Sunday, December 21, 2008

Kiev.Boot Trojan

Kiev.Boot malware description and removal detail
Categories:Trojan,Backdoor,Downloader,DoS
Also known as:

[Kaspersky]Kiev.2048;
[Panda]Kiev.2048.BooT

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Kiev.Boot:

An up-to-date copy of ExterminateIt should detect and prevent infection from Kiev.Boot.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Kiev.Boot manually.

To completely manually remove Kiev.Boot malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Kiev.Boot.

  1. Use Task Manager to terminate the Kiev.Boot process.
  2. Delete the original Kiev.Boot file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Kiev.Boot from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Kiev.Boot!


Also Be Aware of the Following Threats:
Removing Win32ASM.Remote.Shell Backdoor
Remove LiveProtection Ransomware
Pigeon.AVOM Trojan Cleaner

EffectiveBar Adware

EffectiveBar malware description and removal detail
Categories:Adware,BHO

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Detecting EffectiveBar:

Folders:
[%PROGRAM_FILES%]\EngageSidebar

Removing EffectiveBar:

An up-to-date copy of ExterminateIt should detect and prevent infection from EffectiveBar.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove EffectiveBar manually.

To completely manually remove EffectiveBar malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with EffectiveBar.

  1. Use Task Manager to terminate the EffectiveBar process.
  2. Delete the original EffectiveBar file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes EffectiveBar from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of EffectiveBar!


Also Be Aware of the Following Threats:
IE Defender Ransomware Cleaner

SpywareQuake Trojan

SpywareQuake malware description and removal detail
Categories:Trojan,Adware,Ransomware
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\sa1.exe
[%PROFILE_TEMP%]\sa11.exe
[%PROFILE_TEMP%]\sa13.exe
[%PROFILE_TEMP%]\sa2.exe
[%PROFILE_TEMP%]\sa21.exe
[%PROFILE_TEMP%]\sa245.exe
[%PROFILE_TEMP%]\sa24A.exe
[%PROFILE_TEMP%]\sa24C.exe
[%PROFILE_TEMP%]\sa24E.exe
[%PROFILE_TEMP%]\sa253.exe
[%PROFILE_TEMP%]\sa27.exe
[%PROFILE_TEMP%]\sa28.exe
[%PROFILE_TEMP%]\sa293.exe
[%PROFILE_TEMP%]\sa2C.exe
[%PROFILE_TEMP%]\sa3.exe
[%PROFILE_TEMP%]\sa31.exe
[%PROFILE_TEMP%]\sa3A.exe
[%PROFILE_TEMP%]\sa4.exe
[%PROFILE_TEMP%]\sa40.exe
[%PROFILE_TEMP%]\sa46.exe
[%PROFILE_TEMP%]\sa50.exe
[%PROFILE_TEMP%]\sa6.exe
[%PROFILE_TEMP%]\sa7C.exe
[%PROFILE_TEMP%]\saA.exe
[%PROFILE_TEMP%]\saB.exe
[%PROFILE_TEMP%]\saC.exe
[%PROFILE_TEMP%]\SQLanguage.ini
[%PROFILE_TEMP%]\temp.fr????
[%PROFILE_TEMP%]\temp.fr????\SpywareQuake.url
[%PROFILE_TEMP%]\temp.fr????\uninst.exe
[%STARTMENU%]\SpywareQuake.com 2.1.lnk
[%SYSTEM%]\dfrgsrv.exe
[%SYSTEM%]\viruxz.dll
[%WINDOWS%]\Temp\SQLanguage.ini
[%PROGRAM_FILES%]\SpyQuake2.com\blacklist.txt
[%PROGRAM_FILES%]\SpyQuake2.com\ignored.lst
[%PROGRAM_FILES%]\SpyQuake2.com\msvcp71.dll
[%PROGRAM_FILES%]\SpyQuake2.com\msvcr71.dll
[%PROGRAM_FILES%]\SpyQuake2.com\ref.dat
[%PROGRAM_FILES%]\SpyQuake2.com\Spy-Quake2.exe
[%PROGRAM_FILES%]\SpyQuake2.com\SpyQuake2.com.url
[%PROGRAM_FILES%]\SpyQuake2.com\sq.ini
[%PROGRAM_FILES%]\SpyQuake2.com\uninst.exe
[%PROGRAM_FILES%]\SpywareQuake\blacklist.txt
[%PROGRAM_FILES%]\SpywareQuake\msvcp71.dll
[%PROGRAM_FILES%]\SpywareQuake\msvcr71.dll
[%PROGRAM_FILES%]\SpywareQuake\ref.dat
[%PROGRAM_FILES%]\SpywareQuake\SpywareQuake.exe
[%PROGRAM_FILES%]\SpywareQuake\SpywareQuake.url
[%PROGRAM_FILES%]\SpywareQuake\uninst.exe
[%STARTMENU%]\SpyQuake2.com 2.3.lnk
[%STARTMENU%]\SpywareQuake 2.0.lnk
[%SYSTEM%]\1024\ld4BC3.tmp.{693c6e81-eef2-4844-a8d3-08bad6f7ae0c}.QQQ
[%SYSTEM%]\1024\{ALL_FILES}}
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpywareQuake 2.0.lnk
[%DESKTOP%]\dfrgsrv.exe
[%DESKTOP%]\SpyQuake2.com.lnk
[%DESKTOP%]\SpywareQuake.com.lnk
[%DESKTOP%]\spywarequake.lnk
[%DESKTOP%]\spywarequakeinstaller.exe
[%STARTMENU%]\spywarequake 2.0.lnk
[%SYSTEM%]\guxxa.dll
[%SYSTEM%]\mssearchnet.exe
[%SYSTEM%]\stickrep.dll
[%WINDOWS%]\Temp\sa47.exe
[%PROFILE_TEMP%]\sa1.exe
[%PROFILE_TEMP%]\sa11.exe
[%PROFILE_TEMP%]\sa13.exe
[%PROFILE_TEMP%]\sa2.exe
[%PROFILE_TEMP%]\sa21.exe
[%PROFILE_TEMP%]\sa245.exe
[%PROFILE_TEMP%]\sa24A.exe
[%PROFILE_TEMP%]\sa24C.exe
[%PROFILE_TEMP%]\sa24E.exe
[%PROFILE_TEMP%]\sa253.exe
[%PROFILE_TEMP%]\sa27.exe
[%PROFILE_TEMP%]\sa28.exe
[%PROFILE_TEMP%]\sa293.exe
[%PROFILE_TEMP%]\sa2C.exe
[%PROFILE_TEMP%]\sa3.exe
[%PROFILE_TEMP%]\sa31.exe
[%PROFILE_TEMP%]\sa3A.exe
[%PROFILE_TEMP%]\sa4.exe
[%PROFILE_TEMP%]\sa40.exe
[%PROFILE_TEMP%]\sa46.exe
[%PROFILE_TEMP%]\sa50.exe
[%PROFILE_TEMP%]\sa6.exe
[%PROFILE_TEMP%]\sa7C.exe
[%PROFILE_TEMP%]\saA.exe
[%PROFILE_TEMP%]\saB.exe
[%PROFILE_TEMP%]\saC.exe
[%PROFILE_TEMP%]\SQLanguage.ini
[%PROFILE_TEMP%]\temp.fr????
[%PROFILE_TEMP%]\temp.fr????\SpywareQuake.url
[%PROFILE_TEMP%]\temp.fr????\uninst.exe
[%STARTMENU%]\SpywareQuake.com 2.1.lnk
[%SYSTEM%]\dfrgsrv.exe
[%SYSTEM%]\viruxz.dll
[%WINDOWS%]\Temp\SQLanguage.ini
[%PROGRAM_FILES%]\SpyQuake2.com\blacklist.txt
[%PROGRAM_FILES%]\SpyQuake2.com\ignored.lst
[%PROGRAM_FILES%]\SpyQuake2.com\msvcp71.dll
[%PROGRAM_FILES%]\SpyQuake2.com\msvcr71.dll
[%PROGRAM_FILES%]\SpyQuake2.com\ref.dat
[%PROGRAM_FILES%]\SpyQuake2.com\Spy-Quake2.exe
[%PROGRAM_FILES%]\SpyQuake2.com\SpyQuake2.com.url
[%PROGRAM_FILES%]\SpyQuake2.com\sq.ini
[%PROGRAM_FILES%]\SpyQuake2.com\uninst.exe
[%PROGRAM_FILES%]\SpywareQuake\blacklist.txt
[%PROGRAM_FILES%]\SpywareQuake\msvcp71.dll
[%PROGRAM_FILES%]\SpywareQuake\msvcr71.dll
[%PROGRAM_FILES%]\SpywareQuake\ref.dat
[%PROGRAM_FILES%]\SpywareQuake\SpywareQuake.exe
[%PROGRAM_FILES%]\SpywareQuake\SpywareQuake.url
[%PROGRAM_FILES%]\SpywareQuake\uninst.exe
[%STARTMENU%]\SpyQuake2.com 2.3.lnk
[%STARTMENU%]\SpywareQuake 2.0.lnk
[%SYSTEM%]\1024\ld4BC3.tmp.{693c6e81-eef2-4844-a8d3-08bad6f7ae0c}.QQQ
[%SYSTEM%]\1024\{ALL_FILES}}
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpywareQuake 2.0.lnk
[%DESKTOP%]\dfrgsrv.exe
[%DESKTOP%]\SpyQuake2.com.lnk
[%DESKTOP%]\SpywareQuake.com.lnk
[%DESKTOP%]\spywarequake.lnk
[%DESKTOP%]\spywarequakeinstaller.exe
[%STARTMENU%]\spywarequake 2.0.lnk
[%SYSTEM%]\guxxa.dll
[%SYSTEM%]\mssearchnet.exe
[%SYSTEM%]\stickrep.dll
[%WINDOWS%]\Temp\sa47.exe

