Saturday, January 31, 2009

Rbot.ZZ Worm

How To Remove Rbot.ZZ?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Rbot.ZZ is dangerous virus:
Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.

Rbot.ZZ Symptoms:

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing Pigeon.AYA Trojan
Removing Anonim Trojan
Cummings.Keylogger Spyware Symptoms
Grepage Trojan Removal instruction
Strange Trojan Cleaner

Posted by at No comments:

Ricercadoppia Toolbar

How To Remove Ricercadoppia?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Ricercadoppia is dangerous virus:
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

Ricercadoppia Symptoms:

Registry Values:
HKEY_CLASSES_ROOT\clsid\{9ec0e71a-88be-49af-b690-7c032cdce8b4}\inprocserver32
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\ciritorno.biz\www
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\coppiastrana.biz\www
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\melagodo.biz\www
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\nanobyte.biz\www
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\pergentina.biz\www
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\playmore.biz\www
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\popup-freesex-adv.biz\www
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\preferiti-windows.com\www
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\ricercadoppia.com\www
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\super-videochat-community.biz\www
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\umts-gprs-mondo-telefonino-cellulare.biz\www
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\vispateresa.biz\www
HKEY_CURRENT_USER\software\xbtb08814\cache
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar
HKEY_CURRENT_USER\software\xbtb08814\toolbar\tb_items
HKEY_CURRENT_USER\software\xbtb08814\toolbar\tb_items
HKEY_CURRENT_USER\software\xbtb08814\toolbar\tb_items
HKEY_CURRENT_USER\software\xbtb08814\toolbar\tb_items
HKEY_CURRENT_USER\software\xbtb08814\toolbar\tb_items
HKEY_CURRENT_USER\software\xbtb08814\toolbar\tb_items
HKEY_CURRENT_USER\software\xbtb08814\toolbar\tb_items
HKEY_CURRENT_USER\software\xbtb08814\toolbar\tb_items
HKEY_CURRENT_USER\software\xbtb08814\toolbar\tb_items
HKEY_CURRENT_USER\software\xbtb08814\toolbar\tb_items
HKEY_CURRENT_USER\software\xbtb08814\toolbar\tb_items
HKEY_CURRENT_USER\software\xbtb08814\toolbar\tb_items
HKEY_CURRENT_USER\software\xbtb08814\toolbar\tb_items
HKEY_CURRENT_USER\software\xbtb08814\toolbar\tb_items
HKEY_CURRENT_USER\software\xbtb08814\toolbar\tb_items
HKEY_CURRENT_USER\software\xbtb08814\toolbar\tb_items
HKEY_CURRENT_USER\software\xbtb08814\toolbar\tb_items
HKEY_CURRENT_USER\software\xbtb08814\toolbar\tb_items
HKEY_CURRENT_USER\software\xbtb08814\toolbar\tb_items
HKEY_CURRENT_USER\software\xbtb08814\toolbar\tb_items
HKEY_CURRENT_USER\software\xbtb08814\toolbar\tb_items
HKEY_CURRENT_USER\software\xbtb08814\toolbar\tb_items
HKEY_CURRENT_USER\software\xbtb08814\toolbar\tb_items
HKEY_CURRENT_USER\software\xbtb08814\toolbar\tb_items
HKEY_CURRENT_USER\software\xbtb08814\toolbar\tb_items
HKEY_CURRENT_USER\software\xbtb08814\toolbar\tb_items
HKEY_CURRENT_USER\software\xbtb08814\toolbar\tb_items
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\xbtb08814.xbtb08814toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\xbtb08814.xbtb08814toolbar

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove Absent.Directory.Browser.Argument DoS
Email.Spy.Monitor Spyware Cleaner
Phishbank.AXA Trojan Cleaner

Posted by at No comments:

Showbar BHO

How To Remove Showbar?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Showbar is dangerous virus:
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.

