Remove Malware: 12/15/08

Monday, December 15, 2008

Homer.worm Trojan

Homer.worm malware description and removal detail
Categories:Trojan,Backdoor,Downloader,DoS
Also known as:


[Kaspersky]Win16.Homer.a,Win16.Homer.b,Win16.Homer.c,Win16.Homer.d,Win16.Homer.e;
[McAfee]Homer.worm;
[F-Prot]Win/Homer.38560.damaged - Dropper,Win/Homer.40231.damaged - Dropper,Win/Homer.50848 - Dropper,Win/Homer.52896 - Dropper,Win/Homer.54432.damaged - Dropper;
[Panda]Homer Drp;
[Computer Associates]Win.Homer.50848,Win.Homer.int

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Homer.worm:

An up-to-date copy of ExterminateIt should detect and prevent infection from Homer.worm.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Homer.worm manually.

To completely manually remove Homer.worm malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Homer.worm.

Use Task Manager to terminate the Homer.worm process.
Delete the original Homer.worm file and folders.
Delete the system registry key parameters
Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

ExterminateIt effectively and automatically removes Homer.worm from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Homer.worm!

Also Be Aware of the Following Threats:
HVL.ListMaker RAT Symptoms
Distributed.Deniel.Of.Service.attacks.proposal.based.on.routing DoS Removal instruction

Ebcav Trojan

Ebcav malware description and removal detail
Categories:Trojan,Backdoor,Downloader,DoS
Also known as:


[Kaspersky]Ebola_II.313;
[Panda]Ebola_II.313;
[Computer Associates]Ebola2.313

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Ebcav:

An up-to-date copy of ExterminateIt should detect and prevent infection from Ebcav.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Ebcav manually.

To completely manually remove Ebcav malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Ebcav.

Use Task Manager to terminate the Ebcav process.
Delete the original Ebcav file and folders.
Delete the system registry key parameters
Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

ExterminateIt effectively and automatically removes Ebcav from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Ebcav!

Also Be Aware of the Following Threats:
CyberTech Trojan Removal

Hifold Trojan

Hifold malware description and removal detail
Categories:Trojan
Also known as:


[Other]Hifold.A

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Hifold:

An up-to-date copy of ExterminateIt should detect and prevent infection from Hifold.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Hifold manually.

To completely manually remove Hifold malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Hifold.

Use Task Manager to terminate the Hifold process.
Delete the original Hifold file and folders.
Delete the system registry key parameters
Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

ExterminateIt effectively and automatically removes Hifold from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Hifold!

Also Be Aware of the Following Threats:
Getit753.com Trojan Removal instruction
Generic.Downlaoder Downloader Removal instruction

SECTHOUGHT Adware

SECTHOUGHT malware description and removal detail
Categories:Adware

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing SECTHOUGHT:

An up-to-date copy of ExterminateIt should detect and prevent infection from SECTHOUGHT.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove SECTHOUGHT manually.

To completely manually remove SECTHOUGHT malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with SECTHOUGHT.

Use Task Manager to terminate the SECTHOUGHT process.
Delete the original SECTHOUGHT file and folders.
Delete the system registry key parameters
Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

ExterminateIt effectively and automatically removes SECTHOUGHT from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of SECTHOUGHT!

Also Be Aware of the Following Threats:
Remove Undernet RAT
NoAdware Ransomware Symptoms
Travelocity.com Tracking Cookie Symptoms

Agobot Trojan

Agobot malware description and removal detail
Categories:Trojan,Worm,Backdoor,Hacker Tool
Also known as:


[Kaspersky]Backdoor.Agobot.gen,Backdoor.Agobot.b,Backdoor.Agobot,Backdoor.Agobot.cr,Backdoor.Agobot.ik;
[Eset]Win32/Agobot.05.C trojan,probably modified trojan Win32/Agobot.Wonk.gen (WIN32),Win32/Agobot.JQ trojan,Win32/Agobot.NBN trojan,Win32/Agobot.01.B trojan,Win32/Agobot.3.AK trojan,Win32/Agobot.TC trojan,Win32/Agobot.3.SE trojan,Win32/Agobot.3.XK trojan,Win32/Agobot.3.K trojan,Win32/Agobot.3.GG trojan,Win32/Agobot.3.LO trojan,Win32/Agobot.IK trojan,Win32/Agobot.3.AKD trojan,Win32/Agobot.DL trojan;
[McAfee]W32/Gaobot.worm.gen;
[Panda]W32/Dsbot.A.worm,W32/Gaobot.NP.worm,W32/Gaobot.ET.worm,W32/Gaobot.FG.worm,W32/Gaobot.KY.worm;
[Computer Associates]Backdoor/Agobot.05.c.Server,MS03-026 Exploit.Trojan,Win32.Agobot,Win32/Agobot.DL.Worm,Win32.Agobot.OF,Win32/Agobot.Worm,Win32/polybot!Trojan,Win32.Agobot.RS,Win32/Agobot.RS!Worm,Win32.Agobot.BM,Win32.Agobot.gen,Win32/Agobot.BB.Worm,Win32.Agobot.Q,Win32/Agobot.Q.Worm,Win32.Agobot.TU,Win32/Agobot.1482560.Worm,Win32.Agobot.JO,Win32/Agobot.JO.67072.Worm,Win32.Agobot.MQ,Win32/Agobot.MQ.Worm,Win32.Agobot.W,Win32/Agobot.W.Worm,Win32.Agobot.FO,Win32.Agobot.NO,Win32/Agobot.NO!Worm,Win32/Agobot.Variant!Worm,Win32.Agobot.YN,Win32/Agobot.1539535.Worm,Win32.Agobot.JM,Win32/Agobot.JG.229505.Trojan;
[Other]W32.HLLW.Gaobot.gen

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Detecting Agobot:

Registry Values: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing Agobot:

An up-to-date copy of ExterminateIt should detect and prevent infection from Agobot.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Agobot manually.

To completely manually remove Agobot malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Agobot.

Use Task Manager to terminate the Agobot process.
Delete the original Agobot file and folders.
Delete the system registry key parameters
Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

ExterminateIt effectively and automatically removes Agobot from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Agobot!

