Trojan List 10: January 2009

Saturday, January 31, 2009

VB.ek Trojan

VB.ek description:
VB.ek Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing VB.ek:

you can run trial version of ExterminateIt, or remove VB.ek manually.

To completely manually remove VB.ek malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with VB.ek.

Atwinda Trojan

Atwinda description:
Atwinda Category:Trojan,Backdoor,RAT
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.

Removing Atwinda:

you can run trial version of ExterminateIt, or remove Atwinda manually.

To completely manually remove Atwinda malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Atwinda.

Win32.Smurf DoS

Click here to remove Win32.Smurf malware

Win32.Smurf description:
Win32.Smurf Category:DoS
DoS trojans conduct attacks from a single computer with the consent of the user.

Removing Win32.Smurf:

you can run trial version of ExterminateIt, or remove Win32.Smurf manually.

To completely manually remove Win32.Smurf malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Win32.Smurf.

Abetels Adware

Abetels description:
Abetels Category:Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

Detection Abetels :

Abetels Files:
[%SYSTEM%]\tcbluvht.dll
[%SYSTEM%]\tcbluvht.dll

Abetels Registry Keys:
HKEY_CLASSES_ROOT\cham2.runbus
HKEY_CLASSES_ROOT\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}
HKEY_CLASSES_ROOT\interface\{6833a8e2-a2a2-44f5-941b-85a95afe35de}
HKEY_CLASSES_ROOT\typelib\{e535e46d-4ee3-413b-b44b-8da0f3688a54}
HKEY_CLASSES_ROOT\clsid\{4865f155-ce00-4e93-a414-147844d7c81a}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4865f155-ce00-4e93-a414-147844d7c81a}

Removing Abetels:

you can run trial version of ExterminateIt, or remove Abetels manually.

To completely manually remove Abetels malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Abetels.

maxlab.ru Tracking Cookie

maxlab.ru description:
maxlab.ru Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

Removing maxlab.ru:

you can run trial version of ExterminateIt, or remove maxlab.ru manually.

To completely manually remove maxlab.ru malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with maxlab.ru.

Pigeon.AOJ Trojan

Pigeon.AOJ description:
Pigeon.AOJ Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Pigeon.AOJ:

you can run trial version of ExterminateIt, or remove Pigeon.AOJ manually.

To completely manually remove Pigeon.AOJ malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.AOJ.

rjlsoftware.clickme Trojan

Click here to remove rjlsoftware.clickme malware

rjlsoftware.clickme description:
rjlsoftware.clickme Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing rjlsoftware.clickme:

you can run trial version of ExterminateIt, or remove rjlsoftware.clickme manually.

To completely manually remove rjlsoftware.clickme malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with rjlsoftware.clickme.

Tel Trojan

Tel description:
Tel Category:Trojan,Backdoor,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
DoS trojans conduct attacks from a single computer with the consent of the user.

Removing Tel:

you can run trial version of ExterminateIt, or remove Tel manually.

To completely manually remove Tel malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Tel.

Bed Trojan

Bed description:
Bed Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Bed:

you can run trial version of ExterminateIt, or remove Bed manually.

To completely manually remove Bed malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bed.

Tinecuf Trojan

Tinecuf description:
Tinecuf Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Detection Tinecuf :

Tinecuf Files:
[%SYSTEM%]\AceExt32.dll
[%WINDOWS%]\Downloaded Program Files\CxUSBKey.exe
[%WINDOWS%]\Downloaded Program Files\ZipExt32.dll
[%SYSTEM%]\AceExt32.dll
[%WINDOWS%]\Downloaded Program Files\CxUSBKey.exe
[%WINDOWS%]\Downloaded Program Files\ZipExt32.dll

Tinecuf Registry Keys:
HKEY_CLASSES_ROOT\clsid\{35cec8a3-2be6-11d2-8773-92e220524150}
HKEY_CLASSES_ROOT\clsid\{35cec8a3-2be6-11d2-8773-92e220524140}

Tinecuf Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload

Removing Tinecuf:

you can run trial version of ExterminateIt, or remove Tinecuf manually.

To completely manually remove Tinecuf malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Tinecuf.

Friday, January 30, 2009

DNSChanger Trojan

DNSChanger description:
DNSChanger Category:Trojan,Hijacker,Downloader
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

Removing DNSChanger:

you can run trial version of ExterminateIt, or remove DNSChanger manually.

To completely manually remove DNSChanger malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with DNSChanger.

StoneWall DoS

StoneWall description:
StoneWall Category:DoS
DoS trojans conduct attacks from a single computer with the consent of the user.

Removing StoneWall:

you can run trial version of ExterminateIt, or remove StoneWall manually.

To completely manually remove StoneWall malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with StoneWall.

Archive Trojan

Archive description:
Archive Category:Trojan,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Removing Archive:

you can run trial version of ExterminateIt, or remove Archive manually.

To completely manually remove Archive malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Archive.

Prs Trojan

Prs description:
Prs Category:Trojan,Backdoor,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.

Removing Prs:

you can run trial version of ExterminateIt, or remove Prs manually.

To completely manually remove Prs malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Prs.

Doedyes Trojan

Doedyes description:
Doedyes Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Doedyes:

you can run trial version of ExterminateIt, or remove Doedyes manually.

To completely manually remove Doedyes malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Doedyes.

The.Finger Trojan

The.Finger description:
The.Finger Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing The.Finger:

you can run trial version of ExterminateIt, or remove The.Finger manually.

To completely manually remove The.Finger malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with The.Finger.

Light.Boot.dr!Dropper Trojan

Click here to remove Light.Boot.dr!Dropper malware

Light.Boot.dr!Dropper description:
Light.Boot.dr!Dropper Category:Trojan,Backdoor,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:

Launching/ deleting files

Sending/ receiving files

Deleting data

Displaying notification

Rebooting the machine

Executing files

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.

Removing Light.Boot.dr!Dropper:

you can run trial version of ExterminateIt, or remove Light.Boot.dr!Dropper manually.

To completely manually remove Light.Boot.dr!Dropper malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Light.Boot.dr!Dropper.

Pigeon.AVOG Trojan

Click here to remove Pigeon.AVOG malware

Pigeon.AVOG description:
Pigeon.AVOG Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Pigeon.AVOG:

you can run trial version of ExterminateIt, or remove Pigeon.AVOG manually.

To completely manually remove Pigeon.AVOG malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.AVOG.

Mucks Trojan

Mucks description:
Mucks Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Mucks:

you can run trial version of ExterminateIt, or remove Mucks manually.

To completely manually remove Mucks malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Mucks.

WinFetch Trojan

WinFetch description:
WinFetch Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing WinFetch:

you can run trial version of ExterminateIt, or remove WinFetch manually.

To completely manually remove WinFetch malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with WinFetch.

Thursday, January 29, 2009

VB.rj Backdoor

VB.rj description:
VB.rj Category:Backdoor
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.

Detection VB.rj :

VB.rj Registry Keys:
HKEY_LOCAL_MACHINE\software\gedzaclabs

VB.rj Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing VB.rj:

you can run trial version of ExterminateIt, or remove VB.rj manually.

To completely manually remove VB.rj malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with VB.rj.

AOP Trojan

AOP description:
AOP Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing AOP:

you can run trial version of ExterminateIt, or remove AOP manually.

To completely manually remove AOP malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with AOP.

Veesbot Trojan

Veesbot description:
Veesbot Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Veesbot:

you can run trial version of ExterminateIt, or remove Veesbot manually.

To completely manually remove Veesbot malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Veesbot.

Tomy Trojan

Tomy description:
Tomy Category:Trojan,Backdoor,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:

Launching/ deleting files

Sending/ receiving files

Deleting data

Displaying notification

Rebooting the machine

Executing files

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

Removing Tomy:

you can run trial version of ExterminateIt, or remove Tomy manually.

To completely manually remove Tomy malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Tomy.

ClickTheButton Adware

Click here to remove ClickTheButton malware

ClickTheButton description:
ClickTheButton Category:Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Detection ClickTheButton :

ClickTheButton Registry Keys:
HKEY_CLASSES_ROOT\clsid\{ab4dd0f0-38da-4f48-aafe-7de7323bb6b2}
HKEY_LOCAL_MACHINE\software\ctb_brandedclient

Removing ClickTheButton:

you can run trial version of ExterminateIt, or remove ClickTheButton manually.

To completely manually remove ClickTheButton malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with ClickTheButton.

Tropeserr Downloader

Tropeserr description:
Tropeserr Category:Downloader
Trojans-downloaders downloads and installs new malware or adware on the computer.

Removing Tropeserr:

you can run trial version of ExterminateIt, or remove Tropeserr manually.

To completely manually remove Tropeserr malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Tropeserr.

Minsk.Ghost Trojan

Click here to remove Minsk.Ghost malware

Minsk.Ghost description:
Minsk.Ghost Category:Trojan,Backdoor,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

Removing Minsk.Ghost:

you can run trial version of ExterminateIt, or remove Minsk.Ghost manually.

