal instruction
Materialism Trojan Removal

Delta.Remote.Access Backdoor

How To Remove Delta.Remote.Access?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Delta.Remote.Access is dangerous virus:
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.


Delta.Remote.Access It also known as:

[Kaspersky]Backdoor.DRA.a,Backdoor.DRA.b,Backdoor.DRA.c;
[McAfee]BackDoor-GO;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/DRA,Bck/Knight,Backdoor Program,Bck/DRAccess;
[Computer Associates]Win32.PSW.Dra.unp,Win32/Dra!PWS!Trojan,Backdoor/Knight,Win32.DeltaForever.B,Backdoor/Dras.C!Server

Delta.Remote.Access Symptoms:

Files:
[%WINDOWS%]\msdra32.exe
[%WINDOWS%]\msdra32.exe


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove WordMacro.DVL Trojan
Pigeon.ART Trojan Removal
Bancos.GXQ Trojan Removal instruction
Remove Auto.Hack Adware
Typer704 Trojan Cleaner

SdBot.gen Worm

How To Remove SdBot.gen?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
SdBot.gen is dangerous virus:
Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.

Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.


SdBot.gen Symptoms:

Files:
[%SYSTEM%]\irbme.exe
[%SYSTEM%]\loadsh.exe
[%SYSTEM%]\rand32.exe
[%SYSTEM%]\winmsgr.exe
[%SYSTEM%]\irbme.exe
[%SYSTEM%]\loadsh.exe
[%SYSTEM%]\rand32.exe
[%SYSTEM%]\winmsgr.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Leprosy.Seneca Trojan Removal
Remove small.un Trojan
XTac Trojan Removal
Win32.PWS.Bamer Trojan Removal instruction

Bancos.ILP Trojan

How To Remove Bancos.ILP?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Bancos.ILP is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.


Bancos.ILP Symptoms:

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Bancos.GKK Trojan Information
SillyDl.CJG Trojan Information
Hesney Trojan Cleaner
Backdoor.XLog.Server Trojan Removal instruction
Absolute.Key.Logger Spyware Symptoms

ContraVirus Trojan

How To Remove ContraVirus?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
ContraVirus is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.


ContraVirus It also known as:

[Kaspersky]FraudTool.Win32.ContaVir.b;
[Other]Program:Win32/Contravirus,ContraVirus,ExpertAntiVirus,contravirus

ContraVirus Symptoms:

Files:
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\ContraVirus 2.0.lnk
[%DESKTOP%]\ContraVirus 2.0.lnk
[%PROFILE_TEMP%]\CVRLanguage.ini
[%PROGRAM_FILES%]\ContraVirus\ContraVirusPro.exe
[%STARTMENU%]\ContraVirus 2.0.lnk
[%SYSTEM%]\xpuupdate.exe
[%DESKTOP%]\ContraVirus 2.0.lnk
[%DESKTOP%]\encouraging registration.bmp
[%DESKTOP%]\install214.exe
[%PROFILE%]\Recent\encouraging registration.bmp.lnk
[%PROFILE_TEMP%]\21448.exe
[%PROFILE_TEMP%]\E9E6C0ED.TMP
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\ContraVirus 2.0.lnk
[%DESKTOP%]\ContraVirus 2.0.lnk
[%PROFILE_TEMP%]\CVRLanguage.ini
[%PROGRAM_FILES%]\ContraVirus\ContraVirusPro.exe
[%STARTMENU%]\ContraVirus 2.0.lnk
[%SYSTEM%]\xpuupdate.exe
[%DESKTOP%]\ContraVirus 2.0.lnk
[%DESKTOP%]\encouraging registration.bmp
[%DESKTOP%]\install214.exe
[%PROFILE%]\Recent\encouraging registration.bmp.lnk
[%PROFILE_TEMP%]\21448.exe
[%PROFILE_TEMP%]\E9E6C0ED.TMP

Folders:
[%PROGRAMS%]\ContraVirus
[%PROGRAM_FILES%]\ContraVirus
[%APPDATA%]\ContraVirus AntiSpam
[%DESKTOP%]\ContraVirus

Registry Keys:
HKEY_CLASSES_ROOT\Ad-Protect.Addin
HKEY_CLASSES_ROOT\Ad-Protect.Addin.1
HKEY_CLASSES_ROOT\appid\{6b677f1f-f86c-4757-bf24-7d865ef20639}
HKEY_CLASSES_ROOT\AppID\{7C11C36C-2AE0-4489-9B09-A6129139D52D}
HKEY_CLASSES_ROOT\clsid\{1be8c6a5-a75f-4e33-89c3-18cc58a0b952}
HKEY_CLASSES_ROOT\clsid\{61877300-54db-4746-ba42-03e03a2b269c}
HKEY_CLASSES_ROOT\CLSID\{99A753C6-E429-46BD-989E-DD4A21CD059D}
HKEY_CLASSES_ROOT\CLSID\{BBBD3E11-D201-46C9-8471-091D33159287}
HKEY_CLASSES_ROOT\clsid\{bfcbb188-18e3-1deb-59d5-bace1ce655a4}
HKEY_CLASSES_ROOT\CLSID\{D2C1986A-FBEC-4472-AABF-6D42F08DBC8E}
HKEY_CLASSES_ROOT\CLSID\{DBE5BEE8-F032-11DB-826A-C4BB56D89593}
HKEY_CLASSES_ROOT\CLSID\{EA038DDD-0FE0-41F5-BA60-FC3660529E71}
HKEY_CLASSES_ROOT\IEControl.IEExtension
HKEY_CLASSES_ROOT\IEControl.IEExtension.1
HKEY_CLASSES_ROOT\interface\{307c2e42-267a-11dc-aca0-7ccb56d89593}
HKEY_CLASSES_ROOT\interface\{61877300-54db-4746-ba42-03e03a2b269c}
HKEY_CLASSES_ROOT\interface\{63321a5c-d8fe-432c-8d2f-61c0fc264320}
HKEY_CLASSES_ROOT\Interface\{D2C1986A-FBEC-4472-AABF-6D42F08DBC8E}
HKEY_CLASSES_ROOT\Interface\{F51BC478-D997-4C56-988D-79D9EEAAD1EC}
HKEY_CLASSES_ROOT\Interface\{FD4DCB8B-C33A-4E70-A351-6FAB7E1071A4}
HKEY_CLASSES_ROOT\sctoolband.sctoolbandobj
HKEY_CLASSES_ROOT\sctoolband.sctoolbandobj.1
HKEY_CLASSES_ROOT\toolbarnotifier.notifier
HKEY_CLASSES_ROOT\toolbarnotifier.notifier.1
HKEY_CLASSES_ROOT\typelib\{2c02e5fc-7fe3-4122-911f-829314fe9bbc}
HKEY_CLASSES_ROOT\TypeLib\{32BD20FD-41FD-47FB-9BC9-28DCBD7D55D7}
HKEY_CLASSES_ROOT\typelib\{6b677f1f-f86c-4757-bf24-7d865ef20639}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\contravirus.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBE5BEE8-F032-11DB-826A-C4BB56D89593}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\contravirus
HKEY_CLASSES_ROOT\ad-protect.addin
HKEY_CLASSES_ROOT\ad-protect.addin.1
HKEY_CLASSES_ROOT\appid\contraviruspro.exe
HKEY_CLASSES_ROOT\appid\{7c11c36c-2ae0-4489-9b09-a6129139d52d}
HKEY_CLASSES_ROOT\clsid\{5af53372-266a-11dc-874d-879e56d89593}
HKEY_CLASSES_ROOT\clsid\{99a753c6-e429-46bd-989e-dd4a21cd059d}
HKEY_CLASSES_ROOT\clsid\{bbbd3e11-d201-46c9-8471-091d33159287}
HKEY_CLASSES_ROOT\clsid\{d2c1986a-fbec-4472-aabf-6d42f08dbc8e}
HKEY_CLASSES_ROOT\clsid\{dbe5bee8-f032-11db-826a-c4bb56d89593}
HKEY_CLASSES_ROOT\clsid\{ea038ddd-0fe0-41f5-ba60-fc3660529e71}
HKEY_CLASSES_ROOT\cvpro.server
HKEY_CLASSES_ROOT\cvpro.server.1
HKEY_CLASSES_ROOT\iecontrol.ieextension
HKEY_CLASSES_ROOT\iecontrol.ieextension.1
HKEY_CLASSES_ROOT\interface\{d2c1986a-fbec-4472-aabf-6d42f08dbc8e}
HKEY_CLASSES_ROOT\interface\{f51bc478-d997-4c56-988d-79d9eeaad1ec}
HKEY_CLASSES_ROOT\interface\{fd4dcb8b-c33a-4e70-a351-6fab7e1071a4}
HKEY_CLASSES_ROOT\typelib\{283ed043-d403-4808-bf28-fcde29dcf1fb}
HKEY_CLASSES_ROOT\typelib\{32bd20fd-41fd-47fb-9bc9-28dcbd7d55d7}
HKEY_CLASSES_ROOT\typelib\{fe4054f8-266a-11dc-aea3-b9a056d89593}
HKEY_CURRENT_USER\software\microsoft\office\outlook\addins\ad-protect.addin.1
HKEY_LOCAL_MACHINE\software\contravirus
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{dbe5bee8-f032-11db-826a-c4bb56d89593}