Also Be Aware of the Following Threats:
ProtectingTool Ransomware Symptoms
Staff.Copp Spyware Cleaner
Evhhap Trojan Cleaner
Removing MailSpam.EmailBomb Hacker Tool
Backdoor.VB.dn Trojan Symptoms

Delemon Trojan

Delemon malware description and removal detail
Categories:Trojan
Visible Symptoms:
Files in system folders:

 
[%SYSTEM%]\drivers\soundwav.sys
[%WINDOWS%]\AppPatch\dldlgs.dll
[%WINDOWS%]\AppPatch\msimain.dll
[%SYSTEM%]\drivers\soundwav.sys
[%WINDOWS%]\AppPatch\dldlgs.dll
[%WINDOWS%]\AppPatch\msimain.dll

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Detecting Delemon:

Files: [%SYSTEM%]\drivers\soundwav.sys [%WINDOWS%]\AppPatch\dldlgs.dll [%WINDOWS%]\AppPatch\msimain.dll [%SYSTEM%]\drivers\soundwav.sys [%WINDOWS%]\AppPatch\dldlgs.dll [%WINDOWS%]\AppPatch\msimain.dll

Registry Keys: HKEY_CLASSES_ROOT\clsid\{dade1910-86aa-d04e-4b87-28b92a3d4e99} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload\dlmonf HKEY_LOCAL_MACHINE\system\currentcontrolset\services\soundwav

Removing Delemon:

An up-to-date copy of ExterminateIt should detect and prevent infection from Delemon.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Delemon manually.

To completely manually remove Delemon malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Delemon.

Use Task Manager to terminate the Delemon process.
Delete the original Delemon file and folders.
Delete the system registry key parameters
Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

ExterminateIt effectively and automatically removes Delemon from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Delemon!

Also Be Aware of the Following Threats:
Removing Pigeon.AVOU Trojan

TrojanDownloader.Win32.Delf.ac Trojan

TrojanDownloader.Win32.Delf.ac malware description and removal detail
Categories:Trojan,Downloader
Also known as:


[Panda]Trj/Downloader.Y,Trojan Horse.LC

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing TrojanDownloader.Win32.Delf.ac:

An up-to-date copy of ExterminateIt should detect and prevent infection from TrojanDownloader.Win32.Delf.ac.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove TrojanDownloader.Win32.Delf.ac manually.

To completely manually remove TrojanDownloader.Win32.Delf.ac malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with TrojanDownloader.Win32.Delf.ac.

Use Task Manager to terminate the TrojanDownloader.Win32.Delf.ac process.
Delete the original TrojanDownloader.Win32.Delf.ac file and folders.
Delete the system registry key parameters
Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

ExterminateIt effectively and automatically removes TrojanDownloader.Win32.Delf.ac from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of TrojanDownloader.Win32.Delf.ac!

Also Be Aware of the Following Threats:
Offer.Companion Adware Symptoms
Lifeform Trojan Cleaner

DlQQHelp Trojan

DlQQHelp malware description and removal detail
Categories:Trojan,Downloader
Also known as:


[Kaspersky]Trojan-Downloader.Win32.QQHelper.aet,Trojan-Downloader.Win32.QQHelper.ve,Trojan-Downloader.Win32.Small.gnl,Trojan-Downloader.Win32.QQHelper.ww,Trojan-Downloader.Win32.QQHelper.ais,Trojan-Downloader.Win32.QQHelper.aiv,Trojan-Downloader.Win32.Banload.fuj;
[McAfee]Downloader-BBQ,BackDoor-CVM.dll,StartPage-JU.dldr.gen,PWS-Banker.dldr;
[F-Prot]W32/HelperX.EY,W32/Downloader.D.gen!Eldorado;
[Other]Win32/DlQQHelp.Z,Downloader,TrojanDownloader:Win32/QQHelper.N,TROJ_QQHELPER.OY,Win32/DlQQHelp.AH,TrojanDownloader:Win32/QQHelper.gen!D,W32/QQHelper.BXH,DlQQHelp.AL,W32/Downloader.GVS,Troj/Dloadr-BFD,Win32/DlQQHelp.AN,W32/QQHelper.CFU,Win32/DlQQHelp.AQ,Win32/DlQQHelp.AP,W32/Downloader.HYJ,W32/Downloader

Visible Symptoms:
Files in system folders:

 
[%FAVORITES%]\ÊÕ²Ø.url
[%WINDOWS%]\tempaq
[%FAVORITES%]\ÊÕ²Ø.url
[%WINDOWS%]\tempaq

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Detecting DlQQHelp:

Files: [%FAVORITES%]\ÊÕ²Ø.url [%WINDOWS%]\tempaq [%FAVORITES%]\ÊÕ²Ø.url [%WINDOWS%]\tempaq

Folders: [%PROGRAM_FILES%]\CPUSH

Removing DlQQHelp:

An up-to-date copy of ExterminateIt should detect and prevent infection from DlQQHelp.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove DlQQHelp manually.

To completely manually remove DlQQHelp malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with DlQQHelp.

Use Task Manager to terminate the DlQQHelp process.
Delete the original DlQQHelp file and folders.
Delete the system registry key parameters
Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

ExterminateIt effectively and automatically removes DlQQHelp from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of DlQQHelp!

Also Be Aware of the Following Threats:
REG.IRCFlood Trojan Removal
Gibbon Trojan Removal
Remove ServiceDaemon Trojan
ifrance.com Tracking Cookie Symptoms
Delf.gv Backdoor Symptoms

Pigeon.DZA Trojan

Pigeon.DZA malware description and removal detail
Categories:Trojan

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Pigeon.DZA:

An up-to-date copy of ExterminateIt should detect and prevent infection from Pigeon.DZA.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Pigeon.DZA manually.

To completely manually remove Pigeon.DZA malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.DZA.

Use Task Manager to terminate the Pigeon.DZA process.
Delete the original Pigeon.DZA file and folders.
Delete the system registry key parameters
Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

ExterminateIt effectively and automatically removes Pigeon.DZA from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Pigeon.DZA!

Also Be Aware of the Following Threats:
SearchClickAds Adware Symptoms
Stration.4gf! Trojan Information

Vxidl.AVS Trojan

Vxidl.AVS malware description and removal detail
Categories:Trojan

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Vxidl.AVS:

An up-to-date copy of ExterminateIt should detect and prevent infection from Vxidl.AVS.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Vxidl.AVS manually.

To completely manually remove Vxidl.AVS malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Vxidl.AVS.

Use Task Manager to terminate the Vxidl.AVS process.
Delete the original Vxidl.AVS file and folders.
Delete the system registry key parameters
Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

ExterminateIt effectively and automatically removes Vxidl.AVS from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Vxidl.AVS!