Showbar Symptoms:

Registry Keys:
HKEY_CLASSES_ROOT\typelib\{80841d20-757e-4a6b-9934-2b3cb9ae83cb}

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
MyTool Adware Cleaner
Netad Trojan Symptoms
Wuzhil Trojan Information
Pigeon.AKU Trojan Cleaner
Bancos.GAU Trojan Symptoms

Posted by at No comments:

System.Pro Spyware

How To Remove System.Pro?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
System.Pro is dangerous virus:
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.

System.Pro Symptoms:

Files:
[%WINDOWS%]\runprf32.exe
[%WINDOWS%]\spinsavc.exe
[%DESKTOP%]\systemsurveillancepro.htm
[%DESKTOP%]\SystemSurvPro.htm
[%PROFILE%]\Local Settings\Desktop\SystemSurveillancePro.htm
[%PROGRAMS%]\System Surveillance Pro 4.8\Help Manual.lnk
[%PROGRAMS%]\System Surveillance Pro 4.8\SSPro Data Viewer.lnk
[%PROGRAMS%]\System Surveillance Pro 4.8\Uninstall SSPro.lnk
[%WINDOWS%]\ordpix.dll
[%WINDOWS%]\sspro.cnt
[%WINDOWS%]\sspro.hlp
[%WINDOWS%]\sysural.dll
[%WINDOWS%]\sysurbl.dll
[%WINDOWS%]\runprf32.exe
[%WINDOWS%]\spinsavc.exe
[%DESKTOP%]\systemsurveillancepro.htm
[%DESKTOP%]\SystemSurvPro.htm
[%PROFILE%]\Local Settings\Desktop\SystemSurveillancePro.htm
[%PROGRAMS%]\System Surveillance Pro 4.8\Help Manual.lnk
[%PROGRAMS%]\System Surveillance Pro 4.8\SSPro Data Viewer.lnk
[%PROGRAMS%]\System Surveillance Pro 4.8\Uninstall SSPro.lnk
[%WINDOWS%]\ordpix.dll
[%WINDOWS%]\sspro.cnt
[%WINDOWS%]\sspro.hlp
[%WINDOWS%]\sysural.dll
[%WINDOWS%]\sysurbl.dll

Folders:
[%WINDOWS%]\fontinfo
[%PROGRAMS%]\system surveillance pro
[%WINDOWS%]\fontview

Registry Keys:
HKEY_CLASSES_ROOT\.zzr
HKEY_CLASSES_ROOT\clsid\{91b066b2-be0d-42bf-bedd-f9dfdbb29236}\implemented categories
HKEY_CLASSES_ROOT\sspro
HKEY_CLASSES_ROOT\sspro.document
HKEY_CLASSES_ROOT\survservices.datablockmanipulation
HKEY_CLASSES_ROOT\survservices.datainterface
HKEY_CLASSES_ROOT\survservices.declarations
HKEY_CLASSES_ROOT\survservices.general
HKEY_CLASSES_ROOT\clsid\{457107e0-4551-11d5-be6f-ae127dee6059}
HKEY_CLASSES_ROOT\clsid\{47643398-a2f7-422b-9fcc-e5540b1eeb05}
HKEY_CLASSES_ROOT\clsid\{95e6c67a-f1e0-48ef-b0cd-3d72b23fb558}
HKEY_CLASSES_ROOT\clsid\{9df88e2d-bc3e-4524-b5d0-1c49557427a4}
HKEY_CLASSES_ROOT\clsid\{b540c664-b279-4702-83b6-813c9552148f}
HKEY_CLASSES_ROOT\interface\{2074d3f5-5d94-4468-b0d4-6388666aa3e3}
HKEY_CLASSES_ROOT\interface\{453706df-465b-11d5-be6f-c0e46d415558}
HKEY_CLASSES_ROOT\interface\{453706e7-465b-11d5-be6f-c0e46d415558}
HKEY_CLASSES_ROOT\interface\{dac453d4-86ad-4dbe-8d44-2b88c376bbe3}
HKEY_CLASSES_ROOT\interface\{dda8b302-e846-4e1f-818d-0b701f969f9b}
HKEY_CLASSES_ROOT\interface\{f127d096-0939-418e-b579-ce7e40eb6a8a}
HKEY_CLASSES_ROOT\picscroll.cpvpicscroll
HKEY_CLASSES_ROOT\typelib\{3b8554df-2818-4d24-bf82-c7ee3f9af3b5}
HKEY_CLASSES_ROOT\typelib\{457107de-4551-11d5-be6f-ae127dee6059}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\system surveillance pro~
HKEY_CURRENT_USER\software\vb and vba program settings\sspro