Registry Values:
HKEY_CLASSES_ROOT\appid\iecontrol.dll
HKEY_CLASSES_ROOT\appid\toolbarnotifier.exe
HKEY_CURRENT_USER\software\microsoft\office\outlook\addins\ad-protect.addin.1
HKEY_CURRENT_USER\software\microsoft\office\outlook\addins\ad-protect.addin.1
HKEY_CURRENT_USER\software\microsoft\office\outlook\addins\ad-protect.addin.1
HKEY_CURRENT_USER\software\microsoft\office\outlook\addins\ad-protect.addin.1
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\shell extensions\trace7
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\shell\dnl7\tracer
HKEY_LOCAL_MACHINE\software\contravirus
HKEY_LOCAL_MACHINE\software\contravirus
HKEY_LOCAL_MACHINE\software\contravirus
HKEY_LOCAL_MACHINE\software\contravirus
HKEY_LOCAL_MACHINE\software\contravirus
HKEY_LOCAL_MACHINE\software\contravirus
HKEY_LOCAL_MACHINE\software\contravirus
HKEY_LOCAL_MACHINE\software\contravirus
HKEY_LOCAL_MACHINE\software\contravirus
HKEY_LOCAL_MACHINE\software\contravirus
HKEY_LOCAL_MACHINE\software\contravirus
HKEY_LOCAL_MACHINE\software\contravirus
HKEY_LOCAL_MACHINE\software\contravirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CLASSES_ROOT\appid\toolbarnotifier.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\shell extensions\trace7
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\shell\dnl7\tracer
HKEY_CURRENT_USER\software\microsoft\windows\shellnoroam\muicache
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Formador Trojan Information
Remove VirTool.Win32.ShadowAdmin Trojan
Pigeon.ERG Trojan Removal instruction
Removing FY Trojan

180Solutions.Zango Spyware

How To Remove 180Solutions.Zango?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
180Solutions.Zango is dangerous virus:
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.


180Solutions.Zango Symptoms:

Files:
[%DESKTOP%]\Viruz\npclntax.dll
[%PROFILE_TEMP%]\1801FC.mht
[%PROFILE_TEMP%]\18035E.mht
[%PROFILE_TEMP%]\1804.mht
[%PROFILE_TEMP%]\180520.mht
[%PROFILE_TEMP%]\18055D.mht
[%PROFILE_TEMP%]\180B.mht
[%PROFILE_TEMP%]\180E.mht
[%PROFILE_TEMP%]\temp.fr????\zanuhook.dll
[%PROFILE_TEMP%]\Upgrade.exe
[%PROFILE_TEMP%]\ZangoTBInstaller.exe
[%PROGRAM_FILES%]\Mozilla Firefox\plugins\npclntax.dll
[%PROFILE_TEMP%]\ToolbarUpgrade.exe
[%PROFILE_TEMP%]\ZangoClient.exe
[%DESKTOP%]\Viruz\npclntax.dll
[%PROFILE_TEMP%]\1801FC.mht
[%PROFILE_TEMP%]\18035E.mht
[%PROFILE_TEMP%]\1804.mht
[%PROFILE_TEMP%]\180520.mht
[%PROFILE_TEMP%]\18055D.mht
[%PROFILE_TEMP%]\180B.mht
[%PROFILE_TEMP%]\180E.mht
[%PROFILE_TEMP%]\temp.fr????\zanuhook.dll
[%PROFILE_TEMP%]\Upgrade.exe
[%PROFILE_TEMP%]\ZangoTBInstaller.exe
[%PROGRAM_FILES%]\Mozilla Firefox\plugins\npclntax.dll
[%PROFILE_TEMP%]\ToolbarUpgrade.exe
[%PROFILE_TEMP%]\ZangoClient.exe

Folders:
[%COMMON_PROGRAMS%]\Zango
[%PROGRAM_FILES%]\zango
[%PROGRAM_FILES%]\zango programs
[%PROGRAM_FILES%]\zangoclient
[%PROGRAMS%]\zango
[%PROGRAMS%]\zango programs

Registry Keys:
HKEY_CLASSES_ROOT\appid\zangotoolbar.dll
HKEY_CLASSES_ROOT\appid\{d28cd14c-50be-4cfa-951e-b37f25da3472}
HKEY_CLASSES_ROOT\appid\{f1f040d5-e8f8-4680-b101-9334e9773841}
HKEY_CLASSES_ROOT\clientax.zangoclientax
HKEY_CLASSES_ROOT\clientax.zangoclientax.1
HKEY_CLASSES_ROOT\clsid\{144b9c7e-235a-4316-9eb3-5e393714c77a}
HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}
HKEY_CLASSES_ROOT\CLSID\{56F1D444-11BF-4879-A12B-79CF0177F038}
HKEY_CLASSES_ROOT\clsid\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}
HKEY_CLASSES_ROOT\CLSID\{EA0D26BD-9029-431A-86E0-83152D67828A}
HKEY_CLASSES_ROOT\interface\{031cbf6a-c70e-4177-a0d4-c5268ee311fb}
HKEY_CLASSES_ROOT\interface\{dd469a88-316c-441d-b712-783d9b9a6707}
HKEY_CLASSES_ROOT\typelib\{01bf19c2-59d3-43e9-a2cc-c2d62d8878d3}
HKEY_CLASSES_ROOT\typelib\{91e523db-2a1c-4231-bb06-9be27c28739a}
HKEY_CLASSES_ROOT\typelib\{981bda1d-c8ad-46ff-be2c-fddd859ac6f5}
HKEY_CURRENT_USER\software\zango
HKEY_CURRENT_USER\software\zanu
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\zango
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56F1D444-11BF-4879-A12B-79CF0177F038}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zango
HKEY_LOCAL_MACHINE\software\zango
HKEY_LOCAL_MACHINE\software\zanu
HKEY_CLASSES_ROOT\clsid\{391b0aa4-1e17-485f-b635-0fe26219e87e}
HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}
HKEY_CLASSES_ROOT\clsid\{ea0d26bd-9029-431a-86e0-83152d67828a}
HKEY_CLASSES_ROOT\interface\{d5175f49-39e5-4af1-ba98-e2234869276d}
HKEY_CLASSES_ROOT\typelib\{15ea8944-438e-471e-860d-6743d4383a37}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{56f1d444-11bf-4879-a12b-79cf0177f038}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zanu
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{c1b52e99-7ee0-4217-a072-e4742850e517}

Registry Values:
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites\1
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites\1
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites\1
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites\1
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites\1
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites\1
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites\1
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\gimmysmileys
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites\1
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites\1
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites\1
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites\1
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites\1
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites\1
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Pigeon.EHY Trojan Removal instruction
Win32.AcidShiver Trojan Symptoms
Removing BootDr135 Trojan
prosearching.com Hijacker Removal instruction

Back.Construction Trojan

How To Remove Back.Construction?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Back.Construction is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.


