Friday, December 5, 2008

Flamemsg Trojan

Flamemsg malware description and removal detail
Categories:Trojan

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Flamemsg:

An up-to-date copy of ExterminateIt should detect and prevent infection from Flamemsg.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Flamemsg manually.

To completely manually remove Flamemsg malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Flamemsg.

  1. Use Task Manager to terminate the Flamemsg process.
  2. Delete the original Flamemsg file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Flamemsg from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Flamemsg!


Also Be Aware of the Following Threats:
Bancos.GSE Trojan Removal instruction
Pigeon.EKF Trojan Symptoms
Pigeon.ESC Trojan Removal instruction
Removing Duwpare Trojan
Bancos.IKG Trojan Removal

Agent.dm Downloader

Agent.dm malware description and removal detail
Categories:Downloader

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Agent.dm:

An up-to-date copy of ExterminateIt should detect and prevent infection from Agent.dm.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Agent.dm manually.

To completely manually remove Agent.dm malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Agent.dm.

  1. Use Task Manager to terminate the Agent.dm process.
  2. Delete the original Agent.dm file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Agent.dm from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Agent.dm!


Also Be Aware of the Following Threats:
Pc.Xplorer Trojan Cleaner
Bancos.IFU Trojan Removal instruction

Bancos.IFR Trojan

Bancos.IFR malware description and removal detail
Categories:Trojan
Also known as:

[Kaspersky]Trojan.Win32.VB.avk;
[Other]Win32/Bancos.IFR,Infostealer,TrojanSpy:Win32/VB.LA

Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES_COMMON%]\fzx9823.exe
[%PROGRAM_FILES_COMMON%]\smss.exe
[%PROGRAM_FILES_COMMON%]\winlogon.exe
[%PROGRAM_FILES_COMMON%]\_fe12rmp.exe
[%PROGRAM_FILES_COMMON%]\fzx9823.exe
[%PROGRAM_FILES_COMMON%]\smss.exe
[%PROGRAM_FILES_COMMON%]\winlogon.exe
[%PROGRAM_FILES_COMMON%]\_fe12rmp.exe

In order to ensure that the Bancos.IFR is launched automatically each time the system is booted, the Bancos.IFR adds a link to its executable file in the system registry:
HKLM\Microsoft\Windows\CurrentVersion\Run
[%PROGRAM_FILES_COMMON%]\fzx9823.exe
[%PROGRAM_FILES_COMMON%]\smss.exe
[%PROGRAM_FILES_COMMON%]\winlogon.exe
[%PROGRAM_FILES_COMMON%]\_fe12rmp.exe

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Detecting Bancos.IFR:

Files:
[%PROGRAM_FILES_COMMON%]\fzx9823.exe
[%PROGRAM_FILES_COMMON%]\smss.exe
[%PROGRAM_FILES_COMMON%]\winlogon.exe
[%PROGRAM_FILES_COMMON%]\_fe12rmp.exe
[%PROGRAM_FILES_COMMON%]\fzx9823.exe
[%PROGRAM_FILES_COMMON%]\smss.exe
[%PROGRAM_FILES_COMMON%]\winlogon.exe
[%PROGRAM_FILES_COMMON%]\_fe12rmp.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Bancos.IFR:

An up-to-date copy of ExterminateIt should detect and prevent infection from Bancos.IFR.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Bancos.IFR manually.

To completely manually remove Bancos.IFR malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.IFR.

  1. Use Task Manager to terminate the Bancos.IFR process.
  2. Delete the original Bancos.IFR file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Bancos.IFR from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Bancos.IFR!


Also Be Aware of the Following Threats:
Backdoor.Excalibur Trojan Cleaner
Gammae Tracking Cookie Removal
RemotanZ.Clone Backdoor Information
Vxidl.AIN Trojan Removal instruction

Vxidl.AXA Trojan

Vxidl.AXA malware description and removal detail
Categories:Trojan

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Vxidl.AXA:

An up-to-date copy of ExterminateIt should detect and prevent infection from Vxidl.AXA.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Vxidl.AXA manually.

To completely manually remove Vxidl.AXA malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Vxidl.AXA.

  1. Use Task Manager to terminate the Vxidl.AXA process.
  2. Delete the original Vxidl.AXA file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Vxidl.AXA from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Vxidl.AXA!


Also Be Aware of the Following Threats:
Forbot.gen Backdoor Removal
Try2Find Adware Cleaner
TMS Backdoor Information
Bancos.IKG Trojan Information
Bancos.HBE Trojan Information

Nuclear.Prank Trojan

Nuclear.Prank malware description and removal detail
Categories:Trojan,DoS
Also known as:

[Kaspersky]Trojan.Win32.NuclearPrank.a,Trojan.Win32.NuclearPrank.b;
[Panda]Trojan Horse;
[Computer Associates]Win32.NuclearPrank.B,Win32/NuclearPrank.a!Trojan,Win32/NuclearPrank.b!Trojan

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Nuclear.Prank:

An up-to-date copy of ExterminateIt should detect and prevent infection from Nuclear.Prank.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Nuclear.Prank manually.