To completely manually remove Minsk.Ghost malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Minsk.Ghost.

ELF.Rootkit.D!Trojan Trojan

Click here to remove ELF.Rootkit.D!Trojan malware

ELF.Rootkit.D!Trojan description:
ELF.Rootkit.D!Trojan Category:Trojan,Backdoor,Hacker Tool,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.
DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

Removing ELF.Rootkit.D!Trojan:

you can run trial version of ExterminateIt, or remove ELF.Rootkit.D!Trojan manually.

To completely manually remove ELF.Rootkit.D!Trojan malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with ELF.Rootkit.D!Trojan.

Wednesday, January 28, 2009

Bear.amp;.Tiger RAT

Click here to remove Bear.amp;.Tiger malware

Bear.amp;.Tiger description:
Bear.amp;.Tiger Category:RAT
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Removing Bear.amp;.Tiger:

you can run trial version of ExterminateIt, or remove Bear.amp;.Tiger manually.

To completely manually remove Bear.amp;.Tiger malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bear.amp;.Tiger.

Pigeon.AVMF Trojan

Click here to remove Pigeon.AVMF malware

Pigeon.AVMF description:
Pigeon.AVMF Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Pigeon.AVMF:

you can run trial version of ExterminateIt, or remove Pigeon.AVMF manually.

To completely manually remove Pigeon.AVMF malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.AVMF.

Vxidl.AEK Trojan

Vxidl.AEK description:
Vxidl.AEK Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Vxidl.AEK:

you can run trial version of ExterminateIt, or remove Vxidl.AEK manually.

To completely manually remove Vxidl.AEK malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Vxidl.AEK.

Basic Trojan

Basic description:
Basic Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Basic:

you can run trial version of ExterminateIt, or remove Basic manually.

To completely manually remove Basic malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Basic.

Backdoor.Sub7Legend.15!Server Backdoor

Click here to remove Backdoor.Sub7Legend.15!Server malware

Backdoor.Sub7Legend.15!Server description:
Backdoor.Sub7Legend.15!Server Category:Backdoor
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.

Removing Backdoor.Sub7Legend.15!Server:

you can run trial version of ExterminateIt, or remove Backdoor.Sub7Legend.15!Server manually.

To completely manually remove Backdoor.Sub7Legend.15!Server malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Backdoor.Sub7Legend.15!Server.

Rameh Downloader

Rameh description:
Rameh Category:Downloader
Trojans-downloaders downloads and installs new malware or adware on the computer.

Detection Rameh :

Rameh Files:
[%PROGRAM_FILES%]\AOL Toolbar\toolbar.dll
[%SYSTEM%]\pdfzzy.dll
[%PROGRAM_FILES%]\AOL Toolbar\toolbar.dll
[%SYSTEM%]\pdfzzy.dll

Removing Rameh:

you can run trial version of ExterminateIt, or remove Rameh manually.

To completely manually remove Rameh malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Rameh.

MMIR Trojan

MMIR description:
MMIR Category:Trojan,Backdoor,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.

Removing MMIR:

you can run trial version of ExterminateIt, or remove MMIR manually.

To completely manually remove MMIR malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with MMIR.

Sparkle Trojan

Sparkle description:
Sparkle Category:Trojan,Backdoor,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Trojans-downloaders downloads and installs new malware or adware on the computer.

DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

Removing Sparkle:

you can run trial version of ExterminateIt, or remove Sparkle manually.

To completely manually remove Sparkle malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Sparkle.

Win32.Joiner.F!Joiner Trojan

Click here to remove Win32.Joiner.F!Joiner malware

Win32.Joiner.F!Joiner description:
Win32.Joiner.F!Joiner Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Win32.Joiner.F!Joiner:

you can run trial version of ExterminateIt, or remove Win32.Joiner.F!Joiner manually.

To completely manually remove Win32.Joiner.F!Joiner malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Win32.Joiner.F!Joiner.

Winnuke Trojan

Winnuke description:
Winnuke Category:Trojan,Backdoor,Hacker Tool,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.
DoS trojans conduct attacks from a single computer with the consent of the user.

Removing Winnuke:

you can run trial version of ExterminateIt, or remove Winnuke manually.

To completely manually remove Winnuke malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Winnuke.

NSUpdate Trojan

NSUpdate description:
NSUpdate Category:Trojan,Adware
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Removing NSUpdate:

you can run trial version of ExterminateIt, or remove NSUpdate manually.

To completely manually remove NSUpdate malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with NSUpdate.

TurboDownload Adware

Click here to remove TurboDownload malware

TurboDownload description:
TurboDownload Category:Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

Removing TurboDownload:

you can run trial version of ExterminateIt, or remove TurboDownload manually.

To completely manually remove TurboDownload malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with TurboDownload.

Agobot.bo Trojan

Agobot.bo description:
Agobot.bo Category:Trojan,Backdoor
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Removing Agobot.bo:

you can run trial version of ExterminateIt, or remove Agobot.bo manually.

To completely manually remove Agobot.bo malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Agobot.bo.

partnershop.nl Tracking Cookie

Click here to remove partnershop.nl malware

partnershop.nl description:
partnershop.nl Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

Removing partnershop.nl:

you can run trial version of ExterminateIt, or remove partnershop.nl manually.

To completely manually remove partnershop.nl malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with partnershop.nl.

Pigeon.EST Trojan

Pigeon.EST description:
Pigeon.EST Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Pigeon.EST:

you can run trial version of ExterminateIt, or remove Pigeon.EST manually.

To completely manually remove Pigeon.EST malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.EST.

Pigeon.AVSB Trojan

Click here to remove Pigeon.AVSB malware

Pigeon.AVSB description:
Pigeon.AVSB Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Pigeon.AVSB:

you can run trial version of ExterminateIt, or remove Pigeon.AVSB manually.

To completely manually remove Pigeon.AVSB malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.AVSB.

Tuesday, January 27, 2009

Luckynugget Tracking Cookie

Click here to remove Luckynugget malware

Luckynugget description:
Luckynugget Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

Removing Luckynugget:

you can run trial version of ExterminateIt, or remove Luckynugget manually.

To completely manually remove Luckynugget malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Luckynugget.

PSW.Lmir.ei Trojan

Click here to remove PSW.Lmir.ei malware

PSW.Lmir.ei description:
PSW.Lmir.ei Category:Trojan,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Removing PSW.Lmir.ei:

you can run trial version of ExterminateIt, or remove PSW.Lmir.ei manually.

To completely manually remove PSW.Lmir.ei malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with PSW.Lmir.ei.

Bancos.GYY Trojan

Bancos.GYY description:
Bancos.GYY Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Bancos.GYY:

you can run trial version of ExterminateIt, or remove Bancos.GYY manually.

To completely manually remove Bancos.GYY malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.GYY.

TrojanSpy.Win32.PcGhost Trojan

Click here to remove TrojanSpy.Win32.PcGhost malware

TrojanSpy.Win32.PcGhost description:
TrojanSpy.Win32.PcGhost Category:Trojan,Spyware
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Removing TrojanSpy.Win32.PcGhost:

you can run trial version of ExterminateIt, or remove TrojanSpy.Win32.PcGhost manually.

To completely manually remove TrojanSpy.Win32.PcGhost malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with TrojanSpy.Win32.PcGhost.

Backwork Trojan

Backwork description:
Backwork Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Backwork:

you can run trial version of ExterminateIt, or remove Backwork manually.

To completely manually remove Backwork malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Backwork.

ASP.Ace Trojan

ASP.Ace description:
ASP.Ace Category:Trojan,Backdoor
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.

Removing ASP.Ace:

you can run trial version of ExterminateIt, or remove ASP.Ace manually.

To completely manually remove ASP.Ace malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with ASP.Ace.

Small.gv Trojan

Small.gv description:
Small.gv Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Small.gv:

you can run trial version of ExterminateIt, or remove Small.gv manually.

To completely manually remove Small.gv malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Small.gv.

Bancos.JDV Trojan

Bancos.JDV description:
Bancos.JDV Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Bancos.JDV:

you can run trial version of ExterminateIt, or remove Bancos.JDV manually.

To completely manually remove Bancos.JDV malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.JDV.

WM.Npad Trojan

WM.Npad description:
WM.Npad Category:Trojan,Backdoor,Downloader,DoS
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.

Removing WM.Npad:

you can run trial version of ExterminateIt, or remove WM.Npad manually.

To completely manually remove WM.Npad malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with WM.Npad.

Pigeon.AIS Trojan

Pigeon.AIS description:
Pigeon.AIS Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Pigeon.AIS:

you can run trial version of ExterminateIt, or remove Pigeon.AIS manually.

To completely manually remove Pigeon.AIS malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.AIS.

Zonar Trojan

Zonar description:
Zonar Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Zonar:

you can run trial version of ExterminateIt, or remove Zonar manually.

To completely manually remove Zonar malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Zonar.

Win32.Buttman Trojan

Click here to remove Win32.Buttman malware

Win32.Buttman description:
Win32.Buttman Category:Trojan,Backdoor
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Removing Win32.Buttman:

you can run trial version of ExterminateIt, or remove Win32.Buttman manually.

