How To Remove Trojan?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Trojan is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Many trojans and backdoors now have
remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.
These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.
Toolbar presents itself as a
helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
These utilities are designed to
penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.
DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.
Trojan It also known as:
[Kaspersky]Trojan.PSW.Atrojan.15,Trojan.PSW.Atrojan.20,Backdoor.Inuk,Backdoor.Notpa,Backdoor.Zemac.b,Backdoor.Zemac.d,Backdoor.Zemac.a,Backdoor.Zemac.c,Backdoor.VB.ga,MutaGen.100.Test.1325,Backdoor.Rat.10,Trojan.Rappere.5718,Backdoor.Rat.20,Backdoor.Win32.RAT.20,Backdoor.Xtcp.200,Backdoor.Xtcp.201,Trojan.307,Stoned.a,Trojan.Zyflex,Trojan.PSW.Sniffor.f,Backdoor.VB.da,Jerusalem.1244.a,ARCV.795.b,Phoenix.Live.1226,Virus101,Virus.DOS.CivilWar.Dad.503,Dutch_Tiny.284,Dutch_Tiny.286,EAF.737,Mini.189,VCL.361.a,V.491,Vienna.583.a,Vienna.634.a,V.699,Mnemonix.559,Singapore.521,V.484.a,V.302,Mutation.241.a,Trivial.26.a,NIK.Test.1958,SillyO.286,Vpp.475,IRC-Worm.Septic.4535,Trojan.PSW.Pricol.a,Trojan-Dropper.Win32.VB.nh,Trojan-Clicker.Win32.Delf.dn,Trojan.Win32.VB.aoe,Trojan.Win32.Delf.cn,Trojan.Win32.Dialer.ru,Trojan.Win32.Dialer.fy,Porn-Dialer.Win32.Agent.h,Trojan.Win32.Dialer.hc,Backdoor.Win32.Agent.alm,Backdoor.Win32.VirtualAve.h,Trojan-Clicker.Win32.BHO.f,AdWare.Win32.BHO.hk;
[Eset]Win32/PSW.Atrojan.B trojan,Win32/PSW.Atrojan.C trojan,Win32/PWS.Atrojan.C trojan,Win32/BackDoor.2_0 trojan,Win32/BackDoor.2_02 trojan,Win32/Inuk trojan,Win32/Zemac.D trojan,Win32/Notpa.A trojan,Win32/Notpa trojan,Win32/BackDoor.2_03 trojan,Win32/Zemac.C trojan,Win32/VB.GA trojan,201 trojan,XTCP.200.Install trojan,_MX trojan,Win32/Optix.Downloader trojan,Jerusalem.1244 virus,probably unknown STEALTH.CRYPT.TSR.COM.EXE virus,Virus101 virus,Ava.550 virus;
[McAfee]BackDoor-AR,Generic,Generic BackDoor.b,OC/mut1,BackDoor-U,Froggie,BackDoor-CT,Mailer joke,Zyflex,Generic Downloader.s,AdClicker-EJ,Generic StartPage.f,Dialer-199,Dialer-188,Generic BackDoor.u,FDoS-BEnergy,BackDoor-KT;
[F-Prot]security risk or a "backdoor" program,Mgtest.5131,destructive program,W32/XTCP.backdoor.A,virus dropper,W32/Dialer.CEY,W32/Dialer.CMQ,W32/Backdoor.AQGQ;
[Panda]Trj/PSW.Atrojan.b,Trj/PSW.Atrojan.C,Backdoor Program.LC,Trj/Backdoor.2_3.Sr,Bck/Zemac,Trj/Backdoor.2_3.Cl,Mutagen.1703,Bck/Rat.1_0,Generic Trojan,Bck/Rat.2_0,Bck/XTCP.201,Tr_Zyflex.35,Trj/PSW.Sniffer.F,Backdoor Program,Bck/VB,Trj/Eraser.Gen,Trj/Headless,Trj/PSW.TestSpy.C,Trj/PSW.TestSpyB,Univ,Univ.OG,Univ.EP,Jerusalem.1244,X-2.Drp,1226B-Drp,Virus 101,CivilWar.Dad.503,Search.377,Danish_tiny.284.B,K-4C.737,Howard.361,Dest 3,Tu28.535,_612,Pol.583,USSR.711,D-K,V.484,Roseanne,NIK.Test.1958,Univ.EG,Test.1030.?,Vtt.475,Septic.4512.Drp,Trj/PSW.Pricol.a;