To completely manually remove Nuclear.Prank malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Nuclear.Prank.

  1. Use Task Manager to terminate the Nuclear.Prank process.
  2. Delete the original Nuclear.Prank file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Nuclear.Prank from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Nuclear.Prank!


Also Be Aware of the Following Threats:
Remove SillyDl.ADU Trojan
Pigeon.AGV Trojan Removal instruction
SFX RAT Removal instruction
SillyDl.CNF Trojan Information

Bancos.HUM Trojan

Bancos.HUM malware description and removal detail
Categories:Trojan

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Bancos.HUM:

An up-to-date copy of ExterminateIt should detect and prevent infection from Bancos.HUM.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Bancos.HUM manually.

To completely manually remove Bancos.HUM malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.HUM.

  1. Use Task Manager to terminate the Bancos.HUM process.
  2. Delete the original Bancos.HUM file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Bancos.HUM from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Bancos.HUM!


Also Be Aware of the Following Threats:
Remove EGroup Adware
Remove Genue RAT

Fiendish.Person Trojan

Fiendish.Person malware description and removal detail
Categories:Trojan,Backdoor
Also known as:

[Kaspersky]Backdoor.Delf.en;
[F-Prot]security risk or a "backdoor" program;
[Panda]Backdoor Program,Bck/Delf,Bck/MWpro;
[Computer Associates]Backdoor/Delf.en!Server,Backdoor/MWpro

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Fiendish.Person:

An up-to-date copy of ExterminateIt should detect and prevent infection from Fiendish.Person.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Fiendish.Person manually.

To completely manually remove Fiendish.Person malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Fiendish.Person.

  1. Use Task Manager to terminate the Fiendish.Person process.
  2. Delete the original Fiendish.Person file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Fiendish.Person from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Fiendish.Person!


Also Be Aware of the Following Threats:
Grepage Trojan Removal instruction
CyberPaky Trojan Information
Removing RTelnet Trojan
FreeWire Worm Symptoms

Sub7.tool.scanner RAT

Sub7.tool.scanner malware description and removal detail
Categories:RAT

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Sub7.tool.scanner:

An up-to-date copy of ExterminateIt should detect and prevent infection from Sub7.tool.scanner.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Sub7.tool.scanner manually.

To completely manually remove Sub7.tool.scanner malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Sub7.tool.scanner.

  1. Use Task Manager to terminate the Sub7.tool.scanner process.
  2. Delete the original Sub7.tool.scanner file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Sub7.tool.scanner from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Sub7.tool.scanner!


Also Be Aware of the Following Threats:
BlowSearch Adware Removal instruction
Exit.Win.Predator Trojan Information

Baca Trojan

Baca malware description and removal detail
Categories:Trojan
Also known as:

[Kaspersky]Trojan.Win16.Baca;
[McAfee]Baca;
[F-Prot]destructive program;
[Panda]Trj/Baca

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Baca:

An up-to-date copy of ExterminateIt should detect and prevent infection from Baca.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Baca manually.

To completely manually remove Baca malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Baca.

  1. Use Task Manager to terminate the Baca process.
  2. Delete the original Baca file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Baca from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Baca!


Also Be Aware of the Following Threats:
Remove BAT.Filler Trojan
Zvel4449 Trojan Information
Remove Sin Trojan
Pigeon.AVPC Trojan Symptoms
Pigeon.ETU Trojan Removal instruction

Zep Trojan

Zep malware description and removal detail
Categories:Trojan
Also known as:

[Eset]Bat.Wavefunc.Zep.163 virus;
[Panda]BAT/Zep;
[Computer Associates]Zep

Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\desktop messenger\8876480\6.1.0.155-8876480l\program\restart.exe
[%PROGRAM_FILES%]\desktop messenger\8876480\6.1.0.155-8876480l\program\restart.exe

In order to ensure that the Zep is launched automatically each time the system is booted, the Zep adds a link to its executable file in the system registry:
HKLM\Microsoft\Windows\CurrentVersion\Run
[%PROGRAM_FILES%]\desktop messenger\8876480\6.1.0.155-8876480l\program\restart.exe

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Detecting Zep:

Files:
[%PROGRAM_FILES%]\desktop messenger\8876480\6.1.0.155-8876480l\program\restart.exe
[%PROGRAM_FILES%]\desktop messenger\8876480\6.1.0.155-8876480l\program\restart.exe

Removing Zep:

An up-to-date copy of ExterminateIt should detect and prevent infection from Zep.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Zep manually.

To completely manually remove Zep malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Zep.

  1. Use Task Manager to terminate the Zep process.
  2. Delete the original Zep file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Zep from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Zep!


Also Be Aware of the Following Threats:
Win32.Spy.Briss Trojan Removal
small.awd Downloader Removal
SillyDl.DNT Trojan Removal instruction

Bancos.HLE Trojan

Bancos.HLE malware description and removal detail
Categories:Trojan

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Bancos.HLE:

An up-to-date copy of ExterminateIt should detect and prevent infection from Bancos.HLE.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Bancos.HLE manually.