Registry Values:
HKEY_CLASSES_ROOT\clsid\{d46bd5cb-2360-4f5f-8793-5f4ae775ec44}\inprocserver32
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing Pigeon.EGP Trojan
Tetrinet.txt DoS Removal instruction
Qoogler Hijacker Symptoms

Posted by at No comments:

Tiniloz Trojan

How To Remove Tiniloz?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Tiniloz is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
Tiniloz It also known as:

[Kaspersky]Trojan-Downloader.Win32.Zlob.cqo,Trojan-Downloader.Win32.Zlob.dcv;
[McAfee]Puper

Tiniloz Symptoms:

Files:
[%COMMON_APPDATA%]\Nuance\NaturallySpeaking9\Users\devil\audioin.dat
[%COMMON_APPDATA%]\Nuance\NaturallySpeaking9\Users\Elizabeth\audioin.dat
[%PROFILE%]\TEMP\sdk\ObjectARX\samples\DblClick\cmd.api
[%PROGRAM_FILES%]\DragonNaturallySpeaking\Users\giuseppe\audioin.dat
[%PROGRAM_FILES%]\Mozilla Firefox\components\npclntax.xpt
[%PROGRAM_FILES%]\Mozilla Firefox\plugins\npclntax.dll
[%PROGRAM_FILES%]\ScanSoft\NaturallySpeaking\Users\dave\audioin.dat
[%PROGRAM_FILES%]\ScanSoft\NaturallySpeaking\Users\dave\backup2\audioin.dat
[%PROGRAM_FILES%]\SpamBlockerUtility\SBTV\sbtv_gdf.dat
[%PROGRAM_FILES%]\Zango\zango_gdf.dat
[%WINDOWS%]\downloaded program files\clientax.dll
[%WINDOWS%]\msbb.exe
[%WINDOWS%]\msbbhook.dll
[%COMMON_APPDATA%]\Nuance\NaturallySpeaking9\Users\devil\audioin.dat
[%COMMON_APPDATA%]\Nuance\NaturallySpeaking9\Users\Elizabeth\audioin.dat
[%PROFILE%]\TEMP\sdk\ObjectARX\samples\DblClick\cmd.api
[%PROGRAM_FILES%]\DragonNaturallySpeaking\Users\giuseppe\audioin.dat
[%PROGRAM_FILES%]\Mozilla Firefox\components\npclntax.xpt
[%PROGRAM_FILES%]\Mozilla Firefox\plugins\npclntax.dll
[%PROGRAM_FILES%]\ScanSoft\NaturallySpeaking\Users\dave\audioin.dat
[%PROGRAM_FILES%]\ScanSoft\NaturallySpeaking\Users\dave\backup2\audioin.dat
[%PROGRAM_FILES%]\SpamBlockerUtility\SBTV\sbtv_gdf.dat
[%PROGRAM_FILES%]\Zango\zango_gdf.dat
[%WINDOWS%]\downloaded program files\clientax.dll
[%WINDOWS%]\msbb.exe
[%WINDOWS%]\msbbhook.dll