[Computer Associates]Win32.PSW.Atrojan.15,Win32/Atrojan.B!PWS!Trojan,Win32/PWS.Atrojan.C.Trojan,Win32/PWS.ATrojan.C2.Trojan,Backdoor/Inuk!Server,Backdoor/Zemac.G,Win32.IcqNuke98,Win95/ICQNuke98!Trojan,Win95/ICQNuke98.Trojan,Win32.Zemac,Win95/BackDoor_1.3.Trojan,Backdoor/DarkEclipse!Server,Backdoor/Zemac.A,Win95/ICQNuke.Trojan,Win32.Readme,Win32/Readme.Trojan,Mgtest.5131.B,Backdoor/Rat10,Froggie,Win32.Rat.10,Win32.Rat.20,Win32/Rat.B!Trojan,Backdoor/Xtcp!Server.201,Backdoor/Xtcp.201,Win32.Xtcp.200,Win32.Xtcp.201,StonedDropper.17574.Dropper,Ziflex!Trojan,Zyflex,Sniffer.f!PWS!Trojan,Backdoor/VB.da,TrojanTester!Trojan,Trojan-20990!Trojan,Win32/TestSpy.C!PWS!Trojan,Win32/TestSpy.B!PWS!Trojan,C.112.C,Flow.201,Flow.297,Win32/E.1416,Win32/S.Downloader.Trojan,1244,X 2,V 101,V 550,503,V 377,284/286,189.C,361,C.491,585,612.A,C.640,V.699,TPE encrypted,484,V 302,V 1355,C.180,Trivial.26.H;
[Other]trojan-dropper-dudu,Win32/Testuu.F,Trojan-IEMax,Win32/Testuu.K,Trojan.IEMax,Win32/Testuu.I,Troojan.IEMax,Win32/Testuu.D,Dialer.ExDialer,Win32/Dialer.E,Win32/Dialer.V,W32/Dialer.LBF,Win32/Dialer.U,Troj/QLowDr-A,Dialer:Win32/Riprova,Plugin,winmovie dialer,Dialer.Sfonditalia,Dialer.Generic,W32/Dialer.AGDZ,Dialer.BGRN,TROJ_AGENT.RTF,W32/Malware,Trojan.W32.VirtualAve,Downloader,TROJ_Generic
Trojan Symptoms:
Files:
[%PROFILE_TEMP%]\tt_unadd.inf
[%SYSTEM%]\SWRT01.dll
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Per Adulti.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Previsioni Meteo.lnk
[%DESKTOP%]\Previsioni Meteo.lnk
[%PROGRAM_FILES%]\Internet Explorer\MUI\yybar.exe
[%PROGRAM_FILES%]\ybar.exe
[%STARTMENU%]\Per Adulti.lnk
[%STARTMENU%]\Previsioni Meteo.lnk
[%SYSTEM%]\antiwpa.dll
[%SYSTEM%]\DayTemp.ini
[%SYSTEM%]\domain11.dll
[%SYSTEM%]\Explor.exe
[%SYSTEM%]\fileupdate.exe
[%SYSTEM%]\fsutk.dll
[%SYSTEM%]\helperservice.dll
[%SYSTEM%]\intnets.exe
[%SYSTEM%]\lie1d6ff.dll
[%SYSTEM%]\msvcrtd.exe
[%SYSTEM%]\popservice.exe
[%SYSTEM%]\scridows.exe
[%SYSTEM%]\shell32.exe
[%SYSTEM%]\smail11.dll
[%SYSTEM%]\sysinfer.exe
[%SYSTEM%]\systemtoolbar.dll
[%SYSTEM%]\systray32s.exe
[%WINDOWS%]\ad.exe
[%WINDOWS%]\msfiles.exe
[%WINDOWS%]\notpa.exe
[%WINDOWS%]\syssfitb.exe
[%WINDOWS%]\system\august10.exe
[%WINDOWS%]\system\dpvmox.exe
[%WINDOWS%]\system\lie1d6ff.dll
[%WINDOWS%]\system\mshelp32.exe
[%WINDOWS%]\Tempp\8888_16.exe
[%WINDOWS%]\Tempp\winass.exe
[%WINDOWS%]\winass.exe
[%PROFILE_TEMP%]\tt_unadd.inf
[%SYSTEM%]\SWRT01.dll
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Per Adulti.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Previsioni Meteo.lnk