In order to ensure that the SpywareQuake is launched automatically each time the system is booted, the SpywareQuake adds a link to its executable file in the system registry:
HKLM\Microsoft\Windows\CurrentVersion\Run
[%PROFILE_TEMP%]\sa1.exe
[%PROFILE_TEMP%]\sa11.exe
[%PROFILE_TEMP%]\sa13.exe
[%PROFILE_TEMP%]\sa2.exe
[%PROFILE_TEMP%]\sa21.exe
[%PROFILE_TEMP%]\sa245.exe
[%PROFILE_TEMP%]\sa24A.exe
[%PROFILE_TEMP%]\sa24C.exe
[%PROFILE_TEMP%]\sa24E.exe
[%PROFILE_TEMP%]\sa253.exe
[%PROFILE_TEMP%]\sa27.exe
[%PROFILE_TEMP%]\sa28.exe
[%PROFILE_TEMP%]\sa293.exe
[%PROFILE_TEMP%]\sa2C.exe
[%PROFILE_TEMP%]\sa3.exe
[%PROFILE_TEMP%]\sa31.exe
[%PROFILE_TEMP%]\sa3A.exe
[%PROFILE_TEMP%]\sa4.exe
[%PROFILE_TEMP%]\sa40.exe
[%PROFILE_TEMP%]\sa46.exe
[%PROFILE_TEMP%]\sa50.exe
[%PROFILE_TEMP%]\sa6.exe
[%PROFILE_TEMP%]\sa7C.exe
[%PROFILE_TEMP%]\saA.exe
[%PROFILE_TEMP%]\saB.exe
[%PROFILE_TEMP%]\saC.exe
[%PROFILE_TEMP%]\temp.fr????\uninst.exe
[%SYSTEM%]\dfrgsrv.exe
[%PROGRAM_FILES%]\SpyQuake2.com\Spy-Quake2.exe
[%PROGRAM_FILES%]\SpyQuake2.com\uninst.exe
[%PROGRAM_FILES%]\SpywareQuake\SpywareQuake.exe
[%PROGRAM_FILES%]\SpywareQuake\uninst.exe
[%DESKTOP%]\dfrgsrv.exe
[%DESKTOP%]\spywarequakeinstaller.exe
[%SYSTEM%]\mssearchnet.exe
[%WINDOWS%]\Temp\sa47.exe

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Detecting SpywareQuake:

Files:
[%PROFILE_TEMP%]\sa1.exe
[%PROFILE_TEMP%]\sa11.exe
[%PROFILE_TEMP%]\sa13.exe
[%PROFILE_TEMP%]\sa2.exe
[%PROFILE_TEMP%]\sa21.exe
[%PROFILE_TEMP%]\sa245.exe
[%PROFILE_TEMP%]\sa24A.exe
[%PROFILE_TEMP%]\sa24C.exe
[%PROFILE_TEMP%]\sa24E.exe
[%PROFILE_TEMP%]\sa253.exe
[%PROFILE_TEMP%]\sa27.exe
[%PROFILE_TEMP%]\sa28.exe
[%PROFILE_TEMP%]\sa293.exe
[%PROFILE_TEMP%]\sa2C.exe
[%PROFILE_TEMP%]\sa3.exe
[%PROFILE_TEMP%]\sa31.exe
[%PROFILE_TEMP%]\sa3A.exe
[%PROFILE_TEMP%]\sa4.exe
[%PROFILE_TEMP%]\sa40.exe
[%PROFILE_TEMP%]\sa46.exe
[%PROFILE_TEMP%]\sa50.exe
[%PROFILE_TEMP%]\sa6.exe
[%PROFILE_TEMP%]\sa7C.exe
[%PROFILE_TEMP%]\saA.exe
[%PROFILE_TEMP%]\saB.exe
[%PROFILE_TEMP%]\saC.exe
[%PROFILE_TEMP%]\SQLanguage.ini
[%PROFILE_TEMP%]\temp.fr????
[%PROFILE_TEMP%]\temp.fr????\SpywareQuake.url
[%PROFILE_TEMP%]\temp.fr????\uninst.exe
[%STARTMENU%]\SpywareQuake.com 2.1.lnk
[%SYSTEM%]\dfrgsrv.exe
[%SYSTEM%]\viruxz.dll
[%WINDOWS%]\Temp\SQLanguage.ini
[%PROGRAM_FILES%]\SpyQuake2.com\blacklist.txt
[%PROGRAM_FILES%]\SpyQuake2.com\ignored.lst
[%PROGRAM_FILES%]\SpyQuake2.com\msvcp71.dll
[%PROGRAM_FILES%]\SpyQuake2.com\msvcr71.dll
[%PROGRAM_FILES%]\SpyQuake2.com\ref.dat
[%PROGRAM_FILES%]\SpyQuake2.com\Spy-Quake2.exe
[%PROGRAM_FILES%]\SpyQuake2.com\SpyQuake2.com.url
[%PROGRAM_FILES%]\SpyQuake2.com\sq.ini
[%PROGRAM_FILES%]\SpyQuake2.com\uninst.exe
[%PROGRAM_FILES%]\SpywareQuake\blacklist.txt
[%PROGRAM_FILES%]\SpywareQuake\msvcp71.dll
[%PROGRAM_FILES%]\SpywareQuake\msvcr71.dll
[%PROGRAM_FILES%]\SpywareQuake\ref.dat
[%PROGRAM_FILES%]\SpywareQuake\SpywareQuake.exe
[%PROGRAM_FILES%]\SpywareQuake\SpywareQuake.url
[%PROGRAM_FILES%]\SpywareQuake\uninst.exe
[%STARTMENU%]\SpyQuake2.com 2.3.lnk
[%STARTMENU%]\SpywareQuake 2.0.lnk
[%SYSTEM%]\1024\ld4BC3.tmp.{693c6e81-eef2-4844-a8d3-08bad6f7ae0c}.QQQ
[%SYSTEM%]\1024\{ALL_FILES}}
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpywareQuake 2.0.lnk
[%DESKTOP%]\dfrgsrv.exe
[%DESKTOP%]\SpyQuake2.com.lnk
[%DESKTOP%]\SpywareQuake.com.lnk
[%DESKTOP%]\spywarequake.lnk
[%DESKTOP%]\spywarequakeinstaller.exe
[%STARTMENU%]\spywarequake 2.0.lnk
[%SYSTEM%]\guxxa.dll
[%SYSTEM%]\mssearchnet.exe
[%SYSTEM%]\stickrep.dll
[%WINDOWS%]\Temp\sa47.exe
[%PROFILE_TEMP%]\sa1.exe
[%PROFILE_TEMP%]\sa11.exe
[%PROFILE_TEMP%]\sa13.exe
[%PROFILE_TEMP%]\sa2.exe
[%PROFILE_TEMP%]\sa21.exe
[%PROFILE_TEMP%]\sa245.exe
[%PROFILE_TEMP%]\sa24A.exe
[%PROFILE_TEMP%]\sa24C.exe
[%PROFILE_TEMP%]\sa24E.exe
[%PROFILE_TEMP%]\sa253.exe
[%PROFILE_TEMP%]\sa27.exe
[%PROFILE_TEMP%]\sa28.exe
[%PROFILE_TEMP%]\sa293.exe
[%PROFILE_TEMP%]\sa2C.exe
[%PROFILE_TEMP%]\sa3.exe
[%PROFILE_TEMP%]\sa31.exe
[%PROFILE_TEMP%]\sa3A.exe
[%PROFILE_TEMP%]\sa4.exe
[%PROFILE_TEMP%]\sa40.exe
[%PROFILE_TEMP%]\sa46.exe
[%PROFILE_TEMP%]\sa50.exe
[%PROFILE_TEMP%]\sa6.exe
[%PROFILE_TEMP%]\sa7C.exe
[%PROFILE_TEMP%]\saA.exe
[%PROFILE_TEMP%]\saB.exe
[%PROFILE_TEMP%]\saC.exe
[%PROFILE_TEMP%]\SQLanguage.ini
[%PROFILE_TEMP%]\temp.fr????
[%PROFILE_TEMP%]\temp.fr????\SpywareQuake.url
[%PROFILE_TEMP%]\temp.fr????\uninst.exe
[%STARTMENU%]\SpywareQuake.com 2.1.lnk
[%SYSTEM%]\dfrgsrv.exe
[%SYSTEM%]\viruxz.dll
[%WINDOWS%]\Temp\SQLanguage.ini
[%PROGRAM_FILES%]\SpyQuake2.com\blacklist.txt
[%PROGRAM_FILES%]\SpyQuake2.com\ignored.lst
[%PROGRAM_FILES%]\SpyQuake2.com\msvcp71.dll
[%PROGRAM_FILES%]\SpyQuake2.com\msvcr71.dll
[%PROGRAM_FILES%]\SpyQuake2.com\ref.dat
[%PROGRAM_FILES%]\SpyQuake2.com\Spy-Quake2.exe
[%PROGRAM_FILES%]\SpyQuake2.com\SpyQuake2.com.url
[%PROGRAM_FILES%]\SpyQuake2.com\sq.ini
[%PROGRAM_FILES%]\SpyQuake2.com\uninst.exe
[%PROGRAM_FILES%]\SpywareQuake\blacklist.txt
[%PROGRAM_FILES%]\SpywareQuake\msvcp71.dll
[%PROGRAM_FILES%]\SpywareQuake\msvcr71.dll
[%PROGRAM_FILES%]\SpywareQuake\ref.dat
[%PROGRAM_FILES%]\SpywareQuake\SpywareQuake.exe
[%PROGRAM_FILES%]\SpywareQuake\SpywareQuake.url
[%PROGRAM_FILES%]\SpywareQuake\uninst.exe
[%STARTMENU%]\SpyQuake2.com 2.3.lnk
[%STARTMENU%]\SpywareQuake 2.0.lnk
[%SYSTEM%]\1024\ld4BC3.tmp.{693c6e81-eef2-4844-a8d3-08bad6f7ae0c}.QQQ
[%SYSTEM%]\1024\{ALL_FILES}}
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpywareQuake 2.0.lnk
[%DESKTOP%]\dfrgsrv.exe
[%DESKTOP%]\SpyQuake2.com.lnk
[%DESKTOP%]\SpywareQuake.com.lnk
[%DESKTOP%]\spywarequake.lnk
[%DESKTOP%]\spywarequakeinstaller.exe
[%STARTMENU%]\spywarequake 2.0.lnk
[%SYSTEM%]\guxxa.dll
[%SYSTEM%]\mssearchnet.exe
[%SYSTEM%]\stickrep.dll
[%WINDOWS%]\Temp\sa47.exe

Folders:
[%PROGRAM_FILES%]\SpyQuake2.com
[%PROGRAM_FILES%]\SpywareQuake
[%PROGRAM_FILES%]\SpywareQuake.com
[%SYSTEM%]\1024
[%COMMON_PROGRAMS%]\spywarequake
[%PROGRAMS%]\SpyQuake2.com
[%PROGRAMS%]\SpywareQuake
[%PROGRAMS%]\SpywareQuake.com
[%STARTMENU%]\SpyQuake2.com 2.3.lnk
[%WINDOWS%]\system\1024