Folders:
[%PROGRAM_FILES%]\180searchassistant

Registry Keys:
HKEY_CLASSES_ROOT\clientax.clientinstaller
HKEY_CLASSES_ROOT\clientax.clientinstaller.1
HKEY_CLASSES_ROOT\clientax.requiredcomponent
HKEY_CLASSES_ROOT\clientax.requiredcomponent.1
HKEY_CLASSES_ROOT\clsid\{0ac49246-419b-4ee0-8917-8818daad6a4e}
HKEY_CLASSES_ROOT\clsid\{99410cde-6f16-42ce-9d49-3807f78f0287}
HKEY_CLASSES_ROOT\clsid\{b10031b2-f184-4803-9a88-d239c0641d70}
HKEY_CLASSES_ROOT\clsid\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6}
HKEY_CLASSES_ROOT\interface\{2b0eceac-f597-4858-a542-d966b49055b9}
HKEY_CLASSES_ROOT\interface\{6c092742-10fe-4db2-988d-fc71948de70c}
HKEY_CLASSES_ROOT\interface\{7b178417-3cda-444f-94ff-312c0a3a78a8}
HKEY_CLASSES_ROOT\interface\{7fa8976f-d00c-4e98-8729-a66569233fb5}
HKEY_CLASSES_ROOT\interface\{a16650a9-b065-40ec-bbd1-f8d370d17fb1}
HKEY_CLASSES_ROOT\interface\{a79f8202-e09d-4f0f-ad4d-dcae1dac5994}
HKEY_CLASSES_ROOT\interface\{bdddf1a5-51a9-4f51-b38d-4cd0ad831b31}
HKEY_CLASSES_ROOT\interface\{ddea2e1d-8555-45e5-af09-ec9aa4ea27ad}
HKEY_CLASSES_ROOT\interface\{e43dfaa6-8c16-4519-b022-8792408505a4}
HKEY_CLASSES_ROOT\interface\{f1f1e775-1b21-454d-8d38-7c16519969e5}
HKEY_CLASSES_ROOT\lmgr180.wmdrmax
HKEY_CLASSES_ROOT\lmgr180.wmdrmax.1
HKEY_CLASSES_ROOT\typelib\{5b6689b5-c2d4-4dc7-bfd1-24ac17e5fcda}
HKEY_CLASSES_ROOT\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}
HKEY_CLASSES_ROOT\typelib\{8be3faba-7468-4851-b97c-0750af2b908e}
HKEY_CLASSES_ROOT\typelib\{f2bf4713-e933-4b66-8694-22ed243709c7}
HKEY_CURRENT_USER\software\180ax
HKEY_CURRENT_USER\software\sau
HKEY_LOCAL_MACHINE\software\180ax
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\180ax
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\sain
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\sau
HKEY_LOCAL_MACHINE\software\sain
HKEY_LOCAL_MACHINE\software\sau

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
boldchat.com Tracking Cookie Cleaner
Removing StartPage.oj Trojan

Posted by at No comments:

Syfoin Trojan

How To Remove Syfoin?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Syfoin is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Syfoin It also known as:

[Kaspersky]Backdoor.Win32.Pakes,Trojan.Win32.Agent.afj,Trojan-Dropper.MSPPoint.Agent.z;
[Other]Win32/Syfoin.C,Win32/Syfoin.H,Infostealer

Syfoin Symptoms:

Files:
[%SYSTEM%]\sysinfo.exe
[%SYSTEM%]\kavlg
[%SYSTEM%]\kavlg.exe
[%SYSTEM%]\sysinfo.exe
[%SYSTEM%]\kavlg
[%SYSTEM%]\kavlg.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2b6486ac-f193-cbca-0403-050108050003}

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Possible.Browser.Hijack.attempt Hijacker Removal

Posted by at No comments:

Win32.Agent.NGH Trojan

How To Remove Win32.Agent.NGH?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Win32.Agent.NGH is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.

Win32.Agent.NGH Symptoms:

Files:
[%WINDOWS%]\SecureWin31.dll
[%WINDOWS%]\SecureWin31.dll

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{A75E294E-C047-4D29-B07E-37B792881BEF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A75E294E-C047-4D29-B07E-37B792881BEF}

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Killstart Trojan Removal

Posted by at No comments:
Subscribe to: Posts (Atom)