[%DESKTOP%]\Previsioni Meteo.lnk
[%PROGRAM_FILES%]\Internet Explorer\MUI\yybar.exe
[%PROGRAM_FILES%]\ybar.exe
[%STARTMENU%]\Per Adulti.lnk
[%STARTMENU%]\Previsioni Meteo.lnk
[%SYSTEM%]\antiwpa.dll
[%SYSTEM%]\DayTemp.ini
[%SYSTEM%]\domain11.dll
[%SYSTEM%]\Explor.exe
[%SYSTEM%]\fileupdate.exe
[%SYSTEM%]\fsutk.dll
[%SYSTEM%]\helperservice.dll
[%SYSTEM%]\intnets.exe
[%SYSTEM%]\lie1d6ff.dll
[%SYSTEM%]\msvcrtd.exe
[%SYSTEM%]\popservice.exe
[%SYSTEM%]\scridows.exe
[%SYSTEM%]\shell32.exe
[%SYSTEM%]\smail11.dll
[%SYSTEM%]\sysinfer.exe
[%SYSTEM%]\systemtoolbar.dll
[%SYSTEM%]\systray32s.exe
[%WINDOWS%]\ad.exe
[%WINDOWS%]\msfiles.exe
[%WINDOWS%]\notpa.exe
[%WINDOWS%]\syssfitb.exe
[%WINDOWS%]\system\august10.exe
[%WINDOWS%]\system\dpvmox.exe
[%WINDOWS%]\system\lie1d6ff.dll
[%WINDOWS%]\system\mshelp32.exe
[%WINDOWS%]\Tempp\8888_16.exe
[%WINDOWS%]\Tempp\winass.exe
[%WINDOWS%]\winass.exe
Folders:
[%PROGRAM_FILES%]\bullguard\infected
[%PROGRAM_FILES%]\8848
Registry Keys:
HKEY_CLASSES_ROOT\interface\{0f2a4adc-dabf-4980-8db4-19f67d7b1f95}
HKEY_CLASSES_ROOT\interface\{96b3b1b9-a510-4603-bd66-2bb2c9f21542}
HKEY_CLASSES_ROOT\nn_bar_dummy.nn_bardummy
HKEY_CLASSES_ROOT\nn_bar_dummy.nn_bardummy.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}
HKEY_LOCAL_MACHINE\software\classes\clsid\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e}
HKEY_LOCAL_MACHINE\software\classes\interface\{1037b06c-84b7-4240-8d80-485810a0497d}
HKEY_LOCAL_MACHINE\software\classes\interface\{224302b0-94e9-45c2-9e5b-ba989ee556e1}
HKEY_LOCAL_MACHINE\software\classes\interface\{54b287f9-fd90-4457-b65e-cb91560c021d}
HKEY_LOCAL_MACHINE\software\classes\interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f}
HKEY_LOCAL_MACHINE\software\classes\nn_bar_dummy.nn_bardummy
HKEY_LOCAL_MACHINE\software\classes\nn_bar_dummy.nn_bardummy.1
HKEY_LOCAL_MACHINE\software\classes\typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49}
HKEY_LOCAL_MACHINE\software\classes\typelib\{f8310e7d-4c4d-46a4-a068-b5bb99411cc7}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}
HKEY_CLASSES_ROOT\clsid\{42a3a616-ff3c-4713-a5c2-4f1b566cef51}
HKEY_CLASSES_ROOT\clsid\{43fa5935-e36e-4937-8127-a90191b2ec68}
HKEY_CLASSES_ROOT\clsid\{6b2455fd-3669-4555-8df8-69fd5bc846f8}
HKEY_CLASSES_ROOT\clsid\{72557f9f-13ae-44c9-b3d7-5091b599027c}
HKEY_CLASSES_ROOT\clsid\{749d1d7d-1969-4014-a98d-9e867e7508d0}
HKEY_CLASSES_ROOT\clsid\{81270159-e8f9-4713-9646-03531e0eef58}
HKEY_CLASSES_ROOT\clsid\{86bc8440-8693-4076-a144-6baf942b40b0}
HKEY_CLASSES_ROOT\clsid\{9c759c2b-d5c5-4bdd-adb1-ba4dccc37e5e}
HKEY_CLASSES_ROOT\clsid\{9e1e1371-9d8f-4421-81b9-f8d2e1773a59}
HKEY_CLASSES_ROOT\clsid\{bf50ac63-19da-487e-ad4a-0b452d823b59}
