Thursday, January 22, 2009

Radlight.PRO Trojan

How To Remove Radlight.PRO?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Radlight.PRO is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Radlight.PRO Symptoms:

Files:
[%PROGRAM_FILES%]\RadLight\Subtitle Studio\Modules\Subtitle1.dll
[%PROGRAM_FILES%]\RadLight\Subtitle Studio\Modules\Subtitle2.dll
[%WINDOWS%]\rluninstall.exe
[%DESKTOP%]\radlight 3 pro.lnk
[%DESKTOP%]\radlight.lnk
[%DESKTOP%]\radlight3se.exe
[%PROFILE%]\my documents\my deliveries\cnet\radlight35se.exe
[%PROFILE_TEMP%]\saveform.exe
[%WINDOWS%]\temp\radlight_336.exe
[%PROGRAM_FILES%]\RadLight\Subtitle Studio\Modules\Subtitle1.dll
[%PROGRAM_FILES%]\RadLight\Subtitle Studio\Modules\Subtitle2.dll
[%WINDOWS%]\rluninstall.exe
[%DESKTOP%]\radlight 3 pro.lnk
[%DESKTOP%]\radlight.lnk
[%DESKTOP%]\radlight3se.exe
[%PROFILE%]\my documents\my deliveries\cnet\radlight35se.exe
[%PROFILE_TEMP%]\saveform.exe
[%WINDOWS%]\temp\radlight_336.exe

Folders:
[%PROGRAMS%]\radlight llc
[%PROGRAM_FILES%]\radlight
[%PROGRAM_FILES%]\radlight llc

Registry Keys:
HKEY_CLASSES_ROOT\radlightfile
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\radlight
HKEY_LOCAL_MACHINE\software\classes\radlightfile\defaulticon
HKEY_LOCAL_MACHINE\software\classes\radlightfile\shell\play
HKEY_LOCAL_MACHINE\software\classes\rpkfile\defaulticon
HKEY_LOCAL_MACHINE\software\classes\rpkfile\shell\install
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\radlight_is1
HKEY_LOCAL_MACHINE\software\radlight team
HKEY_CURRENT_USER\software\radlight 3 pro
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\radlight
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\radlight 3 pro
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\radlight_is1

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\radlight 3.03 pro
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\radlight 3.03 pro

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Whomydat Trojan Information
Removing Search200.Tracking.Cookie Tracking Cookie
Win32.Realpan Trojan Removal
AOL.WinSpy Trojan Removal

Posted by at No comments:

Crush Adware

How To Remove Crush?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Crush is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Crush Symptoms:

Registry Keys:
HKEY_CLASSES_ROOT\typelib\{018b7ec3-eeca-11d3-8e71-0000e82c6c0d}

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing Kaoka Hostile Code
Remove IROffer.303e Backdoor

Posted by at No comments:

OpinionBar BHO

How To Remove OpinionBar?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
OpinionBar is dangerous virus:
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.

OpinionBar Symptoms:

Files:
[%SYSTEM%]\myiemonitor.dll
[%WINDOWS%]\system\myiemonitor.dll
[%SYSTEM%]\myiemonitor.dll
[%WINDOWS%]\system\myiemonitor.dll

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{6607C683-AE7C-11D4-ACD7-0050DAC291A2}
HKEY_LOCAL_MACHINE\software\classes\clsid\{6607c683-ae7c-11d4-acd7-0050dac291a2}
HKEY_CLASSES_ROOT\clsid\{6607c683-ae7c-11d4-acd7-0050dac291a2}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{6607c683-ae7c-11d4-acd7-0050dac291a2}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6607c683-ae7c-11d4-acd7-0050dac291a2}

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Bancos.HIB Trojan Removal
VBS.Hatred Trojan Removal instruction

Posted by at No comments:

Wednesday, January 21, 2009

SearchNet Trojan

How To Remove SearchNet?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
SearchNet is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
SearchNet It also known as:

[Kaspersky]Trojan-Spy.Win32.Agent.iw,AdWare.Win32.BHO.ls;
[McAfee]SearchNet;
[Other]Win32/SearchNet.D,Adware.PigSearch,Adware.Rugo

SearchNet Symptoms:

Files:
[%SYSTEM%]\drivers\FAD.sys
[%SYSTEM%]\ntsvrs.exe
[%PROFILE_TEMP%]\lokv.exe
[%PROFILE_TEMP%]\u4hq.exe
[%SYSTEM%]\drivers\Anfad.sys
[%SYSTEM%]\drivers\svq0hve.sys
[%SYSTEM%]\drivers\xcvmp7.sys
[%SYSTEM%]\ServeHost.dat
[%SYSTEM%]\ServeHost.exe
[%SYSTEM%]\drivers\FAD.sys
[%SYSTEM%]\ntsvrs.exe
[%PROFILE_TEMP%]\lokv.exe
[%PROFILE_TEMP%]\u4hq.exe
[%SYSTEM%]\drivers\Anfad.sys
[%SYSTEM%]\drivers\svq0hve.sys
[%SYSTEM%]\drivers\xcvmp7.sys
[%SYSTEM%]\ServeHost.dat
[%SYSTEM%]\ServeHost.exe