To completely manually remove Bancos.HLE malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.HLE.

  1. Use Task Manager to terminate the Bancos.HLE process.
  2. Delete the original Bancos.HLE file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Bancos.HLE from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Bancos.HLE!


Also Be Aware of the Following Threats:
Rlsloup Trojan Information
Vorbeld Trojan Symptoms
Remove VBS.Mafext Trojan
Win32.Lemir Trojan Information

NoXcape Backdoor

NoXcape malware description and removal detail
Categories:Backdoor

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing NoXcape:

An up-to-date copy of ExterminateIt should detect and prevent infection from NoXcape.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove NoXcape manually.

To completely manually remove NoXcape malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with NoXcape.

  1. Use Task Manager to terminate the NoXcape process.
  2. Delete the original NoXcape file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes NoXcape from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of NoXcape!


Also Be Aware of the Following Threats:
Sosodown Downloader Removal

NT.Root.Kit.31a Trojan

NT.Root.Kit.31a malware description and removal detail
Categories:Trojan,Backdoor,Hacker Tool
Also known as:

[Kaspersky]Backdoor.NTRootKit.040;
[Eset]Win32/NTRootKit trojan;
[McAfee]NTRootKit-A trojan;
[F-Prot]security risk or a "backdoor" program;
[Panda]Backdoor Program,NTRootkit;
[Computer Associates]WinNT.RootKit,WinNT/RootKit_Deploy!Trojan,WinNT/RootKit_Driver!Trojan

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing NT.Root.Kit.31a:

An up-to-date copy of ExterminateIt should detect and prevent infection from NT.Root.Kit.31a.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove NT.Root.Kit.31a manually.

To completely manually remove NT.Root.Kit.31a malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with NT.Root.Kit.31a.

  1. Use Task Manager to terminate the NT.Root.Kit.31a process.
  2. Delete the original NT.Root.Kit.31a file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes NT.Root.Kit.31a from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of NT.Root.Kit.31a!


Also Be Aware of the Following Threats:
Unknown.Pest Trojan Information
Removing Jeemp Backdoor

Bancos.GIL Trojan

Bancos.GIL malware description and removal detail
Categories:Trojan

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Bancos.GIL:

An up-to-date copy of ExterminateIt should detect and prevent infection from Bancos.GIL.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Bancos.GIL manually.

To completely manually remove Bancos.GIL malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.GIL.

  1. Use Task Manager to terminate the Bancos.GIL process.
  2. Delete the original Bancos.GIL file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Bancos.GIL from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Bancos.GIL!


Also Be Aware of the Following Threats:
BAT.Ordin Trojan Symptoms
Gustavo Trojan Removal
Cottered Trojan Removal instruction
Ambush.Client Trojan Information
Bancos.GTM Trojan Information

Heak Trojan

Heak malware description and removal detail
Categories:Trojan,Hacker Tool
Also known as:

[Panda]Trojan Horse.LC;
[Computer Associates]Win32/Heak!PWS!Trojan

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Heak:

An up-to-date copy of ExterminateIt should detect and prevent infection from Heak.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Heak manually.

To completely manually remove Heak malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Heak.

  1. Use Task Manager to terminate the Heak process.
  2. Delete the original Heak file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Heak from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Heak!


Also Be Aware of the Following Threats:
Removing UltraVNC RAT
sensis.com.au Tracking Cookie Symptoms
Removing Pigeon.AYX Trojan
CWS.SoundMX Hijacker Removal instruction

Pigeon.AVBR Trojan

Pigeon.AVBR malware description and removal detail
Categories:Trojan

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Pigeon.AVBR:

An up-to-date copy of ExterminateIt should detect and prevent infection from Pigeon.AVBR.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Pigeon.AVBR manually.

To completely manually remove Pigeon.AVBR malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.AVBR.

  1. Use Task Manager to terminate the Pigeon.AVBR process.
  2. Delete the original Pigeon.AVBR file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Pigeon.AVBR from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Pigeon.AVBR!


Also Be Aware of the Following Threats:
Remove YourEnhancement Downloader

PSW.KeyLogger Trojan

PSW.KeyLogger malware description and removal detail
Categories:Trojan,Spyware,Hacker Tool
Also known as:

[Panda]Trj/PSW.Keylog.1.0;
[Computer Associates]Win32.PSW.KeyLogger.10

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing PSW.KeyLogger:

An up-to-date copy of ExterminateIt should detect and prevent infection from PSW.KeyLogger.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove PSW.KeyLogger manually.

To completely manually remove PSW.KeyLogger malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with PSW.KeyLogger.

  1. Use Task Manager to terminate the PSW.KeyLogger process.
  2. Delete the original PSW.KeyLogger file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes PSW.KeyLogger from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of PSW.KeyLogger!