Back.Construction It also known as:

[Kaspersky]Backdoor.BackConstructor.15,Backdoor.Nightmare.12,Backdoor.BackConstructor.20,Backdoor.Nightmare.25;
[Eset]Win32/BackConstructor.15 trojan,Win32/Nightmare.B trojan,Win32/BackConstructor.20 trojan,Win32/Backc trojan;
[McAfee]BackDoor-AG;
[F-Prot]Backdoor.Nmare,security risk or a "backdoor" program;
[Panda]Bck/Nightmare.2.5;
[Computer Associates]Backdoor/BackConstructor Server,Win32.BackConstructor,Backdoor/BackConstructor_Server_

Back.Construction Symptoms:

Files:
[%WINDOWS%]\cmctl32.exe
[%WINDOWS%]\cmctl32.exe


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Spotonbh.dll BHO Information
WordMacro.Louvado Trojan Removal
SJRC RAT Symptoms
Removing Win.AOLPS.Bucop Trojan
Remove Vxidl.ADV Trojan

gold.stealer Trojan

How To Remove gold.stealer?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
gold.stealer is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.


gold.stealer Symptoms:

Files:
[%PROGRAM_FILES%]\Mozilla Firefox\components\ExtensionManager.dll
[%PROGRAM_FILES%]\Mozilla Firefox\components\ExtensionManager.dll


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
TrojanDownloader.Win32.Small.aa Trojan Cleaner

OkToolbar Malware

How To Remove OkToolbar?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
OkToolbar is dangerous virus:
Malware includes a range of programs that do not threaten computers directly,
but are used to create viruses or Trojans, or used to carry out illegal activities
such as DoS attacks and breaking into other computers. Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.


OkToolbar Symptoms:

Files:
[%PROGRAM_FILES%]\OKToolbar\OKMaster.exe
[%PROGRAM_FILES%]\OKToolbar\OkToolbar.dll
[%PROGRAM_FILES%]\OKToolbar\OKMaster.exe
[%PROGRAM_FILES%]\OKToolbar\OkToolbar.dll

Folders:
[%PROGRAM_FILES%]\OKToolbar

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{73182355-ED2B-4064-A45F-49227EA0EE74}

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove Pigeon.AVTF Trojan
Ehg.eckounlimited.hitbox Tracking Cookie Information
Zlob.Fam.strCodec Trojan Cleaner

Draprof Trojan

How To Remove Draprof?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Draprof is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.


Draprof Symptoms:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
SillyDl.BYO Trojan Removal instruction
Phishbank.AEQ Trojan Removal
Landmine DoS Removal instruction
TrojanDownloader.Win32.Swizzor.bn Trojan Removal

Trojan Trojan

How To Remove Trojan?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Trojan is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.
DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.


Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.


Trojan It also known as:

[Kaspersky]Trojan.PSW.Atrojan.15,Trojan.PSW.Atrojan.20,Backdoor.Inuk,Backdoor.Notpa,Backdoor.Zemac.b,Backdoor.Zemac.d,Backdoor.Zemac.a,Backdoor.Zemac.c,Backdoor.VB.ga,MutaGen.100.Test.1325,Backdoor.Rat.10,Trojan.Rappere.5718,Backdoor.Rat.20,Backdoor.Win32.RAT.20,Backdoor.Xtcp.200,Backdoor.Xtcp.201,Trojan.307,Stoned.a,Trojan.Zyflex,Trojan.PSW.Sniffor.f,Backdoor.VB.da,Jerusalem.1244.a,ARCV.795.b,Phoenix.Live.1226,Virus101,Virus.DOS.CivilWar.Dad.503,Dutch_Tiny.284,Dutch_Tiny.286,EAF.737,Mini.189,VCL.361.a,V.491,Vienna.583.a,Vienna.634.a,V.699,Mnemonix.559,Singapore.521,V.484.a,V.302,Mutation.241.a,Trivial.26.a,NIK.Test.1958,SillyO.286,Vpp.475,IRC-Worm.Septic.4535,Trojan.PSW.Pricol.a,Trojan-Dropper.Win32.VB.nh,Trojan-Clicker.Win32.Delf.dn,Trojan.Win32.VB.aoe,Trojan.Win32.Delf.cn,Trojan.Win32.Dialer.ru,Trojan.Win32.Dialer.fy,Porn-Dialer.Win32.Agent.h,Trojan.Win32.Dialer.hc,Backdoor.Win32.Agent.alm,Backdoor.Win32.VirtualAve.h,Trojan-Clicker.Win32.BHO.f,AdWare.Win32.BHO.hk;
[Eset]Win32/PSW.Atrojan.B trojan,Win32/PSW.Atrojan.C trojan,Win32/PWS.Atrojan.C trojan,Win32/BackDoor.2_0 trojan,Win32/BackDoor.2_02 trojan,Win32/Inuk trojan,Win32/Zemac.D trojan,Win32/Notpa.A trojan,Win32/Notpa trojan,Win32/BackDoor.2_03 trojan,Win32/Zemac.C trojan,Win32/VB.GA trojan,201 trojan,XTCP.200.Install trojan,_MX trojan,Win32/Optix.Downloader trojan,Jerusalem.1244 virus,probably unknown STEALTH.CRYPT.TSR.COM.EXE virus,Virus101 virus,Ava.550 virus;
[McAfee]BackDoor-AR,Generic,Generic BackDoor.b,OC/mut1,BackDoor-U,Froggie,BackDoor-CT,Mailer joke,Zyflex,Generic Downloader.s,AdClicker-EJ,Generic StartPage.f,Dialer-199,Dialer-188,Generic BackDoor.u,FDoS-BEnergy,BackDoor-KT;
[F-Prot]security risk or a "backdoor" program,Mgtest.5131,destructive program,W32/XTCP.backdoor.A,virus dropper,W32/Dialer.CEY,W32/Dialer.CMQ,W32/Backdoor.AQGQ;
[Panda]Trj/PSW.Atrojan.b,Trj/PSW.Atrojan.C,Backdoor Program.LC,Trj/Backdoor.2_3.Sr,Bck/Zemac,Trj/Backdoor.2_3.Cl,Mutagen.1703,Bck/Rat.1_0,Generic Trojan,Bck/Rat.2_0,Bck/XTCP.201,Tr_Zyflex.35,Trj/PSW.Sniffer.F,Backdoor Program,Bck/VB,Trj/Eraser.Gen,Trj/Headless,Trj/PSW.TestSpy.C,Trj/PSW.TestSpyB,Univ,Univ.OG,Univ.EP,Jerusalem.1244,X-2.Drp,1226B-Drp,Virus 101,CivilWar.Dad.503,Search.377,Danish_tiny.284.B,K-4C.737,Howard.361,Dest 3,Tu28.535,_612,Pol.583,USSR.711,D-K,V.484,Roseanne,NIK.Test.1958,Univ.EG,Test.1030.?,Vtt.475,Septic.4512.Drp,Trj/PSW.Pricol.a;
[Computer Associates]Win32.PSW.Atrojan.15,Win32/Atrojan.B!PWS!Trojan,Win32/PWS.Atrojan.C.Trojan,Win32/PWS.ATrojan.C2.Trojan,Backdoor/Inuk!Server,Backdoor/Zemac.G,Win32.IcqNuke98,Win95/ICQNuke98!Trojan,Win95/ICQNuke98.Trojan,Win32.Zemac,Win95/BackDoor_1.3.Trojan,Backdoor/DarkEclipse!Server,Backdoor/Zemac.A,Win95/ICQNuke.Trojan,Win32.Readme,Win32/Readme.Trojan,Mgtest.5131.B,Backdoor/Rat10,Froggie,Win32.Rat.10,Win32.Rat.20,Win32/Rat.B!Trojan,Backdoor/Xtcp!Server.201,Backdoor/Xtcp.201,Win32.Xtcp.200,Win32.Xtcp.201,StonedDropper.17574.Dropper,Ziflex!Trojan,Zyflex,Sniffer.f!PWS!Trojan,Backdoor/VB.da,TrojanTester!Trojan,Trojan-20990!Trojan,Win32/TestSpy.C!PWS!Trojan,Win32/TestSpy.B!PWS!Trojan,C.112.C,Flow.201,Flow.297,Win32/E.1416,Win32/S.Downloader.Trojan,1244,X 2,V 101,V 550,503,V 377,284/286,189.C,361,C.491,585,612.A,C.640,V.699,TPE encrypted,484,V 302,V 1355,C.180,Trivial.26.H;
[Other]trojan-dropper-dudu,Win32/Testuu.F,Trojan-IEMax,Win32/Testuu.K,Trojan.IEMax,Win32/Testuu.I,Troojan.IEMax,Win32/Testuu.D,Dialer.ExDialer,Win32/Dialer.E,Win32/Dialer.V,W32/Dialer.LBF,Win32/Dialer.U,Troj/QLowDr-A,Dialer:Win32/Riprova,Plugin,winmovie dialer,Dialer.Sfonditalia,Dialer.Generic,W32/Dialer.AGDZ,Dialer.BGRN,TROJ_AGENT.RTF,W32/Malware,Trojan.W32.VirtualAve,Downloader,TROJ_Generic