Also Be Aware of the Following Threats:
Remove UTClean Trojan

DOS7 Trojan

DOS7 malware description and removal detail
Categories:Trojan,Backdoor,Downloader,DoS
Also known as:


[Kaspersky]Dos7.342;
[Panda]Dos7;
[Computer Associates]DOS7 342

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing DOS7:

An up-to-date copy of ExterminateIt should detect and prevent infection from DOS7.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove DOS7 manually.

To completely manually remove DOS7 malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with DOS7.

Use Task Manager to terminate the DOS7 process.
Delete the original DOS7 file and folders.
Delete the system registry key parameters
Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

ExterminateIt effectively and automatically removes DOS7 from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of DOS7!

Also Be Aware of the Following Threats:
Removing Pigeon.AVRX Trojan
SillyDl.CYX Trojan Symptoms
Beesul Trojan Symptoms

Win32.Hatu Trojan

Win32.Hatu malware description and removal detail
Categories:Trojan
Also known as:


[Kaspersky]Trojan.Win32.Hatu;
[McAfee]Zendown;
[F-Prot]security risk or a "backdoor" program;
[Panda]Trj/IHateYou;
[Computer Associates]Win32.Hatu,Win95/ShutDown!Trojan

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Win32.Hatu:

An up-to-date copy of ExterminateIt should detect and prevent infection from Win32.Hatu.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Win32.Hatu manually.

To completely manually remove Win32.Hatu malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Win32.Hatu.

Use Task Manager to terminate the Win32.Hatu process.
Delete the original Win32.Hatu file and folders.
Delete the system registry key parameters
Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

ExterminateIt effectively and automatically removes Win32.Hatu from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Win32.Hatu!

Also Be Aware of the Following Threats:
Removing RServer Backdoor
Removing Bancos.HKU Trojan
Removing Error.Digger Ransomware
URLBlaze BHO Symptoms
Win32.Glu Trojan Cleaner

Killer Trojan

Killer malware description and removal detail
Categories:Trojan,RAT,Hacker Tool,DoS
Also known as:


[Kaspersky]Trojan.Win32.Killer;
[McAfee]Killer;
[F-Prot]destructive program;
[Panda]Trj/W32.Killer;
[Computer Associates]Win32.Killert,Win32/Killer!Trojan

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Killer:

An up-to-date copy of ExterminateIt should detect and prevent infection from Killer.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Killer manually.

To completely manually remove Killer malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Killer.

Use Task Manager to terminate the Killer process.
Delete the original Killer file and folders.
Delete the system registry key parameters
Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

ExterminateIt effectively and automatically removes Killer from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Killer!

Also Be Aware of the Following Threats:
WinNT.Exploit.WebDav Trojan Removal
Agent.ce Trojan Cleaner

NavExcel Adware

NavExcel malware description and removal detail
Categories:Adware,BHO,Hijacker,Toolbar
Also known as:


[Panda]Adware/NavHelper,Spyware/CommonName

Visible Symptoms:
Files in system folders:

 
[%PROFILE_TEMP%]\temp.fr????\NavHelper\v2.0.4b\NHelper.htm
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.2\NHelper.htm
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.4c\NHelper.htm
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.4c\NHUninstaller.exe
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.4c\NHUpdater.exe
[%SYSTEM%]\NaviHelper.dll
[%WINDOWS%]\nxstinst.exe
[%SYSTEM%]\nhelper.dll
[%WINDOWS%]\system\nhelper.dll
[%PROFILE_TEMP%]\temp.fr????\NavHelper\v2.0.4b\NHelper.htm
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.2\NHelper.htm
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.4c\NHelper.htm
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.4c\NHUninstaller.exe
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.4c\NHUpdater.exe
[%SYSTEM%]\NaviHelper.dll
[%WINDOWS%]\nxstinst.exe
[%SYSTEM%]\nhelper.dll
[%WINDOWS%]\system\nhelper.dll

In order to ensure that the NavExcel is launched automatically each time the system is booted, the NavExcel adds a link to its executable file in the system registry:
HKLM\Microsoft\Windows\CurrentVersion\Run [%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.4c\NHUninstaller.exe [%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.4c\NHUpdater.exe [%WINDOWS%]\nxstinst.exe

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

 
Detecting NavExcel:
  Files:  
[%PROFILE_TEMP%]\temp.fr????\NavHelper\v2.0.4b\NHelper.htm
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.2\NHelper.htm
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.4c\NHelper.htm
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.4c\NHUninstaller.exe
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.4c\NHUpdater.exe
[%SYSTEM%]\NaviHelper.dll
[%WINDOWS%]\nxstinst.exe
[%SYSTEM%]\nhelper.dll
[%WINDOWS%]\system\nhelper.dll
[%PROFILE_TEMP%]\temp.fr????\NavHelper\v2.0.4b\NHelper.htm
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.2\NHelper.htm
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.4c\NHelper.htm
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.4c\NHUninstaller.exe
[%PROGRAM_FILES%]\NavExcel\NavHelper\v2.0.4c\NHUpdater.exe
[%SYSTEM%]\NaviHelper.dll
[%WINDOWS%]\nxstinst.exe
[%SYSTEM%]\nhelper.dll
[%WINDOWS%]\system\nhelper.dll  
   Folders:  
[%PROGRAM_FILES%]\navexcel
[%PROGRAM_FILES%]\nh  
   Registry Keys:  
HKEY_CLASSES_ROOT\appid\nhelper.dll
HKEY_CLASSES_ROOT\clsid\{c1e58a84-95b3-4630-b8c2-d06b77b7a0fc}
HKEY_CLASSES_ROOT\navexcel.navhelper
HKEY_CLASSES_ROOT\navexcel.navhelper.1
HKEY_CLASSES_ROOT\typelib\{fa4de133-d3c3-4ed4-92d1-cd4dde839ab3}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{c1e58a84-95b3-4630-b8c2-d06b77b7a0fc}
HKEY_LOCAL_MACHINE\software\classes\clsid\{c1e58a84-95b3-4630-b8c2-d06b77b7a0fc}
HKEY_LOCAL_MACHINE\software\classes\interface\{20f36af3-3486-4bb6-8bcb-f1f8abe74d07}
HKEY_LOCAL_MACHINE\software\classes\typelib\{fa4de133-d3c3-4ed4-92d1-cd4dde839ab3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\navhelper
HKEY_LOCAL_MACHINE\software\navexcel
HKEY_CLASSES_ROOT\clsid\{b5ef836b-7582-4d82-9246-17f6c40ddf0f}
HKEY_CLASSES_ROOT\clsid\{c1e58a84-95b3-4630-b8c2-d06b77b7a0fc} appid {710bcb5b-8c6c-483e-a4f5-faf083b13184}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{c1e58a84-95b3-4630-b8c2-d06b77b7a0fc}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\navcab
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c1e58a84-95b3-4630-b8c2-d06b77b7a0fc}  
   Registry Values:  
HKEY_LOCAL_MACHINE\software\classes\appid\nhelper.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\classes\appid\nhelper.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/conflict.1/navinst2.ocx
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/conflict.1/navinst2.ocx
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/conflict.2/navinst2.ocx
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/conflict.2/navinst2.ocx
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/conflict.4/navinst2.ocx
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/conflict.4/navinst2.ocx
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/navinst2.ocx
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/navinst2.ocx
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls  
    