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{1da7dbe8-c51b-4ae4-bc6e-21863349b0b4}
HKEY_CLASSES_ROOT\CLSID\{5839511e-ec1b-4f91-ace3-fb88e52f5239}
HKEY_CLASSES_ROOT\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}
HKEY_CLASSES_ROOT\CLSID\{874443fe-aa33-4ebf-a6ac-73208787e62d}
HKEY_CLASSES_ROOT\interface\{02b7b1e9-55a8-41c2-bb1f-2d6a878da48a}
HKEY_CLASSES_ROOT\interface\{0b9d2c57-6fa0-4ced-8beb-781391024cfc}
HKEY_CLASSES_ROOT\interface\{179518df-7eba-4d31-a7e1-73b5bb60e8d5}
HKEY_CLASSES_ROOT\Interface\{189518DF-7EBA-4D31-A7E1-73B5BB60E8D5}
HKEY_CLASSES_ROOT\Interface\{23D627FE-3F02-44CF-9EE1-7B9E44BD9E13}
HKEY_CLASSES_ROOT\interface\{24d627fe-3f02-44cf-9ee1-7b9e44bd9e13}
HKEY_CLASSES_ROOT\interface\{2541bf4a-7c5d-44b4-b032-c41c8192808a}
HKEY_CLASSES_ROOT\interface\{25a2eb70-c636-4d59-8915-1e58f3c18ee9}
HKEY_CLASSES_ROOT\interface\{25b9c83f-a38a-4a0e-a3bd-cfe9a1347dfa}
HKEY_CLASSES_ROOT\interface\{27ff7b0f-a511-4a49-9013-0bcf4d256fa4}
HKEY_CLASSES_ROOT\Interface\{2DD8D482-8F1C-4180-AA8E-9D5819E5F2EA}
HKEY_CLASSES_ROOT\Interface\{411F83B1-A0EC-4155-AF99-0137F5EFB270}
HKEY_CLASSES_ROOT\interface\{42cfefbe-8ae4-400e-bbe4-a2b61bb140fb}
HKEY_CLASSES_ROOT\Interface\{43CFEFBE-8AE4-400E-BBE4-A2B61BB140FB}
HKEY_CLASSES_ROOT\interface\{441e9bc9-09a8-4217-9328-85d82a5aee4e}
HKEY_CLASSES_ROOT\interface\{4790b963-23c5-43c1-bcf5-01c9b5a3e44e}
HKEY_CLASSES_ROOT\Interface\{4E3645AF-7A81-4F83-9B8C-1E4F930D873F}
HKEY_CLASSES_ROOT\Interface\{5790B963-23C5-43C1-BCF5-01C9B5A3E44E}
HKEY_CLASSES_ROOT\interface\{5a03cd74-86e0-47f5-b3ef-eb996a6ab955}
HKEY_CLASSES_ROOT\interface\{5c42ddf4-81eb-4668-9951-819a1d5befc8}
HKEY_CLASSES_ROOT\Interface\{5D42DDF4-81EB-4668-9951-819A1D5BEFC8}
HKEY_CLASSES_ROOT\Interface\{61032A65-2371-4C89-B5BB-DF73090FB5EA}
HKEY_CLASSES_ROOT\interface\{6348f4dc-2a27-4ab8-b067-fb03004136ff}
HKEY_CLASSES_ROOT\Interface\{66189AF2-7726-46E8-8628-0F95AB854792}
HKEY_CLASSES_ROOT\interface\{6dcf2fbb-d4d1-4ea1-b36a-b1114334909f}
HKEY_CLASSES_ROOT\interface\{75d06077-d5d3-40ca-b32d-6a67a7ff3f06}
HKEY_CLASSES_ROOT\Interface\{76D06077-D5D3-40CA-B32D-6A67A7FF3F06}
HKEY_CLASSES_ROOT\Interface\{7A2F6251-6C99-4DA5-9827-954EB45DCB82}
HKEY_CLASSES_ROOT\interface\{8155b8b6-643c-4540-85e2-a535640781d7}
HKEY_CLASSES_ROOT\Interface\{82C6C396-DD7B-4CE5-B668-C0087D1F3A1F}
HKEY_CLASSES_ROOT\Interface\{853E0D78-F4C2-47CB-A3F5-A774DA60DFCD}
HKEY_CLASSES_ROOT\interface\{85c7e6c3-ec47-44e5-aa08-ee0d0a25895f}
HKEY_CLASSES_ROOT\Interface\{86C7E6C3-EC47-44E5-AA08-EE0D0A25895F}
HKEY_CLASSES_ROOT\Interface\{9283DAC1-43F5-4580-BF86-841F22AF2335}
HKEY_CLASSES_ROOT\interface\{9383dac1-43f5-4580-bf86-841f22af2335}
HKEY_CLASSES_ROOT\Interface\{94786C47-EB3F-4BD5-A66B-0D49E2C90541}
HKEY_CLASSES_ROOT\Interface\{9989A9BC-9828-467E-AF06-E3B279E6E97B}
HKEY_CLASSES_ROOT\interface\{a0648dfa-652c-44ac-8497-2d6b9aa27d7a}
HKEY_CLASSES_ROOT\Interface\{AE90CAFC-09D4-47F0-9E11-CE621C424F08}
HKEY_CLASSES_ROOT\interface\{af90cafc-09d4-47f0-9e11-ce621c424f08}
HKEY_CLASSES_ROOT\Interface\{B2B3702A-5425-489E-A3AF-EDCCAFEBA019}
HKEY_CLASSES_ROOT\interface\{b8013930-1c39-4d74-98c2-6500cb95eccf}
HKEY_CLASSES_ROOT\Interface\{BA397E39-F67F-423F-BC6E-65939450093A}
HKEY_CLASSES_ROOT\interface\{bac8a83d-01d4-4f15-b8a9-4b4ab24253a7}
HKEY_CLASSES_ROOT\interface\{bc397e39-f67f-423f-bc6e-65939450093a}
HKEY_CLASSES_ROOT\Interface\{BEC8A83D-01D4-4F15-B8A9-4B4AB24253A7}
HKEY_CLASSES_ROOT\Interface\{C1C56112-2B2E-4D3C-8CFC-7E10C77FACEF}
HKEY_CLASSES_ROOT\interface\{c3eedc19-992d-409a-b323-ed57d511afa5}
HKEY_CLASSES_ROOT\Interface\{C4EEDC19-992D-409A-B323-ED57D511AFA5}
HKEY_CLASSES_ROOT\interface\{ca755757-a60f-45ef-b62a-46fe0ee37951}
HKEY_CLASSES_ROOT\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23}
HKEY_CLASSES_ROOT\interface\{dc90f677-d205-4f70-9014-659614aabcb2}
HKEY_CLASSES_ROOT\Interface\{DD90F677-D205-4F70-9014-659614AABCB2}
HKEY_CLASSES_ROOT\Interface\{DDB0D689-FAE0-4165-9F7C-877602F9DD66}
HKEY_CLASSES_ROOT\interface\{e2df91f3-f24f-441e-9001-d61f36024322}
HKEY_CLASSES_ROOT\Interface\{E3DF91F3-F24F-441E-9001-D61F36024322}
HKEY_CLASSES_ROOT\Interface\{E5AD5BD5-C710-45E0-ABD3-E770FE85DAE8}
HKEY_CLASSES_ROOT\Interface\{EB5CA3AF-26C1-467B-9A55-2820E0451AAB}
HKEY_CLASSES_ROOT\interface\{ebb2169e-9c3d-4133-91cc-3bcfb47a9b50}
HKEY_CLASSES_ROOT\interface\{eff47498-ef07-4617-a209-85e69de9d73c}
HKEY_CLASSES_ROOT\interface\{f259eadb-5903-48d5-864c-2b7b46ab1424}
HKEY_CLASSES_ROOT\Interface\{F459EADB-5903-48D5-864C-2B7B46AB1424}
HKEY_CLASSES_ROOT\interface\{fb4edf66-0547-4f1a-ae96-7cfcad711c90}