HKEY_CLASSES_ROOT\helperservice.internet_explorer_helper
HKEY_CLASSES_ROOT\interface\{932d8e1b-cd94-4cf1-8ed1-149d452a2033}
HKEY_CLASSES_ROOT\interface\{a55841fa-0e67-4924-974f-75e75f8d4274}
HKEY_CLASSES_ROOT\interface\{c72aeefc-c265-4a10-a5a9-4150b1741580}
HKEY_CLASSES_ROOT\interface\{c86b82be-3e84-4f71-8323-f12bb71d9cb2}
HKEY_CLASSES_ROOT\pagerevisor.regmore
HKEY_CLASSES_ROOT\pagerevisor.regmore.1
HKEY_CLASSES_ROOT\pagerevisor.revisehelper
HKEY_CLASSES_ROOT\pagerevisor.revisehelper.1
HKEY_CLASSES_ROOT\systemtoolbar.internet_explorer
HKEY_CLASSES_ROOT\typelib\{4645a0e0-7b59-439a-bb73-d4159321e09b}
HKEY_CLASSES_ROOT\typelib\{910e102a-5244-4afd-a806-ce9b4e1a96c7}\1.0
HKEY_CLASSES_ROOT\typelib\{c9deef7b-1b15-475f-b4d4-7aa834f0e5c4}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\settings\{bf50ac63-19da-487e-ad4a-0b452d823b59}
HKEY_CURRENT_USER\software\vb and vba program settings\exploeer
HKEY_LOCAL_MACHINE\software\classes\clsid\{81270159-e8f9-4713-9646-03531e0eef58}
HKEY_LOCAL_MACHINE\software\internet_explorer
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{42a3a616-ff3c-4713-a5c2-4f1b566cef51}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{43fa5935-e36e-4937-8127-a90191b2ec68}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{72557f9f-13ae-44c9-b3d7-5091b599027c}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9c759c2b-d5c5-4bdd-adb1-ba4dccc37e5e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9e1e1371-9d8f-4421-81b9-f8d2e1773a59}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{bf50ac63-19da-487e-ad4a-0b452d823b59}
Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\ttunim
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\ttunim
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\ttunim
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\contextsidebar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\mirrorunder
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ronsidebar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spidersidebar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\urlsidebar
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\msupdate
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\defaultbar.com\www
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\ragazze-spiate.com\www
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\super-contenuti.com\www
HKEY_LOCAL_MACHINE\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{18a20280-fe1d-6789-0106-010106050103}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\user agent\post platform
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\ttunim
You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.
Also Be Aware of the Following Threats:
Remove FormatA Trojan