Removing NavExcel:
  An up-to-date copy of ExterminateIt  should detect and prevent infection from NavExcel.
    If you do not have ExterminateIt and you are worried that you may have infected computer,   you could run trial version of ExterminateIt,  or remove NavExcel manually.
  To completely manually remove NavExcel malware from your computer,  you need to delete the Windows registry keys and registry values, the files and folders  associated with NavExcel.
   Use Task Manager to terminate the NavExcel process.
   Delete the original NavExcel file and folders.
   Delete the system registry key parameters
   Update your antivirus databases or buy antivirus software  and perform a full scan of the computer.
  
    We recommends that all Internet users    back up any important information on their computers,    enable maximum protection from network attacks and malicious code on their computers,    refrain from executing suspicious programs received from untrustworthy sources.  
      ExterminateIt effectively and automatically removes NavExcel from you computer    and is a good solution for those who are seeking easy and effective protection for their computer    from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).  
      Download ExterminateIt!    to instantly get rid of NavExcel!  
Also Be Aware of the Following Threats:
Takit.Server Trojan Information
Removing Win32.Stealther Trojan
SH.Over Trojan Information
SillyOR Trojan Information





Posted by



Nilani Trent




at

10:54 AM



No comments:








TrojanDownloader.Win32.Mosw Trojan





TrojanDownloader.Win32.Mosw malware description and removal detail
Categories:Trojan,Downloader
Also known as:

[Panda]Trojan Horse  Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista
   
Removing TrojanDownloader.Win32.Mosw:
  An up-to-date copy of ExterminateIt  should detect and prevent infection from TrojanDownloader.Win32.Mosw.
    If you do not have ExterminateIt and you are worried that you may have infected computer,   you could run trial version of ExterminateIt,  or remove TrojanDownloader.Win32.Mosw manually.
  To completely manually remove TrojanDownloader.Win32.Mosw malware from your computer,  you need to delete the Windows registry keys and registry values, the files and folders  associated with TrojanDownloader.Win32.Mosw.
   Use Task Manager to terminate the TrojanDownloader.Win32.Mosw process.
   Delete the original TrojanDownloader.Win32.Mosw file and folders.
   Delete the system registry key parameters
   Update your antivirus databases or buy antivirus software  and perform a full scan of the computer.
  
    We recommends that all Internet users    back up any important information on their computers,    enable maximum protection from network attacks and malicious code on their computers,    refrain from executing suspicious programs received from untrustworthy sources.  
      ExterminateIt effectively and automatically removes TrojanDownloader.Win32.Mosw from you computer    and is a good solution for those who are seeking easy and effective protection for their computer    from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).  
      Download ExterminateIt!    to instantly get rid of TrojanDownloader.Win32.Mosw!  
Also Be Aware of the Following Threats:
Command.and.Control RAT Information
Pigeon.AQF Trojan Information
VBS.VBSWG.J@mm Trojan Removal
PWS.Kcom Trojan Removal





Posted by



Nilani Trent




at

8:36 AM



No comments:
  




























WordMacro.Dust Trojan





WordMacro.Dust malware description and removal detail
Categories:Trojan,Backdoor,Downloader,DoS
Also known as:

[Computer Associates]WordMacro/Dust.A  Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista
   
Removing WordMacro.Dust:
  An up-to-date copy of ExterminateIt  should detect and prevent infection from WordMacro.Dust.
    If you do not have ExterminateIt and you are worried that you may have infected computer,   you could run trial version of ExterminateIt,  or remove WordMacro.Dust manually.
  To completely manually remove WordMacro.Dust malware from your computer,  you need to delete the Windows registry keys and registry values, the files and folders  associated with WordMacro.Dust.
   Use Task Manager to terminate the WordMacro.Dust process.
   Delete the original WordMacro.Dust file and folders.
   Delete the system registry key parameters
   Update your antivirus databases or buy antivirus software  and perform a full scan of the computer.
  
    We recommends that all Internet users    back up any important information on their computers,    enable maximum protection from network attacks and malicious code on their computers,    refrain from executing suspicious programs received from untrustworthy sources.  
      ExterminateIt effectively and automatically removes WordMacro.Dust from you computer    and is a good solution for those who are seeking easy and effective protection for their computer    from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).  
      Download ExterminateIt!    to instantly get rid of WordMacro.Dust!  
Also Be Aware of the Following Threats:
Pigeon.AYT Trojan Symptoms
Agent.dm Downloader Information





Posted by



Nilani Trent




at

8:20 AM



No comments:
  




























SillyDl.CYU Trojan





SillyDl.CYU malware description and removal detail
Categories:Trojan  Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista
   
Removing SillyDl.CYU:
  An up-to-date copy of ExterminateIt  should detect and prevent infection from SillyDl.CYU.
    If you do not have ExterminateIt and you are worried that you may have infected computer,   you could run trial version of ExterminateIt,  or remove SillyDl.CYU manually.
  To completely manually remove SillyDl.CYU malware from your computer,  you need to delete the Windows registry keys and registry values, the files and folders  associated with SillyDl.CYU.
   Use Task Manager to terminate the SillyDl.CYU process.
   Delete the original SillyDl.CYU file and folders.
   Delete the system registry key parameters
   Update your antivirus databases or buy antivirus software  and perform a full scan of the computer.
  