HKEY_CLASSES_ROOT\Interface\{FC4EDF66-0547-4F1A-AE96-7CFCAD711C90}
HKEY_CLASSES_ROOT\TypeLib\{5E05EA9F-1EA7-4D0B-A09B-D5E29EC758B9}
HKEY_CLASSES_ROOT\TypeLib\{661173EE-FA31-4769-97D4-B556B5D09BDA}
HKEY_CLASSES_ROOT\typelib\{9163b40f-fed6-4b74-a4b2-b73b24e8b0e6}
HKEY_CURRENT_USER\software\classes\clsid\{e2ca7cd1-1ad9-f1c4-3d2a-dc1a33e7af9d}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Spy-Quake2.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Spyware-Quake.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpywareQuake.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1da7dbe8-c51b-4ae4-bc6e-21863349b0b4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyQuake2.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareQuake
HKEY_LOCAL_MACHINE\SOFTWARE\SpyQuake2.com
HKEY_LOCAL_MACHINE\SOFTWARE\SpywareQuake
HKEY_LOCAL_MACHINE\SOFTWARE\SpywareQuake.com
HKEY_CLASSES_ROOT\CLSID\{35a88e51-b53d-43e9-b8a7-75d4c31b4676}
HKEY_CLASSES_ROOT\CLSID\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22}
HKEY_CLASSES_ROOT\CLSID\{CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A}
HKEY_CLASSES_ROOT\CLSID\{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}
HKEY_CLASSES_ROOT\clsid\{1da7dbe8-c51b-4ae4-bc6e-21863349b0b4}
HKEY_CLASSES_ROOT\clsid\{5839511e-ec1b-4f91-ace3-fb88e52f5239}
HKEY_CLASSES_ROOT\clsid\{5b55c4e3-c179-ba0b-b4fd-f2db862d6202}
HKEY_CLASSES_ROOT\clsid\{874443fe-aa33-4ebf-a6ac-73208787e62d}
HKEY_CLASSES_ROOT\interface\{189518df-7eba-4d31-a7e1-73b5bb60e8d5}
HKEY_CLASSES_ROOT\interface\{23d627fe-3f02-44cf-9ee1-7b9e44bd9e13}
HKEY_CLASSES_ROOT\interface\{2dd8d482-8f1c-4180-aa8e-9d5819e5f2ea}
HKEY_CLASSES_ROOT\interface\{411f83b1-a0ec-4155-af99-0137f5efb270}
HKEY_CLASSES_ROOT\interface\{43cfefbe-8ae4-400e-bbe4-a2b61bb140fb}
HKEY_CLASSES_ROOT\interface\{4e3645af-7a81-4f83-9b8c-1e4f930d873f}
HKEY_CLASSES_ROOT\interface\{5790b963-23c5-43c1-bcf5-01c9b5a3e44e}
HKEY_CLASSES_ROOT\interface\{5d42ddf4-81eb-4668-9951-819a1d5befc8}
HKEY_CLASSES_ROOT\interface\{61032a65-2371-4c89-b5bb-df73090fb5ea}
HKEY_CLASSES_ROOT\interface\{66189af2-7726-46e8-8628-0f95ab854792}
HKEY_CLASSES_ROOT\interface\{76d06077-d5d3-40ca-b32d-6a67a7ff3f06}
HKEY_CLASSES_ROOT\interface\{7a2f6251-6c99-4da5-9827-954eb45dcb82}
HKEY_CLASSES_ROOT\interface\{82c6c396-dd7b-4ce5-b668-c0087d1f3a1f}
HKEY_CLASSES_ROOT\interface\{853e0d78-f4c2-47cb-a3f5-a774da60dfcd}
HKEY_CLASSES_ROOT\interface\{86c7e6c3-ec47-44e5-aa08-ee0d0a25895f}
HKEY_CLASSES_ROOT\interface\{9283dac1-43f5-4580-bf86-841f22af2335}
HKEY_CLASSES_ROOT\interface\{94786c47-eb3f-4bd5-a66b-0d49e2c90541}
HKEY_CLASSES_ROOT\interface\{9989a9bc-9828-467e-af06-e3b279e6e97b}
HKEY_CLASSES_ROOT\interface\{ae90cafc-09d4-47f0-9e11-ce621c424f08}
HKEY_CLASSES_ROOT\interface\{b2b3702a-5425-489e-a3af-edccafeba019}
HKEY_CLASSES_ROOT\interface\{ba397e39-f67f-423f-bc6e-65939450093a}
HKEY_CLASSES_ROOT\interface\{bec8a83d-01d4-4f15-b8a9-4b4ab24253a7}
HKEY_CLASSES_ROOT\interface\{c1c56112-2b2e-4d3c-8cfc-7e10c77facef}
HKEY_CLASSES_ROOT\interface\{c4eedc19-992d-409a-b323-ed57d511afa5}
HKEY_CLASSES_ROOT\interface\{d01d4aab-22c5-427f-a941-c4b65a3d8a23}
HKEY_CLASSES_ROOT\interface\{dd90f677-d205-4f70-9014-659614aabcb2}
HKEY_CLASSES_ROOT\interface\{ddb0d689-fae0-4165-9f7c-877602f9dd66}
HKEY_CLASSES_ROOT\interface\{e3df91f3-f24f-441e-9001-d61f36024322}
HKEY_CLASSES_ROOT\interface\{e5ad5bd5-c710-45e0-abd3-e770fe85dae8}
HKEY_CLASSES_ROOT\interface\{eb5ca3af-26c1-467b-9a55-2820e0451aab}
HKEY_CLASSES_ROOT\interface\{f459eadb-5903-48d5-864c-2b7b46ab1424}
HKEY_CLASSES_ROOT\interface\{fc4edf66-0547-4f1a-ae96-7cfcad711c90}
HKEY_CLASSES_ROOT\typelib\{5e05ea9f-1ea7-4d0b-a09b-d5e29ec758b9}
HKEY_CLASSES_ROOT\typelib\{651173ee-fa31-4769-97d4-b556b5d09bda}
HKEY_CLASSES_ROOT\typelib\{661173ee-fa31-4769-97d4-b556b5d09bda}
HKEY_CURRENT_USER\clsid\{af3fd9a8-1287-4159-9212-9a5b4494af70}
HKEY_CURRENT_USER\clsid\{e2ca7cd1-1ad9-f1c4-3d2a-dc1a33e7af9d}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\spy-quake2.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\spyware-quake.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\spywarequake.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1da7dbe8-c51b-4ae4-bc6e-21863349b0b4}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spyquake2.com
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spywarequake
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spywarequake.com
HKEY_LOCAL_MACHINE\software\spyquake2.com
HKEY_LOCAL_MACHINE\software\spywarequake
HKEY_LOCAL_MACHINE\software\spywarequake.com