Trojan Symptoms:

Files:
[%PROFILE_TEMP%]\tt_unadd.inf
[%SYSTEM%]\SWRT01.dll
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Per Adulti.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Previsioni Meteo.lnk
[%DESKTOP%]\Previsioni Meteo.lnk
[%PROGRAM_FILES%]\Internet Explorer\MUI\yybar.exe
[%PROGRAM_FILES%]\ybar.exe
[%STARTMENU%]\Per Adulti.lnk
[%STARTMENU%]\Previsioni Meteo.lnk
[%SYSTEM%]\antiwpa.dll
[%SYSTEM%]\DayTemp.ini
[%SYSTEM%]\domain11.dll
[%SYSTEM%]\Explor.exe
[%SYSTEM%]\fileupdate.exe
[%SYSTEM%]\fsutk.dll
[%SYSTEM%]\helperservice.dll
[%SYSTEM%]\intnets.exe
[%SYSTEM%]\lie1d6ff.dll
[%SYSTEM%]\msvcrtd.exe
[%SYSTEM%]\popservice.exe
[%SYSTEM%]\scridows.exe
[%SYSTEM%]\shell32.exe
[%SYSTEM%]\smail11.dll
[%SYSTEM%]\sysinfer.exe
[%SYSTEM%]\systemtoolbar.dll
[%SYSTEM%]\systray32s.exe
[%WINDOWS%]\ad.exe
[%WINDOWS%]\msfiles.exe
[%WINDOWS%]\notpa.exe
[%WINDOWS%]\syssfitb.exe
[%WINDOWS%]\system\august10.exe
[%WINDOWS%]\system\dpvmox.exe
[%WINDOWS%]\system\lie1d6ff.dll
[%WINDOWS%]\system\mshelp32.exe
[%WINDOWS%]\Tempp\8888_16.exe
[%WINDOWS%]\Tempp\winass.exe
[%WINDOWS%]\winass.exe
[%PROFILE_TEMP%]\tt_unadd.inf
[%SYSTEM%]\SWRT01.dll
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Per Adulti.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Previsioni Meteo.lnk
[%DESKTOP%]\Previsioni Meteo.lnk
[%PROGRAM_FILES%]\Internet Explorer\MUI\yybar.exe
[%PROGRAM_FILES%]\ybar.exe
[%STARTMENU%]\Per Adulti.lnk
[%STARTMENU%]\Previsioni Meteo.lnk
[%SYSTEM%]\antiwpa.dll
[%SYSTEM%]\DayTemp.ini
[%SYSTEM%]\domain11.dll
[%SYSTEM%]\Explor.exe
[%SYSTEM%]\fileupdate.exe
[%SYSTEM%]\fsutk.dll
[%SYSTEM%]\helperservice.dll
[%SYSTEM%]\intnets.exe
[%SYSTEM%]\lie1d6ff.dll
[%SYSTEM%]\msvcrtd.exe
[%SYSTEM%]\popservice.exe
[%SYSTEM%]\scridows.exe
[%SYSTEM%]\shell32.exe
[%SYSTEM%]\smail11.dll
[%SYSTEM%]\sysinfer.exe
[%SYSTEM%]\systemtoolbar.dll
[%SYSTEM%]\systray32s.exe
[%WINDOWS%]\ad.exe
[%WINDOWS%]\msfiles.exe
[%WINDOWS%]\notpa.exe
[%WINDOWS%]\syssfitb.exe
[%WINDOWS%]\system\august10.exe
[%WINDOWS%]\system\dpvmox.exe
[%WINDOWS%]\system\lie1d6ff.dll
[%WINDOWS%]\system\mshelp32.exe
[%WINDOWS%]\Tempp\8888_16.exe
[%WINDOWS%]\Tempp\winass.exe
[%WINDOWS%]\winass.exe

Folders:
[%PROGRAM_FILES%]\bullguard\infected
[%PROGRAM_FILES%]\8848

Registry Keys:
HKEY_CLASSES_ROOT\interface\{0f2a4adc-dabf-4980-8db4-19f67d7b1f95}
HKEY_CLASSES_ROOT\interface\{96b3b1b9-a510-4603-bd66-2bb2c9f21542}
HKEY_CLASSES_ROOT\nn_bar_dummy.nn_bardummy
HKEY_CLASSES_ROOT\nn_bar_dummy.nn_bardummy.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}
HKEY_LOCAL_MACHINE\software\classes\clsid\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e}
HKEY_LOCAL_MACHINE\software\classes\interface\{1037b06c-84b7-4240-8d80-485810a0497d}
HKEY_LOCAL_MACHINE\software\classes\interface\{224302b0-94e9-45c2-9e5b-ba989ee556e1}
HKEY_LOCAL_MACHINE\software\classes\interface\{54b287f9-fd90-4457-b65e-cb91560c021d}
HKEY_LOCAL_MACHINE\software\classes\interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f}
HKEY_LOCAL_MACHINE\software\classes\nn_bar_dummy.nn_bardummy
HKEY_LOCAL_MACHINE\software\classes\nn_bar_dummy.nn_bardummy.1
HKEY_LOCAL_MACHINE\software\classes\typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49}
HKEY_LOCAL_MACHINE\software\classes\typelib\{f8310e7d-4c4d-46a4-a068-b5bb99411cc7}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}
HKEY_CLASSES_ROOT\clsid\{42a3a616-ff3c-4713-a5c2-4f1b566cef51}
HKEY_CLASSES_ROOT\clsid\{43fa5935-e36e-4937-8127-a90191b2ec68}
HKEY_CLASSES_ROOT\clsid\{6b2455fd-3669-4555-8df8-69fd5bc846f8}
HKEY_CLASSES_ROOT\clsid\{72557f9f-13ae-44c9-b3d7-5091b599027c}
HKEY_CLASSES_ROOT\clsid\{749d1d7d-1969-4014-a98d-9e867e7508d0}
HKEY_CLASSES_ROOT\clsid\{81270159-e8f9-4713-9646-03531e0eef58}
HKEY_CLASSES_ROOT\clsid\{86bc8440-8693-4076-a144-6baf942b40b0}
HKEY_CLASSES_ROOT\clsid\{9c759c2b-d5c5-4bdd-adb1-ba4dccc37e5e}
HKEY_CLASSES_ROOT\clsid\{9e1e1371-9d8f-4421-81b9-f8d2e1773a59}
HKEY_CLASSES_ROOT\clsid\{bf50ac63-19da-487e-ad4a-0b452d823b59}
HKEY_CLASSES_ROOT\helperservice.internet_explorer_helper
HKEY_CLASSES_ROOT\interface\{932d8e1b-cd94-4cf1-8ed1-149d452a2033}
HKEY_CLASSES_ROOT\interface\{a55841fa-0e67-4924-974f-75e75f8d4274}
HKEY_CLASSES_ROOT\interface\{c72aeefc-c265-4a10-a5a9-4150b1741580}
HKEY_CLASSES_ROOT\interface\{c86b82be-3e84-4f71-8323-f12bb71d9cb2}
HKEY_CLASSES_ROOT\pagerevisor.regmore
HKEY_CLASSES_ROOT\pagerevisor.regmore.1
HKEY_CLASSES_ROOT\pagerevisor.revisehelper
HKEY_CLASSES_ROOT\pagerevisor.revisehelper.1
HKEY_CLASSES_ROOT\systemtoolbar.internet_explorer
HKEY_CLASSES_ROOT\typelib\{4645a0e0-7b59-439a-bb73-d4159321e09b}
HKEY_CLASSES_ROOT\typelib\{910e102a-5244-4afd-a806-ce9b4e1a96c7}\1.0
HKEY_CLASSES_ROOT\typelib\{c9deef7b-1b15-475f-b4d4-7aa834f0e5c4}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\settings\{bf50ac63-19da-487e-ad4a-0b452d823b59}
HKEY_CURRENT_USER\software\vb and vba program settings\exploeer
HKEY_LOCAL_MACHINE\software\classes\clsid\{81270159-e8f9-4713-9646-03531e0eef58}
HKEY_LOCAL_MACHINE\software\internet_explorer
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{42a3a616-ff3c-4713-a5c2-4f1b566cef51}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{43fa5935-e36e-4937-8127-a90191b2ec68}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{72557f9f-13ae-44c9-b3d7-5091b599027c}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9c759c2b-d5c5-4bdd-adb1-ba4dccc37e5e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9e1e1371-9d8f-4421-81b9-f8d2e1773a59}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{bf50ac63-19da-487e-ad4a-0b452d823b59}