To completely manually remove Win32.Buttman malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Win32.Buttman.

WinAntiSpywareDown Downloader

Click here to remove WinAntiSpywareDown malware

WinAntiSpywareDown description:
WinAntiSpywareDown Category:Downloader
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

Detection WinAntiSpywareDown :

WinAntiSpywareDown Files:
[%APPDATA%]\winantispyware2007freeinstall[1].exe
[%PROFILE_TEMP%]\WinAntiSpyware 2007 FreeInstall.exe
[%PROFILE_TEMP%]\WinAntiSpyware2007FreeInstall.exe
[%APPDATA%]\winantispyware2007freeinstall[1].exe
[%PROFILE_TEMP%]\WinAntiSpyware 2007 FreeInstall.exe
[%PROFILE_TEMP%]\WinAntiSpyware2007FreeInstall.exe

Removing WinAntiSpywareDown:

you can run trial version of ExterminateIt, or remove WinAntiSpywareDown manually.

To completely manually remove WinAntiSpywareDown malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with WinAntiSpywareDown.

TrojanSpy.Win32.VB.bd Trojan

Click here to remove TrojanSpy.Win32.VB.bd malware

TrojanSpy.Win32.VB.bd description:
TrojanSpy.Win32.VB.bd Category:Trojan,Spyware
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.

Removing TrojanSpy.Win32.VB.bd:

you can run trial version of ExterminateIt, or remove TrojanSpy.Win32.VB.bd manually.

To completely manually remove TrojanSpy.Win32.VB.bd malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with TrojanSpy.Win32.VB.bd.

Monday, January 26, 2009

PSWSpider Trojan

PSWSpider description:
PSWSpider Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Detection PSWSpider :

PSWSpider Files:
[%SYSTEM%]\file.bck
[%SYSTEM%]\ios.exe
[%SYSTEM%]\keychar.dll
[%SYSTEM%]\kt_dll.dll
[%SYSTEM%]\list.txt
[%SYSTEM%]\msdosdll.exe
[%SYSTEM%]\msdosdll.ini
[%SYSTEM%]\winsee32.ver
[%SYSTEM%]\file.bck
[%SYSTEM%]\ios.exe
[%SYSTEM%]\keychar.dll
[%SYSTEM%]\kt_dll.dll
[%SYSTEM%]\list.txt
[%SYSTEM%]\msdosdll.exe
[%SYSTEM%]\msdosdll.ini
[%SYSTEM%]\winsee32.ver

Removing PSWSpider:

you can run trial version of ExterminateIt, or remove PSWSpider manually.

To completely manually remove PSWSpider malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with PSWSpider.

Pigeon.AVSS Trojan

Click here to remove Pigeon.AVSS malware

Pigeon.AVSS description:
Pigeon.AVSS Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Pigeon.AVSS:

you can run trial version of ExterminateIt, or remove Pigeon.AVSS manually.

To completely manually remove Pigeon.AVSS malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.AVSS.

Onatrio Trojan

Onatrio description:
Onatrio Category:Trojan,Backdoor,Downloader,DoS
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:

Launching/ deleting files

Sending/ receiving files

Deleting data

Displaying notification

Rebooting the machine

Executing files

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.

Removing Onatrio:

you can run trial version of ExterminateIt, or remove Onatrio manually.

To completely manually remove Onatrio malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Onatrio.

AdultChat Adware

AdultChat description:
AdultChat Category:Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Detection AdultChat :

AdultChat Files:
[%DESKTOP%]\LiveSexCams.lnk
[%PROGRAMS%]\LiveSexCams.lnk
[%STARTMENU%]\LiveSexCams.lnk
[%DESKTOP%]\LiveSexCams.lnk
[%PROGRAMS%]\LiveSexCams.lnk
[%STARTMENU%]\LiveSexCams.lnk

AdultChat Folders:
[%PROGRAM_FILES%]\vcom\dialers

AdultChat Registry Keys:
HKEY_CURRENT_USER\software\vcom\dialers
HKEY_LOCAL_MACHINE\software\vcom\dialers
HKEY_CLASSES_ROOT\.pmxy
HKEY_CLASSES_ROOT\pmxy file
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\livesexcams

AdultChat Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing AdultChat:

you can run trial version of ExterminateIt, or remove AdultChat manually.

To completely manually remove AdultChat malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with AdultChat.

Aboutblank Trojan

Aboutblank description:
Aboutblank Category:Trojan,Backdoor,Hijacker
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

Detection Aboutblank :

Aboutblank Files:
[%WINDOWS%]\svhost.exe
[%PROGRAM_FILES%]\ISSS\ZILLAbar\ZILLAbar.dll
[%SYSTEM%]\jjjhk.dll
[%SYSTEM%]\newkh.dll
[%SYSTEM%]\rzwqb.dll
[%WINDOWS%]\ausjn.dll
[%SYSTEM%]\cbme.dll
[%SYSTEM%]\xea2108l.9zt
[%WINDOWS%]\system\achpjba.dll
[%WINDOWS%]\system\wdm.dll
[%WINDOWS%]\svhost.exe
[%PROGRAM_FILES%]\ISSS\ZILLAbar\ZILLAbar.dll
[%SYSTEM%]\jjjhk.dll
[%SYSTEM%]\newkh.dll
[%SYSTEM%]\rzwqb.dll
[%WINDOWS%]\ausjn.dll
[%SYSTEM%]\cbme.dll
[%SYSTEM%]\xea2108l.9zt
[%WINDOWS%]\system\achpjba.dll
[%WINDOWS%]\system\wdm.dll

Aboutblank Registry Keys:
HKEY_CLASSES_ROOT\clsid\{06abaa2d-34ab-4902-a326-409bd9b9a7a5}
HKEY_CLASSES_ROOT\clsid\{b664647f-efd5-4837-a810-a807139107e5}
HKEY_CLASSES_ROOT\clsid\{ce6a1268-9cc9-4ba3-8657-fe1132906cc4}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{b664647f-efd5-4837-a810-a807139107e5}

Aboutblank Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search
HKEY_CLASSES_ROOT\protocols\filter\text/html
HKEY_CLASSES_ROOT\protocols\filter\text/plain
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Aboutblank:

you can run trial version of ExterminateIt, or remove Aboutblank manually.

To completely manually remove Aboutblank malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Aboutblank.

KillDisk Trojan

KillDisk description:
KillDisk Category:Trojan,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Removing KillDisk:

you can run trial version of ExterminateIt, or remove KillDisk manually.

To completely manually remove KillDisk malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with KillDisk.

ZKeylog Spyware

ZKeylog description:
ZKeylog Category:Spyware,Hacker Tool
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Removing ZKeylog:

you can run trial version of ExterminateIt, or remove ZKeylog manually.

To completely manually remove ZKeylog malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with ZKeylog.

Noname RAT

Noname description:
Noname Category:RAT
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Removing Noname:

you can run trial version of ExterminateIt, or remove Noname manually.

To completely manually remove Noname malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Noname.

Banload.afy Trojan

Click here to remove Banload.afy malware

Banload.afy description:
Banload.afy Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Banload.afy:

you can run trial version of ExterminateIt, or remove Banload.afy manually.

To completely manually remove Banload.afy malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Banload.afy.

Pigeon.EJH Trojan

Pigeon.EJH description:
Pigeon.EJH Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Pigeon.EJH:

you can run trial version of ExterminateIt, or remove Pigeon.EJH manually.

To completely manually remove Pigeon.EJH malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.EJH.

TrafficVenue.net Tracking Cookie

Click here to remove TrafficVenue.net malware

TrafficVenue.net description:
TrafficVenue.net Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

If you fill out forms online with your real name and contact information,
click on banners and then purchase an item, or fill out sweepstakes or contests forms,
then it's possible that major online advertisers know your name and have associated it
with your IP address and other information.

Removing TrafficVenue.net:

you can run trial version of ExterminateIt, or remove TrafficVenue.net manually.

To completely manually remove TrafficVenue.net malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with TrafficVenue.net.

TrojanDropper.Win32.Ranky Trojan

Click here to remove TrojanDropper.Win32.Ranky malware

TrojanDropper.Win32.Ranky description:
TrojanDropper.Win32.Ranky Category:Trojan,Backdoor,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Removing TrojanDropper.Win32.Ranky:

you can run trial version of ExterminateIt, or remove TrojanDropper.Win32.Ranky manually.

To completely manually remove TrojanDropper.Win32.Ranky malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with TrojanDropper.Win32.Ranky.

Infected DoS

Infected description:
Infected Category:DoS
DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

Removing Infected:

you can run trial version of ExterminateIt, or remove Infected manually.

To completely manually remove Infected malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Infected.

Network.User.Address.Attacker DoS

Click here to remove Network.User.Address.Attacker malware

Network.User.Address.Attacker description:
Network.User.Address.Attacker Category:DoS
DoS trojans conduct attacks from a single computer with the consent of the user.

Removing Network.User.Address.Attacker:

you can run trial version of ExterminateIt, or remove Network.User.Address.Attacker manually.