Registry Values:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Spy-Quake2.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpywareQuake.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\software\classes\clsid\{af3fd9a8-1287-4159-9212-9a5b4494af70}\inprocserver32
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload

Removing SpywareQuake:

An up-to-date copy of ExterminateIt should detect and prevent infection from SpywareQuake.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove SpywareQuake manually.

To completely manually remove SpywareQuake malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with SpywareQuake.

  1. Use Task Manager to terminate the SpywareQuake process.
  2. Delete the original SpywareQuake file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes SpywareQuake from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of SpywareQuake!


Also Be Aware of the Following Threats:
ClickSpring (PurityScan) Adware Information
Removing Zlob.Fam.iVideoCodec Trojan
Jinmozhe Trojan Removal
Loofeer Trojan Symptoms

HackBBS.Kit Trojan

HackBBS.Kit malware description and removal detail
Categories:Trojan
Also known as:

[McAfee]HackBBS.Kit;
[F-Prot]destructive program;
[Panda]Trj/HackBBS;
[Computer Associates]BatRunner

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing HackBBS.Kit:

An up-to-date copy of ExterminateIt should detect and prevent infection from HackBBS.Kit.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove HackBBS.Kit manually.

To completely manually remove HackBBS.Kit malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with HackBBS.Kit.

  1. Use Task Manager to terminate the HackBBS.Kit process.
  2. Delete the original HackBBS.Kit file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes HackBBS.Kit from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of HackBBS.Kit!


Also Be Aware of the Following Threats:
Remote.Hack Backdoor Removal
Remove EZToolbar Adware

saristar.adult Adware

saristar.adult malware description and removal detail
Categories:Adware

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Detecting saristar.adult:

Registry Keys:
HKEY_CLASSES_ROOT\saristar.saristar
HKEY_CLASSES_ROOT\saristar.saristar.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9E1089BC-1AE8-4685-8D77-6721E5C318A8}
HKEY_LOCAL_MACHINE\software\saristar
HKEY_CLASSES_ROOT\appid\saristar.dll
HKEY_CLASSES_ROOT\appid\{90a52f00-64ac-4dc6-9d7d-4516670275d0}
HKEY_CLASSES_ROOT\clsid\{c68ae9c0-0909-4ddc-b661-c1afb9f5ae50}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{9e1089bc-1ae8-4685-8d77-6721e5c318a8}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c68ae9c0-0909-4ddc-b661-c1afb9f5ae50}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/comload.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/comload.dll

Removing saristar.adult:

An up-to-date copy of ExterminateIt should detect and prevent infection from saristar.adult.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove saristar.adult manually.

To completely manually remove saristar.adult malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with saristar.adult.

  1. Use Task Manager to terminate the saristar.adult process.
  2. Delete the original saristar.adult file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes saristar.adult from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of saristar.adult!


Also Be Aware of the Following Threats:
necn.com Tracking Cookie Cleaner
Remove Black.Box8 Spyware
NTbindshell RAT Symptoms
Sipo.com Tracking Cookie Symptoms

WWW.PCH.com.MyAccount Tracking Cookie

WWW.PCH.com.MyAccount malware description and removal detail
Categories:Tracking Cookie

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing WWW.PCH.com.MyAccount:

An up-to-date copy of ExterminateIt should detect and prevent infection from WWW.PCH.com.MyAccount.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove WWW.PCH.com.MyAccount manually.

To completely manually remove WWW.PCH.com.MyAccount malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with WWW.PCH.com.MyAccount.

  1. Use Task Manager to terminate the WWW.PCH.com.MyAccount process.
  2. Delete the original WWW.PCH.com.MyAccount file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes WWW.PCH.com.MyAccount from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of WWW.PCH.com.MyAccount!


Also Be Aware of the Following Threats:
Remove AntiSpyZone Adware

TrojanClicker.Win32.Rotarran Trojan

TrojanClicker.Win32.Rotarran malware description and removal detail
Categories:Trojan,Adware
Also known as:

[Panda]Trj/Tarran.A,Trojan Horse

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing TrojanClicker.Win32.Rotarran:

An up-to-date copy of ExterminateIt should detect and prevent infection from TrojanClicker.Win32.Rotarran.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove TrojanClicker.Win32.Rotarran manually.

To completely manually remove TrojanClicker.Win32.Rotarran malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with TrojanClicker.Win32.Rotarran.

  1. Use Task Manager to terminate the TrojanClicker.Win32.Rotarran process.
  2. Delete the original TrojanClicker.Win32.Rotarran file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes TrojanClicker.Win32.Rotarran from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of TrojanClicker.Win32.Rotarran!


Also Be Aware of the Following Threats:
Removing apmebf.com Tracking Cookie

EliteGaming Adware

EliteGaming malware description and removal detail
Categories:Adware

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing EliteGaming:

An up-to-date copy of ExterminateIt should detect and prevent infection from EliteGaming.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove EliteGaming manually.

To completely manually remove EliteGaming malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with EliteGaming.

  1. Use Task Manager to terminate the EliteGaming process.
  2. Delete the original EliteGaming file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes EliteGaming from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of EliteGaming!


Also Be Aware of the Following Threats:
SillyDl.CQY Trojan Cleaner

VLoading Adware

VLoading malware description and removal detail
Categories:Adware,Downloader
Also known as:

[Panda]Adware/Vloading

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\downloaded program files\econnect.dll
[%WINDOWS%]\downloaded program files\econnect.inf
[%WINDOWS%]\downloaded program files\econnect.dll
[%WINDOWS%]\downloaded program files\econnect.inf

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Detecting VLoading:

Files:
[%WINDOWS%]\downloaded program files\econnect.dll
[%WINDOWS%]\downloaded program files\econnect.inf
[%WINDOWS%]\downloaded program files\econnect.dll
[%WINDOWS%]\downloaded program files\econnect.inf

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{d681a72e-fecc-4002-90ad-ea8f97b377c3}
HKEY_CLASSES_ROOT\econnect.econn
HKEY_CLASSES_ROOT\econnect.econn.1
HKEY_CLASSES_ROOT\typelib\{d681a72e-fecc-4002-90ad-ea8f97b377c3}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\econnect.dll

Removing VLoading:

An up-to-date copy of ExterminateIt should detect and prevent infection from VLoading.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove VLoading manually.

To completely manually remove VLoading malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with VLoading.

  1. Use Task Manager to terminate the VLoading process.
  2. Delete the original VLoading file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes VLoading from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of VLoading!


Also Be Aware of the Following Threats:
falkag.net Tracking Cookie Symptoms
Remove Jxzyhzm Trojan

Near.Mohists RAT

Near.Mohists malware description and removal detail
Categories:RAT
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\applog\sysrtay.lgc
[%WINDOWS%]\system\sysraty.exe
[%WINDOWS%]\applog\sysrtay.lgc
[%WINDOWS%]\system\sysraty.exe

In order to ensure that the Near.Mohists is launched automatically each time the system is booted, the Near.Mohists adds a link to its executable file in the system registry:
HKLM\Microsoft\Windows\CurrentVersion\Run
[%WINDOWS%]\system\sysraty.exe

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Detecting Near.Mohists:

Files:
[%WINDOWS%]\applog\sysrtay.lgc
[%WINDOWS%]\system\sysraty.exe
[%WINDOWS%]\applog\sysrtay.lgc
[%WINDOWS%]\system\sysraty.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing Near.Mohists:

An up-to-date copy of ExterminateIt should detect and prevent infection from Near.Mohists.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Near.Mohists manually.