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\ttunim
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\ttunim
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\ttunim
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\contextsidebar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\mirrorunder
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ronsidebar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spidersidebar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\urlsidebar
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\msupdate
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\defaultbar.com\www
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\ragazze-spiate.com\www
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\super-contenuti.com\www
HKEY_LOCAL_MACHINE\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{18a20280-fe1d-6789-0106-010106050103}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\user agent\post platform
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\ttunim


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove FormatA Trojan

Agobot.qf Backdoor

How To Remove Agobot.qf?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Agobot.qf is dangerous virus:
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.



Agobot.qf Symptoms:

Files:
[%SYSTEM%]\explored.exe
[%SYSTEM%]\explored.exe


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remote.Boot.Tool.Build Backdoor Information

Whazit BHO

How To Remove Whazit?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Whazit is dangerous virus:
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.


Whazit Symptoms:

Files:
[%WINDOWS%]\downloaded program files\downloader.inf
[%WINDOWS%]\kyf.dat
[%SYSTEM%]\newones.dll
[%SYSTEM%]\outones.dll
[%SYSTEM%]\whattn.dll
[%SYSTEM%]\whattt.dll
[%WINDOWS%]\cards.ico
[%WINDOWS%]\downloaded program files\download_ul.inf
[%WINDOWS%]\newones.dll
[%WINDOWS%]\system\newones.dll
[%WINDOWS%]\system\outones.dll
[%WINDOWS%]\system\whattn.dll
[%WINDOWS%]\system\whattt.dll
[%WINDOWS%]\wanobsi.exe
[%WINDOWS%]\whattn.dll
[%WINDOWS%]\whattt.dll
[%WINDOWS%]\downloaded program files\downloader.inf
[%WINDOWS%]\kyf.dat
[%SYSTEM%]\newones.dll
[%SYSTEM%]\outones.dll
[%SYSTEM%]\whattn.dll
[%SYSTEM%]\whattt.dll
[%WINDOWS%]\cards.ico
[%WINDOWS%]\downloaded program files\download_ul.inf
[%WINDOWS%]\newones.dll
[%WINDOWS%]\system\newones.dll
[%WINDOWS%]\system\outones.dll
[%WINDOWS%]\system\whattn.dll
[%WINDOWS%]\system\whattt.dll
[%WINDOWS%]\wanobsi.exe
[%WINDOWS%]\whattn.dll
[%WINDOWS%]\whattt.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{dcf0768d-ba7a-101a-b57a-0000c0c3ed5f}
HKEY_CLASSES_ROOT\clsid\{10955232-b671-11d7-8066-0040f6f477e4}
HKEY_CLASSES_ROOT\clsid\{267d5bd3-0dc2-4724-a196-7f4794fbb9eb}
HKEY_CLASSES_ROOT\clsid\{66f67511-2665-4c34-9e20-fac2c0954ef2}
HKEY_CLASSES_ROOT\clsid\{c9176930-9c9f-4cba-9723-0f58c3e7ced6}
HKEY_CLASSES_ROOT\clsid\{d5b72aed-e54a-11d6-b1b2-444553540000}
HKEY_CLASSES_ROOT\clsid\{d7d7004c-a763-4f8c-b0d4-55a7e017e69d}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{10955232-b671-11d7-8066-0040f6f477e4}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{267d5bd3-0dc2-4724-a196-7f4794fbb9eb}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{66f67511-2665-4c34-9e20-fac2c0954ef2}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{d5b72aed-e54a-11d6-b1b2-444553540000}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{d7d7004c-a763-4f8c-b0d4-55a7e017e69d}
HKEY_CLASSES_ROOT\typelib\{d130f0d2-bcfd-4b15-a5e7-415159ef4969}
HKEY_CLASSES_ROOT\wharederer.class1
HKEY_CURRENT_USER\software\whazit
HKEY_LOCAL_MACHINE\software\classes\clsid\{10955232-b671-11d7-8066-0040f6f477e4}
HKEY_LOCAL_MACHINE\software\classes\clsid\{267d5bd3-0dc2-4724-a196-7f4794fbb9eb}
HKEY_LOCAL_MACHINE\software\classes\clsid\{66f67511-2665-4c34-9e20-fac2c0954ef2}
HKEY_LOCAL_MACHINE\software\classes\clsid\{c9176930-9c9f-4cba-9723-0f58c3e7ced6}
HKEY_LOCAL_MACHINE\software\classes\clsid\{d5b72aed-e54a-11d6-b1b2-444553540000}
HKEY_LOCAL_MACHINE\software\classes\clsid\{d7d7004c-a763-4f8c-b0d4-55a7e017e69d}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{dcf0768d-ba7a-101a-b57a-0000c0c3ed5f}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{10955232-b671-11d7-8066-0040f6f477e4}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{267d5bd3-0dc2-4724-a196-7f4794fbb9eb}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{66f67511-2665-4c34-9e20-fac2c0954ef2}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d5b72aed-e54a-11d6-b1b2-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d7d7004c-a763-4f8c-b0d4-55a7e017e69d}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\redwhazit
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\whazitwhazit toolbar
HKEY_LOCAL_MACHINE\software\wms

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
SdBot.bu Backdoor Symptoms

Hupigon.nh Trojan

How To Remove Hupigon.nh?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Hupigon.nh is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.



Hupigon.nh Symptoms:

Registry Keys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GrayPigeonServer


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing Alien Trojan
Vxidl.BAV Trojan Information
AdDestroyer Adware Removal
Elkong.gen Trojan Removal

Netvq Trojan

How To Remove Netvq?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Netvq is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.