To completely manually remove Network.User.Address.Attacker malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Network.User.Address.Attacker.

Sunday, January 25, 2009

Retrieve Trojan

Retrieve description:
Retrieve Category:Trojan,Backdoor,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Removing Retrieve:

you can run trial version of ExterminateIt, or remove Retrieve manually.

To completely manually remove Retrieve malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Retrieve.

DC.Clock DoS

DC.Clock description:
DC.Clock Category:DoS
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.

Removing DC.Clock:

you can run trial version of ExterminateIt, or remove DC.Clock manually.

To completely manually remove DC.Clock malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with DC.Clock.

Denutaro Trojan

Denutaro description:
Denutaro Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Denutaro:

you can run trial version of ExterminateIt, or remove Denutaro manually.

To completely manually remove Denutaro malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Denutaro.

Pigeon.AEE Trojan

Pigeon.AEE description:
Pigeon.AEE Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Pigeon.AEE:

you can run trial version of ExterminateIt, or remove Pigeon.AEE manually.

To completely manually remove Pigeon.AEE malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.AEE.

Win32.ExpDwnldr Adware

Click here to remove Win32.ExpDwnldr malware

Win32.ExpDwnldr description:
Win32.ExpDwnldr Category:Adware,BHO
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.

Detection Win32.ExpDwnldr :

Win32.ExpDwnldr Files:
[%PROGRAM_FILES%]\WinMsg\notepad.dll
[%PROGRAM_FILES%]\WinMsg\sclick.exe
[%PROGRAM_FILES%]\WinMsg\SYSMONMS.EXE
[%PROGRAM_FILES%]\WinMsg\uinst.exe
[%SYSTEM%]\psc_mon.exe
[%WINDOWS%]\ddesupport.dll
[%PROGRAM_FILES%]\WinMsg\notepad.dll
[%PROGRAM_FILES%]\WinMsg\sclick.exe
[%PROGRAM_FILES%]\WinMsg\SYSMONMS.EXE
[%PROGRAM_FILES%]\WinMsg\uinst.exe
[%SYSTEM%]\psc_mon.exe
[%WINDOWS%]\ddesupport.dll

Win32.ExpDwnldr Folders:
[%PROGRAM_FILES%]\WinMsg

Win32.ExpDwnldr Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{0B9B7B2E-30E3-4C5D-AD2C-C38724979B4B}
HKEY_CLASSES_ROOT\CLSID\{100B21CD-3B97-44FB-B1C0-EA6249E482E8}
HKEY_CLASSES_ROOT\CLSID\{49CF52D7-8D58-4E22-A874-AAD721F5B523}
HKEY_CLASSES_ROOT\CLSID\{8E6CFDFE-79A8-421C-B854-04081690CE6B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B9B7B2E-30E3-4C5D-AD2C-C38724979B4B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100B21CD-3B97-44FB-B1C0-EA6249E482E8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49CF52D7-8D58-4E22-A874-AAD721F5B523}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E6CFDFE-79A8-421C-B854-04081690CE6B}

Win32.ExpDwnldr Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Removing Win32.ExpDwnldr:

you can run trial version of ExterminateIt, or remove Win32.ExpDwnldr manually.

To completely manually remove Win32.ExpDwnldr malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Win32.ExpDwnldr.

Bancos.GOW Trojan

Bancos.GOW description:
Bancos.GOW Category:Trojan,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Removing Bancos.GOW:

you can run trial version of ExterminateIt, or remove Bancos.GOW manually.

To completely manually remove Bancos.GOW malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.GOW.

Vxidl.AME Trojan

Vxidl.AME description:
Vxidl.AME Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Vxidl.AME:

you can run trial version of ExterminateIt, or remove Vxidl.AME manually.

To completely manually remove Vxidl.AME malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Vxidl.AME.

Win32.Psyf Backdoor

Win32.Psyf description:
Win32.Psyf Category:Backdoor
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Removing Win32.Psyf:

you can run trial version of ExterminateIt, or remove Win32.Psyf manually.

To completely manually remove Win32.Psyf malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Win32.Psyf.

DivX.Pro Adware

DivX.Pro description:
DivX.Pro Category:Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Removing DivX.Pro:

you can run trial version of ExterminateIt, or remove DivX.Pro manually.

To completely manually remove DivX.Pro malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with DivX.Pro.

Duole8 Adware

Duole8 description:
Duole8 Category:Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Detection Duole8 :

Duole8 Files:
[%SYSTEM%]\mskey16.dll
[%SYSTEM%]\mskey16.dll

Duole8 Registry Keys:
HKEY_CLASSES_ROOT\clsid\{be442802-3911-46e0-b227-076b15a4ead3}
HKEY_CLASSES_ROOT\interface\{b2fe3737-313d-4c3d-abd3-59f519c0cda6}
HKEY_CLASSES_ROOT\shdocvw2.shdocvwhlp
HKEY_CLASSES_ROOT\typelib\{af5ff4b8-bfce-47ce-ad2b-cb91ed9fddfa}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{be442802-3911-46e0-b227-076b15a4ead3}

Removing Duole8:

you can run trial version of ExterminateIt, or remove Duole8 manually.

To completely manually remove Duole8 malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Duole8.

Saturday, January 24, 2009

Bambo!downloader Trojan

Click here to remove Bambo!downloader malware

Bambo!downloader description:
Bambo!downloader Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Bambo!downloader:

you can run trial version of ExterminateIt, or remove Bambo!downloader manually.

To completely manually remove Bambo!downloader malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bambo!downloader.

Bonus.joke Trojan

Bonus.joke description:
Bonus.joke Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Bonus.joke:

you can run trial version of ExterminateIt, or remove Bonus.joke manually.

To completely manually remove Bonus.joke malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bonus.joke.

Odysseus.Macro.Virus.Construction.Kit Trojan

Click here to remove Odysseus.Macro.Virus.Construction.Kit malware

Odysseus.Macro.Virus.Construction.Kit description:
Odysseus.Macro.Virus.Construction.Kit Category:Trojan,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Removing Odysseus.Macro.Virus.Construction.Kit:

you can run trial version of ExterminateIt, or remove Odysseus.Macro.Virus.Construction.Kit manually.

To completely manually remove Odysseus.Macro.Virus.Construction.Kit malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Odysseus.Macro.Virus.Construction.Kit.

Ashley.100d Trojan

Click here to remove Ashley.100d malware

Ashley.100d description:
Ashley.100d Category:Trojan,Backdoor,RAT
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:

Launching/ deleting files

Sending/ receiving files

Deleting data

Displaying notification

Rebooting the machine

Executing files

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

Removing Ashley.100d:

you can run trial version of ExterminateIt, or remove Ashley.100d manually.

To completely manually remove Ashley.100d malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Ashley.100d.

Sisia Trojan

Sisia description:
Sisia Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Sisia:

you can run trial version of ExterminateIt, or remove Sisia manually.

To completely manually remove Sisia malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Sisia.

Macro.Source Trojan

Click here to remove Macro.Source malware

Macro.Source description:
Macro.Source Category:Trojan,Worm,Hacker Tool
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Removing Macro.Source:

you can run trial version of ExterminateIt, or remove Macro.Source manually.

To completely manually remove Macro.Source malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Macro.Source.

SillyDl.BZC Trojan

Click here to remove SillyDl.BZC malware

SillyDl.BZC description:
SillyDl.BZC Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing SillyDl.BZC:

you can run trial version of ExterminateIt, or remove SillyDl.BZC manually.

To completely manually remove SillyDl.BZC malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with SillyDl.BZC.

Berbew.R Trojan

Berbew.R description:
Berbew.R Category:Trojan,Backdoor
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Removing Berbew.R:

you can run trial version of ExterminateIt, or remove Berbew.R manually.

To completely manually remove Berbew.R malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Berbew.R.

Pigeon.AVPA Trojan

Click here to remove Pigeon.AVPA malware

Pigeon.AVPA description:
Pigeon.AVPA Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Pigeon.AVPA:

you can run trial version of ExterminateIt, or remove Pigeon.AVPA manually.

To completely manually remove Pigeon.AVPA malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.AVPA.

KoreTek Backdoor

KoreTek description:
KoreTek Category:Backdoor,RAT,DoS
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:

Launching/ deleting files

Sending/ receiving files

Deleting data

Displaying notification

Rebooting the machine

Executing files

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.

Removing KoreTek:

you can run trial version of ExterminateIt, or remove KoreTek manually.

To completely manually remove KoreTek malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with KoreTek.

Pigeon.AKL Trojan

Pigeon.AKL description:
Pigeon.AKL Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Pigeon.AKL:

you can run trial version of ExterminateIt, or remove Pigeon.AKL manually.

To completely manually remove Pigeon.AKL malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.AKL.

Bancos.GBZ Trojan

Bancos.GBZ description:
Bancos.GBZ Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Bancos.GBZ:

you can run trial version of ExterminateIt, or remove Bancos.GBZ manually.

To completely manually remove Bancos.GBZ malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.GBZ.