To completely manually remove Near.Mohists malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Near.Mohists.

  1. Use Task Manager to terminate the Near.Mohists process.
  2. Delete the original Near.Mohists file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Near.Mohists from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Near.Mohists!


Also Be Aware of the Following Threats:
ICQ.Stalker Trojan Information
Removing W95.Invir.dr Trojan
Remove Win32.ExpDwnldr Adware

Xanadu Trojan

Xanadu malware description and removal detail
Categories:Trojan,Backdoor,RAT
Also known as:

[Kaspersky]Backdoor.Xanadu,Backdoor.Xanadu.11;
[Eset]Win32/Xanadu.10 trojan,Xanadu.11 trojan;
[McAfee]BackDoor-OP;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/Xanadu.1.0,Bck/Xanadu.11;
[Computer Associates]Backdoor/Xanadu.1_1

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Xanadu:

An up-to-date copy of ExterminateIt should detect and prevent infection from Xanadu.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Xanadu manually.

To completely manually remove Xanadu malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Xanadu.

  1. Use Task Manager to terminate the Xanadu process.
  2. Delete the original Xanadu file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Xanadu from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Xanadu!


Also Be Aware of the Following Threats:
Breeze Trojan Symptoms
Removing Grad Hacker Tool
SillyDl.CDN Trojan Removal
Sweet.Heart Backdoor Cleaner
Removing SillyDl.DDT Trojan

Sequel.Dapranksta Backdoor

Sequel.Dapranksta malware description and removal detail
Categories:Backdoor,RAT
Also known as:

[Kaspersky]Backdoor.Sequel.01.a;
[McAfee]BackDoor-RB;
[F-Prot]security risk or a "backdoor" program;
[Panda]Backdoor Program

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Sequel.Dapranksta:

An up-to-date copy of ExterminateIt should detect and prevent infection from Sequel.Dapranksta.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Sequel.Dapranksta manually.

To completely manually remove Sequel.Dapranksta malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Sequel.Dapranksta.

  1. Use Task Manager to terminate the Sequel.Dapranksta process.
  2. Delete the original Sequel.Dapranksta file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Sequel.Dapranksta from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Sequel.Dapranksta!


Also Be Aware of the Following Threats:
GoldenEye.beta Backdoor Cleaner
BAT.Combat Trojan Removal
Keylog.MSGate Trojan Removal
Vxidl.AJB Trojan Removal instruction
Pigeon.EDH Trojan Symptoms

IETray Adware

IETray malware description and removal detail
Categories:Adware,BHO,Hijacker
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\web\ers_src.htm
[%SYSTEM%]\iemsg.dll
[%WINDOWS%]\system\iemsg.dll
[%WINDOWS%]\web\ers_def.htm
[%WINDOWS%]\web\ers_src.htm
[%SYSTEM%]\iemsg.dll
[%WINDOWS%]\system\iemsg.dll
[%WINDOWS%]\web\ers_def.htm

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Detecting IETray:

Files:
[%WINDOWS%]\web\ers_src.htm
[%SYSTEM%]\iemsg.dll
[%WINDOWS%]\system\iemsg.dll
[%WINDOWS%]\web\ers_def.htm
[%WINDOWS%]\web\ers_src.htm
[%SYSTEM%]\iemsg.dll
[%WINDOWS%]\system\iemsg.dll
[%WINDOWS%]\web\ers_def.htm

Registry Keys:
HKEY_CLASSES_ROOT\iempg.iempgobj
HKEY_CLASSES_ROOT\interface\{ffffffff-ffff-ffff-ffff-5f8507c5f4e8}
HKEY_CLASSES_ROOT\typelib\{ffffffff-ffff-ffff-ffff-5f8507c5f4e7}
HKEY_LOCAL_MACHINE\software\classes\iempg.iempgobj
HKEY_LOCAL_MACHINE\software\classes\interface\{ffffffff-ffff-ffff-ffff-5f8507c5f4e8}
HKEY_LOCAL_MACHINE\software\classes\typelib\{ffffffff-ffff-ffff-ffff-5f8507c5f4e7}
HKEY_CLASSES_ROOT\clsid\{bd51aec6-7991-4a60-94d6-d5febb655d10}
HKEY_CLASSES_ROOT\iempg.iempgobj.1
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{bd51aec6-7991-4a60-94d6-d5febb655d10}
HKEY_LOCAL_MACHINE\software\classes\clsid\{bd51aec6-7991-4a60-94d6-d5febb655d10}
HKEY_LOCAL_MACHINE\software\classes\iempg.iempgobj.1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{bd51aec6-7991-4a60-94d6-d5febb655d10}

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing IETray:

An up-to-date copy of ExterminateIt should detect and prevent infection from IETray.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove IETray manually.

To completely manually remove IETray malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with IETray.

  1. Use Task Manager to terminate the IETray process.
  2. Delete the original IETray file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes IETray from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of IETray!


Also Be Aware of the Following Threats:
Pigeon.EFZ Trojan Removal instruction

SillyDl.DNH Trojan

SillyDl.DNH malware description and removal detail
Categories:Trojan

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing SillyDl.DNH:

An up-to-date copy of ExterminateIt should detect and prevent infection from SillyDl.DNH.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove SillyDl.DNH manually.

To completely manually remove SillyDl.DNH malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with SillyDl.DNH.

  1. Use Task Manager to terminate the SillyDl.DNH process.
  2. Delete the original SillyDl.DNH file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes SillyDl.DNH from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of SillyDl.DNH!


Also Be Aware of the Following Threats:
Removing LeapFrog Trojan

TrackDownload Trojan

TrackDownload malware description and removal detail
Categories:Trojan

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing TrackDownload:

An up-to-date copy of ExterminateIt should detect and prevent infection from TrackDownload.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove TrackDownload manually.

To completely manually remove TrackDownload malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with TrackDownload.

  1. Use Task Manager to terminate the TrackDownload process.
  2. Delete the original TrackDownload file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes TrackDownload from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of TrackDownload!


Also Be Aware of the Following Threats:
Cutie Trojan Removal
Natsume Spyware Cleaner
Remove SearchNet Trojan

Perry Trojan

Perry malware description and removal detail
Categories:Trojan
Also known as:

[Panda]Trj/Perry;
[Computer Associates]Perry_2

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Perry:

An up-to-date copy of ExterminateIt should detect and prevent infection from Perry.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Perry manually.

To completely manually remove Perry malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Perry.

  1. Use Task Manager to terminate the Perry process.
  2. Delete the original Perry file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Perry from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Perry!


Also Be Aware of the Following Threats:
Removing Rux.Upload Trojan

NetDevil.Logger Backdoor

NetDevil.Logger malware description and removal detail
Categories:Backdoor

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing NetDevil.Logger:

An up-to-date copy of ExterminateIt should detect and prevent infection from NetDevil.Logger.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove NetDevil.Logger manually.