Folders:
[%PROGRAM_FILES%]\SearchNet
[%PROGRAM_FILES%]\ZSXZ

Registry Keys:
HKEY_CLASSES_ROOT\typelib\{690e010b-042a-4973-87a8-485deb8bdf68}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{2a0176fe-008b-4706-90f5-bba532a49731}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{3ce496d1-1746-41cd-9489-3c0b93df10e2}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zsxz
HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers\0\hashes\{04152c5b-7ca9-4bb1-8077-5ea42f787eb8}
HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers\0\hashes\{515bafd0-86a0-4b2a-9dfe-4440bf60c355}
HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers\0\hashes\{5c20c0e0-9a22-424f-92c8-6f408563ce98}
HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers\0\hashes\{93506e82-31e9-47b4-901e-2d04d6aa3b86}
HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers\0\hashes\{b9b553a9-77ff-44de-8c24-fe88ccdc4e93}
HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers\0\hashes\{c8a82950-abe8-4b7d-a5de-19c249a9cfac}
HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\safer\codeidentifiers\0\hashes\{cf3780c4-33ba-44bd-981f-e37940887d8b}
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_fad
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_remote_log
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\remote log
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\fad
HKEY_CLASSES_ROOT\clsid\{3ce496d1-1746-41cd-9489-3c0b93df10e2}
HKEY_CLASSES_ROOT\iehpr.intercept
HKEY_CLASSES_ROOT\iehpr.intercept.1
HKEY_CLASSES_ROOT\interface\{52bea5f9-7e3f-490a-b7e8-9bd5dddee5df}
HKEY_CLASSES_ROOT\typelib\{158919d3-4cab-4109-9755-9ae794d5b2de}
HKEY_CLASSES_ROOT\typelib\{4a8976fe-144e-4742-8e49-d6cd3b140fd1}
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cdnup.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3ce496d1-1746-41cd-9489-3c0b93df10e2}
HKEY_LOCAL_MACHINE\software\searchnet
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_anfad
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\anfad
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\remote log

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Pigeon.EHG Trojan Information
Remove AcidShiver.Kor Trojan
Small.yd Trojan Removal instruction
Belio Trojan Cleaner

Posted by at No comments:

Bugsprey Backdoor

How To Remove Bugsprey?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Bugsprey is dangerous virus:
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Bugsprey It also known as:

[Kaspersky]Backdoor.Win32.Delf.ang;
[Other]Win32/Bugsprey,Win32/Bugsprey.A,Trojan Horse

Bugsprey Symptoms:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Di.Nuke Trojan Symptoms
W95.Henky.Adonai Trojan Removal instruction

Posted by at No comments:

WebBuying Adware

How To Remove WebBuying?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
WebBuying is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.

WebBuying Symptoms:

Files:
[%PROGRAM_FILES%]\Web Buying\v1.6.8\webbuying.dll
[%PROGRAM_FILES%]\Web Buying\v1.7.4\webbuying.exe
[%PROGRAM_FILES%]\Web Buying\v1.7.8\webbuying.exe
[%PROGRAM_FILES%]\Web Buying\v1.8.0\webbuying.exe
[%PROGRAM_FILES%]\Web Buying\v1.8.1\webbuying.exe
[%PROGRAM_FILES%]\Web Buying\v1.8.2\webbuying.exe
[%PROGRAM_FILES%]\Web Buying\v1.8.5\webbuying.exe
[%PROGRAM_FILES%]\Web Buying\v1.8.6\webbuying.exe
[%PROGRAM_FILES%]\Web Buying\v1.6.8\webbuying.dll
[%PROGRAM_FILES%]\Web Buying\v1.7.4\webbuying.exe
[%PROGRAM_FILES%]\Web Buying\v1.7.8\webbuying.exe
[%PROGRAM_FILES%]\Web Buying\v1.8.0\webbuying.exe
[%PROGRAM_FILES%]\Web Buying\v1.8.1\webbuying.exe
[%PROGRAM_FILES%]\Web Buying\v1.8.2\webbuying.exe
[%PROGRAM_FILES%]\Web Buying\v1.8.5\webbuying.exe
[%PROGRAM_FILES%]\Web Buying\v1.8.6\webbuying.exe

Folders:
[%PROGRAM_FILES%]\Web Buying

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{C318CD44-E327-4377-A28E-6EC16A921AE8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C318CD44-E327-4377-A28E-6EC16A921AE8}

Registry Values:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Pigeon.BAE Trojan Cleaner

Posted by at No comments:

Ranky.du Trojan

How To Remove Ranky.du?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Ranky.du is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Ranky.du Symptoms:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remote.Administrator RAT Cleaner
Pigeon.AVSW Trojan Removal instruction

Posted by at No comments:
Subscribe to: Posts (Atom)