Pigeon.EKF Trojan

Pigeon.EKF description:
Pigeon.EKF Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Pigeon.EKF:

you can run trial version of ExterminateIt, or remove Pigeon.EKF manually.

To completely manually remove Pigeon.EKF malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.EKF.

Bancos.GEU Trojan

Bancos.GEU description:
Bancos.GEU Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Bancos.GEU:

you can run trial version of ExterminateIt, or remove Bancos.GEU manually.

To completely manually remove Bancos.GEU malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.GEU.

ScanandRepair Ransomware

Click here to remove ScanandRepair malware

ScanandRepair description:
ScanandRepair Category:Ransomware
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe software that encrypts the data
belonging to an individual on a computer, demanding a ransom for its restoration.
Although the field known as cryptovirology predates the term "ransomware".

Detection ScanandRepair :

ScanandRepair Files:
[%DESKTOP%]\Scan & Repair Utilities 2007.lnk
[%DESKTOP%]\Scan & Repair Utilities 2007.lnk

ScanandRepair Folders:
[%COMMON_PROGRAMS%]\Scan & Repair Utilities 2007
[%PROGRAM_FILES%]\Scan & Repair Utilities 2007

ScanandRepair Registry Keys:
HKEY_CURRENT_USER\software\scan & repair utilities 2007
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\scan & repair utilities 2007_is1

ScanandRepair Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\shellnoroam\muicache
HKEY_CURRENT_USER\software\microsoft\windows\shellnoroam\muicache

Removing ScanandRepair:

you can run trial version of ExterminateIt, or remove ScanandRepair manually.

To completely manually remove ScanandRepair malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with ScanandRepair.

Ashlt Spyware

Ashlt description:
Ashlt Category:Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.

Detection Ashlt :

Ashlt Files:
[%WINDOWS%]\Ashlt.exe
[%WINDOWS%]\Ashlt.exe

Ashlt Registry Keys:
HKEY_LOCAL_MACHINE\software\ashlt

Ashlt Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Ashlt:

you can run trial version of ExterminateIt, or remove Ashlt manually.

To completely manually remove Ashlt malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Ashlt.

ICanNews Adware

ICanNews description:
ICanNews Category:Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

Detection ICanNews :

ICanNews Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4208fb4d-4e53-4f5a-bf7a-3e047ddb5281}

Removing ICanNews:

you can run trial version of ExterminateIt, or remove ICanNews manually.

To completely manually remove ICanNews malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with ICanNews.

Supra Trojan

Supra description:
Supra Category:Trojan,Backdoor,Downloader,DoS
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:

Launching/ deleting files

Sending/ receiving files

Deleting data

Displaying notification

Rebooting the machine

Executing files

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

Removing Supra:

you can run trial version of ExterminateIt, or remove Supra manually.

To completely manually remove Supra malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Supra.

Win32.DlMersting.AX.DLL.Tr Trojan

Click here to remove Win32.DlMersting.AX.DLL.Tr malware

Win32.DlMersting.AX.DLL.Tr description:
Win32.DlMersting.AX.DLL.Tr Category:Trojan,Hijacker
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
A Search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

Removing Win32.DlMersting.AX.DLL.Tr:

you can run trial version of ExterminateIt, or remove Win32.DlMersting.AX.DLL.Tr manually.

To completely manually remove Win32.DlMersting.AX.DLL.Tr malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Win32.DlMersting.AX.DLL.Tr.

Friday, January 23, 2009

Bancos.GRZ Trojan

Bancos.GRZ description:
Bancos.GRZ Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Bancos.GRZ:

you can run trial version of ExterminateIt, or remove Bancos.GRZ manually.

To completely manually remove Bancos.GRZ malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.GRZ.

Bancos.GME Trojan

Bancos.GME description:
Bancos.GME Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Bancos.GME:

you can run trial version of ExterminateIt, or remove Bancos.GME manually.

To completely manually remove Bancos.GME malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.GME.

Win32.Winux Trojan

Click here to remove Win32.Winux malware

Win32.Winux description:
Win32.Winux Category:Trojan,Backdoor,Downloader,DoS
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Trojans-downloaders downloads and installs new malware or adware on the computer.

These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.

Removing Win32.Winux:

you can run trial version of ExterminateIt, or remove Win32.Winux manually.

To completely manually remove Win32.Winux malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Win32.Winux.

VB.mh Backdoor

VB.mh description:
VB.mh Category:Backdoor
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Removing VB.mh:

you can run trial version of ExterminateIt, or remove VB.mh manually.

To completely manually remove VB.mh malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with VB.mh.

Noknok.Setup Backdoor

Click here to remove Noknok.Setup malware

Noknok.Setup description:
Noknok.Setup Category:Backdoor
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.

Removing Noknok.Setup:

you can run trial version of ExterminateIt, or remove Noknok.Setup manually.

To completely manually remove Noknok.Setup malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Noknok.Setup.

BAT.Viz Trojan

BAT.Viz description:
BAT.Viz Category:Trojan,Backdoor,Downloader,DoS
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:

Launching/ deleting files

Sending/ receiving files

Deleting data

Displaying notification

Rebooting the machine

Executing files

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

Removing BAT.Viz:

you can run trial version of ExterminateIt, or remove BAT.Viz manually.

To completely manually remove BAT.Viz malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with BAT.Viz.

Dat.Killer Trojan

Dat.Killer description:
Dat.Killer Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Dat.Killer:

you can run trial version of ExterminateIt, or remove Dat.Killer manually.

To completely manually remove Dat.Killer malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Dat.Killer.

Tydpec Trojan

Tydpec description:
Tydpec Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Detection Tydpec :

Tydpec Files:
[%PROFILE%]\Recent\beautiful girl.wma .gif.lnk
[%PROFILE%]\Recent\beautiful girl.wma .gif.lnk

Removing Tydpec:

you can run trial version of ExterminateIt, or remove Tydpec manually.

To completely manually remove Tydpec malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Tydpec.

spinbox.net Tracking Cookie

Click here to remove spinbox.net malware

spinbox.net description:
spinbox.net Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

If you fill out forms online with your real name and contact information,
click on banners and then purchase an item, or fill out sweepstakes or contests forms,
then it's possible that major online advertisers know your name and have associated it
with your IP address and other information.

Removing spinbox.net:

you can run trial version of ExterminateIt, or remove spinbox.net manually.

To completely manually remove spinbox.net malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with spinbox.net.

Warez3 Worm

Warez3 description:
Warez3 Category:Worm
Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.

Detection Warez3 :

Warez3 Folders:
[%APPDATA%]\Warez
[%PROGRAMS%]\Warez
[%PROGRAM_FILES%]\Warez

Warez3 Registry Keys:
HKEY_CLASSES_ROOT\applications\warez.exe
HKEY_CLASSES_ROOT\warez3
HKEY_CURRENT_USER\software\classes\applications\warez.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\warez
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\warez

Warez3 Registry Values:
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list

Removing Warez3:

you can run trial version of ExterminateIt, or remove Warez3 manually.

To completely manually remove Warez3 malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Warez3.

Kolmat Backdoor

Kolmat description:
Kolmat Category:Backdoor
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Removing Kolmat:

you can run trial version of ExterminateIt, or remove Kolmat manually.

To completely manually remove Kolmat malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Kolmat.

Tbat Trojan

Tbat description:
Tbat Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Tbat:

you can run trial version of ExterminateIt, or remove Tbat manually.

To completely manually remove Tbat malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Tbat.

Pigeon.ENV Trojan

Pigeon.ENV description:
Pigeon.ENV Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Pigeon.ENV:

you can run trial version of ExterminateIt, or remove Pigeon.ENV manually.

To completely manually remove Pigeon.ENV malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.ENV.

Marsfind.Search.Helper Hijacker

Click here to remove Marsfind.Search.Helper malware

Marsfind.Search.Helper description:
Marsfind.Search.Helper Category:Hijacker
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

Removing Marsfind.Search.Helper:

you can run trial version of ExterminateIt, or remove Marsfind.Search.Helper manually.

To completely manually remove Marsfind.Search.Helper malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Marsfind.Search.Helper.

Wowhack Backdoor

Wowhack description:
Wowhack Category:Backdoor
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.

Removing Wowhack:

you can run trial version of ExterminateIt, or remove Wowhack manually.

To completely manually remove Wowhack malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Wowhack.

Thursday, January 22, 2009

SillyDl.DGO Trojan

Click here to remove SillyDl.DGO malware

SillyDl.DGO description:
SillyDl.DGO Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing SillyDl.DGO:

you can run trial version of ExterminateIt, or remove SillyDl.DGO manually.

To completely manually remove SillyDl.DGO malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with SillyDl.DGO.