To completely manually remove NetDevil.Logger malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with NetDevil.Logger.

  1. Use Task Manager to terminate the NetDevil.Logger process.
  2. Delete the original NetDevil.Logger file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes NetDevil.Logger from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of NetDevil.Logger!


Also Be Aware of the Following Threats:
Removing Enola Trojan
WordMacro.EMV Trojan Cleaner
Pigeon.EQB Trojan Symptoms
Removing Pigeon.ERS Trojan

BlazeFind.variant BHO

BlazeFind.variant malware description and removal detail
Categories:BHO,Hijacker
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\2_0_1browserhelper2.dll
[%SYSTEM%]\3_0_1browserhelper3.dll
[%SYSTEM%]\5_0_1browserhelper5.dll
[%SYSTEM%]\car.ico
[%SYSTEM%]\creditcard.bmp
[%SYSTEM%]\go.ico
[%SYSTEM%]\key2.txt
[%SYSTEM%]\omniprivacy.khtml
[%SYSTEM%]\unstsa2.exe
[%WINDOWS%]\3_0_1browserhelper3.dll
[%WINDOWS%]\system\2_0_1browserhelper2.dll
[%WINDOWS%]\system\3_0_1browserhelper3.dll
[%WINDOWS%]\system\5_0_1browserhelper5.dll
[%SYSTEM%]\2_0_1browserhelper2.dll
[%SYSTEM%]\3_0_1browserhelper3.dll
[%SYSTEM%]\5_0_1browserhelper5.dll
[%SYSTEM%]\car.ico
[%SYSTEM%]\creditcard.bmp
[%SYSTEM%]\go.ico
[%SYSTEM%]\key2.txt
[%SYSTEM%]\omniprivacy.khtml
[%SYSTEM%]\unstsa2.exe
[%WINDOWS%]\3_0_1browserhelper3.dll
[%WINDOWS%]\system\2_0_1browserhelper2.dll
[%WINDOWS%]\system\3_0_1browserhelper3.dll
[%WINDOWS%]\system\5_0_1browserhelper5.dll

In order to ensure that the BlazeFind.variant is launched automatically each time the system is booted, the BlazeFind.variant adds a link to its executable file in the system registry:
HKLM\Microsoft\Windows\CurrentVersion\Run
[%SYSTEM%]\unstsa2.exe

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Detecting BlazeFind.variant:

Files:
[%SYSTEM%]\2_0_1browserhelper2.dll
[%SYSTEM%]\3_0_1browserhelper3.dll
[%SYSTEM%]\5_0_1browserhelper5.dll
[%SYSTEM%]\car.ico
[%SYSTEM%]\creditcard.bmp
[%SYSTEM%]\go.ico
[%SYSTEM%]\key2.txt
[%SYSTEM%]\omniprivacy.khtml
[%SYSTEM%]\unstsa2.exe
[%WINDOWS%]\3_0_1browserhelper3.dll
[%WINDOWS%]\system\2_0_1browserhelper2.dll
[%WINDOWS%]\system\3_0_1browserhelper3.dll
[%WINDOWS%]\system\5_0_1browserhelper5.dll
[%SYSTEM%]\2_0_1browserhelper2.dll
[%SYSTEM%]\3_0_1browserhelper3.dll
[%SYSTEM%]\5_0_1browserhelper5.dll
[%SYSTEM%]\car.ico
[%SYSTEM%]\creditcard.bmp
[%SYSTEM%]\go.ico
[%SYSTEM%]\key2.txt
[%SYSTEM%]\omniprivacy.khtml
[%SYSTEM%]\unstsa2.exe
[%WINDOWS%]\3_0_1browserhelper3.dll
[%WINDOWS%]\system\2_0_1browserhelper2.dll
[%WINDOWS%]\system\3_0_1browserhelper3.dll
[%WINDOWS%]\system\5_0_1browserhelper5.dll

Registry Keys:
HKEY_LOCAL_MACHINE\software\classes\clsid\{83de62e0-5805-11d8-9b25-00e04c60faf2}
HKEY_CLASSES_ROOT\clsid\{fbed6a02-71fb-11d8-86b0-0002441a9695}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{83de62e0-5805-11d8-9b25-00e04c60faf2}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{c5941ee5-6dfa-11d8-86b0-0002441a9695}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{fbed6a02-71fb-11d8-86b0-0002441a9695}
HKEY_LOCAL_MACHINE\software\classes\clsid\{c5941ee5-6dfa-11d8-86b0-0002441a9695}
HKEY_LOCAL_MACHINE\software\classes\clsid\{fbed6a02-71fb-11d8-86b0-0002441a9695}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c5941ee5-6dfa-11d8-86b0-0002441a9695}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{fbed6a02-71fb-11d8-86b0-0002441a9695}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\windows controlad

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing BlazeFind.variant:

An up-to-date copy of ExterminateIt should detect and prevent infection from BlazeFind.variant.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove BlazeFind.variant manually.

To completely manually remove BlazeFind.variant malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with BlazeFind.variant.

  1. Use Task Manager to terminate the BlazeFind.variant process.
  2. Delete the original BlazeFind.variant file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes BlazeFind.variant from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of BlazeFind.variant!


Also Be Aware of the Following Threats:
FDoS.ICQRevenge Trojan Removal instruction
Remove NCW Trojan
Pigeon.AMK Trojan Cleaner

VFL Trojan

VFL malware description and removal detail
Categories:Trojan
Also known as:

[Computer Associates]Win32/VFL!Trojan

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing VFL:

An up-to-date copy of ExterminateIt should detect and prevent infection from VFL.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove VFL manually.

To completely manually remove VFL malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with VFL.

  1. Use Task Manager to terminate the VFL process.
  2. Delete the original VFL file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes VFL from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of VFL!


Also Be Aware of the Following Threats:
AZ Trojan Information

DelfLoader Downloader

DelfLoader malware description and removal detail
Categories:Downloader

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing DelfLoader:

An up-to-date copy of ExterminateIt should detect and prevent infection from DelfLoader.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove DelfLoader manually.

To completely manually remove DelfLoader malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with DelfLoader.

  1. Use Task Manager to terminate the DelfLoader process.
  2. Delete the original DelfLoader file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes DelfLoader from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of DelfLoader!


Also Be Aware of the Following Threats:
traffic4u.nl Tracking Cookie Information

Agobot.bi Trojan

Agobot.bi malware description and removal detail
Categories:Trojan,Backdoor
Also known as:

[Kaspersky]Backdoor.Agobot.bi;
[Eset]Win32/Agobot.FA trojan;
[Computer Associates]Backdoor/Agobot.3.bi,Win32.Agobot.DE

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Agobot.bi:

An up-to-date copy of ExterminateIt should detect and prevent infection from Agobot.bi.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Agobot.bi manually.

To completely manually remove Agobot.bi malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Agobot.bi.

  1. Use Task Manager to terminate the Agobot.bi process.
  2. Delete the original Agobot.bi file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Agobot.bi from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Agobot.bi!


Also Be Aware of the Following Threats:
Vxidl.APC Trojan Removal instruction