Netvq It also known as:

[Kaspersky]SpamTool.Win32.Agent.u,Trojan.Win32.Agent.afg;
[McAfee]PWS-LSP;
[Other]Win32/Netvq!generic,Troj/NetVQ-Gen,Win32/Netvq.A

Netvq Symptoms:

Files:
[%SYSTEM%]\damlwbrcx.dll
[%SYSTEM%]\j.dll
[%SYSTEM%]\ybrqgybdc.dll
[%SYSTEM%]\zqsnxozhgkc.dll
[%SYSTEM%]\damlwbrcx.dll
[%SYSTEM%]\j.dll
[%SYSTEM%]\ybrqgybdc.dll
[%SYSTEM%]\zqsnxozhgkc.dll


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Pigeon.AVPN Trojan Removal instruction

IEBarUp Adware

How To Remove IEBarUp?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
IEBarUp is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits


IEBarUp Symptoms:

Files:
[%SYSTEM%]\eeeeee.ini
[%SYSTEM%]\eeeeee1.ini
[%SYSTEM%]\IeBar1.dll
[%SYSTEM%]\prawned.exe
[%SYSTEM%]\prawnedhk.dll
[%SYSTEM%]\prawnedr.exe
[%SYSTEM%]\prawnedwb.dll
[%SYSTEM%]\eeeeee.ini
[%SYSTEM%]\eeeeee1.ini
[%SYSTEM%]\IeBar1.dll
[%SYSTEM%]\prawned.exe
[%SYSTEM%]\prawnedhk.dll
[%SYSTEM%]\prawnedr.exe
[%SYSTEM%]\prawnedwb.dll

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Spotcom Trojan Removal
Removing Adirka Trojan
Remove Agent.hs Trojan
Remove Small.cam Downloader
Win32.NAH Trojan Removal instruction

Delf.md Downloader

How To Remove Delf.md?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Delf.md is dangerous virus:
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.


Delf.md Symptoms:

Registry Keys:
HKEY_CURRENT_USER\cmrss

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Backdoor.HacDef Trojan Removal instruction
Bancos.GHN Trojan Cleaner

BDPlugin BHO

How To Remove BDPlugin?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
BDPlugin is dangerous virus:
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.


BDPlugin Symptoms:

Files:
[%WINDOWS%]\downloaded program files\bdhelper.dll
[%SYSTEM%]\bdsrhook.dll
[%WINDOWS%]\system\bdsrhook.dll
[%WINDOWS%]\downloaded program files\bdhelper.dll
[%SYSTEM%]\bdsrhook.dll
[%WINDOWS%]\system\bdsrhook.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{2c5aa40e-8814-4eb6-876e-7efb8b3f9662}
HKEY_CLASSES_ROOT\clsid\{bc207f7d-3e63-4aca-99b5-fb5f8428200c}
HKEY_LOCAL_MACHINE\software\classes\clsid\{bc207f7d-3e63-4aca-99b5-fb5f8428200c}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{bc207f7d-3e63-4aca-99b5-fb5f8428200c}
HKEY_CLASSES_ROOT\typelib\{2c5aa40e-8814-4eb6-876e-7efb8b3f9662}
HKEY_CLASSES_ROOT\typelib\{8522f9b3-38c5-4aa4-ae40-7401f1bbc851}
HKEY_CLASSES_ROOT\typelib\{ca92b524-bc8a-4610-bd2c-6bd3e28155d0}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{bc207f7d-3e63-4aca-99b5-fb5f8428200c}

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing Sex.com Tracking Cookie
Pigeon.EZA Trojan Removal
Willow Trojan Information

Mini.Spy RAT

How To Remove Mini.Spy?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Mini.Spy is dangerous virus:
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.


Mini.Spy Symptoms:

Files:
[%WINDOWS%]\system\cat.dll
[%WINDOWS%]\system\symantec.exe
[%WINDOWS%]\system\cat.dll
[%WINDOWS%]\system\symantec.exe


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Small.kz Trojan Cleaner
TrojanDownloader.Win32.Swizzor.bg Downloader Removal
Bombing Trojan Cleaner
DlSlime Trojan Cleaner

NetAmine RAT

How To Remove NetAmine?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
NetAmine is dangerous virus:
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.



NetAmine Symptoms:

Files:
[%WINDOWS%]\system\sauvejpg.dll
[%WINDOWS%]\system\sauvejpg.dll


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Liberty.SSSS Trojan Information
Remote.ICQ.Pager Trojan Information

Win32.TrojanDownloader.Agent Trojan

How To Remove Win32.TrojanDownloader.Agent?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Win32.TrojanDownloader.Agent is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.


Win32.TrojanDownloader.Agent It also known as:

[Kaspersky]TrojanDownloader.Win32.Agent.ab,TrojanDownloader.Win32.Agent.ad;
[Eset]Win32/TrojanDownloader.Agent.H trojan,Win32/TrojanDownloader.Agent.BF trojan;
[Panda]Adware/SpywareNuker,Adware/BlazeFind,Adware/WUpd,Dialer.LS

Win32.TrojanDownloader.Agent Symptoms:

Files:
[%SYSTEM%]\winupdt.001
[%WINDOWS%]\temp\phg16189.exe
[%SYSTEM%]\winupdt.001
[%WINDOWS%]\temp\phg16189.exe

Folders:
[%PROGRAM_FILES%]\windupdates


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing Specrem Trojan
Pigeon.AWC Trojan Removal instruction
Win32.Bakaver Trojan Removal instruction
Datapac.Hacker Trojan Removal

Free.Keylogger Spyware

How To Remove Free.Keylogger?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Free.Keylogger is dangerous virus:
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.


Free.Keylogger Symptoms:

Files:
[%SYSTEM%]\asrupdate.exe
[%SYSTEM%]\cachechk.exe
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Free Keylogger.lnk
[%SYSTEM%]\sfklg.dat
[%SYSTEM%]\sfklg.dll
[%SYSTEM%]\sfklgcp.exe
[%SYSTEM%]\asrupdate.exe
[%SYSTEM%]\cachechk.exe
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Free Keylogger.lnk
[%SYSTEM%]\sfklg.dat
[%SYSTEM%]\sfklg.dll
[%SYSTEM%]\sfklgcp.exe

Folders:
[%PROGRAMS%]\free keylogger

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing ExecuteChanger Trojan
Removing Pigeon.EPG Trojan
Pigeon.AYU Trojan Symptoms

SillyDl.AUZ Trojan

How To Remove SillyDl.AUZ?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
SillyDl.AUZ is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.


SillyDl.AUZ Symptoms:

Files:
[%SYSTEM%]\3dViewerb.dll
[%SYSTEM%]\acctresv.dll
[%SYSTEM%]\adsldpcs.dll
[%SYSTEM%]\adsndsb.dll
[%SYSTEM%]\advpacka.dll
[%SYSTEM%]\advpackaa.dll
[%SYSTEM%]\advpackaas.dll
[%SYSTEM%]\alrsvcb.dll
[%SYSTEM%]\amstreamb.dll
[%SYSTEM%]\apcupsa.dll
[%SYSTEM%]\apphelpa.dll
[%SYSTEM%]\apphelpas.dll
[%SYSTEM%]\appmgrb.dll
[%SYSTEM%]\asycfiltb.dll
[%SYSTEM%]\atl71b.dll
[%SYSTEM%]\atl71v.dll
[%SYSTEM%]\audiodevb.dll
[%SYSTEM%]\AuthFWSnapinv.dll
[%SYSTEM%]\avicapb.dll
[%SYSTEM%]\avicapba.dll
[%SYSTEM%]\axaltocmv.dll
[%SYSTEM%]\axaltocmvb.dll
[%SYSTEM%]\azroleuia.dll
[%SYSTEM%]\azroleuiv.dll
[%SYSTEM%]\AzSqlExtv.dll
[%SYSTEM%]\bcrypta.dll
[%SYSTEM%]\bitsprx2v.dll
[%SYSTEM%]\bitsprx3s.dll
[%SYSTEM%]\blackboxs.dll
[%SYSTEM%]\bootvids.dll
[%SYSTEM%]\bootvidsa.dll
[%SYSTEM%]\browselca.dll
[%SYSTEM%]\browseui(5)b.dll
[%SYSTEM%]\browseuia.dll
[%SYSTEM%]\browseuis.dll
[%SYSTEM%]\browsewmb.dll
[%SYSTEM%]\browsewmv.dll
[%SYSTEM%]\browsewmvv.dll
[%SYSTEM%]\browsewmvva.dll
[%SYSTEM%]\browsewmvvv.dll
[%SYSTEM%]\bthcia.dll
[%SYSTEM%]\cabinetv.dll
[%SYSTEM%]\cabviews.dll
[%SYSTEM%]\catsrvs.dll
[%SYSTEM%]\cdmodemv.dll
[%SYSTEM%]\certcliv.dll
[%SYSTEM%]\CertEnrollUIa.dll
[%SYSTEM%]\cfgbkenda.dll
[%SYSTEM%]\cfgmgr32b.dll
[%SYSTEM%]\chsbrkrb.dll
[%SYSTEM%]\clbcatexb.dll
[%SYSTEM%]\cliconfga.dll
[%WINDOWS%]\4_cha.exe
[%WINDOWS%]\cha_111.exe
[%SYSTEM%]\3dViewerb.dll
[%SYSTEM%]\acctresv.dll
[%SYSTEM%]\adsldpcs.dll
[%SYSTEM%]\adsndsb.dll
[%SYSTEM%]\advpacka.dll
[%SYSTEM%]\advpackaa.dll
[%SYSTEM%]\advpackaas.dll
[%SYSTEM%]\alrsvcb.dll
[%SYSTEM%]\amstreamb.dll
[%SYSTEM%]\apcupsa.dll
[%SYSTEM%]\apphelpa.dll
[%SYSTEM%]\apphelpas.dll
[%SYSTEM%]\appmgrb.dll
[%SYSTEM%]\asycfiltb.dll
[%SYSTEM%]\atl71b.dll
[%SYSTEM%]\atl71v.dll
[%SYSTEM%]\audiodevb.dll
[%SYSTEM%]\AuthFWSnapinv.dll
[%SYSTEM%]\avicapb.dll
[%SYSTEM%]\avicapba.dll
[%SYSTEM%]\axaltocmv.dll
[%SYSTEM%]\axaltocmvb.dll
[%SYSTEM%]\azroleuia.dll
[%SYSTEM%]\azroleuiv.dll
[%SYSTEM%]\AzSqlExtv.dll
[%SYSTEM%]\bcrypta.dll
[%SYSTEM%]\bitsprx2v.dll
[%SYSTEM%]\bitsprx3s.dll
[%SYSTEM%]\blackboxs.dll
[%SYSTEM%]\bootvids.dll
[%SYSTEM%]\bootvidsa.dll
[%SYSTEM%]\browselca.dll
[%SYSTEM%]\browseui(5)b.dll
[%SYSTEM%]\browseuia.dll
[%SYSTEM%]\browseuis.dll
[%SYSTEM%]\browsewmb.dll
[%SYSTEM%]\browsewmv.dll
[%SYSTEM%]\browsewmvv.dll
[%SYSTEM%]\browsewmvva.dll
[%SYSTEM%]\browsewmvvv.dll
[%SYSTEM%]\bthcia.dll
[%SYSTEM%]\cabinetv.dll
[%SYSTEM%]\cabviews.dll
[%SYSTEM%]\catsrvs.dll
[%SYSTEM%]\cdmodemv.dll
[%SYSTEM%]\certcliv.dll
[%SYSTEM%]\CertEnrollUIa.dll
[%SYSTEM%]\cfgbkenda.dll
[%SYSTEM%]\cfgmgr32b.dll
[%SYSTEM%]\chsbrkrb.dll
[%SYSTEM%]\clbcatexb.dll
[%SYSTEM%]\cliconfga.dll
[%WINDOWS%]\4_cha.exe
[%WINDOWS%]\cha_111.exe


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Evolution Trojan Information
Mod Hacker Tool Information
Pigeon.ASN Trojan Cleaner
custom.click.com Tracking Cookie Information
Vxidl.AUN Trojan Cleaner

TIBS Trojan

How To Remove TIBS?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
TIBS is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.


TIBS It also known as:

[Kaspersky]Trojan-Downloader.Win32.Tibs.im,Trojan-Downloader.Win32.Small.cwj,Email-Worm.Win32.Zhelatin.bw,Packed.Win32.Tibs.w,Trojan-Downloader.Win32.Tibs.pk;
[McAfee]Generic Downloader.q,BraveSentry;
[F-Prot]W32/EmailWorm.IRB;
[Panda]Dialer.DU;
[Other]Win32/Tibs!generic,W32/DLoader.CBPU,W32/DLoader.CBPT,W32/Tibs.VWN,Trojan.Packed.13,Worm:Win32/Nuwar.gen,Mal/EncPk-E,Trojan.Vxgame.z,members area dialer,TrojanDownloader:Win32/Tibs.L,W32/Tibs.gen92,TrojanDownloader:Win32/Tibs

TIBS Symptoms:

Files:
[%PROFILE_TEMP%]\1.dllb
[%PROFILE_TEMP%]\2.dllb
[%PROFILE_TEMP%]\5.dllb
[%PROFILE_TEMP%]\6.dllb
[%PROFILE_TEMP%]\7.dllb
[%PROFILE_TEMP%]\qv3xt3.game
[%PROFILE_TEMP%]\qvxt34.game
[%PROFILE_TEMP%]\qvxt42.game
[%SYSTEM%]\dlh9jkd1q1.exe
[%SYSTEM%]\dlh9jkd1q2.exe
[%SYSTEM%]\dlh9jkd1q5.exe
[%SYSTEM%]\dlh9jkd1q6.exe
[%SYSTEM%]\dlh9jkd1q7.exe
[%SYSTEM%]\dlh9jkd1q8.exe
[%SYSTEM%]\dsuiexq.dll
[%SYSTEM%]\ma.exe.exe
[%PROFILE_TEMP%]\ixqlsxgh.exe
[%PROFILE_TEMP%]\ma1xdd1.game
[%SYSTEM%]\bofhn32.dll
[%SYSTEM%]\cubtzv32.dll
[%SYSTEM%]\hdefvz.sys
[%SYSTEM%]\kfejwmi.dll
[%SYSTEM%]\max1d641.exe
[%SYSTEM%]\qvx5gamet2.exe
[%SYSTEM%]\qvxga6met3.exe
[%SYSTEM%]\ufypth.dll
[%SYSTEM%]\usjbgwl.dll
[%PROFILE_TEMP%]\1.dllb
[%PROFILE_TEMP%]\2.dllb
[%PROFILE_TEMP%]\5.dllb
[%PROFILE_TEMP%]\6.dllb
[%PROFILE_TEMP%]\7.dllb
[%PROFILE_TEMP%]\qv3xt3.game
[%PROFILE_TEMP%]\qvxt34.game
[%PROFILE_TEMP%]\qvxt42.game
[%SYSTEM%]\dlh9jkd1q1.exe
[%SYSTEM%]\dlh9jkd1q2.exe
[%SYSTEM%]\dlh9jkd1q5.exe
[%SYSTEM%]\dlh9jkd1q6.exe
[%SYSTEM%]\dlh9jkd1q7.exe
[%SYSTEM%]\dlh9jkd1q8.exe
[%SYSTEM%]\dsuiexq.dll
[%SYSTEM%]\ma.exe.exe
[%PROFILE_TEMP%]\ixqlsxgh.exe
[%PROFILE_TEMP%]\ma1xdd1.game
[%SYSTEM%]\bofhn32.dll
[%SYSTEM%]\cubtzv32.dll
[%SYSTEM%]\hdefvz.sys
[%SYSTEM%]\kfejwmi.dll
[%SYSTEM%]\max1d641.exe
[%SYSTEM%]\qvx5gamet2.exe
[%SYSTEM%]\qvxga6met3.exe
[%SYSTEM%]\ufypth.dll
[%SYSTEM%]\usjbgwl.dll