    We recommends that all Internet users    back up any important information on their computers,    enable maximum protection from network attacks and malicious code on their computers,    refrain from executing suspicious programs received from untrustworthy sources.  
      ExterminateIt effectively and automatically removes SillyDl.CYU from you computer    and is a good solution for those who are seeking easy and effective protection for their computer    from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).  
      Download ExterminateIt!    to instantly get rid of SillyDl.CYU!  
Also Be Aware of the Following Threats:
Nuke.Knewk Trojan Removal instruction
Clear.Search Hijacker Information
Ehg.superwarehouse.hitbox Tracking Cookie Information





Posted by



Nilani Trent




at

8:04 AM



No comments:
  




























IETop100 BHO





IETop100 malware description and removal detail
Categories:BHO  Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista
   
Removing IETop100:
  An up-to-date copy of ExterminateIt  should detect and prevent infection from IETop100.
    If you do not have ExterminateIt and you are worried that you may have infected computer,   you could run trial version of ExterminateIt,  or remove IETop100 manually.
  To completely manually remove IETop100 malware from your computer,  you need to delete the Windows registry keys and registry values, the files and folders  associated with IETop100.
   Use Task Manager to terminate the IETop100 process.
   Delete the original IETop100 file and folders.
   Delete the system registry key parameters
   Update your antivirus databases or buy antivirus software  and perform a full scan of the computer.
  
    We recommends that all Internet users    back up any important information on their computers,    enable maximum protection from network attacks and malicious code on their computers,    refrain from executing suspicious programs received from untrustworthy sources.  
      ExterminateIt effectively and automatically removes IETop100 from you computer    and is a good solution for those who are seeking easy and effective protection for their computer    from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).  
      Download ExterminateIt!    to instantly get rid of IETop100!  
Also Be Aware of the Following Threats:
Remove Installhi Trojan
Removing Grepage Trojan
SubSeven.Gold RAT Cleaner





Posted by



Nilani Trent




at

7:37 AM



No comments:
  




























Bancos.GHU Trojan





Bancos.GHU malware description and removal detail
Categories:Trojan  Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista
   
Removing Bancos.GHU:
  An up-to-date copy of ExterminateIt  should detect and prevent infection from Bancos.GHU.
    If you do not have ExterminateIt and you are worried that you may have infected computer,   you could run trial version of ExterminateIt,  or remove Bancos.GHU manually.
  To completely manually remove Bancos.GHU malware from your computer,  you need to delete the Windows registry keys and registry values, the files and folders  associated with Bancos.GHU.
   Use Task Manager to terminate the Bancos.GHU process.
   Delete the original Bancos.GHU file and folders.
   Delete the system registry key parameters
   Update your antivirus databases or buy antivirus software  and perform a full scan of the computer.
  
    We recommends that all Internet users    back up any important information on their computers,    enable maximum protection from network attacks and malicious code on their computers,    refrain from executing suspicious programs received from untrustworthy sources.  
      ExterminateIt effectively and automatically removes Bancos.GHU from you computer    and is a good solution for those who are seeking easy and effective protection for their computer    from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).  
      Download ExterminateIt!    to instantly get rid of Bancos.GHU!  
Also Be Aware of the Following Threats:
Remove Pigeon.AZM Trojan
NFLFinder Trojan Information





Posted by



Nilani Trent




at

6:36 AM



No comments:
  




























Pigeon.AWK Trojan





Pigeon.AWK malware description and removal detail
Categories:Trojan  Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista
   
Removing Pigeon.AWK:
  An up-to-date copy of ExterminateIt  should detect and prevent infection from Pigeon.AWK.
    If you do not have ExterminateIt and you are worried that you may have infected computer,   you could run trial version of ExterminateIt,  or remove Pigeon.AWK manually.
  To completely manually remove Pigeon.AWK malware from your computer,  you need to delete the Windows registry keys and registry values, the files and folders  associated with Pigeon.AWK.
   Use Task Manager to terminate the Pigeon.AWK process.
   Delete the original Pigeon.AWK file and folders.
   Delete the system registry key parameters
   Update your antivirus databases or buy antivirus software  and perform a full scan of the computer.
  
    We recommends that all Internet users    back up any important information on their computers,    enable maximum protection from network attacks and malicious code on their computers,    refrain from executing suspicious programs received from untrustworthy sources.  
      ExterminateIt effectively and automatically removes Pigeon.AWK from you computer    and is a good solution for those who are seeking easy and effective protection for their computer    from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).  
      Download ExterminateIt!    to instantly get rid of Pigeon.AWK!  
Also Be Aware of the Following Threats:
Remove Du.Remote RAT





Posted by



Nilani Trent




at

4:40 AM



No comments:
  




























URLBlaze BHO





URLBlaze malware description and removal detail
Categories:BHO,Toolbar
Visible Symptoms: 
Files in system folders: 
[%WINDOWS%]\IEHelper.dll
[%SYSTEM%]\ubmon.dll
[%WINDOWS%]\system\ubmon.dll
[%WINDOWS%]\IEHelper.dll
[%SYSTEM%]\ubmon.dll
[%WINDOWS%]\system\ubmon.dll   Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista
 
Detecting URLBlaze:
  Files:  
[%WINDOWS%]\IEHelper.dll
[%SYSTEM%]\ubmon.dll
[%WINDOWS%]\system\ubmon.dll
[%WINDOWS%]\IEHelper.dll
[%SYSTEM%]\ubmon.dll
[%WINDOWS%]\system\ubmon.dll  
       
Removing URLBlaze:
  An up-to-date copy of ExterminateIt  should detect and prevent infection from URLBlaze.
    If you do not have ExterminateIt and you are worried that you may have infected computer,   you could run trial version of ExterminateIt,  or remove URLBlaze manually.
  To completely manually remove URLBlaze malware from your computer,  you need to delete the Windows registry keys and registry values, the files and folders  associated with URLBlaze.
   Use Task Manager to terminate the URLBlaze process.
   Delete the original URLBlaze file and folders.
   Delete the system registry key parameters
   Update your antivirus databases or buy antivirus software  and perform a full scan of the computer.
  
    We recommends that all Internet users    back up any important information on their computers,    enable maximum protection from network attacks and malicious code on their computers,    refrain from executing suspicious programs received from untrustworthy sources.  
      ExterminateIt effectively and automatically removes URLBlaze from you computer    and is a good solution for those who are seeking easy and effective protection for their computer    from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).  
      Download ExterminateIt!    to instantly get rid of URLBlaze!  
Also Be Aware of the Following Threats:
Remove VB.ls Trojan
Removing PWS.Antigen Trojan
Removing SVA Trojan





Posted by



Nilani Trent




at

3:19 AM



No comments:
  




