Also Be Aware of the Following Threats:
SillyDl.CDV Trojan Symptoms
Vxidl.AIB Trojan Symptoms
freeaudit.hu Tracking Cookie Removal instruction
Back.Streets Trojan Information

Mshark Trojan

Mshark malware description and removal detail
Categories:Trojan,Backdoor,Downloader,DoS
Also known as:

[Kaspersky]Mshark.378;
[Panda]MShark,Mshark.378;
[Computer Associates]Mshark,Mshark 378

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Mshark:

An up-to-date copy of ExterminateIt should detect and prevent infection from Mshark.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Mshark manually.

To completely manually remove Mshark malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Mshark.

  1. Use Task Manager to terminate the Mshark process.
  2. Delete the original Mshark file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Mshark from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Mshark!


Also Be Aware of the Following Threats:
Lyttlesoft.KeyBugger Spyware Removal instruction
Win32.PPdoor.bc Backdoor Removal
SVC Trojan Cleaner
Riot Trojan Removal instruction

IRC.Whisper Trojan

IRC.Whisper malware description and removal detail
Categories:Trojan,Backdoor

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing IRC.Whisper:

An up-to-date copy of ExterminateIt should detect and prevent infection from IRC.Whisper.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove IRC.Whisper manually.

To completely manually remove IRC.Whisper malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with IRC.Whisper.

  1. Use Task Manager to terminate the IRC.Whisper process.
  2. Delete the original IRC.Whisper file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes IRC.Whisper from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of IRC.Whisper!


Also Be Aware of the Following Threats:
Remove Pigeon.AVGH Trojan
Afcore.an Backdoor Removal instruction

Lorofring Trojan

Lorofring malware description and removal detail
Categories:Trojan
Also known as:

[Kaspersky]Trojan.Win32.Agent.dje;
[Other]Lorofring.C,Lorofring.A

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\kb1111p.dll
[%SYSTEM%]\kb1111p.dll

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Detecting Lorofring:

Files:
[%SYSTEM%]\kb1111p.dll
[%SYSTEM%]\kb1111p.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{9c0adb68-353a-61dd-ed09-1d8003a61111}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks

Removing Lorofring:

An up-to-date copy of ExterminateIt should detect and prevent infection from Lorofring.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Lorofring manually.

To completely manually remove Lorofring malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Lorofring.

  1. Use Task Manager to terminate the Lorofring process.
  2. Delete the original Lorofring file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Lorofring from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Lorofring!


Also Be Aware of the Following Threats:
Pointex Backdoor Removal
WordMacro.Dark Trojan Removal
Cudybot Trojan Symptoms

Lineage Trojan

Lineage malware description and removal detail
Categories:Trojan,Spyware,Hacker Tool
Also known as:

[Kaspersky]Trojan-PSW.Win32.Lineage.ag,Trojan-PSW.Win32.Agent.hh,Trojan-PSW.Win32.Lineage.acw,Trojan-PSW.Win32.Gamec.aw,Trojan-PSW.Win32.Lineage.hy,Trojan-PSW.Win32.Lineage.ajq,Trojan-PSW.Win32.Nilage.apv,Trojan-PSW.Win32.Delf.tv,Trojan-PWS.WIn32.Nilage.mo,Trojan-PWS.WIn32.Magania.fx,Trojan-PSW.Win32.Magania.hs,Trojan-PWS.Win32.Agent.dq,Trojan-PSW.Win32.Delf.lx,Trojan-PSW.Win32.WOW.lk,Trojan-PSW.Win32.Nilage.agt,Trojan-PSW.Win32.Nilage.aha,Trojan-PSW.Win32.Maran.t,Trojan-PSW.Win32.Nilage.afz,Trojan-PSW.Win32.Nilage.ahp,Trojan-PSW.Win32.Nilage.ach,Trojan-PSW.Win32.Hangame.bu,Trojan-PSW.Win32.OnLineGames.ar,Trojan-PSW.WIn32.Gamec.bw,Trojan-PSW.Win32.Nilage.ayc,Trojan-PWS.Win32.Gamec.bw,Trojan-PSW.Win32.Agent.cu,Trojan-PWS.Win32.Nilage.awt,Trojan-PSW.Win32.Magania.fx,Trojan-PWS.Win32.Magania.iv,Trojan-PWS.Win32.Nilage.atk,Trojan-PSW.Win32.OnLineGames.aw,Trojan-PSW.Win32.Delf.tf,Trojan-PSW.Win32.Magania.jl,Trojan-PSW.Win32.OnLineGame.eb,Trojan-PSW.Win32.Agent.jp,Trojan-PSW.Win32.OnLineGames.cm,Trojan-PSW.Win32.Nilage.avi,Trojan-PSW.Win32.OnLineGames.de,Trojan-PSW.Win32.Nilage.acy,Trojan-PSW.Win32.OnLineGames.dt,Trojan-PSW.Win32.Nilage.awo,Trojan-PSW.Win32.OnLineGames.kw,Trojan-PSW.Win32.Nilage.bjl,Trojan-PSW.Win32.Magania.ch,Trojan-PSW.Win32.Magania.ov,Trojan-PSW.Win32.Magania.pc,Trojan.PSW.Win32.Nilage.bjk,Trojan-PSW.Win32.Magania.pw,Packed.Win32.NSAnti.n,Trojan-PSW.Win32.Nilage.aix,Trojan-PSW.Win32.Nilage.ait,Trojan-Downloader.Win32.Delf.ade,Trojan-PSW.Win32.Nilage.bjh,Trojan-PWS.Win32.Hangames.eh,Trojan-PSW.Win32.OnLineGames.d,Trojan.Win32.Agent.aac,Trojan-PSW.Win32.Nilage.aic,Trojan-PSW.Win32.Magania.hh,Trojan-PSW.Win32.OnLineGames.dl;
[McAfee]PWS-Lineage,PWS-Lineage.dll,PWS-Lineage.dr,PWS-Gamania.dll,New Malware.bc,PWS-Gamania,PWs-Mmorpg.gen;
[F-Prot]W32/PWStealer.gen1,W32/PWStealer1!Generic,W32/LineageX.CTJ;
[Other]Infostealer,Win32/Lineage.ED,Infostealer.Lineage,PWS-Lineage,Win32.Lineage.EF,Infostealer.Lemir.Gen,Win32/Lineage.DZ,W32/Lineage.BUL,Win32/Lineage!generic,Win32/Lineage.HN,Win32/Lineage.IE,Win32/Lineage.IA,Win32/Lineage.HQ,Infostealer.Uprungam,Win32/Lineage.IM,WIn32.Lineage.IX,Infostealer.Gamania,Win32.Lineage.IY,Win32.Lineage.IW,TSPY_LINEAGE.CVH,Win32/Lineage.HT,Win32/Lineage.JR,Win32/Lineage.HU,TSPY_LINEAGE.CNJ,Win32/Lineage.ER,Win32/Lineage.FB,Win32/Lineage.FF,Win32/Lineage.GV,Win32/Lineage.GW,Win32/Lineage.GX,Win32/Lineage.GY,win32/Lineage.JV,Win32/Lineage.JX,Win32.Lineage.JZ,W32/Lineage.KD,Win32/Lineage.KA,Win32/Lineage.MO,Win32/Lineage.OD,Win32/Lineage.OK,Win32/Lineage.OB,W32/Lineage.ANNO,W32/Bacalid.A,Infostealer.Wowcraft,Win32/Lineage.JB,Win32/Lineage.QS,Win32/Lineage.MB,Troj/Lineag-AEU,Win32/Lineage.TP,Win32/Lineage.SZ,Mal/Packer,Win32/Lineage.TA,Bloodhound.NsAnti,Troj/Agent-DZN,Win32/Lineage.NT,Win32/Lineage.NM,Win32/Lineage.OF,Win32/Lineage.QN,Win32/Lineage.ON,Win32/Lineage.SX,Win32/Lineage.TR,WIn32/Lineage.UU,WIn32/Lineage.KB,Win32/Lineage.OM,Win32/Lineage.TB,Win32/Lineage.UI,Win32/Lineage.UX,Win32/Lineage.VD,Win32/Lineage.VE,Win32/Lineage.VI,Win32/Lineage.RE,Win32/Lineage.RL,W32/Lineage.AOZQ,Win32/Lineage.VX,Win32/Lineage.WW,Win32/Lineage.WX,Win32/Lineage.WZ,Win32/Lineage.WY,Win32/Lineage.XA,Win32/Lineage.XM,Win32/Lineage.XN,Win32/Lineage.XO,Win32/Lineage.XR,Win32/Lineage.YI,Infostealer.Gampass,PWS:Win32/Lineage.gen!dll,Mal/EncPk-F,Win32/Lineage.YJ,Infostealer.Perfwo.B,PWS:Win32/Lineage.gen!D,Win32/Lineage.YK,PWS:Win32/Wowsteal.gen!A,W32/Viking.EQ,Mal/Behav-085,PWS:Win32/Gamania.gen!B,W32/Lineage.APDZ,Win32/Lineage.YL,W32/Lineage.AMXG,Troj/Lineag-Gen,Win32/Lineage.YX,Troj/Dloadr-AYW,TSPY_LINEAGE.FRT,Win32/Lineage.ZH,TrojanDropper:Win32/Lineage.gen,W32/Hupigon.gen67,PWS-Pinch,Win32/Lineage.ZL,Win32/Lineage.ZM

Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\Windows Media Player\svchost.exe
[%SYSTEM%]\dab1.dll
[%SYSTEM%]\msdll.dll
[%SYSTEM%]\PDLL.dll
[%WINDOWS%]\af.dat
[%WINDOWS%]\rundl132.exe
[%PROFILE_TEMP%]\94f.dll
[%PROFILE_TEMP%]\a.dll
[%PROFILE_TEMP%]\cb.exe
[%PROFILE_TEMP%]\file.exe
[%PROFILE_TEMP%]\ie777.exe
[%PROFILE_TEMP%]\iesys.exe
[%PROFILE_TEMP%]\menghuan.exe
[%PROFILE_TEMP%]\mh2\iexpl0re.EXE
[%PROFILE_TEMP%]\Mhgx.dll
[%PROFILE_TEMP%]\packet.dll
[%PROFILE_TEMP%]\qq.exe
[%PROFILE_TEMP%]\sp.dat
[%PROFILE_TEMP%]\VS000025.dll
[%PROFILE_TEMP%]\wanpacket.dll
[%PROFILE_TEMP%]\wow.exe
[%PROFILE_TEMP%]\wulin.exe
[%PROFILE_TEMP%]\zhengtu.exe
[%PROGRAM_FILES%]\explord.exe
[%PROGRAM_FILES%]\Microsoft\svhost32.exe
[%PROGRAM_FILES_COMMON%]\wincreat.dll
[%SYSTEM%]\dllf.dll
[%SYSTEM%]\dllms.dll
[%SYSTEM%]\dllt.dll
[%SYSTEM%]\dllwm.dll
[%SYSTEM%]\dlyy.dll
[%SYSTEM%]\dms.dll
[%SYSTEM%]\exesfisle.exe
[%SYSTEM%]\exploreo.exe
[%SYSTEM%]\explorerf.exe
[%SYSTEM%]\givyoua.exe
[%SYSTEM%]\givyoub.exe
[%SYSTEM%]\htdll.dll
[%SYSTEM%]\qmdll.dll
[%SYSTEM%]\systemlf.dll
[%SYSTEM%]\systemlj.dll
[%SYSTEM%]\systemlo.dll
[%SYSTEM%]\tdll.dll
[%SYSTEM%]\winCreate.exe
[%SYSTEM%]\winsp2.exe
[%SYSTEM%]\wldll.dll
[%SYSTEM%]\xydll.dll
[%SYSTEM%]\ztdll.dll
[%WINDOWS%]\command\rundll32.exe
[%WINDOWS%]\Config\svhost32.exe
[%WINDOWS%]\Download\svhost32.exe
[%WINDOWS%]\down\rundll32.exe
[%WINDOWS%]\Installer\services.exe
[%WINDOWS%]\loadmx.exe
[%WINDOWS%]\mxdll32.dll
[%WINDOWS%]\tdll.dll
[%WINDOWS%]\winpsfisle.dll
[%WINDOWS%]\winvar.dll
[%PROGRAM_FILES%]\Windows Media Player\svchost.exe
[%SYSTEM%]\dab1.dll
[%SYSTEM%]\msdll.dll
[%SYSTEM%]\PDLL.dll
[%WINDOWS%]\af.dat
[%WINDOWS%]\rundl132.exe
[%PROFILE_TEMP%]\94f.dll
[%PROFILE_TEMP%]\a.dll
[%PROFILE_TEMP%]\cb.exe
[%PROFILE_TEMP%]\file.exe
[%PROFILE_TEMP%]\ie777.exe
[%PROFILE_TEMP%]\iesys.exe
[%PROFILE_TEMP%]\menghuan.exe
[%PROFILE_TEMP%]\mh2\iexpl0re.EXE
[%PROFILE_TEMP%]\Mhgx.dll
[%PROFILE_TEMP%]\packet.dll
[%PROFILE_TEMP%]\qq.exe
[%PROFILE_TEMP%]\sp.dat
[%PROFILE_TEMP%]\VS000025.dll
[%PROFILE_TEMP%]\wanpacket.dll
[%PROFILE_TEMP%]\wow.exe
[%PROFILE_TEMP%]\wulin.exe
[%PROFILE_TEMP%]\zhengtu.exe
[%PROGRAM_FILES%]\explord.exe
[%PROGRAM_FILES%]\Microsoft\svhost32.exe
[%PROGRAM_FILES_COMMON%]\wincreat.dll
[%SYSTEM%]\dllf.dll
[%SYSTEM%]\dllms.dll
[%SYSTEM%]\dllt.dll
[%SYSTEM%]\dllwm.dll
[%SYSTEM%]\dlyy.dll
[%SYSTEM%]\dms.dll
[%SYSTEM%]\exesfisle.exe
[%SYSTEM%]\exploreo.exe
[%SYSTEM%]\explorerf.exe
[%SYSTEM%]\givyoua.exe
[%SYSTEM%]\givyoub.exe
[%SYSTEM%]\htdll.dll
[%SYSTEM%]\qmdll.dll
[%SYSTEM%]\systemlf.dll
[%SYSTEM%]\systemlj.dll
[%SYSTEM%]\systemlo.dll
[%SYSTEM%]\tdll.dll
[%SYSTEM%]\winCreate.exe
[%SYSTEM%]\winsp2.exe
[%SYSTEM%]\wldll.dll
[%SYSTEM%]\xydll.dll
[%SYSTEM%]\ztdll.dll
[%WINDOWS%]\command\rundll32.exe
[%WINDOWS%]\Config\svhost32.exe
[%WINDOWS%]\Download\svhost32.exe
[%WINDOWS%]\down\rundll32.exe
[%WINDOWS%]\Installer\services.exe
[%WINDOWS%]\loadmx.exe
[%WINDOWS%]\mxdll32.dll
[%WINDOWS%]\tdll.dll
[%WINDOWS%]\winpsfisle.dll
[%WINDOWS%]\winvar.dll