Danmec Trojan

Danmec description:
Danmec Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Detection Danmec :

Danmec Files:
[%SYSTEM%]\aspimgr.exe
[%WINDOWS%]\s32.txt
[%WINDOWS%]\ws386.ini
[%SYSTEM%]\aspi183287.exe
[%WINDOWS%]\db32.txt
[%SYSTEM%]\aspimgr.exe
[%WINDOWS%]\s32.txt
[%WINDOWS%]\ws386.ini
[%SYSTEM%]\aspi183287.exe
[%WINDOWS%]\db32.txt

Danmec Registry Keys:
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_aspimgr
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\aspimgr
HKEY_CURRENT_USER\software\microsoft\sft
HKEY_LOCAL_MACHINE\software\microsoft\sft
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_aspi113210
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\aspi113210

Danmec Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Danmec:

you can run trial version of ExterminateIt, or remove Danmec manually.

To completely manually remove Danmec malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Danmec.

Insult.Media Backdoor

Click here to remove Insult.Media malware

Insult.Media description:
Insult.Media Category:Backdoor,RAT
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

Detection Insult.Media :

Insult.Media Files:
[%WINDOWS%]\sysreg.exe
[%WINDOWS%]\sysreg.exe

Removing Insult.Media:

you can run trial version of ExterminateIt, or remove Insult.Media manually.

To completely manually remove Insult.Media malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Insult.Media.

Data.Coremetrics.com Tracking Cookie

Click here to remove Data.Coremetrics.com malware

Data.Coremetrics.com description:
Data.Coremetrics.com Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

If you fill out forms online with your real name and contact information,
click on banners and then purchase an item, or fill out sweepstakes or contests forms,
then it's possible that major online advertisers know your name and have associated it
with your IP address and other information.

Removing Data.Coremetrics.com:

you can run trial version of ExterminateIt, or remove Data.Coremetrics.com manually.

To completely manually remove Data.Coremetrics.com malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Data.Coremetrics.com.

Downloader Trojan

Downloader description:
Downloader Category:Trojan,Adware,BHO,Backdoor,RAT,Hijacker,Toolbar,Downloader,Hacker Tool,DoS
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:

Launching/ deleting files

Sending/ receiving files

Deleting data

Displaying notification

Rebooting the machine

Executing files

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.
Trojans-downloaders downloads and installs new malware or adware on the computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.

Detection Downloader :

Downloader Files:
[%PROFILE_TEMP%]\ICD2.tmp\PopCapLoader.dll
[%PROFILE_TEMP%]\mmxsnet.exe
[%PROFILE_TEMP%]\SetRegAcl.dll
[%PROFILE_TEMP%]\temp.fr????
[%PROGRAM_FILES%]\common~2\toolbar\babeie.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnbabe.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnbarie.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnform.exe
[%PROGRAM_FILES%]\common~2\toolbar\createbookmark.htm
[%PROGRAM_FILES%]\common~2\toolbar\createnote.htm
[%PROGRAM_FILES%]\common~2\toolbar\emaillink.htm
[%PROGRAM_FILES%]\common~2\toolbar\navigate.htm
[%PROGRAM_FILES%]\common~2\toolbar\unins.exe
[%PROGRAM_FILES%]\MediaLoads\medialoads\media\channels\groovy\gui\grvpreview.wmv
[%SYSTEM%]\cnins.txt
[%SYSTEM%]\winnet.ini
[%WINDOWS%]\Downloaded Program Files\popcaploader.dll
[%WINDOWS%]\elitepop06.exe
[%WINDOWS%]\elitesix.ocx
[%WINDOWS%]\ms056357710220.exe
[%WINDOWS%]\msiutil.exe
[%WINDOWS%]\sysldr32.exe
[%PROFILE%]\all users.windows\start menu\programs\commonname\commonname desktop 3.0.lnk
[%PROFILE%]\all users.windows\start menu\programs\commonname\commonname toolbar 3.30.lnk
[%PROFILE%]\all users.windows\start menu\programs\commonname\uninstall commonname toolbar 3.30.lnk
[%PROFILE%]\desktop\commonname desktop 3.0.lnk
[%PROGRAM_FILES%]\common~2\toolbar\cnbabeie.exe
[%PROGRAM_FILES%]\common~2\toolbar\newsbar.htm
[%PROGRAM_FILES%]\common~2\toolbar\remove.exe
[%PROGRAM_FILES%]\intern~3\inetkw.dll
[%PROGRAM_FILES%]\intern~3\inetmgr.exe
[%PROGRAM_FILES%]\intern~3\inetsvc.exe
[%PROGRAM_FILES%]\intern~3\unins.exe
[%PROGRAM_FILES%]\wtpxsqpx\cnml.exe
[%PROGRAM_FILES%]\wtpxsqpx\GIwDIshM.dll
[%PROGRAM_FILES%]\wtpxsqpx\GIwDIshM.exe
[%PROGRAM_FILES%]\wtpxsqpx\MhsIDwIG.exe
[%SYSTEM%]\cssrs.scr
[%SYSTEM%]\GIwDIshM.ini
[%SYSTEM%]\msnplus.scr
[%WINDOWS%]\acwwiz.exe
[%PROFILE_TEMP%]\ICD2.tmp\PopCapLoader.dll
[%PROFILE_TEMP%]\mmxsnet.exe
[%PROFILE_TEMP%]\SetRegAcl.dll
[%PROFILE_TEMP%]\temp.fr????
[%PROGRAM_FILES%]\common~2\toolbar\babeie.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnbabe.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnbarie.dll
[%PROGRAM_FILES%]\common~2\toolbar\cnform.exe
[%PROGRAM_FILES%]\common~2\toolbar\createbookmark.htm
[%PROGRAM_FILES%]\common~2\toolbar\createnote.htm
[%PROGRAM_FILES%]\common~2\toolbar\emaillink.htm
[%PROGRAM_FILES%]\common~2\toolbar\navigate.htm
[%PROGRAM_FILES%]\common~2\toolbar\unins.exe
[%PROGRAM_FILES%]\MediaLoads\medialoads\media\channels\groovy\gui\grvpreview.wmv
[%SYSTEM%]\cnins.txt
[%SYSTEM%]\winnet.ini
[%WINDOWS%]\Downloaded Program Files\popcaploader.dll
[%WINDOWS%]\elitepop06.exe
[%WINDOWS%]\elitesix.ocx
[%WINDOWS%]\ms056357710220.exe
[%WINDOWS%]\msiutil.exe
[%WINDOWS%]\sysldr32.exe
[%PROFILE%]\all users.windows\start menu\programs\commonname\commonname desktop 3.0.lnk
[%PROFILE%]\all users.windows\start menu\programs\commonname\commonname toolbar 3.30.lnk
[%PROFILE%]\all users.windows\start menu\programs\commonname\uninstall commonname toolbar 3.30.lnk
[%PROFILE%]\desktop\commonname desktop 3.0.lnk
[%PROGRAM_FILES%]\common~2\toolbar\cnbabeie.exe
[%PROGRAM_FILES%]\common~2\toolbar\newsbar.htm
[%PROGRAM_FILES%]\common~2\toolbar\remove.exe
[%PROGRAM_FILES%]\intern~3\inetkw.dll
[%PROGRAM_FILES%]\intern~3\inetmgr.exe
[%PROGRAM_FILES%]\intern~3\inetsvc.exe
[%PROGRAM_FILES%]\intern~3\unins.exe
[%PROGRAM_FILES%]\wtpxsqpx\cnml.exe
[%PROGRAM_FILES%]\wtpxsqpx\GIwDIshM.dll
[%PROGRAM_FILES%]\wtpxsqpx\GIwDIshM.exe
[%PROGRAM_FILES%]\wtpxsqpx\MhsIDwIG.exe
[%SYSTEM%]\cssrs.scr
[%SYSTEM%]\GIwDIshM.ini
[%SYSTEM%]\msnplus.scr
[%WINDOWS%]\acwwiz.exe

Downloader Folders:
[%PROGRAM_FILES%]\commonname
[%WINDOWS%]\temp\adware
[%APPDATA%]\commonname
[%COMMON_PROGRAMS%]\CommonName
[%PROGRAMS%]\commonname
[%PROGRAM_FILES%]\common~2\addres~1
[%WINDOWS%]\s5curity