WinAntivirus Ransomware





WinAntivirus malware description and removal detail
Categories:Ransomware
Visible Symptoms: 
Files in system folders: 
[%COMMON_DESKTOPDIRECTORY%]\WinAntiVirus Pro 2006.lnk
[%COMMON_DESKTOPDIRECTORY%]\WinAntiVirus Pro 2007.lnk
[%PROGRAM_FILES%]\VirusBlaster\BlastIEmonitor.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\IEFWBHO.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\msvcp71.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\msvcr71.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\winpgi.dll
[%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2006\err.log
[%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2006\WapCHK.dll
[%SYSTEM%]\av.cpl
[%SYSTEM%]\drivers\FOPN.sys
[%SYSTEM%]\drivers\fsflt.sys
[%SYSTEM%]\drivers\vspf5.sys
[%SYSTEM%]\drivers\vspf_hk5.sys
[%SYSTEM%]\stera.exe
[%SYSTEM%]\stera.job
[%WINDOWS%]\Downloaded Program Files\UWA6PK_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PL_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PM_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PT_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PY_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N56M1011NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N68M2301NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N73M1004NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N822M1605NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N85M0307NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7PL_0001_N96M0806NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7PU_0001_N96M1007NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7PY_0001_N96M0206NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7P_0001_N99M2908NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6T_0001_N91M2208NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N68M2301NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N69M0703NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N69M0903NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N85M1306NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N91M1508NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS7_0001_N91M1112NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS7_0001_N99M3108NetInstaller.exe
[%COMMON_DESKTOPDIRECTORY%]\WinAntiVirus Pro 2006.lnk
[%COMMON_DESKTOPDIRECTORY%]\WinAntiVirus Pro 2007.lnk
[%PROGRAM_FILES%]\VirusBlaster\BlastIEmonitor.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\IEFWBHO.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\msvcp71.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\msvcr71.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\winpgi.dll
[%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2006\err.log
[%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2006\WapCHK.dll
[%SYSTEM%]\av.cpl
[%SYSTEM%]\drivers\FOPN.sys
[%SYSTEM%]\drivers\fsflt.sys
[%SYSTEM%]\drivers\vspf5.sys
[%SYSTEM%]\drivers\vspf_hk5.sys
[%SYSTEM%]\stera.exe
[%SYSTEM%]\stera.job
[%WINDOWS%]\Downloaded Program Files\UWA6PK_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PL_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PM_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PT_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PY_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N56M1011NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N68M2301NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N73M1004NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N822M1605NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N85M0307NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7PL_0001_N96M0806NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7PU_0001_N96M1007NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7PY_0001_N96M0206NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7P_0001_N99M2908NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6T_0001_N91M2208NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N68M2301NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N69M0703NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N69M0903NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N85M1306NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N91M1508NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS7_0001_N91M1112NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS7_0001_N99M3108NetInstaller.exe  In order to ensure that the WinAntivirus is launched automatically each time the system is booted, the WinAntivirus adds a link to its executable file in the system registry: 
HKLM\Microsoft\Windows\CurrentVersion\Run 
[%SYSTEM%]\stera.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PK_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PL_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PM_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PT_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PY_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N56M1011NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N68M2301NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N73M1004NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N822M1605NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N85M0307NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7PL_0001_N96M0806NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7PU_0001_N96M1007NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7PY_0001_N96M0206NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7P_0001_N99M2908NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6T_0001_N91M2208NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N68M2301NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N69M0703NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N69M0903NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N85M1306NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N91M1508NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS7_0001_N91M1112NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS7_0001_N99M3108NetInstaller.exe  
Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista
 