In order to ensure that the Lineage is launched automatically each time the system is booted, the Lineage adds a link to its executable file in the system registry:
HKLM\Microsoft\Windows\CurrentVersion\Run
[%PROGRAM_FILES%]\Windows Media Player\svchost.exe
[%WINDOWS%]\rundl132.exe
[%PROFILE_TEMP%]\cb.exe
[%PROFILE_TEMP%]\file.exe
[%PROFILE_TEMP%]\ie777.exe
[%PROFILE_TEMP%]\iesys.exe
[%PROFILE_TEMP%]\menghuan.exe
[%PROFILE_TEMP%]\qq.exe
[%PROFILE_TEMP%]\wow.exe
[%PROFILE_TEMP%]\wulin.exe
[%PROFILE_TEMP%]\zhengtu.exe
[%PROGRAM_FILES%]\explord.exe
[%PROGRAM_FILES%]\Microsoft\svhost32.exe
[%SYSTEM%]\exesfisle.exe
[%SYSTEM%]\exploreo.exe
[%SYSTEM%]\explorerf.exe
[%SYSTEM%]\givyoua.exe
[%SYSTEM%]\givyoub.exe
[%SYSTEM%]\winCreate.exe
[%SYSTEM%]\winsp2.exe
[%WINDOWS%]\command\rundll32.exe
[%WINDOWS%]\Config\svhost32.exe
[%WINDOWS%]\Download\svhost32.exe
[%WINDOWS%]\down\rundll32.exe
[%WINDOWS%]\Installer\services.exe
[%WINDOWS%]\loadmx.exe

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Detecting Lineage:

Files:
[%PROGRAM_FILES%]\Windows Media Player\svchost.exe
[%SYSTEM%]\dab1.dll
[%SYSTEM%]\msdll.dll
[%SYSTEM%]\PDLL.dll
[%WINDOWS%]\af.dat
[%WINDOWS%]\rundl132.exe
[%PROFILE_TEMP%]\94f.dll
[%PROFILE_TEMP%]\a.dll
[%PROFILE_TEMP%]\cb.exe
[%PROFILE_TEMP%]\file.exe
[%PROFILE_TEMP%]\ie777.exe
[%PROFILE_TEMP%]\iesys.exe
[%PROFILE_TEMP%]\menghuan.exe
[%PROFILE_TEMP%]\mh2\iexpl0re.EXE
[%PROFILE_TEMP%]\Mhgx.dll
[%PROFILE_TEMP%]\packet.dll
[%PROFILE_TEMP%]\qq.exe
[%PROFILE_TEMP%]\sp.dat
[%PROFILE_TEMP%]\VS000025.dll
[%PROFILE_TEMP%]\wanpacket.dll
[%PROFILE_TEMP%]\wow.exe
[%PROFILE_TEMP%]\wulin.exe
[%PROFILE_TEMP%]\zhengtu.exe
[%PROGRAM_FILES%]\explord.exe
[%PROGRAM_FILES%]\Microsoft\svhost32.exe
[%PROGRAM_FILES_COMMON%]\wincreat.dll
[%SYSTEM%]\dllf.dll
[%SYSTEM%]\dllms.dll
[%SYSTEM%]\dllt.dll
[%SYSTEM%]\dllwm.dll
[%SYSTEM%]\dlyy.dll
[%SYSTEM%]\dms.dll
[%SYSTEM%]\exesfisle.exe
[%SYSTEM%]\exploreo.exe
[%SYSTEM%]\explorerf.exe
[%SYSTEM%]\givyoua.exe
[%SYSTEM%]\givyoub.exe
[%SYSTEM%]\htdll.dll
[%SYSTEM%]\qmdll.dll
[%SYSTEM%]\systemlf.dll
[%SYSTEM%]\systemlj.dll
[%SYSTEM%]\systemlo.dll
[%SYSTEM%]\tdll.dll
[%SYSTEM%]\winCreate.exe
[%SYSTEM%]\winsp2.exe
[%SYSTEM%]\wldll.dll
[%SYSTEM%]\xydll.dll
[%SYSTEM%]\ztdll.dll
[%WINDOWS%]\command\rundll32.exe
[%WINDOWS%]\Config\svhost32.exe
[%WINDOWS%]\Download\svhost32.exe
[%WINDOWS%]\down\rundll32.exe
[%WINDOWS%]\Installer\services.exe
[%WINDOWS%]\loadmx.exe
[%WINDOWS%]\mxdll32.dll
[%WINDOWS%]\tdll.dll
[%WINDOWS%]\winpsfisle.dll
[%WINDOWS%]\winvar.dll
[%PROGRAM_FILES%]\Windows Media Player\svchost.exe
[%SYSTEM%]\dab1.dll
[%SYSTEM%]\msdll.dll
[%SYSTEM%]\PDLL.dll
[%WINDOWS%]\af.dat
[%WINDOWS%]\rundl132.exe
[%PROFILE_TEMP%]\94f.dll
[%PROFILE_TEMP%]\a.dll
[%PROFILE_TEMP%]\cb.exe
[%PROFILE_TEMP%]\file.exe
[%PROFILE_TEMP%]\ie777.exe
[%PROFILE_TEMP%]\iesys.exe
[%PROFILE_TEMP%]\menghuan.exe
[%PROFILE_TEMP%]\mh2\iexpl0re.EXE
[%PROFILE_TEMP%]\Mhgx.dll
[%PROFILE_TEMP%]\packet.dll
[%PROFILE_TEMP%]\qq.exe
[%PROFILE_TEMP%]\sp.dat
[%PROFILE_TEMP%]\VS000025.dll
[%PROFILE_TEMP%]\wanpacket.dll
[%PROFILE_TEMP%]\wow.exe
[%PROFILE_TEMP%]\wulin.exe
[%PROFILE_TEMP%]\zhengtu.exe
[%PROGRAM_FILES%]\explord.exe
[%PROGRAM_FILES%]\Microsoft\svhost32.exe
[%PROGRAM_FILES_COMMON%]\wincreat.dll
[%SYSTEM%]\dllf.dll
[%SYSTEM%]\dllms.dll
[%SYSTEM%]\dllt.dll
[%SYSTEM%]\dllwm.dll
[%SYSTEM%]\dlyy.dll
[%SYSTEM%]\dms.dll
[%SYSTEM%]\exesfisle.exe
[%SYSTEM%]\exploreo.exe
[%SYSTEM%]\explorerf.exe
[%SYSTEM%]\givyoua.exe
[%SYSTEM%]\givyoub.exe
[%SYSTEM%]\htdll.dll
[%SYSTEM%]\qmdll.dll
[%SYSTEM%]\systemlf.dll
[%SYSTEM%]\systemlj.dll
[%SYSTEM%]\systemlo.dll
[%SYSTEM%]\tdll.dll
[%SYSTEM%]\winCreate.exe
[%SYSTEM%]\winsp2.exe
[%SYSTEM%]\wldll.dll
[%SYSTEM%]\xydll.dll
[%SYSTEM%]\ztdll.dll
[%WINDOWS%]\command\rundll32.exe
[%WINDOWS%]\Config\svhost32.exe
[%WINDOWS%]\Download\svhost32.exe
[%WINDOWS%]\down\rundll32.exe
[%WINDOWS%]\Installer\services.exe
[%WINDOWS%]\loadmx.exe
[%WINDOWS%]\mxdll32.dll
[%WINDOWS%]\tdll.dll
[%WINDOWS%]\winpsfisle.dll
[%WINDOWS%]\winvar.dll