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{00009E9F-DDD7-AA59-AA7D-AA4B7D6BE000}
HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304B60787}
HKEY_CURRENT_USER\software\adwaredisablekey4
HKEY_LOCAL_MACHINE\software\adwaredisablekey4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00009E9F-DDD7-AA59-AA7D-AA4B7D6BE000}
HKEY_CLASSES_ROOT\clsid\{2c1cd3d7-86ac-4068-93bc-a02304b60787}
HKEY_CLASSES_ROOT\clsid\{4f67b44e-7ba5-aef4-828e-074034113a82}
HKEY_CURRENT_USER\clsid\{f862b760-0a21-1033-0729-0529050001}
HKEY_CURRENT_USER\software\classes\clsid\{f862b760-0a21-1033-0729-0529050001}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4f67b44e-7ba5-aef4-828e-074034113a82}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\a3dxq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\a3dxq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\a3dxq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\a3dxq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\a3dxq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\a3dxq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys2freg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys2freg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys2freg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys2freg
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gb\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gb\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gb\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gb\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gb\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gb\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gb\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gb\0000\control
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_runtime\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_runtime\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_runtime\0000\control
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\example
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\example
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\example
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\example
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\example
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\parameters
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\parameters
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\parameters
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\parameters
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\security
HKEY_CURRENT_USER\clsid\{1862b760-0a21-1033-0729-0529050001}
HKEY_CURRENT_USER\clsid\{1862b760-0a21-1033-0729-0529050001}
HKEY_CURRENT_USER\clsid\{1862b760-0a21-1033-0729-0529050001}
HKEY_CURRENT_USER\software\classes\clsid\{1862b760-0a21-1033-0729-0529050001}
HKEY_CURRENT_USER\software\classes\clsid\{1862b760-0a21-1033-0729-0529050001}
HKEY_CURRENT_USER\software\classes\clsid\{1862b760-0a21-1033-0729-0529050001}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\a3dxq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\a3dxq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\a3dxq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\a3dxq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys2freg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys2freg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys2freg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys2freg
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\example
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\example
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\example
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\example
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\parameters
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\security
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\security


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove Pigeon.AMZ Trojan
Bancos.INR Trojan Removal

Small.kz Trojan

How To Remove Small.kz?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Small.kz is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.


Small.kz Symptoms:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{d48d738b-28a3-47f8-a2e4-64e33583a3ac}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\e263c16a-a3d8-4157-a192-6e63d44d222c


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Blizzard DoS Information
Pigeon.ETM Trojan Removal
SillyDl.CDF Trojan Removal instruction
Wintrim.bi Downloader Removal instruction

Vanti Trojan

How To Remove Vanti?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Vanti is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.


Vanti It also known as:

[Kaspersky]Rootkit.Win32.Vanti.e,Rootkit.Win32.Vanti.df,Trojan-PSW.Win32.Nilage.avi,Rootkit.Win32.Vanti.ci,Trojan-PSW.Win32.OnLineGames.eb,Rootkit.Win32.Vanti.ex,Rootkit.Win32.Vanti.eu,Rootkit.Win32.Vanti.ei,Trojan.PSW.Win32.OnLineGames.dt,Trojan-PSW.Win32.Nilage.oz,Trojan-PSW.Win32.Nilage.ayp,Trojan-PSW.Win32.Magania.pf,Rootkit.Win32.Vanti.ew,Rootkit.Win32.Agent.ec;
[McAfee]Backdoor-CTV,PWS-Lineage,Generic PWS.o;
[F-Prot]W32/PWStealer.gen1,W32/PWStealer1!Generic,W32/Rootkit.OT;
[Other]Win32.Vanti.A,Hacktool.Rootkit,TROJ_VANTI.E,Win32/Vanti!generic,Win32/Vanti.AD!DLL!Trojan,Infostealer,Win32/Vanti.AE,Win32/Vanti.J,Win32/Vanti.DR,Win32/Vanti.X!Trojan,Mal/Packer,Win32/Vanti.AR,Win32/Vanti.AY,Win32/Vanti.BY,Win32/Vanti.BW,Win32/Vanti.BV,Win32/Vanti.BX,Win32/Vanti.CV,Win32/Vanti.EJ,Win32/Vanti.EK,Win32/Vanti.DZ,Win32/Vanti.DS,Win32/Vanti.DV,Win32/Vanti.CL,Win32/Vanti.CQ,VirTool:Win32/Obfuscator.A,Win32/Vanti.CT,Win32/Vanti.CU,Bloodhound.NsAnti,Win32/Vanti.CS,Win32/Vanti.CE,Win32/Vanti.CR,Win32/Vanti.BZ,Win32/Vanti.CA,Win32/Vanti.CB,Win32/Vanti.CC,Win32/Vanti.FU,Win32/Vanti.HE,Win32/Vanti.HF,Win32/Vanti.HG,Win32/Vanti.HH,Trojan.Win32.NSAnti,Win32/Vanti.FW,Win32/Vanti.FV,Win32/Vanti.FX,Troj/Agent-ELF

Vanti Symptoms:

Files:
[%PROFILE_TEMP%]\b104.exe
[%PROFILE_TEMP%]\cmdinst.exe
[%WINDOWS%]\UHLqZ293c2tp\oJMNtZ6awZQD.vbs
[%LOCAL_SETTINGS%]\temp.gxvr.sys
[%PROFILE_TEMP%]\4fjjtbh.dll
[%PROFILE_TEMP%]\gs5.dll
[%PROFILE_TEMP%]\h7cv.dll
[%PROFILE_TEMP%]\l88kkgkc.dll
[%PROFILE_TEMP%]\ljl.dll
[%PROFILE_TEMP%]\xbrkvewo.dll
[%PROFILE_TEMP%]\xny.dll
[%PROFILE_TEMP%]\ygg4.dll
[%PROFILE_TEMP%]\zgh.dll
[%SYSTEM%]\wincab.sys
[%PROFILE_TEMP%]\b104.exe
[%PROFILE_TEMP%]\cmdinst.exe
[%WINDOWS%]\UHLqZ293c2tp\oJMNtZ6awZQD.vbs
[%LOCAL_SETTINGS%]\temp.gxvr.sys
[%PROFILE_TEMP%]\4fjjtbh.dll
[%PROFILE_TEMP%]\gs5.dll
[%PROFILE_TEMP%]\h7cv.dll
[%PROFILE_TEMP%]\l88kkgkc.dll
[%PROFILE_TEMP%]\ljl.dll
[%PROFILE_TEMP%]\xbrkvewo.dll
[%PROFILE_TEMP%]\xny.dll
[%PROFILE_TEMP%]\ygg4.dll
[%PROFILE_TEMP%]\zgh.dll
[%SYSTEM%]\wincab.sys

Folders:
[%SYSTEM%]\cache32_hsrb

Registry Keys:
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_cmdservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_lzq1217
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\cmdservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_squell
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\kingx
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\squella
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\squellab

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
TrojanDownloader.Win32.Small.gu Downloader Symptoms
Bancos.IEM Trojan Removal

RaxSearch Adware

How To Remove RaxSearch?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
RaxSearch is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits


RaxSearch Symptoms:

Files:
[%DESKTOP%]\Rax Search.lnk
[%PROGRAMS%]\Rax Search\Rax Search.lnk
[%WINDOWS%]\infodll.dll
[%WINDOWS%]\underwater.scr
[%DESKTOP%]\Rax Search.lnk
[%PROGRAMS%]\Rax Search\Rax Search.lnk
[%WINDOWS%]\infodll.dll
[%WINDOWS%]\underwater.scr

Folders:
[%PROGRAM_FILES%]\Rax Search
[%PROGRAM_FILES%]\RAX Search Helper
[%PROGRAM_FILES%]\Underwater Screensaver

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{19ad8203-1538-43a0-848b-d136782e09de}
HKEY_CLASSES_ROOT\interface\{f89c6ee9-8bca-40d4-82b7-12853bb8bb55}
HKEY_CLASSES_ROOT\rxh.helper
HKEY_CLASSES_ROOT\rxh.helper.1
HKEY_CLASSES_ROOT\rxh.rxh
HKEY_CLASSES_ROOT\rxh.rxh.1
HKEY_CLASSES_ROOT\typelib\{8547ada7-fc77-4ac1-b0a2-c4b79787b460}
HKEY_CURRENT_USER\software\microsoft\currentversion\run\raxsearch
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\raxsearch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{19ad8203-1538-43a0-848b-d136782e09de}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\rax search
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\rax search helper
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\underwater screensaver


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Cyn.03a Trojan Symptoms
Hate Trojan Symptoms