Detecting WinAntivirus:
  Files:  
[%COMMON_DESKTOPDIRECTORY%]\WinAntiVirus Pro 2006.lnk
[%COMMON_DESKTOPDIRECTORY%]\WinAntiVirus Pro 2007.lnk
[%PROGRAM_FILES%]\VirusBlaster\BlastIEmonitor.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\IEFWBHO.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\msvcp71.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\msvcr71.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\winpgi.dll
[%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2006\err.log
[%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2006\WapCHK.dll
[%SYSTEM%]\av.cpl
[%SYSTEM%]\drivers\FOPN.sys
[%SYSTEM%]\drivers\fsflt.sys
[%SYSTEM%]\drivers\vspf5.sys
[%SYSTEM%]\drivers\vspf_hk5.sys
[%SYSTEM%]\stera.exe
[%SYSTEM%]\stera.job
[%WINDOWS%]\Downloaded Program Files\UWA6PK_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PL_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PM_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PT_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PY_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N56M1011NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N68M2301NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N73M1004NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N822M1605NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N85M0307NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7PL_0001_N96M0806NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7PU_0001_N96M1007NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7PY_0001_N96M0206NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7P_0001_N99M2908NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6T_0001_N91M2208NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N68M2301NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N69M0703NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N69M0903NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N85M1306NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N91M1508NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS7_0001_N91M1112NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS7_0001_N99M3108NetInstaller.exe
[%COMMON_DESKTOPDIRECTORY%]\WinAntiVirus Pro 2006.lnk
[%COMMON_DESKTOPDIRECTORY%]\WinAntiVirus Pro 2007.lnk
[%PROGRAM_FILES%]\VirusBlaster\BlastIEmonitor.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\IEFWBHO.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\msvcp71.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\msvcr71.dll
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006\winpgi.dll
[%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2006\err.log
[%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2006\WapCHK.dll
[%SYSTEM%]\av.cpl
[%SYSTEM%]\drivers\FOPN.sys
[%SYSTEM%]\drivers\fsflt.sys
[%SYSTEM%]\drivers\vspf5.sys
[%SYSTEM%]\drivers\vspf_hk5.sys
[%SYSTEM%]\stera.exe
[%SYSTEM%]\stera.job
[%WINDOWS%]\Downloaded Program Files\UWA6PK_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PL_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PM_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PT_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6PY_0001_N91M2107NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N56M1011NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N68M2301NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N73M1004NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N822M1605NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N85M0307NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7PL_0001_N96M0806NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7PU_0001_N96M1007NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7PY_0001_N96M0206NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWA7P_0001_N99M2908NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6T_0001_N91M2208NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N68M2301NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N69M0703NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N69M0903NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N85M1306NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS6_0001_N91M1508NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS7_0001_N91M1112NetInstaller.exe
[%WINDOWS%]\Downloaded Program Files\UWAS7_0001_N99M3108NetInstaller.exe  
   Folders:  
[%APPDATA%]\WinAntiVirus Pro 2006
[%APPDATA%]\WinAntiVirus Pro 2006(2)
[%APPDATA%]\WinAntiVirus Pro 2007
[%APPDATA%]\WinAntiVirus Pro 2007(2)
[%APPDATA%]\WinAntiVirus Pro 2007(3)
[%COMMON_APPDATA%]\WinAntiVirus Corp
[%COMMON_APPDATA%]\WinAntiVirus Pro 2006
[%COMMON_APPDATA%]\WinAntiVirus Pro 2007
[%COMMON_PROGRAMS%]\WinAntiVirus 2005 Pro
[%COMMON_PROGRAMS%]\WinAntiVirus Pro 2006
[%COMMON_PROGRAMS%]\WinAntiVirus Pro 2007
[%PROFILE_TEMP%]\NI.UWA6PM_0001_N73M1004
[%PROFILE_TEMP%]\NI.UWA6PM_0001_N91M2107
[%PROFILE_TEMP%]\NI.UWA6PS_0001_N91M2107
[%PROFILE_TEMP%]\NI.UWA6PV_0001_N76M1904
[%PROFILE_TEMP%]\NI.UWA6PV_0001_N91M2107
[%PROFILE_TEMP%]\NI.UWA6PY_0001_N91M2107
[%PROFILE_TEMP%]\NI.UWA6PZ_0001_N91M2507
[%PROFILE_TEMP%]\NI.UWA6P_0001_N69M0303
[%PROFILE_TEMP%]\NI.UWA6P_0001_N69M0304
[%PROFILE_TEMP%]\NI.UWA6P_0001_N73M1004
[%PROFILE_TEMP%]\NI.UWA6P_0001_N822M1605
[%PROFILE_TEMP%]\NI.UWA6P_0001_N85M0307
[%PROFILE_TEMP%]\NI.UWA6P_0001_N91M1807
[%PROFILE_TEMP%]\NI.UWA7PM_0001_N96M0806
[%PROFILE_TEMP%]\NI.UWA7P_0001_N91M0809
[%PROFILE_TEMP%]\NI.UWA7P_0001_N99M2908
[%PROGRAMS%]\WinAntiVirus Pro 2006
[%PROGRAMS%]\WinAntiVirus Pro 2007
[%PROGRAM_FILES%]\WinAntiVirus 2005
[%PROGRAM_FILES%]\WinAntiVirus 2005 Pro
[%PROGRAM_FILES%]\WinAntiVirus Pro 2006
[%PROGRAM_FILES%]\WinAntiVirus Pro 2007
[%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2006
[%PROGRAM_FILES_COMMON%]\WinAntiVirus Pro 2007  
   Registry Keys:  
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ShellExtension
HKEY_CLASSES_ROOT\AntiVirusCOM.AVOfficeProtect
HKEY_CLASSES_ROOT\AntiVirusCOM.AVOfficeProtect.1
HKEY_CLASSES_ROOT\AntiVirusCOM.AVProtectOffice
HKEY_CLASSES_ROOT\AntiVirusCOM.AVProtectOffice.1
HKEY_CLASSES_ROOT\AppID\winavpgi.dll
HKEY_CLASSES_ROOT\AppID\WinPGI.DLL
HKEY_CLASSES_ROOT\AppID\{367A86A5-D048-4785-86BE-4E2706AAFDD9}
HKEY_CLASSES_ROOT\AppID\{6F4186D7-72A2-4bfa-9C94-601019E4D58E}
HKEY_CLASSES_ROOT\AVExplorer.ShellExtension
HKEY_CLASSES_ROOT\AVExplorer.ShellExtension.2
HKEY_CLASSES_ROOT\CDSpaceIcon1\shellex\ContextMenuHandlers\ShellExtension
HKEY_CLASSES_ROOT\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E}
HKEY_CLASSES_ROOT\CLSID\{1F6FE2C2-6040-4645-9053-7F689AFFE176}
HKEY_CLASSES_ROOT\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}
HKEY_CLASSES_ROOT\CLSID\{22750ADC-C90F-43c4-9B72-0F9E60CB5119}
HKEY_CLASSES_ROOT\CLSID\{2A5C2E6D-864B-4f2c-9542-8B272741D78B}
HKEY_CLASSES_ROOT\CLSID\{31800C9A-9CC0-4816-B4C0-2C3B8F364CF7}
HKEY_CLASSES_ROOT\CLSID\{67121D62-2C97-4ef0-83EA-2DC643D50B01}
HKEY_CLASSES_ROOT\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D}
HKEY_CLASSES_ROOT\CLSID\{8B46110A-E24E-474f-8078-375048BE17F7}
HKEY_CLASSES_ROOT\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}
HKEY_CLASSES_ROOT\CLSID\{B5141620-C2B2-4d95-9F0F-134D99C87AB0}
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\ShellExtension
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\ShellExtension
HKEY_CLASSES_ROOT\FWBHO.FW
HKEY_CLASSES_ROOT\FWBHO.FW.2
HKEY_CLASSES_ROOT\IEFWBHO.IEFW
HKEY_CLASSES_ROOT\IEFWBHO.IEFW.2
HKEY_CLASSES_ROOT\Interface\{0B9A27EB-125F-4F3E-A35C-2769C47A1442}
HKEY_CLASSES_ROOT\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749}
HKEY_CLASSES_ROOT\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}
HKEY_CLASSES_ROOT\Interface\{F5AC4887-3651-4C2A-B188-8D5300766C93}
HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}
HKEY_CLASSES_ROOT\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276}
HKEY_CLASSES_ROOT\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}
HKEY_CLASSES_ROOT\TypeLib\{3C490009-145D-4A7F-8ABB-2011AC84DE3F}
HKEY_CLASSES_ROOT\TypeLib\{440D18AB-D2D9-4EC0-B807-DEF1CAA4DC33}
HKEY_CLASSES_ROOT\TypeLib\{6F4186D7-72A2-4BFA-9C94-601019E4D58E}
HKEY_CLASSES_ROOT\TypeLib\{6F520BE0-9B54-4558-816F-224E67997DF3}
HKEY_CLASSES_ROOT\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}
HKEY_CLASSES_ROOT\UWAP7.PCheck.1
HKEY_CLASSES_ROOT\WAP6.PCheck
HKEY_CLASSES_ROOT\WAP6.PCheck.1
HKEY_CLASSES_ROOT\WAV6COM.AVOfficeProtect
HKEY_CLASSES_ROOT\WAV6COM.AVOfficeProtect.1
HKEY_CLASSES_ROOT\WAVExplorer.ShellExtension
HKEY_CLASSES_ROOT\WAVExplorer.ShellExtension.2
HKEY_CLASSES_ROOT\WinPGIntegrator.IEIntegrator
HKEY_CLASSES_ROOT\WinPGIntegrator.IEIntegrator.1
HKEY_CLASSES_ROOT\WinPopupGuardIntegrator.IEIntegrator
HKEY_CLASSES_ROOT\WinPopupGuardIntegrator.IEIntegrator.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\WinAntiVirus 2005 Pro
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\WinAntiVirus Pro 2006
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\WinAntiVirus Pro 2007
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\billingnow.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download.cdn.winsoftware.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download.systemdoctor.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\go.systemdoctor.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\reliablestats.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ulog.systemdoctor.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantispyware.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantiviruspro.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winfixer.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winnanny.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winsoftware.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.amaena.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.systemdoctor.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.winantivirus.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.winantiviruspro.com
HKEY_CURRENT_USER\SOFTWARE\WinAntiVirus 2005
HKEY_CURRENT_USER\SOFTWARE\WinAntiVirus 2005 Pro
HKEY_CURRENT_USER\SOFTWARE\WinAntiVirus 2006 Pro
HKEY_CURRENT_USER\SOFTWARE\WinAntiVirus Corp
HKEY_CURRENT_USER\SOFTWARE\WinAntiVirus Pro 2006
HKEY_CURRENT_USER\SOFTWARE\WinAntiVirus Pro 2007
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F6FE2C2-6040-4645-9053-7F689AFFE176}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA7P_is1
HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiVirus Corp
HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiVirus Pro 2006
HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiVirus Pro 2007
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FSFLT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NTTF
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fsflt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtTf
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VxD\VSPF_HK  
   Registry Values:  
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ShellExtension
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ShellExtension
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\ShellExtension
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\ShellExtension
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\ShellExtension
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\ShellExtension
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (Disabled by Starter)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunBackup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fsflt  
    