Downloader Registry Keys:
HKEY_CLASSES_ROOT\appid\{118a2bfa-5ac7-4d29-beb9-d68f4d2cccab}
HKEY_CLASSES_ROOT\clsid\{2eb3eff2-f707-4ea8-81aa-4b65d2799f31}
HKEY_CLASSES_ROOT\clsid\{4f9ca775-2c5f-4e2a-b157-cb440564f7f4}
HKEY_CLASSES_ROOT\interface\{4f476e6b-1eca-4a3b-845a-505d8892da1a}
HKEY_CLASSES_ROOT\interface\{64809b75-d8c3-4052-a7ad-6a3ecc39218e}
HKEY_CLASSES_ROOT\interface\{8adbbe3e-1841-4708-85df-727ccee6220b}
HKEY_CLASSES_ROOT\interface\{96866cad-7f56-4047-9d41-08322b6b79f3}
HKEY_CLASSES_ROOT\interface\{ed3672d8-19b9-400f-8bed-734e6cc2355f}
HKEY_CLASSES_ROOT\magnet
HKEY_CLASSES_ROOT\typelib\{5830698f-7fc0-40cd-a453-9a0cafdf3a64}
HKEY_CLASSES_ROOT\typelib\{cc364a32-d59b-4e9c-9156-f0050c45005b}
HKEY_CLASSES_ROOT\winnet.update.1
HKEY_CURRENT_USER\software\commonname
HKEY_CURRENT_USER\software\grokster
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\add a page note
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\bookmark this page
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\email this link
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\search using commonname
HKEY_LOCAL_MACHINE\software\classes\appid\winnet.exe
HKEY_LOCAL_MACHINE\software\classes\appid\{118a2bfa-5ac7-4d29-beb9-d68f4d2cccab}
HKEY_LOCAL_MACHINE\software\classes\babeie.handler
HKEY_LOCAL_MACHINE\software\classes\babeie.handler.1
HKEY_LOCAL_MACHINE\software\classes\babeie.helper
HKEY_LOCAL_MACHINE\software\classes\babeie.helper.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{c5941ee5-6dfa-11d8-86b0-0002441a9695}
HKEY_LOCAL_MACHINE\software\classes\interface\{2d0f5208-3198-49a4-86a7-d65e9e582751}
HKEY_LOCAL_MACHINE\software\classes\interface\{8adbbe3e-1841-4708-85df-727ccee6220b}
HKEY_LOCAL_MACHINE\software\classes\protocols\handler\cn
HKEY_LOCAL_MACHINE\software\classes\typelib\{d879d743-e2cc-4161-8034-2234203681c9}
HKEY_LOCAL_MACHINE\software\classes\winnet.update
HKEY_LOCAL_MACHINE\software\classes\winnet.update.1
HKEY_LOCAL_MACHINE\software\commonname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\commonname
HKEY_CLASSES_ROOT\babie.handler.1
HKEY_CLASSES_ROOT\babie.helper.1
HKEY_CLASSES_ROOT\clsid\{046d6ea4-15e3-4b27-8010-45bd78a9219e}
HKEY_CLASSES_ROOT\clsid\{118a2bfa-5ac7-4d29-beb9-d68f4d2cccab}
HKEY_CLASSES_ROOT\clsid\{4f476e6b-1eca-4a3b-845a-505d8892da1a}
HKEY_CLASSES_ROOT\clsid\{53b1b977-193e-4a9f-b9fc-e1dcc24016a1}
HKEY_CLASSES_ROOT\clsid\{541a3704-4320-4e2d-9371-e4a4c9803191}
HKEY_CLASSES_ROOT\clsid\{64809b75-d8c3-4052-a7ad-6a3ecc39218e}
HKEY_CLASSES_ROOT\clsid\{8adbbe3e-1841-4708-85df-727ccee6220b}
HKEY_CLASSES_ROOT\clsid\{a7fe5e20-9866-4c49-b5ed-3991954a2acd}
HKEY_CLASSES_ROOT\clsid\{ac04dc43-28e9-4746-9164-c200a04b8921}
HKEY_CLASSES_ROOT\clsid\{ae6ddeb6-5683-4f5d-ad53-0f93b02a3f93}
HKEY_CLASSES_ROOT\clsid\{c4b81c49-5ea5-490b-af95-04994a4214d4}
HKEY_CLASSES_ROOT\clsid\{fb68cc40-c725-491a-aac3-f37dde794edb}
HKEY_CLASSES_ROOT\dnserr.dnserrobj
HKEY_CLASSES_ROOT\dnserr.dnserrobj.1
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\uninstall\commonname toolbar 3.50_is1
HKEY_CLASSES_ROOT\typelib\{c4b81c49-5ea5-490b-af95-04994a4214d4}
HKEY_CLASSES_ROOT\typelib\{dd0032df-ceef-4e0a-8b75-e4d8861e11e5}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6656b666-992f-4d74-8588-8ca69e97d90c}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\brows
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{046d6ea4-15e3-4b27-8010-45bd78a9219e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\commonname desktop 3.0_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\commonname toolbar 3.1_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\commonname toolbar 3.50_is1

Downloader Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_CLASSES_ROOT\software\microsoft\internet explorer\toolbar
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Downloader:

you can run trial version of ExterminateIt, or remove Downloader manually.

To completely manually remove Downloader malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Downloader.

Smarotec Trojan

Smarotec description:
Smarotec Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Smarotec:

you can run trial version of ExterminateIt, or remove Smarotec manually.

To completely manually remove Smarotec malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Smarotec.

Dasmin Trojan

Dasmin description:
Dasmin Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Dasmin:

you can run trial version of ExterminateIt, or remove Dasmin manually.

To completely manually remove Dasmin malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Dasmin.

Small.oh Downloader

Small.oh description:
Small.oh Category:Downloader
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

Removing Small.oh:

you can run trial version of ExterminateIt, or remove Small.oh manually.

To completely manually remove Small.oh malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Small.oh.

Price Trojan

Price description:
Price Category:Trojan,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.

Removing Price:

you can run trial version of ExterminateIt, or remove Price manually.

To completely manually remove Price malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Price.

CWS.SysTime Hijacker

Click here to remove CWS.SysTime malware

CWS.SysTime description:
CWS.SysTime Category:Hijacker
Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search.

Detection CWS.SysTime :

CWS.SysTime Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main

Removing CWS.SysTime:

you can run trial version of ExterminateIt, or remove CWS.SysTime manually.

To completely manually remove CWS.SysTime malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with CWS.SysTime.

SillyDl.CQV Trojan

Click here to remove SillyDl.CQV malware

SillyDl.CQV description:
SillyDl.CQV Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing SillyDl.CQV:

you can run trial version of ExterminateIt, or remove SillyDl.CQV manually.

To completely manually remove SillyDl.CQV malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with SillyDl.CQV.

Generic.dx Trojan

Generic.dx description:
Generic.dx Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Generic.dx:

you can run trial version of ExterminateIt, or remove Generic.dx manually.

To completely manually remove Generic.dx malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Generic.dx.

Wednesday, January 21, 2009

VNC.Server RAT

VNC.Server description:
VNC.Server Category:RAT
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Detection VNC.Server :

VNC.Server Files:
[%COMMON_PROGRAMS%]\RealVNC\VNC Server 4 (Service-Mode)\Configure VNC Service.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Server 4 (Service-Mode)\Register VNC Service.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Server 4 (Service-Mode)\Start VNC Service.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Server 4 (Service-Mode)\Stop VNC Service.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Server 4 (Service-Mode)\Unregister VNC Service.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Server 4 (User-Mode)\Configure User-Mode Settings.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Server 4 (User-Mode)\Run VNC Server.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Server 4 (Service-Mode)\Configure VNC Service.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Server 4 (Service-Mode)\Register VNC Service.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Server 4 (Service-Mode)\Start VNC Service.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Server 4 (Service-Mode)\Stop VNC Service.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Server 4 (Service-Mode)\Unregister VNC Service.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Server 4 (User-Mode)\Configure User-Mode Settings.lnk
[%COMMON_PROGRAMS%]\RealVNC\VNC Server 4 (User-Mode)\Run VNC Server.lnk

Removing VNC.Server:

you can run trial version of ExterminateIt, or remove VNC.Server manually.

To completely manually remove VNC.Server malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with VNC.Server.

DreamWorld Trojan

DreamWorld description:
DreamWorld Category:Trojan,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Removing DreamWorld:

you can run trial version of ExterminateIt, or remove DreamWorld manually.

To completely manually remove DreamWorld malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with DreamWorld.

Smurflog Trojan

Smurflog description:
Smurflog Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Smurflog:

you can run trial version of ExterminateIt, or remove Smurflog manually.

To completely manually remove Smurflog malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Smurflog.

Posam Trojan

Posam description:
Posam Category:Trojan,Downloader
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Trojans-downloaders downloads and installs new malware or adware on the computer.

Removing Posam:

you can run trial version of ExterminateIt, or remove Posam manually.

To completely manually remove Posam malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Posam.

Bancos.HDZ Trojan

Bancos.HDZ description:
Bancos.HDZ Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Bancos.HDZ:

you can run trial version of ExterminateIt, or remove Bancos.HDZ manually.

To completely manually remove Bancos.HDZ malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.HDZ.

Bancos.FUB Trojan

Bancos.FUB description:
Bancos.FUB Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Bancos.FUB:

you can run trial version of ExterminateIt, or remove Bancos.FUB manually.

To completely manually remove Bancos.FUB malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.FUB.

pro.advertising.com Tracking Cookie

Click here to remove pro.advertising.com malware

pro.advertising.com description:
pro.advertising.com Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

If you fill out forms online with your real name and contact information,
click on banners and then purchase an item, or fill out sweepstakes or contests forms,
then it's possible that major online advertisers know your name and have associated it
with your IP address and other information.

Removing pro.advertising.com:

you can run trial version of ExterminateIt, or remove pro.advertising.com manually.

To completely manually remove pro.advertising.com malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with pro.advertising.com.

Backage.Server Trojan

Click here to remove Backage.Server malware

Backage.Server description:
Backage.Server Category:Trojan,Backdoor,RAT
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Removing Backage.Server:

you can run trial version of ExterminateIt, or remove Backage.Server manually.