Folders:
[%WINDOWS%]\Intel

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{081fe200-a103-11d7-a46d-c770e4459f2f}
HKEY_CLASSES_ROOT\clsid\{267709fd-a691-43b0-bf38-0df6887a9b44}
HKEY_CLASSES_ROOT\clsid\{a3b455d8-1ac5-4bad-9c14-1a7d2383c89c}
HKEY_CLASSES_ROOT\clsid\{d14ce39f-eed3-489a-948c-fcd588f831e7}
HKEY_CLASSES_ROOT\clsid\{fdc8d286-9948-4a86-acba-dcb4333b1207}
HKEY_CLASSES_ROOT\inetapi64.classname
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_kinga
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_kingxp
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_kingxxx
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\kei2

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows
HKEY_LOCAL_MACHINE\software\microsoft\windows
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Lineage:

An up-to-date copy of ExterminateIt should detect and prevent infection from Lineage.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Lineage manually.

To completely manually remove Lineage malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Lineage.

  1. Use Task Manager to terminate the Lineage process.
  2. Delete the original Lineage file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Lineage from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Lineage!


Also Be Aware of the Following Threats:
PWS.Antigen Trojan Cleaner

Grave.Server1 Trojan

Grave.Server1 malware description and removal detail
Categories:Trojan,Backdoor,DoS
Also known as:

[Kaspersky]Moridin.c,Win95.Twinny.16384,Win95.Twinny.16384.a;
[McAfee]W32/Moridin,W95/Seek,W95/Seek.dr;
[F-Prot]destructive program;
[Panda]Bck/Moridin.c,Univ.B;
[Computer Associates]Backdoor/Grave.Server1,Win32.Grave,Win95.Zombie.5840,Win95/Twinny-II,Win95/Z0mbie

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Grave.Server1:

An up-to-date copy of ExterminateIt should detect and prevent infection from Grave.Server1.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Grave.Server1 manually.

To completely manually remove Grave.Server1 malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Grave.Server1.

  1. Use Task Manager to terminate the Grave.Server1 process.
  2. Delete the original Grave.Server1 file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Grave.Server1 from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Grave.Server1!


Also Be Aware of the Following Threats:
GV1 Trojan Removal
Telnet RAT Information
UpF.ker Backdoor Cleaner
Removing Bancos.HGK Trojan
Bancos.HEK Trojan Removal instruction