Removing WinAntivirus:
  An up-to-date copy of ExterminateIt  should detect and prevent infection from WinAntivirus.
    If you do not have ExterminateIt and you are worried that you may have infected computer,   you could run trial version of ExterminateIt,  or remove WinAntivirus manually.
  To completely manually remove WinAntivirus malware from your computer,  you need to delete the Windows registry keys and registry values, the files and folders  associated with WinAntivirus.
   Use Task Manager to terminate the WinAntivirus process.
   Delete the original WinAntivirus file and folders.
   Delete the system registry key parameters
   Update your antivirus databases or buy antivirus software  and perform a full scan of the computer.
  
    We recommends that all Internet users    back up any important information on their computers,    enable maximum protection from network attacks and malicious code on their computers,    refrain from executing suspicious programs received from untrustworthy sources.  
      ExterminateIt effectively and automatically removes WinAntivirus from you computer    and is a good solution for those who are seeking easy and effective protection for their computer    from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).  
      Download ExterminateIt!    to instantly get rid of WinAntivirus!  
Also Be Aware of the Following Threats:
TrojanDownloader.Swizzor.de Downloader Removal instruction
Mimail Trojan Cleaner





Posted by



Nilani Trent




at

1:19 AM



No comments:
  




























Trojan.Scanner Trojan





Trojan.Scanner malware description and removal detail
Categories:Trojan  Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista
   
Removing Trojan.Scanner:
  An up-to-date copy of ExterminateIt  should detect and prevent infection from Trojan.Scanner.
    If you do not have ExterminateIt and you are worried that you may have infected computer,   you could run trial version of ExterminateIt,  or remove Trojan.Scanner manually.
  To completely manually remove Trojan.Scanner malware from your computer,  you need to delete the Windows registry keys and registry values, the files and folders  associated with Trojan.Scanner.
   Use Task Manager to terminate the Trojan.Scanner process.
   Delete the original Trojan.Scanner file and folders.
   Delete the system registry key parameters
   Update your antivirus databases or buy antivirus software  and perform a full scan of the computer.
  
    We recommends that all Internet users    back up any important information on their computers,    enable maximum protection from network attacks and malicious code on their computers,    refrain from executing suspicious programs received from untrustworthy sources.  
      ExterminateIt effectively and automatically removes Trojan.Scanner from you computer    and is a good solution for those who are seeking easy and effective protection for their computer    from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).  
      Download ExterminateIt!    to instantly get rid of Trojan.Scanner!  
Also Be Aware of the Following Threats:
Win32.DelFiles Trojan Cleaner
Remove Spyware.Nuker Trojan





Posted by



Nilani Trent




at

12:39 AM



No comments:
  




























Bancos.GKH Trojan





Bancos.GKH malware description and removal detail
Categories:Trojan  Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista
   
Removing Bancos.GKH:
  An up-to-date copy of ExterminateIt  should detect and prevent infection from Bancos.GKH.
    If you do not have ExterminateIt and you are worried that you may have infected computer,   you could run trial version of ExterminateIt,  or remove Bancos.GKH manually.
  To completely manually remove Bancos.GKH malware from your computer,  you need to delete the Windows registry keys and registry values, the files and folders  associated with Bancos.GKH.
   Use Task Manager to terminate the Bancos.GKH process.
   Delete the original Bancos.GKH file and folders.
   Delete the system registry key parameters
   Update your antivirus databases or buy antivirus software  and perform a full scan of the computer.
  
    We recommends that all Internet users    back up any important information on their computers,    enable maximum protection from network attacks and malicious code on their computers,    refrain from executing suspicious programs received from untrustworthy sources.  
      ExterminateIt effectively and automatically removes Bancos.GKH from you computer    and is a good solution for those who are seeking easy and effective protection for their computer    from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).  
      Download ExterminateIt!    to instantly get rid of Bancos.GKH!  
Also Be Aware of the Following Threats:
Pass.Stealer.VB Trojan Removal instruction
Removing Motlv Backdoor
Scoati Trojan Information





Posted by



Nilani Trent




at

12:20 AM



No comments:




Newer Posts


Older Posts

Home




Subscribe to:
Posts (Atom)

Monday, December 15, 2008

Removing Homer.worm:

Removing Ebcav:

Removing Hifold:

Removing SECTHOUGHT:

Detecting Agobot:

Removing Agobot:

Detecting Delemon:

Removing Delemon:

Removing TrojanDownloader.Win32.Delf.ac:

Detecting DlQQHelp:

Removing DlQQHelp:

Removing Pigeon.DZA:

Removing Vxidl.AVS:

Removing DOS7:

Removing Win32.Hatu:

Removing Killer:

Detecting NavExcel:

Removing NavExcel:

Removing TrojanDownloader.Win32.Mosw:

Removing WordMacro.Dust:

Removing SillyDl.CYU:

Removing IETop100:

Removing Bancos.GHU:

Removing Pigeon.AWK:

Detecting URLBlaze:

Removing URLBlaze:

Detecting WinAntivirus:

Removing WinAntivirus:

Removing Trojan.Scanner:

Removing Bancos.GKH:

Blog Archive

About Me