To completely manually remove Backage.Server malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Backage.Server.

BAT.MF.282b Trojan

Click here to remove BAT.MF.282b malware

BAT.MF.282b description:
BAT.MF.282b Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing BAT.MF.282b:

you can run trial version of ExterminateIt, or remove BAT.MF.282b manually.

To completely manually remove BAT.MF.282b malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with BAT.MF.282b.

CoolWebSearch.SearchX Hijacker

Click here to remove CoolWebSearch.SearchX malware

CoolWebSearch.SearchX description:
CoolWebSearch.SearchX Category:Hijacker,Toolbar
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

Removing CoolWebSearch.SearchX:

you can run trial version of ExterminateIt, or remove CoolWebSearch.SearchX manually.

To completely manually remove CoolWebSearch.SearchX malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with CoolWebSearch.SearchX.

RemoteHome2000.v1 RAT

Click here to remove RemoteHome2000.v1 malware

RemoteHome2000.v1 description:
RemoteHome2000.v1 Category:RAT
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.

Removing RemoteHome2000.v1:

you can run trial version of ExterminateIt, or remove RemoteHome2000.v1 manually.

To completely manually remove RemoteHome2000.v1 malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with RemoteHome2000.v1.

Bancos.FVE Trojan

Bancos.FVE description:
Bancos.FVE Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Bancos.FVE:

you can run trial version of ExterminateIt, or remove Bancos.FVE manually.

To completely manually remove Bancos.FVE malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.FVE.

Pigeon.FAD Trojan

Pigeon.FAD description:
Pigeon.FAD Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Pigeon.FAD:

you can run trial version of ExterminateIt, or remove Pigeon.FAD manually.

To completely manually remove Pigeon.FAD malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.FAD.

MsjGet30 BHO

MsjGet30 description:
MsjGet30 Category:BHO
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.

Detection MsjGet30 :

MsjGet30 Files:
[%WINDOWS%]\system\msjget40.dll
[%WINDOWS%]\system\msjget40.dll

MsjGet30 Registry Keys:
HKEY_CLASSES_ROOT\clsid\{4567a600-0cee-11d8-9a3c-00047624d817}
HKEY_LOCAL_MACHINE\software\classes\clsid\{4567a600-0cee-11d8-9a3c-00047624d817}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4567a600-0cee-11d8-9a3c-00047624d817}

Removing MsjGet30:

you can run trial version of ExterminateIt, or remove MsjGet30 manually.

To completely manually remove MsjGet30 malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with MsjGet30.

FastKill Trojan

FastKill description:
FastKill Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing FastKill:

you can run trial version of ExterminateIt, or remove FastKill manually.

To completely manually remove FastKill malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with FastKill.

Win32.Rybot Trojan

Click here to remove Win32.Rybot malware

Win32.Rybot description:
Win32.Rybot Category:Trojan,Backdoor
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.

Removing Win32.Rybot:

you can run trial version of ExterminateIt, or remove Win32.Rybot manually.

To completely manually remove Win32.Rybot malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Win32.Rybot.

Tuesday, January 20, 2009

The.Killer Trojan

The.Killer description:
The.Killer Category:Trojan,Backdoor
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.

Removing The.Killer:

you can run trial version of ExterminateIt, or remove The.Killer manually.

To completely manually remove The.Killer malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with The.Killer.

Other Downloader

Other description:
Other Category:Downloader,Hacker Tool
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Detection Other :

Other Files:
[%DESKTOP%]\free screensavers.lnk
[%DESKTOP%]\old port casino.lnk
[%WINDOWS%]\zahov.exe
[%DESKTOP%]\free screensavers.lnk
[%DESKTOP%]\old port casino.lnk
[%WINDOWS%]\zahov.exe

Other Registry Keys:
HKEY_CLASSES_ROOT\favorite.favoriteman
HKEY_CLASSES_ROOT\favorite.favoriteman.1
HKEY_CLASSES_ROOT\bho42602.clsdockwindow
HKEY_CLASSES_ROOT\bho426022
HKEY_CLASSES_ROOT\clsid\{4cf5275b-cdbc-11d3-a8af-0090279a5978}
HKEY_CLASSES_ROOT\interface\{072d14ef-99b6-49dd-9be5-76142727b7ac}
HKEY_CURRENT_USER\software\inetcash
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\inetbar v1.1 r2_is1

Other Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Other:

you can run trial version of ExterminateIt, or remove Other manually.

To completely manually remove Other malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Other.

Engage.com Tracking Cookie

Engage.com description:
Engage.com Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

Removing Engage.com:

you can run trial version of ExterminateIt, or remove Engage.com manually.

To completely manually remove Engage.com malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Engage.com.

PSW.Lmir.gen Trojan

Click here to remove PSW.Lmir.gen malware

PSW.Lmir.gen description:
PSW.Lmir.gen Category:Trojan,Hacker Tool
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Removing PSW.Lmir.gen:

you can run trial version of ExterminateIt, or remove PSW.Lmir.gen manually.

To completely manually remove PSW.Lmir.gen malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with PSW.Lmir.gen.

dyndns.info Tracking Cookie

Click here to remove dyndns.info malware

dyndns.info description:
dyndns.info Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

If you fill out forms online with your real name and contact information,
click on banners and then purchase an item, or fill out sweepstakes or contests forms,
then it's possible that major online advertisers know your name and have associated it
with your IP address and other information.

Removing dyndns.info:

you can run trial version of ExterminateIt, or remove dyndns.info manually.

To completely manually remove dyndns.info malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with dyndns.info.

Pigeon.EXV Trojan

Pigeon.EXV description:
Pigeon.EXV Category:Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.

Removing Pigeon.EXV:

you can run trial version of ExterminateIt, or remove Pigeon.EXV manually.

To completely manually remove Pigeon.EXV malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.EXV.

SysDM Adware

SysDM description:
SysDM Category:Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits

Detection SysDM :

SysDM Files:
[%PROFILE_TEMP%]\sysdm.exe
[%PROFILE_TEMP%]\sysdm.exe

SysDM Folders:
[%APPDATA%]\Share Helper
[%PROGRAM_FILES%]\sysdm

SysDM Registry Keys:
HKEY_CURRENT_USER\software\sharehelper
HKEY_LOCAL_MACHINE\software\sharehelper

SysDM Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing SysDM:

you can run trial version of ExterminateIt, or remove SysDM manually.

To completely manually remove SysDM malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with SysDM.

Unclassified Trojan

Click here to remove Unclassified malware

Unclassified description:
Unclassified Category:Trojan,Adware,Spyware
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.

Detection Unclassified :

Unclassified Registry Keys:
HKEY_CURRENT_USER\software\local appwizard-generated applications\popup

Removing Unclassified:

you can run trial version of ExterminateIt, or remove Unclassified manually.

To completely manually remove Unclassified malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Unclassified.

Agobot.bh Trojan

Agobot.bh description:
Agobot.bh Category:Trojan,Backdoor
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Removing Agobot.bh:

you can run trial version of ExterminateIt, or remove Agobot.bh manually.

To completely manually remove Agobot.bh malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Agobot.bh.

Win32.MSN.IKMet Trojan

Click here to remove Win32.MSN.IKMet malware

Win32.MSN.IKMet description:
Win32.MSN.IKMet Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Win32.MSN.IKMet:

you can run trial version of ExterminateIt, or remove Win32.MSN.IKMet manually.

To completely manually remove Win32.MSN.IKMet malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Win32.MSN.IKMet.

Monday, January 19, 2009

SmartAdServer.com Tracking Cookie

Click here to remove SmartAdServer.com malware

SmartAdServer.com description:
SmartAdServer.com Category:Tracking Cookie
Tracking cookies, like regular cookies, are small files that get deposited
onto your computer's hard drive as you browse the Internet.
Unlike harmless cookies that normally let you use certain websites more easily,
tracking cookies usually collect and report information about what websites you visit
and what you do at those websites.

If you fill out forms online with your real name and contact information,
click on banners and then purchase an item, or fill out sweepstakes or contests forms,
then it's possible that major online advertisers know your name and have associated it
with your IP address and other information.

Removing SmartAdServer.com:

you can run trial version of ExterminateIt, or remove SmartAdServer.com manually.

To completely manually remove SmartAdServer.com malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with SmartAdServer.com.

Deluxe.Fone.Code.Hacker Adware

Click here to remove Deluxe.Fone.Code.Hacker malware

Deluxe.Fone.Code.Hacker description:
Deluxe.Fone.Code.Hacker Category:Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Removing Deluxe.Fone.Code.Hacker:

you can run trial version of ExterminateIt, or remove Deluxe.Fone.Code.Hacker manually.

To completely manually remove Deluxe.Fone.Code.Hacker malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Deluxe.Fone.Code.Hacker.

Pigeon.EXP Trojan

Pigeon.EXP description:
Pigeon.EXP Category:Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Removing Pigeon.EXP:

you can run trial version of ExterminateIt, or remove Pigeon.EXP manually.

To completely manually remove Pigeon.EXP malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.EXP.